Refactor everything a bit

2024-09-11 23:19:35 +02:00 · 2024-09-11 23:19:35 +02:00 · 23ea38ea69
commit 23ea38ea69
parent c8c35df257
14 changed files with 55 additions and 106 deletions
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -0,0 +1,15 @@
 repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.6.0 # Use the ref you want to point at
    hooks:
      - id: trailing-whitespace
  - repo: https://github.com/google/yamlfmt
    rev: v0.13.0
    hooks:
      - id: yamlfmt
  - repo: local
    hooks:
      - id: check-sops-secrets
        name: check-sops-secrets
        entry: ./scripts/sops_check.sh
        language: script
--- a/common/templates.yaml
+++ b/common/templates.yaml
@ -10,33 +10,33 @@ templates:
        args:
          - -c
          - |
-            helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl replace -f  - \
+            helm show crds {{ `{{ .Release.Chart }}` }} --version {{ `{{ .Release.Version }}` }} | kubectl replace -f  - \
-            || helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl create -f  - \
+            || helm show crds {{ `{{ .Release.Chart }}` }} --version {{ `{{ .Release.Version }}` }} | kubectl create -f  - \
            || true
      - events: ["prepare"]
        showlogs: true
        command: "sh"
        args:
          - -c
-          - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl diff -f - || true"
+          - "helm show crds {{ `{{ .Release.Chart }}` }} --version {{ `{{ .Release.Version }}` }} | kubectl diff -f - || true"
      - events: ["postuninstall"]
        showlogs: true
        command: "sh"
        args:
          - -c
-          - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true"
+          - "helm show crds {{ `{{ .Release.Chart }}` }} --version {{ `{{ .Release.Version }}` }} | kubectl delete -f - || true"
  # ----------------------------
  # -- Configs
  # ----------------------------
  default-common-values:
    values:
-      - '{{ requiredEnv "PWD" }}/values/common/values.{{ .Release.Name }}.yaml'
+      - '{{ requiredEnv "PWD" }}/values/common/values.{{ `{{ .Release.Name }}` }}.yaml'
  default-env-values:
    values:
-      - '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/values.{{ .Release.Name }}.yaml'
+      - '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/values.{{ `{{ .Release.Name }}` }}.yaml'
  default-env-secrets:
    secrets:
-      - '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/secrets.{{ .Release.Name }}.yaml'
+      - '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/secrets.{{ `{{ .Release.Name }}` }}.yaml'
  # ----------------------------
  # -- Extensions
  # ----------------------------
@ -47,7 +47,6 @@ templates:
        alias: istio-gateway
    values:
      - '{{ requiredEnv "PWD" }}/values/common/values.istio-gateway.yaml'
  ext-tcp-routes:
    dependencies:
      - chart: bedag/raw
@ -55,7 +54,6 @@ templates:
        alias: traefik
    values:
      - '{{ requiredEnv "PWD" }}/values/common/values.tcp-route.yaml'
  ext-istio-resource:
    dependencies:
      - chart: bedag/raw
@ -63,7 +61,6 @@ templates:
        alias: istio
    values:
      - '{{ requiredEnv "PWD" }}/values/common/values.istio.yaml'
  ext-certificate:
    dependencies:
      - chart: bedag/raw
@ -93,7 +90,6 @@ templates:
    inherit:
      - template: default-values/common-values
      - template: default-env-values
  ext-database:
    dependencies:
      - chart: bedag/raw
@ -101,7 +97,6 @@ templates:
        alias: ext-database
    values:
      - '{{ requiredEnv "PWD" }}/values/common/values.database.yaml'
  ext-secret:
    dependencies:
      - chart: bedag/raw
--- a/helmfile.yaml
+++ b/helmfile.yaml
@ -1,6 +1,6 @@
 bases:
  - ./common/environments.yaml
-
+  - ./common/templates.yaml
 helmfiles:
  - ./installations/system/
  - ./installations/storage/
@ -10,4 +10,3 @@ helmfiles:
  - ./installations/monitoring/
  - ./installations/applications/
  - ./installations/games/
  - ./installations/development/
--- a/installations/applications/helmfile.yaml
+++ b/installations/applications/helmfile.yaml
@ -1,8 +1,6 @@
 {{ readFile "../../common/templates.yaml" }}
 bases:
  - ../../common/environments.yaml
-
+  - ../../common/templates.yaml
 repositories:
  - name: softplayer-oci
    url: zot.badhouseplants.net/softplayer/helm
@ -31,9 +29,7 @@ repositories:
    oci: true
  - name: robjuz
    url: https://robjuz.github.io/helm-charts/
 releases:
  - name: funkwhale
    chart: ananace-charts/funkwhale
    namespace: applications
@ -42,7 +38,6 @@ releases:
      - template: default-env-values
      - template: default-env-secrets
      - template: ext-database
  - name: gitea
    chart: gitea/gitea
    version: 10.4.0
@ -52,7 +47,6 @@ releases:
      - template: default-env-secrets
      - template: ext-database
      - template: ext-tcp-routes
  - name: minio
    chart: minio-standalone/minio
    version: 5.2.0
@ -60,7 +54,6 @@ releases:
    inherit:
      - template: default-env-values
      - template: default-env-secrets
  - name: nrodionov
    chart: bitnami/wordpress
    version: 23.1.7
@ -70,7 +63,6 @@ releases:
      - template: default-env-values
      - template: default-env-secrets
      - template: ext-database
  - name: openvpn
    chart: allangers-charts/openvpn
    version: 0.0.1
@ -78,7 +70,6 @@ releases:
    inherit:
      - template: default-env-values
      - template: ext-tcp-routes
  - name: vaultwarden
    chart: allangers-charts/vaultwarden
    version: 2.2.0
@ -87,7 +78,6 @@ releases:
      - template: default-env-values
      - template: default-env-secrets
      - template: ext-database
  - name: stalwart
    chart: allangers-charts/stalwart
    version: 0.2.0
@ -95,7 +85,6 @@ releases:
    inherit:
      - template: default-env-values
      - template: ext-tcp-routes
  #- name: vaultwardentest
  #  chart: allangers-charts/vaultwarden
  #  version: 2.1.0
@ -103,7 +92,6 @@ releases:
  #  inherit:
  #    - template: default-env-values
  #    - template: default-env-secrets
  - name: shadowsocks-libev
    chart: allangers-charts/shadowsocks-libev
    namespace: applications
@ -112,14 +100,12 @@ releases:
      - template: default-env-secrets
      - template: default-env-values
      - template: ext-tcp-routes
  - name: navidrome
    chart: allangers-charts/navidrome
    namespace: applications
    version: 0.1.0
    inherit:
      - template: default-env-values
  - name: grafana
    chart: grafana/grafana
    namespace: applications
@ -128,4 +114,3 @@ releases:
    inherit:
      - template: default-env-values
      - template: default-env-secrets
--- a/installations/databases/helmfile.yaml
+++ b/installations/databases/helmfile.yaml
@ -1,14 +1,11 @@
 {{ readFile "../../common/templates.yaml" }}
 bases:
  - ../../common/environments.yaml
-
+  - ../../common/templates.yaml
 repositories:
  - name: bitnami
    url: https://charts.bitnami.com/bitnami
  - name: bedag
    url: https://bedag.github.io/helm-charts/
 releases:
  - name: mariadb
    chart: bitnami/mariadb
@ -18,7 +15,6 @@ releases:
    inherit:
      - template: default-env-values
      - template: default-env-secrets
  - name: redis
    chart: bitnami/redis
    namespace: databases
@ -26,7 +22,6 @@ releases:
    inherit:
      - template: default-env-values
      - template: default-env-secrets
  - name: postgres16
    labels:
      bundle: postgres
@ -36,7 +31,6 @@ releases:
    inherit:
      - template: default-env-values
      - template: default-env-secrets
  - name: postgres16-gitea
    labels:
      bundle: postgres
--- a/installations/development/helmfile.yaml
+++ b/installations/development/helmfile.yaml
@ -1,12 +1,9 @@
 {{ readFile "../../common/templates.yaml" }}
 bases:
  - ../../common/environments.yaml
-
+  - ../../common/templates.yaml
 repositories:
  - name: argo
    url: https://argoproj.github.io/argo-helm
 releases:
  - name: badhouseplants
    namespace: platform
--- a/installations/games/helmfile.yaml
+++ b/installations/games/helmfile.yaml
@ -1,15 +1,11 @@
 ---
 {{ readFile "../../common/templates.yaml" }}
 bases:
  - ../../common/environments.yaml
-  
+  - ../../common/templates.yaml
 repositories:
  - name: bedag
    url: https://bedag.github.io/helm-charts/
  - name: minecraft
    url: https://itzg.github.io/minecraft-server-charts/
 releases:
  - name: minecraft
    chart: minecraft/minecraft
--- a/installations/monitoring/helmfile.yaml
+++ b/installations/monitoring/helmfile.yaml
@ -1,15 +1,11 @@
 {{ readFile "../../common/templates.yaml" }}
 bases:
  - ../../common/environments.yaml
-
+  - ../../common/templates.yaml
 repositories:
  - name: bedag
    url: https://bedag.github.io/helm-charts/
  - name: prometheus-community
    url: https://prometheus-community.github.io/helm-charts
 releases:
  - name: prometheus
    chart: prometheus-community/kube-prometheus-stack
--- a/installations/pipelines/helmfile.yaml
+++ b/installations/pipelines/helmfile.yaml
@ -1,8 +1,6 @@
 {{ readFile "../../common/templates.yaml" }}
 bases:
  - ../../common/environments.yaml
-
+  - ../../common/templates.yaml
 repositories:
  - name: woodpecker
    url: https://woodpecker-ci.org
@ -10,7 +8,6 @@ repositories:
    url: https://docs.renovatebot.com/helm-charts
  - name: bedag
    url: https://bedag.github.io/helm-charts/
 releases:
  - name: woodpecker-ci
    chart: woodpecker/woodpecker
@ -20,7 +17,6 @@ releases:
      - template: ext-database
      - template: default-env-values
      - template: default-env-secrets
  - name: renovate
    chart: renovate/renovate
    namespace: pipelines
@ -28,4 +24,3 @@ releases:
    inherit:
      - template: default-env-values
      - template: default-env-secrets
--- a/installations/platform/helmfile.yaml
+++ b/installations/platform/helmfile.yaml
@ -1,8 +1,6 @@
 {{ readFile "../../common/templates.yaml" }}
 bases:
  - ../../common/environments.yaml
-
+  - ../../common/templates.yaml
 repositories:
  - name: argo
    url: https://argoproj.github.io/argo-helm
@ -22,7 +20,6 @@ repositories:
    url: https://charts.crossplane.io/stable
  - name: goauthentik
    url: https://charts.goauthentik.io/
 releases:
  - name: argocd
    chart: argo/argo-cd
@ -33,20 +30,17 @@ releases:
    inherit:
      - template: default-env-values
      - template: default-env-secrets
  - name: flux
    chart: fluxcd-community/flux2
    namespace: platform
    condition: workload.enabled
    version: 2.13.0
    installed: false
  - name: db-operator
    namespace: platform
    chart: db-operator/db-operator
    condition: workload.enabled
    version: 1.29.0
  - name: db-instances
    chart: db-operator/db-instances
    namespace: platform
@ -57,7 +51,6 @@ releases:
    inherit:
      - template: default-env-values
      - template: default-env-secrets
  - name: zot
    chart: zot/zot
    version: 0.1.60
@ -68,7 +61,6 @@ releases:
    inherit:
      - template: default-env-values
      - template: default-env-secrets
  - name: minio
    chart: minio-standalone/minio
    version: 5.2.0
@ -77,7 +69,6 @@ releases:
    inherit:
      - template: default-env-values
      - template: default-env-secrets
  - name: minio-operator
    chart: minio/operator
    version: 6.0.3
@ -86,7 +77,6 @@ releases:
    condition: workload.enabled
    inherit:
      - template: default-env-values
  - name: minio-tenant
    chart: minio/tenant
    version: 6.0.3
@ -97,17 +87,16 @@ releases:
      - platform/minio-operator
    inherit:
      - template: default-env-values
  #     - template: default-env-secrets
  - name: crossplane
    #     - template: default-env-secrets
    chart: crossplane-stable/crossplane
    version: 1.17.0
    namespace: platform
    condition: workload.enabled
-    installed: false
+    installed: true
    inherit:
      - template: default-env-values
  - name: authentik
    chart: goauthentik/authentik
    version: 2024.8.1
--- a/installations/storage/helmfile.yaml
+++ b/installations/storage/helmfile.yaml
@ -1,14 +1,11 @@
 {{ readFile "../../common/templates.yaml" }}
 bases:
  - ../../common/environments.yaml
-
+  - ../../common/templates.yaml
 repositories:
  - name: longhorn
    url: https://charts.longhorn.io
  - name: rook-release
    url: https://charts.rook.io/release
 releases:
  - name: rook-ceph
    chart: rook-release/rook-ceph
@ -17,7 +14,6 @@ releases:
    version: v1.14.6
    inherit:
      - template: default-env-values
  - name: rook-ceph-cluster
    chart: rook-release/rook-ceph-cluster
    installed: true
@ -27,7 +23,6 @@ releases:
      - rook-ceph/rook-ceph
    inherit:
      - template: default-env-values
  - name: longhorn
    chart: longhorn/longhorn
    namespace: longhorn-system
@ -37,4 +32,3 @@ releases:
      - template: default-env-values
      - template: default-env-secrets
      - template: ext-secret
--- a/installations/system/helmfile.yaml
+++ b/installations/system/helmfile.yaml
@ -1,8 +1,6 @@
 {{ readFile "../../common/templates.yaml" }}
 bases:
  - ../../common/environments.yaml
-
+  - ../../common/templates.yaml
 repositories:
  - name: metrics-server
    url: https://kubernetes-sigs.github.io/metrics-server/
@ -24,7 +22,6 @@ repositories:
    url: https://piraeus.io/helm-charts/
  - name: vmware-tanzu
    url: https://vmware-tanzu.github.io/helm-charts/
 releases:
  - name: namespaces
    chart: '{{ requiredEnv "PWD" }}/charts/namespaces/chart'
@ -32,7 +29,6 @@ releases:
    createNamespace: false
    inherit:
      - template: default-env-values
  - name: roles
    chart: '{{ requiredEnv "PWD" }}/charts/roles'
    namespace: kube-public
@ -41,14 +37,12 @@ releases:
      - kube-public/namespaces
    inherit:
      - template: default-env-values
  - name: coredns
    chart: coredns/coredns
    version: 1.32.0
    namespace: kube-system
    inherit:
      - template: default-env-values
  - name: snapshot-controller
    chart: piraeus-charts/snapshot-controller
    installed: true
@ -59,7 +53,6 @@ releases:
      - kube-system/cilium
    inherit:
      - template: crd-management-hook
  - name: cilium
    chart: cilium/cilium
    version: 1.16.1
@ -68,7 +61,6 @@ releases:
      - kube-system/coredns
    inherit:
      - template: default-env-values
  - name: cert-manager
    chart: jetstack/cert-manager
    version: 1.15.3
@ -77,7 +69,6 @@ releases:
      - kube-system/cilium
    inherit:
      - template: default-env-values
  - name: issuer
    chart: '{{ requiredEnv "PWD" }}/charts/issuer'
    namespace: kube-public
@ -85,7 +76,6 @@ releases:
      - kube-system/cert-manager
    inherit:
      - template: default-env-values
  - name: metrics-server
    chart: metrics-server/metrics-server
    version: 3.12.1
@ -94,7 +84,6 @@ releases:
      - kube-system/cilium
    inherit:
      - template: default-common-values
  - name: metallb
    chart: metallb/metallb
    namespace: kube-system
@ -103,7 +92,6 @@ releases:
      - kube-system/cilium
    inherit:
      - template: default-env-values
  - name: metallb-resources
    chart: bedag/raw
    version: 2.0.0
@ -113,7 +101,6 @@ releases:
    inherit:
      - template: ext-metallb
      - template: default-env-values
  - name: traefik
    chart: traefik/traefik
    version: 31.0.0
@ -122,7 +109,6 @@ releases:
      - kube-system/cilium
    inherit:
      - template: default-env-values
  - name: velero
    chart: vmware-tanzu/velero
    namespace: kube-system
--- a/scripts/sops_check.sh
+++ b/scripts/sops_check.sh
@ -0,0 +1,8 @@
 #!/usr/bin/env bash
 set -e
 for secrets in $(find . -type 'f' -name 'secrets.*');
    do sops filestatus $secrets;
 done | grep false && \
 echo "There are unencrypted secrets in the repo" && exit 1 || \
 exit 0
--- a/values/badhouseplants/values.crossplane.yaml
+++ b/values/badhouseplants/values.crossplane.yaml
@ -1,3 +1,3 @@
 provider:
-  packages: []
+  packages:
-    #- xpkg.upbound.io/upbound/provider-terraform:v0.17.0
+    - xpkg.upbound.io/crossplane-contrib/provider-kubernetes:v0.13.0