badhouseplants/k8s-deployment
4
0
Fork 0
Code Issues 3 Pull Requests 4 Actions Packages Projects Releases Activity

Migrate to a new setup and clean up

Browse Source 
Signed-off-by: Nikolai Rodionov <allanger@badhouseplants.net>
This commit is contained in:
Nikolai Rodionov 2025-04-26 11:27:22 +02:00
parent 5039032c29
commit ae3c24ef96
Signed by: allanger
GPG Key ID: 09F8B434D0FDD99B
92 changed files with 127 additions and 2553 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
common/environments.yaml
View File

@ -23,6 +23,10 @@ environments:
enabled: true
- istio:
enabled: true
- dbOperator:
enabled: true
- monitoring:
enabled: true
etersoft:
kubeContext: etersoft
values:
@ -47,3 +51,7 @@ environments:
enabled: false
- istio:
enabled: false
- dbOperator:
enabled: false
- monitoring:
enabled: false

6
helmfile.yaml.gotmpl
View File

@ -19,7 +19,11 @@ helmfiles:
values:
- kubeContext: "{{ .Environment.KubeContext }}"
- {{ toYaml .Environment.Values | nindent 8 }}
- path: ./helmfiles/applications.yaml
- path: ./helmfiles/monitoring.yaml
values:
- kubeContext: "{{ .Environment.KubeContext }}"
- {{ toYaml .Environment.Values | nindent 8 }}
- path: ./helmfiles/{{ .Environment.Name }}-applications.yaml
values:
- kubeContext: "{{ .Environment.KubeContext }}"
- {{ toYaml .Environment.Values | nindent 8 }}

104
installations/applications/helmfile-badhouseplants.yaml → helmfiles/badhouseplants-applications.yaml
View File

@ -1,21 +1,41 @@
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
- ../common/templates.yaml
repositories:
- name: gitea
url: https://dl.gitea.io/charts/
- name: bedag
url: https://bedag.github.io/helm-charts/
- name: minecraft
url: https://itzg.github.io/minecraft-server-charts/
- name: allangers-charts
url: ghcr.io/allanger/allangers-charts
oci: true
- name: woodpecker
url: https://woodpecker-ci.org
- name: renovate
url: https://docs.renovatebot.com/helm-charts
- name: badhouseplants-helm
url: git+https://gitea.badhouseplants.net/badhouseplants/badhouseplants-helm@charts?ref=main
- name: bedag
url: https://bedag.github.io/helm-charts/
#- name: open-strike
# url: git+https://gitea.badhouseplants.net/badhouseplants/open-strike-2.git@helm?ref=main
releases:
- name: app-gitea
chart: gitea/gitea
version: 11.0.1
namespace: org-badhouseplants
inherit:
- template: env-values
- template: env-secrets
- name: minecraft
chart: minecraft/minecraft
namespace: games
version: 4.26.1
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets
- name: app-vaultwarden
chart: allangers-charts/vaultwarden
version: 3.1.1
@ -57,29 +77,6 @@ releases:
- template: env-values
- template: env-secrets
- name: server-xray-public
chart: allangers-charts/server-xray
namespace: public-xray
version: 0.6.0
inherit:
- template: default-env-secrets
- template: default-env-values
- template: ext-tcp-routes
- template: ext-cilium
- template: ext-certificate
- name: server-xray-public-edge
chart: allangers-charts/server-xray
installed: false
namespace: public-xray
version: 0.6.0
inherit:
- template: default-env-secrets
- template: default-env-values
- template: ext-tcp-routes
- template: ext-cilium
- template: ext-certificate
- name: memos
chart: allangers-charts/memos
version: 0.3.0
@ -96,3 +93,52 @@ releases:
keel.sh/policy: force
keel.sh/trigger: poll
keel.sh/initContainers: 'true'
- name: server-xray-public-edge
chart: allangers-charts/server-xray
installed: true
namespace: public-xray
version: 0.7.0
inherit:
- template: env-secrets
- template: env-values
- template: ext-tcp-routes
- template: ext-cilium
- template: ext-certificate
- name: server-xray-public
chart: allangers-charts/server-xray
namespace: public-xray
version: 0.6.0
inherit:
- template: env-secrets
- template: env-values
- template: ext-tcp-routes
- template: ext-cilium
- template: ext-certificate
- name: woodpecker-ci
chart: woodpecker/woodpecker
namespace: pipelines
version: 3.0.7
inherit:
- template: ext-database
- template: env-values
- template: env-secrets
- name: renovate-gitea
chart: renovate/renovate
namespace: pipelines
version: 39.251.0
inherit:
- template: env-values
- template: env-secrets
- name: renovate-github
chart: renovate/renovate
installed: true
namespace: pipelines
version: 39.251.0
inherit:
- template: env-values
- template: env-secrets

21
installations/applications/helmfile-etersoft.yaml → helmfiles/etersoft-applications.yaml
View File

@ -1,6 +1,5 @@
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
- ../common/templates.yaml
repositories:
- name: allangers-charts
url: ghcr.io/allanger/allangers-charts
@ -10,13 +9,14 @@ repositories:
oci: true
- name: xray-docs
url: git+https://gitea.badhouseplants.net/badhouseplants/xray-docs.git@helm?ref=main
releases:
- name: qbittorrent
chart: gabe565/qbittorrent
version: 0.4.1
namespace: applications
inherit:
- template: default-env-values
- template: env-values
- template: ext-secret
- template: ext-traefik-middleware
- name: vaultwardentest
@ -24,19 +24,18 @@ releases:
version: 3.1.1
namespace: applications
inherit:
- template: default-env-values
- template: default-env-secrets
- template: env-values
- template: env-secrets
- name: memos
chart: allangers-charts/memos
version: 0.3.0
namespace: applications
inherit:
- template: default-env-values
- template: env-values
- name: external-service-xray
chart: ../../kustomizations/external-service-xray
chart: ../kustomizations/external-service-xray
installed: true
namespace: public-xray
@ -45,8 +44,8 @@ releases:
namespace: public-xray
version: 0.6.0
inherit:
- template: default-env-secrets
- template: default-env-values
- template: env-secrets
- template: env-values
- template: ext-tcp-routes
- template: ext-cilium
- template: ext-certificate
@ -56,4 +55,4 @@ releases:
installed: true
namespace: public-xray
inherit:
- template: default-env-values
- template: env-values

21
installations/monitoring/helmfile.yaml → helmfiles/monitoring.yaml
View File

@ -1,6 +1,6 @@
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
- ../common/templates.yaml
repositories:
- name: bedag
url: https://bedag.github.io/helm-charts/
@ -8,34 +8,39 @@ repositories:
url: https://prometheus-community.github.io/helm-charts
- name: grafana
url: https://grafana.github.io/helm-charts
releases:
- name: prometheus
chart: prometheus-community/kube-prometheus-stack
namespace: observability
condition: monitoring.enabled
version: 70.7.0
inherit:
- template: default-env-values
- template: default-env-secrets
- template: env-values
- template: env-secrets
- template: crd-management-hook
- name: grafana
chart: grafana/grafana
namespace: observability
condition: monitoring.enabled
version: 8.12.1
installed: true
inherit:
- template: default-env-values
- template: default-env-secrets
- template: env-values
- template: env-secrets
- name: loki
chart: grafana/loki
condition: monitoring.enabled
namespace: observability
version: 6.29.0
inherit:
- template: default-env-values
- template: env-values
- template: ext-secret
- template: ext-traefik-middleware
- name: promtail
chart: grafana/promtail
condition: monitoring.enabled
namespace: observability
version: 6.16.6
inherit:
- template: default-env-values
- template: env-values

17
installations/pipelines/helmfile.yaml → helmfiles/pipelines.yaml
View File

@ -1,6 +1,6 @@
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
- ../common/templates.yaml
repositories:
- name: woodpecker
url: https://woodpecker-ci.org
@ -8,6 +8,7 @@ repositories:
url: https://docs.renovatebot.com/helm-charts
- name: bedag
url: https://bedag.github.io/helm-charts/
releases:
- name: woodpecker-ci
chart: woodpecker/woodpecker
@ -15,20 +16,20 @@ releases:
version: 3.0.7
inherit:
- template: ext-database
- template: default-env-values
- template: default-env-secrets
- template: env-values
- template: env-secrets
- name: renovate-gitea
chart: renovate/renovate
namespace: pipelines
version: 39.251.0
inherit:
- template: default-env-values
- template: default-env-secrets
- template: env-values
- template: env-secrets
- name: renovate-github
chart: renovate/renovate
installed: true
namespace: pipelines
version: 39.251.0
inherit:
- template: default-env-values
- template: default-env-secrets
- template: env-values
- template: env-secrets

3
helmfiles/platform.yaml
View File

@ -46,6 +46,7 @@ releases:
chart: argo/argo-cd
version: 7.8.23
namespace: argocd
installed: false
inherit:
- template: env-values
- template: env-secrets
@ -83,12 +84,14 @@ releases:
- name: db-operator
namespace: platform
chart: db-operator/db-operator
condition: dbOperator.enabled
version: 1.34.0
inherit:
- template: common-values-tpl
- name: db-instances
chart: db-operator/db-instances
condition: dbOperator.enabled
namespace: platform
needs:
- platform/db-operator

6
installations/applications/helmfile.yaml
View File

@ -1,6 +0,0 @@
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
helmfiles:
- ./helmfile-{{ `{{ .Environment.Name }}` }}.yaml

20
installations/games/helmfile.yaml
View File

@ -1,20 +0,0 @@
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
repositories:
- name: bedag
url: https://bedag.github.io/helm-charts/
- name: minecraft
url: https://itzg.github.io/minecraft-server-charts/
- name: allangers-charts
url: ghcr.io/allanger/allangers-charts
oci: true
releases:
- name: minecraft
chart: minecraft/minecraft
namespace: games
version: 4.26.3
inherit:
- template: ext-tcp-routes
- template: default-env-values
- template: default-env-secrets

0
values/badhouseplants/secrets.grafana.yaml → values/badhouseplants/observability/grafana/secrets.yaml
View File

0
values/badhouseplants/values.grafana.yaml → values/badhouseplants/observability/grafana/values.yaml
View File

0
values/badhouseplants/values.loki.yaml → values/badhouseplants/observability/loki/values.yaml
View File

0
values/badhouseplants/secrets.prometheus.yaml → values/badhouseplants/observability/prometheus/secrets.yaml
View File

0
values/badhouseplants/values.prometheus.yaml → values/badhouseplants/observability/prometheus/values.yaml
View File

0
values/badhouseplants/values.promtail.yaml → values/badhouseplants/observability/promtail/values.yaml
View File

0
values/badhouseplants/secrets.renovate-gitea.yaml → values/badhouseplants/pipelines/renovate-gitea/secrets.yaml
View File

0
values/badhouseplants/values.renovate-gitea.yaml → values/badhouseplants/pipelines/renovate-gitea/values.yaml
View File

0
values/badhouseplants/secrets.renovate-github.yaml → values/badhouseplants/pipelines/renovate-github/secrets.yaml
View File

0
values/badhouseplants/values.renovate-github.yaml → values/badhouseplants/pipelines/renovate-github/values.yaml
View File

0
values/badhouseplants/secrets.woodpecker-ci.yaml → values/badhouseplants/pipelines/woodpecker-ci/secrets.yaml
View File

0
values/badhouseplants/values.woodpecker-ci.yaml → values/badhouseplants/pipelines/woodpecker-ci/values.yaml
View File

0
values/badhouseplants/secrets.server-xray-public-edge.yaml → values/badhouseplants/public-xray/server-xray-public-edge/secrets.yaml
View File

3
values/badhouseplants/values.server-xray-public-edge.yaml → values/badhouseplants/public-xray/server-xray-public-edge/values.yaml
View File

@ -8,7 +8,6 @@ certificate:
name: badhouseplants-issuer-http01
dnsNames:
- xray-public-edge.badhouseplants.net
- 195.201.249.91
workload:
replicas: 1
containers:
@ -85,6 +84,8 @@ ext-cilium:
- toEntities:
- world
egressDeny:
- toEntities:
- cluster
- toCIDR:
- 93.158.213.92/32
- 93.158.213.92/32

0
values/badhouseplants/secrets.server-xray-public.yaml → values/badhouseplants/public-xray/server-xray-public/secrets.yaml
View File

4
values/badhouseplants/values.server-xray-public.yaml → values/badhouseplants/public-xray/server-xray-public/values.yaml
View File

@ -48,14 +48,14 @@ ext-cilium:
app.kubernetes.io/instance: server-xray-public
app.kubernetes.io/name: server-xray
egress:
- toEntities:
- cluster
- toPorts:
- ports:
- port: "53"
protocol: ANY
- toEntities:
- world
- toEntities:
- cluster
egressDeny:
- toCIDR:
- 93.158.213.92/32

29
values/badhouseplants/secrets.db-instances.yaml
View File

@ -1,29 +0,0 @@
dbinstances:
postgres16:
secrets:
adminUser: ENC[AES256_GCM,data:uuu/xvwJkHk=,iv:Pk+i8bf7AeeG9wKVh1RDJy7Dt3r5b1UKy4SJijlZfq0=,tag:QO3gwYXAG0sBBuHcKfTNQg==,type:str]
adminPassword: ENC[AES256_GCM,data:tjWATjuJT+C97D4TLQgk55BZOwVv,iv:1MWYtksmrEBQtOdGvtc6MZyLP4yBKA88eIpQ4mZCULM=,tag:3hOlT5n2Wd81ebxeEgW5tw==,type:str]
postgres17:
secrets:
adminUser: ENC[AES256_GCM,data:4w2EItIM++Q=,iv:cQLryeBskm2Y9OlbMFgQEWEBi7z/VxucLWbwZXsRtto=,tag:Ir2Q7KZv/sSDdA1MX/Niqw==,type:str]
adminPassword: ENC[AES256_GCM,data:wHUL2p8CXYwoEFu3ffCCsQO9xn/GqOZ6JPrcHKzy,iv:khoogPPFHSd+4xyp+jf1w0RfOUgrKzAmFjLnisQ8HXU=,tag:GRnkCQ0uOlUt2AiEAceFRQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuL1lwdVNHMm9nZHRld2lO
Rm4xVnVHWG9hNDc1cUVyakxzUU1PcFJhalM4CkNicEdUV2lEYWMwaWNqeGcrQ2p1
Qmw1b1FzRllqYW85bjF0cmRGcW1MbjQKLS0tIENUcG1oOXFNV3REaFU0aUEyd2k4
RDgzRmlKT1ArblpOV1plcFpyMnJXZTQKgm8Eaw591+EHZWofXAADTXRHPOdOvdOM
jYne1szB/V9UJz+pmLa10tNgruga+P5yP/j+DGcYrTj0pVh5IJLjTA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-30T19:59:46Z"
mac: ENC[AES256_GCM,data:3KrwiArDx/bPAHbFGgb9BdDVHC+uC1IHp4LZXlYRZzWSKtX1t+ODQVzUW97kigGFG1sx6WXddl/w3XeNOoT9JbS5iPXJQe6KAPleNV50S/oab+U53WeloO8uL68Wrk9v/NwMhCKwE9cCqBBhqk7wCb6N9ivt45mLrUf06L8fok0=,iv:bOWhyIm8FhKtZAZH/78bukkeDp5P4XShSD20mgr4Neo=,tag:RZMx9bi+ZEcLwTzk+Gm8RQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

27
values/badhouseplants/secrets.funkwhale.yaml
View File

@ -1,27 +0,0 @@
djangoSecret: ENC[AES256_GCM,data:RSajXXpFcUmxBOpT48A=,iv:lIzUF8cgbKVMCOY5G/A4mpaviYwwLRvePj3lrhycLZ8=,tag:OSfyKAXCTHOssx+KkL4+ZA==,type:str]
postgresql:
auth:
password: ENC[AES256_GCM,data:dFSSGPS1shNnJlxGIh9o9zfNVZsKp9Wv8A==,iv:lYxEpS+w+oTW07DPohyZ59UbcFKKtD6r2oSRSS3mw+s=,tag:uqLqzIoE43uS5y9UYVGDJg==,type:str]
redis:
auth:
password: ENC[AES256_GCM,data:hR3tXeU05nfd7IeLvjOR2N1dieai0IFQ9kheuCOJ,iv:2j2oAemd8k5zP3zHTAmIQEQHlU+8VKQ0DqpEXoBBJX0=,tag:gjMJ4z0MCxgYpeEeA9NFPw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMc2xxZ1o2Q1RsT2ExNklq
ajZZT0lxczBHTnRNcmNBc2RONk96ZkVZOTJBCm1YbUJ1bG1WTnJJVGJSbXI1cEc2
bCtSM3lwd3lvNFhlZi9wZ1JyUklFK2sKLS0tIDB5RTBNTjhSeFYrUVZjS0xzZXlS
VmNCRVhmMHZ0aVZXbURWVjZUVnlFck0KA/pMAwMDx3QsT0iF6u9AOoXnGyEIqtc1
5iUW96UPhXIK+OyPqCt+07HaAZzavUT/zFSqPdJ3avvY1k3EHMfzBQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-14T08:08:21Z"
mac: ENC[AES256_GCM,data:kAj/KI4QQnDM4Ya/JQQ1QvjbEpHDkp3gAgtgBjjhyY6khSIlcZpG74YNfpD01dHQqk5/KTF9mKi6P68CKubTKQTF7a7qriwNmHcjg7IShJtSYWmzPCu1PIR2jAQTxCa0ETFbsQ14rhKbxpUeXvTvkx5wuRazXKFIwSjBddpO0b0=,iv:H1GmBgpEoHuMa1XdnmEW5jYP/FZyDty/ul3XSbZ2oEQ=,tag:NSaxPq5/dNizE6o7odoUMg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

50
values/badhouseplants/secrets.gitea.yaml
View File

@ -1,50 +0,0 @@
gitea:
admin:
username: ENC[AES256_GCM,data:u1KcCwDNplU=,iv:s9mWKPTz+8rFKS2RmFPxCGOIPXFHLvLX3v0t+DemDEU=,tag:MmGR2LqDmHw10uJdPe/tSw==,type:str]
password: ENC[AES256_GCM,data:mBhL52UJwOwWpRGRfc5WNAvYwHo=,iv:hGt1kGA2miwzMidwD0AT62oXs1CAwAFpKk3XltqsCz8=,tag:bfhsQxef8cKEes1JkTQw/w==,type:str]
config:
storage:
MINIO_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:5VjeSHLIDvZB/VE7OJ1eqWOnT5NU64om0g==,iv:OFK7MYlb9QfV4ZHIECa3vHG9pBp1TCGSqqUJX3D7uGE=,tag:Ibmihyp3TXarFtr/tDtEEQ==,type:str]
mailer:
PASSWD: ENC[AES256_GCM,data:lIv1/BEEkouDVqNy4u+u7WCY4zz3ow7fWg==,iv:we77bHyHyAYCMxFGG13sE/M+5Tv2VeYfrg9bsa3leec=,tag:TOltFQbhrXMJW5w5x27YjQ==,type:str]
database:
PASSWD: ENC[AES256_GCM,data:a3AV8QMYOxlWiU7G1DRCaOSdHKA=,iv:3ZCwEMo3/3rmGJXgDr/Pw+rNQBU14rUKQ7330otX1qQ=,tag:KjwexsLkYaHsTdXoHwXBJA==,type:str]
session:
PROVIDER_CONFIG: ENC[AES256_GCM,data:nPtmi3wG3+wVkyb+IV832he9rUo2TRRx6cTqvGdVSIZMfcfUvS4rmSH7CQ28OYK6f+WEKs8PkjfrBzEP1mPFHC5eRQfg4ryaqM7eWmHaJipcg4h2nzH9ii6FXyYtmm2zFsTnodOJryEo0T/nMaGhEt7+eylCL+L4,iv:8UFjsAEtMjMqyC9Ib3ipoqpshFrsdE9d3dg7Cewv7dU=,tag:gGVNGk66/Kr/dZ6B3wbD4A==,type:str]
cache:
HOST: ENC[AES256_GCM,data:tXEIBKqGyeuAc/adO6DjcyAAGgcIuwxJ8T0Zsi1xMy3I3gXbzeTG6XwyAesiUoHifoYTpn3wWbf+pIh8KtGFXb58UcEOgHmnADPWALiXKFoZmvtHDL+JEjOjd0tyoskJNf4Oi4BckJDnfpYuMqJW9qcQbsxlB1My,iv:kJ7XRqvUVEGUC9aAPYO+1oZA3QPc/SE9apaeTgLf3wA=,tag:525IBTPiuZIkAxAIiRE35w==,type:str]
queue:
CONN_STR: ENC[AES256_GCM,data:Z1+u7JAcgNXkrO80YC2bMDk5VMyTFRAxDPc75ZPKbaD5+nsWQusvnHTS68rAu/WT21xAFpny7geERIOEZIewpucNoCTlqHVfJu/tsl40qMoBfjEWuwfaRM+AlNaXm5USTXkk+alQ3eJ2KIIhfhY1cd1yohRoKvAd,iv:bmLkzWqR8SwHLgWG6SWdeNr1w0fcZP8qNRlhfQfvJqs=,tag:QY5A8YGy0+3BnWSLBcsK5w==,type:str]
oauth:
- name: ENC[AES256_GCM,data:7KhuIzC/,iv:nn4bNQ1/tBiqjnQxcyocZd0h/54mH+LlRtiAjWuPCOc=,tag:e+55SHN49Q6NzT7KSsh52A==,type:str]
provider: ENC[AES256_GCM,data:+TrDQq3Z,iv:AAwjnHG40IKAkSPO5gzwEC745NH+Y5BgZIiJJ5Z2+AE=,tag:DENE8aAHAG9DZhkPmZWYVQ==,type:str]
key: ENC[AES256_GCM,data:uOY9iM/dAkhGbWSsUbmN5rnbqUY=,iv:BQ3KjcHN1jJG28RkjjhsTgWm+lHmHzYS4/P4Vlp89hs=,tag:HY3fZysu7sCdyoR0TuRd6A==,type:str]
secret: ENC[AES256_GCM,data:5s12mFDJJLPRg/IsypTx/BpvobX0hluTSddTaCQ0SgYjt4lthZDGGg==,iv:ojiXiVQ7BFUNO2ukAK0ygUTu6KVDKu8AMVmHfBw8Ii0=,tag:0zcD8iNT8iutij1C+Hk7Hg==,type:str]
- name: ENC[AES256_GCM,data:S/RV60Bc3/lH,iv:xIG+UJnmkEvuo2mgu904Hdn18BhsOCtWVl/eL6ybcZs=,tag:nFKPEisO3U3hPJZASrytiw==,type:str]
provider: ENC[AES256_GCM,data:eZOq2jNeqLM7BzePXA==,iv:vHhMOtF/mqUorcKSe2djtWKcyc5F2c+udWclcOkxK/A=,tag:6yKwQj/9oDDIdHcRtIgW3A==,type:str]
skip_local_2fa: ENC[AES256_GCM,data:B8ObUg==,iv:mmfGkA+8HK6H3DS+Hl5Hz3s/pwGBoYcXQfJiPiBKYFs=,tag:ErmgC/mcQZJ5sI5eEtLHzg==,type:str]
key: ENC[AES256_GCM,data:+w1/goQ=,iv:cIOxkdP38IaiNZ3dig5xo2kYrXdAwqerojCXcBifYds=,tag:5/+QimbfqpfnaFgFT3gfLg==,type:str]
secret: ENC[AES256_GCM,data:Rg4rEk9j8zZcUCWbm6xmuEbRb107f5HaU8ClbUkXWKnnERkN91QYtSNlAEWfHBk30xmBObm/O2LlypYJWT5wO7LNw4G6q9yv5JaIc7vS1pjicDi2QNxAW89euELdlthFa2fXj4lNlKLgQr8TbC5wpX0oysC261MM9kgjLuTQnw8=,iv:ft8IMPIu2JuzeWdM53qN5kJQQR5Oq9d2yyNbAQdtdY4=,tag:cBMEqmoP3KAuOhuX364hew==,type:str]
autoDiscoverUrl: ENC[AES256_GCM,data:IlykewahSerO46QAqJrvryzHkZONrEDHYBgwq9Nkg1pja9X1l3YaMbsg9DYWUkod/ZlzrGUA8Qyi58WW07chkFDPvy/Cfbp7GZSosr9ZVv7LI7TlpZHxeaA=,iv:rp05dCHRMnysz98G3EbKBZWsBzHrGzSuC6FCr/S8evw=,tag:6UtCbpVoWLbv5W/cB1+qBg==,type:str]
iconUrl: ENC[AES256_GCM,data:Tp16796JFzlYfOSfI+ld+Lf7hCeS74ZDz0kA/I9P3v6G+3LQAUGOtfFTzx5mTsfpP1eQN4HgD2uU3lfLhSozril1qq3AZA==,iv:dQSq+IiRcepUZqLipRr6DOHH7Hg6h45gnr9LH9dWYdU=,tag:zeq3tVobXsOasCkIAw/riw==,type:str]
scopes: ENC[AES256_GCM,data:3qwG8sYZER/p9GgnuA==,iv:hvJvc1pwUgeatq9R8GBde1EQDJunwZBl+cmsqJr1PBY=,tag:ov+WHCFaNaA40PPvOzVPqQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRZ0IxQnpLSmJjTm1jTkI4
NkhuMUN3RVp0TEFSNHhtTkFvWDFaUXVpUlIwCkxWbkxnQkY2R3g0cUY5VG1Kb251
VUhYZlNCWC82Z0h3SHpaSnVST2h0WTAKLS0tIHJWR2FuT1ArRFhMWnV4cW9EcnZw
UHpBeWgyN21CUThydi9XdFc2V2c0TTQK38CQDRnFpUmWjyvDGGQ3vQxhBvy2Xva+
SCd8sJZc/bnVDOEidvV9oxJz4y0nj6RvgzcsU+M99YBJcuV12xPqag==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-26T11:56:44Z"
mac: ENC[AES256_GCM,data:cc0H+6P0uTl5kpMR0B9o5BP8l1KHjLHdMetPlmNEVQo3NCzm+0SBjGYOqNhr0EG2Gd6RKdsAADrZAwyH+pXA2pmNVdIehDBu4Xncwi8nrUY3gm3jBIG/01H5VLqtZCoLfbqQ4ANHrGhn7JE5bwrXbbmD4t/7E2i7qHLukPj4S8w=,iv:3+llbgLRU2tMr+S2nvyA8hGfCnnWnqprGSW9H3VSCH0=,tag:gzMc8wSjZfa4h0eN3V5Ylw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

28
values/badhouseplants/secrets.navidrome-private.yaml
View File

@ -1,28 +0,0 @@
files:
rclone-config:
enabled: ENC[AES256_GCM,data:3y4DCg==,iv:n+Pfj4j405WR17aY7RbF6lpOQ58ZQmWrH6dgUTQ0jX4=,tag:xbKEnPnASJTl27ch1Hi00g==,type:bool]
sensitive: ENC[AES256_GCM,data:DGby8Q==,iv:nibU4CkdcYlT1F7OkgqE1apUuyJA5M9Vj5x40F9zt3w=,tag:oW+jPP7F1vWY5gf0JyrPdw==,type:bool]
remove: []
entries:
rclone.conf:
data: ENC[AES256_GCM,data:m4K3yt7no9mnUOzn/iGtaKqBrDXoLCgxEWV8NacXlOvh7c5ngmTmwoxzTaNxbsCQA7dECYb0dFtPvhF33AqgpcbRnqGrK54v8V+NaldQrgT2up4iQfdYA+sh+yNG3QAXU7eOEBvyFctJ+9dEaBII1sF/xFSkcTwrWkQFTQKLDdNIYU9a8ttEysz0cBWWXL3h9Y7C/mBjPdWIhpaf6Z63hy5P0hnYFftZsVM=,iv:qBBk9xMlZl3FriY2oYk4DQB1EKTsl7/qUj4s8naVvts=,tag:tDUKvK8ZuIxVeJjyUUqeXQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxalE3bUtCWmFVejBJMlZq
dUg0U0R2VytsZHZ5QlQ4UGdrRmdsWGhWbEI4Clk1WEZ4U1lEdTJoRVBTbEFXaE1O
TW1wb0dycS9HeWdQcUx3KzJKb2kwTVUKLS0tIDU1bE9JWnp3Q3U4V0pVOGs4Z3Rq
Q1VsM3orOUZmS3lDaFpNN2g0cnllVWMKqZlPfiIFKn8h56gspbbUhpv9RkL5gF73
NzqtFJJwQOGaD3lk2ocaLLkvywJ/DKNf7JupTWlmggHijId4hmpytw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-20T15:04:15Z"
mac: ENC[AES256_GCM,data:XRmw86oJLHXMAY/SPv6ptQLV1Eocbig6CQSG1SdOO9scMpfgD3tMY43z5aB16DkW+6AG1ti+TS4JRgXKLaSsAmORqRN0yTwGEktiLs0GxhtDvMYwnclj/Cx76WbZyMkgVzCHe7ZsAI+9DrejSFYbB/CzA+8yq1KmMf/L5NWcv7o=,iv:AcYK48ywr2pzNw/HEY5hWOcjdnmnG2/eWp+r/o15Lbk=,tag:HLKLFYFV+7SWUaFYiNUS3g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

24
values/badhouseplants/secrets.postgres.yaml
View File

@ -1,24 +0,0 @@
global:
postgresql:
auth:
postgresPassword: ENC[AES256_GCM,data:Pb5fkgK3VsPaBD35ng94FHAZuTs=,iv:qYBmZf29+ELL4d+E2QoF2EfxJHBsLfX4OtYdh986iHs=,tag:GfeKbe2JHi50LEwJ1do1qA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhZVdxMVVMeU13ZndLMVll
dFFwQzBkaEZSR2p1MElJOHRVVkVVU3NCM2hFClQ1cXJlRGpoa1U0djc2N3NFN1Nz
VHFIODBHd21kMmFBMmlDaDBwN0ViL0kKLS0tIHErVnpLTVJhc2U3S1U3S1huanc5
bDFRaDB2M1Mxejc5Z1ZNL2xqU0tVWHMKNbZpG4iYQ8BI76Zbv8lbZqpuPX0qFHng
6iEHF+e5FXk8KoFmELQ0masS/ewO2wRcHH5giISrxigHNutjkWh3Qg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-14T08:08:22Z"
mac: ENC[AES256_GCM,data:A3QpJ+8BIN+6MdtaYkhxqoVrW/v34KZXXjWlPCjwTSKdu0Vf5BTKClyuSm+4Be1sj6kcp6zhEL5mG0DsXRZvhH+/LZqP0kw1BHRxyZ1McFFEQdvfdWz4m9F7SGyebxth6RAK5/RMp901Q1YqWJKxPjwajIGmy5stgBgDetQIOBk=,iv:uyE8wmYCvJzjz7zDas3weWoZj9BpZlpKgzMIAV0eQ4I=,tag:hRDa+xkI0GSZIWIoDg/YIA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

28
values/badhouseplants/secrets.server-xray.yaml
View File

@ -1,28 +0,0 @@
files:
config:
enabled: ENC[AES256_GCM,data:/u3nZg==,iv:7b3I/wQEw6HWJNQfD98ROcdesLDDpgGOD9vKF0bGPE8=,tag:E58JVYZvX6N4LEp265wTIQ==,type:bool]
sensitive: ENC[AES256_GCM,data:T12sfgI=,iv:aPIfcJ2mOQPjpuFx8yEU3LQ03OJ20Xo+6bnVbinEJAw=,tag:fGoWBpLf2Mi2BubYFm6YsQ==,type:bool]
remove: []
entries:
config.json:
data: ENC[AES256_GCM,data:Q4Tpi+ovwvklaqSgL0OGYubSulInZIzU8GLKVSk8Vqvs65PBLqmSRuAqbov+WM69oJJPIL0O2DhnSGMrHDjRwzVF3T7f76PBR+V8qOsnV/1iU4vExe24yRFqdkCpSVbYO2EB+UPdr7FlWXEea4OdlVPLojXSWC0WYHJa9bqa9WpM685Hfw/0KjgBsxCmKnun78n0f6SDMgzuzqayqTlZbLT9t6dNf/ON/28l4j/Us0oiVQ4RMn/ljzE325J1njTVuewpPn85H1OSopjPKiBP4T1+xAhNv8mo54PrKeTKnI7AYUBS9UJ2vZQVib2gY8UGNtpI/SLX9PS5DjZUKvnXSrhJ0wrje9NNmL/5SSilLsLXJY34BHnXGIizVr6+m0ScqGbt+fR3GXxlmpagqqKWQHoOsw+Bd2HiP4jzkBZALzI7mwFa0zmuLSx2cWXsYfoOtsf8LyHf0buf/765r+umZwIzRFJMsqP0fmVLHvp5NeirLOQSEYpBx2J8wRA9Jp0tLUCyw05w0Q5mPzhDFkK5mB5NJeP2mFMNYsgAWnYAuxdx8lgC7aAfFdFkcssifgfNqAdvwcwxZNlUcr1zDJSw2O6Hl3/KhuBMGkLon15U1D+D2Y8AJX9h/po/WAilrKIE3inalIe/9ef3SrfXXRTJnZ8fVcWluRYV537GuGHjMcAPd1/5TyEZdR1JGsLQv+jBs60612UjlmcEOpYeY4mm0lAtLzwbl888fmB85XXJNn6cpOPIV7yUOYcMbQ/JkRLAt9QVrCQAjIpGEpFI0MJa/ZNwWjK5bJ/kNrwj67NtGfpg4qj6sv8ofs+l90gbZ2uUHrckHM2+2+4KtDwqVu575jlzMqUE2w9praokrngjmvEPQWckExr5NCHi7KNP0rRsQjm16YvRaK4IvO5BX67z5Vs8vghPfk3XXRBFqXuub4wMt5CAwGUMFidH7+yWkXnD3rt9Uai42ibowAI1bbveggjPW+Jw2rBjuup5ckxg78y+mQoVRIzjSNG8v+ZFPPYmnt0e5aDHsGYm6xi+OjBBhEsf+q2y0vlMhKBLCgSpeiIe5R1kRfU1X5AYNcYLGZfbSDtqkVVVAzPB2B24URjKAwtVuQ3fEt/p9kwQg9lNhtQJmJsXbW32KrtApK+2OdYtMl3ZsAbWROS1+zPlan2af8O/x7HItzNQr+hvZX7wacB0HWmLDXs4kMUkMc6dftIRkp3KhUKphLB7OCcCj8ejE03Sx3S8RAGng6FZkmRPFiTruNsyJFQgGkVOgQrecSEw7TCFNodyAm6eWTwsZ7j8XA6NBJTm1qwxWU/qMvNCkz21ApmIKTppJ4j48sU22+LpMgn3sjLnIg3SJMBU9K5ehDSetrFhFa/jic2hqd/od+Q1C0loKKaoDNHUtdM+PuifpEjDdYGZO5BcGqKpUFL7oOhEL8RY3QT7dktHlqrXI0B3bmfAPS7dAO56RoWFMiSUjT94Fd4X7Y2DzGTHo7V7XpIJN7naoWM6enHnSqhwyk2Ke99I5qCCgONhAaMgAgRUUBYJbIKWCYqi3TjxIcYr/HriKon48yW22iA+AbilrNl1cD1s83aFEw35HmCrNn8eVeFKVrAL8BuqaWzYJegLxfgPH76ZuJ/xO5/53de9see6ooo+Vt2MDX9PPcZJSIgQJ0KcBRCSe2vPfhdkCqB1BZ9Tzn2xjL4h23DoqsmJgfWJ2b/TgJmJscFras1uJX2VVwF4Xs2pvP34kLBPv4zd8rjHHlfvZfHtkkfty9IJR7CmFc3skRDr4lD3dmsCizjTDCIYALrX7lz6iSbILnEnRpy5QQykWCq7lW3SURkEX1EtBLWjmzudGmyMuNisLIFaYIU9Qn8NBztGWY4D7AXVPbDfXfiBm29CwRFMl6V5AKkiaI0bSi+W/YDXIVypnXBCiT/tshU2FKHPDryDAnysLuzTVbBJISCNNP/t534/98p/PkY/wh7v6zvwU5EG87fwypNIN1mp5G4SgowMGXMNKyxb2XMyi+UFLdF5aOoWyNM5Fso1OvzfhGh37fzTd/bbPU5SZ5lR5TqHigE9drGneYu58ugNNbJFuoj7OLKnWMsNADDccwbe8UMHgqPxLv1drGVb7DzBpCUtjdoGVqUd9LkmTaTKIH1kGMndgyyZx8N50WJghE61D2R3ZH5cfsbVvWfZIyT6nmD0TWq33UrrQ+jxCRNCZ78VVN+npB0e99x0xpwJ2/oz1DtXdkP+SPU5XHiikzNBnzX2MOBpvsXHGDLI0Qwcv77cdZL15FQfhwy0k8O3TIRafrpg43vZg8Q/Of+lge88Pa7O0NY2j8L+2L9hAavQxVvNgpN7AvgINNUPMEI2kasYxBLBMsjt1BFVBavu6ii+cHqGNMzFO7P4tgK3ikQNDMhZUy2+KIi3Uia8qt27NnHJFgOWsm/av8qhbB+7mBU63CY/U9DpeYqzgbE2JY+DScCIKVZERlGrL36KSXuXs8CdfLI8Fnlns/8ACykFx7yZxZprba7AZ2R8772iJbXAfa8VLYcz7ikmypOP5KkCaZBG3VwmdAG1CS+c4TuVylIM+rq6k3YJfClnQWEW4clv4rqhD1CpBNYzGMrLJErhkuJgia+DZTM4cUQ8u/t4HqbM9OCSalRefLZ0yNm/xKGvBDlRNE4PLK911/GwQXCGqDVTgEczfy/aCAV88XB/AgIwx3+RDz5xqtsVC3J+jhHtOhyf4r83hM91+tcneRUpGh1VFhdURVPklhq5PpPufIIVaHvYlKSsRbpLCD4JwqOUo8Y0f95gKXZduYR+kKpkCwQUoF3NDeBX9Cm0j22J8dV3jMB3DCfNTaTBtZ2c1kUrfzZko6G7Zza9NFgIth3yC4FO1Ct38KZXeBhnyn5xy9IBeeikZuSFtAnZ6AkVE+tn4GygeYwdK/BLyBlmyQzEBo3192Gr/pQpF5YdKxHzFGMO5FzMKpcgSDu9e7MjZ3ed2xZIcMoSeBssUrFRc97KQGDTrj+WfQMDwODb7xtgdkq3QmO3FNkzqtdUpQ7hfb+5Y7XrRXBmKddyLTke/BASpqCPBcyYy6IXUf4DZGyxa0GSBLFiIKsc8/WNheUJB3b+onDgsDR3qjs4VI47gspFGyn7Yqp5/R2fY6Dv2m5Vr7Y2WL0sxJlB9wI7rTysakKVD3ebE9fVQVWwKi1ejqSgqGOkTchGCF+JVKtMjud5aYim+2H1sHvCtBWlUKYGEu2vygEFqDZ/OItPZDs20VtN0AE+AwzxJS/4XAaMGq0Gk2aQFw7G5ORaguHM66ujcJM386Ux23P4t3vEVY40AAtsMcM7oZyCSZVa4eH0x3qB2YAsQBS4iMPFrI5ktBGh6P1fhm54cw8QXhA2w3Hqb/UbM9SDWWklddo+mYJwItHHHsBhFNXFdIASE3CFJqo4MZT5IfL2IS0p8FZ7tXFbOijWn7IUtIvefctcQ0H1eeSxCYBSMV18bL1qM+JQIkXnGNQz/40bJjvq2G3vll+i84aUroxXKzPwirrmZTgl3xQ60LPBfk4AxJ+lW3I4ssgEO94IZRIqSpaYHWtpmvoRA8qjWQJMTp2DGilZuBXTKVQgWNOIl9g7VBzqtsDcUoxmzn8kscvGAA7RmRevcvoCajyHR6lk3SQC+SVCsohxxLj5BGxV4vJV7/QqoseowyR16tCSr/1mWg5rxLImFwKly37oTlVcV7675R7X2Cw7FZkowXfbR9xpUpPdzRIXlRQOy3cj0mCycbimix8NOlUS8V74FxtyiCEPgP+XOE8cVOKRWQReorHxekCLQqz5TXkxgkYtssr0fUSCou0B0eK+h7TGlzPXI4yXYoy+GdLGb1o6e25njf3cOkBI5f6KJhqMCHLySLevr8fj3OTeellUijGibBlQMKc5+AlT+5gcF83MQJTCBfa9O4eJGMnR1x0vXtbNYQ74s3NDLHinwcf/dpkAz2TazO0=,iv:CQK+hwz5vr7TtKzB45FMiBp62aoWIA46nSaCtKxqSjM=,tag:U+P+8vrqzV4kV2eBrCtVGw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPMFkyNXFSbElXS2lqalox
cVRqUUorWlN6ZFlkRE95NmNBY3U2ZU5UQ3pRCkZTYkx3aXFobXRkZ0hkMmxSdnhy
K0ZuYzdTcjZhRVl0WEpmVW5sc1lkb2sKLS0tIGdnNlMzSmdqaURDSlJhQ0NFcUlQ
YzREc3V1OFYxL1hwYlduRVhaZi9NUGMKHDArn+yrYuWg/iFZntwid7GLcwiGBqo7
6jkb7alHWw3J0mw5M5q+oOCnFWYw+Lega2OlNxRF2wv9UDtkGguB1g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-30T12:35:21Z"
mac: ENC[AES256_GCM,data:yzKtA1sW6R3TLnXVTPp3v3Agzwil6qxA76dSSP4boyFSgZB5bNe7aJcE7F4kzdXxZuKgAjZBY0zCYZS3br1hyd1dKrjViWJgpnVngWhKiDPG9ecvfX2JbY2id3mb9QZtmZJ/ZB3MzfntN/Vab+ruJGdkN6G7Iv5FLW5boLeRpJc=,iv:rsRSP5dB2Odf9+pjrlthvSKQHIFg6OfvIj/TK6zSyk4=,tag:Bfn2bBG44GH25a/HTdw5Dw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

47
values/badhouseplants/secrets.team-fortress-2.yaml
View File

@ -1,47 +0,0 @@
env:
secrets:
sensitive: ENC[AES256_GCM,data:QKu+Xg==,iv:eAP8PIvxGq7UOwNJQnyHOYE+mKLnbjEUrZSFk8uPqyA=,tag:htZqjETH91yEhAX/6Xgl/w==,type:bool]
enabled: ENC[AES256_GCM,data:hGszyg==,iv:xqmXykt3WPrVDwxMNxm6BZhJTbIpD+G8/eQv8MG7HI4=,tag:IJn6m6+hPD4eM1WwTLxLYA==,type:bool]
data:
SRCDS_TOKEN: ENC[AES256_GCM,data:2ilNJSRy8F1kl1GMr2Ad8bnK2ZHbgpDZqPEUfb/0J/0=,iv:0IJeLqOT9m3q2Lief6TLxHqRFJeMr5m6MEClziQfOZ4=,tag:i3czXPc5EhARHYt1HbhHnw==,type:str]
SRCDS_WORKSHOP_AUTHKEY: ENC[AES256_GCM,data:hOUKQ5+qulrM4iqbZhzYM/bU09eB5B4pyLZ0EhbtT+c=,iv:zL82fYER9gA7zVRxoagMad2UNjusSuLVlbGaUrirvbg=,tag:2VDaRFeWo1dci/hQIhS/+w==,type:str]
SRCDS_RCONPW: ENC[AES256_GCM,data:cwvHxhCZ6Wk=,iv:LVklzE2DY5JZH5QTd73f6HERrUVH6+Ee/r+Mo2lVe+8=,tag:yUYF8a25KjUabvOO1nWp8g==,type:str]
SRCDS_PW: ENC[AES256_GCM,data:IxgvQ+tj5Ss=,iv:jYA07esoyKfUfc5fCllehoM+wkjVZOOaEu3g+xNp8tI=,tag:dsgr+UGU/dXuqliiBn8erw==,type:str]
files:
servercfg:
sensitive: ENC[AES256_GCM,data:/2rGjA==,iv:0+CWB1FdaI7e95NlyjZ5sZs9U/7J5JYZx+WcFfj4CQM=,tag:lzO9Gmeoz38gsiYu9eLMsQ==,type:bool]
entries:
server.cfg:
data: ENC[AES256_GCM,data:dZBrwvsHXMq5TEb4ctGWKuNQGmifv9ylgJ9ffwf08TglE5Rhxs6pzu+GApEG8wo4xm/rkZZ34bVViuXSiqmtELToj4zuk3mlApQeSgixEngKDYceZwxdsZwFYrE6T9P8x4JfL8S+DbupD+hMV8qRVeceAcaXBm9Y/ZgD8yCt5r4YCrlgWcvEnG6PyG4SAsS5M18VpB25Qhb9JaVYj/MiwkgX1500igFDHlWdFEfvRPBQYQ2kEZsK/aSB1PvEnlflhFgOKnqW1aGWHQdJ3u9PhWh4LLM2j7hydb6sGLlDg2hiDw7qVUbI2taRhzjTYCPnumvpsGoscCQKJE3n8wQ5qcfbB0WBhjnrHWWEXOPNFS3coFpHEXV4A73drairYSoZIQIvsgiyB1Fo4tqbkFUOYrUpCn9a4+rvOgmdr88i7V4U9FwckQ0KUYSHT6UjiAUHwTm2/SqLGEZPq7RX+asU6vRPrPYu4VMzFOOy6//Z9sfEcEGEE4AXBrintJ07HxBsLi2C8twWUuMyu9CJIBl/p0Fijsbxvz0jXBvnPbsH4BkBk66Dp/9tkiZPjh15OCBB7TtPTDnYuLCXJUN1DwpC+HEEpbgD5phTsuBeMPJ+8zv9U46P8y/OYweXfD8w0O/rWUyw+ocohBjkYvMBr3UDzPmNr1p5AGFqhbNOZJPxQ3ciEv/J3GZZn5iq88Kj0Vo4TM8lmPHAZVqCqDW4aUsnCCqJQ7GkPpNz6IS60l+JXNSBPtL+80serwNXwBccgpyB9fFRixLdGAbGcG847/g0q3Rk3IDkipzYyIiZX2lR5+0ov8WkZUXAUHpqFAEu0rZpFuc3HtuozVqjw4Mibrd2WjaSa6O3zVwvMrdUVXyLLzSIp8TH2GvdbH1VcKj+AhMzK7r01IllNaumA6BAH/RKh6XWOwyrlL0fGZloaQYcD1vz7krMjXwe0DXsWr0srHbr9yqTY6508jI7YUI9byvYsjfe4DxJJkiZo4LHDSaXnvZLKePcRFaipNgZWxGwCkaH/OW72ySM0zleuAhsAygFl6fgL48onv6M+S0jx5QAr8KG593XyLiCoh7afHCBZ1j+EiQ7AHW9e4MDsR7COjHUe2AHSNyGMCwoR43sY4c6vBtpoZHBKoevJEpLICsbAjkVB5yYkxzDR9u7+wmXzMS8109hViF2YtXeQ9/H+h1/eGohUvHeu2PWFQmW16NCCzPt8ZJASagmAOz1nSUz+owCva5UOahPm9VRckUYriRfcLazrC0IyrBJyNLDiXkvD7iXWVuUm2VwdPXefhlrIn0ZungssiyalxZHkEUAGDbc7CBLmwiB5fEDDaTokVpPZnJOx57mdMADcxA6+qKW4Ooi4IbFHsuxFMYGpXD3csmSFDc8Nmbau+RATz5NsjiDBmyGRGpSFG/79awjeihQHBL65jyKP3zrLUJHDeP+0Inkk/XXKNmVw+YNSvpNu+ga4PANkOZFk9fhrZg+sD2HOHzKIwXxihyZHIHDMUzv1a1jLKpTACa1i+0mdih/rtbNg8D/5uIpAuSUMZo=,iv:yakHdGa4RzyPeDfbiCZoGTFhnFgxCNcdwUtP1dsGhms=,tag:MyOtEHAfPDmlinQwS8JNQw==,type:str]
motd:
sensitive: ENC[AES256_GCM,data:t5cbqiE=,iv:WwHSfvG5eQURQTVP2KQ9OFvCKw9vqtlzZbEmn/lv+cg=,tag:OuPlOUptQOChYcC1Ept3PA==,type:bool]
enabled: ENC[AES256_GCM,data:4EEw/Q==,iv:cv3ixxGCCn3bLd5RR36ZhdDp1F3s03YIAjmyuDZenkE=,tag:wQi2l6GUI9OklirAlY1gaw==,type:bool]
entries:
motd.txt:
data: ENC[AES256_GCM,data:4zcQEGgc/wIkrJnYBw+ZxkNb7Prnch1zFiMOR0lDDR6/raeY4/e1lEeKGot1ZB98RXzohvZirHCPeQ==,iv:uvIW4dLDP3zWyOTSCIN/hb0GIHtIAEYy97dhCp6Y+b8=,tag:vS7/CXWK5SQu4IjLOXDuGQ==,type:str]
maps:
sensitive: ENC[AES256_GCM,data:7WsG5R0=,iv:HdTgsE4DhX0knJYdXbQ2T9Q21YucYwVM4DrcAhiFyK0=,tag:LqVuR20023UEa1V4AE0LWA==,type:bool]
enabled: ENC[AES256_GCM,data:JPpi+A==,iv:chn+v7RCtEJ+MfEAu66OHc1Nbl6nU3GS+ieTmT7G7dA=,tag:/7tBL/TIPDGvxObE2rAvvQ==,type:bool]
entries:
pl_maps.txt:
data: ENC[AES256_GCM,data:WN/YFxdUy4/WYYrzywYYpMA7EEVPlb95Hz+asvV1myFzAJJ2ew27s8D5nIcg0S9eZyyvzTV2qoI3fkXYR5e9F7ItVAuEgZIT7rKLFczr2m1K5r8by8fH+oHvCxmfbK6WuqY9mDwdYZEYn1iBpOyfb+qvEEr2g6rjNYESnpu0Bf25EHWZq2L84qaoYjLDa4m0BBMlvy9xdKl0fOrqHAPQR4hzCMSRdSLRbKBMLhNybhzytgbWV+1sw+oyNs4iEmAayz+AglHgHketzDSXEwEVMA/zfFqv22lBpPjSzmm/QRdIjXI6i77u2W+mNn+OZ/6m16QEKBHM4EdMoJE96Eu8cC3KnrdYvwyqoiz5t9HcaL6ucp9Sbqq0tvfp8U1X3gEo093yonxtcXIy79/PBJAboo8frzg6mMqntYgNEigsrk73dL754Qgs7b9bHRA2DpWqin8LF4lS4zMKiREFGaQb1fGlNVgpM5ES3TEQ4JyhnVTQHXjnr97On+ebri0u5YOxYoyTpiXEdNwM3lxlb1mEiEFr8k1h67yixrFFZOcM9XUGnQBpYdwXY+bWpwgtulTRKI/iVGaof4uKsaZvkOZGkESR1IOZHlm4NOdshGP1etnprBMTozsrnA3/R2Z/JWVISRlAdgwLDuNawgY2GKn9Bbe3nWU+a8FwifTpKnIk/AB9BwZE4dSvpz7GqY80BVtG7PHj4RiKY8nDO4e1y3wZO7yCPXW4wum6dsmtcR2m2MB+lCDUEbFKLIiuCu2YDo6yvDs2FOF4ht+WmfZnQZmSPa1e1In8IKMbpUvyXp+odVjHqgdGBVv1+M+4VDIHE0Xb4HTm5bpn6/cGi5xQQQtj,iv:+PG9OEQKYZE8dcWtdtXZ6qhsr1P3iTB8XqLVtqHqDgY=,tag:cU1TNcFmarl0e/JtLYPNpg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxcXNQRjZCQUpka0RFYXNm
RVRsQU0wWFBKQXpMcGIwZnEwUFJoUkdWL1RJCjhoWTBjSEdwUktINm5XcFQ0TFZ6
QmxIN0Z1c3hiVGFhNWRwVHRmWUlNR00KLS0tIERJemJTNENXM29xb2d3cVRkRzRZ
Zkg5QUhtM3lLeWZGbCt5WldXRVljemsKT4DIMJfAVRpedIcjUoA1QWz0AoWcwM3T
GEoeTRyzxM/913pQ2TzVfl99ilg+AXJddr/P5Av9NebU5SBRRL0/AA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-07T15:50:40Z"
mac: ENC[AES256_GCM,data:aaQG5T1nOmp8uaC0UDfXRNOsxRc+5D3ctQ1rU3GL3Tzm+xdRNgGI0JNPoihZv3/lkZACGWJe68/y6aEGw14AMMzEjVVw0tvuHdvkVblSBkE9guvkrCzv7uDvbei5Miy0vBpdmTN0AeiQ52l/OYa5Dkb6MhDDDyd6X89dxtAq+P8=,iv:KnDue0Qv/tjNapFeZ91drHi+shXvWjTQJd45mpHPxUI=,tag:ntmZ8u3qCwbjPygLv3PAZw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

30
values/badhouseplants/secrets.vaultwarden.yaml
View File

@ -1,30 +0,0 @@
env:
secrets:
enabled: ENC[AES256_GCM,data:Gv3Unw==,iv:pIls2F+alt1LfJIzfto+6YA4ih9KLBAzutd6Nz4uvlI=,tag:HUXRQI+vvN70eMsgNgeltw==,type:bool]
sensitive: ENC[AES256_GCM,data:/trLBA==,iv:w5IV1c7+d971WHLkhbi2jAT4smGUFNQjWXfAHjqMJtQ=,tag:GErKO9Mev/vNI8hVO0OCOg==,type:bool]
data:
SMTP_USERNAME: ENC[AES256_GCM,data:mxHg,iv:fnC9XmPBSoYg/SaezA9I7hUNcK16z0UyB0ujp8dOV/Q=,tag:Ude8TQ+m358upwTHW4g2vA==,type:str]
ADMIN_PASSWORD: ENC[AES256_GCM,data:arONfkxTVCKOrw4ehk1HGG2MOisfo1oZyw==,iv:T/MAUaHaIVL/oAuAMGwB4x4aNWrnjnvNvM7h4cgL0q0=,tag:F/GYyB1ZxFLxC32hKtsnSg==,type:str]
ADMIN_TOKEN: ENC[AES256_GCM,data:eiXun0SKGMichylKuyJPxRkO0nUbCb+ex1ABr4z/IM5CYgbptCW+b+Lw5BQB+Bf0OzcmX3d/GcwrJKXvbjBBelgMUZGXLfShB3M=,iv:git8/iNUeWPxwt/+1NT+rEoYz12hNUGPD6dg+gCyKTs=,tag:M2BqdsoitGIm3GeFBnG9/w==,type:str]
DATABASE_URL: null
SMTP_PASSWORD: ENC[AES256_GCM,data:KdFR+MmZyGsuHsItX8WNy6r5LXWMgUzJjg==,iv:89e34akVX23Nblm2FNd6u7lX2Z/Zigek8gdjdHD1PTE=,tag:BdpfhbsPHB08gfey80w6gw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0OElmeTA4K1NZUncvRjI2
YldLMHVhQVpKSWdwNHh6RnRZZmhSdC9wUlNzCnk5R2xrQzM4MlNxWFZuV0J5aHkv
VlNlSm02d1JQWlFuTG5USmlwQzdXancKLS0tIEFGSDRtc1pmMnVPWGhJR2NBU2xP
a2h1RE5XWmxxb05IZEU3c3VGaXRmeUUKmIgm5Apj8ipz/h8YYiz+ryVFSsjTCXMv
WWDuNLIhxO3inp6QgwWW1PhDjNWAn1uEULckyFAgDOdwp4Tof4A/ZQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-05T11:05:01Z"
mac: ENC[AES256_GCM,data:Sxc3HM0kCuNNRTn6R9kDWmzx+uJHjXi2245n4EwJBx3faX0WsH5I3ZZfjJl0fKLQJApEaN4i+vu/6fEWIfUrbbHfSLCQQDrj1OpXz0Yz+ett83JY+G41bjgWb316MYvuXp0zFlLsms54jCFMY3aV+ROIDXEGaEYncVwrbIXiJpk=,iv:wHi9wf1iiptgCiDD1yAtBw/xaOfymliihp7RyHg9J0M=,tag:uygWGbkgZyb/KZNCzxyPUg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

23
values/badhouseplants/secrets.woodpecker-agent.yaml
View File

@ -1,23 +0,0 @@
env:
WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:3z3rdQQVxbTx5muyaLmBamvRJ4TvKV+EVsaFyy3+Ccnn5IQlLFBr3MNWBUg=,iv:EGS92qU3Uy/zIICS7snkYjHQli49izhkYS6LAAGO2U8=,tag:8zMCNnIu+0dh5fYGLQgUtw==,type:str]
WOODPECKER_GITEA_SECRET: ENC[AES256_GCM,data:nuSOHH/+ALl84d5L9kalNwZ3GCstKGn3lHdIu7fiU9Uhw0SHRZk/kOKmzCk=,iv:Ya4UI9T0i+ojzY8VsTiCIq46TfJ+3xqluheWXGkcIJU=,tag:Y4kxqsH/PLTZn9tujrdOGg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6L1BQbTJzem5rNnRHRDEv
YVRnZEJEaDlXUnprME1NeW5qZFNNU1hrSERBCkkrdnR1UFhNSXFYZ3pwLzZyOVJ3
bDNpbWZobUJKTkFPVFc1S3JVa1YwMlUKLS0tIE1lK3RSNXNySnZwRHFaTjczbjZH
dlFMR2xEai9Pc3NZR3h6d29XZ0R4aGMKuXgaEmSVdla8JquLkMKvSYAdE+HFd2P4
jT3nfL4oFdC5t1vlz7uAX3DtgoDlUF3+x4qxADi6F3N0QILV0DEezA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-14T08:08:22Z"
mac: ENC[AES256_GCM,data:xi2QnnRQFhxs3R0v63g2f40+2t9eaWbOU85ue4s6Wkr7Fdo6jGG5ThUyBlFyqSO+aKGBHBYHHmNVG+gloFw2vhmG2tFloUtj+6vttAV4sxJrK4ixEsb8JHlAdLPTG8h0ILhPaTj5PQLrVF6q9QkJaRMUCa9alAWf8kQI3GLUJeo=,iv:426Eo1NbcjarA2fT7H8Q2DQW3PEBUWKSjgl6lUI2Y0o=,tag:6pU0kjAKskcCvha71mKLSw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

23
values/badhouseplants/secrets.woodpecker-ci-kube.yaml
View File

@ -1,23 +0,0 @@
agent:
env:
WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:anLCJ+6tbLehtjm5B+MkQ91FLbYIYWVU7VCQN7pPSBEgo4N6bsaWxVG7kca8aIuRkwItmRSj/ZZqvbsRZa8Deg==,iv:5Trc3lT3zwegVm0NYamIv41TKsOziNga5VuD5t7TV9Q=,tag:3xz6oqWwsW44z15aepWOWA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDSnpmYTJBWlVGMlFIV1dG
SjNnZEtUVUx4dWc4N2puUWhPWVZlWHZkQTJFCjA5MCs1Q2R1K0lLS0dJaG1MWTRz
dGZtZW82M2VsZ2RlZHZndUZGdDl3RjAKLS0tIFdqclNXaU9rOU1XbkVieXoyYXIr
SjFSRDhtNDdwZGdFN2FSYjRML2MwTlEKf3SUMrlZN6uuF52MumFx6pn1xU7Dsy1I
VEUs4Io1W4OGRAG0IKme+nMAAQIwWHQFHgKnkhuN8IwpUB/sC4NjOQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-14T08:08:22Z"
mac: ENC[AES256_GCM,data:2d4yOBSWyQI6Dr0oDsv3Z+Sxuj3/8jlCdArKOpcLWSTKNaRCwXzzBxtv73v7uMjVNsuSkLujgeT3WCeW/oPGrKMVAGYqPAAeb1Gn6dlFeX5hJny9m+jyCByecrbqqy/ADWWy2Hp8yK/WZ+5LDrie6D976MGvdoKD3uIrbJt5za4=,iv:Q4I+Uh8PIy/gKUd8JgtXwHdwzTGd0irUdUQklRcLPDI=,tag:WADvJgqLxXMvBlgKzNWbkQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

22
values/badhouseplants/secrets.zot-mirror.yaml
View File

@ -1,22 +0,0 @@
authHeader: ENC[AES256_GCM,data:nmlP0vRoKJRivvwJArnEO26sqIwFtnK5MYVPJBBCmAGCPpe/U00gYu6JET0gPqGV,iv:+GZwWrxoWw0mAZxZdITBLtHgRKYIyaj/NQwHbD8KppA=,tag:MAer3FiaBxyNwJr0BbDtow==,type:str]
_mirror_password: ENC[AES256_GCM,data:W2xy2RMmD4d6N+DNceIgtDGUpygOGEbWgGa9Icsy,iv:YsQfm/EmBYY35q2irlZ2rmzkbJzlFnfgMSEKq0G1I5o=,tag:7rNG02Wm9g8GUXeM4nTHqA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVUlyVFZWcWFuWnEyS2Nv
Tkx6aTZKY1czQ25RTHhKNWNNQ0xIaWJLb1VFCkdoT0RBTW9EWG8zbzYxekdsUEY2
bE9nQUthV3NCa0kzRnBwZ2U2MWlVNzAKLS0tIFY4RVJDM05ZVmR3NEt5YUlpOWZa
ZVc1bmJnU1o4U3NGaGN0Sk90YTR0ckkK8gmkHty4Gwt4vuVK3xhWWg4h/EgvJULh
Trgn0lzx2pCThg/+82u5J1T/QLXdbbDFFFwGldiMwNjZQfpOmrZpVw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-26T21:04:45Z"
mac: ENC[AES256_GCM,data:cTN6wq1m1XtsfNujCfQ4nKtX1Pkc8MFCipUeScDLJUuZZwg4St0h1OkYtYJBWeVSt3CSjjexQpb7Oi9K8wukboIVevaIj0BTT1hkf2ZUFeIV8W62mtftfdRex0yJ/4h1gTZaYBhHEw+qD6r+XvavDs1m22FF5RuF+5qfGUEWA4I=,iv:RsVuXbLVfZSJ7AkIvEdf7H2auFTiqXgpXLe/LbATAo8=,tag:1V5eIiJzjzv4C1JNNf5Quw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

87
values/badhouseplants/values.argo-badhouseplants.net
View File

@ -1,87 +0,0 @@
applications: {}
# guestbook:
# namespace: argocd
# additionalLabels: {}
# additionalAnnotations: {}
# finalizers:
# - resources-finalizer.argocd.argoproj.io
# project: guestbook
# source:
# repoURL: https://github.com/argoproj/argocd-example-apps.git
# targetRevision: HEAD
# path: guestbook
# directory:
# recurse: true
# # ArgoCD v2.6 or later
# sources:
# - chart: elasticsearch
# repoURL: https://helm.elastic.co
# targetRevision: 8.5.1
# - repoURL: https://github.com/argoproj/argocd-example-apps.git
# path: guestbook
# targetRevision: HEAD
# destination:
# server: https://kubernetes.default.svc
# namespace: guestbook
# syncPolicy:
# automated:
# prune: false
# selfHeal: false
# syncOptions:
# - CreateNamespace=true
# revisionHistoryLimit: null
# ignoreDifferences:
# - group: apps
# kind: Deployment
# jsonPointers:
# - /spec/replicas
# info:
# - name: url
# value: https://argoproj.github.io/
# -- Deploy Argo CD Projects within this helm release
# @default -- `{}` (See [values.yaml])
## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/
projects: {}
# guestbook:
# namespace: argocd
# additionalLabels: {}
# additionalAnnotations: {}
# permitOnlyProjectScopedClusters: false
# finalizers:
# - resources-finalizer.argocd.argoproj.io
# description: Example Project
# sourceRepos:
# - '*'
# destinations:
# - namespace: guestbook
# server: https://kubernetes.default.svc
# clusterResourceWhitelist: []
# clusterResourceBlacklist: []
# namespaceResourceBlacklist:
# - group: ''
# kind: ResourceQuota
# - group: ''
# kind: LimitRange
# - group: ''
# kind: NetworkPolicy
# orphanedResources: {}
# roles: []
# namespaceResourceWhitelist:
# - group: 'apps'
# kind: Deployment
# - group: 'apps'
# kind: StatefulSet
# orphanedResources: {}
# roles: []
# syncWindows:
# - kind: allow
# schedule: '10 1 * * *'
# duration: 1h
# applications:
# - '*-prod'
# manualSync: true
# signatureKeys:
# - keyID: ABCDEF1234567890
# sourceNamespaces:
# - argocd

40
values/badhouseplants/values.bitwarden.yaml
View File

@ -1,40 +0,0 @@
---
image:
repository: vaultwarden/server
tag: 1.28.1
istio:
enabled: true
istio:
- name: bitwarden-http
gateway: istio-system/badhouseplants-net
kind: http
hostname: bitwarden.badhouseplants.net
service: bitwarden-vaultwarden
port: 80
# pathType is only for k8s >= 1.1=
pathType: Prefix
env:
SIGNUPS_ALLOWED: false
DOMAIN: "https://bitwarden.badhouseplants.net"
WEB_VAULT_ENABLED: true
persistence:
enabled: true
accessMode: ReadWriteOnce
size: 800Mi
storageClass: longhorn
smtp:
host: badhouseplants.net
security: "starttls"
port: 587
from: bitwarden@badhouseplants.net
fromName: bitwarden
username:
value: overlord@badhouseplants.net
authMechanism: "Plain"
acceptInvalidHostnames: "false"
acceptInvalidCerts: "false"

10
values/badhouseplants/values.cilium.yaml
View File

@ -1,10 +0,0 @@
operator:
replicas: 1
endpointRoutes:
# -- Enable use of per endpoint routes instead of routing via
# the cilium_host interface.
enabled: true
ipam:
ciliumNodeUpdateRate: "15s"
operator:
clusterPoolIPv4PodCIDRList: ["192.168.0.0/16"]

21
values/badhouseplants/values.db-instances.yaml
View File

@ -1,21 +0,0 @@
dbinstances:
postgres16:
monitoring:
enabled: false
adminSecretRef:
Name: postgres16-secret
Namespace: databases
engine: postgres
generic:
host: postgres16-postgresql.databases.svc.cluster.local
port: 5432
postgres17:
monitoring:
enabled: false
adminSecretRef:
Name: postgres17-secret
Namespace: databases
engine: postgres
generic:
host: postgres17-postgresql.databases.svc.cluster.local
port: 5432

72
values/badhouseplants/values.funkwhale.yaml
View File

@ -1,72 +0,0 @@
---
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
istio:
enabled: true
istio:
- name: funkwhale-http
gateway: istio-system/badhouseplants-net
kind: http
hostname: funkwhale.badhouseplants.net
service: funkwhale
port: 80
ext-database:
enabled: true
name: funkwhale-postgres16
instance: postgres16
replicaCount: 1
celery:
worker:
replicaCount: 1
beat:
resources:
limits:
cpu: 100m
memory: 512Mi
requests:
cpu: 10m
memory: 75Mi
ingress:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
host: funkwhale.badhouseplants.net
protocol: http
tls:
- secretName: funkwhale-tls-secret
hosts:
- funkwhale.badhouseplants.net
extraEnv:
FUNKWHALE_HOSTNAME: funkwhale.badhouseplants.net
FUNKWHALE_PROTOCOL: https
persistence:
enabled: true
accessMode: ReadWriteMany
size: 10Gi
s3:
enabled: false
postgresql:
enabled: false
host: postgres16-postgresql.databases.svc.cluster.local
auth:
username: applications-funkwhale-postgres16
database: applications-funkwhale-postgres16
redis:
enabled: false
host: redis-master.databases.svc.cluster.local
auth:
enabled: true
database: 3

151
values/badhouseplants/values.gitea-archived.yaml
View File

@ -1,151 +0,0 @@
# ------------------------------------------
# -- Database extension is used to manage
# -- database with db-operator
# ------------------------------------------
ext-database:
enabled: true
name: gitea-postgres16
instance: postgres16-gitea
traefik:
enabled: true
tcpRoutes:
- name: gitea-ssh
service: gitea-archived-ssh
match: HostSNI(`*`)
entrypoint: ssh
port: 22
# ------------------------------------------
# -- Kubernetes related values
# ------------------------------------------
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
hosts:
- host: git.badhouseplants.net
paths:
- path: /
pathType: Prefix
tls:
- secretName: gitea-tls-secret
hosts:
- git.badhouseplants.net
replicaCount: 1
clusterDomain: cluster.local
resources:
limits:
cpu: 512m
memory: 1024Mi
requests:
cpu: 512m
memory: 256Mi
persistence:
enabled: true
size: 15Gi
accessModes:
- ReadWriteOnce
# ------------------------------------------
# -- Main Gitea settings
# ------------------------------------------
gitea:
metrics:
enabled: true
serviceMonitor:
# -- TODO(@allanger): Enable it once prometheus is configured
enabled: false
config:
database:
DB_TYPE: postgres
HOST: postgres16-gitea-postgresql.databases.svc.cluster.local
NAME: applications-gitea-postgres16
USER: applications-gitea-postgres16
APP_NAME: Bad Houseplants Gitea
ui:
meta:
AUTHOR: Bad Houseplants
DESCRIPTION: ...by allanger
repository:
DEFAULT_BRANCH: main
MAX_CREATION_LIMIT: 0
DISABLED_REPO_UNITS: repo.wiki
service:
DISABLE_REGISTRATION: false
server:
DOMAIN: git.badhouseplants.net
ROOT_URL: https://git.badhouseplants.net
LFS_START_SERVER: true
LANDING_PAGE: explore
START_SSH_SERVER: true
admin:
DISABLE_REGULAR_ORG_CREATION: true
packages:
ENABLED: true
cron:
enabled: true
attachment:
MAX_SIZE: 100
actions:
ENABLED: true
oauth2_client:
REGISTER_EMAIL_CONFIRM: false
ENABLE_AUTO_REGISTRATION: true
session:
PROVIDER: redis
cache:
ENABLED: true
ADAPTER: redis
queue:
TYPE: redis
mailer:
ENABLED: true
FROM: gitea@badhouseplants.net
PROTOCOL: smtp+startls
SMTP_ADDR: badhouseplants.net
SMTP_PORT: 587
USER: overlord@badhouseplants.net
indexer:
REPO_INDEXER_ENABLED: true
REPO_INDEXER_PATH: indexers/repos.bleve
MAX_FILE_SIZE: 1048576
REPO_INDEXER_EXCLUDE: resources/bin/**
picture:
ENABLE_FEDERATED_AVATAR: false
service:
ssh:
type: ClusterIP
port: 22
clusterIP:
# ------------------------------------------
# -- Disabled dependencies
# ------------------------------------------
postgresql-ha:
enabled: false
redis-cluster:
enabled: false
# extraDeploy:
# - |
# {{- if $.Capabilities.APIVersions.Has "traefik.io/v1alpha1/IngressRouteTCP" }}
# apiVersion: traefik.io/v1alpha1
# kind: IngressRouteTCP
# metadata:
# name: {{ include "gitea.fullname" . }}-ssh
# spec:
# entryPoints:
# - ssh
# routes:
# - match: HostSNI('*')
# services:
# - name: "{{ include "gitea.fullname" . }}-ssh"
# port: 22
# nativeLB: true
# {{- end }}

156
values/badhouseplants/values.gitea.yaml
View File

@ -1,156 +0,0 @@
# ------------------------------------------
# -- Database extension is used to manage
# -- database with db-operator
# ------------------------------------------
ext-database:
enabled: true
name: gitea-postgres16
instance: postgres16
traefik:
enabled: true
tcpRoutes:
- name: gitea-ssh
service: gitea-ssh
match: HostSNI(`*`)
entrypoint: ssh
port: 22
# ------------------------------------------
# -- Kubernetes related values
# ------------------------------------------
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
external-dns.alpha.kubernetes.io/ingress-hostname-source: defined-hosts-only
hosts:
- host: gitea.badhouseplants.net
paths:
- path: /
pathType: Prefix
tls:
- secretName: gitea.badhouseplants.net
hosts:
- gitea.badhouseplants.net
replicaCount: 1
clusterDomain: cluster.local
resources:
limits:
memory: 1.5Gi
cpu: 1
requests:
cpu: 1
memory: 1.5Gi
persistence:
enabled: true
size: 15Gi
accessModes:
- ReadWriteOnce
# ------------------------------------------
# -- Main Gitea settings
# ------------------------------------------
gitea:
metrics:
enabled: true
serviceMonitor:
enabled: true
config:
database:
DB_TYPE: postgres
HOST: postgres16-postgresql.databases.svc.cluster.local
NAME: applications-gitea-postgres16
USER: applications-gitea-postgres16
APP_NAME: Bad Houseplants Gitea
ui:
meta:
AUTHOR: Bad Houseplants
DESCRIPTION: '...by allanger'
repository:
DEFAULT_BRANCH: main
MAX_CREATION_LIMIT: 0
DISABLED_REPO_UNITS: repo.wiki
service:
DISABLE_REGISTRATION: false
server:
DOMAIN: gitea.badhouseplants.net
ROOT_URL: https://gitea.badhouseplants.net
LFS_START_SERVER: true
LANDING_PAGE: explore
START_SSH_SERVER: true
ENABLE_PPROF: true
storage:
STORAGE_TYPE: minio
MINIO_ENDPOINT: "s3.badhouseplants.net:443"
MINIO_ACCESS_KEY_ID: gitea
MINIO_BUCKET: gitea
MINIO_LOCATION: us-east-1
MINIO_USE_SSL: true
admin:
DISABLE_REGULAR_ORG_CREATION: true
packages:
ENABLED: true
cron:
enabled: true
attachment:
MAX_SIZE: 100
actions:
ENABLED: true
oauth2_client:
REGISTER_EMAIL_CONFIRM: false
ENABLE_AUTO_REGISTRATION: true
session:
PROVIDER: redis
cache:
ENABLED: true
ADAPTER: redis
queue:
TYPE: redis
mailer:
ENABLED: true
FROM: bot@badhouseplants.net
PROTOCOL: smtp+startls
SMTP_ADDR: stalwart.badhouseplants.net
SMTP_PORT: 587
USER: bot
indexer:
REPO_INDEXER_ENABLED: true
REPO_INDEXER_PATH: indexers/repos.bleve
MAX_FILE_SIZE: 1048576
REPO_INDEXER_EXCLUDE: resources/bin/**
picture:
ENABLE_FEDERATED_AVATAR: false
service:
ssh:
type: ClusterIP
port: 22
clusterIP:
# ------------------------------------------
# -- Disabled dependencies
# ------------------------------------------
postgresql-ha:
enabled: false
redis-cluster:
enabled: false
# extraDeploy:
# - |
# {{- if $.Capabilities.APIVersions.Has "traefik.io/v1alpha1/IngressRouteTCP" }}
# apiVersion: traefik.io/v1alpha1
# kind: IngressRouteTCP
# metadata:
# name: {{ include "gitea.fullname" . }}-ssh
# spec:
# entryPoints:
# - ssh
# routes:
# - match: HostSNI('*')
# services:
# - name: "{{ include "gitea.fullname" . }}-ssh"
# port: 22
# nativeLB: true
# {{- end }}

17
values/badhouseplants/values.istio-ingressgateway.yaml
View File

@ -1,17 +0,0 @@
service:
type: LoadBalancer
externalTrafficPolicy: Local
ports:
- name: xray
port: 27015
protocol: TCP
targetPort: 27015
podAnnotations:
proxy.istio.io/config: '{"gatewayTopology" : { "numTrustedProxies": 0, "forwardClientCertDetails": SANITIZE } }'
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 200m
memory: 1024Mi

0
values/badhouseplants/values.istiod.yaml
View File

2
values/badhouseplants/values.kyverno.yaml
View File

@ -1,2 +0,0 @@
config:
excludeKyvernoNamespace: false

6
values/badhouseplants/values.local-path-provisioner.yaml
View File

@ -1,6 +0,0 @@
storageClass:
create: true
defaultClass: false
defaultVolumeType: local
reclaimPolicy: Delete
volumeBindingMode: Immediate

35
values/badhouseplants/values.memos.yaml
View File

@ -1,35 +0,0 @@
shortcuts:
hostname: notes.badhouseplants.net
ext-database:
enabled: true
name: memos-postgres16
instance: postgres16
credentials:
MEMOS_DRIVER: postgres
MEMOS_DSN: "{{ .Protocol }}://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable"
base:
workload:
containers:
memos:
envFrom:
main: {}
raw:
- secretRef:
name: memos-postgres16-creds
storage:
data:
metadata:
annotations:
volume.kubernetes.io/selected-node: bordeaux
storageClassName: openebs-hostpath
ingress:
main:
metadata:
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure

5
values/badhouseplants/values.metallb-resources.yaml
View File

@ -1,5 +0,0 @@
metallb:
enabled: true
ippools:
- name: fuji
addresses: 195.201.249.91-195.201.249.91

48
values/badhouseplants/values.navidrome-private.yaml
View File

@ -1,48 +0,0 @@
shortcuts:
hostname: navidrome.badhouseplants.net
ingress:
main:
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
env:
main:
enabled: true
sensitive: false
remove: []
data:
ND_MUSICFOLDER: /app/music
ND_DATAFOLDER: /app/data
ND_LOGLEVEL: info
ND_BASEURL: 'https://{{ .Values.shortcuts.hostname }}'
files:
rclone-config:
enabled: true
sensitive: true
remove: []
entries:
rclone.conf:
data: |
[music-data]
type = s3
provider = Minio
endpoint = s3.badhouseplants.net
location_constraint = us-west-1
access_key_id = allanger
secret_access_key = fPN3Nv6yDWVnZ7V7eRZ
rclone-script:
enabled: true
sensitive: false
remove: []
entries:
rclone-script:
data: |
#!/usr/bin/sh
while true; do
rclone --config /app/rclone.conf sync -P music-data:/music /app/music
sleep 10
done

52
values/badhouseplants/values.navidrome.yaml
View File

@ -1,52 +0,0 @@
middleware:
enabled: true
middlewares:
- name: navidromeauth
spec:
headers:
customRequestHeaders:
Remote-User: "guest"
shortcuts:
hostname: music.badhouseplants.net
ingress:
main:
annotations:
traefik.ingress.kubernetes.io/router.middlewares: applications-navidromeauth@kubernetescrd
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
env:
main:
enabled: true
sensitive: false
remove: []
data:
ND_MUSICFOLDER: /app/music
ND_DATAFOLDER: /app/data
ND_LOGLEVEL: info
ND_BASEURL: 'https://{{ .Values.shortcuts.hostname }}'
ND_REVERSEPROXYUSERHEADER: "Remote-User"
ND_REVERSEPROXYWHITELIST: "0.0.0.0/0"
ND_LASTFM_ENABLED: false
ND_LISTENBRAINZ_ENABLED: false
ND_ENABLEUSEREDITING: false
ND_ENABLEFAVOURITES: false
ND_ENABLESTARRATING: false
ND_ENABLEEXTERNALSERVICES: false
ND_ENABLESHARING: true
files:
rclone-config:
enabled: true
sensitive: false
remove: []
entries:
rclone.conf:
data: |
[music-data]
type = s3
provider = Minio
endpoint = s3.badhouseplants.net
location_constraint = us-west-1

45
values/badhouseplants/values.openvpn.yaml
View File

@ -1,45 +0,0 @@
image:
repository: zot.badhouseplants.net/allanger/container-openvpn
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
# istio:
# enabled: true
# istio:
# - name: openvpn-tcp-xor
# gateway: istio-system/badhouseplants-vpn
# kind: tcp
# port_match: 1194
# hostname: "*"
# service: openvpn-xor
# port: 1194
# ------------------------------------------
traefik:
enabled: true
tcpRoutes:
- name: openvpn
service: openvpn
match: HostSNI(`*`)
entrypoint: openvpn
port: 1194
tcproute:
enabled: false
storage:
size: 128Mi
openvpn:
proto: tcp
host: 195.201.249.91
easyrsa:
cn: Bad Houseplants
country: Germany
province: NRW
city: Duesseldorf
org: Bad Houseplants
email: allanger@zohomail.com
service:
type: ClusterIP
port: 1194
targetPort: 1194
protocol: TCP

11
values/badhouseplants/values.postgres.yaml
View File

@ -1,11 +0,0 @@
architecture: standalone
auth:
database: postgres
primary:
persistence:
size: 1Gi
metrics:
enabled: false

24
values/badhouseplants/values.roles.yaml
View File

@ -1,24 +0,0 @@
roles:
- name: xray-admin
namespace: public-xray
kind: Role
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
namespace: ["public-xray"]
bindings:
- name: woodpecker-ci
namespace: pipelines
kind: ClusterRoleBinding
subjects:
- kind: ServiceAccount
namespace: pipelines
name: woodpecker-ci
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
sa:
- name: woodpecker-ci
namespace: pipelines

22
values/badhouseplants/values.server-xray.yaml
View File

@ -1,22 +0,0 @@
traefik:
enabled: true
tcpRoutes:
- name: server-xray
service: server-xray-xray-https
match: HostSNI(`*`)
entrypoint: xray
port: 443
shortcuts:
hostname: xray.badhouseplants.net
ingress:
main:
enabled: true
annotations:
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.class: traefik
kubernetes.io/ingress.global-static-ip-name: ""
kubernetes.io/tls-acme: "true"
meta.helm.sh/release-name: xray
meta.helm.sh/release-namespace: xray
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure

40
values/badhouseplants/values.team-fortress-2.yaml
View File

@ -1,40 +0,0 @@
workload:
kind: Deployment
containers:
tf2:
mounts:
files:
maps:
mode: 420
path: /home/steam/tf-dedicated/tf/cfg/pl_maps.txt
subPath: pl_maps.txt
motd:
mode: 420
path: /home/steam/tf-dedicated/tf/cfg/motd.txt
subPath: motd.txt
traefik:
enabled: true
tcpRoutes:
- name: team-fortress-2
service: team-fortress-2-tf2-rcon
match: HostSNI(`*`)
entrypoint: tf2-rcon
port: 27015
udpRoutes:
- name: team-fortress-2
service: team-fortress-2-tf2
match: HostSNI(`*`)
entrypoint: tf2-main
port: 27015
storage:
data:
size: 16G
env:
environment:
sensitive: false
data:
SRCDS_STARTMAP: "pl_goldrush"
SRCDS_HOSTNAME: "I hate CS2"

68
values/badhouseplants/values.vaultwarden.yaml
View File

@ -1,68 +0,0 @@
shortcuts:
hostname: vault.badhouseplants.net
ext-database:
enabled: true
name: vaultwarden-postgres16
instance: postgres16
credentials:
DATABASE_URL: "{{ .Protocol }}://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}"
workload:
kind: Deployment
strategy:
type: RollingUpdate
containers:
vaultwarden:
securityContext: {}
mounts:
storage:
data:
path: /app/data/
envFrom:
- main
- secrets
- secretRef:
name: vaultwarden-postgres16-creds
ingress:
main:
class: traefik
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
storage:
data:
accessModes:
- ReadWriteOnce
env:
main:
enabled: true
sensitive: false
data:
DOMAIN: https://vault.badhouseplants.net
SMTP_HOST: stalwart.badhouseplants.net
SMTP_SECURITY: "starttls"
SMTP_PORT: 587
SMTP_FROM: vault@badhouseplants.net
SMTP_FROM_NAME: Vault Warden
SMTP_AUTH_MECHANISM: "Plain"
SMTP_ACCEPT_INVALID_HOSTNAMES: "false"
SMTP_ACCEPT_INVALID_CERTS: "false"
SMTP_DEBUG: false
DATA_FOLDER: /app/data/
ROCKET_PORT: 8080
SHOW_PASSWORD_HINT: true
SIGNUPS_ALLOWED: false
INVITATIONS_ALLOWED: true
SIGNUPS_DOMAINS_WHITELIST: "*"
SIGNUPS_VERIFY: true
WEB_VAULT_ENABLED: true
LOG_FILE: /app/logs/log.txt
LOG_LEVEL: info
DB_CONNECTION_RETRIES: 10
DATABASE_MAX_CONNS: 10
ORG_GROUPS_ENABLED: true
ORG_EVENTS_ENABLED: true
ORG_CREATION_USERS: ""

16
values/badhouseplants/values.woodpecker-ci-kube.yaml
View File

@ -1,16 +0,0 @@
server:
enabled: false
agent:
enabled: true
extraSecretNamesForEnvFrom: []
env:
WOODPECKER_SERVER: woodpecker-ci-server:9000
WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 2Gi
WOODPECKER_BACKEND_K8S_NAMESPACE: pipelines
WOODPECKER_BACKEND_K8S_STORAGE_CLASS: openebs-hostpath
WOODPECKER_FILTER_LABELS: purpose=kubernetes
serviceAccount:
create: true
rbac:
create: true
replicaCount: 1

160
values/badhouseplants/values.zot-mirror.yaml
View File

@ -1,160 +0,0 @@
image:
repository: ghcr.io/project-zot/zot
tag: v2.1.3-rc4
ingress:
enabled: true
className: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
pathtype: Prefix
hosts:
- host: registry.badhouseplants.net
paths:
- path: /
tls:
- secretName: registry.badhouseplants.net
hosts:
- registry.badhouseplants.net
service:
type: ClusterIP
persistence: false
pvc:
create: true
lavels:
velero.io/exclude-from-backup: true
mountConfig: true
mountSecret: true
configFiles:
config.json: |-
{
"distSpecVersion": "1.1.1",
"storage": {
"dedupe": true,
"gc": true,
"rootDirectory": "/var/lib/registry",
"retention": {
"dryRun": false,
"delay": "24h",
"policies": [
{
"repositories": [
"**"
],
"deleteReferrers": false,
"deleteUntagged": true,
"keepTags": [
{
"mostRecentlyPulledCount": 2
}
]
}
]
}
},
"http": {
"address": "0.0.0.0",
"port": "5000",
"externalUrl": "https://registry.badhouseplants.net",
"auth": {
"htpasswd": {
"path": "/secret/htpasswd"
}
},
"accessControl": {
"metrics": {
"users": [
"admin"
]
},
"repositories": {
"**": {
"anonymousPolicy": [],
"policies": [
{
"users": [
"mirror_user",
"overlord"
],
"actions": [
"read",
"create",
"update",
"delete"
]
}
]
}
}
}
},
"log": {
"level": "info"
},
"extensions": {
"scrub": {
"enable": true
},
"metrics": {
"enable": true,
"prometheus": {
"path": "/metrics"
}
},
"mgmt": {
"enable": false
},
"sync": {
"enable": true,
"registries": [
{
"urls": [
"https://docker.io/library",
"https://docker.io"
],
"content": [
{
"prefix": "**",
"destination": "/dockerhub"
}
],
"onDemand": true,
"tlsVerify": true
},
{
"urls": [
"https://registry.k8s.io"
],
"content": [
{
"prefix": "**",
"destination": "/k8s"
}
],
"onDemand": true,
"tlsVerify": true
},
{
"urls": [
"https://quay.io"
],
"content": [
{
"prefix": "**",
"destination": "/quay"
}
],
"onDemand": true,
"tlsVerify": true
}
]
}
}
}
secretFiles:
htpasswd: |-
overlord:$2y$05$RhAeAsFY32y8h0japhT72.SQTPXgHc54RCp4CZ4Udsg2.iQxJVeZ.
mirror_user:$2y$05$PkvVMY04ZGvuGUXkrez7peyXevl63ugFbdxZ.ON1G/Tof/0Uf5vZi

27
values/badhouseplants/values.zot.yaml
View File

@ -1,27 +0,0 @@
image:
repository: ghcr.io/project-zot/zot
tag: v2.1.3-rc4
ingress:
enabled: true
className: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
pathtype: Prefix
hosts:
- host: zot.badhouseplants.net
paths:
- path: /
tls:
- secretName: zot.badhouseplants.net
hosts:
- zot.badhouseplants.net
service:
type: ClusterIP
persistence: false
pvc:
create: false
mountConfig: true
mountSecret: true

0
values/etersoft/values.memos.yaml → values/etersoft/applications/memos/values.yaml
View File

0
values/etersoft/values.qbittorrent.yaml → values/etersoft/applications/qbittorrent/values.yaml
View File

0
values/etersoft/secrets.vaultwardentest.yaml → values/etersoft/applications/vaultwardentest/secrets.yaml
View File

0
values/etersoft/values.vaultwardentest.yaml → values/etersoft/applications/vaultwardentest/values.yaml
View File

0
values/etersoft/secrets.server-xray-public.yaml → values/etersoft/public-xray/server-xray-public/secrets.yaml
View File

0
values/etersoft/values.server-xray-public.yaml → values/etersoft/public-xray/server-xray-public/values.yaml
View File

0
values/etersoft/values.xray-docs.yaml → values/etersoft/public-xray/xray-docs/values.yaml
View File

25
values/etersoft/secrets.db-instances.yaml
View File

@ -1,25 +0,0 @@
dbinstances:
postgres16:
secrets:
adminUser: ENC[AES256_GCM,data:rxSV97yqRDU=,iv:8gqGL14LDS2zKDlImdNPMYYX3J8epZvlytjOfuxSP2I=,tag:s95IsFyLj7oIy5Tm12oJZg==,type:str]
adminPassword: ENC[AES256_GCM,data:VgU22sobeBBdjxhth44Llugp,iv:Y2jTlURdgjc/rpydwu1YCEmZgVkRkuBytQmds2ZO3pk=,tag:Abxa+/m3a3L4xNwEFqqncw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBubjJWVzg2ZitheWFhUlND
N05nYmlWUzdtVE4xT3NwMnVIbThLam1KQkRFCnA3a2FucS9sdFVHNnBUU285dGZz
dUZvT0xRZ1JLcnNTMVdrSnJBUkJzZW8KLS0tIHJoTlVYVmpjSDJob3RpOG45MEtx
NTBZb2pRNEM5TWJiRUkzWHRyVTdaUmcK9oYd7htT3Wt2HLUFGHQrBfiAfKUaFitr
UcBA/MXGcJt3Wq6Tw8ujNqQbDrftAd+sRWTO8rNqTGK02zXvkmu1sA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-05T10:54:18Z"
mac: ENC[AES256_GCM,data:tvfGmnwG8nJ/1r0OZBjuU3jCSsC4V1DqjqriARti51RA4AsRFodyl1QMbLoaHgwzLLqbe6Xy62n1EU/icgmiEdEbpBZ7kEuyQ0Q9M0mkZgQVrvF126Tdd11ylswO9imSknaWmvnb0nwj0ZV1daOCqF3NCl+HaP0NiTlCy18aP74=,iv:OYvQDBhxTDEmfBWXtcAluGX9sYGVj8Ki3mZXPVvpYwk=,tag:M7VgUVQoxVC63kGJol6DUA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

23
values/etersoft/secrets.external-dns.yaml
View File

@ -1,23 +0,0 @@
env:
- name: ENC[AES256_GCM,data:I+XVWWOUmm7Cd4mQ,iv:rfUzb5HMPVyNfzkCP2frVDxD+v4lTPzILRifcS3uG6s=,tag:1sXONdAjMZ85S8abMVZM1A==,type:str]
value: ENC[AES256_GCM,data:h8sYBvFfm7uFoklqXE7QLNkikl1ihHz/KN4uYiZlRJBZkiUBbTk/Vg==,iv:/y6RdHVWwwBym5HiBaxEatTWG7I/gNY9ZIaQc4bk9h0=,tag:PytkOjvY3fy6XeLNmGPrXA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBra0RUWVFDUXN0ejAxemE2
VFlRcEtLNDJUblA3ZmoyMExPWWpjZzlVYjJzCnZVZDNSbnpjcFRUQ0hOMWxLNUZi
RTg5Z2JVZzVoVFVYSVErcWdnbHVvVVkKLS0tIHdZMjVsc3lHRzlJODRWSEh0Wm8w
M09rOXZ3OHZVUUVlWWIwaTN0Z2RqRmcKe1ny6FJIFwR6Un0HBFZK2KXkzUQA63rU
JR7mpEzr2h2oXxOmyc7HeFFi2R66zendFzfhNcvSlm2L5td2Pnxyxg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-16T14:21:42Z"
mac: ENC[AES256_GCM,data:SNHNvmPCt/6Xwd6xoCh5uHF1erhWpTfzEQ/krTvYtByvT7XvDtXjtslJqAa8RkNPl2QV34epWcj/Ff6xud9tvLdAR4Gj4MPJD8WBLUUFul4rvoXfaHyHhSanYmiOhdF0mArE81qsBY918LFS5fdWMrxCNDrHbDtW76KBoLcDUto=,iv:8/ZxjrER1151RGjSdICVjj8ptyQn60SInakqABXWQZE=,tag:/bQsE3TCXoMbXoAF1UErOw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

38
values/etersoft/secrets.minio-self.yaml
View File

@ -1,38 +0,0 @@
rootPassword: ENC[AES256_GCM,data:4rs7judCzIEqSRfGi8HLmzVftOinmHRAGA==,iv:t6bRBgKOQ+kGn9v0tixllqyeyEWuQTzBMLq36rixY8o=,tag:SZuW/gvFFI+nn/vtKSmc0w==,type:str]
users:
- accessKey: ENC[AES256_GCM,data:wJ+sB2Jlt84=,iv:lrhvu5BfIRl6kmmVp/SzDHkS7KlZ/bB8Al5hKUOzmNY=,tag:XuC2cM6Twl/KaOPbEphgWw==,type:str]
secretKey: ENC[AES256_GCM,data:n5SSGB1AhxZm2uOrdW5kVLbUid8sACwyQw==,iv:hrMcDAWiXz14Q6Wf+bnxxJxFLL1QJBEr0JjWqTPBLN0=,tag:vekhUJFpIv4QmXFTuupOOA==,type:str]
policy: ENC[AES256_GCM,data:javfx3iMs44=,iv:naNJLTEs62JDgUgKWSRcCclsslJZkiazyJ0iyhTO3cM=,tag:7yOHyC0BfV/41zWDd0m4sg==,type:str]
- accessKey: ENC[AES256_GCM,data:oRP+H3vA,iv:N6XQ34NYrCfFci5dw6nQroc/tqByz4ilnQCDh4ZKL5A=,tag:2UFZDLdjBUN0HqRLXh87lw==,type:str]
secretKey: ENC[AES256_GCM,data:LPzli0O0ePL2vghWNsf07P41G3+aXUdBUQ==,iv:vu/TI1jU9/m30DegKxUAaObUq9FyB1IXUB1vqL5kKoI=,tag:1Ar6MNR5pTCzeBlH7yl2hQ==,type:str]
policy: ENC[AES256_GCM,data:gj1EGs4L,iv:N9J+yXcG3fLyg7dPlICi7tdTk6OPLpVpC0IFprfbGaM=,tag:65lRXTg0R76y23QXNLD5pA==,type:str]
oidc:
enabled: ENC[AES256_GCM,data:ar/fBw==,iv:rs1ESCu8noZhU5nKkU6HS+qysYGQfFXo96uliAY+9xw=,tag:MvgSVLelQSlk1Swx47+s6g==,type:bool]
configUrl: ENC[AES256_GCM,data:195i1omIYscB5Qo+p+S0LBEI0CAHMaVz8smR7c4l57Yw05R4GfBJR16DswMgoF8FC+UFBlp46/WFYA5f1CZIlaVFipqBTYeEflDGQ59IJWVUo9Apw06Hfw43HrLC7POQL3w=,iv:x9WmZvzI3Gkf+2BMdIVkL/UxK6hIHJPVgOOVyDoPQHk=,tag:euHGWXq5PNLj55XuU3amGQ==,type:str]
clientId: ENC[AES256_GCM,data:DGIVa81hjIMmotzffms=,iv:mtuMKY07CKQD7GMyKJkUs3sQdbwnXCm3n78cfyxIvIY=,tag:sRQJXhOY4LPTry6TMtoqcg==,type:str]
clientSecret: ENC[AES256_GCM,data:HaRln7Az/+lP/01RFtlTCLSReAQ2OYxRlmQ3LSi9r1tVWZD501RaCif9/68BIOnhGUFGbZPobbRWOfQDULycXHdqK5nms5S0YOFNOwxUCPkttlljZ3fyw157lmFGUrivzMjWpIp5clqoWtIWE71q3UDJ95FoOBjG0HRtFoDo4d4=,iv:73/N0JSCwLd//HHOIjuPkHCY5lKtEuRahx93lG8Bipo=,tag:Tltx2XXeJYGQczCvb7rqBA==,type:str]
claimName: ENC[AES256_GCM,data:AnMUWTj8,iv:6tV4XKIT+utrSIbUVGHJVXjPI/i9mJrzki2zC4n+4Dc=,tag:iHnClGYFTHpUry/x/wZuTg==,type:str]
redirectUri: ENC[AES256_GCM,data:F30Q9PQvXb+bmkNib2/END1/E/my3kOo8RTvoN+/OJMCz/nDRR6lgoA3LYHXh88=,iv:47dIKSJW/5xQdmASUiPOfHo7193LfAQ/R/F+saAzSWg=,tag:SLREgi2vBl5mvh0J1K3nCw==,type:str]
comment: ENC[AES256_GCM,data:t/1OqmIDiudE536CpZUYIgIq9gI=,iv:uwzrEwQUO+eVpCTYYXHjfdnJmKm/mEwre7zTtbwO0Q0=,tag:J/vmOjueOqdUq8Kuq5Ke6Q==,type:str]
claimPrefix: ""
scopes: ENC[AES256_GCM,data:wqLHN7dmjg4Tly8wOIm/3zZyzx1Mw3NLNqpl,iv:p1iC127avWNcGV8Qj9WLFeAZTrZokF467nAqSwEe43k=,tag:SilNPiK+t2xvgvuTfQwhFQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1cWJpMDFLTHZlTlZPMW8r
ZFpqM3VnM3dQeThqb1pOdHlVbHkyeVo1ZlFvCmhDV01rZklMME12NVl4YmthWEd4
RndOYkgwSkwwaGhMNE1NZVFxaWZnbXcKLS0tIENqa0RwR3B1MEk0cjJhbkIxdW1W
bFRMQm9QOFRQaFVpaFpqMmdjRTAvODAKhhEOX3d51JWmAYMZdT2LZpkLkuCOcpEz
8sfofHVU+5gCOTZj6fTvIm0wvnVC7lmTaRkZBEKnuPavjTDfXKluGQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-01T18:57:37Z"
mac: ENC[AES256_GCM,data:JzgKhfxs3QI6um/3xFlik6B7vgWAcIoswucE0j6h4Z7smHgP+FuuJxXEeqJQaAhSGEQnm7XhJRoJ3HfIaPK87D8cU8g0GeOOQMF2ZZL5gQ3YxWDsI5g9HayoCYqRQHd6uq4x6zGKQ+zodnHBBQnujnDWwOykfyANav6eloW5tnI=,iv:jkxc313m9KCoUjdHfUqpwLzFJe6bmSlM4kGdqEsUbMw=,tag:SDEnSkv8jB/RfUGj4zX+4w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

38
values/etersoft/secrets.minio.yaml
View File

@ -1,38 +0,0 @@
rootPassword: ENC[AES256_GCM,data:kxg0YirkjeeTaKueH1G4RijoLjLGxHJP2w==,iv:FM83CGAl7E/xEh9k+GPy/z5apxlAb6/HEhznGcUcu64=,tag:Obw7iPuQltcaWwjZfAh7xQ==,type:str]
users:
- accessKey: ENC[AES256_GCM,data:h01uNoYYTNs=,iv:YkdniZm4pFzcEa+MfXazBClz6RrnYjzAh+3IbnVE0nQ=,tag:SFZ8HnM8N99CNLvEnWBXqA==,type:str]
secretKey: ENC[AES256_GCM,data:sr33gCJYEd2k7bbZNHKVgvOmUN235YJoUg==,iv:hGFkM9cS0cv+GOWpxn1YPjDJBqSZl3RHRrUM9TQt0A0=,tag:Uu7ItlGDxayQhG9vmSNp/Q==,type:str]
policy: ENC[AES256_GCM,data:QPL12F5ZWVI=,iv:wXBHgWlI6kFvGH6rp5pLEEcT7S2i58K3Pwa4D4407ks=,tag:JckGYguaJfvHK/sgSuKICQ==,type:str]
- accessKey: ENC[AES256_GCM,data:oJrvlRNB,iv:RTYdPqj5Q77NvJIUsRw7PA/7yhZ1YzjRWCYfvshXoCU=,tag:5gtdnE9cIUvZWWpQsO+2oA==,type:str]
secretKey: ENC[AES256_GCM,data:nZGlehkE2OhNjXLZk/4syI/xKRGmRmzltw==,iv:24Q/OVU2Rtz5ZmUcgJ6ZsOfXv97PXHL9456C5ccsVAA=,tag:xbU/qLleiUwUBzB1dU6/Ew==,type:str]
policy: ENC[AES256_GCM,data:eC7ZPjG/,iv:cEbFEZygJ7ntGA174A3p/RXhjK1QFVY1ldLiZFsaJ8M=,tag:cknvoIX5NONoni1mInssgg==,type:str]
oidc:
enabled: ENC[AES256_GCM,data:ZzHQSw==,iv:pAM6Sg5FOqk3OevwXxNz6+HoA+S9JKn3qXKBrvtQOjw=,tag:jIjUzOpsDTrmWXnVQZvOLQ==,type:bool]
configUrl: ENC[AES256_GCM,data:wM3MMDLR0hD0moLuOJbVV0FXEAcRpGQCiWZHIRfaer5WzSAnQH/8/PVkOnFy16uzsAf1IFbQIOjaXDw1alv3WxczIKpfXiR8mfNI013fCs+tURdOPCSdziQf9G1+sar9/Fs=,iv:95nxS+kP5Ml3WWbN6kGQxH0E/hLDUMp664OrQVZhH80=,tag:0PvfH+J9SQGwBJ/Kh7zgCA==,type:str]
clientId: ENC[AES256_GCM,data:UlETcj+fUPFDh2thR2Q=,iv:EF5QHrfstIqT5MYvrkQkUtcquG9SIsruYKSaR9adz5E=,tag:/yYOxzIIgoCRqsFSHyQanw==,type:str]
clientSecret: ENC[AES256_GCM,data:elh+rgMPMxJ3Tf+ufv4FBVQRBY+HeWbaSz4Mjx+CQIGzVBYDw2TaImgZbdIN7X+tVRdKjBUad7Bd4VUZoZt8kIacT4usJRQC9qErhMjnuT+OGzq6mSpXMztAzbGpL76L44S893sRkUkVwDpA6p4vqPSe5vMiaXZZAANIrhIDcRo=,iv:FIr6pRpJ3FlRchQs2Hg25bJu4HFYSy9HFiDhOPDPang=,tag:0pWGuHVwrlm11SqFKYj5ag==,type:str]
claimName: ENC[AES256_GCM,data:EOYQcSX7,iv:7ELctRaFlUmE/I9ExsLjMSCOrwLyTrJt5RQeDMqcZXI=,tag:CAEcRcWu0jkHxIdWFwoQvA==,type:str]
redirectUri: ENC[AES256_GCM,data:ek2cRHXtOCy9yNRrCyW6GFULz9ql7vzFIYc/7OBBlqQZmzMVEiNJ0B8Wej5TELIJ+do=,iv:IMr3J6Vcs7mT+agAcwaV8av7PUuOtvCdvLOOIKYwN2U=,tag:hLgtwpqtgsyoIF574C8UYA==,type:str]
comment: ENC[AES256_GCM,data:io98WZF69zRwoaDz1WXgb3gJ+Ac=,iv:Uw3p8734k25N+GZhQQ225Ye5mJInR4LcJ9LPcppEsgY=,tag:hvx6FxcwajTmC4gQGErWmQ==,type:str]
claimPrefix: ""
scopes: ENC[AES256_GCM,data:mK8Vczvi5SSVPW6k9pLx2aOaXUdfujXE1G77,iv:M8TxsGfsnvdRyBo94JitBnx366MuRY5Q6vLNmCs0hp8=,tag:YaobqJvS7u6B9x0MN5VMzA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFYlFwMzFCaG8wbk5ZcDI4
OU93MVNoZGNyL0h0WFhRM254eDF6Y2FkZjMwClJEcHNZcFVlaTB4eDlsMm5QaEYy
NE0rd3EzUytaVEc5Y3I0MUpJWnI1NkUKLS0tIHBlS1dKMG9kcXpJSHMzbDhXcGJx
OXIvTU1uSVFXenF5QU82VHFta3ZmS0UK86P5geFl4PEMgKqBW2AlQfyTjT84TRfE
NjjFcpeFsUa3GoSm+NHxjzXbEEWkQsVsLWqS48IAPhOiICyWPwiznA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-20T16:42:14Z"
mac: ENC[AES256_GCM,data:DyBFmjgWcRCkEEpuDUL2M4w6DcJ+YiVaUZcCuHReTKZRuE0BcYn8TCKYqaILKM4B0ClLK4aYH194ZNysEMDoAVDnLaTWPa3as8dW8mwpeaPmV80CbnKsRLMajwWJi7T8LBYrHaSSZx8eCRHvXFaB3u8B7t31vmzwutlpu5BKQqc=,iv:RzcPzF0rrSVZNSuG/Juv/gFtSdPqgImU+jO0Z3oQVzQ=,tag:KkEecRrbBDImiTBhn4T0pQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

26
values/etersoft/secrets.nrodionov.yaml
View File

@ -1,26 +0,0 @@
wordpressPassword: ENC[AES256_GCM,data:gcJ3cydOr0yTA/LbD6ecBn5cPzqceyGxvvQH/W4K,iv:rBoZO+SfjZlL0I0J3s9vWeg4LZd5M8O8INtODtFGHYM=,tag:xqpU75vR+U93UsFc4Qpuyg==,type:str]
wordpressEmail: ENC[AES256_GCM,data:dO1PeBajNORU6K3JeRvg/EQufCtbviYVhhZR,iv:nyvjhPcikx9EBRfofw525PIK9Kgp2tFWiHS711YtAT4=,tag:9hajAZ6VPJvg8VX+kv+P/A==,type:str]
mariadb:
auth:
rootPassword: ENC[AES256_GCM,data:eb9XO3OtvYsD8kgirYMhLQZIVOc1N9stv0P84Z7e,iv:6gymI9CWLmNOfpB0e9ZyjV5mXenwYdhHqV2MrHEGr3Q=,tag:3MSws+HfC1inlYk4rKOdGA==,type:str]
password: ENC[AES256_GCM,data:KLwfn3vmMcysP4xA2KYSHXnw3Rq7ptqmrA7TRCCN,iv:gjFaO3TJwGhIh3tKH0WbZHaT4FKDMbU8rNF2hLg2If8=,tag:dMNOks45rnK3x+pwYnCn6A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZcmVNaGF1eWtQWEZ4QnE1
eWN1aTBZamR4NHRjMlBjQi9DSnF6YTVaT2c0CkxMRGVNbGI0K1crMitUTkxHeGlz
K282Rk9wendTZGYrZTVqWDl2d0F0TVEKLS0tIDhYMFZGaWFkQ255M2d1OHNuNGJ3
anVBYy9lc2ZFQURTeHdIdS9Gd3gvblEKevHz9jiGV2gEMdR5qaFQqDaufIY1Ue5j
ihj+iVufhdX28NoHGn7dNa8ffqsHC0eNWmkTfICrjMjJyZdpkthZsw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-16T19:02:14Z"
mac: ENC[AES256_GCM,data:AIzxbuL/cmtwyAOKMZ6WaNtNW9tTFZ5TgqqNQat+4aahbhybFvGawKpchKqHaW5aqnwnKj+9wRo+STHGeDp58F/Y+aMvTQAloRt1X3nFtWJpmJmBI61hDl4EnU3r+vBTC7j/+9einH3WaRwntHLnF7NfeF7G8BFqvfYoHN0UFtM=,iv:LChRlRifjAW8ZPCtsgERmklZIh1hBYTwghv6JRi2l/o=,tag:+znn7DO+JaXe1+FXN637Kw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

24
values/etersoft/secrets.postgres16.yaml
View File

@ -1,24 +0,0 @@
global:
postgresql:
auth:
postgresPassword: ENC[AES256_GCM,data:4RQkD5bHyjMQjofzrmB3V45q,iv:JlD23SAhnU5Q+0xl3TAdOdkXJPTG+Awx7qRe8cH1HFo=,tag:KSnUQi0U2ydpigAgoZxFsg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJR1hzTUV3TzRFaHNTN3Fj
Tkh0TW1VNng0WkZNdXdsOVozMDZ5T25uQmgwCkhSWXViUkNsZnExV0c5UXFsd2R4
ZjNYYUFDbnpYYkRQbHdQUDA3cHBxa28KLS0tIFR4MGVWK2o1TFZlQ1FRbkIza3F6
UWc5NzVMVkQ4UDNlSzRidWNzSnFWWkkKfnTaKxZoBFCj2l4QfI/BvG0eGOFX/seF
DcpofYlg0hQFRSavqRjidLri1rzpOCdKlWh/h0nIRDFA7O55Q8QAnQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-05T10:53:47Z"
mac: ENC[AES256_GCM,data:ugdm5oICFj1nZtkUNdfamjuGjMOz8bWTKIsaOND31alQsTuvnHNT/GrVIKkiAwgXbP71nH8ecmv3Ossq/tt8OxpG5Hu5v3s1Dgl8fXNCRt8cR0INGJyeDYc9l1WDugNkNRhRV96udmDJewompcIxqPYECwfZHXYiWA7HMyIdlDk=,iv:1PgLX53dbD4JfpLnszMgH/pQBXvUimgJYZsw3leerBo=,tag:O5KBMenIG7/J5o+kiU/mGg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

34
values/etersoft/secrets.server-xray-public-bridge.yaml
View File

File diff suppressed because one or more lines are too long

44
values/etersoft/secrets.tf-ocloud.yaml
View File

@ -1,44 +0,0 @@
env:
main:
enabled: ENC[AES256_GCM,data:VwkiWw==,iv:OPPJaoVzQ4Y8/UbBMWu8tYjRnMRH/15syfTe34tb1mA=,tag:U9RM/c79pbeprPsyUd9HKA==,type:bool]
sensitive: ENC[AES256_GCM,data:eeE37Q==,iv:IsqWwo9L/kgexztNWZ/wSf9pNXtuW/btsPuCfSWyr4A=,tag:uXjfuFT0yJPtOGBX/Ab6DA==,type:bool]
data:
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:MziPbSmnpuWH,iv:+IJXuvmNvWjs/hHNTQXWhrpj7LVx7asvKJXoAyI+YBA=,tag:er8nqrsd1hZPledJzVYicg==,type:str]
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:GDKniDmhYc/Nm7I4Ts4V+DGyZ4d1KURwPg==,iv:JNRm3EsEKPas6xJx94LUaPg+6EEv0xYZxLE6krqxLXU=,tag:wzp5Szzrv4IT3HZTnadycg==,type:str]
files:
ocloudkey:
entries:
key.pem:
data: ENC[AES256_GCM,data:1odAZaJwWTtAl91m8WaMaUu8ifStRi91e2tuQRA3SoDr4dbihLGVTTXKJy5ikl5bGeZAWMzUwZGuFzlqOroufoTc2socuZEmNWDOhjk9llrGRaBcwfCpamixie33zHjO0VZB2jYN99iMMV1EF11u5E/hZKKsRv0+GDniQ1YSICUS14qpNkWH+iMoXgV5u+cNtaM8iC4tHt1PYy5OPFPerAGEq40VC+oentFw9HQzMsTwWs2O6jgGuur81MZUIVd3LvCp+m6Wbe1vEcaCoFIFKoqr2WuDb0Hzr9wryaY0rFTQ1Ay0CSO3FUXcctm+8YqPIzk8NichY5OZniGzHWOUIwlDZFX2lO2lmpGYXb21dV/oxf2EcpbQeoxR7ZjOd51Elw9+B6I/zVOXpkdnQ5h6VwqnNj4FZ0DJ7K9R8J0vGugFUf11mlLJpp+/UUoytn0ikkCS/EU5Sqz8mviYP448nyfcdEYjuGGNeYo9UDdDtpCDj67J/2MLzx76+QMS169ojeNQ4V7Z/zEmhtyJXFDoUmPtnVw9k+knNDmhQvAth04OkpHX1r4YHOOOqoZrnFPG0W5TynAnU2xr790J1gnCxBvTPun2oh2A0IEVhompZ0En4NnDZn/y4FqOitZw6kw6uHUhF/4Czk5OpXdfED4i9PX6jgYGuWYSN7+f2NZFf8gQmOHR5FFRtd3jti0r0lwAyjFv8GfTnEnLOdl6rWp+ZUmXSg0hM0Xux/36CWGnEaVnowYSB6O7CQpY372H/QXLdwv1Cwli81ahaphq21j4fcAC/TdplCzuSNJ8CpOh2mxvgC+gasQtGIud4pOX/jcLKkqS5KOkpCaF+zxZ/tL9wj9FMpS7SnjDGIKg1qh/Q067shFCALCg2rUpsyP93QjVcbrVT4rfVsRiezIYJJ2xQIzyGpDEDOYIy+zGRH4KCcRXcsVD0ffka/0EbyfLnQcmZnm1uOcEGvPD40INukkfigazEsLXjYlXUm4I7cS7yCM4ni4qcWgszGXh/i2d0CQzPb9NmQ4e5DzKFS66PvAS1CNc8KtistTWTiIP8vgdYAk9H1oi3dB2xz8S6or/2LzwGB8DJVTEt1Z5Nxzfew6YQ5itTq5DLg+eGTRR7tfhiVK3AqBOeVu1mHNVfV2Uu7b6w9JW6WYoz4G3DQ+0fGny6TpmCpoD74/jKmENq+gGRsFX/ukykERQWcTYSJU9KcQgmEQxvfRwyHAWIlTz9OF+9EOVYyZ7wWAG1o57LEOCYqds7UfXzOUzXzHo/Dn95fReTupDvYgTWWs8nKtDJZbFr5YDveRnAJCMVpJ54o6qx9ZCLB5C3y18F6yb38kjhFl5ZczxrevRtGK6HhZtsh3t957r8Prqk7zvbL1IQinXruZWU1CLqxZ6otXXXUZiipEx0S/65ctxMLq69ElL8SEUD0N4GLGHOFxX0N4TpEwxIV504UNr+sg0PWwKnDMTSYIGf+qYSdmUL7Dgu6WVGBdsdp42Lhr9MWdcpLramhMpf+S1Wn2AmL/tquwvfrKoTU8B7uhnoexGKpKSJY50UBRWSpb0asypZha/uDzYx8FGtdmIlr+2STBbMbVsIWU0CWoMGT6HAUyvy6NjQ0GslGoeZWwZvChIXCsPZXWNuVWNvMPcYVoFUptj25uRLsiF+YWja1ExuYl+jgvd/q3UtvF9nVGZ+pvLQuUB/B1TiBSraDZYrnBOMr9duC4Axum/yQzjupgG7iqXN9/sA1b/HAkKArf3xly2db2K3WAjF2J76fkMbUgyU28QZGg3AlmstXKe/WUl9bxIJE8y0iDH8VjbEmamFz3WM5V+WZYTxyoHwZs9M0SnnVkU02QbcdocS+3gTdxpM0EVnL0BTV/hIJZ2HfCD+wdM5Z3Y4siEfrfV8sCTXLQmphJsVhAnZJr/lc4DWdGpkOm8ZvuNdB1Z5aXdvdYKEG1j8u/qr07iO8ZoFmQ84Sc7R2bADLbdhX4jJShGHL01pqvcn/L9RdTP5Qgmeuinxy7coN7kinxbJgpC4QAaR5kXZYAGpbEMgbnevGdfwqt4VwU63dxB7NEZWSte4thU2yqRqmIrIl06I+1aCzr5cvI2Sq1gAxeUWHg0eEUBuqIOAFYkZ/O4X/Hb2iDj94KcdnW+0GD75cVCxgx21z/OT8t+OO6nQ2w/cCpFEXyV6AvG7j3nXnWADTxOQR0fDXavcl6dlCxgZ2gfojL1wJKt6Y8804xFZteZv2r0mSowC205cuCM0bqobvQ6e2pZwI7PdRIDIUHarlyfTn735b8mwNIF4AraWA==,iv:cXgBPtQhbhx5GlC5dr5jTKjmjsnYPUNou/89WMZLQWg=,tag:YVCvICRqp3fq5q+cr3r7/A==,type:str]
publickey:
entries:
public-key:
data: ENC[AES256_GCM,data:BN2vLLzL4qVhLHrHjMAz3XZnumftvIIWow5TLnyss8QQrkemdOCyyVJ7mWqAdnFhs52t0b3wSN8qj+SQ+ALieYE3hZYZEDXcEMI3nMIOAI80fxaBEsSTPtMK9idBPN1UQ5gYrlhg,iv:KBospErD3mvdlz5gRSSSfs2kA+QXNbDw7WlNT5P5tXM=,tag:rXmw9Aqrjnxi68ftb3CthQ==,type:str]
privatekey:
entries:
ssh-key:
data: ENC[AES256_GCM,data:Qx7ekDZB6HDLA503TDsXIWAd7tPZHZ8JeB8f45PKL9g8i8fAYHMe9RBS6yr0w6rf6SMEnXE6YSFJAGvEiA8tZJSzgW9otUvEzELDPOhcSRTDFpGysFRx6MYasvs6HD+mLRkIR1Or0WWma4/PtlpntD8TJTAWwmjgofStxG7Igr83YthdrIhZNnOedV7CFIKh40d2DJWLyl2mBMEG8+JwyJAHydQ2KXUPowJtChqWosMaT+t76L4lqDG1d406hCZdNam5nFGQY7JtoO3yp22V57jVqAkGwXJJ7TgsB5swFMHdNJ3oIPzElzwOGWrliDLopwHoYMDxuF3a5KoOmyDB6rY1HJtZFrfSZWsl/4KtRyxiqk5eWH3t6O3eJFzK5u2m1eiT6QyjSZHsBXwKGPsxbcEKrVTQMyJyjdktSYVQj9FnGD/ln6VGyLk5gJZnfhz5any7kuoN0lRwZbQBACvwl46+7Iy2Gp73Va0yKIvUpdpCTznbiXpOhXg9bnlMdWqiL8DLm4fr5E9mIe3UpGhnhuHzxNBmgyFXEZ4BLr3P5urKNLJ18nCmGgr+zChR4ZLT6qNfwssjB0WTJkFfPaSjVkH1J2/QetOdXDlUlO5lJdg=,iv:z5gTaOEBz+6iQRwbQSnKD4MO0OkOks3xZ56Ok7AP1pg=,tag:vHr+q9t0s2ZNqh+CN4azCg==,type:str]
tfvars:
entries:
terraform.tfvars:
data: ENC[AES256_GCM,data:YfjkqEMe53uWudbShVe9bVKMzqKAGePhBFl+pwGBYQxuWUybs6K+N70W9ek14EgvsQqIlFIBmOq1AYMjoZBfzjOP7Ondk4XwEQns8ykgIcy028ZOnUAiEMg+E54xHGvNwUR5V+GTNGVDFv8LltWWdC2Wd2Li1hqbh8o1zoTKr9Z7QrGXof//Jw12GBThuV2kF5zEvDw+29SliiC/lHrdKPWud9ROd9jiiKVpttfGZtB8uInRWrcNZ9987jGSp3jwJ9aH4oef+w29tNvjNZ1q+T1xfFbrcIB5e3NsXKtyQjUUNaFMFTbeapsFKZBbVjFqzA0qSM4adJv7XIMbF4E8nSWmIqw+avOLsk2/HRY7EhJHQgJBVbAkjZYHBnVqYGZTeZKoxl2lq4qn1slkexxrdPaJKDk4i6ebWqYe+BjjEPEILozJaZji0l/q7nrm2QlATi1er1R7IcUb3IeLzzE3G22Fptn3kCgBKd+umNUMbsqNP36Xb63LsNcd2ld7rMmj7lqU1qlrc79ZTEfZmrq/Yuson0iaPXNrBc87CjJ8wz8M2/BcAB5QRFyLYvnKe4z1nFGm9PqLt6DpOicZXowRy81X1fIJjm+xFIhOCDSXMO7NE7Lgngrsp6zD1Nn2j/yql2LsJKnXCegWWTSa8TxzGQh8ejO8dKZFN7dpvg==,iv:od/aU8SKCfZB7wRcQ+pIH3hLIFS9peMGeIOk4vLErI4=,tag:gTm7JS6sgK440dImagT9xw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzWDZYeCtRQ3pEZHVrdnU4
cjBsSnNNTUhRQnAzekFVY1cycmVEMXZnMlZVClZ0dEdRazVxRGVaTWR3TlBWUlJv
eTUxTkpKSjN5V2RyMklUa2dWNlZPbmMKLS0tIDNkZGlBVVJQZlBPR0hQRElsV2t1
QlAwZGFKNFN3dDRDYUlxaldQTEN1UEUKj/8BcTvOmpu+/FSGtDI9vEPzAX1OG9nY
L5Lq66OoH8e9GG/iye21PrIXbpDWNF/p4jQDMlDtMY8YefNbaoeevQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-16T17:23:51Z"
mac: ENC[AES256_GCM,data:TEOv6k9fgpXvUxniF8FLbuRHnLP5JAyMEUghaIOYfPqmyvxcxFBItlNLmancFkT/cYmqrSqKJzJkefXxebaLzbUf3DbXyu8jlTjMwnzZWfwpJqPHdkcrxneJJhpPWBgD0lQlnN5XK9OvRe3mApwHYimNksZd9JPi05TXzWOyfng=,iv:AXLBegPqI/4wsfaYSWO6aGxR1zZeBb4RylE9N1L4zIg=,tag:W0w0QSjHBRfjWOZU2qex+w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

22
values/etersoft/secrets.zot-mirror.yaml
View File

@ -1,22 +0,0 @@
authHeader: ENC[AES256_GCM,data:nmlP0vRoKJRivvwJArnEO26sqIwFtnK5MYVPJBBCmAGCPpe/U00gYu6JET0gPqGV,iv:+GZwWrxoWw0mAZxZdITBLtHgRKYIyaj/NQwHbD8KppA=,tag:MAer3FiaBxyNwJr0BbDtow==,type:str]
_mirror_password: ENC[AES256_GCM,data:W2xy2RMmD4d6N+DNceIgtDGUpygOGEbWgGa9Icsy,iv:YsQfm/EmBYY35q2irlZ2rmzkbJzlFnfgMSEKq0G1I5o=,tag:7rNG02Wm9g8GUXeM4nTHqA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVUlyVFZWcWFuWnEyS2Nv
Tkx6aTZKY1czQ25RTHhKNWNNQ0xIaWJLb1VFCkdoT0RBTW9EWG8zbzYxekdsUEY2
bE9nQUthV3NCa0kzRnBwZ2U2MWlVNzAKLS0tIFY4RVJDM05ZVmR3NEt5YUlpOWZa
ZVc1bmJnU1o4U3NGaGN0Sk90YTR0ckkK8gmkHty4Gwt4vuVK3xhWWg4h/EgvJULh
Trgn0lzx2pCThg/+82u5J1T/QLXdbbDFFFwGldiMwNjZQfpOmrZpVw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-26T21:04:45Z"
mac: ENC[AES256_GCM,data:cTN6wq1m1XtsfNujCfQ4nKtX1Pkc8MFCipUeScDLJUuZZwg4St0h1OkYtYJBWeVSt3CSjjexQpb7Oi9K8wukboIVevaIj0BTT1hkf2ZUFeIV8W62mtftfdRex0yJ/4h1gTZaYBhHEw+qD6r+XvavDs1m22FF5RuF+5qfGUEWA4I=,iv:RsVuXbLVfZSJ7AkIvEdf7H2auFTiqXgpXLe/LbATAo8=,tag:1V5eIiJzjzv4C1JNNf5Quw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

22
values/etersoft/values.cert-manager.yaml
View File

@ -1,22 +0,0 @@
crds:
enabled: true
resources:
requests:
cpu: 30m
memory: 100Mi
limits:
memory: 100Mi
cainjector:
resources:
requests:
cpu: 20m
memory: 150Mi
limits:
memory: 150Mi
webhook:
resources:
requests:
cpu: 50m
memory: 150Mi
limits:
memory: 150Mi

8
values/etersoft/values.cilium.yaml
View File

@ -1,8 +0,0 @@
operator:
replicas: 1
endpointRoutes:
enabled: true
ipam:
ciliumNodeUpdateRate: "15s"
operator:
clusterPoolIPv4PodCIDRList: ["192.168.0.0/16"]

32
values/etersoft/values.coredns.yaml
View File

@ -1,32 +0,0 @@
service:
clusterIP: 10.43.0.10
servers:
- zones:
- zone: .
port: 53
plugins:
- name: errors
# Serves a /health endpoint on :8080, required for livenessProbe
- name: health
configBlock: |-
lameduck 5s
# Serves a /ready endpoint on :8181, required for readinessProbe
- name: ready
# Required to query kubernetes API for data
- name: kubernetes
parameters: cluster.local in-addr.arpa ip6.arpa
configBlock: |-
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
# Serves a /metrics endpoint on :9153, required for serviceMonitor
- name: prometheus
parameters: 0.0.0.0:9153
- name: forward
parameters: . 1.1.1.1 1.0.0.1
- name: cache
parameters: 30
- name: loop
- name: reload
- name: loadbalance

11
values/etersoft/values.db-instances.yaml
View File

@ -1,11 +0,0 @@
dbinstances:
postgres16:
monitoring:
enabled: false
adminSecretRef:
Name: postgres16-secret
Namespace: databases
engine: postgres
generic:
host: postgres16-postgresql.databases.svc.cluster.local
port: 5432

13
values/etersoft/values.external-dns.yaml
View File

@ -1,13 +0,0 @@
provider:
name: cloudflare
domainFilters:
- badhouseplants.net
policy: sync
txtOwnerId: eter
txtPrefix: eter-ext-dns-
logFormat: json
logLevel: info
sources:
- service
- ingress
- crd

5
values/etersoft/values.metallb-resources.yaml
View File

@ -1,5 +0,0 @@
metallb:
enabled: true
ippools:
- name: etersoft
addresses: 91.232.225.63-91.232.225.63

71
values/etersoft/values.metallb.yaml
View File

@ -1,71 +0,0 @@
controller:
enabled: true
logLevel: warn
image:
repository: quay.io/metallb/controller
tag:
pullPolicy:
strategy:
type: RollingUpdate
securityContext:
runAsNonRoot: true
# nobody
runAsUser: 65534
fsGroup: 65534
resources:
requests:
cpu: 20m
memory: 100Mi
limits:
memory: 100Mi
livenessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
readinessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
speaker:
enabled: true
logLevel: warn
tolerateMaster: true
image:
repository: quay.io/metallb/speaker
tag:
pullPolicy:
securityContext: {}
resources:
requests:
cpu: 100m
memory: 250Mi
limits:
memory: 250Mi
livenessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
readinessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
startupProbe:
enabled: true
failureThreshold: 30
periodSeconds: 5
crds:
enabled: true
validationFailurePolicy: Fail

119
values/etersoft/values.minio-self.yaml
View File

@ -1,119 +0,0 @@
ingress:
enabled: true
ingressClassName: traefik
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/issuer: my-ca-issuer
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
path: /
hosts:
- s3eself.badhouseplants.net
tls:
- secretName: s3eself.badhouseplants.net
hosts:
- s3eself.badhouseplants.net
consoleIngress:
enabled: true
ingressClassName: traefik
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/issuer: my-ca-issuer
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
path: /
hosts:
- min.self.badhouseplants.net
tls:
- secretName: min.self.badhouseplants.net
hosts:
- min.eself.badhouseplants.net
rootUser: "overlord"
replicas: 1
mode: standalone
environment:
MINIO_SERVER_URL: "https://s3eself.badhouseplants.net"
tls:
enabled: false
certSecret: ""
publicCrt: public.crt
privateKey: private.key
persistence:
annotations:
volume.kubernetes.io/selected-node: yekaterinburg
storageClass: local-path
enabled: true
accessMode: ReadWriteOnce
size: 60Gi
service:
type: ClusterIP
clusterIP: ~
port: "9000"
consoleService:
type: ClusterIP
clusterIP: ~
port: "9001"
resources:
requests:
memory: 2Gi
buckets:
- name: velero
policy: none
purge: false
versioning: false
- name: xray-public
policy: download
purge: false
versioning: false
metrics:
serviceMonitor:
enabled: false
public: true
additionalLabels: {}
policies:
- name: allanger
statements:
- resources:
- "arn:aws:s3:::*"
actions:
- "s3:*"
- resources: []
actions:
- "admin:*"
- resources: []
actions:
- "kms:*"
- name: velero
statements:
- resources:
- "arn:aws:s3:::velero"
actions:
- "s3:*"
- resources:
- "arn:aws:s3:::velero/*"
actions:
- "s3:*"
- name: Admins
statements:
- resources:
- "arn:aws:s3:::*"
actions:
- "s3:*"
- resources: []
actions:
- "admin:*"
- resources: []
actions:
- "kms:*"
- name: DevOps
statements:
- resources:
- "arn:aws:s3:::badhouseplants-net"
actions:
- "s3:*"
- resources:
- "arn:aws:s3:::badhouseplants-net/*"
actions:
- "s3:*"

119
values/etersoft/values.minio.yaml
View File

@ -1,119 +0,0 @@
ingress:
enabled: true
ingressClassName: traefik
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
path: /
hosts:
- s3.ru.badhouseplants.net
tls:
- secretName: s3.ru.badhouseplants.net
hosts:
- s3.ru.badhouseplants.net
consoleIngress:
enabled: true
ingressClassName: traefik
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
path: /
hosts:
- minio.ru.badhouseplants.net
tls:
- secretName: minio.ru.badhouseplants.net
hosts:
- minio.ru.badhouseplants.net
rootUser: "overlord"
replicas: 1
mode: standalone
environment:
MINIO_SERVER_URL: "https://s3.ru.badhouseplants.net"
tls:
enabled: false
certSecret: ""
publicCrt: public.crt
privateKey: private.key
persistence:
annotations:
volume.kubernetes.io/selected-node: yekaterinburg
storageClass: local-path
enabled: true
accessMode: ReadWriteOnce
size: 60Gi
service:
type: ClusterIP
clusterIP: ~
port: "9000"
consoleService:
type: ClusterIP
clusterIP: ~
port: "9001"
resources:
requests:
memory: 2Gi
buckets:
- name: velero
policy: none
purge: false
versioning: false
- name: xray-public
policy: download
purge: false
versioning: false
metrics:
serviceMonitor:
enabled: false
public: true
additionalLabels: {}
policies:
- name: allanger
statements:
- resources:
- "arn:aws:s3:::*"
actions:
- "s3:*"
- resources: []
actions:
- "admin:*"
- resources: []
actions:
- "kms:*"
- name: velero
statements:
- resources:
- "arn:aws:s3:::velero"
actions:
- "s3:*"
- resources:
- "arn:aws:s3:::velero/*"
actions:
- "s3:*"
- name: Admins
statements:
- resources:
- "arn:aws:s3:::*"
actions:
- "s3:*"
- resources: []
actions:
- "admin:*"
- resources: []
actions:
- "kms:*"
- name: DevOps
statements:
- resources:
- "arn:aws:s3:::badhouseplants-net"
actions:
- "s3:*"
- resources:
- "arn:aws:s3:::badhouseplants-net/*"
actions:
- "s3:*"

55
values/etersoft/values.nrodionov.yaml
View File

@ -1,55 +0,0 @@
ingress:
enabled: true
pathType: ImplementationSpecific
hostname: nrodionov.info
path: /
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
tls: true
tlsWwwPrefix: false
selfSigned: false
wordpressBlogName: Николай Николаевич Родионов
wordpressUsername: admin
wordpressFirstName: Nikolai
wordpressLastName: Rodionov
wordpressTablePrefix: wp_
wordpressScheme: http
existingWordPressConfigurationSecret: ""
resources:
requests:
memory: 300Mi
cpu: 10m
service:
type: ClusterIP
ports:
http: 8080
https: 8443
persistence:
enabled: true
annotations:
volume.kubernetes.io/selected-node: yekaterinburg
accessModes:
- ReadWriteOnce
accessMode: ReadWriteOnce
size: 512Mi
dataSource: {}
existingClaim: ""
selector: {}
mariadb:
enabled: true
primary:
persistence:
annotations:
volume.kubernetes.io/selected-node: yekaterinburg
enabled: true
storageClass: ""
accessModes:
- ReadWriteOnce
size: 3Gi

47
values/etersoft/values.openvpn.yaml
View File

@ -1,47 +0,0 @@
image:
repository: zot.badhouseplants.net/allanger/container-openvpn
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
# istio:
# enabled: true
# istio:
# - name: openvpn-tcp-xor
# gateway: istio-system/badhouseplants-vpn
# kind: tcp
# port_match: 1194
# hostname: "*"
# service: openvpn-xor
# port: 1194
# ------------------------------------------
traefik:
enabled: true
tcpRoutes:
- name: openvpn
service: openvpn
match: HostSNI(`*`)
entrypoint: openvpn
port: 1194
tcproute:
enabled: false
storage:
annotations:
volume.kubernetes.io/selected-node: yekaterinburg
size: 128Mi
openvpn:
proto: tcp
host: 91.232.225.63
easyrsa:
cn: Bad Houseplants
country: Germany
province: Hamburg
city: Hamburg
org: Bad Houseplants
email: allanger@badhouseplants.net.com
service:
type: ClusterIP
port: 1194
targetPort: 1194
protocol: TCP

36
values/etersoft/values.postgres16.yaml
View File

@ -1,36 +0,0 @@
architecture: standalone
auth:
database: postgres
metrics:
enabled: false
primary:
persistence:
size: 2Gi
annotations:
volume.kubernetes.io/selected-node: yekaterinburg
resources:
limits:
ephemeral-storage: 1Gi
memory: 512Mi
requests:
cpu: 512m
ephemeral-storage: 50Mi
memory: 128Mi
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsNonRoot: false
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"

1
values/etersoft/values.roles.yaml
View File

@ -1 +0,0 @@
roles: []

39
values/etersoft/values.server-xray-public-bridge.yaml
View File

@ -1,39 +0,0 @@
certificate:
enabled: true
certificate:
- name: xray-public-bridge.e.badhouseplants.net
secretName: xray-public-bridge.e.badhouseplants.net
issuer:
kind: ClusterIssuer
name: badhouseplants-issuer-http01
dnsNames:
- xray-public-bridge.e.badhouseplants.net
- 91.232.225.63
traefik:
enabled: true
tcpRoutes:
- name: server-xray-public-bridge
service: server-xray-public-bridge-xray-https
match: HostSNI(`*`)
entrypoint: xray-edge
port: 443
shortcuts:
hostname: xray-public-bridge.e.badhouseplants.net
ingress:
main:
enabled: true
annotations:
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.class: traefik
kubernetes.io/ingress.global-static-ip-name: ""
kubernetes.io/tls-acme: "true"
meta.helm.sh/release-name: xray
meta.helm.sh/release-namespace: xray
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
extraVolumes:
certs:
secret:
secretName: xray-public-bridge.e.badhouseplants.net
workload:
replicas: 1

20
values/etersoft/values.uptime-kuma.yaml
View File

@ -1,20 +0,0 @@
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
external-dns.alpha.kubernetes.io/ingress-hostname-source: defined-hosts-only
hosts:
- host: uptime.ru.badhouseplants.net
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: uptime.ru.badhouseplants.net
hosts:
- uptime.ru.badhouseplants.net

149
values/etersoft/values.zot-mirror.yaml
View File

@ -1,149 +0,0 @@
image:
repository: ghcr.io/project-zot/zot
tag: v2.1.3-rc4
ingress:
enabled: true
className: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
pathtype: Prefix
hosts:
- host: registry.ru.badhouseplants.net
paths:
- path: /
tls:
- secretName: registry.ru.badhouseplants.net
hosts:
- registry.ru.badhouseplants.net
service:
type: ClusterIP
persistence: false
pvc:
create: true
lavels:
velero.io/exclude-from-backup: true
mountConfig: true
mountSecret: true
configFiles:
config.json: |-
{
"distSpecVersion": "1.1.1",
"storage": {
"dedupe": true,
"gc": true,
"rootDirectory": "/var/lib/registry",
"retention": {
"dryRun": false,
"delay": "24h",
"policies": [
{
"repositories": [
"**"
],
"deleteReferrers": false,
"deleteUntagged": true,
"keepTags": [
{
"mostRecentlyPulledCount": 2
}
]
}
]
}
},
"http": {
"address": "0.0.0.0",
"port": "5000",
"externalUrl": "https://registry.ru.badhouseplants.net",
"auth": {
"htpasswd": {
"path": "/secret/htpasswd"
}
},
"accessControl": {
"metrics": {
"users": [
"admin"
]
},
"repositories": {
"**": {
"anonymousPolicy": [],
"policies": [
{
"users": [
"mirror_user",
"overlord"
],
"actions": [
"read",
"create",
"update",
"delete"
]
}
]
}
}
}
},
"log": {
"level": "info"
},
"extensions": {
"scrub": {
"enable": true
},
"metrics": {
"enable": true,
"prometheus": {
"path": "/metrics"
}
},
"mgmt": {
"enable": false
},
"sync": {
"enable": true,
"registries": [
{
"urls": [
"https://docker.io/library",
"https://docker.io"
],
"content": [
{
"prefix": "**",
"destination": "/dockerhub"
}
],
"onDemand": true,
"tlsVerify": true
},
{
"urls": [
"https://registry.k8s.io"
],
"content": [
{
"prefix": "**",
"destination": "/k8s"
}
],
"onDemand": true,
"tlsVerify": true
}
]
}
}
}
secretFiles:
htpasswd: |-
overlord:$2y$05$RhAeAsFY32y8h0japhT72.SQTPXgHc54RCp4CZ4Udsg2.iQxJVeZ.
mirror_user:$2y$05$PkvVMY04ZGvuGUXkrez7peyXevl63ugFbdxZ.ON1G/Tof/0Uf5vZi