diff --git a/.woodpecker/.cdh.yml b/.woodpecker/.cdh.yml.back similarity index 52% rename from .woodpecker/.cdh.yml rename to .woodpecker/.cdh.yml.back index 6fc4838..89050ab 100644 --- a/.woodpecker/.cdh.yml +++ b/.woodpecker/.cdh.yml.back @@ -2,8 +2,8 @@ # -- Check da helm pipeline # ---------------------------------------------- when: - - event: cron - cron: nightly + - event: push + # cron: nightly steps: check badhouseplants: image: ghcr.io/allanger/check-da-helm-helmfile-secrets:stable @@ -12,19 +12,20 @@ steps: environment: RUST_LOG: info commands: - - cdh --kind helmfile -p $CI_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o --output html >> result.html + - echo "Hey, bud, some helm releases are outdated:" > message_file.tpl + - cdh --kind helmfile -p $DRONE_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o >> message_file.tpl notification: image: deblan/woodpecker-email settings: - dsn: - from_secret: smtp_dsn - from: - address: woody@badhouseplants.net - name: Woody Woodpecker + from.address: woody@badhouseplants.net + from.name: Woody Woodpecker + host: badhouseplants.net + username: + from_secret: smtp_username + password: + from_secret: smtp_password recipients: - - allanger@badhouseplants.net subject: CDH result target: main - attachment: result.html when: - status: [success, failure] diff --git a/.woodpecker/.helmfile.yml b/.woodpecker/.helmfile.yml index 2407cd8..355d333 100644 --- a/.woodpecker/.helmfile.yml +++ b/.woodpecker/.helmfile.yml @@ -1,25 +1,11 @@ when: event: push - - -.k8s-limits: &k8s-limits - backend_options: - kubernetes: - resources: - requests: - memory: 1024Mi - cpu: 1000m - limits: - memory: 1512Mi - cpu: 1500m - matrix: ENVIRONMENT: - badhouseplants - etersoft steps: diff: - <<: *k8s-limits image: ghcr.io/helmfile/helmfile:canary secrets: [sops_age_key, kubeconfig_content] when: @@ -31,7 +17,6 @@ steps: - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config - helmfile -e $ENVIRONMENT diff --suppress-secrets apply: - <<: *k8s-limits image: ghcr.io/helmfile/helmfile:canary secrets: [sops_age_key, kubeconfig_content] when: diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..1814372 --- /dev/null +++ b/Makefile @@ -0,0 +1,4 @@ +create_crb: + kubectl create clusterrolebinding drone-deployer-workaround \ + --clusterrole=cluster-admin \ + --serviceaccount=drone-service:default diff --git a/README.md b/README.md index 5ad2c85..3fd9e60 100644 --- a/README.md +++ b/README.md @@ -2,4 +2,4 @@ [![Build Status](https://drone.badhouseplants.net/api/badges/badhouseplants/k8s-cluster-config/status.svg)](https://drone.badhouseplants.net/badhouseplants/k8s-cluster-config) # CRD hooks -I'm using hooks to install CRDs, that doesn't wotk with apply on the first time. If you've added a release with CRDs, that are installed by hooks, you need to run `helmfile sync` first, so CRDs are installed and then diff will work again, hence the `apply` also will. +I'm using hooks to install CRDs, that doesn't wotk with apply on the first time. If you've added a release with CRDs, that are installed by hooks, you need to run `helmfile sync` first, so CRDs are installed and then diff will work again, hence the `apply` also will. \ No newline at end of file diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 05f6226..479557f 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -2,21 +2,20 @@ {{ readFile "../releases.yaml" }} releases: - - <<: *namespaces + - <<: *drone installed: true - - <<: *roles - installed: true - - <<: *coredns - installed: true - - <<: *cilium - installed: true - - - <<: *local-path-provisioner + namespace: drone-service + createNamespace: false - - <<: *zot + - <<: *drone-runner-docker installed: true - - <<: *keel - - <<: *traefik + namespace: drone-service + createNamespace: false + + - <<: *longhorn + installed: true + namespace: longhorn-system + createNamespace: false - <<: *argocd installed: true @@ -28,6 +27,11 @@ releases: namespace: nrodionov-application createNamespace: false + - <<: *minecraft + installed: true + namespace: minecraft-application + createNamespace: false + - <<: *gitea installed: true namespace: gitea-service @@ -38,6 +42,21 @@ releases: namespace: funkwhale-application createNamespace: false + - <<: *prometheus + installed: true + namespace: monitoring-system + createNamespace: true + + - <<: *loki + installed: true + namespace: monitoring-system + createNamespace: false + + - <<: *promtail + installed: true + namespace: monitoring-system + createNamespace: false + - <<: *bitwarden installed: false namespace: bitwarden-application @@ -68,41 +87,26 @@ releases: namespace: database-service createNamespace: true - - <<: *woodpecker-ci + - <<: *docker-mailserver installed: true - namespace: woodpecker-ci + namespace: mail-service createNamespace: true + - <<: *istio-gateway-resources + installed: true + namespace: istio-system + createNamespace: false + - <<: *vaultwarden createNamespace: true installed: true namespace: vaultwarden-application - - - <<: *vaultwardentest - createNamespace: false - installed: true - namespace: applications - - <<: *openvpn-xor + - <<: *woodpecker-ci installed: true - namespace: openvpn-service - createNamespace: false - - - <<: *docker-mailserver - installed: true - namespace: applications + namespace: woodpecker createNamespace: true - - <<: *mailu - installed: false - namespace: mailu-application - createNamespace: false - - - <<: *longhorn - installed: true - namespace: longhorn-system - createNamespace: false - bases: - ../environments.yaml - ../repositories.yaml diff --git a/badhouseplants/values/secrets.argocd.yaml b/badhouseplants/values/secrets.argocd.yaml index 81405e1..371d4d1 100644 --- a/badhouseplants/values/secrets.argocd.yaml +++ b/badhouseplants/values/secrets.argocd.yaml @@ -1,9 +1,10 @@ +server: + config: + dex.config: ENC[AES256_GCM,data:SExaFuvPjiyYUiqBivswX4dpPM+x/6OsmyC9FFpiX1TCDIsYNFakzW5ZwFk1XnS8OYzqksyoxAGGU2fmoTVpHXviDqSZ76g0AREH3OwtSlz2R8RwFU/zzgXeqoxw2rC2ij0t0Vg39BeltArIFBcrtTfDy7AjMqf/Qx29EAb9nnoTA/SPj33VzHbn+tJIHb/a2XExj6VAyVJoq+fqsdKmmbI0tb636V+Cq/+wj6WwGjhu/0PDtaMN9AWokMGgICLUbdtfocinvZ1gyv8+QDnczYonD+wFZdlaKDembGN3p0BggBCLOY1I9f3PHG9Yy5xpNtAGFjDYF3NLz1n1QjDwRo1La6EHmmd2pL3INtU++IGRkC64bzCKR7i429/il13MKvccBOBWiJpkf5L65Rluyb1WWNYBcI/SscfQo1CSL6zXuZtrxeWrRcySs9TjSAtwHrpuRm6hfwi1tUcUUEhu6c9uUYMhSoNug8/2vQjQiJcEdh9n+YCoUbPraAC/OSctrnmO/vsXY9CcXCWWR606Wwvr0RIX+wg4/5vCyecj+5nvhfaZvECXoCmKT8xtmVw6h2oYbAU4T7o9J93XNMVyhui4DM1JN4GYlTsfbpU1PBetUII+RO23rJDSRQdEq16Kk9RcNEUaJYcS4uH7AXvbJVeC6Cx2OwN7zSmOSbA9D2kYt7IVcnBQRGJ+cH6fy34KTwJ0def6Ze243LlHdA==,iv:c8cJLybNsyuAw/BFmKtNTBzXIl0vmeSuKW8j/aw8STw=,tag:URax9og6ZQRvWPtKVel4SQ==,type:str] configs: - cm: - dex.config: ENC[AES256_GCM,data:/5fVXmrlrI+A9VkyXXXEyout6crDfLKvEHRgSak3tZn90aVm/SrSsq/mJHO4k79zVPz/BBF8/RIt2rD1TJsBNWsTFfKJuCkSN7kjUIE1Blch9ju2MOOmtWR8NIi98k/t5D/kfF6JhAw3hTv6nOkaz6P9eJgAEawdNeaNZS2i/6s5UdJkTpZWCOD+3DJezYhWS9dePrWldRGzYNVc25wAbDF6jRrtXbF2aC/z/cuhcCEEgsncFAYz1lN8sKpdMXIZzBqvugYGUZHPkWAi8fsLRM818jA736NoT55d7yO2hR0RzbIEbr0Edbk9eeofAty5WEPBhop9OUJJFKeRq2AXgdY6Y98BH1Yn1X1PmkpV4Tu+S49q3jRC4g2dIttywA3waqdGSsXVI5q9sVSJTCN5gsHXM298K1hb0hCgIv4WAv/09BvOOxocTbz06c1zB/ZFxhJJ1Fv3wSPFiY011y8StMgEvBmh84ERK703Sn8jFrT31eujpF6saM8fER/1W7acOrGZTTCirXcm2Cp4QPS6LILeANcD6S6gFvITKxCa/Dzkk4OV3uB2KqpTX13IrbnMm+oYGM573QAJzuRBfGtFBggX6GHM1jGnPZ/s2n+BRrhKhZRofVommLMSl2mTyWRsLwJ8XzXIDZlQT8MrkCZX8EorQmUS3NPM5oTgxpq4dtGbwVmKh2i2ZcmwGK7AwB5OtLXeyLe/MbOikQKCig==,iv:xuTDUZWDWtzZwTOvfzGRNsqpPx+rxtTVs1C0gOjB+Pw=,tag:CLGA9kgSoWBFCJRW/s3MAg==,type:str] credentialTemplates: ssh-creds: - sshPrivateKey: ENC[AES256_GCM,data:43Enu05W+Cxbg1z8GjoYMWNOkCSuUIny4c9YOJlp6HBwazFx8IbMLibSxcI4kWCaceKHj+jxHhj5hnnDJgXWElFHmsApxNX/GtXtaiIHF2I3f4o+WjLJMco1lkdrtLhb2ERis7PtzI+1aQsTDtwJG6xPDpxYT+apokx2XnwkFzjAetfi5zHMyepgQRXFjyGvn4HECLeC1uii4+/FmImI4gzTFIGAoeb6xT4HDsWV/kzrWNJk/FsnmQyCkiEHQ8wU1z1WTPr6cuTLf7WUrliPaOAwmGwxfchU+vIfIBsbfHoBVHeJR8/j9fB5Em10Z5Ton91CXObGVpEBJD4MHgUIEVmAunqK+ltAit/CNmQI5AwSofcfAV+hI2o8v6N4Wlq6PteNKeeBvdSCYEt9DR7uw+TNgTgxNhAzjZuXnfZzVpmsqtsy0LMBtdwruA7j0roBoqODU9+YbJc9rpx+MTwlaPrkBBRA2+ZZ2Z2Tl2NV8RJbxK6fwDha+E7KPqJnBwqK6xsROvEV2wzW/ZXGDWXuOM7sqCK0Zc+vi/X/1kgTTVt5BlnjLpk+tiZSIwMFLAQctMkEFpVQAWFqpVnlJenHmwh4NaHgEIEsiIMsR4Uh+7tmEwli+DVhauwOwJpMc4MJsZgquTyATd/1hJdLW0XJKNYGDd/Ia9dUvtuZR0vZks1J85XVwp/qR8QlJd0nMhFgzNV7cJnf2WE6nj3c8ibPjhelFPFd+dw0inoLsnwBGvNpxZTeu2UBInnyAW7MefVs29gSnWaSFi2dvT4Lw4X+yGdGP3SAydkTOfMcV7hbtv+IRfeyFTV6v0ebilufuvVy56HlZQl5H6y9kZEg3m8qxJ2gJB7MFVfqAku8lNDAgMyvdx2sDivbWvOOsPAC5N8NFHVn5XKlASrZs4N6o5Uo85ewO2GSLn+UKxLWvhqKwIB7oYubfVyV+m9SwqiZLBy6xt0FOKr4cg5pLDFhNer2vQfwRB/2meV3jZt3TXE5anlnxgEKIfrjhjJTXpOIaUPn3z/jbYk5RHTrFrAIib6u2r+HpTkxdnIE+jdgyl/bmhzI7cqDfR/VDdfbl78sAKNQjAhzG10eNWnRgrvNU5KuPOpvxaNUyv55L9MyrO95LdmrmV3SG2Y8J08sCx2kmGg0gJwWmQJpvWTPaa8HQ8oTUw/+b8c6z1DzesozjVVTdd2m51cprYQtSY+izJfjzYXfTs9q2ibzDaan1GWRx7cFYye5ks0DWG4Qn+dFIiVUez+mnSPIJ3CTWcXwnMfLALM4p1Ki2/BUyRz84ryJLJ4L+FhDJJFBpyi+SzdNOIpCEqOQgztxdX5FFEZ6dKwsQtj+8AA+eOlQIb1fu9lr+6g4+TgJzyYSxxgmCD/bTU+gGXq7r6pX8NIIZl3zcVNtvEg/mObzRq3U9JtljKDHjQVKlLm5KqoVeLybgCK0kr0DsqriD92UnhOHYY9Xt6l670h/kfH9tygSHogiWHZFJ3E90YeXnRAgzyELqdz9wrGri7y///Vm4vAh7O2wqVq7XW4w/27HStCFEOmPA6i/84VIRJPsbTNUxYi1SKVQzHe0r8gBAr3kcrLMRTzs/myH7utZxFmygR4NcI9q1X1Hz91Hi2mfHRAuhqnFWHjA/clMXy2eFTUkAUlG36z1+VhsPQVo+n1vkPXtbtW8FofL8LJZwtwuOHfnHI4W8431S4KtOcLFNLha6otzwD63KZ40x07ljwFW2/4txlb98jVE3myXK7n93mTL6iY17cTBir4gRdAACDlmelIyqQB2KcL8sJht9B0XXeWqMxkt6HQlJQaHjefv5QtP3tXKCSQUmdPf2dLLXfQnhhpZxEU6krZJLPCpM4Fj9hi+1dCmIwSW8iGSxMD9+KtyCenP3L243P0NzWPEpM4CvL4c8sgZYVzZ5xAxbGjL87ScTWhrBvpSv5a0OLtH9K1BFgISwXbZyn2dBSLdhaJYE2963KJE+yvbSuZPGzdOSGShQPX+h5FEEJrhZKyxI5b/EjbczZ/Rhu8YTrYdBNFX6XZkXvlF35uXfxmALihu7IBZCOZh8qepdxzYbXbrwLI22bG76Fib1zofhYuLTUqEHABy++NMGCZwLGsCzM6KQAEhlzy3uhQywpMuNUMfp9gaxsSb/RooYGEfqr7Ss7Qg6Nbzue9ayiO4sGl80m2kbQi2A+QdXsrplWeUVouNsdeIWs8J7uU+KSwQXdtuZHHVeo8v7YJddLHJDXdzKMEpukj1Nq342ZPSPpp8ENDh3XUP/SQgOWyAM7J08mhtlblmAOvKFe99SEnXqHLfRtgZgeZvlcfZF5mzz4Cq96mh8LU0V8C3T+31fWJpMJFo1eNHEbYxp/K6UkCDGsba4ahGAD8Txb/J5SPMWUKI8GRDo8ZOgvvDd0f/NvfnjngSWAVq/Kff2kMAMN9JtpEGUhxrRFZu+7qanmHrB4/3c3h+vh/+mQlURTIDmKOGFZPXmlOaW8KfL8/6dzSxAyYjOHPCuMb1JjyNqte1fzZ7Dih0LBtbTJYoMc52HM7nJ/ENHirwditTj3PTWJbRh/vVEQisbKtLkzb2vZPkTW3EXo1Z73KWZ/RqcU1S1Xj9egNLNZQegcJ98/9qXtmOAyhpwCyP+5Xscu6xVeIIso2f4G3JPJCelHCoeTyFo+8r/8k2FHiOhcmhPYPC6mlQQNKcV0441jrnjaJ7L9E1Kxt/iVK4B+/k4HVwv2J7yjQ5dU/KBY3V/vMhjQc3AGq6S6T7WoycYNY51AYYGHk6Hf2yl3md/qFE14hzX0Zt2sjmpQDJSG8CAOnay5XxDOrLEQwqmCaZPGGAK4FaXDERAgRsxp8vMy9KUQDVHwT1Tqf3rwGn74nNXo9IqQgcc5NV88FvRjLv1bm/6kBeaD9udfZBw7YqsRkY3mRoG/aJw8DkOdmYNIrJm69rmHreQo1KssVe/mz3Om0auwpBXR5D2OzZ/9e9XCprnUEN59cOfaha6qMm7pvDyJocaYvbSWPpchZb8DorWGEC7Iq2Qa45NaaKIpMrAOLPhiRqtNLP3L5Hzq23kvNOxY1r8Pxk6VPH6DqUBYrwq0vkYgABnquE1TZPL7ZqMMsfiAsK+iAxyFSbH44Yuby7VvD86rs0YaKYIgBTPMjfo7GNP5Dx8YPKUruQDnfaJYCw8klnmAtdioPWeEzRDmSYN+wOtz5fBFzPCXOVfit5BA8fIgpMrjdo/8a5TD7yf1HI9i3Nb8K8l1rAJ1SCsLF2Nu024rrcib8mxXBdXBdqxekGtN8+D2KLyq0FsR395o+Hy1uQg4UwL/tH5s7CiFoyQcngZxS4zqOjLQeTUbsLCx2y5SG144Ls/bQloLps0mvoz7+hyv7+UmKbkNbiJKOeIUjGMKRcfBDSog0v+V75yWjlsrRWmaVlQCwp0bkpCNu684qOv1T1WnpoYNctJzgxzggEYWuk/5YgqG/ao4Td7pJTkAD21A==,iv:x5mss0VoYp8qlgEdSa7973AClSdCin14GuAt3duWqjk=,tag:jz4tVj4Ot2ZwedETSRcVLA==,type:str] + sshPrivateKey: ENC[AES256_GCM,data:qQZuWVqu3G59OLMTtYW3BDfoo/3+SvLgQYzv0Aa2NQGb/5wVFejPiJR0BAMYZjkDSVgUZl/oVCT55I41QeKcNYfHtGcrWIFvizg5jW+K0U3ZvgtnY56J1GsrKWQIC29U5EHz/7xXTnSJkkiiVEBGOjwQHpfCgsqR5/qhwnFx+idLsdJGasMYjIJZttTtLpPsY1tgUwTzqJGQptJHqG+/EDcmI9ms6383ltgc6xsmezJDyoG3A2cMNp22qctIuqTIM6ltL9iosBmMsPM1MaiZyJ7rG5zNPymTCFDQUXwlUwFoDKJnN3GkY4ApzRv43iAw2aIX8ykifZVGZOuvV/ifzUuDoemsGjD7X3GN+ngVNwdLm1qSkcnb21Q22kVmBxotIQaF9eN/LqDk2ULEMX3Yvml886yo4AnxlIA8zW8XzFfEILrEswv555P5p3Mswl0+KAIDo7cYav495U9cYrttHbU5wvr9br5JekNKVSgTigwFraq2ZUE8Za3Ru7VOuljywRwe0VEvhFv8SJoH9NZJyl8ME0+uH1R6YtIodkHpB6b6wtyCwtPXjkUkR8nzi4VU0L3zq90e/DvmX/a/q4uEHtLPiIEMFbKtUQ8v8mmscYEEvYIsIBO0VcY2CUFbEs7r56uFOiysqB4d4ySGFjdQceRTLhG7/kUjjYtGEByVcFXllhAV+1C0vXHgOXc4G+EowObbcyj+sA4hxFVL8/f0s7znVCQbZhztQsxfFr5+76X+nzkXkkhauUsMChybmVmGTU+hYnZ8XuOK6X+tRixoVNlcitFD+NxTksvDeJDIShaQvH2cjLLbkze9GmUVr3EvifQhXdw29rpgySVE0Tjn+YL23Ft8dToqR6QwTASLi/vcvbjpx5NtchuR5QFxwZYY8ROTljSQS61AMdszr5cR0BwtFY8j59Aj25sEJeasi44xzUlBxAGazHjzBDxDU7XIpGV/IkiMtaEuEXKGRpVqhQrszvuXOf9K4TwxuVvhlrSVvU7M/lQzJUzkSFOSvO9nzfnkVLwqTdTX56ODFs10vRowClKetC6PpuAclw85WlC1OTkkAL8RUCWyoPQUU+EYolUCW5nMp4P8X1XK3qvRpBU6BdjnnuLQAi1bYu8t0f4vTYoLvYTwlMGXizMHEks6me5pPD7mq5HvpR2e7i1ZzJ3oQaKPB9n8AsugFeRStAal7HHrfEA6NVXLlBYdiq9oRgwllZwi5dsw4m6ABhh+angCWkIsjB9+n9NKOdJowvyDDx1JE/Ai4wb+8hbTLtAold6YJgNA5aT7LeSVaxWVB+V8w1ghn3UJzI6SGdayJqUH+VAUDvBg4LeqGH2vrod57SF4FMmqGTQwN7cYxW0fDT9V8xnb2nQu7WaE04Miw5hlsB4uTRUfeMrXXvt3R2N8azqQDF9Himtl48U3by9vv8FPsNhq3XvAPY5/TCzHz93bnWWmdtyZlHTFz2wRAwaTwOfFpN7oMW6YyVo6UUpw10zap0Jfboq8szF////nwEHf8qGw3dxT85WwBR9KBPwFuHZQsoUOuy00PuAB5fVvXXWBiCnzYwWgY3NqTBkLYbV8D/6UnLlfAHhnEok7QXf7P4xqbB/6EmqCmGBw5ZgPqg0bY6mOTnMrfqiKV9+Q0Mhe8eFPNOr2zoR+VYRDnWX+rJu1+OAK8QegH1Jn3RlOg3lXoFDFLelq6GEq1Kdbr83goL59/uRu4VNvAArUJ9tk4Vn2vWEtnbpjRcyjwAHIc1YXphY53cPFdSjYCeoNv5MDEt3oJAKWhSX7Ql6ledftGWB4fhns0OK4+zLN6osqrPNtLyS7iqXhcwmUIx+b6jzblKt/FAssFOw6VVpi+nVrBWHDW4lhHiCu37VYS15Vtjw+JCPbAe30MOquhXn1CnEnoV8mDoDGTeMpvpP4BTTgsLmloXfv8/+TjNYfzSWivvXjY1K0P/KGqoEJfIyYDyuxi7t2qJ/CwdvBTJkF/cTX6yvX6IvijKuUco2aIgpoZfg4JR6VL7Gk3Cvf3YBvnvG8TspBOfO3ZhwTS6vfQeDLs6kf+gBtXduJTqAXuy8X8B4RZxsNGZZD8hsSVH6xP5akN6waGqG+xDQxKTT7FCpmi0igvvANRROF3+KxGigPTrIqa33WDglrD6tUfUKNUW/SuZXXjbrgo0lillsXj6i7esSLfgH9CjUfeVUW/mI7mvW+0xjV/eeZtxRnz3ADGgfObV0XakEFBDhDnXtmdN7RN+Q+UvtN0uYGYWYqnIPNewm5RYwVGtGNWOB42PdaKH0qRUdWvCAbsKflPxW5pJNZlejhoMm+3+j2UlrY59dGqTVPoXkWgIGxFkubrtN06zAhVEV6/PcCZoGJmZsPWIfiY5k/BZljtZLAa1e2cboD/0q8iX0VzyRSmuKzVYMa6/NTU3PQ8l2x5fQRRq5OR33P2N36Wb6cO7GB9mEKAElTnd8oLlJ3T27EBctdNf8gOBIYWtGo+lYtKeh/NJm5o7KGIdjhThi7Lrbyqaxb294yxydmrJBh64dws+f3IhUQBLz+6lk5PM7EtrBCGuN7PqdqQMHqWMcCvDCHxY5X/U4zrWMAClEifJfC0b+3HthLkBHb388nGMo2ymHq683s0PxmmY0lfpncUEGHu+1J5E3w2BEy5Qv83x0RQDoDFab5lxILo6VSmZru+Kj18yeqNiNw/CzHaMvID7Gio1jaq3DsuD4bA9ne5Je5yAK8INrYRDCSzMfQpc2QqE306tonmsu37EKGHTCOaaqfL8/f31nqZcdKAdidM4JBa+osYYVUCp50Nn8h94dczpjvC+M2hEQXbibUSwyPjDv7ptwfZSEPG1mjbrOEpRSbzh3lGbE5q9K7bNyt0aJRi2gOw/shU5rPxmJ5KoL0HUEc74pZRG+Csa3ZKruqYqOEezgZmVwo0E3NQD8u/y/oF/L8hgKj2jcRmJS/pKbr2Tv+Sde1ZYdZjsXW6tFRjPDZGyhjHBriPLikN097kmuPFWS3f4ZFPyHM/Az2uzPPBFGv7VchUbFScIDgBIq+fYnTPtjjST7FgsDxpzTkj8uliU9z7r0dTIawC8qSUYErsFYSvUITySWTam0R04yitaArcH5fLEhEeKKMjGUVkwwxGxfv9Fql6Zs1YSCKka9aynXDUmw6igbRJVIPtmEosrmFUzlX1OEiJrX5xWOVAv3wQ2vrxvwHlmOMtr/cQagvASds2kC4QJ4qSwc8YdpLAwrn4+h7uNP/QChAOVCiGQXpFqd5ab/LBc6Gc/1Zxilil1kecMFBc/XmVssw72XSVoXVJPlIyiSYOAtm1BGQHJXRspP06/M+/5ffaHoEevqB47kf6bE8c3F9SwksgwGtaqXdFBoKSQcret8Tww9C8ZwDji8v/woVu2COXWaF2HLg3r3vrXa+DVVz1ENtOmJEJYTCuLmdqpZsWv4olC2wcCUEA+po9kZbVcEAfKd0xe/0x2fzqQ==,iv:lDEAwKxgoRPH5AtF2kYxPQjHkw3/kbbpoz3jlUsEpTI=,tag:6dbL9WZoTZ2xSrSVE4Dlhg==,type:str] sops: kms: [] gcp_kms: [] @@ -13,14 +14,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoUm5MVFA1THRlNHlQdkpw - MGtVZjhiTTNCUzcwV3lCQ0NqeTZHUWxrc21BCnRVbklPZE84U1FhNFIzeHowWUh0 - V01aeWhDcno1d1Bta01rdWtvaGRQaUkKLS0tIGhiZEZoMWt6WDlGeHpNdWZyVlI3 - THJzYlU2NUJ1R1I0TEtpQUdOM0VvQ3MKQmjL1jaJfXGi6FeFb34/l4FhOEAV05Q4 - DeHvke3nKOP/R0BJxwqvLi2hAyI2LEMSEaXs7iWnDDFOPUA1DiBcuA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1 + MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF + cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1 + MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf + pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-22T23:43:36Z" - mac: ENC[AES256_GCM,data:szfQ+rXGzIaqcLKnGO/H1poFQu6/qxtUJejY9lCQre/YUg+d5WAgPdrxlwmsUsLaUz8tgMGiAd+J8NmR/P+tahz5/wwuHOYadPWzof/okC77vuyVLjuEE2t2RQ5U40kUJJKR/3TPawyttiaTDpxu6VJj2KcIlHfxsW5ddzAtFdU=,iv:fX2yQtrap9XKxjiPMfriH+QHZM8tGrTDgtHhCWh4NZQ=,tag:7FWAPf7K8rvyEURVFkrz8A==,type:str] + lastmodified: "2023-03-04T16:16:37Z" + mac: ENC[AES256_GCM,data:4HhqNV9EIcBA/nzxuiS21TWe6BQ+anfEQOnfrYcZ2vVD2dTPzc0ztZ1Ihc2WX6sMCVFDpUJFEcr38Aj2tXnnS80kTsnznBsSFNLj2b857PWXNeoAuwiiY3XBq+Ndo7I5wCYgWyuaH8xWQtd5JVuZPpqdtjTkbWq3lj8aARJUuQw=,iv:Hlu6iaBBQovSaXYAEB7nWBL9OM1UXYxQ444s5ZrMtuo=,tag:N/znbxYVwFoJ1eYAS8PE4A==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.7.3 diff --git a/badhouseplants/values/secrets.chartmuseum.yaml b/badhouseplants/values/secrets.chartmuseum.yaml deleted file mode 100644 index 8e14680..0000000 --- a/badhouseplants/values/secrets.chartmuseum.yaml +++ /dev/null @@ -1,24 +0,0 @@ -env: - secret: - BASIC_AUTH_USER: ENC[AES256_GCM,data:i+3uBSJ1yrA=,iv:bhB9fIPxR2y9sS4jfbuhAIyzMHgoIRLFGXzQJ4763Cg=,tag:7pv9IOcBXhaeRu3qChQP8A==,type:str] - BASIC_AUTH_PASS: ENC[AES256_GCM,data:zSb7cw==,iv:CL6ywqsc2hpTnBl7ndD0s49JNEmMNnu3X0gke4KT3qw=,tag:tSVaRdIZpkzsqp6n1RUB9A==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBc2RwQk9OTS9GV0NOb2x2 - OE1YVEsveU1VMTArZEJ3a2tETis1N1FTTndJCm96bWtYMDdRNnVTZEk2b0JPQWFl - a1BTcWVyUWZKOEJSWDZEcWZydEc2b00KLS0tIEpWdTZGWUdCUHczWEZoR0dSTlRY - TlNpbDVHa1VDUk9wODJLaHZJT2JoWmsKUD7yk2jpDVHvP5B4soK7k834RI+ydHxg - H9/8nzPNwNbpq5ysHmYFChpfiOHrSKirVINUP7MmLGdPZ24FSHI4+g== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-27T08:47:35Z" - mac: ENC[AES256_GCM,data:w72acY/GygiBVO/3/OQU1WJ90R+mbuCcGid9KzCAPOtdhBBbY5zZUtkZvkZkaugoiI+bpywoXQI/5JbY4+23D4MN2XHHG69DIkpR0eygeTHWc/id+LhfxIGHqvYzULshQuyVtPezoExWVwC3c3ZJYpkzRJhgOjA9TNg5ib4jnIw=,iv:srnydYWdQ352zeNzk/HJi5CyoQEqsDxbCV+1aT1qE8Y=,tag:zCRILWPmLcW0mN/IRpzazA==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/badhouseplants/values/secrets.db-instances.yaml b/badhouseplants/values/secrets.db-instances.yaml index ffe6efa..f8caa3a 100644 --- a/badhouseplants/values/secrets.db-instances.yaml +++ b/badhouseplants/values/secrets.db-instances.yaml @@ -1,8 +1,16 @@ dbinstances: + postgres: + secrets: + adminUser: ENC[AES256_GCM,data:pKbAQDiOs6k=,iv:yET0mJtdm2baDJHwq1uYEoxye48g2PrMqiOSO3POTBo=,tag:wuIxhHiRzjSRM+uaEo2KNQ==,type:str] + adminPassword: ENC[AES256_GCM,data:/U3q6RmOYLpxJBAYsJ8f4lV3MB0=,iv:dw7g0E4Gm0YqtgvdcC+bq+YbSRPop3BKLiJfwaz+1io=,tag:NAXnWj4AjgajN94ml/ENsA==,type:str] postgres16: secrets: - adminUser: ENC[AES256_GCM,data:Ma+kTq+QHKY=,iv:1znr9VoLAdGlLFzbBx9NMsj022vb0I9z7bTTTAjzX/c=,tag:GfUQHztjj2h/ctm6XznT7w==,type:str] - adminPassword: ENC[AES256_GCM,data:XYfh9OGA9SgW3B76u3tmXPjQ8vA4,iv:M4KIyzNujIePcrwmp9N/EErer+YZFRujOEN9VsPz76E=,tag:driIxiCOYX2VUj3v0rvB7g==,type:str] + adminUser: ENC[AES256_GCM,data:1THZrB3Rg+g=,iv:/euSgQUYlJ4HbiqWr3ezwLkds0nwioFHRhXbqTiYR6M=,tag:GSbSxrNrVJKHp9+3+ECVRA==,type:str] + adminPassword: ENC[AES256_GCM,data:F+5az4JRH6LMz88duwFp5EDm4AYG,iv:dbsfSSwigBX1cU6XFYu4ZFd15Te0MdGBoq5O9OtqxgM=,tag:uOLhvHSiBEbbos2GzLJZ3g==,type:str] + mysql: + secrets: + adminUser: ENC[AES256_GCM,data:XFEGew==,iv:7aj2J7Qs9mHC5kRZGrg71hwEBP64vEz0qQ+qoPHSgrc=,tag:/Rx5yx7iMU5Gwcmbf5GVSg==,type:str] + adminPassword: ENC[AES256_GCM,data:vYIiHccMkX7yJ2gsVGcLTUO7Ers=,iv:uDlefG5I/cirIUal/phlHCNwYtcXYFBND54XJ+n7eug=,tag:YK7pdaohOZL9yg4OiPxbRg==,type:str] sops: kms: [] gcp_kms: [] @@ -12,14 +20,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBON2FPbXpoZCtMVStKZ0dl - RVRycjdaODJMcG5vblpiZlB3M1NVZXJaaWxnClpPSURkM0hzSFdPVmIwQ3g4N2Rx - Mnd6LzY2WVA1dTJmSVhMZXp6dmx5OXcKLS0tIHJKOGtWYTNjSnR1ZGMrZk5mR3ho - d1p0TDkrWkxwVUpKOTNYQVlORm94dFkKh4sfmicfMZzwoD6LymdlcXDTFcoLbJXq - Hoc62EW11Pl0Ah8HWkndbiYVO++xf2UHWq7Th4t1W1PdKq0bCN/GSg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4 + VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi + bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns + Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 + OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-17T01:05:06Z" - mac: ENC[AES256_GCM,data:DX2T2S17r2U5jqqFWRDeuBjkjO1OrkF4/wRAC1cmSuhrGB+R+B/x3RPT9XKGpo9kEzgQkj1Fx9Wjkg0KMVlmTWJZM6GtHz/DUbD/nQX1+JLy+1U2qSYua59hdez3vIPPaLbiYcs7g2M/nEyyMj5c82wBgDUD26uiYo7V/AeoWjU=,iv:ISDzjgML2az6Y0VH/KNUcTVuHv8e59tT+Exn5BAqMeY=,tag:fGXusF0pYxHCPe8i+FmNIw==,type:str] + lastmodified: "2023-10-04T02:28:20Z" + mac: ENC[AES256_GCM,data:EBNSr29LlLjadOrrk2ZSwH9Ng4YD0pYCrhfupaQPSK5559zUCRIuPuTC5P0sfh5dn7YARrcprAwH68I3Xc3EUWkZabCYcjR+bfbby1s8tjiIIgVcksQJr523CDIXMiezf860M9uyktxWdUQa1TjuEfo0SAkYs0XHEaIQlOloN6c=,iv:v/Al1appBTv7ypplQEz7C2qAnvCDRK3JPCN8+PATeX4=,tag:Ci8eg6xsFyZz35r5p4ie6g==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.8.0 diff --git a/badhouseplants/values/secrets.funkwhale.yaml b/badhouseplants/values/secrets.funkwhale.yaml index 8ca3587..1730f80 100644 --- a/badhouseplants/values/secrets.funkwhale.yaml +++ b/badhouseplants/values/secrets.funkwhale.yaml @@ -1,10 +1,10 @@ -djangoSecret: ENC[AES256_GCM,data:Usu+QgI7MLUmU1m3ExE=,iv:wv4i60NCuG13xBPSCZ3NDQI+z5h9ENPVQcZmqUUFvls=,tag:2SPu5TC4sDxXkxVdZ9j11Q==,type:str] +djangoSecret: ENC[AES256_GCM,data:CxsJVhNxku3pohREaVs=,iv:KDupR8tZlPkPeRwGWzyz+eKtp1tfTdFWqXNuQW20oXo=,tag:lCHqv2CC8cXpnqTr8fGzPg==,type:str] postgresql: auth: - password: ENC[AES256_GCM,data:Ly65GeUvKfwKfRakpDZWftzzE11hw6/mQ/rP,iv:DUIGI68MyWF7H56QIjajgP9GRNwdirX4i1lNMP02vXw=,tag:bl0bHFIbMWG2gVns+Fvfiw==,type:str] + password: ENC[AES256_GCM,data:RdsyzDU+XesRJkUSllyvfREzbDz68t6RSw==,iv:RpV9BjK9ytpUYJvNGQ5eHXuhNbXSV+Nl9Yib0ac34KM=,tag:Y1K7cfmoyNS6sih0JMjBVQ==,type:str] redis: auth: - password: ENC[AES256_GCM,data:ZLhshhCqRR4ks/UoMIwSbHtwSE4yg5Kv6GvqUvq9,iv:urWADLANGZz/W35grDnaFuvkzFx71fcqWOzpvz/5fR8=,tag:MLUMmSkTSGCntlooOWtR/Q==,type:str] + password: ENC[AES256_GCM,data:fgxZMA13BpFf5FA8JwLUXjlelUgvR4qtg316OALq,iv:numLe3PrsToG0Fbl7+mdbWOBTb7XrgppF09pIVg+rrU=,tag:ivKuF0xFe/s4P1otjLML8g==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +14,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpT21wYkxzTnJpemJSUWty - dm5EYy8rcXVnT1dVSlhjbkgxZkdsdGV1WkFnCk9pNnU5U0FRL1l3NWwyMzc4Q1JG - SVlmRUwwalR2M3NwcjhJTlVTZWFIWXcKLS0tIDBtU1V4YlJxNVN4UVdscGM0RW1Y - ZXFURTlCWnJLNWtjOENSclIxbHZWeWcKPzZZsTcvVWbLCroJZWeI78H8cgoLfxjC - nXtzdPpaENY1k6XULtsMWmh73Yj1Ul0pRvGiYRetRV0LOo+JeLcJ1Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRL0l4OHh5TTd1UGoxZFcw + TUtNYkdYTzhRS3hpTHkyNlhoT2hTek54RlJnCktpZmpDNk9mYThyUVZOUTAvanBL + VElHYjR6T2QrV3N2c08vZ3JHVWdjSHMKLS0tIE5nREIyVlJ1d29UVzE2aFl2Q21Y + dWdMUFpOOVJYSXdBbzJiSzhQM0VmbWMKUqdIpfa8i7vASIga8HFurrPf1RgA+WVA + GZiG+M0i4yc3SooTIwbDzH0orfaEHueKdNTGOXMgxNiRIt2q9BG76g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-09T09:33:11Z" - mac: ENC[AES256_GCM,data:OCvHNmxwe5pd/xZiwd1LKD/QvzLd7pEQxqhj6xREeq/VQHDapM580DS+BJYEYWRVJUxIJP05E5ZrzYqfmXbynNvY87f1SHNWLVsRTDsKVI5j3ND6mxXH658DcJKfPcJlc3bV8SYX8ATiWI4JIyV43jvhFZ0JFrWLMzPlc2wVdQI=,iv:stgL/nBiCh33GEkBTRvcVyoc8LtX4ZEHgVbsl8x2GII=,tag:grVO5PT8kOlbbF/FfXBPmA==,type:str] + lastmodified: "2023-10-04T18:47:37Z" + mac: ENC[AES256_GCM,data:Mh6OGkcKMGnmBHIKadpLYfFO3UNLoww4gFW+U7mnu4v87j06h6QHOx4p99TBp8OqK3/ky73FUVLGtm5XFLvMgzM5wpghqwqPa4G9UvgP2zY6GM5HaEw90l9mEtdSw6czs1hi9ChNF3RbIPwowW6KNJoASK08YaSwkRLK3J8T0sM=,iv:9N3hRle1eH5EHEPQeAnKSXSjkhhs1045rgk/WNOP3I8=,tag:bsqCJQE5puKckYMgKZsr3w==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.8.0 diff --git a/badhouseplants/values/secrets.gitea.yaml b/badhouseplants/values/secrets.gitea.yaml index 55bd2b4..6d28634 100644 --- a/badhouseplants/values/secrets.gitea.yaml +++ b/badhouseplants/values/secrets.gitea.yaml @@ -1,23 +1,23 @@ gitea: admin: - username: ENC[AES256_GCM,data:o01/289lwFk=,iv:ubra+bsAGt3Sgu49oClylLWUd5ie0l82Uur5vMPcFfs=,tag:bH8dxpC/yls48dWoF60r1w==,type:str] - password: ENC[AES256_GCM,data:L6dhobCkOinNg/MNIAA3VBAq6ZY=,iv:CPBDvQ/i/OniOFTngH5CaUmygf331aqAVJRzBcMJw+4=,tag:RNtXdxEMckIaHTaMVLn3uA==,type:str] + username: ENC[AES256_GCM,data:f4o3zs74rjY=,iv:t5Cx0suxiZduwL2bsfNyxOVI8RZH1ytEGUdOF2nONco=,tag:mo/BwFwzw7e8tAX6LyaIQg==,type:str] + password: ENC[AES256_GCM,data:TnIUSnX7Lj+2N6mWWOvVVmc96DQ=,iv:vjow//IrtvdmTg4jYenwTyUnuBhq7witfzugbE0uq9c=,tag:L5UPa9UK4aB1wY1ilZntzg==,type:str] config: mailer: - PASSWD: ENC[AES256_GCM,data:tTMOtRJ3trW34d+KqMGTYLBMBJg=,iv:4B3ThvHS+vha8pX/OA9rf8yeSGcafEbuMwHvjHPZfKA=,tag:Qs/y3HyxWX9il6HXCw9sMQ==,type:str] + PASSWD: ENC[AES256_GCM,data:lb1VwH/Bc2XoyB42UrhgCX5ad70=,iv:Eh4R2deZOMGq4LxZadtt6SgrdoSxcArYC2X+czKtns8=,tag:ZCtQguWQt8ARS2rTWCSoSg==,type:str] database: - PASSWD: ENC[AES256_GCM,data:WlmdwR035A7nk7xfq5U6A9Ndoj0F3hkl5g==,iv:IgCCq9Hl7oYVTE3W/MfqSMT8yEl275HO8CwW/az2e10=,tag:ZKsJZq88oJhsIvSYwWsX3w==,type:str] + PASSWD: ENC[AES256_GCM,data:mI1RHEThB0bM1bJ/pBioJjvKT3Q=,iv:WSwV4+UzD8HUtA5ipZNu2IVXa4AuQE9k7hTB++AsTgU=,tag:CtU3ValcNw0RSIQVdaHmtw==,type:str] session: - PROVIDER_CONFIG: ENC[AES256_GCM,data:amNVifRdK6R3SJNlLTYik/wrTgfwn6WR4cpCqrmSGlTXKgirmY2UjgYQkxThakmgCEDPaQGFf3dUi7CmCaThIN6bBueNVIrWiccLcp99vVIz05pMlgi+tRQStDStNtn0hIT2hsfCShlX+yVemUYveb+5TZXigqgwpFyqLGUh0Q==,iv:uc/R+s2IZwaXVbaT0+D4rNd1ZjqyrRw0ef1hdQeC7rY=,tag:WhK0ti0PV66LsTLrMmSrQw==,type:str] + PROVIDER_CONFIG: ENC[AES256_GCM,data:i/N01zYx1H1D1eFiZKOmf4e1LoDBJE5AoN4eZl3h/QKwOEy5x4LNQoF7CbGguCBMvITtYbzXr12VzQ8pxEf17z6nssQ2nNiz84zuBOY9DQqxZLkxS5AmKKgk7XKF/YYYDaavMdJj54gtXoCrDZ58z5Tw8FM0ScTRp2+4RXGMwg==,iv:dKZhe9cOPDhdtK9sJKzCHmimV1vcuAebY8DfaJMqk2Q=,tag:ZhyEepW4wIM1Dv97xn5xBA==,type:str] cache: - HOST: ENC[AES256_GCM,data:YlP7/4j3r1IpIuQN2yq2QD3IPN6F/sFw66RfsF0wPv53DNmordSB6D6Ltp4p5rhJtv9b5yX/XwEf6HY8BPpV4hC0oEDIMWHr1+rIS8GqaDt0faiwPCvMxAOmFjEP6n4pcEJgOlCx1Qm57SOQPKrUb64VchgOSAvkeSpWsBXoUQ==,iv:0P5LUtVCHpuuG8AwHhK2Hm/9ZY5XUYhxz9pVirhtt7I=,tag:8Hg5l1e/36AEa2mDmJSPWA==,type:str] + HOST: ENC[AES256_GCM,data:UI4Dgb4qajStyDcpuJaoJTaTo3vowWQw272Y4C5q3DuV9DarChv4Qvxh9ZJwYsPSgO9G/3eI+mLldipW98HLfATMCHR+DicM7ymI0nGwxeliyj7sOVGFS2dU4zF1kNyhFCqrjMfQzTRQbfOTiB+QyfhluMfrDbOjOAAuLlsdWQ==,iv:WOlGAxAtIS12vCGIUmxMhO3UIsoUuD3xluZbBThugW4=,tag:Y0Amh1HEtYcg+9JvROM1eQ==,type:str] queue: - CONN_STR: ENC[AES256_GCM,data:8WzpUjOeIUy/wd1SVah8huYgKGnQOeaIsHIGDOp5RPn3sDRFWQjt8UrQSvdQlpS1ByfzEKOagiRbAntopgKUBS217BIxCTseWWNHZSWFHmeqHl5khF12W/vzGnmNz13AzYjFyAa9pL8EO3padLCcW1a4amxrZrVxfoDdPGtLfg==,iv:ORrQ4J5h8GHCIc3t0DkMe7Su0azZZbXbHRq3a4els1g=,tag:OVtgofGCMpuAlZRSP2SC7g==,type:str] + CONN_STR: ENC[AES256_GCM,data:kpqTpJVI/8790Ho2/U8YTC2Sc/d7v8mc33PsG7vNO52d9vMCOgsb+GQldWlfMPdf1H09axJxdFc5SIvsWWD8FoaXvtktlz4yk6fL9YxEXnkpn72VSiNe+ajUu6diP4gYWw2cUhyKt3ss/Gx70bKMEyE5g/ecZG3S+NZPFxPSTw==,iv:T69ou0uBg5CrseI0VwB2sSKRDknXrlUVPb/igGI/1H0=,tag:Y42Wa4QVt8k6AmhDC5bOAg==,type:str] oauth: - - name: ENC[AES256_GCM,data:DgSGZYls,iv:jO6H2etEbN72eUqALClaNSSXTmFmwEwh68+B55XjgSg=,tag:NPvG3dNbqBfJpIYs5x5DRA==,type:str] - provider: ENC[AES256_GCM,data:KoZ8Phel,iv:DnVY7rr6Si7wRqcq7CIEHVwzdk4pu8LI+SfIKmQ/CK4=,tag:BDzwrZlCrG/1PZkZatAinQ==,type:str] - key: ENC[AES256_GCM,data:KHj8+hRm9WkQoJu9zZpXM9MggLU=,iv:HxbXynfvGPFDGKdHl9Vx4Y+Zg8hk0PBX4SmK/KDfVKk=,tag:tL2lkB458HhuaqZ0zf2FSA==,type:str] - secret: ENC[AES256_GCM,data:xGu+1QXvLo328O5D7+mJb+X0s3qQbD93kQA8UC3ec27oCcomXRSX7A==,iv:vVLCaFNv/4qjbvxyM2NKfScWAUz7Pn4o3GfzW/IhTO8=,tag:mRvGiq9jrcp+kaUeNlCnTA==,type:str] + - name: ENC[AES256_GCM,data:iR9QX2Si,iv:B+4ixm+dOwAnXFCYq2BnExnfVDGooonBCiHpyxfkLP0=,tag:r7CZbpL9uQ1QjAFNiFfOsw==,type:str] + provider: ENC[AES256_GCM,data:byE4rELH,iv:lcvbNSZMD9EMA4CmJF2mvN33a5fmXWzP4++PnNPK+fg=,tag:2wfHrpp/bJJOImBq5ULzqw==,type:str] + key: ENC[AES256_GCM,data:hiIl59SdN8usULpHhPX8XhMckZI=,iv:8aycsJVxbyK+Rlor8AsYKb6xjjSaS9Y5pRC/hoHzuKs=,tag:tBhMPj+AF86TaLkxF0+6Og==,type:str] + secret: ENC[AES256_GCM,data:JfoXbQW4G3QdDsb4WxbMOIBvsEVYXsdK06s2TLO6ojtgprYUb0ZKHA==,iv:n1SYPP3tnUCNuKET0PS9kIHcRSDMDqWtysjwbSI8O3A=,tag:EJ3gKUsCG9O218yS0sw9EA==,type:str] sops: kms: [] gcp_kms: [] @@ -27,14 +27,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOUUg3a2M5cklyK1pXbklQ - M2NXVkFyejhsVmtuclB0bDJSUm9RanBza2lNClVoc1VaSjhrWkNUc0Q5NVJ0Zlo5 - TEFzWXBya2tRS3hCelA2NTdUaFNqekkKLS0tIEwweEw0NFJRb1B0YlhnSFUwQUVC - OUh2Y3dUN1E2cEtaZWxvQXR2S2RRU1EK/4pB/huJUUfnai9tNuLCgVlYV+5e235X - RsA/rvpzFkwLWJD/Bg6Uxys9zU0LyuEvi9DwmEHM7Wuam85Ssh20Wg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkMCtwL0h3aGtNQlYzVC94 + QVFvQ3VsTnVuckt1eW80RXFkTUw2VzdzMTBjCjMvSDFlZXpyM2RQRTFTTTJrL3Zu + LzNlRy9ZVTY5cWh1WmxmbzdwZVNHQm8KLS0tIDdxNGlxbnk1SDc2R0IrcmFHMmo4 + Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN + WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-09T09:32:40Z" - mac: ENC[AES256_GCM,data:zB/f5zCAEYpfFxhA1PW0osBvIC3WRVH8GlGZggD98KyuwhKDRlwRlNp6LTcBJjt0xZLK7xGQYB/A6vhpo/V6D8JYc6Cajy0mdy3n1BhX6W7ow6qsc7iPxFOKu2FegNwxY433FWsprisbV73K45TKLxxBtwD1PO/gCzCUah+iXr4=,iv:YEyYqURF4K1WbN8XB3f7YKq+asco8+m1jjBmCnqQ5gE=,tag:F7CgV3cQNTWndm4gvphejQ==,type:str] + lastmodified: "2023-10-15T09:58:05Z" + mac: ENC[AES256_GCM,data:W7Ml9O6oA5dG59O7eWUEBdRrOdmoXWdib2tzK2zCFfMbjWczS5I7AM3DFKG6+P/kRiEQpjj0OarFvuJ7e23blx0/43UXqjpRCuGqcWkNXQaYaxlye6SDlLjregTUeqo4gyzyXYVpIGikLNBYoufewpdlboVQk8ZheSLSOttrbcE=,iv:IqrjduR0EhuzCCWCCJOHCL0DlS4B66P1Wlucg9R0gk4=,tag:vmq6+uh9q7avpK5Q56+iJA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/secrets.mailu.yaml b/badhouseplants/values/secrets.mailu.yaml index 61e967f..5e20299 100644 --- a/badhouseplants/values/secrets.mailu.yaml +++ b/badhouseplants/values/secrets.mailu.yaml @@ -1,21 +1,21 @@ -secretKey: ENC[AES256_GCM,data:0LlGX1QG39jemZ8X2Itq2A==,iv:Dt1YoxrQ3yxJVZ3sc60kWXDvtwKCO7PrsZRMZUDOHpg=,tag:NY/8/xxnYcX/Hv1BCIKCjw==,type:str] +secretKey: ENC[AES256_GCM,data:yL0+ORBJ4ZWHrmoNvVowEA==,iv:XJuY89wtdz8b+9SnTMro33Ka/pBOymyhN3MLJOyujAA=,tag:hSXjKC6+6NLgCoiHlbqtxQ==,type:str] initialAccount: - enabled: ENC[AES256_GCM,data:rCMSGQ==,iv:mltQk4uc4jETPOimbRirrlxWxPsck6cLOM387chFtt4=,tag:3cy2sk+WPle9T96PcdWL+g==,type:bool] - username: ENC[AES256_GCM,data:2s3WINCPpAg=,iv:inUPAt/Q/lqSi88CKIEcexkbeJwSkS7pCWJqjDBbZ68=,tag:793MA/57fipWdODD2zcaUg==,type:str] - domain: ENC[AES256_GCM,data:IPoIY+yGxry3QQTRbdfbaRJU,iv:xG3mp+yAf+J2V0owRYi3XUCpQjtxAA+92bNiKTLvhvw=,tag:JogwzTxnImd4iKgJz76yaA==,type:str] - password: ENC[AES256_GCM,data:e2d9qYEUjkxbQRatzDslMTGDZhIqZwgr9t/olN2G,iv:uynCQDAKn7IoVpd1VLhWAI6dK2hN7LNC9PFNnOkYGOU=,tag:gqZSMCh3j/9lA7m6RQm6Ag==,type:str] + enabled: ENC[AES256_GCM,data:MvyEVw==,iv:ICIPR4oJW6pCRUks7Rk70NqdxVTXYqmM2qjQetppmEY=,tag:1FOK5MyPSTaiDayAAaPPuQ==,type:bool] + username: ENC[AES256_GCM,data:qSsqS5iQAyNzAQ+ZOLSWsie3k04b7qPUpcfU,iv:sXe2sjo4XesoEmjI9tY8gYd2psUlZCltBtLlIyE+v8w=,tag:uZeXnjU+7aLHI87qW+tiGw==,type:str] + domain: ENC[AES256_GCM,data:T5w/nPrq36iwZQdYHMQkisY1,iv:7EskbKJfRXMhkKZBgHy6nP8r1epcf7bNi8gAp4qY5TI=,tag:nZ+0BhvIy9Ap88SHaKhSvw==,type:str] + password: ENC[AES256_GCM,data:dki7Cw2n5FxYsINS+aap4u8hkQBl4RUVW2KxSXrQ,iv:XxUHdy5xAWoH00yxItL9P5YuCJtCG4pfRUhZdOr0EWw=,tag:Lo7ahX7CAXS31lFDKEYRww==,type:str] postgresql: auth: - password: ENC[AES256_GCM,data:YHgy0iu0oaaRBiiO0FXCN2o9d76Vgdbxi3Mnoerj,iv:d0tOkZsXvbEVA8awiX3P9AMrctbvy2JIbGggua5dTzs=,tag:v8b7QHY+5urMsV53IL7wsA==,type:str] - postgresPassword: ENC[AES256_GCM,data:LJH0X2ptmy3xNOHcpWr1FQ0IA1v8q1GmzXrhRwZz,iv:kLh8rb/75uGQL4uFbNLxzD+U59LcKkDeY4uExgbfgoE=,tag:abbtDQZAdzzrMsw0ErnX9w==,type:str] + password: ENC[AES256_GCM,data:o2KghCpri6cUbGeh3LIjUO6TXBz4nrZSaU8tW7PD,iv:KNp+FM1DqC2h1/F2cudAQfQZA6UAD833SQbEQ/oKkTM=,tag:oHZzKLzZ+IIJDrjFDX/3cA==,type:str] + postgresPassword: ENC[AES256_GCM,data:2+RrJdHwGQVU910BkXH5ZogDfh8zoOPDcJazg7Iv,iv:CKH/lhkTYNbJ0sKQCwgZ4CDg+7ITsbJq3wcQiJWogtI=,tag:xZX3HSfpC2Wrz1sCOtQwYQ==,type:str] secretKeys: - adminPasswordKey: ENC[AES256_GCM,data:30CNkafy6P0F5UCvjxMus9Isi/FzDzyOqMT+VFk0,iv:1s7dFCEGD6soA+uwjAzKmvCltS+YUVY1/2Tk3ZOBemU=,tag:IO+YBBWmmUnyxbsigACRwA==,type:str] - replicationPasswordKey: ENC[AES256_GCM,data:pdBxjNmwcsDj0/dC5324XVUBpemUM8LbjxVlBwt/,iv:+wfSUgLgCORtSe1Vf02LZx0U9eEs6Bd9OgH3n6kK8BQ=,tag:E+FgJG2z8/TBAmy7+XlYSw==,type:str] - userPasswordKey: ENC[AES256_GCM,data:3s35K9e4RHRvpt85ft2Msb9GfC6TlGnjIT8B/obp,iv:KnuBW4b0LOuHwXNzgxVqpVDnijiV+DoyQfveHvgCsp8=,tag:G3FcSSPMJy/7IUsUPLbuSw==,type:str] + adminPasswordKey: ENC[AES256_GCM,data:LbBjpvmdVgIDLtlL5ccufC7Pe28ZVO5CYxTzVoZD,iv:dsVuk1ZluIAhtYN1s9xH+2Jk2CyVYGRU2LoxnC5Lgb0=,tag:lWZohYLUyVnrMKhvwIz7uw==,type:str] + replicationPasswordKey: ENC[AES256_GCM,data:asv/FCVAPir07vw5kW1uqSPGEKTR/ukwtOXY5q8j,iv:SnEftPnqXdPK3Zw9nd8Qnj412tHrPSK6hR0V3rLfn3A=,tag:xKqOjOuSyMKSo02r8GyVbg==,type:str] + userPasswordKey: ENC[AES256_GCM,data:NNUZ8zVSem5Aov/PxFbc7OjANRVa5g5WjyMLRX1V,iv:c3XDq6nyea5ErJZHMKwxEqNfpjBYVGiqbAgqko5nsjI=,tag:HrhLvBxraIKFhNPaulM+uQ==,type:str] global: database: roundcube: - password: ENC[AES256_GCM,data:WUgeCqoWVRCdrA==,iv:5HO53lEArnIqRlWnQqlSKZ+hs7DxDAc9D3wHmbvb68M=,tag:nrjt2qnqGDmT/rv7JNR8Mg==,type:str] + password: ENC[AES256_GCM,data:V7Ml++sPS94LzA==,iv:aQ36cTMR5ArSows/3+z10nFIRppCkSvQx6VwtB30hno=,tag:2yVIXNHJ3HbA/sr6vnX7XA==,type:str] sops: kms: [] gcp_kms: [] @@ -25,14 +25,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvVlBCaDl3OHBxTnM4aWRS - L1Q2aC9uT20rUlgvQXFkVThsa1JBS3ZwdnlrCmwxQnNRazlENVFPUER4WEx2ODVu - Ukx1RHQ5c2NCZHptNm9IV2cxdHlmUFkKLS0tIG9kRUhzZDlocEhNQlFrYVpZdzVj - aXFnN08yR2JMVkNGcjE1UDFDWjBWSzAKQIt/5DQkW8FTQTQyWfU8QSxMQ8TV1J8i - l326pi2q+TuLoIvef8EKA+qax56OGnqESl2JcyHCAyT2T1tTzM1bpw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGa1lRY0tQUk05WmpINVVw + YkJkVDA0QlZibHFmbDdPTHpGTTY5N0JodXljCm14aVVSUm43MXo3d0ZlYWRUMXhh + b1VqRHZXUTArbDNpRG9VY1U1a281ZW8KLS0tIHV6NWZQdzVzWFdJU0ErQy9WTFMv + RjVVYmRKcERYZVhMT0ViZzR5cm8rMTgKizZBRrU/WauUmFYm9fnouiegNkYZkudp + QpOha6CggN8rItelbnWMHlzGZBzM+77mFocuGmvNuTY/YGSkXfLjLA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-04T09:30:41Z" - mac: ENC[AES256_GCM,data:5SE/XCKyCArO+AqhRJb8h3K1WYys5OHcOfZuRW8j8i3SMEtb+84D1KcsgEFBsJmvffbpxaKXcz7umEIKG+LWLeLjvCgqHwZa7Tidn1X07a9Dep74BfvTNZWVCKEAi/6YcHkLIsVM9Bkl0MOPZTxDjmzVsdiCR+3nfZ6RJ4AysxA=,iv:Yf8m6YNxycoZj+uYAe4rKRmzQiuZtmpLrYYmxDvwPbA=,tag:TcrPy/gj/je8gGOw3jiZ1w==,type:str] + lastmodified: "2023-04-28T08:37:51Z" + mac: ENC[AES256_GCM,data:NtXsrrs9yWlVO6oBQuJKHKPlmFMkqmu5BqOrYjdj9R7KdYycIWRDlNojieP9lghjSllgjkR3N4DpST9n6r6GHOkrpCl0eX12AsY0GUhSwaJzMgvX34Kzo+BjtISvODy0UzEVb9qKzbFuO9R4FMqyxBjTJirJVFT1EIB7Hxbb5Zc=,iv:OFKLvj96oRasDg5sYbJNS5KvZnxOXhh36Nwjl2gA1v0=,tag:aWsKrlbubuh+xTnyxvWeRg==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.7.3 diff --git a/badhouseplants/values/secrets.minecraft.yaml b/badhouseplants/values/secrets.minecraft.yaml new file mode 100644 index 0000000..1639eb7 --- /dev/null +++ b/badhouseplants/values/secrets.minecraft.yaml @@ -0,0 +1,28 @@ +minecraftServer: + rcon: + password: ENC[AES256_GCM,data:7kQAt4R+uN/28Uvn3KnJnOvOcCOf6FEaow==,iv:G20SygTZZ1O2DyPr+/f3XSC3bB4L5p/9CxZkPS5qibY=,tag:O2Ab+AC+Eho6MRm0vC9hHQ==,type:str] +mcbackup: + resticEnvs: + RESTIC_PASSWORD: ENC[AES256_GCM,data:mjrSV6d6a4ZvesYjobhHCVTngw5EQqesAKecSPVY,iv:WSk5V61opvccp/1bhbcO6S+8GcEYVlxk8l6nl++nxc4=,tag:wENZyx6IxJgswetDi8alZA==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:+4HuGGHaZgPXLX3Sm6U=,iv:qMVfe2BzdJtvHYX7T/6WPt8kCNRdn02Ynew/q9QH1KA=,tag:7JwAloF6HPdBXTGC3kto4w==,type:str] + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:yfS/LrX0,iv:HzZmzUOmI0vJ+vPkI2xn2F/w43/BKOGil+SLRwhcG0I=,tag:c+d8nyR5w5mU9F/H0zl/1A==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1 + MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF + cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1 + MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf + pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-08-15T15:32:19Z" + mac: ENC[AES256_GCM,data:ghfbBqsdFzQaRehefvpnnFLxp6tYE1K36gXLyN7gdxlvZ20JRn+FMfeUm8IjNKl3fCH2aVdM18v+T4xBs4QSXAWH5R79+HPn6hl7kYXzGJKTdmddj6EFZFXajisIJa2eZpEKPk7uOT6YczcNxNKByKxgHxTXe7SYlIkE6CgLT9w=,iv:inXW7OxvQXPGO4mkJkd/SMVsTBWA+utso26VXb5yNdM=,tag:f/GBzkgI0zgInSdDbHICag==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/badhouseplants/values/secrets.tandoor.yaml b/badhouseplants/values/secrets.tandoor.yaml deleted file mode 100644 index 65d3703..0000000 --- a/badhouseplants/values/secrets.tandoor.yaml +++ /dev/null @@ -1,22 +0,0 @@ -env: - SECRET_KEY: ENC[AES256_GCM,data:vIzxdLGoKHEIGt451pZKwyFFQ7+g3ViryUHkhmzU,iv:JuSUmrUUgVL07y4mQ+z3lNRLpe0io4uDKndWpEgIVDU=,tag:6nsOuHbtgyGFJebOHChKxQ==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNYmNkcjVyR2o5R0dJTXZB - d2NBczgrTllrM3hWdHVIcmhmb1dlY1FzN2pjCndTSS83Wi9WcytrT04xY1dyNXVV - YzlxWmwxNkpnMk1oK25wcDJTUFQyYk0KLS0tIHR3R3did2hlMThOUEV1QjNma2pM - NnNxMC9vNStLQ1dadE13RmhLWExqeG8KpSUTbfxuZX+7L6SK55BJvY8KIfqt2ykz - qNmUpeC7YHzDfoXGF6+jklMCVcUJDRI5UeZejZ7KXnI9OR8VncIiqw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-06T15:16:21Z" - mac: ENC[AES256_GCM,data:qVocy+iBsjj45hLObpoxxo0ZyzxCITXR52NLfo5NZvJutRLs5SfKjmecYVth4j1t15qUJ3GIYG2t2lGxqptMyPK7SG4ln0G8p02LP4XdboKYeZNdWlHYf3cMZtnST4WdrpTCNWhLs3+8ittBb3AsR3QBtwoqzalC+VatAOJ2IDc=,iv:y3TspYIFS/eVJE8x+fAlPhFrWcH9PM0Rajgt8yUJLSc=,tag:nUt0xWqdjfoeemTk4xhr8w==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/badhouseplants/values/secrets.vaultwarden.yaml b/badhouseplants/values/secrets.vaultwarden.yaml index 61f6e40..9c2e617 100644 --- a/badhouseplants/values/secrets.vaultwarden.yaml +++ b/badhouseplants/values/secrets.vaultwarden.yaml @@ -1,10 +1,10 @@ vaultwarden: smtp: - username: ENC[AES256_GCM,data:j/y4Wzhb1obnLW9zHYqpM7/Glfd15hDAAn+6,iv:wNQgESf/0zbfcwFWrKgdSKcoCYVUJ3pnQYuMhfeergQ=,tag:/DPHJGrySeH9xZ9gfH7yFg==,type:str] + username: ENC[AES256_GCM,data:6kAu3et5PmRgZ7B/qQQKA/hwsubozpBEcuzA,iv:cqNO3VWKFRWqBRAFTf2AyMQskuZvcDghseT2PWEsCjA=,tag:nkzugvJTJ/KhLuldXxdBrg==,type:str] password: - value: ENC[AES256_GCM,data:lM5RLAEz5K2LqoCEt2KfOgVv+Dg8zDwUKg==,iv:tT/71iljjyCyBxVoAKOZgdC7BHxhQfjH7ECZUGTv8So=,tag:sd2+m7KyoJmEY3l6Qey6yQ==,type:str] + value: ENC[AES256_GCM,data:9PJzeGeXiNN50GrWMxU1ho9+jHs=,iv:wOrU8g/xBBKFRYvDB1G/I+VG3lpvFdMirgJmP01PbhQ=,tag:dlDq9S+SQmlb4SZIGYhrlQ==,type:str] adminToken: - value: ENC[AES256_GCM,data:8+nwPIKqrzIHvfxzVvUx+hh6qz6c8lCTYzJQsbGFx3c/76wzgJZ08TVNRu2VNmlHBOE=,iv:U5Cv0rykPbBql6wu9HFuMIGoLMM40TlDp8MNM5OGzzw=,tag:++lPoZaKQD/RsVm1xZfMRA==,type:str] + value: ENC[AES256_GCM,data:PT62LcyiNqW1NVeuZ5+HTj8fzwSwuD1av/Z8S2GnR6j62+F8/aibhW/ATFG92chw++w=,iv:LnaRBem4dsggV4u4IlNjlWY301ajAHot2D259Y383m0=,tag:f24QDtGrtNJFA95Qo6Umqg==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +14,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhLzVRdW5ITFJmWHE5dkRr - R3pGbTh3UmFTTXR4VVVGRjlSUURudmxwM1hjCk16U3BKYkZTcmdwaFZtcTZNYk9C - M0ZBZk52bDBuNWZwa21SMU1mSnhmWEUKLS0tIGZVV01KQ3Z6OGltN1RFSks5MVJI - a2xWUGZpMmovY1Qya05nVXRZVUFDTFEKhF34OSdGZizs1/Rs9qvUOVtomQBvOFbS - hRsK3Orwig4HJdzj1UOZd8UMGwj6Mzhw+aKUJKL67igMwxbxVcaU1Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDL0RuQitFb0dPajRpSHRo + WnhUa3BOazVHSTE5STRNMGQ2eWUxaXhvNEJVCmtpMjE2Q3hyQzhDSTBObUgwQXV3 + dmhvYmUvL05QUGd6Umx5QjRhMVFmcHMKLS0tIEtkTDc1ZVcxOWRqRzlzdTM1WG5a + U25tMkxQS1gzcyt6R2NkZnVLRVVoOWMKZSaIZxzTlYim2kmiHrQcgRu9XmWelRkT + HZZmSa0L9yEdksUCK3+iqjCZhQBYc/6qJHRYvuAaJ+/hs5RxuLUr8g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-30T18:44:39Z" - mac: ENC[AES256_GCM,data:1cpPRtzipDI0/fXlbcbuQQyjAZMk7MR005sJAIwfNVG4o1UdV6cIEG6096yeXGP8aKYXJwm1GUZ0NtdipQpieNnj59xClZHJ00m0K/0b6UHoGzSMY82t0nNrS3KvVEQP0a+LR5WVQEl7ac2m4FmbHpGtSWWMW6CYBnflfHQisFA=,iv:exvh14LUOeZnLrnvPrX9Hzfnv7wMd1Qfx37F0aVf2q8=,tag:62QX/P5K3U72O0zkgyyXhg==,type:str] + lastmodified: "2023-10-20T07:01:25Z" + mac: ENC[AES256_GCM,data:Oa6UiHJR5U8Tquo/FmKM2LNR1l7Tdc95T55sl8IbC80ywC5hmJcpOdYXSeVzAdEtr2EauEH74FAwyFtjeFHpneRjkl8Hx0Vann3qBMJ1laxYEQhKESqeyJTcMv15Hu61aUQ+OhW9hP9xkcRCNmkXHa0KeoCXy1aloTWc3u7Ls8E=,iv:SsywMpg5KQvfsFbIRiZkEadtQ7Ce2AqjM9+zeaG/ZaM=,tag:X426dGhxmeMqDJnRs4Qhww==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/secrets.vaultwardentest.yaml b/badhouseplants/values/secrets.vaultwardentest.yaml deleted file mode 100644 index 39b3c9b..0000000 --- a/badhouseplants/values/secrets.vaultwardentest.yaml +++ /dev/null @@ -1,27 +0,0 @@ -vaultwarden: - smtp: - username: ENC[AES256_GCM,data:9bEvyZkXadW7Hx2iW6ByPDdnuIFPkeoUjoOyoQ==,iv:Y5M/16L16AWXeaWyKCSsV/c/l9JXmNzx/IsLBmMJuGg=,tag:nFN1ZssjtqZOG8Gvka9f3A==,type:str] - password: - value: ENC[AES256_GCM,data:CF2VgDpxlwHmvCDJhx0GDLT/yyw=,iv:t8JwQFeK9Te2zVdg+gPdMlh1E5g0vMG+ApAGKbGZ4WI=,tag:7UJuxFqS/hUTVunv0CJcTw==,type:str] - adminToken: - value: ENC[AES256_GCM,data:lrb99F1zn7AWlAttShQGGyMz5Ds=,iv:nas5hzd/XMQWFA2pTaTDkqXReoToBulf6s7tZraxM3s=,tag:UH/AXIWKbZOmu/W8XyuWNw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhLzVRdW5ITFJmWHE5dkRr - R3pGbTh3UmFTTXR4VVVGRjlSUURudmxwM1hjCk16U3BKYkZTcmdwaFZtcTZNYk9C - M0ZBZk52bDBuNWZwa21SMU1mSnhmWEUKLS0tIGZVV01KQ3Z6OGltN1RFSks5MVJI - a2xWUGZpMmovY1Qya05nVXRZVUFDTFEKhF34OSdGZizs1/Rs9qvUOVtomQBvOFbS - hRsK3Orwig4HJdzj1UOZd8UMGwj6Mzhw+aKUJKL67igMwxbxVcaU1Q== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-06T15:15:43Z" - mac: ENC[AES256_GCM,data:9GsJoDWT1Onv6f8aUcwkbeTcpr0vF2MIgtJjKTbvvPHhzVeVev4FPFZ5R0YQXD1CmQycu/rnElktohgu9Xwum3j4hfs8Ga2qDqOk6heleBcptXDYwcBUAxg8QD5NNAkefsq5oJi+QsdD0nOeRjG6o5XYRccyoFiucTcpT9eASzw=,iv:7UJzUShRD+tzhIEeKygZlgaWHOYOS+L2Io69K0xW2MM=,tag:alOPQPbM6cex7kgQv8mqQQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/badhouseplants/values/secrets.zot.yaml b/badhouseplants/values/secrets.zot.yaml deleted file mode 100644 index 25871e8..0000000 --- a/badhouseplants/values/secrets.zot.yaml +++ /dev/null @@ -1,23 +0,0 @@ -configFiles: - config.json: ENC[AES256_GCM,data:id5h3EObc18qFAYXYtVFAgJcp7IUS0QCSQZfKqy1fIoZUUYYIuKBDE9aL3OnqZkVJtXn5DNCRii/1ZYY/9Tg2IEK73twu5lDkM73APphI2GPw1ONQh6WBRp54AskuZizx3l1+PyKI/8WPVy/x1cbc7l5pGBziDzSbREor+YQQe4P3Og5KqkoWPeeO/GB/vCP+4CquBVwakyDPibrXtvEcIPxfu8b4H84fBQtlStuoT6Mdmj7NfBtK5SEl9yZ8R+kAJyjr4aM1XrtKtpBfituxi6OsXIQgKTWWZtFkousCkDuKxJf1EUCUR1J4ClmcF7UGUOxg3r3Csf1Y6ijhVgUqDlgNmRIq+qsEWrgWVixnO1RMnRcWmgJFDAs/QXY841lJTQJmVS4LRNZKu1ea8fDmF5KaxBdshizeA0RZGrdNlTUIB5AUsK3mmyPCvM4JYivQp4Hv8i1U9zlLpuPWR+7UgKbHjpQSVCem+dM76W4z9Wy463AS20EjwLUicSq7g8yLoCstuI1XsC8yNLZE6Z/nUkRysiGXa6iJnWez2tVOnIVVJ3c378U3U6tTr7ygae7v9PcvoGBTYTZA0OyrMeHrocKp4026yQJN+8Pj8CPdZX/nhC0gW08xI7EQnzK84ca4XuEZHWEtlmMBJyIGK07trq94BH6QwUaIg+nUv/gKvUA5CuMSAqECv+wCfQ+EU7mRClXR6RYJvEUxIEvGjb3CTOyV+gbj+CKaz3LZWWPETCAvOz0Cd8L56E7yUwFNhd+c7X8RuMy1vdoiCXdkzU5QCDmfv3ka4lKBPd3cvHduXeAh0wMNHSqLEVZblnt50tiZmo6vwiNGxlg3jL56Lfn3rkz+HVKRl6ArPBOdJhbgGj0bZFJMPGBU8kNDksQ6DMw371vAR7FwlzLKdz1Z3D1CvmBRUBIhr4TbnPuTL77fytVq9IdgGcTexs8QhcelXmoW5nA61PpYhYCU65m7BKC0koX4fjCjAksvjZaI0eeYPgKafAqKBlJslqKq9lNGH1orjgmXO0LWV7xv7D46BRrrfMqPwHUsPAGBP4VhfuIXc3keTmtFWjexyjMzvkxtoagATQZgbohjL4D4dzMTVhGH+Iw6AyM+9/NZeb7Cm2CmmJJXG0kmXGezuyRwNrChlhd4/HdeLvfBZbvXYLwr6pZn8dbJ7w0V77clsjN2QhsrPGh8VVf548KlkcfWp821pwmPxLme2TU4nJE+eU/7xK+LdSy8vpZ6wkxThTUdj5/A7DAszgdDed3aWfVIKz2DmLWR1iD6fC7n6OIIE+dcywNTU0sbYkMffpoYwU9Om9uPeer9rkzrnWHZX2btyfKUy8bnf0LuHuzRKyFl59nMUhlXbr1YsEKabNpsaxT50L0idoO5Phkx7os/qiqvxaPChMJngJQ9BXIoKARkg4hgvvjKpQwmjt/liA18COy58B2gjH3aKA6kye0/utQTih65DamYt8Wv4niVAZ3wm0rG5uaBvwZnj9N/xn2Klx5Iih2ZbobWVVR0MCAhe1nKIcnZxRrsm+GGRX2svYZg4ROLq7FagL8mn27/aG0UMdKQGpbXDQviNQgY+wB3jBmZAea54pWe5sgGBxXAZSYhGoOaWCLwWUtQWGdusjebEuqonW6PSE7whkbJxStNZOdAxATlCSe7jAkzuj5VBZbL8mIgnTltwKk3RcbnpL0j0pwousVZpSqg9KOqubxgk81YyMImA4LI3Fi0OFYIbDSw8zJJUgwASIWLQ2GxLM1Z1oxun7HpMV5lK8I+n70Vcqutn2N8URU0XOo6gcWCfknhClCwkOsZxU+DSVYyz5Aq49zwojSsd/CuS6WbFO82MMCO7dRLIz9ju43xAeCgFY7ZpbRyCR8U5IJKHPrHunYGwaRpolAE1V13XuBu0pOyaiU0sIeA44snU58DVMFyvA3PUl47FXvPMjGahbZoun7vi8J8KbRXlhHH/HFshi5eT16WOXK5SXBEiQDjhLa5RseWI121ARKtsvBRlhr9yRsZedlhmW7nqRw5hbVvHDQfUFIuiRHF1XAElP1C1hcb2GDE7r4anmoSRgcHYAI50HF4CPBSxiI+EAisKARIlUgRKt3gOfG8AH4mraUL8Lt+Eb0Clsd0z2GuysPHrEhy8WzGv4HW84ngNmZgznXP7ZFrtT31zAQr9QL/oirJf+ujPUdY03gJbr3jQXrQ1mfivlsaofgC0WL0xLma3Cuosb1nGmw0XmCGJNIOmgZJ/plQCWH05UzVR/QXhdEwlci3VNeYOSIUJwkv2eUyHsxHj45VRtLuxnrLx7BqR+kxBpRayJXWRBx1rcW7RTvS1a5Dk5PxsqjKcxKu+wRbPFmv77qOIroGg+XKTp8XeIxcSs4lx7AsfpTEvWpARwsydrUSKf/++F+3dL4yOrOyywul8gnTN3iLMoTjpze83ZFcJ2viiyqMWnHWQnuVveZTZi3NmoC63ZE/XLlztJcDT1UkrH3Tlvu1AxqMcm0SxK3TgEbvGmdWYo07E+qEMsUyoSpeE5MX2FESR9C67s/t5/rfThhvvjQNhydUVLrQL8O,iv:njFz+TX54d1Fy7QtrjFht7lyujuuIamNWEXquA6Q+jA=,tag:d+9rLYzYZf/0uuZ/VVys0Q==,type:str] -authHeader: ENC[AES256_GCM,data:IHFsb7dRNIMe8kv0sG6u/A==,iv:mc0MhVWKEz8ln2DvC9mwrYtqKCvOjudiUYETOBx3DAM=,tag:aktcOM3u4xNyZ4wTJZ1E3w==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMjkwcll5bkNzUE1lQkN0 - NXRCckdnUER0YlAwWG1wWVo5Mno2T1g5eWtZCnJGMkNScEthNHVqZnlvQnN6Q0du - RnpzNitYR1RpTnl4UDB3Zk5HMjU1MTQKLS0tIHNoZHRjdlU1SXl1c2pzemZsQzBB - M25WRjB6QUpkbURZVmNaWm9nd1U4RzAKan1bSzcDc2G+428vpnNDWYhQ3/nFKSUp - VLnfx3roZUrs0QV07O+AHobOvlLD4eo8wfHMUneKipAQ8ZAlhNFTBg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-05T17:37:17Z" - mac: ENC[AES256_GCM,data:vabfq3du2GfVkWQqdy2X/8pl/V/i+juyjIeGRia9cZ57SFPPmS/7n7rV6W+tpp402ov+16HHevVu+ZUZKxFPNq/8WiIVFCh3YMAFimzB+wOXziivAf1zAgYX5h5JHMV3FrXJT0yJAGmVbrZ7KP48CaB74PJGb++4Jr3qPE6VU/4=,iv:PApbvtdThsQyfD2db8GBrnrZL4jlx7qL8bHhAijXk0E=,tag:vIwECp7tomejqjGadIhudw==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/badhouseplants/values/values.argocd.yaml b/badhouseplants/values/values.argocd.yaml index 71cf854..7d01d6c 100644 --- a/badhouseplants/values/values.argocd.yaml +++ b/badhouseplants/values/values.argocd.yaml @@ -1,4 +1,18 @@ --- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: argocd-http + gateway: istio-system/badhouseplants-net + kind: http + hostname: argo.badhouseplants.net + service: argocd-server + port: 80 + controller: resources: limits: @@ -34,35 +48,32 @@ dex: enabled: false serviceMonitor: enabled: false - redis: metrics: enabled: false serviceMonitor: enabled: false - -global: - domain: argo.badhouseplants.net - server: - ingress: - enabled: true - annotations: - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - ingressClassName: traefik - tls: true metrics: enabled: true serviceMonitor: enabled: false + rbacConfig: + policy.default: role:readonly + scopes: "[email, group]" + policy.csv: | + g, allanger@zohomail.com, role:admin + g, rodion.n.rodionov@gmail.com, role:admin + p, drone, applications, *, badhouseplants/*,allow + config: + exec.enabled: "true" + url: https://argo.badhouseplants.net + kustomize.buildOptions: "--enable-alpha-plugins" + accounts.drone: apiKey, login + accounts.drone.enabled: "true" + extraArgs: - --insecure - servicePort: - servicePortHttp: 80 - servicePortHttps: 80 repoServer: metrics: @@ -74,22 +85,6 @@ repoServer: - name: regcred configs: - params: - server.insecure: true - rbac: - policy.default: role:readonly - scopes: "[email, group]" - policy.csv: | - g, allanger@zohomail.com, role:admin - g, allanger@badhouseplants.net, role:admin - g, rodion.n.rodionov@gmail.com, role:admin - p, drone, applications, *, badhouseplants/*,allow - cm: - exec.enabled: "true" - url: https://argo.badhouseplants.net - kustomize.buildOptions: "--enable-alpha-plugins" - accounts.drone: apiKey, login - accounts.drone.enabled: "true" credentialTemplates: ssh-creds: url: git@github.com diff --git a/badhouseplants/values/values.chartmuseum.yaml b/badhouseplants/values/values.chartmuseum.yaml deleted file mode 100644 index 8ea6b10..0000000 --- a/badhouseplants/values/values.chartmuseum.yaml +++ /dev/null @@ -1,19 +0,0 @@ -istio: - enabled: true - istio: - - name: chartmuseum - kind: http - gateway: istio-system/badhouseplants-net - hostname: helm.badhouseplants.net - service: chartmuseum - port: 8080 -env: - open: - AUTH_ANONYMOUS_GET: true - DISABLE_API: false - CORS_ALLOWORIGIN: "*" -persistence: - enabled: true - accessMode: ReadWriteOnce - size: 2Gi - path: /storage diff --git a/badhouseplants/values/values.cilium.yaml b/badhouseplants/values/values.cilium.yaml deleted file mode 100644 index 6eae22c..0000000 --- a/badhouseplants/values/values.cilium.yaml +++ /dev/null @@ -1,10 +0,0 @@ -operator: - replicas: 1 -endpointRoutes: - # -- Enable use of per endpoint routes instead of routing via - # the cilium_host interface. - enabled: true -ipam: - ciliumNodeUpdateRate: "15s" - operator: - clusterPoolIPv4PodCIDRList: ["10.244.0.0/16"] diff --git a/badhouseplants/values/values.coredns.yaml b/badhouseplants/values/values.coredns.yaml deleted file mode 100644 index 04d2b02..0000000 --- a/badhouseplants/values/values.coredns.yaml +++ /dev/null @@ -1,32 +0,0 @@ -service: - clusterIP: 10.43.0.10 - -servers: - - zones: - - zone: . - port: 53 - plugins: - - name: errors - # Serves a /health endpoint on :8080, required for livenessProbe - - name: health - configBlock: |- - lameduck 5s - # Serves a /ready endpoint on :8181, required for readinessProbe - - name: ready - # Required to query kubernetes API for data - - name: kubernetes - parameters: cluster.local in-addr.arpa ip6.arpa - configBlock: |- - pods insecure - fallthrough in-addr.arpa ip6.arpa - ttl 30 - # Serves a /metrics endpoint on :9153, required for serviceMonitor - - name: prometheus - parameters: 0.0.0.0:9153 - - name: forward - parameters: . 1.1.1.1 1.0.0.1 - - name: cache - parameters: 30 - - name: loop - - name: reload - - name: loadbalance diff --git a/badhouseplants/values/values.db-instances.yaml b/badhouseplants/values/values.db-instances.yaml index bfd0e1d..8e16c19 100644 --- a/badhouseplants/values/values.db-instances.yaml +++ b/badhouseplants/values/values.db-instances.yaml @@ -1,5 +1,15 @@ --- dbinstances: + postgres: + monitoring: + enabled: false + adminSecretRef: + Name: postgres-secret + Namespace: database-service + engine: postgres + generic: + host: postgres-postgresql + port: 5432 postgres16: monitoring: enabled: false @@ -10,3 +20,13 @@ dbinstances: generic: host: postgres16-postgresql.database-service.svc.cluster.local port: 5432 + mysql: + monitoring: + enabled: false + adminSecretRef: + Name: mysql-secret + Namespace: database-service + engine: mysql + generic: + host: mysql + port: 3306 diff --git a/badhouseplants/values/values.docker-mailserver.yaml b/badhouseplants/values/values.docker-mailserver.yaml index 45b25ef..47d6a99 100644 --- a/badhouseplants/values/values.docker-mailserver.yaml +++ b/badhouseplants/values/values.docker-mailserver.yaml @@ -1,67 +1,125 @@ -traefik: +istio-gateway: enabled: true - tcpRoutes: - - name: docker-mailserver-smtp + gateways: + - name: badhouseplants-email + servers: + - hosts: + - "*" + port: + name: smtp + number: 25 + protocol: TCP + - hosts: + - "*" + port: + name: pop3 + number: 110 + protocol: TCP + - hosts: + - "*" + port: + name: imap + number: 143 + protocol: TCP + - hosts: + - "*" + port: + name: smtps + number: 465 + protocol: TCP + - hosts: + - "*" + port: + name: submission + number: 587 + protocol: TCP + - hosts: + - "*" + port: + name: imaps + number: 993 + protocol: TCP + - hosts: + - "*" + port: + name: pop3s + number: 995 + protocol: TCP +istio: + enabled: true + istio: + - name: docker-mailserver-smpt + kind: tcp + gateway: badhouseplants-email service: docker-mailserver - match: HostSNI(`*`) - entrypoint: smtp + hostname: badhouseplants.net + port_match: 25 port: 25 - - name: docker-mailserver-smtps - match: HostSNI(`*`) + - name: docker-mailserver-smpts + kind: tcp + gateway: badhouseplants-email + port_match: 465 + hostname: badhouseplants.net service: docker-mailserver - entrypoint: smtps port: 465 - name: docker-mailserver-smpt-startls - match: HostSNI(`*`) + kind: tcp + gateway: badhouseplants-email + hostname: badhouseplants.net + port_match: 587 service: docker-mailserver - entrypoint: smtp-startls port: 587 - name: docker-mailserver-imap - match: HostSNI(`*`) + kind: tcp + hostname: badhouseplants.net + gateway: badhouseplants-email + port_match: 143 service: docker-mailserver - entrypoint: imap port: 143 - name: docker-mailserver-imaps - match: HostSNI(`*`) + kind: tcp + gateway: badhouseplants-email + hostname: badhouseplants.net + port_match: 993 service: docker-mailserver - entrypoint: imaps port: 993 - name: docker-mailserver-pop3 - match: HostSNI(`*`) + kind: tcp + gateway: badhouseplants-email + port_match: 110 + hostname: badhouseplants.net service: docker-mailserver - entrypoint: pop3 port: 110 - name: docker-mailserver-pop3s - match: HostSNI(`*`) + kind: tcp + gateway: badhouseplants-email + port_match: 993 + hostname: badhouseplants.net service: docker-mailserver - entrypoint: pop3s port: 993 + - name: docker-mailserver-rainloop + kind: http + gateway: istio-system/badhouseplants-net + hostname: mail.badhouseplants.net + service: docker-mailserver-rainloop + port: 80 rainloop: enabled: true ingress: - enabled: true - hosts: - - mail.badhouseplants.net - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - tls: - - secretName: mail-tls-secret - hosts: - - mail.badhouseplants.net - + enabled: false demoMode: enabled: false domains: - badhouseplants.net - mail.badhouseplants.net ssl: - useExisting: true - existingName: mail-tls-secret + issuer: + name: badhouseplants-issuer + kind: ClusterIssuer + dnsname: badhouseplants.net + dns01provider: cloudflare + useExisting: false pod: dockermailserver: enable_fail2ban: "0" diff --git a/badhouseplants/values/values.funkwhale.yaml b/badhouseplants/values/values.funkwhale.yaml index 16d0606..e5aeb81 100644 --- a/badhouseplants/values/values.funkwhale.yaml +++ b/badhouseplants/values/values.funkwhale.yaml @@ -30,22 +30,6 @@ celery: requests: cpu: 10m memory: 75Mi -ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - host: funkwhale.badhouseplants.net - protocol: http - - tls: - - secretName: funkwhale-tls-secret - hosts: - - funkwhale.badhouseplants.net - extraEnv: FUNKWHALE_HOSTNAME: funkwhale.badhouseplants.net FUNKWHALE_PROTOCOL: https @@ -55,7 +39,8 @@ persistence: size: 10Gi s3: enabled: false - +ingress: + enabled: false postgresql: enabled: false host: postgres16-postgresql.database-service.svc.cluster.local diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 607d4bd..3aaccee 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -1,5 +1,25 @@ --- # ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: gitea-http + kind: http + gateway: istio-system/badhouseplants-net + hostname: git.badhouseplants.net + service: gitea-http + port: 3000 + - name: gitea-ssh + kind: tcp + gateway: istio-system/badhouseplants-ssh + hostname: "*" + port_match: 22 + service: gitea-ssh + port: 22 +# ------------------------------------------ # -- Database extension is used to manage # -- database with db-operator # ------------------------------------------ @@ -7,27 +27,9 @@ ext-database: enabled: true name: gitea-postgres16 instance: postgres16 - # ------------------------------------------ # -- Kubernetes related values # ------------------------------------------ -ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - hosts: - - host: git.badhouseplants.net - paths: - - path: / - pathType: Prefix - tls: - - secretName: gitea-tls-secret - hosts: - - git.badhouseplants.net replicaCount: 1 clusterDomain: cluster.local @@ -41,10 +43,12 @@ resources: persistence: enabled: true - size: 15Gi + size: 10Gi accessModes: - ReadWriteOnce +ingress: + enabled: false # ------------------------------------------ # -- Main Gitea settings # ------------------------------------------ @@ -121,21 +125,3 @@ postgresql-ha: enabled: false redis-cluster: enabled: false - -extraDeploy: - - | - {{- if $.Capabilities.APIVersions.Has "traefik.io/v1alpha1/IngressRouteTCP" }} - apiVersion: traefik.io/v1alpha1 - kind: IngressRouteTCP - metadata: - name: {{ include "gitea.fullname" . }}-ssh - spec: - entryPoints: - - git-ssh - routes: - - match: HostSNI(`git.badhouseplants.net`) - services: - - name: "{{ include "gitea.fullname" . }}-ssh" - port: 22 - nativeLB: true - {{- end }} diff --git a/badhouseplants/values/values.istio-gateway-resources.yaml b/badhouseplants/values/values.istio-gateway-resources.yaml index acbca74..9349206 100644 --- a/badhouseplants/values/values.istio-gateway-resources.yaml +++ b/badhouseplants/values/values.istio-gateway-resources.yaml @@ -22,16 +22,6 @@ istio-gateway: gateways: - name: badhouseplants-net servers: - - hosts: - - badhouseplants.net - - '*.badhouseplants.net' - port: - name: grpc-web - number: 8080 - protocol: HTTPS - tls: - credentialName: badhouseplants-wildcard-tls - mode: SIMPLE - hosts: - badhouseplants.net - '*.badhouseplants.net' diff --git a/badhouseplants/values/values.istio-ingressgateway.yaml b/badhouseplants/values/values.istio-ingressgateway.yaml index b97223d..a5d2656 100644 --- a/badhouseplants/values/values.istio-ingressgateway.yaml +++ b/badhouseplants/values/values.istio-ingressgateway.yaml @@ -1,11 +1,6 @@ service: type: LoadBalancer - externalTrafficPolicy: Local ports: - - name: shadowsocks - port: 8388 - protocol: TCP - targetPort: 8388 - name: minecraft port: 25565 protocol: TCP @@ -18,10 +13,6 @@ service: port: 80 protocol: TCP targetPort: 80 - - name: grpc-web - port: 8080 - protocol: TCP - targetPort: 8080 - name: https port: 443 protocol: TCP @@ -30,6 +21,10 @@ service: port: 1194 protocol: TCP targetPort: 1194 + - name: tcp + port: 25 + protocol: TCP + targetPort: 25 # ----------- # -- Email # ----------- diff --git a/badhouseplants/values/values.istiod.yaml b/badhouseplants/values/values.istiod.yaml index d788392..01529ce 100644 --- a/badhouseplants/values/values.istiod.yaml +++ b/badhouseplants/values/values.istiod.yaml @@ -8,7 +8,7 @@ global: proxy: resources: requests: - cpu: 20m + cpu: 100m memory: 128Mi limits: memory: 128Mi diff --git a/badhouseplants/values/values.local-path-provisioner.yaml b/badhouseplants/values/values.local-path-provisioner.yaml deleted file mode 100644 index aa1d3e2..0000000 --- a/badhouseplants/values/values.local-path-provisioner.yaml +++ /dev/null @@ -1,3 +0,0 @@ -storageClass: - create: true - defaultClass: false diff --git a/badhouseplants/values/values.loki.yaml b/badhouseplants/values/values.loki.yaml index c160d28..76f2f8f 100644 --- a/badhouseplants/values/values.loki.yaml +++ b/badhouseplants/values/values.loki.yaml @@ -1,99 +1,22 @@ --- -global: - dnsService: "coredns" - +singleBinary: + replicas: 1 + persistence: + size: 5Gi loki: auth_enabled: false commonConfig: replication_factor: 1 storage: type: 'filesystem' - commonConfig: - replication_factor: 1 - schemaConfig: - configs: - - from: 2024-04-01 - store: tsdb - object_store: s3 - schema: v13 - index: - prefix: loki_index_ - period: 24h - ingester: - chunk_encoding: snappy - tracing: - enabled: true - querier: - # Default is 4, if you have enough memory and CPU you can increase, reduce if OOMing - max_concurrent: 2 - -compactor: - retention_enabled: true -limits_config: - retention_period: 14d - monitoring: selfMonitoring: enabled: false lokiCanary: enabled: false - -#gateway: -# ingress: -# enabled: true -# hosts: -# - host: FIXME -# paths: -# - path: / -# pathType: Prefix - -deploymentMode: SingleBinary -singleBinary: - persistence: - size: 5Gi - replicas: 1 - resources: - limits: - cpu: 1 - memory: 1Gi - requests: - cpu: 0.5 - memory: 512Mi - extraEnv: - # Keep a little bit lower than memory limits - - name: GOMEMLIMIT - value: 3750MiB - -chunksCache: - # default is 500MB, with limited memory keep this smaller - writebackSizeLimit: 10MB - -minio: +test: enabled: false - -# Zero out replica counts of other deployment modes -backend: - replicas: 0 -read: - replicas: 0 -write: - replicas: 0 - -ingester: - replicas: 0 -querier: - replicas: 0 -queryFrontend: - replicas: 0 -queryScheduler: - replicas: 0 -distributor: - replicas: 0 compactor: - replicas: 0 -indexGateway: - replicas: 0 -bloomCompactor: - replicas: 0 -bloomGateway: - replicas: 0 + retention_enabled: true +limits_config: + retention_period: 14d diff --git a/badhouseplants/values/values.longhorn.yaml b/badhouseplants/values/values.longhorn.yaml index eb7bfe5..078e6ab 100644 --- a/badhouseplants/values/values.longhorn.yaml +++ b/badhouseplants/values/values.longhorn.yaml @@ -1,14 +1,13 @@ defaultSettings: - backupTarget: s3://longhorn@us-east1/backupstore + backupTarget: s3://longhorn@us-east1/backupstore backupTargetCredentialSecret: aws-secret guaranteedEngineManagerCPU: 6 guaranteedReplicaManagerCPU: 6 storageOverProvisioningPercentage: 300 storageMinimalAvailablePercentage: 5 - storageReservedPercentageForDefaultDisk: 1 - defaultDataPath: /media/longhorn + defaultDataPath: /media-longhorn csi: - kubeletRootDir: /var/lib/kubelet/ + kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet persistence: defaultClassReplicaCount: 1 enablePSP: false diff --git a/badhouseplants/values/values.mailu.yaml b/badhouseplants/values/values.mailu.yaml index 966fbac..0612e49 100644 --- a/badhouseplants/values/values.mailu.yaml +++ b/badhouseplants/values/values.mailu.yaml @@ -1,64 +1,81 @@ --- -# ------------------------------------------ -# -- Database extension is used to manage -# -- database with db-operator -# ------------------------------------------ -ext-database: +certificate: enabled: true - name: mailu-postgres16 - instance: postgres16 - extraDatabase: - enabled: true - name: roundcube-postgres16 - instance: postgres16 - + certificate: + - name: mailu + secretName: mailu-certificate + issuer: + kind: ClusterIssuer + name: badhouseplants-issuer + dnsNames: + - badhouseplants.net + - "email.badhouseplants.net" # ------------------------------------------ # -- Istio extenstion. Just because I'm # -- not using ingress nginx # ------------------------------------------ -traefik: +istio: enabled: true - tcpRoutes: - - name: mailu-smtp - service: mailu-front - match: HostSNI(`*`) - entrypoint: smtp - port: 25 - - name: mailu-smtps - match: HostSNI(`*`) - service: mailu-front - entrypoint: smtps - port: 465 - - name: mailu-smpt-startls - match: HostSNI(`*`) - service: mailu-front - entrypoint: smtp-startls - port: 587 - - name: mailu-imap - match: HostSNI(`*`) - service: mailu-front - entrypoint: imap - port: 143 - - name: mailu-imaps - match: HostSNI(`*`) - service: mailu-front - entrypoint: imaps - port: 993 - - name: mailu-pop3 - match: HostSNI(`*`) - service: mailu-front - entrypoint: pop3 - port: 110 - - name: mailu-pop3s - match: HostSNI(`*`) - service: mailu-front - entrypoint: pop3s - port: 993 -subnet: 10.244.0.0/16 + istio: + - name: mailu-web + kind: http + gateway: badhouseplants-net + hostname: email.badhouseplants.net + service: mailu-fr ont + port: 80 + # - name: mailu-smpt + # kind: tcp + # gateway: badhouseplants-mail + # service: mailu-front + # hostname: email.badhousplants.net + # port_match: 25 + # port: 25 + # - name: mailu-smpts + # kind: tcp + # gateway: badhouseplants-mail + # port_match: 465 + # hostname: email.badhousplants.net + # service: mailu-front + # port: 465 + # - name: mailu-smpt-startls + # kind: tcp + # gateway: badhouseplants-mail + # hostname: email.badhousplants.net + # port_match: 587 + # service: mailu-front + # port: 587 + # - name: mailu-imap + # kind: tcp + # hostname: email.badhousplants.net + # gateway: badhouseplants-mail + # port_match: 143 + # service: mailu-front + # port: 143 + # - name: mailu-imaps + # kind: tcp + # gateway: badhouseplants-mail + # hostname: email.badhousplants.net + # port_match: 993 + # service: mailu-front + # port: 993 + # - name: mailu-pop3 + # kind: tcp + # gateway: badhouseplants-mail + # port_match: 110 + # hostname: email.badhousplants.net + # service: mailu-front + # port: 110 + # - name: mailu-pop3s + # kind: tcp + # gateway: badhouseplants-mail + # port_match: 993 + # hostname: email.badhousplants.net + # service: mailu-front + # port: 993 +subnet: 10.1.0.0/16 sessionCookieSecure: true hostnames: - - badhouseplants.net - - email.badhouseplants.net + - post.badhouseplants.net domain: badhouseplants.net persistence: single_pvc: false @@ -68,20 +85,11 @@ limits: tls: outboundLevel: secure ingress: - enabled: true - ingressClassName: traefik - tls: true - annotations: - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + enabled: false + tls: false tlsFlavorOverride: mail - realIpFrom: traefik.kube-system.svc.cluster.local - realIpHeader: "X-Real-IP" -front: - hostPort: - enabled: false + selfSigned: false + existingSecret: mailu-certificate admin: resources: requests: @@ -99,10 +107,9 @@ redis: cpu: 70m limits: memory: 200Mi - cpu: 200m - master: - persistence: - enabled: false + cpu: 200m + persistence: + size: 1Gi postfix: resources: requests: @@ -110,7 +117,7 @@ postfix: cpu: 200m limits: memory: 1024Mi - cpu: 200m + cpu: 200m persistence: size: 1Gi dovecot: @@ -121,7 +128,7 @@ dovecot: cpu: 70m limits: memory: 400Mi - cpu: 300m + cpu: 300m persistence: size: 1Gi roundcube: @@ -131,24 +138,26 @@ roundcube: cpu: 70m limits: memory: 200Mi - cpu: 200m + cpu: 200m persistence: size: 1Gi mysql: enabled: false postgresql: - enabled: false -## If using the built-in MariaDB or PostgreSQL, the `roundcube` database will be created automatically. -externalDatabase: - ## @param externalDatabase.enabled Set to true to use an external database enabled: true - type: postgresql - existingSecret: mailu-postgres16-creds - existingSecretDatabaseKey: POSTGRES_DB - existingSecretUsernameKey: POSTGRES_USER - existingSecretPasswordKey: POSTGRES_PASSWORD - host: postgres16-postgresql.database-service.svc.cluster.local - port: 5432 + auth: + enablePostgresUser: true + username: mailu + database: mailu + persistence: + enabled: false + storageClass: "" + accessMode: ReadWriteOnce + size: 2Gi +front: + logLevel: DEBUG + hostPort: + enabled: true rspamd: resources: requests: @@ -157,7 +166,7 @@ rspamd: limits: memory: 500Mi cpu: 400m - startupProbe: + startupProbe: periodSeconds: 30 failureThreshold: 900 timeoutSeconds: 20 @@ -170,10 +179,3 @@ webmail: accessModes: [ReadWriteOnce] claimNameOverride: "" annotations: {} -global: - database: - roundcube: - database: applications-roundcube-postgres16 - username: applications-roundcube-postgres16 - existingSecret: roundcube-postgres16-creds - existingSecretPasswordKey: POSTGRES_PASSWORD diff --git a/badhouseplants/values/values.metallb-resources.yaml b/badhouseplants/values/values.metallb-resources.yaml deleted file mode 100644 index 94b681b..0000000 --- a/badhouseplants/values/values.metallb-resources.yaml +++ /dev/null @@ -1,5 +0,0 @@ -metallb: - enabled: true - ippools: - - name: fuji - addresses: 195.201.249.91-195.201.249.91 diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml new file mode 100644 index 0000000..e5df96a --- /dev/null +++ b/badhouseplants/values/values.minecraft.yaml @@ -0,0 +1,180 @@ +--- +# -------------------------------------------------- +# -- Extensions values +# -------------------------------------------------- +service-account: + enabled: true + resources: + - name: minecraft-exporter + label: + app: minecraft-minecraft-metrics + endpoints: + port: metrics +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: minecraft-tcp + gateway: istio-system/badhouseplants-minecraft + kind: tcp + port_match: 25565 + hostname: "*" + service: minecraft-minecraft + port: 25565 +# -------------------------------------------------- +# -- Main values +# -------------------------------------------------- +image: + tag: java17-graalvm-ce + pullPolicy: Always + +resources: + requests: + memory: 3Gi + cpu: 256m + limits: + memory: 3Gi + +lifecycle: + postStart: + - bash + - -c + - for i in {1..100}; do mc-health && break || sleep 20; done && mc-send-to-console setpassword 11223345 + +readinessProbe: + command: + - mc-health + periodSeconds: 20 + failureThreshold: 50 + timeoutSeconds: 10 +livenessProbe: + timeoutSeconds: 10 + +minecraftServer: + overrideServerProperties: true + eula: "TRUE" + onlineMode: false + difficulty: hard + hardcore: true + version: 1.20.1 + maxWorldSize: 90000 + type: "PAPER" + paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/170/downloads/paper-1.20.1-170.jar + gameMode: survival + pvp: true + rcon: + enabled: true + withGeneratedPassword: false + port: 25575 + serviceType: ClusterIP + extraPorts: + - name: metrics + containerPort: 9225 + protocol: TCP + service: + enabled: true + embedded: false + labels: + exporter: minecraft + type: ClusterIP + port: 9925 + ingress: + enabled: false +persistence: + dataDir: + enabled: true + Size: 15Gi +mcbackup: + enabled: false + backupInterval: 2h + pauseIfNoPlayers: "false" + pruneBackupsDays: 2 + rconRetries: 5 + rconRetryInterval: 10s + excludes: "*.jar,cache,logs" + backupMethod: restic + resticRepository: s3:https://s3.e.badhouseplants.net:443/restic/minecraft + resticAdditionalTags: "mc_backups" + pruneResticRetention: "--keep-last 12 --keep-daily 1 --keep-weekly 2 --keep-monthly 2 --keep-yearly 2" + resources: + requests: + memory: 512Mi + cpu: 100m + persistence: + backupDir: + enabled: false +# --------------------------------------------- +# -- Install Plugins +# --------------------------------------------- +initContainers: + - name: 0-install-prometheus-exporter + image: alpine/curl + command: + - curl + - -L + - "https://github.com/sladkoff/minecraft-prometheus-exporter/releases/download/v2.5.0/minecraft-prometheus-exporter-2.5.0.jar" + - -o + - /data/plugins/prometheus-exporter.jar + volumeMounts: + - name: plugins + mountPath: /data/plugins + readOnly: false + - name: 0-install-password-plugin + image: alpine/curl + command: + - curl + - -L + - "https://github.com/timbru31/PasswordProtect/releases/download/PasswordProtect-3.1.0/PasswordProtect.jar" + - -o + - /data/plugins/PasswordProtect.jar + volumeMounts: + - name: plugins + mountPath: /data/plugins + readOnly: false + - name: 0-install-gravity-control-plugin + image: alpine/curl + command: + - curl + - -L + - https://github.com/e-im/GravityControl/releases/download/v1.3.0/GravityControl-1.3.0.jar + - -o + - /data/plugins/GravityControl-1.3.0.jar + volumeMounts: + - name: plugins + mountPath: /data/plugins + readOnly: false + - name: 0-install-fast-minecart-plugin + image: alpine/curl + command: + - curl + - -L + - https://github.com/certainly1182/FastMinecarts/releases/download/v1.0.1/FastMinecarts.jar + - -o + - /data/plugins/FastMinecarts.jar + volumeMounts: + - name: plugins + mountPath: /data/plugins + - name: 1-add-plugins-to-minecraft + image: alpine/curl + command: + - sh + - -c + - cp -r /in /out/plugins + volumeMounts: + - name: plugins + mountPath: /in + readOnly: false + - name: datadir + mountPath: /out +extraVolumes: + - volumeMounts: + - name: plugins + mountPath: /data/plugins + readOnly: false + volumes: + - name: plugins + emptyDir: + sizeLimit: 500Mi diff --git a/badhouseplants/values/values.minio.yaml b/badhouseplants/values/values.minio.yaml index 19b39a0..ef99a67 100644 --- a/badhouseplants/values/values.minio.yaml +++ b/badhouseplants/values/values.minio.yaml @@ -19,39 +19,6 @@ istio: service: minio port: 9000 -ingress: - enabled: true - ingressClassName: ~ - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - path: / - hosts: - - s3.badhouseplants.net - tls: - - secretName: s3-tls-secret - hosts: - - s3.badhouseplants.net -consoleIngress: - enabled: true - ingressClassName: ~ - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - path: / - hosts: - - minio.badhouseplants.net - tls: - - secretName: minio-tls-secret - hosts: - - minio.badhouseplants.net - rootUser: 'overlord' replicas: 1 mode: standalone diff --git a/badhouseplants/values/values.namespaces.yaml b/badhouseplants/values/values.namespaces.yaml index c11513c..b477a0b 100644 --- a/badhouseplants/values/values.namespaces.yaml +++ b/badhouseplants/values/values.namespaces.yaml @@ -1,23 +1,11 @@ -namespaces: - - name: longhorn-system - - name: minio-service - - name: argo-system - - name: nrodionov-application - - name: minecraft-application - annotations: - badohouseplants.net/git-repo: | - https://git.badhouseplants.net/badhouseplants/minecraft-helmfile - badhouseplants.net/ci: | - https://ci.badhouseplants.net/repos/15 - - name: gitea-service - - name: funkwhale-application - - name: database-service - - name: mail-service - - name: vaultwarden-application - - name: woodpecker-ci - - name: openvpn-service - - name: badhouseplants-main - labels: - istio-injection: enabled - - name: badhouseplants-preview - - name: kube-services +--- +ns: + - name: monitoring-system +templates: + - | + {{ range .Values.ns }} + apiVersion: v1 + kind: Namespace + metadata: + name: {{ .name }} + {{ end }} diff --git a/badhouseplants/values/values.nrodionov.yaml b/badhouseplants/values/values.nrodionov.yaml index 3582f47..14d1b8c 100644 --- a/badhouseplants/values/values.nrodionov.yaml +++ b/badhouseplants/values/values.nrodionov.yaml @@ -17,20 +17,7 @@ ext-database: enabled: true name: nrodionov-mysql instance: mysql -ingress: - enabled: true - pathType: ImplementationSpecific - hostname: dev.nrodionov.info - path: / - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - tls: true - tlsWwwPrefix: false - selfSigned: false + wordpressBlogName: Николай Николаевич Родионов wordpressUsername: admin wordpressFirstName: Nikolai diff --git a/badhouseplants/values/values.openvpn-xor.yaml b/badhouseplants/values/values.openvpn.yaml similarity index 57% rename from badhouseplants/values/values.openvpn-xor.yaml rename to badhouseplants/values/values.openvpn.yaml index 5827bde..073bdfa 100644 --- a/badhouseplants/values/values.openvpn-xor.yaml +++ b/badhouseplants/values/values.openvpn.yaml @@ -3,34 +3,26 @@ # -- Istio extenstion. Just because I'm # -- not using ingress nginx # ------------------------------------------ -# istio: - # enabled: true - # istio: - # - name: openvpn-tcp-xor - # gateway: istio-system/badhouseplants-vpn - # kind: tcp - # port_match: 1194 - # hostname: "*" - # service: openvpn-xor - # port: 1194 -# ------------------------------------------ -traefik: +istio: enabled: true - tcpRoutes: - - name: openvpn-xor - service: openvpn-xor - match: HostSNI(`*`) - entrypoint: openvpn + istio: + - name: openvpn-tcp + gateway: istio-system/badhouseplants-vpn + kind: tcp + port_match: 1194 + hostname: "*" + service: openvpn port: 1194 - +# ------------------------------------------ +image: + tag: v2.6.5-xor-4.0.0beta08 storage: class: longhorn size: 512Mi openvpn: proto: tcp - host: 195.201.249.91 - + host: 195.201.250.50 easyrsa: cn: Bad Houseplants country: Germany diff --git a/badhouseplants/values/values.postgres16.yaml b/badhouseplants/values/values.postgres16.yaml index 92cef0b..cbcb751 100644 --- a/badhouseplants/values/values.postgres16.yaml +++ b/badhouseplants/values/values.postgres16.yaml @@ -8,20 +8,3 @@ persistence: metrics: enabled: false -primary: - podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsNonRoot: false - privileged: false - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" diff --git a/badhouseplants/values/values.prometheus.yaml b/badhouseplants/values/values.prometheus.yaml index 2ee10c9..712e0d7 100644 --- a/badhouseplants/values/values.prometheus.yaml +++ b/badhouseplants/values/values.prometheus.yaml @@ -64,8 +64,7 @@ defaultRules: prometheus: prometheusSpec: enableAdminAPI: true - retentionSize: 7GB - retention: 20d + retentionSize: 10GB podMonitorNamespaceSelector: any: true podMonitorSelector: {} @@ -84,10 +83,9 @@ prometheus: accessModes: ["ReadWriteOnce"] resources: requests: - storage: 12Gi + storage: 10Gi grafana: - assertNoLeakedSecrets: false persistence: enabled: true size: 2Gi diff --git a/badhouseplants/values/values.promtail.yaml b/badhouseplants/values/values.promtail.yaml index 4976174..6ab31f3 100644 --- a/badhouseplants/values/values.promtail.yaml +++ b/badhouseplants/values/values.promtail.yaml @@ -7,5 +7,5 @@ config: pipelineStages: - match: pipeline_name: "drop-all" - selector: '{namespace!~"mail-service|woodpecker|minecraft-application"}' + selector: '{namespace!~"mail-service|woodpecker"}' action: drop diff --git a/badhouseplants/values/values.redis.yaml b/badhouseplants/values/values.redis.yaml index 77d5357..b27501d 100644 --- a/badhouseplants/values/values.redis.yaml +++ b/badhouseplants/values/values.redis.yaml @@ -1,11 +1,7 @@ metrics: enabled: false -secretAnnotations: - reflector.v1.k8s.emberstack.com/reflection-allowed: "true" - reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true" - reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "gitea-service,funkwhale-application" architecture: standalone master: persistence: - enabled: false + enabled: false \ No newline at end of file diff --git a/badhouseplants/values/values.roles.yaml b/badhouseplants/values/values.roles.yaml deleted file mode 100644 index 7fcd045..0000000 --- a/badhouseplants/values/values.roles.yaml +++ /dev/null @@ -1,9 +0,0 @@ -roles: - - name: minecraft-admin - namespace: minecraft-application - kind: Role - rules: - - apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] - namespace: ["minecraft-application"] diff --git a/badhouseplants/values/values.tandoor.yaml b/badhouseplants/values/values.tandoor.yaml deleted file mode 100644 index c30f79e..0000000 --- a/badhouseplants/values/values.tandoor.yaml +++ /dev/null @@ -1,55 +0,0 @@ -istio: - enabled: true - istio: - - name: tandoor-http - gateway: istio-system/badhouseplants-net - kind: http - hostname: tandoor.badhouseplants.net - service: tandoor - port: 8080 - -ext-database: - enabled: true - name: tandoor-postgres16 - instance: postgres16 - credentials: - POSTGRES_HOST: |- - "{{ .Hostname }}" - POSTGRES_PORT: |- - "{{ .Port }}" - -envFrom: - - secretRef: - name: tandoor-postgres16-creds -env: - TZ: UTC - DB_ENGINE: django.db.backends.postgresql - EMAIL_HOST: badhouseplants.net - EMAIL_PORT: 587 - EMAIL_HOST_USER: overlord@badhouseplants.net - EMAIL_HOST_PASSWORD: nxVa8Xcf4jNvzNeE$JzBL&H8g - EMAIL_USE_TLS: 1 - EMAIL_USE_SSL: 0 - DEFAULT_FROM_EMAIL: tandoor@badhouseplants.net -persistence: - config: - enabled: true - retain: true - storageClass: longhorn - accessMode: ReadWriteOnce - size: 1Gi - media: - enabled: true - mountPath: /opt/recipes/mediafiles - retain: true - storageClass: longhorn - accessMode: ReadWriteOnce - size: 1Gi - static: - enabled: true - type: emptyDir - mountPath: /opt/recipes/staticfiles - django-js-reverse: - enabled: true - type: emptyDir - mountPath: /opt/recipes/cookbook/static/django_js_reverse diff --git a/badhouseplants/values/values.traefik.yaml b/badhouseplants/values/values.traefik.yaml deleted file mode 100644 index fb92321..0000000 --- a/badhouseplants/values/values.traefik.yaml +++ /dev/null @@ -1,78 +0,0 @@ -globalArguments: - - "--serversTransport.insecureSkipVerify=true" -service: - spec: - externalTrafficPolicy: Local -ports: - git-ssh: - port: 22 - expose: - default: true - exposedPort: 22 - protocol: TCP - openvpn: - port: 1194 - expose: - default: true - exposedPort: 1194 - protocol: TCP - valve-server: - port: 27015 - expose: - default: true - exposedPort: 27015 - protocol: UDP - valve-rcon: - port: 27015 - expose: - default: true - exposedPort: 27015 - protocol: TCP - smtp: - port: 25 - protocol: TCP - exposedPort: 25 - expose: - default: true - smtps: - port: 465 - protocol: TCP - exposedPort: 465 - expose: - default: true - smtp-startls: - port: 587 - protocol: TCP - exposedPort: 587 - expose: - default: true - imap: - port: 143 - protocol: TCP - exposedPort: 143 - expose: - default: true - imaps: - port: 993 - protocol: TCP - exposedPort: 993 - expose: - default: true - pop3: - port: 110 - protocol: TCP - exposedPort: 110 - expose: - default: true - pop3s: - port: 995 - protocol: TCP - exposedPort: 995 - expose: - default: true - minecraft: - port: 25565 - protocol: TCP - exposedPort: 25565 - expose: - default: true diff --git a/badhouseplants/values/values.vaultwarden.yaml b/badhouseplants/values/values.vaultwarden.yaml index 8114432..b2bd5a3 100644 --- a/badhouseplants/values/values.vaultwarden.yaml +++ b/badhouseplants/values/values.vaultwarden.yaml @@ -20,7 +20,7 @@ ext-database: enabled: true name: vaultwarden-postgres16 instance: postgres16 -service: +service: port: 8080 vaultwarden: smtp: @@ -53,28 +53,11 @@ vaultwarden: connectionRetries: 15 maxConnections: 10 storage: - enabled: true + enabled: false size: 1Gi - class: longhorn + class: default dataDir: /data logging: enabled: false logfile: "/data/vaultwarden.log" loglevel: "warn" -ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - hosts: - - host: vault.badhouseplants.net - paths: - - path: / - pathType: Prefix - tls: - - secretName: vault-tls-secret - hosts: - - vault.badhouseplants.net diff --git a/badhouseplants/values/values.vaultwardentest.yaml b/badhouseplants/values/values.vaultwardentest.yaml deleted file mode 100644 index 7796066..0000000 --- a/badhouseplants/values/values.vaultwardentest.yaml +++ /dev/null @@ -1,58 +0,0 @@ -service: - port: 8080 -vaultwarden: - smtp: - host: mail.badhouseplants.net - security: "starttls" - port: 587 - from: vaulttest@badhouseplants.net - fromName: Vault Warden - authMechanism: "Plain" - acceptInvalidHostnames: "false" - acceptInvalidCerts: "false" - debug: false - domain: https://vaulttest.badhouseplants.net - websocket: - enabled: true - address: "0.0.0.0" - port: 3012 - rocket: - port: "8080" - workers: "10" - webVaultEnabled: "true" - signupsAllowed: true - invitationsAllowed: true - signupDomains: "https://vaulttest.badhouseplants.net" - signupsVerify: false - showPassHint: true - # database: - # existingSecret: vaultwarden-postgres16-creds - # existingSecretKey: CONNECTION_STRING - # connectionRetries: 15 - # maxConnections: 10 - storage: - enabled: true - size: 512Mi - class: longhorn - dataDir: /data - logging: - enabled: false - logfile: "/data/vaultwarden.log" - loglevel: "warn" -ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - hosts: - - host: vaulttest.badhouseplants.net - paths: - - path: / - pathType: Prefix - tls: - - secretName: vault-tls-secret - hosts: - - vaulttest.badhouseplants.net diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index 62ced72..736abf2 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -11,60 +11,24 @@ istio: hostname: ci.badhouseplants.net service: woodpecker-ci-server port: 80 -ext-database: - enabled: true - name: woodpecker-postgres16 - instance: postgres16 - credentials: - WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable" server: - ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - hosts: - - host: ci.badhouseplants.net - paths: - - path: / - tls: - - secretName: woodpecker-tls-secret - hosts: - - ci.badhouseplants.net - #image: - # registry: git.badhouseplants.net - # repository: allanger/woodpecker-server - # pullPolicy: Always - # tag: icon enabled: true env: WOODPECKER_GITEA: true WOODPECKER_GITEA_URL: https://git.badhouseplants.net - WOODPECKER_DATABASE_DRIVER: postgres WOODPECKER_GITEA_CLIENT: ab5e4687-a476-4668-9fbc-288d54095634 WOODPECKER_OPEN: true WOODPECKER_ADMIN: "woodpecker,allanger" WOODPECKER_HOST: "https://ci.badhouseplants.net" WOODPECKER_ESCALATE: true - WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci - extraSecretNamesForEnvFrom: - - woodpecker-postgres16-creds + extraSecretNamesForEnvFrom: [] agent: - #image: - # registry: git.badhouseplants.net - # repository: allanger/woodpecker-agent - # pullPolicy: Always - # tag: dev enabled: true extraSecretNamesForEnvFrom: [] env: WOODPECKER_SERVER: woodpecker-ci-server:9000 - WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 3Gi - WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci - WOODPECKER_BACKEND_K8S_STORAGE_CLASS: longhorn + WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 1Gi + WOODPECKER_BACKEND_K8S_STORAGE_CLASS: serviceAccount: create: true rbac: diff --git a/badhouseplants/values/values.zot.yaml b/badhouseplants/values/values.zot.yaml deleted file mode 100644 index 753b7ae..0000000 --- a/badhouseplants/values/values.zot.yaml +++ /dev/null @@ -1,47 +0,0 @@ -ingress: - enabled: true - className: ~ - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - pathtype: ImplementationSpecific - hosts: - - host: registry.badhouseplants.net - paths: - - path: / - tls: - - secretName: zot-secret-tls - hosts: - - registry.badhouseplants.net -strategy: - type: Recreate -service: - type: ClusterIP -persistence: true -pvc: - create: true - accessMode: "ReadWriteOnce" - storage: 5Gi - storageClassName: longhorn -mountConfig: true -mountSecret: true - #configFiles: - # ui.json: |- - # { - # "log": { - # "level": "info" - # }, - # "extensions": { - # "search": { - # "cve": { - # "updateInterval": "2h" - # } - # }, - # "ui": { - # "enable": true - # } - # } - # } diff --git a/charts/namespaces/chart/.helmignore b/charts/namespaces/chart/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/charts/namespaces/chart/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/namespaces/chart/Chart.yaml b/charts/namespaces/chart/Chart.yaml deleted file mode 100644 index 0f737fe..0000000 --- a/charts/namespaces/chart/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -name: namespaces -description: A Helm chart for Kubernetes - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "1.16.0" diff --git a/charts/namespaces/chart/templates/_helpers.tpl b/charts/namespaces/chart/templates/_helpers.tpl deleted file mode 100644 index a33714c..0000000 --- a/charts/namespaces/chart/templates/_helpers.tpl +++ /dev/null @@ -1,43 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "namespaces.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "namespaces.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "namespaces.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "namespaces.labels" -}} -helm.sh/chart: {{ include "namespaces.chart" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - diff --git a/charts/namespaces/chart/templates/namespaces.yaml b/charts/namespaces/chart/templates/namespaces.yaml deleted file mode 100644 index 3e87e83..0000000 --- a/charts/namespaces/chart/templates/namespaces.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.namespaces }} -{{- range $ns := .Values.namespaces }} ---- -apiVersion: v1 -kind: Namespace -metadata: - name: {{ $ns.name }} - labels: - {{- include "namespaces.labels" $ | nindent 4 }} - {{- with $ns.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - annotations: - "helm.sh/resource-policy": keep - {{- with $ns.annotations}} - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/namespaces/chart/values.yaml b/charts/namespaces/chart/values.yaml deleted file mode 100644 index cd5a239..0000000 --- a/charts/namespaces/chart/values.yaml +++ /dev/null @@ -1,20 +0,0 @@ -namespaces: - - name: giantswarm-flux - labels: - name: giantswarm-flux - - name: giantswarm - labels: - name: giantswarm - - name: monitoring - labels: - name: monitoring - - name: org-giantswarm - labels: - name: org-giantswarm - - name: flux-system - labels: - name: flux-system - - name: flux-giantswarm - labels: - name: flux-giantswarm - - name: policy-exception diff --git a/charts/namespaces/kustomize/flux-system.yml b/charts/namespaces/kustomize/flux-system.yml deleted file mode 100644 index f44f3af..0000000 --- a/charts/namespaces/kustomize/flux-system.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: flux-system - labels: - name: flux-system diff --git a/charts/namespaces/kustomize/giantswarm-flux.yml b/charts/namespaces/kustomize/giantswarm-flux.yml deleted file mode 100644 index bd0e121..0000000 --- a/charts/namespaces/kustomize/giantswarm-flux.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: giantswarm-flux - labels: - name: giantswarm-flux diff --git a/charts/namespaces/kustomize/giantswarm.yml b/charts/namespaces/kustomize/giantswarm.yml deleted file mode 100644 index 31e7916..0000000 --- a/charts/namespaces/kustomize/giantswarm.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: giantswarm - labels: - name: giantswarm diff --git a/charts/namespaces/kustomize/kustomization.yaml b/charts/namespaces/kustomize/kustomization.yaml deleted file mode 100644 index 8159198..0000000 --- a/charts/namespaces/kustomize/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -resources: - - ./giantswarm-flux.yml - - ./giantswarm.yml - - ./monitoring.yml - - ./org-giantswarm.yml diff --git a/charts/namespaces/kustomize/monitoring.yml b/charts/namespaces/kustomize/monitoring.yml deleted file mode 100644 index 90d12ef..0000000 --- a/charts/namespaces/kustomize/monitoring.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: monitoring - labels: - name: monitoring diff --git a/charts/namespaces/kustomize/org-giantswarm.yml b/charts/namespaces/kustomize/org-giantswarm.yml deleted file mode 100644 index f27e8c4..0000000 --- a/charts/namespaces/kustomize/org-giantswarm.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: org-giantswarm - labels: - name: org-giantswarm diff --git a/charts/roles/.helmignore b/charts/roles/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/charts/roles/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/roles/Chart.yaml b/charts/roles/Chart.yaml deleted file mode 100644 index c2d5cc6..0000000 --- a/charts/roles/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v2 -name: roles -description: A Helm chart for Kubernetes -type: application -version: 0.1.0 -appVersion: "1.16.0" diff --git a/charts/roles/templates/_helpers.tpl b/charts/roles/templates/_helpers.tpl deleted file mode 100644 index 2927519..0000000 --- a/charts/roles/templates/_helpers.tpl +++ /dev/null @@ -1,43 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "roles.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "roles.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "roles.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "roles.labels" -}} -helm.sh/chart: {{ include "roles.chart" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - diff --git a/charts/roles/templates/namespaces.yaml b/charts/roles/templates/namespaces.yaml deleted file mode 100644 index 7cb85dc..0000000 --- a/charts/roles/templates/namespaces.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.roles }} -{{- range $roles := .Values.roles }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: {{ $roles.kind }} -metadata: - name: {{ $roles.name }} - namespace: {{ $roles.namespace }} - labels: - {{- include "roles.labels" $ | nindent 4 }} - {{- with $roles.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with $roles.annotations}} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -rules: -{{- with $roles.rules }} -{{- toYaml . | nindent 2 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/roles/values.yaml b/charts/roles/values.yaml deleted file mode 100644 index 7fcd045..0000000 --- a/charts/roles/values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -roles: - - name: minecraft-admin - namespace: minecraft-application - kind: Role - rules: - - apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] - namespace: ["minecraft-application"] diff --git a/charts/root/.helmignore b/charts/root/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/charts/root/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/root/Chart.yaml b/charts/root/Chart.yaml deleted file mode 100644 index 59e507d..0000000 --- a/charts/root/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v2 -name: root -description: A Helm chart for Kubernetes -type: application -version: 0.1.5 -appVersion: "1.16.0" diff --git a/charts/root/templates/_helpers.tpl b/charts/root/templates/_helpers.tpl deleted file mode 100644 index 8a3cc9a..0000000 --- a/charts/root/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "root.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "root.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "root.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "root.labels" -}} -helm.sh/chart: {{ include "root.chart" . }} -{{ include "root.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "root.selectorLabels" -}} -app.kubernetes.io/name: {{ include "root.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "root.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "root.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/charts/root/templates/root.yaml b/charts/root/templates/root.yaml deleted file mode 100644 index f542187..0000000 --- a/charts/root/templates/root.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }} -apiVersion: source.toolkit.fluxcd.io/v1 -kind: GitRepository -metadata: - name: root -spec: - interval: 30s - url: {{ .Values.url }} - ref: - branch: {{ .Values.branch }} ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: root -spec: - interval: 30s - targetNamespace: flux-system - sourceRef: - kind: GitRepository - name: root - path: "." - prune: false - timeout: 1m -{{- end }} diff --git a/charts/root/templates/self.yaml b/charts/root/templates/self.yaml deleted file mode 100644 index 0ddb8de..0000000 --- a/charts/root/templates/self.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }} -apiVersion: source.toolkit.fluxcd.io/v1 -kind: GitRepository -metadata: - name: root-self -spec: - interval: 30s - url: {{ .Values.self.url }} - ref: - branch: {{ .Values.self.branch }} ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: root-self -spec: - interval: 30s - targetNamespace: flux-system - sourceRef: - kind: GitRepository - name: root-self - path: "." - prune: false - timeout: 1m -{{- end }} diff --git a/charts/root/values.yaml b/charts/root/values.yaml deleted file mode 100644 index 51850fa..0000000 --- a/charts/root/values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -url: https://git.badhouseplants.net/giantswarm/cluster-example.git -branch: main -self: - url: git@git.badhouseplants.net:giantswarm/root-config.git - branch: master diff --git a/common/values.database.yaml b/common/values.database.yaml index eba45ae..9680113 100644 --- a/common/values.database.yaml +++ b/common/values.database.yaml @@ -10,41 +10,7 @@ ext-database: spec: secretName: "{{ .Values.name }}-creds" instance: "{{ .Values.instance }}" - deletionProtected: true + deletionProtected: false backup: enable: false cron: 0 0 * * * - {{- if .Values.credentials }} - credentials: - templates: - {{- range $key, $value := .Values.credentials }} - - name: {{ $key }} - template: {{ $value }} - secret: true - {{- end }} - {{- end }} - - - | - {{- if (.Values.extraDatabase).enabled }} - --- - apiVersion: kinda.rocks/v1beta1 - kind: Database - metadata: - name: "{{ .Values.extraDatabase.name }}" - spec: - secretName: "{{ .Values.extraDatabase.name }}-creds" - instance: "{{ .Values.extraDatabase.instance }}" - deletionProtected: true - backup: - enable: false - cron: 0 0 * * * - {{- if .Values.extraDatabase.credentials }} - credentials: - templates: - {{- range $key, $value := .Values.extraDatabase.credentials }} - - name: {{ $key }} - template: {{ $value }} - secret: true - {{- end }} - {{- end }} - {{- end }} diff --git a/common/values.metallb.yaml b/common/values.metallb.yaml deleted file mode 100644 index c35b944..0000000 --- a/common/values.metallb.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -metallb: - templates: - - | - {{ range .Values.ippools }} - --- - apiVersion: metallb.io/v1beta1 - kind: IPAddressPool - metadata: - name: {{ .name }} - spec: - addresses: - - {{ .addresses }} - {{ end }} diff --git a/common/values.tcp-route.yaml b/common/values.tcp-route.yaml deleted file mode 100644 index b995d25..0000000 --- a/common/values.tcp-route.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -traefik: - templates: - - | - {{ range .Values.tcpRoutes }} - --- - apiVersion: traefik.io/v1alpha1 - kind: IngressRouteTCP - metadata: - name: {{ .name }} - spec: - entryPoints: - - {{ .entrypoint }} - routes: - - match: {{ .match }} - services: - - name: {{ .service }} - nativeLB: true - port: {{ .port }} - {{- end }} \ No newline at end of file diff --git a/common/values.tcproute.yaml b/common/values.tcproute.yaml deleted file mode 100644 index 05e0d89..0000000 --- a/common/values.tcproute.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -tcproute: - templates: - - | - --- - {{ range .Values.routes }} - apiVersion: traefik.io/v1alpha1 - kind: IngressRouteTCP - metadata: - name: {{ printf "%s-%s" .Release.Name .name }} - spec: - {{ tpl (.routes | toYaml | indent 2 | toString) $ }} - {{ end }} diff --git a/crd.yaml b/crd.yaml deleted file mode 100644 index 0e245b2..0000000 --- a/crd.yaml +++ /dev/null @@ -1,27 +0,0 @@ -templates: - # --------------------------- - # -- Hooks - # --------------------------- - crd-management-hook: - hooks: - - events: ["preapply"] - showlogs: true - command: "sh" - args: - - -c - - | - helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl replace -f - \ - || helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl create -f - \ - || true - - events: ["prepare"] - showlogs: true - command: "sh" - args: - - -c - - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl diff -f - || true" - - events: ["postuninstall"] - showlogs: true - command: "sh" - args: - - -c - - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true" diff --git a/docs/restic.md b/docs/restic.md new file mode 100644 index 0000000..f740f43 --- /dev/null +++ b/docs/restic.md @@ -0,0 +1,7 @@ +# Restic + +We are using restic for backing up the Minecraft server + +## How to restore + +TODO: Describe the restoration process diff --git a/etersoft/helmfile.yaml b/etersoft/helmfile.yaml index 677999c..af38673 100644 --- a/etersoft/helmfile.yaml +++ b/etersoft/helmfile.yaml @@ -1,26 +1,4 @@ --- -{{ readFile "../releases.yaml" }} - -releases: - - <<: *openvpn - installed: true - namespace: openvpn-service - createNamespace: false - - - <<: *istio-base - installed: true - namespace: istio-system - createNamespace: false - - - <<: *istio-gateway - installed: true - namespace: istio-system - createNamespace: false - - - <<: *istiod - installed: true - namespace: istio-system - createNamespace: false bases: - ../environments.yaml diff --git a/etersoft/values/secrets.minio.yaml b/etersoft/values/secrets.minio.yaml index cb55a93..465ad9a 100644 --- a/etersoft/values/secrets.minio.yaml +++ b/etersoft/values/secrets.minio.yaml @@ -1,21 +1,21 @@ -rootPassword: ENC[AES256_GCM,data:b0e8jPZizEOqRRdBfL5cby3BCz4/vv/NX+39HAZ1IFb8,iv:Y4af+rhXaoaH3ho7W4YLSD0c7Li3ih130aUNPwsWCsI=,tag:OpW8bftAtm4s+aIxTvOq3A==,type:str] +rootPassword: ENC[AES256_GCM,data:s38LHPKR4UsJE2MvlvIuKllZsYGZxcwssbqMWoPqo11j,iv:iredmR6yFSMxmS7NFwz5kLUxPWdSIImYRLRkICr7sJQ=,tag:Gb+rMEBrVX4dDS+N/quHyA==,type:str] users: - - accessKey: ENC[AES256_GCM,data:0zHY1dpZcro=,iv:jYvIGZNi2j9bGXgDU8EuhlWivB88Fr0/oBIBgSMnyRc=,tag:VBTWvhQy02xgCD5/ew4A6g==,type:str] - secretKey: ENC[AES256_GCM,data:+5pzvUItGiuOpKTFWcDtt60bcg==,iv:Z1ITL0rTy/3/hKVApPCjWSslEUrEOGvUhiHAx3Fa84c=,tag:H7L2MZ/QQYulMqWv65fStw==,type:str] - policy: ENC[AES256_GCM,data:UH1OW/DcPycrKBpE,iv:nssYtBSfN09O0Z9FMQzW660LAMJ4EZP+090c893sb1Q=,tag:XSZpHMX6P1u4UyyzVLnGcQ==,type:str] - - accessKey: ENC[AES256_GCM,data:h8Zqj8Oi,iv:TlRLh7w4nHi0zNSF41gJBvCetQxQHH4bJLhJIgVv+MQ=,tag:xJht3fA5NwAKGJvUFyiBVQ==,type:str] - secretKey: ENC[AES256_GCM,data:uUHZdSRYPEiE5zvapL8=,iv:xYY7QBSzfRicImZZBoFpIbODiypxKC7wIZ/S4BluQX0=,tag:xXSYqJ3lEohWp9heC08qOw==,type:str] - policy: ENC[AES256_GCM,data:W+8wc5fu,iv:J+WHxQIbkffku41GJV9LgK/l28Ds7YI5nNtk8VlICYs=,tag:NtDHmQGJcjMoeD3oAbk9Kw==,type:str] - #ENC[AES256_GCM,data:TYF79Nw=,iv:dW5GFF4Se81r+JEKNN0P/dIluq+LT+CueMr1Rr7Hhic=,tag:UGDIsRChsM6DPIqAh3kECg==,type:comment] - #ENC[AES256_GCM,data:UO5QDyZ4GYVRKkHIJ97Cwl4=,iv:88QMVL1cji5fY1lpZp/B6CHhqrvY57jmRF2o4ixdnFA=,tag:QE/luvZJ03zh1SyR7GMXDQ==,type:comment] - #ENC[AES256_GCM,data:ddVGAKMd/cyVSDtM5RYnUo6z+T5dsuzb5DUd6/Tio52jNZZ4YtvUhrncW+I4SQzPUElNx6R/CNUmGmkYqXjkd2LnwchB5F0U1j+OhZHR,iv:KveAUI8L/muXShLVojH2xjwZGIS+D0RmJio26prCCHw=,tag:Mpoi7h0anEqHjYbvOHjPkw==,type:comment] - #ENC[AES256_GCM,data:mQZZbdr8wc2LpD5XLNaseerkclUtuSU6gOHJSP6f85PkyiHduGBdS8PZCvB1l82Yu0Y=,iv:60Bpshtdt61vlTjvEaHgi/MNGRbgXjFCIVb/HbcUr1U=,tag:uoLQmsvv31rv2fXPMgb5bQ==,type:comment] - #ENC[AES256_GCM,data:WBT41MB3gOut5RHECWApPUU54EErbzMWUOHBBl0mBOAuPK0lYtDSwNZgbSsPVb5WVcN19dMVfGdszox8oYyqKmLG6envNwhtfvQ=,iv:xsTwI3VeAzZqkkGJsU3CxlAkUlDS6aBbD6cOn+z5hj4=,tag:2yesctQM0VlspQZvrCNRng==,type:comment] - #ENC[AES256_GCM,data:2+1H+f/x8gI5vQuv9cfUYS3Q+iu9,iv:gtxhtl2vPcMSqTq8GtY4ywk+XA1k8bl00bgoFk6mHME=,tag:sRT3bc/W39SsQoBtGNQ2eQ==,type:comment] - #ENC[AES256_GCM,data:lwOXCoMkHgQk4xo9nmEtsD/hbqKCgGCK/26AtrYpoH5ntzInb/eXSqeZEsDCqPwy/ZjQCUmYU7XCvKXKm9T6HA==,iv:lcFNE1zKBc24JkPvZQMLlGAx5vhdDJZiJ6gzeJb/ZOo=,tag:xZ8KKC7RCOp9QeJGuxXHFA==,type:comment] - #ENC[AES256_GCM,data:AUwdNARkPPyycH6dooeSudjtiNanxcjOsr7lNdo=,iv:UIUU0CU4+6iD3yVaevnwqfoyprtSX/maBncP4q56yak=,tag:op1twIDRJtnxi44PVFfQtQ==,type:comment] - #ENC[AES256_GCM,data:AnHAONVEQiEofEmL/T0wdt1E0Q==,iv:L2wX/5EF+NJP/Ped+M5XuAg+IoymRmqHdvztFxYz3oI=,tag:t+uDB+bdv/m92JQsOvf0pA==,type:comment] - #ENC[AES256_GCM,data:ceYRPrvLpYUqV/aVVpP1elX/nOmGHUN81R1/JhTICEHWDm8a7wPc,iv:3dfTNmkYmTE01MSco390r/9oshumWm6OKvpofDicl+s=,tag:qH6M8xLJvFxa01MxlWnkFw==,type:comment] + - accessKey: ENC[AES256_GCM,data:J3pNKKmaius=,iv:Mjbx//mHSfVM4NEsOCdPMw7nZ5N2J1rg/IE8JZxzZ30=,tag:sX3OuZ3RodAn8znacBTu4A==,type:str] + secretKey: ENC[AES256_GCM,data:f4PO+T8IRvw5yhFz9Twf3h6vxw==,iv:13ekjlbaTZYDyhMQeM0oJ7/U53ZfhVX/AP20FUnVQ/A=,tag:ZR1YkIl9/6iyWm6leLvQcA==,type:str] + policy: ENC[AES256_GCM,data:mjGhLyvFBU5n6ePk,iv:v/ECOoGcnHGjuLgqMZ8yVTLPqdvn1HBVVAaUiD5fBT0=,tag:3tS26PT1Gg8kHUTfSSUH+g==,type:str] + - accessKey: ENC[AES256_GCM,data:mavKbC9T,iv:gfiilFHH9P3/UUTfjo/kl4r/tcMFN3/J1KyMF+3gY24=,tag:JEhrPdUjeBasQyrsduif9w==,type:str] + secretKey: ENC[AES256_GCM,data:kUs0AzmT/DCLqQEuF9Y=,iv:HoilTHkjITFUREb74y4JAl4YDWHz64XxTvVvKCGE6AE=,tag:bzw9XRz6C4BgB/4mYAf5jg==,type:str] + policy: ENC[AES256_GCM,data:DbIQFNub,iv:NB+PF0acEGFls9BNeQFm+00V1kX+5N7UGJFnhb8DUAU=,tag:tQSO5L0G5Vy51nVD/EKHmw==,type:str] +oidc: + enabled: ENC[AES256_GCM,data:AJwlxQ==,iv:e8Y4xI9VW7R64o5y2TYrMRnL92+RCzFaoF9v4wHDTlc=,tag:T0iZj9cCBxaF444+xuvKuA==,type:bool] + configUrl: ENC[AES256_GCM,data:UHLEsZwSGwNEV9r6wpiw4lLsMOLxJ6QfHKrrP2oduJE+YG7hImEljrO+/kPSUOgWMGgtXIjT/VLYw7xhW+TL,iv:v6bXPeKMho108y+kErL71RvqlfL0YEUtAaexITN6arY=,tag:r/oglMJVU2J2s3mEgjP+dA==,type:str] + clientId: ENC[AES256_GCM,data:6vU3UzdsBjCoxa+H3V87UeNyGt7IYsYMkjEZGFhMfCVWVxxB,iv:4J21E9eskroCTmUFbnt4K4v4tgD+Bjq5j2wT+1q1NE0=,tag:bBDqviaFjnQNDSwTzmpCtw==,type:str] + clientSecret: ENC[AES256_GCM,data:G0OChA212NVb7utdsx4kJRS8BQ0V6igeteOo3Q+PvFTd0U7IVt27YB2u0BUGkt4/Go+wByf8joI=,iv:7khUct7Iln7pi7ET7FBLI51Zc+aFTjLpj92EV5q4Sjc=,tag:vMZtRxTDpphKRW4dN3OVfA==,type:str] + claimName: ENC[AES256_GCM,data:UUrHhIFP,iv:dKg4zBykxhEKeG40a1eSWRYTyzpb5kBmzhEaULFgSII=,tag:3vfbgsoKkNF2Tmwx3Wi56w==,type:str] + redirectUri: ENC[AES256_GCM,data:evZK5yq5syKOsTqeqICTWLTq96AXTKftwDdbPYP9Na67N7I12P+jK8k1zKswHQY=,iv:L5AmYGkO2lyU4ytjyMOmuWDg4GtbeoTzcEdZF7WP+es=,tag:BF8AZUJ39+xICfrdNsY9iQ==,type:str] + comment: ENC[AES256_GCM,data:4h455QlIXewffU2bSKihkg==,iv:p5WRTZfAUgqbF/XpIlaLuUIhQhMWxgs0MW6cqNOiOtg=,tag:yk6CHXx7E8XBY3dath9ezQ==,type:str] + claimPrefix: "" + scopes: ENC[AES256_GCM,data:6DDclrvw1aAnE7KqMYcevELx/VUrQxUq/+my,iv:BUT/J2uFueDxUCdlylJgJ6cBn52fVAV6r+dGYUg+gx8=,tag:sAXpt6zqNi4kwdfYm5J75A==,type:str] sops: kms: [] gcp_kms: [] @@ -25,14 +25,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZ2hGWUYvbUorMzg5ZkV6 - MDAyR0kzUmNiV2U1TWVmT2hidWJwRW40alJVCmljR2t3aXRzdHVFR3FldmxEMm1U - SG1MdDJEeVVNdGswTkF4alNFMFIwM0kKLS0tICtSTHRTeE0ramt0UldVblh0dWtX - ZjQ2V2FrTnZEOGxCVTdzb1JHRVNjd2MKumygdzhr6eObw2CFKPVukneG9j/S9iPg - mtCKiTHzuePabixUagFvY3R8Y6P8X0/nq/2Me5MJTdI80Ga8WOQ23Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaeWFCZlp0VTdkNjV5VDkz + QVErMnVJM1hHbXZERnM5b1hvQWdRQ1N3SmpRCmpCaUkyc3pzRm0yTGZtQ3I5b21I + R3g5T2hKZzNxZmVKVHNoZU1RaTZlamMKLS0tIDlIUVBLSFVZOElZaktjK0xRYjJa + UmdLL0NqWVpuNXBYRENEeTltdFVLREUKrwPN2daokcqABFVXjYCbNyCA0zdMCYh6 + vzTTtNV718OAPQKgl3Ho2c5nhhQcWy5YlWPfGMUklZhocXsAvMXS/g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-04T08:44:29Z" - mac: ENC[AES256_GCM,data:g1CM1dHqXKNWMFNxjHr8JfBWBiEii5iIPeycvmfYm8kXSeVLMHBM3TiJPbOdqxuwme1lXxRKIPwoebYdCc5B/38Ugqu+JLFSj6QJOd6y67BinrS/mn99MVifASe+msYIo+r2B1T9mFiRxY71GJAVfpsy0hljcrJ7dW9Hdd7HAVI=,iv:7Q47rPLmW6uCi8cKYSsSWFVyDc3dT503Vnu1MvM0leI=,tag:vSTff0dVb6h9oBhLjkvvxA==,type:str] + lastmodified: "2023-11-04T19:00:41Z" + mac: ENC[AES256_GCM,data:jhZqJDZuHXpb50aI4f9Otj5y7lHzb1JadZqccju0No2PGUVO1Le3X/Zc51YIm3di+UV8bZSDUosYA7mWz4zNsyMwK0ikB0zUb12Wv1M0ESe4sJQR3mlQSa6fBe1EUGSAtjtmo/HlKaWvprEo3knTZJrxN8pZdTaPOTSA/Akr8m0=,iv:oUbuW1FL1qFbByt5DKqgCWVv/0D2ByWXs2dyUSuB3Uc=,tag:19MFSo0Y1AfB+kFk0sfW2g==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/etersoft/values/secrets.postgres16.yaml b/etersoft/values/secrets.postgres16.yaml deleted file mode 100644 index e466bb1..0000000 --- a/etersoft/values/secrets.postgres16.yaml +++ /dev/null @@ -1,24 +0,0 @@ -global: - postgresql: - auth: - postgresPassword: ENC[AES256_GCM,data:O5Fvmjipcx7CZ4DKQjRW0isfzoUt,iv:sVl6TFRCKAL5ci+lC4DfX/vZkWwRVg559kq4GU67udY=,tag:dEsoEe1UfvD5rUrI+EYOsg==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4 - VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi - bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns - Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 - OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-04T02:27:48Z" - mac: ENC[AES256_GCM,data:yyvzDlqm3ZOGAMAWCbA4JBC2xs14dKJ4oGifHCvD6K3cBcLgQLS8MOoQJBVfAfL/lVqYDtQ8qwQl/NbCEAKdqw5mtGRwSGaCExSTfO8PIUZCT69q5lwhAxfSGkhjjup+88MhwdZbe2iqqr0nF/GBYT7exqu6Pj85ZKbeDVBTMUE=,iv:KVuyYWYvtVjFinkY82nPwKI/XX18t4purLInfjSxYlg=,tag:kD0G+keg4veTy+CN7KOo6Q==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.0 diff --git a/etersoft/values/values.longhorn.yaml b/etersoft/values/values.longhorn.yaml deleted file mode 100644 index 078e6ab..0000000 --- a/etersoft/values/values.longhorn.yaml +++ /dev/null @@ -1,13 +0,0 @@ -defaultSettings: - backupTarget: s3://longhorn@us-east1/backupstore - backupTargetCredentialSecret: aws-secret - guaranteedEngineManagerCPU: 6 - guaranteedReplicaManagerCPU: 6 - storageOverProvisioningPercentage: 300 - storageMinimalAvailablePercentage: 5 - defaultDataPath: /media-longhorn -csi: - kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet -persistence: - defaultClassReplicaCount: 1 -enablePSP: false diff --git a/etersoft/values/values.metallb-resources.yaml b/etersoft/values/values.metallb-resources.yaml deleted file mode 100644 index 5c77cf7..0000000 --- a/etersoft/values/values.metallb-resources.yaml +++ /dev/null @@ -1,5 +0,0 @@ -metallb: - enabled: true - ippools: - - name: etersoft - addresses: 91.232.225.63-91.232.225.63 diff --git a/etersoft/values/values.minio.yaml b/etersoft/values/values.minio.yaml index ba51cc3..a536d3e 100644 --- a/etersoft/values/values.minio.yaml +++ b/etersoft/values/values.minio.yaml @@ -18,16 +18,6 @@ istio: hostname: s3.e.badhouseplants.net service: minio port: 9000 -image: - repository: quay.io/minio/minio - tag: RELEASE.2024-01-11T07-46-16Z-cpuv1 - pullPolicy: IfNotPresent - -mcImage: - repository: quay.io/minio/mc - tag: RELEASE.2024-01-11T05-49-32Z-cpuv1 - pullPolicy: IfNotPresent - rootUser: 'overlord' replicas: 1 mode: standalone @@ -95,10 +85,6 @@ buckets: policy: none purge: false versioning: false - - name: velero-test - policy: none - purge: false - versioning: false - name: restic policy: none purge: false diff --git a/etersoft/values/values.postgres16.yaml b/etersoft/values/values.postgres16.yaml deleted file mode 100644 index cbcb751..0000000 --- a/etersoft/values/values.postgres16.yaml +++ /dev/null @@ -1,10 +0,0 @@ -architecture: standalone - -auth: - database: postgres - -persistence: - size: 1Gi - -metrics: - enabled: false diff --git a/extensions.yaml b/extensions.yaml deleted file mode 100644 index 86903c3..0000000 --- a/extensions.yaml +++ /dev/null @@ -1,56 +0,0 @@ -templates: - # ---------------------------- - # -- Extensions - # ---------------------------- - ext-istio-gateway: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: istio-gateway - values: - - '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml' - - ext-istio-resource: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: istio - values: - - '{{ requiredEnv "PWD" }}/common/values.istio.yaml' - ext-certificate: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: certificate - values: - - '{{ requiredEnv "PWD" }}/common/values.certificate.yaml' - ext-metallb: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: metallb - values: - - '{{ requiredEnv "PWD" }}/common/values.metallb.yaml' - service-monitor: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: service-monitor - values: - - '{{ requiredEnv "PWD" }}/common/values.service-monitor.yaml' - namespace: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: ns - inherit: - - template: default-common-values - - template: default-env-values - - ext-database: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: ext-database - values: - - '{{ requiredEnv "PWD" }}/common/values.database.yaml' diff --git a/helmfile.yaml b/helmfile.yaml index 735e9ba..738d891 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -11,9 +11,24 @@ releases: namespace: kube-system createNamespace: false + - <<: *istio-base + installed: true + namespace: istio-system + createNamespace: false + + - <<: *istio-gateway + installed: true + namespace: istio-system + createNamespace: false + + - <<: *istiod + installed: true + namespace: istio-system + createNamespace: false + - <<: *cert-manager installed: true - namespace: kube-system + namespace: cert-manager createNamespace: false - <<: *minio @@ -21,20 +36,15 @@ releases: namespace: minio-service createNamespace: false + - <<: *openvpn + installed: true + namespace: openvpn-service + createNamespace: false + - <<: *metallb installed: true - namespace: kube-system - createNamespace: false - - - <<: *reflector - installed: true - namespace: kube-system - createNamespace: false - - - <<: *metallb-resources - installed: true - namespace: kube-system - createNamespace: false + namespace: metallb-system + createNamespace: true helmfiles: - path: {{.Environment.Name }}/helmfile.yaml diff --git a/helmule/helmule.yaml b/helmule/helmule.yaml deleted file mode 100644 index 5be7c9a..0000000 --- a/helmule/helmule.yaml +++ /dev/null @@ -1,235 +0,0 @@ -charts: - - repository: metrics-server - name: metrics-server - mirrors: - - custom-commands - - repository: metallb - name: metallb - mirrors: - - custom-commands - - repository: bedag - name: raw - mirrors: - - custom-commands - - repository: jetstack - name: cert-manager - mirrors: - - custom-commands - - repository: longhorn - name: longhorn - mirrors: - - custom-commands - - repository: argo - name: argo-cd - mirrors: - - custom-commands - - repository: prometheus-community - name: kube-prometheus-stack - mirrors: - - custom-commands - - repository: grafana - name: loki - mirrors: - - custom-commands - - repository: grafana - name: promtail - mirrors: - - custom-commands - - repository: istio - name: base - mirrors: - - custom-commands - - repository: istio - name: gateway - mirrors: - - custom-commands - - repository: istio - name: istiod - mirrors: - - custom-commands - - repository: allanger-gitea - name: openvpn-xor - mirrors: - - custom-commands - - repository: allanger-gitea - name: openvpn - mirrors: - - custom-commands - - repository: drone - name: drone - mirrors: - - custom-commands - - repository: drone - name: drone-runner-docker - mirrors: - - custom-commands - - repository: woodpecker - name: woodpecker - mirrors: - - custom-commands - - repository: bitnami - name: wordpress - mirrors: - - custom-commands - - repository: minio - name: minio - mirrors: - - custom-commands - - repository: gitea - name: gitea - mirrors: - - custom-commands - - repository: ananace-charts - name: funkwhale - mirrors: - - custom-commands - - repository: bitwarden - name: vaultwarden - mirrors: - - custom-commands - - repository: bitnami - name: redis - mirrors: - - custom-commands - - repository: bitnami - name: postgresql - mirrors: - - custom-commands - - repository: db-operator - name: db-operator - mirrors: - - custom-commands - - repository: db-operator - name: db-instances - mirrors: - - custom-commands - - repository: bitnami - name: mysql - mirrors: - - custom-commands - - repository: allanger-gitea - name: docker-mailserver - mirrors: - - custom-commands - - repository: allanger-gitea - name: vaultwarden - mirrors: - - custom-commands - - repository: emberstack - name: reflector - mirrors: - - custom-commands - - repository: mailu - name: mailu - mirrors: - - custom-commands - - repository: gabe565 - name: tandoor - mirrors: - - custom-commands - - repository: coredns - name: coredns - mirrors: - - custom-commands - - repository: cilium - name: cilium - mirrors: - - custom-commands - - repository: zot - name: zot - mirrors: - - custom-commands -mirrors: - - name: custom-commands - custom_command: - package: - - helm package -d package . - upload: - - helm push ./package/{{ name }}-{{ version }}.tgz oci://registry.badhouseplants.net/badhouseplants - - rm -rf ./package -repositories: - - name: metrics-server - helm: - url: https://kubernetes-sigs.github.io/metrics-server/ - - name: jetstack - helm: - url: https://charts.jetstack.io - - name: istio - helm: - url: https://istio-release.storage.googleapis.com/charts - - name: drone - helm: - url: https://charts.drone.io - - name: bitnami - helm: - url: https://charts.bitnami.com/bitnami - - name: minio - helm: - url: https://charts.min.io/ - - name: longhorn - helm: - url: https://charts.longhorn.io - - name: gitea - helm: - url: https://dl.gitea.io/charts/ - - name: ananace-charts - helm: - url: https://ananace.gitlab.io/charts - - name: argo - helm: - url: https://argoproj.github.io/argo-helm - - name: bedag - helm: - url: https://bedag.github.io/helm-charts/ - - name: metallb - helm: - url: https://metallb.github.io/metallb - - name: prometheus-community - helm: - url: https://prometheus-community.github.io/helm-charts - - name: grafana - helm: - url: https://grafana.github.io/helm-charts - - name: bitwarden - helm: - url: https://constin.github.io/vaultwarden-helm/ - - name: db-operator - helm: - url: https://db-operator.github.io/charts - - name: allanger-gitea - helm: - url: https://git.badhouseplants.net/api/packages/allanger/helm - - name: badhouseplants - helm: - url: https://badhouseplants.github.io/helm-charts/ - - name: woodpecker - helm: - url: https://woodpecker-ci.org - - name: firefly-iii - helm: - url: https://firefly-iii.github.io/kubernetes/ - - name: emberstack - helm: - url: https://emberstack.github.io/helm-charts - - name: gabe565 - helm: - url: https://charts.gabe565.com - - name: mailu - helm: - url: https://mailu.github.io/helm-charts/ - - name: coredns - helm: - url: https://coredns.github.io/helm - - name: cilium - helm: - url: https://helm.cilium.io/ - - name: phybros-helm-charts - helm: - url: https://phybros.github.io/helm-charts - - name: nextcloud - helm: - url: https://nextcloud.github.io/helm/ - - name: zot - helm: - url: https://zotregistry.dev/helm-charts/ - diff --git a/manifests/badhouseplants-ip.yaml b/manifests/badhouseplants-ip.yaml index 86db502..b98f76f 100644 --- a/manifests/badhouseplants-ip.yaml +++ b/manifests/badhouseplants-ip.yaml @@ -7,4 +7,4 @@ metadata: namespace: metallb-system spec: addresses: - - 195.201.249.91-195.201.249.91 + - 195.201.250.50-195.201.250.50 diff --git a/manifests/badhouseplants/namespace-creator-binding.yaml b/manifests/badhouseplants/namespace-creator-binding.yaml new file mode 100644 index 0000000..d24486c --- /dev/null +++ b/manifests/badhouseplants/namespace-creator-binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: namespace-manager +subjects: + - kind: User + name: badhousplants + apiGroup: rbac.authorization.k8s.io +roleRef: + kind: ClusterRole + name: namespace-manager + apiGroup: rbac.authorization.k8s.io diff --git a/manifests/badhouseplants/namespace-creator-role.yaml b/manifests/badhouseplants/namespace-creator-role.yaml new file mode 100644 index 0000000..c552be6 --- /dev/null +++ b/manifests/badhouseplants/namespace-creator-role.yaml @@ -0,0 +1,8 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: namespace-manager +rules: + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "watch", "list", "create", "delete"] diff --git a/manifests/debug/istio/httpbin.yaml b/manifests/debug/istio/httpbin.yaml deleted file mode 100644 index bc5f0b1..0000000 --- a/manifests/debug/istio/httpbin.yaml +++ /dev/null @@ -1,81 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - labels: - kubernetes.io/metadata.name: debug - name: debug ---- -# httpbin.yaml -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: httpbin - namespace: debug -spec: - hosts: - - "httpbin.badhouseplants.net" - gateways: - - istio-system/badhouseplants-net - http: - - route: - - destination: - port: - number: 8000 - host: httpbin ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: httpbin - namespace: debug -spec: - rules: - - host: "httpbin.badhouseplants.net" - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: httpbin - port: - number: 8000 ---- -apiVersion: v1 -kind: Service -metadata: - name: httpbin - namespace: debug - labels: - app: httpbin -spec: - ports: - - name: http - port: 8000 - selector: - app: httpbin ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: httpbin - namespace: debug -spec: - replicas: 1 - selector: - matchLabels: - app: httpbin - version: v1 - template: - metadata: - labels: - app: httpbin - version: v1 - spec: - containers: - - image: docker.io/citizenstig/httpbin - imagePullPolicy: IfNotPresent - name: httpbin - ports: - - containerPort: 8000 diff --git a/manifests/debug/metallb/deployment.yaml b/manifests/debug/metallb/deployment.yaml deleted file mode 100644 index 1ad28b5..0000000 --- a/manifests/debug/metallb/deployment.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nginx -spec: - selector: - matchLabels: - app: nginx - replicas: 2 - template: - metadata: - labels: - app: nginx - spec: - containers: - - name: nginx - image: nginx:1.14.2 - ports: - - containerPort: 80 diff --git a/manifests/debug/metallb/service.yaml b/manifests/debug/metallb/service.yaml deleted file mode 100644 index 041fc06..0000000 --- a/manifests/debug/metallb/service.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: nginx -spec: - selector: - app: nginx - ports: - - port: 80 - targetPort: 80 - type: LoadBalancer diff --git a/manifests/debug/ubuntu.yaml b/manifests/debug/ubuntu.yaml deleted file mode 100644 index 676a047..0000000 --- a/manifests/debug/ubuntu.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: ubuntu -spec: - containers: - - name: ubuntu - image: ubuntu - command: - - sleep - - infinity diff --git a/manifests/httpo1-cluster-issuer.yaml b/manifests/httpo1-cluster-issuer.yaml deleted file mode 100644 index 547b892..0000000 --- a/manifests/httpo1-cluster-issuer.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - labels: - app.kubernetes.io/instance: cluster-issuer - app.kubernetes.io/name: acme-cluster-issuer - name: badhouseplants-issuer-http01 -spec: - acme: - email: allanger@zohomail.com - preferredChain: "" - privateKeySecretRef: - name: badhouseplants-issuer-htt01-account-key - server: https://acme-v02.api.letsencrypt.org/directory - solvers: - - http01: - ingress: - ingressClassName: traefik diff --git a/manifests/new-ip.yaml b/manifests/new-ip.yaml deleted file mode 100644 index b554876..0000000 --- a/manifests/new-ip.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -# Source: raw/charts/metallb/templates/resources.yaml ---- -apiVersion: metallb.io/v1beta1 -kind: IPAddressPool -metadata: - name: etersoft -spec: - addresses: - - 91.232.225.63-91.232.225.63 - diff --git a/manifests/shadowsocks/install.yaml b/manifests/shadowsocks/install.yaml deleted file mode 100644 index a539b01..0000000 --- a/manifests/shadowsocks/install.yaml +++ /dev/null @@ -1,78 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: shadowsocks-deployment - labels: - app: shadowsocks -spec: - replicas: 1 - selector: - matchLabels: - app: shadowsocks - template: - metadata: - labels: - app: shadowsocks - spec: - containers: - - name: shadowsocks-libev - image: shadowsocks/shadowsocks-libev - env: - - name: METHOD - value: chacha20-ietf-poly1305 - - name: PASSWORD - value: test12345 - ports: - - containerPort: 8388 - securityContext: - capabilities: - add: - - NET_ADMIN ---- -apiVersion: v1 -kind: Service -metadata: - name: shadowsocks - labels: - app: shadowsocks -spec: - type: ClusterIP - ports: - - port: 8388 - protocol: TCP - selector: - app: shadowsocks ---- -apiVersion: networking.istio.io/v1beta1 -kind: Gateway -metadata: - name: badhouseplants-shadowsocks - namespace: istio-system -spec: - selector: - istio: ingressgateway - servers: - - hosts: - - '*' - port: - name: tcp - number: 8388 - protocol: TCP ---- -apiVersion: networking.istio.io/v1beta1 -kind: VirtualService -metadata: - name: shadowsocks -spec: - gateways: - - istio-system/badhouseplants-shadowsocks - hosts: - - '*' - tcp: - - match: - - port: 8388 - route: - - destination: - host: shadowsocks - port: - number: 8388 diff --git a/releases.yaml b/releases.yaml index f07b763..9860b3a 100644 --- a/releases.yaml +++ b/releases.yaml @@ -1,3 +1,4 @@ +--- templates: # --------------------------- # -- Hooks @@ -48,14 +49,6 @@ templates: values: - '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml' - ext-tcp-routes: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: traefik - values: - - '{{ requiredEnv "PWD" }}/common/values.tcp-route.yaml' - ext-istio-resource: dependencies: - chart: bedag/raw @@ -63,7 +56,6 @@ templates: alias: istio values: - '{{ requiredEnv "PWD" }}/common/values.istio.yaml' - ext-certificate: dependencies: - chart: bedag/raw @@ -71,13 +63,7 @@ templates: alias: certificate values: - '{{ requiredEnv "PWD" }}/common/values.certificate.yaml' - ext-metallb: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: metallb - values: - - '{{ requiredEnv "PWD" }}/common/values.metallb.yaml' + service-monitor: dependencies: - chart: bedag/raw @@ -106,63 +92,40 @@ templates: # ---------------------------- # -- System # ---------------------------- - namespaces: &namespaces - name: namespaces - chart: '{{ requiredEnv "PWD" }}/charts/namespaces/chart' - namespace: kube-public - createNamespace: false - inherit: - - template: default-env-values - - roles: &roles - name: roles - chart: '{{ requiredEnv "PWD" }}/charts/roles' - namespace: kube-public - createNamespace: false - inherit: - - template: default-env-values - metrics-server: &metrics-server name: metrics-server chart: metrics-server/metrics-server - version: 3.12.1 + version: 3.11.0 values: - common/values.{{ .Release.Name }}.yaml metallb: &metallb name: metallb chart: metallb/metallb - version: 0.14.5 - - metallb-resources: &metallb-resources - name: metallb-resources - chart: bedag/raw - version: 2.0.0 - inherit: - - template: ext-metallb - - template: default-env-values + version: 0.13.12 cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.15.0 + version: 1.13.2 set: - name: installCRDs value: true longhorn: &longhorn name: longhorn chart: longhorn/longhorn - version: 1.6.2 + version: 1.5.3 inherit: - template: default-env-values argocd: &argocd name: argocd chart: argo/argo-cd - version: 7.1.3 + version: 5.51.6 inherit: - template: default-env-values - template: default-env-secrets + - template: ext-istio-resource monitoring-common: labels: @@ -171,17 +134,18 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 58.5.3 + version: 55.0.0 inherit: - template: monitoring-common - template: default-env-values - template: default-env-secrets - template: crd-management-hook + - template: ext-istio-resource loki: &loki name: loki chart: grafana/loki - version: 6.5.2 + version: 5.39.0 inherit: - template: monitoring-common - template: default-env-values @@ -189,7 +153,7 @@ templates: promtail: &promtail name: promtail chart: grafana/promtail - version: 6.15.5 + version: 6.15.3 inherit: - template: monitoring-common - template: default-env-values @@ -199,7 +163,7 @@ templates: istio-common: labels: bundle: istio - version: 1.22.0 + version: 1.20.0 istio-base: &istio-base name: istio-base @@ -234,20 +198,13 @@ templates: # ---------------------------- # -- Applications # ---------------------------- - openvpn-xor: &openvpn-xor - name: openvpn-xor - chart: allanger-gitea/openvpn-xor - version: 1.2.0 - inherit: - - template: default-env-values - - template: ext-tcp-routes - openvpn: &openvpn name: openvpn chart: allanger-gitea/openvpn - version: 1.2.0 + version: 1.0.7 inherit: - template: default-env-values + - template: ext-istio-resource # ---------------------------- # -- Drone # ---------------------------- @@ -261,6 +218,7 @@ templates: inherit: - template: default-env-values - template: default-env-secrets + - template: ext-istio-resource - template: drone-common drone-runner-docker: &drone-runner-docker @@ -275,44 +233,58 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 1.5.0 + version: 1.0.1 inherit: - - template: ext-database - template: default-env-values - template: default-env-secrets + - template: ext-istio-resource nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 22.4.10 + version: 18.1.21 inherit: - template: default-env-values - template: default-env-secrets + - template: ext-istio-resource + - template: ext-database minio: &minio name: minio chart: minio/minio - version: 5.2.0 + version: 5.0.14 inherit: - template: default-env-values - template: default-env-secrets + - template: ext-istio-resource + + minecraft: &minecraft + name: minecraft + chart: minecraft-server-charts/minecraft + version: 4.12.0 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-istio-resource gitea: &gitea name: gitea chart: gitea/gitea - version: 10.2.0 + version: 9.6.1 inherit: - template: default-env-values - template: default-env-secrets + - template: ext-istio-resource - template: ext-database funkwhale: &funkwhale name: funkwhale chart: ananace-charts/funkwhale - version: 2.0.5 + version: 2.0.4 inherit: - template: default-env-values - template: default-env-secrets + - template: ext-istio-resource - template: ext-database bitwarden: &bitwarden @@ -322,11 +294,12 @@ templates: inherit: - template: default-env-values - template: default-env-secrets + - template: ext-istio-resource redis: &redis name: redis chart: bitnami/redis - version: 19.5.3 + version: 18.4.0 inherit: - template: default-env-values - template: default-env-secrets @@ -334,7 +307,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 15.5.5 + version: 13.2.24 inherit: - template: default-env-values - template: default-env-secrets @@ -342,12 +315,12 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.25.0 + version: 1.13.1 db-instances: &db-instances name: db-instances chart: db-operator/db-instances - version: 2.3.1 + version: 2.1.1 inherit: - template: default-env-values - template: default-env-secrets @@ -355,7 +328,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 11.1.2 + version: 9.14.4 inherit: - template: default-env-values - template: default-env-secrets @@ -363,102 +336,18 @@ templates: docker-mailserver: &docker-mailserver name: docker-mailserver chart: allanger-gitea/docker-mailserver - version: 2.3.1 + version: 2.2.0 inherit: - template: default-env-values - - template: ext-tcp-routes + - template: ext-istio-gateway + - template: ext-istio-resource vaultwarden: &vaultwarden name: vaultwarden - chart: allanger-gitea/vaultwarden - version: 1.2.0 - inherit: - - template: default-env-values - - template: default-env-secrets - - template: ext-database - - vaultwarden-test: &vaultwardentest - name: vaultwardentest - chart: allanger-gitea/vaultwarden - version: 1.2.0 - inherit: - - template: default-env-values - - template: default-env-secrets - - reflector: &reflector - name: reflector - chart: emberstack/reflector - version: 7.1.262 - - mailu: &mailu - name: mailu - chart: mailu/mailu - version: 1.5.0 - inherit: - - template: default-env-values - - template: default-env-secrets - - template: ext-certificate - - template: ext-tcp-routes - - template: ext-database - - tandoor: &tandoor - name: tandoor - chart: gabe565/tandoor - version: 0.9.5 - inherit: - - template: default-env-values - - template: default-env-secrets - - template: ext-database - - coredns: &coredns - name: coredns - chart: coredns/coredns - version: 1.31.0 - namespace: kube-system - inherit: - - template: default-env-values - - cilium: &cilium - name: cilium - chart: cilium/cilium - version: 1.15.6 - createNamespace: false - namespace: kube-system - inherit: - - template: default-env-values - - zot: &zot - name: zot - chart: zot/zot - version: 0.1.56 - createNamespace: false - namespace: kube-services + chart: badhouseplants/vaultwarden + version: 1.0.0 inherit: - template: default-env-values - template: default-env-secrets - template: ext-istio-resource - - keel: &keel - name: keel - chart: keel/keel - version: 1.0.3 - createNamespace: false - namespace: kube-system - - traefik: &traefik - name: traefik - chart: traefik/traefik - version: 28.3.0 - createNamespace: false - namespace: kube-system - inherit: - - template: default-env-values - - local-path-provisioner: &local-path-provisioner - name: local-path-provisioner - chart: local-path-provisioner/local-path-provisioner - createNamespace: false - namespace: kube-system - inherit: - - template: default-env-values - + - template: ext-database diff --git a/repositories-oci.yaml b/repositories-oci.yaml deleted file mode 100644 index 5db4d1e..0000000 --- a/repositories-oci.yaml +++ /dev/null @@ -1,4 +0,0 @@ -repositories: - - name: badhouseplants-oci - url: registry.badhouseplants.net/badhouseplants - oci: true diff --git a/repositories.yaml b/repositories.yaml index 5ffcf86..0d52f2e 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -1,3 +1,4 @@ +--- repositories: - name: metrics-server url: https://kubernetes-sigs.github.io/metrics-server/ @@ -11,6 +12,8 @@ repositories: url: https://charts.bitnami.com/bitnami - name: minio url: https://charts.min.io/ + - name: minecraft-server-charts + url: https://itzg.github.io/minecraft-server-charts/ - name: longhorn url: https://charts.longhorn.io - name: gitea @@ -31,35 +34,9 @@ repositories: url: https://constin.github.io/vaultwarden-helm/ - name: db-operator url: https://db-operator.github.io/charts - # - name: allanger-gitea - # url: https://git.badhouseplants.net/api/packages/allanger/helm + - name: allanger-gitea + url: https://git.badhouseplants.net/api/packages/allanger/helm - name: badhouseplants url: https://badhouseplants.github.io/helm-charts/ - name: woodpecker url: https://woodpecker-ci.org - - name: firefly-iii - url: https://firefly-iii.github.io/kubernetes/ - - name: emberstack - url: https://emberstack.github.io/helm-charts - - name: gabe565 - url: https://charts.gabe565.com - - name: mailu - url: https://mailu.github.io/helm-charts/ - - name: coredns - url: https://coredns.github.io/helm - - name: cilium - url: https://helm.cilium.io/ - - name: phybros-helm-charts - url: https://phybros.github.io/helm-charts - - name: nextcloud - url: https://nextcloud.github.io/helm/ - - name: zot - url: https://zotregistry.dev/helm-charts/ - - name: chartmuseum - url: https://chartmuseum.github.io/charts - - name: keel - url: https://charts.keel.sh - - name: traefik - url: https://traefik.github.io/charts - - name: local-path-provisioner - url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=v0.0.26 diff --git a/system/charts/namespaces/chart/.helmignore b/system/charts/namespaces/chart/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/system/charts/namespaces/chart/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/system/charts/namespaces/chart/Chart.yaml b/system/charts/namespaces/chart/Chart.yaml deleted file mode 100644 index 0f737fe..0000000 --- a/system/charts/namespaces/chart/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -name: namespaces -description: A Helm chart for Kubernetes - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "1.16.0" diff --git a/system/charts/namespaces/chart/templates/_helpers.tpl b/system/charts/namespaces/chart/templates/_helpers.tpl deleted file mode 100644 index a33714c..0000000 --- a/system/charts/namespaces/chart/templates/_helpers.tpl +++ /dev/null @@ -1,43 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "namespaces.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "namespaces.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "namespaces.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "namespaces.labels" -}} -helm.sh/chart: {{ include "namespaces.chart" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - diff --git a/system/charts/namespaces/chart/templates/namespaces.yaml b/system/charts/namespaces/chart/templates/namespaces.yaml deleted file mode 100644 index dc2bd62..0000000 --- a/system/charts/namespaces/chart/templates/namespaces.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.namespaces }} -{{- range $ns := .Values.namespaces }} ---- -apiVersion: v1 -kind: Namespace -metadata: - name: {{ $ns.name }} - labels: - {{- include "namespaces.labels" $ | nindent 4 }} - {{- with $ns.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with $ns.annotations}} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/system/charts/namespaces/chart/values.yaml b/system/charts/namespaces/chart/values.yaml deleted file mode 100644 index cd5a239..0000000 --- a/system/charts/namespaces/chart/values.yaml +++ /dev/null @@ -1,20 +0,0 @@ -namespaces: - - name: giantswarm-flux - labels: - name: giantswarm-flux - - name: giantswarm - labels: - name: giantswarm - - name: monitoring - labels: - name: monitoring - - name: org-giantswarm - labels: - name: org-giantswarm - - name: flux-system - labels: - name: flux-system - - name: flux-giantswarm - labels: - name: flux-giantswarm - - name: policy-exception diff --git a/system/charts/namespaces/kustomize/flux-system.yml b/system/charts/namespaces/kustomize/flux-system.yml deleted file mode 100644 index f44f3af..0000000 --- a/system/charts/namespaces/kustomize/flux-system.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: flux-system - labels: - name: flux-system diff --git a/system/charts/namespaces/kustomize/giantswarm-flux.yml b/system/charts/namespaces/kustomize/giantswarm-flux.yml deleted file mode 100644 index bd0e121..0000000 --- a/system/charts/namespaces/kustomize/giantswarm-flux.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: giantswarm-flux - labels: - name: giantswarm-flux diff --git a/system/charts/namespaces/kustomize/giantswarm.yml b/system/charts/namespaces/kustomize/giantswarm.yml deleted file mode 100644 index 31e7916..0000000 --- a/system/charts/namespaces/kustomize/giantswarm.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: giantswarm - labels: - name: giantswarm diff --git a/system/charts/namespaces/kustomize/kustomization.yaml b/system/charts/namespaces/kustomize/kustomization.yaml deleted file mode 100644 index 8159198..0000000 --- a/system/charts/namespaces/kustomize/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -resources: - - ./giantswarm-flux.yml - - ./giantswarm.yml - - ./monitoring.yml - - ./org-giantswarm.yml diff --git a/system/charts/namespaces/kustomize/monitoring.yml b/system/charts/namespaces/kustomize/monitoring.yml deleted file mode 100644 index 90d12ef..0000000 --- a/system/charts/namespaces/kustomize/monitoring.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: monitoring - labels: - name: monitoring diff --git a/system/charts/namespaces/kustomize/org-giantswarm.yml b/system/charts/namespaces/kustomize/org-giantswarm.yml deleted file mode 100644 index f27e8c4..0000000 --- a/system/charts/namespaces/kustomize/org-giantswarm.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: org-giantswarm - labels: - name: org-giantswarm diff --git a/system/charts/root/.helmignore b/system/charts/root/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/system/charts/root/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/system/charts/root/Chart.yaml b/system/charts/root/Chart.yaml deleted file mode 100644 index 59e507d..0000000 --- a/system/charts/root/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v2 -name: root -description: A Helm chart for Kubernetes -type: application -version: 0.1.5 -appVersion: "1.16.0" diff --git a/system/charts/root/templates/_helpers.tpl b/system/charts/root/templates/_helpers.tpl deleted file mode 100644 index 8a3cc9a..0000000 --- a/system/charts/root/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "root.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "root.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "root.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "root.labels" -}} -helm.sh/chart: {{ include "root.chart" . }} -{{ include "root.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "root.selectorLabels" -}} -app.kubernetes.io/name: {{ include "root.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "root.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "root.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/system/charts/root/templates/root.yaml b/system/charts/root/templates/root.yaml deleted file mode 100644 index f542187..0000000 --- a/system/charts/root/templates/root.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }} -apiVersion: source.toolkit.fluxcd.io/v1 -kind: GitRepository -metadata: - name: root -spec: - interval: 30s - url: {{ .Values.url }} - ref: - branch: {{ .Values.branch }} ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: root -spec: - interval: 30s - targetNamespace: flux-system - sourceRef: - kind: GitRepository - name: root - path: "." - prune: false - timeout: 1m -{{- end }} diff --git a/system/charts/root/templates/self.yaml b/system/charts/root/templates/self.yaml deleted file mode 100644 index 0ddb8de..0000000 --- a/system/charts/root/templates/self.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }} -apiVersion: source.toolkit.fluxcd.io/v1 -kind: GitRepository -metadata: - name: root-self -spec: - interval: 30s - url: {{ .Values.self.url }} - ref: - branch: {{ .Values.self.branch }} ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: root-self -spec: - interval: 30s - targetNamespace: flux-system - sourceRef: - kind: GitRepository - name: root-self - path: "." - prune: false - timeout: 1m -{{- end }} diff --git a/system/charts/root/values.yaml b/system/charts/root/values.yaml deleted file mode 100644 index 51850fa..0000000 --- a/system/charts/root/values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -url: https://git.badhouseplants.net/giantswarm/cluster-example.git -branch: main -self: - url: git@git.badhouseplants.net:giantswarm/root-config.git - branch: master diff --git a/system/helmfile.yaml b/system/helmfile.yaml deleted file mode 100644 index 7cc46e6..0000000 --- a/system/helmfile.yaml +++ /dev/null @@ -1,51 +0,0 @@ -repositories: - - name: projectcalico - url: https://docs.tigera.io/calico/charts - - name: coredns - url: https://coredns.github.io/helm - - name: flannel - url: https://flannel-io.github.io/flannel/ - - name: cilium - url: https://helm.cilium.io/ - - name: hcloud - url: https://charts.hetzner.cloud - -releases: - - name: namespaces - chart: ./charts/namespaces/chart - namespace: kube-public - createNamespace: false - values: - - ./values/namespaces.yaml - - - name: hccm - chart: hcloud/hcloud-cloud-controller-manager - needs: - - kube-public/namespaces - namespace: kube-system - version: 1.19.0 - installed: false - createNamespace: false - values: - - ./values/hcloud.yaml - - - name: coredns - needs: - - kube-public/namespaces - chart: coredns/coredns - installed: true - version: 1.29.0 - namespace: kube-system - values: - - ./values/coredns.yaml - - - name: cilium - chart: cilium/cilium - version: 1.14.6 - installed: true - createNamespace: false - namespace: kube-system - needs: - - kube-public/namespaces - values: - - ./values/cilium.yaml diff --git a/system/values/calico.yaml b/system/values/calico.yaml deleted file mode 100644 index b47e04e..0000000 --- a/system/values/calico.yaml +++ /dev/null @@ -1,12 +0,0 @@ -installation: - enabled: true - spec: - calicoNetwork: - bgp: Enabled - nodeAddressAutodetectionV4: - interface: ens11 - ipPools: - - cidr: 10.50.0.0/16 - encapsulation: VXLANCrossSubnet - natOutgoing: Enabled - nodeSelector: all() diff --git a/system/values/cilium.yaml b/system/values/cilium.yaml deleted file mode 100644 index 6eae22c..0000000 --- a/system/values/cilium.yaml +++ /dev/null @@ -1,10 +0,0 @@ -operator: - replicas: 1 -endpointRoutes: - # -- Enable use of per endpoint routes instead of routing via - # the cilium_host interface. - enabled: true -ipam: - ciliumNodeUpdateRate: "15s" - operator: - clusterPoolIPv4PodCIDRList: ["10.244.0.0/16"] diff --git a/system/values/coredns.yaml b/system/values/coredns.yaml deleted file mode 100644 index 04d2b02..0000000 --- a/system/values/coredns.yaml +++ /dev/null @@ -1,32 +0,0 @@ -service: - clusterIP: 10.43.0.10 - -servers: - - zones: - - zone: . - port: 53 - plugins: - - name: errors - # Serves a /health endpoint on :8080, required for livenessProbe - - name: health - configBlock: |- - lameduck 5s - # Serves a /ready endpoint on :8181, required for readinessProbe - - name: ready - # Required to query kubernetes API for data - - name: kubernetes - parameters: cluster.local in-addr.arpa ip6.arpa - configBlock: |- - pods insecure - fallthrough in-addr.arpa ip6.arpa - ttl 30 - # Serves a /metrics endpoint on :9153, required for serviceMonitor - - name: prometheus - parameters: 0.0.0.0:9153 - - name: forward - parameters: . 1.1.1.1 1.0.0.1 - - name: cache - parameters: 30 - - name: loop - - name: reload - - name: loadbalance diff --git a/system/values/namespaces.yaml b/system/values/namespaces.yaml deleted file mode 100644 index 838f30b..0000000 --- a/system/values/namespaces.yaml +++ /dev/null @@ -1,23 +0,0 @@ -namespaces: - - name: longhorn-system - - name: cert-manager - - name: minio-service - - name: metallb-system - - name: reflector-system - - name: drone-service - - name: argo-system - - name: nrodionov-application - - name: minecraft-application - - name: gitea-service - - name: funkwhale-application - - name: monitoring-system - - name: bitwarden-application - - name: database-service - - name: mail-service - - name: istio-system - - name: vaultwarden-application - - name: woodpecker-ci - - name: openvpn-service - - name: tandoor-application - - name: badhouseplants-main - - name: mailu-application diff --git a/system/values/values.cilium.yaml b/system/values/values.cilium.yaml deleted file mode 100644 index 6eae22c..0000000 --- a/system/values/values.cilium.yaml +++ /dev/null @@ -1,10 +0,0 @@ -operator: - replicas: 1 -endpointRoutes: - # -- Enable use of per endpoint routes instead of routing via - # the cilium_host interface. - enabled: true -ipam: - ciliumNodeUpdateRate: "15s" - operator: - clusterPoolIPv4PodCIDRList: ["10.244.0.0/16"] diff --git a/system/values/values.coredns.yaml b/system/values/values.coredns.yaml deleted file mode 100644 index 04d2b02..0000000 --- a/system/values/values.coredns.yaml +++ /dev/null @@ -1,32 +0,0 @@ -service: - clusterIP: 10.43.0.10 - -servers: - - zones: - - zone: . - port: 53 - plugins: - - name: errors - # Serves a /health endpoint on :8080, required for livenessProbe - - name: health - configBlock: |- - lameduck 5s - # Serves a /ready endpoint on :8181, required for readinessProbe - - name: ready - # Required to query kubernetes API for data - - name: kubernetes - parameters: cluster.local in-addr.arpa ip6.arpa - configBlock: |- - pods insecure - fallthrough in-addr.arpa ip6.arpa - ttl 30 - # Serves a /metrics endpoint on :9153, required for serviceMonitor - - name: prometheus - parameters: 0.0.0.0:9153 - - name: forward - parameters: . 1.1.1.1 1.0.0.1 - - name: cache - parameters: 30 - - name: loop - - name: reload - - name: loadbalance diff --git a/system/values/values.namespaces.yaml b/system/values/values.namespaces.yaml deleted file mode 100644 index 838f30b..0000000 --- a/system/values/values.namespaces.yaml +++ /dev/null @@ -1,23 +0,0 @@ -namespaces: - - name: longhorn-system - - name: cert-manager - - name: minio-service - - name: metallb-system - - name: reflector-system - - name: drone-service - - name: argo-system - - name: nrodionov-application - - name: minecraft-application - - name: gitea-service - - name: funkwhale-application - - name: monitoring-system - - name: bitwarden-application - - name: database-service - - name: mail-service - - name: istio-system - - name: vaultwarden-application - - name: woodpecker-ci - - name: openvpn-service - - name: tandoor-application - - name: badhouseplants-main - - name: mailu-application diff --git a/templates/crd-hook.yaml b/templates/crd-hook.yaml deleted file mode 100644 index db6365f..0000000 --- a/templates/crd-hook.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -templates: - crd-management-hook: - hooks: - - events: ["preapply"] - showlogs: true - command: "sh" - args: - - -c - - | - helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl replace -f - \ - || helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl create -f - \ - || true - - events: ["prepare"] - showlogs: true - command: "sh" - args: - - -c - - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl diff -f - || true" - - events: ["postuninstall"] - showlogs: true - command: "sh" - args: - - -c - - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true" diff --git a/templates/extensions.yaml b/templates/extensions.yaml deleted file mode 100644 index 86903c3..0000000 --- a/templates/extensions.yaml +++ /dev/null @@ -1,56 +0,0 @@ -templates: - # ---------------------------- - # -- Extensions - # ---------------------------- - ext-istio-gateway: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: istio-gateway - values: - - '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml' - - ext-istio-resource: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: istio - values: - - '{{ requiredEnv "PWD" }}/common/values.istio.yaml' - ext-certificate: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: certificate - values: - - '{{ requiredEnv "PWD" }}/common/values.certificate.yaml' - ext-metallb: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: metallb - values: - - '{{ requiredEnv "PWD" }}/common/values.metallb.yaml' - service-monitor: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: service-monitor - values: - - '{{ requiredEnv "PWD" }}/common/values.service-monitor.yaml' - namespace: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: ns - inherit: - - template: default-common-values - - template: default-env-values - - ext-database: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: ext-database - values: - - '{{ requiredEnv "PWD" }}/common/values.database.yaml'