badhouseplants/k8s-deployment
4
0
Fork 0
Code Issues 3 Pull Requests 11 Actions Packages Projects Releases Activity

Update a lot of apps

Browse Source
This commit is contained in:
Nikolai Rodionov 2024-07-15 21:12:53 +02:00
parent fdbf3a5c02
commit 2ba73c8db0
No known key found for this signature in database
GPG Key ID: 0AA46A90E25592AD
16 changed files with 531 additions and 248 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

132
installations/applications/helmfile.yaml Normal file
View File

@ -0,0 +1,132 @@
{{ readFile "../../common/templates.yaml" }}
bases:
- ../../common/environments.yaml
repositories:
- name: softplayer-oci
url: registry.badhouseplants.net/softplayer/helm
oci: true
- name: requarks
url: https://charts.js.wiki
- name: goauthentik
url: https://charts.goauthentik.io/
- name: ananace-charts
url: https://ananace.gitlab.io/charts
- name: gitea
url: https://dl.gitea.io/charts/
- name: mailu
url: https://mailu.github.io/helm-charts/
- name: minio
url: https://charts.min.io/
- name: bedag
url: https://bedag.github.io/helm-charts/
releases:
- name: authentik
chart: goauthentik/authentik
version: 2024.6.1
namespace: applications
createNamespace: false
inherit:
- template: default-env-values
- template: default-env-secrets
- template: ext-database
- name: funkwhale
chart: ananace-charts/funkwhale
namespace: applications
version: 2.0.5
inherit:
- template: default-env-values
- template: default-env-secrets
- template: ext-database
- name: gitea
chart: gitea/gitea
version: 10.3.0
namespace: applications
inherit:
- template: default-env-values
- template: default-env-secrets
- template: ext-database
- template: ext-tcp-routes
- name: mailu
chart: mailu/mailu
namespace: applications
version: 2.0.0
inherit:
- template: default-env-values
- template: default-env-secrets
- template: ext-certificate
- template: ext-tcp-routes
- template: ext-database
- name: minio
chart: minio/minio
version: 5.2.0
namespace: applications
inherit:
- template: default-env-values
- template: default-env-secrets
- name: nrodionov
chart: bitnami/wordpress
version: 22.4.20
namespace: applications
inherit:
- template: default-env-values
- template: default-env-secrets
- template: ext-database
- name: openvpn-xor
chart: softplayer-oci/openvpn-xor
version: 1.2.0
namespace: applications
inherit:
- template: default-env-values
- template: ext-tcp-routes
- name: vaultwarden
chart: softplayer-oci/vaultwarden
version: 2.0.0
namespace: applications
inherit:
- template: default-env-values
- template: default-env-secrets
- template: ext-database
- name: vaultwardentest
chart: softplayer-oci/vaultwarden
version: 2.0.0
namespace: applications
inherit:
- template: default-env-values
- template: default-env-secrets
- name: shadowsocks-libev
chart: softplayer-oci/shadowsocks-libev
namespace: applications
version: 0.3.1
inherit:
- template: default-env-secrets
- name: wikijs
chart: requarks/wiki
namespace: applications
installed: false
version: 2.2.21
inherit:
- template: default-env-values
- template: ext-database
- name: mealie
chart: softplayer-oci/mealie
namespace: applications
version: 0.1.0
inherit:
- template: default-env-values
- template: default-env-secrets
- template: ext-database

2
installations/databases/helmfile.yaml
View File

@ -6,6 +6,8 @@ bases:
repositories:
- name: bitnami
url: https://charts.bitnami.com/bitnami
- name: bedag
url: https://bedag.github.io/helm-charts/
releases:
- name: mariadb

2
installations/pipelines/helmfile.yaml
View File

@ -6,6 +6,8 @@ bases:
repositories:
- name: woodpecker
url: https://woodpecker-ci.org
- name: bedag
url: https://bedag.github.io/helm-charts/
releases:
- name: woodpecker-ci

2
installations/platform/helmfile.yaml
View File

@ -10,6 +10,8 @@ repositories:
url: https://db-operator.github.io/charts
- name: zot
url: https://zotregistry.dev/helm-charts/
- name: bedag
url: https://bedag.github.io/helm-charts/
releases:
- name: argocd

2
installations/system/helmfile.yaml
View File

@ -20,6 +20,8 @@ repositories:
url: https://coredns.github.io/helm
- name: cilium
url: https://helm.cilium.io/
- name: bedag
url: https://bedag.github.io/helm-charts/
releases:
- name: namespaces

22
values/badhouseplants/secrets.funkwhale.yaml
View File

@ -1,10 +1,10 @@
djangoSecret: ENC[AES256_GCM,data:Usu+QgI7MLUmU1m3ExE=,iv:wv4i60NCuG13xBPSCZ3NDQI+z5h9ENPVQcZmqUUFvls=,tag:2SPu5TC4sDxXkxVdZ9j11Q==,type:str]
djangoSecret: ENC[AES256_GCM,data:9ZPeukvGT3fQ19ef3Q0=,iv:P4VZY9Ils7CmQ9iDwbo8RmM1niY2xH8xY/BXJMjSp0w=,tag:ipIwKH4nVaGkbhITUZun+A==,type:str]
postgresql:
auth:
password: ENC[AES256_GCM,data:Ly65GeUvKfwKfRakpDZWftzzE11hw6/mQ/rP,iv:DUIGI68MyWF7H56QIjajgP9GRNwdirX4i1lNMP02vXw=,tag:bl0bHFIbMWG2gVns+Fvfiw==,type:str]
password: ENC[AES256_GCM,data:GVVmpA4LRiBe25NxUtyTVFDxq4mTRCfGnLgz39Y=,iv:eCKjnm44xfRCnqyGqo/bSPElItD/atx2NblTTeVuSDE=,tag:B3fkqQUK/wKo80GvPEOV4A==,type:str]
redis:
auth:
password: ENC[AES256_GCM,data:ZLhshhCqRR4ks/UoMIwSbHtwSE4yg5Kv6GvqUvq9,iv:urWADLANGZz/W35grDnaFuvkzFx71fcqWOzpvz/5fR8=,tag:MLUMmSkTSGCntlooOWtR/Q==,type:str]
password: ENC[AES256_GCM,data:2kocp+hA3u/ZQi6OiwrbomeYiNvFtvU1G4poP1P+,iv:StiScUrhNpS2W/57LMHVmy3Grqg1hH95aCGwhr1XlzU=,tag:GdQ+JP4y+kDPe5EBbI5KIA==,type:str]
sops:
kms: []
gcp_kms: []
@ -14,14 +14,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpT21wYkxzTnJpemJSUWty
dm5EYy8rcXVnT1dVSlhjbkgxZkdsdGV1WkFnCk9pNnU5U0FRL1l3NWwyMzc4Q1JG
SVlmRUwwalR2M3NwcjhJTlVTZWFIWXcKLS0tIDBtU1V4YlJxNVN4UVdscGM0RW1Y
ZXFURTlCWnJLNWtjOENSclIxbHZWeWcKPzZZsTcvVWbLCroJZWeI78H8cgoLfxjC
nXtzdPpaENY1k6XULtsMWmh73Yj1Ul0pRvGiYRetRV0LOo+JeLcJ1Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtUWJITHdYVi9BTnlqZnlz
UjIweWZqV3pGcDVTWGZTdVFRYW8wMkZITWx3CmRCZTNYRk1KQUEzUHhMT3R4VkVF
b1BUd0lzRWVFR1RrRjFndnFuYWdOVncKLS0tIHU4UUpCNklsYnA1aVBHMzNVTVBy
dm43N2prYncxMFlIZW95MVdrTG96UFkKZWfR0r5LiQRo8C+lu1E2tX70BdmZ3n5W
bl6s0js6wcGEciwQ4jwxQvfsJrecCQLprUbynuGuQXrCqDIHxHsTiA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-09T09:33:11Z"
mac: ENC[AES256_GCM,data:OCvHNmxwe5pd/xZiwd1LKD/QvzLd7pEQxqhj6xREeq/VQHDapM580DS+BJYEYWRVJUxIJP05E5ZrzYqfmXbynNvY87f1SHNWLVsRTDsKVI5j3ND6mxXH658DcJKfPcJlc3bV8SYX8ATiWI4JIyV43jvhFZ0JFrWLMzPlc2wVdQI=,iv:stgL/nBiCh33GEkBTRvcVyoc8LtX4ZEHgVbsl8x2GII=,tag:grVO5PT8kOlbbF/FfXBPmA==,type:str]
lastmodified: "2024-07-15T04:21:35Z"
mac: ENC[AES256_GCM,data:k06a/0Oh/xqrTo7396RqTDOvpXwor702HIKA99m+lT8aXrNQ1X2S6DZjDqeKdkjAcFfraWgKhc4kAq5kFH9zVq6T56E9VxxhgyQ9GkrX3Q33aehfD++57yWkkhwwYfFOzM5784CW6HHct7QZGPsNSYQO8IM+RJOKkPfa0taPraU=,iv:lsjg5Z0cix1uOC9ghj8Cg/bASB0BQEhnDG82opoW44Q=,tag:Q8xl1i1i4UA2uwnzb6TZIg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
version: 3.9.0

21
values/badhouseplants/secrets.mealie.yaml Normal file
View File

@ -0,0 +1,21 @@
test: ENC[AES256_GCM,data:Z9uAiA==,iv:yRpujiEbPbMSKwwP0MWqUMCNPbi0/XMc/XBVxcxPj7g=,tag:o3mM00BrPHw/CrkudMEJiA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBadlhiWmx1NDdrSWNNOU5J
TTVja25kUXdoY1ozdkVha1dkSFBUL2pTM3dRClYwNU1xVWhnMi9xRDVkcytzVHJ0
bzNRSUNXSEtTTGdzVXBRcnNHcE56cWsKLS0tIENNbDZpOGZTOStDUnczMUhNUzFT
VUFuS21YL0ZRTlJXc3hiaG1BMlJ5VUUK5A5blBgzkWLMGA84SGufQ+dlWn3dQme+
wNnHg8bFT8BStoz8hiJQDS8yAJNed1OToma1sKMxsPZgytn7p2y0rg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-15T04:30:53Z"
mac: ENC[AES256_GCM,data:tKEz7m+YIfBLD2VQXbEPm7JjBi5Oxf9lx+ECiFZiJmWwD0Sh9edSx7sT+sxgGCaPnAB8tKCGnRmgBYL8kxtptiNW9X8Go6L4RnR5WrqKB86D7hdoGJj3clu3NpbicGNvaTKTv46dKgANEL1L/ykNrEkyeAxaXTrZwpScGFSzb3o=,iv:ic33IlLS2fCcMvT7031ndoZ1knYYM/OVEcyrEa2i4Ok=,tag:9KUyUGFl2PzNkHeZJ6Z6Nw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

25
values/badhouseplants/secrets.shadowsocks-libev.yaml Normal file
View File

@ -0,0 +1,25 @@
env:
secrets:
sensitive: ENC[AES256_GCM,data:DAkG0Q==,iv:TBwu9ozIY9hHOtgZD8kXC9zL7jbguCBnB0CCXgNY0BA=,tag:Yxlv4EE9V0D+OsjSQccbsQ==,type:bool]
data:
PASSWORD: ENC[AES256_GCM,data:cgMrKkfKHg06GuNGA1YFyD7RzGg8NK57eAyULtB9f5AYEG2GH642nmmHPCOyUpkItSg=,iv:u1kzkrG9CBXWPYDQa1aasym4dkbxGQoerZYqh4rGVjQ=,tag:QDdQ4+1KX77GGp7lNYCq4g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpRW40RDJkLzBDcXBxTkRN
akhJRGdTUnFPNmZRVEQzcXdjdXFaK1IvRVc0CnJ0MGdrVHA4SzVueWQ3U0lKMHk2
Q0psQ1p5RTdDdEtqZ0EvcWw3RWYvb2cKLS0tIFU5R1VJN1U0ck1QTnp2c0p1bzBZ
aE5DUWh0elFVMVNJN212cG5JV3AzSFUKvMFOpbGIbLtGYldgvrfKbcJO17OPGZoc
TdHaWk2f+HVb29M2D9ovW4ewuxLL/ADNl4rAGMVmpxEAVfxO5XPXlQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-09T18:58:52Z"
mac: ENC[AES256_GCM,data:T1TdR8G2G+aN/tYGzmEGIvkd6cCpGa9wiEZK4g3dR2Qe4eFi9go7h9X81VE3v+HgjwxDfWm4uITNthWgGN7P0hVV6SWwRiG01CnVYDQgRh+tEBKPOFcmq6Tvm5xNGUfv9OeaF1TizIFFDeQ4a/A0qWGR4ZN6HYk2J6lIAccxEmQ=,iv:dz59+TwgL8O94h2rQsSiDY2lRu3dJdNveR4nCQDYzlc=,tag:hLuLZRv63c1oz/cBh0obHg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

23
values/badhouseplants/secrets.vaultwarden.yaml
View File

@ -1,10 +1,13 @@
vaultwarden:
smtp:
username: ENC[AES256_GCM,data:j/y4Wzhb1obnLW9zHYqpM7/Glfd15hDAAn+6,iv:wNQgESf/0zbfcwFWrKgdSKcoCYVUJ3pnQYuMhfeergQ=,tag:/DPHJGrySeH9xZ9gfH7yFg==,type:str]
password:
value: ENC[AES256_GCM,data:lM5RLAEz5K2LqoCEt2KfOgVv+Dg8zDwUKg==,iv:tT/71iljjyCyBxVoAKOZgdC7BHxhQfjH7ECZUGTv8So=,tag:sd2+m7KyoJmEY3l6Qey6yQ==,type:str]
adminToken:
value: ENC[AES256_GCM,data:8+nwPIKqrzIHvfxzVvUx+hh6qz6c8lCTYzJQsbGFx3c/76wzgJZ08TVNRu2VNmlHBOE=,iv:U5Cv0rykPbBql6wu9HFuMIGoLMM40TlDp8MNM5OGzzw=,tag:++lPoZaKQD/RsVm1xZfMRA==,type:str]
env:
secrets:
enabled: ENC[AES256_GCM,data:WG5QPA==,iv:uYf+nTK+RRDlvlskBRAHQuRuFpmv1KoSsUqv/O8fbQQ=,tag:Zr7cDfHHvoaRYeV408QBTw==,type:bool]
sensitive: ENC[AES256_GCM,data:tW/TJQ==,iv:6/MKYxGz3wHQlr0DVMkLDgD+SKosIakEVhCYZV/Ayoo=,tag:QFoOthMocjwcpqEOz30BWg==,type:bool]
data:
SMTP_USERNAME: ENC[AES256_GCM,data:OGnPg84jd3qQz0ZsJZlGW8B/Zux4Es3fVL4u,iv:GiyH+/1dA4TQhgY+LJml+M5Q3y3lS4v+7FNbS0yLZ/Q=,tag:4LXnZ9+mp2y/iM4VF9P+fA==,type:str]
ADMIN_PASSWORD: ENC[AES256_GCM,data:WXm5lWgr0ItwuHCgLJbRajwfUDLUhHDVOXbFHPbfGdb9kfeIzWcY/AfkVTRj3S0Xacc=,iv:kRKKE88pv9J+7RHORwymbDqwTys0uY27GBHfjFqRZXU=,tag:LoUecZzPqCIBdRJNBmoGzA==,type:str]
ADMIN_TOKEN: ENC[AES256_GCM,data:4UQ5sWFwJQ6eM/hBCDZFOufh6df1mCElEfCg6yGHU6e8lyn804Dkw3EfgFuS1JlQTaCY+SFTfGAQLLcylM10t1eaXguKGiAy3fyohGzH4bOUiaAKJtze8w==,iv:Wl3dLjW1MokTZe6HR0gL4YsNjPwLlBCP2/MVQDQ/80g=,tag:Vy+cDXWu/TZs2yy4Gjc9Sw==,type:str]
DATABASE_URL: null
SMTP_PASSWORD: ENC[AES256_GCM,data:F17rTY4wSaW2W3qoZo4yBxv4a9s=,iv:A5ODmOPdG8ydrK6TL24J5S65rwjwMb1oGb5o3U4gagU=,tag:7s7OxKkO/6AO3+Lb0hRDbA==,type:str]
sops:
kms: []
gcp_kms: []
@ -20,8 +23,8 @@ sops:
a2xWUGZpMmovY1Qya05nVXRZVUFDTFEKhF34OSdGZizs1/Rs9qvUOVtomQBvOFbS
hRsK3Orwig4HJdzj1UOZd8UMGwj6Mzhw+aKUJKL67igMwxbxVcaU1Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-30T18:44:39Z"
mac: ENC[AES256_GCM,data:1cpPRtzipDI0/fXlbcbuQQyjAZMk7MR005sJAIwfNVG4o1UdV6cIEG6096yeXGP8aKYXJwm1GUZ0NtdipQpieNnj59xClZHJ00m0K/0b6UHoGzSMY82t0nNrS3KvVEQP0a+LR5WVQEl7ac2m4FmbHpGtSWWMW6CYBnflfHQisFA=,iv:exvh14LUOeZnLrnvPrX9Hzfnv7wMd1Qfx37F0aVf2q8=,tag:62QX/P5K3U72O0zkgyyXhg==,type:str]
lastmodified: "2024-07-15T18:52:23Z"
mac: ENC[AES256_GCM,data:WgVkg91V7NEXw6gqAkDODnpS3z4Bs/QSsMMOtu+RhjzoxZqupi4JNDcqjlWmiX/y5tw/021PyMTim0uhiCuiigooIY8z4BBABBPnjKocLqQ+BLQtQD//kv78RJhS9XsYPioF3hfe+9oXP3Xsn8b2mHsv77dfnWb9++zJMypiMYQ=,iv:6T5bTmYyk5FKLE2qUXzlpe3roU8cWVKIbX+1buE8EQk=,tag:hD+1TjiXuVtNaIg85+HDxg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
version: 3.9.0

23
values/badhouseplants/secrets.vaultwardentest.yaml
View File

@ -1,10 +1,13 @@
vaultwarden:
smtp:
username: ENC[AES256_GCM,data:9bEvyZkXadW7Hx2iW6ByPDdnuIFPkeoUjoOyoQ==,iv:Y5M/16L16AWXeaWyKCSsV/c/l9JXmNzx/IsLBmMJuGg=,tag:nFN1ZssjtqZOG8Gvka9f3A==,type:str]
password:
value: ENC[AES256_GCM,data:CF2VgDpxlwHmvCDJhx0GDLT/yyw=,iv:t8JwQFeK9Te2zVdg+gPdMlh1E5g0vMG+ApAGKbGZ4WI=,tag:7UJuxFqS/hUTVunv0CJcTw==,type:str]
adminToken:
value: ENC[AES256_GCM,data:lrb99F1zn7AWlAttShQGGyMz5Ds=,iv:nas5hzd/XMQWFA2pTaTDkqXReoToBulf6s7tZraxM3s=,tag:UH/AXIWKbZOmu/W8XyuWNw==,type:str]
env:
secrets:
enabled: ENC[AES256_GCM,data:vAWPyA==,iv:nEzYTUi6VLTOIoPuKljxwNLoo1jD2twVXG8rbJt++5E=,tag:fQ6mHwjdsaaLXjPgy691RQ==,type:bool]
sensitive: ENC[AES256_GCM,data:vM91LA==,iv:/mNXXR6oI4/eMiyym+kK9N6q8RtchsGGZghgdrw9iMM=,tag:TCULlwJIKVSXF6IMuEV0aw==,type:bool]
data:
SMTP_USERNAME: ENC[AES256_GCM,data:2vIkJbVsF88SqkOCLspDd1qADWvlvDxZTPED,iv:9w05Hm9MDcrUDar2yo35jy/fDrF5aluf9T9gmuOCQjw=,tag:CIJKd8lyUZUuwsCBbdaBsA==,type:str]
ADMIN_PASSWORD: ENC[AES256_GCM,data:2i85zdr26/Id0zhtsAe0zJGavxYOxZ/zd7/bK+uEhPzQTduz7j3oXb9mvqpZD8PJxiw=,iv:hZDJMVhowwfpfxVobPztO4Dx5jEp6Vf57uWWppAC+Ak=,tag:MBKd6JS8nw4NscKfHIb22A==,type:str]
ADMIN_TOKEN: ENC[AES256_GCM,data:VyDuMYCnyC1NRkqMAnnejfPe2UpEDRiAHMt8CO2WWpbGWI2mUb3ApmnBmYclo2xpYduAwHzYfCtR3xZbXCsU5Tx7pNeGXkDaNL68Hzy90p3C9wVhjA==,iv:55Fl+NLBKUsgjugCHp7tmhM4fCCtzPrZdCyJfgFomWU=,tag:oSrfwc1gLy/VmQfeEBcElA==,type:str]
DATABASE_URL: null
SMTP_PASSWORD: ENC[AES256_GCM,data:iztp5mMTHIm4OROpLRZf/VC5ZO8=,iv:jOnAkVsEfSdGrwIIuc7PKPvACTGe3racjcjqqcfLjgE=,tag:BWBWJnWvaaSZM5u6Z1ywSA==,type:str]
sops:
kms: []
gcp_kms: []
@ -20,8 +23,8 @@ sops:
a2xWUGZpMmovY1Qya05nVXRZVUFDTFEKhF34OSdGZizs1/Rs9qvUOVtomQBvOFbS
hRsK3Orwig4HJdzj1UOZd8UMGwj6Mzhw+aKUJKL67igMwxbxVcaU1Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-06T15:15:43Z"
mac: ENC[AES256_GCM,data:9GsJoDWT1Onv6f8aUcwkbeTcpr0vF2MIgtJjKTbvvPHhzVeVev4FPFZ5R0YQXD1CmQycu/rnElktohgu9Xwum3j4hfs8Ga2qDqOk6heleBcptXDYwcBUAxg8QD5NNAkefsq5oJi+QsdD0nOeRjG6o5XYRccyoFiucTcpT9eASzw=,iv:7UJzUShRD+tzhIEeKygZlgaWHOYOS+L2Io69K0xW2MM=,tag:alOPQPbM6cex7kgQv8mqQQ==,type:str]
lastmodified: "2024-07-15T18:51:59Z"
mac: ENC[AES256_GCM,data:FWplZ9jLQM4WkYU+FH3Unmq7o0Ma4vqXB6dX6ZAp87URaP3NHLfK8kFGlvUJKWDBKPOVlvdAMo9Mc+3yLwJgmhMEYOt7OX/tu1tRVKRD1LsyvCMJEMFDyBCwvdXw0p5dvap5/strpZU65keBKjfqhJvnAsDtAPQBrhV1kfiotRY=,iv:1J1DCgmJPAPQm0zsjCiyunNFqddhJfNBhBLJnESt17s=,tag:GSbogrUfTkIhGqYAFJQSpg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
version: 3.9.0

106
values/badhouseplants/secrets.zot.yaml
View File

@ -1,83 +1,25 @@
configFiles:
config.json: |-
{
"distSpecVersion": "1.1.0-dev",
"storage": {
"rootDirectory": "/var/lib/registry"
},
"http": {
"auth": {
"htpasswd": {
"path": "/secret/htpasswd"
}
},
"accessControl": {
"metrics":
{
"users": ["admin"]
},
"repositories": {
"**": {
"anonymousPolicy":
[
"read"
],
"policies": [
{
"users": ["admin"],
"groups": ["admins"],
"actions": ["read", "create", "update", "delete"]
}
]
}
}
},
"address": "0.0.0.0",
"port": "5000"
},
"log": {
"level": "info"
},
"extensions": {
"sync": {
"registries": [
{
"urls": [
"https://git.badhouseplants.net"
],
"onDemand": true,
"tlsVerify": true,
"maxRetries": 3,
"retryDelay": "5m"
},
{
"urls": [
"https://git.badhouseplants.net"
],
"onDemand": true,
"tlsVerify": true,
"maxRetries": 3,
"retryDelay": "5m"
}]
},
"scrub": {
"enable": true
},
"search": {
"enable": false
},
"metrics": {
"enable": true,
"prometheus": {
"path": "/metrics"
}
},
"ui": {
"enable": false
},
"mgmt": {
"enable": false
}
}
}
authHeader: YWRtaW46YWRtaW4=
config.json: ENC[AES256_GCM,data:y1NtF/rIC+ZEyGElctMGpSMgjU7SZUx34WHSmnvf/ckc4TqbJYIq33uN1YrmwVLf1OjaXspnAkw//MzEjMAHxUkEFIn6IzYOpAqiLY1+B78v02g3o0bmNp66gJhdPEOfGU31DFxCseeFDWQFUxqM+J1su1DumXIvuFA57SBCC0d85zD8ZORUuepre8lyr6LfPau2YayB65vTWhXDmdwwpglzzeUB3Ym9laEggKHd228v4TTanSBQh6jeWtBevDlo4BQdCmgM+VtaTqvBmYAsl5unCCyRhpgw2g8YhioCOTX6lHSTQcojbbbBqhs8kCNCRlEBluT3RNzPfxlAzXztnHSgZvkhNiBDlJpO/5jYjentCEteu69ssC+Ut88lJhSQ4A/4fxNYnQZckmMqyNLzPlpqnm9LRdyerHu2Deps6v6nQA8Un0yby7j0T8dG/b7PMkCEGuqY7zOyHXryL22r5YBOUN68ClWlrUzItQEtxIpW8Ahyfur4MfhOoz8Yl0/hyRHHm9SJcYcxmKX6Q9kyryFrsfryfL+kvGmZvtB+cZOGfKhSHMXDfyK7DM6WDkCG3WQFx2rtqr6rGu1xDMo6Gra8vF8HhhN4Of2NqcS/MzJb8NKzLWk5GusIXmDl7FyGAGub+wAYbYLqGshaNFSdGIkvHLbiU4lLrN3KFPb+c40Cf5CGGRi8tZU00VttddbXofsrYPtSn81imuvqM34hn0c74UQb7tKPD58DYwkH9nCuLrEShBS12rrL2VKKOqP1RdGm7xEcS5QUjga2AUeCG3qVQn3MkLrlonFS2pHwigNwWEpujsK90hPMwpA6IT0ctBkfc0k2b3f/c/8UQ/pjrPaDI/3V8c6FVj6PRjW9m5LPtamvQpE8mJ0C7JvNRt9UevcFf3QtwvFlWZfcPUxEsmhy/1CJliVYE3MpInL1dPko5B2kMlYnXfjcJW5WGjAfFK68jBgkjVbypmHuVb3nLLu+wgGzmOCoLTlvaGtneUzimKpKVXu4ceeGKGzfJqDvfbRCX95vivamNiAl/nccSoTwuzdBsBVByJNbdKgb50M4LLGwYhBaLKL+8NsYufiDaIZo/kNinMFFnml4LIwvu1fVEDY4qsMXeQyFei5EYTT2p+AZuGWoisLBzAtn9gvdtQMrRL/KJuBYBObkgQxTCq38HbXprkfDhEBZZ0Jd7geH4uTeWyG5u77BH9RUl4+tz7uGmOq6k+VuEcl5eMEjinzptXc80JkAa4LK9BFSsHAGCeyTtj4xTV5FoxgQ2PYPblX710MHpyNJFogf4xJ1P7/6byum/6qbhSmiJ0C7Zkf25pYATwbx41rO1ldYEZB8gCZ4zo+DjzJ+LXK5qjRvDeHFEZ/6BydHuke8Mp7Jun2A/yNCumOiOnDqHwv/Hifkpt0BhZkDN76Xzj0p6ANRu8OUOzlO8qoMahlOxakV/zJq9ff3L7p43LEXun/uBCRLIFhg1PmO/yl9UUVdSoFFYsOs0986OaiNsZgGsRqQB3CPNGpV3BRb/4Kc/Z7mafMpONMqPXnh1buJXD8OgA6z4oCkhL7DkNmbyq8Q2gO9iXr6YMeDZVQXJFt09giEVcGK1pn3/d0YXAaqopzk/r2pJFMcXnNIA+WG/4HvB7cMnUcYw2Jf7xIG8zHMT3qvoNjYLAFAVLdcR37hcJFBBkAPDM6TMNdnunq7kf5NjcwcHumO1dgt4hQZusUviLDfo0MQr3jBf2n+JECGHzac8/REHmdwb8KhvaM/2dDlSmym8ur9G31zqiuJKk1FP7q8UZ4zzVStQPrQBoZ7UMcCRAwDmE/yR01m8W+2VHE88A76rZWuaC9U+fmT+a9BugwyDOeg0GoTgN9c9TQWaFKbSeNpEOyv7q2fbj275hKRie3iNJ0ke+6HQGLG6kKoggEk4ZNQtwZmgasIiBy32eiSaNtZHhkrrit2Y6lmbjCuvP3Tit7hwgTsekSPWyDE1YbzQ3aepJUUP8keazlSgeTWbN+JKrpSZ5MNe6rnUwZENR+aVKTdH5pFpjsFm3llbKjVJoQ5Rej6diec1/kQuZ02BkKfmitCV2AkIzsz6Iixma0w+inRVD7gLzDX5R6GXjPxWSw68YMJWS3b5xCaw0ACi0vn2khfipKiVpqr/bdQLkynL7AblFxtU/dGqeL4NxUGQJSOcXcKT/F9Jox6NY1Fpvul9F+CBPfRGWuEK1t4AZMX8/FhIgF5FMSORpwHjiKvV4QLdp3aIEUhD8N/bN3GTiZ9vkmH5PaaB0m51UuilewD3BwcReKSzbnitKG1bzMMvJzDODKBHy3cwO2pvBZ4KsxjpbABcbKzkYB1GYwV54qJ9nyVd6jqymXrly5MqryJWcQlr5HObM5JCju9BJmL6D0buvrwp4mQ4E+yVNJVwB0oTOOKxQy7m0jQwXl/qsFpvsuWm/KjI7ieuqLspYOANdkdcd7taLL2+8L1hS0tVciqK8zxvyA7e14eKycmi0T4XgtxxjtW1uNp1SlhUvgHxxyOHCL7bwKC/aZ0jVjEVAdJZl+DCONN2QADyWAbaFVpNdXVEjdQIqg8qrmo2D218pZZy1gToHkfvASxJLBldFgu82+slzXveLDY5YCN6pZDkE5XVs35kN9SnGketEMr22Wx19ANNbX4uMLB6bV8xRR9EvdnvAZt1ITn1Mm/Nb+S0rSO2uF0sLRdZWIgYC8359mrH9NVBaSr56BCLCvoE9yCoZDyD99EJh1cQzUu4z6aZA6Ps0SX8q4Barx6zYgHPnbhbSQ8bIc4taoTx9NJAQ==,iv:lctj1rL01MeoIT/y9FaowkOrDjQgni3FqkvibhWqbt0=,tag:JvBp/P0SO8e4MOBFByB0SQ==,type:str]
secretFiles:
htpasswd: ENC[AES256_GCM,data:OQ7xoCb30dZ0wdD7oHxP2y45Tr7LXtGFqLdw6gcFsA4vySxmFt+NOvwRwev1C4IdTICOCji7FflCcKJsJQnBRqKNqJUJCSZ60t+6gZ4h+1N38ktaDp7DPOVeZDbLhNwnwVw+ZqyJ8JghDOc7og6ejAoIetxOgq18mixjrWmRCwWX91DXjh9efQ==,iv:OlGZalsNmwppLuXrBNTWMZqZvuRFZ6WGGfnS/QkeWI4=,tag:Aw8Va/00hx+L4nMv/lgcbw==,type:str]
authHeader: ENC[AES256_GCM,data:nRRy42htfqHKv8oUbJuKmAkCv6hd9yVEDN0EbSiFjEyjHviBklxYz93PQ0yCMVDC,iv:b4OefNZ0bbbX7BFMrGv6zp58cEQoYdlS1sn5NYxKF6k=,tag:B//VFLJKItWREjaO56DGdg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0c3F5R2VGTFVMbHZRU0dS
cCt5SVFESFlFaDhCdld6ZlJneTZMc1lFb253CmlwSnhYTFUrNUg2VzV0YUdtTmkz
Zkx1QzVhZXNveis5TGxZMzRBWi95b00KLS0tIHNjYytnR3E3UE8reWx4eXRON00r
NG1YS2pFcTlmWkdoMk95VUc2ek1KS1UKi2QUiMLJXcSoHfGe0wTu+ii/8KdBNC12
1yuCCgSn/WI+eEtBN4ES1v0M1dp8TH/qXNBh78fJlUGUQQ+s3BUcLg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-14T09:37:07Z"
mac: ENC[AES256_GCM,data:bGfNyevNWy2PdwRJDxwuVQE8tcqaSQTkX5EYUtq4qPdDEj+SN2Kw/Y18e1+J5WjXitzNeViaXIPzlcs++EylB10RRBG/JzgdduVpQ6r90HKPBjZmXxImdCZPykRFP7zN4N5Qe3MXXjF/mtFLfK5uIRcFVgIVnQMhoXD0phBOsXo=,iv:cTxVR7M4fQ1YyhrHQHyU/jA1JyJ3pPUvI+59Ilh6R4E=,tag:KNs0U+lWp+PqOgZ4pFdiJw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

4
values/badhouseplants/values.funkwhale.yaml
View File

@ -61,8 +61,8 @@ postgresql:
enabled: false
host: postgres16-postgresql.databases.svc.cluster.local
auth:
username: funkwhale-application-funkwhale-postgres16
database: funkwhale-application-funkwhale-postgres16
username: applications-funkwhale-postgres16
database: applications-funkwhale-postgres16
redis:
enabled: false

75
values/badhouseplants/values.mealie.yaml Normal file
View File

@ -0,0 +1,75 @@
---
ext-database:
enabled: true
name: mealie-postgres16
instance: postgres16
credentials:
POSTGRES_SERVER: "{{ .Hostname }}"
POSTGRES_PORT: "{{ .Port }}"
workload:
containers:
mealie:
envFrom:
- environment
- secretRef:
name: mealie-postgres16-creds
livenessProbe:
httpGet:
port: 9000
readinessProbe:
httpGet:
port: 9000
ingress:
main:
class: traefik
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
rules:
- host: mealie.badhouseplants.net
http:
paths:
- backend:
service:
name: "{{ include \"chart.fullname\" $ }}"
port:
number: 9000
path: /
pathType: Prefix
tls:
- hosts:
- mealie.badhouseplants.net
secretName: mealie.badhouseplants.net
env:
environment:
sensitive: false
data:
ALLOW_SIGNUP: "true"
PUID: "1000"
PGID: "1000"
TZ: Europe/Berlin
MAX_WORKERS: "1"
WEB_CONCURRENCY: "1"
BASE_URL: https://mealie.badhosueplants.net
DB_ENGINE: postgres
OIDC_AUTH_ENABLED: "true"
OIDC_SIGNUP_ENABLED: "true"
OIDC_CONFIGURATION_URL: "https://authentik.badhouseplants.net/application/o/mealie/.well-known/openid-configuration"
OIDC_CLIENT_ID: mealie
OIDC_USER_GROUP: "Family"
OIDC_ADMIN_GROUP: "DevOps"
OIDC_AUTO_REDIRECT: "true"
OIDC_PROVIDER_NAME: authentik
secrets:
sensitive: true
data:
POSTGRES_USER: ~
POSTGRES_PASSWORD: ~
POSTGRES_SERVER: ~
POSTGRES_PORT: ~
POSTGRES_DB: ~

158
values/badhouseplants/values.vaultwarden.yaml
View File

@ -1,81 +1,89 @@
---
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
istio:
enabled: true
istio:
- name: vaultwarden-http
kind: http
gateway: istio-system/badhouseplants-net
hostname: vault.badhouseplants.net
service: vaultwarden
port: 8080
# ------------------------------------------
# -- Database extension is used to manage
# -- database with db-operator
# ------------------------------------------
ext-database:
enabled: true
name: vaultwarden-postgres16
instance: postgres16
service:
port: 8080
vaultwarden:
smtp:
host: badhouseplants.net
security: "starttls"
port: 587
from: vaultwarden@badhouseplants.net
fromName: Vault Warden
authMechanism: "Plain"
acceptInvalidHostnames: "false"
acceptInvalidCerts: "false"
debug: false
domain: https://vault.badhouseplants.net
websocket:
enabled: true
address: "0.0.0.0"
port: 3012
rocket:
port: "8080"
workers: "10"
webVaultEnabled: "true"
signupsAllowed: false
invitationsAllowed: true
signupDomains: "https://vault.badhouseplants.com"
signupsVerify: "true"
showPassHint: "false"
database:
existingSecret: vaultwarden-postgres16-creds
existingSecretKey: CONNECTION_STRING
connectionRetries: 15
maxConnections: 10
storage:
enabled: true
size: 1Gi
class: longhorn
dataDir: /data
logging:
enabled: false
logfile: "/data/vaultwarden.log"
loglevel: "warn"
credentials:
DATABASE_URL: "{{ .Protocol }}://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}"
workload:
kind: Deployment
strategy:
type: RollingUpdate
containers:
vaultwarden:
mounts:
storage:
data:
path: /app/data/
extraVolumes:
logs:
path: /app/logs
envFrom:
- environment
- secrets
- secretRef:
name: vaultwarden-postgres16-creds
ingress:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
hosts:
- host: vault.badhouseplants.net
paths:
- path: /
pathType: Prefix
tls:
- secretName: vault.badhouseplants.net
hosts:
- vault.badhouseplants.net
main:
class: traefik
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
rules:
- host: vault.badhouseplants.net
http:
paths:
- backend:
service:
name: '{{ include "chart.fullname" $ }}'
port:
number: 8080
path: /
pathType: Prefix
tls:
- hosts:
- vault.badhouseplants.net
secretName: vault.badhouseplants.net
extraVolumes:
# -- Because by default the fs is read-only, we need to add an emtpy dir volume
logs:
emptyDir: {}
storage: {}
env:
environment:
enabled: true
sensitive: false
data:
DOMAIN: https://vault.badhouseplants.net
SMTP_HOST: mail.badhouseplants.net
SMTP_SECURITY: "starttls"
SMTP_PORT: 587
SMTP_FROM: vault@badhouseplants.net
SMTP_FROM_NAME: Vault Warden
SMTP_AUTH_MECHANISM: "Plain"
SMTP_ACCEPT_INVALID_HOSTNAMES: "false"
SMTP_ACCEPT_INVALID_CERTS: "false"
SMTP_DEBUG: false
DATA_FOLDER: /app/data/
ROCKET_PORT: 8080
SHOW_PASSWORD_HINT: true
SIGNUPS_ALLOWED: false
INVITATIONS_ALLOWED: true
SIGNUPS_DOMAINS_WHITELIST: "*"
SIGNUPS_VERIFY: true
WEB_VAULT_ENABLED: true
LOG_FILE: /app/logs/log.txt
LOG_LEVEL: info
DB_CONNECTION_RETRIES: 10
DATABASE_MAX_CONNS: 10
ORG_GROUPS_ENABLED: true
ORG_EVENTS_ENABLED: true
ORG_CREATION_USERS: ""

135
values/badhouseplants/values.vaultwardentest.yaml
View File

@ -1,59 +1,78 @@
service:
port: 8080
vaultwarden:
smtp:
host: mail.badhouseplants.net
security: "starttls"
port: 587
from: vaulttest@badhouseplants.net
fromName: Vault Warden
authMechanism: "Plain"
acceptInvalidHostnames: "false"
acceptInvalidCerts: "false"
debug: false
domain: https://vaulttest.badhouseplants.net
websocket:
enabled: true
address: "0.0.0.0"
port: 3012
rocket:
port: "8080"
workers: "10"
webVaultEnabled: "true"
signupsAllowed: true
invitationsAllowed: true
signupDomains: "test.test"
signupsVerify: false
showPassHint: true
# database:
# existingSecret: vaultwarden-postgres16-creds
# existingSecretKey: CONNECTION_STRING
# connectionRetries: 15
# maxConnections: 10
storage:
enabled: true
size: 512Mi
class: longhorn
dataDir: /data
logging:
enabled: false
logfile: "/data/vaultwarden.log"
loglevel: "warn"
---
workload:
kind: Deployment
strategy:
type: RollingUpdate
containers:
vaultwarden:
mounts:
storage:
data:
path: /app/data/
extraVolumes:
logs:
path: /app/logs
envFrom:
- environment
- secrets
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
hosts:
- host: vaulttest.badhouseplants.net
paths:
- path: /
pathType: Prefix
tls:
- secretName: vaulttest.badhouseplants.net
hosts:
- vaulttest.badhouseplants.net
main:
class: traefik
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
rules:
- host: vaulttest.badhouseplants.net
http:
paths:
- backend:
service:
name: '{{ include "chart.fullname" $ }}'
port:
number: 8080
path: /
pathType: Prefix
tls:
- hosts:
- vaulttest.badhouseplants.net
secretName: vaulttest.badhouseplants.net
extraVolumes:
# -- Because by default the fs is read-only, we need to add an emtpy dir volume
logs:
emptyDir: {}
storage: {}
env:
environment:
enabled: true
sensitive: false
data:
DOMAIN: https://vaulttest.badhouseplants.net
SMTP_HOST: mail.badhouseplants.net
SMTP_SECURITY: "starttls"
SMTP_PORT: 587
SMTP_FROM: vaulttest@badhouseplants.net
SMTP_FROM_NAME: Vault Warden
SMTP_AUTH_MECHANISM: "Plain"
SMTP_ACCEPT_INVALID_HOSTNAMES: "false"
SMTP_ACCEPT_INVALID_CERTS: "false"
SMTP_DEBUG: false
DATA_FOLDER: /app/data/
ROCKET_PORT: 8080
SHOW_PASSWORD_HINT: true
SIGNUPS_ALLOWED: true
INVITATIONS_ALLOWED: true
SIGNUPS_DOMAINS_WHITELIST: "test.com"
SIGNUPS_VERIFY: false
WEB_VAULT_ENABLED: true
LOG_FILE: /app/logs/log.txt
LOG_LEVEL: info
DB_CONNECTION_RETRIES: 10
DATABASE_MAX_CONNS: 10
ORG_GROUPS_ENABLED: true
ORG_EVENTS_ENABLED: true
ORG_CREATION_USERS: ""

47
values/badhouseplants/values.wikijs.yaml Normal file
View File

@ -0,0 +1,47 @@
---
ext-database:
enabled: true
name: wikijs-postgres16
instance: postgres16
credentials:
DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable"
volumeMounts:
- name: postgres-creds
readOnly: true
mountPath: "/etc/postgres/connection_string"
subPath: DATABASE_DATASOURCE
volumes:
- name: postgres-creds
secret:
secretName: wikijs-postgres16-creds
#externalPostgresql:
# databaseURL: $(cat /etc/postgres/connection_string)
ingress:
enabled: true
className: traefik
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
hosts:
- host: wikijs.badhouseplants.net
paths:
- path: "/"
pathType: Prefix
tls:
- secretName: wikijs.badhouseplants.net
hosts:
- wikijs.badhouseplants.net
postgresql:
enabled: false
postgresqlHost: postgres16-postgresql.databases.svc.cluster.local
postgresqlPort: 5432
postgresqlUser: applications-wikijs-postgres16
postgresqlDatabase: applications-wikijs-postgres16
existingSecret: wikijs-postgres16-creds
existingSecretKey: POSTGRES_PASSWORD