From bb02a63f2d7974e2254562c20c52f270271043be Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 28 Sep 2024 21:55:26 +0200 Subject: [PATCH] Migrate to the new cluster --- values/badhouseplants/secrets.gitea.yaml | 52 +++++++++---------- values/badhouseplants/secrets.minio.yaml | 50 +++++++++--------- .../badhouseplants/secrets.vaultwarden.yaml | 26 +++++----- values/badhouseplants/secrets.velero.yaml | 46 ++++++++-------- values/badhouseplants/values.gitea.yaml | 2 +- values/badhouseplants/values.grafana.yaml | 34 ++++++------ values/badhouseplants/values.kyverno.yaml | 2 + values/badhouseplants/values.minecraft.yaml | 2 +- values/badhouseplants/values.namespaces.yaml | 7 +-- values/badhouseplants/values.openebs.yaml | 36 +++++++++++++ values/badhouseplants/values.openvpn.yaml | 33 ++++++------ values/badhouseplants/values.prometheus.yaml | 8 +-- values/badhouseplants/values.stalwart.yaml | 2 +- .../values.vaultwardentesttest.yaml | 5 +- values/badhouseplants/values.velero.yaml | 36 ++++++------- .../badhouseplants/values.woodpecker-ci.yaml | 2 +- values/badhouseplants/values.zot.yaml | 3 -- 17 files changed, 185 insertions(+), 161 deletions(-) create mode 100644 values/badhouseplants/values.kyverno.yaml create mode 100644 values/badhouseplants/values.openebs.yaml diff --git a/values/badhouseplants/secrets.gitea.yaml b/values/badhouseplants/secrets.gitea.yaml index ceeb7de..0341916 100644 --- a/values/badhouseplants/secrets.gitea.yaml +++ b/values/badhouseplants/secrets.gitea.yaml @@ -1,31 +1,31 @@ gitea: admin: - username: ENC[AES256_GCM,data:v3sgQA1FXqs=,iv:TXpcQIaJfhHyjBRkVSlwzUVUCkhbFzPvyiUXRrc89NE=,tag:JZ67LtzNrI1BpwvWLueJHA==,type:str] - password: ENC[AES256_GCM,data:YZrXQ5yail+jmNQOGz50uT+icTE=,iv:eoGozzZ89DJqjt0j4cuf+2UmHnT+VP8vDY0ClSmiqfI=,tag:y8O5wJqiChNWV+5BbFhdCg==,type:str] + username: ENC[AES256_GCM,data:hn9KbBrp6Ak=,iv:wg7E83jsBkxvBdKWbObizqWtfI1Dy1KnwAEZvnY1anc=,tag:UuX2qt/AVQpaZu251J4EGg==,type:str] + password: ENC[AES256_GCM,data:ETNIrZsYXVtMZh9/sU+RAV8zzK8=,iv:tOzJVOeEIJDfMIrbhQVOyHlPQH7pSJdrcQ5oeq1Hxtg=,tag:hILdhhYmix4O53ZdF8A+gg==,type:str] config: mailer: - PASSWD: ENC[AES256_GCM,data:QxCpONzUd9h/qS9H77zJMsAPUp3un5Yl4+6+l3rPajRuRvjaRtcTXAxLnxpxEgGLUFpLgIPryWD3eMKT,iv:5iyEN1vUrxmgEN803fd6Q63zxnhmmGa4aj/TRrJNTwA=,tag:63SaHKG/K+PQ5grwv+zN8A==,type:str] + PASSWD: ENC[AES256_GCM,data:/wnVyhS6pBUJOE9PS39ZW+carVqn+WG+Sw==,iv:xraey6+BICLdsX81JLjFDGikj7ILqu40HJOY43nGBeg=,tag:ALkgbnK0QDVa1ZTHujE0fg==,type:str] database: - PASSWD: ENC[AES256_GCM,data:qH2pVwmY1o7pVFMyl9tBGW02Psw=,iv:/XkFFeCiYWE3dCoYj63rIA0+V3lvJWZUvMyO6NkAfSM=,tag:UWIzPp9MlYRUHbBRRJrTnA==,type:str] + PASSWD: ENC[AES256_GCM,data:VbWIJV60OURufOh03zt2noSxb04=,iv:bHjeClvdB10byx90pFJVec3MywRYnTPpm8nfC51S88M=,tag:mfI4dNBZZtunMPZaVF8+LQ==,type:str] session: - PROVIDER_CONFIG: ENC[AES256_GCM,data:lI3Mg6ZljleZ2IdivcSOrvLDMUdhbHTlRN2viIwyE+EHpHOk+0Onu2AkOTgnspGhvXkmpX0AAynUCOEmkI1k0eST4XdC4a+vp895Hu/6+UgODN2UCMutjkVg0kgRm6GcpI9i/FnoaHp4VR09nT9k13dqXCs7VhEk,iv:SMG084+MzKSxkgJqASNrkDVcVjw9VEjp0vsYyziobtY=,tag:kM6i/8LUvzd+3K5iXmzdag==,type:str] + PROVIDER_CONFIG: ENC[AES256_GCM,data:mtJYLatUA2VwE5MAX3KBceTS2eJG9mWlNAoHmsraPAcm9BeqpNf2OhnefnFiY6af9bSwC8/C/uXnOIBC12PuF5+DCp6ce8OsneaEsZKBVvurGc3fmCg2zDo/7VCI3EQ1BUZcAQIZl8cMTNMRfPhzwMug2LHBhYgS,iv:khZU/ENruxI0lwqCKz6VcdGFPok04/iyDT639OB3A04=,tag:ks6Y+ddsgXNZAW+XuYxLfA==,type:str] cache: - HOST: ENC[AES256_GCM,data:R9V0k6ecZgb3saCeF3VYSR4zGv67ikdwckembcmU6f9o9M7GVivOV/nMVrW9dN3RKOVsyznJAYiFKtlPYD4JxTkjDCIbtK04innCdUmMqi6ziXeb1RQq9syefVOHF0GRi/sbWfruNY39dwqbH7Ol+Ot9oDMjDLJ6,iv:fCVXeLYZSV5x7E8TpX5XNShagZHfUSpF/rewvX2BVqs=,tag:bcLJh4QSSw+QkGIYmOSC3Q==,type:str] + HOST: ENC[AES256_GCM,data:5E42e/2jSYt1qbDiU2f07isGJaKGfaps27y2+bVe/1DBhmVytVZNjidqyB2qS4y7Gg/XLbRKC7Dx2tbG0YE37unXOx3sHEHPQEBreSutXapEu3mcHFmhsIkSe7fatAntPZPdMkNZMm3I+AqJQSBH1FsMV7vlFh2a,iv:wuifOOnMIlyWygn8K/7eUH6NrhRkDWW85Ha9KuJWuJ4=,tag:bRX/HU74wfWKdH/MUYLuMQ==,type:str] queue: - CONN_STR: ENC[AES256_GCM,data:NuXv8GwzLccYAyLL9e02PKCWoUSQ4gYJg6n5VI64eQ6nQiKgYN6kjvQYPkK/zIrHwv4pnsiI+IpUHiQhIsZyMQW8SibBO38ZfEUwzJBpp9VSjbGYuqwK6srcsk+H4F5XZhI2tsAXchywf8bhC90dtX+sneMAYdcv,iv:X5RrpwG38M/x0+c/BFQc9dhiJPGeYngvHL/wsDZZbQA=,tag:SN+6f6Ld+98tDNaI8Sc5yQ==,type:str] + CONN_STR: ENC[AES256_GCM,data:xrTWrgen3wnSKplk3r9BdXTd/wUY+QyphpKdlu5IaEGwS5vbUCaI3+JOg1GFFyeVO0Uaj00c1taIu4q9+ul6YMYaouMPSSJ9tcftzNqgA3ZaDeUzYnU/rQTg8SM6bxGYcLQMtN9zhO+BsmKJmC04J5ST2qu/OEqb,iv:EUmeVGQDBLVG3dwTsA0HQnliryWTmukFXdkAQkS7Whk=,tag:Ep7YVUJiGt3dHZHoG8MS6w==,type:str] oauth: - - name: ENC[AES256_GCM,data:q+bXBBH+,iv:tEGL4Hgp1a7CVZ0WNfPylGM6llDuU+gFwmGrZGyBihA=,tag:j8igdV+mTxuHP9rjeixkDg==,type:str] - provider: ENC[AES256_GCM,data:Xb7vAdyq,iv:49z26uy6QRo5y/lSXKvcfywLK0DuTFb63YVxYA1wobE=,tag:0ynquRoj0Bil8FYg6wURVg==,type:str] - key: ENC[AES256_GCM,data:BPgxRsbe6BAQlvprJf3q8B+ddQY=,iv:QrBEnvkTwKmf1/7TCGDPIADPhhHfugCzNRwSJJe/nvA=,tag:n3laygkDMAHg8jFfplRPSw==,type:str] - secret: ENC[AES256_GCM,data:wXLN+GYGCHhyQqQYGso6b1U1BmOBHSkXR61wyoEEHIMYRnGmDCA1ng==,iv:DEXqNGRLSU+EUNt1x9dqEMRc8nsGg+TjN1c6wyQcTQQ=,tag:uX/3TWYSYKX3k9BJSIf+TA==,type:str] - - name: ENC[AES256_GCM,data:yE+puM05oI/1,iv:Ups4cBHl/Lmj8RSPW5sh2A9xGIxHOazJnTpyFluhfhU=,tag:xLMiY0p8KQaBGFrog7mzXQ==,type:str] - provider: ENC[AES256_GCM,data:r9qYI/J613FmkrFRDA==,iv:EUxmXmg4T7nRFVa4HZAxRfb+90fsSKcns/suu6tQC8E=,tag:HNMAwWigse/50YTEg429wg==,type:str] - skip_local_2fa: ENC[AES256_GCM,data:jFIZ8Q==,iv:k7pWtnnmBUy/4yE+eJ6C6iwoK+jGHNt0e+3ekUf5KSo=,tag:iCgt7V4mheagXBkZwR0S1w==,type:str] - key: ENC[AES256_GCM,data:KSPkJbE=,iv:pnuGLWLqYPX13XoKEPIXQcPbLpK00CJG4gJIgKvgDiA=,tag:GD3kbHU1IuslQ8nkSiQmKQ==,type:str] - secret: ENC[AES256_GCM,data:N/GQgcpaFgUSq2zPSciWiqm/3l8aDmpzSqXL0NEpDNe9eB7FBvInljU4/HOCBoxd09Xv+6UDr4RzP3fZpyLkQVGHEUx2MLEDobmEWbCXsXNhV/92GN9wGe+gF9w4jPlieLXIGucn1ELwnPD13nnb6aFH2BJjeWb93MxSNqOSjfk=,iv:5W9YNbJI/8o/CeDGwLo7lpLoS294cwMgNK2yCRdaGCs=,tag:rLL3ENb9/Kei4ubrlMIf1Q==,type:str] - autoDiscoverUrl: ENC[AES256_GCM,data:l2fkf+wJU52wLG4Ea6+xFRWZoE4WBg3UIT8cOOb9chjzcWWeG6cxKiiI4feevzuUUkIDFEGG04bFu6Gh/tgf/ERiMYlXNVMXF6TDA4gLylZ/InQa6+ra1lM=,iv:4WFqWodHQFxr3lbLvJlmrH0CRjBTHIRGIybw3YyRw84=,tag:T3v9P7l0eEXO5qnp0Kzebw==,type:str] - iconUrl: ENC[AES256_GCM,data:JcyeyiW/gYi8I30CafwIXD028ChoTHSUAR4P94vU8KOAQ63aybc/lCBpZ2MDNelrJI7gYQX2B5ST2My3FuaySvN2ac3PGA==,iv:90fkZSOWOw5x4gPHduw8kHQCbYE65DrTVp8V1jT0h1g=,tag:U5d0k3XNl5k5n0L93nA8zg==,type:str] - scopes: ENC[AES256_GCM,data:PmCest22VSJidBXnLw==,iv:RQ1xHmw9ohbeq/C4OcQiB8jlW5NZKZHHyMVS7ihlT1A=,tag:pqZLf2NYBS8Xljg+f+vNpA==,type:str] + - name: ENC[AES256_GCM,data:80trOTjt,iv:XZ7RlcsdueY43Q6FUM+LAZ0j94VQw9DU2k8KqLl3uMI=,tag:7nGXu3H4g/gBaJi2wyP43A==,type:str] + provider: ENC[AES256_GCM,data:jVEvNRAK,iv:0TuV5ZfSSP6ENNuWVtYDWWCmUkQbNy0fR59j1nywQGs=,tag:ZOqB7tf9xEeBSQSODWAq4Q==,type:str] + key: ENC[AES256_GCM,data:2Xu5PXhUWnWulSyR+a6oIr0YD0s=,iv:2+UFaOtd6WIOADn6/39TzHhNyTi3JJrYXQqrY57Qurw=,tag:K7vBwFGBM+77SVmU92Jhbw==,type:str] + secret: ENC[AES256_GCM,data:HEZNgZ6kQn5yOPUGyww+/rfYIGgB/vj9Yfsn3GFSUs31ZNe68G1huA==,iv:07hfyhw+KD2aR976IpWfAwjMXZC4uuz6hrXzOCRxIGw=,tag:WB57de5jqrxaSkyyc2DC+g==,type:str] + - name: ENC[AES256_GCM,data:sIdCMyXgLknP,iv:CiptgMsOQcgrCA4vUEWlmwAL8xrXW+lVN16zJ/TnrUQ=,tag:3OYYQVgGN+UYSGkYalQEJA==,type:str] + provider: ENC[AES256_GCM,data:abL1jCQ/SnikvaFy7Q==,iv:nqabj6UltKcauQ+PrYP7Ok2T0PrPbwlGrHwJKVHJyBY=,tag:Q+3hwSTPeWkIIalDFswJtQ==,type:str] + skip_local_2fa: ENC[AES256_GCM,data:hQT9qw==,iv:qsQlx2BrTpg5kmVspZsGb1zAiNMyWyX25EJGHWwLyTw=,tag:x1OW3mNVdSPPKfjat9JDBA==,type:str] + key: ENC[AES256_GCM,data:pgFH36E=,iv:cU6aHL2F71+ciA55UgiHm7oPDtSo+MUT1Pqg6igFZ1k=,tag:7BXwd/XUdYpwvVhBXinJug==,type:str] + secret: ENC[AES256_GCM,data:uraGme2NLEfg0FjXEVNtElD8g6MrZx10DFlsny3kOSQthE3Nie/RMLuF3ufBZcFaPoSjKX8Tu6BOCheEzEm/E2ghU32TmfAxSJVNMwupT4mHviop+mNSnxNt41DRDv2fM8f2QDFWEpH9t2c4uepR+aGfzt58KJ70/RS03j/st50=,iv:8cr8PaEk3sId+6hCgtf2bihUYqtBszIsy1bFpnB1eBY=,tag:MnrVoVuKdYPmc53o6D27XQ==,type:str] + autoDiscoverUrl: ENC[AES256_GCM,data:1ns+6vCF/3qASFR14KYX1su/YI4IAREjRSeG8ld7RmlvFeYu9V6uiHHLiSWPVcj4P9Gh82sqdiFh2YX/TcoVY/mVGopIPreUJNlrlr2hcofn2oYwILj6VBk=,iv:qhV0H9Kk/lMfgv4YvAv4hi1aX4DUN9SSUldJ58bWDfE=,tag:zzdxPxYHkOQWKqGAP7HO5g==,type:str] + iconUrl: ENC[AES256_GCM,data:8Ez2F8q7SbDHqEioLLNjwApuFyL1HvuxsdODVmVRet8XAef+gZcXS6s8rQgSbRaiI8aEKItc8or76Rd7VqS3sl+0qU2wPQ==,iv:YE1xtNurA+sNLQaiSQdkz1u0eWMomrI6L3SBVSzNJng=,tag:9CIDfwYc7h7i/iHWmp5UKA==,type:str] + scopes: ENC[AES256_GCM,data:1//BjLyrku25qJqzbg==,iv:7wy1jDCFRBH78oe7KnbAtxFYQvoaBBCzAUHGOCkyJMA=,tag:lT64XKj/rHiKfCIvyrOR0w==,type:str] sops: kms: [] gcp_kms: [] @@ -35,14 +35,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4VWhaYTFiOGs2NHF5a2lT - Q0NjR2ZOMkdFZTVLUzlmdGo0cHhmbThJY1RzCmFHQzN0eDYrSUt1ZDUzTkZVYTBl - YzBid2VIQWxyMERQUjk2VlFFajQ5TFkKLS0tIDA4bzlwbWs5d3UraXBXaElCWUNT - SDhaYlVhaExiUkVoUSs0MjBrK21LNGsKGjZPAjO8PU3s/8eYFD6/hbinjj4yAU8M - W76hvpASbqg3AoQtSjgNeJfCgfntFdghFy66ELbCCQtO/XB0fIh1TA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3dWNmQjdITllRWHJCM3dv + Z2lIb1lzcFZ6eWxiVkxKcWxBL3kyYjNaRVZvCjhCVXZTaW9uaE5pMExFR2w4RGpm + a3ZPcGFXWmRlQ1ZUY1FITlNkR0NzY00KLS0tIHRKYnZCajN4cFJLY0EwNUVhbTBw + TUh6RTJWQXJsbkFCNERmYWJzL1VQancK+MaDoG78tswXqtQY2MYYtsAAgcVvQqGh + 4i5OmTztBp3rpAM9DiT7TASvo1vz3UEak7ApQdaM2PpteiX8VZhIQg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-13T04:19:53Z" - mac: ENC[AES256_GCM,data:FGVQm5BxRm046oxnEc4kusR/RsUPeI1wbqyhhsq/VErv/3n4jfww19ixzHpCye+8PzQQNAfWxNyvkwhpArKLFbFcZVsyITChZK7BaHwLmM/IBzN5FwW27gtNVfIU7DCUM2plK6Nk19Ssj7lkr6Q3JWhjKb9oFHr9YbCTqJzjYNU=,iv:l0CWvvWjPY1bh0E7zfCBM6IDJZu3N7vEHk/Eu7iU7tc=,tag:8ziHcJV5kSLtqrRxnvvIjA==,type:str] + lastmodified: "2024-09-27T20:08:06Z" + mac: ENC[AES256_GCM,data:Gun7zcN1//UmvPMTi9Fd1gDYIO0HL10n1LhsdFdp6/CGBcjVMBM0Hvpq2VqEN37ipoeENEiKn/KOWkJpbDwz2HE9hEbQ6gSZLKILi/vY2hn76Uc2m6nAVRjSMfCryE7IVA4Yc2dPwhRAjn6ABf1gzWoh02ULjahCNgJ+K7jJJjg=,iv:3JuoL7rpOOhgunAOdhaS7L0X8qG7X3qNGQWQkqcPhu8=,tag:Q5BEt7XDZmY4sNG6uk8QAA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/values/badhouseplants/secrets.minio.yaml b/values/badhouseplants/secrets.minio.yaml index 3e9d4de..90a57bb 100644 --- a/values/badhouseplants/secrets.minio.yaml +++ b/values/badhouseplants/secrets.minio.yaml @@ -1,24 +1,24 @@ -rootPassword: ENC[AES256_GCM,data:SADfxbBdM62niS1Xdlol1L1ogOg=,iv:RBjSqMLYKWkJmt2fuiTnZaPXIGULQUGHR1dmfOJLlvM=,tag:gRjCyfLOeGWlVlt3ihbW2g==,type:str] +rootPassword: ENC[AES256_GCM,data:Sj9QUj4bQqZz9ZRSHulhHRcYWVE=,iv:AFGPrsiRA6gs075gjmWLg8qb1pz217Sy7nLQHgKy4GM=,tag:coHd4NZ0p37lYcWh7Npt/w==,type:str] users: - - accessKey: ENC[AES256_GCM,data:WZCEHgof+sE=,iv:NsRvxQhf4L3e9IlMLq9m/aW1vMV9jFh5e6Novx20kJc=,tag:qNdj1jDkyjxM8EMsWGHbYw==,type:str] - secretKey: ENC[AES256_GCM,data:ifkorAMgFXxNm43OPLdoAztPTw==,iv:AgkPkvfLHm8mDHsMfpbmCLa5XT8I53UNcb6ry/pRitU=,tag:HRfy5RGLG+eAKkf35a8oJg==,type:str] - policy: ENC[AES256_GCM,data:PKbIEEOWLtE=,iv:DY2kldt933RElyoZaysMqxtAdjq+bHlAwIeZZzTOFcc=,tag:DmCi9YIfuwiqixgsav9NBw==,type:str] - - accessKey: ENC[AES256_GCM,data:aM3o,iv:71uE60cLbplVr5MPBrnep9LeO8Xe2QbZW91FzYJZ1oM=,tag:+oms50UJM/qsT5fcrAimgw==,type:str] - secretKey: ENC[AES256_GCM,data:eskXQ+nI+yN+BtNmABMEQ4wu+xZU4jgSmA==,iv:9wRgKpxO8Re3fRc9pDQ9j2VXBx4RVgNbdOqay+ByY98=,tag:hCWaWoWAGZb5NPvRS9HydQ==,type:str] - policy: ENC[AES256_GCM,data:Bsgg,iv:8StVF24kd5F6NNkYNVFBPU7I1QxS2J0uUoS8XwF9Dzg=,tag:N4DGgnIaZZfCzP0tbycTdQ==,type:str] - - accessKey: ENC[AES256_GCM,data:TXc+nAG3QbT+,iv:RueCXZIsJLQb3T7iZkSrAJtX0NH+335YeSxVMLIvLpM=,tag:A7UEw4qJHES5GUGpuSiRIA==,type:str] - secretKey: ENC[AES256_GCM,data:z1zpY//KxAC5J1jI5JeSF47AmAY=,iv:ASItFJxmrxvpSxCU+kwMRieOvExR4ZA+f0RZtVF/6mQ=,tag:xSA1XaehFn/x4UnIXQPAGQ==,type:str] - policy: ENC[AES256_GCM,data:tcH14hh3suBL,iv:9ZadSBkUJtPHYL6VduNVoXQ+u3UUy3h3aQjZTAPPSJ8=,tag:QwmAbqRDBALys7xFBjuf1g==,type:str] + - accessKey: ENC[AES256_GCM,data:KHXcm8I9Cpo=,iv:DU/nva4K5E4IkZz7N7xfESZncKnQbof6Sv8rJbTwVRc=,tag:4WfJkd4t0eqkr4/CIEXl6w==,type:str] + secretKey: ENC[AES256_GCM,data:cRGWP6nIZGYws9AUgAkwmoET/g==,iv:Qu1c6xLzFpDRWdUM/XIjIkO6KknIOeSRHb/XEm44+rc=,tag:+NqHXmZNLFtCh/L9/rW+rg==,type:str] + policy: ENC[AES256_GCM,data:7Ptdd4qFo90=,iv:Qx3Ynm0Vjl+YPVAUNtXUpURf9n+PPkM34dBewMW4zss=,tag:sIgimJx3u0xcikskVr1L1g==,type:str] + - accessKey: ENC[AES256_GCM,data:nxWz,iv:l+kT7y9qtzrASOaIIcCoKbHaCdYnn4RnG4J+sqtCONA=,tag:wK6RatUPQMnrqML2bSJKhg==,type:str] + secretKey: ENC[AES256_GCM,data:6fATAB+2lypheqVMjgsDVyPiYTHoPeI2Uw==,iv:9Rd61bueMrsW/XJ7F0oK5LIvbVegaZLBSiABP5q01EY=,tag:WfwkhxuAb+irrPjQdAMQMA==,type:str] + policy: ENC[AES256_GCM,data:Iwu/,iv:+FhFi0JSGGH4sqEELv2xAr3uZnRIS9gljw0OJQR8HUA=,tag:iscBtaxpr/QC7CNXHSfqkw==,type:str] + - accessKey: ENC[AES256_GCM,data:DY9K2kx+xDHo,iv:NUVRo7n+Arivki/pC/CM5C48mqX2Ho+MrlB0z2NJffw=,tag:UoyAyXl5Jf1w3z9kycJIWQ==,type:str] + secretKey: ENC[AES256_GCM,data:xnKEaYxgSTMsPAT8vU2bs2lX0lY=,iv:QXDB+2Uneq6XXaKeIY17pl8rPuej5pGux1VA8qVhYOQ=,tag:c4jFeNf9kzQONISOaZ+Jow==,type:str] + policy: ENC[AES256_GCM,data:acfH2yD6RDmt,iv:3W80PJaAZHNIPlt3VutN5HNAzF+TEZw7F+MTBi60A0w=,tag:Kl+lObipEDxwgeYJQpLomQ==,type:str] oidc: - enabled: ENC[AES256_GCM,data:fb3rHQ==,iv:JZxKacHRfAPtHLdjKcI3NOTyeLW2lSUMEOsV6EGICQs=,tag:lP2zDO746UaPHUGoTrfqvA==,type:bool] - configUrl: ENC[AES256_GCM,data:12njGoK0zjSuYCXRkP2vz0ysPzeNoJ6uFWS7hv7mqf9gSfTEZXcC9BKFCnfzeHh+/naJZsWMfgDrqVeNbdTGA0w1qwCwYSy8QXo1b54WeN34QmwlmJCXdRU=,iv:jtCBSWF+mjbwdeNd7nSkmZHza6MZAVZmt62lAnOf6H8=,tag:X89Dzt6RtlhYdtycaN8sLA==,type:str] - clientId: ENC[AES256_GCM,data:2geq8zo=,iv:/IUg+4RA1W0F3J1Y+P/eteEeSO+9zbX4Se73h+JS9rQ=,tag:EnCidLx/uoluc76+wkYApw==,type:str] - clientSecret: ENC[AES256_GCM,data:A1pzBwSZ0it/LMiwb0/8yMtYG/2a7aj0+D2l64H5pjqYGg4UBfDOGzba3b7YYCkzS6+zLmCRfN5npi/gTi7K2YULEfLSY1CVxhR85Iuc8Ck3raekNwWWIMl+vyWvlDeGYe29QNF3YHcV2sfmXbKrEm13kFGS1JNCVpSh4tGMOqU=,iv:oJgRA3ooTJN9+9bjGBv2H/uDFp9BA4sUh+UtGFqOoZM=,tag:H/NTVou4OYVVsj7lE4lofw==,type:str] - claimName: ENC[AES256_GCM,data:0iKAY0Yc,iv:JMNRx8Blchf5FtISf5I310G9p3/RpOvA96OvHNXhzd8=,tag:DpJpvvLvIfp19x590krDkA==,type:str] - redirectUri: ENC[AES256_GCM,data:RuQNx/UnXnPQj6qj1s393mfmROpIOiHcDPVlKB/yq8FZJPPQ5QrpeCg3OQeTgP0=,iv:Ro/mLT5K17qw2ETzpSlMwbD+fULQAZph0sSxUd8W510=,tag:G5wJgw07mSg+VVeOdV6+bg==,type:str] - comment: ENC[AES256_GCM,data:Ss0X+JF0f1lhjqsaIm4izck3Fjg=,iv:yAE1yQ8JeiTxweeratorHUThP+WGZkns47LiE9uenGs=,tag:pIISguCc3J5cWIy4QYdZmg==,type:str] + enabled: ENC[AES256_GCM,data:ZFm6qw==,iv:0PW79J4WHM4/aOujVOQ4pBbOTNFlPnSLyOuYq6mW7NM=,tag:iDu+djacM/hF7XftA9oZUw==,type:bool] + configUrl: ENC[AES256_GCM,data:hi2fDfbiDYViKHsdRocRfZ/I8NNACHUcjcbdGHNulUEV9SfnJDEkl7XqzGDw43DMOCqMwiaTqtLbc2dciaO2sNz51o4Snv/pw30/HOpws6quLD2xTYg01Wk=,iv:NVoS1cATyNV0Wmx5PAo3f9UTuS4rx13tticp6A5q02s=,tag:KxbPIlglfDbcZuiZIBb/+g==,type:str] + clientId: ENC[AES256_GCM,data:g7vcvIc=,iv:7uo+/lJ1F4nV1e0KdmZxaoPBf0hY4z6xgGVOEowF998=,tag:zJmSCtdskALb1Vm8D3BbCA==,type:str] + clientSecret: ENC[AES256_GCM,data:yzbQS6EwjTlpfOKMr3G/gmkCz+LgnJD5PaLmDFS0LjKOf3KFoQacEtoaZJNQ5vJXoquxNxRAANk+k1YtGaR3rhnl1b+KA4ALbI+KdTi+pVXpiwYfr334NMIRWz0sRnBgwtta1XructaZZuZzRgoqKdf5AcED+LzwO0423IT4HRI=,iv:GUAZb7tc/gTHBe+J20yN0AZZr72ZtgETw67tEk+3jyU=,tag:bKk31NWsnKwuZHov0jLcEw==,type:str] + claimName: ENC[AES256_GCM,data:6/fc01iw,iv:vqi1DBRswmpYi4rHxgfbVtQvfc6YJ04zZAsO7rtWn4Q=,tag:RjFgl5T35E1o59BRj1Ru3Q==,type:str] + redirectUri: ENC[AES256_GCM,data:OFWVS48jpUWlMrTy/6sboqj6Icp+Gqg19Gs9muM8ChMZC4ZHO0S+iBjnoI4OOjQ=,iv:yMJl9/yYAOyK3hs+SzV+XcjiRM7fu/viIEDgsRCBji4=,tag:wxcQnym0s1m+WA+sjxqtHw==,type:str] + comment: ENC[AES256_GCM,data:jP73sH9gNlGAXUJ+K1bkq85JlVg=,iv:cY9CGDibHX6qaXAaoZxv1YlikGyq7Dx3N3QZVjQC9N4=,tag:z1OlTgEDreJIejdr4YI23w==,type:str] claimPrefix: "" - scopes: ENC[AES256_GCM,data:wdkNqB13kjioN9d0megdSAxMvzlLB6xppwR6,iv:hQEr/JcWB9dHryrMWRr4c//MwIInKHZM4uIa++vvO08=,tag:NHMWwfDGha5W2yfYOjLP9w==,type:str] + scopes: ENC[AES256_GCM,data:luQZB3bMQFpYb7/jF8S7tpNRvPYHHPDGRrRj,iv:dOgJXm0A8Igkt2/+nh+qkdm/MqOptAN81QdzNeW4/zA=,tag:E7IynZU/Lgag0NnnP481VQ==,type:str] sops: kms: [] gcp_kms: [] @@ -28,14 +28,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEWVg0UGIyWUlUdHBmNVgw - YURtVXo2dUdselNOOGFIelczNzZ3NzFlQWxzCmlHMWprODRBR0dibS85djJidE9h - OFFwUks2cDEvaFlSN1Vob0pML1o3ZFEKLS0tIDRwNU1RdzFlY1FCcUg2aVZFSFls - M2pqQ1NvcDlhekdXV1ZoSU5vcE5hNDAKQbaEImwv9Rjb9fpVZv4mQmpSURbp9bBI - lkUpOeY8tQRY1u8wNiwEACqFvSP9YMdbDKCDuLEjhMdaX2cAeBRK5Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwZm42QUNidTcxd3Zyb0E0 + N3RPNmhpRzYyUjRYVUh4Y2MyT3RycW9tS2pvCjZpV3BRcXZGbnREeWV0a0IzYTlM + Z0QzNzRwRU0vQ1cxY2J6NjBCclQ5S1EKLS0tIG9VMzhzSFFtaXZwNnQ0R00raVRY + azFqS1lMejc4NW9ZOEcyUHFTKytKSjQKU90U4aJ1bftcNGHk9VPgywu4rIZgg2TF + tdnxgzY9s8dfB9nYNP3bOINLhcS2tidMpvFYEJAjtr1SF4fql1qMlg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-24T11:47:26Z" - mac: ENC[AES256_GCM,data:fhs0ZSwlmRVHDqrU7i3agCTHScIBmAp0gB4De7qjGfdMTEhOYW6XT2uKAQymYUf4LhqzUYvkPBciO1Vv/pNh05ZrsrKkXVusWgm2rGRMYZJ8LXMkdop1QMFvcowMWHrla9eB2dvfjThXa4mJNVjGaBrb+InGJJeKzovbmuEnqi8=,iv:gbLPUIzsCZXCj3i20usW4oEmAWIq4fLB1B5DDj9jn/Y=,tag:2Ah7GDW4KIM745OU55Bg9Q==,type:str] + lastmodified: "2024-09-28T19:29:25Z" + mac: ENC[AES256_GCM,data:rg1ttNw4G/DN1hS8h4QR8U5Xl8lfWDUydlg28kcP63wqPgsKx3v2SV8AwYGZqmEfYjfhMIae+cYDzt7nO3QnSAQdql3N+wu1YU+QH272FVyITGoZ9bGvKoNOJ0/bOdUQS5Ew05YpwNRqwY+6LlgXn+hGq1YMcW/iAmnPQ3jdaOQ=,iv:2YczF8RpdVtA0GMtmttf6mkBBOyah28yjO0zIJTQ2Og=,tag:v4X4+XYzfLeWb6FYFbFW7Q==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/values/badhouseplants/secrets.vaultwarden.yaml b/values/badhouseplants/secrets.vaultwarden.yaml index cb01718..e5fc87a 100644 --- a/values/badhouseplants/secrets.vaultwarden.yaml +++ b/values/badhouseplants/secrets.vaultwarden.yaml @@ -1,13 +1,13 @@ env: secrets: - enabled: ENC[AES256_GCM,data:6v6hwQ==,iv:QHmMiXxR0rK2ezkeEEel6BZYVgnSS7Rbi45EuG5vKzQ=,tag:urxW5xeOMwhGWestbJl++A==,type:bool] - sensitive: ENC[AES256_GCM,data:eMSjSA==,iv:l3t2x53K22Nv/RjwjRqIN9iHlyElhzAqXkZwAy4Ta/k=,tag:KJtCvyOcdmm7HxZnOSx7ZQ==,type:bool] + enabled: ENC[AES256_GCM,data:oq3kEg==,iv:aFDSRPNlvfd4DTrBjpCw/mMclGfLWjI04rbqfNERikQ=,tag:wJ+q5TbvUhvEpwMnFmEx3A==,type:bool] + sensitive: ENC[AES256_GCM,data:r7Ut0g==,iv:qaXqeP5m/X8Ug/XBsKZKWazI86auZ6JTEABRTH+DDLU=,tag:wARsiZJ2dmlZXMCFQ0Yw8A==,type:bool] data: - SMTP_USERNAME: ENC[AES256_GCM,data:ot4Y,iv:P8PCLF5tiDKfZrZGaEDH+p7UxSkr+ce8QxJJxpULsKE=,tag:BHZnW96+R1nTPjmCeCtNoQ==,type:str] - ADMIN_PASSWORD: ENC[AES256_GCM,data:MRix2LC962BzZW6sRcycNBcsfnvHucfkBg==,iv:TgEL7bUymwG99wb1A1huBl0qbz53zm6BzEvMonHwi8s=,tag:IN4dPYYxaZt4ViDiXOLvnQ==,type:str] - ADMIN_TOKEN: ENC[AES256_GCM,data:NVf9NtCnpaC2+8qrSES89GO/8cEm2+V4YJaPA6o5mzk4V7Xuyd0W9USz4UPlwdtdWLO0bjhk3OwpyrZgdCmJnQP9/rWLzDRdMEg=,iv:LZh5jWahnLYaUNgu0G09aftJa9rPd1bqh+82jw4IiZA=,tag:zlnTKxqe6MMtauF1W0dJNw==,type:str] + SMTP_USERNAME: ENC[AES256_GCM,data:n+FH,iv:p27of9O0qoV5XJw6IGp8XTffrljVHTPZ4wNIN/B5/8Y=,tag:eX4AE19yEj42i+nPfs5uNg==,type:str] + ADMIN_PASSWORD: ENC[AES256_GCM,data:alHdDXuw1nJSOYM/2gamUCVr583htSXP/g==,iv:Tn9YlS+CMsQO96jyFs7as5CG8pC8zttxLXG+JwR95ME=,tag:9KnvViAmVA5rrgjD6hVmAg==,type:str] + ADMIN_TOKEN: ENC[AES256_GCM,data:bxZDnWP0ySaxJtBtPkXcPlIiDFuNO+OWe5m5ULJD7U+I0RFuZGvvpYZZ08VUOh9L4lT2827dbze5CRtDFYhRGgw+g/JtGuu4pXY=,iv:4Z1XIBERQ9LNzitwaPu+mO4RojirjtGP7/xVQm+yeZs=,tag:RksjFFzasXLdifmCBOJ0yA==,type:str] DATABASE_URL: null - SMTP_PASSWORD: ENC[AES256_GCM,data:zFyeMTHuE7Be9DHMqnlhd4VidTFlyoOGSQ==,iv:eT9wV0ssZskma0bbbM/9p5rZctfC6HY6Y+YFjntf9jc=,tag:WihbTrkvC2v9Wn5tmh6mnw==,type:str] + SMTP_PASSWORD: ENC[AES256_GCM,data:M+lP5lBGJMUoD8ci5MMXnkTeluRtZWzIdg==,iv:yJcfSZWGLdiyskRujU030Fp3cxT6RCTYekSQ2sw7iB8=,tag:DZsxhnFF8XNPiBTP+7INFg==,type:str] sops: kms: [] gcp_kms: [] @@ -17,14 +17,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGLzRMd2ErUGl0b1ErVkZG - bFF0V2dxV3lBc1lGcDFXNmx3OWZadGFqakFNCmsrMmpEWjFUVzRFS2JMOW9MZWJB - TG5UQkNmendrZU1oRkJrU3BPMzh4cFkKLS0tIFFxQXRyMWxVMjV2ZGI3Y0JCSllU - alJUd1dqeFNLRWJNTzB4T0Rib25ja00KU9O/9ceV/qIs/27sPUHHgOije0ckPPGf - IUrshO3wqv6SBI1c/XlPHYWJSASjZZEk4wf3AkCVu3D4mm5bwD0J0w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpQmVwTDE3WVFrVmdvMWFX + R2lVS1NTRjZiWXJCUTBja2M5SkJJNDVyV2hjClpISEtmSDRkK0FnV3d4YmtQY3Q0 + djJZc1RXTXp6RFBMNXF2UUJnTEROa1UKLS0tIG96STlndXZsZ01TMXFZaVE0Tmto + cjBhMmlJM0taZGwzZlhBZnllOWt5OXcKydH6vX+P6YoHYEhlQuN3B5s/ydFQg/bp + +sufia1rWgVkOrZ7WxEWahVHa0TAJL0gQq5mlNsZJP+++GgtZdpfeQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-26T20:49:14Z" - mac: ENC[AES256_GCM,data:bjYiffGodlB/2tV7thE3LUyyitTF/ovKRvygtDy5Ttfa69UcUyxZltDRhzFPS0J0lNQsfJ1ty+zm7MKtRjmHjUz1uce6xO9svEFNl1vWMaOz+2VcbrME4XQCqZeI9Slwd0C/r4lSWJJEp/8lLe6EexoYDu6t7Tr7TVvcXNO1038=,iv:+pXgGw4/5lFM69HiwSOReqaTB3vrYkyI4qEBdGuyi6E=,tag:TEYfphz57Wo9DK1TZJFK+A==,type:str] + lastmodified: "2024-09-27T20:21:51Z" + mac: ENC[AES256_GCM,data:qQZGHRZ7quFHLXlkNaZyTL+diw6AzZTXPcJbo1OOE6cWR5+slLyK4qHnCN4ioJXBbex+S23dKY1OJgk93mW8jDwIvfEW80SFYlgITXjxLWJRJJLnNcjCvKi5U7mtUzW1nFxZhKJpzv+uBEse0TFXMfCalZn5FXfT8xjiKeqGPu8=,iv:uEgpubv6bF8ciseSdwJcziC4e15ZDA338BzDjzmSZO8=,tag:Rgq9wKSTYQrdJfd4C08CCQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/values/badhouseplants/secrets.velero.yaml b/values/badhouseplants/secrets.velero.yaml index 2b39d81..98ebc0d 100644 --- a/values/badhouseplants/secrets.velero.yaml +++ b/values/badhouseplants/secrets.velero.yaml @@ -1,25 +1,25 @@ credentials: - useSecret: ENC[AES256_GCM,data:synuEQ==,iv:DoTxRvHamHSPh6Fy7f2/lQbIXVQP7bg0+gRDNLK5ExI=,tag:IMxGc67WNUWtyv7xeqLKDw==,type:bool] - name: ENC[AES256_GCM,data:iOdJiWlezjgsI1NsET8Q,iv:dt3Ugyi1/B2pHhPlUUfJZ8lT57OUZZhXdQ8qbm0D/20=,tag:N4mxjl0NGNxNDtwEZjvrpg==,type:str] - secretContents: - data: ENC[AES256_GCM,data:x2kwYP7i0Nz0YhjaoOLY7mYdXchdYwy2wZDypePGyS18dfBttmrzgp4JCPpFbL3QbkmK4u+Cs1+/Gyz1Zk3I7lnzW+T0rp4t,iv:zYfGPyGe5fDHI2MbSjrxFqRmjSChzA9KrKXCGoEyzrw=,tag:AGOh63/OVROHo5VYXV9tzg==,type:str] + useSecret: ENC[AES256_GCM,data:jNo9Hw==,iv:tFJ1xXlSvzdmGk32IxNoygKkOTYg1uhWiTQ+Fb4vxho=,tag:F+aoapAoe8EIwl97pcklIA==,type:bool] + name: ENC[AES256_GCM,data:T6hiTDHyG7iqx0aQg4g6,iv:6ykrI3VcYPKInFAPsYl0TzynEdl/PQvCKQp0UCtytXM=,tag:IH64olXo7zJ2zOWDsqCUxQ==,type:str] + secretContents: + data: ENC[AES256_GCM,data:rdQwbeRiROTz0JHarw4Xc7FMJ0ynSaFniR+8zi82bg1sdaTUrKZrveFktsvR05CsEuskIs0nVsJh99XmR5ro4NGvzc0V6hpR,iv:+poyt47TO3+lVzkK8L32OJreylYPJlZslBGpnNlO+aE=,tag:pMIQ6aEGC8ifEdfkA+RUQw==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2QVJqcDUrSll4ZkJGZXFF - dWIybkc4QlduakIvSzM2eHkzNHdUWTdibFZJClROdDZmRU5NcE1TbjZnTDhZNEdY - dytnU1l4Z3BUUk9NNVprK2o2UDZ6d3MKLS0tIG5EVHpZaThPYmkzcVZWaFgvbW5r - MnkvbjY1dzV1cU5BNjU4aG1EekNsWFEKZavz2hNlogTfUH2oz6ovfv9vmlmbBy7C - fIrWnBzmO+bl2GIb3mNXUPv8HjfuVN6YzFdew5Kxhls1P5op/8cEVQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-08-22T13:52:31Z" - mac: ENC[AES256_GCM,data:/tPHVPEigjHM3nmoNKcyF+v2rjFKPgMA0OVdjNtuPE6zkg/W2U59CqmFaqSfLkswH9OZdtC8ObyKELhEqPOAYdMzFpyOGAtYB0wpY6ghsza9O4qFhuvpHp0Nv2qFT4BtEvbIofn1tVAAfRiRvQo2oV18hW116HAcyoTLBsLAzPo=,iv:plcyO/TXxXgmuy8YA0bmCYWdEmWXhHydLQYZxr/bDpU=,tag:xAk6qnS2ju61Nhpi5gvWYw==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.0 + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKYldnZHQ0NCs3MDg2VGgy + MWdxS3dzbk9KMllXcWF6eENxZGhValJYR1VzCmJKS09RZXcrckJGU1o5akFidnZa + dXo0QUxOMThyR1Vqajg0T0RSZ0dtaEUKLS0tIGZ5WjBZYlVYS3pmamF0dUszU1dM + WDhwZkNTTzR5UGRpYkFUTWdldlVEd0UKr/6w/J2wHcE+N8Ej9+X596ENLtl/Ux23 + aTHu7gPHMEWZx4/r3HQWkY4IfQBM3Hl2069DhiXSyFPZJPYB6KECXA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-09-27T21:21:45Z" + mac: ENC[AES256_GCM,data:GdEoqBoX4sjt0Q/89H5vl0n0B8tRLQP+LUwKu3joos1l9w3tVvzDV+a51DDLRtMHKHQlsUMl8aJ/xzBoE61qjlDSZ/AbQ+P5gv1LRMwsDSDhpv8NJH1wfT920MMCYdB2z/xuqwnhymiYFIM+c2dEcBU0bx342f58jn5WMn6n9Ac=,iv:BnOEGSyPyLgPc5iGLhDXH+Roiy3Gt7o79hUK2P8z1dc=,tag:N/vks8VJEDnEs/r6eDR45A==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0 diff --git a/values/badhouseplants/values.gitea.yaml b/values/badhouseplants/values.gitea.yaml index d399447..b99b968 100644 --- a/values/badhouseplants/values.gitea.yaml +++ b/values/badhouseplants/values.gitea.yaml @@ -103,7 +103,7 @@ gitea: TYPE: redis mailer: ENABLED: true - FROM: gitea@badhouseplants.net + FROM: bot@badhouseplants.net PROTOCOL: smtp+startls SMTP_ADDR: stalwart.badhouseplants.net SMTP_PORT: 587 diff --git a/values/badhouseplants/values.grafana.yaml b/values/badhouseplants/values.grafana.yaml index 4bccba8..999bf36 100644 --- a/values/badhouseplants/values.grafana.yaml +++ b/values/badhouseplants/values.grafana.yaml @@ -2,7 +2,7 @@ assertNoLeakedSecrets: false ingress: enabled: true ingressClassName: traefik - annotations: + annotations: kubernetes.io/ingress.class: traefik kubernetes.io/tls-acme: "true" kubernetes.io/ingress.allow-http: "false" @@ -23,22 +23,22 @@ datasources: datasources: - name: Prometheus type: prometheus - url: http://prometheus-operated.monitoring.svc.cluster.local:9090 + url: http://prometheus-operated.observability.svc.cluster.local:9090 access: proxy isDefault: true grafana.ini: - server: - root_url: https://grafana.badhouseplants.net - auth: - signout_redirect_url: "https://authentik.badhouseplants.net/application/o/grafana/end-session/" - oauth_auto_login: true - auth.generic_oauth: - name: authentik - enabled: true - client_id: "grafana" - scopes: "openid profile email" - auth_url: "https://authentik.badhouseplants.net/application/o/authorize/" - token_url: "https://authentik.badhouseplants.net/application/o/token/" - api_url: "https://authentik.badhouseplants.net/application/o/userinfo/" - # Optionally map user groups to Grafana roles - role_attribute_path: contains(groups, 'Admins') && 'Admin' || contains(groups, 'DevOps') && 'Editor' || 'Viewer' + server: + root_url: https://grafana.badhouseplants.net + auth: + signout_redirect_url: "https://authentik.badhouseplants.net/application/o/grafana/end-session/" + oauth_auto_login: true + auth.generic_oauth: + name: authentik + enabled: true + client_id: "grafana" + scopes: "openid profile email" + auth_url: "https://authentik.badhouseplants.net/application/o/authorize/" + token_url: "https://authentik.badhouseplants.net/application/o/token/" + api_url: "https://authentik.badhouseplants.net/application/o/userinfo/" + # Optionally map user groups to Grafana roles + role_attribute_path: contains(groups, 'Admins') && 'Admin' || contains(groups, 'DevOps') && 'Editor' || 'Viewer' diff --git a/values/badhouseplants/values.kyverno.yaml b/values/badhouseplants/values.kyverno.yaml new file mode 100644 index 0000000..1e9b783 --- /dev/null +++ b/values/badhouseplants/values.kyverno.yaml @@ -0,0 +1,2 @@ +config: + excludeKyvernoNamespace: false diff --git a/values/badhouseplants/values.minecraft.yaml b/values/badhouseplants/values.minecraft.yaml index 09aef0a..5166192 100644 --- a/values/badhouseplants/values.minecraft.yaml +++ b/values/badhouseplants/values.minecraft.yaml @@ -104,7 +104,7 @@ minecraftServer: ingress: enabled: false persistence: - storageClass: longhorn + storageClass: openebs-hostpath #storageClass: local-path dataDir: enabled: true diff --git a/values/badhouseplants/values.namespaces.yaml b/values/badhouseplants/values.namespaces.yaml index b909d9b..7812f6b 100644 --- a/values/badhouseplants/values.namespaces.yaml +++ b/values/badhouseplants/values.namespaces.yaml @@ -1,11 +1,8 @@ namespaces: - - name: monitoring + - name: kyverno + - name: observability - name: databases - name: applications - - name: development - - name: production - name: platform - name: games - name: pipelines - - name: rook-ceph - - name: longhorn-system diff --git a/values/badhouseplants/values.openebs.yaml b/values/badhouseplants/values.openebs.yaml new file mode 100644 index 0000000..ffc7b12 --- /dev/null +++ b/values/badhouseplants/values.openebs.yaml @@ -0,0 +1,36 @@ +localpv-provisioner: + hostpathClass: + isDefaultClass: true +zfs-localpv: + crds: + zfsLocalPv: + enabled: false +lvm-localpv: + crds: + lvmLocalPv: + enabled: false +mayastor: + csi: + node: + initContainers: + enabled: false + etcd: + # -- Kubernetes Cluster Domain + clusterDomain: cluster.local + localpv-provisioner: + crds: + enabled: false +openebs-crds: + csi: + volumeSnapshots: + enabled: false + keep: true +engines: + local: + lvm: + enabled: false + zfs: + enabled: false + replicated: + mayastor: + enabled: false diff --git a/values/badhouseplants/values.openvpn.yaml b/values/badhouseplants/values.openvpn.yaml index d9580ab..02e7576 100644 --- a/values/badhouseplants/values.openvpn.yaml +++ b/values/badhouseplants/values.openvpn.yaml @@ -1,18 +1,20 @@ ---- -# ------------------------------------------ -# -- Istio extenstion. Just because I'm -# -- not using ingress nginx -# ------------------------------------------ -# istio: - # enabled: true +image: + repository: zot.badhouseplants.net/allanger/container-openvpn + # ------------------------------------------ + # -- Istio extenstion. Just because I'm + # -- not using ingress nginx + # ------------------------------------------ # istio: - # - name: openvpn-tcp-xor - # gateway: istio-system/badhouseplants-vpn - # kind: tcp - # port_match: 1194 - # hostname: "*" - # service: openvpn-xor - # port: 1194 +# enabled: true +# istio: +# - name: openvpn-tcp-xor +# gateway: istio-system/badhouseplants-vpn +# kind: tcp +# port_match: 1194 +# hostname: "*" +# service: openvpn-xor +# port: 1194 + # ------------------------------------------ traefik: enabled: true @@ -26,11 +28,9 @@ tcproute: enabled: false storage: size: 128Mi - openvpn: proto: tcp host: 195.201.249.91 - easyrsa: cn: Bad Houseplants country: Germany @@ -38,7 +38,6 @@ easyrsa: city: Duesseldorf org: Bad Houseplants email: allanger@zohomail.com - service: type: ClusterIP port: 1194 diff --git a/values/badhouseplants/values.prometheus.yaml b/values/badhouseplants/values.prometheus.yaml index 337c8cb..71c1faf 100644 --- a/values/badhouseplants/values.prometheus.yaml +++ b/values/badhouseplants/values.prometheus.yaml @@ -1,4 +1,3 @@ ---- # ------------------------------------------ # -- Istio extenstion. Just because I'm # -- not using ingress nginx @@ -13,14 +12,12 @@ kubeApiServer: enabled: false grafana: enabled: false - prometheus-node-exporter: prometheus: monitor: enabled: true jobLabel: jobLabel interval: 60s - defaultRules: create: true rules: @@ -52,11 +49,10 @@ defaultRules: prometheus: true prometheusOperator: true windows: false - prometheus: prometheusSpec: enableAdminAPI: true - retentionSize: 1GB + retentionSize: 3GB retention: 20d podMonitorNamespaceSelector: any: true @@ -76,4 +72,4 @@ prometheus: accessModes: ["ReadWriteMany"] resources: requests: - storage: 1Gi + storage: 4Gi diff --git a/values/badhouseplants/values.stalwart.yaml b/values/badhouseplants/values.stalwart.yaml index 46234f7..37cca6d 100644 --- a/values/badhouseplants/values.stalwart.yaml +++ b/values/badhouseplants/values.stalwart.yaml @@ -42,7 +42,7 @@ workload: storage: data: enabled: true - storageClassName: ceph-filesystem + storageClassName: openebs-hostpath size: 1Gi accessModes: - ReadWriteMany diff --git a/values/badhouseplants/values.vaultwardentesttest.yaml b/values/badhouseplants/values.vaultwardentesttest.yaml index 160c1eb..f783bf0 100644 --- a/values/badhouseplants/values.vaultwardentesttest.yaml +++ b/values/badhouseplants/values.vaultwardentesttest.yaml @@ -1,4 +1,3 @@ ---- workload: kind: Deployment strategy: @@ -32,7 +31,7 @@ ingress: - backend: service: name: '{{ include "chart.fullname" $ }}' - port: + port: number: 8080 path: / pathType: Prefix @@ -46,7 +45,7 @@ extraVolumes: emptyDir: {} storage: data: - storageClassName: ceph-filesystem + storageClassName: openebs-hostpath env: environment: enabled: true diff --git a/values/badhouseplants/values.velero.yaml b/values/badhouseplants/values.velero.yaml index 674b62f..f1b2695 100644 --- a/values/badhouseplants/values.velero.yaml +++ b/values/badhouseplants/values.velero.yaml @@ -5,29 +5,27 @@ initContainers: volumeMounts: - mountPath: /target name: plugins - configuration: features: EnableCSI backupStorageLocation: - - name: default - provider: aws - plugin: velero/velero-plugin-for-aws:v1.2.1 - bucket: velero - accessMode: ReadWrite - credential: - name: velero-s3-creds - key: data - config: - region: us-east-1 - s3ForcePathStyle: true - s3Url: https://s3.e.badhouseplants.net:443 - publicUrl: https://min.e.badhouseplants.net:443 + - name: default + provider: aws + plugin: velero/velero-plugin-for-aws:v1.2.1 + bucket: velero + accessMode: ReadWrite + credential: + name: velero-s3-creds + key: data + config: + region: us-east-1 + s3ForcePathStyle: true + s3Url: https://s3.e.badhouseplants.net:443 + publicUrl: https://s3.e.badhouseplants.net:443 volumeSnapshotLocation: - - name: aws - provider: aws - config: - region: us-east-1 - + - name: aws + provider: aws + config: + region: us-east-1 deployNodeAgent: true schedules: daily: diff --git a/values/badhouseplants/values.woodpecker-ci.yaml b/values/badhouseplants/values.woodpecker-ci.yaml index 6777e25..9e9eeef 100644 --- a/values/badhouseplants/values.woodpecker-ci.yaml +++ b/values/badhouseplants/values.woodpecker-ci.yaml @@ -49,7 +49,7 @@ agent: WOODPECKER_SERVER: woodpecker-ci-server:9000 WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 2Gi WOODPECKER_BACKEND_K8S_NAMESPACE: pipelines - WOODPECKER_BACKEND_K8S_STORAGE_CLASS: ceph-filesystem + WOODPECKER_BACKEND_K8S_STORAGE_CLASS: openebs-hostpath serviceAccount: create: true rbac: diff --git a/values/badhouseplants/values.zot.yaml b/values/badhouseplants/values.zot.yaml index a993076..6a706c6 100644 --- a/values/badhouseplants/values.zot.yaml +++ b/values/badhouseplants/values.zot.yaml @@ -22,9 +22,6 @@ service: persistence: false pvc: create: false - # accessMode: "ReadWriteMany" - # storage: 5Gi - # storageClassName: ceph-filesystem mountConfig: true mountSecret: true strategy: