badhouseplants/k8s-deployment
4
0
Fork 0
Code Issues 3 Pull Requests 14 Actions Packages Projects Releases Activity

Add etersoft xray and increase gitea memory

Browse Source
This commit is contained in:
Nikolai Rodionov 2025-01-22 22:04:34 +01:00
parent 71c6161ad3
commit 48eee21619
Signed by: allanger
GPG Key ID: 09F8B434D0FDD99B
6 changed files with 338 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.pre-commit-config.yaml
View File

@ -11,10 +11,10 @@ repos:
(?x)^(
.*secrets.*yaml
)$
- repo: https://github.com/codespell-project/codespell
rev: v2.2.4
hooks:
- id: codespell
# - repo: https://github.com/codespell-project/codespell
# rev: v2.2.4
# hooks:
# - id: codespell
- repo: local
hooks:
- id: check-sops-secrets

24
installations/applications/helmfile-etersoft.yaml
View File

@ -8,6 +8,8 @@ repositories:
- name: gabe565
url: ghcr.io/gabe565/charts
oci: true
- name: xray-docs
url: git+https://gitea.badhouseplants.net/badhouseplants/xray-docs.git@helm?ref=main
releases:
- name: openvpn
chart: allangers-charts/openvpn
@ -32,12 +34,6 @@ releases:
- template: default-env-values
- template: default-env-secrets
- template: ext-database
- name: tf-ocloud
chart: ../../charts/tf-ocloud
namespace: pipelines
installed: false
inherit:
- template: default-env-secrets
- name: nrodionov
chart: bitnami/wordpress
@ -52,3 +48,19 @@ releases:
chart: ../../kustomizations/external-service-xray
installed: true
namespace: public-xray
- name: server-xray-public
chart: allangers-charts/server-xray
namespace: public-xray
version: 0.5.0
inherit:
- template: default-env-secrets
- template: default-env-values
- template: ext-tcp-routes
- template: ext-cilium
- template: ext-certificate
- name: xray-docs
chart: xray-docs/xray-docs
installed: true
namespace: public-xray

5
values/badhouseplants/values.gitea.yaml
View File

@ -40,16 +40,15 @@ replicaCount: 1
clusterDomain: cluster.local
resources:
limits:
cpu: 512m
memory: 1024Mi
requests:
cpu: 512m
memory: 256Mi
memory: 1024Mi
persistence:
enabled: true
size: 15Gi
accessModes:
- ReadWriteMany
- ReadWriteOnce
# ------------------------------------------
# -- Main Gitea settings
# ------------------------------------------

37
values/etersoft/secrets.server-xray-public.yaml Normal file
View File

@ -0,0 +1,37 @@
files:
config:
enabled: ENC[AES256_GCM,data:V7XhqQ==,iv:6XHLD5LS04vMIBLAU+PImTq0e+2wIK9BDLrT7OSjqqM=,tag:6HuYNWDxpSWIY7F+VdUX3Q==,type:bool]
sensitive: ENC[AES256_GCM,data:e0gXBRA=,iv:5uYltAj9gpJs7qwZ0WDRfbioH9xKBVbGFgy1Pl04fJ0=,tag:kTnoKyJTWzc+FpS+49DnNQ==,type:bool]
remove: []
entries:
config.json:
data: ENC[AES256_GCM,data:eZ/w9tvQIneRDjq7MNT/tQorIiY0/bU+zDEG9fTfEytkkpeKe4DjZouSn2YDi4R0zct/qd5tSTeiPcb45hTPTCJD3EImtUYYKYVyl1nnMzcDwS58TgUpsC/Wen9V2UZge6nN5Irrldje1IjlOr56GxmQUVFI9+wqkmMgBUMF0j0YP/YhXuR+Ji0dFYqyKzmGJU4ekrHOtBRve5np9D0AdXXLCvCxQLwvLYq2Ula67s3B3YeXxq7Zt0NclkdA868mCxIKh9lFXW/WSstZ1P2cyJXW1WaR/fn3O3VSHM8vBKdoiQLuJpRYII5ooa+KJ2wnE3DswI84ih2nxPg7hMQio7MqUI3bI/qPWiD2PeKx8zceG/fstPTijWfN5bnr32s3pT2s5xnd9D+P0TVCSxmZ1u0hrMJ6WUFlTrXtOoK7LkpTNrIH7/57uhfAYwJpx9ECqzIERsNpdbxYF/yEwfiHDA8IDY56NPfSLyRahlWCiTx90LoYDlw9T91+OMrK+4zm33C+CoZzMZCHmeSl8n94KdnO8tz+wKQZMCvTHeGKy97UEiLJLdkTRrR+QZ/K25YtywsBQJJrsFYllg5WDjqMUIq1bQCXxsAjeX4JhTNvuHdHB21K+q+gxdudjs4wEMWBsF7aKAh5jQkQnNFg05xA4Gn1INBsFkCRgssH8nxK0PFSSLI/6loaM4UhiT+j4sNWAUtqdyUXXSo7I9qsOFpv65bQWYkkl/aKPv9yK2K7tGi73eDmTGeHrQoCZrABCP9zIwLyXHAfkSsUx6wcYUaKOtezEljTIle8yAyfDBy76XBkvJWyK/SNXGy4+G7/t3zB2CrBq71vYJjvHzFxyiNya2sBaYOJfvbHX6UAnFm4RfVnESTrUagJM713YuBbJUhWAwHQ81DOOYFuT8QGcpkiKmfE+4KtseGuZjSdiZt4q9qIJoK1tA2zbgQ7EbTVKydHF+jxUCXt/FuXW5yGoNeKC6qg8hknAV4kAHtzP4gtukrwWrwyctGVXYplsXE6waaHQwtShE27zt+1/OSXpQcnIEIQ+mv8CJvvFLE6ifTMpuSH/ifgVTt3MgP9rPC/O84v7+LjPbhAVPi0E5jTYMsa+QEgi81tisXEn6V5OXmNoGeNVEyC+4+XwQCKAaE+6phM+gYthdZUZlnD4ffVkzEow+IYXczNugyzka29HJm4vaiLrUF6ws71gMx+Sye6xeGG2tegUGxrzZcHzRWyHPzPioepihhD/veiRexqqesjlFsgqWn2lNW0q5fuslKNFFrYkX0Xv5aReVfjOEpsNF0kQHg9/PZaEexzpfw0MBu62hJkrsbmkboK758ruV2DzaxRpQAMd2o3sowxAP+1IKBGuH/a1+NC7d1MalU/SjIFHmpFXxn7vC0s3YarjX997TLzNFcVYwdNV5IfIuvw+Z4L1WKgb+2RUFX5GHBTtnQMsS8Xvj/NYYZdo8pB8MBEleR52O2He1d3SdCQpwiVl05zC3+0eOnfCGWC/vu2Vc2lJDuOgaf+dAULH4LuL53Fs6/eDTGtuhB8B/99wsntdyA/dUXRM5Ytm48vSF3aG5kMGU6rM3JRx17AWsvAmStyEUQLzxoS61uljTyHnw8lnDnX3xwUBbc4VgggIk26ggxLK0OInIIIk2UnKl+L5kRBuwit2ZfZuP+7OkokAt314/gaVEM+ItIqo8VVLd2YU+7nTK2hk6RGw2MyZZNsmdAJitgb40xo2QLCBq42gYhcXjNVA1RGEGGGOwb9Q6uVorkQ+6iTngVZtnEavekgddZlV7GZZ2dLDj8PH1Z6fwmAY3Ivm0dM7OOYuQpng+mjsNxVXp73eIZ9lN3eLreCMgXVoCCITPcvljdwtVUuIT+xJdfqqbgM4rdrY/FqVQetNwJylciGKIGeKY85NljkWW28jhjxSgaqHt8BgsLmMcIMCMWQWQLfny8mFlR42EzxLa41zfLAsOJzhMsSuY0O3pDvpIPscZqMr4yffJxtTWKRqQCK9CBOPWAz7KO11xiPAy42uG4XtTEEYqErejqNiVGBEjqCdnz6ak+N15EiJ+PptUPKqPNQCO02wDP/lN095Ay1LBfVC+0p0n/+76qpkHTlGUEZ+CjKinbMTAY5g+k2pTBbkz0j0cpZg/nmURB+l8PZh//Z+BH0GsLTelhCXZjr5I6a5Kv60h0Syv8zXE7qtlNBsdU7sQDkUKOQTDa1Oq+DirUALMjNQ/h6aL1rC/3tr4aFH3uDqkTQZjDElwAUc6woqmhlqn8dlreQ4d5W4eega7g2vChD7gxB+7EMgDrLGwN1X4zuZ/ByNv1Vuu1qoJR5gfGTiNResguF7zs5oMAASvNFK+xL385iPY7STnQ+IHKU/bFNXdgDYNO9ze+b3FQzr2onI86HWeJQXuAhCH4zPKYqNEjYJXy6zCeGapjEPgL48k7zbSDMdAXgOO64IFL4JlqJJf5UgjSgnPN25MH7/UjniaqHykkb2S5R8mv9VseMCUrgBAZxFG7v3mMFWBlDgdLLxNgFgkHdSV9k6bVSPfbnj+iQi9Jl26pU6W3r1p2yjnJ31eIFuyu3mvVL+htpZT7TA4qpJ1cfHWP6qsZTOxzI2i+yt5jEmupnuZ9HviriEa3Yt32xw/jehx9Pkb7VtgplWriiq7QTnSGuRn4H1ChJOxGlB1VnObteLNnSJonekaJ4oS0oQsVSa6gn63KlS6rODYjQ7UQggwdIeCJ8iiP1g2Cp0i1bIBKkfzaNz0I41AqDi4mVvjcExHJqm7kRQphYTK/kzp7zeJfEI6tsNib6V7zvfz4vAQ/bhT+bPQm/wIboUZsY7Ra1daBuhjqnKcu321G/FcsEhnSR1SokxYnGKOwAJofAJmyD4Pd7yxMIxXB/oqPxQ5TCKrnOJQZ+Nwpm4Qa5cPWtk0rOGOLQsAtYrHgaC7CwtLYOL4AA+YGH2XYaezWHEw33uOcY1+jPQTB3FlUW84RDWWYxVoUCf4RSbZlflqX9GkRfBWT6UCes3Z2XVa3cUvw+BFMvwhmAqCtrGz8OSVXIgOZYfMXwMX85eQ2Gs1OtUFI4f47qfQJajQPR3G97bpDcvQRptJoO6vMwJKkq1Q5/vgcWWA2t/7NL/YqRyssoBwdOKtUjrYbUynJ9ojd5nwQU0TXpdL0BF06kB+gxfINrzTQO4l9c7AxVQHwVImx78ETB5a5dhKwS2d9+e/QqjNH8TjkeCUDoP+7tFVuutehL5FbrQ85gP+SFpli8b/KML/ZGSiyzwp0maxISFZCbfcEFKVoVCj2HgRfxJf8HPatmQPtTYzP4ukmxFYpmyuY=,iv:eZ5E3aVB4VqGxbZuKgj2HNCb7MKUXa6zEtJHoX1+i6o=,tag:Z/NTk69Mt3jOgjBQdjM3HA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArLzRrUVNzVXhhUmd6ZjAr
cnduVkF2T2JuRkt2aDd4UXBjVHJyTDlnaGhjCmtodlhLY1Z6L2ptbmZPOHQxTGhI
bnNTa050dzM2S0RYWWJBY0JUTk11bk0KLS0tIHNKemJubldtRmRQSjZJaHdsOGVF
aUZicmNkZUlFSEZwVUZQWno5akNTc2MK29Tem5YjN0TmmNZ7Ol29DcGBdJebwVNR
ncrp8W7aSmP3eLv4J/PhdpTEWlmGPof+kwvej5/SC5QwWQ0Qee8pyw==
-----END AGE ENCRYPTED FILE-----
- recipient: age17fyzv5mezck364lvyepp9pa3tnjn7jvsgcpykhhz2smnxyq6fdusvl7waf
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmeGZUMlh5UExuemZTRDlr
dk54WENSeWl5cDFJSmJVYXFHU0hncTdVbXpjCnhSZWlKa01JU1pVU3EyblhVVUVl
NUc2NmMrelJlM2VyWTZaRE0rS3gvcTAKLS0tIEV5WnVsMXBPN2dtR2pHd2FVOER1
dklzSWVOQk5YVTgzVHFNQmZkeXcyU0UKvh0CaFhEsD0EAYmV0H3wYirPVG6OJnLp
/zDuJ5U2C5LHOYkFc+rq+wKUAHjQLtw93kQI4r3YQulSSLl9HQFV8Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-20T11:45:50Z"
mac: ENC[AES256_GCM,data:QBnJTY5u0P9gE6ptVO5MQHfn7PWlaSEdJ6gsRXpxsyH8qlyLMar4bNU7ws7XSX3ilqBRJNPrQL2tTnEYwPG/IIz3MT/drlb9KcEx/H0hFVefwsB8NmGOaWbfMuKKAc37KR8By1Dwjf36Y+AD/K7KLcF+e3B0+UtwQoOyTcI/PYY=,iv:e4lBFWt3CBMu1e9iY3W+MnTUio+pdKqSb5ecFeZAE3I=,tag:vtKiNLs/Ts+8p3RuaZ4ksg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.3

271
values/etersoft/values.server-xray-public.yaml Normal file
View File

@ -0,0 +1,271 @@
certificate:
enabled: true
certificate:
- name: xray-public-e.badhouseplants.net
secretName: xray-public-e.badhouseplants.net
issuer:
kind: ClusterIssuer
name: badhouseplants-issuer-http01
dnsNames:
- xray-public-e.badhouseplants.net
traefik:
enabled: true
tcpRoutes:
- name: server-xray-public
service: server-xray-public-xray-https
match: HostSNI(`*`)
entrypoint: xray-internal
port: 443
shortcuts:
hostname: xray-public-e.badhouseplants.net
ingress:
main:
enabled: true
annotations:
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.class: traefik
kubernetes.io/ingress.global-static-ip-name: ""
kubernetes.io/tls-acme: "true"
meta.helm.sh/release-name: xray
meta.helm.sh/release-namespace: xray
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
extraVolumes:
certs:
secret:
secretName: xray-public-e.badhouseplants.net
workload:
replicas: 2
ext-cilium:
enabled: true
ciliumNetworkPolicies:
- name: xray-public
endpointSelectors:
app.kubernetes.io/instance: server-xray-public
app.kubernetes.io/name: server-xray
egress:
- toEntities:
- cluster
- toPorts:
- ports:
- port: "53"
protocol: ANY
- toEntities:
- world
egressDeny:
- toCIDR:
- 93.158.213.92/32
- 93.158.213.92/32
- 185.243.218.213/32
- 91.216.110.53/32
- 23.157.120.14/32
- 94.243.222.100/32
- 208.83.20.20/32
- 156.234.201.18/32
- 209.141.59.16/32
- 34.89.51.235/32
- 109.201.134.183/32
- 83.102.180.21/32
- 185.230.4.150/32
- 45.9.60.30/32
- 5.181.156.41/32
- 156.234.201.18/32
- 34.89.51.235/32
- 83.6.102.25/32
- 51.222.82.36/32
- 125.227.79.123/32
- 193.42.111.57/32
- 135.125.202.143/32
- 176.56.7.44/32
- 185.87.45.163/32
- 181.214.58.63/32
- 143.198.64.177/32
- 5.255.124.190/32
- 52.58.128.163/32
- 15.204.57.168/32
- 34.94.76.146/32
- 211.23.142.127/32
- 64.23.195.62/32
- 23.153.248.83/32
- 82.156.24.219/32
- 37.235.176.37/32
- 176.123.1.180/32
- 35.227.59.57/32
- 62.210.114.129/32
- 185.216.179.62/32
- 34.94.76.146/32
- 121.199.16.229/32
- 23.163.56.66/32
- 176.99.7.59/32
- 207.241.231.226/32
- 207.241.226.111/32
- 27.151.84.136/32
- 104.244.77.14/32
- 5.102.159.190/32
- 184.61.17.58/32
- 125.227.79.123/32
- 181.214.58.63/32
- 95.217.167.10/32
- 159.148.57.222/32
- 15.204.57.168/32
- 211.23.142.127/32
- 34.94.76.146/32
- 187.56.163.73/32
- 109.71.253.37/32
- 5.182.86.242/32
- 104.244.77.14/32
- 190.146.242.81/32
- 89.110.76.229/32
- 138.124.183.78/32
- 209.126.11.233/32
- 167.99.185.219/32
- 37.59.48.81/32
- 27.151.84.136/32
- 142.132.183.104/32
- 193.53.126.151/32
- 74.48.17.122/32
- 93.158.213.92/32
- 156.234.201.18/32
- 35.227.59.57/32
- 34.89.51.235/32
- 34.94.76.146/32
- 184.61.17.58/32
- 125.227.79.123/32
- 104.21.58.176/32
- 172.67.162.102/32
- 181.214.58.63/32
- 93.185.165.29/32
- 95.217.167.10/32
- 159.148.57.222/32
- 15.204.57.168/32
- 211.75.210.220/32
- 125.227.79.123/32
- 211.23.142.127/32
- 172.67.165.72/32
- 104.21.57.182/32
- 35.227.59.57/32
- 34.89.51.235/32
- 34.94.76.146/32
- 187.56.163.73/32
- 109.71.253.37/32
- 5.182.86.242/32
- 104.244.77.14/32
- 193.53.126.151/32
- 104.19.22.31/32
- 104.19.22.22/32
- 104.19.22.27/32
- 104.19.22.23/32
- 104.19.22.30/32
- 104.19.22.24/32
- 104.19.22.26/32
- 104.19.22.29/32
- 104.19.22.32/32
- 104.19.22.28/32
- 104.19.22.25/32
- 74.48.17.122/32
- 184.61.17.58/32
- 104.21.62.230/32
- 172.67.139.235/32
- 172.67.135.244/32
- 104.21.26.114/32
- 104.21.72.244/32
- 172.67.136.175/32
- 172.67.183.130/32
- 104.21.64.112/32
- 104.26.10.105/32
- 104.26.11.105/32
- 172.67.70.119/32
- 172.67.144.128/32
- 104.21.71.114/32
- 172.67.161.130/32
- 104.21.65.89/32
- 172.67.156.75/32
- 104.21.40.186/32
- 65.21.91.32/32
- 184.61.17.58/32
- 104.21.82.111/32
- 172.67.200.173/32
- 104.21.13.129/32
- 172.67.200.14/32
- 104.21.89.147/32
- 172.67.160.224/32
- 172.67.139.235/32
- 104.21.62.230/32
- 93.158.213.92/32
- 185.243.218.213/32
- 91.216.110.53/32
- 23.157.120.14/32
- 94.243.222.100/32
- 208.83.20.20/32
- 156.234.201.18/32
- 209.141.59.16/32
- 34.94.76.146/32
- 35.227.59.57/32
- 34.89.51.235/32
- 109.201.134.183/32
- 83.102.180.21/32
- 185.230.4.150/32
- 45.9.60.30/32
- 5.181.156.41/32
- 83.6.102.25/32
- 54.39.48.3/32
- 51.222.82.36/32
- 125.227.79.123/32
- 193.42.111.57/32
- 135.125.202.143/32
- 176.56.7.44/32
- 185.87.45.163/32
- 93.185.165.29/32
- 181.214.58.63/32
- 143.198.64.177/32
- 5.255.124.190/32
- 52.58.128.163/32
- 15.204.57.168/32
- 35.227.59.57/32
- 34.89.51.235/32
- 34.94.76.146/32
- 211.23.142.127/32
- 211.75.210.220/32
- 125.227.79.123/32
- 64.23.195.62/32
- 51.81.222.188/32
- 23.153.248.83/32
- 82.156.24.219/32
- 37.235.176.37/32
- 51.15.41.46/32
- 176.123.1.180/32
- 104.244.77.87/32
- 34.94.76.146/32
- 34.89.51.235/32
- 35.227.59.57/32
- 62.210.114.129/32
- 185.216.179.62/32
- 34.94.76.146/32
- 34.89.51.235/32
- 35.227.59.57/32
- 121.199.16.229/32
- 35.227.59.57/32
- 34.89.51.235/32
- 34.94.76.146/32
- 23.163.56.66/32
- 176.99.7.59/32
- 207.241.231.226/32
- 207.241.226.111/32
- 27.151.84.136/32
- 51.159.54.68/32
- 104.244.77.14/32
- 5.102.159.190/32
- 190.146.242.81/32
- 89.110.76.229/32
- 89.47.160.50/32
- 138.124.183.78/32
- 209.126.11.233/32
- 167.99.185.219/32
- 27.151.84.136/32
- 37.59.48.81/32
- 27.151.84.136/32
- 142.132.183.104/32
- 159.148.57.222/32
- 159.148.57.222/32

6
values/etersoft/values.traefik.yaml
View File

@ -11,6 +11,12 @@ ports:
default: true
exposedPort: 27015
protocol: TCP
xray-internal:
port: 27016
expose:
default: true
exposedPort: 27016
protocol: TCP
providers: # @schema additionalProperties: false
kubernetesCRD:
enabled: true