badhouseplants/k8s-deployment
4
0
Fork 0
Code Issues 3 Pull Requests 11 Actions Packages Projects Releases Activity

Cleanup obsolete value files

Browse Source
This commit is contained in:
Nikolai Rodionov 2024-10-14 09:31:05 +02:00
parent 2a86496f7b
commit b2f3e6b833
Signed by: allanger
GPG Key ID: 0AA46A90E25592AD
45 changed files with 1 additions and 1967 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
helmfile.yaml
View File

@ -7,5 +7,5 @@ helmfiles:
- ./installations/platform/ - ./installations/platform/
- ./installations/pipelines/ - ./installations/pipelines/
- ./installations/monitoring/ - ./installations/monitoring/
- ./installations/applications/ - ./installations/applications/helmfile-{{ .Environment.Name }}.yaml
- ./installations/games/ - ./installations/games/

10
installations/applications/helmfile-badhouseplants.yaml
View File

@ -18,8 +18,6 @@ repositories:
url: https://mailu.github.io/helm-charts/ url: https://mailu.github.io/helm-charts/
- name: bedag - name: bedag
url: https://bedag.github.io/helm-charts/ url: https://bedag.github.io/helm-charts/
- name: grafana
url: https://grafana.github.io/helm-charts
- name: bitnami - name: bitnami
url: https://charts.bitnami.com/bitnami url: https://charts.bitnami.com/bitnami
- name: allangers-charts - name: allangers-charts
@ -100,14 +98,6 @@ releases:
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: ext-traefik-middleware - template: ext-traefik-middleware
- name: grafana
chart: grafana/grafana
namespace: applications
version: 8.5.3
installed: true
inherit:
- template: default-env-values
- template: default-env-secrets
- name: server-xray - name: server-xray
chart: allangers-charts/server-xray chart: allangers-charts/server-xray
namespace: applications namespace: applications

24
values/badhouseplants/secrets.bitwarden.yaml
View File

@ -1,24 +0,0 @@
env:
ADMIN_TOKEN: ENC[AES256_GCM,data:Un3erp/7AQYYVT6cCavBn4iafHBIfUOIoy2kXrobgf4ten6uSFzYFg==,iv:28Tcn1/qIquS4jCNBTtspB9c+5U3Ut1zoY6gIez8fcs=,tag:32Q1+v5N5I483vpyXh0ogg==,type:str]
smtp:
password: ENC[AES256_GCM,data:dMQNw596ZcAGHZaosdFS6swfwp4=,iv:mg8e3oHbLT07pZEdDGwlBchPyT83xOdwKJg9CCaicnc=,tag:hp9zZKT+yWvahoBCR2Pw3g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDbVphZEgyRDZFWDA0QWZV
WlBVbSs3c3FicUFXdmxHTmNsZnJXZ2RMTlZFClhEU2xJREdCamtEallybCtFVVJy
UDlnbTIxb0V1RkpSNGJSNnBka3BqdlUKLS0tIHZPVkpKTDFqa1psWitMTW91NXNJ
anJUL09naXN1VlphRDRGWlFZRGRmUjgKhy/SgutXnq9fxGDShqB+j9Nb8VWyUPU+
4mpZtD6T9okYCR+b2AJRLU5Z0id9hlpeKswSPHtWyW0C564SV81IUg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-11T12:09:20Z"
mac: ENC[AES256_GCM,data:zZaIulEBE3C0PyB0jixdJQ+omQn31yovyArCNB/Qx3JAibE9BDI1jArlGCJwvOZwDiD/owsBu4HO1SDLqUFMm2bub0dF3lMuegPa+xdeEyyCABLls5XUPb4ger48Cgx1tSzHY9NnuQGOl88uK5IO9Jjd+F4tyAvTSfyV3wiUv8s=,iv:WHvek1NgurHqQKf1TEPtU75mJ0YLitd/RKuqzjdsBo0=,tag:JuklnYxZtZN2QeaaZkbVCQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

24
values/badhouseplants/secrets.chartmuseum.yaml
View File

@ -1,24 +0,0 @@
env:
secret:
BASIC_AUTH_USER: ENC[AES256_GCM,data:rOnYoT71VKE=,iv:bhB9fIPxR2y9sS4jfbuhAIyzMHgoIRLFGXzQJ4763Cg=,tag:vazyqmJYgwaFooVWAg1zhg==,type:str]
BASIC_AUTH_PASS: ENC[AES256_GCM,data:aCXUAw==,iv:CL6ywqsc2hpTnBl7ndD0s49JNEmMNnu3X0gke4KT3qw=,tag:ieBBuooLxdH4d54SmsbeoQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3TDZ2Q3RnTnR0ODRvbVVQ
aTRFOWNacmc4dEFhcGVWd1k1WEExL1hpZHgwCnZISmdkMHZzYUUwZktQYzdhTHpq
T1RWMk8xWEsxbHZPbWhFLzAvZkdtZjAKLS0tIFdNMkx3cVNSYTU5QTR2YXJTMkMz
alRWMndiRnpGemhpT3lpM1ZINDd4YUkKwAA+a3WqFGcpgsbfkXftky6CVUSMEiuw
mN42J6PTW8Rl2nRuB3SdtZE1t8u9iYpCqJw6IVwuFRV6oLAloxLzGw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-11T12:09:19Z"
mac: ENC[AES256_GCM,data:qu2/k8jkp7WNbC+/JlWY8jV6O4FLKtZog3C6LkyIMP0qFndzi+EjJ8+Zh4iFh2UPCBsd6BDltGYTWo1uSR59Y26nYb8qninj/JhLe/gEVf/BlCDNX1yv69h42EJ8zw0wu0H/MJqXVtXb24Zo3S7aJaujT2xGmL13bcm2c2RcMWY=,iv:ON4trCALaz+1w0CYS3LoPBi9JzqGqJoivbBhY6v7feU=,tag:psWGaINimCEE8dPwZM/nsg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

22
values/badhouseplants/secrets.drone-runner-docker.yaml
View File

@ -1,22 +0,0 @@
env:
DRONE_RPC_SECRET: ENC[AES256_GCM,data:b8StV8Zb58vatfYMS5OxGqIH4sEd4bV7ia2CA24U,iv:IiFcTQGUmYa6UCBzx1yTDd0zwB6D1Cv0raXZxLXm1qA=,tag:NdY5Ga1YJIeF2r78sWGD/Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLclJYWWplaUFFNnZFM1Q2
bHU1SW5zUDRmbEpGUDRCa3R2Vmx4bXlkdmpVCkh3SFY1RGN6a3IzU0FvOWJyRCt1
TDBRRUEyUy9CdTBtdmNtdDFwNUFhK28KLS0tIEY5UkxyZ08wQVBubGczTmlocGw2
Q2Q0R2V1eTBMa1NuS1NEbGlJV2VuSEEKxfw9PP3tePQfVyRZlt+eZiIVXwQxE2Cj
Nko+N0dEX4uOmczxkvJItRHapv/iI6wgRYbgQ+Mugu+nQW3OHYZTYA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-11T12:09:19Z"
mac: ENC[AES256_GCM,data:lPoN/GfnabnQ3BNPYlGs4pT4YgsIc7LAJjbPfSmcLtO/El0mBx5cLv/8RvwjurzZPbloleWb+CXQ1xUteRd5RW3hVgL3JHNqAqXODxKm8gXYTeH1VJXeuU8Gphf8gcGtyGm4a0nq7Pg5337tAHAN0wHzrRyaUr5Kb0u/7H8PsCc=,iv:vHx1Nt2XaEfl1baR9Qn/ijJC70SGmcF2UVGpkWjZG28=,tag:ko+1eVJopLyLfn2p2bm1KA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

24
values/badhouseplants/secrets.drone.yaml
View File

@ -1,24 +0,0 @@
env:
DRONE_RPC_SECRET: ENC[AES256_GCM,data:2JhrMcPV9NhkPLxaOjzEik9OewCF6eo9FdzAiR3z,iv:ouToTniIMiy757x40MKMtmLFBVzpuGxSYOTMZmmN8ck=,tag:EcWfQE32Z+8GylrQt756Zw==,type:str]
DRONE_GITEA_CLIENT_ID: ENC[AES256_GCM,data:Sz7lzp/KrbzBjLzO4skVxdCSD0JEElzQmyyNeEx6tvANUo7k,iv:9/y3Ou8H/PL2hMsirJaqviKGQuzVlzL43iGAKQb9NII=,tag:KJBZeV85cNYiHI59wd4dCQ==,type:str]
DRONE_GITEA_CLIENT_SECRET: ENC[AES256_GCM,data:UrpGaPvfYOEaRbdCtcvnQ0xiSbLSM9/Pz0H6kGAffLKynrdVzXDgX72khI2NXdHRdPHj+MyPuJkR,iv:Y9aCzdSH5cAIZfk84Clto/IrQMRaoH+bOkvbP+9CcLM=,tag:76C0qUc4aHI37AFxchPTkA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4QTVWdGcxRkIyK2p4aGRB
eVNWUmVNQ3Q3Y1ZlS29pcmk2aHdhelRZc3dnCmtjMDZxWnNXeE9WdEdRb1BwQ0d3
bGhvNENZZGZKalUydWY1Q2lTaERLTWMKLS0tIDVJeFNmK3FEUkhtVEx2SnZrVGZU
V1puOUtWZXhWem9BOUZkRlBId01Ra2sK6ygmeCGnQ7PIcQRvo6vKFUw4QfE0rk7Z
yCGEfw9Z4tRrYuwsH/ju17BsQ60xr9MtNHJv/KXp+KMyZSYSKOgKeA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-11T12:09:19Z"
mac: ENC[AES256_GCM,data:y6CG6iyu5m86zHgT1b4sU4R32eMO7PolAq3vzx5xixRpDPnR9MS7vsDZyFtUnjbdC50VsheX41wH8/8EAAM+MxOtSv2EWtg/FNTkk00WXZPeiPms4sIs/JpJyqnNCCnuzdq7mtdEJqQ6M3frr8b7wWfAxMAUOwOroiOGBpArUHg=,iv:TxAFskuoLmSjpdahY2otzNtSKj0kxVmMzJGmlXHicxw=,tag:IrlYfnX9zGptVcukz8KU8g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

48
values/badhouseplants/secrets.gitea-archived.yaml
View File

@ -1,48 +0,0 @@
gitea:
admin:
username: ENC[AES256_GCM,data:gzyRrkFLLv4=,iv:obfaa7iVArqZsfXI9glfNVhnEzNPnoPvA9WZrqzURd8=,tag:acNtWDEkberOYJmCV6TLoQ==,type:str]
password: ENC[AES256_GCM,data:ylUbx7eGK2L/jwQVm4new94lJes=,iv:reeJTq7vWcfjggl9X+/t0yYzaz7xuiZLZM0xW7zlfcI=,tag:d0bbyZWF8XBteoFdQmLItw==,type:str]
config:
mailer:
PASSWD: ENC[AES256_GCM,data:+iZZ+TRnsUYqB4CziPOV/KSwLyk=,iv:QsHjgoEWy4mEf/NNBnuPFpXBFHoACn8pfQmbF1wI2ZM=,tag:IPI4XHVRR0DxsKhJH3dqGA==,type:str]
database:
PASSWD: ENC[AES256_GCM,data:Am9lPqVGt7IwC2T2idrs2P2OiAo=,iv:r2H7aSJKraBoDydV6N29hsRiH6bLUM0aJHPmo3dbSP4=,tag:w3eeDRy9LIDFKZjtYJJM6A==,type:str]
session:
PROVIDER_CONFIG: ENC[AES256_GCM,data:3tVvyvz7a2SvUp+mz8l2V56ZlMxi72TPVz2iKCIaCxLnOfjCrSvVBChjybb7ynoDxhng9MiGF0h2usSMp4VlbJ6WbDU5Ghe00j9uMv+VR7qqGS+NyUkmE9gHVQ9ulKsIPGR6+lFMNQnWr4IVYuGHARj/D1QTQF5p,iv:pkY0LBpXhnSr40YoZpklytGWmKe7CdsgPpQySXfON5g=,tag:WgS++CVD8HSDL9KtXBtgOQ==,type:str]
cache:
HOST: ENC[AES256_GCM,data:haL7aPBKjLuMVO5+QUI2iPCaV38PpB89BSFfnMbABcMW6ObuFspr6ANQyeu0mJAIoiLWGX5ccN7jEtz+6s4huIX8h0U+ZFQGgdgWwk0M8oqkBok9k04G7tu2ijWR0T7+AB4uoPZ8eFZMXzMr2AQfad8olYrQleZ3,iv:NMTgSxxvrut/Pxi5lZa6mbP/eOMt6rk2leFJESl5SJQ=,tag:2stVeo/nLKlL9I02iT1BnA==,type:str]
queue:
CONN_STR: ENC[AES256_GCM,data:CMRAtYIzG/AvUBfvLByug1MKIb+dyHlhCkZLZZtbpJG/QKQq8feuasi3blkDt2BvTTQgCtIohJH1MxRIv0K1QJltHRV25Jd0La+F4vB4THAYerhV08TN9ivQDA0ctQakXs32VepUk6+nBLT9HQ4XuHepmjXKnPsX,iv:PP0ZPxBulXce/bIUTuuQgiaOBWNcjMe2V/BgFGJm77Q=,tag:uRtNol2lmWj+tABDq3Avlg==,type:str]
oauth:
- name: ENC[AES256_GCM,data:qDiJteb8,iv:fJrSGxRPSljBLSnRRRCjsa3QCa730NGRyKJCVJe8YNE=,tag:B5uo6+ymfkP4hhh7fKab0g==,type:str]
provider: ENC[AES256_GCM,data:R1S/IC00,iv:XC1JS1oqZxbBZoraWemzXWGSnpvn9NTx8OA57HV1B8w=,tag:dy65miUvDRXJolx1Ris5Hw==,type:str]
key: ENC[AES256_GCM,data:S0vT3ueM6nBDhW/c3ub3jevPXNg=,iv:qFj+BT37ZKIH69ikEf1YMwE1LC+dyAW7tBXhY5X6mYY=,tag:jzM5iaedeyVEyLiLZNxXDA==,type:str]
secret: ENC[AES256_GCM,data:yNcySe+TMBe8z06hphaONhnsCHyDSurwRVAutB+EwYVULXv/yMpyBA==,iv:oTOGJmZi/26OvKG5gkrUoFVaJ8erkHfVi44FTy9kb1M=,tag:J4k1v03LUrXjWvnY36Lw8g==,type:str]
- name: ENC[AES256_GCM,data:AN+Jop7zdHBi,iv:N16HI6nVh8euitBKEq4yr3kr2cpLRb12XWKupXGR98A=,tag:j2Z0ya4YmpOPuv+x22j9zA==,type:str]
provider: ENC[AES256_GCM,data:HnCDFyNdpHmNwBi1yA==,iv:aXOjLsl1ZF3NCPpqyGrSM25lX3OLKoRpGzrRW47lGVg=,tag:ycnyck1ntEaF/ML/SMtRfA==,type:str]
skip_local_2fa: ENC[AES256_GCM,data:6ZZ7fQ==,iv:tZt+yIvuDbFa9BWsoeUvcOpIonlufb9FO7YU59mGkVs=,tag:R6LcDEw32ClPuxMtJQLrbg==,type:str]
key: ENC[AES256_GCM,data:tBQdB+s=,iv:iu8l1dGDIou4ytXhub7YKlIGs8WDEAAjKVbwd81m0Uc=,tag:CdIhMWs9lzRrUZw433/OFw==,type:str]
secret: ENC[AES256_GCM,data:S7KLS03ecfmFNR2OTP1SsAL+bSwfp6Sk/r4gUcUtKsUFUY4TNFDuqZJZzk/fws0RaH6y6t4qOlZZNk8WSTtEra3Tp2HIXkZ9UPnSjS7hurug8LH7W/NtwiHN+zz34QUXLuhQN62iAM3hPRpdxeZT57rd6c0C50nN1NB4BF0ip5s=,iv:KOLmK6UddEq9hv938m409ldxVpR8pQLiJwk7Sr0W4mA=,tag:QdKFa+RlLznzCUY1DZhSbQ==,type:str]
autoDiscoverUrl: ENC[AES256_GCM,data:XVuRhksTO6mZVyl+olvAn4w1LFZkX33oJlOnrAp2OhGCQJvse4yCi9LN/d/uoJ0PgmVR858SY+ZTa9qalh7seoGlYz2DZ0j4QVfLAYzVGgFRc2VRIfCQJDM=,iv:4U9CIgObfPwuqi/vxky4pNkL9R4BbStJ3YQ3MBH8LYo=,tag:Yn4Aemz5acXL7oZ4/gnIMA==,type:str]
iconUrl: ENC[AES256_GCM,data:Rkp/35aPe4Y9PoAZDp/9mwaxGUx0Nf1r+gmvKcUsm+SSQ6sFmPJ8hE/840KQEvHzCFbWfiIKxW5oEilKzjo84R1kvvZN+w==,iv:py3p4kh90W6BgAHmI2MIBu92y90M8QhQDmic0pX3m5c=,tag:r2kzVFGOv+mMBpHrDFOIPg==,type:str]
scopes: ENC[AES256_GCM,data:WvxMvU1yEwcCTvHfdg==,iv:S/aUhW0ASL4yAwe9IaeYdjokHrE+4MViEAGa+5wQlyY=,tag:RaCPYwWYsDVDAhs3H0cEWg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBndHQ1Wm9LZjk1bEZ1WDA4
NlBiaTRXTjZxekU4M3dsV0NDVEh1L0xlTkJRCm93d1lTNWZqaGpXa3ZJbUNzeVZL
SHhkdkZaNFZlZlg3TTRrYXNGemcwQTQKLS0tIDMvRGoxZnZqazJteTFPRytZVlQv
cWxqeHI2UDUzaWRwRmo3SzA2TWNNTlUKwkMM3BnRS8Rw8EJBZMMbzpF5duuHxBvD
clSIBIwNu9cvCOqFFrkO4/LiIpTp27n6WGO+l5ABoR1lUFnYx5hxqw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-11T12:09:19Z"
mac: ENC[AES256_GCM,data:cQfQVa9f3oXZSsXNPbgqHHPDuNtE001TbP0IWmifdHzK2RpMbECkgOmW9rHSzoql2BAmdP/iBjH1CYMmOQq3KrpA5kUPFTqPjv6NPnkkrl3QbyxhMrk+2YxSc4RSGcOKZnWCRHT4Lp0Un6MHy+LgeDskn2sGnXSzvysss39c6ng=,iv:pnoVAAX5ZWHQAHUmAyznuHoht6v5+kvM9GAF6iBKnQ8=,tag:eBCRunWxG3L/zMt3+SrwDw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

25
values/badhouseplants/secrets.iredmail.yaml
View File

@ -1,25 +0,0 @@
config:
env:
FIRST_MAIL_DOMAIN_ADMIN_PASSWORD: ENC[AES256_GCM,data:Ih4m85BkxSvsu/VvaLSjEjz8feuI4xBroQ==,iv:NQpe96WmGRAnLmeAK0VT/zdJ8MS/8RfAJIwNsL8alHY=,tag:r+hV3K16EXGL+/N+zxNulg==,type:str]
MLMMJADMIN_API_TOKEN: ENC[AES256_GCM,data:oyDiDGlmzu4MHMbOecIn+DjG/glpp3GILJd7dj3b0gJzkpNhP7JKcwNql48=,iv:68Vli4aaCOiFixooz5cHABuRLuOrw9/HNpBNQzVwAkg=,tag:qexU0wB5RMfPGt9bNb9LYA==,type:str]
ROUNDCUBE_DES_KEY: ENC[AES256_GCM,data:jd8K2ZG9jeyQ/vcVN4QB0rC0z0nDEWz8lQQvwIATF7I=,iv:L3r0I8sQkoicwy6odvuF3HfIEDQVgnOtn/OMpF16Dis=,tag:DT3recJN7vLdehbJ2RKHEA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQNGE1MHRuUDNTazFBUmJk
Y2hJMEp0c1lncGthZ1VBQVJZODRtMW5jL1M0CmdTTVpqUVZ1c216NEp0YlVhR3VN
dFhUUGxjQTJHQlhXaytPLzAxbWkvTHcKLS0tIGx6ZVZUcUpUWDRXbmpLZlNwbTdi
aG00R21IbGFjZlFLbk5QcTNsc0dDTEkK6kXXYAYil6yejWI581qgT9EuJPdTmSlN
jT+huGvOXY+AFXO7nDmshT30Z/MkOkeGK6BoWPjRKbS18dp31YDlBg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-11T12:09:19Z"
mac: ENC[AES256_GCM,data:moiOYm5a8t+WYejUXLokC2vinLGA42fM856wGcM2Enjp7QCsP1qCrZa98ANAWKHPYGYT7tyB1VEs77ty6mPi45EkzFBbBcm5gVTosr2PMzS1KwdEM0men6FZySnB71xxG7ITzOvuyofFBV6RCxUK+hPNQf9wYIlq8vI0aDj8Xqk=,iv:DXfDtaH/S1lGHvhmMnnWF4sQC0Dq15BsbC9hV00cMNo=,tag:wOVe7/KU+5ilg8N9mKu5ng==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

26
values/badhouseplants/secrets.longhorn.yaml
View File

@ -1,26 +0,0 @@
ext-secret:
name: ENC[AES256_GCM,data:VpMIFG58pA87paNdzbUl0A==,iv:COAFXS+dSFJ9JdQUPJr6sr7vzjdvjWU42Ml1aR980hg=,tag:zJOyB9goqh2psKqyq3cHCw==,type:str]
data:
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:vktUyfqn,iv:1XwnZV8k0UUvH1ooSb3o5WZbQia5qaGiamJKG99r9n4=,tag:6yKsB4EkG30M5OA6lDJZCQ==,type:str]
AWS_ENDPOINTS: ENC[AES256_GCM,data:VQn3JGAf3GjpkapJTWbg2ze0CdsK49M=,iv:yxAr7M7WPW4Ry5+VevPmyRGFPIzEwtcdEOlbSkHDiTg=,tag:dLN1jEyW0/RWOPLtJ+k3eA==,type:str]
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:djrr4NmXNvUcA9Hgp64=,iv:ab+wENEkReJbWv7yluqs5f2pMXJi3njvyWgM3IKLIgY=,tag:SLUv10bhdr4jc2/p8zXNow==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNUTZHSmljT0ROMS9Vc1pC
c2JYUlpvMGFKdlBOMC84MWpTTkh0M09LZ25JCklwNmwxRGR5bVVuQlVTSWlvV2xi
bVFucGpoSlpFSGpXbHpmYndSb1RlcTgKLS0tIGlMNUVBdFNrWVpSaWFzNkFuNHI0
d1hBLzZIUzRQZUhVN0RLTi9Xdms0SXMKOK2gnWuhMkIL8w8kakfrBsiARA5cipuL
TUuuaPaGUwvRh1Unb8TRKRc9OmxaEX0O7gTgTFE115UARam5ADUDUQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-11T12:09:19Z"
mac: ENC[AES256_GCM,data:hlkRdzwZuUWIsdqYIJH8a6voIVkfEGtMMpKFAfXxVB7J8Vh1/BWSLozEXR9Wcxa/aD87SmQTLvYpPot67ixTHx0rYlPGemEeyPJvAzRjiOeF4XlLlWJqKCamkKmzxNiU4D3kgr9s29Zq+g2f3wAvX9Do/UxfP+mSGSfmNlfokT0=,iv:4YF4QMIiudGo93CM2UQ92/ZOnLYN/dyP2cEa6p0EPWA=,tag:J5OxKEUZsZF1Rd71Z7mItA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

38
values/badhouseplants/secrets.mailu.yaml
View File

@ -1,38 +0,0 @@
secretKey: ENC[AES256_GCM,data:83bxSBHMwPXo7f9uQs5omA==,iv:wjm4+scr3wFUgXpol+EYghbW6QNNPjG/Ly4MebVqWu8=,tag:OsYhZxN8Kr5at9AkyIKS/w==,type:str]
initialAccount:
enabled: ENC[AES256_GCM,data:2Mq+rw==,iv:FE39Ygp4f+42llF5nGcQhXmO0FwPCjLQYlN16fGS2c8=,tag:wwGxu37X13P0AXgchfdmkw==,type:bool]
username: ENC[AES256_GCM,data:NFF2wlfhx2U=,iv:+3HmKBgR8JdSKQl79x+FLVeWZoP9CZWAxAeEUoYaIAE=,tag:Mr9VWE+dQfK873Q7PDaUJw==,type:str]
domain: ENC[AES256_GCM,data:FZSLo6ILdSrjltMx1EF7WCDA,iv:LzQf1xoyHBIzz3Dlv2HYwJlPxU3xyy0m/Jp9RzeJ8TQ=,tag:k+rOCYF+sHqiU92gHfHs9Q==,type:str]
password: ENC[AES256_GCM,data:mb7FdDuEtjafzrfNXriq0JjwIVsyBYID7sEEdooe,iv:GG/vcep80OGQhL4TL/33RYdsZ91Senxoeomt12cNvjM=,tag:wzQG+Y+/RK2ugGjpkJDRoQ==,type:str]
postgresql:
auth:
password: ENC[AES256_GCM,data:FY5CE1pYShtlgB8IYaqRp1hysWL3ykhI/5fGwZ4d,iv:7EQUwcDYNDHWmxWgZx3D4XOcfHfDmljl/TUaqQw022M=,tag:XS1ywvMAoag0eu/5eWVlyg==,type:str]
postgresPassword: ENC[AES256_GCM,data:JNc4wXMYezKxWB0YJA82CMjo3kFJ/homIUlfFMra,iv:IzCwXuFHq1dNO1v43X9LeaLL6WHyX0VbHKMkHarzDLc=,tag:DxJaUhfWbJq9jmpv2F/IQQ==,type:str]
secretKeys:
adminPasswordKey: ENC[AES256_GCM,data:VFLgU4nQ/zZ2D7VN+beDDUTrnvfGdBnLaCRCdrwA,iv:pR4ybyQdsHa+4l//fGlOSbC32W8D5N3dpbV5zAslCO8=,tag:+G3HaTBxeViJPHOa3zUqww==,type:str]
replicationPasswordKey: ENC[AES256_GCM,data:a04vZTyLiw99+TGWP/OHISlgtL24gSoRsXT/NPtm,iv:+EcGrXZIFvXN+vHDZyQLbD25XHf9xRDmkMur/5cOQcQ=,tag:6+b7dmC00hfoOCLKOeh44Q==,type:str]
userPasswordKey: ENC[AES256_GCM,data:8hgmiSMgigW2kINZcElVPQDViMb9/BynfEobdh5H,iv:JdvAIpfIhaqPNO1ffc8rN0N6QTWfaFfCTpbuoXVgrR0=,tag:RnlPdkQnBlgHKssFYIDmxA==,type:str]
global:
database:
roundcube:
password: ENC[AES256_GCM,data:I2v1MBqWzyQwbM7/a0030BrTd5vMzfui+A==,iv:8qwI9R+NkvHGhGr2WBMiZOVzIMWnUMu6stIVvrPzQqw=,tag:yixSyGBk6rdWxaZxb+TiFQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBteU4raWV3SFAyMGgyb0tK
SnREZnhyVDFrcTRpYWFhVWcyUmlDcmI1a0VRCnMvY1NGekNHTzdKeWdUVTQxbTdQ
Y0pyS1dGenV2cGd6QzZ4U3dUWDF5SjgKLS0tIGVwZ3NOTk0waUFFVDZTdnVic2pB
U2xkVThoZ0VKQk84Rk1UY3J6MXp1TzAKdMaqA+BJS9RXCWI5Sxr50M0+yxpeoq5u
ev6fvxqkMBcIVgR0s9NeeluHLTr/Rxo4beb4qN5qMeLkGDbcV5eBUg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-11T12:09:19Z"
mac: ENC[AES256_GCM,data:Bknntp44iiuRJlljijiR+zdxePtM1Q0kb0z3MVh4krjQrOvn5W8mVyhB3EcY5JDiAQ5KGMI6CfuUAFB9e8pqpHlpRILVot9sunw/MCsxhz4ZYJvic9OcEmopKbTZTGA+v4iL89SjgAAeclM0SUOCIUo9FBL35s5VO9XWSQoEf9k=,iv:O8LjgMO17VBSb0AGNONbwJHu5qHBvVtt9iovywHBEqg=,tag:E3piCvHmENugYfA0GXbM0Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

24
values/badhouseplants/secrets.mariadb.yaml
View File

@ -1,24 +0,0 @@
auth:
rootPassword: ENC[AES256_GCM,data:ff825CsmvG34ZWZWR+tV0ea+2kM=,iv:nUZGeUM7Ck0h72q5bPjH9UB3zAictnmOtsLQtNTVrYY=,tag:jt//DeLPMCOvT5XDZ+b8Ug==,type:str]
password: ENC[AES256_GCM,data:f0XcbH96uQ0HJIxfvkS0s7XGlsVJfHNrSg==,iv:Vn39GFekmWjbloTjkwuQVC0SmO37yBqNhUM9wHZS+H4=,tag:Ewigym1uzTIcQnNQ3rYLKw==,type:str]
replicationPassword: ENC[AES256_GCM,data:qSENgwBts6ubaf+CLE60AtKzh8H5/2O9lA==,iv:GZW5ktMxg/zb+4ic8T6n36RQPkQxr4K+PM4DF+8gGF0=,tag:PBCegHMiEmUCbKi4TleT6Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWZG8ydzB4VXRpdFEwK2Nt
VitsbStwbklocUJNYWFwTW1yN3ZDK2l3S1NNCnZEZ0pMY2RPMHZPVk8wa3dzVExv
MThHQzdPbk5pSDFMaG5UL1g5YzBMVFkKLS0tIG4wS3d0ZWlFUElqb0lCZk1nL1k2
eHVsVy9keGd4ZkhNMkw4d0FzZGg3bEEKuXM57Vi0jDcTiOMWMO7nBt5JUgE5k6hc
XjVIcfLyO/Grnc2qjhxFx+Z912VHWKpDSRouDorKKWBMJXWLAvaTTw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-11T12:09:19Z"
mac: ENC[AES256_GCM,data:pkF3MIcsSbA04qc1IdBMkwfpsVqSZ+X+Gmmqmo+dUhhgtpPB+64vwfAlK6FR1+eaJGH+QJk8R5NQR9IXmjGdssdSIe8iY3rqPooaMsO9VjPDkdccqsPNeLwiulu42KnMHP4vSdWj/4GQazsBBjE/lD9dOdnWCJ4HHw02/q10uuk=,iv:qliRDArrD6i6Td6cFJNYEE1UugeK8yhiLm3ONSgXc3U=,tag:X9V4lgWclYk87RiD3tgiiA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

21
values/badhouseplants/secrets.mealie.yaml
View File

@ -1,21 +0,0 @@
test: ENC[AES256_GCM,data:+Y+a6Q==,iv:yRpujiEbPbMSKwwP0MWqUMCNPbi0/XMc/XBVxcxPj7g=,tag:sgGCCFjHtpqcih4gC8AkWQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiL0dPeFJnNTRVWFBNRnRl
OWZxQXlYdXFiRUxYTzBWNjBWamI4M2NxbWdNCit6K3FYRys4RzAwODZ0Z2ljMlpU
Znh5ZmpTM2VUK1ZCeVpVeTJvSHdGNFEKLS0tIHZrNU9RWHIrTlpRUWpvVUVqUlJY
ZW1sWWhPSXp0L3h4VHdteWJDdHR6MlEK1DQLcUwvMVhxOQVO/Z/y066qOJFWUQmT
NsLA9zGQce0WuXvDltvDltaAOCcs9mpETAOxEdz8GkGqxkXZ3ZRgHw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-11T12:09:19Z"
mac: ENC[AES256_GCM,data:d6xwPAr/NQ+0ciDeV6Ph3xlvWPjPDkrkwlkeVrp/sFi2WqjWLjAd+vEb677yXXZ3jBcVN+Mu/DaBTJr1G6/1K4d99s9VGPtYvRHRbK/J5FVN9De8tA65DsQOMGKUgBt+JCB1jMDU5wRvMWAi9J4ejYIgaZ8iiyXK6b/tAs5hkiE=,iv:9QFJsBG76E90Qc06nZzwV2ON4gXTmtvy2/CjfRCSDlw=,tag:LHmzhiIuiGmUA9DeSdei3w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

23
values/badhouseplants/secrets.mysql.yaml
View File

@ -1,23 +0,0 @@
auth:
rootPassword: ENC[AES256_GCM,data:kDtOehAfpQ4TXN/pFUJiytrz5ZA=,iv:DJ893dKr/4SFBEl8HnYv2PMb3Nb2AfL1RVgN2QmDRmA=,tag:1TkFcvDTnd2RhMX8L02y3w==,type:str]
password: ENC[AES256_GCM,data:8oEQPuP0poFEpA==,iv:d9ZmklpwJa13wyNjrqNfFMEbJDSQ+NeyB4gj+59g09Q=,tag:c8Wz0wIPrvAH6k9FPRGC8A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBySC9wei9qb05GODBkTVZn
RVJ6S1RON0FaVTFXU0xzQmdLTlhDN0pzR2k4CldlOUdCZkkrQytSaVpYck0wMFVr
R2FWbGlNTUhHdUg2WklTSGR0b3NWV3MKLS0tIFFwSDJKMHJFdlE1WnBjVzVKWU5P
TzBBM09GS3ZXcU5hZ1FZcWFUYW1JVEUKjTIAcTBu2PpjLOikACcqVErrP61OrwlS
XzEpBU3mz9J+tp0RK2mtv6UulKQKFntZys2YLDZAgVDOvqxtNrDjCA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-11T12:09:19Z"
mac: ENC[AES256_GCM,data:3JjNzcBM3KfmmdK7aGUmxrqIUW7sz6ogFRVDC+hrPi7+6b8LyOK4ztP5KZq1Fcuv9xRr+OEpdhVKyDyfluvHcaJB8DurTePfffAIs7neeu53/IUq1+cyyZ9elRQWJp51FsOaP/nkUoIEVA9he5mhmMGUiUrOlzGRfD0Sh1KJI8I=,iv:z2lA6YLJEs+yv2AjAtL8QL9P1vy1g7WGh3BbhDZ/J5s=,tag:2HjZvdsNxzV6f7BajZRQYQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

22
values/badhouseplants/secrets.nrodionov.yaml
View File

@ -1,22 +0,0 @@
wordpressPassword: ENC[AES256_GCM,data:UFZCIa4YNbcNFQ==,iv:Q5n+72jgUJKIpwblr8/VfBqPDfJZclipDKVTjt4BWWw=,tag:RBJy121o8C9LpB8pxdpXHQ==,type:str]
wordpressEmail: ENC[AES256_GCM,data:COX4/ZgQEIasfo2Q7ReSs0sWeK3k,iv:AZX5Gzd4vde+sM5XBuiKjAc72GWHfL46OoG6XMaKrq0=,tag:wMSjQKfu2leyfiddfOV7og==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhQVdUUmRESFRKY1BKbk9x
V2hhK1krMFBBcDdYemVqZTJCeU4wanpoM0g4Ck5GNGRZenBNQ1h1c3FYQUNUTGFn
bk5yODlyM3lCYU1UWkpBdEt2VTVyU3cKLS0tIEsrRmduT1VxN1BJUFp2OWxONERa
c0hUamZJTU5ud0lNdGNwS0NwejVwblEKP0Mz4KIHhM+Y8whJ6oo/zSzg1SUtXrst
5uGKdbPy3jLYWlZLv4/7VPSS40t21UBLdP0y42AZEbbBn5XEHtbu1w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-11T12:09:19Z"
mac: ENC[AES256_GCM,data:+kLHyFmO43JOPbZMIqVIPpngAPthoQXMdVOsDwvBrpIRnjkU5iHpbBAo+Gn6QePm+9BKWJw4Dmzg0N/nT+u9o2Owyi3qlvbiSPnaTfswIpJMRhpPF++6t4aZZXUJeAUoq750iAgZnuBNMDuLpFpKzDu5kgpXRCInksPav+/kp6Y=,iv:8Yziaw6iAs2rWz43foBHz+Ug1SpZwNF614CwDk0rsZ0=,tag:hPr3OvLtsvXquTnHDXADtA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

24
values/badhouseplants/secrets.postgres16-gitea.yaml
View File

@ -1,24 +0,0 @@
global:
postgresql:
auth:
postgresPassword: ENC[AES256_GCM,data:GsNMbddMFxPNxZKfYqknBjpVOLSJRSua9vzls8fJNXs8aCNNjqOHFhr8KuUtd17t18o=,iv:O6zXIoWS71n+ZZ4d0JyfL1PEyLBPvt/JdWARc4yqc8Y=,tag:rCIvB4sIiCHl1qHf78PDtg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwMzBnYmd2U2lQQXorZTMz
NFAxQ25GMDJEZmQyY2RKUzUrMWxBVWJpV0RzCkh3VFhCNE1xandKei9KWWR4OU5J
M0Q1WTRMcXF0N3NtbS9QZ0J3U2VtbzAKLS0tIEhsNGZsUW1ydWFkZjFoRmVlS2Jl
Yk0zVnM3dFpqdDJuZEpZbTBmWGRJL28K9xfMizVfaWfll7x73eZwSMisX0zuGoWM
s1ffBVMu6tzm3sCHoXWhGi1GvsdwspSCBS2+pyc3Z/cK67SDVP6uZQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-11T12:09:19Z"
mac: ENC[AES256_GCM,data:GFVtew/Ppk32XpUSMCfxj7nP+xreo8G3ys3cjq5Fxwf6hwhUCjfPn1ZYapLAcdA36G4xf1/hpwrSK2zV7X1aiz266qiDP1fmBTLSLW0zzf4HvnzGleXNQrss3ezBCqSEJGSrFks5Xpti0zvLpERo5KZSnBND/scKDuIVv7EcboU=,iv:1AWLLzOx3T2o0tTA2V2Qs/qlIbEGySHd2OXpFT+BDqk=,tag:Ic4L77/Pbv1dmLRLaODb6Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

26
values/badhouseplants/secrets.shadowsocks-libev.yaml
View File

@ -1,26 +0,0 @@
env:
secrets:
sensitive: ENC[AES256_GCM,data:OKmFKw==,iv:7ohWwGwj/b+N3szJtcz/Ye6tJb+QptwhHwsyCBIp4NQ=,tag:es+T0GPlQfXcWFZWcr+W6w==,type:bool]
data:
PASSWORD: ENC[AES256_GCM,data:Lk395om/fVRf+IMWuhkuZrigyOXAs+uO7FdRUyVij9BAxlYUkUtsFlBECXnbuGOvGMA=,iv:tEpD8oPSWEfRto31eMXzGB8n0VqPYuqEO0RODyeZPV8=,tag:Ul7nG7whesyoXTGTJaFvBA==,type:str]
DNS_ADDRS: ENC[AES256_GCM,data:fTdhllypHai9JA==,iv:pRo9XdiFFU7eIX8cuYEpt2+uGKpfw8Xw+qtvW3msWMg=,tag:OKL/B6r2uQtHBpZOyLiYGA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBka1ZpUmY0OVNpME5Delgw
Y1AycVJRd3RxVWlzV1A4Z1JBT0ZBNWcvdkRNCk9iWDVXWld5VmJNRXdGSGV1TGpH
MmdtNXdKQWhtdlJqSFk0MjA2WngzdnMKLS0tIHp3eEpoVWV4NXhLM2R6OEdmdW9u
T1R2SDJQdzh3MzRPd2hYMTh2NDVmckEKPvwz47sdpioDJyS+pBnLmW0+nPZLq9D0
y9TdTHNPFL1lFxlCAdOzN2iuHz2Wp2/PmYPf2ueZWsoylEoSSWIz6w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-11T12:09:19Z"
mac: ENC[AES256_GCM,data:glgdOQIAulwfUbGdvVetITTvzqTOeNlspDqcnXs2f2RPE+LikRs1rbVNLbaGo48xL2CM3f4ahTeLGl3FyqB8bNlFTEy/AuW2MyRFfusLqUynb3fkKAEOwe3GNG3Pc65HmjnkjXWsXMxaMtxZ/Ge7ap+VsODd9DwahHEGdRNxgWU=,iv:PjTBbh9Jmt9651mGxKIKTf/DZPPoQ0rKLumFmPWOpig=,tag:iDBmO9IzqqJW0tL39udwUQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

22
values/badhouseplants/secrets.tandoor.yaml
View File

@ -1,22 +0,0 @@
env:
SECRET_KEY: ENC[AES256_GCM,data:g+evPub7DL4bx++hXhlkYTetJp5vRKYYGPpFwfi0,iv:JuSUmrUUgVL07y4mQ+z3lNRLpe0io4uDKndWpEgIVDU=,tag:Ug42srZ8fmlACGvkQSQoeQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiQ3dMMExTTCtkWmtWUVVK
Skh5RGxqeXJGUlFUcFNHakoxdEdEeHFyQVZVCnd5a2tYWlBHNlp5YThVdE5nUzFh
MnpWZDQyM1RQaFRrZUo5bFBHR2RZU2cKLS0tIEZLUUVJWksvRTcwZGljUFJWUGgx
MnlLbjl6TlJRVTBLa1FPTGZXNHU5WTAKmaTikdqlf1dpIEJWbhW2fSzocPH5QFNE
6yuw30lTnU4MWMXhRzU+os6KrdVKcqLz+1tlZ8vm2GgwXKaoLHwBng==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-11T12:09:19Z"
mac: ENC[AES256_GCM,data:uVFM0dsJoAxj5IItz6RXtSlzgArjqMW/DrdECpmmrLURUwLcBN8b7elCXWOECMBVM8iYKa08ZMIdTqwQZjPkNPrId6LVi+eHzUnCizbOVYKBmhT8nsZhKXczg6ItLKwPnPzSAQhPriSS38Ht+nHztwRYew89JOoMckWNlh41VSY=,iv:2ktCH78U4hRSkg/QiOBXA/TlZjYEl+4Taux/w4+Rr/M=,tag:illBKjzl+WeCmbVWCGEfVw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

30
values/badhouseplants/secrets.vaultwardentesttest.yaml
View File

@ -1,30 +0,0 @@
env:
secrets:
enabled: ENC[AES256_GCM,data:ljks7A==,iv:nEzYTUi6VLTOIoPuKljxwNLoo1jD2twVXG8rbJt++5E=,tag:EdWckiqrQxyklQJmz09+dQ==,type:bool]
sensitive: ENC[AES256_GCM,data:7aMiSg==,iv:/mNXXR6oI4/eMiyym+kK9N6q8RtchsGGZghgdrw9iMM=,tag:WBPyhtQTLGTJitzveJrWog==,type:bool]
data:
SMTP_USERNAME: ENC[AES256_GCM,data:9w+i/hHE6WQB2k10yb8VHJAQeNgH7untgNNl,iv:9w05Hm9MDcrUDar2yo35jy/fDrF5aluf9T9gmuOCQjw=,tag:bKlUJQRUqFw5ZXBlhPt7tg==,type:str]
ADMIN_PASSWORD: ENC[AES256_GCM,data:4mt21Q7l7gPjVKeHuoC7J9H7egmJ0nS3onWr0rAA/113iwa2XiLweRY/3obx5o0Q62k=,iv:hZDJMVhowwfpfxVobPztO4Dx5jEp6Vf57uWWppAC+Ak=,tag:pADNCgYM6yPfa/dESLVHQw==,type:str]
ADMIN_TOKEN: ENC[AES256_GCM,data:8S1LvFWo5FmEk0JPzg2AbJd+kCPiTu+Pri9RcpSS9+0GBnfwgbqttykFvoBulSIjO7LfYGfi4aB3lFHyOVu22HROVtBXf+0pswBk4jOkSHuCRbCH6Q==,iv:55Fl+NLBKUsgjugCHp7tmhM4fCCtzPrZdCyJfgFomWU=,tag:nw/oOZiKy4MIFedRiPkxlA==,type:str]
DATABASE_URL: null
SMTP_PASSWORD: ENC[AES256_GCM,data:kIBW21OPVOjJpwF5Fa77Qyz/GRM=,iv:jOnAkVsEfSdGrwIIuc7PKPvACTGe3racjcjqqcfLjgE=,tag:hAD5/FisMJTTS7tA9r2FMQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByOEhvMVlneVhUb01PZ29a
V0dkQlRkSjRSTGxnVi93b3phbld4Zzg2YWdNCm5wRUlpYWdoWnlyeXVsQk9YdnJL
R3QvWlhBSDFobUR0ZklGQUVHUzRoRFUKLS0tIGp2RmY5dUNUbElyRlI4UkRIM0gx
UnFxbE91SEo4VkxzSzQzQWhUbTJURVEKbnW2PsaPXxNEyP8YGwynYufnT4cXThRd
dWDY25xuE4tFFYQZJN5FCye0DoLhBtoqMN6BxG94LhmsnW0a2+tU3g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-11T12:09:20Z"
mac: ENC[AES256_GCM,data:1Iz6m+g4LPGsx+6uKCxTmEUu4jRsrB9Y9l6oqusVazUWjNe1xQDPR0+urhC2zUNSbqmUK/BIieUSPL0sjghRCxN6rLdOwO5rrLFGQZu0WGST2HqLxoyE1JxRBQG6UHrnzfUk2YIKVmrEZIvRBnTkTETWBALQM9So1NU7y5xZtis=,iv:0Tpf3WWsSjEnVpnFjSpUl19XaY7a8waTKQWoRgozfCU=,tag:s1uMN54TbPPb13CVoSc6WA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

25
values/badhouseplants/values.chartmuseum.yaml
View File

@ -1,25 +0,0 @@
env:
open:
AUTH_ANONYMOUS_GET: true
DISABLE_API: false
CORS_ALLOWORIGIN: "*"
persistence:
enabled: true
accessMode: ReadWriteOnce
size: 2Gi
path: /storage
ingress:
enabled: true
pathType: "ImplementationSpecific"
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
hosts:
- name: chartmuseum.badhouseplants.net
path: /
tls: true
tlsSecret: chartmuseum.badhouseplants.net

3
values/badhouseplants/values.crossplane.yaml
View File

@ -1,3 +0,0 @@
provider:
packages:
- xpkg.upbound.io/crossplane-contrib/provider-kubernetes:v0.13.0

71
values/badhouseplants/values.docker-mailserver.yaml
View File

@ -1,71 +0,0 @@
traefik:
enabled: true
tcpRoutes:
- name: docker-mailserver-smtp
service: docker-mailserver
match: HostSNI(`*`)
entrypoint: smtp
port: 25
- name: docker-mailserver-smtps
match: HostSNI(`*`)
service: docker-mailserver
entrypoint: smtps
port: 465
- name: docker-mailserver-smpt-startls
match: HostSNI(`*`)
service: docker-mailserver
entrypoint: smtp-startls
port: 587
- name: docker-mailserver-imap
match: HostSNI(`*`)
service: docker-mailserver
entrypoint: imap
port: 143
- name: docker-mailserver-imaps
match: HostSNI(`*`)
service: docker-mailserver
entrypoint: imaps
port: 993
- name: docker-mailserver-pop3
match: HostSNI(`*`)
service: docker-mailserver
entrypoint: pop3
port: 110
- name: docker-mailserver-pop3s
match: HostSNI(`*`)
service: docker-mailserver
entrypoint: pop3s
port: 993
rainloop:
enabled: true
ingress:
enabled: true
hosts:
- mail.badhouseplants.net
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
tls:
- secretName: mail-tls-secret
hosts:
- mail.badhouseplants.net
demoMode:
enabled: false
domains:
- badhouseplants.net
- mail.badhouseplants.net
ssl:
useExisting: true
existingName: mail-tls-secret
pod:
dockermailserver:
enable_fail2ban: "0"
ssl_type: manual
service:
type: ClusterIP
spfTestsDisabled: true

16
values/badhouseplants/values.drone-runner-docker.yaml
View File

@ -1,16 +0,0 @@
---
env:
DRONE_RPC_HOST: drone.badhouseplants.net
DRONE_RPC_PROTO: https
DRONE_NAMESPACE_DEFAULT: drone-service
rbac:
buildNamespaces:
- drone-service
dind:
resources:
limits:
cpu: 2000m
memory: 2024Mi
requests:
cpu: 100m
memory: 512Mi

18
values/badhouseplants/values.drone.yaml
View File

@ -1,18 +0,0 @@
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
istio:
enabled: true
istio:
- name: drone-http
gateway: istio-system/badhouseplants-net
kind: http
hostname: drone.badhouseplants.net
service: drone
port: 8080
env:
DRONE_SERVER_HOST: drone.badhouseplants.net
DRONE_SERVER_PROTO: https
DRONE_GITEA_SERVER: https://git.badhouseplants.net
DRONE_USER_CREATE: username:allanger,admin:true

4
values/badhouseplants/values.iredmail.yaml
View File

@ -1,4 +0,0 @@
config:
env:
HOSTNAME: mail.badhouseplants.net
FIRST_MAIL_DOMAIN: badhouseplants.net

98
values/badhouseplants/values.istio-gateway-resources.yaml
View File

@ -1,98 +0,0 @@
certificate:
enabled: true
certificate:
- name: nrodionov-wildcard
secretName: nrodionov-wildcard-tls
issuer:
kind: ClusterIssuer
name: badhouseplants-issuer
dnsNames:
- nrodionov.info
- "*.nrodionov.info"
- name: badhouseplants-wildcard
secretName: badhouseplants-wildcard-tls
issuer:
kind: ClusterIssuer
name: badhouseplants-issuer
dnsNames:
- badhouseplants.net
- "*.badhouseplants.net"
istio-gateway:
enabled: true
gateways:
- name: badhouseplants-net
servers:
- hosts:
- badhouseplants.net
- '*.badhouseplants.net'
port:
name: grpc-web
number: 8080
protocol: HTTPS
tls:
credentialName: badhouseplants-wildcard-tls
mode: SIMPLE
- hosts:
- badhouseplants.net
- '*.badhouseplants.net'
port:
name: http
number: 80
protocol: HTTP2
tls:
httpsRedirect: true
- hosts:
- badhouseplants.net
- '*.badhouseplants.net'
port:
name: https
number: 443
protocol: HTTPS
tls:
credentialName: badhouseplants-wildcard-tls
mode: SIMPLE
- name: nrodionov-info
servers:
- hosts:
- nrodionov.info
- dev.nrodionov.info
port:
name: http
number: 80
protocol: HTTP2
tls:
httpsRedirect: true
- hosts:
- nrodionov.info
- dev.nrodionov.info
port:
name: https
number: 443
protocol: HTTPS
tls:
credentialName: nrodionov-wildcard-tls
mode: SIMPLE
- name: badhouseplants-vpn
servers:
- hosts:
- '*'
port:
name: tcp
number: 1194
protocol: TCP
- name: badhouseplants-ssh
servers:
- hosts:
- '*'
port:
name: ssh
number: 22
protocol: TCP
- name: badhouseplants-minecraft
servers:
- hosts:
- '*'
port:
name: minecraft
number: 25565
protocol: TCP

72
values/badhouseplants/values.istio-ingressgateway.yaml
View File

@ -1,72 +0,0 @@
service:
type: LoadBalancer
externalTrafficPolicy: Local
ports:
- name: shadowsocks
port: 8388
protocol: TCP
targetPort: 8388
- name: minecraft
port: 25565
protocol: TCP
targetPort: 25565
- name: ssh-gitea
port: 22
protocol: TCP
targetPort: 22
- name: http2
port: 80
protocol: TCP
targetPort: 80
- name: grpc-web
port: 8080
protocol: TCP
targetPort: 8080
- name: https
port: 443
protocol: TCP
targetPort: 443
- name: tcp
port: 1194
protocol: TCP
targetPort: 1194
# -----------
# -- Email
# -----------
- name: smtp
port: 25
protocol: TCP
targetPort: 25
- name: smtps
port: 465
protocol: TCP
targetPort: 465
- name: smtp-startls
port: 587
protocol: TCP
targetPort: 587
- name: imap
port: 143
protocol: TCP
targetPort: 143
- name: imaps
port: 993
protocol: TCP
targetPort: 993
- name: pop3
port: 110
protocol: TCP
targetPort: 110
- name: pop3s
port: 995
protocol: TCP
targetPort: 995
podAnnotations:
proxy.istio.io/config: '{"gatewayTopology" : { "numTrustedProxies": 0, "forwardClientCertDetails": SANITIZE } }'
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 200m
memory: 1024Mi

14
values/badhouseplants/values.istiod.yaml
View File

@ -1,14 +0,0 @@
---
pilot:
resources:
requests:
cpu: 50m
memory: 2048Mi
global:
proxy:
resources:
requests:
cpu: 20m
memory: 128Mi
limits:
memory: 128Mi

71
values/badhouseplants/values.kimai.yaml
View File

@ -1,71 +0,0 @@
ext-database:
enabled: true
name: kimai-mariadb
instance: mariadb
credentials:
mariadb-password: '{{ .Password }}'
global:
storageClass: ceph-filesystem
kimaiEnvironment: prod
kimaiAdminEmail: overlord@badhouseplants.net
kimaiAdminPassword: 'ZYdsgd^X9LsjxmJ7i6Xjx6LEMDbK8EJ$JCtX$P$6SisEKGJaqL'
kimaiMailerFrom: kimai@example.com
kimaiMailerUrl: null://localhost
kimaiTrustedProxies: ""
kimaiRedisCache: false
replicaCount: 1
kimaiAppSecret: CVUwPmI9m6
updateStrategy:
type: RollingUpdate
resources:
limits:
memory: 200Mi
requests:
cpu: 200m
service:
type: ClusterIP
ingress:
enabled: true
pathType: ImplementationSpecific
apiVersion: ""
ingressClassName: traefik
hostname: kimai.badhouseplants.net
path: /
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
tls: true
selfSigned: false
configuration: |-
monolog:
handlers:
main:
path: php://stderr
persistence:
enabled: true
storageClass: ceph-filesystem
accessModes:
- ReadWriteMany
size: 512Mi
dataSource: {}
existingClaim: ""
selector: {}
annotations: {}
mariadb:
enabled: false
externalDatabase:
host: mariadb.databases.svc.cluster.local
port: 3306
serverVersion: '8.0'
user: applications_kimai_mariadb
database: applications_kimai_mariadb
## NOTE: Must contain key `mariadb-password`
## NOTE: When it's set, the `externalDatabase.password` parameter is ignored
existingSecret: kimai-mariadb-creds

6
values/badhouseplants/values.local-path-provisioner.yaml
View File

@ -1,6 +0,0 @@
storageClass:
create: true
defaultClass: true
defaultVolumeType: local
reclaimPolicy: Delete
volumeBindingMode: Immediate

31
values/badhouseplants/values.longhorn.yaml
View File

@ -1,31 +0,0 @@
defaultSettings:
backupTarget: s3://longhorn@us-east1/backupstore
backupTargetCredentialSecret: s3-backup-secret
guaranteedEngineManagerCPU: 2
guaranteedReplicaManagerCPU: 2
storageOverProvisioningPercentage: 300
storageMinimalAvailablePercentage: 5
storageReservedPercentageForDefaultDisk: 1
defaultDataPath: /media/longhorn
defaultReplicaCount: 1
csi:
kubeletRootDir: /var/lib/kubelet/
attacherReplicaCount: 1
provisionerReplicaCount: 1
resizerReplicaCount: 1
snapshotterReplicaCount: 1
persistence:
defaultClassReplicaCount: 1
defaultNodeSelector:
enable: true
selector: longhorn
defaultClass: false
enablePSP: false
longhornUI:
replicas: 1
longhornManager:
nodeSelector:
node-role.kubernetes.io/longhorn: "true"
longhornDriver:
nodeSelector:
node-role.kubernetes.io/longhorn: "true"

199
values/badhouseplants/values.mailu.yaml
View File

@ -1,199 +0,0 @@
# ------------------------------------------
# -- Database extension is used to manage
# -- database with db-operator
# ------------------------------------------
ext-database:
enabled: true
name: mailu-postgres16
instance: postgres16
extraDatabase:
enabled: true
name: roundcube-postgres16
instance: postgres16
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
traefik:
enabled: true
tcpRoutes:
- name: mailu-smtp
service: mailu-front
match: HostSNI(`*`)
entrypoint: smtp
port: 25
- name: mailu-smtps
match: HostSNI(`*`)
service: mailu-front
entrypoint: smtps
port: 465
- name: mailu-smpt-startls
match: HostSNI(`*`)
service: mailu-front
entrypoint: smtp-startls
port: 587
- name: mailu-imap
match: HostSNI(`*`)
service: mailu-front
entrypoint: imap
port: 143
- name: mailu-imaps
match: HostSNI(`*`)
service: mailu-front
entrypoint: imaps
port: 993
- name: mailu-pop3
match: HostSNI(`*`)
service: mailu-front
entrypoint: pop3
port: 110
- name: mailu-pop3s
match: HostSNI(`*`)
service: mailu-front
entrypoint: pop3s
port: 993
subnet: 192.168.0.0/16
sessionCookieSecure: true
hostnames:
- email.badhouseplants.net
extraTls:
- hosts:
- badhouseplants.net
secretName: mailu-root-domain
domain: badhouseplants.net
persistence:
single_pvc: false
limits:
messageRatelimit:
value: "100/day"
tls:
outboundLevel: secure
ingress:
enabled: true
ingressClassName: traefik
tls: true
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
tlsFlavorOverride: mail
# realIpFrom: traefik.kube-system.svc.cluster.local
# realIpHeader: "X-Real-IP"
front:
hostPort:
enabled: false
extraEnvVars:
- name: PROXY_PROTOCOL
value: "mail"
- name: REAL_IP_FROM
value: "192.168.0.0/16,10.43.0.0/16"
- name: AUTH_RATELIMIT_IP
value: 100/hour
- name: AUTH_RATELIMIT_USER
value: 50/day
admin:
resources:
requests:
memory: 100Mi
cpu: 70m
limits:
memory: 700Mi
cpu: 600m
startupProbe:
enabled: true
failureThreshold: 10
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
persistence:
size: 256Mi
redis:
resources:
requests:
memory: 100Mi
cpu: 70m
limits:
memory: 200Mi
cpu: 200m
master:
persistence:
enabled: false
postfix:
resources:
requests:
memory: 1024Mi
cpu: 200m
limits:
memory: 1024Mi
cpu: 200m
persistence:
size: 1Gi
dovecot:
logLevel: DEBUG
resources:
requests:
memory: 100Mi
cpu: 70m
limits:
memory: 400Mi
cpu: 300m
persistence:
size: 512Gi
roundcube:
resources:
requests:
memory: 100Mi
cpu: 70m
limits:
memory: 200Mi
cpu: 200m
persistence:
size: 512Mi
mysql:
enabled: false
postgresql:
enabled: false
## If using the built-in MariaDB or PostgreSQL, the `roundcube` database will be created automatically.
externalDatabase:
## @param externalDatabase.enabled Set to true to use an external database
enabled: true
type: postgresql
existingSecret: mailu-postgres16-creds
existingSecretDatabaseKey: POSTGRES_DB
existingSecretUsernameKey: POSTGRES_USER
existingSecretPasswordKey: POSTGRES_PASSWORD
host: postgres16-postgresql.databases.svc.cluster.local
port: 5432
rspamd:
resources:
requests:
memory: 100Mi
cpu: 100m
limits:
memory: 500Mi
cpu: 400m
startupProbe:
periodSeconds: 30
failureThreshold: 900
timeoutSeconds: 20
livenessProbe: {}
readinessProbe: {}
webmail:
persistence:
size: 512Mi
storageClass: ""
accessModes: [ReadWriteOnce]
claimNameOverride: ""
annotations: {}
global:
database:
roundcube:
database: applications-roundcube-postgres16
username: applications-roundcube-postgres16
existingSecret: roundcube-postgres16-creds
existingSecretPasswordKey: POSTGRES_PASSWORD

5
values/badhouseplants/values.mariadb.yaml
View File

@ -1,5 +0,0 @@
initdbScriptsConfigMap: ""
primary:
persistence:
enabled: true
size: 512Mi

75
values/badhouseplants/values.mealie.yaml
View File

@ -1,75 +0,0 @@
---
ext-database:
enabled: true
name: mealie-postgres16
instance: postgres16
credentials:
POSTGRES_SERVER: "{{ .Hostname }}"
POSTGRES_PORT: "{{ .Port }}"
workload:
containers:
mealie:
envFrom:
- environment
- secretRef:
name: mealie-postgres16-creds
livenessProbe:
httpGet:
port: 9000
readinessProbe:
httpGet:
port: 9000
ingress:
main:
class: traefik
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
rules:
- host: mealie.badhouseplants.net
http:
paths:
- backend:
service:
name: "{{ include \"chart.fullname\" $ }}"
port:
number: 9000
path: /
pathType: Prefix
tls:
- hosts:
- mealie.badhouseplants.net
secretName: mealie.badhouseplants.net
env:
environment:
sensitive: false
data:
ALLOW_SIGNUP: "true"
PUID: "1000"
PGID: "1000"
TZ: Europe/Berlin
MAX_WORKERS: "1"
WEB_CONCURRENCY: "1"
BASE_URL: https://mealie.badhosueplants.net
DB_ENGINE: postgres
OIDC_AUTH_ENABLED: "true"
OIDC_SIGNUP_ENABLED: "true"
OIDC_CONFIGURATION_URL: "https://authentik.badhouseplants.net/application/o/mealie/.well-known/openid-configuration"
OIDC_CLIENT_ID: mealie
OIDC_USER_GROUP: "Family"
OIDC_ADMIN_GROUP: "DevOps"
OIDC_AUTO_REDIRECT: "true"
OIDC_PROVIDER_NAME: authentik
secrets:
sensitive: true
data:
POSTGRES_USER: ~
POSTGRES_PASSWORD: ~
POSTGRES_SERVER: ~
POSTGRES_PORT: ~
POSTGRES_DB: ~

2
values/badhouseplants/values.minio-operator.yaml
View File

@ -1,2 +0,0 @@
operator:
replicaCount: 1

136
values/badhouseplants/values.minio-tenant.yaml
View File

@ -1,136 +0,0 @@
secrets: null
tenant:
name: minio
# The Kubernetes secret name that contains MinIO environment variable configurations.
# The secret is expected to have a key named config.env containing environment variables exports.
existingSecret: false
configSecret:
name: myminio-env-configuration
accessKey: minio
secretKey: minio123
pools:
- servers: 1
storageClassName: ceph-filesystem
name: main
volumesPerServer: 1
size: 5Gi
storageAnnotations: { }
annotations: { }
labels: { }
tolerations: [ ]
nodeSelector: { }
resources: { }
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: "OnRootMismatch"
runAsNonRoot: true
containerSecurityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
topologySpreadConstraints: [ ]
env:
- name: MINIO_IDENTITY_OPENID_CONFIG_URL
value: https://authentik.badhouseplants.net/application/o/minio/.well-known/openid-configuration
- name: MINIO_IDENTITY_OPENID_CLIENT_ID
value: minio
- name: MINIO_IDENTITY_OPENID_CLIENT_SECRET
value: Z2vCo8rw5jsEVZlvc3wCjPjUIcN31PAxEJQvZvzfawUtWPRCefk8uCjzffsOlK61RImz7IRUeGOfBeDnt7Xa8hpnhkXe6Dq2kBF0lZaUh0v3Jm3HV9zNONdAjxWaUJrh
- name: MINIO_IDENTITY_OPENID_SCOPES
value: openid,profile,email,groups
- name: MINIO_IDENTITY_OPENID_CLAIM_NAME
value: groups
- name: MINIO_IDENTITY_OPENID_REDIRECT_URI
value: https://minio-new.badhouseplants.net/oauth_callback
- name: MINIO_IDENTITY_OPENID_DISPLAY_NAME
value: Authentik
- name: MINIO_SERVER_URL
value: https://s3-new.badhouseplants.net:443
mountPath: /export
subPath: /data
metrics:
enabled: false
port: 9000
protocol: http
certificate:
externalCaCertSecret: [ ]
externalCertSecret: [ ]
requestAutoCert: false
certConfig: { }
features:
bucketDNS: false
domains: { }
enableSFTP: false
###
# Array of objects describing one or more buckets to create during tenant provisioning.
# Example:
#
# .. code-block:: yaml
#
# - name: my-minio-bucket
# objectLock: false # optional
# region: us-east-1 # optional
buckets:
- name: test
users: [ ]
podManagementPolicy: Parallel
liveness: { }
readiness: { }
startup: { }
lifecycle: { }
prometheusOperator: false
additionalVolumes: [ ]
###
# An array of volume mount points associated to each Tenant container.
#
# Specify each item in the array as follows:
#
# .. code-block:: yaml
#
# volumeMounts:
# - name: volumename
# mountPath: /path/to/mount
#
# The ``name`` field must correspond to an entry in the ``additionalVolumes`` array.
additionalVolumeMounts: [ ]
ingress:
api:
enabled: true
ingressClassName: traefik
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
tls:
- secretName: s3-new.badhouseplants.net
hosts:
- s3-new.badhouseplants.net
host: s3-new.badhouseplants.net
path: /
pathType: Prefix
console:
enabled: true
ingressClassName: traefik
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
tls:
- secretName: minio-new.badhouseplants.net
hosts:
- minio-new.badhouseplants.net
host: minio-new.badhouseplants.net
path: /
pathType: Prefix

6
values/badhouseplants/values.mysql.yaml
View File

@ -1,6 +0,0 @@
primary:
persistence:
size: 500Mi
auth:
createDatabase: false

64
values/badhouseplants/values.nrodionov.yaml
View File

@ -1,64 +0,0 @@
ext-database:
enabled: true
name: nrodionov-mariadb
instance: mariadb
credentials:
mariadb-password: "{{ .Password }}"
ingress:
enabled: true
pathType: ImplementationSpecific
hostname: dev.nrodionov.info
path: /
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
tls: true
tlsWwwPrefix: false
selfSigned: false
wordpressBlogName: Николай Николаевич Родионов
wordpressUsername: admin
wordpressFirstName: Nikolai
wordpressLastName: Rodionov
wordpressTablePrefix: wp_
wordpressScheme: http
existingWordPressConfigurationSecret: ""
resources:
requests:
memory: 300Mi
cpu: 10m
service:
type: ClusterIP
ports:
http: 8080
https: 8443
persistence:
enabled: true
accessModes:
- ReadWriteOnce
accessMode: ReadWriteOnce
size: 512Mi
dataSource: {}
existingClaim: ""
selector: {}
externalDatabase:
host: mariadb.databases.svc.cluster.local
port: 3306
user: applications_nrodionov_mariadb
database: applications_nrodionov_mariadb
existingSecret: nrodionov-mariadb-creds
mariadb:
enabled: false
primary:
persistence:
enabled: true
storageClass: ""
accessModes:
- ReadWriteOnce
size: 3Gi

38
values/badhouseplants/values.postgres16-gitea.yaml
View File

@ -1,38 +0,0 @@
architecture: standalone
auth:
database: postgres
persistence:
size: 1Gi
metrics:
enabled: false
primary:
persistence:
size: 1Gi
resources:
limits:
ephemeral-storage: 1Gi
memory: 1024Mi
cpu: 500m
requests:
cpu: 100m
ephemeral-storage: 50Mi
memory: 256Mi
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsNonRoot: false
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"

119
values/badhouseplants/values.rook-ceph-cluster.yaml
View File

@ -1,119 +0,0 @@
toolbox:
# -- Enable Ceph debugging pod deployment. See [toolbox](../Troubleshooting/ceph-toolbox.md)
enabled: true
cephBlockPools: []
cephObjectStores: []
cephFileSystems:
- name: ceph-filesystem
spec:
metadataPool:
replicated:
size: 3
dataPools:
- failureDomain: host
replicated:
size: 3
name: data0
metadataServer:
activeCount: 1
activeStandby: true
resources:
limits:
cpu: ~
memory: "512Mi"
requests:
cpu: "100m"
memory: "512Mi"
priorityClassName: system-cluster-critical
storageClass:
enabled: true
isDefault: true
name: ceph-filesystem
pool: data0
reclaimPolicy: Delete
allowVolumeExpansion: true
volumeBindingMode: "Immediate"
mountOptions: []
# - discard
parameters:
csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
csi.storage.k8s.io/provisioner-secret-namespace: "{{ .Release.Namespace }}"
csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
csi.storage.k8s.io/controller-expand-secret-namespace: "{{ .Release.Namespace }}"
csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
csi.storage.k8s.io/node-stage-secret-namespace: "{{ .Release.Namespace }}"
csi.storage.k8s.io/fstype: ext4
cephClusterSpec:
dashboard:
enabled: true
ssl: false
all:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: role
operator: In
values:
- ceph
mgr:
count: 1
mon:
count: 1
resources:
api:
requests:
cpu: "500m"
memory: "512Mi"
limits:
memory: "512Mi"
mgr:
requests:
cpu: "500m"
memory: "512Mi"
limits:
memory: "512Mi"
mon:
limits:
memory: "512Mi"
requests:
cpu: "300m"
memory: "512Mi"
osd:
requests:
cpu: "500m"
memory: "1408Mi"
limits:
memory: "1408Mi"
#limits:
# cpu: "400m"
# memory: "1280Mi"
#requests:
# cpu: "200m"
# memory: "256Mi"
cephFileSystemVolumeSnapshotClass:
enabled: true
name: ceph-filesystem
isDefault: true
deletionPolicy: Delete
ingress:
# -- Enable an ingress for the ceph-dashboard
dashboard:
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
host:
name: dashboard-ceph.badhouseplants.net
path: "/"
tls:
- hosts:
- dashboard-ceph.badhouseplants.net
secretName: dashboard-ceph.badhouseplants.net
ingressClassName: traefik

218
values/badhouseplants/values.rook-ceph.yaml
View File

@ -1,218 +0,0 @@
---
monitoring:
enabled: true
csi:
enableRbdDriver: false
csiRBDProvisionerResource: |
- name : csi-provisioner
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
- name : csi-resizer
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
- name : csi-attacher
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
- name : csi-snapshotter
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
- name : csi-rbdplugin
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
- name : csi-omap-generator
resource:
requests:
memory: 12Mi
cpu: 250m
limits:
memory: 1Gi
cpu: 500m
- name : liveness-prometheus
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
# -- CEPH CSI RBD plugin resource requirement list
# @default -- see values.yaml
csiRBDPluginResource: |
- name : driver-registrar
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
- name : csi-rbdplugin
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
- name : liveness-prometheus
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
# -- CEPH CSI CephFS provisioner resource requirement list
# @default -- see values.yaml
csiCephFSProvisionerResource: |
- name : csi-provisioner
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
- name : csi-resizer
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
- name : csi-attacher
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
- name : csi-snapshotter
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
- name : csi-cephfsplugin
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
- name : liveness-prometheus
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
# -- CEPH CSI CephFS plugin resource requirement list
# @default -- see values.yaml
csiCephFSPluginResource: |
- name : driver-registrar
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
- name : csi-cephfsplugin
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
- name : liveness-prometheus
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
# -- CEPH CSI NFS provisioner resource requirement list
# @default -- see values.yaml
csiNFSProvisionerResource: |
- name : csi-provisioner
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
- name : csi-nfsplugin
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
- name : csi-attacher
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
# -- CEPH CSI NFS plugin resource requirement list
# @default -- see values.yaml
csiNFSPluginResource: |
- name : driver-registrar
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
- name : csi-nfsplugin
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m

16
values/badhouseplants/values.shadowsocks-libev.yaml
View File

@ -1,16 +0,0 @@
traefik:
enabled: true
tcpRoutes:
- name: shadowsocks-libev
service: shadowsocks-libev-shadowsocks
match: HostSNI(`*`)
entrypoint: shadowsocks
port: 8388
traefik-udp:
enabled: false
tcpRoutes:
- name: shadowsocks-libev
service: shadowsocks-libev-shadowsocks
match: HostSNI(`*`)
entrypoint: shadowsocks-udp
port: 8388

55
values/badhouseplants/values.tandoor.yaml
View File

@ -1,55 +0,0 @@
istio:
enabled: true
istio:
- name: tandoor-http
gateway: istio-system/badhouseplants-net
kind: http
hostname: tandoor.badhouseplants.net
service: tandoor
port: 8080
ext-database:
enabled: true
name: tandoor-postgres16
instance: postgres16
credentials:
POSTGRES_HOST: |-
"{{ .Hostname }}"
POSTGRES_PORT: |-
"{{ .Port }}"
envFrom:
- secretRef:
name: tandoor-postgres16-creds
env:
TZ: UTC
DB_ENGINE: django.db.backends.postgresql
EMAIL_HOST: badhouseplants.net
EMAIL_PORT: 587
EMAIL_HOST_USER: overlord@badhouseplants.net
EMAIL_HOST_PASSWORD: nxVa8Xcf4jNvzNeE$JzBL&H8g
EMAIL_USE_TLS: 1
EMAIL_USE_SSL: 0
DEFAULT_FROM_EMAIL: tandoor@badhouseplants.net
persistence:
config:
enabled: true
retain: true
storageClass: longhorn
accessMode: ReadWriteOnce
size: 1Gi
media:
enabled: true
mountPath: /opt/recipes/mediafiles
retain: true
storageClass: longhorn
accessMode: ReadWriteOnce
size: 1Gi
static:
enabled: true
type: emptyDir
mountPath: /opt/recipes/staticfiles
django-js-reverse:
enabled: true
type: emptyDir
mountPath: /opt/recipes/cookbook/static/django_js_reverse

78
values/badhouseplants/values.vaultwardentesttest.yaml
View File

@ -1,78 +0,0 @@
workload:
kind: Deployment
strategy:
type: RollingUpdate
containers:
vaultwarden:
mounts:
storage:
data:
path: /app/data/
extraVolumes:
logs:
path: /app/logs
envFrom:
- environment
- secrets
ingress:
main:
class: traefik
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
rules:
- host: vaulttest2.badhouseplants.net
http:
paths:
- backend:
service:
name: '{{ include "chart.fullname" $ }}'
port:
number: 8080
path: /
pathType: Prefix
tls:
- hosts:
- vaulttest2.badhouseplants.net
secretName: vaulttest2.badhouseplants.net
extraVolumes:
# -- Because by default the fs is read-only, we need to add an emtpy dir volume
logs:
emptyDir: {}
storage:
data:
storageClassName: openebs-hostpath
env:
environment:
enabled: true
sensitive: false
data:
DOMAIN: https://vaulttest2.badhouseplants.net
SMTP_HOST: mail.badhouseplants.net
SMTP_SECURITY: "starttls"
SMTP_PORT: 587
SMTP_FROM: vaulttest@badhouseplants.net
SMTP_FROM_NAME: Vault Warden
SMTP_AUTH_MECHANISM: "Plain"
SMTP_ACCEPT_INVALID_HOSTNAMES: "false"
SMTP_ACCEPT_INVALID_CERTS: "false"
SMTP_DEBUG: false
DATA_FOLDER: /app/data/
ROCKET_PORT: 8080
SHOW_PASSWORD_HINT: true
SIGNUPS_ALLOWED: true
INVITATIONS_ALLOWED: true
SIGNUPS_DOMAINS_WHITELIST: "test.com"
SIGNUPS_VERIFY: false
WEB_VAULT_ENABLED: true
LOG_FILE: /app/logs/log.txt
LOG_LEVEL: info
DB_CONNECTION_RETRIES: 10
DATABASE_MAX_CONNS: 10
ORG_GROUPS_ENABLED: true
ORG_EVENTS_ENABLED: true
ORG_CREATION_USERS: ""

47
values/badhouseplants/values.wikijs.yaml
View File

@ -1,47 +0,0 @@
---
ext-database:
enabled: true
name: wikijs-postgres16
instance: postgres16
credentials:
DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable"
volumeMounts:
- name: postgres-creds
readOnly: true
mountPath: "/etc/postgres/connection_string"
subPath: DATABASE_DATASOURCE
volumes:
- name: postgres-creds
secret:
secretName: wikijs-postgres16-creds
#externalPostgresql:
# databaseURL: $(cat /etc/postgres/connection_string)
ingress:
enabled: true
className: traefik
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
hosts:
- host: wikijs.badhouseplants.net
paths:
- path: "/"
pathType: Prefix
tls:
- secretName: wikijs.badhouseplants.net
hosts:
- wikijs.badhouseplants.net
postgresql:
enabled: false
postgresqlHost: postgres16-postgresql.databases.svc.cluster.local
postgresqlPort: 5432
postgresqlUser: applications-wikijs-postgres16
postgresqlDatabase: applications-wikijs-postgres16
existingSecret: wikijs-postgres16-creds
existingSecretKey: POSTGRES_PASSWORD

46
values/etersoft/values.openvpn-xor.yaml
View File

@ -1,46 +0,0 @@
---
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
# istio:
# enabled: true
# istio:
# - name: openvpn-tcp-xor
# gateway: istio-system/badhouseplants-vpn
# kind: tcp
# port_match: 1194
# hostname: "*"
# service: openvpn-xor
# port: 1194
# ------------------------------------------
traefik:
enabled: true
tcpRoutes:
- name: openvpn
service: openvpn
match: HostSNI(`*`)
entrypoint: openvpn
port: 1194
tcproute:
enabled: false
storage:
size: 128Mi
openvpn:
proto: tcp
host: 195.201.249.91
easyrsa:
cn: Bad Houseplants
country: Germany
province: NRW
city: Duesseldorf
org: Bad Houseplants
email: allanger@zohomail.com
service:
type: ClusterIP
port: 1194
targetPort: 1194
protocol: TCP