diff --git a/common/environments.yaml b/common/environments.yaml index 13a3ca2..d52b764 100644 --- a/common/environments.yaml +++ b/common/environments.yaml @@ -1,5 +1,5 @@ environments: badhouseplants: - kubeContext: badhouseplants + kubeContext: badhouseplants-new etersoft: kubeContext: etersoft diff --git a/installations/applications/helmfile.yaml b/installations/applications/helmfile.yaml index e51b168..cdfa277 100644 --- a/installations/applications/helmfile.yaml +++ b/installations/applications/helmfile.yaml @@ -106,6 +106,14 @@ releases: - template: default-env-values - template: default-env-secrets + - name: vaultwardentesttest + chart: softplayer-oci/vaultwarden + version: 2.0.0 + namespace: debug-backup + inherit: + - template: default-env-values + - template: default-env-secrets + - name: shadowsocks-libev chart: softplayer-oci/shadowsocks-libev namespace: applications diff --git a/installations/platform/helmfile.yaml b/installations/platform/helmfile.yaml index 2cc6aa6..90f4d0e 100644 --- a/installations/platform/helmfile.yaml +++ b/installations/platform/helmfile.yaml @@ -12,8 +12,6 @@ repositories: url: https://zotregistry.dev/helm-charts/ - name: bedag url: https://bedag.github.io/helm-charts/ - - name: vmware-tanzu - url: https://vmware-tanzu.github.io/helm-charts/ releases: - name: argocd @@ -47,11 +45,3 @@ releases: inherit: - template: default-env-values - template: default-env-secrets - - - name: velero - chart: vmware-tanzu/velero - namespace: platform - version: 7.1.2 - inherit: - - template: default-env-values - - template: default-env-secrets diff --git a/installations/storage/helmfile.yaml b/installations/storage/helmfile.yaml index 7bbeb7b..834c0a7 100644 --- a/installations/storage/helmfile.yaml +++ b/installations/storage/helmfile.yaml @@ -11,7 +11,7 @@ repositories: releases: - name: rook-ceph chart: rook-release/rook-ceph - installed: false + installed: true namespace: rook-ceph version: v1.14.8 inherit: @@ -19,7 +19,7 @@ releases: - name: rook-ceph-cluster chart: rook-release/rook-ceph-cluster - installed: false + installed: true namespace: rook-ceph version: v1.14.8 inherit: @@ -28,6 +28,7 @@ releases: - name: longhorn chart: longhorn/longhorn namespace: longhorn-system + installed: false version: 1.6.2 inherit: - template: default-env-values diff --git a/installations/system/helmfile.yaml b/installations/system/helmfile.yaml index 1a823c4..9c391d4 100644 --- a/installations/system/helmfile.yaml +++ b/installations/system/helmfile.yaml @@ -8,8 +8,6 @@ repositories: url: https://kubernetes-sigs.github.io/metrics-server/ - name: jetstack url: https://charts.jetstack.io - - name: longhorn - url: https://charts.longhorn.io - name: bedag url: https://bedag.github.io/helm-charts/ - name: metallb @@ -22,6 +20,10 @@ repositories: url: https://helm.cilium.io/ - name: bedag url: https://bedag.github.io/helm-charts/ + - name: piraeus-charts + url: https://piraeus.io/helm-charts/ + - name: vmware-tanzu + url: https://vmware-tanzu.github.io/helm-charts/ releases: - name: namespaces @@ -46,6 +48,13 @@ releases: namespace: kube-system inherit: - template: default-env-values + + - name: snapshot-controller + chart: piraeus-charts/snapshot-controller + version: 3.0.5 + namespace: kube-system + inherit: + - template: crd-management-hook - name: cilium chart: cilium/cilium @@ -65,6 +74,9 @@ releases: set: - name: crds.enabled value: true + values: + - networkPolicy: + enabled: true - name: issuer chart: '{{ requiredEnv "PWD" }}/charts/issuer' @@ -73,18 +85,6 @@ releases: - kube-system/cert-manager inherit: - template: default-env-values - - - name: longhorn - chart: longhorn/longhorn - namespace: longhorn-system - version: 1.6.2 - needs: - - kube-system/cilium - - kube-public/namespaces - inherit: - - template: default-env-values - - template: default-env-secrets - - template: ext-secret - name: metrics-server chart: metrics-server/metrics-server @@ -120,3 +120,11 @@ releases: - kube-system/cilium inherit: - template: default-env-values + + - name: velero + chart: vmware-tanzu/velero + namespace: kube-system + version: 7.1.2 + inherit: + - template: default-env-values + - template: default-env-secrets diff --git a/values/badhouseplants/secrets.funkwhale.yaml b/values/badhouseplants/secrets.funkwhale.yaml index 3e2a35c..06bca57 100644 --- a/values/badhouseplants/secrets.funkwhale.yaml +++ b/values/badhouseplants/secrets.funkwhale.yaml @@ -1,10 +1,10 @@ -djangoSecret: ENC[AES256_GCM,data:9ZPeukvGT3fQ19ef3Q0=,iv:P4VZY9Ils7CmQ9iDwbo8RmM1niY2xH8xY/BXJMjSp0w=,tag:ipIwKH4nVaGkbhITUZun+A==,type:str] +djangoSecret: ENC[AES256_GCM,data:fMSeOds/Jg/wwl1+yis=,iv:tUHZgRSBinNksTDZ8PKDwg2RKJzqi8QwxX42wySODeY=,tag:GEQzFKw+2M2lQql8c8FY/A==,type:str] postgresql: auth: - password: ENC[AES256_GCM,data:GVVmpA4LRiBe25NxUtyTVFDxq4mTRCfGnLgz39Y=,iv:eCKjnm44xfRCnqyGqo/bSPElItD/atx2NblTTeVuSDE=,tag:B3fkqQUK/wKo80GvPEOV4A==,type:str] + password: ENC[AES256_GCM,data:vJdVBHb5uYkxk/rp4Sbf7wVLGpR66OsVyA==,iv:L8YwhPyYpvMkGUoqtkctrNslW7LF2s4apZ26WbDBJtk=,tag:LG/39niDzaqQXQ2+NvU1GA==,type:str] redis: auth: - password: ENC[AES256_GCM,data:2kocp+hA3u/ZQi6OiwrbomeYiNvFtvU1G4poP1P+,iv:StiScUrhNpS2W/57LMHVmy3Grqg1hH95aCGwhr1XlzU=,tag:GdQ+JP4y+kDPe5EBbI5KIA==,type:str] + password: ENC[AES256_GCM,data:eN9uZXp9AoLe1QPtbHR5rXGKgSZFzyFMm5G+GrUq,iv:cD7XzjKcbrjjMSY2lCyL+CGYOnbduTiiGqAwKgDRV/s=,tag:05UomOmZ3oOzvmE4PLuFYQ==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +14,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtUWJITHdYVi9BTnlqZnlz - UjIweWZqV3pGcDVTWGZTdVFRYW8wMkZITWx3CmRCZTNYRk1KQUEzUHhMT3R4VkVF - b1BUd0lzRWVFR1RrRjFndnFuYWdOVncKLS0tIHU4UUpCNklsYnA1aVBHMzNVTVBy - dm43N2prYncxMFlIZW95MVdrTG96UFkKZWfR0r5LiQRo8C+lu1E2tX70BdmZ3n5W - bl6s0js6wcGEciwQ4jwxQvfsJrecCQLprUbynuGuQXrCqDIHxHsTiA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyU082aUE4enJ2UllHQ3Z2 + OU5ZZnNIb3JJT1ExSzBxSmpSejdnOW1LSnpnCk9XUTZMM3Y4Qkl3aGdPTTVUOEVW + dDV3QzdScWNMdFc1cHhKbVNoOHdDYU0KLS0tIFBZc1MrYkh2WVpPQWNaMWYrZVQ4 + b2lvOS80WjVZQWRMREhrMVpWRjA5UkUK/iY1SvS1ubVj9WtWPfF2DOmOweFRoKgZ + WtN3jGFsHrgQiiuMlW4huYGqWKCASPoEW09vNJ/mrDBmp38YdQfczw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-15T04:21:35Z" - mac: ENC[AES256_GCM,data:k06a/0Oh/xqrTo7396RqTDOvpXwor702HIKA99m+lT8aXrNQ1X2S6DZjDqeKdkjAcFfraWgKhc4kAq5kFH9zVq6T56E9VxxhgyQ9GkrX3Q33aehfD++57yWkkhwwYfFOzM5784CW6HHct7QZGPsNSYQO8IM+RJOKkPfa0taPraU=,iv:lsjg5Z0cix1uOC9ghj8Cg/bASB0BQEhnDG82opoW44Q=,tag:Q8xl1i1i4UA2uwnzb6TZIg==,type:str] + lastmodified: "2024-07-21T17:33:39Z" + mac: ENC[AES256_GCM,data:LTuNptcXyW7dNFVpIFwaD7D95lcoQWZIIQOvPFTpXh1xjdX66E7XXEWFNMn5p/PnDvvZdQ9IKSyR07ekzCLrSnoC0TYI6Sq1xY5tsR9WYAqK7CmqPbLYNxlBlViJW7UA4X9QjD9KdGMtsoKFgeU7t06QYFp7ooYjOn81Ny3jmyE=,iv:qR8AZ8uaD9Vu1ekXB2Rp5jjUv1xcNqS838f+/Unc3z4=,tag:+bimX/eyeSY4EM1fhOFUUA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/values/badhouseplants/secrets.gitea.yaml b/values/badhouseplants/secrets.gitea.yaml index cbd3692..035c88c 100644 --- a/values/badhouseplants/secrets.gitea.yaml +++ b/values/badhouseplants/secrets.gitea.yaml @@ -1,31 +1,31 @@ gitea: admin: - username: ENC[AES256_GCM,data:3vMaczD5ogk=,iv:r1mcBtnCn9Rea94wxlJl2k9WOgBreSqhvC731ylzTyk=,tag:128Zocc29xbuiMeX6YsPfw==,type:str] - password: ENC[AES256_GCM,data:2dpL5krpBiANfPPUE1ESiVZZmsc=,iv:TrQxyzIrixeR6UcBN+pol6PPOHME+dKAzpB7S7LyTXE=,tag:gkwkU0tnVaA7w1ELvC8QrA==,type:str] + username: ENC[AES256_GCM,data:jWOKYLR8wEY=,iv:obfaa7iVArqZsfXI9glfNVhnEzNPnoPvA9WZrqzURd8=,tag:ZQykUfckAD6CcRsAxYLfww==,type:str] + password: ENC[AES256_GCM,data:ckwTYUA05SSl+3KD9G/XtQW+nnM=,iv:reeJTq7vWcfjggl9X+/t0yYzaz7xuiZLZM0xW7zlfcI=,tag:x0Dtf3ea53+1c0jhn2C5zw==,type:str] config: mailer: - PASSWD: ENC[AES256_GCM,data:6j3SksBlJAHGdxYMakPlT5BiH2A=,iv:psdKPFPL//zxhzpIYoOYWRkXuRe3zvdWuEMmxhvdTUw=,tag:pD8GVh9CQwoRTQyYDDqYiw==,type:str] + PASSWD: ENC[AES256_GCM,data:ZXMbptf1Tn8QVf9H6gLuLIpI+gs=,iv:QsHjgoEWy4mEf/NNBnuPFpXBFHoACn8pfQmbF1wI2ZM=,tag:/T6PGia+mkzmcUkWANO25w==,type:str] database: - PASSWD: ENC[AES256_GCM,data:53PIleLwdXm19T5w3ia+NRZI6fGcIsc=,iv:Rzv2j5pRV/lZv6LOm9L52rZV80jB/X46kSugtPYSy9A=,tag:IZQsgKZ/rejAY/yqWZ7Ztg==,type:str] + PASSWD: ENC[AES256_GCM,data:mfMbZf7Kbn+5gwLi2JGMt6otMlQ=,iv:r2H7aSJKraBoDydV6N29hsRiH6bLUM0aJHPmo3dbSP4=,tag:WwBHKRYdJIv6IGQehO2yEg==,type:str] session: - PROVIDER_CONFIG: ENC[AES256_GCM,data:pd+v0a7iN+FEHNTPTWQkqRqisFkhYx7Y+VEt14OiGwCtqWCyO/KhAYi+5M9sehLc4BlhkZqkQsNk03UtbRqh0N9FcceQDFurAT/UT6hqfLV0afpS2tBq1v6Oy8PPF+/xty43SalSFdmAJqmRWdxQ7MYdi5O/BFB9,iv:aghnx3uzAN88Z01OCLuKpQHfmhlz3QfSOKE1DLFcIRc=,tag:mByau0gklRRqdhqshNM1AQ==,type:str] + PROVIDER_CONFIG: ENC[AES256_GCM,data:YexjXlIj5mtwhv5HD2rmpzo3hqIXpZkyPk0njFYe3tceDV2uclpLCmIrZOumwo4TdWtIZ5Axs336vXtFvi4LFSyyrzSnqSPNxC1aNHwmj4keMY1qvPG0qRCoS7Q7JcCak41gRopbx+RLn7BENZ6s0e19u5PXLDSB,iv:pkY0LBpXhnSr40YoZpklytGWmKe7CdsgPpQySXfON5g=,tag:96UXoPksLxE+mJzyjzjqEA==,type:str] cache: - HOST: ENC[AES256_GCM,data:s0pp4tFpn+BSuptnNiF1DsUzCnKcSk5+6fg7dbeUXHk0v57sv3NU2A2enBIVXz3Q/x84iecThl2jJubv+WdaHcuyrojqIycxkCZBX3Qf1gGz6ntAEzLVrsqxBND2Q2Te7vh6sKkxNEfqIrxJ6gGUMVlBJuJEPTDQ,iv:DrEhNNhxlbmt20vHtHUUQefPthaDVi0iKHUlVncjCus=,tag:m5XtiUANaRcBniV5Zgb1JQ==,type:str] + HOST: ENC[AES256_GCM,data:C4GD2Nbb9Yi7TTKvipoPW3wM7e9BvQziBqweB/AUTq78pk20c2QoirNDETqcGaA002Phr8SwttdljnjVhCMr/w+Np/XkNy2rSB00A6R8t5/gDDoxUE92R2RLFIRB3Ao4UwKdL2X/YvzX1xDq/WC/i7VmvPTnLbas,iv:NMTgSxxvrut/Pxi5lZa6mbP/eOMt6rk2leFJESl5SJQ=,tag:bKJ1P6KXdjHC3bFmreD7OA==,type:str] queue: - CONN_STR: ENC[AES256_GCM,data:aOXNVddJsB7ivhZIz68Du7UovOH9txmWBp7hFTNDCX9iN0kQYFEFTsgo3CopaBraDN8Px9AkuoGoReFeeQmobBOoVhLh8uUDc4wh8vX0/7kQF0Y0nL+CvZX/ARdq+quVS2ezT3Q/L9//3i5/+c/JhoXjsnsjd5/3,iv:WGkgDxJvI5n3DmlEvTtTtXhtBLNbUCInoX65pf6xY2I=,tag:ffWgPiWY7aTP2t8a0vJHVQ==,type:str] + CONN_STR: ENC[AES256_GCM,data:28O5cVRnezFBWnyILjGxLf39SrS7nYNuI0km29qz5Q2qPGwojiLziyTsBb9AUlLZc5nLcGEUIJ5vnXONtw96aOobDwwyLmPE8X/QnpRvjRN4DmAF7LO98AuyTrTXEOSNMp3Dee88F9T9wdwr5ekh1Fb/gBSJpkkt,iv:PP0ZPxBulXce/bIUTuuQgiaOBWNcjMe2V/BgFGJm77Q=,tag:BDteA6nftpa6q6djyhivGg==,type:str] oauth: - - name: ENC[AES256_GCM,data:28rs8MIG,iv:1BMEey0O/bP6dn4AoyvQijYsGxgcgYL42Hg4cfZmoE0=,tag:fgINzelLtjMmoNFKMpDvlg==,type:str] - provider: ENC[AES256_GCM,data:7DgUWPMQ,iv:zl2CGsU3BVlv8/RWvZPbWuPTURqK4WP/7nossqToglM=,tag:1J0ocYVcuONp+fP/EkDGQQ==,type:str] - key: ENC[AES256_GCM,data:i2eFPPatiIdP48nDlS0daVVJJuQ=,iv:mA1BYXBbq/lN3VqltqJNr1xx5V/JCFm8WSpgwkl0NaE=,tag:vEhBiSUjcdnrTiuR1i6bOA==,type:str] - secret: ENC[AES256_GCM,data:z3ZnGxQgQUwd7tFhFoCOsfjKbuwEjxBXSCxYKmTgLC86Q85CnWuQ5A==,iv:bn06FAyDoLV8Cvl3p8Iwq8xN9Y/9aa8vWDYZ7QbBic8=,tag:ABBcxyv3DSRG+KUiZtWd4Q==,type:str] - - name: ENC[AES256_GCM,data:DRvxuHW5YHyd,iv:lmorxsp6UQXMGzDtTOxsk9Spt6PtQqBZXpGLjWPSfwc=,tag:c+Z8bTWIBMb0T9zUp43t/A==,type:str] - provider: ENC[AES256_GCM,data:bVFY/VZYbfttfSVH2w==,iv:zkvp53USluN03spZBnMjgQeWVJeX1AawOWP7ZFT8ghM=,tag:YD1DspS7NCpGdDaItllYCA==,type:str] - skip_local_2fa: ENC[AES256_GCM,data:5QYHsA==,iv:uFJpxGZJVj+HMGNGAvoEmvYKGO9m2F1KwGBDgr3X7Cc=,tag:7hO+Gl+Y4rJ3386z9H+uug==,type:str] - key: ENC[AES256_GCM,data:CkXCnBs=,iv:w5E3CBdi+Cbyd9PsLjkstKcJDqqh6p9Xy4CExk2YDgE=,tag:FYYVedUt4tmzpHdgn4mm0g==,type:str] - secret: ENC[AES256_GCM,data:8euQctcEMSlv4JR4fLgDAZlnRAKe2P8HD+GNBirWqonb9MoDZLaKQcM4w8Y1Ya2BhJaPfYK2mSizxT0QUhRtN8BMn1h2/b+UDHvGNxheM/5FbTUaSI88HYX7UUcb1bn/2LJIaLoDs59fCkoAWrBRWqoXE5KL/2ZXEDVB9mbtpZg=,iv:iv5U21TIAr+bPc5yi7lNaZonjbh52A5uxPWZCpN00Eg=,tag:NOOhDxyNnWemsRG0ttu/NA==,type:str] - autoDiscoverUrl: ENC[AES256_GCM,data:rWc8bAMGwtIq6Ywb8tVAy9vgxf5ReZ5yqJESlTMFgW0mHTRjLMt8TFijMBHT/FFnnFFN2xapf6rU2bfPmtQBUgnLLDAmalRk1YnzAl+xdjM0e/BLv4q+H4k=,iv:BEEuNh3NcX27/+pzQjKyPiY2IIK3FSsSt5+p/1p79h0=,tag:bNYgc7vYMTpVQ6XROaMwqw==,type:str] - iconUrl: ENC[AES256_GCM,data:o7ZGL3fIiuHSiEXZK0NzACq/qb66QoLEhhtjlSRtCl6t/4mVTKOAj6Extgfl4r9l7k9GRAKVFus9H1BkVmeZGC7cVNpcEw==,iv:vgJB5pRtElNuNOTL6vBTHV4f9m5dh4EtjqIZvaC5xTM=,tag:GpFqcnWJLq5nmukzu9CwnA==,type:str] - scopes: ENC[AES256_GCM,data:+et7Z/Hfd5kmpXyqCA==,iv:GfKUWYynq6CrDLmi6GiCwPN0m7xLgb/BxtUahn2qmhw=,tag:bSlFzz6eRhpy9r21iO6/6g==,type:str] + - name: ENC[AES256_GCM,data:DWCdEzwP,iv:fJrSGxRPSljBLSnRRRCjsa3QCa730NGRyKJCVJe8YNE=,tag:vQFTYVUQXPcB3Mx9/qGfVw==,type:str] + provider: ENC[AES256_GCM,data:mSnq2rOw,iv:XC1JS1oqZxbBZoraWemzXWGSnpvn9NTx8OA57HV1B8w=,tag:kPxdj8h8Qk9oGayi3Di7yQ==,type:str] + key: ENC[AES256_GCM,data:ft+Zqnu7oXHxMnMcRFpT934TGL0=,iv:qFj+BT37ZKIH69ikEf1YMwE1LC+dyAW7tBXhY5X6mYY=,tag:+p+3+GX5zakkXyi41H7Iog==,type:str] + secret: ENC[AES256_GCM,data:CSGrxpxfGoKs4wHKl25s37Nenw/0nuagCa6Ed++nE9lnQlZ8G193CQ==,iv:oTOGJmZi/26OvKG5gkrUoFVaJ8erkHfVi44FTy9kb1M=,tag:upHqogYqdVZlUyJT3BG0/g==,type:str] + - name: ENC[AES256_GCM,data:iZ2gRgmkZGcG,iv:N16HI6nVh8euitBKEq4yr3kr2cpLRb12XWKupXGR98A=,tag:L+rWF5wbrwWHhSus1JGP2Q==,type:str] + provider: ENC[AES256_GCM,data:2HlYsjvxnOx1sHuKlw==,iv:aXOjLsl1ZF3NCPpqyGrSM25lX3OLKoRpGzrRW47lGVg=,tag:LzGsYa36wqgch/nw+en6oA==,type:str] + skip_local_2fa: ENC[AES256_GCM,data:QYsYyg==,iv:tZt+yIvuDbFa9BWsoeUvcOpIonlufb9FO7YU59mGkVs=,tag:+2rr0Q7c9XfwjFR7C+ikuA==,type:str] + key: ENC[AES256_GCM,data:4/jJ0cc=,iv:iu8l1dGDIou4ytXhub7YKlIGs8WDEAAjKVbwd81m0Uc=,tag:D2BiWDfubzbK0cJl1Bk/0Q==,type:str] + secret: ENC[AES256_GCM,data:iRRUJl5r7wJQY4SWaSMF2ut2+I37CGPhXOpCkMENNRm6dvFp7YNyiHVQT61PsWnoyWz9lFJMkjCnY98JDjvjWuYCW8O30IEklq/N4KYSgD5TLEWu1OCcPC8A7yMZJSI8rxTLKcevuGJD7ZT8hWl3nZDTkUwTEJy0qREqyhc8caQ=,iv:KOLmK6UddEq9hv938m409ldxVpR8pQLiJwk7Sr0W4mA=,tag:ZDBZwa6ZAQw4qGU9C+Z/xQ==,type:str] + autoDiscoverUrl: ENC[AES256_GCM,data:YxqoKonuM10Fawz8qJiOVILsoJDKuRotf4SHw/Vvw0srWvc26rpwzKoP+kj1u/UFv6pDmnBvrAgYVPGyJt/e4TgmsPDYfH6D0IVngaFLI5KDRll5aIUaAeQ=,iv:4U9CIgObfPwuqi/vxky4pNkL9R4BbStJ3YQ3MBH8LYo=,tag:Ouwcj0tjKu7eykoT3Rnkwg==,type:str] + iconUrl: ENC[AES256_GCM,data:OmHXFvlKnclwjbTc9AXbcMZOb7qW7om7Tgf7b3uHLgOmakuyTq7QhXM3oFQN+T/+J+Cna8MP27coLBDW8TL7RefT1TapSA==,iv:py3p4kh90W6BgAHmI2MIBu92y90M8QhQDmic0pX3m5c=,tag:yqci0Lu7K16/JBlJGkoXng==,type:str] + scopes: ENC[AES256_GCM,data:IvNV7Q+7vPJn7EJZ7Q==,iv:S/aUhW0ASL4yAwe9IaeYdjokHrE+4MViEAGa+5wQlyY=,tag:OxkVQCSfjCQePnJqt+EcNg==,type:str] sops: kms: [] gcp_kms: [] @@ -35,14 +35,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKby9xeUJBa3NuYzhGL0pY - QmVnNm9XR2E2MlRNTzhMUmQrdjdqS005djBRCnNGMHNhYzJEODZDUTdnVUJGTmhk - cFFVRTJFN3lwaWxBWHM3K3BZNVFqalkKLS0tIFl2OHVQRVJ2aDJuU0wraU5YcXlY - M25YSCttNGlBaTJyZTZlV1loampJK1UKoxw7UJF0Fv0BK8sQFePWT7GR00f50hMz - cC7b41VLLIVFF2ZmnS7eQEKPCcR8OjcjTo37RtqiTp9Perh4Cd0H3A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDeU9sbjV2b0JjcVZsbFUv + OWpSYVhBSlBrR2FOVWlDZnhTRk84YmlpK3hRClBZeTQvclE1VkhkMkltbjMrN3Vk + cko2M2VsNkpNSjhPZExUUTB4enV6WTQKLS0tIHdOV0FidU5wN0ltNTVlNVF6MVJB + ajlnQzNTK3NzcnJZN0FGVmx1VjhQVk0K2m9pzSB9gqIkOLBr/WwnrZfcj5633tFJ + PI+H+aXZwJtKuN4YOw0rlp5Jp4iQ9aD/9TLqYT6xQJbU1nibqCca1w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-11T13:24:17Z" - mac: ENC[AES256_GCM,data:4mPa4PInVeSKOA4VfC7gwYAcU1R3NCMBtn6oC2vLVHk192MBnMYnlLb8+bAYG2TVR38sdcVRfWugucijEouwWcCAixvPoPB55O2q0LtOS075PcmCiBUY2EQwYbfbgSXIvxm8pNa2izKFI6sabXFVhwP1Ofp/O9PVRUk7WYHuQgI=,iv:LNJ1mh5jZLum/kOZPfLIi9B7jSJxkWk0ZrY9yTy6KlE=,tag:XxeroRfGPXN3aJyIxUa50A==,type:str] + lastmodified: "2024-07-21T12:10:40Z" + mac: ENC[AES256_GCM,data:JlINn9gcMkhLNbCuOmfrnhB5f2K94KO+8qSOeKf5KjeJFv5AmGP/ssCPVRxko8Mi68l7JueggjTLJUgRRuLr2JdH9lI3URK8Oh63d5iYbn/y0LIPJC//mw/WWrNO15H5tR4dt1vPOzi0KwozvpLt0R8SYYwU+IIF3Ej/kG2KMyk=,iv:ZKsYYVkeCjvPptzH00V2SFKFQ0St/TOnxSAbqWpWWZI=,tag:NSG4lsk+Adglo3R/e8ZceA==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.0 diff --git a/values/badhouseplants/secrets.longhorn.yaml b/values/badhouseplants/secrets.longhorn.yaml index 65267b5..ca6debb 100644 --- a/values/badhouseplants/secrets.longhorn.yaml +++ b/values/badhouseplants/secrets.longhorn.yaml @@ -1,9 +1,9 @@ ext-secret: - name: ENC[AES256_GCM,data:4jH3h48Oeu9W8sgd+l5iUw==,iv:JNo5Tf6f+tGCPr/U34/bneEMwudmr8SWRpOwlJCV0AI=,tag:/K4o9qn35GePLKb9Fv97oQ==,type:str] + name: ENC[AES256_GCM,data:IpPv89vpwii27UclFUCcTA==,iv:qMeYGveJD198bxIZjfMIdZu7dBipRCu4EsoeiBC6Efs=,tag:k79JW54qd/xfgyHmkbR4Iw==,type:str] data: - AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:hlYynKiN,iv:rDL66gw8x0wckf04nUkSOQWp6KJ9nPKH6yaYpwvAC/I=,tag:nVc6H58vgxN4SS/28LAnGw==,type:str] - AWS_ENDPOINTS: ENC[AES256_GCM,data:L2WqNECWNHWRDpT6bSu8FqZ2b7m9R5k=,iv:nhhhrTImNU40+vMt36ZpE2w4gX1RoMnabP+mG1SGnIc=,tag:ioNkPx8195u0XoqD8qoSEg==,type:str] - AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:aVaJV7mg6lKUWvL04Oo=,iv:Wf9HYaznYFWptMR9T63r+wrd340BSQOMpKosfvseaoY=,tag:SzkFOXOjiH2QcxSa/Y5Xxg==,type:str] + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:Dl1SneGa,iv:AVFCJ75cJ+RKYSvtLJtR0iickPLhgyJku+I0l8t0Hhc=,tag:QwUpBSLDlHNUR1w4xLlQ8w==,type:str] + AWS_ENDPOINTS: ENC[AES256_GCM,data:RfiEBXY9wl3rzrTXq2JBy0EavblH+EM=,iv:Y1MptogOs9MQmnW5Lzo0WuwiDkq5WGQmWRE/12CxJeg=,tag:4xbTXBmQfWMukzVItYD5Nw==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:k/I4oC2s7rkChuc68pk=,iv:SzWiTO/74MzobUXgA8C/abM+WOV/dO18LP1ogxHQJ28=,tag:xQcPyCiPd2JW1qEQlImpBg==,type:str] sops: kms: [] gcp_kms: [] @@ -13,14 +13,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnSUs2OXBJbDFCYVhkUjdu - d2o4cXl4d2x3aXFSMm5HT0ZPMWI3YmhHRncwCmtWaDd5Q2d0cEVicE1MOW0xQ0li - aXZlbXBubVVoaTMwNCtiaUxRS3NUQlUKLS0tIGJuMlZZOWhxb0pCSy9wQkNNRk1o - WmwxN2NZRTNRK2dtU2pkMU9WZHkxSFEKUNcfWgzUU6LYxoQflAC6KZXINguTywjR - WJCBbihip0RfFeyiy9E1/O75OVnqwOUHgE7YWv9gekzm6GJhsuLTzQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2YWcyYWhCT1NoTTlGWW1p + OVF1RVU0a1lPOEVFM3NkU3BQZkE5RWUwZ3prCkhaMUp4OWlLS2orMDFQR1ZzWTJ0 + QnJSOStDOG9Ob0diOThDZE0zQ0dibDAKLS0tIG5QSEpPUjFnZ2cxYW5FanJtRTNO + SUdza2xlTWtlRHFLb0pYZjBabzdvVkUKqUYqyBcS+UTc00KYC+BCRvFLq7Q9LQx+ + NwenXMGEDJ6EEcmiHW1qMFxf9me6zFoF1te37nJ5yOYqh91C6OhILw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-13T13:04:38Z" - mac: ENC[AES256_GCM,data:ncKEHKNJSSjAXa5T5pBJoRCht228MMOb63JfaRDiGxZKOxi8wSF/UUyq1Vs3OjiklHeUwvgxG+gIpJHf1Png7zTWRXdptNLZu04Bog/RWa5L2Ow9BXq2GQ9h/YVZkgSB9Hvzu/pfU6efAaPqE+at/5sF2TIYB8ezoVsFQk+kRoI=,iv:s3ebxJZeYnR7BqpG14h+52BtvChup9ohY1O2DQrh0tk=,tag:I+sRnkOYwcx1j4YQKb4Cjw==,type:str] + lastmodified: "2024-07-20T21:35:51Z" + mac: ENC[AES256_GCM,data:KQXidT8xb6tfar6nuWmmT8vYPHafMz/jdvBYWU9+FPU4zOnDoz4PN+c22PAfHIvlWuA/BPtBii9xMExGRAOo6cdwfK4B7SynELVU5sETlhRRiz5Cb/hjXuW+wBi+ydWjQv0hDiRqnjAmrzvChUFXYQyI0pMXeA2MzyqPPEJAc0U=,iv:Bvj4vxvvampJcXZSNQIIIHPIiH5aGqX2Fx6jCWjNj4U=,tag:EixnB5lnc2zhAYO1+k589g==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.0 diff --git a/values/badhouseplants/secrets.mailu.yaml b/values/badhouseplants/secrets.mailu.yaml index 61e967f..898dfa1 100644 --- a/values/badhouseplants/secrets.mailu.yaml +++ b/values/badhouseplants/secrets.mailu.yaml @@ -1,21 +1,21 @@ -secretKey: ENC[AES256_GCM,data:0LlGX1QG39jemZ8X2Itq2A==,iv:Dt1YoxrQ3yxJVZ3sc60kWXDvtwKCO7PrsZRMZUDOHpg=,tag:NY/8/xxnYcX/Hv1BCIKCjw==,type:str] +secretKey: ENC[AES256_GCM,data:2C/EqqjWummBL0sY/ae+BA==,iv:wjm4+scr3wFUgXpol+EYghbW6QNNPjG/Ly4MebVqWu8=,tag:YndPQnLhZ14gRqonk4xoeg==,type:str] initialAccount: - enabled: ENC[AES256_GCM,data:rCMSGQ==,iv:mltQk4uc4jETPOimbRirrlxWxPsck6cLOM387chFtt4=,tag:3cy2sk+WPle9T96PcdWL+g==,type:bool] - username: ENC[AES256_GCM,data:2s3WINCPpAg=,iv:inUPAt/Q/lqSi88CKIEcexkbeJwSkS7pCWJqjDBbZ68=,tag:793MA/57fipWdODD2zcaUg==,type:str] - domain: ENC[AES256_GCM,data:IPoIY+yGxry3QQTRbdfbaRJU,iv:xG3mp+yAf+J2V0owRYi3XUCpQjtxAA+92bNiKTLvhvw=,tag:JogwzTxnImd4iKgJz76yaA==,type:str] - password: ENC[AES256_GCM,data:e2d9qYEUjkxbQRatzDslMTGDZhIqZwgr9t/olN2G,iv:uynCQDAKn7IoVpd1VLhWAI6dK2hN7LNC9PFNnOkYGOU=,tag:gqZSMCh3j/9lA7m6RQm6Ag==,type:str] + enabled: ENC[AES256_GCM,data:gmF9JQ==,iv:FE39Ygp4f+42llF5nGcQhXmO0FwPCjLQYlN16fGS2c8=,tag:C2BfQ+gu9OEEUeIRWYgNcw==,type:bool] + username: ENC[AES256_GCM,data:0gRIKqZDUNM=,iv:+3HmKBgR8JdSKQl79x+FLVeWZoP9CZWAxAeEUoYaIAE=,tag:afGcj8YwcpIEfHgz4nmvBg==,type:str] + domain: ENC[AES256_GCM,data:0SA71hSApv98uXP/fYFNGkJA,iv:LzQf1xoyHBIzz3Dlv2HYwJlPxU3xyy0m/Jp9RzeJ8TQ=,tag:gweJ4PV0eooqKKbb9aG7fA==,type:str] + password: ENC[AES256_GCM,data:+qLfSVDzhWYB19lt6RzPnXN2qFJAAUGeljwZQoCl,iv:GG/vcep80OGQhL4TL/33RYdsZ91Senxoeomt12cNvjM=,tag:fDu7NMjotkiIYKiVA3hUtg==,type:str] postgresql: auth: - password: ENC[AES256_GCM,data:YHgy0iu0oaaRBiiO0FXCN2o9d76Vgdbxi3Mnoerj,iv:d0tOkZsXvbEVA8awiX3P9AMrctbvy2JIbGggua5dTzs=,tag:v8b7QHY+5urMsV53IL7wsA==,type:str] - postgresPassword: ENC[AES256_GCM,data:LJH0X2ptmy3xNOHcpWr1FQ0IA1v8q1GmzXrhRwZz,iv:kLh8rb/75uGQL4uFbNLxzD+U59LcKkDeY4uExgbfgoE=,tag:abbtDQZAdzzrMsw0ErnX9w==,type:str] + password: ENC[AES256_GCM,data:8miAR6Z7PB01YtzlXJ+lmMNhVMD9GAwp2C8yUh1K,iv:7EQUwcDYNDHWmxWgZx3D4XOcfHfDmljl/TUaqQw022M=,tag:y+Z7sP5MHmjustVgcFhDow==,type:str] + postgresPassword: ENC[AES256_GCM,data:FBsPXyaLACvCcPiKYSidzanPmDSuQm00Y0VVGgFk,iv:IzCwXuFHq1dNO1v43X9LeaLL6WHyX0VbHKMkHarzDLc=,tag:dI7K0RpiTS6CT1IAP+rinQ==,type:str] secretKeys: - adminPasswordKey: ENC[AES256_GCM,data:30CNkafy6P0F5UCvjxMus9Isi/FzDzyOqMT+VFk0,iv:1s7dFCEGD6soA+uwjAzKmvCltS+YUVY1/2Tk3ZOBemU=,tag:IO+YBBWmmUnyxbsigACRwA==,type:str] - replicationPasswordKey: ENC[AES256_GCM,data:pdBxjNmwcsDj0/dC5324XVUBpemUM8LbjxVlBwt/,iv:+wfSUgLgCORtSe1Vf02LZx0U9eEs6Bd9OgH3n6kK8BQ=,tag:E+FgJG2z8/TBAmy7+XlYSw==,type:str] - userPasswordKey: ENC[AES256_GCM,data:3s35K9e4RHRvpt85ft2Msb9GfC6TlGnjIT8B/obp,iv:KnuBW4b0LOuHwXNzgxVqpVDnijiV+DoyQfveHvgCsp8=,tag:G3FcSSPMJy/7IUsUPLbuSw==,type:str] + adminPasswordKey: ENC[AES256_GCM,data:bg+ZALMVfw1KCMoHM2dJMl4nrXHCWffOfrEGoacX,iv:pR4ybyQdsHa+4l//fGlOSbC32W8D5N3dpbV5zAslCO8=,tag:Ws/qcvr9nRoelgY0j+LWtQ==,type:str] + replicationPasswordKey: ENC[AES256_GCM,data:hISKDJ7aX/purQqNitCirYLEWMWjsI+UXHiNZBK/,iv:+EcGrXZIFvXN+vHDZyQLbD25XHf9xRDmkMur/5cOQcQ=,tag:Z/HCw6NblVy+17i5UiZjAw==,type:str] + userPasswordKey: ENC[AES256_GCM,data:Eo3jeY1rnrqe/Onk1Lsp/oQN72yS93tl21srZ/0b,iv:JdvAIpfIhaqPNO1ffc8rN0N6QTWfaFfCTpbuoXVgrR0=,tag:mjwsTPUh/Gw9UL9fOyAKsg==,type:str] global: database: roundcube: - password: ENC[AES256_GCM,data:WUgeCqoWVRCdrA==,iv:5HO53lEArnIqRlWnQqlSKZ+hs7DxDAc9D3wHmbvb68M=,tag:nrjt2qnqGDmT/rv7JNR8Mg==,type:str] + password: ENC[AES256_GCM,data:Gj+fV//U0QG1SLZfGu3Ya/UVEaXAhJ730A==,iv:8qwI9R+NkvHGhGr2WBMiZOVzIMWnUMu6stIVvrPzQqw=,tag:eLx/hj++cVk7lyfKRZM7PA==,type:str] sops: kms: [] gcp_kms: [] @@ -25,14 +25,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvVlBCaDl3OHBxTnM4aWRS - L1Q2aC9uT20rUlgvQXFkVThsa1JBS3ZwdnlrCmwxQnNRazlENVFPUER4WEx2ODVu - Ukx1RHQ5c2NCZHptNm9IV2cxdHlmUFkKLS0tIG9kRUhzZDlocEhNQlFrYVpZdzVj - aXFnN08yR2JMVkNGcjE1UDFDWjBWSzAKQIt/5DQkW8FTQTQyWfU8QSxMQ8TV1J8i - l326pi2q+TuLoIvef8EKA+qax56OGnqESl2JcyHCAyT2T1tTzM1bpw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzUDlSNEcybzhtQk5JY256 + bzlsU1B0aTNOaFV1NE1va0tnOWE2cHpTQzIwCksrRnQ1NjlvUERJN0gveG1YVDhP + aGZrSVlZTG1BMDMzQ1d5MncySnlGRXcKLS0tIFNOQmJpeUNUQWVJYWM4SWc0UlNi + OWErZ1dRazBaZE5sdjA5SzVYZ2R4d3cKRPu6CwvAJxsmhPYJEbfuOmBVJ8I2NGFC + 6njQe1PrSbvymUkdn9CCJr43iLjDw1TWKbR6CLSrt9HbE0UGqEP4og== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-04T09:30:41Z" - mac: ENC[AES256_GCM,data:5SE/XCKyCArO+AqhRJb8h3K1WYys5OHcOfZuRW8j8i3SMEtb+84D1KcsgEFBsJmvffbpxaKXcz7umEIKG+LWLeLjvCgqHwZa7Tidn1X07a9Dep74BfvTNZWVCKEAi/6YcHkLIsVM9Bkl0MOPZTxDjmzVsdiCR+3nfZ6RJ4AysxA=,iv:Yf8m6YNxycoZj+uYAe4rKRmzQiuZtmpLrYYmxDvwPbA=,tag:TcrPy/gj/je8gGOw3jiZ1w==,type:str] + lastmodified: "2024-07-21T14:32:03Z" + mac: ENC[AES256_GCM,data:qsF4gGUbmyNU+dBRMj0FO1njv/pNA74noT8qT6pmq8qniuAxuyn6FGr6HOBVtJmitCH+fZIClw9nk+Gh3hUAX8YM1m7Ymx0nBI9cfP0RyDVHiooHyWrraEryXIOtSK8vXlCO22qJCwPRrU7nNd6u1vfQTq3l8L9EV4ImqLYbZZk=,iv:G3k8upjBuFhmVfwWtcebu1IhzLMRM/yOy33CzMM8MPM=,tag:AhMUuVZmIXAIYb+6qAcwdg==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.0 diff --git a/values/badhouseplants/secrets.nrodionov.yaml b/values/badhouseplants/secrets.nrodionov.yaml index 1422fb9..cdea8ec 100644 --- a/values/badhouseplants/secrets.nrodionov.yaml +++ b/values/badhouseplants/secrets.nrodionov.yaml @@ -1,5 +1,5 @@ -wordpressPassword: ENC[AES256_GCM,data:yYE91wuc9uOzIQ==,iv:jLqs0BZcEIG73roA/wxtK74xX+osePoIaKhg6XvuAXE=,tag:9a3n1tbRAy4TaU0OE8uZcQ==,type:str] -wordpressEmail: ENC[AES256_GCM,data:Fy6mIfhu0DuO+MSp1TPN7On6cFZk,iv:bxYiJBYgbuQsWPRWKfubmNZ/jShMBLeiPDyw7XtOAkY=,tag:RyBuqoNGoTzKR68RNSgumA==,type:str] +wordpressPassword: ENC[AES256_GCM,data:0JSm0szXtZwNPw==,iv:ohVbIeIqhwdoJkPhEta+3sXopGkoL6Z3PVsWthZ2RGM=,tag:9a8xiWdWgyEc7u6ek856yA==,type:str] +wordpressEmail: ENC[AES256_GCM,data:mCbGYDbY37zHVqYo2ZacGWbtVxud,iv:w3La8QpCs1GKWspjVe5XTZ6zcLSnApJw9i6MtYI8rP8=,tag:H+4M42u/5lE64LqyD5JEbw==,type:str] sops: kms: [] gcp_kms: [] @@ -9,14 +9,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1V2tQdkFWenZWZU1pT1JY - cXpVV3UxNnN6and1R0lBd1NrcXdWNTdibkFnCkJxeERBYyt4ZUtabWl5dlIxNmJZ - blhSUHZWTk1PVS9RUThlNFRBREh0T1UKLS0tIENKK200NnRDNUJCeGNTeFB5Z1BI - a2l5SG4yTjhmUlorWlJNbmFDekN5LzgKCS8nqMu72GDYjuSrfgbp/KZbHfhOdpyu - WpT0T6pk/oOc9ohQKGD/jvcjrMW7OZ5uYpZc/4gPdLKcOnNB+BEo/g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4elh3ZjU2Z1JPckRmRi9Q + ZURUaHNuMk9wQ0JWMktBZ08vZXpkQi9sNnhNCmxudXBIcDh5WGpJSTdXOUcxRGpx + S3RobjJwV01zamozeUJGWjZ2SkJnNHMKLS0tIHE4NlVCZnVqUTByT0xtVlpBNUZk + T2NTYWFZRkQxSzdTN3ppOWtaeHBxWU0KPH4OOrTptzmv9+QzSc6Kvq2leVc0/H2X + 3bwsZK0/0toEEPGyrpJFcof1G9Y6GmW2JT2O79K5hm9R9FP1lqaxJA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-11T17:30:01Z" - mac: ENC[AES256_GCM,data:KWW440Ez01/kjq1TxLMZLLpyUmPluUJLvgPuY94/O56jz5/ewzkOY+yL4Wc20M++bITNBQUCw4y9HTC4jS2/vWITZnc9Dik8AcbpBrttMIE0fs+WeLudbt56lCCbcddoyOfAvGU+2t74da2uHQVpKBT1jsp/DVlZuFsHUuJeJP8=,iv:cnOqF84iRhDG04oWvWUyXxFmJbluM86TvwEVu7Z7hRA=,tag:nYXMxfm8drvklhSXcGSKNA==,type:str] + lastmodified: "2024-07-21T12:13:26Z" + mac: ENC[AES256_GCM,data:lBIOKXgW5EDzYGdXUP5c0OzdsyOVTbPhpNshlarm7UozDdnEW7brB0izRCp0+FjDxcDlhuBcpR69kel4x0O9NvDvCQHO6TfbEdFy43IgIg6bZAEAa55KNCeaXa9x+lyNWkTNJ066bcQYu8yFj2aOqwrksU96xsBqMk7t0CPgrDc=,iv:e5bjuz9ii50r22Dd7EHPqC71CJAA+jCW1VDQnyqk7TQ=,tag:eHW9xmzVASBGadSfTQwquQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.0 diff --git a/values/badhouseplants/secrets.shadowsocks-libev.yaml b/values/badhouseplants/secrets.shadowsocks-libev.yaml index 70aa09a..e525277 100644 --- a/values/badhouseplants/secrets.shadowsocks-libev.yaml +++ b/values/badhouseplants/secrets.shadowsocks-libev.yaml @@ -1,8 +1,9 @@ env: secrets: - sensitive: ENC[AES256_GCM,data:DAkG0Q==,iv:TBwu9ozIY9hHOtgZD8kXC9zL7jbguCBnB0CCXgNY0BA=,tag:Yxlv4EE9V0D+OsjSQccbsQ==,type:bool] + sensitive: ENC[AES256_GCM,data:ICQFLQ==,iv:7ohWwGwj/b+N3szJtcz/Ye6tJb+QptwhHwsyCBIp4NQ=,tag:U6+qYO6PFMU/UBkEzGTM6Q==,type:bool] data: - PASSWORD: ENC[AES256_GCM,data:cgMrKkfKHg06GuNGA1YFyD7RzGg8NK57eAyULtB9f5AYEG2GH642nmmHPCOyUpkItSg=,iv:u1kzkrG9CBXWPYDQa1aasym4dkbxGQoerZYqh4rGVjQ=,tag:QDdQ4+1KX77GGp7lNYCq4g==,type:str] + PASSWORD: ENC[AES256_GCM,data:sgD/f785ojMPeXQEOfHQ8a8YIfty2kZ863xlhbWR5RI6BBAlqUcxzoEPuf1ywhhEDo4=,iv:tEpD8oPSWEfRto31eMXzGB8n0VqPYuqEO0RODyeZPV8=,tag:jWMyVDhOrP+e+lonf4PkWQ==,type:str] + DNS_ADDRS: ENC[AES256_GCM,data:FizWUQGwUB6a9g==,iv:pRo9XdiFFU7eIX8cuYEpt2+uGKpfw8Xw+qtvW3msWMg=,tag:/syUOyvBsNdDxwWkvqSxLQ==,type:str] sops: kms: [] gcp_kms: [] @@ -12,14 +13,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpRW40RDJkLzBDcXBxTkRN - akhJRGdTUnFPNmZRVEQzcXdjdXFaK1IvRVc0CnJ0MGdrVHA4SzVueWQ3U0lKMHk2 - Q0psQ1p5RTdDdEtqZ0EvcWw3RWYvb2cKLS0tIFU5R1VJN1U0ck1QTnp2c0p1bzBZ - aE5DUWh0elFVMVNJN212cG5JV3AzSFUKvMFOpbGIbLtGYldgvrfKbcJO17OPGZoc - TdHaWk2f+HVb29M2D9ovW4ewuxLL/ADNl4rAGMVmpxEAVfxO5XPXlQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0YXlKeWtrQ3k1RXJrWUF1 + TmFYRVlxdVhRckpnZ044VU42R01YK0g1ejFzCk0waHM3NlpYRmRERWV2TzJ2cDZu + YXRheDNNNkFFUHpGOFVUdjlwZkI2TTQKLS0tIENtK0QzOE9XWGF6SXlOem1BTnps + YWhWUnhFb25xWUcwV0pjK0FYKzM5eEkK4u3dZXpMw4VRON+SCvFgGsI4pn3jGxpM + 1Hy591bCkC+W5n6okuQauJUIEu28KE3EomZh9h7hg7gY5pUUMZhz8Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-09T18:58:52Z" - mac: ENC[AES256_GCM,data:T1TdR8G2G+aN/tYGzmEGIvkd6cCpGa9wiEZK4g3dR2Qe4eFi9go7h9X81VE3v+HgjwxDfWm4uITNthWgGN7P0hVV6SWwRiG01CnVYDQgRh+tEBKPOFcmq6Tvm5xNGUfv9OeaF1TizIFFDeQ4a/A0qWGR4ZN6HYk2J6lIAccxEmQ=,iv:dz59+TwgL8O94h2rQsSiDY2lRu3dJdNveR4nCQDYzlc=,tag:hLuLZRv63c1oz/cBh0obHg==,type:str] + lastmodified: "2024-07-21T18:28:16Z" + mac: ENC[AES256_GCM,data:ZNv1Pf1d48G5/EyKlEmD5rd3PenkGk3mVcrjhpiYWO47XiOO94oh/T6oibq9aNEcsl3KE9K9HH9fqJY+TboxJTHRAwr1f2ayzFxSn++axxxM0bxLpvd4CnDprjWaBaTNQPlGxLBtVeVqMmDiolWi5ow9cHS0FumpyvMHEnwm0Uo=,iv:1KPnOCF4AK1l5AEujspxq72cBa94mmeuZl8KSZ9OWPE=,tag:I5nRlK0veei0++nxh0wFWA==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.0 diff --git a/values/badhouseplants/secrets.vaultwardentesttest.yaml b/values/badhouseplants/secrets.vaultwardentesttest.yaml new file mode 100644 index 0000000..b065630 --- /dev/null +++ b/values/badhouseplants/secrets.vaultwardentesttest.yaml @@ -0,0 +1,30 @@ +env: + secrets: + enabled: ENC[AES256_GCM,data:vAWPyA==,iv:nEzYTUi6VLTOIoPuKljxwNLoo1jD2twVXG8rbJt++5E=,tag:fQ6mHwjdsaaLXjPgy691RQ==,type:bool] + sensitive: ENC[AES256_GCM,data:vM91LA==,iv:/mNXXR6oI4/eMiyym+kK9N6q8RtchsGGZghgdrw9iMM=,tag:TCULlwJIKVSXF6IMuEV0aw==,type:bool] + data: + SMTP_USERNAME: ENC[AES256_GCM,data:2vIkJbVsF88SqkOCLspDd1qADWvlvDxZTPED,iv:9w05Hm9MDcrUDar2yo35jy/fDrF5aluf9T9gmuOCQjw=,tag:CIJKd8lyUZUuwsCBbdaBsA==,type:str] + ADMIN_PASSWORD: ENC[AES256_GCM,data:2i85zdr26/Id0zhtsAe0zJGavxYOxZ/zd7/bK+uEhPzQTduz7j3oXb9mvqpZD8PJxiw=,iv:hZDJMVhowwfpfxVobPztO4Dx5jEp6Vf57uWWppAC+Ak=,tag:MBKd6JS8nw4NscKfHIb22A==,type:str] + ADMIN_TOKEN: ENC[AES256_GCM,data:VyDuMYCnyC1NRkqMAnnejfPe2UpEDRiAHMt8CO2WWpbGWI2mUb3ApmnBmYclo2xpYduAwHzYfCtR3xZbXCsU5Tx7pNeGXkDaNL68Hzy90p3C9wVhjA==,iv:55Fl+NLBKUsgjugCHp7tmhM4fCCtzPrZdCyJfgFomWU=,tag:oSrfwc1gLy/VmQfeEBcElA==,type:str] + DATABASE_URL: null + SMTP_PASSWORD: ENC[AES256_GCM,data:iztp5mMTHIm4OROpLRZf/VC5ZO8=,iv:jOnAkVsEfSdGrwIIuc7PKPvACTGe3racjcjqqcfLjgE=,tag:BWBWJnWvaaSZM5u6Z1ywSA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhLzVRdW5ITFJmWHE5dkRr + R3pGbTh3UmFTTXR4VVVGRjlSUURudmxwM1hjCk16U3BKYkZTcmdwaFZtcTZNYk9C + M0ZBZk52bDBuNWZwa21SMU1mSnhmWEUKLS0tIGZVV01KQ3Z6OGltN1RFSks5MVJI + a2xWUGZpMmovY1Qya05nVXRZVUFDTFEKhF34OSdGZizs1/Rs9qvUOVtomQBvOFbS + hRsK3Orwig4HJdzj1UOZd8UMGwj6Mzhw+aKUJKL67igMwxbxVcaU1Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-07-15T18:51:59Z" + mac: ENC[AES256_GCM,data:FWplZ9jLQM4WkYU+FH3Unmq7o0Ma4vqXB6dX6ZAp87URaP3NHLfK8kFGlvUJKWDBKPOVlvdAMo9Mc+3yLwJgmhMEYOt7OX/tu1tRVKRD1LsyvCMJEMFDyBCwvdXw0p5dvap5/strpZU65keBKjfqhJvnAsDtAPQBrhV1kfiotRY=,iv:1J1DCgmJPAPQm0zsjCiyunNFqddhJfNBhBLJnESt17s=,tag:GSbogrUfTkIhGqYAFJQSpg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0 diff --git a/values/badhouseplants/values.authentik.yaml b/values/badhouseplants/values.authentik.yaml index f6ac6bc..5ef4894 100644 --- a/values/badhouseplants/values.authentik.yaml +++ b/values/badhouseplants/values.authentik.yaml @@ -33,6 +33,9 @@ authentik: enabled: false redis: enabled: true + master: + persistence: + enabled: false server: ingress: annotations: @@ -61,4 +64,3 @@ worker: - name: postgres-creds mountPath: /postgres-creds readOnly: true - diff --git a/values/badhouseplants/values.cilium.yaml b/values/badhouseplants/values.cilium.yaml index 6eae22c..5715b7c 100644 --- a/values/badhouseplants/values.cilium.yaml +++ b/values/badhouseplants/values.cilium.yaml @@ -7,4 +7,4 @@ endpointRoutes: ipam: ciliumNodeUpdateRate: "15s" operator: - clusterPoolIPv4PodCIDRList: ["10.244.0.0/16"] + clusterPoolIPv4PodCIDRList: ["192.168.0.0/16"] diff --git a/values/badhouseplants/values.mailu.yaml b/values/badhouseplants/values.mailu.yaml index 3f9516b..9d4ea3f 100644 --- a/values/badhouseplants/values.mailu.yaml +++ b/values/badhouseplants/values.mailu.yaml @@ -54,7 +54,7 @@ traefik: service: mailu-front entrypoint: pop3s port: 993 -subnet: 10.244.0.0/16 +subnet: 192.168.0.0/16 sessionCookieSecure: true hostnames: - email.badhouseplants.net @@ -90,7 +90,7 @@ front: - name: PROXY_PROTOCOL value: "mail" - name: REAL_IP_FROM - value: "10.244.0.0/16,10.43.0.0/16" + value: "192.168.0.0/16,10.43.0.0/16" admin: resources: requests: @@ -106,9 +106,8 @@ admin: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 - persistence: - size: 1Gi + size: 256Mi redis: resources: requests: @@ -140,7 +139,7 @@ dovecot: memory: 400Mi cpu: 300m persistence: - size: 1Gi + size: 512Gi roundcube: resources: requests: @@ -150,7 +149,7 @@ roundcube: memory: 200Mi cpu: 200m persistence: - size: 1Gi + size: 512Mi mysql: enabled: false postgresql: @@ -182,7 +181,7 @@ rspamd: readinessProbe: {} webmail: persistence: - size: 2Gi + size: 512Mi storageClass: "" accessModes: [ReadWriteOnce] claimNameOverride: "" diff --git a/values/badhouseplants/values.mariadb.yaml b/values/badhouseplants/values.mariadb.yaml index ae964fc..aa05416 100644 --- a/values/badhouseplants/values.mariadb.yaml +++ b/values/badhouseplants/values.mariadb.yaml @@ -15,5 +15,4 @@ initdbScriptsConfigMap: "" primary: persistence: enabled: true - storageClass: longhorn - size: 1Gi + size: 512Mi diff --git a/values/badhouseplants/values.namespaces.yaml b/values/badhouseplants/values.namespaces.yaml index 3f471f1..d1d78ed 100644 --- a/values/badhouseplants/values.namespaces.yaml +++ b/values/badhouseplants/values.namespaces.yaml @@ -7,3 +7,4 @@ namespaces: - name: platform - name: games - name: pipelines + - name: rook-ceph diff --git a/values/badhouseplants/values.nrodionov.yaml b/values/badhouseplants/values.nrodionov.yaml index f3b7b81..9c94680 100644 --- a/values/badhouseplants/values.nrodionov.yaml +++ b/values/badhouseplants/values.nrodionov.yaml @@ -38,11 +38,10 @@ service: persistence: enabled: true - storageClass: "" accessModes: - ReadWriteOnce accessMode: ReadWriteOnce - size: 2Gi + size: 512Mi dataSource: {} existingClaim: "" selector: {} diff --git a/values/badhouseplants/values.openvpn-xor.yaml b/values/badhouseplants/values.openvpn-xor.yaml index 5827bde..ef75c98 100644 --- a/values/badhouseplants/values.openvpn-xor.yaml +++ b/values/badhouseplants/values.openvpn-xor.yaml @@ -22,10 +22,10 @@ traefik: match: HostSNI(`*`) entrypoint: openvpn port: 1194 - +tcproute: + enabled: false storage: - class: longhorn - size: 512Mi + size: 128Mi openvpn: proto: tcp diff --git a/values/badhouseplants/values.postgres.yaml b/values/badhouseplants/values.postgres.yaml index db7f7ab..e93aee9 100644 --- a/values/badhouseplants/values.postgres.yaml +++ b/values/badhouseplants/values.postgres.yaml @@ -3,8 +3,9 @@ architecture: standalone auth: database: postgres -persistence: - size: 1Gi +primary: + persistence: + size: 1Gi metrics: - enabled: false \ No newline at end of file + enabled: false diff --git a/values/badhouseplants/values.postgres16-gitea.yaml b/values/badhouseplants/values.postgres16-gitea.yaml index a61642a..e4a9d2d 100644 --- a/values/badhouseplants/values.postgres16-gitea.yaml +++ b/values/badhouseplants/values.postgres16-gitea.yaml @@ -9,6 +9,8 @@ persistence: metrics: enabled: false primary: + persistence: + size: 1Gi resources: limits: ephemeral-storage: 1Gi diff --git a/values/badhouseplants/values.postgres16.yaml b/values/badhouseplants/values.postgres16.yaml index 844da46..a242852 100644 --- a/values/badhouseplants/values.postgres16.yaml +++ b/values/badhouseplants/values.postgres16.yaml @@ -3,12 +3,12 @@ architecture: standalone auth: database: postgres -persistence: - size: 1Gi metrics: enabled: false primary: + persistence: + size: 2Gi resources: limits: ephemeral-storage: 1Gi diff --git a/values/badhouseplants/values.rook-ceph-cluster.yaml b/values/badhouseplants/values.rook-ceph-cluster.yaml new file mode 100644 index 0000000..453302a --- /dev/null +++ b/values/badhouseplants/values.rook-ceph-cluster.yaml @@ -0,0 +1,184 @@ +toolbox: + # -- Enable Ceph debugging pod deployment. See [toolbox](../Troubleshooting/ceph-toolbox.md) + enabled: true +cephFileSystems: + - name: ceph-filesystem + spec: + metadataPool: + replicated: + size: 3 + dataPools: + - failureDomain: host + replicated: + size: 3 + name: data0 + metadataServer: + activeCount: 1 + activeStandby: true + resources: + limits: + cpu: "200m" + memory: "256Mi" + requests: + cpu: "50m" + memory: "128Mi" + priorityClassName: system-cluster-critical + storageClass: + enabled: true + isDefault: true + name: ceph-filesystem + pool: data0 + reclaimPolicy: Delete + allowVolumeExpansion: true + volumeBindingMode: "Immediate" + mountOptions: [] + # - discard + parameters: + csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner + csi.storage.k8s.io/provisioner-secret-namespace: "{{ .Release.Namespace }}" + csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner + csi.storage.k8s.io/controller-expand-secret-namespace: "{{ .Release.Namespace }}" + csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node + csi.storage.k8s.io/node-stage-secret-namespace: "{{ .Release.Namespace }}" + csi.storage.k8s.io/fstype: ext4 + +cephBlockPools: [] + # - name: ceph-blockpool + # # see https://github.com/rook/rook/blob/master/Documentation/CRDs/Block-Storage/ceph-block-pool-crd.md#spec for available configuration + # spec: + # failureDomain: host + # replicated: + # size: 3 + # # Enables collecting RBD per-image IO statistics by enabling dynamic OSD performance counters. Defaults to false. + # # For reference: https://docs.ceph.com/docs/latest/mgr/prometheus/#rbd-io-statistics + # # enableRBDStats: true + # storageClass: + # enabled: true + # name: ceph-block + # isDefault: false + # reclaimPolicy: Delete + # allowVolumeExpansion: true + # volumeBindingMode: "Immediate" + # mountOptions: [] + # # - discard + # allowedTopologies: [] + # parameters: + # imageFormat: "2" + # imageFeatures: layering + # csi.storage.k8s.io/provisioner-secret-name: rook-csi-rbd-provisioner + # csi.storage.k8s.io/provisioner-secret-namespace: "{{ .Release.Namespace }}" + # csi.storage.k8s.io/controller-expand-secret-name: rook-csi-rbd-provisioner + # csi.storage.k8s.io/controller-expand-secret-namespace: "{{ .Release.Namespace }}" + # csi.storage.k8s.io/node-stage-secret-name: rook-csi-rbd-node + # csi.storage.k8s.io/node-stage-secret-namespace: "{{ .Release.Namespace }}" + # csi.storage.k8s.io/fstype: ext4 +cephObjectStores: [] + # - name: ceph-objectstore + # spec: + # metadataPool: + # failureDomain: host + # replicated: + # size: 3 + # dataPool: + # failureDomain: host + # erasureCoded: + # dataChunks: 2 + # codingChunks: 1 + # preservePoolsOnDelete: true + # gateway: + # port: 80 + # resources: + # limits: + # cpu: "150m" + # memory: "256Mi" + # requests: + # cpu: "50m" + # memory: "128Mi" + # instances: 1 + # priorityClassName: system-cluster-critical + # storageClass: + # enabled: true + # name: ceph-bucket + # reclaimPolicy: Delete + # volumeBindingMode: "Immediate" + # parameters: + # region: us-east-1 + # ingress: + # enabled: false +cephClusterSpec: + dashboard: + enabled: true + ssl: false + all: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: role + operator: In + values: + - ceph + mgr: + count: 1 + mon: + count: 1 + resources: + mgr: + limits: + cpu: "400m" + memory: "512Mi" + requests: + cpu: "200m" + memory: "256Mi" + mon: + limits: + cpu: "2000m" + memory: "1024Mi" + requests: + cpu: "300m" + memory: "128Mi" + osd: + limits: + cpu: "400m" + memory: "1280Mi" + requests: + cpu: "200m" + memory: "256Mi" + +cephFileSystemVolumeSnapshotClass: + enabled: true + name: ceph-filesystem + isDefault: true + deletionPolicy: Delete + annotations: {} + labels: {} + # see https://rook.io/docs/rook/v1.10/Storage-Configuration/Ceph-CSI/ceph-csi-snapshot/#cephfs-snapshots for available configuration + parameters: {} + +cephBlockPoolsVolumeSnapshotClass: + enabled: true + name: ceph-block + isDefault: false + deletionPolicy: Delete + annotations: {} + labels: {} + # see https://rook.io/docs/rook/v1.10/Storage-Configuration/Ceph-CSI/ceph-csi-snapshot/#rbd-snapshots for available configuration + parameters: {} +ingress: + # -- Enable an ingress for the ceph-dashboard + dashboard: + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure + host: + name: dashboard-ceph.badhouseplants.net + path: "/" + tls: + - hosts: + - dashboard-ceph.badhouseplants.net + secretName: dashboard-ceph.badhouseplants.net + ingressClassName: traefik diff --git a/values/badhouseplants/values.rook-ceph.yaml b/values/badhouseplants/values.rook-ceph.yaml new file mode 100644 index 0000000..2c89a19 --- /dev/null +++ b/values/badhouseplants/values.rook-ceph.yaml @@ -0,0 +1,215 @@ +--- +csi: + csiRBDProvisionerResource: | + - name : csi-provisioner + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 200m + - name : csi-resizer + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 200m + - name : csi-attacher + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 200m + - name : csi-snapshotter + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 200m + - name : csi-rbdplugin + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 200m + - name : csi-omap-generator + resource: + requests: + memory: 12Mi + cpu: 250m + limits: + memory: 1Gi + cpu: 500m + - name : liveness-prometheus + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 50m + + # -- CEPH CSI RBD plugin resource requirement list + # @default -- see values.yaml + csiRBDPluginResource: | + - name : driver-registrar + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 50m + - name : csi-rbdplugin + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 50m + - name : liveness-prometheus + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 50m + + # -- CEPH CSI CephFS provisioner resource requirement list + # @default -- see values.yaml + csiCephFSProvisionerResource: | + - name : csi-provisioner + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 200m + - name : csi-resizer + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 200m + - name : csi-attacher + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 200m + - name : csi-snapshotter + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 200m + - name : csi-cephfsplugin + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 50m + - name : liveness-prometheus + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 50m + + # -- CEPH CSI CephFS plugin resource requirement list + # @default -- see values.yaml + csiCephFSPluginResource: | + - name : driver-registrar + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 50m + - name : csi-cephfsplugin + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 50m + - name : liveness-prometheus + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 50m + + # -- CEPH CSI NFS provisioner resource requirement list + # @default -- see values.yaml + csiNFSProvisionerResource: | + - name : csi-provisioner + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 200m + - name : csi-nfsplugin + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 50m + - name : csi-attacher + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 50m + + # -- CEPH CSI NFS plugin resource requirement list + # @default -- see values.yaml + csiNFSPluginResource: | + - name : driver-registrar + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 50m + - name : csi-nfsplugin + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 50m diff --git a/values/badhouseplants/values.traefik.yaml b/values/badhouseplants/values.traefik.yaml index 55072e5..b879edf 100644 --- a/values/badhouseplants/values.traefik.yaml +++ b/values/badhouseplants/values.traefik.yaml @@ -1,8 +1,8 @@ globalArguments: - "--serversTransport.insecureSkipVerify=true" - #service: - # spec: - # externalTrafficPolicy: Local +service: + spec: + externalTrafficPolicy: Local ports: web: redirectTo: diff --git a/values/badhouseplants/values.vaultwardentesttest.yaml b/values/badhouseplants/values.vaultwardentesttest.yaml new file mode 100644 index 0000000..160c1eb --- /dev/null +++ b/values/badhouseplants/values.vaultwardentesttest.yaml @@ -0,0 +1,79 @@ +--- +workload: + kind: Deployment + strategy: + type: RollingUpdate + containers: + vaultwarden: + mounts: + storage: + data: + path: /app/data/ + extraVolumes: + logs: + path: /app/logs + envFrom: + - environment + - secrets +ingress: + main: + class: traefik + annotations: + kubernetes.io/ingress.class: traefik + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + rules: + - host: vaulttest2.badhouseplants.net + http: + paths: + - backend: + service: + name: '{{ include "chart.fullname" $ }}' + port: + number: 8080 + path: / + pathType: Prefix + tls: + - hosts: + - vaulttest2.badhouseplants.net + secretName: vaulttest2.badhouseplants.net +extraVolumes: + # -- Because by default the fs is read-only, we need to add an emtpy dir volume + logs: + emptyDir: {} +storage: + data: + storageClassName: ceph-filesystem +env: + environment: + enabled: true + sensitive: false + data: + DOMAIN: https://vaulttest2.badhouseplants.net + SMTP_HOST: mail.badhouseplants.net + SMTP_SECURITY: "starttls" + SMTP_PORT: 587 + SMTP_FROM: vaulttest@badhouseplants.net + SMTP_FROM_NAME: Vault Warden + SMTP_AUTH_MECHANISM: "Plain" + SMTP_ACCEPT_INVALID_HOSTNAMES: "false" + SMTP_ACCEPT_INVALID_CERTS: "false" + SMTP_DEBUG: false + DATA_FOLDER: /app/data/ + ROCKET_PORT: 8080 + SHOW_PASSWORD_HINT: true + SIGNUPS_ALLOWED: true + INVITATIONS_ALLOWED: true + SIGNUPS_DOMAINS_WHITELIST: "test.com" + SIGNUPS_VERIFY: false + WEB_VAULT_ENABLED: true + LOG_FILE: /app/logs/log.txt + LOG_LEVEL: info + DB_CONNECTION_RETRIES: 10 + DATABASE_MAX_CONNS: 10 + ORG_GROUPS_ENABLED: true + ORG_EVENTS_ENABLED: true + ORG_CREATION_USERS: "" diff --git a/values/badhouseplants/values.velero.yaml b/values/badhouseplants/values.velero.yaml index 647f822..3f36a1e 100644 --- a/values/badhouseplants/values.velero.yaml +++ b/values/badhouseplants/values.velero.yaml @@ -27,3 +27,64 @@ configuration: config: region: us-east-1 deployNodeAgent: true +schedules: + daiy: + disabled: false + labels: + backups: daily + schedule: "0 0 * * *" + useOwnerReferencesInBackup: true + paused: false + template: + ttl: "240h" + storageLocation: default + includedNamespaces: + - platform + - applications + - games + - databases + weekly: + disabled: false + labels: + backups: weekly + schedule: "0 1 * * 0" + useOwnerReferencesInBackup: true + paused: false + template: + ttl: "672h" + storageLocation: default + includedNamespaces: + - platform + - applications + - games + - databases + montly: + disabled: false + labels: + backups: monthly + schedule: "0 3 1 * *" + useOwnerReferencesInBackup: true + paused: false + template: + ttl: "1344h" + storageLocation: default + includedNamespaces: + - platform + - applications + - games + - databases + regular: + disabled: false + labels: + backups: regular + schedule: "0 */3 * * *" + useOwnerReferencesInBackup: true + paused: false + template: + ttl: "24h" + storageLocation: default + includedNamespaces: + - platform + - applications + - games + - databases diff --git a/values/badhouseplants/values.woodpecker-ci.yaml b/values/badhouseplants/values.woodpecker-ci.yaml index e5baf6b..86cba08 100644 --- a/values/badhouseplants/values.woodpecker-ci.yaml +++ b/values/badhouseplants/values.woodpecker-ci.yaml @@ -9,6 +9,9 @@ ext-database: credentials: WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable" server: + persistentVolume: + enabled: true + size: 1Gi ingress: enabled: true annotations: @@ -44,9 +47,9 @@ agent: extraSecretNamesForEnvFrom: [] env: WOODPECKER_SERVER: woodpecker-ci-server:9000 - WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 3Gi + WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 2Gi WOODPECKER_BACKEND_K8S_NAMESPACE: pipelines - WOODPECKER_BACKEND_K8S_STORAGE_CLASS: longhorn + WOODPECKER_BACKEND_K8S_STORAGE_CLASS: ceph-filesystem serviceAccount: create: true rbac: diff --git a/values/badhouseplants/values.zot.yaml b/values/badhouseplants/values.zot.yaml index 7638656..2b8f22d 100644 --- a/values/badhouseplants/values.zot.yaml +++ b/values/badhouseplants/values.zot.yaml @@ -24,7 +24,6 @@ pvc: create: true accessMode: "ReadWriteOnce" storage: 5Gi - storageClassName: longhorn mountConfig: true mountSecret: true strategy: diff --git a/values/common/values.metrics-server.yaml b/values/common/values.metrics-server.yaml index ad6879b..cf13f80 100644 --- a/values/common/values.metrics-server.yaml +++ b/values/common/values.metrics-server.yaml @@ -1,4 +1,6 @@ apiService: insecureSkipTLSVerify: true +nodeSelector: + node-role.kubernetes.io/master: "true" args: - --kubelet-insecure-tls