badhouseplants/k8s-deployment
4
0
Fork 0
Code Issues 3 Pull Requests 11 Actions Packages Projects Releases Activity

First commit

Browse Source
This commit is contained in:
Nikolai Rodionov 2024-07-13 22:21:59 +02:00
commit 8518c44a17
Signed by: allanger
GPG Key ID: 0AA46A90E25592AD
113 changed files with 3912 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.sops.yaml Normal file
View File

@ -0,0 +1,6 @@
creation_rules:
- path_regex: values/.*/secrets.*
key_groups:
- age:
- age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8

23
charts/issuer/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

24
charts/issuer/Chart.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: v2
name: issuer
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"

51
charts/issuer/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,51 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "issuer.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "issuer.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "issuer.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "issuer.labels" -}}
helm.sh/chart: {{ include "issuer.chart" . }}
{{ include "issuer.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "issuer.selectorLabels" -}}
app.kubernetes.io/name: {{ include "issuer.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

10
charts/issuer/templates/issuer.yaml Normal file
View File

@ -0,0 +1,10 @@
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
labels:
{{- include "issuer.labels" . | nindent 4 }}
name: "{{ .Values.name }}"
spec:
acme:
{{ .Values.spec | toYaml | indent 2 }}

1
charts/issuer/values.yaml Normal file
View File

@ -0,0 +1 @@
spec: {}

23
charts/namespaces/chart/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

24
charts/namespaces/chart/Chart.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: v2
name: namespaces
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"

43
charts/namespaces/chart/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,43 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "namespaces.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "namespaces.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "namespaces.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "namespaces.labels" -}}
helm.sh/chart: {{ include "namespaces.chart" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}

19
charts/namespaces/chart/templates/namespaces.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- if .Values.namespaces }}
{{- range $ns := .Values.namespaces }}
---
apiVersion: v1
kind: Namespace
metadata:
name: {{ $ns.name }}
labels:
{{- include "namespaces.labels" $ | nindent 4 }}
{{- with $ns.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
"helm.sh/resource-policy": keep
{{- with $ns.annotations}}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

20
charts/namespaces/chart/values.yaml Normal file
View File

@ -0,0 +1,20 @@
namespaces:
- name: giantswarm-flux
labels:
name: giantswarm-flux
- name: giantswarm
labels:
name: giantswarm
- name: monitoring
labels:
name: monitoring
- name: org-giantswarm
labels:
name: org-giantswarm
- name: flux-system
labels:
name: flux-system
- name: flux-giantswarm
labels:
name: flux-giantswarm
- name: policy-exception

6
charts/namespaces/kustomize/flux-system.yml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: flux-system
labels:
name: flux-system

6
charts/namespaces/kustomize/giantswarm-flux.yml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: giantswarm-flux
labels:
name: giantswarm-flux

6
charts/namespaces/kustomize/giantswarm.yml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: giantswarm
labels:
name: giantswarm

5
charts/namespaces/kustomize/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
resources:
- ./giantswarm-flux.yml
- ./giantswarm.yml
- ./monitoring.yml
- ./org-giantswarm.yml

6
charts/namespaces/kustomize/monitoring.yml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: monitoring
labels:
name: monitoring

6
charts/namespaces/kustomize/org-giantswarm.yml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: org-giantswarm
labels:
name: org-giantswarm

23
charts/roles/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/roles/Chart.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v2
name: roles
description: A Helm chart for Kubernetes
type: application
version: 0.1.0
appVersion: "1.16.0"

43
charts/roles/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,43 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "roles.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "roles.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "roles.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "roles.labels" -}}
helm.sh/chart: {{ include "roles.chart" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}

23
charts/roles/templates/namespaces.yaml Normal file
View File

@ -0,0 +1,23 @@
{{- if .Values.roles }}
{{- range $roles := .Values.roles }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: {{ $roles.kind }}
metadata:
name: {{ $roles.name }}
namespace: {{ $roles.namespace }}
labels:
{{- include "roles.labels" $ | nindent 4 }}
{{- with $roles.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with $roles.annotations}}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
rules:
{{- with $roles.rules }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- end }}

9
charts/roles/values.yaml Normal file
View File

@ -0,0 +1,9 @@
roles:
- name: minecraft-admin
namespace: minecraft-application
kind: Role
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
namespace: ["minecraft-application"]

23
charts/root/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/root/Chart.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v2
name: root
description: A Helm chart for Kubernetes
type: application
version: 0.1.5
appVersion: "1.16.0"

62
charts/root/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "root.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "root.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "root.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "root.labels" -}}
helm.sh/chart: {{ include "root.chart" . }}
{{ include "root.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "root.selectorLabels" -}}
app.kubernetes.io/name: {{ include "root.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "root.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "root.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

25
charts/root/templates/root.yaml Normal file
View File

@ -0,0 +1,25 @@
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: root
spec:
interval: 30s
url: {{ .Values.url }}
ref:
branch: {{ .Values.branch }}
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: root
spec:
interval: 30s
targetNamespace: flux-system
sourceRef:
kind: GitRepository
name: root
path: "."
prune: false
timeout: 1m
{{- end }}

25
charts/root/templates/self.yaml Normal file
View File

@ -0,0 +1,25 @@
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: root-self
spec:
interval: 30s
url: {{ .Values.self.url }}
ref:
branch: {{ .Values.self.branch }}
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: root-self
spec:
interval: 30s
targetNamespace: flux-system
sourceRef:
kind: GitRepository
name: root-self
path: "."
prune: false
timeout: 1m
{{- end }}

5
charts/root/values.yaml Normal file
View File

@ -0,0 +1,5 @@
url: https://git.badhouseplants.net/giantswarm/cluster-example.git
branch: main
self:
url: git@git.badhouseplants.net:giantswarm/root-config.git
branch: master

5
common/environments.yaml Normal file
View File

@ -0,0 +1,5 @@
environments:
badhouseplants:
kubeContext: badhouseplants
etersoft:
kubeContext: etersoft

111
common/templates.yaml Normal file
View File

@ -0,0 +1,111 @@
templates:
# ---------------------------
# -- Hooks
# ---------------------------
crd-management-hook:
hooks:
- events: ["preapply"]
showlogs: true
command: "sh"
args:
- -c
- |
helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl replace -f - \
|| helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl create -f - \
|| true
- events: ["prepare"]
showlogs: true
command: "sh"
args:
- -c
- "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl diff -f - || true"
- events: ["postuninstall"]
showlogs: true
command: "sh"
args:
- -c
- "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true"
# ----------------------------
# -- Configs
# ----------------------------
default-common-values:
values:
- '{{ requiredEnv "PWD" }}/values/common/values.{{ .Release.Name }}.yaml'
default-env-values:
values:
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/values.{{ .Release.Name }}.yaml'
default-env-secrets:
secrets:
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/secrets.{{ .Release.Name }}.yaml'
# ----------------------------
# -- Extensions
# ----------------------------
ext-istio-gateway:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: istio-gateway
values:
- '{{ requiredEnv "PWD" }}/values/common/values.istio-gateway.yaml'
ext-tcp-routes:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: traefik
values:
- '{{ requiredEnv "PWD" }}/values/common/values.tcp-route.yaml'
ext-istio-resource:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: istio
values:
- '{{ requiredEnv "PWD" }}/values/common/values.istio.yaml'
ext-certificate:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: certificate
values:
- '{{ requiredEnv "PWD" }}/values/common/values.certificate.yaml'
ext-metallb:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: metallb
values:
- '{{ requiredEnv "PWD" }}/values/common/values.metallb.yaml'
service-monitor:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: service-monitor
values:
- '{{ requiredEnv "PWD" }}/values/common/values.service-monitor.yaml'
namespace:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: ns
inherit:
- template: default-values/common-values
- template: default-env-values
ext-database:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: ext-database
values:
- '{{ requiredEnv "PWD" }}/values/common/values.database.yaml'
ext-secret:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: ext-secret
values:
- '{{ requiredEnv "PWD" }}/values/common/values.secret.yaml'

45
installations/databases/helmfile.yaml Normal file
View File

@ -0,0 +1,45 @@
{{ readFile "../../common/templates.yaml" }}
bases:
- ../../common/environments.yaml
repositories:
- name: bitnami
url: https://charts.bitnami.com/bitnami
releases:
- name: mariadb
chart: bitnami/mariadb
namespace: databases
version: 19.0.0
inherit:
- template: default-env-values
- template: default-env-secrets
- name: redis
chart: bitnami/redis
namespace: databases
version: 19.6.1
inherit:
- template: default-env-values
- template: default-env-secrets
- name: postgres16
labels:
bundle: postgres
namespace: databases
chart: bitnami/postgresql
version: 15.5.16
inherit:
- template: default-env-values
- template: default-env-secrets
- name: postgres16-gitea
labels:
bundle: postgres
namespace: databases
chart: bitnami/postgresql
version: 15.5.16
inherit:
- template: default-env-values
- template: default-env-secrets

18
installations/pipelines/helmfile.yaml Normal file
View File

@ -0,0 +1,18 @@
{{ readFile "../../common/templates.yaml" }}
bases:
- ../../common/environments.yaml
repositories:
- name: woodpecker
url: https://woodpecker-ci.org
releases:
- name: woodpecker-ci
chart: woodpecker/woodpecker
namespace: pipelines
version: 1.5.0
inherit:
- template: ext-database
- template: default-env-values
- template: default-env-secrets

56
installations/platform/helmfile.yaml Normal file
View File

@ -0,0 +1,56 @@
{{ readFile "../../common/templates.yaml" }}
bases:
- ../../common/environments.yaml
repositories:
- name: argo
url: https://argoproj.github.io/argo-helm
- name: db-operator
url: https://db-operator.github.io/charts
- name: chartmuseum
url: https://chartmuseum.github.io/charts
- name: zot
url: https://zotregistry.dev/helm-charts/
releases:
- name: argocd
chart: argo/argo-cd
namespace: platform
version: 7.3.6
inherit:
- template: default-env-values
- template: default-env-secrets
- name: db-operator
namespace: platform
chart: db-operator/db-operator
version: 1.27.2
- name: db-instances
chart: db-operator/db-instances
namespace: platform
needs:
- platform/db-operator
version: 2.3.4
inherit:
- template: default-env-values
- template: default-env-secrets
- name: zot
chart: zot/zot
version: 0.1.57
createNamespace: false
namespace: platform
inherit:
- template: default-env-values
- template: default-env-secrets
- name: chartmuseum
chart: chartmuseum/chartmuseum
version: 3.10.3
createNamespace: false
namespace: platform
inherit:
- template: default-env-values
- template: default-env-secrets

114
installations/system/helmfile.yaml Normal file
View File

@ -0,0 +1,114 @@
{{ readFile "../../common/templates.yaml" }}
bases:
- ../../common/environments.yaml
repositories:
- name: metrics-server
url: https://kubernetes-sigs.github.io/metrics-server/
- name: jetstack
url: https://charts.jetstack.io
- name: longhorn
url: https://charts.longhorn.io
- name: bedag
url: https://bedag.github.io/helm-charts/
- name: metallb
url: https://metallb.github.io/metallb
- name: traefik
url: https://traefik.github.io/charts
- name: coredns
url: https://coredns.github.io/helm
- name: cilium
url: https://helm.cilium.io/
releases:
- name: namespaces
chart: '{{ requiredEnv "PWD" }}/charts/namespaces/chart'
namespace: kube-public
createNamespace: false
inherit:
- template: default-env-values
- name: roles
chart: '{{ requiredEnv "PWD" }}/charts/roles'
namespace: kube-public
createNamespace: false
inherit:
- template: default-env-values
- name: coredns
chart: coredns/coredns
version: 1.31.0
namespace: kube-system
inherit:
- template: default-env-values
- name: cilium
chart: cilium/cilium
version: 1.15.7
namespace: kube-system
needs:
- kube-system/coredns
inherit:
- template: default-env-values
- name: cert-manager
chart: jetstack/cert-manager
version: 1.15.1
namespace: kube-system
needs:
- kube-system/cilium
set:
- name: crds.enabled
value: true
- name: issuer
chart: '{{ requiredEnv "PWD" }}/charts/issuer'
namespace: kube-public
needs:
- kube-system/cert-manager
inherit:
- template: default-env-values
- name: longhorn
chart: longhorn/longhorn
namespace: longhorn-system
version: 1.6.2
needs:
- kube-system/cilium
- kube-public/namespaces
inherit:
- template: default-env-values
- template: default-env-secrets
- template: ext-secret
- name: metrics-server
chart: metrics-server/metrics-server
version: 3.12.1
namespace: kube-system
needs:
- kube-system/cilium
inherit:
- template: default-common-values
- name: metallb
chart: metallb/metallb
namespace: kube-system
version: 0.14.5
- name: metallb-resources
chart: bedag/raw
version: 2.0.0
namespace: kube-system
needs:
- kube-system/metallb
inherit:
- template: ext-metallb
- template: default-env-values
- name: traefik
chart: traefik/traefik
version: 29.0.1
namespace: kube-system
inherit:
- template: default-env-values

26
values/badhouseplants/secrets.argocd.yaml Normal file
View File

@ -0,0 +1,26 @@
configs:
cm:
dex.config: ENC[AES256_GCM,data:Gno9D77U/9pr9rVmiium0rOOfAvNOzWI58aY64YlKrZbTZw6901WPuUbc7Q1hhBD+M7/lFSxFHbHsczuIAcxYBLpiFu4XmT/NiWMjW/H39nRZlSbULOG4uR5oPuZMe0PK6sG1BRkVcgCQwIv9CqdGjobxFm0edyDKO/+nPHehIxIXe516YFLxEX0fktnVRjyQdnStyhIkx+HYu038pTTlzmRnwJR/zPeBMlBL8oLaN/uZAkxUXId2SEgG6LekVIHlq6THkv4BLskAIOYfMHCiKJbIECie6c41yGtp/UlrF58UAhw2T3SpK3LttRDhsfUSgV3wSRMgZe8cBWo/2hZmZM3G3XXCRdQ0nvkuaA7rECrIfJq3GQSsp60yShkyftbQ3oWNq+xkkFRaMHh5r7y/SVgOaX6XQ+AeGJ2klRQDlNap8PigmYAkl0njEOQT1C/G1y6cO2M569Cu4QEz0VdfAvKq0BfIdizf08MpZkfkvKDWOjHmcDPOaG219HOQN4YqMYuiYiNUqVv1TMJAOmaeqn3LFsVHdXJbDVgLkmRdSc5lGmYfzAfX004XIgcHkvatjxHma5H8MeLrpYhuyUFcURraXm0JPWF7devc9e4DxYIod4HtArUrtq41SCT4fIy2IDiwZeWlMGHdN5d1Pg9DjOJwAURd7eKhbFDs5t5tWKEnCt6GeWlBLLev+SGXgcmb1aCqbl0B6tqwevp9Uk++mRnPJRfcEavNZ2HHLe2g5a5bVfQ8OmMUiw6mPHtMjPR+ME8sDe05DwD0tdk8+o0p9CA2SYklkmUhRiSckzk3+XkRPq4bPxuetzUZd4EViXfVdAy8TteIju4Ke5jlWJmYuZheOm8qq0=,iv:+oFJiDrtgPF0MQ9zfgy6vL4xHmw3c5ZidBb90zFL2b4=,tag:UZBFNN7WVw4GRPGGCzaGgw==,type:str]
credentialTemplates:
ssh-creds:
sshPrivateKey: ENC[AES256_GCM,data:siaf1YrOopN63MRlFGsNiutvLJeZt2nl4dpm1LppJmV1k9OFxRFyEPGCL6lAzBSevoULHrYgzfTIr8QKGRnQtXOmj7oRwtZ0rhF+s92NG+C420miSDslizUifUl3ZVLeD031FweF/VZMP7zIg3D2HiwMOad2NkzZwwbPHDyXIWn+UtTIQtbfKoj3aB9VF8lZzrYDw2sKvhaAB/GzjVrsEhzp+lUyHadVImezk5LMQC/MYQPbGImCFzJKn5/FwC3ENsZRq5VpuKPhMwcWUHwoYoi8l1ELkY/A8WPOTN+uXrlpg4PzxLR8LefpCxL0/6HcvC1VdQxHhlm8vXMBIPNZwXHW1c0r5bX5oDQl0DlbOvwSKmi1qOcmKt6ANyg4asaI2y2KtQJxR3/3/D7tfw4HAxIj4FIgfZnU9qOocJH03apCJ6geLi8a/dULRCbGewuPlQ3zhyweJlGTI+y4oBWpncO4SfZT92zCIwBSu31iHoLTO6mTAahtW+xqp0FsJ1uvoYyyVz0y+Qbv7OV/6ydOMGVyBkaYUbbzfvQOv6LmPhmf3folY77vgJuTiybKo6t2UnH9lXPUUqzEIhffzjUjCBqrLUBoBz1/CB3Z+vwKcAHgM43SgNMbSFEPjKHlMqZiqrnOZ7y6ijzf9UvVlvH1oZNEYbMdPTGKV6Vidhu1NwSnAo5xcQkODo1RpMd1JBFIfrU2KvVTL/hw6CQ4o2Q8b/ljoz9L+8G39TxfYl82Vr6Q07Ocz2k/BpxLQLBS2GApP/Wxvazf7JsVxoBbFhNBKwWdWaop9DYTKpo0xB7j8zSlksoLWL0K9sRrF4fC5KLeGRjvTpGtRtAi8Afmg+A4W9QXU6WZRF679UtGcsLnM5KmQFJLsDn1KP5x8PqW2xU3lXoR+SzGDo7ogqUq5tQLD0kx70hq1X+KtNqK70eVTdylg19A/sXQMsfpsUtmDjYUMRycT16lzBn1yK5LpaD0QwArXFijBfsRnzWRjXQqov6UfiI4yyNt6Dwg+Mb8b0KeEOwSbTwbl0uOJabM4bT8NKFYCwJoEGQ8pZ6/vjCwKyp6DBsDv7ecLUXFtGmi2ew2r+cPrx7nwkWswI4rd63sbFPiGDfx6txA0l2LpAcp7rA3qIXaZBI/7t/pWGLtbrJ4LEQ2ozzmRZ/Xm6w7x4nCndksoakUk+9nncUYf0PxAh3kncJSceHcTPqtkYToVEBEyuwwOy/6QzBMbj/hcY+SoRVCmn6SQspojHhq+tsA1M0koRDotwCDMvmlkK/XcE2o9knszDKiytGdyvLdZlCCUJhdJbkW0wF+M0BIF+CD1DMgqFLCPP4J2IuGuMBQap5AoclPLSApgKpe/+9h6u9Iu/R5Rdevqc2jtzlJn8wV/Q0nyupyK0vh/iROrqMZFQKoMxXjz7BfCOBfnIWFKuRtDjPnyJTxrv+BZtslIbmjU0mhg15CHjIeDvT8sGQFj3Cpl3ft+CLUDXaK2GASQor7CjpQkLeszeBsO8oHKsAHgHQDICXnYRjiVT1fppQEd+DpudJ8hPMtRYSEd5ZDdSYFSGo1lW8TLOw+64PC3bQ/SZzvJ97EBgXf0c79Ogdg2OygPA3Wz1vPODHY40sspmUrZ7dcVU4CJYFb7xYAmR8L3TzxTOnvSqyUwd2+1jvE7N3svBQ4IpiyC8mKp0lem8Lw1IR8CFyJ0YQY+NZQwoZwRXbF1ADoRIK5mcf6kZwv+PMTs0hlqE3QnDpAWsgU3JGAHxOxC+rfId6thAYEHlMcVEdhYOx21lh6a2khY7v4vWdOYLJHN/oIHIIeV6DKjzKwct2484CIslz3lb3XzP1I6eGeHkD5jTiMs81AYmODxh1D8H6h0HNDaxtvlMb75UzIKpj+zCX9DopY/lckZeTaHQDOfoTr8N92gwM1dRY5XukunlM62QOW/dDYQw7zWSc8q5LDvP35UUBWB3Av8iIx8VaKvTrgZ62oI5GQlswozdgfuCvZQboQ+ex1AKqWhva4vOfWqAdEpsmMM9HKac70oXDiU1Db7o1QvyvYOHlV4mvfTlVJR1lZotXOTe1mlkDxNFOc1McbMH8ZcvU6FjxUsMG5TiKlBMKPohcHsLfb+iQaBHhvo5IkSqsoQqlNGVZDMCrr9U6oCN5guhm0sNGdkrh2IrP0Rfa4I8/vE/FQ+yiHo5T0o//bXnVOKPiCw+PDEFieme+J0V6kBK91y1pqN6YGgCEPxW1kHmY+L59R0N232G6q9rvH/2K8RrM9KVj0PahAl7yCA3SWaGNQewFd4K90DQFknYxlhNV+RT+E7pVufxG22sVK+He3jCRm9HBQairhf6s3TDnTtCO2sQJCR19ZIPerhDfKWAl7rIKHIqSB1r5xxI+B7hYlnEJ/aD6duJNRqt4AFbsptQuMovV7/f0RDHSrN9v0YXsWZ6sl42vKg/ru6bU2xBbYRlQwQhoolhV5urO/B1X5kxhiFlO/qH7TJXNyco2QG2F6kxkWVhGzxo+OmVAoOOpPYmAMkj1AlXJ8N15muAw4sWhY5LcSM5Cy8Uu4yih71sxPrEsN+xTbwvyV0kfVHNw+IiiD28onUSD70l1OXzL6x5arbB98r4yyQF+TlFfy8T4KIRW6XsBrqGNJW5zD1rmbNf9ikQeyF2Dwo7e96l0jHqRQHKtu4JcW++hxeZ2U5r14TiawOxbm5NNhiW122iSCLSsrqlKx+gfE0+vkSO1esU8Uvp1OlrFBTcse7m/v8rb5pwyMKmokWqJdmX3DzLzB1I0eXBbeYX4uV4SUs/G4ObTWf0WwB3+QcPLlALKaBcGikpdHvtwAJbXsiOdcLEDgAgfysXBFjNBx0Zg7iXl2lRiDkO+yQX9bbRx8lPmrHy2FYUabJwmw+Lg7qLMKEo6EPC2rDmYyZHpSix/DYHK9+busiTTqmHUHk2UXShaNUnL6s1h97xMAtEk3KRy1ZyjXX0LTW7MFa/g5Rzl8Icpcoxr2jFdegEQReKF3Uuq/fUNlNCN2F4Piukqt1QoVgllmi2zhMyggrUsniEEFjBm/Q70sOXnstjyQl4JfF6froqT9hZ1iQ67wB2xM/4TtFEsaPUWbCfsVfcnAxGDbgCeIgGm2y8eo+9zWYfWOLhZKhneWlcYIueHWxYLhU7cbK+GPste4Ovp5ER0iTYZzuZBVdCKEeSpk16uDdncwGNTTrwmNmoEj4D/IiScbka5igiatFATGCQPVcz0BGbu+MhHktbSXeLYUqe9QdF0PpMaRUmZAOGmE261aHmIO5wcFTJqAsWZrZFfcnSw1I36o28f+9RfOM8FEAn/VOaWVWfZtpSMAYSzg99oHeikclB51YFCXUZGHPmwmAU3lz06G2IunjIraQepvZmoFT5IcBCfgjJ0i8Y+z8HxxnNo4z7ZobMo5EcLlZSgxIf416JVlPKoo7v1TnloD0Kept6szfiEaaPeAbhLYunteGd36rmUvN251jw==,iv:Ep1EEN62y9yNXeDJVcup1snyv1W+6/71MulNNtWrnMY=,tag:9QxpLc3SoxuRJ7k4ndrPFA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxbDBUVUpjTHpVdDZpYVFy
bmpCbkkzZUpBOG1TcDVSb2N5MmNFUWZqUzFRCjg0QlFWTUp3QSs1TWlqK3k2bFcz
dU0wRzZHdkFrQjdiSXJaU2w2b210YW8KLS0tIGgvUTRmdlNHVGFHcFhocHpMcy85
QnNlUzBwZnVYRUVpbGM2cEhTRXVUWUEKFOrBmRYTAAjEAvWpOP5f+KiuCEzK0sko
IwlBO0efKXOELMblI8qhnZT2SCG4Smis3XvnnpMbrutgK8gwFw105w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-11T13:17:07Z"
mac: ENC[AES256_GCM,data:cgKvMKIzbYU77A6BBJjYuf+oYt48riNzeRV4uhRMChnUsBUKacNKCBBSFc1PzuUFonFONKDesv8bFzluqcY5ZPf59WBMA2/hbTt+eGTrHCdb1i+QgyYnfVUhXKz4ckEjKkAJBKwcb4WNRsA2ULyuGc18D3e5RsAsD4oqGdS6lqI=,iv:OLYyE35E8apfQEKYcVm09O09iE4nnEXpSxFQyLUy724=,tag:hbS2uhN25Lk1ZvOBlRonrw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

24
values/badhouseplants/secrets.authentik.yaml Normal file
View File

@ -0,0 +1,24 @@
authentik:
email:
password: ENC[AES256_GCM,data:j5JFI7KqO2dOjl0xi4KhvnF04tc=,iv:/YH+XId24X69lRXrp73ZhKGOcuEtXn/ZvqlJwMTgdRk=,tag:YBh/slhCstFpXxE4y05Viw==,type:str]
secret_key: ENC[AES256_GCM,data:zbs2HX75h3rITd/JRPVa60AhrWgDp/syWFttnadRyDJFFM4/6YFOUhJNcGGQis6Tz5Q=,iv:1iYOTqBU3WHNPBa5TpSwi6+h6IT8Joc6Z4c2UKY7xQ8=,tag:DcRfBP69i17zKFobMA3WFQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGK0hPSEY4d3N4QS9aM0h3
NXRYZ1BMdXozVzdJWmlzWnIySXBwcHVrVUhrClgvRENGTHdJMnVsTjdSN2NseUtT
cjJ0emRObHdXTUhDejhhVEI1U0xvNlkKLS0tIHh2NGhzbGZDMm9ObDVxN1NYYS9u
WlhXbFVQbFZUNFlGWEhoVktxUXRuZUUKJNSS+vhG5McKrxvqCIT9dGivcReZOud7
HEReDoZcf0+7c4JgnrcT0AvvTR5fHPnfveTkwHym3LHMYbZnIPueig==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-30T18:36:34Z"
mac: ENC[AES256_GCM,data:djXTiatawc1OuJ5VqfbR8wS2xKrvVZigGLyQa7tx6/zbgcP2yLQJvcYeZj6zHhQasFzaiNbD05Qz+9Td0ysxZuAnajQ+CaulnIOhy/FhaiiQFtqFTR7xEsFIiUBxTPEJkhVNlKTxzjJ1AX2dagiov75otC6jbueQqYTXaGGcdko=,iv:oWbWTUqlM1zQ7zfC5FZkNJJ8RxvM9+fvTWobgJCmLQE=,tag:7Jb9XBBq1OI0ghqOqxiJJA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

24
values/badhouseplants/secrets.bitwarden.yaml Normal file
View File

@ -0,0 +1,24 @@
env:
ADMIN_TOKEN: ENC[AES256_GCM,data:ea2lgOEYMi8Dsvun00YZR3PCE3ycNC4Mpe+xye9YL5CTtnyrDwV9Tw==,iv:28Tcn1/qIquS4jCNBTtspB9c+5U3Ut1zoY6gIez8fcs=,tag:POmhoUY3t4w+iTJKK2eHVQ==,type:str]
smtp:
password: ENC[AES256_GCM,data:cs+2Ml3YfZCk8z/KmexGMqzFQRM=,iv:mg8e3oHbLT07pZEdDGwlBchPyT83xOdwKJg9CCaicnc=,tag:NPD+8gKERO8uCuwrFnn3bQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKL3M4VWJBQzZQdHRDcXVw
VWIwcjd0Zm44V01DTW1aV2FhV1QvT2hpcUVZClJ2dHdvcDYxalEvMXB2a1F1WlRy
K1VOYmg4cWprSHpLSVJVK1lYVXR5cWMKLS0tIGJ3bHNIZE9zR3RuZmpmMlZBQ1Qr
dzNYMlRnUDIxK2padTRCSzR4UUpWQjQKxex3RqZGU7ekdNC3qIiqdFs7d7a0Pxa1
amLsaNnBfJ3OqjuD8atF2iCAXy1Q2BcXunkWi3wbzHb/DgYly3n9OQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-15T12:20:48Z"
mac: ENC[AES256_GCM,data:2yRwdYM32eESPuUz+d7m7pTcluDUeOrLgv7iJmhPEnowcU9WvypAZr73w4y4ewc3yvLmmu5uuFjJJhN1+yjwULGUtU1NPdcvXHsGwtlA7KDyYUqwIc4NrD6BAeR7tRQChNVD++2wB43kiGAWAMmieOMt+xHcaWlM2btuLoiwE34=,iv:ZMxA5eu0IJKTRBtoKhyIJiDe/W3zVjzlz3TbO7gpRnU=,tag:ErYqzleh87+wj0uBRah20g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

24
values/badhouseplants/secrets.chartmuseum.yaml Normal file
View File

@ -0,0 +1,24 @@
env:
secret:
BASIC_AUTH_USER: ENC[AES256_GCM,data:i+3uBSJ1yrA=,iv:bhB9fIPxR2y9sS4jfbuhAIyzMHgoIRLFGXzQJ4763Cg=,tag:7pv9IOcBXhaeRu3qChQP8A==,type:str]
BASIC_AUTH_PASS: ENC[AES256_GCM,data:zSb7cw==,iv:CL6ywqsc2hpTnBl7ndD0s49JNEmMNnu3X0gke4KT3qw=,tag:tSVaRdIZpkzsqp6n1RUB9A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBc2RwQk9OTS9GV0NOb2x2
OE1YVEsveU1VMTArZEJ3a2tETis1N1FTTndJCm96bWtYMDdRNnVTZEk2b0JPQWFl
a1BTcWVyUWZKOEJSWDZEcWZydEc2b00KLS0tIEpWdTZGWUdCUHczWEZoR0dSTlRY
TlNpbDVHa1VDUk9wODJLaHZJT2JoWmsKUD7yk2jpDVHvP5B4soK7k834RI+ydHxg
H9/8nzPNwNbpq5ysHmYFChpfiOHrSKirVINUP7MmLGdPZ24FSHI4+g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-27T08:47:35Z"
mac: ENC[AES256_GCM,data:w72acY/GygiBVO/3/OQU1WJ90R+mbuCcGid9KzCAPOtdhBBbY5zZUtkZvkZkaugoiI+bpywoXQI/5JbY4+23D4MN2XHHG69DIkpR0eygeTHWc/id+LhfxIGHqvYzULshQuyVtPezoExWVwC3c3ZJYpkzRJhgOjA9TNg5ib4jnIw=,iv:srnydYWdQ352zeNzk/HJi5CyoQEqsDxbCV+1aT1qE8Y=,tag:zCRILWPmLcW0mN/IRpzazA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

33
values/badhouseplants/secrets.db-instances.yaml Normal file
View File

@ -0,0 +1,33 @@
dbinstances:
postgres16-gitea:
secrets:
adminUser: ENC[AES256_GCM,data:vMINVc9s2Es=,iv:Ry5so0+WPntFh6c3nMojw5b4vONdq+Ys5F7256psGaw=,tag:YbWaWwZ5SiYMOSXQ9n9t8A==,type:str]
adminPassword: ENC[AES256_GCM,data:xqlIJgMylef69LEC1M8s16UPCnaPlZuokO+rBPWC11ruBEkBD2FHOEvkCMsGcnPldmQ=,iv:WBO4LFIFGU8q9rWxFYdUac650QxOfmOT0b0PmOsdVZU=,tag:QpFfVINvBkrWW0+pPyj6Og==,type:str]
postgres16:
secrets:
adminUser: ENC[AES256_GCM,data:NsrkusJt+1c=,iv:MA8vXZRhOeO8XilEgpwiqvoJbNjghTcl4CJmHE5mjR0=,tag:awYDx0rT2HCIm6zDvG5L4w==,type:str]
adminPassword: ENC[AES256_GCM,data:cgEW0YTi5MRgGEVAfCvRjPmzLtzy,iv:I7+VS6pZGUrd9To8+eX7EoIoQg099kaYeWXMXKfkS50=,tag:n9LgvnvSa3JjyB+gwT3lQw==,type:str]
mariadb:
secrets:
adminUser: ENC[AES256_GCM,data:tZm9aQ==,iv:XmeasI4tGcws2SRoqKIyiDLoAx0UMBdtm8pXxivb0lI=,tag:vOwy193J2+FuzBgM0Y40Dg==,type:str]
adminPassword: ENC[AES256_GCM,data:tIozTmj3CYTGZUevJMo8R13D21c=,iv:VVD6VaYUrpV+WUaiRl7wD1mR0Nh35CscSdY1+Y8Skbw=,tag:KZUDpRSqUbkHX8UKHKYoEA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxSG10ditaUG8rTlhaVUhs
cXJHQ2JXaW9IalZHN21ZZGQrZzZ1T1FOWlRRCkZOc2JmNDh5M3YzSXNTa3R2U2hj
ckVRVklsRlh1RlFES3JDdjBPSkxVN2sKLS0tIHVzL2VQbnFnUklyamNvN1VmUW5W
d0xSNVM5OWxzbW9YRUE1ZEhZZ3dtR1EKI01GcMKUlu6mU237nGipXghGB/sduRjn
AKpwYgh9IN55ZrDRUsZOHBkded5IlQAwcmbJIjxJi1Ce5XMSQnKF4Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-11T15:30:32Z"
mac: ENC[AES256_GCM,data:bhwI1bycchie+CwNBVtSc2LKhfyGBJ6k0H5qupzo9pfQQ1MYpLKs/0oR/vvJf09LNAp1rS229si2BMhpiF7v002bfFNvz6C09l2q4q5SqySgV4O30mu9mXjmyWOiqgBgH0gBEEZRBmJfwlKQXuOpkd/uPi+M64WYpOHkjDrnKnw=,iv:GgC8woC4UT8B1fMJvS+MFm0mxg/42huOzaRzV2RVyjM=,tag:6+oTQDiH5KIp5iSBkG2i7g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

22
values/badhouseplants/secrets.drone-runner-docker.yaml Normal file
View File

@ -0,0 +1,22 @@
env:
DRONE_RPC_SECRET: ENC[AES256_GCM,data:RAZbnTrv9PxiCLLqjKWBtFWd+Nzqma8Zw+NuKRLO,iv:IiFcTQGUmYa6UCBzx1yTDd0zwB6D1Cv0raXZxLXm1qA=,tag:83bnBW+MhkKehZfso3g+/g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOVk0yaTlySHpuOWFFT3J5
Z210NzJPTmV0akdFQ1REM1JzK0pwTC9XWjJJCm54QmQ3ODJwakZuamMzYTBIeEJi
aUxKNmQ3dU52V2N2cjl5VTJpTTAwWGsKLS0tIDFyR2o2VnQ4QWFCWWRzZGNMZnNQ
em1VMlhBNGRrVFhXVUVRdU16Q1Q4bUEKvZ6UbZsfdvfCk37FlEN4vg0RTnPO2nwh
DY4klzcan+9DBRT2qdIIy6pj94GuSoXKXEYc9X0AvYab/HoLithMWA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-05-21T09:27:21Z"
mac: ENC[AES256_GCM,data:U2JETtW0lbb2znJBupGMPsab13y5M1v1N0wkFxEBs+YVNFhnkvIqSZiY5mq9KTYiY4tRzw1kV+jqP0jNsODekCI1++4NBuQsGSZFUoTERHgTRlnz1aAS+nf39lvYnWyQxsQmw9vY/GQ/yluBJkOEV/EoIF3wHjxZe1HCBIViPyk=,iv:WMj7aSgW8LdNQbOgC4FcyOtR/3gjckiHO8vlZGdiTeY=,tag:Xty2QVLJ/D2dlzQY13od5w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

24
values/badhouseplants/secrets.drone.yaml Normal file
View File

@ -0,0 +1,24 @@
env:
DRONE_RPC_SECRET: ENC[AES256_GCM,data:W1OAxQIUbVU8uYHtxujhPyww4jscNH4LwMAGOU5v,iv:ouToTniIMiy757x40MKMtmLFBVzpuGxSYOTMZmmN8ck=,tag:RZ/cb7cRXDQSAQwGqdX+zw==,type:str]
DRONE_GITEA_CLIENT_ID: ENC[AES256_GCM,data:7Ohn3nGR9VeIhAr9EdW1/juRFo3TXpKIwU07hD8mGoyBrbyn,iv:9/y3Ou8H/PL2hMsirJaqviKGQuzVlzL43iGAKQb9NII=,tag:EZoo2F4/HoOcacWOVU9yjA==,type:str]
DRONE_GITEA_CLIENT_SECRET: ENC[AES256_GCM,data:2wAbiSJdDb5lGUOocK14pZtwQI0EFmXGStAigKsPGAZUKyn7M0B6xBO1+B3wZYVnIKEohiNIZF7k,iv:Y9aCzdSH5cAIZfk84Clto/IrQMRaoH+bOkvbP+9CcLM=,tag:FVfLsEA56WGNCl/8ut4F/Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaREllV3RqUVg0anpIU1Rj
RFh3WkdGdEU5bWg0bWk3bWU5OHFkeFF6SGh3CmlOek9zL2w4a0ZHc0p0WTNucE1Q
dVpDeW93QlNHZGY1dWhOc0FneUFjQUUKLS0tIEhuZE1CMmZLZFIxbXJTZmIzcEE4
QStxOG1iMWlxQ2dmOXRabXp4cm9NSU0K/+CRAc7DH4PgbQscXvDb7yLe8VoEpixr
icD3GL37kYE2D4h1cm+p+/b7BF4/yjNlCUvo5cITXRjZAuiWGwUixQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-05-18T17:11:19Z"
mac: ENC[AES256_GCM,data:d9G44MW63rUa/MQaW/rLQQ4dlgOOje6qaS1V7yWT3HrkRLOXRCfuK5E+XeWC1PuQwMk0ghaNYJDT0FTnBsoJbxlu+7Vb91qlItn+azvldOFDvtGTRpAK7bPjM+p+G4/gZsgarFxaTh7py6Z/HsoqP1RvaK8GWNhRl7VfTiFuUrA=,iv:e4IXbSSiHMTPc3WijuwgF8L5aG5iMMfu6P/IYD2cp5A=,tag:aGqcqjjrO+PfYxfIAgSmeQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

27
values/badhouseplants/secrets.funkwhale.yaml Normal file
View File

@ -0,0 +1,27 @@
djangoSecret: ENC[AES256_GCM,data:Usu+QgI7MLUmU1m3ExE=,iv:wv4i60NCuG13xBPSCZ3NDQI+z5h9ENPVQcZmqUUFvls=,tag:2SPu5TC4sDxXkxVdZ9j11Q==,type:str]
postgresql:
auth:
password: ENC[AES256_GCM,data:Ly65GeUvKfwKfRakpDZWftzzE11hw6/mQ/rP,iv:DUIGI68MyWF7H56QIjajgP9GRNwdirX4i1lNMP02vXw=,tag:bl0bHFIbMWG2gVns+Fvfiw==,type:str]
redis:
auth:
password: ENC[AES256_GCM,data:ZLhshhCqRR4ks/UoMIwSbHtwSE4yg5Kv6GvqUvq9,iv:urWADLANGZz/W35grDnaFuvkzFx71fcqWOzpvz/5fR8=,tag:MLUMmSkTSGCntlooOWtR/Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpT21wYkxzTnJpemJSUWty
dm5EYy8rcXVnT1dVSlhjbkgxZkdsdGV1WkFnCk9pNnU5U0FRL1l3NWwyMzc4Q1JG
SVlmRUwwalR2M3NwcjhJTlVTZWFIWXcKLS0tIDBtU1V4YlJxNVN4UVdscGM0RW1Y
ZXFURTlCWnJLNWtjOENSclIxbHZWeWcKPzZZsTcvVWbLCroJZWeI78H8cgoLfxjC
nXtzdPpaENY1k6XULtsMWmh73Yj1Ul0pRvGiYRetRV0LOo+JeLcJ1Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-09T09:33:11Z"
mac: ENC[AES256_GCM,data:OCvHNmxwe5pd/xZiwd1LKD/QvzLd7pEQxqhj6xREeq/VQHDapM580DS+BJYEYWRVJUxIJP05E5ZrzYqfmXbynNvY87f1SHNWLVsRTDsKVI5j3ND6mxXH658DcJKfPcJlc3bV8SYX8ATiWI4JIyV43jvhFZ0JFrWLMzPlc2wVdQI=,iv:stgL/nBiCh33GEkBTRvcVyoc8LtX4ZEHgVbsl8x2GII=,tag:grVO5PT8kOlbbF/FfXBPmA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

48
values/badhouseplants/secrets.gitea.yaml Normal file
View File

@ -0,0 +1,48 @@
gitea:
admin:
username: ENC[AES256_GCM,data:3vMaczD5ogk=,iv:r1mcBtnCn9Rea94wxlJl2k9WOgBreSqhvC731ylzTyk=,tag:128Zocc29xbuiMeX6YsPfw==,type:str]
password: ENC[AES256_GCM,data:2dpL5krpBiANfPPUE1ESiVZZmsc=,iv:TrQxyzIrixeR6UcBN+pol6PPOHME+dKAzpB7S7LyTXE=,tag:gkwkU0tnVaA7w1ELvC8QrA==,type:str]
config:
mailer:
PASSWD: ENC[AES256_GCM,data:6j3SksBlJAHGdxYMakPlT5BiH2A=,iv:psdKPFPL//zxhzpIYoOYWRkXuRe3zvdWuEMmxhvdTUw=,tag:pD8GVh9CQwoRTQyYDDqYiw==,type:str]
database:
PASSWD: ENC[AES256_GCM,data:53PIleLwdXm19T5w3ia+NRZI6fGcIsc=,iv:Rzv2j5pRV/lZv6LOm9L52rZV80jB/X46kSugtPYSy9A=,tag:IZQsgKZ/rejAY/yqWZ7Ztg==,type:str]
session:
PROVIDER_CONFIG: ENC[AES256_GCM,data:pd+v0a7iN+FEHNTPTWQkqRqisFkhYx7Y+VEt14OiGwCtqWCyO/KhAYi+5M9sehLc4BlhkZqkQsNk03UtbRqh0N9FcceQDFurAT/UT6hqfLV0afpS2tBq1v6Oy8PPF+/xty43SalSFdmAJqmRWdxQ7MYdi5O/BFB9,iv:aghnx3uzAN88Z01OCLuKpQHfmhlz3QfSOKE1DLFcIRc=,tag:mByau0gklRRqdhqshNM1AQ==,type:str]
cache:
HOST: ENC[AES256_GCM,data:s0pp4tFpn+BSuptnNiF1DsUzCnKcSk5+6fg7dbeUXHk0v57sv3NU2A2enBIVXz3Q/x84iecThl2jJubv+WdaHcuyrojqIycxkCZBX3Qf1gGz6ntAEzLVrsqxBND2Q2Te7vh6sKkxNEfqIrxJ6gGUMVlBJuJEPTDQ,iv:DrEhNNhxlbmt20vHtHUUQefPthaDVi0iKHUlVncjCus=,tag:m5XtiUANaRcBniV5Zgb1JQ==,type:str]
queue:
CONN_STR: ENC[AES256_GCM,data:aOXNVddJsB7ivhZIz68Du7UovOH9txmWBp7hFTNDCX9iN0kQYFEFTsgo3CopaBraDN8Px9AkuoGoReFeeQmobBOoVhLh8uUDc4wh8vX0/7kQF0Y0nL+CvZX/ARdq+quVS2ezT3Q/L9//3i5/+c/JhoXjsnsjd5/3,iv:WGkgDxJvI5n3DmlEvTtTtXhtBLNbUCInoX65pf6xY2I=,tag:ffWgPiWY7aTP2t8a0vJHVQ==,type:str]
oauth:
- name: ENC[AES256_GCM,data:28rs8MIG,iv:1BMEey0O/bP6dn4AoyvQijYsGxgcgYL42Hg4cfZmoE0=,tag:fgINzelLtjMmoNFKMpDvlg==,type:str]
provider: ENC[AES256_GCM,data:7DgUWPMQ,iv:zl2CGsU3BVlv8/RWvZPbWuPTURqK4WP/7nossqToglM=,tag:1J0ocYVcuONp+fP/EkDGQQ==,type:str]
key: ENC[AES256_GCM,data:i2eFPPatiIdP48nDlS0daVVJJuQ=,iv:mA1BYXBbq/lN3VqltqJNr1xx5V/JCFm8WSpgwkl0NaE=,tag:vEhBiSUjcdnrTiuR1i6bOA==,type:str]
secret: ENC[AES256_GCM,data:z3ZnGxQgQUwd7tFhFoCOsfjKbuwEjxBXSCxYKmTgLC86Q85CnWuQ5A==,iv:bn06FAyDoLV8Cvl3p8Iwq8xN9Y/9aa8vWDYZ7QbBic8=,tag:ABBcxyv3DSRG+KUiZtWd4Q==,type:str]
- name: ENC[AES256_GCM,data:DRvxuHW5YHyd,iv:lmorxsp6UQXMGzDtTOxsk9Spt6PtQqBZXpGLjWPSfwc=,tag:c+Z8bTWIBMb0T9zUp43t/A==,type:str]
provider: ENC[AES256_GCM,data:bVFY/VZYbfttfSVH2w==,iv:zkvp53USluN03spZBnMjgQeWVJeX1AawOWP7ZFT8ghM=,tag:YD1DspS7NCpGdDaItllYCA==,type:str]
skip_local_2fa: ENC[AES256_GCM,data:5QYHsA==,iv:uFJpxGZJVj+HMGNGAvoEmvYKGO9m2F1KwGBDgr3X7Cc=,tag:7hO+Gl+Y4rJ3386z9H+uug==,type:str]
key: ENC[AES256_GCM,data:CkXCnBs=,iv:w5E3CBdi+Cbyd9PsLjkstKcJDqqh6p9Xy4CExk2YDgE=,tag:FYYVedUt4tmzpHdgn4mm0g==,type:str]
secret: ENC[AES256_GCM,data:8euQctcEMSlv4JR4fLgDAZlnRAKe2P8HD+GNBirWqonb9MoDZLaKQcM4w8Y1Ya2BhJaPfYK2mSizxT0QUhRtN8BMn1h2/b+UDHvGNxheM/5FbTUaSI88HYX7UUcb1bn/2LJIaLoDs59fCkoAWrBRWqoXE5KL/2ZXEDVB9mbtpZg=,iv:iv5U21TIAr+bPc5yi7lNaZonjbh52A5uxPWZCpN00Eg=,tag:NOOhDxyNnWemsRG0ttu/NA==,type:str]
autoDiscoverUrl: ENC[AES256_GCM,data:rWc8bAMGwtIq6Ywb8tVAy9vgxf5ReZ5yqJESlTMFgW0mHTRjLMt8TFijMBHT/FFnnFFN2xapf6rU2bfPmtQBUgnLLDAmalRk1YnzAl+xdjM0e/BLv4q+H4k=,iv:BEEuNh3NcX27/+pzQjKyPiY2IIK3FSsSt5+p/1p79h0=,tag:bNYgc7vYMTpVQ6XROaMwqw==,type:str]
iconUrl: ENC[AES256_GCM,data:o7ZGL3fIiuHSiEXZK0NzACq/qb66QoLEhhtjlSRtCl6t/4mVTKOAj6Extgfl4r9l7k9GRAKVFus9H1BkVmeZGC7cVNpcEw==,iv:vgJB5pRtElNuNOTL6vBTHV4f9m5dh4EtjqIZvaC5xTM=,tag:GpFqcnWJLq5nmukzu9CwnA==,type:str]
scopes: ENC[AES256_GCM,data:+et7Z/Hfd5kmpXyqCA==,iv:GfKUWYynq6CrDLmi6GiCwPN0m7xLgb/BxtUahn2qmhw=,tag:bSlFzz6eRhpy9r21iO6/6g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKby9xeUJBa3NuYzhGL0pY
QmVnNm9XR2E2MlRNTzhMUmQrdjdqS005djBRCnNGMHNhYzJEODZDUTdnVUJGTmhk
cFFVRTJFN3lwaWxBWHM3K3BZNVFqalkKLS0tIFl2OHVQRVJ2aDJuU0wraU5YcXlY
M25YSCttNGlBaTJyZTZlV1loampJK1UKoxw7UJF0Fv0BK8sQFePWT7GR00f50hMz
cC7b41VLLIVFF2ZmnS7eQEKPCcR8OjcjTo37RtqiTp9Perh4Cd0H3A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-11T13:24:17Z"
mac: ENC[AES256_GCM,data:4mPa4PInVeSKOA4VfC7gwYAcU1R3NCMBtn6oC2vLVHk192MBnMYnlLb8+bAYG2TVR38sdcVRfWugucijEouwWcCAixvPoPB55O2q0LtOS075PcmCiBUY2EQwYbfbgSXIvxm8pNa2izKFI6sabXFVhwP1Ofp/O9PVRUk7WYHuQgI=,iv:LNJ1mh5jZLum/kOZPfLIi9B7jSJxkWk0ZrY9yTy6KlE=,tag:XxeroRfGPXN3aJyIxUa50A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

25
values/badhouseplants/secrets.iredmail.yaml Normal file
View File

@ -0,0 +1,25 @@
config:
env:
FIRST_MAIL_DOMAIN_ADMIN_PASSWORD: ENC[AES256_GCM,data:dcrMgiX2egbSllo4esVRcJ340oQBRpVkRA==,iv:NQpe96WmGRAnLmeAK0VT/zdJ8MS/8RfAJIwNsL8alHY=,tag:CjppOC4SEW7a9u4Q2xlm8g==,type:str]
MLMMJADMIN_API_TOKEN: ENC[AES256_GCM,data:OxsD/v9ACQuoyHrxZmIdq8TUqmbWCh8GhGaSQTBGfS+vp+v2rdfKIm4WTnI=,iv:68Vli4aaCOiFixooz5cHABuRLuOrw9/HNpBNQzVwAkg=,tag:RXBXFzGCOO6MhoeNhES/+w==,type:str]
ROUNDCUBE_DES_KEY: ENC[AES256_GCM,data:RZni9nCThb9xzzNrN6JTQsLetnMB9cSo1L7hwLERnbA=,iv:L3r0I8sQkoicwy6odvuF3HfIEDQVgnOtn/OMpF16Dis=,tag:ZFaoIywA+FJ/GHAZAGjU2g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrZlAvUXJBdzM3RjJMdHNG
SjRpSTBYNUs5NEoxRFdLZDN0a2IyQlp1ODB3CnQycFk3SkM2Ny82U1RZZmE1cWxG
TTQxUzhWRWlPQmxYUnN5dVJpb0FWa1EKLS0tIDZSK1NvSmNUQkZucFJCM3FiRHlI
L0VKb2JCc29XWjVkODJxTmxPZXZJc3MKyDy9BH0W1OgEONm3PLCskOWtIr2YW2V8
3Lc0Au6lLYetVCvSB82/uylZBHc9yQ2rNdLBUrm1zyDZJW/BmNpVLQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-17T05:06:27Z"
mac: ENC[AES256_GCM,data:WP9F1N5ZTYwJk3UfiSwf/QJHp06pawdbu6kUBOMTq1tWOZ/zhCRe0vJzU7alUxhw1RZu8f6tUNeh6qXxt/4mrSuy5dRjOKOJyRioIcRCdg4Z+2jVycDAA2VlPB1oDQj0CIdrW4hvM02KZKxcOy9KP8iRQaYqLlhvWrTAQZ9HAIA=,iv:d/wZUbaU9EkBPRIxqCDDXpp8AMjjHnXxej726q37Ni4=,tag:AC4FvAFBTYOcI02bFD+MHw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

26
values/badhouseplants/secrets.longhorn.yaml Normal file
View File

@ -0,0 +1,26 @@
ext-secret:
name: ENC[AES256_GCM,data:4jH3h48Oeu9W8sgd+l5iUw==,iv:JNo5Tf6f+tGCPr/U34/bneEMwudmr8SWRpOwlJCV0AI=,tag:/K4o9qn35GePLKb9Fv97oQ==,type:str]
data:
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:hlYynKiN,iv:rDL66gw8x0wckf04nUkSOQWp6KJ9nPKH6yaYpwvAC/I=,tag:nVc6H58vgxN4SS/28LAnGw==,type:str]
AWS_ENDPOINTS: ENC[AES256_GCM,data:L2WqNECWNHWRDpT6bSu8FqZ2b7m9R5k=,iv:nhhhrTImNU40+vMt36ZpE2w4gX1RoMnabP+mG1SGnIc=,tag:ioNkPx8195u0XoqD8qoSEg==,type:str]
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:aVaJV7mg6lKUWvL04Oo=,iv:Wf9HYaznYFWptMR9T63r+wrd340BSQOMpKosfvseaoY=,tag:SzkFOXOjiH2QcxSa/Y5Xxg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnSUs2OXBJbDFCYVhkUjdu
d2o4cXl4d2x3aXFSMm5HT0ZPMWI3YmhHRncwCmtWaDd5Q2d0cEVicE1MOW0xQ0li
aXZlbXBubVVoaTMwNCtiaUxRS3NUQlUKLS0tIGJuMlZZOWhxb0pCSy9wQkNNRk1o
WmwxN2NZRTNRK2dtU2pkMU9WZHkxSFEKUNcfWgzUU6LYxoQflAC6KZXINguTywjR
WJCBbihip0RfFeyiy9E1/O75OVnqwOUHgE7YWv9gekzm6GJhsuLTzQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-13T13:04:38Z"
mac: ENC[AES256_GCM,data:ncKEHKNJSSjAXa5T5pBJoRCht228MMOb63JfaRDiGxZKOxi8wSF/UUyq1Vs3OjiklHeUwvgxG+gIpJHf1Png7zTWRXdptNLZu04Bog/RWa5L2Ow9BXq2GQ9h/YVZkgSB9Hvzu/pfU6efAaPqE+at/5sF2TIYB8ezoVsFQk+kRoI=,iv:s3ebxJZeYnR7BqpG14h+52BtvChup9ohY1O2DQrh0tk=,tag:I+sRnkOYwcx1j4YQKb4Cjw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

38
values/badhouseplants/secrets.mailu.yaml Normal file
View File

@ -0,0 +1,38 @@
secretKey: ENC[AES256_GCM,data:0LlGX1QG39jemZ8X2Itq2A==,iv:Dt1YoxrQ3yxJVZ3sc60kWXDvtwKCO7PrsZRMZUDOHpg=,tag:NY/8/xxnYcX/Hv1BCIKCjw==,type:str]
initialAccount:
enabled: ENC[AES256_GCM,data:rCMSGQ==,iv:mltQk4uc4jETPOimbRirrlxWxPsck6cLOM387chFtt4=,tag:3cy2sk+WPle9T96PcdWL+g==,type:bool]
username: ENC[AES256_GCM,data:2s3WINCPpAg=,iv:inUPAt/Q/lqSi88CKIEcexkbeJwSkS7pCWJqjDBbZ68=,tag:793MA/57fipWdODD2zcaUg==,type:str]
domain: ENC[AES256_GCM,data:IPoIY+yGxry3QQTRbdfbaRJU,iv:xG3mp+yAf+J2V0owRYi3XUCpQjtxAA+92bNiKTLvhvw=,tag:JogwzTxnImd4iKgJz76yaA==,type:str]
password: ENC[AES256_GCM,data:e2d9qYEUjkxbQRatzDslMTGDZhIqZwgr9t/olN2G,iv:uynCQDAKn7IoVpd1VLhWAI6dK2hN7LNC9PFNnOkYGOU=,tag:gqZSMCh3j/9lA7m6RQm6Ag==,type:str]
postgresql:
auth:
password: ENC[AES256_GCM,data:YHgy0iu0oaaRBiiO0FXCN2o9d76Vgdbxi3Mnoerj,iv:d0tOkZsXvbEVA8awiX3P9AMrctbvy2JIbGggua5dTzs=,tag:v8b7QHY+5urMsV53IL7wsA==,type:str]
postgresPassword: ENC[AES256_GCM,data:LJH0X2ptmy3xNOHcpWr1FQ0IA1v8q1GmzXrhRwZz,iv:kLh8rb/75uGQL4uFbNLxzD+U59LcKkDeY4uExgbfgoE=,tag:abbtDQZAdzzrMsw0ErnX9w==,type:str]
secretKeys:
adminPasswordKey: ENC[AES256_GCM,data:30CNkafy6P0F5UCvjxMus9Isi/FzDzyOqMT+VFk0,iv:1s7dFCEGD6soA+uwjAzKmvCltS+YUVY1/2Tk3ZOBemU=,tag:IO+YBBWmmUnyxbsigACRwA==,type:str]
replicationPasswordKey: ENC[AES256_GCM,data:pdBxjNmwcsDj0/dC5324XVUBpemUM8LbjxVlBwt/,iv:+wfSUgLgCORtSe1Vf02LZx0U9eEs6Bd9OgH3n6kK8BQ=,tag:E+FgJG2z8/TBAmy7+XlYSw==,type:str]
userPasswordKey: ENC[AES256_GCM,data:3s35K9e4RHRvpt85ft2Msb9GfC6TlGnjIT8B/obp,iv:KnuBW4b0LOuHwXNzgxVqpVDnijiV+DoyQfveHvgCsp8=,tag:G3FcSSPMJy/7IUsUPLbuSw==,type:str]
global:
database:
roundcube:
password: ENC[AES256_GCM,data:WUgeCqoWVRCdrA==,iv:5HO53lEArnIqRlWnQqlSKZ+hs7DxDAc9D3wHmbvb68M=,tag:nrjt2qnqGDmT/rv7JNR8Mg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvVlBCaDl3OHBxTnM4aWRS
L1Q2aC9uT20rUlgvQXFkVThsa1JBS3ZwdnlrCmwxQnNRazlENVFPUER4WEx2ODVu
Ukx1RHQ5c2NCZHptNm9IV2cxdHlmUFkKLS0tIG9kRUhzZDlocEhNQlFrYVpZdzVj
aXFnN08yR2JMVkNGcjE1UDFDWjBWSzAKQIt/5DQkW8FTQTQyWfU8QSxMQ8TV1J8i
l326pi2q+TuLoIvef8EKA+qax56OGnqESl2JcyHCAyT2T1tTzM1bpw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-04T09:30:41Z"
mac: ENC[AES256_GCM,data:5SE/XCKyCArO+AqhRJb8h3K1WYys5OHcOfZuRW8j8i3SMEtb+84D1KcsgEFBsJmvffbpxaKXcz7umEIKG+LWLeLjvCgqHwZa7Tidn1X07a9Dep74BfvTNZWVCKEAi/6YcHkLIsVM9Bkl0MOPZTxDjmzVsdiCR+3nfZ6RJ4AysxA=,iv:Yf8m6YNxycoZj+uYAe4rKRmzQiuZtmpLrYYmxDvwPbA=,tag:TcrPy/gj/je8gGOw3jiZ1w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

24
values/badhouseplants/secrets.mariadb.yaml Normal file
View File

@ -0,0 +1,24 @@
auth:
rootPassword: ENC[AES256_GCM,data:nE9nrku/RxOBPrYiqMVcpKEbE8s=,iv:nUZGeUM7Ck0h72q5bPjH9UB3zAictnmOtsLQtNTVrYY=,tag:vm1DXjcDLgCnN5NzLRlKHw==,type:str]
password: ENC[AES256_GCM,data:4+moX6z5/JZNEM1FFwIudI3GKQ5b3+XoMw==,iv:Vn39GFekmWjbloTjkwuQVC0SmO37yBqNhUM9wHZS+H4=,tag:MTUv5GBnYprL2iEOhppXqA==,type:str]
replicationPassword: ENC[AES256_GCM,data:zP5+btuW+rgmhQoeOoaUBJ9rl2GpOhWmTw==,iv:GZW5ktMxg/zb+4ic8T6n36RQPkQxr4K+PM4DF+8gGF0=,tag:/GOK9ERmVHIE+Fv7UsXFLg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFYjhDNXp4bEZHL0xJVWdq
ZjJucFN1L2Z1K0xkOFRYWjhLYmVLUXdMV25VCnJOY1k3WXVxa1dFd1Btd2tJaTVK
NXZSaXpwSk1VaW44MFhlNzl0TzVKK3cKLS0tIE5oUlVqTlJoZUxZL0RkdDNmeHlw
OHcxamZOQnFlZlhOcVVNNDMzc2RlN00KSCeXWZUeGCPZ1MIJITojkpJSBDF228ll
Mq8DX7QS7BOsw7RcEq3omPV9hSvy900cWDNSeAk7y7hHvWFZbGfVcA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-11T15:30:38Z"
mac: ENC[AES256_GCM,data:wSANpRClDCeyHsFOdqrT3hyG8msqi5fl9DfCTxHSmMx9oOZ4x5Q3VX3nU3qg+M5cRKuJ9DAjpvYgmyTPWlX0RNAiJr9ygNW42H2lnU+yvdF+ZNHL6WQGQJPC2KTEPXGk5aUav+FA0E72D1yR6BrKpnR3OyUeltVOAnfAl60AZFI=,iv:0kHZs7ZiHzWIgCpHTEeWhP6B1uBrhOjw2/pm80LIlgA=,tag:B/sKy2TZEKfI9yNI/Tzwig==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

35
values/badhouseplants/secrets.minio.yaml Normal file
View File

@ -0,0 +1,35 @@
rootPassword: ENC[AES256_GCM,data:Oo5/PfJwB0AEnrpuUeckcAlzbRA=,iv:3NRzi8zvELULy1swZckc0LGtY/TNxmVLT1a382cHHCI=,tag:PTBRor4RP0oTDPm2zshz8w==,type:str]
users:
- accessKey: ENC[AES256_GCM,data:ibVq8IGPYcA=,iv:UfKKJjWfPz25wcqDy+Ylwf3RU8ILDXXKGW4g8RrGr10=,tag:W4e+W+yYzCawbJJd9QkBpg==,type:str]
secretKey: ENC[AES256_GCM,data:Y+T302cB11+ETPqK+DrlyxQLvA==,iv:axTN9/NKUd+/cOmaxjcyXKrDsdDAvceFEplJ0dx7CX4=,tag:DXyavjkL0/rHMk+aRU+C/Q==,type:str]
policy: ENC[AES256_GCM,data:Yx/vVQPP+zk=,iv:89Ye85k5DQYUNAlMAtafG2dF2nDJ+oKWgs0ZSaUejDU=,tag:AMqm4HRq2+ujTFSNAGSrhw==,type:str]
oidc:
enabled: ENC[AES256_GCM,data:9O/KFw==,iv:GZQu0XFNhJGzMPeW19wzjthjNzPLpMilMfOEM1xZlww=,tag:6+asRMB15NubSSiSOgyFfQ==,type:bool]
configUrl: ENC[AES256_GCM,data:ka+Vs9Nm68MivBaOiWsRgVuoXTLMmvYU3zfBj1mPUxKwyyhE3/3baUrkb+k+29lRyFO0To7AbqXkTaNpENGmt1kgEf/XMN+OR3PSa84AUW5BWnj6sG2uyi4=,iv:+Ro/oVQNElXiiRi15rQMbEFIgaY2pGL+ucj6cPilLUs=,tag://nk5O0WGmLuotU+MIT7Tg==,type:str]
clientId: ENC[AES256_GCM,data:nLWv7as=,iv:RuRmQgRRNqj+Y9zr9Kj3UmJshCFp2elATiPixDN33Xk=,tag:cSH0nKOziWLi0OfOMGTvIA==,type:str]
clientSecret: ENC[AES256_GCM,data:X52lUtR7tmi1FoNoaBCF3G0il+6eWqlmHek6WsOb+lfrItBp6B6oQ6mJHfTduJNFJsTjQgWZek69mQuTB975DGwvqjtTeA8VLhYpkgVDgKFEFvFTwaMpwCJRi7DGR8ZgMtbHZXS9gP5XRldQScih9p8LCiyngjPgl2es4PwUvWo=,iv:W2mFxLwg4leJ61Xs8TKmC8AlN3Zn/C5y09SRUPCVLHk=,tag:4mRNTPTWinzTQBo8tmzmKg==,type:str]
claimName: ENC[AES256_GCM,data:3iUTjRDz,iv:tfdfUdI8rFd7AgHl3bylpyudLGPajAUd5hcUJ9W18dQ=,tag:DSITNrUU8pGuKr7yiMAlOQ==,type:str]
redirectUri: ENC[AES256_GCM,data:us0hp5Q4vfsDh5XrziJNPVlo27Azi8fWwbck4rtDyvzEPRVkjxFi0A6bITpQNoo=,iv:i+ZBQkp6QY8z7RL/3k8b+iVvsi/mzHvNG9W04V8s9ko=,tag:6d9XfSdR1Dqb9OpD3nAtWw==,type:str]
comment: ENC[AES256_GCM,data:w+sQ1MJZmjen7Xm0ywKPmNzbNig=,iv:dV3QrEHtXF19nRN0fbIKbVqnjbXqpZletWOmkZK0CSk=,tag:K+JKywqzBMyCvbk+/UDkow==,type:str]
claimPrefix: ""
scopes: ENC[AES256_GCM,data:DyWv6iCI1nv0mkLBQHWZ3Ir8YoKfp3AvDBMb,iv:KmtrRhEM7ynj8WeyuXr9WCLJj/hjvzAf6odvFrmBTWI=,tag:xGUcVCg6rbnC/rpLxfpvSg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFNjRVZ245ZEZZUThxSDZJ
bUpveURDSlNXUjhXanlOL21oanZlWlZMaFRvCjAzMEEvN2RZcUpMZVJXT0EyRURY
REcxQm55YVVUUHhGd2xsQWtvamNYN2sKLS0tIENIQktKcXJDV3dYM0NXWlMxQmVD
WGpGK0QvSGZXUGluR0xjbHRLWDhrQWsK8y9as6JrUSpHRf/01mD4ZWcc757E5sVY
U0W9/jGZ4+7FjXpEwJxBdTzGZ4VXO6vfeZeES+wTRoh8FnZN0+K7Bw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-09T21:36:38Z"
mac: ENC[AES256_GCM,data:LKhkC0+rIVgf8sp9UjP822GNCUcJaivflKsNv/7v7qazJ4vMv8B/xHx7fLf1bBFk47UneGw21ebjPKaBFxQlaIA/FenT5wsDgbTEg0eppu7W1BAotTGq95EOldRKjCIU2BcmsbDAFNIsPTd8Q5EFkybZHRJGlF/wZne0efx6nQk=,iv:Y4ioUh3zzbtgif3QWTw8Xsa2cDdYN830OdraHc+3JjY=,tag:bUZHrtkpMS382DWpUGwInA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

23
values/badhouseplants/secrets.mysql.yaml Normal file
View File

@ -0,0 +1,23 @@
auth:
rootPassword: ENC[AES256_GCM,data:X7htluDDokepRf8GVV4eu+pGM2o=,iv:DJ893dKr/4SFBEl8HnYv2PMb3Nb2AfL1RVgN2QmDRmA=,tag:W6QX7k92P7bgi3Ji/64xHg==,type:str]
password: ENC[AES256_GCM,data:hlXWCWbFnmbuUg==,iv:d9ZmklpwJa13wyNjrqNfFMEbJDSQ+NeyB4gj+59g09Q=,tag:Ps4oq5XWDIx7HnvCCnB/FQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4
VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi
bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns
Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3
OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-30T15:06:09Z"
mac: ENC[AES256_GCM,data:oiigjlyNoSm5hcdB58MWUxhqcYzE5XtA5LEDUCUX4r0inNd8UuLP029jz6bvQ7E/wFpiGNVTFAlFB1HA/YVwai/siovy5H2DL6g4LS3k+fxLKc3lwo3BvkaBi9X2aYu7vGBJpNe3KxBdWFyjkEQVoux1RD8JJBYNquMu9tW3K/g=,iv:1H7pF0Tr6GcgDt9ItXiTBOTFa55wb9pOdTF3jNJlPiY=,tag:dQ9nrAKr+qo4JpqD2wJXjg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

22
values/badhouseplants/secrets.nrodionov.yaml Normal file
View File

@ -0,0 +1,22 @@
wordpressPassword: ENC[AES256_GCM,data:yYE91wuc9uOzIQ==,iv:jLqs0BZcEIG73roA/wxtK74xX+osePoIaKhg6XvuAXE=,tag:9a3n1tbRAy4TaU0OE8uZcQ==,type:str]
wordpressEmail: ENC[AES256_GCM,data:Fy6mIfhu0DuO+MSp1TPN7On6cFZk,iv:bxYiJBYgbuQsWPRWKfubmNZ/jShMBLeiPDyw7XtOAkY=,tag:RyBuqoNGoTzKR68RNSgumA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1V2tQdkFWenZWZU1pT1JY
cXpVV3UxNnN6and1R0lBd1NrcXdWNTdibkFnCkJxeERBYyt4ZUtabWl5dlIxNmJZ
blhSUHZWTk1PVS9RUThlNFRBREh0T1UKLS0tIENKK200NnRDNUJCeGNTeFB5Z1BI
a2l5SG4yTjhmUlorWlJNbmFDekN5LzgKCS8nqMu72GDYjuSrfgbp/KZbHfhOdpyu
WpT0T6pk/oOc9ohQKGD/jvcjrMW7OZ5uYpZc/4gPdLKcOnNB+BEo/g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-11T17:30:01Z"
mac: ENC[AES256_GCM,data:KWW440Ez01/kjq1TxLMZLLpyUmPluUJLvgPuY94/O56jz5/ewzkOY+yL4Wc20M++bITNBQUCw4y9HTC4jS2/vWITZnc9Dik8AcbpBrttMIE0fs+WeLudbt56lCCbcddoyOfAvGU+2t74da2uHQVpKBT1jsp/DVlZuFsHUuJeJP8=,iv:cnOqF84iRhDG04oWvWUyXxFmJbluM86TvwEVu7Z7hRA=,tag:nYXMxfm8drvklhSXcGSKNA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

24
values/badhouseplants/secrets.postgres.yaml Normal file
View File

@ -0,0 +1,24 @@
global:
postgresql:
auth:
postgresPassword: ENC[AES256_GCM,data:NopZyPWiTKPPVzLcvVLN3JgMQjQ=,iv:rWVhR2wChvQSIa7eBPrvnWO2ydLZ2D8oF87INiy8NX4=,tag:Xb0qbED6QXu5QBgHY6hrOA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4
VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi
bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns
Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3
OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-21T12:58:01Z"
mac: ENC[AES256_GCM,data:ShHWH9RIL4rJ5X0IvThOtyM28AC+1bJLr4PJJdYSLtV9T7Wcs2LbmWxtM2tpRyzMeZjYKJrsstGYgxBevr1BpfGBIeR4+JCwrbdK4AOq2VbLMpH7nMOU/huuUpxOopweRBTwZOEMRBkSkEk4qPvebLHEqUi6aNGdtxOINmHv/fA=,iv:C/iJOSshanbhSQ9Be712aSN2B8aXndPpP4655SQONeQ=,tag:BAJIzrYfh8a59OzkxDOrbw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

24
values/badhouseplants/secrets.postgres16-gitea.yaml Normal file
View File

@ -0,0 +1,24 @@
global:
postgresql:
auth:
postgresPassword: ENC[AES256_GCM,data:8Tz+Ux23hup7fY13o36ISM0/7J7QBOnEKGp6HC4DCti2ZvvzLtMChgkjvD806Lp0ql4=,iv:O6zXIoWS71n+ZZ4d0JyfL1PEyLBPvt/JdWARc4yqc8Y=,tag:M63BInZTKXIFpIo3xbbOiQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRVE2L3h2QzBLbTJ2T3Ax
N1ZwYWlnOUQ4b1h5YWZ2a0ZiYXd3ZVNvQkhRClpVbnJVM3NaSi9MUVBUeVI2ZDkw
b3hrZlFvMjJTSlpLa0NhVDZvd2hHNDAKLS0tIEtCUDRWYUh6M1ZmMWFXUmpMZXlN
VmdDd0Vvb0R5VGlaL0VLWGwwdldrNHMKWzFjQo/VI0xTMBCKls+F8vyNsqPTINJQ
8eBaaXQKtIXTLyqeFD9LogvKYAijIMlsky6hX3WG5ymx+0nqCPJFbw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-08T11:20:20Z"
mac: ENC[AES256_GCM,data:aTQ4h+VHLM4Qm+2ZMigCMr1mj06tfeOJQMDxe8dIDlPO6T3G9Tkj+iPTwXBprvEHjwVZPdMW+5TRsCwGBrg8gx/aIAlBpZyTQbR/wI2PW2HDjeKut/qDgHKJytRCUNHlQB3t426snI16ydRGCdqBO/5m4TG46QXuPRwIWej6SDA=,iv:bJ+708Tn1JkiED8sTfkqIat0XkxdM+3m5mzgf5gg3A8=,tag:EjOXTgcC1Kmc8PmHD3BWFA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

24
values/badhouseplants/secrets.postgres16.yaml Normal file
View File

@ -0,0 +1,24 @@
global:
postgresql:
auth:
postgresPassword: ENC[AES256_GCM,data:O5Fvmjipcx7CZ4DKQjRW0isfzoUt,iv:sVl6TFRCKAL5ci+lC4DfX/vZkWwRVg559kq4GU67udY=,tag:dEsoEe1UfvD5rUrI+EYOsg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4
VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi
bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns
Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3
OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-04T02:27:48Z"
mac: ENC[AES256_GCM,data:yyvzDlqm3ZOGAMAWCbA4JBC2xs14dKJ4oGifHCvD6K3cBcLgQLS8MOoQJBVfAfL/lVqYDtQ8qwQl/NbCEAKdqw5mtGRwSGaCExSTfO8PIUZCT69q5lwhAxfSGkhjjup+88MhwdZbe2iqqr0nF/GBYT7exqu6Pj85ZKbeDVBTMUE=,iv:KVuyYWYvtVjFinkY82nPwKI/XX18t4purLInfjSxYlg=,tag:kD0G+keg4veTy+CN7KOo6Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.0

26
values/badhouseplants/secrets.prometheus.yaml Normal file
View File

@ -0,0 +1,26 @@
grafana:
adminPassword: ENC[AES256_GCM,data:AuPGLXN861DvndWdecukXKzt91sGGIMBToj7tO3J,iv:gKmj0gurV77e/jbxdyxhaxkmmsp738vB6ZAfzRFf45M=,tag:rKOkedx87g4MlRk6npgXiA==,type:str]
adminUser: ENC[AES256_GCM,data:Esh/6bXMez8=,iv:cRdvkpnO8gNOaKy+4kPcq69ksdXxuZClnjSvBp4yto8=,tag:ZgycOsDXJIT1mrN6nJHw3g==,type:str]
grafana.ini:
auth.generic_oauth:
client_secret: ENC[AES256_GCM,data:+4Qfo4aR9TMZprWL9U6lFx4B86d3ywH2O5K6rM5hmv2gROeFinp7k5p9C2pgNubIK9W3TlWSZAw=,iv:uFX2Lz3s2/aR5rcwsDvfuUGbKHNxh43ZiuCNaT5b1dw=,tag:8YdsVMaHbP6wqjubb9Ab2w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXeTlhQ2xpK0dvMU00ejh4
bjZxZVMvMEFobGFqYU55a3dxcTlnRitkS2wwCmJVNHhQNHJHTVBxbk4xQ1RWbkFv
TUNGY3YvQUIyTUJYNEZmOWRYd3JaUHcKLS0tIHJ5STVXV0hxRUdYQmNXSFR2U0Vv
NXQ5SjNQUW9JOStDclZuYUlqV3FaWWsKvu2T2LmDjuJgnB0djjhJczsvDjFsH/D/
QDPkkl2G1luDoIjBj21uoy0daqfyskd4Yw2ZsPsZU6zuEGdFj52Qbw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-05-29T11:41:00Z"
mac: ENC[AES256_GCM,data:7Xs7W6smDPr8fp4AapKcUvHUsYRKkTQ3wb4CuDmL0ziQs2d73ueezEembp7RRaBQ/Q5jACY1dHQg42+4YymcTt8NqJ6SE4G7f9iqJu3rr5g5lh8mYP8ft8J1/l2jrQtCSfxyzuG2CPZRycQIo+0Tq++w6iK0iy6ExPt8cDNR2Ao=,iv:v8m4CEW6FG5rWV8fKsqACh37X9yzsB/Bl1wh+4348rI=,tag:Up71zDf12JMDjK8uIxnsLA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

26
values/badhouseplants/secrets.redis.yaml Normal file
View File

@ -0,0 +1,26 @@
global:
redis:
#ENC[AES256_GCM,data:QRLnzdJ/lmaItppUMOZO33kySISWDfMdjr2nrEjBuhucnoglEVNF9Wy5IVbt5CNERajCADTVWNy/N40uCv+9n3PQVKl+Ki6YV+Q24Bzy,iv:8PvJ2yU7AW+/XkP+/9OQcrdCVAomnRexkNNw+2rjoho=,tag:U4gbrqqBwvXC63qn7jFmPQ==,type:comment]
#ENC[AES256_GCM,data:69gagNeejZaafGWo/Rll,iv:kW13FOrc/j//BxVj4JgEC0G/DQIOPHil0uNXpOM2/W0=,tag:sqviMlgQHiN397ukswoNsg==,type:comment]
#ENC[AES256_GCM,data:C8ta7Vtb3LpOotE=,iv:Kdat2trhQIQHxIpD7xhUoLRYo+a4PgzpB+S0w32somA=,tag:jgH656M8a14QhA//sN6MGg==,type:comment]
password: ENC[AES256_GCM,data:qdV5FH2K4w9gj4SFznfflY8Uw3ohSCO4lOE4Hea4,iv:/XYT2xiHlfRB1NLkw+Qm/QaWehvs9v8PUp2ZfMxeyRA=,tag:06XSi3K7y+9a50nZK1LAfQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1
MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF
cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1
MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf
pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-29T20:22:15Z"
mac: ENC[AES256_GCM,data:DIdcvQXu7rivXdPFPjfzs1AeJ5bRvUBD+Hq9mH7Hp/+iqrG03fWSF2NF1ra8KfEIg6TDsyMnQLWvipxBlA654BLBNrABFoGwLsdVsATBORz0kNNY862qfyhSOaaTBHTWhPVpbjGnYav+bi5pfvbLC9yJm3SjIRtUbnaNVWvqMq0=,iv:d7SaPZLb/px7fy+bGJnH3bfNBmqbhwMijyNB0jfYgLE=,tag:LT5hJoDcSiP5FVgj0M2sCA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

22
values/badhouseplants/secrets.tandoor.yaml Normal file
View File

@ -0,0 +1,22 @@
env:
SECRET_KEY: ENC[AES256_GCM,data:vIzxdLGoKHEIGt451pZKwyFFQ7+g3ViryUHkhmzU,iv:JuSUmrUUgVL07y4mQ+z3lNRLpe0io4uDKndWpEgIVDU=,tag:6nsOuHbtgyGFJebOHChKxQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNYmNkcjVyR2o5R0dJTXZB
d2NBczgrTllrM3hWdHVIcmhmb1dlY1FzN2pjCndTSS83Wi9WcytrT04xY1dyNXVV
YzlxWmwxNkpnMk1oK25wcDJTUFQyYk0KLS0tIHR3R3did2hlMThOUEV1QjNma2pM
NnNxMC9vNStLQ1dadE13RmhLWExqeG8KpSUTbfxuZX+7L6SK55BJvY8KIfqt2ykz
qNmUpeC7YHzDfoXGF6+jklMCVcUJDRI5UeZejZ7KXnI9OR8VncIiqw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-06T15:16:21Z"
mac: ENC[AES256_GCM,data:qVocy+iBsjj45hLObpoxxo0ZyzxCITXR52NLfo5NZvJutRLs5SfKjmecYVth4j1t15qUJ3GIYG2t2lGxqptMyPK7SG4ln0G8p02LP4XdboKYeZNdWlHYf3cMZtnST4WdrpTCNWhLs3+8ittBb3AsR3QBtwoqzalC+VatAOJ2IDc=,iv:y3TspYIFS/eVJE8x+fAlPhFrWcH9PM0Rajgt8yUJLSc=,tag:nUt0xWqdjfoeemTk4xhr8w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

27
values/badhouseplants/secrets.vaultwarden.yaml Normal file
View File

@ -0,0 +1,27 @@
vaultwarden:
smtp:
username: ENC[AES256_GCM,data:j/y4Wzhb1obnLW9zHYqpM7/Glfd15hDAAn+6,iv:wNQgESf/0zbfcwFWrKgdSKcoCYVUJ3pnQYuMhfeergQ=,tag:/DPHJGrySeH9xZ9gfH7yFg==,type:str]
password:
value: ENC[AES256_GCM,data:lM5RLAEz5K2LqoCEt2KfOgVv+Dg8zDwUKg==,iv:tT/71iljjyCyBxVoAKOZgdC7BHxhQfjH7ECZUGTv8So=,tag:sd2+m7KyoJmEY3l6Qey6yQ==,type:str]
adminToken:
value: ENC[AES256_GCM,data:8+nwPIKqrzIHvfxzVvUx+hh6qz6c8lCTYzJQsbGFx3c/76wzgJZ08TVNRu2VNmlHBOE=,iv:U5Cv0rykPbBql6wu9HFuMIGoLMM40TlDp8MNM5OGzzw=,tag:++lPoZaKQD/RsVm1xZfMRA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhLzVRdW5ITFJmWHE5dkRr
R3pGbTh3UmFTTXR4VVVGRjlSUURudmxwM1hjCk16U3BKYkZTcmdwaFZtcTZNYk9C
M0ZBZk52bDBuNWZwa21SMU1mSnhmWEUKLS0tIGZVV01KQ3Z6OGltN1RFSks5MVJI
a2xWUGZpMmovY1Qya05nVXRZVUFDTFEKhF34OSdGZizs1/Rs9qvUOVtomQBvOFbS
hRsK3Orwig4HJdzj1UOZd8UMGwj6Mzhw+aKUJKL67igMwxbxVcaU1Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-30T18:44:39Z"
mac: ENC[AES256_GCM,data:1cpPRtzipDI0/fXlbcbuQQyjAZMk7MR005sJAIwfNVG4o1UdV6cIEG6096yeXGP8aKYXJwm1GUZ0NtdipQpieNnj59xClZHJ00m0K/0b6UHoGzSMY82t0nNrS3KvVEQP0a+LR5WVQEl7ac2m4FmbHpGtSWWMW6CYBnflfHQisFA=,iv:exvh14LUOeZnLrnvPrX9Hzfnv7wMd1Qfx37F0aVf2q8=,tag:62QX/P5K3U72O0zkgyyXhg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

27
values/badhouseplants/secrets.vaultwardentest.yaml Normal file
View File

@ -0,0 +1,27 @@
vaultwarden:
smtp:
username: ENC[AES256_GCM,data:9bEvyZkXadW7Hx2iW6ByPDdnuIFPkeoUjoOyoQ==,iv:Y5M/16L16AWXeaWyKCSsV/c/l9JXmNzx/IsLBmMJuGg=,tag:nFN1ZssjtqZOG8Gvka9f3A==,type:str]
password:
value: ENC[AES256_GCM,data:CF2VgDpxlwHmvCDJhx0GDLT/yyw=,iv:t8JwQFeK9Te2zVdg+gPdMlh1E5g0vMG+ApAGKbGZ4WI=,tag:7UJuxFqS/hUTVunv0CJcTw==,type:str]
adminToken:
value: ENC[AES256_GCM,data:lrb99F1zn7AWlAttShQGGyMz5Ds=,iv:nas5hzd/XMQWFA2pTaTDkqXReoToBulf6s7tZraxM3s=,tag:UH/AXIWKbZOmu/W8XyuWNw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhLzVRdW5ITFJmWHE5dkRr
R3pGbTh3UmFTTXR4VVVGRjlSUURudmxwM1hjCk16U3BKYkZTcmdwaFZtcTZNYk9C
M0ZBZk52bDBuNWZwa21SMU1mSnhmWEUKLS0tIGZVV01KQ3Z6OGltN1RFSks5MVJI
a2xWUGZpMmovY1Qya05nVXRZVUFDTFEKhF34OSdGZizs1/Rs9qvUOVtomQBvOFbS
hRsK3Orwig4HJdzj1UOZd8UMGwj6Mzhw+aKUJKL67igMwxbxVcaU1Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-06T15:15:43Z"
mac: ENC[AES256_GCM,data:9GsJoDWT1Onv6f8aUcwkbeTcpr0vF2MIgtJjKTbvvPHhzVeVev4FPFZ5R0YQXD1CmQycu/rnElktohgu9Xwum3j4hfs8Ga2qDqOk6heleBcptXDYwcBUAxg8QD5NNAkefsq5oJi+QsdD0nOeRjG6o5XYRccyoFiucTcpT9eASzw=,iv:7UJzUShRD+tzhIEeKygZlgaWHOYOS+L2Io69K0xW2MM=,tag:alOPQPbM6cex7kgQv8mqQQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

23
values/badhouseplants/secrets.woodpecker-agent.yaml Normal file
View File

@ -0,0 +1,23 @@
env:
WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:cJoxJw6c6FYZ337i5P6dGUzLmgUn9Z+/Ed9aUK76WYnB8m0D9h5IlAlOfCQ=,iv:1BgxKsaI3dhhPNkZbpHKBn6GXadn1RD+3Q4RwKLfmcU=,tag:y8qLWwpVAwKrOWN1cC2ulw==,type:str]
WOODPECKER_GITEA_SECRET: ENC[AES256_GCM,data:VdWASwxPurzmfSjb2h8wBw3XbZSfG9UG0jmXSbTBPreZ+l7UQblI/wqr8Tw=,iv:APNuiqimA/ofCWsvywj+SJedQBMgRoCd65Gd3Ps2/fw=,tag:ATLGT4ACZ2GR46qD9ABUng==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTRFNvdnBsSHFBcjlGcGl1
RnU1NEpZekpucTNCZHBGcXdBakhkU1drb2dZClVYZ2xMVUJiOXV2enlBbm1TS2Mz
ZnZ0UHpsVHVUU2ZkSGtwUXNMM0R6VjQKLS0tIFR4NEdTTGRIY3QycTFhRzJNSEY0
SEs0Z3VjaTN2Y3Z0QmtEUEdQdmtwYnMKxQ3z1p2GulSOklUEolWeH20JeFwNpZqY
870x5UtCJNVTMrIDgwMQK3hn+yywxPdgSRhkW3bqH4PJDxi78UUpXw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-05T08:06:51Z"
mac: ENC[AES256_GCM,data:pc4n/3MEP0GhmZ+wdbOiK2gj7ah/9IJ2hoXRtM1sAGy3UPNBrF5VE7hxnAi393YpWBank7crDTvg2aJjhVt7XqB8zcjiHtNMlcpxL6fJ+uWxeH4uVj/NBfSvoO410oYbtPuKMjZpPU7KACmTJ9tzVIZdZOScXx7fLQxNUq01Hu8=,iv:18MqueG9MHrTcXmu14Q8LPnMFT9lolDkCbXjjA2P1qg=,tag:6ETPd8vZ0CCGEUP5u8ZxNA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.0

27
values/badhouseplants/secrets.woodpecker-ci.yaml Normal file
View File

@ -0,0 +1,27 @@
server:
env:
WOODPECKER_GITEA_SECRET: ENC[AES256_GCM,data:mGYEvlIeQC3mg+kxy3ZX6gAVf88DXLVdeSdgpQa8wixsb2rDoj4+l2ET2saquK+lVhjvv8ZKdvg=,iv:VlPgDYPj1xpxnpWnEHj+slBi0H2nWKeScclPItUaG9A=,tag:ox/Ur5vsOARXRT3g0hCgsg==,type:str]
WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:WXwsmLmb37clb5xgv+2DeKfhk7cwaIJpaCW8/Kq/CmgfwCmrarPDDQGXZoLwOjGj3mh/ciDj7V5WgHfyxuIDhA==,iv:NhGlPyPrTrTbz1DjOZEieWAfOQHqSqhdLiqMspex1j0=,tag:vOfo+XiCUW6MhtJemkZPMA==,type:str]
agent:
env:
WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:4lTZ16jbrorU4B9gTAoWmgiGggrMWD7K5O/5R47OIDMdRInwXtaWviofFD8WJQMduiGvANxMVNs0J1DLvFKi9Q==,iv:Y0AsW63vdVEwKvpVYeMVLFmwYlsQSwnz602QjDgj/ZQ=,tag:aO9xh3psy/bRCCQEFUp75A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlQjZqNE9iMDl6MlhnSUp5
QTBSOG83WFBqZFZIU2dEMzlpengrUFg4alZFCld4MkI4WW8xMUZnMm1SU2hmMCtn
bTZSVTIxTk5aZmo3OEJJdlJwL2xhV3MKLS0tIGJraERVZTNyMWFCVE1TbEhRR3J4
WXh3NGd4UG9OODhHNEp0cDVoQkM5dWMKcz4h0O4J2WlB+L9+/U8Rl+zzd87hsJo8
ThPZgnUNDGpdRrU2IYiXo03fZOhBoqBJe1ZG+Ol8z9bvTeyeMZxRIg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-18T17:43:53Z"
mac: ENC[AES256_GCM,data:u8iu+Ia1u5c5AkdyKbGT//G/Zp+yDNv3TQIElSBA6qCTBu0lKAii3ywXrqdpQ1kYtytjazcwkOa7vKmVy1UoCNda+8wGGHfhfOIQlll+TKBNvgUO73lF5P7X5q6CcgFMvTazXKElESEC3G04uVLEOdG1W6d0ArVRnh8gFOY6Jgg=,iv:VT0pFoOcLPK14I1doJi+52wtCfUuqh2nxdSVu0ufVOY=,tag:SwAOYLxOYaouteqXdgP2Hg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

23
values/badhouseplants/secrets.zot.yaml Normal file
View File

@ -0,0 +1,23 @@
configFiles:
config.json: ENC[AES256_GCM,data:id5h3EObc18qFAYXYtVFAgJcp7IUS0QCSQZfKqy1fIoZUUYYIuKBDE9aL3OnqZkVJtXn5DNCRii/1ZYY/9Tg2IEK73twu5lDkM73APphI2GPw1ONQh6WBRp54AskuZizx3l1+PyKI/8WPVy/x1cbc7l5pGBziDzSbREor+YQQe4P3Og5KqkoWPeeO/GB/vCP+4CquBVwakyDPibrXtvEcIPxfu8b4H84fBQtlStuoT6Mdmj7NfBtK5SEl9yZ8R+kAJyjr4aM1XrtKtpBfituxi6OsXIQgKTWWZtFkousCkDuKxJf1EUCUR1J4ClmcF7UGUOxg3r3Csf1Y6ijhVgUqDlgNmRIq+qsEWrgWVixnO1RMnRcWmgJFDAs/QXY841lJTQJmVS4LRNZKu1ea8fDmF5KaxBdshizeA0RZGrdNlTUIB5AUsK3mmyPCvM4JYivQp4Hv8i1U9zlLpuPWR+7UgKbHjpQSVCem+dM76W4z9Wy463AS20EjwLUicSq7g8yLoCstuI1XsC8yNLZE6Z/nUkRysiGXa6iJnWez2tVOnIVVJ3c378U3U6tTr7ygae7v9PcvoGBTYTZA0OyrMeHrocKp4026yQJN+8Pj8CPdZX/nhC0gW08xI7EQnzK84ca4XuEZHWEtlmMBJyIGK07trq94BH6QwUaIg+nUv/gKvUA5CuMSAqECv+wCfQ+EU7mRClXR6RYJvEUxIEvGjb3CTOyV+gbj+CKaz3LZWWPETCAvOz0Cd8L56E7yUwFNhd+c7X8RuMy1vdoiCXdkzU5QCDmfv3ka4lKBPd3cvHduXeAh0wMNHSqLEVZblnt50tiZmo6vwiNGxlg3jL56Lfn3rkz+HVKRl6ArPBOdJhbgGj0bZFJMPGBU8kNDksQ6DMw371vAR7FwlzLKdz1Z3D1CvmBRUBIhr4TbnPuTL77fytVq9IdgGcTexs8QhcelXmoW5nA61PpYhYCU65m7BKC0koX4fjCjAksvjZaI0eeYPgKafAqKBlJslqKq9lNGH1orjgmXO0LWV7xv7D46BRrrfMqPwHUsPAGBP4VhfuIXc3keTmtFWjexyjMzvkxtoagATQZgbohjL4D4dzMTVhGH+Iw6AyM+9/NZeb7Cm2CmmJJXG0kmXGezuyRwNrChlhd4/HdeLvfBZbvXYLwr6pZn8dbJ7w0V77clsjN2QhsrPGh8VVf548KlkcfWp821pwmPxLme2TU4nJE+eU/7xK+LdSy8vpZ6wkxThTUdj5/A7DAszgdDed3aWfVIKz2DmLWR1iD6fC7n6OIIE+dcywNTU0sbYkMffpoYwU9Om9uPeer9rkzrnWHZX2btyfKUy8bnf0LuHuzRKyFl59nMUhlXbr1YsEKabNpsaxT50L0idoO5Phkx7os/qiqvxaPChMJngJQ9BXIoKARkg4hgvvjKpQwmjt/liA18COy58B2gjH3aKA6kye0/utQTih65DamYt8Wv4niVAZ3wm0rG5uaBvwZnj9N/xn2Klx5Iih2ZbobWVVR0MCAhe1nKIcnZxRrsm+GGRX2svYZg4ROLq7FagL8mn27/aG0UMdKQGpbXDQviNQgY+wB3jBmZAea54pWe5sgGBxXAZSYhGoOaWCLwWUtQWGdusjebEuqonW6PSE7whkbJxStNZOdAxATlCSe7jAkzuj5VBZbL8mIgnTltwKk3RcbnpL0j0pwousVZpSqg9KOqubxgk81YyMImA4LI3Fi0OFYIbDSw8zJJUgwASIWLQ2GxLM1Z1oxun7HpMV5lK8I+n70Vcqutn2N8URU0XOo6gcWCfknhClCwkOsZxU+DSVYyz5Aq49zwojSsd/CuS6WbFO82MMCO7dRLIz9ju43xAeCgFY7ZpbRyCR8U5IJKHPrHunYGwaRpolAE1V13XuBu0pOyaiU0sIeA44snU58DVMFyvA3PUl47FXvPMjGahbZoun7vi8J8KbRXlhHH/HFshi5eT16WOXK5SXBEiQDjhLa5RseWI121ARKtsvBRlhr9yRsZedlhmW7nqRw5hbVvHDQfUFIuiRHF1XAElP1C1hcb2GDE7r4anmoSRgcHYAI50HF4CPBSxiI+EAisKARIlUgRKt3gOfG8AH4mraUL8Lt+Eb0Clsd0z2GuysPHrEhy8WzGv4HW84ngNmZgznXP7ZFrtT31zAQr9QL/oirJf+ujPUdY03gJbr3jQXrQ1mfivlsaofgC0WL0xLma3Cuosb1nGmw0XmCGJNIOmgZJ/plQCWH05UzVR/QXhdEwlci3VNeYOSIUJwkv2eUyHsxHj45VRtLuxnrLx7BqR+kxBpRayJXWRBx1rcW7RTvS1a5Dk5PxsqjKcxKu+wRbPFmv77qOIroGg+XKTp8XeIxcSs4lx7AsfpTEvWpARwsydrUSKf/++F+3dL4yOrOyywul8gnTN3iLMoTjpze83ZFcJ2viiyqMWnHWQnuVveZTZi3NmoC63ZE/XLlztJcDT1UkrH3Tlvu1AxqMcm0SxK3TgEbvGmdWYo07E+qEMsUyoSpeE5MX2FESR9C67s/t5/rfThhvvjQNhydUVLrQL8O,iv:njFz+TX54d1Fy7QtrjFht7lyujuuIamNWEXquA6Q+jA=,tag:d+9rLYzYZf/0uuZ/VVys0Q==,type:str]
authHeader: ENC[AES256_GCM,data:IHFsb7dRNIMe8kv0sG6u/A==,iv:mc0MhVWKEz8ln2DvC9mwrYtqKCvOjudiUYETOBx3DAM=,tag:aktcOM3u4xNyZ4wTJZ1E3w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMjkwcll5bkNzUE1lQkN0
NXRCckdnUER0YlAwWG1wWVo5Mno2T1g5eWtZCnJGMkNScEthNHVqZnlvQnN6Q0du
RnpzNitYR1RpTnl4UDB3Zk5HMjU1MTQKLS0tIHNoZHRjdlU1SXl1c2pzemZsQzBB
M25WRjB6QUpkbURZVmNaWm9nd1U4RzAKan1bSzcDc2G+428vpnNDWYhQ3/nFKSUp
VLnfx3roZUrs0QV07O+AHobOvlLD4eo8wfHMUneKipAQ8ZAlhNFTBg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-05T17:37:17Z"
mac: ENC[AES256_GCM,data:vabfq3du2GfVkWQqdy2X/8pl/V/i+juyjIeGRia9cZ57SFPPmS/7n7rV6W+tpp402ov+16HHevVu+ZUZKxFPNq/8WiIVFCh3YMAFimzB+wOXziivAf1zAgYX5h5JHMV3FrXJT0yJAGmVbrZ7KP48CaB74PJGb++4Jr3qPE6VU/4=,iv:PApbvtdThsQyfD2db8GBrnrZL4jlx7qL8bHhAijXk0E=,tag:vIwECp7tomejqjGadIhudw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

113
values/badhouseplants/values.argocd.yaml Normal file
View File

@ -0,0 +1,113 @@
---
controller:
resources:
limits:
memory: 512Mi
cpu: 200m
requests:
cpu: 100m
memory: 512Mi
metrics:
enabled: true
applicationLabels:
enabled: false
labels: []
service:
annotations: {}
labels: {}
servicePort: 8082
portName: http-metrics
serviceMonitor:
enabled: false
interval: 30s
relabelings: []
metricRelabelings: []
selector: {}
scheme: ""
tlsConfig: {}
additionalLabels: {}
rules:
enabled: false
spec: []
dex:
metrics:
enabled: false
serviceMonitor:
enabled: false
redis:
metrics:
enabled: false
serviceMonitor:
enabled: false
global:
domain: argo.badhouseplants.net
server:
ingress:
enabled: true
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
ingressClassName: traefik
tls: true
metrics:
enabled: true
serviceMonitor:
enabled: false
extraArgs:
- --insecure
servicePort:
servicePortHttp: 80
servicePortHttps: 80
repoServer:
metrics:
enabled: false
serviceMonitor:
enabled: false
imagePullSecrets:
- name: regcred
configs:
params:
server.insecure: true
rbac:
policy.default: role:readonly
scopes: "[email, group]"
policy.csv: |
g, allanger@zohomail.com, role:admin
g, allanger@badhouseplants.net, role:admin
g, rodion.n.rodionov@gmail.com, role:admin
p, drone, applications, *, badhouseplants/*,allow
cm:
exec.enabled: "true"
url: https://argo.badhouseplants.net
kustomize.buildOptions: "--enable-alpha-plugins"
accounts.drone: apiKey, login
accounts.drone.enabled: "true"
credentialTemplates:
ssh-creds:
url: git@github.com
applicationSet:
metrics:
enabled: false
serviceMonitor:
enabled: false
repositories:
argo-deployment:
url: git@github.com:allanger/argo-deployment.git
name: argo-deployment
insecure: "true"
type: git
cluster-config:
url: git@github.com:allanger/cluster-config.git
name: cluster-config
insecure: "true"
type: git

64
values/badhouseplants/values.authentik.yaml Normal file
View File

@ -0,0 +1,64 @@
---
# ------------------------------------------
# -- Database extension is used to manage
# -- database with db-operator
# ------------------------------------------
ext-database:
enabled: true
name: authentik-postgres16
instance: postgres16
credentials:
host: "{{ .Hostname }}"
username: "{{ .Username }}"
password: "{{ .Password }}"
database: "{{ .Database }}"
authentik:
email:
host: email.badhouseplants.net
port: 587
username: bot@badhouseplants.net
use_tls: false
use_ssl: false
timeout: 30
from: bot@badhouseplants.net
postgresql:
host: file:///postgres-creds/host
user: file:///postgres-creds/username
password: file:///postgres-creds/password
name: file:///postgres-creds/database
secret_key: "2Scv6ivCfV6uGRTx9Kg5CYJ2KjBRHpR8GqSBearnBYvBFZBwR7"
# This sends anonymous usage-data, stack traces on errors and
# performance data to authentik.error-reporting.a7k.io, and is fully opt-in
error_reporting:
enabled: false
redis:
enabled: true
server:
ingress:
annotations:
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
enabled: true
hosts:
- authentik.badhouseplants.net
tls:
- secretName: authentik-tls-secret
hosts:
- authentik.badhouseplants.net
volumes:
- name: postgres-creds
secret:
secretName: authentik-postgres16-creds
volumeMounts:
- name: postgres-creds
mountPath: /postgres-creds
readOnly: true
worker:
volumes:
- name: postgres-creds
secret:
secretName: authentik-postgres16-creds
volumeMounts:
- name: postgres-creds
mountPath: /postgres-creds
readOnly: true

40
values/badhouseplants/values.bitwarden.yaml Normal file
View File

@ -0,0 +1,40 @@
---
image:
repository: vaultwarden/server
tag: 1.28.1
istio:
enabled: true
istio:
- name: bitwarden-http
gateway: istio-system/badhouseplants-net
kind: http
hostname: bitwarden.badhouseplants.net
service: bitwarden-vaultwarden
port: 80
# pathType is only for k8s >= 1.1=
pathType: Prefix
env:
SIGNUPS_ALLOWED: false
DOMAIN: "https://bitwarden.badhouseplants.net"
WEB_VAULT_ENABLED: true
persistence:
enabled: true
accessMode: ReadWriteOnce
size: 800Mi
storageClass: longhorn
smtp:
host: badhouseplants.net
security: "starttls"
port: 587
from: bitwarden@badhouseplants.net
fromName: bitwarden
username:
value: overlord@badhouseplants.net
authMechanism: "Plain"
acceptInvalidHostnames: "false"
acceptInvalidCerts: "false"

25
values/badhouseplants/values.chartmuseum.yaml Normal file
View File

@ -0,0 +1,25 @@
env:
open:
AUTH_ANONYMOUS_GET: true
DISABLE_API: false
CORS_ALLOWORIGIN: "*"
persistence:
enabled: true
accessMode: ReadWriteOnce
size: 2Gi
path: /storage
ingress:
enabled: true
pathType: "ImplementationSpecific"
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
hosts:
- name: chartmuseum.badhouseplants.net
path: /
tls: true
tlsSecret: chartmuseum.badhouseplants.net

10
values/badhouseplants/values.cilium.yaml Normal file
View File

@ -0,0 +1,10 @@
operator:
replicas: 1
endpointRoutes:
# -- Enable use of per endpoint routes instead of routing via
# the cilium_host interface.
enabled: true
ipam:
ciliumNodeUpdateRate: "15s"
operator:
clusterPoolIPv4PodCIDRList: ["10.244.0.0/16"]

32
values/badhouseplants/values.coredns.yaml Normal file
View File

@ -0,0 +1,32 @@
service:
clusterIP: 10.43.0.10
servers:
- zones:
- zone: .
port: 53
plugins:
- name: errors
# Serves a /health endpoint on :8080, required for livenessProbe
- name: health
configBlock: |-
lameduck 5s
# Serves a /ready endpoint on :8181, required for readinessProbe
- name: ready
# Required to query kubernetes API for data
- name: kubernetes
parameters: cluster.local in-addr.arpa ip6.arpa
configBlock: |-
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
# Serves a /metrics endpoint on :9153, required for serviceMonitor
- name: prometheus
parameters: 0.0.0.0:9153
- name: forward
parameters: . 1.1.1.1 1.0.0.1
- name: cache
parameters: 30
- name: loop
- name: reload
- name: loadbalance

32
values/badhouseplants/values.db-instances.yaml Normal file
View File

@ -0,0 +1,32 @@
---
dbinstances:
postgres16-gitea:
monitoring:
enabled: false
adminSecretRef:
Name: postgres16-gitea-secret
Namespace: databases
engine: postgres
generic:
host: postgres16-gitea-postgresql.databases.svc.cluster.local
port: 5432
postgres16:
monitoring:
enabled: false
adminSecretRef:
Name: postgres16-secret
Namespace: databases
engine: postgres
generic:
host: postgres16-postgresql.databases.svc.cluster.local
port: 5432
mariadb:
monitoring:
enabled: false
adminSecretRef:
Name: mariadb-secret
Namespace: databases
engine: mysql
generic:
host: mariadb.databases.svc.cluster.local
port: 3306

71
values/badhouseplants/values.docker-mailserver.yaml Normal file
View File

@ -0,0 +1,71 @@
traefik:
enabled: true
tcpRoutes:
- name: docker-mailserver-smtp
service: docker-mailserver
match: HostSNI(`*`)
entrypoint: smtp
port: 25
- name: docker-mailserver-smtps
match: HostSNI(`*`)
service: docker-mailserver
entrypoint: smtps
port: 465
- name: docker-mailserver-smpt-startls
match: HostSNI(`*`)
service: docker-mailserver
entrypoint: smtp-startls
port: 587
- name: docker-mailserver-imap
match: HostSNI(`*`)
service: docker-mailserver
entrypoint: imap
port: 143
- name: docker-mailserver-imaps
match: HostSNI(`*`)
service: docker-mailserver
entrypoint: imaps
port: 993
- name: docker-mailserver-pop3
match: HostSNI(`*`)
service: docker-mailserver
entrypoint: pop3
port: 110
- name: docker-mailserver-pop3s
match: HostSNI(`*`)
service: docker-mailserver
entrypoint: pop3s
port: 993
rainloop:
enabled: true
ingress:
enabled: true
hosts:
- mail.badhouseplants.net
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
tls:
- secretName: mail-tls-secret
hosts:
- mail.badhouseplants.net
demoMode:
enabled: false
domains:
- badhouseplants.net
- mail.badhouseplants.net
ssl:
useExisting: true
existingName: mail-tls-secret
pod:
dockermailserver:
enable_fail2ban: "0"
ssl_type: manual
service:
type: ClusterIP
spfTestsDisabled: true

16
values/badhouseplants/values.drone-runner-docker.yaml Normal file
View File

@ -0,0 +1,16 @@
---
env:
DRONE_RPC_HOST: drone.badhouseplants.net
DRONE_RPC_PROTO: https
DRONE_NAMESPACE_DEFAULT: drone-service
rbac:
buildNamespaces:
- drone-service
dind:
resources:
limits:
cpu: 2000m
memory: 2024Mi
requests:
cpu: 100m
memory: 512Mi

18
values/badhouseplants/values.drone.yaml Normal file
View File

@ -0,0 +1,18 @@
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
istio:
enabled: true
istio:
- name: drone-http
gateway: istio-system/badhouseplants-net
kind: http
hostname: drone.badhouseplants.net
service: drone
port: 8080
env:
DRONE_SERVER_HOST: drone.badhouseplants.net
DRONE_SERVER_PROTO: https
DRONE_GITEA_SERVER: https://git.badhouseplants.net
DRONE_USER_CREATE: username:allanger,admin:true

72
values/badhouseplants/values.funkwhale.yaml Normal file
View File

@ -0,0 +1,72 @@
---
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
istio:
enabled: true
istio:
- name: funkwhale-http
gateway: istio-system/badhouseplants-net
kind: http
hostname: funkwhale.badhouseplants.net
service: funkwhale
port: 80
ext-database:
enabled: true
name: funkwhale-postgres16
instance: postgres16
replicaCount: 1
celery:
worker:
replicaCount: 1
beat:
resources:
limits:
cpu: 100m
memory: 512Mi
requests:
cpu: 10m
memory: 75Mi
ingress:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
host: funkwhale.badhouseplants.net
protocol: http
tls:
- secretName: funkwhale-tls-secret
hosts:
- funkwhale.badhouseplants.net
extraEnv:
FUNKWHALE_HOSTNAME: funkwhale.badhouseplants.net
FUNKWHALE_PROTOCOL: https
persistence:
enabled: true
accessMode: ReadWriteMany
size: 10Gi
s3:
enabled: false
postgresql:
enabled: false
host: postgres16-postgresql.databases.svc.cluster.local
auth:
username: funkwhale-application-funkwhale-postgres16
database: funkwhale-application-funkwhale-postgres16
redis:
enabled: false
host: redis-master.databases.svc.cluster.local
auth:
enabled: true
database: 3

151
values/badhouseplants/values.gitea.yaml Normal file
View File

@ -0,0 +1,151 @@
# ------------------------------------------
# -- Database extension is used to manage
# -- database with db-operator
# ------------------------------------------
ext-database:
enabled: true
name: gitea-postgres16
instance: postgres16-gitea
traefik:
enabled: true
tcpRoutes:
- name: gitea-ssh
service: gitea-ssh
match: HostSNI(`*`)
entrypoint: ssh
port: 22
# ------------------------------------------
# -- Kubernetes related values
# ------------------------------------------
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
hosts:
- host: git.badhouseplants.net
paths:
- path: /
pathType: Prefix
tls:
- secretName: gitea-tls-secret
hosts:
- git.badhouseplants.net
replicaCount: 1
clusterDomain: cluster.local
resources:
limits:
cpu: 512m
memory: 1024Mi
requests:
cpu: 512m
memory: 256Mi
persistence:
enabled: true
size: 15Gi
accessModes:
- ReadWriteOnce
# ------------------------------------------
# -- Main Gitea settings
# ------------------------------------------
gitea:
metrics:
enabled: true
serviceMonitor:
# -- TODO(@allanger): Enable it once prometheus is configured
enabled: false
config:
database:
DB_TYPE: postgres
HOST: postgres16-gitea-postgresql.databases.svc.cluster.local
NAME: applications-gitea-postgres16
USER: applications-gitea-postgres16
APP_NAME: Bad Houseplants Gitea
ui:
meta:
AUTHOR: Bad Houseplants
DESCRIPTION: ...by allanger
repository:
DEFAULT_BRANCH: main
MAX_CREATION_LIMIT: 0
DISABLED_REPO_UNITS: repo.wiki
service:
DISABLE_REGISTRATION: false
server:
DOMAIN: git.badhouseplants.net
ROOT_URL: https://git.badhouseplants.net
LFS_START_SERVER: true
LANDING_PAGE: explore
START_SSH_SERVER: true
admin:
DISABLE_REGULAR_ORG_CREATION: true
packages:
ENABLED: true
cron:
enabled: true
attachment:
MAX_SIZE: 100
actions:
ENABLED: true
oauth2_client:
REGISTER_EMAIL_CONFIRM: false
ENABLE_AUTO_REGISTRATION: true
session:
PROVIDER: redis
cache:
ENABLED: true
ADAPTER: redis
queue:
TYPE: redis
mailer:
ENABLED: true
FROM: gitea@badhouseplants.net
PROTOCOL: smtp+startls
SMTP_ADDR: badhouseplants.net
SMTP_PORT: 587
USER: overlord@badhouseplants.net
indexer:
REPO_INDEXER_ENABLED: true
REPO_INDEXER_PATH: indexers/repos.bleve
MAX_FILE_SIZE: 1048576
REPO_INDEXER_EXCLUDE: resources/bin/**
picture:
ENABLE_FEDERATED_AVATAR: false
service:
ssh:
type: ClusterIP
port: 22
clusterIP:
# ------------------------------------------
# -- Disabled dependencies
# ------------------------------------------
postgresql-ha:
enabled: false
redis-cluster:
enabled: false
# extraDeploy:
# - |
# {{- if $.Capabilities.APIVersions.Has "traefik.io/v1alpha1/IngressRouteTCP" }}
# apiVersion: traefik.io/v1alpha1
# kind: IngressRouteTCP
# metadata:
# name: {{ include "gitea.fullname" . }}-ssh
# spec:
# entryPoints:
# - ssh
# routes:
# - match: HostSNI('*')
# services:
# - name: "{{ include "gitea.fullname" . }}-ssh"
# port: 22
# nativeLB: true
# {{- end }}

4
values/badhouseplants/values.iredmail.yaml Normal file
View File

@ -0,0 +1,4 @@
config:
env:
HOSTNAME: mail.badhouseplants.net
FIRST_MAIL_DOMAIN: badhouseplants.net

13
values/badhouseplants/values.issuer.yaml Normal file
View File

@ -0,0 +1,13 @@
---
name: badhouseplants-issuer-http01
spec:
acme:
email: allanger@badhouseplants.net
preferredChain: ""
privateKeySecretRef:
name: badhouseplants-http01-issuer-account-key
server: https://acme-v02.api.letsencrypt.org/directory
solvers:
- http01:
ingress:
ingressClassName: traefik

98
values/badhouseplants/values.istio-gateway-resources.yaml Normal file
View File

@ -0,0 +1,98 @@
certificate:
enabled: true
certificate:
- name: nrodionov-wildcard
secretName: nrodionov-wildcard-tls
issuer:
kind: ClusterIssuer
name: badhouseplants-issuer
dnsNames:
- nrodionov.info
- "*.nrodionov.info"
- name: badhouseplants-wildcard
secretName: badhouseplants-wildcard-tls
issuer:
kind: ClusterIssuer
name: badhouseplants-issuer
dnsNames:
- badhouseplants.net
- "*.badhouseplants.net"
istio-gateway:
enabled: true
gateways:
- name: badhouseplants-net
servers:
- hosts:
- badhouseplants.net
- '*.badhouseplants.net'
port:
name: grpc-web
number: 8080
protocol: HTTPS
tls:
credentialName: badhouseplants-wildcard-tls
mode: SIMPLE
- hosts:
- badhouseplants.net
- '*.badhouseplants.net'
port:
name: http
number: 80
protocol: HTTP2
tls:
httpsRedirect: true
- hosts:
- badhouseplants.net
- '*.badhouseplants.net'
port:
name: https
number: 443
protocol: HTTPS
tls:
credentialName: badhouseplants-wildcard-tls
mode: SIMPLE
- name: nrodionov-info
servers:
- hosts:
- nrodionov.info
- dev.nrodionov.info
port:
name: http
number: 80
protocol: HTTP2
tls:
httpsRedirect: true
- hosts:
- nrodionov.info
- dev.nrodionov.info
port:
name: https
number: 443
protocol: HTTPS
tls:
credentialName: nrodionov-wildcard-tls
mode: SIMPLE
- name: badhouseplants-vpn
servers:
- hosts:
- '*'
port:
name: tcp
number: 1194
protocol: TCP
- name: badhouseplants-ssh
servers:
- hosts:
- '*'
port:
name: ssh
number: 22
protocol: TCP
- name: badhouseplants-minecraft
servers:
- hosts:
- '*'
port:
name: minecraft
number: 25565
protocol: TCP

72
values/badhouseplants/values.istio-ingressgateway.yaml Normal file
View File

@ -0,0 +1,72 @@
service:
type: LoadBalancer
externalTrafficPolicy: Local
ports:
- name: shadowsocks
port: 8388
protocol: TCP
targetPort: 8388
- name: minecraft
port: 25565
protocol: TCP
targetPort: 25565
- name: ssh-gitea
port: 22
protocol: TCP
targetPort: 22
- name: http2
port: 80
protocol: TCP
targetPort: 80
- name: grpc-web
port: 8080
protocol: TCP
targetPort: 8080
- name: https
port: 443
protocol: TCP
targetPort: 443
- name: tcp
port: 1194
protocol: TCP
targetPort: 1194
# -----------
# -- Email
# -----------
- name: smtp
port: 25
protocol: TCP
targetPort: 25
- name: smtps
port: 465
protocol: TCP
targetPort: 465
- name: smtp-startls
port: 587
protocol: TCP
targetPort: 587
- name: imap
port: 143
protocol: TCP
targetPort: 143
- name: imaps
port: 993
protocol: TCP
targetPort: 993
- name: pop3
port: 110
protocol: TCP
targetPort: 110
- name: pop3s
port: 995
protocol: TCP
targetPort: 995
podAnnotations:
proxy.istio.io/config: '{"gatewayTopology" : { "numTrustedProxies": 0, "forwardClientCertDetails": SANITIZE } }'
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 200m
memory: 1024Mi

14
values/badhouseplants/values.istiod.yaml Normal file
View File

@ -0,0 +1,14 @@
---
pilot:
resources:
requests:
cpu: 50m
memory: 2048Mi
global:
proxy:
resources:
requests:
cpu: 20m
memory: 128Mi
limits:
memory: 128Mi

3
values/badhouseplants/values.local-path-provisioner.yaml Normal file
View File

@ -0,0 +1,3 @@
storageClass:
create: true
defaultClass: false

99
values/badhouseplants/values.loki.yaml Normal file
View File

@ -0,0 +1,99 @@
---
global:
dnsService: "coredns"
loki:
auth_enabled: false
commonConfig:
replication_factor: 1
storage:
type: 'filesystem'
commonConfig:
replication_factor: 1
schemaConfig:
configs:
- from: 2024-04-01
store: tsdb
object_store: s3
schema: v13
index:
prefix: loki_index_
period: 24h
ingester:
chunk_encoding: snappy
tracing:
enabled: true
querier:
# Default is 4, if you have enough memory and CPU you can increase, reduce if OOMing
max_concurrent: 2
compactor:
retention_enabled: true
limits_config:
retention_period: 14d
monitoring:
selfMonitoring:
enabled: false
lokiCanary:
enabled: false
#gateway:
# ingress:
# enabled: true
# hosts:
# - host: FIXME
# paths:
# - path: /
# pathType: Prefix
deploymentMode: SingleBinary
singleBinary:
persistence:
size: 5Gi
replicas: 1
resources:
limits:
cpu: 1
memory: 1Gi
requests:
cpu: 0.5
memory: 512Mi
extraEnv:
# Keep a little bit lower than memory limits
- name: GOMEMLIMIT
value: 3750MiB
chunksCache:
# default is 500MB, with limited memory keep this smaller
writebackSizeLimit: 10MB
minio:
enabled: false
# Zero out replica counts of other deployment modes
backend:
replicas: 0
read:
replicas: 0
write:
replicas: 0
ingester:
replicas: 0
querier:
replicas: 0
queryFrontend:
replicas: 0
queryScheduler:
replicas: 0
distributor:
replicas: 0
compactor:
replicas: 0
indexGateway:
replicas: 0
bloomCompactor:
replicas: 0
bloomGateway:
replicas: 0

20
values/badhouseplants/values.longhorn.yaml Normal file
View File

@ -0,0 +1,20 @@
defaultSettings:
backupTarget: s3://longhorn@us-east1/backupstore
backupTargetCredentialSecret: s3-backup-secret
guaranteedEngineManagerCPU: 6
guaranteedReplicaManagerCPU: 6
storageOverProvisioningPercentage: 300
storageMinimalAvailablePercentage: 5
storageReservedPercentageForDefaultDisk: 1
defaultDataPath: /media/longhorn
csi:
kubeletRootDir: /var/lib/kubelet/
attacherReplicaCount: 1
provisionerReplicaCount: 1
resizerReplicaCount: 1
snapshotterReplicaCount: 1
persistence:
defaultClassReplicaCount: 1
enablePSP: false
longhornUI:
replicas: 1

196
values/badhouseplants/values.mailu.yaml Normal file
View File

@ -0,0 +1,196 @@
# ------------------------------------------
# -- Database extension is used to manage
# -- database with db-operator
# ------------------------------------------
ext-database:
enabled: true
name: mailu-postgres16
instance: postgres16
extraDatabase:
enabled: true
name: roundcube-postgres16
instance: postgres16
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
traefik:
enabled: true
tcpRoutes:
- name: mailu-smtp
service: mailu-front
match: HostSNI(`*`)
entrypoint: smtp
port: 25
- name: mailu-smtps
match: HostSNI(`*`)
service: mailu-front
entrypoint: smtps
port: 465
- name: mailu-smpt-startls
match: HostSNI(`*`)
service: mailu-front
entrypoint: smtp-startls
port: 587
- name: mailu-imap
match: HostSNI(`*`)
service: mailu-front
entrypoint: imap
port: 143
- name: mailu-imaps
match: HostSNI(`*`)
service: mailu-front
entrypoint: imaps
port: 993
- name: mailu-pop3
match: HostSNI(`*`)
service: mailu-front
entrypoint: pop3
port: 110
- name: mailu-pop3s
match: HostSNI(`*`)
service: mailu-front
entrypoint: pop3s
port: 993
subnet: 10.244.0.0/16
sessionCookieSecure: true
hostnames:
- email.badhouseplants.net
extraTls:
- hosts:
- badhouseplants.net
secretName: mailu-root-domain
domain: badhouseplants.net
persistence:
single_pvc: false
limits:
messageRatelimit:
value: "100/day"
tls:
outboundLevel: secure
ingress:
enabled: true
ingressClassName: traefik
tls: true
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
tlsFlavorOverride: mail
# realIpFrom: traefik.kube-system.svc.cluster.local
# realIpHeader: "X-Real-IP"
front:
hostPort:
enabled: false
extraEnvVars:
- name: PROXY_PROTOCOL
value: "mail"
- name: REAL_IP_FROM
value: "10.244.0.0/16,10.43.0.0/16"
admin:
resources:
requests:
memory: 100Mi
cpu: 70m
limits:
memory: 700Mi
cpu: 600m
startupProbe:
enabled: true
failureThreshold: 10
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
persistence:
size: 1Gi
redis:
resources:
requests:
memory: 100Mi
cpu: 70m
limits:
memory: 200Mi
cpu: 200m
master:
persistence:
enabled: false
postfix:
resources:
requests:
memory: 1024Mi
cpu: 200m
limits:
memory: 1024Mi
cpu: 200m
persistence:
size: 1Gi
dovecot:
logLevel: DEBUG
resources:
requests:
memory: 100Mi
cpu: 70m
limits:
memory: 400Mi
cpu: 300m
persistence:
size: 1Gi
roundcube:
resources:
requests:
memory: 100Mi
cpu: 70m
limits:
memory: 200Mi
cpu: 200m
persistence:
size: 1Gi
mysql:
enabled: false
postgresql:
enabled: false
## If using the built-in MariaDB or PostgreSQL, the `roundcube` database will be created automatically.
externalDatabase:
## @param externalDatabase.enabled Set to true to use an external database
enabled: true
type: postgresql
existingSecret: mailu-postgres16-creds
existingSecretDatabaseKey: POSTGRES_DB
existingSecretUsernameKey: POSTGRES_USER
existingSecretPasswordKey: POSTGRES_PASSWORD
host: postgres16-postgresql.databases.svc.cluster.local
port: 5432
rspamd:
resources:
requests:
memory: 100Mi
cpu: 100m
limits:
memory: 500Mi
cpu: 400m
startupProbe:
periodSeconds: 30
failureThreshold: 900
timeoutSeconds: 20
livenessProbe: {}
readinessProbe: {}
webmail:
persistence:
size: 2Gi
storageClass: ""
accessModes: [ReadWriteOnce]
claimNameOverride: ""
annotations: {}
global:
database:
roundcube:
database: applications-roundcube-postgres16
username: applications-roundcube-postgres16
existingSecret: roundcube-postgres16-creds
existingSecretPasswordKey: POSTGRES_PASSWORD

19
values/badhouseplants/values.mariadb.yaml Normal file
View File

@ -0,0 +1,19 @@
auth:
rootPassword: ""
database: ""
username: ""
password: ""
replicationUser: replicator
replicationPassword: ""
existingSecret: ""
forcePassword: false
usePasswordFiles: false
customPasswordFiles: {}
initdbScripts: {}
initdbScriptsConfigMap: ""
primary:
persistence:
enabled: true
storageClass: longhorn
size: 1Gi

5
values/badhouseplants/values.metallb-resources.yaml Normal file
View File

@ -0,0 +1,5 @@
metallb:
enabled: true
ippools:
- name: fuji
addresses: 195.201.249.91-195.201.249.91

151
values/badhouseplants/values.minio.yaml Normal file
View File

@ -0,0 +1,151 @@
---
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
istio:
enabled: true
istio:
- name: minio-http
gateway: istio-system/badhouseplants-net
kind: http
hostname: minio.badhouseplants.net
service: minio-console
port: 9001
- name: s3-http
gateway: istio-system/badhouseplants-net
kind: http
hostname: s3.badhouseplants.net
service: minio
port: 9000
ingress:
enabled: true
ingressClassName: ~
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
path: /
hosts:
- s3.badhouseplants.net
tls:
- secretName: s3-tls-secret
hosts:
- s3.badhouseplants.net
consoleIngress:
enabled: true
ingressClassName: ~
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
path: /
hosts:
- minio.badhouseplants.net
tls:
- secretName: minio-tls-secret
hosts:
- minio.badhouseplants.net
rootUser: 'overlord'
replicas: 1
mode: standalone
environment:
MINIO_SERVER_URL: "https://s3.badhouseplants.net:443"
tls:
enabled: false
certSecret: ''
publicCrt: public.crt
privateKey: private.key
persistence:
enabled: true
accessMode: ReadWriteOnce
size: 10Gi
service:
type: ClusterIP
clusterIP: ~
port: '9000'
consoleService:
type: ClusterIP
clusterIP: ~
port: '9001'
resources:
requests:
memory: 2Gi
buckets:
- name: badhouseplants-net
policy: download
purge: false
versioning: false
- name: badhouseplants-js
policy: download
purge: false
versioning: false
- name: badhouseplants-net-main
policy: download
purge: false
versioning: false
- name: sharing
policy: download
purge: false
versioning: false
- name: allanger-music
policy: download
purge: false
metrics:
serviceMonitor:
enabled: false
public: true
additionalLabels: {}
policies:
- name: allanger
statements:
- resources:
- 'arn:aws:s3:::*'
actions:
- "s3:*"
- resources: []
actions:
- "admin:*"
- resources: []
actions:
- "kms:*"
- name: Admins
statements:
- resources:
- 'arn:aws:s3:::*'
actions:
- "s3:*"
- resources: []
actions:
- "admin:*"
- resources: []
actions:
- "kms:*"
- name: DevOps
statements:
- resources:
- 'arn:aws:s3:::badhouseplants-net'
actions:
- "s3:*"
- resources:
- 'arn:aws:s3:::badhouseplants-net/*'
actions:
- "s3:*"
- name: sharing
statements:
- resources:
- 'arn:aws:s3:::sharing'
actions:
- "s3:*"
- resources:
- 'arn:aws:s3:::sharing/*'
actions:
- "s3:*"

6
values/badhouseplants/values.mysql.yaml Normal file
View File

@ -0,0 +1,6 @@
primary:
persistence:
size: 500Mi
auth:
createDatabase: false

9
values/badhouseplants/values.namespaces.yaml Normal file
View File

@ -0,0 +1,9 @@
namespaces:
- name: longhorn-system
- name: databases
- name: applications
- name: development
- name: production
- name: platform
- name: games
- name: pipelines

65
values/badhouseplants/values.nrodionov.yaml Normal file
View File

@ -0,0 +1,65 @@
ext-database:
enabled: true
name: nrodionov-mariadb
instance: mariadb
credentials:
mariadb-password: "{{ .Password }}"
ingress:
enabled: true
pathType: ImplementationSpecific
hostname: dev.nrodionov.info
path: /
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
tls: true
tlsWwwPrefix: false
selfSigned: false
wordpressBlogName: Николай Николаевич Родионов
wordpressUsername: admin
wordpressFirstName: Nikolai
wordpressLastName: Rodionov
wordpressTablePrefix: wp_
wordpressScheme: http
existingWordPressConfigurationSecret: ""
resources:
requests:
memory: 300Mi
cpu: 10m
service:
type: ClusterIP
ports:
http: 8080
https: 8443
persistence:
enabled: true
storageClass: ""
accessModes:
- ReadWriteOnce
accessMode: ReadWriteOnce
size: 2Gi
dataSource: {}
existingClaim: ""
selector: {}
externalDatabase:
host: mariadb.databases.svc.cluster.local
port: 3306
user: applications_nrodionov_mariadb
database: applications_nrodionov_mariadb
existingSecret: nrodionov-mariadb-creds
mariadb:
enabled: false
primary:
persistence:
enabled: true
storageClass: ""
accessModes:
- ReadWriteOnce
size: 3Gi

46
values/badhouseplants/values.openvpn-xor.yaml Normal file
View File

@ -0,0 +1,46 @@
---
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
# istio:
# enabled: true
# istio:
# - name: openvpn-tcp-xor
# gateway: istio-system/badhouseplants-vpn
# kind: tcp
# port_match: 1194
# hostname: "*"
# service: openvpn-xor
# port: 1194
# ------------------------------------------
traefik:
enabled: true
tcpRoutes:
- name: openvpn-xor
service: openvpn-xor
match: HostSNI(`*`)
entrypoint: openvpn
port: 1194
storage:
class: longhorn
size: 512Mi
openvpn:
proto: tcp
host: 195.201.249.91
easyrsa:
cn: Bad Houseplants
country: Germany
province: NRW
city: Duesseldorf
org: Bad Houseplants
email: allanger@zohomail.com
service:
type: ClusterIP
port: 1194
targetPort: 1194
protocol: TCP

10
values/badhouseplants/values.postgres.yaml Normal file
View File

@ -0,0 +1,10 @@
architecture: standalone
auth:
database: postgres
persistence:
size: 1Gi
metrics:
enabled: false

35
values/badhouseplants/values.postgres16-gitea.yaml Normal file
View File

@ -0,0 +1,35 @@
architecture: standalone
auth:
database: postgres
persistence:
size: 1Gi
metrics:
enabled: false
primary:
resources:
limits:
ephemeral-storage: 1Gi
memory: 512Mi
requests:
cpu: 100m
ephemeral-storage: 50Mi
memory: 256Mi
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsNonRoot: false
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"

35
values/badhouseplants/values.postgres16.yaml Normal file
View File

@ -0,0 +1,35 @@
architecture: standalone
auth:
database: postgres
persistence:
size: 1Gi
metrics:
enabled: false
primary:
resources:
limits:
ephemeral-storage: 1Gi
memory: 512Mi
requests:
cpu: 512m
ephemeral-storage: 50Mi
memory: 128Mi
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsNonRoot: false
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"

148
values/badhouseplants/values.prometheus.yaml Normal file
View File

@ -0,0 +1,148 @@
---
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
istio:
enabled: true
istio:
- name: grafana-https
gateway: istio-system/badhouseplants-net
kind: http
hostname: "grafana.badhouseplants.net"
service: prometheus-grafana
port: 80
coreDns:
enabled: false
kubeEtcd:
enabled: false
kubelet:
enabled: false
kubeApiServer:
enabled: false
prometheus-node-exporter:
prometheus:
monitor:
enabled: true
jobLabel: jobLabel
interval: 60s
defaultRules:
create: true
rules:
alertmanager: true
etcd: false
configReloaders: false
general: true
k8s: true
kubeApiserverAvailability: false
kubeApiserverBurnrate: false
kubeApiserverHistogram: false
kubeApiserverSlos: false
kubeControllerManager: false
kubelet: false
kubeProxy: false
kubePrometheusGeneral: false
kubePrometheusNodeRecording: false
kubernetesApps: true
kubernetesResources: true
kubernetesStorage: true
kubernetesSystem: true
kubeSchedulerAlerting: false
kubeSchedulerRecording: true
kubeStateMetrics: true
network: false
node: true
nodeExporterAlerting: true
nodeExporterRecording: true
prometheus: true
prometheusOperator: true
windows: false
prometheus:
prometheusSpec:
enableAdminAPI: true
retentionSize: 7GB
retention: 20d
podMonitorNamespaceSelector:
any: true
podMonitorSelector: {}
podMonitorSelectorNilUsesHelmValues: false
ruleNamespaceSelector:
any: true
ruleSelector: {}
ruleSelectorNilUsesHelmValues: false
serviceMonitorNamespaceSelector:
any: true
serviceMonitorSelector: {}
serviceMonitorSelectorNilUsesHelmValues: false
storageSpec:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 12Gi
grafana:
assertNoLeakedSecrets: false
persistence:
enabled: true
size: 2Gi
grafana.ini:
server:
root_url: https://grafana.badhouseplants.net
auth.generic_oauth:
name: Gitea
icon: signin
enabled: true
allow_sign_up: true
auto_login: false
client_id: 0ce70a7d-f267-44cc-9686-71048277e51d
scopes: openid profile email groups
empty_scopes: false
auth_url: https://git.badhouseplants.net/login/oauth/authorize
token_url: https://git.badhouseplants.net/login/oauth/access_token
api_url: https://git.badhouseplants.net/login/oauth/userinfo
tls_skip_verify_insecure: false
use_pkce: true
role_attribute_path: contains(groups, 'badhouseplants:owners') && 'Admin' || 'Viewer'
dashboardProviders:
dashboardproviders.yaml:
apiVersion: 1
providers:
- name: 'default'
orgId: 1
folder: ''
type: file
disableDeletion: true
editable: false
options:
path: /var/lib/grafana/dashboards/default
dashboards:
default:
gitea-dashboard:
gnetId: 13192
revision: 1
datasource: Prometheus
argo-dashboard:
gnetId: 14584
revision: 1
datasource: Prometheus
datasources:
loki.yaml:
apiVersion: 1
datasources:
- name: Loki
type: loki
access: proxy
uid: loki
editable: false
url: http://loki.monitoring-system:3100/
jsonData:
maxLines: 1000

11
values/badhouseplants/values.promtail.yaml Normal file
View File

@ -0,0 +1,11 @@
---
config:
clients:
# - url: http://loki.monitoring-system:3100
- url: http://loki-gateway/loki/api/v1/push
snippets:
pipelineStages:
- match:
pipeline_name: "drop-all"
selector: '{namespace!~"mail-service|woodpecker|minecraft-application"}'
action: drop

11
values/badhouseplants/values.redis.yaml Normal file
View File

@ -0,0 +1,11 @@
metrics:
enabled: false
secretAnnotations:
reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"
reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "gitea-service,funkwhale-application"
architecture: standalone
master:
persistence:
enabled: false

10
values/badhouseplants/values.roles.yaml Normal file
View File

@ -0,0 +1,10 @@
roles:
- name: minecraft-admin
namespace: games
kind: Role
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
namespace:
- games

55
values/badhouseplants/values.tandoor.yaml Normal file
View File

@ -0,0 +1,55 @@
istio:
enabled: true
istio:
- name: tandoor-http
gateway: istio-system/badhouseplants-net
kind: http
hostname: tandoor.badhouseplants.net
service: tandoor
port: 8080
ext-database:
enabled: true
name: tandoor-postgres16
instance: postgres16
credentials:
POSTGRES_HOST: |-
"{{ .Hostname }}"
POSTGRES_PORT: |-
"{{ .Port }}"
envFrom:
- secretRef:
name: tandoor-postgres16-creds
env:
TZ: UTC
DB_ENGINE: django.db.backends.postgresql
EMAIL_HOST: badhouseplants.net
EMAIL_PORT: 587
EMAIL_HOST_USER: overlord@badhouseplants.net
EMAIL_HOST_PASSWORD: nxVa8Xcf4jNvzNeE$JzBL&H8g
EMAIL_USE_TLS: 1
EMAIL_USE_SSL: 0
DEFAULT_FROM_EMAIL: tandoor@badhouseplants.net
persistence:
config:
enabled: true
retain: true
storageClass: longhorn
accessMode: ReadWriteOnce
size: 1Gi
media:
enabled: true
mountPath: /opt/recipes/mediafiles
retain: true
storageClass: longhorn
accessMode: ReadWriteOnce
size: 1Gi
static:
enabled: true
type: emptyDir
mountPath: /opt/recipes/staticfiles
django-js-reverse:
enabled: true
type: emptyDir
mountPath: /opt/recipes/cookbook/static/django_js_reverse

87
values/badhouseplants/values.traefik.yaml Normal file
View File

@ -0,0 +1,87 @@
globalArguments:
- "--serversTransport.insecureSkipVerify=true"
#service:
# spec:
# externalTrafficPolicy: Local
ports:
web:
redirectTo:
port: websecure
ssh:
port: 22
expose:
default: true
exposedPort: 22
protocol: TCP
openvpn:
port: 1194
expose:
default: true
exposedPort: 1194
protocol: TCP
valve-server:
port: 27015
expose:
default: true
exposedPort: 27015
protocol: UDP
valve-rcon:
port: 27015
expose:
default: true
exposedPort: 27015
protocol: TCP
smtp:
port: 25
protocol: TCP
exposedPort: 25
expose:
default: true
smtps:
port: 465
protocol: TCP
exposedPort: 465
expose:
default: true
smtp-startls:
port: 587
protocol: TCP
exposedPort: 587
expose:
default: true
imap:
port: 143
protocol: TCP
exposedPort: 143
expose:
default: true
imaps:
port: 993
protocol: TCP
exposedPort: 993
expose:
default: true
pop3:
port: 110
protocol: TCP
exposedPort: 110
expose:
default: true
pop3s:
port: 995
protocol: TCP
exposedPort: 995
expose:
default: true
minecraft:
port: 25565
protocol: TCP
exposedPort: 25565
expose:
default: true
shadowsocks:
port: 8388
protocol: TCP
exposedPort: 8388
expose:
default: true

81
values/badhouseplants/values.vaultwarden.yaml Normal file
View File

@ -0,0 +1,81 @@
---
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
istio:
enabled: true
istio:
- name: vaultwarden-http
kind: http
gateway: istio-system/badhouseplants-net
hostname: vault.badhouseplants.net
service: vaultwarden
port: 8080
# ------------------------------------------
# -- Database extension is used to manage
# -- database with db-operator
# ------------------------------------------
ext-database:
enabled: true
name: vaultwarden-postgres16
instance: postgres16
service:
port: 8080
vaultwarden:
smtp:
host: badhouseplants.net
security: "starttls"
port: 587
from: vaultwarden@badhouseplants.net
fromName: Vault Warden
authMechanism: "Plain"
acceptInvalidHostnames: "false"
acceptInvalidCerts: "false"
debug: false
domain: https://vault.badhouseplants.net
websocket:
enabled: true
address: "0.0.0.0"
port: 3012
rocket:
port: "8080"
workers: "10"
webVaultEnabled: "true"
signupsAllowed: false
invitationsAllowed: true
signupDomains: "https://vault.badhouseplants.com"
signupsVerify: "true"
showPassHint: "false"
database:
existingSecret: vaultwarden-postgres16-creds
existingSecretKey: CONNECTION_STRING
connectionRetries: 15
maxConnections: 10
storage:
enabled: true
size: 1Gi
class: longhorn
dataDir: /data
logging:
enabled: false
logfile: "/data/vaultwarden.log"
loglevel: "warn"
ingress:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
hosts:
- host: vault.badhouseplants.net
paths:
- path: /
pathType: Prefix
tls:
- secretName: vault.badhouseplants.net
hosts:
- vault.badhouseplants.net

59
values/badhouseplants/values.vaultwardentest.yaml Normal file
View File

@ -0,0 +1,59 @@
service:
port: 8080
vaultwarden:
smtp:
host: mail.badhouseplants.net
security: "starttls"
port: 587
from: vaulttest@badhouseplants.net
fromName: Vault Warden
authMechanism: "Plain"
acceptInvalidHostnames: "false"
acceptInvalidCerts: "false"
debug: false
domain: https://vaulttest.badhouseplants.net
websocket:
enabled: true
address: "0.0.0.0"
port: 3012
rocket:
port: "8080"
workers: "10"
webVaultEnabled: "true"
signupsAllowed: true
invitationsAllowed: true
signupDomains: "test.test"
signupsVerify: false
showPassHint: true
# database:
# existingSecret: vaultwarden-postgres16-creds
# existingSecretKey: CONNECTION_STRING
# connectionRetries: 15
# maxConnections: 10
storage:
enabled: true
size: 512Mi
class: longhorn
dataDir: /data
logging:
enabled: false
logfile: "/data/vaultwarden.log"
loglevel: "warn"
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
hosts:
- host: vaulttest.badhouseplants.net
paths:
- path: /
pathType: Prefix
tls:
- secretName: vaulttest.badhouseplants.net
hosts:
- vaulttest.badhouseplants.net

Some files were not shown because too many files have changed in this diff Show More