diff --git a/.woodpecker/.helmfile.yml b/.woodpecker/.helmfile.yml index 2407cd8..355d333 100644 --- a/.woodpecker/.helmfile.yml +++ b/.woodpecker/.helmfile.yml @@ -1,25 +1,11 @@ when: event: push - - -.k8s-limits: &k8s-limits - backend_options: - kubernetes: - resources: - requests: - memory: 1024Mi - cpu: 1000m - limits: - memory: 1512Mi - cpu: 1500m - matrix: ENVIRONMENT: - badhouseplants - etersoft steps: diff: - <<: *k8s-limits image: ghcr.io/helmfile/helmfile:canary secrets: [sops_age_key, kubeconfig_content] when: @@ -31,7 +17,6 @@ steps: - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config - helmfile -e $ENVIRONMENT diff --suppress-secrets apply: - <<: *k8s-limits image: ghcr.io/helmfile/helmfile:canary secrets: [sops_age_key, kubeconfig_content] when: diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 05f6226..0ec24c9 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -4,19 +4,19 @@ releases: - <<: *namespaces installed: true - - <<: *roles - installed: true - <<: *coredns installed: true - <<: *cilium installed: true - - - <<: *local-path-provisioner - - - <<: *zot + - <<: *drone installed: true - - <<: *keel - - <<: *traefik + namespace: drone-service + createNamespace: false + + - <<: *drone-runner-docker + installed: true + namespace: drone-service + createNamespace: false - <<: *argocd installed: true @@ -28,6 +28,11 @@ releases: namespace: nrodionov-application createNamespace: false + - <<: *minecraft + installed: true + namespace: minecraft-application + createNamespace: false + - <<: *gitea installed: true namespace: gitea-service @@ -38,6 +43,21 @@ releases: namespace: funkwhale-application createNamespace: false + - <<: *prometheus + installed: true + namespace: monitoring-system + createNamespace: true + + - <<: *loki + installed: true + namespace: monitoring-system + createNamespace: false + + - <<: *promtail + installed: true + namespace: monitoring-system + createNamespace: false + - <<: *bitwarden installed: false namespace: bitwarden-application @@ -73,15 +93,16 @@ releases: namespace: woodpecker-ci createNamespace: true + + - <<: *istio-gateway-resources + installed: true + namespace: istio-system + createNamespace: false + - <<: *vaultwarden createNamespace: true installed: true namespace: vaultwarden-application - - - <<: *vaultwardentest - createNamespace: false - installed: true - namespace: applications - <<: *openvpn-xor installed: true @@ -90,19 +111,18 @@ releases: - <<: *docker-mailserver installed: true - namespace: applications + namespace: mail-service + createNamespace: true + + - <<: *tandoor + installed: true + namespace: tandoor-application createNamespace: true - <<: *mailu installed: false namespace: mailu-application createNamespace: false - - - <<: *longhorn - installed: true - namespace: longhorn-system - createNamespace: false - bases: - ../environments.yaml - ../repositories.yaml diff --git a/badhouseplants/values/secrets.argocd.yaml b/badhouseplants/values/secrets.argocd.yaml index 81405e1..371d4d1 100644 --- a/badhouseplants/values/secrets.argocd.yaml +++ b/badhouseplants/values/secrets.argocd.yaml @@ -1,9 +1,10 @@ +server: + config: + dex.config: ENC[AES256_GCM,data:SExaFuvPjiyYUiqBivswX4dpPM+x/6OsmyC9FFpiX1TCDIsYNFakzW5ZwFk1XnS8OYzqksyoxAGGU2fmoTVpHXviDqSZ76g0AREH3OwtSlz2R8RwFU/zzgXeqoxw2rC2ij0t0Vg39BeltArIFBcrtTfDy7AjMqf/Qx29EAb9nnoTA/SPj33VzHbn+tJIHb/a2XExj6VAyVJoq+fqsdKmmbI0tb636V+Cq/+wj6WwGjhu/0PDtaMN9AWokMGgICLUbdtfocinvZ1gyv8+QDnczYonD+wFZdlaKDembGN3p0BggBCLOY1I9f3PHG9Yy5xpNtAGFjDYF3NLz1n1QjDwRo1La6EHmmd2pL3INtU++IGRkC64bzCKR7i429/il13MKvccBOBWiJpkf5L65Rluyb1WWNYBcI/SscfQo1CSL6zXuZtrxeWrRcySs9TjSAtwHrpuRm6hfwi1tUcUUEhu6c9uUYMhSoNug8/2vQjQiJcEdh9n+YCoUbPraAC/OSctrnmO/vsXY9CcXCWWR606Wwvr0RIX+wg4/5vCyecj+5nvhfaZvECXoCmKT8xtmVw6h2oYbAU4T7o9J93XNMVyhui4DM1JN4GYlTsfbpU1PBetUII+RO23rJDSRQdEq16Kk9RcNEUaJYcS4uH7AXvbJVeC6Cx2OwN7zSmOSbA9D2kYt7IVcnBQRGJ+cH6fy34KTwJ0def6Ze243LlHdA==,iv:c8cJLybNsyuAw/BFmKtNTBzXIl0vmeSuKW8j/aw8STw=,tag:URax9og6ZQRvWPtKVel4SQ==,type:str] configs: - cm: - dex.config: ENC[AES256_GCM,data:/5fVXmrlrI+A9VkyXXXEyout6crDfLKvEHRgSak3tZn90aVm/SrSsq/mJHO4k79zVPz/BBF8/RIt2rD1TJsBNWsTFfKJuCkSN7kjUIE1Blch9ju2MOOmtWR8NIi98k/t5D/kfF6JhAw3hTv6nOkaz6P9eJgAEawdNeaNZS2i/6s5UdJkTpZWCOD+3DJezYhWS9dePrWldRGzYNVc25wAbDF6jRrtXbF2aC/z/cuhcCEEgsncFAYz1lN8sKpdMXIZzBqvugYGUZHPkWAi8fsLRM818jA736NoT55d7yO2hR0RzbIEbr0Edbk9eeofAty5WEPBhop9OUJJFKeRq2AXgdY6Y98BH1Yn1X1PmkpV4Tu+S49q3jRC4g2dIttywA3waqdGSsXVI5q9sVSJTCN5gsHXM298K1hb0hCgIv4WAv/09BvOOxocTbz06c1zB/ZFxhJJ1Fv3wSPFiY011y8StMgEvBmh84ERK703Sn8jFrT31eujpF6saM8fER/1W7acOrGZTTCirXcm2Cp4QPS6LILeANcD6S6gFvITKxCa/Dzkk4OV3uB2KqpTX13IrbnMm+oYGM573QAJzuRBfGtFBggX6GHM1jGnPZ/s2n+BRrhKhZRofVommLMSl2mTyWRsLwJ8XzXIDZlQT8MrkCZX8EorQmUS3NPM5oTgxpq4dtGbwVmKh2i2ZcmwGK7AwB5OtLXeyLe/MbOikQKCig==,iv:xuTDUZWDWtzZwTOvfzGRNsqpPx+rxtTVs1C0gOjB+Pw=,tag:CLGA9kgSoWBFCJRW/s3MAg==,type:str] credentialTemplates: ssh-creds: - sshPrivateKey: ENC[AES256_GCM,data:43Enu05W+Cxbg1z8GjoYMWNOkCSuUIny4c9YOJlp6HBwazFx8IbMLibSxcI4kWCaceKHj+jxHhj5hnnDJgXWElFHmsApxNX/GtXtaiIHF2I3f4o+WjLJMco1lkdrtLhb2ERis7PtzI+1aQsTDtwJG6xPDpxYT+apokx2XnwkFzjAetfi5zHMyepgQRXFjyGvn4HECLeC1uii4+/FmImI4gzTFIGAoeb6xT4HDsWV/kzrWNJk/FsnmQyCkiEHQ8wU1z1WTPr6cuTLf7WUrliPaOAwmGwxfchU+vIfIBsbfHoBVHeJR8/j9fB5Em10Z5Ton91CXObGVpEBJD4MHgUIEVmAunqK+ltAit/CNmQI5AwSofcfAV+hI2o8v6N4Wlq6PteNKeeBvdSCYEt9DR7uw+TNgTgxNhAzjZuXnfZzVpmsqtsy0LMBtdwruA7j0roBoqODU9+YbJc9rpx+MTwlaPrkBBRA2+ZZ2Z2Tl2NV8RJbxK6fwDha+E7KPqJnBwqK6xsROvEV2wzW/ZXGDWXuOM7sqCK0Zc+vi/X/1kgTTVt5BlnjLpk+tiZSIwMFLAQctMkEFpVQAWFqpVnlJenHmwh4NaHgEIEsiIMsR4Uh+7tmEwli+DVhauwOwJpMc4MJsZgquTyATd/1hJdLW0XJKNYGDd/Ia9dUvtuZR0vZks1J85XVwp/qR8QlJd0nMhFgzNV7cJnf2WE6nj3c8ibPjhelFPFd+dw0inoLsnwBGvNpxZTeu2UBInnyAW7MefVs29gSnWaSFi2dvT4Lw4X+yGdGP3SAydkTOfMcV7hbtv+IRfeyFTV6v0ebilufuvVy56HlZQl5H6y9kZEg3m8qxJ2gJB7MFVfqAku8lNDAgMyvdx2sDivbWvOOsPAC5N8NFHVn5XKlASrZs4N6o5Uo85ewO2GSLn+UKxLWvhqKwIB7oYubfVyV+m9SwqiZLBy6xt0FOKr4cg5pLDFhNer2vQfwRB/2meV3jZt3TXE5anlnxgEKIfrjhjJTXpOIaUPn3z/jbYk5RHTrFrAIib6u2r+HpTkxdnIE+jdgyl/bmhzI7cqDfR/VDdfbl78sAKNQjAhzG10eNWnRgrvNU5KuPOpvxaNUyv55L9MyrO95LdmrmV3SG2Y8J08sCx2kmGg0gJwWmQJpvWTPaa8HQ8oTUw/+b8c6z1DzesozjVVTdd2m51cprYQtSY+izJfjzYXfTs9q2ibzDaan1GWRx7cFYye5ks0DWG4Qn+dFIiVUez+mnSPIJ3CTWcXwnMfLALM4p1Ki2/BUyRz84ryJLJ4L+FhDJJFBpyi+SzdNOIpCEqOQgztxdX5FFEZ6dKwsQtj+8AA+eOlQIb1fu9lr+6g4+TgJzyYSxxgmCD/bTU+gGXq7r6pX8NIIZl3zcVNtvEg/mObzRq3U9JtljKDHjQVKlLm5KqoVeLybgCK0kr0DsqriD92UnhOHYY9Xt6l670h/kfH9tygSHogiWHZFJ3E90YeXnRAgzyELqdz9wrGri7y///Vm4vAh7O2wqVq7XW4w/27HStCFEOmPA6i/84VIRJPsbTNUxYi1SKVQzHe0r8gBAr3kcrLMRTzs/myH7utZxFmygR4NcI9q1X1Hz91Hi2mfHRAuhqnFWHjA/clMXy2eFTUkAUlG36z1+VhsPQVo+n1vkPXtbtW8FofL8LJZwtwuOHfnHI4W8431S4KtOcLFNLha6otzwD63KZ40x07ljwFW2/4txlb98jVE3myXK7n93mTL6iY17cTBir4gRdAACDlmelIyqQB2KcL8sJht9B0XXeWqMxkt6HQlJQaHjefv5QtP3tXKCSQUmdPf2dLLXfQnhhpZxEU6krZJLPCpM4Fj9hi+1dCmIwSW8iGSxMD9+KtyCenP3L243P0NzWPEpM4CvL4c8sgZYVzZ5xAxbGjL87ScTWhrBvpSv5a0OLtH9K1BFgISwXbZyn2dBSLdhaJYE2963KJE+yvbSuZPGzdOSGShQPX+h5FEEJrhZKyxI5b/EjbczZ/Rhu8YTrYdBNFX6XZkXvlF35uXfxmALihu7IBZCOZh8qepdxzYbXbrwLI22bG76Fib1zofhYuLTUqEHABy++NMGCZwLGsCzM6KQAEhlzy3uhQywpMuNUMfp9gaxsSb/RooYGEfqr7Ss7Qg6Nbzue9ayiO4sGl80m2kbQi2A+QdXsrplWeUVouNsdeIWs8J7uU+KSwQXdtuZHHVeo8v7YJddLHJDXdzKMEpukj1Nq342ZPSPpp8ENDh3XUP/SQgOWyAM7J08mhtlblmAOvKFe99SEnXqHLfRtgZgeZvlcfZF5mzz4Cq96mh8LU0V8C3T+31fWJpMJFo1eNHEbYxp/K6UkCDGsba4ahGAD8Txb/J5SPMWUKI8GRDo8ZOgvvDd0f/NvfnjngSWAVq/Kff2kMAMN9JtpEGUhxrRFZu+7qanmHrB4/3c3h+vh/+mQlURTIDmKOGFZPXmlOaW8KfL8/6dzSxAyYjOHPCuMb1JjyNqte1fzZ7Dih0LBtbTJYoMc52HM7nJ/ENHirwditTj3PTWJbRh/vVEQisbKtLkzb2vZPkTW3EXo1Z73KWZ/RqcU1S1Xj9egNLNZQegcJ98/9qXtmOAyhpwCyP+5Xscu6xVeIIso2f4G3JPJCelHCoeTyFo+8r/8k2FHiOhcmhPYPC6mlQQNKcV0441jrnjaJ7L9E1Kxt/iVK4B+/k4HVwv2J7yjQ5dU/KBY3V/vMhjQc3AGq6S6T7WoycYNY51AYYGHk6Hf2yl3md/qFE14hzX0Zt2sjmpQDJSG8CAOnay5XxDOrLEQwqmCaZPGGAK4FaXDERAgRsxp8vMy9KUQDVHwT1Tqf3rwGn74nNXo9IqQgcc5NV88FvRjLv1bm/6kBeaD9udfZBw7YqsRkY3mRoG/aJw8DkOdmYNIrJm69rmHreQo1KssVe/mz3Om0auwpBXR5D2OzZ/9e9XCprnUEN59cOfaha6qMm7pvDyJocaYvbSWPpchZb8DorWGEC7Iq2Qa45NaaKIpMrAOLPhiRqtNLP3L5Hzq23kvNOxY1r8Pxk6VPH6DqUBYrwq0vkYgABnquE1TZPL7ZqMMsfiAsK+iAxyFSbH44Yuby7VvD86rs0YaKYIgBTPMjfo7GNP5Dx8YPKUruQDnfaJYCw8klnmAtdioPWeEzRDmSYN+wOtz5fBFzPCXOVfit5BA8fIgpMrjdo/8a5TD7yf1HI9i3Nb8K8l1rAJ1SCsLF2Nu024rrcib8mxXBdXBdqxekGtN8+D2KLyq0FsR395o+Hy1uQg4UwL/tH5s7CiFoyQcngZxS4zqOjLQeTUbsLCx2y5SG144Ls/bQloLps0mvoz7+hyv7+UmKbkNbiJKOeIUjGMKRcfBDSog0v+V75yWjlsrRWmaVlQCwp0bkpCNu684qOv1T1WnpoYNctJzgxzggEYWuk/5YgqG/ao4Td7pJTkAD21A==,iv:x5mss0VoYp8qlgEdSa7973AClSdCin14GuAt3duWqjk=,tag:jz4tVj4Ot2ZwedETSRcVLA==,type:str] + sshPrivateKey: ENC[AES256_GCM,data:qQZuWVqu3G59OLMTtYW3BDfoo/3+SvLgQYzv0Aa2NQGb/5wVFejPiJR0BAMYZjkDSVgUZl/oVCT55I41QeKcNYfHtGcrWIFvizg5jW+K0U3ZvgtnY56J1GsrKWQIC29U5EHz/7xXTnSJkkiiVEBGOjwQHpfCgsqR5/qhwnFx+idLsdJGasMYjIJZttTtLpPsY1tgUwTzqJGQptJHqG+/EDcmI9ms6383ltgc6xsmezJDyoG3A2cMNp22qctIuqTIM6ltL9iosBmMsPM1MaiZyJ7rG5zNPymTCFDQUXwlUwFoDKJnN3GkY4ApzRv43iAw2aIX8ykifZVGZOuvV/ifzUuDoemsGjD7X3GN+ngVNwdLm1qSkcnb21Q22kVmBxotIQaF9eN/LqDk2ULEMX3Yvml886yo4AnxlIA8zW8XzFfEILrEswv555P5p3Mswl0+KAIDo7cYav495U9cYrttHbU5wvr9br5JekNKVSgTigwFraq2ZUE8Za3Ru7VOuljywRwe0VEvhFv8SJoH9NZJyl8ME0+uH1R6YtIodkHpB6b6wtyCwtPXjkUkR8nzi4VU0L3zq90e/DvmX/a/q4uEHtLPiIEMFbKtUQ8v8mmscYEEvYIsIBO0VcY2CUFbEs7r56uFOiysqB4d4ySGFjdQceRTLhG7/kUjjYtGEByVcFXllhAV+1C0vXHgOXc4G+EowObbcyj+sA4hxFVL8/f0s7znVCQbZhztQsxfFr5+76X+nzkXkkhauUsMChybmVmGTU+hYnZ8XuOK6X+tRixoVNlcitFD+NxTksvDeJDIShaQvH2cjLLbkze9GmUVr3EvifQhXdw29rpgySVE0Tjn+YL23Ft8dToqR6QwTASLi/vcvbjpx5NtchuR5QFxwZYY8ROTljSQS61AMdszr5cR0BwtFY8j59Aj25sEJeasi44xzUlBxAGazHjzBDxDU7XIpGV/IkiMtaEuEXKGRpVqhQrszvuXOf9K4TwxuVvhlrSVvU7M/lQzJUzkSFOSvO9nzfnkVLwqTdTX56ODFs10vRowClKetC6PpuAclw85WlC1OTkkAL8RUCWyoPQUU+EYolUCW5nMp4P8X1XK3qvRpBU6BdjnnuLQAi1bYu8t0f4vTYoLvYTwlMGXizMHEks6me5pPD7mq5HvpR2e7i1ZzJ3oQaKPB9n8AsugFeRStAal7HHrfEA6NVXLlBYdiq9oRgwllZwi5dsw4m6ABhh+angCWkIsjB9+n9NKOdJowvyDDx1JE/Ai4wb+8hbTLtAold6YJgNA5aT7LeSVaxWVB+V8w1ghn3UJzI6SGdayJqUH+VAUDvBg4LeqGH2vrod57SF4FMmqGTQwN7cYxW0fDT9V8xnb2nQu7WaE04Miw5hlsB4uTRUfeMrXXvt3R2N8azqQDF9Himtl48U3by9vv8FPsNhq3XvAPY5/TCzHz93bnWWmdtyZlHTFz2wRAwaTwOfFpN7oMW6YyVo6UUpw10zap0Jfboq8szF////nwEHf8qGw3dxT85WwBR9KBPwFuHZQsoUOuy00PuAB5fVvXXWBiCnzYwWgY3NqTBkLYbV8D/6UnLlfAHhnEok7QXf7P4xqbB/6EmqCmGBw5ZgPqg0bY6mOTnMrfqiKV9+Q0Mhe8eFPNOr2zoR+VYRDnWX+rJu1+OAK8QegH1Jn3RlOg3lXoFDFLelq6GEq1Kdbr83goL59/uRu4VNvAArUJ9tk4Vn2vWEtnbpjRcyjwAHIc1YXphY53cPFdSjYCeoNv5MDEt3oJAKWhSX7Ql6ledftGWB4fhns0OK4+zLN6osqrPNtLyS7iqXhcwmUIx+b6jzblKt/FAssFOw6VVpi+nVrBWHDW4lhHiCu37VYS15Vtjw+JCPbAe30MOquhXn1CnEnoV8mDoDGTeMpvpP4BTTgsLmloXfv8/+TjNYfzSWivvXjY1K0P/KGqoEJfIyYDyuxi7t2qJ/CwdvBTJkF/cTX6yvX6IvijKuUco2aIgpoZfg4JR6VL7Gk3Cvf3YBvnvG8TspBOfO3ZhwTS6vfQeDLs6kf+gBtXduJTqAXuy8X8B4RZxsNGZZD8hsSVH6xP5akN6waGqG+xDQxKTT7FCpmi0igvvANRROF3+KxGigPTrIqa33WDglrD6tUfUKNUW/SuZXXjbrgo0lillsXj6i7esSLfgH9CjUfeVUW/mI7mvW+0xjV/eeZtxRnz3ADGgfObV0XakEFBDhDnXtmdN7RN+Q+UvtN0uYGYWYqnIPNewm5RYwVGtGNWOB42PdaKH0qRUdWvCAbsKflPxW5pJNZlejhoMm+3+j2UlrY59dGqTVPoXkWgIGxFkubrtN06zAhVEV6/PcCZoGJmZsPWIfiY5k/BZljtZLAa1e2cboD/0q8iX0VzyRSmuKzVYMa6/NTU3PQ8l2x5fQRRq5OR33P2N36Wb6cO7GB9mEKAElTnd8oLlJ3T27EBctdNf8gOBIYWtGo+lYtKeh/NJm5o7KGIdjhThi7Lrbyqaxb294yxydmrJBh64dws+f3IhUQBLz+6lk5PM7EtrBCGuN7PqdqQMHqWMcCvDCHxY5X/U4zrWMAClEifJfC0b+3HthLkBHb388nGMo2ymHq683s0PxmmY0lfpncUEGHu+1J5E3w2BEy5Qv83x0RQDoDFab5lxILo6VSmZru+Kj18yeqNiNw/CzHaMvID7Gio1jaq3DsuD4bA9ne5Je5yAK8INrYRDCSzMfQpc2QqE306tonmsu37EKGHTCOaaqfL8/f31nqZcdKAdidM4JBa+osYYVUCp50Nn8h94dczpjvC+M2hEQXbibUSwyPjDv7ptwfZSEPG1mjbrOEpRSbzh3lGbE5q9K7bNyt0aJRi2gOw/shU5rPxmJ5KoL0HUEc74pZRG+Csa3ZKruqYqOEezgZmVwo0E3NQD8u/y/oF/L8hgKj2jcRmJS/pKbr2Tv+Sde1ZYdZjsXW6tFRjPDZGyhjHBriPLikN097kmuPFWS3f4ZFPyHM/Az2uzPPBFGv7VchUbFScIDgBIq+fYnTPtjjST7FgsDxpzTkj8uliU9z7r0dTIawC8qSUYErsFYSvUITySWTam0R04yitaArcH5fLEhEeKKMjGUVkwwxGxfv9Fql6Zs1YSCKka9aynXDUmw6igbRJVIPtmEosrmFUzlX1OEiJrX5xWOVAv3wQ2vrxvwHlmOMtr/cQagvASds2kC4QJ4qSwc8YdpLAwrn4+h7uNP/QChAOVCiGQXpFqd5ab/LBc6Gc/1Zxilil1kecMFBc/XmVssw72XSVoXVJPlIyiSYOAtm1BGQHJXRspP06/M+/5ffaHoEevqB47kf6bE8c3F9SwksgwGtaqXdFBoKSQcret8Tww9C8ZwDji8v/woVu2COXWaF2HLg3r3vrXa+DVVz1ENtOmJEJYTCuLmdqpZsWv4olC2wcCUEA+po9kZbVcEAfKd0xe/0x2fzqQ==,iv:lDEAwKxgoRPH5AtF2kYxPQjHkw3/kbbpoz3jlUsEpTI=,tag:6dbL9WZoTZ2xSrSVE4Dlhg==,type:str] sops: kms: [] gcp_kms: [] @@ -13,14 +14,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoUm5MVFA1THRlNHlQdkpw - MGtVZjhiTTNCUzcwV3lCQ0NqeTZHUWxrc21BCnRVbklPZE84U1FhNFIzeHowWUh0 - V01aeWhDcno1d1Bta01rdWtvaGRQaUkKLS0tIGhiZEZoMWt6WDlGeHpNdWZyVlI3 - THJzYlU2NUJ1R1I0TEtpQUdOM0VvQ3MKQmjL1jaJfXGi6FeFb34/l4FhOEAV05Q4 - DeHvke3nKOP/R0BJxwqvLi2hAyI2LEMSEaXs7iWnDDFOPUA1DiBcuA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1 + MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF + cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1 + MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf + pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-22T23:43:36Z" - mac: ENC[AES256_GCM,data:szfQ+rXGzIaqcLKnGO/H1poFQu6/qxtUJejY9lCQre/YUg+d5WAgPdrxlwmsUsLaUz8tgMGiAd+J8NmR/P+tahz5/wwuHOYadPWzof/okC77vuyVLjuEE2t2RQ5U40kUJJKR/3TPawyttiaTDpxu6VJj2KcIlHfxsW5ddzAtFdU=,iv:fX2yQtrap9XKxjiPMfriH+QHZM8tGrTDgtHhCWh4NZQ=,tag:7FWAPf7K8rvyEURVFkrz8A==,type:str] + lastmodified: "2023-03-04T16:16:37Z" + mac: ENC[AES256_GCM,data:4HhqNV9EIcBA/nzxuiS21TWe6BQ+anfEQOnfrYcZ2vVD2dTPzc0ztZ1Ihc2WX6sMCVFDpUJFEcr38Aj2tXnnS80kTsnznBsSFNLj2b857PWXNeoAuwiiY3XBq+Ndo7I5wCYgWyuaH8xWQtd5JVuZPpqdtjTkbWq3lj8aARJUuQw=,iv:Hlu6iaBBQovSaXYAEB7nWBL9OM1UXYxQ444s5ZrMtuo=,tag:N/znbxYVwFoJ1eYAS8PE4A==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.7.3 diff --git a/badhouseplants/values/secrets.chartmuseum.yaml b/badhouseplants/values/secrets.chartmuseum.yaml deleted file mode 100644 index 8e14680..0000000 --- a/badhouseplants/values/secrets.chartmuseum.yaml +++ /dev/null @@ -1,24 +0,0 @@ -env: - secret: - BASIC_AUTH_USER: ENC[AES256_GCM,data:i+3uBSJ1yrA=,iv:bhB9fIPxR2y9sS4jfbuhAIyzMHgoIRLFGXzQJ4763Cg=,tag:7pv9IOcBXhaeRu3qChQP8A==,type:str] - BASIC_AUTH_PASS: ENC[AES256_GCM,data:zSb7cw==,iv:CL6ywqsc2hpTnBl7ndD0s49JNEmMNnu3X0gke4KT3qw=,tag:tSVaRdIZpkzsqp6n1RUB9A==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBc2RwQk9OTS9GV0NOb2x2 - OE1YVEsveU1VMTArZEJ3a2tETis1N1FTTndJCm96bWtYMDdRNnVTZEk2b0JPQWFl - a1BTcWVyUWZKOEJSWDZEcWZydEc2b00KLS0tIEpWdTZGWUdCUHczWEZoR0dSTlRY - TlNpbDVHa1VDUk9wODJLaHZJT2JoWmsKUD7yk2jpDVHvP5B4soK7k834RI+ydHxg - H9/8nzPNwNbpq5ysHmYFChpfiOHrSKirVINUP7MmLGdPZ24FSHI4+g== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-27T08:47:35Z" - mac: ENC[AES256_GCM,data:w72acY/GygiBVO/3/OQU1WJ90R+mbuCcGid9KzCAPOtdhBBbY5zZUtkZvkZkaugoiI+bpywoXQI/5JbY4+23D4MN2XHHG69DIkpR0eygeTHWc/id+LhfxIGHqvYzULshQuyVtPezoExWVwC3c3ZJYpkzRJhgOjA9TNg5ib4jnIw=,iv:srnydYWdQ352zeNzk/HJi5CyoQEqsDxbCV+1aT1qE8Y=,tag:zCRILWPmLcW0mN/IRpzazA==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/badhouseplants/values/secrets.db-instances.yaml b/badhouseplants/values/secrets.db-instances.yaml index ffe6efa..f8caa3a 100644 --- a/badhouseplants/values/secrets.db-instances.yaml +++ b/badhouseplants/values/secrets.db-instances.yaml @@ -1,8 +1,16 @@ dbinstances: + postgres: + secrets: + adminUser: ENC[AES256_GCM,data:pKbAQDiOs6k=,iv:yET0mJtdm2baDJHwq1uYEoxye48g2PrMqiOSO3POTBo=,tag:wuIxhHiRzjSRM+uaEo2KNQ==,type:str] + adminPassword: ENC[AES256_GCM,data:/U3q6RmOYLpxJBAYsJ8f4lV3MB0=,iv:dw7g0E4Gm0YqtgvdcC+bq+YbSRPop3BKLiJfwaz+1io=,tag:NAXnWj4AjgajN94ml/ENsA==,type:str] postgres16: secrets: - adminUser: ENC[AES256_GCM,data:Ma+kTq+QHKY=,iv:1znr9VoLAdGlLFzbBx9NMsj022vb0I9z7bTTTAjzX/c=,tag:GfUQHztjj2h/ctm6XznT7w==,type:str] - adminPassword: ENC[AES256_GCM,data:XYfh9OGA9SgW3B76u3tmXPjQ8vA4,iv:M4KIyzNujIePcrwmp9N/EErer+YZFRujOEN9VsPz76E=,tag:driIxiCOYX2VUj3v0rvB7g==,type:str] + adminUser: ENC[AES256_GCM,data:1THZrB3Rg+g=,iv:/euSgQUYlJ4HbiqWr3ezwLkds0nwioFHRhXbqTiYR6M=,tag:GSbSxrNrVJKHp9+3+ECVRA==,type:str] + adminPassword: ENC[AES256_GCM,data:F+5az4JRH6LMz88duwFp5EDm4AYG,iv:dbsfSSwigBX1cU6XFYu4ZFd15Te0MdGBoq5O9OtqxgM=,tag:uOLhvHSiBEbbos2GzLJZ3g==,type:str] + mysql: + secrets: + adminUser: ENC[AES256_GCM,data:XFEGew==,iv:7aj2J7Qs9mHC5kRZGrg71hwEBP64vEz0qQ+qoPHSgrc=,tag:/Rx5yx7iMU5Gwcmbf5GVSg==,type:str] + adminPassword: ENC[AES256_GCM,data:vYIiHccMkX7yJ2gsVGcLTUO7Ers=,iv:uDlefG5I/cirIUal/phlHCNwYtcXYFBND54XJ+n7eug=,tag:YK7pdaohOZL9yg4OiPxbRg==,type:str] sops: kms: [] gcp_kms: [] @@ -12,14 +20,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBON2FPbXpoZCtMVStKZ0dl - RVRycjdaODJMcG5vblpiZlB3M1NVZXJaaWxnClpPSURkM0hzSFdPVmIwQ3g4N2Rx - Mnd6LzY2WVA1dTJmSVhMZXp6dmx5OXcKLS0tIHJKOGtWYTNjSnR1ZGMrZk5mR3ho - d1p0TDkrWkxwVUpKOTNYQVlORm94dFkKh4sfmicfMZzwoD6LymdlcXDTFcoLbJXq - Hoc62EW11Pl0Ah8HWkndbiYVO++xf2UHWq7Th4t1W1PdKq0bCN/GSg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4 + VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi + bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns + Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 + OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-17T01:05:06Z" - mac: ENC[AES256_GCM,data:DX2T2S17r2U5jqqFWRDeuBjkjO1OrkF4/wRAC1cmSuhrGB+R+B/x3RPT9XKGpo9kEzgQkj1Fx9Wjkg0KMVlmTWJZM6GtHz/DUbD/nQX1+JLy+1U2qSYua59hdez3vIPPaLbiYcs7g2M/nEyyMj5c82wBgDUD26uiYo7V/AeoWjU=,iv:ISDzjgML2az6Y0VH/KNUcTVuHv8e59tT+Exn5BAqMeY=,tag:fGXusF0pYxHCPe8i+FmNIw==,type:str] + lastmodified: "2023-10-04T02:28:20Z" + mac: ENC[AES256_GCM,data:EBNSr29LlLjadOrrk2ZSwH9Ng4YD0pYCrhfupaQPSK5559zUCRIuPuTC5P0sfh5dn7YARrcprAwH68I3Xc3EUWkZabCYcjR+bfbby1s8tjiIIgVcksQJr523CDIXMiezf860M9uyktxWdUQa1TjuEfo0SAkYs0XHEaIQlOloN6c=,iv:v/Al1appBTv7ypplQEz7C2qAnvCDRK3JPCN8+PATeX4=,tag:Ci8eg6xsFyZz35r5p4ie6g==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.8.0 diff --git a/badhouseplants/values/secrets.minecraft.yaml b/badhouseplants/values/secrets.minecraft.yaml new file mode 100644 index 0000000..1639eb7 --- /dev/null +++ b/badhouseplants/values/secrets.minecraft.yaml @@ -0,0 +1,28 @@ +minecraftServer: + rcon: + password: ENC[AES256_GCM,data:7kQAt4R+uN/28Uvn3KnJnOvOcCOf6FEaow==,iv:G20SygTZZ1O2DyPr+/f3XSC3bB4L5p/9CxZkPS5qibY=,tag:O2Ab+AC+Eho6MRm0vC9hHQ==,type:str] +mcbackup: + resticEnvs: + RESTIC_PASSWORD: ENC[AES256_GCM,data:mjrSV6d6a4ZvesYjobhHCVTngw5EQqesAKecSPVY,iv:WSk5V61opvccp/1bhbcO6S+8GcEYVlxk8l6nl++nxc4=,tag:wENZyx6IxJgswetDi8alZA==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:+4HuGGHaZgPXLX3Sm6U=,iv:qMVfe2BzdJtvHYX7T/6WPt8kCNRdn02Ynew/q9QH1KA=,tag:7JwAloF6HPdBXTGC3kto4w==,type:str] + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:yfS/LrX0,iv:HzZmzUOmI0vJ+vPkI2xn2F/w43/BKOGil+SLRwhcG0I=,tag:c+d8nyR5w5mU9F/H0zl/1A==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1 + MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF + cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1 + MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf + pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-08-15T15:32:19Z" + mac: ENC[AES256_GCM,data:ghfbBqsdFzQaRehefvpnnFLxp6tYE1K36gXLyN7gdxlvZ20JRn+FMfeUm8IjNKl3fCH2aVdM18v+T4xBs4QSXAWH5R79+HPn6hl7kYXzGJKTdmddj6EFZFXajisIJa2eZpEKPk7uOT6YczcNxNKByKxgHxTXe7SYlIkE6CgLT9w=,iv:inXW7OxvQXPGO4mkJkd/SMVsTBWA+utso26VXb5yNdM=,tag:f/GBzkgI0zgInSdDbHICag==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/badhouseplants/values/secrets.vaultwardentest.yaml b/badhouseplants/values/secrets.vaultwardentest.yaml deleted file mode 100644 index 39b3c9b..0000000 --- a/badhouseplants/values/secrets.vaultwardentest.yaml +++ /dev/null @@ -1,27 +0,0 @@ -vaultwarden: - smtp: - username: ENC[AES256_GCM,data:9bEvyZkXadW7Hx2iW6ByPDdnuIFPkeoUjoOyoQ==,iv:Y5M/16L16AWXeaWyKCSsV/c/l9JXmNzx/IsLBmMJuGg=,tag:nFN1ZssjtqZOG8Gvka9f3A==,type:str] - password: - value: ENC[AES256_GCM,data:CF2VgDpxlwHmvCDJhx0GDLT/yyw=,iv:t8JwQFeK9Te2zVdg+gPdMlh1E5g0vMG+ApAGKbGZ4WI=,tag:7UJuxFqS/hUTVunv0CJcTw==,type:str] - adminToken: - value: ENC[AES256_GCM,data:lrb99F1zn7AWlAttShQGGyMz5Ds=,iv:nas5hzd/XMQWFA2pTaTDkqXReoToBulf6s7tZraxM3s=,tag:UH/AXIWKbZOmu/W8XyuWNw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhLzVRdW5ITFJmWHE5dkRr - R3pGbTh3UmFTTXR4VVVGRjlSUURudmxwM1hjCk16U3BKYkZTcmdwaFZtcTZNYk9C - M0ZBZk52bDBuNWZwa21SMU1mSnhmWEUKLS0tIGZVV01KQ3Z6OGltN1RFSks5MVJI - a2xWUGZpMmovY1Qya05nVXRZVUFDTFEKhF34OSdGZizs1/Rs9qvUOVtomQBvOFbS - hRsK3Orwig4HJdzj1UOZd8UMGwj6Mzhw+aKUJKL67igMwxbxVcaU1Q== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-06T15:15:43Z" - mac: ENC[AES256_GCM,data:9GsJoDWT1Onv6f8aUcwkbeTcpr0vF2MIgtJjKTbvvPHhzVeVev4FPFZ5R0YQXD1CmQycu/rnElktohgu9Xwum3j4hfs8Ga2qDqOk6heleBcptXDYwcBUAxg8QD5NNAkefsq5oJi+QsdD0nOeRjG6o5XYRccyoFiucTcpT9eASzw=,iv:7UJzUShRD+tzhIEeKygZlgaWHOYOS+L2Io69K0xW2MM=,tag:alOPQPbM6cex7kgQv8mqQQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/badhouseplants/values/secrets.zot.yaml b/badhouseplants/values/secrets.zot.yaml deleted file mode 100644 index 25871e8..0000000 --- a/badhouseplants/values/secrets.zot.yaml +++ /dev/null @@ -1,23 +0,0 @@ -configFiles: - config.json: ENC[AES256_GCM,data:id5h3EObc18qFAYXYtVFAgJcp7IUS0QCSQZfKqy1fIoZUUYYIuKBDE9aL3OnqZkVJtXn5DNCRii/1ZYY/9Tg2IEK73twu5lDkM73APphI2GPw1ONQh6WBRp54AskuZizx3l1+PyKI/8WPVy/x1cbc7l5pGBziDzSbREor+YQQe4P3Og5KqkoWPeeO/GB/vCP+4CquBVwakyDPibrXtvEcIPxfu8b4H84fBQtlStuoT6Mdmj7NfBtK5SEl9yZ8R+kAJyjr4aM1XrtKtpBfituxi6OsXIQgKTWWZtFkousCkDuKxJf1EUCUR1J4ClmcF7UGUOxg3r3Csf1Y6ijhVgUqDlgNmRIq+qsEWrgWVixnO1RMnRcWmgJFDAs/QXY841lJTQJmVS4LRNZKu1ea8fDmF5KaxBdshizeA0RZGrdNlTUIB5AUsK3mmyPCvM4JYivQp4Hv8i1U9zlLpuPWR+7UgKbHjpQSVCem+dM76W4z9Wy463AS20EjwLUicSq7g8yLoCstuI1XsC8yNLZE6Z/nUkRysiGXa6iJnWez2tVOnIVVJ3c378U3U6tTr7ygae7v9PcvoGBTYTZA0OyrMeHrocKp4026yQJN+8Pj8CPdZX/nhC0gW08xI7EQnzK84ca4XuEZHWEtlmMBJyIGK07trq94BH6QwUaIg+nUv/gKvUA5CuMSAqECv+wCfQ+EU7mRClXR6RYJvEUxIEvGjb3CTOyV+gbj+CKaz3LZWWPETCAvOz0Cd8L56E7yUwFNhd+c7X8RuMy1vdoiCXdkzU5QCDmfv3ka4lKBPd3cvHduXeAh0wMNHSqLEVZblnt50tiZmo6vwiNGxlg3jL56Lfn3rkz+HVKRl6ArPBOdJhbgGj0bZFJMPGBU8kNDksQ6DMw371vAR7FwlzLKdz1Z3D1CvmBRUBIhr4TbnPuTL77fytVq9IdgGcTexs8QhcelXmoW5nA61PpYhYCU65m7BKC0koX4fjCjAksvjZaI0eeYPgKafAqKBlJslqKq9lNGH1orjgmXO0LWV7xv7D46BRrrfMqPwHUsPAGBP4VhfuIXc3keTmtFWjexyjMzvkxtoagATQZgbohjL4D4dzMTVhGH+Iw6AyM+9/NZeb7Cm2CmmJJXG0kmXGezuyRwNrChlhd4/HdeLvfBZbvXYLwr6pZn8dbJ7w0V77clsjN2QhsrPGh8VVf548KlkcfWp821pwmPxLme2TU4nJE+eU/7xK+LdSy8vpZ6wkxThTUdj5/A7DAszgdDed3aWfVIKz2DmLWR1iD6fC7n6OIIE+dcywNTU0sbYkMffpoYwU9Om9uPeer9rkzrnWHZX2btyfKUy8bnf0LuHuzRKyFl59nMUhlXbr1YsEKabNpsaxT50L0idoO5Phkx7os/qiqvxaPChMJngJQ9BXIoKARkg4hgvvjKpQwmjt/liA18COy58B2gjH3aKA6kye0/utQTih65DamYt8Wv4niVAZ3wm0rG5uaBvwZnj9N/xn2Klx5Iih2ZbobWVVR0MCAhe1nKIcnZxRrsm+GGRX2svYZg4ROLq7FagL8mn27/aG0UMdKQGpbXDQviNQgY+wB3jBmZAea54pWe5sgGBxXAZSYhGoOaWCLwWUtQWGdusjebEuqonW6PSE7whkbJxStNZOdAxATlCSe7jAkzuj5VBZbL8mIgnTltwKk3RcbnpL0j0pwousVZpSqg9KOqubxgk81YyMImA4LI3Fi0OFYIbDSw8zJJUgwASIWLQ2GxLM1Z1oxun7HpMV5lK8I+n70Vcqutn2N8URU0XOo6gcWCfknhClCwkOsZxU+DSVYyz5Aq49zwojSsd/CuS6WbFO82MMCO7dRLIz9ju43xAeCgFY7ZpbRyCR8U5IJKHPrHunYGwaRpolAE1V13XuBu0pOyaiU0sIeA44snU58DVMFyvA3PUl47FXvPMjGahbZoun7vi8J8KbRXlhHH/HFshi5eT16WOXK5SXBEiQDjhLa5RseWI121ARKtsvBRlhr9yRsZedlhmW7nqRw5hbVvHDQfUFIuiRHF1XAElP1C1hcb2GDE7r4anmoSRgcHYAI50HF4CPBSxiI+EAisKARIlUgRKt3gOfG8AH4mraUL8Lt+Eb0Clsd0z2GuysPHrEhy8WzGv4HW84ngNmZgznXP7ZFrtT31zAQr9QL/oirJf+ujPUdY03gJbr3jQXrQ1mfivlsaofgC0WL0xLma3Cuosb1nGmw0XmCGJNIOmgZJ/plQCWH05UzVR/QXhdEwlci3VNeYOSIUJwkv2eUyHsxHj45VRtLuxnrLx7BqR+kxBpRayJXWRBx1rcW7RTvS1a5Dk5PxsqjKcxKu+wRbPFmv77qOIroGg+XKTp8XeIxcSs4lx7AsfpTEvWpARwsydrUSKf/++F+3dL4yOrOyywul8gnTN3iLMoTjpze83ZFcJ2viiyqMWnHWQnuVveZTZi3NmoC63ZE/XLlztJcDT1UkrH3Tlvu1AxqMcm0SxK3TgEbvGmdWYo07E+qEMsUyoSpeE5MX2FESR9C67s/t5/rfThhvvjQNhydUVLrQL8O,iv:njFz+TX54d1Fy7QtrjFht7lyujuuIamNWEXquA6Q+jA=,tag:d+9rLYzYZf/0uuZ/VVys0Q==,type:str] -authHeader: ENC[AES256_GCM,data:IHFsb7dRNIMe8kv0sG6u/A==,iv:mc0MhVWKEz8ln2DvC9mwrYtqKCvOjudiUYETOBx3DAM=,tag:aktcOM3u4xNyZ4wTJZ1E3w==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMjkwcll5bkNzUE1lQkN0 - NXRCckdnUER0YlAwWG1wWVo5Mno2T1g5eWtZCnJGMkNScEthNHVqZnlvQnN6Q0du - RnpzNitYR1RpTnl4UDB3Zk5HMjU1MTQKLS0tIHNoZHRjdlU1SXl1c2pzemZsQzBB - M25WRjB6QUpkbURZVmNaWm9nd1U4RzAKan1bSzcDc2G+428vpnNDWYhQ3/nFKSUp - VLnfx3roZUrs0QV07O+AHobOvlLD4eo8wfHMUneKipAQ8ZAlhNFTBg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-05T17:37:17Z" - mac: ENC[AES256_GCM,data:vabfq3du2GfVkWQqdy2X/8pl/V/i+juyjIeGRia9cZ57SFPPmS/7n7rV6W+tpp402ov+16HHevVu+ZUZKxFPNq/8WiIVFCh3YMAFimzB+wOXziivAf1zAgYX5h5JHMV3FrXJT0yJAGmVbrZ7KP48CaB74PJGb++4Jr3qPE6VU/4=,iv:PApbvtdThsQyfD2db8GBrnrZL4jlx7qL8bHhAijXk0E=,tag:vIwECp7tomejqjGadIhudw==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/badhouseplants/values/values.argocd.yaml b/badhouseplants/values/values.argocd.yaml index 71cf854..e8d0bce 100644 --- a/badhouseplants/values/values.argocd.yaml +++ b/badhouseplants/values/values.argocd.yaml @@ -1,4 +1,18 @@ --- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: argocd-http + gateway: istio-system/badhouseplants-net + kind: http + hostname: argo.badhouseplants.net + service: argocd-server + port: 80 + controller: resources: limits: @@ -34,35 +48,33 @@ dex: enabled: false serviceMonitor: enabled: false - redis: metrics: enabled: false serviceMonitor: enabled: false - -global: - domain: argo.badhouseplants.net - server: - ingress: - enabled: true - annotations: - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - ingressClassName: traefik - tls: true metrics: enabled: true serviceMonitor: enabled: false + rbacConfig: + policy.default: role:readonly + scopes: "[email, group]" + policy.csv: | + g, allanger@zohomail.com, role:admin + g, allanger@badhouseplants.net, role:admin + g, rodion.n.rodionov@gmail.com, role:admin + p, drone, applications, *, badhouseplants/*,allow + config: + exec.enabled: "true" + url: https://argo.badhouseplants.net + kustomize.buildOptions: "--enable-alpha-plugins" + accounts.drone: apiKey, login + accounts.drone.enabled: "true" + extraArgs: - --insecure - servicePort: - servicePortHttp: 80 - servicePortHttps: 80 repoServer: metrics: @@ -74,22 +86,6 @@ repoServer: - name: regcred configs: - params: - server.insecure: true - rbac: - policy.default: role:readonly - scopes: "[email, group]" - policy.csv: | - g, allanger@zohomail.com, role:admin - g, allanger@badhouseplants.net, role:admin - g, rodion.n.rodionov@gmail.com, role:admin - p, drone, applications, *, badhouseplants/*,allow - cm: - exec.enabled: "true" - url: https://argo.badhouseplants.net - kustomize.buildOptions: "--enable-alpha-plugins" - accounts.drone: apiKey, login - accounts.drone.enabled: "true" credentialTemplates: ssh-creds: url: git@github.com diff --git a/badhouseplants/values/values.chartmuseum.yaml b/badhouseplants/values/values.chartmuseum.yaml deleted file mode 100644 index 8ea6b10..0000000 --- a/badhouseplants/values/values.chartmuseum.yaml +++ /dev/null @@ -1,19 +0,0 @@ -istio: - enabled: true - istio: - - name: chartmuseum - kind: http - gateway: istio-system/badhouseplants-net - hostname: helm.badhouseplants.net - service: chartmuseum - port: 8080 -env: - open: - AUTH_ANONYMOUS_GET: true - DISABLE_API: false - CORS_ALLOWORIGIN: "*" -persistence: - enabled: true - accessMode: ReadWriteOnce - size: 2Gi - path: /storage diff --git a/badhouseplants/values/values.db-instances.yaml b/badhouseplants/values/values.db-instances.yaml index bfd0e1d..8e16c19 100644 --- a/badhouseplants/values/values.db-instances.yaml +++ b/badhouseplants/values/values.db-instances.yaml @@ -1,5 +1,15 @@ --- dbinstances: + postgres: + monitoring: + enabled: false + adminSecretRef: + Name: postgres-secret + Namespace: database-service + engine: postgres + generic: + host: postgres-postgresql + port: 5432 postgres16: monitoring: enabled: false @@ -10,3 +20,13 @@ dbinstances: generic: host: postgres16-postgresql.database-service.svc.cluster.local port: 5432 + mysql: + monitoring: + enabled: false + adminSecretRef: + Name: mysql-secret + Namespace: database-service + engine: mysql + generic: + host: mysql + port: 3306 diff --git a/badhouseplants/values/values.docker-mailserver.yaml b/badhouseplants/values/values.docker-mailserver.yaml index 45b25ef..47d6a99 100644 --- a/badhouseplants/values/values.docker-mailserver.yaml +++ b/badhouseplants/values/values.docker-mailserver.yaml @@ -1,67 +1,125 @@ -traefik: +istio-gateway: enabled: true - tcpRoutes: - - name: docker-mailserver-smtp + gateways: + - name: badhouseplants-email + servers: + - hosts: + - "*" + port: + name: smtp + number: 25 + protocol: TCP + - hosts: + - "*" + port: + name: pop3 + number: 110 + protocol: TCP + - hosts: + - "*" + port: + name: imap + number: 143 + protocol: TCP + - hosts: + - "*" + port: + name: smtps + number: 465 + protocol: TCP + - hosts: + - "*" + port: + name: submission + number: 587 + protocol: TCP + - hosts: + - "*" + port: + name: imaps + number: 993 + protocol: TCP + - hosts: + - "*" + port: + name: pop3s + number: 995 + protocol: TCP +istio: + enabled: true + istio: + - name: docker-mailserver-smpt + kind: tcp + gateway: badhouseplants-email service: docker-mailserver - match: HostSNI(`*`) - entrypoint: smtp + hostname: badhouseplants.net + port_match: 25 port: 25 - - name: docker-mailserver-smtps - match: HostSNI(`*`) + - name: docker-mailserver-smpts + kind: tcp + gateway: badhouseplants-email + port_match: 465 + hostname: badhouseplants.net service: docker-mailserver - entrypoint: smtps port: 465 - name: docker-mailserver-smpt-startls - match: HostSNI(`*`) + kind: tcp + gateway: badhouseplants-email + hostname: badhouseplants.net + port_match: 587 service: docker-mailserver - entrypoint: smtp-startls port: 587 - name: docker-mailserver-imap - match: HostSNI(`*`) + kind: tcp + hostname: badhouseplants.net + gateway: badhouseplants-email + port_match: 143 service: docker-mailserver - entrypoint: imap port: 143 - name: docker-mailserver-imaps - match: HostSNI(`*`) + kind: tcp + gateway: badhouseplants-email + hostname: badhouseplants.net + port_match: 993 service: docker-mailserver - entrypoint: imaps port: 993 - name: docker-mailserver-pop3 - match: HostSNI(`*`) + kind: tcp + gateway: badhouseplants-email + port_match: 110 + hostname: badhouseplants.net service: docker-mailserver - entrypoint: pop3 port: 110 - name: docker-mailserver-pop3s - match: HostSNI(`*`) + kind: tcp + gateway: badhouseplants-email + port_match: 993 + hostname: badhouseplants.net service: docker-mailserver - entrypoint: pop3s port: 993 + - name: docker-mailserver-rainloop + kind: http + gateway: istio-system/badhouseplants-net + hostname: mail.badhouseplants.net + service: docker-mailserver-rainloop + port: 80 rainloop: enabled: true ingress: - enabled: true - hosts: - - mail.badhouseplants.net - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - tls: - - secretName: mail-tls-secret - hosts: - - mail.badhouseplants.net - + enabled: false demoMode: enabled: false domains: - badhouseplants.net - mail.badhouseplants.net ssl: - useExisting: true - existingName: mail-tls-secret + issuer: + name: badhouseplants-issuer + kind: ClusterIssuer + dnsname: badhouseplants.net + dns01provider: cloudflare + useExisting: false pod: dockermailserver: enable_fail2ban: "0" diff --git a/badhouseplants/values/values.funkwhale.yaml b/badhouseplants/values/values.funkwhale.yaml index 16d0606..e5aeb81 100644 --- a/badhouseplants/values/values.funkwhale.yaml +++ b/badhouseplants/values/values.funkwhale.yaml @@ -30,22 +30,6 @@ celery: requests: cpu: 10m memory: 75Mi -ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - host: funkwhale.badhouseplants.net - protocol: http - - tls: - - secretName: funkwhale-tls-secret - hosts: - - funkwhale.badhouseplants.net - extraEnv: FUNKWHALE_HOSTNAME: funkwhale.badhouseplants.net FUNKWHALE_PROTOCOL: https @@ -55,7 +39,8 @@ persistence: size: 10Gi s3: enabled: false - +ingress: + enabled: false postgresql: enabled: false host: postgres16-postgresql.database-service.svc.cluster.local diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 607d4bd..3aaccee 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -1,5 +1,25 @@ --- # ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: gitea-http + kind: http + gateway: istio-system/badhouseplants-net + hostname: git.badhouseplants.net + service: gitea-http + port: 3000 + - name: gitea-ssh + kind: tcp + gateway: istio-system/badhouseplants-ssh + hostname: "*" + port_match: 22 + service: gitea-ssh + port: 22 +# ------------------------------------------ # -- Database extension is used to manage # -- database with db-operator # ------------------------------------------ @@ -7,27 +27,9 @@ ext-database: enabled: true name: gitea-postgres16 instance: postgres16 - # ------------------------------------------ # -- Kubernetes related values # ------------------------------------------ -ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - hosts: - - host: git.badhouseplants.net - paths: - - path: / - pathType: Prefix - tls: - - secretName: gitea-tls-secret - hosts: - - git.badhouseplants.net replicaCount: 1 clusterDomain: cluster.local @@ -41,10 +43,12 @@ resources: persistence: enabled: true - size: 15Gi + size: 10Gi accessModes: - ReadWriteOnce +ingress: + enabled: false # ------------------------------------------ # -- Main Gitea settings # ------------------------------------------ @@ -121,21 +125,3 @@ postgresql-ha: enabled: false redis-cluster: enabled: false - -extraDeploy: - - | - {{- if $.Capabilities.APIVersions.Has "traefik.io/v1alpha1/IngressRouteTCP" }} - apiVersion: traefik.io/v1alpha1 - kind: IngressRouteTCP - metadata: - name: {{ include "gitea.fullname" . }}-ssh - spec: - entryPoints: - - git-ssh - routes: - - match: HostSNI(`git.badhouseplants.net`) - services: - - name: "{{ include "gitea.fullname" . }}-ssh" - port: 22 - nativeLB: true - {{- end }} diff --git a/badhouseplants/values/values.istio-gateway-resources.yaml b/badhouseplants/values/values.istio-gateway-resources.yaml index acbca74..9349206 100644 --- a/badhouseplants/values/values.istio-gateway-resources.yaml +++ b/badhouseplants/values/values.istio-gateway-resources.yaml @@ -22,16 +22,6 @@ istio-gateway: gateways: - name: badhouseplants-net servers: - - hosts: - - badhouseplants.net - - '*.badhouseplants.net' - port: - name: grpc-web - number: 8080 - protocol: HTTPS - tls: - credentialName: badhouseplants-wildcard-tls - mode: SIMPLE - hosts: - badhouseplants.net - '*.badhouseplants.net' diff --git a/badhouseplants/values/values.istio-ingressgateway.yaml b/badhouseplants/values/values.istio-ingressgateway.yaml index b97223d..8e39d27 100644 --- a/badhouseplants/values/values.istio-ingressgateway.yaml +++ b/badhouseplants/values/values.istio-ingressgateway.yaml @@ -2,10 +2,6 @@ service: type: LoadBalancer externalTrafficPolicy: Local ports: - - name: shadowsocks - port: 8388 - protocol: TCP - targetPort: 8388 - name: minecraft port: 25565 protocol: TCP @@ -18,10 +14,6 @@ service: port: 80 protocol: TCP targetPort: 80 - - name: grpc-web - port: 8080 - protocol: TCP - targetPort: 8080 - name: https port: 443 protocol: TCP diff --git a/badhouseplants/values/values.istiod.yaml b/badhouseplants/values/values.istiod.yaml index d788392..01529ce 100644 --- a/badhouseplants/values/values.istiod.yaml +++ b/badhouseplants/values/values.istiod.yaml @@ -8,7 +8,7 @@ global: proxy: resources: requests: - cpu: 20m + cpu: 100m memory: 128Mi limits: memory: 128Mi diff --git a/badhouseplants/values/values.local-path-provisioner.yaml b/badhouseplants/values/values.local-path-provisioner.yaml deleted file mode 100644 index aa1d3e2..0000000 --- a/badhouseplants/values/values.local-path-provisioner.yaml +++ /dev/null @@ -1,3 +0,0 @@ -storageClass: - create: true - defaultClass: false diff --git a/badhouseplants/values/values.loki.yaml b/badhouseplants/values/values.loki.yaml index c160d28..f3a74e8 100644 --- a/badhouseplants/values/values.loki.yaml +++ b/badhouseplants/values/values.loki.yaml @@ -1,99 +1,24 @@ --- global: dnsService: "coredns" - +singleBinary: + replicas: 1 + persistence: + size: 5Gi loki: auth_enabled: false commonConfig: replication_factor: 1 storage: type: 'filesystem' - commonConfig: - replication_factor: 1 - schemaConfig: - configs: - - from: 2024-04-01 - store: tsdb - object_store: s3 - schema: v13 - index: - prefix: loki_index_ - period: 24h - ingester: - chunk_encoding: snappy - tracing: - enabled: true - querier: - # Default is 4, if you have enough memory and CPU you can increase, reduce if OOMing - max_concurrent: 2 - -compactor: - retention_enabled: true -limits_config: - retention_period: 14d - monitoring: selfMonitoring: enabled: false lokiCanary: enabled: false - -#gateway: -# ingress: -# enabled: true -# hosts: -# - host: FIXME -# paths: -# - path: / -# pathType: Prefix - -deploymentMode: SingleBinary -singleBinary: - persistence: - size: 5Gi - replicas: 1 - resources: - limits: - cpu: 1 - memory: 1Gi - requests: - cpu: 0.5 - memory: 512Mi - extraEnv: - # Keep a little bit lower than memory limits - - name: GOMEMLIMIT - value: 3750MiB - -chunksCache: - # default is 500MB, with limited memory keep this smaller - writebackSizeLimit: 10MB - -minio: +test: enabled: false - -# Zero out replica counts of other deployment modes -backend: - replicas: 0 -read: - replicas: 0 -write: - replicas: 0 - -ingester: - replicas: 0 -querier: - replicas: 0 -queryFrontend: - replicas: 0 -queryScheduler: - replicas: 0 -distributor: - replicas: 0 compactor: - replicas: 0 -indexGateway: - replicas: 0 -bloomCompactor: - replicas: 0 -bloomGateway: - replicas: 0 + retention_enabled: true +limits_config: + retention_period: 14d diff --git a/badhouseplants/values/values.mailu.yaml b/badhouseplants/values/values.mailu.yaml index 966fbac..aba9e11 100644 --- a/badhouseplants/values/values.mailu.yaml +++ b/badhouseplants/values/values.mailu.yaml @@ -1,64 +1,81 @@ --- -# ------------------------------------------ -# -- Database extension is used to manage -# -- database with db-operator -# ------------------------------------------ -ext-database: +certificate: enabled: true - name: mailu-postgres16 - instance: postgres16 - extraDatabase: - enabled: true - name: roundcube-postgres16 - instance: postgres16 - + certificate: + - name: mailu + secretName: mailu-certificate + issuer: + kind: ClusterIssuer + name: badhouseplants-issuer + dnsNames: + - badhouseplants.net + - "email.badhouseplants.net" # ------------------------------------------ # -- Istio extenstion. Just because I'm # -- not using ingress nginx # ------------------------------------------ -traefik: +istio: enabled: true - tcpRoutes: - - name: mailu-smtp + istio: + - name: mailu-web + kind: http + gateway: istio-system/badhouseplants-net + hostname: email.badhouseplants.net service: mailu-front - match: HostSNI(`*`) - entrypoint: smtp + port: 80 + - name: mailu-smpt + kind: tcp + gateway: badhouseplants-mail + service: mailu-front + hostname: email.badhousplants.net + port_match: 25 port: 25 - - name: mailu-smtps - match: HostSNI(`*`) + - name: mailu-smpts + kind: tcp + gateway: badhouseplants-mail + port_match: 465 + hostname: email.badhousplants.net service: mailu-front - entrypoint: smtps port: 465 - name: mailu-smpt-startls - match: HostSNI(`*`) + kind: tcp + gateway: badhouseplants-mail + hostname: email.badhousplants.net + port_match: 587 service: mailu-front - entrypoint: smtp-startls port: 587 - name: mailu-imap - match: HostSNI(`*`) + kind: tcp + hostname: email.badhousplants.net + gateway: badhouseplants-mail + port_match: 143 service: mailu-front - entrypoint: imap port: 143 - name: mailu-imaps - match: HostSNI(`*`) + kind: tcp + gateway: badhouseplants-mail + hostname: email.badhousplants.net + port_match: 993 service: mailu-front - entrypoint: imaps port: 993 - name: mailu-pop3 - match: HostSNI(`*`) + kind: tcp + gateway: badhouseplants-mail + port_match: 110 + hostname: email.badhousplants.net service: mailu-front - entrypoint: pop3 port: 110 - name: mailu-pop3s - match: HostSNI(`*`) + kind: tcp + gateway: badhouseplants-mail + port_match: 993 + hostname: email.badhousplants.net service: mailu-front - entrypoint: pop3s port: 993 subnet: 10.244.0.0/16 sessionCookieSecure: true hostnames: - - badhouseplants.net - - email.badhouseplants.net + - post.badhouseplants.net domain: badhouseplants.net persistence: single_pvc: false @@ -68,17 +85,13 @@ limits: tls: outboundLevel: secure ingress: - enabled: true - ingressClassName: traefik - tls: true - annotations: - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + enabled: false + tls: false tlsFlavorOverride: mail - realIpFrom: traefik.kube-system.svc.cluster.local - realIpHeader: "X-Real-IP" + selfSigned: false + existingSecret: mailu-certificate + realIpFrom: istio-ingressgateway.istio-system.svc.cluster.local + realIpHeader: "X-Envoy-External-Address" front: hostPort: enabled: false @@ -137,18 +150,16 @@ roundcube: mysql: enabled: false postgresql: - enabled: false -## If using the built-in MariaDB or PostgreSQL, the `roundcube` database will be created automatically. -externalDatabase: - ## @param externalDatabase.enabled Set to true to use an external database enabled: true - type: postgresql - existingSecret: mailu-postgres16-creds - existingSecretDatabaseKey: POSTGRES_DB - existingSecretUsernameKey: POSTGRES_USER - existingSecretPasswordKey: POSTGRES_PASSWORD - host: postgres16-postgresql.database-service.svc.cluster.local - port: 5432 + auth: + enablePostgresUser: true + username: mailu + database: mailu + persistence: + enabled: false + storageClass: "" + accessMode: ReadWriteOnce + size: 2Gi rspamd: resources: requests: @@ -170,10 +181,3 @@ webmail: accessModes: [ReadWriteOnce] claimNameOverride: "" annotations: {} -global: - database: - roundcube: - database: applications-roundcube-postgres16 - username: applications-roundcube-postgres16 - existingSecret: roundcube-postgres16-creds - existingSecretPasswordKey: POSTGRES_PASSWORD diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml new file mode 100644 index 0000000..6234128 --- /dev/null +++ b/badhouseplants/values/values.minecraft.yaml @@ -0,0 +1,180 @@ +--- +# -------------------------------------------------- +# -- Extensions values +# -------------------------------------------------- +service-account: + enabled: true + resources: + - name: minecraft-exporter + label: + app: minecraft-minecraft-metrics + endpoints: + port: metrics +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: minecraft-tcp + gateway: istio-system/badhouseplants-minecraft + kind: tcp + port_match: 25565 + hostname: "*" + service: minecraft-minecraft + port: 25565 +# -------------------------------------------------- +# -- Main values +# -------------------------------------------------- +image: + tag: java17-graalvm-ce + pullPolicy: Always + +resources: + requests: + memory: 3Gi + cpu: 256m + limits: + memory: 3Gi + +lifecycle: + postStart: + - bash + - -c + - for i in {1..100}; do mc-health && break || sleep 20; done && mc-send-to-console setpassword 11223345 + +readinessProbe: + command: + - mc-health + periodSeconds: 20 + failureThreshold: 50 + timeoutSeconds: 10 +livenessProbe: + timeoutSeconds: 10 + +minecraftServer: + overrideServerProperties: true + eula: "TRUE" + onlineMode: false + difficulty: hard + hardcore: true + version: 1.20.1 + maxWorldSize: 90000 + type: "PAPER" + paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/170/downloads/paper-1.20.1-170.jar + gameMode: survival + pvp: true + rcon: + enabled: true + withGeneratedPassword: false + port: 25575 + serviceType: ClusterIP + extraPorts: + - name: metrics + containerPort: 9225 + protocol: TCP + service: + enabled: true + embedded: false + labels: + exporter: minecraft + type: ClusterIP + port: 9925 + ingress: + enabled: false +persistence: + dataDir: + enabled: true + Size: 15Gi +mcbackup: + enabled: false + backupInterval: 2h + pauseIfNoPlayers: "false" + pruneBackupsDays: 2 + rconRetries: 5 + rconRetryInterval: 10s + excludes: "*.jar,cache,logs" + backupMethod: restic + resticRepository: s3:https://s3.e.badhouseplants.net:443/restic/minecraft + resticAdditionalTags: "mc_backups" + pruneResticRetention: "--keep-last 12 --keep-daily 1 --keep-weekly 2 --keep-monthly 2 --keep-yearly 2" + resources: + requests: + memory: 512Mi + cpu: 100m + persistence: + backupDir: + enabled: false +# --------------------------------------------- +# -- Install Plugins +# --------------------------------------------- +initContainers: + - name: 0-install-prometheus-exporter + image: alpine/curl + command: + - curl + - -L + - "https://github.com/sladkoff/minecraft-prometheus-exporter/releases/download/v2.5.0/minecraft-prometheus-exporter-2.5.0.jar" + - -o + - /data/plugins/prometheus-exporter.jar + volumeMounts: + - name: plugins + mountPath: /data/plugins + readOnly: false + - name: 0-install-password-plugin + image: alpine/curl + command: + - curl + - -L + - "https://github.com/Troloroma/PasswordProtect/releases/download/37/PasswordProtect-ubuntu-latest-17.jar" + - -o + - /data/plugins/PasswordProtect.jar + volumeMounts: + - name: plugins + mountPath: /data/plugins + readOnly: false + - name: 0-install-gravity-control-plugin + image: alpine/curl + command: + - curl + - -L + - https://github.com/e-im/GravityControl/releases/download/v1.3.0/GravityControl-1.3.0.jar + - -o + - /data/plugins/GravityControl-1.3.0.jar + volumeMounts: + - name: plugins + mountPath: /data/plugins + readOnly: false + - name: 0-install-fast-minecart-plugin + image: alpine/curl + command: + - curl + - -L + - https://github.com/certainly1182/FastMinecarts/releases/download/v1.0.1/FastMinecarts.jar + - -o + - /data/plugins/FastMinecarts.jar + volumeMounts: + - name: plugins + mountPath: /data/plugins + - name: 1-add-plugins-to-minecraft + image: alpine/curl + command: + - sh + - -c + - cp -r /in /out/plugins + volumeMounts: + - name: plugins + mountPath: /in + readOnly: false + - name: datadir + mountPath: /out +extraVolumes: + - volumeMounts: + - name: plugins + mountPath: /data/plugins + readOnly: false + volumes: + - name: plugins + emptyDir: + sizeLimit: 500Mi diff --git a/badhouseplants/values/values.minio.yaml b/badhouseplants/values/values.minio.yaml index 19b39a0..ef99a67 100644 --- a/badhouseplants/values/values.minio.yaml +++ b/badhouseplants/values/values.minio.yaml @@ -19,39 +19,6 @@ istio: service: minio port: 9000 -ingress: - enabled: true - ingressClassName: ~ - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - path: / - hosts: - - s3.badhouseplants.net - tls: - - secretName: s3-tls-secret - hosts: - - s3.badhouseplants.net -consoleIngress: - enabled: true - ingressClassName: ~ - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - path: / - hosts: - - minio.badhouseplants.net - tls: - - secretName: minio-tls-secret - hosts: - - minio.badhouseplants.net - rootUser: 'overlord' replicas: 1 mode: standalone diff --git a/badhouseplants/values/values.namespaces.yaml b/badhouseplants/values/values.namespaces.yaml index c11513c..838f30b 100644 --- a/badhouseplants/values/values.namespaces.yaml +++ b/badhouseplants/values/values.namespaces.yaml @@ -1,23 +1,23 @@ namespaces: - name: longhorn-system + - name: cert-manager - name: minio-service + - name: metallb-system + - name: reflector-system + - name: drone-service - name: argo-system - name: nrodionov-application - name: minecraft-application - annotations: - badohouseplants.net/git-repo: | - https://git.badhouseplants.net/badhouseplants/minecraft-helmfile - badhouseplants.net/ci: | - https://ci.badhouseplants.net/repos/15 - name: gitea-service - name: funkwhale-application + - name: monitoring-system + - name: bitwarden-application - name: database-service - name: mail-service + - name: istio-system - name: vaultwarden-application - name: woodpecker-ci - name: openvpn-service + - name: tandoor-application - name: badhouseplants-main - labels: - istio-injection: enabled - - name: badhouseplants-preview - - name: kube-services + - name: mailu-application diff --git a/badhouseplants/values/values.nrodionov.yaml b/badhouseplants/values/values.nrodionov.yaml index 3582f47..14d1b8c 100644 --- a/badhouseplants/values/values.nrodionov.yaml +++ b/badhouseplants/values/values.nrodionov.yaml @@ -17,20 +17,7 @@ ext-database: enabled: true name: nrodionov-mysql instance: mysql -ingress: - enabled: true - pathType: ImplementationSpecific - hostname: dev.nrodionov.info - path: / - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - tls: true - tlsWwwPrefix: false - selfSigned: false + wordpressBlogName: Николай Николаевич Родионов wordpressUsername: admin wordpressFirstName: Nikolai diff --git a/badhouseplants/values/values.openvpn-xor.yaml b/badhouseplants/values/values.openvpn-xor.yaml index 5827bde..9b9171b 100644 --- a/badhouseplants/values/values.openvpn-xor.yaml +++ b/badhouseplants/values/values.openvpn-xor.yaml @@ -3,26 +3,17 @@ # -- Istio extenstion. Just because I'm # -- not using ingress nginx # ------------------------------------------ -# istio: - # enabled: true - # istio: - # - name: openvpn-tcp-xor - # gateway: istio-system/badhouseplants-vpn - # kind: tcp - # port_match: 1194 - # hostname: "*" - # service: openvpn-xor - # port: 1194 -# ------------------------------------------ -traefik: +istio: enabled: true - tcpRoutes: - - name: openvpn-xor + istio: + - name: openvpn-tcp-xor + gateway: istio-system/badhouseplants-vpn + kind: tcp + port_match: 1194 + hostname: "*" service: openvpn-xor - match: HostSNI(`*`) - entrypoint: openvpn port: 1194 - +# ------------------------------------------ storage: class: longhorn size: 512Mi diff --git a/badhouseplants/values/values.postgres16.yaml b/badhouseplants/values/values.postgres16.yaml index 92cef0b..cbcb751 100644 --- a/badhouseplants/values/values.postgres16.yaml +++ b/badhouseplants/values/values.postgres16.yaml @@ -8,20 +8,3 @@ persistence: metrics: enabled: false -primary: - podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsNonRoot: false - privileged: false - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" diff --git a/badhouseplants/values/values.promtail.yaml b/badhouseplants/values/values.promtail.yaml index 4976174..6ab31f3 100644 --- a/badhouseplants/values/values.promtail.yaml +++ b/badhouseplants/values/values.promtail.yaml @@ -7,5 +7,5 @@ config: pipelineStages: - match: pipeline_name: "drop-all" - selector: '{namespace!~"mail-service|woodpecker|minecraft-application"}' + selector: '{namespace!~"mail-service|woodpecker"}' action: drop diff --git a/badhouseplants/values/values.roles.yaml b/badhouseplants/values/values.roles.yaml deleted file mode 100644 index 7fcd045..0000000 --- a/badhouseplants/values/values.roles.yaml +++ /dev/null @@ -1,9 +0,0 @@ -roles: - - name: minecraft-admin - namespace: minecraft-application - kind: Role - rules: - - apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] - namespace: ["minecraft-application"] diff --git a/badhouseplants/values/values.traefik.yaml b/badhouseplants/values/values.traefik.yaml deleted file mode 100644 index fb92321..0000000 --- a/badhouseplants/values/values.traefik.yaml +++ /dev/null @@ -1,78 +0,0 @@ -globalArguments: - - "--serversTransport.insecureSkipVerify=true" -service: - spec: - externalTrafficPolicy: Local -ports: - git-ssh: - port: 22 - expose: - default: true - exposedPort: 22 - protocol: TCP - openvpn: - port: 1194 - expose: - default: true - exposedPort: 1194 - protocol: TCP - valve-server: - port: 27015 - expose: - default: true - exposedPort: 27015 - protocol: UDP - valve-rcon: - port: 27015 - expose: - default: true - exposedPort: 27015 - protocol: TCP - smtp: - port: 25 - protocol: TCP - exposedPort: 25 - expose: - default: true - smtps: - port: 465 - protocol: TCP - exposedPort: 465 - expose: - default: true - smtp-startls: - port: 587 - protocol: TCP - exposedPort: 587 - expose: - default: true - imap: - port: 143 - protocol: TCP - exposedPort: 143 - expose: - default: true - imaps: - port: 993 - protocol: TCP - exposedPort: 993 - expose: - default: true - pop3: - port: 110 - protocol: TCP - exposedPort: 110 - expose: - default: true - pop3s: - port: 995 - protocol: TCP - exposedPort: 995 - expose: - default: true - minecraft: - port: 25565 - protocol: TCP - exposedPort: 25565 - expose: - default: true diff --git a/badhouseplants/values/values.vaultwarden.yaml b/badhouseplants/values/values.vaultwarden.yaml index 8114432..b4afad8 100644 --- a/badhouseplants/values/values.vaultwarden.yaml +++ b/badhouseplants/values/values.vaultwarden.yaml @@ -61,20 +61,3 @@ vaultwarden: enabled: false logfile: "/data/vaultwarden.log" loglevel: "warn" -ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - hosts: - - host: vault.badhouseplants.net - paths: - - path: / - pathType: Prefix - tls: - - secretName: vault-tls-secret - hosts: - - vault.badhouseplants.net diff --git a/badhouseplants/values/values.vaultwardentest.yaml b/badhouseplants/values/values.vaultwardentest.yaml deleted file mode 100644 index 7796066..0000000 --- a/badhouseplants/values/values.vaultwardentest.yaml +++ /dev/null @@ -1,58 +0,0 @@ -service: - port: 8080 -vaultwarden: - smtp: - host: mail.badhouseplants.net - security: "starttls" - port: 587 - from: vaulttest@badhouseplants.net - fromName: Vault Warden - authMechanism: "Plain" - acceptInvalidHostnames: "false" - acceptInvalidCerts: "false" - debug: false - domain: https://vaulttest.badhouseplants.net - websocket: - enabled: true - address: "0.0.0.0" - port: 3012 - rocket: - port: "8080" - workers: "10" - webVaultEnabled: "true" - signupsAllowed: true - invitationsAllowed: true - signupDomains: "https://vaulttest.badhouseplants.net" - signupsVerify: false - showPassHint: true - # database: - # existingSecret: vaultwarden-postgres16-creds - # existingSecretKey: CONNECTION_STRING - # connectionRetries: 15 - # maxConnections: 10 - storage: - enabled: true - size: 512Mi - class: longhorn - dataDir: /data - logging: - enabled: false - logfile: "/data/vaultwarden.log" - loglevel: "warn" -ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - hosts: - - host: vaulttest.badhouseplants.net - paths: - - path: / - pathType: Prefix - tls: - - secretName: vault-tls-secret - hosts: - - vaulttest.badhouseplants.net diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index 62ced72..202daca 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -18,22 +18,6 @@ ext-database: credentials: WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable" server: - ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - hosts: - - host: ci.badhouseplants.net - paths: - - path: / - tls: - - secretName: woodpecker-tls-secret - hosts: - - ci.badhouseplants.net #image: # registry: git.badhouseplants.net # repository: allanger/woodpecker-server diff --git a/badhouseplants/values/values.zot.yaml b/badhouseplants/values/values.zot.yaml deleted file mode 100644 index 753b7ae..0000000 --- a/badhouseplants/values/values.zot.yaml +++ /dev/null @@ -1,47 +0,0 @@ -ingress: - enabled: true - className: ~ - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - pathtype: ImplementationSpecific - hosts: - - host: registry.badhouseplants.net - paths: - - path: / - tls: - - secretName: zot-secret-tls - hosts: - - registry.badhouseplants.net -strategy: - type: Recreate -service: - type: ClusterIP -persistence: true -pvc: - create: true - accessMode: "ReadWriteOnce" - storage: 5Gi - storageClassName: longhorn -mountConfig: true -mountSecret: true - #configFiles: - # ui.json: |- - # { - # "log": { - # "level": "info" - # }, - # "extensions": { - # "search": { - # "cve": { - # "updateInterval": "2h" - # } - # }, - # "ui": { - # "enable": true - # } - # } - # } diff --git a/charts/namespaces/chart/templates/namespaces.yaml b/charts/namespaces/chart/templates/namespaces.yaml index 3e87e83..dc2bd62 100644 --- a/charts/namespaces/chart/templates/namespaces.yaml +++ b/charts/namespaces/chart/templates/namespaces.yaml @@ -10,9 +10,8 @@ metadata: {{- with $ns.labels }} {{- toYaml . | nindent 4 }} {{- end }} + {{- with $ns.annotations}} annotations: - "helm.sh/resource-policy": keep - {{- with $ns.annotations}} {{- toYaml . | nindent 4 }} {{- end }} {{- end }} diff --git a/charts/roles/.helmignore b/charts/roles/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/charts/roles/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/roles/Chart.yaml b/charts/roles/Chart.yaml deleted file mode 100644 index c2d5cc6..0000000 --- a/charts/roles/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v2 -name: roles -description: A Helm chart for Kubernetes -type: application -version: 0.1.0 -appVersion: "1.16.0" diff --git a/charts/roles/templates/_helpers.tpl b/charts/roles/templates/_helpers.tpl deleted file mode 100644 index 2927519..0000000 --- a/charts/roles/templates/_helpers.tpl +++ /dev/null @@ -1,43 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "roles.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "roles.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "roles.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "roles.labels" -}} -helm.sh/chart: {{ include "roles.chart" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - diff --git a/charts/roles/templates/namespaces.yaml b/charts/roles/templates/namespaces.yaml deleted file mode 100644 index 7cb85dc..0000000 --- a/charts/roles/templates/namespaces.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.roles }} -{{- range $roles := .Values.roles }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: {{ $roles.kind }} -metadata: - name: {{ $roles.name }} - namespace: {{ $roles.namespace }} - labels: - {{- include "roles.labels" $ | nindent 4 }} - {{- with $roles.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with $roles.annotations}} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -rules: -{{- with $roles.rules }} -{{- toYaml . | nindent 2 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/roles/values.yaml b/charts/roles/values.yaml deleted file mode 100644 index 7fcd045..0000000 --- a/charts/roles/values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -roles: - - name: minecraft-admin - namespace: minecraft-application - kind: Role - rules: - - apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] - namespace: ["minecraft-application"] diff --git a/common/values.database.yaml b/common/values.database.yaml index eba45ae..6685015 100644 --- a/common/values.database.yaml +++ b/common/values.database.yaml @@ -23,28 +23,3 @@ ext-database: secret: true {{- end }} {{- end }} - - - | - {{- if (.Values.extraDatabase).enabled }} - --- - apiVersion: kinda.rocks/v1beta1 - kind: Database - metadata: - name: "{{ .Values.extraDatabase.name }}" - spec: - secretName: "{{ .Values.extraDatabase.name }}-creds" - instance: "{{ .Values.extraDatabase.instance }}" - deletionProtected: true - backup: - enable: false - cron: 0 0 * * * - {{- if .Values.extraDatabase.credentials }} - credentials: - templates: - {{- range $key, $value := .Values.extraDatabase.credentials }} - - name: {{ $key }} - template: {{ $value }} - secret: true - {{- end }} - {{- end }} - {{- end }} diff --git a/common/values.tcp-route.yaml b/common/values.tcp-route.yaml deleted file mode 100644 index b995d25..0000000 --- a/common/values.tcp-route.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -traefik: - templates: - - | - {{ range .Values.tcpRoutes }} - --- - apiVersion: traefik.io/v1alpha1 - kind: IngressRouteTCP - metadata: - name: {{ .name }} - spec: - entryPoints: - - {{ .entrypoint }} - routes: - - match: {{ .match }} - services: - - name: {{ .service }} - nativeLB: true - port: {{ .port }} - {{- end }} \ No newline at end of file diff --git a/common/values.tcproute.yaml b/common/values.tcproute.yaml deleted file mode 100644 index 05e0d89..0000000 --- a/common/values.tcproute.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -tcproute: - templates: - - | - --- - {{ range .Values.routes }} - apiVersion: traefik.io/v1alpha1 - kind: IngressRouteTCP - metadata: - name: {{ printf "%s-%s" .Release.Name .name }} - spec: - {{ tpl (.routes | toYaml | indent 2 | toString) $ }} - {{ end }} diff --git a/etersoft/helmfile.yaml b/etersoft/helmfile.yaml index 677999c..98684a6 100644 --- a/etersoft/helmfile.yaml +++ b/etersoft/helmfile.yaml @@ -7,20 +7,10 @@ releases: namespace: openvpn-service createNamespace: false - - <<: *istio-base + - <<: *postgres16 installed: true - namespace: istio-system - createNamespace: false - - - <<: *istio-gateway - installed: true - namespace: istio-system - createNamespace: false - - - <<: *istiod - installed: true - namespace: istio-system - createNamespace: false + namespace: database-service + createNamespace: true bases: - ../environments.yaml diff --git a/etersoft/values/values.minio.yaml b/etersoft/values/values.minio.yaml index ba51cc3..deefdb1 100644 --- a/etersoft/values/values.minio.yaml +++ b/etersoft/values/values.minio.yaml @@ -95,10 +95,6 @@ buckets: policy: none purge: false versioning: false - - name: velero-test - policy: none - purge: false - versioning: false - name: restic policy: none purge: false diff --git a/helmfile.yaml b/helmfile.yaml index 735e9ba..c813fb4 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -11,9 +11,24 @@ releases: namespace: kube-system createNamespace: false + - <<: *istio-base + installed: true + namespace: istio-system + createNamespace: false + + - <<: *istio-gateway + installed: true + namespace: istio-system + createNamespace: false + + - <<: *istiod + installed: true + namespace: istio-system + createNamespace: false + - <<: *cert-manager installed: true - namespace: kube-system + namespace: cert-manager createNamespace: false - <<: *minio @@ -23,17 +38,22 @@ releases: - <<: *metallb installed: true - namespace: kube-system - createNamespace: false + namespace: metallb-system + createNamespace: true - <<: *reflector installed: true - namespace: kube-system - createNamespace: false + namespace: reflector-system + createNamespace: true + - <<: *longhorn + installed: true + namespace: longhorn-system + createNamespace: false + - <<: *metallb-resources installed: true - namespace: kube-system + namespace: metallb-system createNamespace: false helmfiles: diff --git a/helmule/helmule.yaml b/helmule/helmule.yaml deleted file mode 100644 index 5be7c9a..0000000 --- a/helmule/helmule.yaml +++ /dev/null @@ -1,235 +0,0 @@ -charts: - - repository: metrics-server - name: metrics-server - mirrors: - - custom-commands - - repository: metallb - name: metallb - mirrors: - - custom-commands - - repository: bedag - name: raw - mirrors: - - custom-commands - - repository: jetstack - name: cert-manager - mirrors: - - custom-commands - - repository: longhorn - name: longhorn - mirrors: - - custom-commands - - repository: argo - name: argo-cd - mirrors: - - custom-commands - - repository: prometheus-community - name: kube-prometheus-stack - mirrors: - - custom-commands - - repository: grafana - name: loki - mirrors: - - custom-commands - - repository: grafana - name: promtail - mirrors: - - custom-commands - - repository: istio - name: base - mirrors: - - custom-commands - - repository: istio - name: gateway - mirrors: - - custom-commands - - repository: istio - name: istiod - mirrors: - - custom-commands - - repository: allanger-gitea - name: openvpn-xor - mirrors: - - custom-commands - - repository: allanger-gitea - name: openvpn - mirrors: - - custom-commands - - repository: drone - name: drone - mirrors: - - custom-commands - - repository: drone - name: drone-runner-docker - mirrors: - - custom-commands - - repository: woodpecker - name: woodpecker - mirrors: - - custom-commands - - repository: bitnami - name: wordpress - mirrors: - - custom-commands - - repository: minio - name: minio - mirrors: - - custom-commands - - repository: gitea - name: gitea - mirrors: - - custom-commands - - repository: ananace-charts - name: funkwhale - mirrors: - - custom-commands - - repository: bitwarden - name: vaultwarden - mirrors: - - custom-commands - - repository: bitnami - name: redis - mirrors: - - custom-commands - - repository: bitnami - name: postgresql - mirrors: - - custom-commands - - repository: db-operator - name: db-operator - mirrors: - - custom-commands - - repository: db-operator - name: db-instances - mirrors: - - custom-commands - - repository: bitnami - name: mysql - mirrors: - - custom-commands - - repository: allanger-gitea - name: docker-mailserver - mirrors: - - custom-commands - - repository: allanger-gitea - name: vaultwarden - mirrors: - - custom-commands - - repository: emberstack - name: reflector - mirrors: - - custom-commands - - repository: mailu - name: mailu - mirrors: - - custom-commands - - repository: gabe565 - name: tandoor - mirrors: - - custom-commands - - repository: coredns - name: coredns - mirrors: - - custom-commands - - repository: cilium - name: cilium - mirrors: - - custom-commands - - repository: zot - name: zot - mirrors: - - custom-commands -mirrors: - - name: custom-commands - custom_command: - package: - - helm package -d package . - upload: - - helm push ./package/{{ name }}-{{ version }}.tgz oci://registry.badhouseplants.net/badhouseplants - - rm -rf ./package -repositories: - - name: metrics-server - helm: - url: https://kubernetes-sigs.github.io/metrics-server/ - - name: jetstack - helm: - url: https://charts.jetstack.io - - name: istio - helm: - url: https://istio-release.storage.googleapis.com/charts - - name: drone - helm: - url: https://charts.drone.io - - name: bitnami - helm: - url: https://charts.bitnami.com/bitnami - - name: minio - helm: - url: https://charts.min.io/ - - name: longhorn - helm: - url: https://charts.longhorn.io - - name: gitea - helm: - url: https://dl.gitea.io/charts/ - - name: ananace-charts - helm: - url: https://ananace.gitlab.io/charts - - name: argo - helm: - url: https://argoproj.github.io/argo-helm - - name: bedag - helm: - url: https://bedag.github.io/helm-charts/ - - name: metallb - helm: - url: https://metallb.github.io/metallb - - name: prometheus-community - helm: - url: https://prometheus-community.github.io/helm-charts - - name: grafana - helm: - url: https://grafana.github.io/helm-charts - - name: bitwarden - helm: - url: https://constin.github.io/vaultwarden-helm/ - - name: db-operator - helm: - url: https://db-operator.github.io/charts - - name: allanger-gitea - helm: - url: https://git.badhouseplants.net/api/packages/allanger/helm - - name: badhouseplants - helm: - url: https://badhouseplants.github.io/helm-charts/ - - name: woodpecker - helm: - url: https://woodpecker-ci.org - - name: firefly-iii - helm: - url: https://firefly-iii.github.io/kubernetes/ - - name: emberstack - helm: - url: https://emberstack.github.io/helm-charts - - name: gabe565 - helm: - url: https://charts.gabe565.com - - name: mailu - helm: - url: https://mailu.github.io/helm-charts/ - - name: coredns - helm: - url: https://coredns.github.io/helm - - name: cilium - helm: - url: https://helm.cilium.io/ - - name: phybros-helm-charts - helm: - url: https://phybros.github.io/helm-charts - - name: nextcloud - helm: - url: https://nextcloud.github.io/helm/ - - name: zot - helm: - url: https://zotregistry.dev/helm-charts/ - diff --git a/manifests/debug/istio/httpbin.yaml b/manifests/debug/istio/httpbin.yaml index bc5f0b1..395418c 100644 --- a/manifests/debug/istio/httpbin.yaml +++ b/manifests/debug/istio/httpbin.yaml @@ -24,24 +24,6 @@ spec: number: 8000 host: httpbin --- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: httpbin - namespace: debug -spec: - rules: - - host: "httpbin.badhouseplants.net" - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: httpbin - port: - number: 8000 ---- apiVersion: v1 kind: Service metadata: diff --git a/manifests/httpo1-cluster-issuer.yaml b/manifests/httpo1-cluster-issuer.yaml deleted file mode 100644 index 547b892..0000000 --- a/manifests/httpo1-cluster-issuer.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - labels: - app.kubernetes.io/instance: cluster-issuer - app.kubernetes.io/name: acme-cluster-issuer - name: badhouseplants-issuer-http01 -spec: - acme: - email: allanger@zohomail.com - preferredChain: "" - privateKeySecretRef: - name: badhouseplants-issuer-htt01-account-key - server: https://acme-v02.api.letsencrypt.org/directory - solvers: - - http01: - ingress: - ingressClassName: traefik diff --git a/manifests/shadowsocks/install.yaml b/manifests/shadowsocks/install.yaml deleted file mode 100644 index a539b01..0000000 --- a/manifests/shadowsocks/install.yaml +++ /dev/null @@ -1,78 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: shadowsocks-deployment - labels: - app: shadowsocks -spec: - replicas: 1 - selector: - matchLabels: - app: shadowsocks - template: - metadata: - labels: - app: shadowsocks - spec: - containers: - - name: shadowsocks-libev - image: shadowsocks/shadowsocks-libev - env: - - name: METHOD - value: chacha20-ietf-poly1305 - - name: PASSWORD - value: test12345 - ports: - - containerPort: 8388 - securityContext: - capabilities: - add: - - NET_ADMIN ---- -apiVersion: v1 -kind: Service -metadata: - name: shadowsocks - labels: - app: shadowsocks -spec: - type: ClusterIP - ports: - - port: 8388 - protocol: TCP - selector: - app: shadowsocks ---- -apiVersion: networking.istio.io/v1beta1 -kind: Gateway -metadata: - name: badhouseplants-shadowsocks - namespace: istio-system -spec: - selector: - istio: ingressgateway - servers: - - hosts: - - '*' - port: - name: tcp - number: 8388 - protocol: TCP ---- -apiVersion: networking.istio.io/v1beta1 -kind: VirtualService -metadata: - name: shadowsocks -spec: - gateways: - - istio-system/badhouseplants-shadowsocks - hosts: - - '*' - tcp: - - match: - - port: 8388 - route: - - destination: - host: shadowsocks - port: - number: 8388 diff --git a/releases.yaml b/releases.yaml index f07b763..7c999fd 100644 --- a/releases.yaml +++ b/releases.yaml @@ -1,3 +1,4 @@ +--- templates: # --------------------------- # -- Hooks @@ -48,14 +49,6 @@ templates: values: - '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml' - ext-tcp-routes: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: traefik - values: - - '{{ requiredEnv "PWD" }}/common/values.tcp-route.yaml' - ext-istio-resource: dependencies: - chart: bedag/raw @@ -63,7 +56,6 @@ templates: alias: istio values: - '{{ requiredEnv "PWD" }}/common/values.istio.yaml' - ext-certificate: dependencies: - chart: bedag/raw @@ -114,25 +106,17 @@ templates: inherit: - template: default-env-values - roles: &roles - name: roles - chart: '{{ requiredEnv "PWD" }}/charts/roles' - namespace: kube-public - createNamespace: false - inherit: - - template: default-env-values - metrics-server: &metrics-server name: metrics-server chart: metrics-server/metrics-server - version: 3.12.1 + version: 3.11.0 values: - common/values.{{ .Release.Name }}.yaml metallb: &metallb name: metallb chart: metallb/metallb - version: 0.14.5 + version: 0.14.3 metallb-resources: &metallb-resources name: metallb-resources @@ -145,24 +129,25 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.15.0 + version: 1.14.1 set: - name: installCRDs value: true longhorn: &longhorn name: longhorn chart: longhorn/longhorn - version: 1.6.2 + version: 1.5.3 inherit: - template: default-env-values argocd: &argocd name: argocd chart: argo/argo-cd - version: 7.1.3 + version: 5.53.13 inherit: - template: default-env-values - template: default-env-secrets + - template: ext-istio-resource monitoring-common: labels: @@ -171,17 +156,18 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 58.5.3 + version: 56.6.1 inherit: - template: monitoring-common - template: default-env-values - template: default-env-secrets - template: crd-management-hook + - template: ext-istio-resource loki: &loki name: loki chart: grafana/loki - version: 6.5.2 + version: 5.42.2 inherit: - template: monitoring-common - template: default-env-values @@ -199,7 +185,7 @@ templates: istio-common: labels: bundle: istio - version: 1.22.0 + version: 1.20.2 istio-base: &istio-base name: istio-base @@ -237,17 +223,18 @@ templates: openvpn-xor: &openvpn-xor name: openvpn-xor chart: allanger-gitea/openvpn-xor - version: 1.2.0 + version: 1.1.0 inherit: - template: default-env-values - - template: ext-tcp-routes + - template: ext-istio-resource openvpn: &openvpn name: openvpn chart: allanger-gitea/openvpn - version: 1.2.0 + version: 1.0.8 inherit: - template: default-env-values + - template: ext-istio-resource # ---------------------------- # -- Drone # ---------------------------- @@ -261,6 +248,7 @@ templates: inherit: - template: default-env-values - template: default-env-secrets + - template: ext-istio-resource - template: drone-common drone-runner-docker: &drone-runner-docker @@ -275,35 +263,49 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 1.5.0 + version: 1.1.1 inherit: - template: ext-database - template: default-env-values - template: default-env-secrets + - template: ext-istio-resource nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 22.4.10 + version: 19.2.3 inherit: - template: default-env-values - template: default-env-secrets + - template: ext-istio-resource + - template: ext-database minio: &minio name: minio chart: minio/minio - version: 5.2.0 + version: 5.0.15 inherit: - template: default-env-values - template: default-env-secrets + - template: ext-istio-resource + + minecraft: &minecraft + name: minecraft + chart: minecraft-server-charts/minecraft + version: 4.14.0 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-istio-resource gitea: &gitea name: gitea chart: gitea/gitea - version: 10.2.0 + version: 10.1.1 inherit: - template: default-env-values - template: default-env-secrets + - template: ext-istio-resource - template: ext-database funkwhale: &funkwhale @@ -313,6 +315,7 @@ templates: inherit: - template: default-env-values - template: default-env-secrets + - template: ext-istio-resource - template: ext-database bitwarden: &bitwarden @@ -322,11 +325,12 @@ templates: inherit: - template: default-env-values - template: default-env-secrets + - template: ext-istio-resource redis: &redis name: redis chart: bitnami/redis - version: 19.5.3 + version: 18.12.1 inherit: - template: default-env-values - template: default-env-secrets @@ -334,7 +338,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 15.5.5 + version: 14.0.1 inherit: - template: default-env-values - template: default-env-secrets @@ -342,12 +346,12 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.25.0 + version: 1.18.0 db-instances: &db-instances name: db-instances chart: db-operator/db-instances - version: 2.3.1 + version: 2.2.0 inherit: - template: default-env-values - template: default-env-secrets @@ -355,7 +359,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 11.1.2 + version: 9.19.1 inherit: - template: default-env-values - template: default-env-secrets @@ -363,32 +367,26 @@ templates: docker-mailserver: &docker-mailserver name: docker-mailserver chart: allanger-gitea/docker-mailserver - version: 2.3.1 + version: 2.2.0 inherit: - template: default-env-values - - template: ext-tcp-routes + - template: ext-istio-gateway + - template: ext-istio-resource vaultwarden: &vaultwarden name: vaultwarden chart: allanger-gitea/vaultwarden - version: 1.2.0 + version: 1.1.0 inherit: - template: default-env-values - template: default-env-secrets + - template: ext-istio-resource - template: ext-database - vaultwarden-test: &vaultwardentest - name: vaultwardentest - chart: allanger-gitea/vaultwarden - version: 1.2.0 - inherit: - - template: default-env-values - - template: default-env-secrets - reflector: &reflector name: reflector chart: emberstack/reflector - version: 7.1.262 + version: 7.1.238 mailu: &mailu name: mailu @@ -397,23 +395,23 @@ templates: inherit: - template: default-env-values - template: default-env-secrets + - template: ext-istio-resource - template: ext-certificate - - template: ext-tcp-routes - - template: ext-database tandoor: &tandoor name: tandoor chart: gabe565/tandoor - version: 0.9.5 + version: 0.8.12 inherit: - template: default-env-values - template: default-env-secrets + - template: ext-istio-resource - template: ext-database coredns: &coredns name: coredns chart: coredns/coredns - version: 1.31.0 + version: 1.29.0 namespace: kube-system inherit: - template: default-env-values @@ -421,44 +419,8 @@ templates: cilium: &cilium name: cilium chart: cilium/cilium - version: 1.15.6 + version: 1.14.6 createNamespace: false namespace: kube-system inherit: - template: default-env-values - - zot: &zot - name: zot - chart: zot/zot - version: 0.1.56 - createNamespace: false - namespace: kube-services - inherit: - - template: default-env-values - - template: default-env-secrets - - template: ext-istio-resource - - keel: &keel - name: keel - chart: keel/keel - version: 1.0.3 - createNamespace: false - namespace: kube-system - - traefik: &traefik - name: traefik - chart: traefik/traefik - version: 28.3.0 - createNamespace: false - namespace: kube-system - inherit: - - template: default-env-values - - local-path-provisioner: &local-path-provisioner - name: local-path-provisioner - chart: local-path-provisioner/local-path-provisioner - createNamespace: false - namespace: kube-system - inherit: - - template: default-env-values - diff --git a/repositories-oci.yaml b/repositories-oci.yaml deleted file mode 100644 index 5db4d1e..0000000 --- a/repositories-oci.yaml +++ /dev/null @@ -1,4 +0,0 @@ -repositories: - - name: badhouseplants-oci - url: registry.badhouseplants.net/badhouseplants - oci: true diff --git a/repositories.yaml b/repositories.yaml index 5ffcf86..9e7eced 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -11,6 +11,8 @@ repositories: url: https://charts.bitnami.com/bitnami - name: minio url: https://charts.min.io/ + - name: minecraft-server-charts + url: https://itzg.github.io/minecraft-server-charts/ - name: longhorn url: https://charts.longhorn.io - name: gitea @@ -31,8 +33,8 @@ repositories: url: https://constin.github.io/vaultwarden-helm/ - name: db-operator url: https://db-operator.github.io/charts - # - name: allanger-gitea - # url: https://git.badhouseplants.net/api/packages/allanger/helm + - name: allanger-gitea + url: https://git.badhouseplants.net/api/packages/allanger/helm - name: badhouseplants url: https://badhouseplants.github.io/helm-charts/ - name: woodpecker @@ -45,21 +47,7 @@ repositories: url: https://charts.gabe565.com - name: mailu url: https://mailu.github.io/helm-charts/ - - name: coredns + - name: coredns url: https://coredns.github.io/helm - - name: cilium + - name: cilium url: https://helm.cilium.io/ - - name: phybros-helm-charts - url: https://phybros.github.io/helm-charts - - name: nextcloud - url: https://nextcloud.github.io/helm/ - - name: zot - url: https://zotregistry.dev/helm-charts/ - - name: chartmuseum - url: https://chartmuseum.github.io/charts - - name: keel - url: https://charts.keel.sh - - name: traefik - url: https://traefik.github.io/charts - - name: local-path-provisioner - url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=v0.0.26