badhouseplants/k8s-deployment
4
0
Fork 0
Code Issues 3 Pull Requests 6 Actions Packages Projects Releases Activity

Compare commits

base: badhouseplants:ff49ad5d2a92bd5c48049e77281095e0148b0330
Branches Tags
badhouseplants:main
badhouseplants:renovate/postgresql-16.x
badhouseplants:renovate/velero-9.x
badhouseplants:renovate/istio-monorepo
badhouseplants:renovate/cilium-1.x
badhouseplants:renovate/argo-cd-7.x
badhouseplants:add-ci
badhouseplants:refactor-again
badhouseplants:stale-teleport-installation
badhouseplants:script-fox-xray
badhouseplants:before-single-node
..
compare: badhouseplants:c60a147e913943df65d447c260e2371a07083a95
Branches Tags
badhouseplants:renovate/postgresql-16.x
badhouseplants:renovate/velero-9.x
badhouseplants:renovate/istio-monorepo
badhouseplants:renovate/cilium-1.x
badhouseplants:renovate/argo-cd-7.x
badhouseplants:main
badhouseplants:add-ci
badhouseplants:refactor-again
badhouseplants:stale-teleport-installation
badhouseplants:script-fox-xray
badhouseplants:before-single-node

20 Commits
ff49ad5d2a ... c60a147e91

Author SHA1 Message Date
Devops Bot
c60a147e91 chore(deps): update postgresql docker tag to v16.6.2 2025-04-08 01:01:22 +00:00
Nikolai Rodionov
8a595bfdbc
Migrate minecraft 2025-04-07 15:37:04 +02:00
Nikolai Rodionov
6855a5c43c
Enable gitea metrics 2025-04-07 14:35:11 +02:00
Nikolai Rodionov
ea306ece64
Migrate platform 2025-04-07 13:59:10 +02:00
Nikolai Rodionov
64d523f302
Migrate databases 2025-04-07 13:42:14 +02:00
Nikolai Rodionov
b2f546f0b7
Fix stalwart ingress 2025-04-07 12:46:52 +02:00
Nikolai Rodionov
5c0aaa1e30 Keep migrating things 2025-04-07 12:45:51 +02:00
Nikolai Rodionov
fa6791c9d4 Some important changes 2025-04-04 22:45:01 +02:00
Nikolai Rodionov
53faa51b51
Upgrade minecraft 2025-04-03 11:56:33 +02:00
Devops Bot
56737d59a6 chore(deps): update helm release velero to v8.7.0 2025-04-02 21:07:20 +00:00
Devops Bot
e5aa79abe8 chore(deps): update helm release minecraft to v4.26.1 2025-04-02 19:44:00 +00:00
Nikolai Rodionov
c46bfd88e2
Configure the github renovate again 2025-04-01 13:09:31 +02:00
Nikolai Rodionov
c6d0973522
Fox production ns 2025-04-01 12:42:59 +02:00
Nikolai Rodionov
8deb163e0d
Fix certs 2025-04-01 12:23:49 +02:00
Nikolai Rodionov
2c0f498611
Update memos lib 2025-03-30 18:18:28 +02:00
Nikolai Rodionov
bb45328532
Trying to migrate istio 2025-03-30 16:10:40 +02:00
Nikolai Rodionov
a8693f41ee
Keep migrating things 2025-03-30 15:51:26 +02:00
Nikolai Rodionov
a659611d6f
Keep migrating things 2025-03-30 15:13:48 +02:00
Nikolai Rodionov
dbd69180e4
Keep migrating things 2025-03-29 14:16:34 +01:00
Nikolai Rodionov
992463b8cd
Keep migrating things 2025-03-29 13:55:44 +01:00
121 changed files with 1170 additions and 902 deletions
Show Stats Expand all files Collapse all files

4
.sops.yaml
View File

@ -8,3 +8,7 @@ creation_rules:
key_groups:
- age:
- age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
- path_regex: common/values/secrets.*
key_groups:
- age:
- age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8

0
charts/namespaces/chart/.helmignore → charts/metallb-resources/.helmignore
View File

24
charts/metallb-resources/Chart.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: v2
name: metallb-resources
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"

20
charts/root/templates/_helpers.tpl → charts/metallb-resources/templates/_helpers.tpl
View File

@ -1,7 +1,7 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "root.name" -}}
{{- define "metallb-resources.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
@ -10,7 +10,7 @@ Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "root.fullname" -}}
{{- define "metallb-resources.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name.
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "root.chart" -}}
{{- define "metallb-resources.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "root.labels" -}}
helm.sh/chart: {{ include "root.chart" . }}
{{ include "root.selectorLabels" . }}
{{- define "metallb-resources.labels" -}}
helm.sh/chart: {{ include "metallb-resources.chart" . }}
{{ include "metallb-resources.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
{{/*
Selector labels
*/}}
{{- define "root.selectorLabels" -}}
app.kubernetes.io/name: {{ include "root.name" . }}
{{- define "metallb-resources.selectorLabels" -}}
app.kubernetes.io/name: {{ include "metallb-resources.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "root.serviceAccountName" -}}
{{- define "metallb-resources.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "root.fullname" .) .Values.serviceAccount.name }}
{{- default (include "metallb-resources.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}

7
charts/metallb-resources/templates/ip_address_pool.tpl Normal file
View File

@ -0,0 +1,7 @@
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: {{ include "metallb-resources.fullname" . }}
spec:
addresses:
- {{ .Values.addresses}}

1
charts/metallb-resources/values.yaml Normal file
View File

@ -0,0 +1 @@
addresses: 1.1.1.1-1.1.1.1

0
charts/root/.helmignore → charts/namespaces/.helmignore
View File

0
charts/namespaces/chart/Chart.yaml → charts/namespaces/Chart.yaml
View File

6
charts/namespaces/kustomize/flux-system.yml
View File

@ -1,6 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: flux-system
labels:
name: flux-system

6
charts/namespaces/kustomize/giantswarm-flux.yml
View File

@ -1,6 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: giantswarm-flux
labels:
name: giantswarm-flux

6
charts/namespaces/kustomize/giantswarm.yml
View File

@ -1,6 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: giantswarm
labels:
name: giantswarm

5
charts/namespaces/kustomize/kustomization.yaml
View File

@ -1,5 +0,0 @@
resources:
- ./giantswarm-flux.yml
- ./giantswarm.yml
- ./monitoring.yml
- ./org-giantswarm.yml

6
charts/namespaces/kustomize/monitoring.yml
View File

@ -1,6 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: monitoring
labels:
name: monitoring

6
charts/namespaces/kustomize/org-giantswarm.yml
View File

@ -1,6 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: org-giantswarm
labels:
name: org-giantswarm

0
charts/namespaces/chart/templates/_helpers.tpl → charts/namespaces/templates/_helpers.tpl
View File

8
charts/namespaces/chart/templates/namespaces.yaml → charts/namespaces/templates/namespaces.yaml
View File

@ -25,6 +25,14 @@ metadata:
namespace: {{ $ns.name }}
data:
.dockerconfigjson: {{ $.Values.defaultRegcred }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: default
namespace: {{ $ns.name }}
imagePullSecrets:
- name: regcred
{{- end }}
{{- end }}
{{- end }}

0
charts/namespaces/chart/values.yaml → charts/namespaces/values.yaml
View File

6
charts/root/Chart.yaml
View File

@ -1,6 +0,0 @@
apiVersion: v2
name: root
description: A Helm chart for Kubernetes
type: application
version: 0.1.5
appVersion: "1.16.0"

25
charts/root/templates/root.yaml
View File

@ -1,25 +0,0 @@
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: root
spec:
interval: 30s
url: {{ .Values.url }}
ref:
branch: {{ .Values.branch }}
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: root
spec:
interval: 30s
targetNamespace: flux-system
sourceRef:
kind: GitRepository
name: root
path: "."
prune: false
timeout: 1m
{{- end }}

25
charts/root/templates/self.yaml
View File

@ -1,25 +0,0 @@
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: root-self
spec:
interval: 30s
url: {{ .Values.self.url }}
ref:
branch: {{ .Values.self.branch }}
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: root-self
spec:
interval: 30s
targetNamespace: flux-system
sourceRef:
kind: GitRepository
name: root-self
path: "."
prune: false
timeout: 1m
{{- end }}

5
charts/root/values.yaml
View File

@ -1,5 +0,0 @@
url: https://git.badhouseplants.net/giantswarm/cluster-example.git
branch: main
self:
url: git@git.badhouseplants.net:giantswarm/root-config.git
branch: master

23
charts/tf-ocloud/.helmignore
View File

@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/tf-ocloud/Chart.lock
View File

@ -1,6 +0,0 @@
dependencies:
- name: helm-library
repository: oci://ghcr.io/allanger/allangers-helm-library
version: 0.1.4
digest: sha256:6306a6a8d3c51b2b5f37cffa88c3731550da789d1ce2317a83a3f9a657310f8e
generated: "2024-10-16T20:01:59.337767+02:00"

15
charts/tf-ocloud/Chart.yaml
View File

@ -1,15 +0,0 @@
apiVersion: v2
name: tf-ocloud
type: application
version: 0.1.0
appVersion: 0.1.5
maintainers:
- name: allanger
email: allanger@zohomail.com
url: https://badhouseplants.net
dependencies:
- name: helm-library
version: 0.2.3
repository: oci://ghcr.io/allanger/allangers-helm-library
annotations:
allowed_workload_kinds: "Deployment"

BIN
charts/tf-ocloud/charts/helm-library-0.1.4.tgz
View File

Binary file not shown.

3
charts/tf-ocloud/templates/install.yaml
View File

@ -1,3 +0,0 @@
{{ include "lib.component.workload" . }}
{{ include "lib.component.files" . }}
{{ include "lib.component.env" . }}

67
charts/tf-ocloud/values.yaml
View File

@ -1,67 +0,0 @@
---
workload:
kind: Deployment
strategy:
type: RollingUpdate
securityContext: {}
containers:
tf:
securityContext: {}
image:
registry: zot.badhouseplants.net
repository: badhouseplants/terraform-ocloud
tag: 7eae6ec805bc99618a196abf9d4d2e0fd19f75e6
pullPolicy: Always
envFrom:
- main
mounts:
files:
ocloudkey:
path: /src/key.pem
subPath: key.pem
publickey:
path: /src/public_key
subPath: public-key
privatekey:
path: /src/ssh_key
subPath: ssh-key
tfvars:
path: /src/terraform.tfvars
subPath: terraform.tfvars
extraVolumes:
dottf:
path: /src/.terraform
extraVolumes:
dottf:
emptyDir: {}
files:
ocloudkey:
enabled: true
sensitive: false
remove: []
entries:
key.pem:
data: dummy
publickey:
enabled: true
sensitive: false
remove: []
entries:
public-key:
data: dummy
privatekey:
enabled: true
sensitive: false
remove: []
entries:
ssh-key:
data: dummy
tfvars:
enabled: true
sensitive: false
remove: []
entries:
terraform.tfvars:
data: dummy

17
common/templates.yaml
View File

@ -1,3 +1,6 @@
helmDefaults:
kubeContext: {{ .StateValues.kubeContext }}
templates:
# ---------------------------
# -- Hooks
@ -39,19 +42,19 @@ templates:
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/secrets.{{ `{{ .Release.Name }}` }}.yaml'
common-values:
values:
- '{{ requiredEnv "PWD" }}/values/common/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
- '../values/common/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
common-values-tpl:
values:
- '{{ requiredEnv "PWD" }}/values/common/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.gotmpl'
- '../values/common/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.gotmpl'
env-values:
values:
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
- '../values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
env-values-tpl:
values:
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.gotmpl'
- '../values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.gotmpl'
env-secrets:
secrets:
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/secrets.yaml'
- '../values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/secrets.yaml'
# ----------------------------
# -- Extensions
# ----------------------------
@ -68,7 +71,7 @@ templates:
version: 2.0.0
alias: traefik
values:
- '{{ requiredEnv "PWD" }}/values/common/values.tcp-route.yaml'
- '../values/common/values.tcp-route.yaml'
ext-udp-routes:
dependencies:
- chart: bedag/raw
@ -125,7 +128,7 @@ templates:
version: 2.0.0
alias: ext-database
values:
- '{{ requiredEnv "PWD" }}/values/common/values.database.yaml'
- '../values/common/values.database.yaml'
ext-secret:
dependencies:
- chart: bedag/raw

7
common/values/values.badhouseplants.yaml
View File

@ -1 +1,6 @@
registry: registry.badhouseplants.net
registry: registry.badhouseplants.net/containers
registry_url: registry.badhouseplants.net
main_ip: 195.201.249.91
tools:
openebs:
enabled: true

7
common/values/values.etersoft.yaml
View File

@ -1 +1,6 @@
registry: registry.ru.badhouseplants.net
registry: registry.ru.badhouseplants.net/containers
registry_url: registry.ru.badhouseplants.net
main_ip: 91.232.225.63
tools:
openebs:
enabled: false

5
helmfile.yaml
View File

@ -1,5 +0,0 @@
bases:
- ./common/environments.yaml
- ./common/templates.yaml
- ./helmfiles/base.yaml
- ./helmfiles/system.yaml

26
helmfile.yaml.gotmpl Normal file
View File

@ -0,0 +1,26 @@
---
bases:
- ./common/environments.yaml
---
helmfiles:
- path: ./helmfiles/base.yaml
values:
- kubeContext: "{{ .Environment.KubeContext }}"
- {{ toYaml .Environment.Values | nindent 8 }}
- path: ./helmfiles/system.yaml
values:
- kubeContext: "{{ .Environment.KubeContext }}"
- {{ toYaml .Environment.Values | nindent 8 }}
- path: ./helmfiles/platform.yaml
values:
- kubeContext: "{{ .Environment.KubeContext }}"
- {{ toYaml .Environment.Values | nindent 8 }}
- path: ./helmfiles/databases.yaml
values:
- kubeContext: "{{ .Environment.KubeContext }}"
- {{ toYaml .Environment.Values | nindent 8 }}
- path: ./helmfiles/applications.yaml
values:
- kubeContext: "{{ .Environment.KubeContext }}"
- {{ toYaml .Environment.Values | nindent 8 }}

28
helmfiles/applications.yaml Normal file
View File

@ -0,0 +1,28 @@
bases:
- ../common/templates.yaml
repositories:
- name: gitea
url: https://dl.gitea.io/charts/
- name: bedag
url: https://bedag.github.io/helm-charts/
- name: minecraft
url: https://itzg.github.io/minecraft-server-charts/
releases:
- name: app-gitea
chart: gitea/gitea
version: 11.0.0
namespace: org-badhouseplants
inherit:
- template: env-values
- template: env-secrets
- name: minecraft
chart: minecraft/minecraft
namespace: games
version: 4.26.1
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets

7
helmfiles/base.yaml
View File

@ -1,7 +1,10 @@
bases:
- ../common/templates.yaml
releases:
# -- This one must be executed with --take-ownership at least once
- name: namespaces
chart: ./charts/namespaces/chart
chart: ../charts/namespaces
namespace: kube-system
createNamespace: false
inherit:
@ -9,7 +12,7 @@ releases:
- template: env-secrets
- name: roles
chart: ./charts/roles
chart: ../charts/roles
namespace: kube-system
createNamespace: false
needs:

27
installations/databases/helmfile.yaml → helmfiles/databases.yaml
View File

@ -1,12 +1,14 @@
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
- ../common/templates.yaml
repositories:
- name: bitnami
url: registry-1.docker.io/bitnamicharts
oci: true
- name: bedag
url: https://bedag.github.io/helm-charts/
commonLabels:
installation: databases
releases:
- name: redis
chart: bitnami/redis
@ -14,25 +16,30 @@ releases:
condition: redis.enabled
version: 20.11.3
inherit:
- template: default-env-values
- template: default-env-secrets
- template: common-values-tpl
- template: env-values
- template: env-secrets
- name: postgres16
labels:
bundle: postgres
namespace: databases
chart: bitnami/postgresql
condition: postgres16.enabled
version: 16.6.0
version: 16.6.2
inherit:
- template: default-env-values
- template: default-env-secrets
- template: common-values-tpl
- template: env-values
- template: env-secrets
- name: postgres17
labels:
bundle: postgres
namespace: databases
chart: bitnami/postgresql
condition: postgres17.enabled
version: 16.6.0
version: 16.6.2
inherit:
- template: default-env-values
- template: default-env-secrets
- template: common-values-tpl
- template: env-values
- template: env-secrets

142
installations/platform/helmfile.yaml → helmfiles/platform.yaml
View File

@ -1,36 +1,70 @@
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
- ../common/templates.yaml
repositories:
- name: argo
url: https://argoproj.github.io/argo-helm
- name: db-operator
url: https://db-operator.github.io/charts
- name: zot
url: https://zotregistry.dev/helm-charts/
- name: bedag
url: https://bedag.github.io/helm-charts/
- name: crossplane-stable
url: https://charts.crossplane.io/stable
- name: goauthentik
url: https://charts.goauthentik.io/
- name: minio-standalone
url: https://charts.min.io/
- name: kyverno
url: https://kyverno.github.io/kyverno/
- name: external-dns
url: https://kubernetes-sigs.github.io/external-dns/
- name: keel
url: https://keel-hq.github.io/keel/
- name: uptime-kuma
url: https://helm.irsigler.cloud
- name: external-dns
url: https://kubernetes-sigs.github.io/external-dns/
- name: minio-standalone
url: https://charts.min.io/
- name: db-operator
url: https://db-operator.github.io/charts
- name: zot
url: https://zotregistry.dev/helm-charts/
- name: goauthentik
url: https://charts.goauthentik.io/
releases:
- name: external-dns
chart: external-dns/external-dns
labels:
layer: platform
version: 1.15.2
namespace: platform
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets
- name: keel
chart: keel/keel
version: v1.0.5
labels:
layer: platform
namespace: platform
inherit:
- template: common-values-tpl
- name: uptime-kuma
chart: uptime-kuma/uptime-kuma
version: 2.21.2
namespace: platform
labels:
layer: platform
inherit:
- template: common-values-tpl
- template: env-values
- name: minio
chart: minio-standalone/minio
version: 5.4.0
namespace: platform
labels:
layer: platform
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets
- name: db-operator
namespace: platform
chart: db-operator/db-operator
version: 1.34.0
inherit:
- template: common-values-tpl
- name: db-instances
chart: db-operator/db-instances
@ -39,19 +73,18 @@ releases:
- platform/db-operator
version: 2.4.0
inherit:
- template: default-env-values
- template: default-env-secrets
- template: env-values
- template: env-secrets
- name: zot
chart: zot/zot
version: 0.1.67
createNamespace: false
installed: true
namespace: platform
condition: workload.enabled
inherit:
- template: default-env-values
- template: default-env-secrets
- template: common-values-tpl
- template: env-values
- template: env-secrets
- name: authentik
chart: goauthentik/authentik
@ -62,58 +95,7 @@ releases:
needs:
- platform/db-operator
inherit:
- template: default-env-values
- template: default-env-secrets
- template: common-values-tpl
- template: env-values
- template: env-secrets
- template: ext-database
- name: minio
chart: minio-standalone/minio
version: 5.4.0
namespace: platform
inherit:
- template: default-env-values
- template: default-env-secrets
- name: kyverno
chart: kyverno/kyverno
namespace: kyverno
labels:
bootstrap: true
version: 3.3.7
- name: kyverno-policies
chart: kyverno/kyverno-policies
namespace: kyverno
labels:
bootstrap: true
version: 3.3.4
needs:
- kyverno/kyverno
- name: custom-kyverno-policies
chart: "../../kustomizations/kyverno/{{ .Environment.Name }}"
namespace: kyverno
labels:
bootstrap: true
needs:
- kyverno/kyverno
- name: external-dns
chart: external-dns/external-dns
version: 1.15.2
namespace: platform
inherit:
- template: default-env-values
- template: default-env-secrets
- name: keel
chart: keel/keel
version: v1.0.5
namespace: platform
- name: uptime-kuma
chart: uptime-kuma/uptime-kuma
version: 2.21.2
namespace: platform
inherit:
- template: default-env-values

116
helmfiles/system.yaml
View File

@ -1,3 +1,6 @@
bases:
- ../common/templates.yaml
repositories:
- name: coredns
url: https://coredns.github.io/helm
@ -11,6 +14,18 @@ repositories:
url: https://charts.jetstack.io
- name: metallb
url: https://metallb.github.io/metallb
- name: traefik
url: https://traefik.github.io/charts
- name: local-path-provisioner
url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=master
- name: kyverno
url: https://kyverno.github.io/kyverno/
- name: vmware-tanzu
url: https://vmware-tanzu.github.io/helm-charts/
- name: openebs
url: https://openebs.github.io/openebs
- name: istio
url: https://istio-release.storage.googleapis.com/charts
releases:
- name: coredns
@ -42,7 +57,7 @@ releases:
- template: common-values-tpl
- name: issuer
chart: ./charts/issuer
chart: ../charts/issuer
namespace: kube-system
missingFileHandler: Warn
needs:
@ -50,7 +65,66 @@ releases:
inherit:
- template: common-values
- name: zot
- name: local-path-provisioner
chart: local-path-provisioner/local-path-provisioner
namespace: kube-system
inherit:
- template: common-values-tpl
- name: kyverno
chart: kyverno/kyverno
namespace: kyverno
version: 3.3.7
needs:
- kube-system/cilium
inherit:
- template: common-values-tpl
- name: kyverno-policies
chart: kyverno/kyverno-policies
namespace: kyverno
version: 3.3.4
needs:
- kyverno/kyverno
- name: custom-kyverno-policies
chart: ../kustomizations/kyverno/{{ .Environment.Name }}
namespace: kyverno
needs:
- kyverno/kyverno
- name: metallb
chart: metallb/metallb
namespace: kube-system
condition: base.enabled
version: 0.14.9
needs:
- registry/cluster-mirror
inherit:
- template: common-values
- template: common-values-tpl
- name: metallb-resources
chart: ../charts/metallb-resources
version: 2.0.0
condition: base.enabled
namespace: kube-system
needs:
- kube-system/metallb
inherit:
- template: common-values-tpl
- name: traefik
chart: traefik/traefik
version: 34.4.1
condition: base.enabled
namespace: kube-system
inherit:
- template: common-values-tpl
- template: common-values
- template: env-values
- name: cluster-mirror
chart: zot/zot
version: 0.1.67
createNamespace: false
@ -67,17 +141,41 @@ releases:
version: 3.12.2
namespace: kube-system
needs:
- registry/zot
- registry/cluster-mirror
inherit:
- template: common-values-tpl
- name: metallb
chart: metallb/metallb
- name: openebs
chart: openebs/openebs
condition: tools.openebs.enabled
namespace: kube-system
condition: base.enabled
version: 0.14.9
needs:
- registry/zot
version: 4.2.0
inherit:
- template: common-values-tpl
- template: env-values
- name: velero
chart: vmware-tanzu/velero
namespace: velero
version: 8.7.0
condition: velero.enabled
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets
- name: istio-base
chart: istio/base
namespace: istio-system
version: 1.25.1
inherit:
- template: common-values
- name: istiod
chart: istio/istiod
namespace: istio-system
version: 1.25.1
inherit:
- template: common-values-tpl
needs:
- istio-system/istio-base

2
installations/applications/helmfile-badhouseplants.yaml
View File

@ -111,7 +111,7 @@ releases:
- name: memos
chart: allangers-charts/memos
version: 0.2.0
version: 0.3.0
namespace: applications
inherit:
- template: default-env-values

8
installations/applications/helmfile-etersoft.yaml
View File

@ -27,6 +27,14 @@ releases:
- template: default-env-values
- template: default-env-secrets
- name: memos
chart: allangers-charts/memos
version: 0.3.0
namespace: applications
inherit:
- template: default-env-values
- name: external-service-xray
chart: ../../kustomizations/external-service-xray
installed: true

9
installations/development/helmfile.yaml
View File

@ -1,9 +0,0 @@
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
repositories:
- name: argo
url: https://argoproj.github.io/argo-helm
releases:
- name: badhouseplants
namespace: platform

11
installations/games/helmfile.yaml
View File

@ -13,16 +13,7 @@ releases:
- name: minecraft
chart: minecraft/minecraft
namespace: games
version: 4.25.1
inherit:
- template: ext-tcp-routes
- template: default-env-values
- template: default-env-secrets
- name: team-fortress-2
chart: allangers-charts/team-fortress-2
namespace: team-fortress-2
version: 0.1.2
version: 4.26.1
inherit:
- template: ext-tcp-routes
- template: default-env-values

2
installations/pipelines/helmfile.yaml
View File

@ -26,7 +26,7 @@ releases:
- template: default-env-secrets
- name: renovate-github
chart: renovate/renovate
installed: false
installed: true
namespace: pipelines
version: 39.208.1
inherit:

162
installations/system/helmfile.yaml
View File

@ -1,162 +0,0 @@
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
repositories:
- name: bedag
url: https://bedag.github.io/helm-charts/
- name: metrics-server
url: https://kubernetes-sigs.github.io/metrics-server/
- name: jetstack
url: https://charts.jetstack.io
- name: metallb
url: https://metallb.github.io/metallb
- name: traefik
url: https://traefik.github.io/charts
- name: coredns
url: https://coredns.github.io/helm
- name: cilium
url: https://helm.cilium.io/
- name: vmware-tanzu
url: https://vmware-tanzu.github.io/helm-charts/
- name: openebs
url: https://openebs.github.io/openebs
- name: local-path-provisioner
url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=master
- name: istio
url: https://istio-release.storage.googleapis.com/charts
- name: zot
url: https://zotregistry.dev/helm-charts/
releases:
- name: cert-manager
chart: jetstack/cert-manager
version: v1.17.1
namespace: kube-system
condition: base.enabled
missingFileHandler: Warn
needs:
- kube-system/cilium
inherit:
- template: default-common-values
- template: default-env-values
- name: issuer
chart: '{{ requiredEnv "PWD" }}/charts/issuer'
namespace: kube-public
missingFileHandler: Warn
condition: base.enabled
needs:
- kube-system/cert-manager
inherit:
- template: default-common-values
- template: default-env-values
- name: metrics-server
chart: metrics-server/metrics-server
version: 3.12.2
namespace: kube-system
needs:
- kube-system/cilium
inherit:
- template: default-common-values
- name: metallb
chart: metallb/metallb
namespace: kube-system
condition: base.enabled
version: 0.14.9
needs:
- kube-system/cilium
inherit:
- template: default-common-values
- name: metallb-resources
chart: bedag/raw
version: 2.0.0
condition: base.enabled
namespace: kube-system
needs:
- kube-system/metallb
inherit:
- template: ext-metallb
- template: default-env-values
- name: traefik
chart: traefik/traefik
version: 34.4.1
condition: base.enabled
namespace: kube-system
needs:
- kube-system/cilium
inherit:
- template: default-common-values
- template: default-env-values
- name: velero
chart: vmware-tanzu/velero
namespace: velero
version: 8.5.0
condition: velero.enabled
needs:
- kube-system/cilium
inherit:
- template: default-env-values
- template: default-env-secrets
- template: crd-management-hook
- name: openebs
chart: openebs/openebs
condition: openebs.enabled
namespace: kube-system
version: 4.2.0
needs:
- kube-system/cilium
inherit:
- template: default-env-values
# -- Not versions since it's idnstalled from git
- name: local-path-provisioner
chart: local-path-provisioner/local-path-provisioner
condition: localpath.enabled
namespace: kube-system
needs:
- kube-system/cilium
inherit:
- template: default-env-values
- name: istio-base
chart: istio/base
condition: istio.enabled
namespace: istio-system
inherit:
- template: crd-management-hook
- name: istio-ingressgateway
chart: istio/gateway
condition: istio.enabled
installed: false
namespace: istio-system
needs:
- istio-system/istio-base
inherit:
- template: default-env-values
- name: istiod
chart: istio/istiod
condition: istio.enabled
namespace: istio-system
inherit:
- template: default-env-values
needs:
- istio-system/istio-base
- name: zot-mirror
chart: zot/zot
version: 0.1.67
createNamespace: false
installed: true
namespace: kube-system
inherit:
- template: default-env-values
- template: default-env-secrets

51
kustomizations/kyverno/badhouseplants/pvc-patch.yaml
View File

@ -4,6 +4,19 @@ metadata:
name: replace-storage-class-by-openebs
spec:
rules:
- name: local-path-fix
match:
any:
- resources:
kinds:
- PersistentVolumeClaim
namespaces:
- registry
mutate:
patchStrategicMerge:
metadata:
annotations:
volume.kubernetes.io/selected-node: bordeaux
- name: replace-storage-class
match:
any:
@ -24,22 +37,22 @@ spec:
storageClassName: openebs-hostpath
accessModes:
- ReadWriteOnce
- name: remove-unwanted-annotations
match:
any:
- resources:
kinds:
- PersistentVolumeClaim
namespaces:
- games
mutate:
patchesJson6902: |-
- path: "/metadata/annotations/volume.beta.kubernetes.io~1storage-class"
op: replace
value: openebs-hostpath
- path: "/metadata/annotations/volume.beta.kubernetes.io~1storage-provisioner"
op: replace
value: openebs.io/local
- path: "/metadata/annotations/volume.kubernetes.io~1storage-provisioner"
op: replace
value: openebs.io/local
#- name: remove-unwanted-annotations
# match:
# any:
# - resources:
# kinds:
# - PersistentVolumeClaim
# namespaces:
# - games
# mutate:
# patchesJson6902: |-
# - path: "/metadata/annotations/volume.beta.kubernetes.io~1storage-class"
# op: replace
# value: openebs-hostpath
# - path: "/metadata/annotations/volume.beta.kubernetes.io~1storage-provisioner"
# op: replace
# value: openebs.io/local
# - path: "/metadata/annotations/volume.kubernetes.io~1storage-provisioner"
# op: replace
# value: openebs.io/local

0
values/badhouseplants/secrets.postgres16.yaml → values/badhouseplants/databases/postgres16/secrets.yaml
View File

0
values/badhouseplants/values.postgres16.yaml → values/badhouseplants/databases/postgres16/values.yaml
View File

0
values/badhouseplants/secrets.postgres17.yaml → values/badhouseplants/databases/postgres17/secrets.yaml
View File

0
values/badhouseplants/values.postgres17.yaml → values/badhouseplants/databases/postgres17/values.yaml
View File

0
values/badhouseplants/secrets.redis.yaml → values/badhouseplants/databases/redis/secrets.yaml
View File

0
values/badhouseplants/values.redis.yaml → values/badhouseplants/databases/redis/values.yaml
View File

0
values/badhouseplants/secrets.minecraft.yaml → values/badhouseplants/games/minecraft/secrets.yaml
View File

106
values/badhouseplants/values.minecraft.yaml → values/badhouseplants/games/minecraft/values.yaml
View File

@ -1,33 +1,15 @@
service-account:
enabled: true
resources:
- name: minecraft-exporter
label:
app: minecraft-minecraft-metrics
endpoints:
port: metrics
traefik:
enabled: true
tcpRoutes:
- name: minecraft-tcp
entrypoint: minecraft
gateway: istio-system/badhouseplants-minecraft
match: HostSNI(`*`)
service: minecraft-minecraft
port: 25565
# --------------------------------------------------
# -- Main values
# --------------------------------------------------
image:
#tag: java21-graalvm
tag: java21-jdk
tag: java23-graalvm
pullPolicy: Always
resources:
requests:
memory: 3.5Gi
memory: 2.5Gi
cpu: 2.5
limits:
memory: 3.5Gi
memory: 2.5Gi
lifecycle:
postStart:
- bash
@ -52,32 +34,23 @@ readinessProbe:
successThreshold: 1
timeoutSeconds: 20
minecraftServer:
memory: 3000M
memory: 2000M
jvmOpts: |
-server
jvmXXOpts: |
-Xms3000G -Xmx3500G -XX:+UseG1GC -XX:+UnlockExperimentalVMOptions -XX:G1NewSizePercent=20 -XX:G1ReservePercent=20 -XX:MaxGCPauseMillis=50 -XX:G1HeapRegionSize=32M
-Xms2000G -Xmx2500G -XX:+UseG1GC -XX:+UnlockExperimentalVMOptions -XX:G1NewSizePercent=20 -XX:G1ReservePercent=20 -XX:MaxGCPauseMillis=50 -XX:G1HeapRegionSize=32M
overrideServerProperties: true
eula: "TRUE"
onlineMode: false
difficulty: hard
hardcore: true
version: "1.21.1"
version: "1.21.4"
maxWorldSize: 90000
type: "FABRIC"
gameMode: survival
pvp: true
modUrls: []
serviceType: NodePort
#- https://github.com/CaffeineMC/lithium-fabric/releases/download/mc1.20.1-0.11.2/lithium-fabric-mc1.20.1-0.11.2-api.jar
#- https://github.com/CaffeineMC/sodium-fabric/releases/download/mc1.20.1-0.5.11/sodium-fabric-0.5.11+mc1.20.1.jar
#- https://github.com/CaffeineMC/lithium-fabric/releases/download/mc1.20.1-0.11.2/lithium-fabric-mc1.20.1-0.11.2.jar
#pluginUrls:
# - https://github.com/dmulloy2/ProtocolLib/releases/download/5.2.0/ProtocolLib.jar
# - https://mediafilez.forgecdn.net/files/3789/833/GravityControl-2.0.0.jar
# - https://mediafilez.forgecdn.net/files/3151/915/CrackShot.jar
# - https://s3.badhouseplants.net/public-download/MechanicsCore-3.4.8.jar
# - https://s3.badhouseplants.net/public-download/WeaponMechanics-3.4.9.jar
rcon:
enabled: true
withGeneratedPassword: false
@ -85,7 +58,7 @@ minecraftServer:
serviceType: ClusterIP
extraPorts:
- name: metrics
containerPort: 9225
containerPort: 19565
protocol: TCP
service:
enabled: true
@ -93,12 +66,11 @@ minecraftServer:
labels:
exporter: minecraft
type: ClusterIP
port: 9925
port: 19565
ingress:
enabled: false
persistence:
storageClass: openebs-hostpath
#storageClass: local-path
dataDir:
enabled: true
Size: 9Gi
@ -121,35 +93,6 @@ mcbackup:
persistence:
backupDir:
enabled: false
# ---------------------------------------------
# -- Install Plugins
# ---------------------------------------------
initContainers:
- name: 0-download-mods
image: alpine/curl
command:
- curl
- -L
- "https://s3.badhouseplants.net/minecraft-mods/server_mods.tar"
- -o
- /download/server_mods.tar
volumeMounts:
- name: download
mountPath: /download
readOnly: false
- name: 1-copy-plugins-to-minecraft
image: ubuntu
command:
- sh
- -c
- cd /mods && tar -xvf /download/server_mods.tar || true
volumeMounts:
- name: plugins
mountPath: /mods
readOnly: false
- name: download
mountPath: /download
readOnly: false
extraVolumes:
- volumeMounts:
- name: plugins
@ -162,3 +105,36 @@ extraVolumes:
- name: download
emptyDir:
sizeLimit: 500Mi
extraDeploy:
- |-
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: minecraft
spec:
endpoints:
- interval: 30s
port: metrics
scrapeTimeout: 10s
path: '/'
namespaceSelector:
matchNames:
- games
selector:
matchLabels:
app.kubernetes.io/instance: minecraft
- |-
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: minecraft-tcp
spec:
entryPoints:
- minecraft
routes:
- match: HostSNI(`*`)
services:
- name: minecraft
nativeLB: true
port: 25565

18
values/badhouseplants/kube-system/namespaces/values.yaml
View File

@ -2,20 +2,36 @@ namespaces:
- name: registry
- name: kube-system
defaultRegcred: true
- name: production
defaultRegcred: true
- name: kyverno
defaultRegcred: true
- name: velero
defaultRegcred: true
- name: observability
defaultRegcred: true
- name: databases
defaultRegcred: true
- name: istio-system
defaultRegcred: true
- name: applications
defaultRegcred: true
labels:
istio-injection: disabled
istio-injection: enabled
- name: platform
defaultRegcred: true
- name: games
defaultRegcred: true
- name: team-fortress-2
defaultRegcred: true
- name: pipelines
defaultRegcred: true
- name: public-xray
defaultRegcred: true
labels:
istio-injection: disabled
- name: org-badhouseplants
defaultRegcred: true
- name: org-allanger
labels:
istio-injection: enabled

1
values/badhouseplants/values.openebs.yaml → values/badhouseplants/kube-system/openebs/values.yaml
View File

@ -1,6 +1,7 @@
localpv-provisioner:
hostpathClass:
isDefaultClass: true
zfs-localpv:
crds:
zfsLocalPv:

0
values/badhouseplants/values.traefik.yaml → values/badhouseplants/kube-system/traefik/values.yaml
View File

22
values/badhouseplants/kube-system/zot-mirror/secrets.yaml
View File

@ -1,22 +0,0 @@
authHeader: ENC[AES256_GCM,data:nmlP0vRoKJRivvwJArnEO26sqIwFtnK5MYVPJBBCmAGCPpe/U00gYu6JET0gPqGV,iv:+GZwWrxoWw0mAZxZdITBLtHgRKYIyaj/NQwHbD8KppA=,tag:MAer3FiaBxyNwJr0BbDtow==,type:str]
_mirror_password: ENC[AES256_GCM,data:W2xy2RMmD4d6N+DNceIgtDGUpygOGEbWgGa9Icsy,iv:YsQfm/EmBYY35q2irlZ2rmzkbJzlFnfgMSEKq0G1I5o=,tag:7rNG02Wm9g8GUXeM4nTHqA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVUlyVFZWcWFuWnEyS2Nv
Tkx6aTZKY1czQ25RTHhKNWNNQ0xIaWJLb1VFCkdoT0RBTW9EWG8zbzYxekdsUEY2
bE9nQUthV3NCa0kzRnBwZ2U2MWlVNzAKLS0tIFY4RVJDM05ZVmR3NEt5YUlpOWZa
ZVc1bmJnU1o4U3NGaGN0Sk90YTR0ckkK8gmkHty4Gwt4vuVK3xhWWg4h/EgvJULh
Trgn0lzx2pCThg/+82u5J1T/QLXdbbDFFFwGldiMwNjZQfpOmrZpVw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-26T21:04:45Z"
mac: ENC[AES256_GCM,data:cTN6wq1m1XtsfNujCfQ4nKtX1Pkc8MFCipUeScDLJUuZZwg4St0h1OkYtYJBWeVSt3CSjjexQpb7Oi9K8wukboIVevaIj0BTT1hkf2ZUFeIV8W62mtftfdRex0yJ/4h1gTZaYBhHEw+qD6r+XvavDs1m22FF5RuF+5qfGUEWA4I=,iv:RsVuXbLVfZSJ7AkIvEdf7H2auFTiqXgpXLe/LbATAo8=,tag:1V5eIiJzjzv4C1JNNf5Quw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

6
values/badhouseplants/org-badhouseplants/app-gitea/values.yaml
View File

@ -41,8 +41,7 @@ gitea:
metrics:
enabled: true
serviceMonitor:
# -- TODO(@allanger): Enable it once prometheus is configured
enabled: false
enabled: true
config:
database:
DB_TYPE: postgres
@ -59,13 +58,14 @@ gitea:
MAX_CREATION_LIMIT: 0
DISABLED_REPO_UNITS: repo.wiki
service:
DISABLE_REGISTRATION: false
DISABLE_REGISTRATION: true
server:
DOMAIN: gitea.badhouseplants.net
ROOT_URL: https://gitea.badhouseplants.net
LFS_START_SERVER: true
LANDING_PAGE: explore
START_SSH_SERVER: true
ENABLE_PPROF: true
storage:
STORAGE_TYPE: minio
MINIO_ENDPOINT: "s3.badhouseplants.net:443"

15
values/badhouseplants/org-badhouseplants/app-stalwart/values.yaml
View File

@ -50,13 +50,14 @@ extraVolumes:
emptyDir: {}
ingress:
main:
annotations:
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.class: traefik
kubernetes.io/ingress.global-static-ip-name: ""
kubernetes.io/tls-acme: "true"
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
metadata:
annotations:
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.class: traefik
kubernetes.io/ingress.global-static-ip-name: ""
kubernetes.io/tls-acme: "true"
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
config:
files:
config:

33
values/badhouseplants/org-badhouseplants/app-vaultwarden/secrets.yaml
View File

@ -1,31 +1,26 @@
config:
env:
secrets:
enabled: ENC[AES256_GCM,data:C4TSoQ==,iv:kG2QtaNWHSc2sdhzo8HnMnPE0Mixqs1dvFsAcke/Gw4=,tag:HhbVmIw5RQ9hipQqZ5J2pw==,type:bool]
sensitive: ENC[AES256_GCM,data:0wVOUg==,iv:FGxAd9h2e0LeWukZR/THhCscF3FWoK4dnkrX1mqSC+A=,tag:0rpeedT6x2V79WB5xRNbuA==,type:bool]
enabled: ENC[AES256_GCM,data:bai2CQ==,iv:NG7q1ZsDpCW9Lu00fGsibpTEHGtew+l5TFOLOpljlwU=,tag:Z2/fXmsEEqhDzCdTWS/Qhw==,type:bool]
sensitive: ENC[AES256_GCM,data:n+dNXA==,iv:iFM0+5G5Bsw4NI+JH1vMMrty3Zo0El0HE9F6PEDsJrY=,tag:EcbzQHVeOHVLVC7kgaRPXw==,type:bool]
data:
SMTP_USERNAME: ENC[AES256_GCM,data:82zb,iv:Z89+Wt6jGMQTZ73ghk1Ey504WYt2Li9XQ2gaH0SB8tI=,tag:RmqHxghik75E9LAABzyVxA==,type:str]
ADMIN_PASSWORD: ENC[AES256_GCM,data:ELi8dtNa/OhQKgrXbrgwHK95ntZjyzRSvQ==,iv:IVZbXZlFyCRMc3bW81Ak9UdjeGke0px9mGqrmaW7EHk=,tag:9xli08c0pqnxu2ktTbCMcg==,type:str]
ADMIN_TOKEN: ENC[AES256_GCM,data:CAAalqRcu9vsM1bjC76enJCSX/tc7yOd48mxGV0d5rTFxQz08b4JVhKyMzl7BRog7+PMtJkkTnRIXZHgj31FqhRylmHyuAn3iPc=,iv:PpZvZMhOEt6ecdkBcvAOSz+eZktPAzaAlYNjBSgiN/w=,tag:apHKw66HG7TYnpBNVyM7xA==,type:str]
SMTP_USERNAME: ENC[AES256_GCM,data:eQ4c,iv:4vX/ioHWEA6DzMwZ+23dgUN4PJ7Asz7bbufG5Fy80iI=,tag:1Mq0Hj/23T4fvGEXuNUtxA==,type:str]
ADMIN_PASSWORD: ENC[AES256_GCM,data:B08urSqwYgekI6I5LDYGHbPK5n3r+woRZw==,iv:K2O9aSJLRMbK+N2lfX4ojSqhbmb9KbWsuW2DtYZHCOA=,tag:Qz0OJ7aWwC+/9d1oc38ySw==,type:str]
ADMIN_TOKEN: ENC[AES256_GCM,data:sKVugfrrR9L5LtozHPibGiPULiwv8pAot925Z/rQ0V/mW+DVvNPEw4odgfX596Ddmd8oV5zo5Mz8WIPUCmrVmfdoz+3YzVywEy8=,iv:npthfz4xcW6fF10RhHCF6uXH/6526l3gjZGRu+Xpylg=,tag:vsPsRZ7EIQ7FMvqJga3hhg==,type:str]
DATABASE_URL: null
SMTP_PASSWORD: ENC[AES256_GCM,data:g212PzN9/4hxBKMAWFNiR0qAnPPK/tkffg==,iv:1l6dikIQGSjznW9MsaCTdz0wLJmAhiL0ZOdN2J4Q0yA=,tag:tNbPdORUa6IBWgh0HHaNjA==,type:str]
SMTP_PASSWORD: ENC[AES256_GCM,data:quvcZQKauXeW+l8xkYgVBElBQveoRWKDBA==,iv:KpQH+Ef87jl/M9XpBtIKNhn7ATHoV+Jgjpzg2Li28Kg=,tag:jniePrO7UVp/cz/eIh19mg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoLys3dkJDK2lrQ0d4ZlJi
eFRTSmx1RUtZRnpxdkNvVFFCeXl6dDcvWXdvCitoNkcwVFFxRVJ6dkNUbGVPb1pU
b3E4ZjZibFF6QytNdUhXNDFLZXRpSEUKLS0tIHpZTmFXNnptVzJmZFhIU2haRWhR
UjNEN1BlREFVak1xdmQzaFY1dHVyM3cKuvMIrQUL1cuw3Odz/Cv+kZV9ZZzBozSW
XimhDSkxNrH5OsGC1Jxz/8JOv8abBs4NROzffVdyqtZZzXOLzw3mJQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGNnFwbWFpTWgxRk45S240
cVI5ekJXdVIwaG5NcGRPa2xTN2pFV2tyN1JBClNVMGhNL2FaM2pCK0sxbjgyalJN
MnpQeHBxY2RtWkI2c1htV3oyQmNnbVUKLS0tIGg4ZXNwaFRKNTlIRDluT3k0VDRD
Y3pIaEdFb1JwMnVrYnJ4UkpWMERmZFUKa45EvUqkvjaL85xh3gyxTeJ02IxPJf9a
TGjAvpjBrym9v++OrHn2otw1NOeZwSP1hmSCc+sa6/0yFqcU031xjQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-02T08:58:16Z"
mac: ENC[AES256_GCM,data:px+D6tlAZU6GzlE8/jLc0BaPyRwsfE1jRROy2mX7bhFTIW3lZqt/zangO46fFH5hXZjY5wLNIktCDbawIbUFwAp0vrmXxctZoAftl9hpdtW6ann3yfyv3pdcs7/BKu3s5QUswx6D13iLU0dvzyG4vGcQNmKpxuPQYLuDp2o74hM=,iv:2Y+wsS7QcgQ/8umZ+a21QjU25Yq24Y7UWjXVy9Gmvoo=,tag:APVtby5NCOQxrPAjIbMJ+w==,type:str]
pgp: []
lastmodified: "2025-04-01T10:29:47Z"
mac: ENC[AES256_GCM,data:VmYotoR4BJJv2mZ+kt+NNn+oXLKWHed0o/TkJO93/4eLUm8Wg9SPMA1ZYYe9YRfgbIhYxPlQbPPKQBv95XeOS1FFL24VyenTTP3TXWroeXxOWubko/Fp88U3glJXs5jfL5DLYKvGwTXG3tchFDwH9m6QOABX+aRxvNBEP5zXUxs=,iv:HMzuvl8YCPj9ZA5tKfExQfSbvwu4IEHz6sMLAe8g7vo=,tag:lI2fh1b7prHsBS8Snrbdtw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.9.4
version: 3.10.0

0
values/badhouseplants/secrets.authentik.yaml → values/badhouseplants/platform/authentik/secrets.yaml
View File

5
values/badhouseplants/values.authentik.yaml → values/badhouseplants/platform/authentik/values.yaml
View File

@ -14,10 +14,10 @@ ext-database:
database: "{{ .Database }}"
authentik:
email:
host: email.badhouseplants.net
host: stalwart.badhouseplants.net
port: 587
username: bot@badhouseplants.net
use_tls: false
use_tls: true
use_ssl: false
timeout: 30
from: bot@badhouseplants.net
@ -26,7 +26,6 @@ authentik:
user: file:///postgres-creds/username
password: file:///postgres-creds/password
name: file:///postgres-creds/database
secret_key: "2Scv6ivCfV6uGRTx9Kg5CYJ2KjBRHpR8GqSBearnBYvBFZBwR7"
# This sends anonymous usage-data, stack traces on errors and
# performance data to authentik.error-reporting.a7k.io, and is fully opt-in
error_reporting:

29
values/badhouseplants/platform/db-instances/secrets.yaml Normal file
View File

@ -0,0 +1,29 @@
dbinstances:
postgres16:
secrets:
adminUser: ENC[AES256_GCM,data:uuu/xvwJkHk=,iv:Pk+i8bf7AeeG9wKVh1RDJy7Dt3r5b1UKy4SJijlZfq0=,tag:QO3gwYXAG0sBBuHcKfTNQg==,type:str]
adminPassword: ENC[AES256_GCM,data:tjWATjuJT+C97D4TLQgk55BZOwVv,iv:1MWYtksmrEBQtOdGvtc6MZyLP4yBKA88eIpQ4mZCULM=,tag:3hOlT5n2Wd81ebxeEgW5tw==,type:str]
postgres17:
secrets:
adminUser: ENC[AES256_GCM,data:4w2EItIM++Q=,iv:cQLryeBskm2Y9OlbMFgQEWEBi7z/VxucLWbwZXsRtto=,tag:Ir2Q7KZv/sSDdA1MX/Niqw==,type:str]
adminPassword: ENC[AES256_GCM,data:wHUL2p8CXYwoEFu3ffCCsQO9xn/GqOZ6JPrcHKzy,iv:khoogPPFHSd+4xyp+jf1w0RfOUgrKzAmFjLnisQ8HXU=,tag:GRnkCQ0uOlUt2AiEAceFRQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuL1lwdVNHMm9nZHRld2lO
Rm4xVnVHWG9hNDc1cUVyakxzUU1PcFJhalM4CkNicEdUV2lEYWMwaWNqeGcrQ2p1
Qmw1b1FzRllqYW85bjF0cmRGcW1MbjQKLS0tIENUcG1oOXFNV3REaFU0aUEyd2k4
RDgzRmlKT1ArblpOV1plcFpyMnJXZTQKgm8Eaw591+EHZWofXAADTXRHPOdOvdOM
jYne1szB/V9UJz+pmLa10tNgruga+P5yP/j+DGcYrTj0pVh5IJLjTA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-30T19:59:46Z"
mac: ENC[AES256_GCM,data:3KrwiArDx/bPAHbFGgb9BdDVHC+uC1IHp4LZXlYRZzWSKtX1t+ODQVzUW97kigGFG1sx6WXddl/w3XeNOoT9JbS5iPXJQe6KAPleNV50S/oab+U53WeloO8uL68Wrk9v/NwMhCKwE9cCqBBhqk7wCb6N9ivt45mLrUf06L8fok0=,iv:bOWhyIm8FhKtZAZH/78bukkeDp5P4XShSD20mgr4Neo=,tag:RZMx9bi+ZEcLwTzk+Gm8RQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

21
values/badhouseplants/platform/db-instances/values.yaml Normal file
View File

@ -0,0 +1,21 @@
dbinstances:
postgres16:
monitoring:
enabled: false
adminSecretRef:
Name: postgres16-secret
Namespace: databases
engine: postgres
generic:
host: postgres16-postgresql.databases.svc.cluster.local
port: 5432
postgres17:
monitoring:
enabled: false
adminSecretRef:
Name: postgres17-secret
Namespace: databases
engine: postgres
generic:
host: postgres17-postgresql.databases.svc.cluster.local
port: 5432

0
values/badhouseplants/secrets.external-dns.yaml → values/badhouseplants/platform/external-dns/secrets.yaml
View File

0
values/badhouseplants/values.external-dns.yaml → values/badhouseplants/platform/external-dns/values.yaml
View File

0
values/badhouseplants/secrets.minio.yaml → values/badhouseplants/platform/minio/secrets.yaml
View File

2
values/badhouseplants/values.minio.yaml → values/badhouseplants/platform/minio/values.yaml
View File

@ -56,7 +56,7 @@ consoleService:
port: '9001'
resources:
requests:
memory: 2Gi
memory: 1Gi
buckets:
- name: badhouseplants-net
policy: download

0
values/badhouseplants/values.uptime-kuma.yaml → values/badhouseplants/platform/uptime-kuma/values.yaml
View File

0
values/badhouseplants/secrets.zot.yaml → values/badhouseplants/platform/zot/secrets.yaml
View File

27
values/badhouseplants/platform/zot/values.yaml Normal file
View File

@ -0,0 +1,27 @@
image:
repository: ghcr.io/project-zot/zot
tag: v2.1.3-rc4
ingress:
enabled: true
className: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
pathtype: Prefix
hosts:
- host: zot.badhouseplants.net
paths:
- path: /
tls:
- secretName: zot.badhouseplants.net
hosts:
- zot.badhouseplants.net
service:
type: ClusterIP
persistence: false
pvc:
create: false
mountConfig: true
mountSecret: true

0
values/etersoft/registry/zot/secrets.yaml → values/badhouseplants/registry/cluster-mirror/secrets.yaml
View File

35
values/badhouseplants/secrets.renovate-github.yaml
View File

@ -1,22 +1,17 @@
secrets:
RENOVATE_TOKEN: ENC[AES256_GCM,data:NwkAP50vrUc7dVB0wyWTgFDd+axltTqdyXuXFHHkmO2VF4QyV/svsw==,iv:kr53r5w7lVo9luC36mHghZ8fabo6/da8vLFEzhEOgDE=,tag:UnGnSXuvwlSzVuL6pEUXsw==,type:str]
RENOVATE_TOKEN: ENC[AES256_GCM,data:ohd4EhTlhRpQ+IXVf1Nb73+h0VHrMZduPhkbm53s3/+HRKUZd7JepA==,iv:qtbH0lz9Li+jjWcef6JGRpbcsOGlG+e3TNHDukAK2HE=,tag:KVmari0LUGHVb61VSFtgXw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtZDVVZm1UallMRzJpRVF0
b2dHaUJlQldOeHN5RVhydm5oaG52ZG95SVVzCkZ0enk4Mit4KzV6Z0ErTmxhU29W
R0p6NVBiRjFSU0NWUjNKdGU2WXdrcFUKLS0tIHFURlFVLzJ5NkJVRVpCV2I5U2E4
dE1VWExmY0xEdVlrZW8wRzlPRkVrRzAKVZHyy3AGktGuv7KEQX/M0xjyU/7FpgSB
OrWzXXds9h8PWC/19FU2puvdIER1G/2CajEq0PQmaC9YMvb8nLMv0w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-14T08:08:22Z"
mac: ENC[AES256_GCM,data:5FV7wwVyhB1UQOLW+iYyeImXAPv3dtTlw3Qjg2rBVBmbC8vHNpXFWloBhFeTSN4VAEjxm5tqACdP3IfNkrVT1SnYeySh6Xl/sdcAuAIao7uMjLDT/MK02AcS55T9pt7h+H4nkdNatMAX7jLKbHJwNoAnL5a/FgX+gKizAg4PRHc=,iv:7HRq2xMClJXYF2S9SQeYLZwCn2EOEc4JkEFzgze2e20=,tag:Fb3fm+wlnywr0hBfw5xyQQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4TGozODRjVzQvdzlvSE5s
RTlReWNSWDlzUVVLVmZXV1c3dWVwUU9hbWw4CnJUL20yTFpHMUJFWTdYQ2JWUisx
Y0djU2FhaEtVSTlRWEY3Z0RnOUhVVjAKLS0tIEZEUjhqUTRtTEo0L3haWFlRT2JS
QTFVWU5RSTBldzBjalg1TFBDY3hGUEEKCH1rY+tGtRNGMYrfSjqXbVsrPAleVHDO
Altiz0ceC5ODo01zwBf63vDVqjZtbIQNZ8oQ8Pjlktp3jCpL7JNK9A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-01T08:52:26Z"
mac: ENC[AES256_GCM,data:6PyWgR3f7lnen5Jun04Tsw1P7rcAgTSuF+YEh0fq3r3xHvQYFGesfEO4PHLfCGYtjyyCeyzpwBUIoUHTmI5tRYjLwjwRiIu/GH75eSLOx0y0gYMl8JUeaPxSpPvElpii3XAm7vKEJhTR9QzNuzduf0Q1JdlR6TM68XM8g78zeSc=,iv:CqTrPYoLg4IgW5zTsIcmGQUg5RfK+IQmxeQIQbd6oqk=,tag:P8Je5EhAv5TqqT77nPwlHw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.1

37
values/badhouseplants/secrets.server-xray-public-edge.yaml
View File

File diff suppressed because one or more lines are too long

37
values/badhouseplants/secrets.server-xray-public.yaml
View File

File diff suppressed because one or more lines are too long

26
values/badhouseplants/secrets.velero.yaml
View File

@ -1,26 +0,0 @@
credentials:
useSecret: ENC[AES256_GCM,data:7gOgTQ==,iv:Wiutik5u1CZ3jkI5lL4JLwvKDQrjNPSfmnyet7SBVzo=,tag:SYm+fm393zhqNMKejQfYKw==,type:bool]
name: ENC[AES256_GCM,data:NKs3qbFPKGIhXI7lzGTq,iv:MWumBc7eHro/P1oLZxQArvfoWmdJN+S0d/Qxb+ohI9E=,tag:pxJQzB82Us+UflGc271wGg==,type:str]
secretContents:
hetzner: ENC[AES256_GCM,data:tlumlKIfwugQj5Dj8Lu9HuEcKRv8v/JhTTz4oOvRavxmeBIGElfn/MyWbK68pagfDatyKsrYjqPTutYykJWVOWdHFOCIXunnI8vkDbzpxAH0BqyZQrek3s4mkTOPJkjfW6V1MNr5AvWMYLwptcIp2Q==,iv:E3jBlMgIXzuLCNVxEBlTiiVpLCdEolJuv96bSYamwLI=,tag:4zkhZUu+on0K1zF4/8tiWQ==,type:str]
etersoft: ENC[AES256_GCM,data:/kQ9eCnHIfDSzHxy2tbVgwe7C0cF+l5LaKCgksodxUJgxTQs2pJHyx4cluoW62RwOQKHxMCy3IaqphD2zZOIVKbR0q3xVmBoxcBxrKE5UIlSxbQ=,iv:YcJF8OMiFMz147c8lXVU+ccjq1okYnHiwUvJLmJHi20=,tag:hnwtfAkBCpZUy4TEGtMOOw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiaW9NQVR6OGtLV3ZqMThn
bWsrcGZKNVk1cXB2aDc5RnRNbTMwZVoyRERVCnEyQ2tFSlZmTnhRdGQxNW1BVGNs
QzBjM2tXWnhQYTBaR1pUZnUzMWpYTmMKLS0tIGQ1emdDNlVGdzNWRlRQcU5xSWxB
bWdPdVF3RjU0Z0RQWXZWVUVocVBTeWsKogQ3kmwrShfBOwMC+JHNiavRHryv+WNY
dkUkONkUH5HEWN/6M7bsMMqjkH0D/upD5UXOXr4fiibcM/w+XI/BpA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-16T14:51:45Z"
mac: ENC[AES256_GCM,data:65vGxoFLwH9WpxvqKYi1FEb8DhRWpq4K5cTjfqQEXDxbzKDk/RjTtHpFZ2iLnAOcL2ECvL+JU9yPeM7fS06nTW/TC/oP3yNGfyJp84IWNzrBVBE8HCTaXthxcRSIbGwvdCihViT4gZU7VkMaDt1WnEesjq/KQqcK/TSpCxhSyjI=,iv:HPfV3MRyeilrAFprdsLT6H//V74YzRiGM8O7TmU/g5c=,tag:tQHA6JW5ELAUXzIlJdLYFA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

8
values/badhouseplants/values.gitea.yaml
View File

@ -40,11 +40,11 @@ replicaCount: 1
clusterDomain: cluster.local
resources:
limits:
memory: 1024Mi
memory: 1.5Gi
cpu: 1
requests:
cpu: 1
memory: 1024Mi
memory: 1.5Gi
persistence:
enabled: true
size: 15Gi
@ -57,8 +57,7 @@ gitea:
metrics:
enabled: true
serviceMonitor:
# -- TODO(@allanger): Enable it once prometheus is configured
enabled: false
enabled: true
config:
database:
DB_TYPE: postgres
@ -82,6 +81,7 @@ gitea:
LFS_START_SERVER: true
LANDING_PAGE: explore
START_SSH_SERVER: true
ENABLE_PPROF: true
storage:
STORAGE_TYPE: minio
MINIO_ENDPOINT: "s3.badhouseplants.net:443"

13
values/badhouseplants/values.istiod.yaml
View File

@ -1,13 +0,0 @@
pilot:
resources:
requests:
cpu: 50m
memory: 2048Mi
global:
proxy:
resources:
requests:
cpu: 20m
memory: 128Mi
limits:
memory: 128Mi

41
values/badhouseplants/values.memos.yaml
View File

@ -2,25 +2,34 @@ shortcuts:
hostname: notes.badhouseplants.net
ext-database:
enabled: true
name: memos-postgres17
instance: postgres17
name: memos-postgres16
instance: postgres16
credentials:
MEMOS_DRIVER: postgres
MEMOS_DSN: "{{ .Protocol }}://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable"
base:
workload:
containers:
memos:
envFrom:
main: {}
raw:
- secretRef:
name: memos-postgres16-creds
workload:
containers:
memos:
envFrom:
- main
- secretRef:
name: memos-postgres16-creds
storage:
data:
metadata:
annotations:
volume.kubernetes.io/selected-node: bordeaux
storageClassName: openebs-hostpath
ingress:
main:
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
metadata:
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure

4
values/badhouseplants/values.prometheus.yaml
View File

@ -1,7 +1,3 @@
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
coreDns:
enabled: false
kubeEtcd:

21
values/badhouseplants/velero/velero/secrets.yaml Normal file
View File

@ -0,0 +1,21 @@
credentials:
useSecret: ENC[AES256_GCM,data:JeoOyQ==,iv:fu/UL5pN+RfYRluV1ipqbJ7AMmb6mBzo9Cs8MEaH90g=,tag:SXueO8IzwQ12MjSQUx5K4A==,type:bool]
name: ENC[AES256_GCM,data:jHBOoXdfbcm9/tWworFG,iv:EZdqinT6tBFS2t7/l3bA2A5OspmmXVBhlM4ENIMlWeI=,tag:ltP1tFsWxRiQV8GgNe2RmA==,type:str]
secretContents:
hetzner: ENC[AES256_GCM,data:cLAnAdz3RlBE4YOVDIcQ+gjWxsA2jsNJgh2zkBV9LbPHU2eJDaLmQIzGov28vQK0tpdGBk8uncjg7eLVpqQFnn/+4mbMrCICLNqeNYJNG9sTRhBoA8EqODRQ7mJoHMdvSqk8dp+9nGXrgO/HCKZCbg==,iv:pEQbq9pqWcuUG3Jj93QNbD4N9a/NxLPc1XqmfYNdOoc=,tag:Ss8hyMYYm24UG2aVXw6MQQ==,type:str]
etersoft: ENC[AES256_GCM,data:f7opp9R8bLoOSqpzJdjUXiVHF0hxH3uE+fRQfgEA/G0wDrPio6SPNUG+ROeZCrLJgizFTR6x4/r/yTIglEeaa9aefF1OG9dEdlpko7AALnf3DYQ=,iv:NGXNl5BbQS5dgVn5wNqN7ba11AeDgHXPloYTBC95l2E=,tag:kA/7bvS9h20/a7se5e1zUg==,type:str]
sops:
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2emd4d1gyWjlYL3dYRmw4
Y2J0UkJaMTR6b0NsNTVzcTBHMXJ3WnNRdWlJCnB0ZEJmclRzY0Y1WEsvQmRWYU9k
cDRtQ3J4azNBUnN5bVUvdm9EbEo1ZHcKLS0tIGN6L0VpTWlQNm1sVnA4UldBbk9C
Q1dWek5PVjNkZUdJYllJSTZhQ1p0QU0K4LFd1ITs38M101fqy6KZGZ43x4Ou3VtB
EN1uxBEt5AdfX4F+FbOnA5qAOUdRRN31TjIXs948E/1vgm8zRxSx1Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-02T21:11:55Z"
mac: ENC[AES256_GCM,data:ArJNDbctyrzJIVo9CojFPAKlhW9xCBYvfpA27iG2YGWYfCRQ0uAIVmUn0jVsbfYWdtQ5WZD7p05itXMobQMMlFlv3twi7B7taXYXQQzZghhOCVJBYo8I3gFl9wxVpKHNc+WxuerFCQUCOXyBMI9CLmXsKBwlciLl78OSU6SMe/s=,iv:wHFF4yhYLs6QjOcvcU4WDpNyjQZl0dI42mouVR/43Eo=,tag:notDIF/S/r7MlYogftz9aA==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.1

12
values/badhouseplants/values.velero.yaml → values/badhouseplants/velero/velero/values.yaml
View File

@ -1,10 +1,3 @@
initContainers:
- name: velero-plugin-for-aws
image: velero/velero-plugin-for-aws:v1.11.0
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /target
name: plugins
configuration:
logLevel: error
repositoryMaintenanceJob:
@ -17,7 +10,7 @@ configuration:
backupStorageLocation:
- name: hetzner
provider: aws
plugin: velero/velero-plugin-for-aws:v1.11.0
plugin: velero/velero-plugin-for-aws:v1.11.1
bucket: badhouseplants-backups
accessMode: ReadWrite
credential:
@ -29,9 +22,10 @@ configuration:
s3Url: https://nbg1.your-objectstorage.com
publicUrl: https://nbg1.your-objectstorage.com
checksumAlgorithm: ""
- name: etersoft
provider: aws
plugin: velero/velero-plugin-for-aws:v1.11.0
plugin: velero/velero-plugin-for-aws:v1.11.1
bucket: velero
accessMode: ReadWrite
credential:

6
values/common/databases/postgres16/values.gotmpl Normal file
View File

@ -0,0 +1,6 @@
global:
imageRegistry: {{ .Values.registry }}
imagePullSecrets:
- regcred
security:
allowInsecureImages: true

6
values/common/databases/postgres17/values.gotmpl Normal file
View File

@ -0,0 +1,6 @@
global:
imageRegistry: {{ .Values.registry }}
imagePullSecrets:
- regcred
security:
allowInsecureImages: true

6
values/common/databases/redis/values.gotmpl Normal file
View File

@ -0,0 +1,6 @@
global:
imageRegistry: {{ .Values.registry}}
imagePullSecrets:
- regcred
security:
allowInsecureImages: true

33
values/common/games/minecraft/values.gotmpl Normal file
View File

@ -0,0 +1,33 @@
image:
repository: {{ .Values.registry }}/itzg/minecraft-server
pullSecret: regcred
# ---------------------------------------------
# -- Install Plugins
# ---------------------------------------------
initContainers:
- name: 0-download-mods
image: {{.Values.registry}}/alpine/curl
command:
- curl
- -L
- "https://s3.badhouseplants.net/minecraft-mods/server_mods.tar"
- -o
- /download/server_mods.tar
volumeMounts:
- name: download
mountPath: /download
readOnly: false
- name: 1-copy-plugins-to-minecraft
image: {{ .Values.registry }}/ubuntu
command:
- sh
- -c
- cd /mods && tar -xvf /download/server_mods.tar || true
volumeMounts:
- name: plugins
mountPath: /mods
readOnly: false
- name: download
mountPath: /download
readOnly: false

3
values/common/istio-system/istio-base/values.yaml Normal file
View File

@ -0,0 +1,3 @@
global:
imagePullSecrets:
- regcred

16
values/common/istio-system/istiod/values.gotmpl Normal file
View File

@ -0,0 +1,16 @@
pilot:
resources:
requests:
cpu: 50m
memory: 256Mi
global:
hub: {{ .Values.registry }}/istio
imagePullSecrets:
- regcred
proxy:
resources:
requests:
cpu: 20m
memory: 54Mi
limits:
memory: 54Mi

15
values/common/kube-system/cert-manager/values.gotmpl
View File

@ -3,22 +3,17 @@ global:
imagePullSecrets:
- name: regcred
image:
repository: {{ .Values.registry }}/quay/jetstack/cert-manager-controller
pullPolicy: Always
repository: {{ .Values.registry }}/jetstack/cert-manager-controller
cainjector:
image:
repository: {{ .Values.registry }}/quay/jetstack/cert-manager-cainjector
pullPolicy: Always
repository: {{ .Values.registry }}/jetstack/cert-manager-cainjector
webhook:
image:
repository: {{ .Values.registry }}/quay/jetstack/cert-manager-webhook
pullPolicy: Always
repository: {{ .Values.registry }}/jetstack/cert-manager-webhook
acmesolver:
image:
repository: {{ .Values.registry }}/quay/jetstack/cert-manager-acmesolver
pullPolicy: Always
repository: {{ .Values.registry }}/jetstack/cert-manager-acmesolver
startupapicheck:
image:
repository: {{ .Values.registry }}/quay/jetstack/cert-manager-startupapicheck
pullPolicy: Always
repository: {{ .Values.registry }}/jetstack/cert-manager-startupapicheck
{{- end }}

6
values/common/kube-system/cilium/values.gotmpl
View File

@ -2,15 +2,15 @@
imagePullSecrets:
- name: regcred
image:
repository: {{ .Values.registry }}/quay/cilium/cilium
repository: {{ .Values.registry }}/cilium/cilium
useDigest: false
envoy:
image:
repository: {{ .Values.registry }}/quay/cilium/cilium-envoy
repository: {{ .Values.registry }}/cilium/cilium-envoy
useDigest: false
operator:
image:
repository: {{ .Values.registry }}/quay/cilium/operator
repository: {{ .Values.registry }}/cilium/operator
useDigest: false
hubble:
tls:

2
values/common/kube-system/coredns/values.gotmpl
View File

@ -1,6 +1,6 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
image:
repository: {{ .Values.registry }}/dockerhub/coredns/coredns
repository: {{ .Values.registry }}/coredns/coredns
pullSecrets:
- name: regcred
{{- end }}

17
values/common/kube-system/local-path-provisioner/values.gotmpl Normal file
View File

@ -0,0 +1,17 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
image:
repository: {{ .Values.registry }}/rancher/local-path-provisioner
helperImage:
repository: {{ .Values.registry }}/library/busybox
imagePullSecrets:
- name: regcred
{{- end }}
storageClass:
create: true
defaultClass: true
defaultVolumeType: local
reclaimPolicy: Delete
volumeBindingMode: Immediate

1
values/common/kube-system/metallb-resources/values.gotmpl Normal file
View File

@ -0,0 +1 @@
addresses: "{{ .Values.main_ip }}-{{ .Values.main_ip }}"

8
values/common/kube-system/metallb/values.gotmpl
View File

@ -1,13 +1,15 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
imagePullSecrets:
- name: regcred
controller:
image:
repository: {{ .Values.registry }}/quay/metallb/controller
repository: {{ .Values.registry }}/metallb/controller
speaker:
image:
repository: {{ .Values.registry }}/quay/metallb/speaker
repository: {{ .Values.registry }}/metallb/speaker
frr:
image:
repository: {{ .Values.registry }}/quay/frrouting/frr
repository: {{ .Values.registry }}/frrouting/frr
{{- end }}

11
values/common/kube-system/metallb/values.yaml
View File

@ -3,17 +3,20 @@ controller:
logLevel: warn
strategy:
type: RollingUpdate
securityContext:
runAsNonRoot: true
# nobody
runAsUser: 65534
fsGroup: 65534
resources:
requests:
cpu: 20m
memory: 100Mi
memory: 150Mi
limits:
memory: 100Mi
memory: 150Mi
livenessProbe:
enabled: true
failureThreshold: 3
@ -37,9 +40,9 @@ speaker:
resources:
requests:
cpu: 30m
memory: 300Mi
memory: 350Mi
limits:
memory: 300Mi
memory: 350Mi
livenessProbe:
enabled: true
failureThreshold: 3

2
values/common/kube-system/metrics-server/values.gotmpl
View File

@ -1,5 +1,5 @@
image:
repository: {{ .Values.registry }}/k8s/metrics-server/metrics-server
repository: {{ .Values.registry }}/metrics-server/metrics-server
imagePullSecrets:
- name: regcred
apiService:

6
values/common/kube-system/openebs/values.gotmpl Normal file
View File

@ -0,0 +1,6 @@
global:
imageRegistry: {{ .Values.registry }}
localpv-provisioner:
imagePullSecrets:
- name: regcred

8
values/common/kube-system/traefik/values.gotmpl Normal file
View File

@ -0,0 +1,8 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
deployment:
imagePullSecrets:
- name: regcred
image:
registry: {{ .Values.registry }}/library
{{- end }}

11
values/common/values.traefik.yaml → values/common/kube-system/traefik/values.yaml
View File

@ -1,13 +1,14 @@
globalArguments:
- "--serversTransport.insecureSkipVerify=true"
- "--providers.kubernetesingress.ingressendpoint.publishedservice=kube-system/traefik"
ports:
web:
redirections:
port: websecure
entryPoint:
to: websecure
scheme: https
permanent: true
deployment:
replicas: 2
imagePullSecrets:
- name: regcred
image:
registry: registry.badhouseplants.net/dockerhub/library

7
values/common/kyverno/kyverno/values.gotmpl Normal file
View File

@ -0,0 +1,7 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
global:
image:
registry: {{ .Values.registry }}
imagePullSecrets:
- name: regcred
{{- end }}

12
values/common/platform/authentik/values.gotmpl Normal file
View File

@ -0,0 +1,12 @@
global:
image:
repository: {{ .Values.registry }}/goauthentik/server
imagePullSecrets:
- name: regcred
redis:
global:
imageRegistry: {{ .Values.registry}}
imagePullSecrets:
- regcred
security:
allowInsecureImages: true

Some files were not shown because too many files have changed in this diff Show More