badhouseplants/k8s-deployment
4
0
Fork 0
Code Issues 3 Pull Requests 10 Actions Packages Projects Releases Activity

Compare commits

base: badhouseplants:15f3d51e0d2e072497a93eef88399ed9bc7def18
Branches Tags
badhouseplants:main
badhouseplants:renovate/istio-monorepo
badhouseplants:renovate/velero-9.x
badhouseplants:renovate/renovate-40.x
badhouseplants:renovate/kube-prometheus-stack-72.x
badhouseplants:renovate/zot-0.x
badhouseplants:renovate/redis-21.x
badhouseplants:renovate/grafana-9.x
badhouseplants:renovate/argo-cd-8.x
badhouseplants:renovate/woodpecker-3.x
badhouseplants:add-ci
badhouseplants:refactor-again
badhouseplants:stale-teleport-installation
badhouseplants:script-fox-xray
badhouseplants:before-single-node
..
compare: badhouseplants:21732f4715c53488978a1965e624c45bb1efdb4d
Branches Tags
badhouseplants:renovate/istio-monorepo
badhouseplants:renovate/velero-9.x
badhouseplants:renovate/renovate-40.x
badhouseplants:renovate/kube-prometheus-stack-72.x
badhouseplants:renovate/zot-0.x
badhouseplants:renovate/redis-21.x
badhouseplants:renovate/grafana-9.x
badhouseplants:renovate/argo-cd-8.x
badhouseplants:renovate/woodpecker-3.x
badhouseplants:main
badhouseplants:add-ci
badhouseplants:refactor-again
badhouseplants:stale-teleport-installation
badhouseplants:script-fox-xray
badhouseplants:before-single-node

27 Commits
15f3d51e0d ... 21732f4715

Author SHA1 Message Date
Devops Bot
21732f4715 chore(deps): update redis docker tag to v20.11.4 2025-04-08 01:01:07 +00:00
Nikolai Rodionov
8a595bfdbc
Migrate minecraft 2025-04-07 15:37:04 +02:00
Nikolai Rodionov
6855a5c43c
Enable gitea metrics 2025-04-07 14:35:11 +02:00
Nikolai Rodionov
ea306ece64
Migrate platform 2025-04-07 13:59:10 +02:00
Nikolai Rodionov
64d523f302
Migrate databases 2025-04-07 13:42:14 +02:00
Nikolai Rodionov
b2f546f0b7
Fix stalwart ingress 2025-04-07 12:46:52 +02:00
Nikolai Rodionov
5c0aaa1e30 Keep migrating things 2025-04-07 12:45:51 +02:00
Nikolai Rodionov
fa6791c9d4 Some important changes 2025-04-04 22:45:01 +02:00
Nikolai Rodionov
53faa51b51
Upgrade minecraft 2025-04-03 11:56:33 +02:00
Devops Bot
56737d59a6 chore(deps): update helm release velero to v8.7.0 2025-04-02 21:07:20 +00:00
Devops Bot
e5aa79abe8 chore(deps): update helm release minecraft to v4.26.1 2025-04-02 19:44:00 +00:00
Nikolai Rodionov
c46bfd88e2
Configure the github renovate again 2025-04-01 13:09:31 +02:00
Nikolai Rodionov
c6d0973522
Fox production ns 2025-04-01 12:42:59 +02:00
Nikolai Rodionov
8deb163e0d
Fix certs 2025-04-01 12:23:49 +02:00
Nikolai Rodionov
2c0f498611
Update memos lib 2025-03-30 18:18:28 +02:00
Nikolai Rodionov
bb45328532
Trying to migrate istio 2025-03-30 16:10:40 +02:00
Nikolai Rodionov
a8693f41ee
Keep migrating things 2025-03-30 15:51:26 +02:00
Nikolai Rodionov
a659611d6f
Keep migrating things 2025-03-30 15:13:48 +02:00
Nikolai Rodionov
dbd69180e4
Keep migrating things 2025-03-29 14:16:34 +01:00
Nikolai Rodionov
992463b8cd
Keep migrating things 2025-03-29 13:55:44 +01:00
Nikolai Rodionov
4e2a71ebfb
Migrate metallb 2025-03-28 17:18:17 +01:00
Nikolai Rodionov
c32705ffa0
Keep migrating things 2025-03-27 22:54:32 +01:00
Nikolai Rodionov
f8684df5a9
Started a big refactoring again 2025-03-27 21:13:13 +01:00
Nikolai Rodionov
cd6a200591
Fix helmfile 2025-03-26 22:25:38 +01:00
Nikolai Rodionov
173af0f7f8
Start using registry mirror 2025-03-26 22:23:54 +01:00
Nikolai Rodionov
1184e6cd89
Migrate woodpecked and tandoor 2025-03-25 21:08:47 +01:00
Nikolai Rodionov
e3f77b6bee
Migrate gitea to the org-badhouseplants ns 2025-03-25 20:39:09 +01:00
146 changed files with 2347 additions and 921 deletions
Show Stats Expand all files Collapse all files

7
.pre-commit-config.yaml
View File

@ -8,9 +8,10 @@ repos:
hooks:
- id: yamlfmt
exclude: |
(?x)^(
.*secrets.*yaml
)$
(?x)(
^charts/|
^.*secrets.*yaml|
)
# - repo: https://github.com/codespell-project/codespell
# rev: v2.2.4
# hooks:

4
.sops.yaml
View File

@ -8,3 +8,7 @@ creation_rules:
key_groups:
- age:
- age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
- path_regex: common/values/secrets.*
key_groups:
- age:
- age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8

21
charts/issuer/templates/issuer.yaml
View File

@ -1,10 +1,23 @@
{{- range $name, $issuer := .Values.clusterIssuers }}
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
labels:
{{- include "issuer.labels" . | nindent 4 }}
name: "{{ .Values.name }}"
{{- include "issuer.labels" $ | nindent 4 }}
name: "{{ $name }}"
spec:
acme:
{{ .Values.spec | toYaml | indent 2 }}
{{ $issuer.spec | toYaml | indent 2 }}
{{- end }}
{{- range $name, $issuer := .Values.issuers }}
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
labels:
{{- include "issuer.labels" $ | nindent 4 }}
name: "{{ $name }}"
namespace: {{ $issuer.namespace }}
spec:
{{ $issuer.spec | toYaml | indent 2 }}
{{- end }}

0
charts/namespaces/chart/.helmignore → charts/metallb-resources/.helmignore
View File

24
charts/metallb-resources/Chart.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: v2
name: metallb-resources
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"

20
charts/root/templates/_helpers.tpl → charts/metallb-resources/templates/_helpers.tpl
View File

@ -1,7 +1,7 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "root.name" -}}
{{- define "metallb-resources.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
@ -10,7 +10,7 @@ Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "root.fullname" -}}
{{- define "metallb-resources.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name.
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "root.chart" -}}
{{- define "metallb-resources.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "root.labels" -}}
helm.sh/chart: {{ include "root.chart" . }}
{{ include "root.selectorLabels" . }}
{{- define "metallb-resources.labels" -}}
helm.sh/chart: {{ include "metallb-resources.chart" . }}
{{ include "metallb-resources.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
{{/*
Selector labels
*/}}
{{- define "root.selectorLabels" -}}
app.kubernetes.io/name: {{ include "root.name" . }}
{{- define "metallb-resources.selectorLabels" -}}
app.kubernetes.io/name: {{ include "metallb-resources.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "root.serviceAccountName" -}}
{{- define "metallb-resources.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "root.fullname" .) .Values.serviceAccount.name }}
{{- default (include "metallb-resources.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}

7
charts/metallb-resources/templates/ip_address_pool.tpl Normal file
View File

@ -0,0 +1,7 @@
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: {{ include "metallb-resources.fullname" . }}
spec:
addresses:
- {{ .Values.addresses}}

1
charts/metallb-resources/values.yaml Normal file
View File

@ -0,0 +1 @@
addresses: 1.1.1.1-1.1.1.1

0
charts/root/.helmignore → charts/namespaces/.helmignore
View File

0
charts/namespaces/chart/Chart.yaml → charts/namespaces/Chart.yaml
View File

6
charts/namespaces/kustomize/flux-system.yml
View File

@ -1,6 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: flux-system
labels:
name: flux-system

6
charts/namespaces/kustomize/giantswarm-flux.yml
View File

@ -1,6 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: giantswarm-flux
labels:
name: giantswarm-flux

6
charts/namespaces/kustomize/giantswarm.yml
View File

@ -1,6 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: giantswarm
labels:
name: giantswarm

5
charts/namespaces/kustomize/kustomization.yaml
View File

@ -1,5 +0,0 @@
resources:
- ./giantswarm-flux.yml
- ./giantswarm.yml
- ./monitoring.yml
- ./org-giantswarm.yml

6
charts/namespaces/kustomize/monitoring.yml
View File

@ -1,6 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: monitoring
labels:
name: monitoring

6
charts/namespaces/kustomize/org-giantswarm.yml
View File

@ -1,6 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: org-giantswarm
labels:
name: org-giantswarm

0
charts/namespaces/chart/templates/_helpers.tpl → charts/namespaces/templates/_helpers.tpl
View File

19
charts/namespaces/chart/templates/namespaces.yaml → charts/namespaces/templates/namespaces.yaml
View File

@ -15,5 +15,24 @@ metadata:
{{- with $ns.annotations}}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if $ns.defaultRegcred }}
---
apiVersion: v1
kind: Secret
type: kubernetes.io/dockerconfigjson
metadata:
name: regcred
namespace: {{ $ns.name }}
data:
.dockerconfigjson: {{ $.Values.defaultRegcred }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: default
namespace: {{ $ns.name }}
imagePullSecrets:
- name: regcred
{{- end }}
{{- end }}
{{- end }}

0
charts/namespaces/chart/values.yaml → charts/namespaces/values.yaml
View File

6
charts/root/Chart.yaml
View File

@ -1,6 +0,0 @@
apiVersion: v2
name: root
description: A Helm chart for Kubernetes
type: application
version: 0.1.5
appVersion: "1.16.0"

25
charts/root/templates/root.yaml
View File

@ -1,25 +0,0 @@
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: root
spec:
interval: 30s
url: {{ .Values.url }}
ref:
branch: {{ .Values.branch }}
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: root
spec:
interval: 30s
targetNamespace: flux-system
sourceRef:
kind: GitRepository
name: root
path: "."
prune: false
timeout: 1m
{{- end }}

25
charts/root/templates/self.yaml
View File

@ -1,25 +0,0 @@
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: root-self
spec:
interval: 30s
url: {{ .Values.self.url }}
ref:
branch: {{ .Values.self.branch }}
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: root-self
spec:
interval: 30s
targetNamespace: flux-system
sourceRef:
kind: GitRepository
name: root-self
path: "."
prune: false
timeout: 1m
{{- end }}

5
charts/root/values.yaml
View File

@ -1,5 +0,0 @@
url: https://git.badhouseplants.net/giantswarm/cluster-example.git
branch: main
self:
url: git@git.badhouseplants.net:giantswarm/root-config.git
branch: master

23
charts/tf-ocloud/.helmignore
View File

@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/tf-ocloud/Chart.lock
View File

@ -1,6 +0,0 @@
dependencies:
- name: helm-library
repository: oci://ghcr.io/allanger/allangers-helm-library
version: 0.1.4
digest: sha256:6306a6a8d3c51b2b5f37cffa88c3731550da789d1ce2317a83a3f9a657310f8e
generated: "2024-10-16T20:01:59.337767+02:00"

15
charts/tf-ocloud/Chart.yaml
View File

@ -1,15 +0,0 @@
apiVersion: v2
name: tf-ocloud
type: application
version: 0.1.0
appVersion: 0.1.5
maintainers:
- name: allanger
email: allanger@zohomail.com
url: https://badhouseplants.net
dependencies:
- name: helm-library
version: 0.2.3
repository: oci://ghcr.io/allanger/allangers-helm-library
annotations:
allowed_workload_kinds: "Deployment"

BIN
charts/tf-ocloud/charts/helm-library-0.1.4.tgz
View File

Binary file not shown.

3
charts/tf-ocloud/templates/install.yaml
View File

@ -1,3 +0,0 @@
{{ include "lib.component.workload" . }}
{{ include "lib.component.files" . }}
{{ include "lib.component.env" . }}

67
charts/tf-ocloud/values.yaml
View File

@ -1,67 +0,0 @@
---
workload:
kind: Deployment
strategy:
type: RollingUpdate
securityContext: {}
containers:
tf:
securityContext: {}
image:
registry: zot.badhouseplants.net
repository: badhouseplants/terraform-ocloud
tag: 7eae6ec805bc99618a196abf9d4d2e0fd19f75e6
pullPolicy: Always
envFrom:
- main
mounts:
files:
ocloudkey:
path: /src/key.pem
subPath: key.pem
publickey:
path: /src/public_key
subPath: public-key
privatekey:
path: /src/ssh_key
subPath: ssh-key
tfvars:
path: /src/terraform.tfvars
subPath: terraform.tfvars
extraVolumes:
dottf:
path: /src/.terraform
extraVolumes:
dottf:
emptyDir: {}
files:
ocloudkey:
enabled: true
sensitive: false
remove: []
entries:
key.pem:
data: dummy
publickey:
enabled: true
sensitive: false
remove: []
entries:
public-key:
data: dummy
privatekey:
enabled: true
sensitive: false
remove: []
entries:
ssh-key:
data: dummy
tfvars:
enabled: true
sensitive: false
remove: []
entries:
terraform.tfvars:
data: dummy

2
common/environments.yaml
View File

@ -2,6 +2,7 @@ environments:
badhouseplants:
kubeContext: badhouseplants
values:
- ./common/values/values.badhouseplants.yaml
- base:
enabled: true
- velero:
@ -25,6 +26,7 @@ environments:
etersoft:
kubeContext: etersoft
values:
- ./common/values/values.etersoft.yaml
- base:
enabled: true
- velero:

20
common/templates.yaml
View File

@ -1,3 +1,6 @@
helmDefaults:
kubeContext: {{ .StateValues.kubeContext }}
templates:
# ---------------------------
# -- Hooks
@ -37,12 +40,21 @@ templates:
default-env-secrets:
secrets:
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/secrets.{{ `{{ .Release.Name }}` }}.yaml'
common-values:
values:
- '../values/common/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
common-values-tpl:
values:
- '../values/common/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.gotmpl'
env-values:
values:
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
- '../values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
env-values-tpl:
values:
- '../values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.gotmpl'
env-secrets:
secrets:
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/secrets.yaml'
- '../values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/secrets.yaml'
# ----------------------------
# -- Extensions
# ----------------------------
@ -59,7 +71,7 @@ templates:
version: 2.0.0
alias: traefik
values:
- '{{ requiredEnv "PWD" }}/values/common/values.tcp-route.yaml'
- '../values/common/values.tcp-route.yaml'
ext-udp-routes:
dependencies:
- chart: bedag/raw
@ -116,7 +128,7 @@ templates:
version: 2.0.0
alias: ext-database
values:
- '{{ requiredEnv "PWD" }}/values/common/values.database.yaml'
- '../values/common/values.database.yaml'
ext-secret:
dependencies:
- chart: bedag/raw

10
common/values/values.badhouseplants.yaml
View File

@ -1,4 +1,6 @@
namespaces:
kubeSystem: kube-system
kubePublic: kube-public
registry: registry.badhouseplants.net/containers
registry_url: registry.badhouseplants.net
main_ip: 195.201.249.91
tools:
openebs:
enabled: true

6
common/values/values.etersoft.yaml Normal file
View File

@ -0,0 +1,6 @@
registry: registry.ru.badhouseplants.net/containers
registry_url: registry.ru.badhouseplants.net
main_ip: 91.232.225.63
tools:
openebs:
enabled: false

11
helmfile.yaml
View File

@ -1,11 +0,0 @@
bases:
- ./common/environments.yaml
- ./common/templates.yaml
helmfiles:
- ./installations/system/
- ./installations/databases/
- ./installations/platform/
- ./installations/pipelines/
- ./installations/monitoring/
- ./installations/applications/helmfile-{{ .Environment.Name }}.yaml
- ./installations/games/

26
helmfile.yaml.gotmpl Normal file
View File

@ -0,0 +1,26 @@
---
bases:
- ./common/environments.yaml
---
helmfiles:
- path: ./helmfiles/base.yaml
values:
- kubeContext: "{{ .Environment.KubeContext }}"
- {{ toYaml .Environment.Values | nindent 8 }}
- path: ./helmfiles/system.yaml
values:
- kubeContext: "{{ .Environment.KubeContext }}"
- {{ toYaml .Environment.Values | nindent 8 }}
- path: ./helmfiles/platform.yaml
values:
- kubeContext: "{{ .Environment.KubeContext }}"
- {{ toYaml .Environment.Values | nindent 8 }}
- path: ./helmfiles/databases.yaml
values:
- kubeContext: "{{ .Environment.KubeContext }}"
- {{ toYaml .Environment.Values | nindent 8 }}
- path: ./helmfiles/applications.yaml
values:
- kubeContext: "{{ .Environment.KubeContext }}"
- {{ toYaml .Environment.Values | nindent 8 }}

28
helmfiles/applications.yaml Normal file
View File

@ -0,0 +1,28 @@
bases:
- ../common/templates.yaml
repositories:
- name: gitea
url: https://dl.gitea.io/charts/
- name: bedag
url: https://bedag.github.io/helm-charts/
- name: minecraft
url: https://itzg.github.io/minecraft-server-charts/
releases:
- name: app-gitea
chart: gitea/gitea
version: 11.0.0
namespace: org-badhouseplants
inherit:
- template: env-values
- template: env-secrets
- name: minecraft
chart: minecraft/minecraft
namespace: games
version: 4.26.1
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets

21
helmfiles/base.yaml Normal file
View File

@ -0,0 +1,21 @@
bases:
- ../common/templates.yaml
releases:
# -- This one must be executed with --take-ownership at least once
- name: namespaces
chart: ../charts/namespaces
namespace: kube-system
createNamespace: false
inherit:
- template: env-values
- template: env-secrets
- name: roles
chart: ../charts/roles
namespace: kube-system
createNamespace: false
needs:
- kube-system/namespaces
inherit:
- template: env-values

23
installations/databases/helmfile.yaml → helmfiles/databases.yaml
View File

@ -1,12 +1,14 @@
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
- ../common/templates.yaml
repositories:
- name: bitnami
url: registry-1.docker.io/bitnamicharts
oci: true
- name: bedag
url: https://bedag.github.io/helm-charts/
commonLabels:
installation: databases
releases:
- name: redis
chart: bitnami/redis
@ -14,8 +16,10 @@ releases:
condition: redis.enabled
version: 20.11.4
inherit:
- template: default-env-values
- template: default-env-secrets
- template: common-values-tpl
- template: env-values
- template: env-secrets
- name: postgres16
labels:
bundle: postgres
@ -24,8 +28,10 @@ releases:
condition: postgres16.enabled
version: 15.5.38
inherit:
- template: default-env-values
- template: default-env-secrets
- template: common-values-tpl
- template: env-values
- template: env-secrets
- name: postgres17
labels:
bundle: postgres
@ -34,5 +40,6 @@ releases:
condition: postgres17.enabled
version: 16.3.4
inherit:
- template: default-env-values
- template: default-env-secrets
- template: common-values-tpl
- template: env-values
- template: env-secrets

142
installations/platform/helmfile.yaml → helmfiles/platform.yaml
View File

@ -1,36 +1,70 @@
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
- ../common/templates.yaml
repositories:
- name: argo
url: https://argoproj.github.io/argo-helm
- name: db-operator
url: https://db-operator.github.io/charts
- name: zot
url: https://zotregistry.dev/helm-charts/
- name: bedag
url: https://bedag.github.io/helm-charts/
- name: crossplane-stable
url: https://charts.crossplane.io/stable
- name: goauthentik
url: https://charts.goauthentik.io/
- name: minio-standalone
url: https://charts.min.io/
- name: kyverno
url: https://kyverno.github.io/kyverno/
- name: external-dns
url: https://kubernetes-sigs.github.io/external-dns/
- name: keel
url: https://keel-hq.github.io/keel/
- name: uptime-kuma
url: https://helm.irsigler.cloud
- name: external-dns
url: https://kubernetes-sigs.github.io/external-dns/
- name: minio-standalone
url: https://charts.min.io/
- name: db-operator
url: https://db-operator.github.io/charts
- name: zot
url: https://zotregistry.dev/helm-charts/
- name: goauthentik
url: https://charts.goauthentik.io/
releases:
- name: external-dns
chart: external-dns/external-dns
labels:
layer: platform
version: 1.15.2
namespace: platform
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets
- name: keel
chart: keel/keel
version: v1.0.5
labels:
layer: platform
namespace: platform
inherit:
- template: common-values-tpl
- name: uptime-kuma
chart: uptime-kuma/uptime-kuma
version: 2.21.2
namespace: platform
labels:
layer: platform
inherit:
- template: common-values-tpl
- template: env-values
- name: minio
chart: minio-standalone/minio
version: 5.4.0
namespace: platform
labels:
layer: platform
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets
- name: db-operator
namespace: platform
chart: db-operator/db-operator
version: 1.34.0
inherit:
- template: common-values-tpl
- name: db-instances
chart: db-operator/db-instances
@ -39,19 +73,18 @@ releases:
- platform/db-operator
version: 2.4.0
inherit:
- template: default-env-values
- template: default-env-secrets
- template: env-values
- template: env-secrets
- name: zot
chart: zot/zot
version: 0.1.67
createNamespace: false
installed: true
namespace: platform
condition: workload.enabled
inherit:
- template: default-env-values
- template: default-env-secrets
- template: common-values-tpl
- template: env-values
- template: env-secrets
- name: authentik
chart: goauthentik/authentik
@ -62,58 +95,7 @@ releases:
needs:
- platform/db-operator
inherit:
- template: default-env-values
- template: default-env-secrets
- template: common-values-tpl
- template: env-values
- template: env-secrets
- template: ext-database
- name: minio
chart: minio-standalone/minio
version: 5.4.0
namespace: platform
inherit:
- template: default-env-values
- template: default-env-secrets
- name: kyverno
chart: kyverno/kyverno
namespace: kyverno
labels:
bootstrap: true
version: 3.3.7
- name: kyverno-policies
chart: kyverno/kyverno-policies
namespace: kyverno
labels:
bootstrap: true
version: 3.3.4
needs:
- kyverno/kyverno
- name: custom-kyverno-policies
chart: "../../kustomizations/kyverno/{{ .Environment.Name }}"
namespace: kyverno
labels:
bootstrap: true
needs:
- kyverno/kyverno
- name: external-dns
chart: external-dns/external-dns
version: 1.15.2
namespace: platform
inherit:
- template: default-env-values
- template: default-env-secrets
- name: keel
chart: keel/keel
version: v1.0.5
namespace: platform
- name: uptime-kuma
chart: uptime-kuma/uptime-kuma
version: 2.21.2
namespace: platform
inherit:
- template: default-env-values

174
installations/system/helmfile.yaml → helmfiles/system.yaml
View File

@ -1,10 +1,13 @@
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
- ../common/templates.yaml
repositories:
- name: bedag
url: https://bedag.github.io/helm-charts/
- name: coredns
url: https://coredns.github.io/helm
- name: zot
url: https://zotregistry.dev/helm-charts/
- name: cilium
url: https://helm.cilium.io/
- name: metrics-server
url: https://kubernetes-sigs.github.io/metrics-server/
- name: jetstack
@ -13,84 +16,82 @@ repositories:
url: https://metallb.github.io/metallb
- name: traefik
url: https://traefik.github.io/charts
- name: coredns
url: https://coredns.github.io/helm
- name: cilium
url: https://helm.cilium.io/
- name: local-path-provisioner
url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=master
- name: kyverno
url: https://kyverno.github.io/kyverno/
- name: vmware-tanzu
url: https://vmware-tanzu.github.io/helm-charts/
- name: openebs
url: https://openebs.github.io/openebs
- name: local-path-provisioner
url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=master
- name: istio
url: https://istio-release.storage.googleapis.com/charts
releases:
- name: namespaces
chart: '{{ requiredEnv "PWD" }}/charts/namespaces/chart'
namespace: kube-public
createNamespace: false
inherit:
- template: default-env-values
- name: roles
chart: '{{ requiredEnv "PWD" }}/charts/roles'
namespace: kube-public
createNamespace: false
needs:
- kube-public/namespaces
inherit:
- template: default-env-values
- name: coredns
chart: coredns/coredns
version: 1.39.1
namespace: kube-system
inherit:
- template: default-common-values
- template: common-values-tpl
- name: cilium
chart: cilium/cilium
version: 1.17.2
condition: base.enabled
namespace: kube-system
needs:
- kube-system/coredns
inherit:
- template: default-env-values
- template: common-values
- template: common-values-tpl
- name: cert-manager
chart: jetstack/cert-manager
version: v1.17.1
namespace: kube-system
condition: base.enabled
missingFileHandler: Warn
needs:
- kube-system/cilium
inherit:
- template: default-common-values
- template: default-env-values
- template: common-values
- template: common-values-tpl
- name: issuer
chart: '{{ requiredEnv "PWD" }}/charts/issuer'
namespace: kube-public
chart: ../charts/issuer
namespace: kube-system
missingFileHandler: Warn
condition: base.enabled
needs:
- kube-system/cert-manager
inherit:
- template: default-common-values
- template: default-env-values
- template: common-values
- name: metrics-server
chart: metrics-server/metrics-server
version: 3.12.2
- name: local-path-provisioner
chart: local-path-provisioner/local-path-provisioner
namespace: kube-system
inherit:
- template: common-values-tpl
- name: kyverno
chart: kyverno/kyverno
namespace: kyverno
version: 3.3.7
needs:
- kube-system/cilium
inherit:
- template: default-common-values
- template: common-values-tpl
- name: kyverno-policies
chart: kyverno/kyverno-policies
namespace: kyverno
version: 3.3.4
needs:
- kyverno/kyverno
- name: custom-kyverno-policies
chart: ../kustomizations/kyverno/{{ .Environment.Name }}
namespace: kyverno
needs:
- kyverno/kyverno
- name: metallb
chart: metallb/metallb
@ -98,86 +99,83 @@ releases:
condition: base.enabled
version: 0.14.9
needs:
- kube-system/cilium
- registry/cluster-mirror
inherit:
- template: default-common-values
- template: common-values
- template: common-values-tpl
- name: metallb-resources
chart: bedag/raw
chart: ../charts/metallb-resources
version: 2.0.0
condition: base.enabled
namespace: kube-system
needs:
- kube-system/metallb
inherit:
- template: ext-metallb
- template: default-env-values
- template: common-values-tpl
- name: traefik
chart: traefik/traefik
version: 34.4.1
condition: base.enabled
namespace: kube-system
inherit:
- template: common-values-tpl
- template: common-values
- template: env-values
- name: cluster-mirror
chart: zot/zot
version: 0.1.67
createNamespace: false
installed: true
namespace: registry
needs:
- kube-system/cilium
inherit:
- template: default-common-values
- template: default-env-values
- template: common-values-tpl
- template: env-secrets
- name: metrics-server
chart: metrics-server/metrics-server
version: 3.12.2
namespace: kube-system
needs:
- registry/cluster-mirror
inherit:
- template: common-values-tpl
- name: openebs
chart: openebs/openebs
condition: tools.openebs.enabled
namespace: kube-system
version: 4.2.0
inherit:
- template: common-values-tpl
- template: env-values
- name: velero
chart: vmware-tanzu/velero
namespace: velero
version: 8.5.0
version: 8.7.0
condition: velero.enabled
needs:
- kube-system/cilium
inherit:
- template: default-env-values
- template: default-env-secrets
- template: crd-management-hook
- name: openebs
chart: openebs/openebs
condition: openebs.enabled
namespace: kube-system
version: 4.2.0
needs:
- kube-system/cilium
inherit:
- template: default-env-values
# -- Not versions since it's idnstalled from git
- name: local-path-provisioner
chart: local-path-provisioner/local-path-provisioner
condition: localpath.enabled
namespace: kube-system
needs:
- kube-system/cilium
inherit:
- template: default-env-values
- template: common-values-tpl
- template: env-values
- template: env-secrets
- name: istio-base
chart: istio/base
condition: istio.enabled
namespace: istio-system
version: 1.25.1
inherit:
- template: crd-management-hook
- name: istio-ingressgateway
chart: istio/gateway
condition: istio.enabled
installed: false
namespace: istio-system
needs:
- istio-system/istio-base
inherit:
- template: default-env-values
- template: common-values
- name: istiod
chart: istio/istiod
condition: istio.enabled
namespace: istio-system
version: 1.25.1
inherit:
- template: default-env-values
- template: common-values-tpl
needs:
- istio-system/istio-base

35
installations/applications/helmfile-badhouseplants.yaml
View File

@ -20,6 +20,7 @@ releases:
chart: gitea/gitea
version: 11.0.0
namespace: applications
installed: false
inherit:
- template: default-env-values
- template: default-env-secrets
@ -43,6 +44,7 @@ releases:
- template: env-secrets
- name: app-tandoor-recipes
installed: false
chart: allangers-charts/tandoor-recipes
version: 0.2.0
namespace: org-badhouseplants
@ -51,6 +53,15 @@ releases:
- template: env-secrets
- template: ext-database
- name: app-tandoor-recipes
chart: allangers-charts/tandoor-recipes
version: 0.2.0
namespace: org-allanger
inherit:
- template: env-values
- template: env-secrets
- template: ext-database
- name: app-navidrome
chart: allangers-charts/navidrome
namespace: org-badhouseplants
@ -67,23 +78,13 @@ releases:
- template: env-values
- template: env-secrets
- name: navidrome
chart: allangers-charts/navidrome
namespace: applications
installed: false
version: 0.5.0
- name: app-gitea
chart: gitea/gitea
version: 11.0.0
namespace: org-badhouseplants
inherit:
- template: default-env-values
- template: ext-traefik-middleware
- name: navidrome-private
chart: allangers-charts/navidrome
namespace: applications
version: 0.5.0
installed: false
inherit:
- template: default-env-values
- template: default-env-secrets
- template: env-values
- template: env-secrets
- name: server-xray-public
chart: allangers-charts/server-xray
@ -110,7 +111,7 @@ releases:
- name: memos
chart: allangers-charts/memos
version: 0.2.0
version: 0.3.0
namespace: applications
inherit:
- template: default-env-values

8
installations/applications/helmfile-etersoft.yaml
View File

@ -27,6 +27,14 @@ releases:
- template: default-env-values
- template: default-env-secrets
- name: memos
chart: allangers-charts/memos
version: 0.3.0
namespace: applications
inherit:
- template: default-env-values
- name: external-service-xray
chart: ../../kustomizations/external-service-xray
installed: true

9
installations/development/helmfile.yaml
View File

@ -1,9 +0,0 @@
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
repositories:
- name: argo
url: https://argoproj.github.io/argo-helm
releases:
- name: badhouseplants
namespace: platform

11
installations/games/helmfile.yaml
View File

@ -13,16 +13,7 @@ releases:
- name: minecraft
chart: minecraft/minecraft
namespace: games
version: 4.25.1
inherit:
- template: ext-tcp-routes
- template: default-env-values
- template: default-env-secrets
- name: team-fortress-2
chart: allangers-charts/team-fortress-2
namespace: team-fortress-2
version: 0.1.2
version: 4.26.1
inherit:
- template: ext-tcp-routes
- template: default-env-values

2
installations/pipelines/helmfile.yaml
View File

@ -26,7 +26,7 @@ releases:
- template: default-env-secrets
- name: renovate-github
chart: renovate/renovate
installed: false
installed: true
namespace: pipelines
version: 39.208.1
inherit:

51
kustomizations/kyverno/badhouseplants/pvc-patch.yaml
View File

@ -4,6 +4,19 @@ metadata:
name: replace-storage-class-by-openebs
spec:
rules:
- name: local-path-fix
match:
any:
- resources:
kinds:
- PersistentVolumeClaim
namespaces:
- registry
mutate:
patchStrategicMerge:
metadata:
annotations:
volume.kubernetes.io/selected-node: bordeaux
- name: replace-storage-class
match:
any:
@ -24,22 +37,22 @@ spec:
storageClassName: openebs-hostpath
accessModes:
- ReadWriteOnce
- name: remove-unwanted-annotations
match:
any:
- resources:
kinds:
- PersistentVolumeClaim
namespaces:
- games
mutate:
patchesJson6902: |-
- path: "/metadata/annotations/volume.beta.kubernetes.io~1storage-class"
op: replace
value: openebs-hostpath
- path: "/metadata/annotations/volume.beta.kubernetes.io~1storage-provisioner"
op: replace
value: openebs.io/local
- path: "/metadata/annotations/volume.kubernetes.io~1storage-provisioner"
op: replace
value: openebs.io/local
#- name: remove-unwanted-annotations
# match:
# any:
# - resources:
# kinds:
# - PersistentVolumeClaim
# namespaces:
# - games
# mutate:
# patchesJson6902: |-
# - path: "/metadata/annotations/volume.beta.kubernetes.io~1storage-class"
# op: replace
# value: openebs-hostpath
# - path: "/metadata/annotations/volume.beta.kubernetes.io~1storage-provisioner"
# op: replace
# value: openebs.io/local
# - path: "/metadata/annotations/volume.kubernetes.io~1storage-provisioner"
# op: replace
# value: openebs.io/local

1
kustomizations/kyverno/etersoft/pvc-patch.yaml
View File

@ -13,6 +13,7 @@ spec:
namespaces:
- applications
- platform
- registry
mutate:
patchStrategicMerge:
metadata:

0
values/badhouseplants/secrets.postgres16.yaml → values/badhouseplants/databases/postgres16/secrets.yaml
View File

0
values/badhouseplants/values.postgres16.yaml → values/badhouseplants/databases/postgres16/values.yaml
View File

0
values/badhouseplants/secrets.postgres17.yaml → values/badhouseplants/databases/postgres17/secrets.yaml
View File

0
values/badhouseplants/values.postgres17.yaml → values/badhouseplants/databases/postgres17/values.yaml
View File

26
values/badhouseplants/databases/redis/secrets.yaml Normal file
View File

@ -0,0 +1,26 @@
global:
redis:
#ENC[AES256_GCM,data:INOZ17f72Qf6D+drbcvmnZRBRIeXLSAV9RmfOLZFp45qt8GWSHMnevqq9ge4Zlydtsd3BDek/JLUNl6YHPPq9qM1EFujY2htbOHyf0Cn,iv:zZDMizNKFllCyNH/bUF+vuB9YOikjo3q5ebzu3LYvCc=,tag:H0XX/D9xh0HS0Xnqgs/aag==,type:comment]
#ENC[AES256_GCM,data:JiLOpJanuZnMpN5dMvw2,iv:YEVZSdRHez1lCb61hWLvalLq8F67l7KF0WXmmuj9bck=,tag:KnpfgwUYBQLZsj4Jk13RtQ==,type:comment]
#ENC[AES256_GCM,data:mzDGjHlXUunu1yA=,iv:LOOU/QGaHKeDrssbk1haYd0lPclbFak9GygEbbN0gFs=,tag:4cUubeiY6aJj5KVKVkdFUA==,type:comment]
password: ENC[AES256_GCM,data:kN93kIMiVTGWbaYgMC1n1MWqdl8s3cbZS5vvYTa2,iv:Qy+GQchC6s2PoarPWtquipF9gAVYZR6mn0GeHABRogE=,tag:V/xbfm9u51UUG+we/3nNLQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrOHRuN1J1ODYvc0Z3OW5H
NFhVM0dWWGZETU0vTzVkeUk1NFVWc2FSaGprCm5NalJKUWxtLzA5VTU3YjR5VWtx
NExtbTZZZUZteVBTYnNWTVZvbnF5VFUKLS0tIEpBTDhPbkVLVytaY29aUktmZGF2
bnVKWmI4RWpLaGU5WTIwblJRcDFDMlUK2BHkUNbpRMo0jm2Sk+Qcf4giufJtaJyM
xuoG41AqGs4+KEDS8/rF9HK7z+2Wk9H5b8L+/W0n+J5EPOvwvFePTA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-26T12:23:02Z"
mac: ENC[AES256_GCM,data:xrA6hCFIH/R/j/V1T60xx5Eix5Z5ETREQP4zYriLkZQ4hEzL2WdJFExK1VXSfX4KmIR8215XHmHnWu70eIoAnFUaozBosIFtJz0YNrNNok6MeDGD5fy5mcBQfCqLw+rwbW/uxY7DQrchgVT9iFAkpRSoVPUzn6ku/xCmTmSlv3E=,iv:lNLR5QHKPUWb1Mz8mIFCHnjpuQVF7ttNTOy9+jEzLyo=,tag:G4iZ/9nWKh97JLGOxbgSQg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

0
values/badhouseplants/values.redis.yaml → values/badhouseplants/databases/redis/values.yaml
View File

0
values/badhouseplants/secrets.minecraft.yaml → values/badhouseplants/games/minecraft/secrets.yaml
View File

106
values/badhouseplants/values.minecraft.yaml → values/badhouseplants/games/minecraft/values.yaml
View File

@ -1,33 +1,15 @@
service-account:
enabled: true
resources:
- name: minecraft-exporter
label:
app: minecraft-minecraft-metrics
endpoints:
port: metrics
traefik:
enabled: true
tcpRoutes:
- name: minecraft-tcp
entrypoint: minecraft
gateway: istio-system/badhouseplants-minecraft
match: HostSNI(`*`)
service: minecraft-minecraft
port: 25565
# --------------------------------------------------
# -- Main values
# --------------------------------------------------
image:
#tag: java21-graalvm
tag: java21-jdk
tag: java23-graalvm
pullPolicy: Always
resources:
requests:
memory: 3.5Gi
memory: 2.5Gi
cpu: 2.5
limits:
memory: 3.5Gi
memory: 2.5Gi
lifecycle:
postStart:
- bash
@ -52,32 +34,23 @@ readinessProbe:
successThreshold: 1
timeoutSeconds: 20
minecraftServer:
memory: 3000M
memory: 2000M
jvmOpts: |
-server
jvmXXOpts: |
-Xms3000G -Xmx3500G -XX:+UseG1GC -XX:+UnlockExperimentalVMOptions -XX:G1NewSizePercent=20 -XX:G1ReservePercent=20 -XX:MaxGCPauseMillis=50 -XX:G1HeapRegionSize=32M
-Xms2000G -Xmx2500G -XX:+UseG1GC -XX:+UnlockExperimentalVMOptions -XX:G1NewSizePercent=20 -XX:G1ReservePercent=20 -XX:MaxGCPauseMillis=50 -XX:G1HeapRegionSize=32M
overrideServerProperties: true
eula: "TRUE"
onlineMode: false
difficulty: hard
hardcore: true
version: "1.21.1"
version: "1.21.4"
maxWorldSize: 90000
type: "FABRIC"
gameMode: survival
pvp: true
modUrls: []
serviceType: NodePort
#- https://github.com/CaffeineMC/lithium-fabric/releases/download/mc1.20.1-0.11.2/lithium-fabric-mc1.20.1-0.11.2-api.jar
#- https://github.com/CaffeineMC/sodium-fabric/releases/download/mc1.20.1-0.5.11/sodium-fabric-0.5.11+mc1.20.1.jar
#- https://github.com/CaffeineMC/lithium-fabric/releases/download/mc1.20.1-0.11.2/lithium-fabric-mc1.20.1-0.11.2.jar
#pluginUrls:
# - https://github.com/dmulloy2/ProtocolLib/releases/download/5.2.0/ProtocolLib.jar
# - https://mediafilez.forgecdn.net/files/3789/833/GravityControl-2.0.0.jar
# - https://mediafilez.forgecdn.net/files/3151/915/CrackShot.jar
# - https://s3.badhouseplants.net/public-download/MechanicsCore-3.4.8.jar
# - https://s3.badhouseplants.net/public-download/WeaponMechanics-3.4.9.jar
rcon:
enabled: true
withGeneratedPassword: false
@ -85,7 +58,7 @@ minecraftServer:
serviceType: ClusterIP
extraPorts:
- name: metrics
containerPort: 9225
containerPort: 19565
protocol: TCP
service:
enabled: true
@ -93,12 +66,11 @@ minecraftServer:
labels:
exporter: minecraft
type: ClusterIP
port: 9925
port: 19565
ingress:
enabled: false
persistence:
storageClass: openebs-hostpath
#storageClass: local-path
dataDir:
enabled: true
Size: 9Gi
@ -121,35 +93,6 @@ mcbackup:
persistence:
backupDir:
enabled: false
# ---------------------------------------------
# -- Install Plugins
# ---------------------------------------------
initContainers:
- name: 0-download-mods
image: alpine/curl
command:
- curl
- -L
- "https://s3.badhouseplants.net/minecraft-mods/server_mods.tar"
- -o
- /download/server_mods.tar
volumeMounts:
- name: download
mountPath: /download
readOnly: false
- name: 1-copy-plugins-to-minecraft
image: ubuntu
command:
- sh
- -c
- cd /mods && tar -xvf /download/server_mods.tar || true
volumeMounts:
- name: plugins
mountPath: /mods
readOnly: false
- name: download
mountPath: /download
readOnly: false
extraVolumes:
- volumeMounts:
- name: plugins
@ -162,3 +105,36 @@ extraVolumes:
- name: download
emptyDir:
sizeLimit: 500Mi
extraDeploy:
- |-
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: minecraft
spec:
endpoints:
- interval: 30s
port: metrics
scrapeTimeout: 10s
path: '/'
namespaceSelector:
matchNames:
- games
selector:
matchLabels:
app.kubernetes.io/instance: minecraft
- |-
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: minecraft-tcp
spec:
entryPoints:
- minecraft
routes:
- match: HostSNI(`*`)
services:
- name: minecraft
nativeLB: true
port: 25565

21
values/badhouseplants/kube-system/namespaces/secrets.yaml Normal file
View File

@ -0,0 +1,21 @@
defaultRegcred: ENC[AES256_GCM,data:lsqr2fBEosOQqYLBwps1hmgFs90zkzbdHpO8UwJWcMl1/CGkyzroACqHkL8taaOnnvwWwadIL8FU3382jamw0Xk5O51bFSBbCxTs3xd4ibwe39ha5YI6YQDHADDb/u1Yw4TctJ/h9xykXHDOL4foE5Z860e16vtMiVvniLD9OGfR6utb9gvZHE2QqZTlHR9U4PY2vLWWQMN3VRvipT7hulmOUzXMVcuBswmyDF39PvTba6Ea7A83V9h6HpqNeSA1ewKREIDOFqjhl7tIit8aQnuee58bJCTVIdg6gyR6yfu6sF22wdUlsJ7CAHtd41sbhEhWGyzJIqg=,iv:J1CfAJmNpI7lgQalYJlXs+JX5I0e6COGrsenMhvDGLA=,tag:nHkq8VF47I/9FS8uGcEyuw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwWHpPUkZqbC9LaEtJYzhF
L0hIZUtOa3E4KzJDOFlwaFRVWDdJRnBtR1ZjCnVLNzhyQkdxS2dtK2lFaWRJUkJq
dThURHRTRG5GT1BqaTZRbzlUbXYzWHMKLS0tIFRSa1lkSGQrN1RGdklzYzZNU3BH
ZE0wMk1sRGg1M1lrNVFMTityK3cwK00Kbhugumz27RVo1SJjaljEbklHY6CW7xGD
UCbN0LGh5PPpN6eCbZW8dB1+/lLR9AnyYr6okrGM2iztaJQdlwRvww==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-27T10:24:56Z"
mac: ENC[AES256_GCM,data:xGqmh1TPg0OJLSycbnjsF4Ai844ZzlCzawQXmROpORJEiSL/3R1W+2PsBT5KcAfG7y2+Ovyk+l1FeorIPuqnbcezX9zUxMOaFXJylmwvNYXCwoihU6Yx2hg9SuFhnwINAhCLqOaRKIh8xPUaK8nRVqwJJa0jW6eCyZ5lsLtpz90=,iv:pmPfpSv3VfVz/MvTGTWoMxzkF3BvCMhK+HxEeN5pzNI=,tag:WkLcTz/WlLXmq8EojHfdlA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

37
values/badhouseplants/kube-system/namespaces/values.yaml Normal file
View File

@ -0,0 +1,37 @@
namespaces:
- name: registry
- name: kube-system
defaultRegcred: true
- name: production
defaultRegcred: true
- name: kyverno
defaultRegcred: true
- name: velero
defaultRegcred: true
- name: observability
defaultRegcred: true
- name: databases
defaultRegcred: true
- name: istio-system
defaultRegcred: true
- name: applications
defaultRegcred: true
labels:
istio-injection: enabled
- name: platform
defaultRegcred: true
- name: games
defaultRegcred: true
- name: team-fortress-2
defaultRegcred: true
- name: pipelines
defaultRegcred: true
- name: public-xray
defaultRegcred: true
labels:
istio-injection: disabled
- name: org-badhouseplants
defaultRegcred: true
- name: org-allanger
labels:
istio-injection: enabled

1
values/badhouseplants/values.openebs.yaml → values/badhouseplants/kube-system/openebs/values.yaml
View File

@ -1,6 +1,7 @@
localpv-provisioner:
hostpathClass:
isDefaultClass: true
zfs-localpv:
crds:
zfsLocalPv:

24
values/badhouseplants/kube-system/roles/values.yaml Normal file
View File

@ -0,0 +1,24 @@
roles:
- name: xray-admin
namespace: public-xray
kind: Role
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
namespace: ["public-xray"]
bindings:
- name: woodpecker-ci
namespace: pipelines
kind: ClusterRoleBinding
subjects:
- kind: ServiceAccount
namespace: pipelines
name: woodpecker-ci
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
sa:
- name: woodpecker-ci
namespace: pipelines

0
values/badhouseplants/values.traefik.yaml → values/badhouseplants/kube-system/traefik/values.yaml
View File

25
values/badhouseplants/org-allanger/app-tandoor-recipes/secrets.yaml Normal file
View File

@ -0,0 +1,25 @@
env:
secrets:
data:
SECRET_KEY: ENC[AES256_GCM,data:bLecWaJafPbXT2/dvKt3R2KNfuxxgQ6yLxviYbOf,iv:liuexfgYScH+eg/qSO23SQxE7hKpudgkOH3JRDkaa+A=,tag:DEcAbY6rg7mQnhsnukWtFA==,type:str]
SOCIALACCOUNT_PROVIDERS: ENC[AES256_GCM,data:kx9ziZhxWcWTu1UG7BPi/sdG1tHhzugq65xxL3IPVx8i1oHXwy+00KaOEsIYP+TJqX5516Zq6JqtXe9dQwI4uVIy538FdXeEQDHKNS0xesSx8jG0tKa71GiqyQGBrBBxiy144za9y1QHB9k1pvuaza8mVEQOoktmMFfiHzEOhYDQxIzTulOMWxN2ImTsYSupHS6HLR13gDCyROVDzj1Io/U1VHxN5RZBPiqthNiB+/Aj+2FuCwAaxgEE6VVNFJlghi2yiZbl/PvZ3MDT+dAx/NijawVt0qdBBmPvB3jKZkgRN2tyystGiu47hnLosuzjrOjAMA6rP7XkT2gQ5e6hoLlJxWD5IiAHI+gQK7REbyJrEmSwwH0aCVsd1H4FOBNk+rfKpTIr7sRZFTVcZLtUdTZW6EW0XWmrBBPr5jodmouoFZY+dGlWP1vQkG+2eymw5aJCan0oq+x+J9dB+CVZc/2M1zBeRa6Crg7w3smCqOr46jkaRxfoDxV2NdRSla5zkwwFSS7MqPYlqre2oW+pgP7lvRa4MW9++5q+Zg==,iv:RZMNm66PhTWvjJG5jtpJW22TFInHw8LT04qui3fMLgA=,tag:ETMqmFO/8Kve/W55WP21dA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKcTM5RTNIakwwZHNrQXE2
U2FsK1gwMDhUTDd1MVorbENtQXdnZjYrM1c4CmNQaG5TcU9wK25qQUg5a29UUXBK
WlZHK0M0dHEvZWVyZmJzR0RLU1pGWmMKLS0tIGk4TFArQnJyTWJJa3FJRlJhY0do
ZE81bENWM3ZUdlR0N2RKMnJkUnJxSG8Ky2ngwj6ZnToGhnAJChU8NXUG+XPPZc2F
fOD35BFO5bUNe+V8MkDLae+GQ1hr55r4WnvFpSWywRIjCFYmUJHTgQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-22T12:32:43Z"
mac: ENC[AES256_GCM,data:khcLV/lPaY6J5QQmX8466jx9bsXn+NwA3TLIUYs9ipKa539OjIWstwyydVxILSBCwEWGEW86c8EzLBwptBBgg6gehfRJAax5TAn0lBd1lAAiAxZhdNpc2tfoaMaUWfWdpwYjdrtnvAlAkN3/16nvx+TIq7WdU/cWsic96PqhU0A=,iv:I81QvtZ7S+mSAzoXhU0YBMN0L4K+SRHW3UtcSLxwK5s=,tag:gAeAIjyJ13A8gfE7ppBeRg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

57
values/badhouseplants/org-allanger/app-tandoor-recipes/values.yaml Normal file
View File

@ -0,0 +1,57 @@
shortcuts:
hostname: tandoor.badhouseplants.net
ext-database:
enabled: true
name: tandoor-postgres17
instance: postgres17
credentials:
POSTGRES_HOST: "{{ .Hostname }}"
POSTGRES_PORT: "{{ .Port }}"
workload:
kind: Deployment
strategy:
type: RollingUpdate
containers:
tandoor:
securityContext:
runAsUser: 1001
runAsGroup: 1001
fsGroup: 1001
envFrom:
- main
- secrets
- secretRef:
name: tandoor-postgres17-creds
extraVolumes:
common:
path: /opt/recipes
livenessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 10
failureThreshold: 30
periodSeconds: 10
ingress:
main:
class: traefik
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
extraVolumes:
common:
emptyDir: {}
env:
main:
enabled: true
sensitive: false
data:
DB_ENGINE: django.db.backends.postgresql
SOCIAL_PROVIDERS: allauth.socialaccount.providers.openid_connect
REMOTE_USER_AUTH: 1
SOCIAL_DEFAULT_ACCESS: 1
SOCIAL_DEFAULT_GROUP: guest

50
values/badhouseplants/org-badhouseplants/app-gitea/secrets.yaml Normal file
View File

@ -0,0 +1,50 @@
gitea:
admin:
username: ENC[AES256_GCM,data:U230S8544mg=,iv:yL45Opnqp5T4h7erEv0pRHWtH1th8uu1Y4wfeY2aJcQ=,tag:a4vsJEOxlmHj1mwqcUGbiw==,type:str]
password: ENC[AES256_GCM,data:IpwOetFEvxt0/tGkiJ8bBI+OR/E=,iv:8OA48CiWeMyqZVs2lp+UzfyymUNQfdgmAQV33+AVQ+s=,tag:stgAMSnB5dCzFu4zvZeVRA==,type:str]
config:
storage:
MINIO_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:cn3NsFx0TH0fw6mJt6cArMRyQ6Qng3gIPQ==,iv:Jv+rweQzEXfVWuWycjGSi54jRAm0XEEcNxZ6flbUZWM=,tag:6O9KvcnaVEME5lXl6msZLw==,type:str]
mailer:
PASSWD: ENC[AES256_GCM,data:3UL0uvz49J3GIOo/eVWKYLrDG+u/lvCr8Q==,iv:HBQKF42R3tHFQxkUoRzsiPCUkFM40qpjM0SYrQSxugE=,tag:iua/nXoogjxnkj9T6UB/Sw==,type:str]
database:
PASSWD: ENC[AES256_GCM,data:DbL7wryYRQAEzujWNL4I0AwEq6Cr2r78FXQOAw==,iv:Oc2IYwD7iy7AlYVnhvSc61ttOf20qJyuuDnx4yF3/YE=,tag:aLa8+r0kYvzFSuF3hvhL2w==,type:str]
session:
PROVIDER_CONFIG: ENC[AES256_GCM,data:owsHUHdmzGiFgtD3+nRBmHYKcsNQXblbuCO8V0tLAAMvJBRHSA5YG1TL3Quy2186yoZCPiAdeQwg/o2Iutk2Mlc6/NmeurZbxomV8dWBuqJfn6t44xnDgFnEXpxE5kB5lNCtcjKXmpxC4fkoUVscOyZFmKp9uTgH,iv:evmTZH5NzMB3nhqLhuBmTTF4ztJX9a/ZMTOmYMqSaxs=,tag:dLnk9xt+moGoBhx7tqazig==,type:str]
cache:
HOST: ENC[AES256_GCM,data:feiTcBqztm76LZgNShj0Go0IRNgG9UwCQP9KrdexosP2XCnSe+giyKoIcADiHQFYVbnnkpw7/UqNxgM0Tx+EQ9eyFKY+PaFyCSFmQwikmAWakDJ+hQNM1VaNaDKdeLiGIeI7nO2MH9hGDMzPWtUgMNBxc9tTS38l,iv:Rcr+uiZMWbG9IPeMm+eiNf3W3yz2L7yqSkJSKUhWHtk=,tag:3cLuUAEU6CZvvUYKF1cCAQ==,type:str]
queue:
CONN_STR: ENC[AES256_GCM,data:Mw7W72M3HitiAEG1ihWctXyYqHJuSiKBZvQDDRjA4O9Yg9Zsbq+/HVcnh074zbiTjCO/496FLiy88HuAw8lksZ7MXXVvRI7rIcFKFZLpHcjAqkBnB301SGalK/R4bSisECsYIFPjKuh+s4PIuPEIgFtZuiEvYdbT,iv:uYwjzUObav2Hs/JgRIYbGBFNcZm++qS2QqKpz6Ma6EA=,tag:0okDz0yzL4eSat/0roYJ2A==,type:str]
oauth:
- name: ENC[AES256_GCM,data:sN+DzBKd,iv:0HNSbQEDLsV76DIRHdWnPs9SI/bHRZz6Fw+8B8Hhuns=,tag:mwTWy9VSXapPu3uLk7LgSQ==,type:str]
provider: ENC[AES256_GCM,data:m74moJ8h,iv:QfE5F3vpIlEzIftHlX/qpNvsnAab8gTd4CHyECHNcmQ=,tag:JefFm9mfYJSKzBDOb/l6BA==,type:str]
key: ENC[AES256_GCM,data:7ScP3oXE0zTnaqL3AigHby39fMk=,iv:sXllPawkQ5BcKmC1iBUJ2WOEPK2lm6W3q+GrprHZhAc=,tag:vSCB9w5x6jjPNu5b5ZEMzw==,type:str]
secret: ENC[AES256_GCM,data:XG9D5IUX4MqJzKf+aB7MCeDJAQlIzMxSv3ByAZQAdZCI+5my+cMfeg==,iv:s3e0wFznoX55MeEQj+dK0QrzzatGzDBKfT4xDD00cOA=,tag:vk32YQcPs0kAIOj61YwHww==,type:str]
- name: ENC[AES256_GCM,data:eBSL9xrBDN50,iv:TiC3jjpfwS6A9x6PAkMIorwJ9CecxblzEFt5+ZmSW6I=,tag:XA6UrnJbkUyDBgOY9xfIPw==,type:str]
provider: ENC[AES256_GCM,data:yh4TBYDI2R0a4f1qSg==,iv:hx8pAuo//U+YY5a2cq/KyoK4qcKbSXWtkrDvACWLU2c=,tag:uJ9JNWdDjb0eTS0ZJXHDaw==,type:str]
skip_local_2fa: ENC[AES256_GCM,data:8YwpOw==,iv:2R3Zc4HK/U31SVcXR3xi9J/kJySR3osA8xN3YhvRxBk=,tag:SzBFOwEmczW59SHLGCMb5Q==,type:str]
key: ENC[AES256_GCM,data:rLR8ve4=,iv:qOVIBiFjsOrrRg/mca5l7SHc2GdVAdyz0TV3Q7lJlQg=,tag:tYEzx7SoeoAC9/lgWU91uA==,type:str]
secret: ENC[AES256_GCM,data:r7sWVeqWTnqbt7ArzpADD5A1fYU6+KSpLohWJuSbEUyPAzOSxfZGxSYNfAwaxACOgmJJnxUeQ9l71nyUDWzGMrFkLr+o+WcQmSTPV3+3iMHDsTdgjEb+tIZFdi0Z5PJ8DCBxjckmbG5cx3O3Kyrjc24SNHCVb62lhduZH1fIlT0=,iv:kvtMCpiOUx10zTKt/ZYQh3leYaY9+v169Sq+sYIScHQ=,tag:t8txjt3xuVKWA7QgBJYuiw==,type:str]
autoDiscoverUrl: ENC[AES256_GCM,data:SG2ev/BshOBP0NQnpZRQErZDAEWdReiwp2pb2JJBWZmFvC67//t8WZu1/wilfQjJvJdsDGwk9Rwncoxya5Fb9uKYDAQKzqULJk70Er9pyNaowFbMxiMm+ws=,iv:B9GM9MLIrKTtRfyDxltlFvvm01aRCTQnyiemH4qzjGs=,tag:Wqji+fKliEGJRZ4inTmbXw==,type:str]
iconUrl: ENC[AES256_GCM,data:lcW3npgyrc50GIYCyTh5Gpht2CU6hX67j13XNOvGQybU2dsA9BtqpmH0OMQz4b1g/XkuHAp5j3I0wLnGvhXXf4mEugzt8g==,iv:X/kHS77OJLDuNN2lTAWLqPARJ1QZMY1ImuS+xmkUlgM=,tag:0ZRh7eH6dYdZd250Lb/+xA==,type:str]
scopes: ENC[AES256_GCM,data:GtTGDrDZwU1r5vEsxg==,iv:/7yMuJpxlML3R1X8onDSFbJVwpYFtnLamaI+X148Tlk=,tag:e8HkvzdpkhDvedVzm7jG3w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6d2JneUUzM1VkM1lvclA3
aC9wMGpKSGU5ZnVaUTNlVDNsMlNaOVRNYVdzCkpzVUJzNHN2TmhHektzOC93Vjlj
SVU3cUxVUm4wWjJQRWZRdWlRMEU1eUEKLS0tIHRLOEJERXBMd0NFajNjbHhPVVNl
b1cyT0RYa3hzbFJjc254bHJMcDIzeTgK/aX6f60NBz6w1TaOFSZDRE7rPniebb75
iwO74fJtl5g9WxAG5yByxJ455Uhc2R/+VBbK5BcYFt9cboIgkUrS2A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-25T19:15:08Z"
mac: ENC[AES256_GCM,data:ySAOo8j+p9O0v8xYFcjuD6e/pc9LtLxLWC4TdP7mjhdfwwaaoJW96DLEbSYxYN7Co8zHFqdMp5e76SgvhWwP2LNmHLunJ3LNU6u6NSMEFLCSyjAM8KiqB4bTNq7Kf9H2FZbAN58YKXpZEFECJpxoLg2Q9MdRp+BvgURDa2QLZRc=,iv:Ay5vMdrKbNpFyir/N4+mPuOwKwIVupZbeJFKA+DWFDA=,tag:+YUSXQYMfu59oF+hjg0XMg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

176
values/badhouseplants/org-badhouseplants/app-gitea/values.yaml Normal file
View File

@ -0,0 +1,176 @@
# ------------------------------------------
# -- Kubernetes related values
# ------------------------------------------
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
external-dns.alpha.kubernetes.io/ingress-hostname-source: defined-hosts-only
hosts:
- host: gitea.badhouseplants.net
paths:
- path: /
pathType: Prefix
tls:
- secretName: gitea.badhouseplants.net
hosts:
- gitea.badhouseplants.net
replicaCount: 1
clusterDomain: cluster.local
resources:
limits:
memory: 1024Mi
cpu: 1
requests:
cpu: 1
memory: 1024Mi
persistence:
enabled: true
size: 15Gi
accessModes:
- ReadWriteOnce
# ------------------------------------------
# -- Main Gitea settings
# ------------------------------------------
gitea:
metrics:
enabled: true
serviceMonitor:
enabled: true
config:
database:
DB_TYPE: postgres
HOST: postgres17-postgresql.databases.svc.cluster.local
NAME: org-badhouseplants-app-gitea
USER: org-badhouseplants-app-gitea
APP_NAME: Bad Houseplants Gitea
ui:
meta:
AUTHOR: Bad Houseplants
DESCRIPTION: '...by allanger'
repository:
DEFAULT_BRANCH: main
MAX_CREATION_LIMIT: 0
DISABLED_REPO_UNITS: repo.wiki
service:
DISABLE_REGISTRATION: true
server:
DOMAIN: gitea.badhouseplants.net
ROOT_URL: https://gitea.badhouseplants.net
LFS_START_SERVER: true
LANDING_PAGE: explore
START_SSH_SERVER: true
ENABLE_PPROF: true
storage:
STORAGE_TYPE: minio
MINIO_ENDPOINT: "s3.badhouseplants.net:443"
MINIO_ACCESS_KEY_ID: gitea
MINIO_BUCKET: gitea
MINIO_LOCATION: us-east-1
MINIO_USE_SSL: true
admin:
DISABLE_REGULAR_ORG_CREATION: true
packages:
ENABLED: true
cron:
enabled: true
attachment:
MAX_SIZE: 100
actions:
ENABLED: true
oauth2_client:
REGISTER_EMAIL_CONFIRM: false
ENABLE_AUTO_REGISTRATION: true
session:
PROVIDER: redis
cache:
ENABLED: true
ADAPTER: redis
queue:
TYPE: redis
mailer:
ENABLED: true
FROM: bot@badhouseplants.net
PROTOCOL: smtp+startls
SMTP_ADDR: stalwart.badhouseplants.net
SMTP_PORT: 587
USER: bot
indexer:
REPO_INDEXER_ENABLED: true
REPO_INDEXER_PATH: indexers/repos.bleve
MAX_FILE_SIZE: 1048576
REPO_INDEXER_EXCLUDE: resources/bin/**
picture:
ENABLE_FEDERATED_AVATAR: false
service:
ssh:
type: ClusterIP
port: 22
clusterIP:
extraDeploy:
- |-
apiVersion: kinda.rocks/v1beta1
kind: Database
metadata:
generation: 1
labels:
app.kubernetes.io/managed-by: Helm
name: {{ include "gitea.fullname" $ }}
spec:
backup:
cron: 0 0 * * *
enable: false
credentials:
templates:
- name: CONNECTION_STRING
secret: true
template: {{` '{{ .Protocol }}://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{.Port }}/{{ .Database }}' `}}
deletionProtected: true
instance: postgres17
postgres: {}
secretName: {{ include "gitea.fullname" $ }}-db-creds
- |-
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: {{ include "gitea.fullname" $ }}-ssh
spec:
entryPoints:
- ssh
routes:
- match: HostSNI(`*`)
services:
- name: {{ include "gitea.fullname" $ }}-ssh
nativeLB: true
port: 22
# ------------------------------------------
# -- Disabled dependencies
# ------------------------------------------
postgresql-ha:
enabled: false
redis-cluster:
enabled: false
# extraDeploy:
# - |
# {{- if $.Capabilities.APIVersions.Has "traefik.io/v1alpha1/IngressRouteTCP" }}
# apiVersion: traefik.io/v1alpha1
# kind: IngressRouteTCP
# metadata:
# name: {{ include "gitea.fullname" . }}-ssh
# spec:
# entryPoints:
# - ssh
# routes:
# - match: HostSNI('*')
# services:
# - name: "{{ include "gitea.fullname" . }}-ssh"
# port: 22
# nativeLB: true
# {{- end }}

15
values/badhouseplants/org-badhouseplants/app-stalwart/values.yaml
View File

@ -50,13 +50,14 @@ extraVolumes:
emptyDir: {}
ingress:
main:
annotations:
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.class: traefik
kubernetes.io/ingress.global-static-ip-name: ""
kubernetes.io/tls-acme: "true"
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
metadata:
annotations:
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.class: traefik
kubernetes.io/ingress.global-static-ip-name: ""
kubernetes.io/tls-acme: "true"
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
config:
files:
config:

4
values/badhouseplants/org-badhouseplants/app-tandoor-recipes/values.yaml
View File

@ -2,8 +2,8 @@ shortcuts:
hostname: tandoor.badhouseplants.net
ext-database:
enabled: true
name: tandoor-postgres16
instance: postgres16
name: tandoor-postgres17
instance: postgres17
credentials:
POSTGRES_HOST: "{{ .Hostname }}"
POSTGRES_PORT: "{{ .Port }}"

33
values/badhouseplants/org-badhouseplants/app-vaultwarden/secrets.yaml
View File

@ -1,31 +1,26 @@
config:
env:
secrets:
enabled: ENC[AES256_GCM,data:C4TSoQ==,iv:kG2QtaNWHSc2sdhzo8HnMnPE0Mixqs1dvFsAcke/Gw4=,tag:HhbVmIw5RQ9hipQqZ5J2pw==,type:bool]
sensitive: ENC[AES256_GCM,data:0wVOUg==,iv:FGxAd9h2e0LeWukZR/THhCscF3FWoK4dnkrX1mqSC+A=,tag:0rpeedT6x2V79WB5xRNbuA==,type:bool]
enabled: ENC[AES256_GCM,data:bai2CQ==,iv:NG7q1ZsDpCW9Lu00fGsibpTEHGtew+l5TFOLOpljlwU=,tag:Z2/fXmsEEqhDzCdTWS/Qhw==,type:bool]
sensitive: ENC[AES256_GCM,data:n+dNXA==,iv:iFM0+5G5Bsw4NI+JH1vMMrty3Zo0El0HE9F6PEDsJrY=,tag:EcbzQHVeOHVLVC7kgaRPXw==,type:bool]
data:
SMTP_USERNAME: ENC[AES256_GCM,data:82zb,iv:Z89+Wt6jGMQTZ73ghk1Ey504WYt2Li9XQ2gaH0SB8tI=,tag:RmqHxghik75E9LAABzyVxA==,type:str]
ADMIN_PASSWORD: ENC[AES256_GCM,data:ELi8dtNa/OhQKgrXbrgwHK95ntZjyzRSvQ==,iv:IVZbXZlFyCRMc3bW81Ak9UdjeGke0px9mGqrmaW7EHk=,tag:9xli08c0pqnxu2ktTbCMcg==,type:str]
ADMIN_TOKEN: ENC[AES256_GCM,data:CAAalqRcu9vsM1bjC76enJCSX/tc7yOd48mxGV0d5rTFxQz08b4JVhKyMzl7BRog7+PMtJkkTnRIXZHgj31FqhRylmHyuAn3iPc=,iv:PpZvZMhOEt6ecdkBcvAOSz+eZktPAzaAlYNjBSgiN/w=,tag:apHKw66HG7TYnpBNVyM7xA==,type:str]
SMTP_USERNAME: ENC[AES256_GCM,data:eQ4c,iv:4vX/ioHWEA6DzMwZ+23dgUN4PJ7Asz7bbufG5Fy80iI=,tag:1Mq0Hj/23T4fvGEXuNUtxA==,type:str]
ADMIN_PASSWORD: ENC[AES256_GCM,data:B08urSqwYgekI6I5LDYGHbPK5n3r+woRZw==,iv:K2O9aSJLRMbK+N2lfX4ojSqhbmb9KbWsuW2DtYZHCOA=,tag:Qz0OJ7aWwC+/9d1oc38ySw==,type:str]
ADMIN_TOKEN: ENC[AES256_GCM,data:sKVugfrrR9L5LtozHPibGiPULiwv8pAot925Z/rQ0V/mW+DVvNPEw4odgfX596Ddmd8oV5zo5Mz8WIPUCmrVmfdoz+3YzVywEy8=,iv:npthfz4xcW6fF10RhHCF6uXH/6526l3gjZGRu+Xpylg=,tag:vsPsRZ7EIQ7FMvqJga3hhg==,type:str]
DATABASE_URL: null
SMTP_PASSWORD: ENC[AES256_GCM,data:g212PzN9/4hxBKMAWFNiR0qAnPPK/tkffg==,iv:1l6dikIQGSjznW9MsaCTdz0wLJmAhiL0ZOdN2J4Q0yA=,tag:tNbPdORUa6IBWgh0HHaNjA==,type:str]
SMTP_PASSWORD: ENC[AES256_GCM,data:quvcZQKauXeW+l8xkYgVBElBQveoRWKDBA==,iv:KpQH+Ef87jl/M9XpBtIKNhn7ATHoV+Jgjpzg2Li28Kg=,tag:jniePrO7UVp/cz/eIh19mg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoLys3dkJDK2lrQ0d4ZlJi
eFRTSmx1RUtZRnpxdkNvVFFCeXl6dDcvWXdvCitoNkcwVFFxRVJ6dkNUbGVPb1pU
b3E4ZjZibFF6QytNdUhXNDFLZXRpSEUKLS0tIHpZTmFXNnptVzJmZFhIU2haRWhR
UjNEN1BlREFVak1xdmQzaFY1dHVyM3cKuvMIrQUL1cuw3Odz/Cv+kZV9ZZzBozSW
XimhDSkxNrH5OsGC1Jxz/8JOv8abBs4NROzffVdyqtZZzXOLzw3mJQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGNnFwbWFpTWgxRk45S240
cVI5ekJXdVIwaG5NcGRPa2xTN2pFV2tyN1JBClNVMGhNL2FaM2pCK0sxbjgyalJN
MnpQeHBxY2RtWkI2c1htV3oyQmNnbVUKLS0tIGg4ZXNwaFRKNTlIRDluT3k0VDRD
Y3pIaEdFb1JwMnVrYnJ4UkpWMERmZFUKa45EvUqkvjaL85xh3gyxTeJ02IxPJf9a
TGjAvpjBrym9v++OrHn2otw1NOeZwSP1hmSCc+sa6/0yFqcU031xjQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-02T08:58:16Z"
mac: ENC[AES256_GCM,data:px+D6tlAZU6GzlE8/jLc0BaPyRwsfE1jRROy2mX7bhFTIW3lZqt/zangO46fFH5hXZjY5wLNIktCDbawIbUFwAp0vrmXxctZoAftl9hpdtW6ann3yfyv3pdcs7/BKu3s5QUswx6D13iLU0dvzyG4vGcQNmKpxuPQYLuDp2o74hM=,iv:2Y+wsS7QcgQ/8umZ+a21QjU25Yq24Y7UWjXVy9Gmvoo=,tag:APVtby5NCOQxrPAjIbMJ+w==,type:str]
pgp: []
lastmodified: "2025-04-01T10:29:47Z"
mac: ENC[AES256_GCM,data:VmYotoR4BJJv2mZ+kt+NNn+oXLKWHed0o/TkJO93/4eLUm8Wg9SPMA1ZYYe9YRfgbIhYxPlQbPPKQBv95XeOS1FFL24VyenTTP3TXWroeXxOWubko/Fp88U3glJXs5jfL5DLYKvGwTXG3tchFDwH9m6QOABX+aRxvNBEP5zXUxs=,iv:HMzuvl8YCPj9ZA5tKfExQfSbvwu4IEHz6sMLAe8g7vo=,tag:lI2fh1b7prHsBS8Snrbdtw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.9.4
version: 3.10.0

0
values/badhouseplants/secrets.authentik.yaml → values/badhouseplants/platform/authentik/secrets.yaml
View File

5
values/badhouseplants/values.authentik.yaml → values/badhouseplants/platform/authentik/values.yaml
View File

@ -14,10 +14,10 @@ ext-database:
database: "{{ .Database }}"
authentik:
email:
host: email.badhouseplants.net
host: stalwart.badhouseplants.net
port: 587
username: bot@badhouseplants.net
use_tls: false
use_tls: true
use_ssl: false
timeout: 30
from: bot@badhouseplants.net
@ -26,7 +26,6 @@ authentik:
user: file:///postgres-creds/username
password: file:///postgres-creds/password
name: file:///postgres-creds/database
secret_key: "2Scv6ivCfV6uGRTx9Kg5CYJ2KjBRHpR8GqSBearnBYvBFZBwR7"
# This sends anonymous usage-data, stack traces on errors and
# performance data to authentik.error-reporting.a7k.io, and is fully opt-in
error_reporting:

29
values/badhouseplants/platform/db-instances/secrets.yaml Normal file
View File

@ -0,0 +1,29 @@
dbinstances:
postgres16:
secrets:
adminUser: ENC[AES256_GCM,data:uuu/xvwJkHk=,iv:Pk+i8bf7AeeG9wKVh1RDJy7Dt3r5b1UKy4SJijlZfq0=,tag:QO3gwYXAG0sBBuHcKfTNQg==,type:str]
adminPassword: ENC[AES256_GCM,data:tjWATjuJT+C97D4TLQgk55BZOwVv,iv:1MWYtksmrEBQtOdGvtc6MZyLP4yBKA88eIpQ4mZCULM=,tag:3hOlT5n2Wd81ebxeEgW5tw==,type:str]
postgres17:
secrets:
adminUser: ENC[AES256_GCM,data:4w2EItIM++Q=,iv:cQLryeBskm2Y9OlbMFgQEWEBi7z/VxucLWbwZXsRtto=,tag:Ir2Q7KZv/sSDdA1MX/Niqw==,type:str]
adminPassword: ENC[AES256_GCM,data:wHUL2p8CXYwoEFu3ffCCsQO9xn/GqOZ6JPrcHKzy,iv:khoogPPFHSd+4xyp+jf1w0RfOUgrKzAmFjLnisQ8HXU=,tag:GRnkCQ0uOlUt2AiEAceFRQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuL1lwdVNHMm9nZHRld2lO
Rm4xVnVHWG9hNDc1cUVyakxzUU1PcFJhalM4CkNicEdUV2lEYWMwaWNqeGcrQ2p1
Qmw1b1FzRllqYW85bjF0cmRGcW1MbjQKLS0tIENUcG1oOXFNV3REaFU0aUEyd2k4
RDgzRmlKT1ArblpOV1plcFpyMnJXZTQKgm8Eaw591+EHZWofXAADTXRHPOdOvdOM
jYne1szB/V9UJz+pmLa10tNgruga+P5yP/j+DGcYrTj0pVh5IJLjTA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-30T19:59:46Z"
mac: ENC[AES256_GCM,data:3KrwiArDx/bPAHbFGgb9BdDVHC+uC1IHp4LZXlYRZzWSKtX1t+ODQVzUW97kigGFG1sx6WXddl/w3XeNOoT9JbS5iPXJQe6KAPleNV50S/oab+U53WeloO8uL68Wrk9v/NwMhCKwE9cCqBBhqk7wCb6N9ivt45mLrUf06L8fok0=,iv:bOWhyIm8FhKtZAZH/78bukkeDp5P4XShSD20mgr4Neo=,tag:RZMx9bi+ZEcLwTzk+Gm8RQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

21
values/badhouseplants/platform/db-instances/values.yaml Normal file
View File

@ -0,0 +1,21 @@
dbinstances:
postgres16:
monitoring:
enabled: false
adminSecretRef:
Name: postgres16-secret
Namespace: databases
engine: postgres
generic:
host: postgres16-postgresql.databases.svc.cluster.local
port: 5432
postgres17:
monitoring:
enabled: false
adminSecretRef:
Name: postgres17-secret
Namespace: databases
engine: postgres
generic:
host: postgres17-postgresql.databases.svc.cluster.local
port: 5432

0
values/badhouseplants/secrets.external-dns.yaml → values/badhouseplants/platform/external-dns/secrets.yaml
View File

0
values/badhouseplants/values.external-dns.yaml → values/badhouseplants/platform/external-dns/values.yaml
View File

0
values/badhouseplants/secrets.minio.yaml → values/badhouseplants/platform/minio/secrets.yaml
View File

2
values/badhouseplants/values.minio.yaml → values/badhouseplants/platform/minio/values.yaml
View File

@ -56,7 +56,7 @@ consoleService:
port: '9001'
resources:
requests:
memory: 2Gi
memory: 1Gi
buckets:
- name: badhouseplants-net
policy: download

0
values/badhouseplants/values.uptime-kuma.yaml → values/badhouseplants/platform/uptime-kuma/values.yaml
View File

26
values/badhouseplants/platform/zot/secrets.yaml Normal file
View File

File diff suppressed because one or more lines are too long

27
values/badhouseplants/platform/zot/values.yaml Normal file
View File

@ -0,0 +1,27 @@
image:
repository: ghcr.io/project-zot/zot
tag: v2.1.3-rc4
ingress:
enabled: true
className: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
pathtype: Prefix
hosts:
- host: zot.badhouseplants.net
paths:
- path: /
tls:
- secretName: zot.badhouseplants.net
hosts:
- zot.badhouseplants.net
service:
type: ClusterIP
persistence: false
pvc:
create: false
mountConfig: true
mountSecret: true

22
values/badhouseplants/registry/cluster-mirror/secrets.yaml Normal file
View File

@ -0,0 +1,22 @@
authHeader: ENC[AES256_GCM,data:BWmu4bpFjlIDStIcWfpsgbm1hfxlvZAK9LabhXuAdArJzflc4VA+Dy5fJRAMu9Mv,iv:+rwtfnjJCZKPmdcUkTfklq19uSgavOKaySK/O/xd2PE=,tag:3yXa+0LbIqMDk6KLWAAN0Q==,type:str]
_mirror_password: ENC[AES256_GCM,data:0aa6fqR3+0ZY5KhRKJa0SKBcBnF/KizHXTIm2NQB,iv:DUB8ItYbT+K31XLbWzi5909RPVn9DG9HRDU120VxbdY=,tag:DniRwku2rQX44ffMn4mU6Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsQ0U5L01iNFo5Y0t5SFo2
MXlwVDhQZ2R5QnVlUndmQ0x5L2ppU1h6aEVZCmhaUW1JY0RDMEM0T1JkZkk3TGVD
R0JjaEN0MGxVV1RIZUxkbjgzMTlTMmsKLS0tIFdDNW8xaWsxamFvUGRFaVZsVUV4
S3ZiYTJGOUFzZlNwSUZvNGtmSFNpczQK/npaHLqHSxMnCXNvDFw0eB9KfMJ7bWfV
ZuteeaXG+eZNX4l1ZY1pLNUv9kui4oXI8payp7sTZJI6WYZCQz6Oaw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-27T20:50:16Z"
mac: ENC[AES256_GCM,data:XtX4NUZ9PCdAFckdlygywFQ8vJRAszOjqPItr0MNRM0ndk/PkYYGzY0phMan7FgxY3Cz5XMJcv/MEogLedM+uH5vMbsOpRY49jpILMORL3Ni1tZFG5Px5NbfExGQmjFyefotRzCHlsUSTZEHlBIp4+FeBI41CgBbLw45rEoneL8=,iv:Ilk7TXqKSSV5WYnptLRaOk/lwwHHLesbSslOCarlVEA=,tag:vWXe+r3tHXoMtWYeJN9T0g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

96
values/badhouseplants/secrets.gitea.yaml
View File

@ -1,50 +1,50 @@
gitea:
admin:
username: ENC[AES256_GCM,data:1yKnMnzbHno=,iv:AWqprQPRloJhZEtyhF8+5dgxyHXtK+2HLxHa+gU+Aw0=,tag:Irk65xjOWgFBfPUJGVcQcg==,type:str]
password: ENC[AES256_GCM,data:8hbWwHlNyxzNe6PCYJ2w5b8oUi0=,iv:GtkHDZFUzk9rVh7ASmk+Qb/litPD5QX38hWLR24pgSU=,tag:bmdNTBDt2Mrxp1cVXmJwcQ==,type:str]
config:
storage:
MINIO_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:tLHwP5ZsoxKnaG38hNNXvXoy4PTuxlUT3w==,iv:bR0eL0MHOdT3CnsQrjdlEfwCEye41/ts/vsQf3ju1cU=,tag:XxpkrS88muDolMcB0r9rWg==,type:str]
mailer:
PASSWD: ENC[AES256_GCM,data:tw+vJSoedon/a3VhXkcpupumdbBnyMbSzQ==,iv:xoxIm855BhNsNfq+5L33yIDFKx8igNuEV71IDt0WNzQ=,tag:i9FJe0x4PqaMb/SBN0yXCg==,type:str]
database:
PASSWD: ENC[AES256_GCM,data:pB7YPucwcXwD9fzJsckZshz7ZLM=,iv:23k90tX465WltrQwSyx8Hixe2hnya/dx6aIvr3ti1wA=,tag:NvgN1g181yCBu5Mf7uYmGQ==,type:str]
session:
PROVIDER_CONFIG: ENC[AES256_GCM,data:Ipcta9fyfGCygYqpisgiy0rCckP5Ma5bNs2ClFNn0lnm1LQOJDdDLiQDr5u9L/WG6Bs2WhHbeSrdjxyZdCKv9pd1CfmB7S9eNcp2w+4hhofwUVcKW89rj9HYEHSLuY8C4Y5KbJKKl6PkY/JmTzyVSpSMDHYadf3j,iv:YsMR3zwZODENuy+WvKy8AdByKTuI7ng0hf1AJT+CMQk=,tag:9hOo08OLybdNgr7wvRPvyw==,type:str]
cache:
HOST: ENC[AES256_GCM,data:K0FpmrMo1TlUnHHHRKcKVQ8NYeOr+YEeQjajEIM1x5XPjkxYUmywyVL8f5qNLkvotAtD941Rw9CQ7NRof0NketkYyC8gJsndfznGPjhfqH5a0MUWDu9tAfGUzWGzXxC0uq4Ne1eRhu4SjZljZybqk5qQR00Zc/qX,iv:izMvr/kdes3+Gl1a6URnWyQ5TwYqTDMOBskHxPZZpgo=,tag:MWdLA5PV/+bEPWgXHw9OQA==,type:str]
queue:
CONN_STR: ENC[AES256_GCM,data:MsKkRcKpCGmvcL2lP5N+WuCNGp68gPw5HCpvCjEbYPoJcl5j6mAV5bBGqmiaIpvRbBu1EL1riHMmFD55efSJ6XueOXPG997iwE7KISdPjAWA92ZFe/zFzSW5EfBz3BvgsxzkMk3gR2usid0BvKXLPztLSvAYOR1l,iv:S4BunQMCS33JZUL8x4dRSbMtKQoI0f3Iw9IQ663hqfw=,tag:G7Xpp4d0VKzHRb0ju+F+WA==,type:str]
oauth:
- name: ENC[AES256_GCM,data:ruqXMi7A,iv:hzOf08m5WO/0ZLrsDdco2RuWquiR9n5hwZqcug7Gx1E=,tag:hwumITH28nq0z5i4Z4FvcQ==,type:str]
provider: ENC[AES256_GCM,data:Sx2HqTQ/,iv:DDhq7jVZdgD5MAFFeSt6KdsC0FSrpQWA+gu9gOg6Iwo=,tag:kOnrbDlwGLMrgKsF8hTGdA==,type:str]
key: ENC[AES256_GCM,data:itycutnIMsO2lb8M5UysL72Iq9k=,iv:E1b1zBGfew3bf72OxLoKQoosgPDqy8my1JMWvwBGpcE=,tag:iJGrMKbrqTD5NHYWvFxqxQ==,type:str]
secret: ENC[AES256_GCM,data:mOpFm2yKl1aBu3TcJkO/Gm69XQh36le4ohsueq9t58cIHDucrksBmA==,iv:zW3zde+XcD3wmJcOKZ0lrPCBA2OPHoF+8/T+6PJpP5w=,tag:27ssfjvp2oX9yglNJLalFQ==,type:str]
- name: ENC[AES256_GCM,data:8LPw6LKoUcMf,iv:/jNSUD9jcGxghxexh5063Le+t+xAbirHlc/1oG3JCq0=,tag:OA1LpeMNRi+Pkhr4cdseAw==,type:str]
provider: ENC[AES256_GCM,data:aqLm3vOS5b+cDBjnaA==,iv:/3teGaszsJEo9ya1Uy51xAxPC4zyMO08qm1Ag6sFb2A=,tag:iByKJjRGQcEiT8Zoe4cRnA==,type:str]
skip_local_2fa: ENC[AES256_GCM,data:YZMe+A==,iv:VE8i+fA/xbv4Ii6vDjsclbuzHp9lva+jOBIYE0vsKNA=,tag:OXAZnoa/zISVBmhaojVB+w==,type:str]
key: ENC[AES256_GCM,data:6mbjR2k=,iv:8zRBVFyF7XyTA96yfaWX8NtOC2f2abbyv7qUzizB+dc=,tag:BeBR+bijZFHepscsXJkoNw==,type:str]
secret: ENC[AES256_GCM,data:vM4LI6MFwF9co+qCzZwl+q7pKDtIiMj7jMwckleijtVOgnfafrMTKZsA4LbeKICm1p3kuj1qmdRzDgyCzGyCejwMwsd8Yze4gMKZb6wfnhOhaj11Yby40+xHHb8ogCzPfAH7TkOi+99Y2yMpfiw2i5UZvQK1oTjZLzMfJ0fK15k=,iv:F01nIJjOiZCueOaIa1p//ND4XA1wvNow9Crq73nHUVQ=,tag:KifiHsOa49Iah4SW28YMVA==,type:str]
autoDiscoverUrl: ENC[AES256_GCM,data:k1O5weiok0ybMfEwDfEaXu76AvUmgRHz3vGy5bShvdGxf/SQZVJJv0XntF9ifbfhYRKzJCt1BpVGkXQnHhMWntkolLUsv/r6OKZPjpwOtEozhI95fcjax1Y=,iv:2LFUB07dWs2tcCSibhoiJ8w3NoPMrpfEhAqb28TbdxY=,tag:iJtqPNf8nsjMVzF2Du+DVw==,type:str]
iconUrl: ENC[AES256_GCM,data:Jr8Ej4zfe319HX4ruXrDSB5ZuuEfbuvEeIVHt13E7xx3NvPF9qrOZip40hmAR7dc1nW5m6aX6GxP5gbonr90wZRCf8HA9A==,iv:ykfp9vlCZnjR+7H9NTokW8AOr0EHEq6vkwWDSMYiU5Q=,tag:MbX/8yRj6XwBgU+MbylAKg==,type:str]
scopes: ENC[AES256_GCM,data:Lr+kdYTfCVQE25ZGeA==,iv:O6OYdDg/PGj0p2A9vjxPaDBRtUctS1j4TO/5V1gSQ88=,tag:tlDUKeGRIL3Rqep/mpdRZQ==,type:str]
admin:
username: ENC[AES256_GCM,data:u1KcCwDNplU=,iv:s9mWKPTz+8rFKS2RmFPxCGOIPXFHLvLX3v0t+DemDEU=,tag:MmGR2LqDmHw10uJdPe/tSw==,type:str]
password: ENC[AES256_GCM,data:mBhL52UJwOwWpRGRfc5WNAvYwHo=,iv:hGt1kGA2miwzMidwD0AT62oXs1CAwAFpKk3XltqsCz8=,tag:bfhsQxef8cKEes1JkTQw/w==,type:str]
config:
storage:
MINIO_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:5VjeSHLIDvZB/VE7OJ1eqWOnT5NU64om0g==,iv:OFK7MYlb9QfV4ZHIECa3vHG9pBp1TCGSqqUJX3D7uGE=,tag:Ibmihyp3TXarFtr/tDtEEQ==,type:str]
mailer:
PASSWD: ENC[AES256_GCM,data:lIv1/BEEkouDVqNy4u+u7WCY4zz3ow7fWg==,iv:we77bHyHyAYCMxFGG13sE/M+5Tv2VeYfrg9bsa3leec=,tag:TOltFQbhrXMJW5w5x27YjQ==,type:str]
database:
PASSWD: ENC[AES256_GCM,data:a3AV8QMYOxlWiU7G1DRCaOSdHKA=,iv:3ZCwEMo3/3rmGJXgDr/Pw+rNQBU14rUKQ7330otX1qQ=,tag:KjwexsLkYaHsTdXoHwXBJA==,type:str]
session:
PROVIDER_CONFIG: ENC[AES256_GCM,data:nPtmi3wG3+wVkyb+IV832he9rUo2TRRx6cTqvGdVSIZMfcfUvS4rmSH7CQ28OYK6f+WEKs8PkjfrBzEP1mPFHC5eRQfg4ryaqM7eWmHaJipcg4h2nzH9ii6FXyYtmm2zFsTnodOJryEo0T/nMaGhEt7+eylCL+L4,iv:8UFjsAEtMjMqyC9Ib3ipoqpshFrsdE9d3dg7Cewv7dU=,tag:gGVNGk66/Kr/dZ6B3wbD4A==,type:str]
cache:
HOST: ENC[AES256_GCM,data:tXEIBKqGyeuAc/adO6DjcyAAGgcIuwxJ8T0Zsi1xMy3I3gXbzeTG6XwyAesiUoHifoYTpn3wWbf+pIh8KtGFXb58UcEOgHmnADPWALiXKFoZmvtHDL+JEjOjd0tyoskJNf4Oi4BckJDnfpYuMqJW9qcQbsxlB1My,iv:kJ7XRqvUVEGUC9aAPYO+1oZA3QPc/SE9apaeTgLf3wA=,tag:525IBTPiuZIkAxAIiRE35w==,type:str]
queue:
CONN_STR: ENC[AES256_GCM,data:Z1+u7JAcgNXkrO80YC2bMDk5VMyTFRAxDPc75ZPKbaD5+nsWQusvnHTS68rAu/WT21xAFpny7geERIOEZIewpucNoCTlqHVfJu/tsl40qMoBfjEWuwfaRM+AlNaXm5USTXkk+alQ3eJ2KIIhfhY1cd1yohRoKvAd,iv:bmLkzWqR8SwHLgWG6SWdeNr1w0fcZP8qNRlhfQfvJqs=,tag:QY5A8YGy0+3BnWSLBcsK5w==,type:str]
oauth:
- name: ENC[AES256_GCM,data:7KhuIzC/,iv:nn4bNQ1/tBiqjnQxcyocZd0h/54mH+LlRtiAjWuPCOc=,tag:e+55SHN49Q6NzT7KSsh52A==,type:str]
provider: ENC[AES256_GCM,data:+TrDQq3Z,iv:AAwjnHG40IKAkSPO5gzwEC745NH+Y5BgZIiJJ5Z2+AE=,tag:DENE8aAHAG9DZhkPmZWYVQ==,type:str]
key: ENC[AES256_GCM,data:uOY9iM/dAkhGbWSsUbmN5rnbqUY=,iv:BQ3KjcHN1jJG28RkjjhsTgWm+lHmHzYS4/P4Vlp89hs=,tag:HY3fZysu7sCdyoR0TuRd6A==,type:str]
secret: ENC[AES256_GCM,data:5s12mFDJJLPRg/IsypTx/BpvobX0hluTSddTaCQ0SgYjt4lthZDGGg==,iv:ojiXiVQ7BFUNO2ukAK0ygUTu6KVDKu8AMVmHfBw8Ii0=,tag:0zcD8iNT8iutij1C+Hk7Hg==,type:str]
- name: ENC[AES256_GCM,data:S/RV60Bc3/lH,iv:xIG+UJnmkEvuo2mgu904Hdn18BhsOCtWVl/eL6ybcZs=,tag:nFKPEisO3U3hPJZASrytiw==,type:str]
provider: ENC[AES256_GCM,data:eZOq2jNeqLM7BzePXA==,iv:vHhMOtF/mqUorcKSe2djtWKcyc5F2c+udWclcOkxK/A=,tag:6yKwQj/9oDDIdHcRtIgW3A==,type:str]
skip_local_2fa: ENC[AES256_GCM,data:B8ObUg==,iv:mmfGkA+8HK6H3DS+Hl5Hz3s/pwGBoYcXQfJiPiBKYFs=,tag:ErmgC/mcQZJ5sI5eEtLHzg==,type:str]
key: ENC[AES256_GCM,data:+w1/goQ=,iv:cIOxkdP38IaiNZ3dig5xo2kYrXdAwqerojCXcBifYds=,tag:5/+QimbfqpfnaFgFT3gfLg==,type:str]
secret: ENC[AES256_GCM,data:Rg4rEk9j8zZcUCWbm6xmuEbRb107f5HaU8ClbUkXWKnnERkN91QYtSNlAEWfHBk30xmBObm/O2LlypYJWT5wO7LNw4G6q9yv5JaIc7vS1pjicDi2QNxAW89euELdlthFa2fXj4lNlKLgQr8TbC5wpX0oysC261MM9kgjLuTQnw8=,iv:ft8IMPIu2JuzeWdM53qN5kJQQR5Oq9d2yyNbAQdtdY4=,tag:cBMEqmoP3KAuOhuX364hew==,type:str]
autoDiscoverUrl: ENC[AES256_GCM,data:IlykewahSerO46QAqJrvryzHkZONrEDHYBgwq9Nkg1pja9X1l3YaMbsg9DYWUkod/ZlzrGUA8Qyi58WW07chkFDPvy/Cfbp7GZSosr9ZVv7LI7TlpZHxeaA=,iv:rp05dCHRMnysz98G3EbKBZWsBzHrGzSuC6FCr/S8evw=,tag:6UtCbpVoWLbv5W/cB1+qBg==,type:str]
iconUrl: ENC[AES256_GCM,data:Tp16796JFzlYfOSfI+ld+Lf7hCeS74ZDz0kA/I9P3v6G+3LQAUGOtfFTzx5mTsfpP1eQN4HgD2uU3lfLhSozril1qq3AZA==,iv:dQSq+IiRcepUZqLipRr6DOHH7Hg6h45gnr9LH9dWYdU=,tag:zeq3tVobXsOasCkIAw/riw==,type:str]
scopes: ENC[AES256_GCM,data:3qwG8sYZER/p9GgnuA==,iv:hvJvc1pwUgeatq9R8GBde1EQDJunwZBl+cmsqJr1PBY=,tag:ov+WHCFaNaA40PPvOzVPqQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2V1RNMmlZaDJDMzBXekF1
YmdlYjNBTEhaYU5YYTZ6U1pHckl5YVZ4WVV3Cml5RzkyeHVCV3FlbEpoanlZOWk4
RlVoL1VISDEzODRaYUs0N3JldXE4Q28KLS0tIDdqK3IxcHpQdWJoNHR4VCt4MVNm
M25EVzZsS21OajdEKytoc2VBYm5SMU0K1wvfQOqBbAPyh1SxiONFSFO+a591HG/2
DJvP643yXIWBOiNTxjbQDygYmxwk9GbFmGlVf0pQoUEuH9D4SgCwJA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-14T08:08:22Z"
mac: ENC[AES256_GCM,data:Mel9AWdHERKt5xsDI7KmgINBCMAsfYrs/jgwQol+UVuiFXU73tAFeUqOZRDFwuzKBfxQExv8etBlgV8Q6Pdg0VojBLLz75BYZdqz5RD1VnllJ7y5/jCwCTyTbWxYQZpgj8dle0KA2NxoMraLIQY+gnvunqlAcIJgPZG9KY1UB3w=,iv:Nozpe5X8kwSrb2sturuCQBA8XhEQSI5nLRzBuCDFfz0=,tag:8kVcjwLDNTBmvDRPj2ELyQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRZ0IxQnpLSmJjTm1jTkI4
NkhuMUN3RVp0TEFSNHhtTkFvWDFaUXVpUlIwCkxWbkxnQkY2R3g0cUY5VG1Kb251
VUhYZlNCWC82Z0h3SHpaSnVST2h0WTAKLS0tIHJWR2FuT1ArRFhMWnV4cW9EcnZw
UHpBeWgyN21CUThydi9XdFc2V2c0TTQK38CQDRnFpUmWjyvDGGQ3vQxhBvy2Xva+
SCd8sJZc/bnVDOEidvV9oxJz4y0nj6RvgzcsU+M99YBJcuV12xPqag==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-26T11:56:44Z"
mac: ENC[AES256_GCM,data:cc0H+6P0uTl5kpMR0B9o5BP8l1KHjLHdMetPlmNEVQo3NCzm+0SBjGYOqNhr0EG2Gd6RKdsAADrZAwyH+pXA2pmNVdIehDBu4Xncwi8nrUY3gm3jBIG/01H5VLqtZCoLfbqQ4ANHrGhn7JE5bwrXbbmD4t/7E2i7qHLukPj4S8w=,iv:3+llbgLRU2tMr+S2nvyA8hGfCnnWnqprGSW9H3VSCH0=,tag:gzMc8wSjZfa4h0eN3V5Ylw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

26
values/badhouseplants/secrets.redis.yaml
View File

@ -1,26 +0,0 @@
global:
redis:
#ENC[AES256_GCM,data:d/vtscwAkAPFyRz6Ap29M/oZGEcX3POnzAd6GCkHIiTLFinXzOAn/ruMSiMsnL9lJxj50foVeLIXnmtFDGxUPsxNU9jePD037t6vbtja,iv:ALXE7IPi2d79rOpBMwlfi9IPtcvfoSAxsDHwiVItk8U=,tag:cMoKK0zkagLc3uC8Ry5hBw==,type:comment]
#ENC[AES256_GCM,data:XQ6nK+hlKfFOBDye9a2a,iv:ptA0TWsjVjOQGOCe8leC7ZjRX8gSnbjb94NWZMccxSs=,tag:9vw4k4N1wI/C7jf7ZPxi7w==,type:comment]
#ENC[AES256_GCM,data:eTsTA07O2Y/468A=,iv:ZWOZO3GAYbU/Bq5ejdzDUsrYpkfwNtK23zH+XS5PUsk=,tag:KL1Z0a+BxBW4Y+aeJb78lA==,type:comment]
password: ENC[AES256_GCM,data:kFbVUyKL0B9GhOapmqOS/FyTaXZEGUmSFFLxYIzX,iv:sLue4AmkT12DoPrWH3VxpvXFBHYhYRUTWcNoC+ojhGY=,tag:ikQsyximPvONoANv/61GXA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBORUEvSlFCTzh4N2NGVkhO
SlJXQlNvYjdCQmVjQWVpZ2YyUjlmWkZrWVdVCk1FK1VjVmpCWEVScVo0YldZQWxE
L2I1RnNsVWJGRll5MXNjam1zMzU5OWcKLS0tIFI0eUFEYTdyWkFEb0xQeTBaZi9J
aUJ0Umg5T1BFN1lEbThJTXErUkxKaGsK1Vvk45dshvEGF3OZfrLJPabHgvWFT8ps
f7Ygd+3XhZUBUBi50Em/xzmKQXL0I0Ps9JetSbQ/Amlmp9gU8VqRGw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-14T08:08:22Z"
mac: ENC[AES256_GCM,data:9dykGJs5NFjahNZ+4orzMh2u7UBRHMVCv5J9QxRqAzE2aT556W6bZoV9n0V5b7Z6jhVGHFxA4do9RoFT2lq7aMVpQ4nl4iSXuavPiuoBeq8aIwykpCF0cs5dHxQP7R5US2A8rzsSScIBbB2i1LhRtpiVVGmekVp1YSZJWcNhMNk=,iv:tWf4DjEcAff4LupkpFiR/Ss3iYBqtvcQGW/xAeCDIvw=,tag:nbWpyxzNKKrbo8HjMBbeMg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

35
values/badhouseplants/secrets.renovate-github.yaml
View File

@ -1,22 +1,17 @@
secrets:
RENOVATE_TOKEN: ENC[AES256_GCM,data:NwkAP50vrUc7dVB0wyWTgFDd+axltTqdyXuXFHHkmO2VF4QyV/svsw==,iv:kr53r5w7lVo9luC36mHghZ8fabo6/da8vLFEzhEOgDE=,tag:UnGnSXuvwlSzVuL6pEUXsw==,type:str]
RENOVATE_TOKEN: ENC[AES256_GCM,data:ohd4EhTlhRpQ+IXVf1Nb73+h0VHrMZduPhkbm53s3/+HRKUZd7JepA==,iv:qtbH0lz9Li+jjWcef6JGRpbcsOGlG+e3TNHDukAK2HE=,tag:KVmari0LUGHVb61VSFtgXw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtZDVVZm1UallMRzJpRVF0
b2dHaUJlQldOeHN5RVhydm5oaG52ZG95SVVzCkZ0enk4Mit4KzV6Z0ErTmxhU29W
R0p6NVBiRjFSU0NWUjNKdGU2WXdrcFUKLS0tIHFURlFVLzJ5NkJVRVpCV2I5U2E4
dE1VWExmY0xEdVlrZW8wRzlPRkVrRzAKVZHyy3AGktGuv7KEQX/M0xjyU/7FpgSB
OrWzXXds9h8PWC/19FU2puvdIER1G/2CajEq0PQmaC9YMvb8nLMv0w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-14T08:08:22Z"
mac: ENC[AES256_GCM,data:5FV7wwVyhB1UQOLW+iYyeImXAPv3dtTlw3Qjg2rBVBmbC8vHNpXFWloBhFeTSN4VAEjxm5tqACdP3IfNkrVT1SnYeySh6Xl/sdcAuAIao7uMjLDT/MK02AcS55T9pt7h+H4nkdNatMAX7jLKbHJwNoAnL5a/FgX+gKizAg4PRHc=,iv:7HRq2xMClJXYF2S9SQeYLZwCn2EOEc4JkEFzgze2e20=,tag:Fb3fm+wlnywr0hBfw5xyQQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4TGozODRjVzQvdzlvSE5s
RTlReWNSWDlzUVVLVmZXV1c3dWVwUU9hbWw4CnJUL20yTFpHMUJFWTdYQ2JWUisx
Y0djU2FhaEtVSTlRWEY3Z0RnOUhVVjAKLS0tIEZEUjhqUTRtTEo0L3haWFlRT2JS
QTFVWU5RSTBldzBjalg1TFBDY3hGUEEKCH1rY+tGtRNGMYrfSjqXbVsrPAleVHDO
Altiz0ceC5ODo01zwBf63vDVqjZtbIQNZ8oQ8Pjlktp3jCpL7JNK9A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-01T08:52:26Z"
mac: ENC[AES256_GCM,data:6PyWgR3f7lnen5Jun04Tsw1P7rcAgTSuF+YEh0fq3r3xHvQYFGesfEO4PHLfCGYtjyyCeyzpwBUIoUHTmI5tRYjLwjwRiIu/GH75eSLOx0y0gYMl8JUeaPxSpPvElpii3XAm7vKEJhTR9QzNuzduf0Q1JdlR6TM68XM8g78zeSc=,iv:CqTrPYoLg4IgW5zTsIcmGQUg5RfK+IQmxeQIQbd6oqk=,tag:P8Je5EhAv5TqqT77nPwlHw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.1

37
values/badhouseplants/secrets.server-xray-public-edge.yaml
View File

File diff suppressed because one or more lines are too long

37
values/badhouseplants/secrets.server-xray-public.yaml
View File

File diff suppressed because one or more lines are too long

26
values/badhouseplants/secrets.velero.yaml
View File

@ -1,26 +0,0 @@
credentials:
useSecret: ENC[AES256_GCM,data:7gOgTQ==,iv:Wiutik5u1CZ3jkI5lL4JLwvKDQrjNPSfmnyet7SBVzo=,tag:SYm+fm393zhqNMKejQfYKw==,type:bool]
name: ENC[AES256_GCM,data:NKs3qbFPKGIhXI7lzGTq,iv:MWumBc7eHro/P1oLZxQArvfoWmdJN+S0d/Qxb+ohI9E=,tag:pxJQzB82Us+UflGc271wGg==,type:str]
secretContents:
hetzner: ENC[AES256_GCM,data:tlumlKIfwugQj5Dj8Lu9HuEcKRv8v/JhTTz4oOvRavxmeBIGElfn/MyWbK68pagfDatyKsrYjqPTutYykJWVOWdHFOCIXunnI8vkDbzpxAH0BqyZQrek3s4mkTOPJkjfW6V1MNr5AvWMYLwptcIp2Q==,iv:E3jBlMgIXzuLCNVxEBlTiiVpLCdEolJuv96bSYamwLI=,tag:4zkhZUu+on0K1zF4/8tiWQ==,type:str]
etersoft: ENC[AES256_GCM,data:/kQ9eCnHIfDSzHxy2tbVgwe7C0cF+l5LaKCgksodxUJgxTQs2pJHyx4cluoW62RwOQKHxMCy3IaqphD2zZOIVKbR0q3xVmBoxcBxrKE5UIlSxbQ=,iv:YcJF8OMiFMz147c8lXVU+ccjq1okYnHiwUvJLmJHi20=,tag:hnwtfAkBCpZUy4TEGtMOOw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiaW9NQVR6OGtLV3ZqMThn
bWsrcGZKNVk1cXB2aDc5RnRNbTMwZVoyRERVCnEyQ2tFSlZmTnhRdGQxNW1BVGNs
QzBjM2tXWnhQYTBaR1pUZnUzMWpYTmMKLS0tIGQ1emdDNlVGdzNWRlRQcU5xSWxB
bWdPdVF3RjU0Z0RQWXZWVUVocVBTeWsKogQ3kmwrShfBOwMC+JHNiavRHryv+WNY
dkUkONkUH5HEWN/6M7bsMMqjkH0D/upD5UXOXr4fiibcM/w+XI/BpA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-16T14:51:45Z"
mac: ENC[AES256_GCM,data:65vGxoFLwH9WpxvqKYi1FEb8DhRWpq4K5cTjfqQEXDxbzKDk/RjTtHpFZ2iLnAOcL2ECvL+JU9yPeM7fS06nTW/TC/oP3yNGfyJp84IWNzrBVBE8HCTaXthxcRSIbGwvdCihViT4gZU7VkMaDt1WnEesjq/KQqcK/TSpCxhSyjI=,iv:HPfV3MRyeilrAFprdsLT6H//V74YzRiGM8O7TmU/g5c=,tag:tQHA6JW5ELAUXzIlJdLYFA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

22
values/badhouseplants/secrets.zot-mirror.yaml Normal file
View File

@ -0,0 +1,22 @@
authHeader: ENC[AES256_GCM,data:nmlP0vRoKJRivvwJArnEO26sqIwFtnK5MYVPJBBCmAGCPpe/U00gYu6JET0gPqGV,iv:+GZwWrxoWw0mAZxZdITBLtHgRKYIyaj/NQwHbD8KppA=,tag:MAer3FiaBxyNwJr0BbDtow==,type:str]
_mirror_password: ENC[AES256_GCM,data:W2xy2RMmD4d6N+DNceIgtDGUpygOGEbWgGa9Icsy,iv:YsQfm/EmBYY35q2irlZ2rmzkbJzlFnfgMSEKq0G1I5o=,tag:7rNG02Wm9g8GUXeM4nTHqA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVUlyVFZWcWFuWnEyS2Nv
Tkx6aTZKY1czQ25RTHhKNWNNQ0xIaWJLb1VFCkdoT0RBTW9EWG8zbzYxekdsUEY2
bE9nQUthV3NCa0kzRnBwZ2U2MWlVNzAKLS0tIFY4RVJDM05ZVmR3NEt5YUlpOWZa
ZVc1bmJnU1o4U3NGaGN0Sk90YTR0ckkK8gmkHty4Gwt4vuVK3xhWWg4h/EgvJULh
Trgn0lzx2pCThg/+82u5J1T/QLXdbbDFFFwGldiMwNjZQfpOmrZpVw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-26T21:04:45Z"
mac: ENC[AES256_GCM,data:cTN6wq1m1XtsfNujCfQ4nKtX1Pkc8MFCipUeScDLJUuZZwg4St0h1OkYtYJBWeVSt3CSjjexQpb7Oi9K8wukboIVevaIj0BTT1hkf2ZUFeIV8W62mtftfdRex0yJ/4h1gTZaYBhHEw+qD6r+XvavDs1m22FF5RuF+5qfGUEWA4I=,iv:RsVuXbLVfZSJ7AkIvEdf7H2auFTiqXgpXLe/LbATAo8=,tag:1V5eIiJzjzv4C1JNNf5Quw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

25
values/badhouseplants/secrets.zot.yaml
View File

@ -1,25 +0,0 @@
configFiles:
config.json: ENC[AES256_GCM,data:AmfyqvKW4RhxD3mbFNP9Qt6oKzvpPY78ysCwCDoQAHW2exl9p7JtQh/8M66HyE5dogTyKYfl5cpKrgafWu7ndfN6gCF6puHPC5uELFmJLpla/hrhivpBBjcSj5n4Nc3mgJVSndJvyvkOa4c8N7NInr41LDh+Ndv6kbEelyTOQw9gng5eeI/jSzYX6y3Zrt7oc+5FBbOABihBbz8Yfxww1QHnY6YDyuoSVrjf9Z3kQKxW4sJRviBNJGE+OCWB9oJ3RQ2RecamlX0XkmZyuqDCXU52OAIm8c5qDVd6QJR2so5wvrN0o2OWC8BMKLDWLw/TLO4AS9K4OWoJUlOGE2z3qxUG8moMxzHw2rCzBq1rMJaeho0/CZGiVPQWWzoruRurVCQoLXt6L5+oQSQj4ibpeJkP/Wnq3inT0EzEr41uas8kj7DdEJ+pKKy5tUdJXm5CRQfgFB8QdSbq/VE0alrsZ43iYNCj+CKWwnjPJ4ZGQJkNQKpRaBqrhnaGpuRDbJASSffSksrRxCunv1O2aqzY/gyrRieTU11SpCnQZ4ll/mhW6lhyuvLb741rV6vAHzaRnranhzLBECVIo/dy84tqNZ5OXUdXHBPRMzr+UX+2GdvcfGgzfaAJIeMul5Nl+nQAS/PmQOfejNTBGNQKKbz/i0+Mv/AwJvdpWA2laYjABPubFVM4671LPjVhEcFRsjnfYWs2MY43woTXVrjKZFghH5h4frwFAs/OhsYcPR0bOHMhF8brQgPHCsPWp5NhyhwRq7310krGyca1xdBvj+2oZHOohIvXk6hEHO7MFTOrn9iAeiGOnCn22GQZaK7EE2aKMleMJwfIo2Dyy6X+s007K+3Jjbt4yvUruB7hHkcVYyfHUABJLbkXPNUJ7xLgbcRXIaHJHlZ11prhBp2UDUgw9oSt/1kUHI2ZU46AfglWlGyd4xd4SgGmhs4R++P/O6GviVJXbIDGEA7UA5h6hlMNx3vuKRnjRl4OpSZbWQZh23dK1Kh1E5hV8TqbaPI8Wv7mvGd5QVRWMhwJp5dW004waifhrZNlZm4xEld1GFupK+ForBX0QLkk8juD1GBuYbawO8YTKDg5xlAKQtlVUmEPvVsAiGArYuPWuN34OqazWLvzXM1UFK9sztEPHwXgA+sOitOAOjEBfnFY0tYe6m3xrnHRNqLV2L1YK1F1V6g/+j60YHc3lofw87KpaaVJD7xF+HR9Ly2VskOmu2KTVD+j/ZIJWjGw96Asf0K5mKzBkyFGaFFYNpeHw9A3cGVYCYy7S9bFMVlPhoCJzAY4fyTw9GtpYKrXzL/u6hSOa0FRW5uvfvbCcK0spfT/CqFHkeRhNxleCvAkONZUfdKWdwvySUuRlV8rZfLOHX6IgosepvyH0WVaJpp6GBD1jyricfvp3eLocEY9Ih2eTB3j6IML10qMItdWv377B4Jnch/e3enNruivvptxAvq+rseiN+IHA/m6+xB9ZNmhIphTCfLyn1/pNb4uLfcMCldKqjzaIkAWcO+BhHJWLWvbms40uWsQ5tzdaZRcmvKonPGSKiOfouCOKZvos7uVmyTsXDFZu/2JweYu7DqrrxcJ4+dVzwcPA+FXI7DSV08n2DyOAMY8KjWkCw4pXIrT4BRCXjZaJbU5YE/25P/u9o3wjyv0+MICiGKGnNj869VG58CHjx+cjQegAAxC6XAk7egCXkRGZMJS0vnIlIAU7bDf6fYsTiOZ5BUtnjflFOA+z0apdzDjtA3aMdhzYjNmk2kLMo5w5h8k3k/GJKJFes/FiGJGQInaYizJDU1NewKZbm9kMNZsjUCVJG9aH2gXTngfRBGhgYAZG3ENBHR0wexsbBu8YpSzHduyzvrhvIlYFkdHVL4Pj6kdBeqA6FMWb9pVbIMlqW8tJeo+6TgBWUR9mWzEtGcUVpm9VxHorE9A7ten40ZR1nOpIDv4549LbxsqCrX3+VMUgVl/8eVj0iLCsKvThhuCRWB9gUfNBlHw4bxvteXMLiqhiuHY4X+8y9N9IlJKLtW6Pf2SedvrPNuTbJvPBog5YaKN63au7q6MNQZdAWhkKgcpgSwPwT4bK/uTsvrk0VAChThsMYUvgGY9NnN0qLlgZzQspFAhnBbnM3kCMjV8zgw8sPh3m8jfei+Hxz3CVF2gFGgcgG259hNjORZDqTXRiRZkVc/TtFXJKsPCuOK1ieGc4m+yqPUMp58tjL09tfAO3jmS4FY/FW4YohLPgtlvs+IFsJ+gh2VHGNNDuHUMwjRsBG/Mg9Ayz37jEphtRbE5Z09BN2b9v9aqzVrmMPW5N1DcaF5+aO8qqumUg3GC1dP7meybanfSF0qGtPH9VE8upqFqUWmaNDlPgPZ6KNwEDJyiAdRtnb2CA9B9ejM1A3BizjzcXMK/nTOs2+b79lmpXs0ziesNvDHuB3hyW8JePmmgBQF0GWx1lPNErBLYCeGKINSpUXn87OE7egKNlhjIEm//GqmPFA565uVkyhFgx/k0yw1FKLFP9M2ToJGScwV/wfIRXtcPioZ92uvrchKK2b756SDNIIR624jeHZioYmXvQMeG+S4vRPFz/QXKKdQ2OVaLhhWz3nocv9FivKb4rGRLm9FxcuGsY6DsiAjyYKkXIfcT/qXgMOnyj1BHBReFcrDHWb8CwMNSJ/tOewmToyIbe/lwbDUB5fOKO11tiXmLvaoSIJDU6k3Ls5z+A3IY/7wQbfwQb7Dnd+4w414ajfdJDJ7SqlBpTCjlrhJzmUXsqd14mlgmcmPBu4I9x8/kiYaIzHXUh3vS9URX2+3ifoXJm+KaiPTiGPJQIhoEH1kDFGm3PTxeFizgqlmQd3nPSDSUDaeE1fg3H2fn4/QxCJYTK2MZhTl52aswDwa8UWiv1zfCmtVLW2/MasVyjcPxu1PfCdGF59VKUQHQg1QJKSCYZ2tZmd+JiRLVSyXoUtyqJ5V4u4lSzhaUv+8ApaHRCVOEh5HwPtaDYVLrdcigxKmiMiqCAGdYEpPD6pn1N+KKCSQx/nhUTRBQ+4CEIEJBz7Yv+LLgkWD0T8tZb9pTAjt8MLNzeglomsAPX/LRkxgXbLUIvlcTH0jvDMPmvLCshzDvtckIzOj4bFdxVEdLo0JA8URFp3oP5pTqZGJXR4fx4Kgl/cXJwyX43VttNDPyc96KIBF33oy8c+z17OyQplcoFzFBpvaqA0cvmcl2BBtI1On4jYsx0VSbqKyOU4JawLcLcAOOTjYyYAC2iGxnn8gSoZF1DK83G/GRF1y23XDeoWSl9WMVgOiK35od3ZRjeaH/5Rq0Nq54bbJE4sN4DyjFJXkDbP10Rj3/BZp88AlFMCZk+9O2bUCbTzyqP9YO9QrgsnWxnms92BRXu/KBL+G9Ya3MH8DOMjXuFkuhN47PeZpMohW9ECVx1jHuC4eIpihh0oZKVBd2mULx48pYIHf8Fp2Ab4fafqUD7Tka4pN9apcZo/u04z5DW9q2S3T+c4G+r4O0y0R1GLDcTvTzVRxyzm2D1t87C9tZ1X3uPkQlechr86l5I4ylNghutX5wPlFSwjxKMy+ZUd09cKKDeG1GMvf5dXmhY4dvxxynFue1Ykq+ymLETogIdn7MZigUs0hjd2QgaQ5H/uarpjb8apovRPqyXUgfGQ06JjZcSCVLTuBeGahi1mI/WR2eM399idK5arUYhmjBIINVu2Wm47tgKiwYYJYdoV3MwbbNudMZDr4MP8HK+TTHmf03CXQId9htKOgJDosnNMiB+QcGGPaV2W5hv4bQ/QwGeFE7ZR+4h4NnrezE1OGfiqLYnCGZcmUl5G8WjMj5DW0nyQ5gHJwS1kitwxYzFwwKPYUv7Y5Sq182HdQ7Ox8wP74XAjlW+1ha5+tcJymNe8H9viPU/Z1QipmuZTgpNop/tLH6gc0qNkTlT2qpM0EY81lqQAB4j3IB9AFk91x+gOBszTXp/w+T1ZgfJ9+btxQnK03EqAPaI6G1n1ifpRg=,iv:O08z9Dz3ywRjsFu3Uu22+87/ZoElw0hmvsYPKYaBFuY=,tag:ph4Zi+Br9cdGIlldKw4TGg==,type:str]
secretFiles:
htpasswd: ENC[AES256_GCM,data:qdx8p+CfYhStN+gKUI5Zt5KD5R0AfZQUiERw+SVXgp7+zxYbcj/ZcdKgxLi06U2HJs1QTNdoTx5eDW5QY0CNUMxKdoGM7JSZwr0dckRAT3xGKyMUbzz4CTdi5UOSRX3EtI8F65tCDLWlneFWrWRzGgIOq6gNQV0TqGyzNfQClZ470AanPcpWFg==,iv:vZJF925Zq7xPsV9OLOF5eSMqNwtCc7FNfWNV/AQFdjQ=,tag:P/IezO7b4vYKA82OJUusVw==,type:str]
authHeader: ENC[AES256_GCM,data:pa9BRXRwPJHQyD0vzQjkgKu8YCbQwFAFgz3swq+Ofl12r5t5JFfKkU35zEKb7wJq,iv:xL2e/6sFxO4/FZRDsBxgzNujsLnIXO4LeEHsscjMIXk=,tag:oeb368hj+PWh9y4pLN2mNg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5QkNnYjFxN0xVVUFHOEJB
NnZicWVWOTg1Z1hGSmNjQU43RG9PNTR5Y2lnCmJLOTQvQndxN1dKV3pyZWdKOFpo
V0ZZbjRhK0tIaXVERnBFSFpybUEvNWsKLS0tIEY3d25aTlNCaVpxUCtkdGduN056
VFRWdXhMYmd6am9aTXNUYXRaWllpYncKxYAq1sg0mAvAjX7mfekZOcR9y9e5gSF1
L74UaXFN/OeQwzqlA0W+EuBeMvj5Xrp7ENconJ0P3ecAFa/t8VujPg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-12T16:13:40Z"
mac: ENC[AES256_GCM,data:N6uiTszn+I+L2HmWDLG9/h1sttQQltvfM/7Lq3tdRei6fn6Erog6u8IKbr0guRe/sJdt0SMB0xE9gB46Ldwyv7U+Ut5gMSxrxz7FEZSBeH5ZKegGvmkPIqafwL8frZqwlR/3Kmbegs9yAM9VEZ/qcprx2M4gpffiKTATxbm0rI4=,iv:8OMSYrUxcOeuVnbOXoPgs42QPTXLOICnLvXuSbQBz6k=,tag:QPqwsHn1ktM9O2rsohMIIA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

9
values/badhouseplants/values.gitea.yaml
View File

@ -40,11 +40,11 @@ replicaCount: 1
clusterDomain: cluster.local
resources:
limits:
memory: 1024Mi
memory: 1.5Gi
cpu: 1
requests:
cpu: 1
memory: 1024Mi
memory: 1.5Gi
persistence:
enabled: true
size: 15Gi
@ -57,8 +57,7 @@ gitea:
metrics:
enabled: true
serviceMonitor:
# -- TODO(@allanger): Enable it once prometheus is configured
enabled: false
enabled: true
config:
database:
DB_TYPE: postgres
@ -82,6 +81,7 @@ gitea:
LFS_START_SERVER: true
LANDING_PAGE: explore
START_SSH_SERVER: true
ENABLE_PPROF: true
storage:
STORAGE_TYPE: minio
MINIO_ENDPOINT: "s3.badhouseplants.net:443"
@ -128,6 +128,7 @@ service:
type: ClusterIP
port: 22
clusterIP:
# ------------------------------------------
# -- Disabled dependencies
# ------------------------------------------

13
values/badhouseplants/values.istiod.yaml
View File

@ -1,13 +0,0 @@
pilot:
resources:
requests:
cpu: 50m
memory: 2048Mi
global:
proxy:
resources:
requests:
cpu: 20m
memory: 128Mi
limits:
memory: 128Mi

37
values/badhouseplants/values.memos.yaml
View File

@ -7,20 +7,29 @@ ext-database:
credentials:
MEMOS_DRIVER: postgres
MEMOS_DSN: "{{ .Protocol }}://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable"
base:
workload:
containers:
memos:
envFrom:
main: {}
raw:
- secretRef:
name: memos-postgres16-creds
workload:
containers:
memos:
envFrom:
- main
- secretRef:
name: memos-postgres16-creds
storage:
data:
metadata:
annotations:
volume.kubernetes.io/selected-node: bordeaux
storageClassName: openebs-hostpath
ingress:
main:
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
metadata:
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure

18
values/badhouseplants/values.namespaces.yaml
View File

@ -1,18 +0,0 @@
namespaces:
- name: kyverno
- name: velero
- name: observability
- name: databases
- name: istio-system
- name: applications
labels:
istio-injection: disabled
- name: platform
- name: games
- name: team-fortress-2
- name: pipelines
- name: public-xray
labels:
istio-injection: disabled
- name: org-badhouseplants
- name: org-onpier

4
values/badhouseplants/values.prometheus.yaml
View File

@ -1,7 +1,3 @@
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
coreDns:
enabled: false
kubeEtcd:

6
values/badhouseplants/values.woodpecker-ci.yaml
View File

@ -4,8 +4,8 @@
# ------------------------------------------
ext-database:
enabled: true
name: woodpecker-postgres16
instance: postgres16
name: woodpecker-postgres17
instance: postgres17
credentials:
WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable"
server:
@ -41,7 +41,7 @@ server:
WOODPECKER_ESCALATE: true
WOODPECKER_BACKEND_K8S_NAMESPACE: pipelines
extraSecretNamesForEnvFrom:
- woodpecker-postgres16-creds
- woodpecker-postgres17-creds
agent:
enabled: true
extraSecretNamesForEnvFrom: []

160
values/badhouseplants/values.zot-mirror.yaml Normal file
View File

@ -0,0 +1,160 @@
image:
repository: ghcr.io/project-zot/zot
tag: v2.1.3-rc4
ingress:
enabled: true
className: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
pathtype: Prefix
hosts:
- host: registry.badhouseplants.net
paths:
- path: /
tls:
- secretName: registry.badhouseplants.net
hosts:
- registry.badhouseplants.net
service:
type: ClusterIP
persistence: false
pvc:
create: true
lavels:
velero.io/exclude-from-backup: true
mountConfig: true
mountSecret: true
configFiles:
config.json: |-
{
"distSpecVersion": "1.1.1",
"storage": {
"dedupe": true,
"gc": true,
"rootDirectory": "/var/lib/registry",
"retention": {
"dryRun": false,
"delay": "24h",
"policies": [
{
"repositories": [
"**"
],
"deleteReferrers": false,
"deleteUntagged": true,
"keepTags": [
{
"mostRecentlyPulledCount": 2
}
]
}
]
}
},
"http": {
"address": "0.0.0.0",
"port": "5000",
"externalUrl": "https://registry.badhouseplants.net",
"auth": {
"htpasswd": {
"path": "/secret/htpasswd"
}
},
"accessControl": {
"metrics": {
"users": [
"admin"
]
},
"repositories": {
"**": {
"anonymousPolicy": [],
"policies": [
{
"users": [
"mirror_user",
"overlord"
],
"actions": [
"read",
"create",
"update",
"delete"
]
}
]
}
}
}
},
"log": {
"level": "info"
},
"extensions": {
"scrub": {
"enable": true
},
"metrics": {
"enable": true,
"prometheus": {
"path": "/metrics"
}
},
"mgmt": {
"enable": false
},
"sync": {
"enable": true,
"registries": [
{
"urls": [
"https://docker.io/library",
"https://docker.io"
],
"content": [
{
"prefix": "**",
"destination": "/dockerhub"
}
],
"onDemand": true,
"tlsVerify": true
},
{
"urls": [
"https://registry.k8s.io"
],
"content": [
{
"prefix": "**",
"destination": "/k8s"
}
],
"onDemand": true,
"tlsVerify": true
},
{
"urls": [
"https://quay.io"
],
"content": [
{
"prefix": "**",
"destination": "/quay"
}
],
"onDemand": true,
"tlsVerify": true
}
]
}
}
}
secretFiles:
htpasswd: |-
overlord:$2y$05$RhAeAsFY32y8h0japhT72.SQTPXgHc54RCp4CZ4Udsg2.iQxJVeZ.
mirror_user:$2y$05$PkvVMY04ZGvuGUXkrez7peyXevl63ugFbdxZ.ON1G/Tof/0Uf5vZi

1
values/badhouseplants/values.zot.yaml
View File

@ -1,5 +1,6 @@
image:
repository: ghcr.io/project-zot/zot
tag: v2.1.3-rc4
ingress:
enabled: true
className: traefik

21
values/badhouseplants/velero/velero/secrets.yaml Normal file
View File

@ -0,0 +1,21 @@
credentials:
useSecret: ENC[AES256_GCM,data:JeoOyQ==,iv:fu/UL5pN+RfYRluV1ipqbJ7AMmb6mBzo9Cs8MEaH90g=,tag:SXueO8IzwQ12MjSQUx5K4A==,type:bool]
name: ENC[AES256_GCM,data:jHBOoXdfbcm9/tWworFG,iv:EZdqinT6tBFS2t7/l3bA2A5OspmmXVBhlM4ENIMlWeI=,tag:ltP1tFsWxRiQV8GgNe2RmA==,type:str]
secretContents:
hetzner: ENC[AES256_GCM,data:cLAnAdz3RlBE4YOVDIcQ+gjWxsA2jsNJgh2zkBV9LbPHU2eJDaLmQIzGov28vQK0tpdGBk8uncjg7eLVpqQFnn/+4mbMrCICLNqeNYJNG9sTRhBoA8EqODRQ7mJoHMdvSqk8dp+9nGXrgO/HCKZCbg==,iv:pEQbq9pqWcuUG3Jj93QNbD4N9a/NxLPc1XqmfYNdOoc=,tag:Ss8hyMYYm24UG2aVXw6MQQ==,type:str]
etersoft: ENC[AES256_GCM,data:f7opp9R8bLoOSqpzJdjUXiVHF0hxH3uE+fRQfgEA/G0wDrPio6SPNUG+ROeZCrLJgizFTR6x4/r/yTIglEeaa9aefF1OG9dEdlpko7AALnf3DYQ=,iv:NGXNl5BbQS5dgVn5wNqN7ba11AeDgHXPloYTBC95l2E=,tag:kA/7bvS9h20/a7se5e1zUg==,type:str]
sops:
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2emd4d1gyWjlYL3dYRmw4
Y2J0UkJaMTR6b0NsNTVzcTBHMXJ3WnNRdWlJCnB0ZEJmclRzY0Y1WEsvQmRWYU9k
cDRtQ3J4azNBUnN5bVUvdm9EbEo1ZHcKLS0tIGN6L0VpTWlQNm1sVnA4UldBbk9C
Q1dWek5PVjNkZUdJYllJSTZhQ1p0QU0K4LFd1ITs38M101fqy6KZGZ43x4Ou3VtB
EN1uxBEt5AdfX4F+FbOnA5qAOUdRRN31TjIXs948E/1vgm8zRxSx1Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-02T21:11:55Z"
mac: ENC[AES256_GCM,data:ArJNDbctyrzJIVo9CojFPAKlhW9xCBYvfpA27iG2YGWYfCRQ0uAIVmUn0jVsbfYWdtQ5WZD7p05itXMobQMMlFlv3twi7B7taXYXQQzZghhOCVJBYo8I3gFl9wxVpKHNc+WxuerFCQUCOXyBMI9CLmXsKBwlciLl78OSU6SMe/s=,iv:wHFF4yhYLs6QjOcvcU4WDpNyjQZl0dI42mouVR/43Eo=,tag:notDIF/S/r7MlYogftz9aA==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.1

13
values/badhouseplants/values.velero.yaml → values/badhouseplants/velero/velero/values.yaml
View File

@ -1,10 +1,3 @@
initContainers:
- name: velero-plugin-for-aws
image: velero/velero-plugin-for-aws:v1.11.0
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /target
name: plugins
configuration:
logLevel: error
repositoryMaintenanceJob:
@ -17,7 +10,7 @@ configuration:
backupStorageLocation:
- name: hetzner
provider: aws
plugin: velero/velero-plugin-for-aws:v1.11.0
plugin: velero/velero-plugin-for-aws:v1.11.1
bucket: badhouseplants-backups
accessMode: ReadWrite
credential:
@ -29,9 +22,10 @@ configuration:
s3Url: https://nbg1.your-objectstorage.com
publicUrl: https://nbg1.your-objectstorage.com
checksumAlgorithm: ""
- name: etersoft
provider: aws
plugin: velero/velero-plugin-for-aws:v1.11.0
plugin: velero/velero-plugin-for-aws:v1.11.1
bucket: velero
accessMode: ReadWrite
credential:
@ -73,6 +67,7 @@ schedules:
- games
- databases
- org-badhouseplants
- org-allanger
weekly:
disabled: false
labels:

6
values/common/databases/postgres16/values.gotmpl Normal file
View File

@ -0,0 +1,6 @@
global:
imageRegistry: {{ .Values.registry }}
imagePullSecrets:
- regcred
security:
allowInsecureImages: true

6
values/common/databases/postgres17/values.gotmpl Normal file
View File

@ -0,0 +1,6 @@
global:
imageRegistry: {{ .Values.registry }}
imagePullSecrets:
- regcred
security:
allowInsecureImages: true

6
values/common/databases/redis/values.gotmpl Normal file
View File

@ -0,0 +1,6 @@
global:
imageRegistry: {{ .Values.registry}}
imagePullSecrets:
- regcred
security:
allowInsecureImages: true

Some files were not shown because too many files have changed in this diff Show More