diff --git a/.drone.yml b/.drone.yml index b594fd0..2c60c08 100644 --- a/.drone.yml +++ b/.drone.yml @@ -3,11 +3,8 @@ # -- Helmfile diff changes # ---------------------------------------------- kind: pipeline -type: docker +type: kubernetes name: Show helmfile diffs -platform: - os: linux - arch: amd64 trigger: branch: @@ -26,7 +23,7 @@ steps: from_secret: SOPS_AGE_KEY commands: - mkdir $HOME/.kube - - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config + - echo $KUBECONFIG_CONTENT | base64 -d > $HOME/.kube/config - helmfile -e badhouseplants diff --suppress-secrets - name: Diff eterosoft @@ -38,7 +35,7 @@ steps: from_secret: KUBECONFIG_CONTENT commands: - mkdir $HOME/.kube - - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config + - echo $KUBECONFIG_CONTENT | base64 -d > $HOME/.kube/config - helmfile -e etersoft diff --suppress-secrets --- @@ -46,13 +43,9 @@ steps: # -- Helmfile apply changes # ---------------------------------------------- kind: pipeline -type: docker +type: kubernetes name: Apply helmfile changes -platform: - os: linux - arch: amd64 - trigger: branch: - main @@ -69,7 +62,7 @@ steps: from_secret: SOPS_AGE_KEY commands: - mkdir $HOME/.kube - - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config + - echo $KUBECONFIG_CONTENT | base64 -d > $HOME/.kube/config - helmfile -e badhouseplants apply --suppress-secrets - name: Apply eterosoft @@ -81,7 +74,7 @@ steps: from_secret: SOPS_AGE_KEY commands: - mkdir $HOME/.kube - - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config + - echo $KUBECONFIG_CONTENT | base64 -d > $HOME/.kube/config - helmfile -e etersoft apply --suppress-secrets --- @@ -89,7 +82,7 @@ steps: # -- Check da helm pipeline # ---------------------------------------------- kind: pipeline -type: docker +type: kubernetes name: Check helmfiles trigger: event: @@ -99,22 +92,8 @@ trigger: steps: - name: Check badhouseplants - image: ghcr.io/allanger/check-da-helm-helmfile-secrets:stable + image: ghcr.io/allanger/check-da-helm-helmfile:stable environment: RUST_LOG: info - SOPS_AGE_KEY: - from_secret: SOPS_AGE_KEY commands: - - echo "Hey, bud, some helm releases are outdated:" > message_file.tpl - - cdh --kind helmfile -p $DRONE_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o >> message_file.tpl - - - name: Send telegram notification - when: - status: - - failure - image: appleboy/drone-telegram - settings: - token: - from_secret: TELEGRAM_TOKEN - to: 131601077 - message_file: message_file.tpl + - cdh --kind helmfile -p $DRONE_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o diff --git a/.sops.yaml b/.sops.yaml index 99e7207..583442d 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,6 +1,6 @@ creation_rules: - - path_regex: .*/values/secrets.* + - path_regex: .*/values/.* key_groups: - age: - - age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + - age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 diff --git a/.woodpecker/.cdh.yml b/.woodpecker/.cdh.yml deleted file mode 100644 index 6fc4838..0000000 --- a/.woodpecker/.cdh.yml +++ /dev/null @@ -1,30 +0,0 @@ -# ---------------------------------------------- -# -- Check da helm pipeline -# ---------------------------------------------- -when: - - event: cron - cron: nightly -steps: - check badhouseplants: - image: ghcr.io/allanger/check-da-helm-helmfile-secrets:stable - secrets: - - sops_age_key - environment: - RUST_LOG: info - commands: - - cdh --kind helmfile -p $CI_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o --output html >> result.html - notification: - image: deblan/woodpecker-email - settings: - dsn: - from_secret: smtp_dsn - from: - address: woody@badhouseplants.net - name: Woody Woodpecker - recipients: - - allanger@badhouseplants.net - subject: CDH result - target: main - attachment: result.html - when: - - status: [success, failure] diff --git a/.woodpecker/.helmfile.yml b/.woodpecker/.helmfile.yml deleted file mode 100644 index 2407cd8..0000000 --- a/.woodpecker/.helmfile.yml +++ /dev/null @@ -1,44 +0,0 @@ -when: - event: push - - -.k8s-limits: &k8s-limits - backend_options: - kubernetes: - resources: - requests: - memory: 1024Mi - cpu: 1000m - limits: - memory: 1512Mi - cpu: 1500m - -matrix: - ENVIRONMENT: - - badhouseplants - - etersoft -steps: - diff: - <<: *k8s-limits - image: ghcr.io/helmfile/helmfile:canary - secrets: [sops_age_key, kubeconfig_content] - when: - - branch: - exclude: - - main - commands: - - mkdir $HOME/.kube - - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config - - helmfile -e $ENVIRONMENT diff --suppress-secrets - apply: - <<: *k8s-limits - image: ghcr.io/helmfile/helmfile:canary - secrets: [sops_age_key, kubeconfig_content] - when: - - branch: - include: - - main - commands: - - mkdir $HOME/.kube - - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config - - helmfile -e $ENVIRONMENT apply diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..1814372 --- /dev/null +++ b/Makefile @@ -0,0 +1,4 @@ +create_crb: + kubectl create clusterrolebinding drone-deployer-workaround \ + --clusterrole=cluster-admin \ + --serviceaccount=drone-service:default diff --git a/README.md b/README.md index 5ad2c85..197b3f5 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,2 @@ # Kubernetes configuration [![Build Status](https://drone.badhouseplants.net/api/badges/badhouseplants/k8s-cluster-config/status.svg)](https://drone.badhouseplants.net/badhouseplants/k8s-cluster-config) - -# CRD hooks -I'm using hooks to install CRDs, that doesn't wotk with apply on the first time. If you've added a release with CRDs, that are installed by hooks, you need to run `helmfile sync` first, so CRDs are installed and then diff will work again, hence the `apply` also will. diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 05f6226..e535da1 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -2,21 +2,20 @@ {{ readFile "../releases.yaml" }} releases: - - <<: *namespaces - installed: true - - <<: *roles - installed: true - - <<: *coredns - installed: true - - <<: *cilium + - <<: *drone installed: true + namespace: drone-service + createNamespace: false - - <<: *local-path-provisioner - - - <<: *zot + - <<: *drone-runner-kube installed: true - - <<: *keel - - <<: *traefik + namespace: drone-service + createNamespace: false + + - <<: *longhorn + installed: true + namespace: longhorn-system + createNamespace: false - <<: *argocd installed: true @@ -28,6 +27,11 @@ releases: namespace: nrodionov-application createNamespace: false + - <<: *minecraft + installed: true + namespace: minecraft-application + createNamespace: false + - <<: *gitea installed: true namespace: gitea-service @@ -38,72 +42,9 @@ releases: namespace: funkwhale-application createNamespace: false - - <<: *bitwarden - installed: false - namespace: bitwarden-application - createNamespace: true - - - <<: *redis - installed: true - namespace: database-service - createNamespace: true - - - <<: *postgres16 - installed: true - namespace: database-service - createNamespace: true - - - <<: *db-operator - installed: true - namespace: database-service - createNamespace: true - - - <<: *db-instances - installed: true - namespace: database-service - createNamespace: true - - - <<: *mysql - installed: false - namespace: database-service - createNamespace: true - - - <<: *woodpecker-ci - installed: true - namespace: woodpecker-ci - createNamespace: true - - - <<: *vaultwarden - createNamespace: true - installed: true - namespace: vaultwarden-application - - - <<: *vaultwardentest - createNamespace: false - installed: true - namespace: applications - - - <<: *openvpn-xor - installed: true - namespace: openvpn-service - createNamespace: false - - - <<: *docker-mailserver - installed: true - namespace: applications - createNamespace: true - - - <<: *mailu - installed: false - namespace: mailu-application - createNamespace: false - - - <<: *longhorn - installed: true - namespace: longhorn-system - createNamespace: false - bases: - ../environments.yaml - ../repositories.yaml + #helmfiles: + # - namespaces.yaml diff --git a/badhouseplants/values/secrets.argocd.yaml b/badhouseplants/values/secrets.argocd.yaml index 81405e1..371d4d1 100644 --- a/badhouseplants/values/secrets.argocd.yaml +++ b/badhouseplants/values/secrets.argocd.yaml @@ -1,9 +1,10 @@ +server: + config: + dex.config: ENC[AES256_GCM,data:SExaFuvPjiyYUiqBivswX4dpPM+x/6OsmyC9FFpiX1TCDIsYNFakzW5ZwFk1XnS8OYzqksyoxAGGU2fmoTVpHXviDqSZ76g0AREH3OwtSlz2R8RwFU/zzgXeqoxw2rC2ij0t0Vg39BeltArIFBcrtTfDy7AjMqf/Qx29EAb9nnoTA/SPj33VzHbn+tJIHb/a2XExj6VAyVJoq+fqsdKmmbI0tb636V+Cq/+wj6WwGjhu/0PDtaMN9AWokMGgICLUbdtfocinvZ1gyv8+QDnczYonD+wFZdlaKDembGN3p0BggBCLOY1I9f3PHG9Yy5xpNtAGFjDYF3NLz1n1QjDwRo1La6EHmmd2pL3INtU++IGRkC64bzCKR7i429/il13MKvccBOBWiJpkf5L65Rluyb1WWNYBcI/SscfQo1CSL6zXuZtrxeWrRcySs9TjSAtwHrpuRm6hfwi1tUcUUEhu6c9uUYMhSoNug8/2vQjQiJcEdh9n+YCoUbPraAC/OSctrnmO/vsXY9CcXCWWR606Wwvr0RIX+wg4/5vCyecj+5nvhfaZvECXoCmKT8xtmVw6h2oYbAU4T7o9J93XNMVyhui4DM1JN4GYlTsfbpU1PBetUII+RO23rJDSRQdEq16Kk9RcNEUaJYcS4uH7AXvbJVeC6Cx2OwN7zSmOSbA9D2kYt7IVcnBQRGJ+cH6fy34KTwJ0def6Ze243LlHdA==,iv:c8cJLybNsyuAw/BFmKtNTBzXIl0vmeSuKW8j/aw8STw=,tag:URax9og6ZQRvWPtKVel4SQ==,type:str] configs: - cm: - dex.config: ENC[AES256_GCM,data:/5fVXmrlrI+A9VkyXXXEyout6crDfLKvEHRgSak3tZn90aVm/SrSsq/mJHO4k79zVPz/BBF8/RIt2rD1TJsBNWsTFfKJuCkSN7kjUIE1Blch9ju2MOOmtWR8NIi98k/t5D/kfF6JhAw3hTv6nOkaz6P9eJgAEawdNeaNZS2i/6s5UdJkTpZWCOD+3DJezYhWS9dePrWldRGzYNVc25wAbDF6jRrtXbF2aC/z/cuhcCEEgsncFAYz1lN8sKpdMXIZzBqvugYGUZHPkWAi8fsLRM818jA736NoT55d7yO2hR0RzbIEbr0Edbk9eeofAty5WEPBhop9OUJJFKeRq2AXgdY6Y98BH1Yn1X1PmkpV4Tu+S49q3jRC4g2dIttywA3waqdGSsXVI5q9sVSJTCN5gsHXM298K1hb0hCgIv4WAv/09BvOOxocTbz06c1zB/ZFxhJJ1Fv3wSPFiY011y8StMgEvBmh84ERK703Sn8jFrT31eujpF6saM8fER/1W7acOrGZTTCirXcm2Cp4QPS6LILeANcD6S6gFvITKxCa/Dzkk4OV3uB2KqpTX13IrbnMm+oYGM573QAJzuRBfGtFBggX6GHM1jGnPZ/s2n+BRrhKhZRofVommLMSl2mTyWRsLwJ8XzXIDZlQT8MrkCZX8EorQmUS3NPM5oTgxpq4dtGbwVmKh2i2ZcmwGK7AwB5OtLXeyLe/MbOikQKCig==,iv:xuTDUZWDWtzZwTOvfzGRNsqpPx+rxtTVs1C0gOjB+Pw=,tag:CLGA9kgSoWBFCJRW/s3MAg==,type:str] credentialTemplates: ssh-creds: - sshPrivateKey: ENC[AES256_GCM,data:43Enu05W+Cxbg1z8GjoYMWNOkCSuUIny4c9YOJlp6HBwazFx8IbMLibSxcI4kWCaceKHj+jxHhj5hnnDJgXWElFHmsApxNX/GtXtaiIHF2I3f4o+WjLJMco1lkdrtLhb2ERis7PtzI+1aQsTDtwJG6xPDpxYT+apokx2XnwkFzjAetfi5zHMyepgQRXFjyGvn4HECLeC1uii4+/FmImI4gzTFIGAoeb6xT4HDsWV/kzrWNJk/FsnmQyCkiEHQ8wU1z1WTPr6cuTLf7WUrliPaOAwmGwxfchU+vIfIBsbfHoBVHeJR8/j9fB5Em10Z5Ton91CXObGVpEBJD4MHgUIEVmAunqK+ltAit/CNmQI5AwSofcfAV+hI2o8v6N4Wlq6PteNKeeBvdSCYEt9DR7uw+TNgTgxNhAzjZuXnfZzVpmsqtsy0LMBtdwruA7j0roBoqODU9+YbJc9rpx+MTwlaPrkBBRA2+ZZ2Z2Tl2NV8RJbxK6fwDha+E7KPqJnBwqK6xsROvEV2wzW/ZXGDWXuOM7sqCK0Zc+vi/X/1kgTTVt5BlnjLpk+tiZSIwMFLAQctMkEFpVQAWFqpVnlJenHmwh4NaHgEIEsiIMsR4Uh+7tmEwli+DVhauwOwJpMc4MJsZgquTyATd/1hJdLW0XJKNYGDd/Ia9dUvtuZR0vZks1J85XVwp/qR8QlJd0nMhFgzNV7cJnf2WE6nj3c8ibPjhelFPFd+dw0inoLsnwBGvNpxZTeu2UBInnyAW7MefVs29gSnWaSFi2dvT4Lw4X+yGdGP3SAydkTOfMcV7hbtv+IRfeyFTV6v0ebilufuvVy56HlZQl5H6y9kZEg3m8qxJ2gJB7MFVfqAku8lNDAgMyvdx2sDivbWvOOsPAC5N8NFHVn5XKlASrZs4N6o5Uo85ewO2GSLn+UKxLWvhqKwIB7oYubfVyV+m9SwqiZLBy6xt0FOKr4cg5pLDFhNer2vQfwRB/2meV3jZt3TXE5anlnxgEKIfrjhjJTXpOIaUPn3z/jbYk5RHTrFrAIib6u2r+HpTkxdnIE+jdgyl/bmhzI7cqDfR/VDdfbl78sAKNQjAhzG10eNWnRgrvNU5KuPOpvxaNUyv55L9MyrO95LdmrmV3SG2Y8J08sCx2kmGg0gJwWmQJpvWTPaa8HQ8oTUw/+b8c6z1DzesozjVVTdd2m51cprYQtSY+izJfjzYXfTs9q2ibzDaan1GWRx7cFYye5ks0DWG4Qn+dFIiVUez+mnSPIJ3CTWcXwnMfLALM4p1Ki2/BUyRz84ryJLJ4L+FhDJJFBpyi+SzdNOIpCEqOQgztxdX5FFEZ6dKwsQtj+8AA+eOlQIb1fu9lr+6g4+TgJzyYSxxgmCD/bTU+gGXq7r6pX8NIIZl3zcVNtvEg/mObzRq3U9JtljKDHjQVKlLm5KqoVeLybgCK0kr0DsqriD92UnhOHYY9Xt6l670h/kfH9tygSHogiWHZFJ3E90YeXnRAgzyELqdz9wrGri7y///Vm4vAh7O2wqVq7XW4w/27HStCFEOmPA6i/84VIRJPsbTNUxYi1SKVQzHe0r8gBAr3kcrLMRTzs/myH7utZxFmygR4NcI9q1X1Hz91Hi2mfHRAuhqnFWHjA/clMXy2eFTUkAUlG36z1+VhsPQVo+n1vkPXtbtW8FofL8LJZwtwuOHfnHI4W8431S4KtOcLFNLha6otzwD63KZ40x07ljwFW2/4txlb98jVE3myXK7n93mTL6iY17cTBir4gRdAACDlmelIyqQB2KcL8sJht9B0XXeWqMxkt6HQlJQaHjefv5QtP3tXKCSQUmdPf2dLLXfQnhhpZxEU6krZJLPCpM4Fj9hi+1dCmIwSW8iGSxMD9+KtyCenP3L243P0NzWPEpM4CvL4c8sgZYVzZ5xAxbGjL87ScTWhrBvpSv5a0OLtH9K1BFgISwXbZyn2dBSLdhaJYE2963KJE+yvbSuZPGzdOSGShQPX+h5FEEJrhZKyxI5b/EjbczZ/Rhu8YTrYdBNFX6XZkXvlF35uXfxmALihu7IBZCOZh8qepdxzYbXbrwLI22bG76Fib1zofhYuLTUqEHABy++NMGCZwLGsCzM6KQAEhlzy3uhQywpMuNUMfp9gaxsSb/RooYGEfqr7Ss7Qg6Nbzue9ayiO4sGl80m2kbQi2A+QdXsrplWeUVouNsdeIWs8J7uU+KSwQXdtuZHHVeo8v7YJddLHJDXdzKMEpukj1Nq342ZPSPpp8ENDh3XUP/SQgOWyAM7J08mhtlblmAOvKFe99SEnXqHLfRtgZgeZvlcfZF5mzz4Cq96mh8LU0V8C3T+31fWJpMJFo1eNHEbYxp/K6UkCDGsba4ahGAD8Txb/J5SPMWUKI8GRDo8ZOgvvDd0f/NvfnjngSWAVq/Kff2kMAMN9JtpEGUhxrRFZu+7qanmHrB4/3c3h+vh/+mQlURTIDmKOGFZPXmlOaW8KfL8/6dzSxAyYjOHPCuMb1JjyNqte1fzZ7Dih0LBtbTJYoMc52HM7nJ/ENHirwditTj3PTWJbRh/vVEQisbKtLkzb2vZPkTW3EXo1Z73KWZ/RqcU1S1Xj9egNLNZQegcJ98/9qXtmOAyhpwCyP+5Xscu6xVeIIso2f4G3JPJCelHCoeTyFo+8r/8k2FHiOhcmhPYPC6mlQQNKcV0441jrnjaJ7L9E1Kxt/iVK4B+/k4HVwv2J7yjQ5dU/KBY3V/vMhjQc3AGq6S6T7WoycYNY51AYYGHk6Hf2yl3md/qFE14hzX0Zt2sjmpQDJSG8CAOnay5XxDOrLEQwqmCaZPGGAK4FaXDERAgRsxp8vMy9KUQDVHwT1Tqf3rwGn74nNXo9IqQgcc5NV88FvRjLv1bm/6kBeaD9udfZBw7YqsRkY3mRoG/aJw8DkOdmYNIrJm69rmHreQo1KssVe/mz3Om0auwpBXR5D2OzZ/9e9XCprnUEN59cOfaha6qMm7pvDyJocaYvbSWPpchZb8DorWGEC7Iq2Qa45NaaKIpMrAOLPhiRqtNLP3L5Hzq23kvNOxY1r8Pxk6VPH6DqUBYrwq0vkYgABnquE1TZPL7ZqMMsfiAsK+iAxyFSbH44Yuby7VvD86rs0YaKYIgBTPMjfo7GNP5Dx8YPKUruQDnfaJYCw8klnmAtdioPWeEzRDmSYN+wOtz5fBFzPCXOVfit5BA8fIgpMrjdo/8a5TD7yf1HI9i3Nb8K8l1rAJ1SCsLF2Nu024rrcib8mxXBdXBdqxekGtN8+D2KLyq0FsR395o+Hy1uQg4UwL/tH5s7CiFoyQcngZxS4zqOjLQeTUbsLCx2y5SG144Ls/bQloLps0mvoz7+hyv7+UmKbkNbiJKOeIUjGMKRcfBDSog0v+V75yWjlsrRWmaVlQCwp0bkpCNu684qOv1T1WnpoYNctJzgxzggEYWuk/5YgqG/ao4Td7pJTkAD21A==,iv:x5mss0VoYp8qlgEdSa7973AClSdCin14GuAt3duWqjk=,tag:jz4tVj4Ot2ZwedETSRcVLA==,type:str] + sshPrivateKey: ENC[AES256_GCM,data:qQZuWVqu3G59OLMTtYW3BDfoo/3+SvLgQYzv0Aa2NQGb/5wVFejPiJR0BAMYZjkDSVgUZl/oVCT55I41QeKcNYfHtGcrWIFvizg5jW+K0U3ZvgtnY56J1GsrKWQIC29U5EHz/7xXTnSJkkiiVEBGOjwQHpfCgsqR5/qhwnFx+idLsdJGasMYjIJZttTtLpPsY1tgUwTzqJGQptJHqG+/EDcmI9ms6383ltgc6xsmezJDyoG3A2cMNp22qctIuqTIM6ltL9iosBmMsPM1MaiZyJ7rG5zNPymTCFDQUXwlUwFoDKJnN3GkY4ApzRv43iAw2aIX8ykifZVGZOuvV/ifzUuDoemsGjD7X3GN+ngVNwdLm1qSkcnb21Q22kVmBxotIQaF9eN/LqDk2ULEMX3Yvml886yo4AnxlIA8zW8XzFfEILrEswv555P5p3Mswl0+KAIDo7cYav495U9cYrttHbU5wvr9br5JekNKVSgTigwFraq2ZUE8Za3Ru7VOuljywRwe0VEvhFv8SJoH9NZJyl8ME0+uH1R6YtIodkHpB6b6wtyCwtPXjkUkR8nzi4VU0L3zq90e/DvmX/a/q4uEHtLPiIEMFbKtUQ8v8mmscYEEvYIsIBO0VcY2CUFbEs7r56uFOiysqB4d4ySGFjdQceRTLhG7/kUjjYtGEByVcFXllhAV+1C0vXHgOXc4G+EowObbcyj+sA4hxFVL8/f0s7znVCQbZhztQsxfFr5+76X+nzkXkkhauUsMChybmVmGTU+hYnZ8XuOK6X+tRixoVNlcitFD+NxTksvDeJDIShaQvH2cjLLbkze9GmUVr3EvifQhXdw29rpgySVE0Tjn+YL23Ft8dToqR6QwTASLi/vcvbjpx5NtchuR5QFxwZYY8ROTljSQS61AMdszr5cR0BwtFY8j59Aj25sEJeasi44xzUlBxAGazHjzBDxDU7XIpGV/IkiMtaEuEXKGRpVqhQrszvuXOf9K4TwxuVvhlrSVvU7M/lQzJUzkSFOSvO9nzfnkVLwqTdTX56ODFs10vRowClKetC6PpuAclw85WlC1OTkkAL8RUCWyoPQUU+EYolUCW5nMp4P8X1XK3qvRpBU6BdjnnuLQAi1bYu8t0f4vTYoLvYTwlMGXizMHEks6me5pPD7mq5HvpR2e7i1ZzJ3oQaKPB9n8AsugFeRStAal7HHrfEA6NVXLlBYdiq9oRgwllZwi5dsw4m6ABhh+angCWkIsjB9+n9NKOdJowvyDDx1JE/Ai4wb+8hbTLtAold6YJgNA5aT7LeSVaxWVB+V8w1ghn3UJzI6SGdayJqUH+VAUDvBg4LeqGH2vrod57SF4FMmqGTQwN7cYxW0fDT9V8xnb2nQu7WaE04Miw5hlsB4uTRUfeMrXXvt3R2N8azqQDF9Himtl48U3by9vv8FPsNhq3XvAPY5/TCzHz93bnWWmdtyZlHTFz2wRAwaTwOfFpN7oMW6YyVo6UUpw10zap0Jfboq8szF////nwEHf8qGw3dxT85WwBR9KBPwFuHZQsoUOuy00PuAB5fVvXXWBiCnzYwWgY3NqTBkLYbV8D/6UnLlfAHhnEok7QXf7P4xqbB/6EmqCmGBw5ZgPqg0bY6mOTnMrfqiKV9+Q0Mhe8eFPNOr2zoR+VYRDnWX+rJu1+OAK8QegH1Jn3RlOg3lXoFDFLelq6GEq1Kdbr83goL59/uRu4VNvAArUJ9tk4Vn2vWEtnbpjRcyjwAHIc1YXphY53cPFdSjYCeoNv5MDEt3oJAKWhSX7Ql6ledftGWB4fhns0OK4+zLN6osqrPNtLyS7iqXhcwmUIx+b6jzblKt/FAssFOw6VVpi+nVrBWHDW4lhHiCu37VYS15Vtjw+JCPbAe30MOquhXn1CnEnoV8mDoDGTeMpvpP4BTTgsLmloXfv8/+TjNYfzSWivvXjY1K0P/KGqoEJfIyYDyuxi7t2qJ/CwdvBTJkF/cTX6yvX6IvijKuUco2aIgpoZfg4JR6VL7Gk3Cvf3YBvnvG8TspBOfO3ZhwTS6vfQeDLs6kf+gBtXduJTqAXuy8X8B4RZxsNGZZD8hsSVH6xP5akN6waGqG+xDQxKTT7FCpmi0igvvANRROF3+KxGigPTrIqa33WDglrD6tUfUKNUW/SuZXXjbrgo0lillsXj6i7esSLfgH9CjUfeVUW/mI7mvW+0xjV/eeZtxRnz3ADGgfObV0XakEFBDhDnXtmdN7RN+Q+UvtN0uYGYWYqnIPNewm5RYwVGtGNWOB42PdaKH0qRUdWvCAbsKflPxW5pJNZlejhoMm+3+j2UlrY59dGqTVPoXkWgIGxFkubrtN06zAhVEV6/PcCZoGJmZsPWIfiY5k/BZljtZLAa1e2cboD/0q8iX0VzyRSmuKzVYMa6/NTU3PQ8l2x5fQRRq5OR33P2N36Wb6cO7GB9mEKAElTnd8oLlJ3T27EBctdNf8gOBIYWtGo+lYtKeh/NJm5o7KGIdjhThi7Lrbyqaxb294yxydmrJBh64dws+f3IhUQBLz+6lk5PM7EtrBCGuN7PqdqQMHqWMcCvDCHxY5X/U4zrWMAClEifJfC0b+3HthLkBHb388nGMo2ymHq683s0PxmmY0lfpncUEGHu+1J5E3w2BEy5Qv83x0RQDoDFab5lxILo6VSmZru+Kj18yeqNiNw/CzHaMvID7Gio1jaq3DsuD4bA9ne5Je5yAK8INrYRDCSzMfQpc2QqE306tonmsu37EKGHTCOaaqfL8/f31nqZcdKAdidM4JBa+osYYVUCp50Nn8h94dczpjvC+M2hEQXbibUSwyPjDv7ptwfZSEPG1mjbrOEpRSbzh3lGbE5q9K7bNyt0aJRi2gOw/shU5rPxmJ5KoL0HUEc74pZRG+Csa3ZKruqYqOEezgZmVwo0E3NQD8u/y/oF/L8hgKj2jcRmJS/pKbr2Tv+Sde1ZYdZjsXW6tFRjPDZGyhjHBriPLikN097kmuPFWS3f4ZFPyHM/Az2uzPPBFGv7VchUbFScIDgBIq+fYnTPtjjST7FgsDxpzTkj8uliU9z7r0dTIawC8qSUYErsFYSvUITySWTam0R04yitaArcH5fLEhEeKKMjGUVkwwxGxfv9Fql6Zs1YSCKka9aynXDUmw6igbRJVIPtmEosrmFUzlX1OEiJrX5xWOVAv3wQ2vrxvwHlmOMtr/cQagvASds2kC4QJ4qSwc8YdpLAwrn4+h7uNP/QChAOVCiGQXpFqd5ab/LBc6Gc/1Zxilil1kecMFBc/XmVssw72XSVoXVJPlIyiSYOAtm1BGQHJXRspP06/M+/5ffaHoEevqB47kf6bE8c3F9SwksgwGtaqXdFBoKSQcret8Tww9C8ZwDji8v/woVu2COXWaF2HLg3r3vrXa+DVVz1ENtOmJEJYTCuLmdqpZsWv4olC2wcCUEA+po9kZbVcEAfKd0xe/0x2fzqQ==,iv:lDEAwKxgoRPH5AtF2kYxPQjHkw3/kbbpoz3jlUsEpTI=,tag:6dbL9WZoTZ2xSrSVE4Dlhg==,type:str] sops: kms: [] gcp_kms: [] @@ -13,14 +14,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoUm5MVFA1THRlNHlQdkpw - MGtVZjhiTTNCUzcwV3lCQ0NqeTZHUWxrc21BCnRVbklPZE84U1FhNFIzeHowWUh0 - V01aeWhDcno1d1Bta01rdWtvaGRQaUkKLS0tIGhiZEZoMWt6WDlGeHpNdWZyVlI3 - THJzYlU2NUJ1R1I0TEtpQUdOM0VvQ3MKQmjL1jaJfXGi6FeFb34/l4FhOEAV05Q4 - DeHvke3nKOP/R0BJxwqvLi2hAyI2LEMSEaXs7iWnDDFOPUA1DiBcuA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1 + MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF + cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1 + MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf + pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-22T23:43:36Z" - mac: ENC[AES256_GCM,data:szfQ+rXGzIaqcLKnGO/H1poFQu6/qxtUJejY9lCQre/YUg+d5WAgPdrxlwmsUsLaUz8tgMGiAd+J8NmR/P+tahz5/wwuHOYadPWzof/okC77vuyVLjuEE2t2RQ5U40kUJJKR/3TPawyttiaTDpxu6VJj2KcIlHfxsW5ddzAtFdU=,iv:fX2yQtrap9XKxjiPMfriH+QHZM8tGrTDgtHhCWh4NZQ=,tag:7FWAPf7K8rvyEURVFkrz8A==,type:str] + lastmodified: "2023-03-04T16:16:37Z" + mac: ENC[AES256_GCM,data:4HhqNV9EIcBA/nzxuiS21TWe6BQ+anfEQOnfrYcZ2vVD2dTPzc0ztZ1Ihc2WX6sMCVFDpUJFEcr38Aj2tXnnS80kTsnznBsSFNLj2b857PWXNeoAuwiiY3XBq+Ndo7I5wCYgWyuaH8xWQtd5JVuZPpqdtjTkbWq3lj8aARJUuQw=,iv:Hlu6iaBBQovSaXYAEB7nWBL9OM1UXYxQ444s5ZrMtuo=,tag:N/znbxYVwFoJ1eYAS8PE4A==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.7.3 diff --git a/badhouseplants/values/secrets.bitwarden.yaml b/badhouseplants/values/secrets.bitwarden.yaml deleted file mode 100644 index 4407926..0000000 --- a/badhouseplants/values/secrets.bitwarden.yaml +++ /dev/null @@ -1,24 +0,0 @@ -env: - ADMIN_TOKEN: ENC[AES256_GCM,data:ea2lgOEYMi8Dsvun00YZR3PCE3ycNC4Mpe+xye9YL5CTtnyrDwV9Tw==,iv:28Tcn1/qIquS4jCNBTtspB9c+5U3Ut1zoY6gIez8fcs=,tag:POmhoUY3t4w+iTJKK2eHVQ==,type:str] -smtp: - password: ENC[AES256_GCM,data:cs+2Ml3YfZCk8z/KmexGMqzFQRM=,iv:mg8e3oHbLT07pZEdDGwlBchPyT83xOdwKJg9CCaicnc=,tag:NPD+8gKERO8uCuwrFnn3bQ==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKL3M4VWJBQzZQdHRDcXVw - VWIwcjd0Zm44V01DTW1aV2FhV1QvT2hpcUVZClJ2dHdvcDYxalEvMXB2a1F1WlRy - K1VOYmg4cWprSHpLSVJVK1lYVXR5cWMKLS0tIGJ3bHNIZE9zR3RuZmpmMlZBQ1Qr - dzNYMlRnUDIxK2padTRCSzR4UUpWQjQKxex3RqZGU7ekdNC3qIiqdFs7d7a0Pxa1 - amLsaNnBfJ3OqjuD8atF2iCAXy1Q2BcXunkWi3wbzHb/DgYly3n9OQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-15T12:20:48Z" - mac: ENC[AES256_GCM,data:2yRwdYM32eESPuUz+d7m7pTcluDUeOrLgv7iJmhPEnowcU9WvypAZr73w4y4ewc3yvLmmu5uuFjJJhN1+yjwULGUtU1NPdcvXHsGwtlA7KDyYUqwIc4NrD6BAeR7tRQChNVD++2wB43kiGAWAMmieOMt+xHcaWlM2btuLoiwE34=,iv:ZMxA5eu0IJKTRBtoKhyIJiDe/W3zVjzlz3TbO7gpRnU=,tag:ErYqzleh87+wj0uBRah20g==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/badhouseplants/values/secrets.chartmuseum.yaml b/badhouseplants/values/secrets.chartmuseum.yaml deleted file mode 100644 index 8e14680..0000000 --- a/badhouseplants/values/secrets.chartmuseum.yaml +++ /dev/null @@ -1,24 +0,0 @@ -env: - secret: - BASIC_AUTH_USER: ENC[AES256_GCM,data:i+3uBSJ1yrA=,iv:bhB9fIPxR2y9sS4jfbuhAIyzMHgoIRLFGXzQJ4763Cg=,tag:7pv9IOcBXhaeRu3qChQP8A==,type:str] - BASIC_AUTH_PASS: ENC[AES256_GCM,data:zSb7cw==,iv:CL6ywqsc2hpTnBl7ndD0s49JNEmMNnu3X0gke4KT3qw=,tag:tSVaRdIZpkzsqp6n1RUB9A==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBc2RwQk9OTS9GV0NOb2x2 - OE1YVEsveU1VMTArZEJ3a2tETis1N1FTTndJCm96bWtYMDdRNnVTZEk2b0JPQWFl - a1BTcWVyUWZKOEJSWDZEcWZydEc2b00KLS0tIEpWdTZGWUdCUHczWEZoR0dSTlRY - TlNpbDVHa1VDUk9wODJLaHZJT2JoWmsKUD7yk2jpDVHvP5B4soK7k834RI+ydHxg - H9/8nzPNwNbpq5ysHmYFChpfiOHrSKirVINUP7MmLGdPZ24FSHI4+g== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-27T08:47:35Z" - mac: ENC[AES256_GCM,data:w72acY/GygiBVO/3/OQU1WJ90R+mbuCcGid9KzCAPOtdhBBbY5zZUtkZvkZkaugoiI+bpywoXQI/5JbY4+23D4MN2XHHG69DIkpR0eygeTHWc/id+LhfxIGHqvYzULshQuyVtPezoExWVwC3c3ZJYpkzRJhgOjA9TNg5ib4jnIw=,iv:srnydYWdQ352zeNzk/HJi5CyoQEqsDxbCV+1aT1qE8Y=,tag:zCRILWPmLcW0mN/IRpzazA==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/badhouseplants/values/secrets.db-instances.yaml b/badhouseplants/values/secrets.db-instances.yaml deleted file mode 100644 index ffe6efa..0000000 --- a/badhouseplants/values/secrets.db-instances.yaml +++ /dev/null @@ -1,25 +0,0 @@ -dbinstances: - postgres16: - secrets: - adminUser: ENC[AES256_GCM,data:Ma+kTq+QHKY=,iv:1znr9VoLAdGlLFzbBx9NMsj022vb0I9z7bTTTAjzX/c=,tag:GfUQHztjj2h/ctm6XznT7w==,type:str] - adminPassword: ENC[AES256_GCM,data:XYfh9OGA9SgW3B76u3tmXPjQ8vA4,iv:M4KIyzNujIePcrwmp9N/EErer+YZFRujOEN9VsPz76E=,tag:driIxiCOYX2VUj3v0rvB7g==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBON2FPbXpoZCtMVStKZ0dl - RVRycjdaODJMcG5vblpiZlB3M1NVZXJaaWxnClpPSURkM0hzSFdPVmIwQ3g4N2Rx - Mnd6LzY2WVA1dTJmSVhMZXp6dmx5OXcKLS0tIHJKOGtWYTNjSnR1ZGMrZk5mR3ho - d1p0TDkrWkxwVUpKOTNYQVlORm94dFkKh4sfmicfMZzwoD6LymdlcXDTFcoLbJXq - Hoc62EW11Pl0Ah8HWkndbiYVO++xf2UHWq7Th4t1W1PdKq0bCN/GSg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-17T01:05:06Z" - mac: ENC[AES256_GCM,data:DX2T2S17r2U5jqqFWRDeuBjkjO1OrkF4/wRAC1cmSuhrGB+R+B/x3RPT9XKGpo9kEzgQkj1Fx9Wjkg0KMVlmTWJZM6GtHz/DUbD/nQX1+JLy+1U2qSYua59hdez3vIPPaLbiYcs7g2M/nEyyMj5c82wBgDUD26uiYo7V/AeoWjU=,iv:ISDzjgML2az6Y0VH/KNUcTVuHv8e59tT+Exn5BAqMeY=,tag:fGXusF0pYxHCPe8i+FmNIw==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/badhouseplants/values/secrets.drone-runner-docker.yaml b/badhouseplants/values/secrets.drone-runner-kube.yaml similarity index 59% rename from badhouseplants/values/secrets.drone-runner-docker.yaml rename to badhouseplants/values/secrets.drone-runner-kube.yaml index eb18677..67c1c78 100644 --- a/badhouseplants/values/secrets.drone-runner-docker.yaml +++ b/badhouseplants/values/secrets.drone-runner-kube.yaml @@ -1,5 +1,5 @@ env: - DRONE_RPC_SECRET: ENC[AES256_GCM,data:RAZbnTrv9PxiCLLqjKWBtFWd+Nzqma8Zw+NuKRLO,iv:IiFcTQGUmYa6UCBzx1yTDd0zwB6D1Cv0raXZxLXm1qA=,tag:83bnBW+MhkKehZfso3g+/g==,type:str] + DRONE_SECRET_PLUGIN_TOKEN: ENC[AES256_GCM,data:6vsbRkd6DbWKf6qPPtfmv14cvKc=,iv:PPlH4m+SyMNNo/bV5/hpW2CZPGwxNKwO3RzY5RPOu5w=,tag:BGEf82OvMjDQvKe078/Fkg==,type:str] sops: kms: [] gcp_kms: [] @@ -15,8 +15,8 @@ sops: em1VMlhBNGRrVFhXVUVRdU16Q1Q4bUEKvZ6UbZsfdvfCk37FlEN4vg0RTnPO2nwh DY4klzcan+9DBRT2qdIIy6pj94GuSoXKXEYc9X0AvYab/HoLithMWA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-05-21T09:27:21Z" - mac: ENC[AES256_GCM,data:U2JETtW0lbb2znJBupGMPsab13y5M1v1N0wkFxEBs+YVNFhnkvIqSZiY5mq9KTYiY4tRzw1kV+jqP0jNsODekCI1++4NBuQsGSZFUoTERHgTRlnz1aAS+nf39lvYnWyQxsQmw9vY/GQ/yluBJkOEV/EoIF3wHjxZe1HCBIViPyk=,iv:WMj7aSgW8LdNQbOgC4FcyOtR/3gjckiHO8vlZGdiTeY=,tag:Xty2QVLJ/D2dlzQY13od5w==,type:str] + lastmodified: "2023-02-19T11:56:50Z" + mac: ENC[AES256_GCM,data:5U/D1hI+3zulh0UuuBv/oGAU8Bz5hpWvLCxUSCQbPSOW08S2jBiyDEdDJH7g0/y1xQkd3xJYLzJ7ccWx98j+0QJ+HOzcUF1Hwro6Zl0GSw8D4xvIeulHwwM6MBJGtOanbSHjeJ6Qyqf/tM5bF9GXpDblrNOXrnhvGOHj2GkzstU=,iv:AWAn3hAUEs8mbproV0M5EJyKddfNmUrI0ouIjvh1fEE=,tag:bFIQa/v4CaDx4RAJ7aHjeg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/secrets.drone.yaml b/badhouseplants/values/secrets.drone.yaml index 82877c3..b7c56eb 100644 --- a/badhouseplants/values/secrets.drone.yaml +++ b/badhouseplants/values/secrets.drone.yaml @@ -1,5 +1,4 @@ env: - DRONE_RPC_SECRET: ENC[AES256_GCM,data:W1OAxQIUbVU8uYHtxujhPyww4jscNH4LwMAGOU5v,iv:ouToTniIMiy757x40MKMtmLFBVzpuGxSYOTMZmmN8ck=,tag:RZ/cb7cRXDQSAQwGqdX+zw==,type:str] DRONE_GITEA_CLIENT_ID: ENC[AES256_GCM,data:7Ohn3nGR9VeIhAr9EdW1/juRFo3TXpKIwU07hD8mGoyBrbyn,iv:9/y3Ou8H/PL2hMsirJaqviKGQuzVlzL43iGAKQb9NII=,tag:EZoo2F4/HoOcacWOVU9yjA==,type:str] DRONE_GITEA_CLIENT_SECRET: ENC[AES256_GCM,data:2wAbiSJdDb5lGUOocK14pZtwQI0EFmXGStAigKsPGAZUKyn7M0B6xBO1+B3wZYVnIKEohiNIZF7k,iv:Y9aCzdSH5cAIZfk84Clto/IrQMRaoH+bOkvbP+9CcLM=,tag:FVfLsEA56WGNCl/8ut4F/Q==,type:str] sops: @@ -17,8 +16,8 @@ sops: QStxOG1iMWlxQ2dmOXRabXp4cm9NSU0K/+CRAc7DH4PgbQscXvDb7yLe8VoEpixr icD3GL37kYE2D4h1cm+p+/b7BF4/yjNlCUvo5cITXRjZAuiWGwUixQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-05-18T17:11:19Z" - mac: ENC[AES256_GCM,data:d9G44MW63rUa/MQaW/rLQQ4dlgOOje6qaS1V7yWT3HrkRLOXRCfuK5E+XeWC1PuQwMk0ghaNYJDT0FTnBsoJbxlu+7Vb91qlItn+azvldOFDvtGTRpAK7bPjM+p+G4/gZsgarFxaTh7py6Z/HsoqP1RvaK8GWNhRl7VfTiFuUrA=,iv:e4IXbSSiHMTPc3WijuwgF8L5aG5iMMfu6P/IYD2cp5A=,tag:aGqcqjjrO+PfYxfIAgSmeQ==,type:str] + lastmodified: "2023-03-13T09:01:15Z" + mac: ENC[AES256_GCM,data:cHdSHMa5dJTMrQsDOvTAORHON3WlFVRApaajAoZ8QIWWxC1ZCNIyMp1NlgZ+vv1vY951+JsOu4WYJdfygMvCplSz2ughqWgPFvykKOCBGTLfEKxSagnxuxuDpJ3FT2zlzzUxLFSOg8iGgpxZc9mF28divlAem4POkGgWs+7s7tE=,iv:Zjx1Zscf6G4QyZJayJLktSg6kOCl3K32G7U41dL1RVQ=,tag:v3m/hIt5A4xe6R1G9b30cA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/secrets.funkwhale.yaml b/badhouseplants/values/secrets.funkwhale.yaml index 8ca3587..47cc127 100644 --- a/badhouseplants/values/secrets.funkwhale.yaml +++ b/badhouseplants/values/secrets.funkwhale.yaml @@ -1,10 +1,10 @@ -djangoSecret: ENC[AES256_GCM,data:Usu+QgI7MLUmU1m3ExE=,iv:wv4i60NCuG13xBPSCZ3NDQI+z5h9ENPVQcZmqUUFvls=,tag:2SPu5TC4sDxXkxVdZ9j11Q==,type:str] +djangoSecret: ENC[AES256_GCM,data:CxsJVhNxku3pohREaVs=,iv:KDupR8tZlPkPeRwGWzyz+eKtp1tfTdFWqXNuQW20oXo=,tag:lCHqv2CC8cXpnqTr8fGzPg==,type:str] postgresql: auth: - password: ENC[AES256_GCM,data:Ly65GeUvKfwKfRakpDZWftzzE11hw6/mQ/rP,iv:DUIGI68MyWF7H56QIjajgP9GRNwdirX4i1lNMP02vXw=,tag:bl0bHFIbMWG2gVns+Fvfiw==,type:str] -redis: - auth: - password: ENC[AES256_GCM,data:ZLhshhCqRR4ks/UoMIwSbHtwSE4yg5Kv6GvqUvq9,iv:urWADLANGZz/W35grDnaFuvkzFx71fcqWOzpvz/5fR8=,tag:MLUMmSkTSGCntlooOWtR/Q==,type:str] + username: ENC[AES256_GCM,data:S09SpdX3ro0S,iv:QYQiF8Ozz9iLElqsoxyika+iVcHzRyo4hhaaIw8/vDM=,tag:KzorD+/Pysqwm5PneRRsyg==,type:str] + password: ENC[AES256_GCM,data:R6bqME1FH72K,iv:PuOIgStSM/NvwhQj06E/PMtB30aDbstypIBt84Fh1q0=,tag:gzv9S+hYW6qjgdoMhl1mTw==,type:str] + database: ENC[AES256_GCM,data:Ld33SGYZdlK+,iv:hZ/DlO3wNQ7Bm5L3RmNDzOp9U4QBr+nhJbDD1XYc56Y=,tag:NIgpN71+dL1jIgG66l+3VA==,type:str] + postgresPassword: ENC[AES256_GCM,data:AGtLRy+ujNAVpA==,iv:U19Pb6vXU/ceH3M6ZLOduqRBFaStX7JSyFnO6ODzbLs=,tag:kpbEkwMZl7c2wJrELjp4tw==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +14,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpT21wYkxzTnJpemJSUWty - dm5EYy8rcXVnT1dVSlhjbkgxZkdsdGV1WkFnCk9pNnU5U0FRL1l3NWwyMzc4Q1JG - SVlmRUwwalR2M3NwcjhJTlVTZWFIWXcKLS0tIDBtU1V4YlJxNVN4UVdscGM0RW1Y - ZXFURTlCWnJLNWtjOENSclIxbHZWeWcKPzZZsTcvVWbLCroJZWeI78H8cgoLfxjC - nXtzdPpaENY1k6XULtsMWmh73Yj1Ul0pRvGiYRetRV0LOo+JeLcJ1Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRL0l4OHh5TTd1UGoxZFcw + TUtNYkdYTzhRS3hpTHkyNlhoT2hTek54RlJnCktpZmpDNk9mYThyUVZOUTAvanBL + VElHYjR6T2QrV3N2c08vZ3JHVWdjSHMKLS0tIE5nREIyVlJ1d29UVzE2aFl2Q21Y + dWdMUFpOOVJYSXdBbzJiSzhQM0VmbWMKUqdIpfa8i7vASIga8HFurrPf1RgA+WVA + GZiG+M0i4yc3SooTIwbDzH0orfaEHueKdNTGOXMgxNiRIt2q9BG76g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-09T09:33:11Z" - mac: ENC[AES256_GCM,data:OCvHNmxwe5pd/xZiwd1LKD/QvzLd7pEQxqhj6xREeq/VQHDapM580DS+BJYEYWRVJUxIJP05E5ZrzYqfmXbynNvY87f1SHNWLVsRTDsKVI5j3ND6mxXH658DcJKfPcJlc3bV8SYX8ATiWI4JIyV43jvhFZ0JFrWLMzPlc2wVdQI=,iv:stgL/nBiCh33GEkBTRvcVyoc8LtX4ZEHgVbsl8x2GII=,tag:grVO5PT8kOlbbF/FfXBPmA==,type:str] + lastmodified: "2023-02-22T09:20:09Z" + mac: ENC[AES256_GCM,data:1Wt61yiS/8/D0IwiM1RQwV6fYZNq5yZFxOWE/1T4/eLhZY4jSLFMMDrZLA3joOv6ZeN1fWzbJpbGEzsBdPm0ZP7scz56+XwWJTjY9xlnlRB6ou35ViABE9mKCNP6/wUqqnw0d3EhnxhC5lOAPsl5koUHhGQw/8dZEDiA9PniQ20=,iv:dgkvOii83PR3cpFBQoSq9pi53g7DjTcrAXc5O5ge9nA=,tag:/RWIko/vBwFcHIZqmJdrZQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.7.3 diff --git a/badhouseplants/values/secrets.gitea.yaml b/badhouseplants/values/secrets.gitea.yaml index 55bd2b4..7d4a1f7 100644 --- a/badhouseplants/values/secrets.gitea.yaml +++ b/badhouseplants/values/secrets.gitea.yaml @@ -1,23 +1,15 @@ +postgresql: + global: + postgresql: + postgresqlDatabase: ENC[AES256_GCM,data:hJfOcMc=,iv:/M0BkKTSojwNcd0nUETwaQJeNWNuIPugROHsQD+VyvY=,tag:7Ljs3VlZ2BLCMYXuU2XtpA==,type:str] + postgresqlUsername: ENC[AES256_GCM,data:3c+n9o4=,iv:i3rgY+NvP6lUqXQHbRYQSWIVxlvmI2LHFsZ1wLMkPsE=,tag:ykMrMgxN0nMjpgsdbkCHDw==,type:str] + postgresqlPassword: ENC[AES256_GCM,data:8qmyYj/FcclYfd6h8FqICQ9vRFE=,iv:hhHjXdZY393PnG7KnXuXiRnf/Nooc6fbuG/Vnfm9uPQ=,tag:a5HArQdN2YEQa011pZkw5g==,type:str] + postgresqlPostgresPassword: ENC[AES256_GCM,data:eAOXc+LouMdlfw==,iv:ePyDlj2wUkI7JoaUE38I7a/2mkaIL6iqN5QVp92FDN4=,tag:SE+BaOK5CZHT/Xowjov/CA==,type:str] gitea: admin: - username: ENC[AES256_GCM,data:o01/289lwFk=,iv:ubra+bsAGt3Sgu49oClylLWUd5ie0l82Uur5vMPcFfs=,tag:bH8dxpC/yls48dWoF60r1w==,type:str] - password: ENC[AES256_GCM,data:L6dhobCkOinNg/MNIAA3VBAq6ZY=,iv:CPBDvQ/i/OniOFTngH5CaUmygf331aqAVJRzBcMJw+4=,tag:RNtXdxEMckIaHTaMVLn3uA==,type:str] - config: - mailer: - PASSWD: ENC[AES256_GCM,data:tTMOtRJ3trW34d+KqMGTYLBMBJg=,iv:4B3ThvHS+vha8pX/OA9rf8yeSGcafEbuMwHvjHPZfKA=,tag:Qs/y3HyxWX9il6HXCw9sMQ==,type:str] - database: - PASSWD: ENC[AES256_GCM,data:WlmdwR035A7nk7xfq5U6A9Ndoj0F3hkl5g==,iv:IgCCq9Hl7oYVTE3W/MfqSMT8yEl275HO8CwW/az2e10=,tag:ZKsJZq88oJhsIvSYwWsX3w==,type:str] - session: - PROVIDER_CONFIG: ENC[AES256_GCM,data:amNVifRdK6R3SJNlLTYik/wrTgfwn6WR4cpCqrmSGlTXKgirmY2UjgYQkxThakmgCEDPaQGFf3dUi7CmCaThIN6bBueNVIrWiccLcp99vVIz05pMlgi+tRQStDStNtn0hIT2hsfCShlX+yVemUYveb+5TZXigqgwpFyqLGUh0Q==,iv:uc/R+s2IZwaXVbaT0+D4rNd1ZjqyrRw0ef1hdQeC7rY=,tag:WhK0ti0PV66LsTLrMmSrQw==,type:str] - cache: - HOST: ENC[AES256_GCM,data:YlP7/4j3r1IpIuQN2yq2QD3IPN6F/sFw66RfsF0wPv53DNmordSB6D6Ltp4p5rhJtv9b5yX/XwEf6HY8BPpV4hC0oEDIMWHr1+rIS8GqaDt0faiwPCvMxAOmFjEP6n4pcEJgOlCx1Qm57SOQPKrUb64VchgOSAvkeSpWsBXoUQ==,iv:0P5LUtVCHpuuG8AwHhK2Hm/9ZY5XUYhxz9pVirhtt7I=,tag:8Hg5l1e/36AEa2mDmJSPWA==,type:str] - queue: - CONN_STR: ENC[AES256_GCM,data:8WzpUjOeIUy/wd1SVah8huYgKGnQOeaIsHIGDOp5RPn3sDRFWQjt8UrQSvdQlpS1ByfzEKOagiRbAntopgKUBS217BIxCTseWWNHZSWFHmeqHl5khF12W/vzGnmNz13AzYjFyAa9pL8EO3padLCcW1a4amxrZrVxfoDdPGtLfg==,iv:ORrQ4J5h8GHCIc3t0DkMe7Su0azZZbXbHRq3a4els1g=,tag:OVtgofGCMpuAlZRSP2SC7g==,type:str] - oauth: - - name: ENC[AES256_GCM,data:DgSGZYls,iv:jO6H2etEbN72eUqALClaNSSXTmFmwEwh68+B55XjgSg=,tag:NPvG3dNbqBfJpIYs5x5DRA==,type:str] - provider: ENC[AES256_GCM,data:KoZ8Phel,iv:DnVY7rr6Si7wRqcq7CIEHVwzdk4pu8LI+SfIKmQ/CK4=,tag:BDzwrZlCrG/1PZkZatAinQ==,type:str] - key: ENC[AES256_GCM,data:KHj8+hRm9WkQoJu9zZpXM9MggLU=,iv:HxbXynfvGPFDGKdHl9Vx4Y+Zg8hk0PBX4SmK/KDfVKk=,tag:tL2lkB458HhuaqZ0zf2FSA==,type:str] - secret: ENC[AES256_GCM,data:xGu+1QXvLo328O5D7+mJb+X0s3qQbD93kQA8UC3ec27oCcomXRSX7A==,iv:vVLCaFNv/4qjbvxyM2NKfScWAUz7Pn4o3GfzW/IhTO8=,tag:mRvGiq9jrcp+kaUeNlCnTA==,type:str] + username: ENC[AES256_GCM,data:f4o3zs74rjY=,iv:t5Cx0suxiZduwL2bsfNyxOVI8RZH1ytEGUdOF2nONco=,tag:mo/BwFwzw7e8tAX6LyaIQg==,type:str] + password: ENC[AES256_GCM,data:TnIUSnX7Lj+2N6mWWOvVVmc96DQ=,iv:vjow//IrtvdmTg4jYenwTyUnuBhq7witfzugbE0uq9c=,tag:L5UPa9UK4aB1wY1ilZntzg==,type:str] + email: ENC[AES256_GCM,data:sePKv5CPwYZtayjcqX4JoSGrZAR+Zhfe,iv:TTwfxzqq83xe2bk8cVV93GTlfGMaxmR5arK+Vdht+vE=,tag:Aiox/la2sENjC24Jiib9uQ==,type:str] sops: kms: [] gcp_kms: [] @@ -27,14 +19,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOUUg3a2M5cklyK1pXbklQ - M2NXVkFyejhsVmtuclB0bDJSUm9RanBza2lNClVoc1VaSjhrWkNUc0Q5NVJ0Zlo5 - TEFzWXBya2tRS3hCelA2NTdUaFNqekkKLS0tIEwweEw0NFJRb1B0YlhnSFUwQUVC - OUh2Y3dUN1E2cEtaZWxvQXR2S2RRU1EK/4pB/huJUUfnai9tNuLCgVlYV+5e235X - RsA/rvpzFkwLWJD/Bg6Uxys9zU0LyuEvi9DwmEHM7Wuam85Ssh20Wg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkMCtwL0h3aGtNQlYzVC94 + QVFvQ3VsTnVuckt1eW80RXFkTUw2VzdzMTBjCjMvSDFlZXpyM2RQRTFTTTJrL3Zu + LzNlRy9ZVTY5cWh1WmxmbzdwZVNHQm8KLS0tIDdxNGlxbnk1SDc2R0IrcmFHMmo4 + Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN + WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-09T09:32:40Z" - mac: ENC[AES256_GCM,data:zB/f5zCAEYpfFxhA1PW0osBvIC3WRVH8GlGZggD98KyuwhKDRlwRlNp6LTcBJjt0xZLK7xGQYB/A6vhpo/V6D8JYc6Cajy0mdy3n1BhX6W7ow6qsc7iPxFOKu2FegNwxY433FWsprisbV73K45TKLxxBtwD1PO/gCzCUah+iXr4=,iv:YEyYqURF4K1WbN8XB3f7YKq+asco8+m1jjBmCnqQ5gE=,tag:F7CgV3cQNTWndm4gvphejQ==,type:str] + lastmodified: "2023-02-22T09:43:31Z" + mac: ENC[AES256_GCM,data:CsAwzOnU31crz6+rQjwutDUtZK5Qq9EQHWNYAnmVFhy3fWYT4+9eLK2gSjq+kVZD9QC/vH31Kf1QEKMKu9Kol8TuDZN+UEEuuixQNqi2hcPbMV43HVOFdFOR475jLbkUo2S09Bs6b4i5f7NbpxCuy/am4K0p4K4839cRyN8pADI=,iv:w6tpLCM/FbyMgZpjXF5MVB4/UcBUvOUYzMa9hln4poc=,tag:SMpnEtR2l4H6VRqJPT7Frg==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.7.3 diff --git a/badhouseplants/values/secrets.iredmail.yaml b/badhouseplants/values/secrets.iredmail.yaml deleted file mode 100644 index e2f189e..0000000 --- a/badhouseplants/values/secrets.iredmail.yaml +++ /dev/null @@ -1,25 +0,0 @@ -config: - env: - FIRST_MAIL_DOMAIN_ADMIN_PASSWORD: ENC[AES256_GCM,data:dcrMgiX2egbSllo4esVRcJ340oQBRpVkRA==,iv:NQpe96WmGRAnLmeAK0VT/zdJ8MS/8RfAJIwNsL8alHY=,tag:CjppOC4SEW7a9u4Q2xlm8g==,type:str] - MLMMJADMIN_API_TOKEN: ENC[AES256_GCM,data:OxsD/v9ACQuoyHrxZmIdq8TUqmbWCh8GhGaSQTBGfS+vp+v2rdfKIm4WTnI=,iv:68Vli4aaCOiFixooz5cHABuRLuOrw9/HNpBNQzVwAkg=,tag:RXBXFzGCOO6MhoeNhES/+w==,type:str] - ROUNDCUBE_DES_KEY: ENC[AES256_GCM,data:RZni9nCThb9xzzNrN6JTQsLetnMB9cSo1L7hwLERnbA=,iv:L3r0I8sQkoicwy6odvuF3HfIEDQVgnOtn/OMpF16Dis=,tag:ZFaoIywA+FJ/GHAZAGjU2g==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrZlAvUXJBdzM3RjJMdHNG - SjRpSTBYNUs5NEoxRFdLZDN0a2IyQlp1ODB3CnQycFk3SkM2Ny82U1RZZmE1cWxG - TTQxUzhWRWlPQmxYUnN5dVJpb0FWa1EKLS0tIDZSK1NvSmNUQkZucFJCM3FiRHlI - L0VKb2JCc29XWjVkODJxTmxPZXZJc3MKyDy9BH0W1OgEONm3PLCskOWtIr2YW2V8 - 3Lc0Au6lLYetVCvSB82/uylZBHc9yQ2rNdLBUrm1zyDZJW/BmNpVLQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-17T05:06:27Z" - mac: ENC[AES256_GCM,data:WP9F1N5ZTYwJk3UfiSwf/QJHp06pawdbu6kUBOMTq1tWOZ/zhCRe0vJzU7alUxhw1RZu8f6tUNeh6qXxt/4mrSuy5dRjOKOJyRioIcRCdg4Z+2jVycDAA2VlPB1oDQj0CIdrW4hvM02KZKxcOy9KP8iRQaYqLlhvWrTAQZ9HAIA=,iv:d/wZUbaU9EkBPRIxqCDDXpp8AMjjHnXxej726q37Ni4=,tag:AC4FvAFBTYOcI02bFD+MHw==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/badhouseplants/values/secrets.mailu.yaml b/badhouseplants/values/secrets.mailu.yaml deleted file mode 100644 index 61e967f..0000000 --- a/badhouseplants/values/secrets.mailu.yaml +++ /dev/null @@ -1,38 +0,0 @@ -secretKey: ENC[AES256_GCM,data:0LlGX1QG39jemZ8X2Itq2A==,iv:Dt1YoxrQ3yxJVZ3sc60kWXDvtwKCO7PrsZRMZUDOHpg=,tag:NY/8/xxnYcX/Hv1BCIKCjw==,type:str] -initialAccount: - enabled: ENC[AES256_GCM,data:rCMSGQ==,iv:mltQk4uc4jETPOimbRirrlxWxPsck6cLOM387chFtt4=,tag:3cy2sk+WPle9T96PcdWL+g==,type:bool] - username: ENC[AES256_GCM,data:2s3WINCPpAg=,iv:inUPAt/Q/lqSi88CKIEcexkbeJwSkS7pCWJqjDBbZ68=,tag:793MA/57fipWdODD2zcaUg==,type:str] - domain: ENC[AES256_GCM,data:IPoIY+yGxry3QQTRbdfbaRJU,iv:xG3mp+yAf+J2V0owRYi3XUCpQjtxAA+92bNiKTLvhvw=,tag:JogwzTxnImd4iKgJz76yaA==,type:str] - password: ENC[AES256_GCM,data:e2d9qYEUjkxbQRatzDslMTGDZhIqZwgr9t/olN2G,iv:uynCQDAKn7IoVpd1VLhWAI6dK2hN7LNC9PFNnOkYGOU=,tag:gqZSMCh3j/9lA7m6RQm6Ag==,type:str] -postgresql: - auth: - password: ENC[AES256_GCM,data:YHgy0iu0oaaRBiiO0FXCN2o9d76Vgdbxi3Mnoerj,iv:d0tOkZsXvbEVA8awiX3P9AMrctbvy2JIbGggua5dTzs=,tag:v8b7QHY+5urMsV53IL7wsA==,type:str] - postgresPassword: ENC[AES256_GCM,data:LJH0X2ptmy3xNOHcpWr1FQ0IA1v8q1GmzXrhRwZz,iv:kLh8rb/75uGQL4uFbNLxzD+U59LcKkDeY4uExgbfgoE=,tag:abbtDQZAdzzrMsw0ErnX9w==,type:str] - secretKeys: - adminPasswordKey: ENC[AES256_GCM,data:30CNkafy6P0F5UCvjxMus9Isi/FzDzyOqMT+VFk0,iv:1s7dFCEGD6soA+uwjAzKmvCltS+YUVY1/2Tk3ZOBemU=,tag:IO+YBBWmmUnyxbsigACRwA==,type:str] - replicationPasswordKey: ENC[AES256_GCM,data:pdBxjNmwcsDj0/dC5324XVUBpemUM8LbjxVlBwt/,iv:+wfSUgLgCORtSe1Vf02LZx0U9eEs6Bd9OgH3n6kK8BQ=,tag:E+FgJG2z8/TBAmy7+XlYSw==,type:str] - userPasswordKey: ENC[AES256_GCM,data:3s35K9e4RHRvpt85ft2Msb9GfC6TlGnjIT8B/obp,iv:KnuBW4b0LOuHwXNzgxVqpVDnijiV+DoyQfveHvgCsp8=,tag:G3FcSSPMJy/7IUsUPLbuSw==,type:str] -global: - database: - roundcube: - password: ENC[AES256_GCM,data:WUgeCqoWVRCdrA==,iv:5HO53lEArnIqRlWnQqlSKZ+hs7DxDAc9D3wHmbvb68M=,tag:nrjt2qnqGDmT/rv7JNR8Mg==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvVlBCaDl3OHBxTnM4aWRS - L1Q2aC9uT20rUlgvQXFkVThsa1JBS3ZwdnlrCmwxQnNRazlENVFPUER4WEx2ODVu - Ukx1RHQ5c2NCZHptNm9IV2cxdHlmUFkKLS0tIG9kRUhzZDlocEhNQlFrYVpZdzVj - aXFnN08yR2JMVkNGcjE1UDFDWjBWSzAKQIt/5DQkW8FTQTQyWfU8QSxMQ8TV1J8i - l326pi2q+TuLoIvef8EKA+qax56OGnqESl2JcyHCAyT2T1tTzM1bpw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-04T09:30:41Z" - mac: ENC[AES256_GCM,data:5SE/XCKyCArO+AqhRJb8h3K1WYys5OHcOfZuRW8j8i3SMEtb+84D1KcsgEFBsJmvffbpxaKXcz7umEIKG+LWLeLjvCgqHwZa7Tidn1X07a9Dep74BfvTNZWVCKEAi/6YcHkLIsVM9Bkl0MOPZTxDjmzVsdiCR+3nfZ6RJ4AysxA=,iv:Yf8m6YNxycoZj+uYAe4rKRmzQiuZtmpLrYYmxDvwPbA=,tag:TcrPy/gj/je8gGOw3jiZ1w==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/badhouseplants/values/secrets.mysql.yaml b/badhouseplants/values/secrets.mysql.yaml deleted file mode 100644 index 52fd510..0000000 --- a/badhouseplants/values/secrets.mysql.yaml +++ /dev/null @@ -1,23 +0,0 @@ -auth: - rootPassword: ENC[AES256_GCM,data:X7htluDDokepRf8GVV4eu+pGM2o=,iv:DJ893dKr/4SFBEl8HnYv2PMb3Nb2AfL1RVgN2QmDRmA=,tag:W6QX7k92P7bgi3Ji/64xHg==,type:str] - password: ENC[AES256_GCM,data:hlXWCWbFnmbuUg==,iv:d9ZmklpwJa13wyNjrqNfFMEbJDSQ+NeyB4gj+59g09Q=,tag:Ps4oq5XWDIx7HnvCCnB/FQ==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4 - VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi - bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns - Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 - OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-30T15:06:09Z" - mac: ENC[AES256_GCM,data:oiigjlyNoSm5hcdB58MWUxhqcYzE5XtA5LEDUCUX4r0inNd8UuLP029jz6bvQ7E/wFpiGNVTFAlFB1HA/YVwai/siovy5H2DL6g4LS3k+fxLKc3lwo3BvkaBi9X2aYu7vGBJpNe3KxBdWFyjkEQVoux1RD8JJBYNquMu9tW3K/g=,iv:1H7pF0Tr6GcgDt9ItXiTBOTFa55wb9pOdTF3jNJlPiY=,tag:dQ9nrAKr+qo4JpqD2wJXjg==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/badhouseplants/values/secrets.postgres.yaml b/badhouseplants/values/secrets.postgres.yaml deleted file mode 100644 index a3223c8..0000000 --- a/badhouseplants/values/secrets.postgres.yaml +++ /dev/null @@ -1,24 +0,0 @@ -global: - postgresql: - auth: - postgresPassword: ENC[AES256_GCM,data:NopZyPWiTKPPVzLcvVLN3JgMQjQ=,iv:rWVhR2wChvQSIa7eBPrvnWO2ydLZ2D8oF87INiy8NX4=,tag:Xb0qbED6QXu5QBgHY6hrOA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4 - VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi - bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns - Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 - OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-21T12:58:01Z" - mac: ENC[AES256_GCM,data:ShHWH9RIL4rJ5X0IvThOtyM28AC+1bJLr4PJJdYSLtV9T7Wcs2LbmWxtM2tpRyzMeZjYKJrsstGYgxBevr1BpfGBIeR4+JCwrbdK4AOq2VbLMpH7nMOU/huuUpxOopweRBTwZOEMRBkSkEk4qPvebLHEqUi6aNGdtxOINmHv/fA=,iv:C/iJOSshanbhSQ9Be712aSN2B8aXndPpP4655SQONeQ=,tag:BAJIzrYfh8a59OzkxDOrbw==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 \ No newline at end of file diff --git a/badhouseplants/values/secrets.postgres16.yaml b/badhouseplants/values/secrets.postgres16.yaml deleted file mode 100644 index e466bb1..0000000 --- a/badhouseplants/values/secrets.postgres16.yaml +++ /dev/null @@ -1,24 +0,0 @@ -global: - postgresql: - auth: - postgresPassword: ENC[AES256_GCM,data:O5Fvmjipcx7CZ4DKQjRW0isfzoUt,iv:sVl6TFRCKAL5ci+lC4DfX/vZkWwRVg559kq4GU67udY=,tag:dEsoEe1UfvD5rUrI+EYOsg==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4 - VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi - bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns - Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 - OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-04T02:27:48Z" - mac: ENC[AES256_GCM,data:yyvzDlqm3ZOGAMAWCbA4JBC2xs14dKJ4oGifHCvD6K3cBcLgQLS8MOoQJBVfAfL/lVqYDtQ8qwQl/NbCEAKdqw5mtGRwSGaCExSTfO8PIUZCT69q5lwhAxfSGkhjjup+88MhwdZbe2iqqr0nF/GBYT7exqu6Pj85ZKbeDVBTMUE=,iv:KVuyYWYvtVjFinkY82nPwKI/XX18t4purLInfjSxYlg=,tag:kD0G+keg4veTy+CN7KOo6Q==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.0 diff --git a/badhouseplants/values/secrets.prometheus.yaml b/badhouseplants/values/secrets.prometheus.yaml deleted file mode 100644 index 8e23981..0000000 --- a/badhouseplants/values/secrets.prometheus.yaml +++ /dev/null @@ -1,26 +0,0 @@ -grafana: - adminPassword: ENC[AES256_GCM,data:AuPGLXN861DvndWdecukXKzt91sGGIMBToj7tO3J,iv:gKmj0gurV77e/jbxdyxhaxkmmsp738vB6ZAfzRFf45M=,tag:rKOkedx87g4MlRk6npgXiA==,type:str] - adminUser: ENC[AES256_GCM,data:Esh/6bXMez8=,iv:cRdvkpnO8gNOaKy+4kPcq69ksdXxuZClnjSvBp4yto8=,tag:ZgycOsDXJIT1mrN6nJHw3g==,type:str] - grafana.ini: - auth.generic_oauth: - client_secret: ENC[AES256_GCM,data:+4Qfo4aR9TMZprWL9U6lFx4B86d3ywH2O5K6rM5hmv2gROeFinp7k5p9C2pgNubIK9W3TlWSZAw=,iv:uFX2Lz3s2/aR5rcwsDvfuUGbKHNxh43ZiuCNaT5b1dw=,tag:8YdsVMaHbP6wqjubb9Ab2w==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXeTlhQ2xpK0dvMU00ejh4 - bjZxZVMvMEFobGFqYU55a3dxcTlnRitkS2wwCmJVNHhQNHJHTVBxbk4xQ1RWbkFv - TUNGY3YvQUIyTUJYNEZmOWRYd3JaUHcKLS0tIHJ5STVXV0hxRUdYQmNXSFR2U0Vv - NXQ5SjNQUW9JOStDclZuYUlqV3FaWWsKvu2T2LmDjuJgnB0djjhJczsvDjFsH/D/ - QDPkkl2G1luDoIjBj21uoy0daqfyskd4Yw2ZsPsZU6zuEGdFj52Qbw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-05-29T11:41:00Z" - mac: ENC[AES256_GCM,data:7Xs7W6smDPr8fp4AapKcUvHUsYRKkTQ3wb4CuDmL0ziQs2d73ueezEembp7RRaBQ/Q5jACY1dHQg42+4YymcTt8NqJ6SE4G7f9iqJu3rr5g5lh8mYP8ft8J1/l2jrQtCSfxyzuG2CPZRycQIo+0Tq++w6iK0iy6ExPt8cDNR2Ao=,iv:v8m4CEW6FG5rWV8fKsqACh37X9yzsB/Bl1wh+4348rI=,tag:Up71zDf12JMDjK8uIxnsLA==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/badhouseplants/values/secrets.redis.yaml b/badhouseplants/values/secrets.redis.yaml deleted file mode 100644 index 14b99c2..0000000 --- a/badhouseplants/values/secrets.redis.yaml +++ /dev/null @@ -1,26 +0,0 @@ -global: - redis: - #ENC[AES256_GCM,data:QRLnzdJ/lmaItppUMOZO33kySISWDfMdjr2nrEjBuhucnoglEVNF9Wy5IVbt5CNERajCADTVWNy/N40uCv+9n3PQVKl+Ki6YV+Q24Bzy,iv:8PvJ2yU7AW+/XkP+/9OQcrdCVAomnRexkNNw+2rjoho=,tag:U4gbrqqBwvXC63qn7jFmPQ==,type:comment] - #ENC[AES256_GCM,data:69gagNeejZaafGWo/Rll,iv:kW13FOrc/j//BxVj4JgEC0G/DQIOPHil0uNXpOM2/W0=,tag:sqviMlgQHiN397ukswoNsg==,type:comment] - #ENC[AES256_GCM,data:C8ta7Vtb3LpOotE=,iv:Kdat2trhQIQHxIpD7xhUoLRYo+a4PgzpB+S0w32somA=,tag:jgH656M8a14QhA//sN6MGg==,type:comment] - password: ENC[AES256_GCM,data:qdV5FH2K4w9gj4SFznfflY8Uw3ohSCO4lOE4Hea4,iv:/XYT2xiHlfRB1NLkw+Qm/QaWehvs9v8PUp2ZfMxeyRA=,tag:06XSi3K7y+9a50nZK1LAfQ==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1 - MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF - cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1 - MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf - pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-29T20:22:15Z" - mac: ENC[AES256_GCM,data:DIdcvQXu7rivXdPFPjfzs1AeJ5bRvUBD+Hq9mH7Hp/+iqrG03fWSF2NF1ra8KfEIg6TDsyMnQLWvipxBlA654BLBNrABFoGwLsdVsATBORz0kNNY862qfyhSOaaTBHTWhPVpbjGnYav+bi5pfvbLC9yJm3SjIRtUbnaNVWvqMq0=,iv:d7SaPZLb/px7fy+bGJnH3bfNBmqbhwMijyNB0jfYgLE=,tag:LT5hJoDcSiP5FVgj0M2sCA==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/badhouseplants/values/secrets.tandoor.yaml b/badhouseplants/values/secrets.tandoor.yaml deleted file mode 100644 index 65d3703..0000000 --- a/badhouseplants/values/secrets.tandoor.yaml +++ /dev/null @@ -1,22 +0,0 @@ -env: - SECRET_KEY: ENC[AES256_GCM,data:vIzxdLGoKHEIGt451pZKwyFFQ7+g3ViryUHkhmzU,iv:JuSUmrUUgVL07y4mQ+z3lNRLpe0io4uDKndWpEgIVDU=,tag:6nsOuHbtgyGFJebOHChKxQ==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNYmNkcjVyR2o5R0dJTXZB - d2NBczgrTllrM3hWdHVIcmhmb1dlY1FzN2pjCndTSS83Wi9WcytrT04xY1dyNXVV - YzlxWmwxNkpnMk1oK25wcDJTUFQyYk0KLS0tIHR3R3did2hlMThOUEV1QjNma2pM - NnNxMC9vNStLQ1dadE13RmhLWExqeG8KpSUTbfxuZX+7L6SK55BJvY8KIfqt2ykz - qNmUpeC7YHzDfoXGF6+jklMCVcUJDRI5UeZejZ7KXnI9OR8VncIiqw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-06T15:16:21Z" - mac: ENC[AES256_GCM,data:qVocy+iBsjj45hLObpoxxo0ZyzxCITXR52NLfo5NZvJutRLs5SfKjmecYVth4j1t15qUJ3GIYG2t2lGxqptMyPK7SG4ln0G8p02LP4XdboKYeZNdWlHYf3cMZtnST4WdrpTCNWhLs3+8ittBb3AsR3QBtwoqzalC+VatAOJ2IDc=,iv:y3TspYIFS/eVJE8x+fAlPhFrWcH9PM0Rajgt8yUJLSc=,tag:nUt0xWqdjfoeemTk4xhr8w==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/badhouseplants/values/secrets.vaultwarden.yaml b/badhouseplants/values/secrets.vaultwarden.yaml deleted file mode 100644 index 61f6e40..0000000 --- a/badhouseplants/values/secrets.vaultwarden.yaml +++ /dev/null @@ -1,27 +0,0 @@ -vaultwarden: - smtp: - username: ENC[AES256_GCM,data:j/y4Wzhb1obnLW9zHYqpM7/Glfd15hDAAn+6,iv:wNQgESf/0zbfcwFWrKgdSKcoCYVUJ3pnQYuMhfeergQ=,tag:/DPHJGrySeH9xZ9gfH7yFg==,type:str] - password: - value: ENC[AES256_GCM,data:lM5RLAEz5K2LqoCEt2KfOgVv+Dg8zDwUKg==,iv:tT/71iljjyCyBxVoAKOZgdC7BHxhQfjH7ECZUGTv8So=,tag:sd2+m7KyoJmEY3l6Qey6yQ==,type:str] - adminToken: - value: ENC[AES256_GCM,data:8+nwPIKqrzIHvfxzVvUx+hh6qz6c8lCTYzJQsbGFx3c/76wzgJZ08TVNRu2VNmlHBOE=,iv:U5Cv0rykPbBql6wu9HFuMIGoLMM40TlDp8MNM5OGzzw=,tag:++lPoZaKQD/RsVm1xZfMRA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhLzVRdW5ITFJmWHE5dkRr - R3pGbTh3UmFTTXR4VVVGRjlSUURudmxwM1hjCk16U3BKYkZTcmdwaFZtcTZNYk9C - M0ZBZk52bDBuNWZwa21SMU1mSnhmWEUKLS0tIGZVV01KQ3Z6OGltN1RFSks5MVJI - a2xWUGZpMmovY1Qya05nVXRZVUFDTFEKhF34OSdGZizs1/Rs9qvUOVtomQBvOFbS - hRsK3Orwig4HJdzj1UOZd8UMGwj6Mzhw+aKUJKL67igMwxbxVcaU1Q== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-30T18:44:39Z" - mac: ENC[AES256_GCM,data:1cpPRtzipDI0/fXlbcbuQQyjAZMk7MR005sJAIwfNVG4o1UdV6cIEG6096yeXGP8aKYXJwm1GUZ0NtdipQpieNnj59xClZHJ00m0K/0b6UHoGzSMY82t0nNrS3KvVEQP0a+LR5WVQEl7ac2m4FmbHpGtSWWMW6CYBnflfHQisFA=,iv:exvh14LUOeZnLrnvPrX9Hzfnv7wMd1Qfx37F0aVf2q8=,tag:62QX/P5K3U72O0zkgyyXhg==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/badhouseplants/values/secrets.vaultwardentest.yaml b/badhouseplants/values/secrets.vaultwardentest.yaml deleted file mode 100644 index 39b3c9b..0000000 --- a/badhouseplants/values/secrets.vaultwardentest.yaml +++ /dev/null @@ -1,27 +0,0 @@ -vaultwarden: - smtp: - username: ENC[AES256_GCM,data:9bEvyZkXadW7Hx2iW6ByPDdnuIFPkeoUjoOyoQ==,iv:Y5M/16L16AWXeaWyKCSsV/c/l9JXmNzx/IsLBmMJuGg=,tag:nFN1ZssjtqZOG8Gvka9f3A==,type:str] - password: - value: ENC[AES256_GCM,data:CF2VgDpxlwHmvCDJhx0GDLT/yyw=,iv:t8JwQFeK9Te2zVdg+gPdMlh1E5g0vMG+ApAGKbGZ4WI=,tag:7UJuxFqS/hUTVunv0CJcTw==,type:str] - adminToken: - value: ENC[AES256_GCM,data:lrb99F1zn7AWlAttShQGGyMz5Ds=,iv:nas5hzd/XMQWFA2pTaTDkqXReoToBulf6s7tZraxM3s=,tag:UH/AXIWKbZOmu/W8XyuWNw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhLzVRdW5ITFJmWHE5dkRr - R3pGbTh3UmFTTXR4VVVGRjlSUURudmxwM1hjCk16U3BKYkZTcmdwaFZtcTZNYk9C - M0ZBZk52bDBuNWZwa21SMU1mSnhmWEUKLS0tIGZVV01KQ3Z6OGltN1RFSks5MVJI - a2xWUGZpMmovY1Qya05nVXRZVUFDTFEKhF34OSdGZizs1/Rs9qvUOVtomQBvOFbS - hRsK3Orwig4HJdzj1UOZd8UMGwj6Mzhw+aKUJKL67igMwxbxVcaU1Q== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-06T15:15:43Z" - mac: ENC[AES256_GCM,data:9GsJoDWT1Onv6f8aUcwkbeTcpr0vF2MIgtJjKTbvvPHhzVeVev4FPFZ5R0YQXD1CmQycu/rnElktohgu9Xwum3j4hfs8Ga2qDqOk6heleBcptXDYwcBUAxg8QD5NNAkefsq5oJi+QsdD0nOeRjG6o5XYRccyoFiucTcpT9eASzw=,iv:7UJzUShRD+tzhIEeKygZlgaWHOYOS+L2Io69K0xW2MM=,tag:alOPQPbM6cex7kgQv8mqQQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/badhouseplants/values/secrets.woodpecker-agent.yaml b/badhouseplants/values/secrets.woodpecker-agent.yaml deleted file mode 100644 index f71db04..0000000 --- a/badhouseplants/values/secrets.woodpecker-agent.yaml +++ /dev/null @@ -1,23 +0,0 @@ -env: - WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:cJoxJw6c6FYZ337i5P6dGUzLmgUn9Z+/Ed9aUK76WYnB8m0D9h5IlAlOfCQ=,iv:1BgxKsaI3dhhPNkZbpHKBn6GXadn1RD+3Q4RwKLfmcU=,tag:y8qLWwpVAwKrOWN1cC2ulw==,type:str] - WOODPECKER_GITEA_SECRET: ENC[AES256_GCM,data:VdWASwxPurzmfSjb2h8wBw3XbZSfG9UG0jmXSbTBPreZ+l7UQblI/wqr8Tw=,iv:APNuiqimA/ofCWsvywj+SJedQBMgRoCd65Gd3Ps2/fw=,tag:ATLGT4ACZ2GR46qD9ABUng==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTRFNvdnBsSHFBcjlGcGl1 - RnU1NEpZekpucTNCZHBGcXdBakhkU1drb2dZClVYZ2xMVUJiOXV2enlBbm1TS2Mz - ZnZ0UHpsVHVUU2ZkSGtwUXNMM0R6VjQKLS0tIFR4NEdTTGRIY3QycTFhRzJNSEY0 - SEs0Z3VjaTN2Y3Z0QmtEUEdQdmtwYnMKxQ3z1p2GulSOklUEolWeH20JeFwNpZqY - 870x5UtCJNVTMrIDgwMQK3hn+yywxPdgSRhkW3bqH4PJDxi78UUpXw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-05T08:06:51Z" - mac: ENC[AES256_GCM,data:pc4n/3MEP0GhmZ+wdbOiK2gj7ah/9IJ2hoXRtM1sAGy3UPNBrF5VE7hxnAi393YpWBank7crDTvg2aJjhVt7XqB8zcjiHtNMlcpxL6fJ+uWxeH4uVj/NBfSvoO410oYbtPuKMjZpPU7KACmTJ9tzVIZdZOScXx7fLQxNUq01Hu8=,iv:18MqueG9MHrTcXmu14Q8LPnMFT9lolDkCbXjjA2P1qg=,tag:6ETPd8vZ0CCGEUP5u8ZxNA==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.0 diff --git a/badhouseplants/values/secrets.woodpecker-ci.yaml b/badhouseplants/values/secrets.woodpecker-ci.yaml deleted file mode 100644 index 56326be..0000000 --- a/badhouseplants/values/secrets.woodpecker-ci.yaml +++ /dev/null @@ -1,27 +0,0 @@ -server: - env: - WOODPECKER_GITEA_SECRET: ENC[AES256_GCM,data:mGYEvlIeQC3mg+kxy3ZX6gAVf88DXLVdeSdgpQa8wixsb2rDoj4+l2ET2saquK+lVhjvv8ZKdvg=,iv:VlPgDYPj1xpxnpWnEHj+slBi0H2nWKeScclPItUaG9A=,tag:ox/Ur5vsOARXRT3g0hCgsg==,type:str] - WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:WXwsmLmb37clb5xgv+2DeKfhk7cwaIJpaCW8/Kq/CmgfwCmrarPDDQGXZoLwOjGj3mh/ciDj7V5WgHfyxuIDhA==,iv:NhGlPyPrTrTbz1DjOZEieWAfOQHqSqhdLiqMspex1j0=,tag:vOfo+XiCUW6MhtJemkZPMA==,type:str] -agent: - env: - WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:4lTZ16jbrorU4B9gTAoWmgiGggrMWD7K5O/5R47OIDMdRInwXtaWviofFD8WJQMduiGvANxMVNs0J1DLvFKi9Q==,iv:Y0AsW63vdVEwKvpVYeMVLFmwYlsQSwnz602QjDgj/ZQ=,tag:aO9xh3psy/bRCCQEFUp75A==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlQjZqNE9iMDl6MlhnSUp5 - QTBSOG83WFBqZFZIU2dEMzlpengrUFg4alZFCld4MkI4WW8xMUZnMm1SU2hmMCtn - bTZSVTIxTk5aZmo3OEJJdlJwL2xhV3MKLS0tIGJraERVZTNyMWFCVE1TbEhRR3J4 - WXh3NGd4UG9OODhHNEp0cDVoQkM5dWMKcz4h0O4J2WlB+L9+/U8Rl+zzd87hsJo8 - ThPZgnUNDGpdRrU2IYiXo03fZOhBoqBJe1ZG+Ol8z9bvTeyeMZxRIg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-11-18T17:43:53Z" - mac: ENC[AES256_GCM,data:u8iu+Ia1u5c5AkdyKbGT//G/Zp+yDNv3TQIElSBA6qCTBu0lKAii3ywXrqdpQ1kYtytjazcwkOa7vKmVy1UoCNda+8wGGHfhfOIQlll+TKBNvgUO73lF5P7X5q6CcgFMvTazXKElESEC3G04uVLEOdG1W6d0ArVRnh8gFOY6Jgg=,iv:VT0pFoOcLPK14I1doJi+52wtCfUuqh2nxdSVu0ufVOY=,tag:SwAOYLxOYaouteqXdgP2Hg==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/badhouseplants/values/secrets.zot.yaml b/badhouseplants/values/secrets.zot.yaml deleted file mode 100644 index 25871e8..0000000 --- a/badhouseplants/values/secrets.zot.yaml +++ /dev/null @@ -1,23 +0,0 @@ -configFiles: - config.json: ENC[AES256_GCM,data:id5h3EObc18qFAYXYtVFAgJcp7IUS0QCSQZfKqy1fIoZUUYYIuKBDE9aL3OnqZkVJtXn5DNCRii/1ZYY/9Tg2IEK73twu5lDkM73APphI2GPw1ONQh6WBRp54AskuZizx3l1+PyKI/8WPVy/x1cbc7l5pGBziDzSbREor+YQQe4P3Og5KqkoWPeeO/GB/vCP+4CquBVwakyDPibrXtvEcIPxfu8b4H84fBQtlStuoT6Mdmj7NfBtK5SEl9yZ8R+kAJyjr4aM1XrtKtpBfituxi6OsXIQgKTWWZtFkousCkDuKxJf1EUCUR1J4ClmcF7UGUOxg3r3Csf1Y6ijhVgUqDlgNmRIq+qsEWrgWVixnO1RMnRcWmgJFDAs/QXY841lJTQJmVS4LRNZKu1ea8fDmF5KaxBdshizeA0RZGrdNlTUIB5AUsK3mmyPCvM4JYivQp4Hv8i1U9zlLpuPWR+7UgKbHjpQSVCem+dM76W4z9Wy463AS20EjwLUicSq7g8yLoCstuI1XsC8yNLZE6Z/nUkRysiGXa6iJnWez2tVOnIVVJ3c378U3U6tTr7ygae7v9PcvoGBTYTZA0OyrMeHrocKp4026yQJN+8Pj8CPdZX/nhC0gW08xI7EQnzK84ca4XuEZHWEtlmMBJyIGK07trq94BH6QwUaIg+nUv/gKvUA5CuMSAqECv+wCfQ+EU7mRClXR6RYJvEUxIEvGjb3CTOyV+gbj+CKaz3LZWWPETCAvOz0Cd8L56E7yUwFNhd+c7X8RuMy1vdoiCXdkzU5QCDmfv3ka4lKBPd3cvHduXeAh0wMNHSqLEVZblnt50tiZmo6vwiNGxlg3jL56Lfn3rkz+HVKRl6ArPBOdJhbgGj0bZFJMPGBU8kNDksQ6DMw371vAR7FwlzLKdz1Z3D1CvmBRUBIhr4TbnPuTL77fytVq9IdgGcTexs8QhcelXmoW5nA61PpYhYCU65m7BKC0koX4fjCjAksvjZaI0eeYPgKafAqKBlJslqKq9lNGH1orjgmXO0LWV7xv7D46BRrrfMqPwHUsPAGBP4VhfuIXc3keTmtFWjexyjMzvkxtoagATQZgbohjL4D4dzMTVhGH+Iw6AyM+9/NZeb7Cm2CmmJJXG0kmXGezuyRwNrChlhd4/HdeLvfBZbvXYLwr6pZn8dbJ7w0V77clsjN2QhsrPGh8VVf548KlkcfWp821pwmPxLme2TU4nJE+eU/7xK+LdSy8vpZ6wkxThTUdj5/A7DAszgdDed3aWfVIKz2DmLWR1iD6fC7n6OIIE+dcywNTU0sbYkMffpoYwU9Om9uPeer9rkzrnWHZX2btyfKUy8bnf0LuHuzRKyFl59nMUhlXbr1YsEKabNpsaxT50L0idoO5Phkx7os/qiqvxaPChMJngJQ9BXIoKARkg4hgvvjKpQwmjt/liA18COy58B2gjH3aKA6kye0/utQTih65DamYt8Wv4niVAZ3wm0rG5uaBvwZnj9N/xn2Klx5Iih2ZbobWVVR0MCAhe1nKIcnZxRrsm+GGRX2svYZg4ROLq7FagL8mn27/aG0UMdKQGpbXDQviNQgY+wB3jBmZAea54pWe5sgGBxXAZSYhGoOaWCLwWUtQWGdusjebEuqonW6PSE7whkbJxStNZOdAxATlCSe7jAkzuj5VBZbL8mIgnTltwKk3RcbnpL0j0pwousVZpSqg9KOqubxgk81YyMImA4LI3Fi0OFYIbDSw8zJJUgwASIWLQ2GxLM1Z1oxun7HpMV5lK8I+n70Vcqutn2N8URU0XOo6gcWCfknhClCwkOsZxU+DSVYyz5Aq49zwojSsd/CuS6WbFO82MMCO7dRLIz9ju43xAeCgFY7ZpbRyCR8U5IJKHPrHunYGwaRpolAE1V13XuBu0pOyaiU0sIeA44snU58DVMFyvA3PUl47FXvPMjGahbZoun7vi8J8KbRXlhHH/HFshi5eT16WOXK5SXBEiQDjhLa5RseWI121ARKtsvBRlhr9yRsZedlhmW7nqRw5hbVvHDQfUFIuiRHF1XAElP1C1hcb2GDE7r4anmoSRgcHYAI50HF4CPBSxiI+EAisKARIlUgRKt3gOfG8AH4mraUL8Lt+Eb0Clsd0z2GuysPHrEhy8WzGv4HW84ngNmZgznXP7ZFrtT31zAQr9QL/oirJf+ujPUdY03gJbr3jQXrQ1mfivlsaofgC0WL0xLma3Cuosb1nGmw0XmCGJNIOmgZJ/plQCWH05UzVR/QXhdEwlci3VNeYOSIUJwkv2eUyHsxHj45VRtLuxnrLx7BqR+kxBpRayJXWRBx1rcW7RTvS1a5Dk5PxsqjKcxKu+wRbPFmv77qOIroGg+XKTp8XeIxcSs4lx7AsfpTEvWpARwsydrUSKf/++F+3dL4yOrOyywul8gnTN3iLMoTjpze83ZFcJ2viiyqMWnHWQnuVveZTZi3NmoC63ZE/XLlztJcDT1UkrH3Tlvu1AxqMcm0SxK3TgEbvGmdWYo07E+qEMsUyoSpeE5MX2FESR9C67s/t5/rfThhvvjQNhydUVLrQL8O,iv:njFz+TX54d1Fy7QtrjFht7lyujuuIamNWEXquA6Q+jA=,tag:d+9rLYzYZf/0uuZ/VVys0Q==,type:str] -authHeader: ENC[AES256_GCM,data:IHFsb7dRNIMe8kv0sG6u/A==,iv:mc0MhVWKEz8ln2DvC9mwrYtqKCvOjudiUYETOBx3DAM=,tag:aktcOM3u4xNyZ4wTJZ1E3w==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMjkwcll5bkNzUE1lQkN0 - NXRCckdnUER0YlAwWG1wWVo5Mno2T1g5eWtZCnJGMkNScEthNHVqZnlvQnN6Q0du - RnpzNitYR1RpTnl4UDB3Zk5HMjU1MTQKLS0tIHNoZHRjdlU1SXl1c2pzemZsQzBB - M25WRjB6QUpkbURZVmNaWm9nd1U4RzAKan1bSzcDc2G+428vpnNDWYhQ3/nFKSUp - VLnfx3roZUrs0QV07O+AHobOvlLD4eo8wfHMUneKipAQ8ZAlhNFTBg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-05T17:37:17Z" - mac: ENC[AES256_GCM,data:vabfq3du2GfVkWQqdy2X/8pl/V/i+juyjIeGRia9cZ57SFPPmS/7n7rV6W+tpp402ov+16HHevVu+ZUZKxFPNq/8WiIVFCh3YMAFimzB+wOXziivAf1zAgYX5h5JHMV3FrXJT0yJAGmVbrZ7KP48CaB74PJGb++4Jr3qPE6VU/4=,iv:PApbvtdThsQyfD2db8GBrnrZL4jlx7qL8bHhAijXk0E=,tag:vIwECp7tomejqjGadIhudw==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/badhouseplants/values/values.argocd.yaml b/badhouseplants/values/values.argocd.yaml index 71cf854..41fcc9c 100644 --- a/badhouseplants/values/values.argocd.yaml +++ b/badhouseplants/values/values.argocd.yaml @@ -8,7 +8,7 @@ controller: cpu: 100m memory: 512Mi metrics: - enabled: true + enabled: false applicationLabels: enabled: false labels: [] @@ -34,39 +34,37 @@ dex: enabled: false serviceMonitor: enabled: false - redis: metrics: enabled: false serviceMonitor: enabled: false - -global: - domain: argo.badhouseplants.net - server: - ingress: - enabled: true - annotations: - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - ingressClassName: traefik - tls: true metrics: - enabled: true + enabled: false serviceMonitor: enabled: false + rbacConfig: + policy.default: role:readonly + scopes: "[email, group]" + policy.csv: | + g, allanger@zohomail.com, role:admin + g, rodion.n.rodionov@gmail.com, role:admin + p, drone, applications, get, */*,allow + p, drone, applications, sync, */*,allow + config: + exec.enabled: "true" + url: https://argo.badhouseplants.net + kustomize.buildOptions: "--enable-alpha-plugins" + accounts.drone: apiKey, login + accounts.drone.enabled: "true" + extraArgs: - --insecure - servicePort: - servicePortHttp: 80 - servicePortHttps: 80 repoServer: metrics: - enabled: false + enabled: true serviceMonitor: enabled: false @@ -74,22 +72,6 @@ repoServer: - name: regcred configs: - params: - server.insecure: true - rbac: - policy.default: role:readonly - scopes: "[email, group]" - policy.csv: | - g, allanger@zohomail.com, role:admin - g, allanger@badhouseplants.net, role:admin - g, rodion.n.rodionov@gmail.com, role:admin - p, drone, applications, *, badhouseplants/*,allow - cm: - exec.enabled: "true" - url: https://argo.badhouseplants.net - kustomize.buildOptions: "--enable-alpha-plugins" - accounts.drone: apiKey, login - accounts.drone.enabled: "true" credentialTemplates: ssh-creds: url: git@github.com diff --git a/badhouseplants/values/values.bitwarden.yaml b/badhouseplants/values/values.bitwarden.yaml deleted file mode 100644 index 00e0898..0000000 --- a/badhouseplants/values/values.bitwarden.yaml +++ /dev/null @@ -1,40 +0,0 @@ ---- -image: - repository: vaultwarden/server - tag: 1.28.1 - -istio: - enabled: true - istio: - - name: bitwarden-http - gateway: istio-system/badhouseplants-net - kind: http - hostname: bitwarden.badhouseplants.net - service: bitwarden-vaultwarden - port: 80 - - # pathType is only for k8s >= 1.1= - pathType: Prefix - -env: - SIGNUPS_ALLOWED: false - DOMAIN: "https://bitwarden.badhouseplants.net" - WEB_VAULT_ENABLED: true - -persistence: - enabled: true - accessMode: ReadWriteOnce - size: 800Mi - storageClass: longhorn - -smtp: - host: badhouseplants.net - security: "starttls" - port: 587 - from: bitwarden@badhouseplants.net - fromName: bitwarden - username: - value: overlord@badhouseplants.net - authMechanism: "Plain" - acceptInvalidHostnames: "false" - acceptInvalidCerts: "false" \ No newline at end of file diff --git a/badhouseplants/values/values.chartmuseum.yaml b/badhouseplants/values/values.chartmuseum.yaml deleted file mode 100644 index 8ea6b10..0000000 --- a/badhouseplants/values/values.chartmuseum.yaml +++ /dev/null @@ -1,19 +0,0 @@ -istio: - enabled: true - istio: - - name: chartmuseum - kind: http - gateway: istio-system/badhouseplants-net - hostname: helm.badhouseplants.net - service: chartmuseum - port: 8080 -env: - open: - AUTH_ANONYMOUS_GET: true - DISABLE_API: false - CORS_ALLOWORIGIN: "*" -persistence: - enabled: true - accessMode: ReadWriteOnce - size: 2Gi - path: /storage diff --git a/badhouseplants/values/values.cilium.yaml b/badhouseplants/values/values.cilium.yaml deleted file mode 100644 index 6eae22c..0000000 --- a/badhouseplants/values/values.cilium.yaml +++ /dev/null @@ -1,10 +0,0 @@ -operator: - replicas: 1 -endpointRoutes: - # -- Enable use of per endpoint routes instead of routing via - # the cilium_host interface. - enabled: true -ipam: - ciliumNodeUpdateRate: "15s" - operator: - clusterPoolIPv4PodCIDRList: ["10.244.0.0/16"] diff --git a/badhouseplants/values/values.coredns.yaml b/badhouseplants/values/values.coredns.yaml deleted file mode 100644 index 04d2b02..0000000 --- a/badhouseplants/values/values.coredns.yaml +++ /dev/null @@ -1,32 +0,0 @@ -service: - clusterIP: 10.43.0.10 - -servers: - - zones: - - zone: . - port: 53 - plugins: - - name: errors - # Serves a /health endpoint on :8080, required for livenessProbe - - name: health - configBlock: |- - lameduck 5s - # Serves a /ready endpoint on :8181, required for readinessProbe - - name: ready - # Required to query kubernetes API for data - - name: kubernetes - parameters: cluster.local in-addr.arpa ip6.arpa - configBlock: |- - pods insecure - fallthrough in-addr.arpa ip6.arpa - ttl 30 - # Serves a /metrics endpoint on :9153, required for serviceMonitor - - name: prometheus - parameters: 0.0.0.0:9153 - - name: forward - parameters: . 1.1.1.1 1.0.0.1 - - name: cache - parameters: 30 - - name: loop - - name: reload - - name: loadbalance diff --git a/badhouseplants/values/values.db-instances.yaml b/badhouseplants/values/values.db-instances.yaml deleted file mode 100644 index bfd0e1d..0000000 --- a/badhouseplants/values/values.db-instances.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -dbinstances: - postgres16: - monitoring: - enabled: false - adminSecretRef: - Name: postgres16-secret - Namespace: database-service - engine: postgres - generic: - host: postgres16-postgresql.database-service.svc.cluster.local - port: 5432 diff --git a/badhouseplants/values/values.docker-mailserver.yaml b/badhouseplants/values/values.docker-mailserver.yaml deleted file mode 100644 index 45b25ef..0000000 --- a/badhouseplants/values/values.docker-mailserver.yaml +++ /dev/null @@ -1,71 +0,0 @@ -traefik: - enabled: true - tcpRoutes: - - name: docker-mailserver-smtp - service: docker-mailserver - match: HostSNI(`*`) - entrypoint: smtp - port: 25 - - name: docker-mailserver-smtps - match: HostSNI(`*`) - service: docker-mailserver - entrypoint: smtps - port: 465 - - name: docker-mailserver-smpt-startls - match: HostSNI(`*`) - service: docker-mailserver - entrypoint: smtp-startls - port: 587 - - name: docker-mailserver-imap - match: HostSNI(`*`) - service: docker-mailserver - entrypoint: imap - port: 143 - - name: docker-mailserver-imaps - match: HostSNI(`*`) - service: docker-mailserver - entrypoint: imaps - port: 993 - - name: docker-mailserver-pop3 - match: HostSNI(`*`) - service: docker-mailserver - entrypoint: pop3 - port: 110 - - name: docker-mailserver-pop3s - match: HostSNI(`*`) - service: docker-mailserver - entrypoint: pop3s - port: 993 - -rainloop: - enabled: true - ingress: - enabled: true - hosts: - - mail.badhouseplants.net - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - tls: - - secretName: mail-tls-secret - hosts: - - mail.badhouseplants.net - -demoMode: - enabled: false -domains: - - badhouseplants.net - - mail.badhouseplants.net -ssl: - useExisting: true - existingName: mail-tls-secret -pod: - dockermailserver: - enable_fail2ban: "0" - ssl_type: manual -service: - type: ClusterIP -spfTestsDisabled: true diff --git a/badhouseplants/values/values.drone-runner-docker.yaml b/badhouseplants/values/values.drone-runner-docker.yaml deleted file mode 100644 index 923e72d..0000000 --- a/badhouseplants/values/values.drone-runner-docker.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -env: - DRONE_RPC_HOST: drone.badhouseplants.net - DRONE_RPC_PROTO: https - DRONE_NAMESPACE_DEFAULT: drone-service -rbac: - buildNamespaces: - - drone-service -dind: - resources: - limits: - cpu: 2000m - memory: 2024Mi - requests: - cpu: 100m - memory: 512Mi \ No newline at end of file diff --git a/badhouseplants/values/values.drone-runner-kube.yaml b/badhouseplants/values/values.drone-runner-kube.yaml new file mode 100644 index 0000000..2589a1c --- /dev/null +++ b/badhouseplants/values/values.drone-runner-kube.yaml @@ -0,0 +1,13 @@ +--- +env: + DRONE_RPC_SECRET: drone-rpc-sec + DRONE_RPC_HOST: drone.badhouseplants.net + DRONE_RPC_PROTO: https + DRONE_NAMESPACE_DEFAULT: drone-service + DRONE_RESOURCE_LIMIT_CPU: 300 + DRONE_RESOURCE_REQUEST_CPU: 100 + DRONE_RESOURCE_LIMIT_MEMORY: 2048Mi + DRONE_RESOURCE_REQUEST_MEMORY: 512Mi +rbac: + buildNamespaces: + - drone-service \ No newline at end of file diff --git a/badhouseplants/values/values.drone.yaml b/badhouseplants/values/values.drone.yaml index 8a1eb82..b3dc07e 100644 --- a/badhouseplants/values/values.drone.yaml +++ b/badhouseplants/values/values.drone.yaml @@ -1,18 +1,6 @@ -# ------------------------------------------ -# -- Istio extenstion. Just because I'm -# -- not using ingress nginx -# ------------------------------------------ -istio: - enabled: true - istio: - - name: drone-http - gateway: istio-system/badhouseplants-net - kind: http - hostname: drone.badhouseplants.net - service: drone - port: 8080 env: DRONE_SERVER_HOST: drone.badhouseplants.net DRONE_SERVER_PROTO: https + DRONE_RPC_SECRET: drone-rpc-sec DRONE_GITEA_SERVER: https://git.badhouseplants.net DRONE_USER_CREATE: username:allanger,admin:true diff --git a/badhouseplants/values/values.funkwhale.yaml b/badhouseplants/values/values.funkwhale.yaml index 16d0606..08bdbd6 100644 --- a/badhouseplants/values/values.funkwhale.yaml +++ b/badhouseplants/values/values.funkwhale.yaml @@ -1,27 +1,8 @@ --- -# ------------------------------------------ -# -- Istio extenstion. Just because I'm -# -- not using ingress nginx -# ------------------------------------------ -istio: - enabled: true - istio: - - name: funkwhale-http - gateway: istio-system/badhouseplants-net - kind: http - hostname: funkwhale.badhouseplants.net - service: funkwhale - port: 80 - -ext-database: - enabled: true - name: funkwhale-postgres16 - instance: postgres16 - replicaCount: 1 +worker: + replicaCount: 1 celery: - worker: - replicaCount: 1 beat: resources: limits: @@ -30,22 +11,6 @@ celery: requests: cpu: 10m memory: 75Mi -ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - host: funkwhale.badhouseplants.net - protocol: http - - tls: - - secretName: funkwhale-tls-secret - hosts: - - funkwhale.badhouseplants.net - extraEnv: FUNKWHALE_HOSTNAME: funkwhale.badhouseplants.net FUNKWHALE_PROTOCOL: https @@ -55,17 +20,10 @@ persistence: size: 10Gi s3: enabled: false - +ingress: + enabled: false postgresql: - enabled: false - host: postgres16-postgresql.database-service.svc.cluster.local - auth: - username: funkwhale-application-funkwhale-postgres16 - database: funkwhale-application-funkwhale-postgres16 - -redis: - enabled: false - host: redis-master.database-service.svc.cluster.local - auth: - enabled: true - database: 3 + primary: + resources: + requests: + cpu: 50m diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 607d4bd..e354f0e 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -1,33 +1,37 @@ --- -# ------------------------------------------ -# -- Database extension is used to manage -# -- database with db-operator -# ------------------------------------------ -ext-database: +ns: enabled: true - name: gitea-postgres16 - instance: postgres16 - -# ------------------------------------------ -# -- Kubernetes related values -# ------------------------------------------ -ingress: + name: gitea-service +istio: enabled: true - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - hosts: - - host: git.badhouseplants.net - paths: - - path: / - pathType: Prefix - tls: - - secretName: gitea-tls-secret - hosts: - - git.badhouseplants.net + istio: + - name: gitea-http + gateway: badhouseplants-net + hostname: git.badhouseplants.net + service: gitea-http + port: 3000 + templates: + - | + {{ range .Values.istio }} + apiVersion: networking.istio.io/v1beta1 + kind: VirtualService + metadata: + name: {{ .name }} + spec: + gateways: + - "istio-system/{{ .gateway }}" + hosts: + - {{ .hostname }} + http: + - match: + - uri: + prefix: / + route: + - destination: + host: {{ .service }} + port: + number: {{ .port }} + {{ end }} replicaCount: 1 clusterDomain: cluster.local @@ -41,101 +45,64 @@ resources: persistence: enabled: true - size: 15Gi + size: 10Gi accessModes: - ReadWriteOnce + labels: {} + annotations: {} + +memcached: + enabled: true + service: + port: 11211 + resources: + requests: + cpu: 10mi +postgresql: + auth: + postgresPassword: check + enabled: true + global: + postgresql: + servicePort: 5432 + persistence: + size: 10Gi + resources: + requests: + cpu: 50m + +ingress: + enabled: false -# ------------------------------------------ -# -- Main Gitea settings -# ------------------------------------------ gitea: - metrics: - enabled: true - serviceMonitor: - # -- TODO(@allanger): Enable it once prometheus is configured - enabled: false config: - database: - DB_TYPE: postgres - HOST: postgres16-postgresql.database-service.svc.cluster.local - NAME: gitea-service-gitea-postgres16 - USER: gitea-service-gitea-postgres16 APP_NAME: Bad Houseplants Gitea ui: meta: AUTHOR: Bad Houseplants - DESCRIPTION: ...by allanger + DESCRIPTION: by allanger repository: DEFAULT_BRANCH: main - MAX_CREATION_LIMIT: 0 - DISABLED_REPO_UNITS: repo.wiki service: - DISABLE_REGISTRATION: false + DISABLE_REGISTRATION: true server: DOMAIN: git.badhouseplants.net ROOT_URL: https://git.badhouseplants.net LFS_START_SERVER: true - LANDING_PAGE: explore - START_SSH_SERVER: true - admin: - DISABLE_REGULAR_ORG_CREATION: true packages: ENABLED: true cron: enabled: true attachment: MAX_SIZE: 100 - actions: - ENABLED: true - oauth2_client: - REGISTER_EMAIL_CONFIRM: false - ENABLE_AUTO_REGISTRATION: true - session: - PROVIDER: redis - cache: - ENABLED: true - ADAPTER: redis - queue: - TYPE: redis - mailer: - ENABLED: true - FROM: gitea@badhouseplants.net - PROTOCOL: smtp+startls - SMTP_ADDR: badhouseplants.net - SMTP_PORT: 587 - USER: overlord@badhouseplants.net - indexer: - REPO_INDEXER_ENABLED: true - REPO_INDEXER_PATH: indexers/repos.bleve - MAX_FILE_SIZE: 1048576 - REPO_INDEXER_EXCLUDE: resources/bin/** +statefulset: + env: + - name: DOMAIN + value: git.badhouseplants.net + - name: START_SSH_SERVER + value: "true" service: ssh: type: ClusterIP port: 22 clusterIP: -# ------------------------------------------ -# -- Disabled dependencies -# ------------------------------------------ -postgresql-ha: - enabled: false -redis-cluster: - enabled: false - -extraDeploy: - - | - {{- if $.Capabilities.APIVersions.Has "traefik.io/v1alpha1/IngressRouteTCP" }} - apiVersion: traefik.io/v1alpha1 - kind: IngressRouteTCP - metadata: - name: {{ include "gitea.fullname" . }}-ssh - spec: - entryPoints: - - git-ssh - routes: - - match: HostSNI(`git.badhouseplants.net`) - services: - - name: "{{ include "gitea.fullname" . }}-ssh" - port: 22 - nativeLB: true - {{- end }} diff --git a/badhouseplants/values/values.iredmail.yaml b/badhouseplants/values/values.iredmail.yaml deleted file mode 100644 index fd50394..0000000 --- a/badhouseplants/values/values.iredmail.yaml +++ /dev/null @@ -1,4 +0,0 @@ -config: - env: - HOSTNAME: mail.badhouseplants.net - FIRST_MAIL_DOMAIN: badhouseplants.net \ No newline at end of file diff --git a/badhouseplants/values/values.istio-gateway-resources.yaml b/badhouseplants/values/values.istio-gateway-resources.yaml deleted file mode 100644 index acbca74..0000000 --- a/badhouseplants/values/values.istio-gateway-resources.yaml +++ /dev/null @@ -1,98 +0,0 @@ -certificate: - enabled: true - certificate: - - name: nrodionov-wildcard - secretName: nrodionov-wildcard-tls - issuer: - kind: ClusterIssuer - name: badhouseplants-issuer - dnsNames: - - nrodionov.info - - "*.nrodionov.info" - - name: badhouseplants-wildcard - secretName: badhouseplants-wildcard-tls - issuer: - kind: ClusterIssuer - name: badhouseplants-issuer - dnsNames: - - badhouseplants.net - - "*.badhouseplants.net" -istio-gateway: - enabled: true - gateways: - - name: badhouseplants-net - servers: - - hosts: - - badhouseplants.net - - '*.badhouseplants.net' - port: - name: grpc-web - number: 8080 - protocol: HTTPS - tls: - credentialName: badhouseplants-wildcard-tls - mode: SIMPLE - - hosts: - - badhouseplants.net - - '*.badhouseplants.net' - port: - name: http - number: 80 - protocol: HTTP2 - tls: - httpsRedirect: true - - hosts: - - badhouseplants.net - - '*.badhouseplants.net' - port: - name: https - number: 443 - protocol: HTTPS - tls: - credentialName: badhouseplants-wildcard-tls - mode: SIMPLE - - name: nrodionov-info - servers: - - hosts: - - nrodionov.info - - dev.nrodionov.info - port: - name: http - number: 80 - protocol: HTTP2 - tls: - httpsRedirect: true - - hosts: - - nrodionov.info - - dev.nrodionov.info - port: - name: https - number: 443 - protocol: HTTPS - tls: - credentialName: nrodionov-wildcard-tls - mode: SIMPLE - - name: badhouseplants-vpn - servers: - - hosts: - - '*' - port: - name: tcp - number: 1194 - protocol: TCP - - name: badhouseplants-ssh - servers: - - hosts: - - '*' - port: - name: ssh - number: 22 - protocol: TCP - - name: badhouseplants-minecraft - servers: - - hosts: - - '*' - port: - name: minecraft - number: 25565 - protocol: TCP diff --git a/badhouseplants/values/values.istio-ingressgateway.yaml b/badhouseplants/values/values.istio-ingressgateway.yaml index b97223d..b698e06 100644 --- a/badhouseplants/values/values.istio-ingressgateway.yaml +++ b/badhouseplants/values/values.istio-ingressgateway.yaml @@ -1,11 +1,7 @@ +--- service: type: LoadBalancer - externalTrafficPolicy: Local ports: - - name: shadowsocks - port: 8388 - protocol: TCP - targetPort: 8388 - name: minecraft port: 25565 protocol: TCP @@ -18,10 +14,6 @@ service: port: 80 protocol: TCP targetPort: 80 - - name: grpc-web - port: 8080 - protocol: TCP - targetPort: 8080 - name: https port: 443 protocol: TCP @@ -30,39 +22,6 @@ service: port: 1194 protocol: TCP targetPort: 1194 - # ----------- - # -- Email - # ----------- - - name: smtp - port: 25 - protocol: TCP - targetPort: 25 - - name: smtps - port: 465 - protocol: TCP - targetPort: 465 - - name: smtp-startls - port: 587 - protocol: TCP - targetPort: 587 - - name: imap - port: 143 - protocol: TCP - targetPort: 143 - - name: imaps - port: 993 - protocol: TCP - targetPort: 993 - - name: pop3 - port: 110 - protocol: TCP - targetPort: 110 - - name: pop3s - port: 995 - protocol: TCP - targetPort: 995 -podAnnotations: - proxy.istio.io/config: '{"gatewayTopology" : { "numTrustedProxies": 0, "forwardClientCertDetails": SANITIZE } }' resources: requests: cpu: 100m diff --git a/badhouseplants/values/values.istiod.yaml b/badhouseplants/values/values.istiod.yaml index d788392..01529ce 100644 --- a/badhouseplants/values/values.istiod.yaml +++ b/badhouseplants/values/values.istiod.yaml @@ -8,7 +8,7 @@ global: proxy: resources: requests: - cpu: 20m + cpu: 100m memory: 128Mi limits: memory: 128Mi diff --git a/badhouseplants/values/values.local-path-provisioner.yaml b/badhouseplants/values/values.local-path-provisioner.yaml deleted file mode 100644 index aa1d3e2..0000000 --- a/badhouseplants/values/values.local-path-provisioner.yaml +++ /dev/null @@ -1,3 +0,0 @@ -storageClass: - create: true - defaultClass: false diff --git a/badhouseplants/values/values.loki.yaml b/badhouseplants/values/values.loki.yaml deleted file mode 100644 index c160d28..0000000 --- a/badhouseplants/values/values.loki.yaml +++ /dev/null @@ -1,99 +0,0 @@ ---- -global: - dnsService: "coredns" - -loki: - auth_enabled: false - commonConfig: - replication_factor: 1 - storage: - type: 'filesystem' - commonConfig: - replication_factor: 1 - schemaConfig: - configs: - - from: 2024-04-01 - store: tsdb - object_store: s3 - schema: v13 - index: - prefix: loki_index_ - period: 24h - ingester: - chunk_encoding: snappy - tracing: - enabled: true - querier: - # Default is 4, if you have enough memory and CPU you can increase, reduce if OOMing - max_concurrent: 2 - -compactor: - retention_enabled: true -limits_config: - retention_period: 14d - -monitoring: - selfMonitoring: - enabled: false - lokiCanary: - enabled: false - -#gateway: -# ingress: -# enabled: true -# hosts: -# - host: FIXME -# paths: -# - path: / -# pathType: Prefix - -deploymentMode: SingleBinary -singleBinary: - persistence: - size: 5Gi - replicas: 1 - resources: - limits: - cpu: 1 - memory: 1Gi - requests: - cpu: 0.5 - memory: 512Mi - extraEnv: - # Keep a little bit lower than memory limits - - name: GOMEMLIMIT - value: 3750MiB - -chunksCache: - # default is 500MB, with limited memory keep this smaller - writebackSizeLimit: 10MB - -minio: - enabled: false - -# Zero out replica counts of other deployment modes -backend: - replicas: 0 -read: - replicas: 0 -write: - replicas: 0 - -ingester: - replicas: 0 -querier: - replicas: 0 -queryFrontend: - replicas: 0 -queryScheduler: - replicas: 0 -distributor: - replicas: 0 -compactor: - replicas: 0 -indexGateway: - replicas: 0 -bloomCompactor: - replicas: 0 -bloomGateway: - replicas: 0 diff --git a/badhouseplants/values/values.longhorn.yaml b/badhouseplants/values/values.longhorn.yaml index eb7bfe5..c20c4ef 100644 --- a/badhouseplants/values/values.longhorn.yaml +++ b/badhouseplants/values/values.longhorn.yaml @@ -1,14 +1,10 @@ defaultSettings: - backupTarget: s3://longhorn@us-east1/backupstore + backupTarget: s3://longhorn@us-east1/backupstore backupTargetCredentialSecret: aws-secret guaranteedEngineManagerCPU: 6 guaranteedReplicaManagerCPU: 6 - storageOverProvisioningPercentage: 300 - storageMinimalAvailablePercentage: 5 - storageReservedPercentageForDefaultDisk: 1 - defaultDataPath: /media/longhorn csi: - kubeletRootDir: /var/lib/kubelet/ + kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet persistence: defaultClassReplicaCount: 1 -enablePSP: false +enablePSP: false \ No newline at end of file diff --git a/badhouseplants/values/values.mailu.yaml b/badhouseplants/values/values.mailu.yaml deleted file mode 100644 index 966fbac..0000000 --- a/badhouseplants/values/values.mailu.yaml +++ /dev/null @@ -1,179 +0,0 @@ ---- -# ------------------------------------------ -# -- Database extension is used to manage -# -- database with db-operator -# ------------------------------------------ -ext-database: - enabled: true - name: mailu-postgres16 - instance: postgres16 - extraDatabase: - enabled: true - name: roundcube-postgres16 - instance: postgres16 - -# ------------------------------------------ -# -- Istio extenstion. Just because I'm -# -- not using ingress nginx -# ------------------------------------------ -traefik: - enabled: true - tcpRoutes: - - name: mailu-smtp - service: mailu-front - match: HostSNI(`*`) - entrypoint: smtp - port: 25 - - name: mailu-smtps - match: HostSNI(`*`) - service: mailu-front - entrypoint: smtps - port: 465 - - name: mailu-smpt-startls - match: HostSNI(`*`) - service: mailu-front - entrypoint: smtp-startls - port: 587 - - name: mailu-imap - match: HostSNI(`*`) - service: mailu-front - entrypoint: imap - port: 143 - - name: mailu-imaps - match: HostSNI(`*`) - service: mailu-front - entrypoint: imaps - port: 993 - - name: mailu-pop3 - match: HostSNI(`*`) - service: mailu-front - entrypoint: pop3 - port: 110 - - name: mailu-pop3s - match: HostSNI(`*`) - service: mailu-front - entrypoint: pop3s - port: 993 -subnet: 10.244.0.0/16 -sessionCookieSecure: true -hostnames: - - badhouseplants.net - - email.badhouseplants.net -domain: badhouseplants.net -persistence: - single_pvc: false -limits: - messageRatelimit: - value: "10/day" -tls: - outboundLevel: secure -ingress: - enabled: true - ingressClassName: traefik - tls: true - annotations: - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - tlsFlavorOverride: mail - realIpFrom: traefik.kube-system.svc.cluster.local - realIpHeader: "X-Real-IP" -front: - hostPort: - enabled: false -admin: - resources: - requests: - memory: 100Mi - cpu: 70m - limits: - memory: 700Mi - cpu: 400m - persistence: - size: 1Gi -redis: - resources: - requests: - memory: 100Mi - cpu: 70m - limits: - memory: 200Mi - cpu: 200m - master: - persistence: - enabled: false -postfix: - resources: - requests: - memory: 1024Mi - cpu: 200m - limits: - memory: 1024Mi - cpu: 200m - persistence: - size: 1Gi -dovecot: - logLevel: DEBUG - resources: - requests: - memory: 100Mi - cpu: 70m - limits: - memory: 400Mi - cpu: 300m - persistence: - size: 1Gi -roundcube: - resources: - requests: - memory: 100Mi - cpu: 70m - limits: - memory: 200Mi - cpu: 200m - persistence: - size: 1Gi -mysql: - enabled: false -postgresql: - enabled: false -## If using the built-in MariaDB or PostgreSQL, the `roundcube` database will be created automatically. -externalDatabase: - ## @param externalDatabase.enabled Set to true to use an external database - enabled: true - type: postgresql - existingSecret: mailu-postgres16-creds - existingSecretDatabaseKey: POSTGRES_DB - existingSecretUsernameKey: POSTGRES_USER - existingSecretPasswordKey: POSTGRES_PASSWORD - host: postgres16-postgresql.database-service.svc.cluster.local - port: 5432 -rspamd: - resources: - requests: - memory: 100Mi - cpu: 100m - limits: - memory: 500Mi - cpu: 400m - startupProbe: - periodSeconds: 30 - failureThreshold: 900 - timeoutSeconds: 20 - livenessProbe: {} - readinessProbe: {} -webmail: - persistence: - size: 2Gi - storageClass: "" - accessModes: [ReadWriteOnce] - claimNameOverride: "" - annotations: {} -global: - database: - roundcube: - database: applications-roundcube-postgres16 - username: applications-roundcube-postgres16 - existingSecret: roundcube-postgres16-creds - existingSecretPasswordKey: POSTGRES_PASSWORD diff --git a/badhouseplants/values/values.metallb-resources.yaml b/badhouseplants/values/values.metallb-resources.yaml deleted file mode 100644 index 94b681b..0000000 --- a/badhouseplants/values/values.metallb-resources.yaml +++ /dev/null @@ -1,5 +0,0 @@ -metallb: - enabled: true - ippools: - - name: fuji - addresses: 195.201.249.91-195.201.249.91 diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml new file mode 100644 index 0000000..017d44d --- /dev/null +++ b/badhouseplants/values/values.minecraft.yaml @@ -0,0 +1,69 @@ +--- +# -------------------------------------------------- +# -- Extensions values +# -------------------------------------------------- +service-account: + enabled: true + resources: + - name: minecraft-exporter + label: + app: minecraft-minecraft-metrics + endpoints: + port: metrics +# -------------------------------------------------- +# -- Main values +# -------------------------------------------------- +resources: + requests: + memory: 512Mi + cpu: 50m +minecraftServer: + eula: "TRUE" + onlineMode: false + difficulty: hard + hardcore: true + version: 1.19.4 + type: "PAPER" + paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.19.4/builds/473/downloads/paper-1.19.4-473.jar + gameMode: survival + pvp: true + memory: 4096M + extraPorts: + - name: metrics + containerPort: 9225 + protocol: TCP + service: + enabled: true + embedded: false + labels: + exporter: minecraft + type: ClusterIP + port: 9925 + ingress: + enabled: false +persistence: + dataDir: + enabled: true + Size: 8Gi +initContainers: + - name: install-prometheus-exporter + image: alpine/curl + command: + - curl + - -L + - "https://github.com/sladkoff/minecraft-prometheus-exporter/releases/download/v2.5.0/minecraft-prometheus-exporter-2.5.0.jar" + - -o + - /data/plugins/prometheus-exporter.jar + volumeMounts: + - name: plugins + mountPath: /data/plugins + readOnly: false +extraVolumes: + - volumeMounts: + - name: plugins + mountPath: /data/plugins + readOnly: false + volumes: + - name: plugins + emptyDir: + sizeLimit: 500Mi diff --git a/badhouseplants/values/values.minio.yaml b/badhouseplants/values/values.minio.yaml index 19b39a0..e39bc4e 100644 --- a/badhouseplants/values/values.minio.yaml +++ b/badhouseplants/values/values.minio.yaml @@ -1,57 +1,4 @@ --- -# ------------------------------------------ -# -- Istio extenstion. Just because I'm -# -- not using ingress nginx -# ------------------------------------------ -istio: - enabled: true - istio: - - name: minio-http - gateway: istio-system/badhouseplants-net - kind: http - hostname: minio.badhouseplants.net - service: minio-console - port: 9001 - - name: s3-http - gateway: istio-system/badhouseplants-net - kind: http - hostname: s3.badhouseplants.net - service: minio - port: 9000 - -ingress: - enabled: true - ingressClassName: ~ - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - path: / - hosts: - - s3.badhouseplants.net - tls: - - secretName: s3-tls-secret - hosts: - - s3.badhouseplants.net -consoleIngress: - enabled: true - ingressClassName: ~ - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - path: / - hosts: - - minio.badhouseplants.net - tls: - - secretName: minio-tls-secret - hosts: - - minio.badhouseplants.net - rootUser: 'overlord' replicas: 1 mode: standalone @@ -82,21 +29,10 @@ buckets: policy: download purge: false versioning: false - - name: badhouseplants-js - policy: download - purge: false - versioning: false - name: badhouseplants-net-main policy: download purge: false versioning: false - - name: sharing - policy: download - purge: false - versioning: false - - name: allanger-music - policy: download - purge: false metrics: serviceMonitor: enabled: false @@ -137,13 +73,3 @@ policies: - 'arn:aws:s3:::badhouseplants-net/*' actions: - "s3:*" - - name: sharing - statements: - - resources: - - 'arn:aws:s3:::sharing' - actions: - - "s3:*" - - resources: - - 'arn:aws:s3:::sharing/*' - actions: - - "s3:*" diff --git a/badhouseplants/values/values.mysql.yaml b/badhouseplants/values/values.mysql.yaml deleted file mode 100644 index b2209a0..0000000 --- a/badhouseplants/values/values.mysql.yaml +++ /dev/null @@ -1,6 +0,0 @@ -primary: - persistence: - size: 500Mi - -auth: - createDatabase: false diff --git a/badhouseplants/values/values.namespaces.yaml b/badhouseplants/values/values.namespaces.yaml index c11513c..93e1841 100644 --- a/badhouseplants/values/values.namespaces.yaml +++ b/badhouseplants/values/values.namespaces.yaml @@ -1,23 +1,11 @@ -namespaces: - - name: longhorn-system - - name: minio-service - - name: argo-system - - name: nrodionov-application - - name: minecraft-application - annotations: - badohouseplants.net/git-repo: | - https://git.badhouseplants.net/badhouseplants/minecraft-helmfile - badhouseplants.net/ci: | - https://ci.badhouseplants.net/repos/15 - - name: gitea-service - - name: funkwhale-application - - name: database-service - - name: mail-service - - name: vaultwarden-application - - name: woodpecker-ci - - name: openvpn-service - - name: badhouseplants-main - labels: - istio-injection: enabled - - name: badhouseplants-preview - - name: kube-services +--- +ns: + - name: monitoring +templates: + - | + {{ range .Values.ns }} + apiVersion: v1 + kind: Namespace + metadata: + name: {{ .name }} + {{ end }} diff --git a/badhouseplants/values/values.nrodionov.yaml b/badhouseplants/values/values.nrodionov.yaml index 3582f47..ba5f50d 100644 --- a/badhouseplants/values/values.nrodionov.yaml +++ b/badhouseplants/values/values.nrodionov.yaml @@ -1,36 +1,3 @@ ---- -# ------------------------------------------ -# -- Istio extenstion. Just because I'm -# -- not using ingress nginx -# ------------------------------------------ -istio: - enabled: true - istio: - - name: nrodionov-http - gateway: istio-system/nrodionov-info - kind: http - hostname: dev.nrodionov.info - service: nrodionov-wordpress - port: 8080 - -ext-database: - enabled: true - name: nrodionov-mysql - instance: mysql -ingress: - enabled: true - pathType: ImplementationSpecific - hostname: dev.nrodionov.info - path: / - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - tls: true - tlsWwwPrefix: false - selfSigned: false wordpressBlogName: Николай Николаевич Родионов wordpressUsername: admin wordpressFirstName: Nikolai diff --git a/badhouseplants/values/values.openvpn-xor.yaml b/badhouseplants/values/values.openvpn-xor.yaml deleted file mode 100644 index 5827bde..0000000 --- a/badhouseplants/values/values.openvpn-xor.yaml +++ /dev/null @@ -1,46 +0,0 @@ ---- -# ------------------------------------------ -# -- Istio extenstion. Just because I'm -# -- not using ingress nginx -# ------------------------------------------ -# istio: - # enabled: true - # istio: - # - name: openvpn-tcp-xor - # gateway: istio-system/badhouseplants-vpn - # kind: tcp - # port_match: 1194 - # hostname: "*" - # service: openvpn-xor - # port: 1194 -# ------------------------------------------ -traefik: - enabled: true - tcpRoutes: - - name: openvpn-xor - service: openvpn-xor - match: HostSNI(`*`) - entrypoint: openvpn - port: 1194 - -storage: - class: longhorn - size: 512Mi - -openvpn: - proto: tcp - host: 195.201.249.91 - -easyrsa: - cn: Bad Houseplants - country: Germany - province: NRW - city: Duesseldorf - org: Bad Houseplants - email: allanger@zohomail.com - -service: - type: ClusterIP - port: 1194 - targetPort: 1194 - protocol: TCP diff --git a/badhouseplants/values/values.openvpn.yaml b/badhouseplants/values/values.openvpn.yaml new file mode 100644 index 0000000..80b2be6 --- /dev/null +++ b/badhouseplants/values/values.openvpn.yaml @@ -0,0 +1,9 @@ +--- +storageClassName: longhorn +openvpn: + server: "tcp://195.201.250.50:1194" +service: + type: ClusterIP + port: 1194 + targetPort: 1194 + protocol: TCP diff --git a/badhouseplants/values/values.postgres.yaml b/badhouseplants/values/values.postgres.yaml deleted file mode 100644 index db7f7ab..0000000 --- a/badhouseplants/values/values.postgres.yaml +++ /dev/null @@ -1,10 +0,0 @@ -architecture: standalone - -auth: - database: postgres - -persistence: - size: 1Gi - -metrics: - enabled: false \ No newline at end of file diff --git a/badhouseplants/values/values.postgres16.yaml b/badhouseplants/values/values.postgres16.yaml deleted file mode 100644 index 92cef0b..0000000 --- a/badhouseplants/values/values.postgres16.yaml +++ /dev/null @@ -1,27 +0,0 @@ -architecture: standalone - -auth: - database: postgres - -persistence: - size: 1Gi - -metrics: - enabled: false -primary: - podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsNonRoot: false - privileged: false - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" diff --git a/badhouseplants/values/values.prometheus.yaml b/badhouseplants/values/values.prometheus.yaml deleted file mode 100644 index 2ee10c9..0000000 --- a/badhouseplants/values/values.prometheus.yaml +++ /dev/null @@ -1,148 +0,0 @@ ---- -# ------------------------------------------ -# -- Istio extenstion. Just because I'm -# -- not using ingress nginx -# ------------------------------------------ -istio: - enabled: true - istio: - - name: grafana-https - gateway: istio-system/badhouseplants-net - kind: http - hostname: "grafana.badhouseplants.net" - service: prometheus-grafana - port: 80 - -coreDns: - enabled: false -kubeEtcd: - enabled: false -kubelet: - enabled: false -kubeApiServer: - enabled: false - -prometheus-node-exporter: - prometheus: - monitor: - enabled: true - jobLabel: jobLabel - interval: 60s - -defaultRules: - create: true - rules: - alertmanager: true - etcd: false - configReloaders: false - general: true - k8s: true - kubeApiserverAvailability: false - kubeApiserverBurnrate: false - kubeApiserverHistogram: false - kubeApiserverSlos: false - kubeControllerManager: false - kubelet: false - kubeProxy: false - kubePrometheusGeneral: false - kubePrometheusNodeRecording: false - kubernetesApps: true - kubernetesResources: true - kubernetesStorage: true - kubernetesSystem: true - kubeSchedulerAlerting: false - kubeSchedulerRecording: true - kubeStateMetrics: true - network: false - node: true - nodeExporterAlerting: true - nodeExporterRecording: true - prometheus: true - prometheusOperator: true - windows: false - -prometheus: - prometheusSpec: - enableAdminAPI: true - retentionSize: 7GB - retention: 20d - podMonitorNamespaceSelector: - any: true - podMonitorSelector: {} - podMonitorSelectorNilUsesHelmValues: false - ruleNamespaceSelector: - any: true - ruleSelector: {} - ruleSelectorNilUsesHelmValues: false - serviceMonitorNamespaceSelector: - any: true - serviceMonitorSelector: {} - serviceMonitorSelectorNilUsesHelmValues: false - storageSpec: - volumeClaimTemplate: - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 12Gi - -grafana: - assertNoLeakedSecrets: false - persistence: - enabled: true - size: 2Gi - grafana.ini: - server: - root_url: https://grafana.badhouseplants.net - auth.generic_oauth: - name: Gitea - icon: signin - enabled: true - allow_sign_up: true - auto_login: false - client_id: 0ce70a7d-f267-44cc-9686-71048277e51d - scopes: openid profile email groups - empty_scopes: false - auth_url: https://git.badhouseplants.net/login/oauth/authorize - token_url: https://git.badhouseplants.net/login/oauth/access_token - api_url: https://git.badhouseplants.net/login/oauth/userinfo - tls_skip_verify_insecure: false - use_pkce: true - role_attribute_path: contains(groups, 'badhouseplants:owners') && 'Admin' || 'Viewer' - - dashboardProviders: - dashboardproviders.yaml: - apiVersion: 1 - providers: - - name: 'default' - orgId: 1 - folder: '' - type: file - disableDeletion: true - editable: false - options: - path: /var/lib/grafana/dashboards/default - - dashboards: - default: - gitea-dashboard: - gnetId: 13192 - revision: 1 - datasource: Prometheus - argo-dashboard: - gnetId: 14584 - revision: 1 - datasource: Prometheus - - datasources: - loki.yaml: - apiVersion: 1 - datasources: - - name: Loki - type: loki - access: proxy - uid: loki - editable: false - url: http://loki.monitoring-system:3100/ - jsonData: - maxLines: 1000 diff --git a/badhouseplants/values/values.promtail.yaml b/badhouseplants/values/values.promtail.yaml deleted file mode 100644 index 4976174..0000000 --- a/badhouseplants/values/values.promtail.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -config: - clients: - # - url: http://loki.monitoring-system:3100 - - url: http://loki-gateway/loki/api/v1/push - snippets: - pipelineStages: - - match: - pipeline_name: "drop-all" - selector: '{namespace!~"mail-service|woodpecker|minecraft-application"}' - action: drop diff --git a/badhouseplants/values/values.redis.yaml b/badhouseplants/values/values.redis.yaml deleted file mode 100644 index 77d5357..0000000 --- a/badhouseplants/values/values.redis.yaml +++ /dev/null @@ -1,11 +0,0 @@ -metrics: - enabled: false - -secretAnnotations: - reflector.v1.k8s.emberstack.com/reflection-allowed: "true" - reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true" - reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "gitea-service,funkwhale-application" -architecture: standalone -master: - persistence: - enabled: false diff --git a/badhouseplants/values/values.roles.yaml b/badhouseplants/values/values.roles.yaml deleted file mode 100644 index 7fcd045..0000000 --- a/badhouseplants/values/values.roles.yaml +++ /dev/null @@ -1,9 +0,0 @@ -roles: - - name: minecraft-admin - namespace: minecraft-application - kind: Role - rules: - - apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] - namespace: ["minecraft-application"] diff --git a/badhouseplants/values/values.tandoor.yaml b/badhouseplants/values/values.tandoor.yaml deleted file mode 100644 index c30f79e..0000000 --- a/badhouseplants/values/values.tandoor.yaml +++ /dev/null @@ -1,55 +0,0 @@ -istio: - enabled: true - istio: - - name: tandoor-http - gateway: istio-system/badhouseplants-net - kind: http - hostname: tandoor.badhouseplants.net - service: tandoor - port: 8080 - -ext-database: - enabled: true - name: tandoor-postgres16 - instance: postgres16 - credentials: - POSTGRES_HOST: |- - "{{ .Hostname }}" - POSTGRES_PORT: |- - "{{ .Port }}" - -envFrom: - - secretRef: - name: tandoor-postgres16-creds -env: - TZ: UTC - DB_ENGINE: django.db.backends.postgresql - EMAIL_HOST: badhouseplants.net - EMAIL_PORT: 587 - EMAIL_HOST_USER: overlord@badhouseplants.net - EMAIL_HOST_PASSWORD: nxVa8Xcf4jNvzNeE$JzBL&H8g - EMAIL_USE_TLS: 1 - EMAIL_USE_SSL: 0 - DEFAULT_FROM_EMAIL: tandoor@badhouseplants.net -persistence: - config: - enabled: true - retain: true - storageClass: longhorn - accessMode: ReadWriteOnce - size: 1Gi - media: - enabled: true - mountPath: /opt/recipes/mediafiles - retain: true - storageClass: longhorn - accessMode: ReadWriteOnce - size: 1Gi - static: - enabled: true - type: emptyDir - mountPath: /opt/recipes/staticfiles - django-js-reverse: - enabled: true - type: emptyDir - mountPath: /opt/recipes/cookbook/static/django_js_reverse diff --git a/badhouseplants/values/values.traefik.yaml b/badhouseplants/values/values.traefik.yaml deleted file mode 100644 index fb92321..0000000 --- a/badhouseplants/values/values.traefik.yaml +++ /dev/null @@ -1,78 +0,0 @@ -globalArguments: - - "--serversTransport.insecureSkipVerify=true" -service: - spec: - externalTrafficPolicy: Local -ports: - git-ssh: - port: 22 - expose: - default: true - exposedPort: 22 - protocol: TCP - openvpn: - port: 1194 - expose: - default: true - exposedPort: 1194 - protocol: TCP - valve-server: - port: 27015 - expose: - default: true - exposedPort: 27015 - protocol: UDP - valve-rcon: - port: 27015 - expose: - default: true - exposedPort: 27015 - protocol: TCP - smtp: - port: 25 - protocol: TCP - exposedPort: 25 - expose: - default: true - smtps: - port: 465 - protocol: TCP - exposedPort: 465 - expose: - default: true - smtp-startls: - port: 587 - protocol: TCP - exposedPort: 587 - expose: - default: true - imap: - port: 143 - protocol: TCP - exposedPort: 143 - expose: - default: true - imaps: - port: 993 - protocol: TCP - exposedPort: 993 - expose: - default: true - pop3: - port: 110 - protocol: TCP - exposedPort: 110 - expose: - default: true - pop3s: - port: 995 - protocol: TCP - exposedPort: 995 - expose: - default: true - minecraft: - port: 25565 - protocol: TCP - exposedPort: 25565 - expose: - default: true diff --git a/badhouseplants/values/values.vaultwarden.yaml b/badhouseplants/values/values.vaultwarden.yaml deleted file mode 100644 index 8114432..0000000 --- a/badhouseplants/values/values.vaultwarden.yaml +++ /dev/null @@ -1,80 +0,0 @@ ---- -# ------------------------------------------ -# -- Istio extenstion. Just because I'm -# -- not using ingress nginx -# ------------------------------------------ -istio: - enabled: true - istio: - - name: vaultwarden-http - kind: http - gateway: istio-system/badhouseplants-net - hostname: vault.badhouseplants.net - service: vaultwarden - port: 8080 -# ------------------------------------------ -# -- Database extension is used to manage -# -- database with db-operator -# ------------------------------------------ -ext-database: - enabled: true - name: vaultwarden-postgres16 - instance: postgres16 -service: - port: 8080 -vaultwarden: - smtp: - host: badhouseplants.net - security: "starttls" - port: 587 - from: vaultwarden@badhouseplants.net - fromName: Vault Warden - authMechanism: "Plain" - acceptInvalidHostnames: "false" - acceptInvalidCerts: "false" - debug: false - domain: https://vault.badhouseplants.net - websocket: - enabled: true - address: "0.0.0.0" - port: 3012 - rocket: - port: "8080" - workers: "10" - webVaultEnabled: "true" - signupsAllowed: false - invitationsAllowed: true - signupDomains: "https://vault.badhouseplants.com" - signupsVerify: "true" - showPassHint: "false" - database: - existingSecret: vaultwarden-postgres16-creds - existingSecretKey: CONNECTION_STRING - connectionRetries: 15 - maxConnections: 10 - storage: - enabled: true - size: 1Gi - class: longhorn - dataDir: /data - logging: - enabled: false - logfile: "/data/vaultwarden.log" - loglevel: "warn" -ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - hosts: - - host: vault.badhouseplants.net - paths: - - path: / - pathType: Prefix - tls: - - secretName: vault-tls-secret - hosts: - - vault.badhouseplants.net diff --git a/badhouseplants/values/values.vaultwardentest.yaml b/badhouseplants/values/values.vaultwardentest.yaml deleted file mode 100644 index 7796066..0000000 --- a/badhouseplants/values/values.vaultwardentest.yaml +++ /dev/null @@ -1,58 +0,0 @@ -service: - port: 8080 -vaultwarden: - smtp: - host: mail.badhouseplants.net - security: "starttls" - port: 587 - from: vaulttest@badhouseplants.net - fromName: Vault Warden - authMechanism: "Plain" - acceptInvalidHostnames: "false" - acceptInvalidCerts: "false" - debug: false - domain: https://vaulttest.badhouseplants.net - websocket: - enabled: true - address: "0.0.0.0" - port: 3012 - rocket: - port: "8080" - workers: "10" - webVaultEnabled: "true" - signupsAllowed: true - invitationsAllowed: true - signupDomains: "https://vaulttest.badhouseplants.net" - signupsVerify: false - showPassHint: true - # database: - # existingSecret: vaultwarden-postgres16-creds - # existingSecretKey: CONNECTION_STRING - # connectionRetries: 15 - # maxConnections: 10 - storage: - enabled: true - size: 512Mi - class: longhorn - dataDir: /data - logging: - enabled: false - logfile: "/data/vaultwarden.log" - loglevel: "warn" -ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - hosts: - - host: vaulttest.badhouseplants.net - paths: - - path: / - pathType: Prefix - tls: - - secretName: vault-tls-secret - hosts: - - vaulttest.badhouseplants.net diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml deleted file mode 100644 index 62ced72..0000000 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ /dev/null @@ -1,71 +0,0 @@ -# ------------------------------------------ -# -- Istio extenstion. Just because I'm -# -- not using ingress nginx -# ------------------------------------------ -istio: - enabled: true - istio: - - name: woodpecker-server-http - gateway: istio-system/badhouseplants-net - kind: http - hostname: ci.badhouseplants.net - service: woodpecker-ci-server - port: 80 -ext-database: - enabled: true - name: woodpecker-postgres16 - instance: postgres16 - credentials: - WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable" -server: - ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - hosts: - - host: ci.badhouseplants.net - paths: - - path: / - tls: - - secretName: woodpecker-tls-secret - hosts: - - ci.badhouseplants.net - #image: - # registry: git.badhouseplants.net - # repository: allanger/woodpecker-server - # pullPolicy: Always - # tag: icon - enabled: true - env: - WOODPECKER_GITEA: true - WOODPECKER_GITEA_URL: https://git.badhouseplants.net - WOODPECKER_DATABASE_DRIVER: postgres - WOODPECKER_GITEA_CLIENT: ab5e4687-a476-4668-9fbc-288d54095634 - WOODPECKER_OPEN: true - WOODPECKER_ADMIN: "woodpecker,allanger" - WOODPECKER_HOST: "https://ci.badhouseplants.net" - WOODPECKER_ESCALATE: true - WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci - extraSecretNamesForEnvFrom: - - woodpecker-postgres16-creds -agent: - #image: - # registry: git.badhouseplants.net - # repository: allanger/woodpecker-agent - # pullPolicy: Always - # tag: dev - enabled: true - extraSecretNamesForEnvFrom: [] - env: - WOODPECKER_SERVER: woodpecker-ci-server:9000 - WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 3Gi - WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci - WOODPECKER_BACKEND_K8S_STORAGE_CLASS: longhorn - serviceAccount: - create: true - rbac: - create: true diff --git a/badhouseplants/values/values.zot.yaml b/badhouseplants/values/values.zot.yaml deleted file mode 100644 index 753b7ae..0000000 --- a/badhouseplants/values/values.zot.yaml +++ /dev/null @@ -1,47 +0,0 @@ -ingress: - enabled: true - className: ~ - annotations: - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - pathtype: ImplementationSpecific - hosts: - - host: registry.badhouseplants.net - paths: - - path: / - tls: - - secretName: zot-secret-tls - hosts: - - registry.badhouseplants.net -strategy: - type: Recreate -service: - type: ClusterIP -persistence: true -pvc: - create: true - accessMode: "ReadWriteOnce" - storage: 5Gi - storageClassName: longhorn -mountConfig: true -mountSecret: true - #configFiles: - # ui.json: |- - # { - # "log": { - # "level": "info" - # }, - # "extensions": { - # "search": { - # "cve": { - # "updateInterval": "2h" - # } - # }, - # "ui": { - # "enable": true - # } - # } - # } diff --git a/bin/migrate.sh b/bin/migrate.sh index fb4989b..cfcd410 100755 --- a/bin/migrate.sh +++ b/bin/migrate.sh @@ -3,4 +3,4 @@ argo_instance=$1 helm_name=$2 helm_ns=$3 -kubectl get CustomResourceDefinition,PersistentVolumeClaim,EnvoyFilter,PodDisruptionBudget,sa,ValidatingWebhookConfiguration,all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings,MutatingWebhookConfiguration -l argocd.argoproj.io/instance=$argo_instance -l helm.sh/chart=longhorn-1.4.0 -A --no-headers --output custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name,"ns":.metadata.namespace | while read -r var1 var2 var3; do kubectl annotate $var1 $var2 -n $var3 "meta.helm.sh/release-namewspace"="$helm_ns" "meta.helm.sh/release-name"="$helm_name" && kubectl label $var1 $var2 -n $var3 app.kubernetes.io/managed-by=Helm; done +kubectl get CustomResourceDefinition,PersistentVolumeClaim,EnvoyFilter,PodDisruptionBudget,sa,ValidatingWebhookConfiguration,all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings,MutatingWebhookConfiguration -l argocd.argoproj.io/instance=$argo_instance -l helm.sh/chart=longhorn-1.4.0 -A --no-headers --output custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name,"ns":.metadata.namespace | while read -r var1 var2 var3; do kubectl annotate $var1 $var2 -n $var3 "meta.helm.sh/release-namespace"="$helm_ns" "meta.helm.sh/release-name"="$helm_name" && kubectl label $var1 $var2 -n $var3 app.kubernetes.io/managed-by=Helm; done diff --git a/charts/namespaces/chart/.helmignore b/charts/namespaces/chart/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/charts/namespaces/chart/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/namespaces/chart/Chart.yaml b/charts/namespaces/chart/Chart.yaml deleted file mode 100644 index 0f737fe..0000000 --- a/charts/namespaces/chart/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -name: namespaces -description: A Helm chart for Kubernetes - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "1.16.0" diff --git a/charts/namespaces/chart/templates/_helpers.tpl b/charts/namespaces/chart/templates/_helpers.tpl deleted file mode 100644 index a33714c..0000000 --- a/charts/namespaces/chart/templates/_helpers.tpl +++ /dev/null @@ -1,43 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "namespaces.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "namespaces.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "namespaces.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "namespaces.labels" -}} -helm.sh/chart: {{ include "namespaces.chart" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - diff --git a/charts/namespaces/chart/templates/namespaces.yaml b/charts/namespaces/chart/templates/namespaces.yaml deleted file mode 100644 index 3e87e83..0000000 --- a/charts/namespaces/chart/templates/namespaces.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.namespaces }} -{{- range $ns := .Values.namespaces }} ---- -apiVersion: v1 -kind: Namespace -metadata: - name: {{ $ns.name }} - labels: - {{- include "namespaces.labels" $ | nindent 4 }} - {{- with $ns.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - annotations: - "helm.sh/resource-policy": keep - {{- with $ns.annotations}} - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/namespaces/chart/values.yaml b/charts/namespaces/chart/values.yaml deleted file mode 100644 index cd5a239..0000000 --- a/charts/namespaces/chart/values.yaml +++ /dev/null @@ -1,20 +0,0 @@ -namespaces: - - name: giantswarm-flux - labels: - name: giantswarm-flux - - name: giantswarm - labels: - name: giantswarm - - name: monitoring - labels: - name: monitoring - - name: org-giantswarm - labels: - name: org-giantswarm - - name: flux-system - labels: - name: flux-system - - name: flux-giantswarm - labels: - name: flux-giantswarm - - name: policy-exception diff --git a/charts/namespaces/kustomize/flux-system.yml b/charts/namespaces/kustomize/flux-system.yml deleted file mode 100644 index f44f3af..0000000 --- a/charts/namespaces/kustomize/flux-system.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: flux-system - labels: - name: flux-system diff --git a/charts/namespaces/kustomize/giantswarm-flux.yml b/charts/namespaces/kustomize/giantswarm-flux.yml deleted file mode 100644 index bd0e121..0000000 --- a/charts/namespaces/kustomize/giantswarm-flux.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: giantswarm-flux - labels: - name: giantswarm-flux diff --git a/charts/namespaces/kustomize/giantswarm.yml b/charts/namespaces/kustomize/giantswarm.yml deleted file mode 100644 index 31e7916..0000000 --- a/charts/namespaces/kustomize/giantswarm.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: giantswarm - labels: - name: giantswarm diff --git a/charts/namespaces/kustomize/kustomization.yaml b/charts/namespaces/kustomize/kustomization.yaml deleted file mode 100644 index 8159198..0000000 --- a/charts/namespaces/kustomize/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -resources: - - ./giantswarm-flux.yml - - ./giantswarm.yml - - ./monitoring.yml - - ./org-giantswarm.yml diff --git a/charts/namespaces/kustomize/monitoring.yml b/charts/namespaces/kustomize/monitoring.yml deleted file mode 100644 index 90d12ef..0000000 --- a/charts/namespaces/kustomize/monitoring.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: monitoring - labels: - name: monitoring diff --git a/charts/namespaces/kustomize/org-giantswarm.yml b/charts/namespaces/kustomize/org-giantswarm.yml deleted file mode 100644 index f27e8c4..0000000 --- a/charts/namespaces/kustomize/org-giantswarm.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: org-giantswarm - labels: - name: org-giantswarm diff --git a/charts/roles/.helmignore b/charts/roles/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/charts/roles/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/roles/Chart.yaml b/charts/roles/Chart.yaml deleted file mode 100644 index c2d5cc6..0000000 --- a/charts/roles/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v2 -name: roles -description: A Helm chart for Kubernetes -type: application -version: 0.1.0 -appVersion: "1.16.0" diff --git a/charts/roles/templates/_helpers.tpl b/charts/roles/templates/_helpers.tpl deleted file mode 100644 index 2927519..0000000 --- a/charts/roles/templates/_helpers.tpl +++ /dev/null @@ -1,43 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "roles.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "roles.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "roles.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "roles.labels" -}} -helm.sh/chart: {{ include "roles.chart" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - diff --git a/charts/roles/templates/namespaces.yaml b/charts/roles/templates/namespaces.yaml deleted file mode 100644 index 7cb85dc..0000000 --- a/charts/roles/templates/namespaces.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.roles }} -{{- range $roles := .Values.roles }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: {{ $roles.kind }} -metadata: - name: {{ $roles.name }} - namespace: {{ $roles.namespace }} - labels: - {{- include "roles.labels" $ | nindent 4 }} - {{- with $roles.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with $roles.annotations}} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -rules: -{{- with $roles.rules }} -{{- toYaml . | nindent 2 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/roles/values.yaml b/charts/roles/values.yaml deleted file mode 100644 index 7fcd045..0000000 --- a/charts/roles/values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -roles: - - name: minecraft-admin - namespace: minecraft-application - kind: Role - rules: - - apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] - namespace: ["minecraft-application"] diff --git a/charts/root/.helmignore b/charts/root/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/charts/root/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/root/Chart.yaml b/charts/root/Chart.yaml deleted file mode 100644 index 59e507d..0000000 --- a/charts/root/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v2 -name: root -description: A Helm chart for Kubernetes -type: application -version: 0.1.5 -appVersion: "1.16.0" diff --git a/charts/root/templates/_helpers.tpl b/charts/root/templates/_helpers.tpl deleted file mode 100644 index 8a3cc9a..0000000 --- a/charts/root/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "root.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "root.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "root.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "root.labels" -}} -helm.sh/chart: {{ include "root.chart" . }} -{{ include "root.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "root.selectorLabels" -}} -app.kubernetes.io/name: {{ include "root.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "root.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "root.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/charts/root/templates/root.yaml b/charts/root/templates/root.yaml deleted file mode 100644 index f542187..0000000 --- a/charts/root/templates/root.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }} -apiVersion: source.toolkit.fluxcd.io/v1 -kind: GitRepository -metadata: - name: root -spec: - interval: 30s - url: {{ .Values.url }} - ref: - branch: {{ .Values.branch }} ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: root -spec: - interval: 30s - targetNamespace: flux-system - sourceRef: - kind: GitRepository - name: root - path: "." - prune: false - timeout: 1m -{{- end }} diff --git a/charts/root/templates/self.yaml b/charts/root/templates/self.yaml deleted file mode 100644 index 0ddb8de..0000000 --- a/charts/root/templates/self.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }} -apiVersion: source.toolkit.fluxcd.io/v1 -kind: GitRepository -metadata: - name: root-self -spec: - interval: 30s - url: {{ .Values.self.url }} - ref: - branch: {{ .Values.self.branch }} ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: root-self -spec: - interval: 30s - targetNamespace: flux-system - sourceRef: - kind: GitRepository - name: root-self - path: "." - prune: false - timeout: 1m -{{- end }} diff --git a/charts/root/values.yaml b/charts/root/values.yaml deleted file mode 100644 index 51850fa..0000000 --- a/charts/root/values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -url: https://git.badhouseplants.net/giantswarm/cluster-example.git -branch: main -self: - url: git@git.badhouseplants.net:giantswarm/root-config.git - branch: master diff --git a/common/values.certificate.yaml b/common/values.certificate.yaml deleted file mode 100644 index 21d1933..0000000 --- a/common/values.certificate.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -certificate: - templates: - - | - {{ range .Values.certificate }} - --- - apiVersion: cert-manager.io/v1 - kind: Certificate - metadata: - name: {{ .name }} - spec: - dnsNames: - {{- range .dnsNames }} - - {{ . | quote }} - {{- end }} - issuerRef: - kind: {{ .issuer.kind }} - name: {{ .issuer.name }} - secretName: {{ .secretName }} - {{ end }} diff --git a/common/values.database.yaml b/common/values.database.yaml deleted file mode 100644 index eba45ae..0000000 --- a/common/values.database.yaml +++ /dev/null @@ -1,50 +0,0 @@ ---- -ext-database: - templates: - - | - --- - apiVersion: kinda.rocks/v1beta1 - kind: Database - metadata: - name: "{{ .Values.name }}" - spec: - secretName: "{{ .Values.name }}-creds" - instance: "{{ .Values.instance }}" - deletionProtected: true - backup: - enable: false - cron: 0 0 * * * - {{- if .Values.credentials }} - credentials: - templates: - {{- range $key, $value := .Values.credentials }} - - name: {{ $key }} - template: {{ $value }} - secret: true - {{- end }} - {{- end }} - - - | - {{- if (.Values.extraDatabase).enabled }} - --- - apiVersion: kinda.rocks/v1beta1 - kind: Database - metadata: - name: "{{ .Values.extraDatabase.name }}" - spec: - secretName: "{{ .Values.extraDatabase.name }}-creds" - instance: "{{ .Values.extraDatabase.instance }}" - deletionProtected: true - backup: - enable: false - cron: 0 0 * * * - {{- if .Values.extraDatabase.credentials }} - credentials: - templates: - {{- range $key, $value := .Values.extraDatabase.credentials }} - - name: {{ $key }} - template: {{ $value }} - secret: true - {{- end }} - {{- end }} - {{- end }} diff --git a/common/values.istio-gateway.yaml b/common/values.istio-gateway.yaml deleted file mode 100644 index d54bfa7..0000000 --- a/common/values.istio-gateway.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -istio-gateway: - templates: - - | - {{ range .Values.gateways }} - --- - apiVersion: networking.istio.io/v1beta1 - kind: Gateway - metadata: - name: {{ .name }} - spec: - selector: - istio: ingressgateway - servers: - {{ toYaml .servers | indent 4 }} - {{ end }} diff --git a/common/values.istio.yaml b/common/values.istio.yaml deleted file mode 100644 index 1c834bc..0000000 --- a/common/values.istio.yaml +++ /dev/null @@ -1,36 +0,0 @@ ---- -istio: - templates: - - | - {{ range .Values.istio }} - --- - apiVersion: networking.istio.io/v1beta1 - kind: VirtualService - metadata: - name: {{ .name }} - spec: - gateways: - - "{{ .gateway }}" - hosts: - - {{ .hostname | quote }} - {{- if eq .kind "http" }} - http: - - match: - - uri: - prefix: / - route: - - destination: - host: {{ .service }} - port: - number: {{ .port }} - {{- else if eq .kind "tcp" }} - tcp: - - match: - - port: {{ .port_match }} - route: - - destination: - host: {{ .service }} - port: - number: {{ .port }} - {{ end }} - {{ end }} diff --git a/common/values.metallb.yaml b/common/values.metallb.yaml deleted file mode 100644 index c35b944..0000000 --- a/common/values.metallb.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -metallb: - templates: - - | - {{ range .Values.ippools }} - --- - apiVersion: metallb.io/v1beta1 - kind: IPAddressPool - metadata: - name: {{ .name }} - spec: - addresses: - - {{ .addresses }} - {{ end }} diff --git a/common/values.tcp-route.yaml b/common/values.tcp-route.yaml deleted file mode 100644 index b995d25..0000000 --- a/common/values.tcp-route.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -traefik: - templates: - - | - {{ range .Values.tcpRoutes }} - --- - apiVersion: traefik.io/v1alpha1 - kind: IngressRouteTCP - metadata: - name: {{ .name }} - spec: - entryPoints: - - {{ .entrypoint }} - routes: - - match: {{ .match }} - services: - - name: {{ .service }} - nativeLB: true - port: {{ .port }} - {{- end }} \ No newline at end of file diff --git a/common/values.tcproute.yaml b/common/values.tcproute.yaml deleted file mode 100644 index 05e0d89..0000000 --- a/common/values.tcproute.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -tcproute: - templates: - - | - --- - {{ range .Values.routes }} - apiVersion: traefik.io/v1alpha1 - kind: IngressRouteTCP - metadata: - name: {{ printf "%s-%s" .Release.Name .name }} - spec: - {{ tpl (.routes | toYaml | indent 2 | toString) $ }} - {{ end }} diff --git a/crd.yaml b/crd.yaml deleted file mode 100644 index 0e245b2..0000000 --- a/crd.yaml +++ /dev/null @@ -1,27 +0,0 @@ -templates: - # --------------------------- - # -- Hooks - # --------------------------- - crd-management-hook: - hooks: - - events: ["preapply"] - showlogs: true - command: "sh" - args: - - -c - - | - helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl replace -f - \ - || helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl create -f - \ - || true - - events: ["prepare"] - showlogs: true - command: "sh" - args: - - -c - - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl diff -f - || true" - - events: ["postuninstall"] - showlogs: true - command: "sh" - args: - - -c - - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true" diff --git a/environments.yaml b/environments.yaml index 13a3ca2..40b9a9b 100644 --- a/environments.yaml +++ b/environments.yaml @@ -1,5 +1,5 @@ environments: badhouseplants: - kubeContext: badhouseplants + # kubeContext: allanger@badhouseplants-microk8s etersoft: - kubeContext: etersoft + kubeContext: allanger@etersoft diff --git a/etersoft/helmfile.yaml b/etersoft/helmfile.yaml index 677999c..e69de29 100644 --- a/etersoft/helmfile.yaml +++ b/etersoft/helmfile.yaml @@ -1,27 +0,0 @@ ---- -{{ readFile "../releases.yaml" }} - -releases: - - <<: *openvpn - installed: true - namespace: openvpn-service - createNamespace: false - - - <<: *istio-base - installed: true - namespace: istio-system - createNamespace: false - - - <<: *istio-gateway - installed: true - namespace: istio-system - createNamespace: false - - - <<: *istiod - installed: true - namespace: istio-system - createNamespace: false - -bases: - - ../environments.yaml - - ../repositories.yaml diff --git a/etersoft/values/secrets.minio.yaml b/etersoft/values/secrets.minio.yaml index cb55a93..858d3c9 100644 --- a/etersoft/values/secrets.minio.yaml +++ b/etersoft/values/secrets.minio.yaml @@ -1,21 +1,21 @@ -rootPassword: ENC[AES256_GCM,data:b0e8jPZizEOqRRdBfL5cby3BCz4/vv/NX+39HAZ1IFb8,iv:Y4af+rhXaoaH3ho7W4YLSD0c7Li3ih130aUNPwsWCsI=,tag:OpW8bftAtm4s+aIxTvOq3A==,type:str] +rootPassword: ENC[AES256_GCM,data:s38LHPKR4UsJE2MvlvIuKllZsYGZxcwssbqMWoPqo11j,iv:iredmR6yFSMxmS7NFwz5kLUxPWdSIImYRLRkICr7sJQ=,tag:Gb+rMEBrVX4dDS+N/quHyA==,type:str] users: - - accessKey: ENC[AES256_GCM,data:0zHY1dpZcro=,iv:jYvIGZNi2j9bGXgDU8EuhlWivB88Fr0/oBIBgSMnyRc=,tag:VBTWvhQy02xgCD5/ew4A6g==,type:str] - secretKey: ENC[AES256_GCM,data:+5pzvUItGiuOpKTFWcDtt60bcg==,iv:Z1ITL0rTy/3/hKVApPCjWSslEUrEOGvUhiHAx3Fa84c=,tag:H7L2MZ/QQYulMqWv65fStw==,type:str] - policy: ENC[AES256_GCM,data:UH1OW/DcPycrKBpE,iv:nssYtBSfN09O0Z9FMQzW660LAMJ4EZP+090c893sb1Q=,tag:XSZpHMX6P1u4UyyzVLnGcQ==,type:str] - - accessKey: ENC[AES256_GCM,data:h8Zqj8Oi,iv:TlRLh7w4nHi0zNSF41gJBvCetQxQHH4bJLhJIgVv+MQ=,tag:xJht3fA5NwAKGJvUFyiBVQ==,type:str] - secretKey: ENC[AES256_GCM,data:uUHZdSRYPEiE5zvapL8=,iv:xYY7QBSzfRicImZZBoFpIbODiypxKC7wIZ/S4BluQX0=,tag:xXSYqJ3lEohWp9heC08qOw==,type:str] - policy: ENC[AES256_GCM,data:W+8wc5fu,iv:J+WHxQIbkffku41GJV9LgK/l28Ds7YI5nNtk8VlICYs=,tag:NtDHmQGJcjMoeD3oAbk9Kw==,type:str] - #ENC[AES256_GCM,data:TYF79Nw=,iv:dW5GFF4Se81r+JEKNN0P/dIluq+LT+CueMr1Rr7Hhic=,tag:UGDIsRChsM6DPIqAh3kECg==,type:comment] - #ENC[AES256_GCM,data:UO5QDyZ4GYVRKkHIJ97Cwl4=,iv:88QMVL1cji5fY1lpZp/B6CHhqrvY57jmRF2o4ixdnFA=,tag:QE/luvZJ03zh1SyR7GMXDQ==,type:comment] - #ENC[AES256_GCM,data:ddVGAKMd/cyVSDtM5RYnUo6z+T5dsuzb5DUd6/Tio52jNZZ4YtvUhrncW+I4SQzPUElNx6R/CNUmGmkYqXjkd2LnwchB5F0U1j+OhZHR,iv:KveAUI8L/muXShLVojH2xjwZGIS+D0RmJio26prCCHw=,tag:Mpoi7h0anEqHjYbvOHjPkw==,type:comment] - #ENC[AES256_GCM,data:mQZZbdr8wc2LpD5XLNaseerkclUtuSU6gOHJSP6f85PkyiHduGBdS8PZCvB1l82Yu0Y=,iv:60Bpshtdt61vlTjvEaHgi/MNGRbgXjFCIVb/HbcUr1U=,tag:uoLQmsvv31rv2fXPMgb5bQ==,type:comment] - #ENC[AES256_GCM,data:WBT41MB3gOut5RHECWApPUU54EErbzMWUOHBBl0mBOAuPK0lYtDSwNZgbSsPVb5WVcN19dMVfGdszox8oYyqKmLG6envNwhtfvQ=,iv:xsTwI3VeAzZqkkGJsU3CxlAkUlDS6aBbD6cOn+z5hj4=,tag:2yesctQM0VlspQZvrCNRng==,type:comment] - #ENC[AES256_GCM,data:2+1H+f/x8gI5vQuv9cfUYS3Q+iu9,iv:gtxhtl2vPcMSqTq8GtY4ywk+XA1k8bl00bgoFk6mHME=,tag:sRT3bc/W39SsQoBtGNQ2eQ==,type:comment] - #ENC[AES256_GCM,data:lwOXCoMkHgQk4xo9nmEtsD/hbqKCgGCK/26AtrYpoH5ntzInb/eXSqeZEsDCqPwy/ZjQCUmYU7XCvKXKm9T6HA==,iv:lcFNE1zKBc24JkPvZQMLlGAx5vhdDJZiJ6gzeJb/ZOo=,tag:xZ8KKC7RCOp9QeJGuxXHFA==,type:comment] - #ENC[AES256_GCM,data:AUwdNARkPPyycH6dooeSudjtiNanxcjOsr7lNdo=,iv:UIUU0CU4+6iD3yVaevnwqfoyprtSX/maBncP4q56yak=,tag:op1twIDRJtnxi44PVFfQtQ==,type:comment] - #ENC[AES256_GCM,data:AnHAONVEQiEofEmL/T0wdt1E0Q==,iv:L2wX/5EF+NJP/Ped+M5XuAg+IoymRmqHdvztFxYz3oI=,tag:t+uDB+bdv/m92JQsOvf0pA==,type:comment] - #ENC[AES256_GCM,data:ceYRPrvLpYUqV/aVVpP1elX/nOmGHUN81R1/JhTICEHWDm8a7wPc,iv:3dfTNmkYmTE01MSco390r/9oshumWm6OKvpofDicl+s=,tag:qH6M8xLJvFxa01MxlWnkFw==,type:comment] + - accessKey: ENC[AES256_GCM,data:J3pNKKmaius=,iv:Mjbx//mHSfVM4NEsOCdPMw7nZ5N2J1rg/IE8JZxzZ30=,tag:sX3OuZ3RodAn8znacBTu4A==,type:str] + secretKey: ENC[AES256_GCM,data:f4PO+T8IRvw5yhFz9Twf3h6vxw==,iv:13ekjlbaTZYDyhMQeM0oJ7/U53ZfhVX/AP20FUnVQ/A=,tag:ZR1YkIl9/6iyWm6leLvQcA==,type:str] + policy: ENC[AES256_GCM,data:mjGhLyvFBU5n6ePk,iv:v/ECOoGcnHGjuLgqMZ8yVTLPqdvn1HBVVAaUiD5fBT0=,tag:3tS26PT1Gg8kHUTfSSUH+g==,type:str] + - accessKey: ENC[AES256_GCM,data:mavKbC9T,iv:gfiilFHH9P3/UUTfjo/kl4r/tcMFN3/J1KyMF+3gY24=,tag:JEhrPdUjeBasQyrsduif9w==,type:str] + secretKey: ENC[AES256_GCM,data:kUs0AzmT/DCLqQEuF9Y=,iv:HoilTHkjITFUREb74y4JAl4YDWHz64XxTvVvKCGE6AE=,tag:bzw9XRz6C4BgB/4mYAf5jg==,type:str] + policy: ENC[AES256_GCM,data:DbIQFNub,iv:NB+PF0acEGFls9BNeQFm+00V1kX+5N7UGJFnhb8DUAU=,tag:tQSO5L0G5Vy51nVD/EKHmw==,type:str] +oidc: + enabled: ENC[AES256_GCM,data:AJwlxQ==,iv:e8Y4xI9VW7R64o5y2TYrMRnL92+RCzFaoF9v4wHDTlc=,tag:T0iZj9cCBxaF444+xuvKuA==,type:bool] + configUrl: ENC[AES256_GCM,data:UHLEsZwSGwNEV9r6wpiw4lLsMOLxJ6QfHKrrP2oduJE+YG7hImEljrO+/kPSUOgWMGgtXIjT/VLYw7xhW+TL,iv:v6bXPeKMho108y+kErL71RvqlfL0YEUtAaexITN6arY=,tag:r/oglMJVU2J2s3mEgjP+dA==,type:str] + clientId: ENC[AES256_GCM,data:39mFCS47/yw1lGxvDs7nLkk941qPaHUMgGBgtcqmJukGMfJK,iv:rfE/1ukQAO8geJVIJQOQaXmn37DfhDMR/t7Ghwd093A=,tag:SDz4TVKiMY+bXAtfrm17/Q==,type:str] + clientSecret: ENC[AES256_GCM,data:KcamhnHBTErbSS6dR7W+suwV5q13yXqZAUBYhKJ5Kj3t14dp6VDHoYc1Dwyt+hebFz0BYYbRA9g=,iv:hOhGu/lRjsEsEz4f6Wnkds6HNq3DnvM+GsJOAz1fOds=,tag:aQ4+xPDgg/2op+NQl7jhSg==,type:str] + claimName: ENC[AES256_GCM,data:UUrHhIFP,iv:dKg4zBykxhEKeG40a1eSWRYTyzpb5kBmzhEaULFgSII=,tag:3vfbgsoKkNF2Tmwx3Wi56w==,type:str] + redirectUri: ENC[AES256_GCM,data:evZK5yq5syKOsTqeqICTWLTq96AXTKftwDdbPYP9Na67N7I12P+jK8k1zKswHQY=,iv:L5AmYGkO2lyU4ytjyMOmuWDg4GtbeoTzcEdZF7WP+es=,tag:BF8AZUJ39+xICfrdNsY9iQ==,type:str] + comment: ENC[AES256_GCM,data:4h455QlIXewffU2bSKihkg==,iv:p5WRTZfAUgqbF/XpIlaLuUIhQhMWxgs0MW6cqNOiOtg=,tag:yk6CHXx7E8XBY3dath9ezQ==,type:str] + claimPrefix: "" + scopes: ENC[AES256_GCM,data:6DDclrvw1aAnE7KqMYcevELx/VUrQxUq/+my,iv:BUT/J2uFueDxUCdlylJgJ6cBn52fVAV6r+dGYUg+gx8=,tag:sAXpt6zqNi4kwdfYm5J75A==,type:str] sops: kms: [] gcp_kms: [] @@ -25,14 +25,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZ2hGWUYvbUorMzg5ZkV6 - MDAyR0kzUmNiV2U1TWVmT2hidWJwRW40alJVCmljR2t3aXRzdHVFR3FldmxEMm1U - SG1MdDJEeVVNdGswTkF4alNFMFIwM0kKLS0tICtSTHRTeE0ramt0UldVblh0dWtX - ZjQ2V2FrTnZEOGxCVTdzb1JHRVNjd2MKumygdzhr6eObw2CFKPVukneG9j/S9iPg - mtCKiTHzuePabixUagFvY3R8Y6P8X0/nq/2Me5MJTdI80Ga8WOQ23Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaeWFCZlp0VTdkNjV5VDkz + QVErMnVJM1hHbXZERnM5b1hvQWdRQ1N3SmpRCmpCaUkyc3pzRm0yTGZtQ3I5b21I + R3g5T2hKZzNxZmVKVHNoZU1RaTZlamMKLS0tIDlIUVBLSFVZOElZaktjK0xRYjJa + UmdLL0NqWVpuNXBYRENEeTltdFVLREUKrwPN2daokcqABFVXjYCbNyCA0zdMCYh6 + vzTTtNV718OAPQKgl3Ho2c5nhhQcWy5YlWPfGMUklZhocXsAvMXS/g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-04T08:44:29Z" - mac: ENC[AES256_GCM,data:g1CM1dHqXKNWMFNxjHr8JfBWBiEii5iIPeycvmfYm8kXSeVLMHBM3TiJPbOdqxuwme1lXxRKIPwoebYdCc5B/38Ugqu+JLFSj6QJOd6y67BinrS/mn99MVifASe+msYIo+r2B1T9mFiRxY71GJAVfpsy0hljcrJ7dW9Hdd7HAVI=,iv:7Q47rPLmW6uCi8cKYSsSWFVyDc3dT503Vnu1MvM0leI=,tag:vSTff0dVb6h9oBhLjkvvxA==,type:str] + lastmodified: "2023-03-26T11:56:18Z" + mac: ENC[AES256_GCM,data:oiaqwWDTTSvdGZxcLqAJrLkF+jNL2PfOOrTFtO2Arry1LehiGeXqNiqlHTd5IvnB/LrU9vGv5SjDrq+FRycfceai8O5hW8aGBXqCSZANIx7cpCJqtm1ErNAm8yw+K5rq/WeRKEySszNx7QtSZiM9ufo/GIAZMZgcd/bqFdm6oXE=,iv:s+uHg40NPT3kjwHnRIu3udkbm3gE36JMzPFhM6NdT/4=,tag:Q97lA8fRcPr5kGZEUbmhxQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.7.3 diff --git a/etersoft/values/secrets.postgres16.yaml b/etersoft/values/secrets.postgres16.yaml deleted file mode 100644 index e466bb1..0000000 --- a/etersoft/values/secrets.postgres16.yaml +++ /dev/null @@ -1,24 +0,0 @@ -global: - postgresql: - auth: - postgresPassword: ENC[AES256_GCM,data:O5Fvmjipcx7CZ4DKQjRW0isfzoUt,iv:sVl6TFRCKAL5ci+lC4DfX/vZkWwRVg559kq4GU67udY=,tag:dEsoEe1UfvD5rUrI+EYOsg==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4 - VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi - bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns - Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 - OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-04T02:27:48Z" - mac: ENC[AES256_GCM,data:yyvzDlqm3ZOGAMAWCbA4JBC2xs14dKJ4oGifHCvD6K3cBcLgQLS8MOoQJBVfAfL/lVqYDtQ8qwQl/NbCEAKdqw5mtGRwSGaCExSTfO8PIUZCT69q5lwhAxfSGkhjjup+88MhwdZbe2iqqr0nF/GBYT7exqu6Pj85ZKbeDVBTMUE=,iv:KVuyYWYvtVjFinkY82nPwKI/XX18t4purLInfjSxYlg=,tag:kD0G+keg4veTy+CN7KOo6Q==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.0 diff --git a/etersoft/values/values.longhorn.yaml b/etersoft/values/values.longhorn.yaml deleted file mode 100644 index 078e6ab..0000000 --- a/etersoft/values/values.longhorn.yaml +++ /dev/null @@ -1,13 +0,0 @@ -defaultSettings: - backupTarget: s3://longhorn@us-east1/backupstore - backupTargetCredentialSecret: aws-secret - guaranteedEngineManagerCPU: 6 - guaranteedReplicaManagerCPU: 6 - storageOverProvisioningPercentage: 300 - storageMinimalAvailablePercentage: 5 - defaultDataPath: /media-longhorn -csi: - kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet -persistence: - defaultClassReplicaCount: 1 -enablePSP: false diff --git a/etersoft/values/values.metallb-resources.yaml b/etersoft/values/values.metallb-resources.yaml deleted file mode 100644 index 5c77cf7..0000000 --- a/etersoft/values/values.metallb-resources.yaml +++ /dev/null @@ -1,5 +0,0 @@ -metallb: - enabled: true - ippools: - - name: etersoft - addresses: 91.232.225.63-91.232.225.63 diff --git a/etersoft/values/values.minio.yaml b/etersoft/values/values.minio.yaml index ba51cc3..0162fae 100644 --- a/etersoft/values/values.minio.yaml +++ b/etersoft/values/values.minio.yaml @@ -1,33 +1,4 @@ --- -# ------------------------------------------ -# -- Istio extenstion. Just because I'm -# -- not using ingress nginx -# ------------------------------------------ -istio: - enabled: true - istio: - - name: minio-http - gateway: badhouseplants-net - kind: http - hostname: min.e.badhouseplants.net - service: minio-console - port: 9001 - - name: s3-http - gateway: badhouseplants-net - kind: http - hostname: s3.e.badhouseplants.net - service: minio - port: 9000 -image: - repository: quay.io/minio/minio - tag: RELEASE.2024-01-11T07-46-16Z-cpuv1 - pullPolicy: IfNotPresent - -mcImage: - repository: quay.io/minio/mc - tag: RELEASE.2024-01-11T05-49-32Z-cpuv1 - pullPolicy: IfNotPresent - rootUser: 'overlord' replicas: 1 mode: standalone @@ -81,10 +52,6 @@ policies: - resources: - 'arn:aws:s3:::longhorn/*' - 'arn:aws:s3:::longhorn' - - 'arn:aws:s3:::restic/*' - - 'arn:aws:s3:::restic' - - 'arn:aws:s3:::etcd/*' - - 'arn:aws:s3:::etcd' actions: - "s3:DeleteObject" - "s3:GetObject" @@ -95,18 +62,6 @@ buckets: policy: none purge: false versioning: false - - name: velero-test - policy: none - purge: false - versioning: false - - name: restic - policy: none - purge: false - versioning: false - - name: etcd - policy: none - versioning: false - purge: false metrics: serviceMonitor: enabled: false diff --git a/etersoft/values/values.openvpn.yaml b/etersoft/values/values.openvpn.yaml index 4602748..f389024 100644 --- a/etersoft/values/values.openvpn.yaml +++ b/etersoft/values/values.openvpn.yaml @@ -1,24 +1,5 @@ --- -# ------------------------------------------ -# -- Istio extenstion. Just because I'm -# -- not using ingress nginx -# ------------------------------------------ -istio: - enabled: true - istio: - - name: openvpn-tcp - gateway: etersoft-vpn - kind: tcp - port_match: 1194 - hostname: "*" - service: openvpn - port: 1194 - -image: - tag: v2.6.5-xor-4.0.0beta08 -storage: - class: microk8s-hostpath - size: 5Gi +storageClassName: microk8s-hostpath openvpn: server: "tcp://91.232.225.63:1194" service: diff --git a/etersoft/values/values.postgres16.yaml b/etersoft/values/values.postgres16.yaml deleted file mode 100644 index cbcb751..0000000 --- a/etersoft/values/values.postgres16.yaml +++ /dev/null @@ -1,10 +0,0 @@ -architecture: standalone - -auth: - database: postgres - -persistence: - size: 1Gi - -metrics: - enabled: false diff --git a/extensions.yaml b/extensions.yaml deleted file mode 100644 index 86903c3..0000000 --- a/extensions.yaml +++ /dev/null @@ -1,56 +0,0 @@ -templates: - # ---------------------------- - # -- Extensions - # ---------------------------- - ext-istio-gateway: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: istio-gateway - values: - - '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml' - - ext-istio-resource: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: istio - values: - - '{{ requiredEnv "PWD" }}/common/values.istio.yaml' - ext-certificate: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: certificate - values: - - '{{ requiredEnv "PWD" }}/common/values.certificate.yaml' - ext-metallb: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: metallb - values: - - '{{ requiredEnv "PWD" }}/common/values.metallb.yaml' - service-monitor: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: service-monitor - values: - - '{{ requiredEnv "PWD" }}/common/values.service-monitor.yaml' - namespace: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: ns - inherit: - - template: default-common-values - - template: default-env-values - - ext-database: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: ext-database - values: - - '{{ requiredEnv "PWD" }}/common/values.database.yaml' diff --git a/helmfile.yaml b/helmfile.yaml index 735e9ba..7de8c56 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -11,29 +11,34 @@ releases: namespace: kube-system createNamespace: false + - <<: *istio-base + installed: true + namespace: istio-system + createNamespace: false + + - <<: *istio-gateway + installed: true + namespace: istio-system + createNamespace: false + + - <<: *istiod + installed: true + namespace: istio-system + createNamespace: false + - <<: *cert-manager installed: true - namespace: kube-system + namespace: cert-manager createNamespace: false - <<: *minio installed: true namespace: minio-service createNamespace: false - - - <<: *metallb + + - <<: *openvpn installed: true - namespace: kube-system - createNamespace: false - - - <<: *reflector - installed: true - namespace: kube-system - createNamespace: false - - - <<: *metallb-resources - installed: true - namespace: kube-system + namespace: openvpn-service createNamespace: false helmfiles: diff --git a/helmule/helmule.yaml b/helmule/helmule.yaml deleted file mode 100644 index 5be7c9a..0000000 --- a/helmule/helmule.yaml +++ /dev/null @@ -1,235 +0,0 @@ -charts: - - repository: metrics-server - name: metrics-server - mirrors: - - custom-commands - - repository: metallb - name: metallb - mirrors: - - custom-commands - - repository: bedag - name: raw - mirrors: - - custom-commands - - repository: jetstack - name: cert-manager - mirrors: - - custom-commands - - repository: longhorn - name: longhorn - mirrors: - - custom-commands - - repository: argo - name: argo-cd - mirrors: - - custom-commands - - repository: prometheus-community - name: kube-prometheus-stack - mirrors: - - custom-commands - - repository: grafana - name: loki - mirrors: - - custom-commands - - repository: grafana - name: promtail - mirrors: - - custom-commands - - repository: istio - name: base - mirrors: - - custom-commands - - repository: istio - name: gateway - mirrors: - - custom-commands - - repository: istio - name: istiod - mirrors: - - custom-commands - - repository: allanger-gitea - name: openvpn-xor - mirrors: - - custom-commands - - repository: allanger-gitea - name: openvpn - mirrors: - - custom-commands - - repository: drone - name: drone - mirrors: - - custom-commands - - repository: drone - name: drone-runner-docker - mirrors: - - custom-commands - - repository: woodpecker - name: woodpecker - mirrors: - - custom-commands - - repository: bitnami - name: wordpress - mirrors: - - custom-commands - - repository: minio - name: minio - mirrors: - - custom-commands - - repository: gitea - name: gitea - mirrors: - - custom-commands - - repository: ananace-charts - name: funkwhale - mirrors: - - custom-commands - - repository: bitwarden - name: vaultwarden - mirrors: - - custom-commands - - repository: bitnami - name: redis - mirrors: - - custom-commands - - repository: bitnami - name: postgresql - mirrors: - - custom-commands - - repository: db-operator - name: db-operator - mirrors: - - custom-commands - - repository: db-operator - name: db-instances - mirrors: - - custom-commands - - repository: bitnami - name: mysql - mirrors: - - custom-commands - - repository: allanger-gitea - name: docker-mailserver - mirrors: - - custom-commands - - repository: allanger-gitea - name: vaultwarden - mirrors: - - custom-commands - - repository: emberstack - name: reflector - mirrors: - - custom-commands - - repository: mailu - name: mailu - mirrors: - - custom-commands - - repository: gabe565 - name: tandoor - mirrors: - - custom-commands - - repository: coredns - name: coredns - mirrors: - - custom-commands - - repository: cilium - name: cilium - mirrors: - - custom-commands - - repository: zot - name: zot - mirrors: - - custom-commands -mirrors: - - name: custom-commands - custom_command: - package: - - helm package -d package . - upload: - - helm push ./package/{{ name }}-{{ version }}.tgz oci://registry.badhouseplants.net/badhouseplants - - rm -rf ./package -repositories: - - name: metrics-server - helm: - url: https://kubernetes-sigs.github.io/metrics-server/ - - name: jetstack - helm: - url: https://charts.jetstack.io - - name: istio - helm: - url: https://istio-release.storage.googleapis.com/charts - - name: drone - helm: - url: https://charts.drone.io - - name: bitnami - helm: - url: https://charts.bitnami.com/bitnami - - name: minio - helm: - url: https://charts.min.io/ - - name: longhorn - helm: - url: https://charts.longhorn.io - - name: gitea - helm: - url: https://dl.gitea.io/charts/ - - name: ananace-charts - helm: - url: https://ananace.gitlab.io/charts - - name: argo - helm: - url: https://argoproj.github.io/argo-helm - - name: bedag - helm: - url: https://bedag.github.io/helm-charts/ - - name: metallb - helm: - url: https://metallb.github.io/metallb - - name: prometheus-community - helm: - url: https://prometheus-community.github.io/helm-charts - - name: grafana - helm: - url: https://grafana.github.io/helm-charts - - name: bitwarden - helm: - url: https://constin.github.io/vaultwarden-helm/ - - name: db-operator - helm: - url: https://db-operator.github.io/charts - - name: allanger-gitea - helm: - url: https://git.badhouseplants.net/api/packages/allanger/helm - - name: badhouseplants - helm: - url: https://badhouseplants.github.io/helm-charts/ - - name: woodpecker - helm: - url: https://woodpecker-ci.org - - name: firefly-iii - helm: - url: https://firefly-iii.github.io/kubernetes/ - - name: emberstack - helm: - url: https://emberstack.github.io/helm-charts - - name: gabe565 - helm: - url: https://charts.gabe565.com - - name: mailu - helm: - url: https://mailu.github.io/helm-charts/ - - name: coredns - helm: - url: https://coredns.github.io/helm - - name: cilium - helm: - url: https://helm.cilium.io/ - - name: phybros-helm-charts - helm: - url: https://phybros.github.io/helm-charts - - name: nextcloud - helm: - url: https://nextcloud.github.io/helm/ - - name: zot - helm: - url: https://zotregistry.dev/helm-charts/ - diff --git a/manifests/badhouseplants-ip.yaml b/manifests/badhouseplants-ip.yaml deleted file mode 100644 index 86db502..0000000 --- a/manifests/badhouseplants-ip.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# addresspool.yaml ---- -apiVersion: metallb.io/v1beta1 -kind: IPAddressPool -metadata: - name: custom-addresspool - namespace: metallb-system -spec: - addresses: - - 195.201.249.91-195.201.249.91 diff --git a/manifests/debug/istio-stuff.yaml b/manifests/debug/istio-stuff.yaml deleted file mode 100644 index 70c689e..0000000 --- a/manifests/debug/istio-stuff.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: proxy-protocol - namespace: istio-system -spec: - workloadSelector: - labels: - istio: ingressgateway - configPatches: - - applyTo: LISTENER - patch: - operation: MERGE - value: - listener_filters: - - name: envoy.listener.proxy_protocol - diff --git a/manifests/debug/istio/httpbin.yaml b/manifests/debug/istio/httpbin.yaml deleted file mode 100644 index bc5f0b1..0000000 --- a/manifests/debug/istio/httpbin.yaml +++ /dev/null @@ -1,81 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - labels: - kubernetes.io/metadata.name: debug - name: debug ---- -# httpbin.yaml -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: httpbin - namespace: debug -spec: - hosts: - - "httpbin.badhouseplants.net" - gateways: - - istio-system/badhouseplants-net - http: - - route: - - destination: - port: - number: 8000 - host: httpbin ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: httpbin - namespace: debug -spec: - rules: - - host: "httpbin.badhouseplants.net" - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: httpbin - port: - number: 8000 ---- -apiVersion: v1 -kind: Service -metadata: - name: httpbin - namespace: debug - labels: - app: httpbin -spec: - ports: - - name: http - port: 8000 - selector: - app: httpbin ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: httpbin - namespace: debug -spec: - replicas: 1 - selector: - matchLabels: - app: httpbin - version: v1 - template: - metadata: - labels: - app: httpbin - version: v1 - spec: - containers: - - image: docker.io/citizenstig/httpbin - imagePullPolicy: IfNotPresent - name: httpbin - ports: - - containerPort: 8000 diff --git a/manifests/debug/metallb/deployment.yaml b/manifests/debug/metallb/deployment.yaml deleted file mode 100644 index 1ad28b5..0000000 --- a/manifests/debug/metallb/deployment.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nginx -spec: - selector: - matchLabels: - app: nginx - replicas: 2 - template: - metadata: - labels: - app: nginx - spec: - containers: - - name: nginx - image: nginx:1.14.2 - ports: - - containerPort: 80 diff --git a/manifests/debug/metallb/service.yaml b/manifests/debug/metallb/service.yaml deleted file mode 100644 index 041fc06..0000000 --- a/manifests/debug/metallb/service.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: nginx -spec: - selector: - app: nginx - ports: - - port: 80 - targetPort: 80 - type: LoadBalancer diff --git a/manifests/debug/proxy-prot.yaml b/manifests/debug/proxy-prot.yaml deleted file mode 100644 index 94e9946..0000000 --- a/manifests/debug/proxy-prot.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: proxy-protocol - namespace: istio-system -spec: - configPatches: - - applyTo: LISTENER - patch: - operation: MERGE - value: - listener_filters: - - name: envoy.listener.proxy_protocol - - name: envoy.listener.tls_inspector - workloadSelector: - labels: - istio: ingressgateway diff --git a/manifests/debug/test.yaml b/manifests/debug/test.yaml deleted file mode 100644 index 25636a6..0000000 --- a/manifests/debug/test.yaml +++ /dev/null @@ -1,83 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: httpbin-gateway -spec: - selector: - istio: ingressgateway - servers: - - port: - number: 80 - name: http - protocol: HTTP2 - hosts: - - "test.badhouseplants.net" - - hosts: - - "test.badhouseplants.net" - port: - name: https - number: 443 - protocol: HTTPS - tls: - credentialName: badhouseplants-wildcard-tls - mode: SIMPLE ---- -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: httpbin -spec: - hosts: - - "test.badhouseplants.net" - gateways: - - httpbin-gateway - http: - - route: - - destination: - host: httpbin - port: - number: 8000 ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: httpbin ---- -apiVersion: v1 -kind: Service -metadata: - name: httpbin - labels: - app: httpbin - service: httpbin -spec: - ports: - - name: http - port: 8000 - targetPort: 80 - selector: - app: httpbin ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: httpbin -spec: - replicas: 1 - selector: - matchLabels: - app: httpbin - version: v1 - template: - metadata: - labels: - app: httpbin - version: v1 - spec: - serviceAccountName: httpbin - containers: - - image: docker.io/kong/httpbin - imagePullPolicy: IfNotPresent - name: httpbin - ports: - - containerPort: 80 diff --git a/manifests/debug/ubuntu.yaml b/manifests/debug/ubuntu.yaml deleted file mode 100644 index 676a047..0000000 --- a/manifests/debug/ubuntu.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: ubuntu -spec: - containers: - - name: ubuntu - image: ubuntu - command: - - sleep - - infinity diff --git a/manifests/etersoft-ip.yaml b/manifests/etersoft-ip.yaml deleted file mode 100644 index 7e8a401..0000000 --- a/manifests/etersoft-ip.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# addresspool.yaml ---- -apiVersion: metallb.io/v1beta1 -kind: IPAddressPool -metadata: - name: custom-addresspool - namespace: metallb-system -spec: - addresses: - - 91.232.225.63-91.232.225.63 diff --git a/manifests/httpo1-cluster-issuer.yaml b/manifests/httpo1-cluster-issuer.yaml deleted file mode 100644 index 547b892..0000000 --- a/manifests/httpo1-cluster-issuer.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - labels: - app.kubernetes.io/instance: cluster-issuer - app.kubernetes.io/name: acme-cluster-issuer - name: badhouseplants-issuer-http01 -spec: - acme: - email: allanger@zohomail.com - preferredChain: "" - privateKeySecretRef: - name: badhouseplants-issuer-htt01-account-key - server: https://acme-v02.api.letsencrypt.org/directory - solvers: - - http01: - ingress: - ingressClassName: traefik diff --git a/manifests/new-ip.yaml b/manifests/new-ip.yaml deleted file mode 100644 index b554876..0000000 --- a/manifests/new-ip.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -# Source: raw/charts/metallb/templates/resources.yaml ---- -apiVersion: metallb.io/v1beta1 -kind: IPAddressPool -metadata: - name: etersoft -spec: - addresses: - - 91.232.225.63-91.232.225.63 - diff --git a/manifests/shadowsocks/install.yaml b/manifests/shadowsocks/install.yaml deleted file mode 100644 index a539b01..0000000 --- a/manifests/shadowsocks/install.yaml +++ /dev/null @@ -1,78 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: shadowsocks-deployment - labels: - app: shadowsocks -spec: - replicas: 1 - selector: - matchLabels: - app: shadowsocks - template: - metadata: - labels: - app: shadowsocks - spec: - containers: - - name: shadowsocks-libev - image: shadowsocks/shadowsocks-libev - env: - - name: METHOD - value: chacha20-ietf-poly1305 - - name: PASSWORD - value: test12345 - ports: - - containerPort: 8388 - securityContext: - capabilities: - add: - - NET_ADMIN ---- -apiVersion: v1 -kind: Service -metadata: - name: shadowsocks - labels: - app: shadowsocks -spec: - type: ClusterIP - ports: - - port: 8388 - protocol: TCP - selector: - app: shadowsocks ---- -apiVersion: networking.istio.io/v1beta1 -kind: Gateway -metadata: - name: badhouseplants-shadowsocks - namespace: istio-system -spec: - selector: - istio: ingressgateway - servers: - - hosts: - - '*' - port: - name: tcp - number: 8388 - protocol: TCP ---- -apiVersion: networking.istio.io/v1beta1 -kind: VirtualService -metadata: - name: shadowsocks -spec: - gateways: - - istio-system/badhouseplants-shadowsocks - hosts: - - '*' - tcp: - - match: - - port: 8388 - route: - - destination: - host: shadowsocks - port: - number: 8388 diff --git a/releases.yaml b/releases.yaml index f07b763..c435e27 100644 --- a/releases.yaml +++ b/releases.yaml @@ -1,3 +1,4 @@ +--- templates: # --------------------------- # -- Hooks @@ -9,10 +10,7 @@ templates: command: "sh" args: - -c - - | - helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl replace -f - \ - || helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl create -f - \ - || true + - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }}| kubectl apply -f -" - events: ["prepare"] showlogs: true command: "sh" @@ -24,13 +22,13 @@ templates: command: "sh" args: - -c - - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true" + - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f -" # ---------------------------- # -- Configs # ---------------------------- default-common-values: values: - - '{{ requiredEnv "PWD" }}/common/values.{{ .Release.Name }}.yaml' + - '{{ requiredEnv "PWD" }}/commmon/values.{{ .Release.Name }}.yaml' default-env-values: values: - '{{ requiredEnv "PWD" }}/{{ .Environment.Name }}/values/values.{{ .Release.Name }}.yaml' @@ -40,44 +38,11 @@ templates: # ---------------------------- # -- Extensions # ---------------------------- - ext-istio-gateway: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: istio-gateway - values: - - '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml' - - ext-tcp-routes: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: traefik - values: - - '{{ requiredEnv "PWD" }}/common/values.tcp-route.yaml' - - ext-istio-resource: + istio-resource: dependencies: - chart: bedag/raw version: 2.0.0 alias: istio - values: - - '{{ requiredEnv "PWD" }}/common/values.istio.yaml' - - ext-certificate: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: certificate - values: - - '{{ requiredEnv "PWD" }}/common/values.certificate.yaml' - ext-metallb: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: metallb - values: - - '{{ requiredEnv "PWD" }}/common/values.metallb.yaml' service-monitor: dependencies: - chart: bedag/raw @@ -90,116 +55,48 @@ templates: - chart: bedag/raw version: 2.0.0 alias: ns - inherit: - - template: default-common-values - - template: default-env-values - - ext-database: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: ext-database values: - - '{{ requiredEnv "PWD" }}/common/values.database.yaml' + - '{{ requiredEnv "PWD" }}/common/values.ns.yaml' # ---------------------------- # -- Releases # ---------------------------- # -- System # ---------------------------- - namespaces: &namespaces - name: namespaces - chart: '{{ requiredEnv "PWD" }}/charts/namespaces/chart' - namespace: kube-public - createNamespace: false - inherit: - - template: default-env-values - - roles: &roles - name: roles - chart: '{{ requiredEnv "PWD" }}/charts/roles' - namespace: kube-public - createNamespace: false - inherit: - - template: default-env-values - metrics-server: &metrics-server name: metrics-server chart: metrics-server/metrics-server - version: 3.12.1 + version: 3.9.0 values: - common/values.{{ .Release.Name }}.yaml - metallb: &metallb - name: metallb - chart: metallb/metallb - version: 0.14.5 - - metallb-resources: &metallb-resources - name: metallb-resources - chart: bedag/raw - version: 2.0.0 - inherit: - - template: ext-metallb - - template: default-env-values - cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.15.0 + version: 1.11.0 set: - name: installCRDs value: true longhorn: &longhorn name: longhorn chart: longhorn/longhorn - version: 1.6.2 + version: 1.4.1 inherit: - template: default-env-values argocd: &argocd name: argocd chart: argo/argo-cd - version: 7.1.3 + version: 5.27.4 inherit: - template: default-env-values - template: default-env-secrets - - monitoring-common: - labels: - bundle: monitoring - - prometheus: &prometheus - name: prometheus - chart: prometheus-community/kube-prometheus-stack - version: 58.5.3 - inherit: - - template: monitoring-common - - template: default-env-values - - template: default-env-secrets - - template: crd-management-hook - - loki: &loki - name: loki - chart: grafana/loki - version: 6.5.2 - inherit: - - template: monitoring-common - - template: default-env-values - - promtail: &promtail - name: promtail - chart: grafana/promtail - version: 6.15.5 - inherit: - - template: monitoring-common - - template: default-env-values # ---------------------------- # -- Istio # ---------------------------- istio-common: labels: bundle: istio - version: 1.22.0 + version: 1.17.1 istio-base: &istio-base name: istio-base @@ -215,15 +112,6 @@ templates: - template: istio-common - template: default-env-values - istio-gateway-resources: &istio-gateway-resources - name: istio-gateway-resources - chart: bedag/raw - version: 2.0.0 - inherit: - - template: ext-istio-gateway - - template: ext-certificate - - template: default-env-values - istiod: &istiod name: istiod chart: istio/istiod @@ -234,57 +122,33 @@ templates: # ---------------------------- # -- Applications # ---------------------------- - openvpn-xor: &openvpn-xor - name: openvpn-xor - chart: allanger-gitea/openvpn-xor - version: 1.2.0 - inherit: - - template: default-env-values - - template: ext-tcp-routes - openvpn: &openvpn name: openvpn - chart: allanger-gitea/openvpn - version: 1.2.0 + chart: allanger-charts/openvpn + version: 1.0.3 inherit: - template: default-env-values - # ---------------------------- - # -- Drone - # ---------------------------- - drone-common: - labels: - bundle: drone + drone: &drone name: drone chart: drone/drone - version: 0.6.5 + version: 0.6.4 inherit: - template: default-env-values - template: default-env-secrets - - template: drone-common - drone-runner-docker: &drone-runner-docker - name: drone-runner-docker - chart: drone/drone-runner-docker - version: 0.6.2 + drone-runner-kube: &drone-runner-kube + name: drone-runner-kube + chart: drone/drone-runner-kube + version: 0.1.10 inherit: - template: default-env-values - template: default-env-secrets - - template: drone-common - - woodpecker-ci: &woodpecker-ci - name: woodpecker-ci - chart: woodpecker/woodpecker - version: 1.5.0 - inherit: - - template: ext-database - - template: default-env-values - - template: default-env-secrets nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 22.4.10 + version: 15.2.59 inherit: - template: default-env-values - template: default-env-secrets @@ -292,173 +156,31 @@ templates: minio: &minio name: minio chart: minio/minio - version: 5.2.0 + version: 5.0.7 inherit: - template: default-env-values - template: default-env-secrets + minecraft: &minecraft + name: minecraft + chart: minecraft-server-charts/minecraft + version: 4.6.0 + inherit: + - template: default-env-values + # - template: service-monitor + gitea: &gitea name: gitea chart: gitea/gitea - version: 10.2.0 + version: 8.0.2 inherit: - template: default-env-values - template: default-env-secrets - - template: ext-database funkwhale: &funkwhale name: funkwhale chart: ananace-charts/funkwhale - version: 2.0.5 + version: 1.0.1 inherit: - template: default-env-values - template: default-env-secrets - - template: ext-database - - bitwarden: &bitwarden - name: bitwarden - chart: bitwarden/vaultwarden - version: 0.1.7 - inherit: - - template: default-env-values - - template: default-env-secrets - - redis: &redis - name: redis - chart: bitnami/redis - version: 19.5.3 - inherit: - - template: default-env-values - - template: default-env-secrets - - postgres16: &postgres16 - name: postgres16 - chart: bitnami/postgresql - version: 15.5.5 - inherit: - - template: default-env-values - - template: default-env-secrets - - db-operator: &db-operator - name: db-operator - chart: db-operator/db-operator - version: 1.25.0 - - db-instances: &db-instances - name: db-instances - chart: db-operator/db-instances - version: 2.3.1 - inherit: - - template: default-env-values - - template: default-env-secrets - - mysql: &mysql - name: mysql - chart: bitnami/mysql - version: 11.1.2 - inherit: - - template: default-env-values - - template: default-env-secrets - - docker-mailserver: &docker-mailserver - name: docker-mailserver - chart: allanger-gitea/docker-mailserver - version: 2.3.1 - inherit: - - template: default-env-values - - template: ext-tcp-routes - - vaultwarden: &vaultwarden - name: vaultwarden - chart: allanger-gitea/vaultwarden - version: 1.2.0 - inherit: - - template: default-env-values - - template: default-env-secrets - - template: ext-database - - vaultwarden-test: &vaultwardentest - name: vaultwardentest - chart: allanger-gitea/vaultwarden - version: 1.2.0 - inherit: - - template: default-env-values - - template: default-env-secrets - - reflector: &reflector - name: reflector - chart: emberstack/reflector - version: 7.1.262 - - mailu: &mailu - name: mailu - chart: mailu/mailu - version: 1.5.0 - inherit: - - template: default-env-values - - template: default-env-secrets - - template: ext-certificate - - template: ext-tcp-routes - - template: ext-database - - tandoor: &tandoor - name: tandoor - chart: gabe565/tandoor - version: 0.9.5 - inherit: - - template: default-env-values - - template: default-env-secrets - - template: ext-database - - coredns: &coredns - name: coredns - chart: coredns/coredns - version: 1.31.0 - namespace: kube-system - inherit: - - template: default-env-values - - cilium: &cilium - name: cilium - chart: cilium/cilium - version: 1.15.6 - createNamespace: false - namespace: kube-system - inherit: - - template: default-env-values - - zot: &zot - name: zot - chart: zot/zot - version: 0.1.56 - createNamespace: false - namespace: kube-services - inherit: - - template: default-env-values - - template: default-env-secrets - - template: ext-istio-resource - - keel: &keel - name: keel - chart: keel/keel - version: 1.0.3 - createNamespace: false - namespace: kube-system - - traefik: &traefik - name: traefik - chart: traefik/traefik - version: 28.3.0 - createNamespace: false - namespace: kube-system - inherit: - - template: default-env-values - - local-path-provisioner: &local-path-provisioner - name: local-path-provisioner - chart: local-path-provisioner/local-path-provisioner - createNamespace: false - namespace: kube-system - inherit: - - template: default-env-values - diff --git a/repositories-oci.yaml b/repositories-oci.yaml deleted file mode 100644 index 5db4d1e..0000000 --- a/repositories-oci.yaml +++ /dev/null @@ -1,4 +0,0 @@ -repositories: - - name: badhouseplants-oci - url: registry.badhouseplants.net/badhouseplants - oci: true diff --git a/repositories.yaml b/repositories.yaml index 5ffcf86..f41d930 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -1,6 +1,9 @@ +--- repositories: - name: metrics-server url: https://kubernetes-sigs.github.io/metrics-server/ + - name: allanger-charts + url: https://allanger.github.io/allanger-charts - name: jetstack url: https://charts.jetstack.io - name: istio @@ -11,6 +14,8 @@ repositories: url: https://charts.bitnami.com/bitnami - name: minio url: https://charts.min.io/ + - name: minecraft-server-charts + url: https://itzg.github.io/minecraft-server-charts/ - name: longhorn url: https://charts.longhorn.io - name: gitea @@ -21,45 +26,3 @@ repositories: url: https://argoproj.github.io/argo-helm - name: bedag url: https://bedag.github.io/helm-charts/ - - name: metallb - url: https://metallb.github.io/metallb - - name: prometheus-community - url: https://prometheus-community.github.io/helm-charts - - name: grafana - url: https://grafana.github.io/helm-charts - - name: bitwarden - url: https://constin.github.io/vaultwarden-helm/ - - name: db-operator - url: https://db-operator.github.io/charts - # - name: allanger-gitea - # url: https://git.badhouseplants.net/api/packages/allanger/helm - - name: badhouseplants - url: https://badhouseplants.github.io/helm-charts/ - - name: woodpecker - url: https://woodpecker-ci.org - - name: firefly-iii - url: https://firefly-iii.github.io/kubernetes/ - - name: emberstack - url: https://emberstack.github.io/helm-charts - - name: gabe565 - url: https://charts.gabe565.com - - name: mailu - url: https://mailu.github.io/helm-charts/ - - name: coredns - url: https://coredns.github.io/helm - - name: cilium - url: https://helm.cilium.io/ - - name: phybros-helm-charts - url: https://phybros.github.io/helm-charts - - name: nextcloud - url: https://nextcloud.github.io/helm/ - - name: zot - url: https://zotregistry.dev/helm-charts/ - - name: chartmuseum - url: https://chartmuseum.github.io/charts - - name: keel - url: https://charts.keel.sh - - name: traefik - url: https://traefik.github.io/charts - - name: local-path-provisioner - url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=v0.0.26 diff --git a/scripts/migrate_postgres.sh b/scripts/migrate_postgres.sh deleted file mode 100644 index 33fa417..0000000 --- a/scripts/migrate_postgres.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash -export PGHOST=$OLD_PGHOST -export PGPASSWORD=$OLD_PGPASSWORD -export PGDATABASE=$OLD_PGDATABASE -DUMP_FILE=/tmp/$PGDATABASE.dump -pg_dump $PGDATABASE --no-owner --no-privileges -Fc -f $DUMP_FILE -vvv - -export PGHOST=$NEW_PGHOST -export PGPASSWORD=$NEW_PGPASSWORD -export PGDATABASE=$NEW_PGDATABASE -pg_restore --no-owner --no-privileges -d $PGDATABASE -Fc $DUMP_FILE -vvv - -psql -c "GRANT ALL PRIVILEGES ON DATABASE \"${PGDATABASE}\" to \"${PGDATABASE}\"" -psql -c "GRANT ALL ON SCHEMA public to \"${PGDATABASE}\"" -psql -c "GRANT ALL ON ALL TABLES IN SCHEMA public TO \"${PGDATABASE}\"" - -rm -f /tmp/output - -psql -c "\ -SELECT format(\ - 'ALTER TABLE %I.%I.%I OWNER TO %I;',\ - table_catalog,\ - table_schema,\ - table_name,\ - '${PGDATABASE}')\ -FROM information_schema.tables \ -WHERE table_schema='public'" | grep ALTER > /tmp/output - -psql -c "\ -SELECT format(\ - 'ALTER SEQUENCE %I.%I.%I OWNER TO %I;',\ - sequence_catalog,\ - sequence_schema,\ - sequence_name,\ - '${PGDATABASE}')\ -FROM information_schema.sequences \ -WHERE sequence_schema='public'" | grep ALTER >> /tmp/output - -psql -c "$(cat /tmp/output)" diff --git a/system/charts/namespaces/chart/.helmignore b/system/charts/namespaces/chart/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/system/charts/namespaces/chart/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/system/charts/namespaces/chart/Chart.yaml b/system/charts/namespaces/chart/Chart.yaml deleted file mode 100644 index 0f737fe..0000000 --- a/system/charts/namespaces/chart/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -name: namespaces -description: A Helm chart for Kubernetes - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "1.16.0" diff --git a/system/charts/namespaces/chart/templates/_helpers.tpl b/system/charts/namespaces/chart/templates/_helpers.tpl deleted file mode 100644 index a33714c..0000000 --- a/system/charts/namespaces/chart/templates/_helpers.tpl +++ /dev/null @@ -1,43 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "namespaces.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "namespaces.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "namespaces.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "namespaces.labels" -}} -helm.sh/chart: {{ include "namespaces.chart" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - diff --git a/system/charts/namespaces/chart/templates/namespaces.yaml b/system/charts/namespaces/chart/templates/namespaces.yaml deleted file mode 100644 index dc2bd62..0000000 --- a/system/charts/namespaces/chart/templates/namespaces.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.namespaces }} -{{- range $ns := .Values.namespaces }} ---- -apiVersion: v1 -kind: Namespace -metadata: - name: {{ $ns.name }} - labels: - {{- include "namespaces.labels" $ | nindent 4 }} - {{- with $ns.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with $ns.annotations}} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/system/charts/namespaces/chart/values.yaml b/system/charts/namespaces/chart/values.yaml deleted file mode 100644 index cd5a239..0000000 --- a/system/charts/namespaces/chart/values.yaml +++ /dev/null @@ -1,20 +0,0 @@ -namespaces: - - name: giantswarm-flux - labels: - name: giantswarm-flux - - name: giantswarm - labels: - name: giantswarm - - name: monitoring - labels: - name: monitoring - - name: org-giantswarm - labels: - name: org-giantswarm - - name: flux-system - labels: - name: flux-system - - name: flux-giantswarm - labels: - name: flux-giantswarm - - name: policy-exception diff --git a/system/charts/namespaces/kustomize/flux-system.yml b/system/charts/namespaces/kustomize/flux-system.yml deleted file mode 100644 index f44f3af..0000000 --- a/system/charts/namespaces/kustomize/flux-system.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: flux-system - labels: - name: flux-system diff --git a/system/charts/namespaces/kustomize/giantswarm-flux.yml b/system/charts/namespaces/kustomize/giantswarm-flux.yml deleted file mode 100644 index bd0e121..0000000 --- a/system/charts/namespaces/kustomize/giantswarm-flux.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: giantswarm-flux - labels: - name: giantswarm-flux diff --git a/system/charts/namespaces/kustomize/giantswarm.yml b/system/charts/namespaces/kustomize/giantswarm.yml deleted file mode 100644 index 31e7916..0000000 --- a/system/charts/namespaces/kustomize/giantswarm.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: giantswarm - labels: - name: giantswarm diff --git a/system/charts/namespaces/kustomize/kustomization.yaml b/system/charts/namespaces/kustomize/kustomization.yaml deleted file mode 100644 index 8159198..0000000 --- a/system/charts/namespaces/kustomize/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -resources: - - ./giantswarm-flux.yml - - ./giantswarm.yml - - ./monitoring.yml - - ./org-giantswarm.yml diff --git a/system/charts/namespaces/kustomize/monitoring.yml b/system/charts/namespaces/kustomize/monitoring.yml deleted file mode 100644 index 90d12ef..0000000 --- a/system/charts/namespaces/kustomize/monitoring.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: monitoring - labels: - name: monitoring diff --git a/system/charts/namespaces/kustomize/org-giantswarm.yml b/system/charts/namespaces/kustomize/org-giantswarm.yml deleted file mode 100644 index f27e8c4..0000000 --- a/system/charts/namespaces/kustomize/org-giantswarm.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: org-giantswarm - labels: - name: org-giantswarm diff --git a/system/charts/root/.helmignore b/system/charts/root/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/system/charts/root/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/system/charts/root/Chart.yaml b/system/charts/root/Chart.yaml deleted file mode 100644 index 59e507d..0000000 --- a/system/charts/root/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v2 -name: root -description: A Helm chart for Kubernetes -type: application -version: 0.1.5 -appVersion: "1.16.0" diff --git a/system/charts/root/templates/_helpers.tpl b/system/charts/root/templates/_helpers.tpl deleted file mode 100644 index 8a3cc9a..0000000 --- a/system/charts/root/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "root.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "root.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "root.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "root.labels" -}} -helm.sh/chart: {{ include "root.chart" . }} -{{ include "root.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "root.selectorLabels" -}} -app.kubernetes.io/name: {{ include "root.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "root.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "root.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/system/charts/root/templates/root.yaml b/system/charts/root/templates/root.yaml deleted file mode 100644 index f542187..0000000 --- a/system/charts/root/templates/root.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }} -apiVersion: source.toolkit.fluxcd.io/v1 -kind: GitRepository -metadata: - name: root -spec: - interval: 30s - url: {{ .Values.url }} - ref: - branch: {{ .Values.branch }} ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: root -spec: - interval: 30s - targetNamespace: flux-system - sourceRef: - kind: GitRepository - name: root - path: "." - prune: false - timeout: 1m -{{- end }} diff --git a/system/charts/root/templates/self.yaml b/system/charts/root/templates/self.yaml deleted file mode 100644 index 0ddb8de..0000000 --- a/system/charts/root/templates/self.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }} -apiVersion: source.toolkit.fluxcd.io/v1 -kind: GitRepository -metadata: - name: root-self -spec: - interval: 30s - url: {{ .Values.self.url }} - ref: - branch: {{ .Values.self.branch }} ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: root-self -spec: - interval: 30s - targetNamespace: flux-system - sourceRef: - kind: GitRepository - name: root-self - path: "." - prune: false - timeout: 1m -{{- end }} diff --git a/system/charts/root/values.yaml b/system/charts/root/values.yaml deleted file mode 100644 index 51850fa..0000000 --- a/system/charts/root/values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -url: https://git.badhouseplants.net/giantswarm/cluster-example.git -branch: main -self: - url: git@git.badhouseplants.net:giantswarm/root-config.git - branch: master diff --git a/system/helmfile.yaml b/system/helmfile.yaml deleted file mode 100644 index 7cc46e6..0000000 --- a/system/helmfile.yaml +++ /dev/null @@ -1,51 +0,0 @@ -repositories: - - name: projectcalico - url: https://docs.tigera.io/calico/charts - - name: coredns - url: https://coredns.github.io/helm - - name: flannel - url: https://flannel-io.github.io/flannel/ - - name: cilium - url: https://helm.cilium.io/ - - name: hcloud - url: https://charts.hetzner.cloud - -releases: - - name: namespaces - chart: ./charts/namespaces/chart - namespace: kube-public - createNamespace: false - values: - - ./values/namespaces.yaml - - - name: hccm - chart: hcloud/hcloud-cloud-controller-manager - needs: - - kube-public/namespaces - namespace: kube-system - version: 1.19.0 - installed: false - createNamespace: false - values: - - ./values/hcloud.yaml - - - name: coredns - needs: - - kube-public/namespaces - chart: coredns/coredns - installed: true - version: 1.29.0 - namespace: kube-system - values: - - ./values/coredns.yaml - - - name: cilium - chart: cilium/cilium - version: 1.14.6 - installed: true - createNamespace: false - namespace: kube-system - needs: - - kube-public/namespaces - values: - - ./values/cilium.yaml diff --git a/system/values/calico.yaml b/system/values/calico.yaml deleted file mode 100644 index b47e04e..0000000 --- a/system/values/calico.yaml +++ /dev/null @@ -1,12 +0,0 @@ -installation: - enabled: true - spec: - calicoNetwork: - bgp: Enabled - nodeAddressAutodetectionV4: - interface: ens11 - ipPools: - - cidr: 10.50.0.0/16 - encapsulation: VXLANCrossSubnet - natOutgoing: Enabled - nodeSelector: all() diff --git a/system/values/cilium.yaml b/system/values/cilium.yaml deleted file mode 100644 index 6eae22c..0000000 --- a/system/values/cilium.yaml +++ /dev/null @@ -1,10 +0,0 @@ -operator: - replicas: 1 -endpointRoutes: - # -- Enable use of per endpoint routes instead of routing via - # the cilium_host interface. - enabled: true -ipam: - ciliumNodeUpdateRate: "15s" - operator: - clusterPoolIPv4PodCIDRList: ["10.244.0.0/16"] diff --git a/system/values/coredns.yaml b/system/values/coredns.yaml deleted file mode 100644 index 04d2b02..0000000 --- a/system/values/coredns.yaml +++ /dev/null @@ -1,32 +0,0 @@ -service: - clusterIP: 10.43.0.10 - -servers: - - zones: - - zone: . - port: 53 - plugins: - - name: errors - # Serves a /health endpoint on :8080, required for livenessProbe - - name: health - configBlock: |- - lameduck 5s - # Serves a /ready endpoint on :8181, required for readinessProbe - - name: ready - # Required to query kubernetes API for data - - name: kubernetes - parameters: cluster.local in-addr.arpa ip6.arpa - configBlock: |- - pods insecure - fallthrough in-addr.arpa ip6.arpa - ttl 30 - # Serves a /metrics endpoint on :9153, required for serviceMonitor - - name: prometheus - parameters: 0.0.0.0:9153 - - name: forward - parameters: . 1.1.1.1 1.0.0.1 - - name: cache - parameters: 30 - - name: loop - - name: reload - - name: loadbalance diff --git a/system/values/namespaces.yaml b/system/values/namespaces.yaml deleted file mode 100644 index 838f30b..0000000 --- a/system/values/namespaces.yaml +++ /dev/null @@ -1,23 +0,0 @@ -namespaces: - - name: longhorn-system - - name: cert-manager - - name: minio-service - - name: metallb-system - - name: reflector-system - - name: drone-service - - name: argo-system - - name: nrodionov-application - - name: minecraft-application - - name: gitea-service - - name: funkwhale-application - - name: monitoring-system - - name: bitwarden-application - - name: database-service - - name: mail-service - - name: istio-system - - name: vaultwarden-application - - name: woodpecker-ci - - name: openvpn-service - - name: tandoor-application - - name: badhouseplants-main - - name: mailu-application diff --git a/system/values/values.cilium.yaml b/system/values/values.cilium.yaml deleted file mode 100644 index 6eae22c..0000000 --- a/system/values/values.cilium.yaml +++ /dev/null @@ -1,10 +0,0 @@ -operator: - replicas: 1 -endpointRoutes: - # -- Enable use of per endpoint routes instead of routing via - # the cilium_host interface. - enabled: true -ipam: - ciliumNodeUpdateRate: "15s" - operator: - clusterPoolIPv4PodCIDRList: ["10.244.0.0/16"] diff --git a/system/values/values.coredns.yaml b/system/values/values.coredns.yaml deleted file mode 100644 index 04d2b02..0000000 --- a/system/values/values.coredns.yaml +++ /dev/null @@ -1,32 +0,0 @@ -service: - clusterIP: 10.43.0.10 - -servers: - - zones: - - zone: . - port: 53 - plugins: - - name: errors - # Serves a /health endpoint on :8080, required for livenessProbe - - name: health - configBlock: |- - lameduck 5s - # Serves a /ready endpoint on :8181, required for readinessProbe - - name: ready - # Required to query kubernetes API for data - - name: kubernetes - parameters: cluster.local in-addr.arpa ip6.arpa - configBlock: |- - pods insecure - fallthrough in-addr.arpa ip6.arpa - ttl 30 - # Serves a /metrics endpoint on :9153, required for serviceMonitor - - name: prometheus - parameters: 0.0.0.0:9153 - - name: forward - parameters: . 1.1.1.1 1.0.0.1 - - name: cache - parameters: 30 - - name: loop - - name: reload - - name: loadbalance diff --git a/system/values/values.namespaces.yaml b/system/values/values.namespaces.yaml deleted file mode 100644 index 838f30b..0000000 --- a/system/values/values.namespaces.yaml +++ /dev/null @@ -1,23 +0,0 @@ -namespaces: - - name: longhorn-system - - name: cert-manager - - name: minio-service - - name: metallb-system - - name: reflector-system - - name: drone-service - - name: argo-system - - name: nrodionov-application - - name: minecraft-application - - name: gitea-service - - name: funkwhale-application - - name: monitoring-system - - name: bitwarden-application - - name: database-service - - name: mail-service - - name: istio-system - - name: vaultwarden-application - - name: woodpecker-ci - - name: openvpn-service - - name: tandoor-application - - name: badhouseplants-main - - name: mailu-application diff --git a/templates/crd-hook.yaml b/templates/crd-hook.yaml deleted file mode 100644 index db6365f..0000000 --- a/templates/crd-hook.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -templates: - crd-management-hook: - hooks: - - events: ["preapply"] - showlogs: true - command: "sh" - args: - - -c - - | - helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl replace -f - \ - || helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl create -f - \ - || true - - events: ["prepare"] - showlogs: true - command: "sh" - args: - - -c - - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl diff -f - || true" - - events: ["postuninstall"] - showlogs: true - command: "sh" - args: - - -c - - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true" diff --git a/templates/extensions.yaml b/templates/extensions.yaml deleted file mode 100644 index 86903c3..0000000 --- a/templates/extensions.yaml +++ /dev/null @@ -1,56 +0,0 @@ -templates: - # ---------------------------- - # -- Extensions - # ---------------------------- - ext-istio-gateway: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: istio-gateway - values: - - '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml' - - ext-istio-resource: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: istio - values: - - '{{ requiredEnv "PWD" }}/common/values.istio.yaml' - ext-certificate: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: certificate - values: - - '{{ requiredEnv "PWD" }}/common/values.certificate.yaml' - ext-metallb: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: metallb - values: - - '{{ requiredEnv "PWD" }}/common/values.metallb.yaml' - service-monitor: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: service-monitor - values: - - '{{ requiredEnv "PWD" }}/common/values.service-monitor.yaml' - namespace: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: ns - inherit: - - template: default-common-values - - template: default-env-values - - ext-database: - dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: ext-database - values: - - '{{ requiredEnv "PWD" }}/common/values.database.yaml'