Compare commits
5 Commits
96144c534d
...
430f63aea7
| Author | SHA1 | Date | |
|---|---|---|---|
| 430f63aea7 | |||
cd6a200591
|
|||
|
173af0f7f8
|
|||
|
1184e6cd89
|
|||
|
e3f77b6bee
|
@ -8,9 +8,10 @@ repos:
|
||||
hooks:
|
||||
- id: yamlfmt
|
||||
exclude: |
|
||||
(?x)^(
|
||||
.*secrets.*yaml
|
||||
)$
|
||||
(?x)(
|
||||
^charts/|
|
||||
^.*secrets.*yaml|
|
||||
)
|
||||
# - repo: https://github.com/codespell-project/codespell
|
||||
# rev: v2.2.4
|
||||
# hooks:
|
||||
|
||||
@ -15,5 +15,16 @@ metadata:
|
||||
{{- with $ns.annotations}}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if $ns.defaultRegcred }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
type: kubernetes.io/dockerconfigjson
|
||||
metadata:
|
||||
name: regcred
|
||||
namespace: {{ $ns.name }}
|
||||
data:
|
||||
.dockerconfigjson: {{ $.Values.defaultRegcred }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@ -20,6 +20,7 @@ releases:
|
||||
chart: gitea/gitea
|
||||
version: 11.0.0
|
||||
namespace: applications
|
||||
installed: false
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
@ -43,6 +44,7 @@ releases:
|
||||
- template: env-secrets
|
||||
|
||||
- name: app-tandoor-recipes
|
||||
installed: false
|
||||
chart: allangers-charts/tandoor-recipes
|
||||
version: 0.2.0
|
||||
namespace: org-badhouseplants
|
||||
@ -51,6 +53,15 @@ releases:
|
||||
- template: env-secrets
|
||||
- template: ext-database
|
||||
|
||||
- name: app-tandoor-recipes
|
||||
chart: allangers-charts/tandoor-recipes
|
||||
version: 0.2.0
|
||||
namespace: org-allanger
|
||||
inherit:
|
||||
- template: env-values
|
||||
- template: env-secrets
|
||||
- template: ext-database
|
||||
|
||||
- name: app-navidrome
|
||||
chart: allangers-charts/navidrome
|
||||
namespace: org-badhouseplants
|
||||
@ -67,23 +78,13 @@ releases:
|
||||
- template: env-values
|
||||
- template: env-secrets
|
||||
|
||||
- name: navidrome
|
||||
chart: allangers-charts/navidrome
|
||||
namespace: applications
|
||||
installed: false
|
||||
version: 0.5.0
|
||||
- name: app-gitea
|
||||
chart: gitea/gitea
|
||||
version: 11.0.0
|
||||
namespace: org-badhouseplants
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: ext-traefik-middleware
|
||||
|
||||
- name: navidrome-private
|
||||
chart: allangers-charts/navidrome
|
||||
namespace: applications
|
||||
version: 0.5.0
|
||||
installed: false
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: env-values
|
||||
- template: env-secrets
|
||||
|
||||
- name: server-xray-public
|
||||
chart: allangers-charts/server-xray
|
||||
|
||||
@ -25,7 +25,8 @@ repositories:
|
||||
url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=master
|
||||
- name: istio
|
||||
url: https://istio-release.storage.googleapis.com/charts
|
||||
|
||||
- name: zot
|
||||
url: https://zotregistry.dev/helm-charts/
|
||||
releases:
|
||||
- name: namespaces
|
||||
chart: '{{ requiredEnv "PWD" }}/charts/namespaces/chart'
|
||||
@ -33,6 +34,7 @@ releases:
|
||||
createNamespace: false
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
|
||||
- name: roles
|
||||
chart: '{{ requiredEnv "PWD" }}/charts/roles'
|
||||
@ -181,3 +183,13 @@ releases:
|
||||
- template: default-env-values
|
||||
needs:
|
||||
- istio-system/istio-base
|
||||
|
||||
- name: zot-mirror
|
||||
chart: zot/zot
|
||||
version: 0.1.67
|
||||
createNamespace: false
|
||||
installed: true
|
||||
namespace: kube-system
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
|
||||
@ -0,0 +1,25 @@
|
||||
env:
|
||||
secrets:
|
||||
data:
|
||||
SECRET_KEY: ENC[AES256_GCM,data:bLecWaJafPbXT2/dvKt3R2KNfuxxgQ6yLxviYbOf,iv:liuexfgYScH+eg/qSO23SQxE7hKpudgkOH3JRDkaa+A=,tag:DEcAbY6rg7mQnhsnukWtFA==,type:str]
|
||||
SOCIALACCOUNT_PROVIDERS: ENC[AES256_GCM,data:kx9ziZhxWcWTu1UG7BPi/sdG1tHhzugq65xxL3IPVx8i1oHXwy+00KaOEsIYP+TJqX5516Zq6JqtXe9dQwI4uVIy538FdXeEQDHKNS0xesSx8jG0tKa71GiqyQGBrBBxiy144za9y1QHB9k1pvuaza8mVEQOoktmMFfiHzEOhYDQxIzTulOMWxN2ImTsYSupHS6HLR13gDCyROVDzj1Io/U1VHxN5RZBPiqthNiB+/Aj+2FuCwAaxgEE6VVNFJlghi2yiZbl/PvZ3MDT+dAx/NijawVt0qdBBmPvB3jKZkgRN2tyystGiu47hnLosuzjrOjAMA6rP7XkT2gQ5e6hoLlJxWD5IiAHI+gQK7REbyJrEmSwwH0aCVsd1H4FOBNk+rfKpTIr7sRZFTVcZLtUdTZW6EW0XWmrBBPr5jodmouoFZY+dGlWP1vQkG+2eymw5aJCan0oq+x+J9dB+CVZc/2M1zBeRa6Crg7w3smCqOr46jkaRxfoDxV2NdRSla5zkwwFSS7MqPYlqre2oW+pgP7lvRa4MW9++5q+Zg==,iv:RZMNm66PhTWvjJG5jtpJW22TFInHw8LT04qui3fMLgA=,tag:ETMqmFO/8Kve/W55WP21dA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKcTM5RTNIakwwZHNrQXE2
|
||||
U2FsK1gwMDhUTDd1MVorbENtQXdnZjYrM1c4CmNQaG5TcU9wK25qQUg5a29UUXBK
|
||||
WlZHK0M0dHEvZWVyZmJzR0RLU1pGWmMKLS0tIGk4TFArQnJyTWJJa3FJRlJhY0do
|
||||
ZE81bENWM3ZUdlR0N2RKMnJkUnJxSG8Ky2ngwj6ZnToGhnAJChU8NXUG+XPPZc2F
|
||||
fOD35BFO5bUNe+V8MkDLae+GQ1hr55r4WnvFpSWywRIjCFYmUJHTgQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-02-22T12:32:43Z"
|
||||
mac: ENC[AES256_GCM,data:khcLV/lPaY6J5QQmX8466jx9bsXn+NwA3TLIUYs9ipKa539OjIWstwyydVxILSBCwEWGEW86c8EzLBwptBBgg6gehfRJAax5TAn0lBd1lAAiAxZhdNpc2tfoaMaUWfWdpwYjdrtnvAlAkN3/16nvx+TIq7WdU/cWsic96PqhU0A=,iv:I81QvtZ7S+mSAzoXhU0YBMN0L4K+SRHW3UtcSLxwK5s=,tag:gAeAIjyJ13A8gfE7ppBeRg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.4
|
||||
@ -0,0 +1,57 @@
|
||||
shortcuts:
|
||||
hostname: tandoor.badhouseplants.net
|
||||
ext-database:
|
||||
enabled: true
|
||||
name: tandoor-postgres17
|
||||
instance: postgres17
|
||||
credentials:
|
||||
POSTGRES_HOST: "{{ .Hostname }}"
|
||||
POSTGRES_PORT: "{{ .Port }}"
|
||||
workload:
|
||||
kind: Deployment
|
||||
strategy:
|
||||
type: RollingUpdate
|
||||
containers:
|
||||
tandoor:
|
||||
securityContext:
|
||||
runAsUser: 1001
|
||||
runAsGroup: 1001
|
||||
fsGroup: 1001
|
||||
envFrom:
|
||||
- main
|
||||
- secrets
|
||||
- secretRef:
|
||||
name: tandoor-postgres17-creds
|
||||
extraVolumes:
|
||||
common:
|
||||
path: /opt/recipes
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 8080
|
||||
initialDelaySeconds: 10
|
||||
failureThreshold: 30
|
||||
periodSeconds: 10
|
||||
ingress:
|
||||
main:
|
||||
class: traefik
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
extraVolumes:
|
||||
common:
|
||||
emptyDir: {}
|
||||
env:
|
||||
main:
|
||||
enabled: true
|
||||
sensitive: false
|
||||
data:
|
||||
DB_ENGINE: django.db.backends.postgresql
|
||||
SOCIAL_PROVIDERS: allauth.socialaccount.providers.openid_connect
|
||||
REMOTE_USER_AUTH: 1
|
||||
SOCIAL_DEFAULT_ACCESS: 1
|
||||
SOCIAL_DEFAULT_GROUP: guest
|
||||
@ -0,0 +1,50 @@
|
||||
gitea:
|
||||
admin:
|
||||
username: ENC[AES256_GCM,data:U230S8544mg=,iv:yL45Opnqp5T4h7erEv0pRHWtH1th8uu1Y4wfeY2aJcQ=,tag:a4vsJEOxlmHj1mwqcUGbiw==,type:str]
|
||||
password: ENC[AES256_GCM,data:IpwOetFEvxt0/tGkiJ8bBI+OR/E=,iv:8OA48CiWeMyqZVs2lp+UzfyymUNQfdgmAQV33+AVQ+s=,tag:stgAMSnB5dCzFu4zvZeVRA==,type:str]
|
||||
config:
|
||||
storage:
|
||||
MINIO_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:cn3NsFx0TH0fw6mJt6cArMRyQ6Qng3gIPQ==,iv:Jv+rweQzEXfVWuWycjGSi54jRAm0XEEcNxZ6flbUZWM=,tag:6O9KvcnaVEME5lXl6msZLw==,type:str]
|
||||
mailer:
|
||||
PASSWD: ENC[AES256_GCM,data:3UL0uvz49J3GIOo/eVWKYLrDG+u/lvCr8Q==,iv:HBQKF42R3tHFQxkUoRzsiPCUkFM40qpjM0SYrQSxugE=,tag:iua/nXoogjxnkj9T6UB/Sw==,type:str]
|
||||
database:
|
||||
PASSWD: ENC[AES256_GCM,data:DbL7wryYRQAEzujWNL4I0AwEq6Cr2r78FXQOAw==,iv:Oc2IYwD7iy7AlYVnhvSc61ttOf20qJyuuDnx4yF3/YE=,tag:aLa8+r0kYvzFSuF3hvhL2w==,type:str]
|
||||
session:
|
||||
PROVIDER_CONFIG: ENC[AES256_GCM,data:owsHUHdmzGiFgtD3+nRBmHYKcsNQXblbuCO8V0tLAAMvJBRHSA5YG1TL3Quy2186yoZCPiAdeQwg/o2Iutk2Mlc6/NmeurZbxomV8dWBuqJfn6t44xnDgFnEXpxE5kB5lNCtcjKXmpxC4fkoUVscOyZFmKp9uTgH,iv:evmTZH5NzMB3nhqLhuBmTTF4ztJX9a/ZMTOmYMqSaxs=,tag:dLnk9xt+moGoBhx7tqazig==,type:str]
|
||||
cache:
|
||||
HOST: ENC[AES256_GCM,data:feiTcBqztm76LZgNShj0Go0IRNgG9UwCQP9KrdexosP2XCnSe+giyKoIcADiHQFYVbnnkpw7/UqNxgM0Tx+EQ9eyFKY+PaFyCSFmQwikmAWakDJ+hQNM1VaNaDKdeLiGIeI7nO2MH9hGDMzPWtUgMNBxc9tTS38l,iv:Rcr+uiZMWbG9IPeMm+eiNf3W3yz2L7yqSkJSKUhWHtk=,tag:3cLuUAEU6CZvvUYKF1cCAQ==,type:str]
|
||||
queue:
|
||||
CONN_STR: ENC[AES256_GCM,data:Mw7W72M3HitiAEG1ihWctXyYqHJuSiKBZvQDDRjA4O9Yg9Zsbq+/HVcnh074zbiTjCO/496FLiy88HuAw8lksZ7MXXVvRI7rIcFKFZLpHcjAqkBnB301SGalK/R4bSisECsYIFPjKuh+s4PIuPEIgFtZuiEvYdbT,iv:uYwjzUObav2Hs/JgRIYbGBFNcZm++qS2QqKpz6Ma6EA=,tag:0okDz0yzL4eSat/0roYJ2A==,type:str]
|
||||
oauth:
|
||||
- name: ENC[AES256_GCM,data:sN+DzBKd,iv:0HNSbQEDLsV76DIRHdWnPs9SI/bHRZz6Fw+8B8Hhuns=,tag:mwTWy9VSXapPu3uLk7LgSQ==,type:str]
|
||||
provider: ENC[AES256_GCM,data:m74moJ8h,iv:QfE5F3vpIlEzIftHlX/qpNvsnAab8gTd4CHyECHNcmQ=,tag:JefFm9mfYJSKzBDOb/l6BA==,type:str]
|
||||
key: ENC[AES256_GCM,data:7ScP3oXE0zTnaqL3AigHby39fMk=,iv:sXllPawkQ5BcKmC1iBUJ2WOEPK2lm6W3q+GrprHZhAc=,tag:vSCB9w5x6jjPNu5b5ZEMzw==,type:str]
|
||||
secret: ENC[AES256_GCM,data:XG9D5IUX4MqJzKf+aB7MCeDJAQlIzMxSv3ByAZQAdZCI+5my+cMfeg==,iv:s3e0wFznoX55MeEQj+dK0QrzzatGzDBKfT4xDD00cOA=,tag:vk32YQcPs0kAIOj61YwHww==,type:str]
|
||||
- name: ENC[AES256_GCM,data:eBSL9xrBDN50,iv:TiC3jjpfwS6A9x6PAkMIorwJ9CecxblzEFt5+ZmSW6I=,tag:XA6UrnJbkUyDBgOY9xfIPw==,type:str]
|
||||
provider: ENC[AES256_GCM,data:yh4TBYDI2R0a4f1qSg==,iv:hx8pAuo//U+YY5a2cq/KyoK4qcKbSXWtkrDvACWLU2c=,tag:uJ9JNWdDjb0eTS0ZJXHDaw==,type:str]
|
||||
skip_local_2fa: ENC[AES256_GCM,data:8YwpOw==,iv:2R3Zc4HK/U31SVcXR3xi9J/kJySR3osA8xN3YhvRxBk=,tag:SzBFOwEmczW59SHLGCMb5Q==,type:str]
|
||||
key: ENC[AES256_GCM,data:rLR8ve4=,iv:qOVIBiFjsOrrRg/mca5l7SHc2GdVAdyz0TV3Q7lJlQg=,tag:tYEzx7SoeoAC9/lgWU91uA==,type:str]
|
||||
secret: ENC[AES256_GCM,data:r7sWVeqWTnqbt7ArzpADD5A1fYU6+KSpLohWJuSbEUyPAzOSxfZGxSYNfAwaxACOgmJJnxUeQ9l71nyUDWzGMrFkLr+o+WcQmSTPV3+3iMHDsTdgjEb+tIZFdi0Z5PJ8DCBxjckmbG5cx3O3Kyrjc24SNHCVb62lhduZH1fIlT0=,iv:kvtMCpiOUx10zTKt/ZYQh3leYaY9+v169Sq+sYIScHQ=,tag:t8txjt3xuVKWA7QgBJYuiw==,type:str]
|
||||
autoDiscoverUrl: ENC[AES256_GCM,data:SG2ev/BshOBP0NQnpZRQErZDAEWdReiwp2pb2JJBWZmFvC67//t8WZu1/wilfQjJvJdsDGwk9Rwncoxya5Fb9uKYDAQKzqULJk70Er9pyNaowFbMxiMm+ws=,iv:B9GM9MLIrKTtRfyDxltlFvvm01aRCTQnyiemH4qzjGs=,tag:Wqji+fKliEGJRZ4inTmbXw==,type:str]
|
||||
iconUrl: ENC[AES256_GCM,data:lcW3npgyrc50GIYCyTh5Gpht2CU6hX67j13XNOvGQybU2dsA9BtqpmH0OMQz4b1g/XkuHAp5j3I0wLnGvhXXf4mEugzt8g==,iv:X/kHS77OJLDuNN2lTAWLqPARJ1QZMY1ImuS+xmkUlgM=,tag:0ZRh7eH6dYdZd250Lb/+xA==,type:str]
|
||||
scopes: ENC[AES256_GCM,data:GtTGDrDZwU1r5vEsxg==,iv:/7yMuJpxlML3R1X8onDSFbJVwpYFtnLamaI+X148Tlk=,tag:e8HkvzdpkhDvedVzm7jG3w==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6d2JneUUzM1VkM1lvclA3
|
||||
aC9wMGpKSGU5ZnVaUTNlVDNsMlNaOVRNYVdzCkpzVUJzNHN2TmhHektzOC93Vjlj
|
||||
SVU3cUxVUm4wWjJQRWZRdWlRMEU1eUEKLS0tIHRLOEJERXBMd0NFajNjbHhPVVNl
|
||||
b1cyT0RYa3hzbFJjc254bHJMcDIzeTgK/aX6f60NBz6w1TaOFSZDRE7rPniebb75
|
||||
iwO74fJtl5g9WxAG5yByxJ455Uhc2R/+VBbK5BcYFt9cboIgkUrS2A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-03-25T19:15:08Z"
|
||||
mac: ENC[AES256_GCM,data:ySAOo8j+p9O0v8xYFcjuD6e/pc9LtLxLWC4TdP7mjhdfwwaaoJW96DLEbSYxYN7Co8zHFqdMp5e76SgvhWwP2LNmHLunJ3LNU6u6NSMEFLCSyjAM8KiqB4bTNq7Kf9H2FZbAN58YKXpZEFECJpxoLg2Q9MdRp+BvgURDa2QLZRc=,iv:Ay5vMdrKbNpFyir/N4+mPuOwKwIVupZbeJFKA+DWFDA=,tag:+YUSXQYMfu59oF+hjg0XMg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.4
|
||||
176
values/badhouseplants/org-badhouseplants/app-gitea/values.yaml
Normal file
176
values/badhouseplants/org-badhouseplants/app-gitea/values.yaml
Normal file
@ -0,0 +1,176 @@
|
||||
# ------------------------------------------
|
||||
# -- Kubernetes related values
|
||||
# ------------------------------------------
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
||||
external-dns.alpha.kubernetes.io/ingress-hostname-source: defined-hosts-only
|
||||
hosts:
|
||||
- host: gitea.badhouseplants.net
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- secretName: gitea.badhouseplants.net
|
||||
hosts:
|
||||
- gitea.badhouseplants.net
|
||||
replicaCount: 1
|
||||
clusterDomain: cluster.local
|
||||
resources:
|
||||
limits:
|
||||
memory: 1024Mi
|
||||
cpu: 1
|
||||
requests:
|
||||
cpu: 1
|
||||
memory: 1024Mi
|
||||
persistence:
|
||||
enabled: true
|
||||
size: 15Gi
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
# ------------------------------------------
|
||||
# -- Main Gitea settings
|
||||
# ------------------------------------------
|
||||
gitea:
|
||||
metrics:
|
||||
enabled: true
|
||||
serviceMonitor:
|
||||
# -- TODO(@allanger): Enable it once prometheus is configured
|
||||
enabled: false
|
||||
config:
|
||||
database:
|
||||
DB_TYPE: postgres
|
||||
HOST: postgres17-postgresql.databases.svc.cluster.local
|
||||
NAME: org-badhouseplants-app-gitea
|
||||
USER: org-badhouseplants-app-gitea
|
||||
APP_NAME: Bad Houseplants Gitea
|
||||
ui:
|
||||
meta:
|
||||
AUTHOR: Bad Houseplants
|
||||
DESCRIPTION: '...by allanger'
|
||||
repository:
|
||||
DEFAULT_BRANCH: main
|
||||
MAX_CREATION_LIMIT: 0
|
||||
DISABLED_REPO_UNITS: repo.wiki
|
||||
service:
|
||||
DISABLE_REGISTRATION: false
|
||||
server:
|
||||
DOMAIN: gitea.badhouseplants.net
|
||||
ROOT_URL: https://gitea.badhouseplants.net
|
||||
LFS_START_SERVER: true
|
||||
LANDING_PAGE: explore
|
||||
START_SSH_SERVER: true
|
||||
storage:
|
||||
STORAGE_TYPE: minio
|
||||
MINIO_ENDPOINT: "s3.badhouseplants.net:443"
|
||||
MINIO_ACCESS_KEY_ID: gitea
|
||||
MINIO_BUCKET: gitea
|
||||
MINIO_LOCATION: us-east-1
|
||||
MINIO_USE_SSL: true
|
||||
admin:
|
||||
DISABLE_REGULAR_ORG_CREATION: true
|
||||
packages:
|
||||
ENABLED: true
|
||||
cron:
|
||||
enabled: true
|
||||
attachment:
|
||||
MAX_SIZE: 100
|
||||
actions:
|
||||
ENABLED: true
|
||||
oauth2_client:
|
||||
REGISTER_EMAIL_CONFIRM: false
|
||||
ENABLE_AUTO_REGISTRATION: true
|
||||
session:
|
||||
PROVIDER: redis
|
||||
cache:
|
||||
ENABLED: true
|
||||
ADAPTER: redis
|
||||
queue:
|
||||
TYPE: redis
|
||||
mailer:
|
||||
ENABLED: true
|
||||
FROM: bot@badhouseplants.net
|
||||
PROTOCOL: smtp+startls
|
||||
SMTP_ADDR: stalwart.badhouseplants.net
|
||||
SMTP_PORT: 587
|
||||
USER: bot
|
||||
indexer:
|
||||
REPO_INDEXER_ENABLED: true
|
||||
REPO_INDEXER_PATH: indexers/repos.bleve
|
||||
MAX_FILE_SIZE: 1048576
|
||||
REPO_INDEXER_EXCLUDE: resources/bin/**
|
||||
picture:
|
||||
ENABLE_FEDERATED_AVATAR: false
|
||||
service:
|
||||
ssh:
|
||||
type: ClusterIP
|
||||
port: 22
|
||||
clusterIP:
|
||||
extraDeploy:
|
||||
- |-
|
||||
apiVersion: kinda.rocks/v1beta1
|
||||
kind: Database
|
||||
metadata:
|
||||
generation: 1
|
||||
labels:
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: {{ include "gitea.fullname" $ }}
|
||||
spec:
|
||||
backup:
|
||||
cron: 0 0 * * *
|
||||
enable: false
|
||||
credentials:
|
||||
templates:
|
||||
- name: CONNECTION_STRING
|
||||
secret: true
|
||||
template: {{` '{{ .Protocol }}://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{.Port }}/{{ .Database }}' `}}
|
||||
deletionProtected: true
|
||||
instance: postgres17
|
||||
postgres: {}
|
||||
secretName: {{ include "gitea.fullname" $ }}-db-creds
|
||||
- |-
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRouteTCP
|
||||
metadata:
|
||||
name: {{ include "gitea.fullname" $ }}-ssh
|
||||
spec:
|
||||
entryPoints:
|
||||
- ssh
|
||||
routes:
|
||||
- match: HostSNI(`*`)
|
||||
services:
|
||||
- name: {{ include "gitea.fullname" $ }}-ssh
|
||||
nativeLB: true
|
||||
port: 22
|
||||
|
||||
# ------------------------------------------
|
||||
# -- Disabled dependencies
|
||||
# ------------------------------------------
|
||||
postgresql-ha:
|
||||
enabled: false
|
||||
redis-cluster:
|
||||
enabled: false
|
||||
|
||||
# extraDeploy:
|
||||
# - |
|
||||
# {{- if $.Capabilities.APIVersions.Has "traefik.io/v1alpha1/IngressRouteTCP" }}
|
||||
# apiVersion: traefik.io/v1alpha1
|
||||
# kind: IngressRouteTCP
|
||||
# metadata:
|
||||
# name: {{ include "gitea.fullname" . }}-ssh
|
||||
# spec:
|
||||
# entryPoints:
|
||||
# - ssh
|
||||
# routes:
|
||||
# - match: HostSNI('*')
|
||||
# services:
|
||||
# - name: "{{ include "gitea.fullname" . }}-ssh"
|
||||
# port: 22
|
||||
# nativeLB: true
|
||||
# {{- end }}
|
||||
@ -2,8 +2,8 @@ shortcuts:
|
||||
hostname: tandoor.badhouseplants.net
|
||||
ext-database:
|
||||
enabled: true
|
||||
name: tandoor-postgres16
|
||||
instance: postgres16
|
||||
name: tandoor-postgres17
|
||||
instance: postgres17
|
||||
credentials:
|
||||
POSTGRES_HOST: "{{ .Hostname }}"
|
||||
POSTGRES_PORT: "{{ .Port }}"
|
||||
|
||||
@ -1,50 +1,50 @@
|
||||
gitea:
|
||||
admin:
|
||||
username: ENC[AES256_GCM,data:1yKnMnzbHno=,iv:AWqprQPRloJhZEtyhF8+5dgxyHXtK+2HLxHa+gU+Aw0=,tag:Irk65xjOWgFBfPUJGVcQcg==,type:str]
|
||||
password: ENC[AES256_GCM,data:8hbWwHlNyxzNe6PCYJ2w5b8oUi0=,iv:GtkHDZFUzk9rVh7ASmk+Qb/litPD5QX38hWLR24pgSU=,tag:bmdNTBDt2Mrxp1cVXmJwcQ==,type:str]
|
||||
config:
|
||||
storage:
|
||||
MINIO_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:tLHwP5ZsoxKnaG38hNNXvXoy4PTuxlUT3w==,iv:bR0eL0MHOdT3CnsQrjdlEfwCEye41/ts/vsQf3ju1cU=,tag:XxpkrS88muDolMcB0r9rWg==,type:str]
|
||||
mailer:
|
||||
PASSWD: ENC[AES256_GCM,data:tw+vJSoedon/a3VhXkcpupumdbBnyMbSzQ==,iv:xoxIm855BhNsNfq+5L33yIDFKx8igNuEV71IDt0WNzQ=,tag:i9FJe0x4PqaMb/SBN0yXCg==,type:str]
|
||||
database:
|
||||
PASSWD: ENC[AES256_GCM,data:pB7YPucwcXwD9fzJsckZshz7ZLM=,iv:23k90tX465WltrQwSyx8Hixe2hnya/dx6aIvr3ti1wA=,tag:NvgN1g181yCBu5Mf7uYmGQ==,type:str]
|
||||
session:
|
||||
PROVIDER_CONFIG: ENC[AES256_GCM,data:Ipcta9fyfGCygYqpisgiy0rCckP5Ma5bNs2ClFNn0lnm1LQOJDdDLiQDr5u9L/WG6Bs2WhHbeSrdjxyZdCKv9pd1CfmB7S9eNcp2w+4hhofwUVcKW89rj9HYEHSLuY8C4Y5KbJKKl6PkY/JmTzyVSpSMDHYadf3j,iv:YsMR3zwZODENuy+WvKy8AdByKTuI7ng0hf1AJT+CMQk=,tag:9hOo08OLybdNgr7wvRPvyw==,type:str]
|
||||
cache:
|
||||
HOST: ENC[AES256_GCM,data:K0FpmrMo1TlUnHHHRKcKVQ8NYeOr+YEeQjajEIM1x5XPjkxYUmywyVL8f5qNLkvotAtD941Rw9CQ7NRof0NketkYyC8gJsndfznGPjhfqH5a0MUWDu9tAfGUzWGzXxC0uq4Ne1eRhu4SjZljZybqk5qQR00Zc/qX,iv:izMvr/kdes3+Gl1a6URnWyQ5TwYqTDMOBskHxPZZpgo=,tag:MWdLA5PV/+bEPWgXHw9OQA==,type:str]
|
||||
queue:
|
||||
CONN_STR: ENC[AES256_GCM,data:MsKkRcKpCGmvcL2lP5N+WuCNGp68gPw5HCpvCjEbYPoJcl5j6mAV5bBGqmiaIpvRbBu1EL1riHMmFD55efSJ6XueOXPG997iwE7KISdPjAWA92ZFe/zFzSW5EfBz3BvgsxzkMk3gR2usid0BvKXLPztLSvAYOR1l,iv:S4BunQMCS33JZUL8x4dRSbMtKQoI0f3Iw9IQ663hqfw=,tag:G7Xpp4d0VKzHRb0ju+F+WA==,type:str]
|
||||
oauth:
|
||||
- name: ENC[AES256_GCM,data:ruqXMi7A,iv:hzOf08m5WO/0ZLrsDdco2RuWquiR9n5hwZqcug7Gx1E=,tag:hwumITH28nq0z5i4Z4FvcQ==,type:str]
|
||||
provider: ENC[AES256_GCM,data:Sx2HqTQ/,iv:DDhq7jVZdgD5MAFFeSt6KdsC0FSrpQWA+gu9gOg6Iwo=,tag:kOnrbDlwGLMrgKsF8hTGdA==,type:str]
|
||||
key: ENC[AES256_GCM,data:itycutnIMsO2lb8M5UysL72Iq9k=,iv:E1b1zBGfew3bf72OxLoKQoosgPDqy8my1JMWvwBGpcE=,tag:iJGrMKbrqTD5NHYWvFxqxQ==,type:str]
|
||||
secret: ENC[AES256_GCM,data:mOpFm2yKl1aBu3TcJkO/Gm69XQh36le4ohsueq9t58cIHDucrksBmA==,iv:zW3zde+XcD3wmJcOKZ0lrPCBA2OPHoF+8/T+6PJpP5w=,tag:27ssfjvp2oX9yglNJLalFQ==,type:str]
|
||||
- name: ENC[AES256_GCM,data:8LPw6LKoUcMf,iv:/jNSUD9jcGxghxexh5063Le+t+xAbirHlc/1oG3JCq0=,tag:OA1LpeMNRi+Pkhr4cdseAw==,type:str]
|
||||
provider: ENC[AES256_GCM,data:aqLm3vOS5b+cDBjnaA==,iv:/3teGaszsJEo9ya1Uy51xAxPC4zyMO08qm1Ag6sFb2A=,tag:iByKJjRGQcEiT8Zoe4cRnA==,type:str]
|
||||
skip_local_2fa: ENC[AES256_GCM,data:YZMe+A==,iv:VE8i+fA/xbv4Ii6vDjsclbuzHp9lva+jOBIYE0vsKNA=,tag:OXAZnoa/zISVBmhaojVB+w==,type:str]
|
||||
key: ENC[AES256_GCM,data:6mbjR2k=,iv:8zRBVFyF7XyTA96yfaWX8NtOC2f2abbyv7qUzizB+dc=,tag:BeBR+bijZFHepscsXJkoNw==,type:str]
|
||||
secret: ENC[AES256_GCM,data:vM4LI6MFwF9co+qCzZwl+q7pKDtIiMj7jMwckleijtVOgnfafrMTKZsA4LbeKICm1p3kuj1qmdRzDgyCzGyCejwMwsd8Yze4gMKZb6wfnhOhaj11Yby40+xHHb8ogCzPfAH7TkOi+99Y2yMpfiw2i5UZvQK1oTjZLzMfJ0fK15k=,iv:F01nIJjOiZCueOaIa1p//ND4XA1wvNow9Crq73nHUVQ=,tag:KifiHsOa49Iah4SW28YMVA==,type:str]
|
||||
autoDiscoverUrl: ENC[AES256_GCM,data:k1O5weiok0ybMfEwDfEaXu76AvUmgRHz3vGy5bShvdGxf/SQZVJJv0XntF9ifbfhYRKzJCt1BpVGkXQnHhMWntkolLUsv/r6OKZPjpwOtEozhI95fcjax1Y=,iv:2LFUB07dWs2tcCSibhoiJ8w3NoPMrpfEhAqb28TbdxY=,tag:iJtqPNf8nsjMVzF2Du+DVw==,type:str]
|
||||
iconUrl: ENC[AES256_GCM,data:Jr8Ej4zfe319HX4ruXrDSB5ZuuEfbuvEeIVHt13E7xx3NvPF9qrOZip40hmAR7dc1nW5m6aX6GxP5gbonr90wZRCf8HA9A==,iv:ykfp9vlCZnjR+7H9NTokW8AOr0EHEq6vkwWDSMYiU5Q=,tag:MbX/8yRj6XwBgU+MbylAKg==,type:str]
|
||||
scopes: ENC[AES256_GCM,data:Lr+kdYTfCVQE25ZGeA==,iv:O6OYdDg/PGj0p2A9vjxPaDBRtUctS1j4TO/5V1gSQ88=,tag:tlDUKeGRIL3Rqep/mpdRZQ==,type:str]
|
||||
admin:
|
||||
username: ENC[AES256_GCM,data:u1KcCwDNplU=,iv:s9mWKPTz+8rFKS2RmFPxCGOIPXFHLvLX3v0t+DemDEU=,tag:MmGR2LqDmHw10uJdPe/tSw==,type:str]
|
||||
password: ENC[AES256_GCM,data:mBhL52UJwOwWpRGRfc5WNAvYwHo=,iv:hGt1kGA2miwzMidwD0AT62oXs1CAwAFpKk3XltqsCz8=,tag:bfhsQxef8cKEes1JkTQw/w==,type:str]
|
||||
config:
|
||||
storage:
|
||||
MINIO_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:5VjeSHLIDvZB/VE7OJ1eqWOnT5NU64om0g==,iv:OFK7MYlb9QfV4ZHIECa3vHG9pBp1TCGSqqUJX3D7uGE=,tag:Ibmihyp3TXarFtr/tDtEEQ==,type:str]
|
||||
mailer:
|
||||
PASSWD: ENC[AES256_GCM,data:lIv1/BEEkouDVqNy4u+u7WCY4zz3ow7fWg==,iv:we77bHyHyAYCMxFGG13sE/M+5Tv2VeYfrg9bsa3leec=,tag:TOltFQbhrXMJW5w5x27YjQ==,type:str]
|
||||
database:
|
||||
PASSWD: ENC[AES256_GCM,data:a3AV8QMYOxlWiU7G1DRCaOSdHKA=,iv:3ZCwEMo3/3rmGJXgDr/Pw+rNQBU14rUKQ7330otX1qQ=,tag:KjwexsLkYaHsTdXoHwXBJA==,type:str]
|
||||
session:
|
||||
PROVIDER_CONFIG: ENC[AES256_GCM,data:nPtmi3wG3+wVkyb+IV832he9rUo2TRRx6cTqvGdVSIZMfcfUvS4rmSH7CQ28OYK6f+WEKs8PkjfrBzEP1mPFHC5eRQfg4ryaqM7eWmHaJipcg4h2nzH9ii6FXyYtmm2zFsTnodOJryEo0T/nMaGhEt7+eylCL+L4,iv:8UFjsAEtMjMqyC9Ib3ipoqpshFrsdE9d3dg7Cewv7dU=,tag:gGVNGk66/Kr/dZ6B3wbD4A==,type:str]
|
||||
cache:
|
||||
HOST: ENC[AES256_GCM,data:tXEIBKqGyeuAc/adO6DjcyAAGgcIuwxJ8T0Zsi1xMy3I3gXbzeTG6XwyAesiUoHifoYTpn3wWbf+pIh8KtGFXb58UcEOgHmnADPWALiXKFoZmvtHDL+JEjOjd0tyoskJNf4Oi4BckJDnfpYuMqJW9qcQbsxlB1My,iv:kJ7XRqvUVEGUC9aAPYO+1oZA3QPc/SE9apaeTgLf3wA=,tag:525IBTPiuZIkAxAIiRE35w==,type:str]
|
||||
queue:
|
||||
CONN_STR: ENC[AES256_GCM,data:Z1+u7JAcgNXkrO80YC2bMDk5VMyTFRAxDPc75ZPKbaD5+nsWQusvnHTS68rAu/WT21xAFpny7geERIOEZIewpucNoCTlqHVfJu/tsl40qMoBfjEWuwfaRM+AlNaXm5USTXkk+alQ3eJ2KIIhfhY1cd1yohRoKvAd,iv:bmLkzWqR8SwHLgWG6SWdeNr1w0fcZP8qNRlhfQfvJqs=,tag:QY5A8YGy0+3BnWSLBcsK5w==,type:str]
|
||||
oauth:
|
||||
- name: ENC[AES256_GCM,data:7KhuIzC/,iv:nn4bNQ1/tBiqjnQxcyocZd0h/54mH+LlRtiAjWuPCOc=,tag:e+55SHN49Q6NzT7KSsh52A==,type:str]
|
||||
provider: ENC[AES256_GCM,data:+TrDQq3Z,iv:AAwjnHG40IKAkSPO5gzwEC745NH+Y5BgZIiJJ5Z2+AE=,tag:DENE8aAHAG9DZhkPmZWYVQ==,type:str]
|
||||
key: ENC[AES256_GCM,data:uOY9iM/dAkhGbWSsUbmN5rnbqUY=,iv:BQ3KjcHN1jJG28RkjjhsTgWm+lHmHzYS4/P4Vlp89hs=,tag:HY3fZysu7sCdyoR0TuRd6A==,type:str]
|
||||
secret: ENC[AES256_GCM,data:5s12mFDJJLPRg/IsypTx/BpvobX0hluTSddTaCQ0SgYjt4lthZDGGg==,iv:ojiXiVQ7BFUNO2ukAK0ygUTu6KVDKu8AMVmHfBw8Ii0=,tag:0zcD8iNT8iutij1C+Hk7Hg==,type:str]
|
||||
- name: ENC[AES256_GCM,data:S/RV60Bc3/lH,iv:xIG+UJnmkEvuo2mgu904Hdn18BhsOCtWVl/eL6ybcZs=,tag:nFKPEisO3U3hPJZASrytiw==,type:str]
|
||||
provider: ENC[AES256_GCM,data:eZOq2jNeqLM7BzePXA==,iv:vHhMOtF/mqUorcKSe2djtWKcyc5F2c+udWclcOkxK/A=,tag:6yKwQj/9oDDIdHcRtIgW3A==,type:str]
|
||||
skip_local_2fa: ENC[AES256_GCM,data:B8ObUg==,iv:mmfGkA+8HK6H3DS+Hl5Hz3s/pwGBoYcXQfJiPiBKYFs=,tag:ErmgC/mcQZJ5sI5eEtLHzg==,type:str]
|
||||
key: ENC[AES256_GCM,data:+w1/goQ=,iv:cIOxkdP38IaiNZ3dig5xo2kYrXdAwqerojCXcBifYds=,tag:5/+QimbfqpfnaFgFT3gfLg==,type:str]
|
||||
secret: ENC[AES256_GCM,data:Rg4rEk9j8zZcUCWbm6xmuEbRb107f5HaU8ClbUkXWKnnERkN91QYtSNlAEWfHBk30xmBObm/O2LlypYJWT5wO7LNw4G6q9yv5JaIc7vS1pjicDi2QNxAW89euELdlthFa2fXj4lNlKLgQr8TbC5wpX0oysC261MM9kgjLuTQnw8=,iv:ft8IMPIu2JuzeWdM53qN5kJQQR5Oq9d2yyNbAQdtdY4=,tag:cBMEqmoP3KAuOhuX364hew==,type:str]
|
||||
autoDiscoverUrl: ENC[AES256_GCM,data:IlykewahSerO46QAqJrvryzHkZONrEDHYBgwq9Nkg1pja9X1l3YaMbsg9DYWUkod/ZlzrGUA8Qyi58WW07chkFDPvy/Cfbp7GZSosr9ZVv7LI7TlpZHxeaA=,iv:rp05dCHRMnysz98G3EbKBZWsBzHrGzSuC6FCr/S8evw=,tag:6UtCbpVoWLbv5W/cB1+qBg==,type:str]
|
||||
iconUrl: ENC[AES256_GCM,data:Tp16796JFzlYfOSfI+ld+Lf7hCeS74ZDz0kA/I9P3v6G+3LQAUGOtfFTzx5mTsfpP1eQN4HgD2uU3lfLhSozril1qq3AZA==,iv:dQSq+IiRcepUZqLipRr6DOHH7Hg6h45gnr9LH9dWYdU=,tag:zeq3tVobXsOasCkIAw/riw==,type:str]
|
||||
scopes: ENC[AES256_GCM,data:3qwG8sYZER/p9GgnuA==,iv:hvJvc1pwUgeatq9R8GBde1EQDJunwZBl+cmsqJr1PBY=,tag:ov+WHCFaNaA40PPvOzVPqQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2V1RNMmlZaDJDMzBXekF1
|
||||
YmdlYjNBTEhaYU5YYTZ6U1pHckl5YVZ4WVV3Cml5RzkyeHVCV3FlbEpoanlZOWk4
|
||||
RlVoL1VISDEzODRaYUs0N3JldXE4Q28KLS0tIDdqK3IxcHpQdWJoNHR4VCt4MVNm
|
||||
M25EVzZsS21OajdEKytoc2VBYm5SMU0K1wvfQOqBbAPyh1SxiONFSFO+a591HG/2
|
||||
DJvP643yXIWBOiNTxjbQDygYmxwk9GbFmGlVf0pQoUEuH9D4SgCwJA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-10-14T08:08:22Z"
|
||||
mac: ENC[AES256_GCM,data:Mel9AWdHERKt5xsDI7KmgINBCMAsfYrs/jgwQol+UVuiFXU73tAFeUqOZRDFwuzKBfxQExv8etBlgV8Q6Pdg0VojBLLz75BYZdqz5RD1VnllJ7y5/jCwCTyTbWxYQZpgj8dle0KA2NxoMraLIQY+gnvunqlAcIJgPZG9KY1UB3w=,iv:Nozpe5X8kwSrb2sturuCQBA8XhEQSI5nLRzBuCDFfz0=,tag:8kVcjwLDNTBmvDRPj2ELyQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRZ0IxQnpLSmJjTm1jTkI4
|
||||
NkhuMUN3RVp0TEFSNHhtTkFvWDFaUXVpUlIwCkxWbkxnQkY2R3g0cUY5VG1Kb251
|
||||
VUhYZlNCWC82Z0h3SHpaSnVST2h0WTAKLS0tIHJWR2FuT1ArRFhMWnV4cW9EcnZw
|
||||
UHpBeWgyN21CUThydi9XdFc2V2c0TTQK38CQDRnFpUmWjyvDGGQ3vQxhBvy2Xva+
|
||||
SCd8sJZc/bnVDOEidvV9oxJz4y0nj6RvgzcsU+M99YBJcuV12xPqag==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-03-26T11:56:44Z"
|
||||
mac: ENC[AES256_GCM,data:cc0H+6P0uTl5kpMR0B9o5BP8l1KHjLHdMetPlmNEVQo3NCzm+0SBjGYOqNhr0EG2Gd6RKdsAADrZAwyH+pXA2pmNVdIehDBu4Xncwi8nrUY3gm3jBIG/01H5VLqtZCoLfbqQ4ANHrGhn7JE5bwrXbbmD4t/7E2i7qHLukPj4S8w=,iv:3+llbgLRU2tMr+S2nvyA8hGfCnnWnqprGSW9H3VSCH0=,tag:gzMc8wSjZfa4h0eN3V5Ylw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.4
|
||||
|
||||
21
values/badhouseplants/secrets.namespaces.yaml
Normal file
21
values/badhouseplants/secrets.namespaces.yaml
Normal file
@ -0,0 +1,21 @@
|
||||
defaultRegcred: ENC[AES256_GCM,data:QpL9wlCjErkjp16vsOAcsDA539EguT48JPb24oi6VexbbRm3cBVz9KDlrVhhbt1Uk8hMkbHfN+SQT+OQL38EW6fJiQ2CJ6JbVuyNXeolErxbeV2V9dWegiSjcekgS+tqs0YmshdfUpMFXIpmHWAsW2hty40b6+WE1iAmSf0NgrdYTG+ctMtetCIpiLwy3vgiBc581h0kmAxC3QCDVXIxtw0p0mtF3iHZmQv78FEd9CseTPH0jVlaoucM3mRPKNFi5j7sGQtrevYfPZpynpufTRLSkW84NddXbpk1gzFn5fbENjS1b0vrInqVkS0KMmewOGwf6coL0uELFclRQua1YO7hW5uVKZyUCn9UpCMFHWI=,iv:Vr6x3YFd7UGqId1PQOJqJmpSWxlalIcQdsfwCmQkdQo=,tag:rtFEPOYSzf7M8vTwe3hxtA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPTSs0WkNIdlhxVURXcU5u
|
||||
WDMzb000cUE5TnpPajRHZnZLblpKY0RUZmlnCnNpbno2VUVHb1g2cy9XUEV2eHdz
|
||||
QWI0VVVJSllIRHdRZFdlRmFOckVmV2MKLS0tIDJER2UrTXArblBnckxJY3hSaXZk
|
||||
Tk5SK3Y2YVBPem1HVjI1ejhaK2tmTVkKgfdOUiERRABkvvYLe3P7hAOoc97dNmnF
|
||||
rAwK+FrRrAnfeG2R9RegocbDv64ieB1vwJpW2LeainGchn9opNjeeQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-03-26T19:22:13Z"
|
||||
mac: ENC[AES256_GCM,data:JYkxfsrFgYHrxQTPh4uZ1RIqexJnaYefRWzYFzpE6Or2in/UBDG+UghYtbld8+wI6xSMMwfh8BgmOwUWWhqzCwzHEVaiNjRUNisw/epdbKwCuou1h6m4e8vid8NG8+FttWK2QvIzEKM9ONTJPcoCRjiKIBH7dGBAeCjAOJy6PlA=,iv:n26YeGhiZ80SQYfFUA5Lv0THDTPYvOvWoU23nTut7Qw=,tag:C3ij7ClL2ra6hutcTtbP9g==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.4
|
||||
@ -1,26 +1,26 @@
|
||||
global:
|
||||
redis:
|
||||
#ENC[AES256_GCM,data:d/vtscwAkAPFyRz6Ap29M/oZGEcX3POnzAd6GCkHIiTLFinXzOAn/ruMSiMsnL9lJxj50foVeLIXnmtFDGxUPsxNU9jePD037t6vbtja,iv:ALXE7IPi2d79rOpBMwlfi9IPtcvfoSAxsDHwiVItk8U=,tag:cMoKK0zkagLc3uC8Ry5hBw==,type:comment]
|
||||
#ENC[AES256_GCM,data:XQ6nK+hlKfFOBDye9a2a,iv:ptA0TWsjVjOQGOCe8leC7ZjRX8gSnbjb94NWZMccxSs=,tag:9vw4k4N1wI/C7jf7ZPxi7w==,type:comment]
|
||||
#ENC[AES256_GCM,data:eTsTA07O2Y/468A=,iv:ZWOZO3GAYbU/Bq5ejdzDUsrYpkfwNtK23zH+XS5PUsk=,tag:KL1Z0a+BxBW4Y+aeJb78lA==,type:comment]
|
||||
password: ENC[AES256_GCM,data:kFbVUyKL0B9GhOapmqOS/FyTaXZEGUmSFFLxYIzX,iv:sLue4AmkT12DoPrWH3VxpvXFBHYhYRUTWcNoC+ojhGY=,tag:ikQsyximPvONoANv/61GXA==,type:str]
|
||||
redis:
|
||||
#ENC[AES256_GCM,data:INOZ17f72Qf6D+drbcvmnZRBRIeXLSAV9RmfOLZFp45qt8GWSHMnevqq9ge4Zlydtsd3BDek/JLUNl6YHPPq9qM1EFujY2htbOHyf0Cn,iv:zZDMizNKFllCyNH/bUF+vuB9YOikjo3q5ebzu3LYvCc=,tag:H0XX/D9xh0HS0Xnqgs/aag==,type:comment]
|
||||
#ENC[AES256_GCM,data:JiLOpJanuZnMpN5dMvw2,iv:YEVZSdRHez1lCb61hWLvalLq8F67l7KF0WXmmuj9bck=,tag:KnpfgwUYBQLZsj4Jk13RtQ==,type:comment]
|
||||
#ENC[AES256_GCM,data:mzDGjHlXUunu1yA=,iv:LOOU/QGaHKeDrssbk1haYd0lPclbFak9GygEbbN0gFs=,tag:4cUubeiY6aJj5KVKVkdFUA==,type:comment]
|
||||
password: ENC[AES256_GCM,data:kN93kIMiVTGWbaYgMC1n1MWqdl8s3cbZS5vvYTa2,iv:Qy+GQchC6s2PoarPWtquipF9gAVYZR6mn0GeHABRogE=,tag:V/xbfm9u51UUG+we/3nNLQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBORUEvSlFCTzh4N2NGVkhO
|
||||
SlJXQlNvYjdCQmVjQWVpZ2YyUjlmWkZrWVdVCk1FK1VjVmpCWEVScVo0YldZQWxE
|
||||
L2I1RnNsVWJGRll5MXNjam1zMzU5OWcKLS0tIFI0eUFEYTdyWkFEb0xQeTBaZi9J
|
||||
aUJ0Umg5T1BFN1lEbThJTXErUkxKaGsK1Vvk45dshvEGF3OZfrLJPabHgvWFT8ps
|
||||
f7Ygd+3XhZUBUBi50Em/xzmKQXL0I0Ps9JetSbQ/Amlmp9gU8VqRGw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-10-14T08:08:22Z"
|
||||
mac: ENC[AES256_GCM,data:9dykGJs5NFjahNZ+4orzMh2u7UBRHMVCv5J9QxRqAzE2aT556W6bZoV9n0V5b7Z6jhVGHFxA4do9RoFT2lq7aMVpQ4nl4iSXuavPiuoBeq8aIwykpCF0cs5dHxQP7R5US2A8rzsSScIBbB2i1LhRtpiVVGmekVp1YSZJWcNhMNk=,iv:tWf4DjEcAff4LupkpFiR/Ss3iYBqtvcQGW/xAeCDIvw=,tag:nbWpyxzNKKrbo8HjMBbeMg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrOHRuN1J1ODYvc0Z3OW5H
|
||||
NFhVM0dWWGZETU0vTzVkeUk1NFVWc2FSaGprCm5NalJKUWxtLzA5VTU3YjR5VWtx
|
||||
NExtbTZZZUZteVBTYnNWTVZvbnF5VFUKLS0tIEpBTDhPbkVLVytaY29aUktmZGF2
|
||||
bnVKWmI4RWpLaGU5WTIwblJRcDFDMlUK2BHkUNbpRMo0jm2Sk+Qcf4giufJtaJyM
|
||||
xuoG41AqGs4+KEDS8/rF9HK7z+2Wk9H5b8L+/W0n+J5EPOvwvFePTA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-03-26T12:23:02Z"
|
||||
mac: ENC[AES256_GCM,data:xrA6hCFIH/R/j/V1T60xx5Eix5Z5ETREQP4zYriLkZQ4hEzL2WdJFExK1VXSfX4KmIR8215XHmHnWu70eIoAnFUaozBosIFtJz0YNrNNok6MeDGD5fy5mcBQfCqLw+rwbW/uxY7DQrchgVT9iFAkpRSoVPUzn6ku/xCmTmSlv3E=,iv:lNLR5QHKPUWb1Mz8mIFCHnjpuQVF7ttNTOy9+jEzLyo=,tag:G4iZ/9nWKh97JLGOxbgSQg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.4
|
||||
|
||||
22
values/badhouseplants/secrets.zot-mirror.yaml
Normal file
22
values/badhouseplants/secrets.zot-mirror.yaml
Normal file
@ -0,0 +1,22 @@
|
||||
authHeader: ENC[AES256_GCM,data:nmlP0vRoKJRivvwJArnEO26sqIwFtnK5MYVPJBBCmAGCPpe/U00gYu6JET0gPqGV,iv:+GZwWrxoWw0mAZxZdITBLtHgRKYIyaj/NQwHbD8KppA=,tag:MAer3FiaBxyNwJr0BbDtow==,type:str]
|
||||
_mirror_password: ENC[AES256_GCM,data:W2xy2RMmD4d6N+DNceIgtDGUpygOGEbWgGa9Icsy,iv:YsQfm/EmBYY35q2irlZ2rmzkbJzlFnfgMSEKq0G1I5o=,tag:7rNG02Wm9g8GUXeM4nTHqA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVUlyVFZWcWFuWnEyS2Nv
|
||||
Tkx6aTZKY1czQ25RTHhKNWNNQ0xIaWJLb1VFCkdoT0RBTW9EWG8zbzYxekdsUEY2
|
||||
bE9nQUthV3NCa0kzRnBwZ2U2MWlVNzAKLS0tIFY4RVJDM05ZVmR3NEt5YUlpOWZa
|
||||
ZVc1bmJnU1o4U3NGaGN0Sk90YTR0ckkK8gmkHty4Gwt4vuVK3xhWWg4h/EgvJULh
|
||||
Trgn0lzx2pCThg/+82u5J1T/QLXdbbDFFFwGldiMwNjZQfpOmrZpVw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-03-26T21:04:45Z"
|
||||
mac: ENC[AES256_GCM,data:cTN6wq1m1XtsfNujCfQ4nKtX1Pkc8MFCipUeScDLJUuZZwg4St0h1OkYtYJBWeVSt3CSjjexQpb7Oi9K8wukboIVevaIj0BTT1hkf2ZUFeIV8W62mtftfdRex0yJ/4h1gTZaYBhHEw+qD6r+XvavDs1m22FF5RuF+5qfGUEWA4I=,iv:RsVuXbLVfZSJ7AkIvEdf7H2auFTiqXgpXLe/LbATAo8=,tag:1V5eIiJzjzv4C1JNNf5Quw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.4
|
||||
File diff suppressed because one or more lines are too long
@ -128,6 +128,7 @@ service:
|
||||
type: ClusterIP
|
||||
port: 22
|
||||
clusterIP:
|
||||
|
||||
# ------------------------------------------
|
||||
# -- Disabled dependencies
|
||||
# ------------------------------------------
|
||||
|
||||
@ -2,8 +2,8 @@ shortcuts:
|
||||
hostname: notes.badhouseplants.net
|
||||
ext-database:
|
||||
enabled: true
|
||||
name: memos-postgres16
|
||||
instance: postgres16
|
||||
name: memos-postgres17
|
||||
instance: postgres17
|
||||
credentials:
|
||||
MEMOS_DRIVER: postgres
|
||||
MEMOS_DSN: "{{ .Protocol }}://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable"
|
||||
|
||||
@ -15,4 +15,6 @@ namespaces:
|
||||
labels:
|
||||
istio-injection: disabled
|
||||
- name: org-badhouseplants
|
||||
- name: org-onpier
|
||||
- name: org-allanger
|
||||
- name: kube-system
|
||||
defaultRegcred: true
|
||||
|
||||
@ -73,6 +73,7 @@ schedules:
|
||||
- games
|
||||
- databases
|
||||
- org-badhouseplants
|
||||
- org-allanger
|
||||
weekly:
|
||||
disabled: false
|
||||
labels:
|
||||
|
||||
@ -4,8 +4,8 @@
|
||||
# ------------------------------------------
|
||||
ext-database:
|
||||
enabled: true
|
||||
name: woodpecker-postgres16
|
||||
instance: postgres16
|
||||
name: woodpecker-postgres17
|
||||
instance: postgres17
|
||||
credentials:
|
||||
WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable"
|
||||
server:
|
||||
@ -41,7 +41,7 @@ server:
|
||||
WOODPECKER_ESCALATE: true
|
||||
WOODPECKER_BACKEND_K8S_NAMESPACE: pipelines
|
||||
extraSecretNamesForEnvFrom:
|
||||
- woodpecker-postgres16-creds
|
||||
- woodpecker-postgres17-creds
|
||||
agent:
|
||||
enabled: true
|
||||
extraSecretNamesForEnvFrom: []
|
||||
|
||||
148
values/badhouseplants/values.zot-mirror.yaml
Normal file
148
values/badhouseplants/values.zot-mirror.yaml
Normal file
@ -0,0 +1,148 @@
|
||||
image:
|
||||
repository: ghcr.io/project-zot/zot
|
||||
tag: v2.1.3-rc4
|
||||
ingress:
|
||||
enabled: true
|
||||
className: traefik
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
pathtype: Prefix
|
||||
hosts:
|
||||
- host: registry.badhouseplants.net
|
||||
paths:
|
||||
- path: /
|
||||
tls:
|
||||
- secretName: registry.badhouseplants.net
|
||||
hosts:
|
||||
- registry.badhouseplants.net
|
||||
service:
|
||||
type: ClusterIP
|
||||
persistence: false
|
||||
pvc:
|
||||
create: true
|
||||
lavels:
|
||||
velero.io/exclude-from-backup: true
|
||||
mountConfig: true
|
||||
mountSecret: true
|
||||
configFiles:
|
||||
config.json: |-
|
||||
{
|
||||
"distSpecVersion": "1.1.1",
|
||||
"storage": {
|
||||
"dedupe": true,
|
||||
"gc": true,
|
||||
"rootDirectory": "/var/lib/registry",
|
||||
"retention": {
|
||||
"dryRun": false,
|
||||
"delay": "24h",
|
||||
"policies": [
|
||||
{
|
||||
"repositories": [
|
||||
"**"
|
||||
],
|
||||
"deleteReferrers": false,
|
||||
"deleteUntagged": true,
|
||||
"keepTags": [
|
||||
{
|
||||
"mostRecentlyPulledCount": 2
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"http": {
|
||||
"address": "0.0.0.0",
|
||||
"port": "5000",
|
||||
"externalUrl": "https://registry.badhouseplants.net",
|
||||
"auth": {
|
||||
"htpasswd": {
|
||||
"path": "/secret/htpasswd"
|
||||
}
|
||||
},
|
||||
"accessControl": {
|
||||
"metrics": {
|
||||
"users": [
|
||||
"admin"
|
||||
]
|
||||
},
|
||||
"repositories": {
|
||||
"**": {
|
||||
"anonymousPolicy": [],
|
||||
"policies": [
|
||||
{
|
||||
"users": [
|
||||
"mirror_user",
|
||||
"overlord"
|
||||
],
|
||||
"actions": [
|
||||
"read",
|
||||
"create",
|
||||
"update",
|
||||
"delete"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"log": {
|
||||
"level": "info"
|
||||
},
|
||||
"extensions": {
|
||||
"scrub": {
|
||||
"enable": true
|
||||
},
|
||||
"metrics": {
|
||||
"enable": true,
|
||||
"prometheus": {
|
||||
"path": "/metrics"
|
||||
}
|
||||
},
|
||||
"mgmt": {
|
||||
"enable": false
|
||||
},
|
||||
"sync": {
|
||||
"enable": true,
|
||||
"registries": [
|
||||
{
|
||||
"urls": [
|
||||
"https://docker.io/library",
|
||||
"https://docker.io"
|
||||
],
|
||||
"content": [
|
||||
{
|
||||
"prefix": "**",
|
||||
"destination": "/dockerhub"
|
||||
}
|
||||
],
|
||||
"onDemand": true,
|
||||
"tlsVerify": true
|
||||
},
|
||||
{
|
||||
"urls": [
|
||||
"https://registry.k8s.io"
|
||||
],
|
||||
"content": [
|
||||
{
|
||||
"prefix": "**",
|
||||
"destination": "/k8s"
|
||||
}
|
||||
],
|
||||
"onDemand": true,
|
||||
"tlsVerify": true
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
secretFiles:
|
||||
htpasswd: |-
|
||||
overlord:$2y$05$RhAeAsFY32y8h0japhT72.SQTPXgHc54RCp4CZ4Udsg2.iQxJVeZ.
|
||||
mirror_user:$2y$05$PkvVMY04ZGvuGUXkrez7peyXevl63ugFbdxZ.ON1G/Tof/0Uf5vZi
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
image:
|
||||
repository: ghcr.io/project-zot/zot
|
||||
tag: v2.1.3-rc4
|
||||
ingress:
|
||||
enabled: true
|
||||
className: traefik
|
||||
|
||||
@ -1,3 +1,7 @@
|
||||
image:
|
||||
repository: registry.badhouseplants.net/dockerhub/coredns/coredns
|
||||
pullSecrets:
|
||||
- name: regcred
|
||||
service:
|
||||
clusterIP: 10.43.0.10
|
||||
replicaCount: 2
|
||||
|
||||
@ -1,3 +1,7 @@
|
||||
image:
|
||||
repository: registry.badhouseplants.net/k8s/metrics-server/metrics-server
|
||||
imagePullSecrets:
|
||||
- name: regcred
|
||||
apiService:
|
||||
insecureSkipTLSVerify: true
|
||||
nodeSelector:
|
||||
|
||||
@ -7,3 +7,7 @@ ports:
|
||||
port: websecure
|
||||
deployment:
|
||||
replicas: 2
|
||||
imagePullSecrets:
|
||||
- name: regcred
|
||||
image:
|
||||
registry: registry.badhouseplants.net/dockerhub/library
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user