From 232b922270649b774a0ac1e8aa8930b406fbc18f Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 2 Aug 2024 16:02:51 +0200 Subject: [PATCH] Update configs --- installations/applications/helmfile.yaml | 9 ++-- values/badhouseplants/secrets.gitea.yaml | 52 +++++++++---------- values/badhouseplants/secrets.minio.yaml | 40 +++++++------- values/badhouseplants/values.gitea.yaml | 14 ++--- .../values.rook-ceph-cluster.yaml | 8 +-- values/badhouseplants/values.vaultwarden.yaml | 30 ++--------- 6 files changed, 68 insertions(+), 85 deletions(-) diff --git a/installations/applications/helmfile.yaml b/installations/applications/helmfile.yaml index 5c753d2..0d76026 100644 --- a/installations/applications/helmfile.yaml +++ b/installations/applications/helmfile.yaml @@ -25,6 +25,9 @@ repositories: url: https://grafana.github.io/helm-charts - name: bitnami url: https://charts.bitnami.com/bitnami + - name: allangers-charts + url: ghcr.io/allanger/allangers-charts + oci: true releases: - name: authentik @@ -46,10 +49,10 @@ releases: - template: default-env-secrets - template: ext-database - - name: gitea-archived + - name: gitea chart: gitea/gitea version: 10.4.0 - namespace: archive + namespace: applications inherit: - template: default-env-values - template: default-env-secrets @@ -93,7 +96,7 @@ releases: - template: ext-tcp-routes - name: vaultwarden - chart: softplayer-oci/vaultwarden + chart: allangers-charts/vaultwarden version: 2.1.0 namespace: applications inherit: diff --git a/values/badhouseplants/secrets.gitea.yaml b/values/badhouseplants/secrets.gitea.yaml index 035c88c..0faea64 100644 --- a/values/badhouseplants/secrets.gitea.yaml +++ b/values/badhouseplants/secrets.gitea.yaml @@ -1,31 +1,31 @@ gitea: admin: - username: ENC[AES256_GCM,data:jWOKYLR8wEY=,iv:obfaa7iVArqZsfXI9glfNVhnEzNPnoPvA9WZrqzURd8=,tag:ZQykUfckAD6CcRsAxYLfww==,type:str] - password: ENC[AES256_GCM,data:ckwTYUA05SSl+3KD9G/XtQW+nnM=,iv:reeJTq7vWcfjggl9X+/t0yYzaz7xuiZLZM0xW7zlfcI=,tag:x0Dtf3ea53+1c0jhn2C5zw==,type:str] + username: ENC[AES256_GCM,data:Scgn1nXvL1g=,iv:DGYrBNQ8zt02tyn3EADSTIWlT/kKhlQjr5y4L/uP3+g=,tag:Fj3O43JB71mH00pif9RTtA==,type:str] + password: ENC[AES256_GCM,data:dfYWkz76I+YUsE0vf9ltrkE3Ghk=,iv:TDo+NEdOabFu9GNR8W1s7RuLbXFoqF6sf1XxqZd/hbs=,tag:duToLQzOOhLZgncxoMamPA==,type:str] config: mailer: - PASSWD: ENC[AES256_GCM,data:ZXMbptf1Tn8QVf9H6gLuLIpI+gs=,iv:QsHjgoEWy4mEf/NNBnuPFpXBFHoACn8pfQmbF1wI2ZM=,tag:/T6PGia+mkzmcUkWANO25w==,type:str] + PASSWD: ENC[AES256_GCM,data:LVJZ5lr/PPaW03FW5a1ky+7HRJA=,iv:GvE9sagN+QKqft4UWxJ3GYHxhzZTwaa79dolpIiR228=,tag:DM7+eYb8JRDdlEgQuUHmyA==,type:str] database: - PASSWD: ENC[AES256_GCM,data:mfMbZf7Kbn+5gwLi2JGMt6otMlQ=,iv:r2H7aSJKraBoDydV6N29hsRiH6bLUM0aJHPmo3dbSP4=,tag:WwBHKRYdJIv6IGQehO2yEg==,type:str] + PASSWD: ENC[AES256_GCM,data:q2WKX4NcyT5YzPGpnuibw7Hz/IE=,iv:nqXKXP435t71wQzdB31BqkmNE6wIwsqt+atolNYP5X8=,tag:jAJxjZBF86mqEtUzvGNiLw==,type:str] session: - PROVIDER_CONFIG: ENC[AES256_GCM,data:YexjXlIj5mtwhv5HD2rmpzo3hqIXpZkyPk0njFYe3tceDV2uclpLCmIrZOumwo4TdWtIZ5Axs336vXtFvi4LFSyyrzSnqSPNxC1aNHwmj4keMY1qvPG0qRCoS7Q7JcCak41gRopbx+RLn7BENZ6s0e19u5PXLDSB,iv:pkY0LBpXhnSr40YoZpklytGWmKe7CdsgPpQySXfON5g=,tag:96UXoPksLxE+mJzyjzjqEA==,type:str] + PROVIDER_CONFIG: ENC[AES256_GCM,data:7noPsBvlc50ticLKsZWMyJxoGFHDRoau0qJW8CMAgj9v6tDUd9/WSYofq+o7ZNLYBRy8zDTZNbZPMuLuQiMUD+RhmtlT9yswqMZxYaXBA0RIqaYWIjkf/rpaZ9GfMUBGCsEacRcLSNGNy3VzotaQ55RXwYBTAD/I,iv:qNDaAlowf1AxhvnopdYbK4zGxMvXrzgzNOYCRtDz83I=,tag:n7mTpm2WPXp0LnbXeg/9fA==,type:str] cache: - HOST: ENC[AES256_GCM,data:C4GD2Nbb9Yi7TTKvipoPW3wM7e9BvQziBqweB/AUTq78pk20c2QoirNDETqcGaA002Phr8SwttdljnjVhCMr/w+Np/XkNy2rSB00A6R8t5/gDDoxUE92R2RLFIRB3Ao4UwKdL2X/YvzX1xDq/WC/i7VmvPTnLbas,iv:NMTgSxxvrut/Pxi5lZa6mbP/eOMt6rk2leFJESl5SJQ=,tag:bKJ1P6KXdjHC3bFmreD7OA==,type:str] + HOST: ENC[AES256_GCM,data:FGSxLu/1m+lZDATxbnbeLZ4tPznVSa0xfmXC4ozFEZuEx/X7tSRv6LBRnbyRNaH/DFD3LlUgv+hjlzlSa+n/PQ6c5n6V/63wh86OZgWNEbcNjz9VoJ4ZFJyKfVB0eZaSRdpD2DugVMSDPcQ3i5e+8BDoDDceC4rP,iv:fiLfKcGZzPaoqtIHVFWG583BxK4ZQur1GfgmgmNbyR0=,tag:1omKm61vQoqLyJtMRN1gcA==,type:str] queue: - CONN_STR: ENC[AES256_GCM,data:28O5cVRnezFBWnyILjGxLf39SrS7nYNuI0km29qz5Q2qPGwojiLziyTsBb9AUlLZc5nLcGEUIJ5vnXONtw96aOobDwwyLmPE8X/QnpRvjRN4DmAF7LO98AuyTrTXEOSNMp3Dee88F9T9wdwr5ekh1Fb/gBSJpkkt,iv:PP0ZPxBulXce/bIUTuuQgiaOBWNcjMe2V/BgFGJm77Q=,tag:BDteA6nftpa6q6djyhivGg==,type:str] + CONN_STR: ENC[AES256_GCM,data:3pBxv+nxjMH2a5BkQL7qziQOVkkfocihnc1yiksLAcV0IMV3+FaXAFc6HVo7QS00yrH73WaoB/finra0w+5wVGLFRxjTtGDmWZxDQ0C1OZQ1u8KUPypWYoy8cgVSQlZ2ykutrNL9osJ4BmGjLXnHg/ks4JU6dJiT,iv:4leUVw+vsT6DHAOWqUP1axf1sX90e+UtqBr5F2avKIg=,tag:k8z5tSpSYr8HxAEVfnN0bw==,type:str] oauth: - - name: ENC[AES256_GCM,data:DWCdEzwP,iv:fJrSGxRPSljBLSnRRRCjsa3QCa730NGRyKJCVJe8YNE=,tag:vQFTYVUQXPcB3Mx9/qGfVw==,type:str] - provider: ENC[AES256_GCM,data:mSnq2rOw,iv:XC1JS1oqZxbBZoraWemzXWGSnpvn9NTx8OA57HV1B8w=,tag:kPxdj8h8Qk9oGayi3Di7yQ==,type:str] - key: ENC[AES256_GCM,data:ft+Zqnu7oXHxMnMcRFpT934TGL0=,iv:qFj+BT37ZKIH69ikEf1YMwE1LC+dyAW7tBXhY5X6mYY=,tag:+p+3+GX5zakkXyi41H7Iog==,type:str] - secret: ENC[AES256_GCM,data:CSGrxpxfGoKs4wHKl25s37Nenw/0nuagCa6Ed++nE9lnQlZ8G193CQ==,iv:oTOGJmZi/26OvKG5gkrUoFVaJ8erkHfVi44FTy9kb1M=,tag:upHqogYqdVZlUyJT3BG0/g==,type:str] - - name: ENC[AES256_GCM,data:iZ2gRgmkZGcG,iv:N16HI6nVh8euitBKEq4yr3kr2cpLRb12XWKupXGR98A=,tag:L+rWF5wbrwWHhSus1JGP2Q==,type:str] - provider: ENC[AES256_GCM,data:2HlYsjvxnOx1sHuKlw==,iv:aXOjLsl1ZF3NCPpqyGrSM25lX3OLKoRpGzrRW47lGVg=,tag:LzGsYa36wqgch/nw+en6oA==,type:str] - skip_local_2fa: ENC[AES256_GCM,data:QYsYyg==,iv:tZt+yIvuDbFa9BWsoeUvcOpIonlufb9FO7YU59mGkVs=,tag:+2rr0Q7c9XfwjFR7C+ikuA==,type:str] - key: ENC[AES256_GCM,data:4/jJ0cc=,iv:iu8l1dGDIou4ytXhub7YKlIGs8WDEAAjKVbwd81m0Uc=,tag:D2BiWDfubzbK0cJl1Bk/0Q==,type:str] - secret: ENC[AES256_GCM,data:iRRUJl5r7wJQY4SWaSMF2ut2+I37CGPhXOpCkMENNRm6dvFp7YNyiHVQT61PsWnoyWz9lFJMkjCnY98JDjvjWuYCW8O30IEklq/N4KYSgD5TLEWu1OCcPC8A7yMZJSI8rxTLKcevuGJD7ZT8hWl3nZDTkUwTEJy0qREqyhc8caQ=,iv:KOLmK6UddEq9hv938m409ldxVpR8pQLiJwk7Sr0W4mA=,tag:ZDBZwa6ZAQw4qGU9C+Z/xQ==,type:str] - autoDiscoverUrl: ENC[AES256_GCM,data:YxqoKonuM10Fawz8qJiOVILsoJDKuRotf4SHw/Vvw0srWvc26rpwzKoP+kj1u/UFv6pDmnBvrAgYVPGyJt/e4TgmsPDYfH6D0IVngaFLI5KDRll5aIUaAeQ=,iv:4U9CIgObfPwuqi/vxky4pNkL9R4BbStJ3YQ3MBH8LYo=,tag:Ouwcj0tjKu7eykoT3Rnkwg==,type:str] - iconUrl: ENC[AES256_GCM,data:OmHXFvlKnclwjbTc9AXbcMZOb7qW7om7Tgf7b3uHLgOmakuyTq7QhXM3oFQN+T/+J+Cna8MP27coLBDW8TL7RefT1TapSA==,iv:py3p4kh90W6BgAHmI2MIBu92y90M8QhQDmic0pX3m5c=,tag:yqci0Lu7K16/JBlJGkoXng==,type:str] - scopes: ENC[AES256_GCM,data:IvNV7Q+7vPJn7EJZ7Q==,iv:S/aUhW0ASL4yAwe9IaeYdjokHrE+4MViEAGa+5wQlyY=,tag:OxkVQCSfjCQePnJqt+EcNg==,type:str] + - name: ENC[AES256_GCM,data:v9R4twYA,iv:a1aLIjdiix9FQ9RviMRvxVASkMS+FW+lb+2I3E2W6JU=,tag:JFEQxu3asAO/Tklx4i1XVQ==,type:str] + provider: ENC[AES256_GCM,data:yPhVTb0/,iv:z0Sk2Mx6K5XkY+NpNbYW5RY3j+TmLY7nvJE2fYKZaNg=,tag:XQGE4aAm12wch1tgHWQqfA==,type:str] + key: ENC[AES256_GCM,data:tfS04jC0YBMd87a2WNA+X08bKVc=,iv:V7pk5BqrRiwwK3sxmyj9DxLDs+nFtQoGHGB8ub98V9E=,tag:QwEn/T91UPhHSzFEGYVmUA==,type:str] + secret: ENC[AES256_GCM,data:0RJlLTqZvrsSoWxNEse4iF5W0ajaBhr7vJWol33ArZSAmHGrcV1MAA==,iv:WL4h39Qyueas5+iavpI2k1QtF8eVOvLC0fqf910SNpk=,tag:PpNIhXLT3Qs1wdbFcqbIvA==,type:str] + - name: ENC[AES256_GCM,data:P2sLOGJ1Cf+S,iv:aR24am501lEjlzugz9nmT4IC6Zut9qFvs/LqUWGaf9o=,tag:iIR1LULA5Hkq5SdSVIVIwA==,type:str] + provider: ENC[AES256_GCM,data:EA6MCGOnmQgDv9q7Ow==,iv:7pyeOAqqruuyOKVwEqq3mFe+Wnw9jPUyrfo22qCF32g=,tag:D2nqlaQVoJDPpGCK8VbLbQ==,type:str] + skip_local_2fa: ENC[AES256_GCM,data:t5ggwg==,iv:ILi5VFo8+9t23CKyRXjZsCG2Gtx4gwfmxCi+JFKVcBk=,tag:fXmhnhsJOE9lUCNs34eoAQ==,type:str] + key: ENC[AES256_GCM,data:LHpPZ0o=,iv:FefBNYGyzr082UTRmQ4Raz+G+Pc0vKbd00xDf+g7xPg=,tag:UJmxEvT3zJV/1G4aG3Z1Aw==,type:str] + secret: ENC[AES256_GCM,data:AcaKQyQ0XkadGWec/VXuCCy8eXAFdQ4MX0P+IT3pOYzBF8KdcO+6T2+/I0buTr7JZ2u1ooT2KirhlnbA9/emXoADjM8cY8/BX5q3XvzMFG+DvW4GSlaQg2avSvo2mlC5vm9cDAoTa1eAhRzP3QfZ53Krs4naR14vV3iCMbWtmro=,iv:RNS30+WBWNok2rdMMuLZWDYmo7lAKoGlqGyCIpQtLpQ=,tag:zdsRKMOHb9Y6gT1zvSNSUg==,type:str] + autoDiscoverUrl: ENC[AES256_GCM,data:wYmElXWvmsC9JTxPtcvIMKA155jv/x+j8mFaMS0FM4mg/q4+rTQe6OM8xTQDW31QMBz3Kyuydg23haF2sCKp4JHGXnnNSWsKnnoLhgAncFgxaWkKaT7W864=,iv:ifxKWgUNBPaxtC8/B3T7S2fNdbI4IkoTQzXZtnAYcRM=,tag:yKP3rGVmxov3e2USb7JJmA==,type:str] + iconUrl: ENC[AES256_GCM,data:LXmbQF0AHWtBtujM20X/umD3KAVX2VzydBH/FOA53Fb7+dooTHnJVOABYSUzWXBE3voOYYuv9qhZFkRZ1puRVW3BypMbmw==,iv:4dw5YTHmoTL3dGJRAd1crWmsRrX7/R6S8cfkGEjM/sE=,tag:NnALdqtDD6VDUWhOYWDc4A==,type:str] + scopes: ENC[AES256_GCM,data:2mr3Aql5KTJ+TLuZeg==,iv:ThVhNaPexw1go2n9PmxCoYef03rnOAormiCfaF7OjDA=,tag:7t9oo6NANi4Xo4JxIlDi8g==,type:str] sops: kms: [] gcp_kms: [] @@ -35,14 +35,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDeU9sbjV2b0JjcVZsbFUv - OWpSYVhBSlBrR2FOVWlDZnhTRk84YmlpK3hRClBZeTQvclE1VkhkMkltbjMrN3Vk - cko2M2VsNkpNSjhPZExUUTB4enV6WTQKLS0tIHdOV0FidU5wN0ltNTVlNVF6MVJB - ajlnQzNTK3NzcnJZN0FGVmx1VjhQVk0K2m9pzSB9gqIkOLBr/WwnrZfcj5633tFJ - PI+H+aXZwJtKuN4YOw0rlp5Jp4iQ9aD/9TLqYT6xQJbU1nibqCca1w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2WjFONnYzbnBSdUpGS1Vl + WHdXVVVJOGJPNFh0cjZzaU5kajEzRUkzY0RBCk4wUm13dVVPS3NUSDZXNXJJbWtt + NjZCK0t3dVg1UXdjNGZ0V21BME5CNGcKLS0tIDdPZ0ZhR2xDenorMmxvNFREclZq + MkJ6VnJGQ2JMUXBHbHNYR2xrelFJRncK/N0iI7ywBLlKETEwifb32N0o/ht+mruh + r8DezLwaLlR6Zxfpjv0Q+jFCzhD9sLA6Nrxyp2IRPlhUiFl0Nlzb2w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-21T12:10:40Z" - mac: ENC[AES256_GCM,data:JlINn9gcMkhLNbCuOmfrnhB5f2K94KO+8qSOeKf5KjeJFv5AmGP/ssCPVRxko8Mi68l7JueggjTLJUgRRuLr2JdH9lI3URK8Oh63d5iYbn/y0LIPJC//mw/WWrNO15H5tR4dt1vPOzi0KwozvpLt0R8SYYwU+IIF3Ej/kG2KMyk=,iv:ZKsYYVkeCjvPptzH00V2SFKFQ0St/TOnxSAbqWpWWZI=,tag:NSG4lsk+Adglo3R/e8ZceA==,type:str] + lastmodified: "2024-08-02T14:01:55Z" + mac: ENC[AES256_GCM,data:yezUsQvaGdRSgzfZl7Hsg8m0iAQiYAuPpsioxg/edgV4sTsLb96uE1y6muOHnRlMAj8uJWSWcKAt6W5OVQEh6kfhCr0Ya2AtKmRlsTe1OAzGN3d6/kt10TvIuG/tMHVp9a1A5VvZeOyYjf8rSBycI6qXRq4Vrk6hyNpSw87DAaw=,iv:IfCjYAY34W2iUJzHMBRt3YJnlXkSg6w1P4fjuzoOY/w=,tag:fhk2Jl1HO/xmxOkFdP4cZA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/values/badhouseplants/secrets.minio.yaml b/values/badhouseplants/secrets.minio.yaml index edc3c06..33947be 100644 --- a/values/badhouseplants/secrets.minio.yaml +++ b/values/badhouseplants/secrets.minio.yaml @@ -1,18 +1,18 @@ -rootPassword: ENC[AES256_GCM,data:Oo5/PfJwB0AEnrpuUeckcAlzbRA=,iv:3NRzi8zvELULy1swZckc0LGtY/TNxmVLT1a382cHHCI=,tag:PTBRor4RP0oTDPm2zshz8w==,type:str] +rootPassword: ENC[AES256_GCM,data:xRKU4TSiXrxO24ngzxv9WXMT+Zk=,iv:IjhFM4bqeuBQK7f5qdoVi1d09JkaGXBxw6sQ0UluQdI=,tag:6UNdCNDP7m/NHciYNcM0FQ==,type:str] users: - - accessKey: ENC[AES256_GCM,data:ibVq8IGPYcA=,iv:UfKKJjWfPz25wcqDy+Ylwf3RU8ILDXXKGW4g8RrGr10=,tag:W4e+W+yYzCawbJJd9QkBpg==,type:str] - secretKey: ENC[AES256_GCM,data:Y+T302cB11+ETPqK+DrlyxQLvA==,iv:axTN9/NKUd+/cOmaxjcyXKrDsdDAvceFEplJ0dx7CX4=,tag:DXyavjkL0/rHMk+aRU+C/Q==,type:str] - policy: ENC[AES256_GCM,data:Yx/vVQPP+zk=,iv:89Ye85k5DQYUNAlMAtafG2dF2nDJ+oKWgs0ZSaUejDU=,tag:AMqm4HRq2+ujTFSNAGSrhw==,type:str] + - accessKey: ENC[AES256_GCM,data:rKj7B4kq7N4=,iv:kw4tXzFM/Ff1qu1oKc5kwUG2cxaF3fMbQ1uvWkKuPFU=,tag:63Ci7t6X7uhoIg68wzZEjw==,type:str] + secretKey: ENC[AES256_GCM,data:GZeM/jGs1tHJMHhD54hibWiHAg==,iv:ddaPxZ5HX/KCuOFB0fGEPWF06xo5f/mct/3qXcrUoU0=,tag:rYlgfRLSLana0/0DD2ixhg==,type:str] + policy: ENC[AES256_GCM,data:y35Cf/1PDD4=,iv:l2HpLgBHH2P15bNiBVAK9KDnGv8qD7m5Fk3ppOLmXsM=,tag:FFRS6rUoiIy9uwbGV+zsJg==,type:str] oidc: - enabled: ENC[AES256_GCM,data:9O/KFw==,iv:GZQu0XFNhJGzMPeW19wzjthjNzPLpMilMfOEM1xZlww=,tag:6+asRMB15NubSSiSOgyFfQ==,type:bool] - configUrl: ENC[AES256_GCM,data:ka+Vs9Nm68MivBaOiWsRgVuoXTLMmvYU3zfBj1mPUxKwyyhE3/3baUrkb+k+29lRyFO0To7AbqXkTaNpENGmt1kgEf/XMN+OR3PSa84AUW5BWnj6sG2uyi4=,iv:+Ro/oVQNElXiiRi15rQMbEFIgaY2pGL+ucj6cPilLUs=,tag://nk5O0WGmLuotU+MIT7Tg==,type:str] - clientId: ENC[AES256_GCM,data:nLWv7as=,iv:RuRmQgRRNqj+Y9zr9Kj3UmJshCFp2elATiPixDN33Xk=,tag:cSH0nKOziWLi0OfOMGTvIA==,type:str] - clientSecret: ENC[AES256_GCM,data:X52lUtR7tmi1FoNoaBCF3G0il+6eWqlmHek6WsOb+lfrItBp6B6oQ6mJHfTduJNFJsTjQgWZek69mQuTB975DGwvqjtTeA8VLhYpkgVDgKFEFvFTwaMpwCJRi7DGR8ZgMtbHZXS9gP5XRldQScih9p8LCiyngjPgl2es4PwUvWo=,iv:W2mFxLwg4leJ61Xs8TKmC8AlN3Zn/C5y09SRUPCVLHk=,tag:4mRNTPTWinzTQBo8tmzmKg==,type:str] - claimName: ENC[AES256_GCM,data:3iUTjRDz,iv:tfdfUdI8rFd7AgHl3bylpyudLGPajAUd5hcUJ9W18dQ=,tag:DSITNrUU8pGuKr7yiMAlOQ==,type:str] - redirectUri: ENC[AES256_GCM,data:us0hp5Q4vfsDh5XrziJNPVlo27Azi8fWwbck4rtDyvzEPRVkjxFi0A6bITpQNoo=,iv:i+ZBQkp6QY8z7RL/3k8b+iVvsi/mzHvNG9W04V8s9ko=,tag:6d9XfSdR1Dqb9OpD3nAtWw==,type:str] - comment: ENC[AES256_GCM,data:w+sQ1MJZmjen7Xm0ywKPmNzbNig=,iv:dV3QrEHtXF19nRN0fbIKbVqnjbXqpZletWOmkZK0CSk=,tag:K+JKywqzBMyCvbk+/UDkow==,type:str] + enabled: ENC[AES256_GCM,data:AULTFg==,iv:bKvMfypv40rmWcOMT24r3C1i2taJmf520sAo1tsl5tg=,tag:vTp1Wjxyxn0bRy6o7GP8Hg==,type:bool] + configUrl: ENC[AES256_GCM,data:WWJo/0V1n9oBfWAnq2k6MXvKEQu1lfXj2dKWyJAdv5AYkXd0CYSYBTSjKeD6WcrJTM3EZmMOdEvlZXoc2GP01uSnHzYlOD44oWK0qyxyiO8fsKbfn8aQIUY=,iv:cuR4u/8QxlYAm7TzHZMOEy6CzPfUiEhBVV7hi5cpfMA=,tag:/nUzcQPVE9BaN+uDLpPEkg==,type:str] + clientId: ENC[AES256_GCM,data:xPzyvDU=,iv:HUKtVXQAyufvqjOlodme2PfVplw3fZo5CboZwj7p7Qw=,tag:oHsHh2U/CyVU1Okz129JqQ==,type:str] + clientSecret: ENC[AES256_GCM,data:jnNQX0BZYaDnCHOhO1fY1bmZbAh5yyjCdSc47CZboku79u5ZkUdZSg8yCHyy9OU2ne6e9fc2bwCzUCAlrxQDqKOn0fF9M3jARmMhFwdTS+cF2EE2jH25+eV6Px0/UFaQ5zEy7nsp225wFrW8NwXn21hGQH5HNqo7Yo7tjzgzgRs=,iv:Tq7XPom4uGuaWtSjZ2aEw5ngyljAZg8qYQp85MrUYEQ=,tag:zuRyqFAI5PPRjRk4DtmRsw==,type:str] + claimName: ENC[AES256_GCM,data:BR6a7Ps4,iv:x219aNeYdfvUUmMh7Vcax/BAWs2jYzi8SFibszJA4bw=,tag:9xnaWC2Ih3eBgf70FqXRZg==,type:str] + redirectUri: ENC[AES256_GCM,data:TS9kOya1UT1DXXZqmB7DfC6l2p4kE2+rl/kTJ2+r6oyKg0pEfz6pRR5WOycDuJU=,iv:2bHQ1bP/YdcPGd4RVLB1SIolKL0yO7aprf0228FBdSY=,tag:vpNAReeyMCTQkjy8AsmV/A==,type:str] + comment: ENC[AES256_GCM,data:pFMsVTLEeHGSpHUBqWcLT6NdFvM=,iv:cecmL3rCVgNFdHl51/OOWj+n0dsAldznhgVflhEuW8E=,tag:u/epLP/ctnqjrzZAZhCSWA==,type:str] claimPrefix: "" - scopes: ENC[AES256_GCM,data:DyWv6iCI1nv0mkLBQHWZ3Ir8YoKfp3AvDBMb,iv:KmtrRhEM7ynj8WeyuXr9WCLJj/hjvzAf6odvFrmBTWI=,tag:xGUcVCg6rbnC/rpLxfpvSg==,type:str] + scopes: ENC[AES256_GCM,data:KMSRU3jsWknn29TmdRUS+gVfLDa+8qQviK5X,iv:xu1Va/LfhfZo1QjTNbSTvI8INmUd4vKE34jSAFMXoWM=,tag:Hz5JPpo71xkCHzRgR5JCaA==,type:str] sops: kms: [] gcp_kms: [] @@ -22,14 +22,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFNjRVZ245ZEZZUThxSDZJ - bUpveURDSlNXUjhXanlOL21oanZlWlZMaFRvCjAzMEEvN2RZcUpMZVJXT0EyRURY - REcxQm55YVVUUHhGd2xsQWtvamNYN2sKLS0tIENIQktKcXJDV3dYM0NXWlMxQmVD - WGpGK0QvSGZXUGluR0xjbHRLWDhrQWsK8y9as6JrUSpHRf/01mD4ZWcc757E5sVY - U0W9/jGZ4+7FjXpEwJxBdTzGZ4VXO6vfeZeES+wTRoh8FnZN0+K7Bw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1cVlEckJ4cWNyYnZxaDVa + ai9NeXpWMzU3a0xEanhyaGNKY2gzd3hVdUM4CmxGQ1B3em1vcUw4czNsejdEbnZz + T3BhR1R3UVVScXNaT1lRRHFTOGhCck0KLS0tIE9VOW1BK1lxVVkzbFp0RzZnb0VR + bElLVkNlOHJpMEkwVnFWUktHOE0vcU0Kc/oFKbItQDM3skgD/Ez4TafwBSoEUKsD + kYYGexUQG1GkdG5HPiABFNQu6zVDSYDjeEPOh5DRzzFvudQmy5NeyQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-09T21:36:38Z" - mac: ENC[AES256_GCM,data:LKhkC0+rIVgf8sp9UjP822GNCUcJaivflKsNv/7v7qazJ4vMv8B/xHx7fLf1bBFk47UneGw21ebjPKaBFxQlaIA/FenT5wsDgbTEg0eppu7W1BAotTGq95EOldRKjCIU2BcmsbDAFNIsPTd8Q5EFkybZHRJGlF/wZne0efx6nQk=,iv:Y4ioUh3zzbtgif3QWTw8Xsa2cDdYN830OdraHc+3JjY=,tag:bUZHrtkpMS382DWpUGwInA==,type:str] + lastmodified: "2024-08-01T15:41:45Z" + mac: ENC[AES256_GCM,data:yO91CR14zwhaNSXKkCUuJt7WqnJVREzh5XoSKX1tJ0+XvAyTGPYL/IxnbgTHwtYB0BgF/srQzV5rCNg6KhmA/T29BLRI5obIvmmLhf6AZe0QCCvrhYRr0SrgIngOgG0hMKIg22f2BKagzi7kSVF5BysdD0EtUeDvLaoa3ckWjRc=,iv:+mY9hZaZUyImWKx8cFX5FlwhMOr3u9ttAdlV3dCij2A=,tag:npJlSBxu1uVUvZ9+YFRrkw==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.0 diff --git a/values/badhouseplants/values.gitea.yaml b/values/badhouseplants/values.gitea.yaml index 3bd24d5..437de6a 100644 --- a/values/badhouseplants/values.gitea.yaml +++ b/values/badhouseplants/values.gitea.yaml @@ -5,7 +5,7 @@ ext-database: enabled: true name: gitea-postgres16 - instance: postgres16-gitea + instance: postgres16 traefik: enabled: true @@ -28,14 +28,14 @@ ingress: cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 traefik.ingress.kubernetes.io/router.entrypoints: web,websecure hosts: - - host: git.badhouseplants.net + - host: gitea.badhouseplants.net paths: - path: / pathType: Prefix tls: - - secretName: gitea-tls-secret + - secretName: gitea.badhouseplants.net hosts: - - git.badhouseplants.net + - gitea.badhouseplants.net replicaCount: 1 clusterDomain: cluster.local @@ -65,7 +65,7 @@ gitea: config: database: DB_TYPE: postgres - HOST: postgres16-gitea-postgresql.databases.svc.cluster.local + HOST: postgres16-postgresql.databases.svc.cluster.local NAME: applications-gitea-postgres16 USER: applications-gitea-postgres16 APP_NAME: Bad Houseplants Gitea @@ -80,8 +80,8 @@ gitea: service: DISABLE_REGISTRATION: false server: - DOMAIN: git.badhouseplants.net - ROOT_URL: https://git.badhouseplants.net + DOMAIN: gitea.badhouseplants.net + ROOT_URL: https://gitea.badhouseplants.net LFS_START_SERVER: true LANDING_PAGE: explore START_SSH_SERVER: true diff --git a/values/badhouseplants/values.rook-ceph-cluster.yaml b/values/badhouseplants/values.rook-ceph-cluster.yaml index decb8a8..edbc269 100644 --- a/values/badhouseplants/values.rook-ceph-cluster.yaml +++ b/values/badhouseplants/values.rook-ceph-cluster.yaml @@ -19,11 +19,11 @@ cephFileSystems: activeStandby: true resources: limits: - cpu: "200m" - memory: "256Mi" + cpu: ~ + memory: "512Mi" requests: - cpu: "50m" - memory: "128Mi" + cpu: "100m" + memory: "512Mi" priorityClassName: system-cluster-critical storageClass: enabled: true diff --git a/values/badhouseplants/values.vaultwarden.yaml b/values/badhouseplants/values.vaultwarden.yaml index bfe57d4..a826421 100644 --- a/values/badhouseplants/values.vaultwarden.yaml +++ b/values/badhouseplants/values.vaultwarden.yaml @@ -1,4 +1,6 @@ --- +shortcuts: + hostname: vault.badhouseplants.net ext-database: enabled: true name: vaultwarden-postgres16 @@ -12,15 +14,13 @@ workload: type: RollingUpdate containers: vaultwarden: + securityContext: {} mounts: storage: data: path: /app/data/ - extraVolumes: - logs: - path: /app/logs envFrom: - - environment + - main - secrets - secretRef: name: vaultwarden-postgres16-creds @@ -35,29 +35,10 @@ ingress: kubernetes.io/ingress.allow-http: "false" kubernetes.io/ingress.global-static-ip-name: "" cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - rules: - - host: vault.badhouseplants.net - http: - paths: - - backend: - service: - name: '{{ include "chart.fullname" $ }}' - port: - number: 8080 - path: / - pathType: Prefix - tls: - - hosts: - - vault.badhouseplants.net - secretName: vault.badhouseplants.net -extraVolumes: - # -- Because by default the fs is read-only, we need to add an emtpy dir volume - logs: - emptyDir: {} storage: {} env: - environment: + main: enabled: true sensitive: false data: @@ -86,4 +67,3 @@ env: ORG_GROUPS_ENABLED: true ORG_EVENTS_ENABLED: true ORG_CREATION_USERS: "" -