badhouseplants/k8s-deployment
4
0
Fork 0
Code Issues 3 Pull Requests 11 Actions Packages Projects Releases Activity

Compare commits

base: badhouseplants:main
Branches Tags
badhouseplants:main
badhouseplants:renovate/vaultwarden-3.x
badhouseplants:renovate/kube-prometheus-stack-69.x
badhouseplants:renovate/stalwart-0.x
badhouseplants:renovate/helm-library-0.x
badhouseplants:renovate/postgresql-16.x
badhouseplants:renovate/renovate-39.x
badhouseplants:renovate/redis-20.x
badhouseplants:renovate/longhorn-1.x
badhouseplants:renovate/rook-ceph-cluster-1.x
badhouseplants:renovate/rook-ceph-1.x
badhouseplants:add-ci
badhouseplants:refactor-again
badhouseplants:stale-teleport-installation
badhouseplants:script-fox-xray
badhouseplants:before-single-node
..
compare: badhouseplants:add-ci
Branches Tags
badhouseplants:renovate/vaultwarden-3.x
badhouseplants:renovate/kube-prometheus-stack-69.x
badhouseplants:renovate/stalwart-0.x
badhouseplants:renovate/helm-library-0.x
badhouseplants:renovate/postgresql-16.x
badhouseplants:renovate/renovate-39.x
badhouseplants:main
badhouseplants:renovate/redis-20.x
badhouseplants:renovate/longhorn-1.x
badhouseplants:renovate/rook-ceph-cluster-1.x
badhouseplants:renovate/rook-ceph-1.x
badhouseplants:add-ci
badhouseplants:refactor-again
badhouseplants:stale-teleport-installation
badhouseplants:script-fox-xray
badhouseplants:before-single-node

4 Commits
main ... add-ci

Author SHA1 Message Date
Nikolai Rodionov
4251f028f7
test
All checks were successful
ci/woodpecker/push/helmfile Pipeline was successful
Details
2024-12-16 15:56:25 +01:00
Nikolai Rodionov
5407850771
test 2024-12-16 15:56:25 +01:00
Nikolai Rodionov
8955ff847a
Enable concurrency 2024-12-16 15:56:25 +01:00
Nikolai Rodionov
57280e9ad7
WIP: Start adding CI/CD 2024-12-16 15:56:24 +01:00
67 changed files with 557 additions and 1438 deletions
Show Stats Expand all files Collapse all files

8
.pre-commit-config.yaml
View File

@ -11,10 +11,10 @@ repos:
(?x)^(
.*secrets.*yaml
)$
# - repo: https://github.com/codespell-project/codespell
# rev: v2.2.4
# hooks:
# - id: codespell
- repo: https://github.com/codespell-project/codespell
rev: v2.2.4
hooks:
- id: codespell
- repo: local
hooks:
- id: check-sops-secrets

41
.woodpecker/helmfile.yaml Normal file
View File

@ -0,0 +1,41 @@
when:
event:
- push
matrix:
include:
- NAME: badhouseplants
ENV: badhouseplants
.opts: &opts
secrets:
- sops_age_key
image: ghcr.io/helmfile/helmfile:latest
backend_options:
kubernetes:
serviceAccountName: woodpecker-ci
#resources:
# requests:
# memory: 1200Mi
# cpu: 2
# limits:
# memory: 1200Mi
# cpu: 2
steps:
diff:
!!merge <<: *opts
when:
- branch:
exclude:
- main
commands:
- sed -i "/\b\(kubeContext\)\b/d" common/environments.yaml
- helmfile -e "${ENV}" diff --concurrency 1 > ./diff
- cat ./diff
diff:
!!merge <<: *opts
when:
- branch:
include:
- main
commands:
- sed -i "/\b\(kubeContext\)\b/d" common/environments.yaml
- helmfile -e "${ENV}" apply

4
common/environments.yaml
View File

@ -11,7 +11,7 @@ environments:
- backups:
enabled: false
- localpath:
enabled: false
enabled: true
- openebs:
enabled: true
- postgres17:
@ -21,7 +21,7 @@ environments:
- redis:
enabled: true
- istio:
enabled: true
enabled: false
etersoft:
kubeContext: etersoft
values:

6
common/templates.yaml
View File

@ -37,12 +37,6 @@ templates:
default-env-secrets:
secrets:
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/secrets.{{ `{{ .Release.Name }}` }}.yaml'
env-values:
values:
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
env-secrets:
secrets:
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/secrets.yaml'
# ----------------------------
# -- Extensions
# ----------------------------

91
installations/applications/helmfile-badhouseplants.yaml
View File

@ -1,21 +1,42 @@
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
repositories:
- name: softplayer-oci
url: zot.badhouseplants.net/softplayer/helm
oci: true
- name: allanger-oci
url: zot.badhouseplants.net/allanger/helm
oci: true
- name: requarks
url: https://charts.js.wiki
- name: ananace-charts
url: https://ananace.gitlab.io/charts
- name: gitea
url: https://dl.gitea.io/charts/
- name: mailu
url: https://mailu.github.io/helm-charts/
- name: bedag
url: https://bedag.github.io/helm-charts/
- name: bitnami
url: https://charts.bitnami.com/bitnami
- name: allangers-charts
url: ghcr.io/allanger/allangers-charts
oci: true
- name: robjuz
url: https://robjuz.github.io/helm-charts/
- name: badhouseplants-helm
url: git+https://gitea.badhouseplants.net/badhouseplants/badhouseplants-helm@charts?ref=main
- name: bedag
url: https://bedag.github.io/helm-charts/
- name: open-strike
url: git+https://gitea.badhouseplants.net/badhouseplants/open-strike-2.git@helm?ref=main
releases:
- name: funkwhale
chart: ananace-charts/funkwhale
namespace: applications
installed: false
version: 2.0.5
inherit:
- template: default-env-values
- template: default-env-secrets
- template: ext-database
- name: gitea
chart: gitea/gitea
version: 10.6.0
@ -25,7 +46,6 @@ releases:
- template: default-env-secrets
- template: ext-database
- template: ext-tcp-routes
- name: openvpn
chart: allangers-charts/openvpn
version: 0.0.2
@ -33,7 +53,6 @@ releases:
inherit:
- template: default-env-values
- template: ext-tcp-routes
- name: vaultwarden
chart: allangers-charts/vaultwarden
version: 2.3.0
@ -42,24 +61,6 @@ releases:
- template: default-env-values
- template: default-env-secrets
- template: ext-database
- name: app-vaultwarden
chart: allangers-charts/vaultwarden
version: 3.0.0
namespace: org-badhouseplants
inherit:
- template: env-values
- template: env-secrets
#- name: vaultwarden
# chart: allangers-charts/vaultwarden
# version: 2.3.0
# namespace: applications
# inherit:
# - template: default-env-values
# - template: default-env-secrets
# - template: ext-database
- name: stalwart
chart: allangers-charts/stalwart
version: 0.4.0
@ -68,16 +69,6 @@ releases:
- template: default-env-values
- template: default-env-secrets
- template: ext-tcp-routes
- name: stalwart
chart: allangers-charts/stalwart
version: 0.4.0
namespace: org-badhouseplants
inherit:
- template: default-env-values
- template: default-env-secrets
- template: ext-tcp-routes
- name: navidrome
chart: allangers-charts/navidrome
namespace: applications
@ -85,7 +76,6 @@ releases:
inherit:
- template: default-env-values
- template: ext-traefik-middleware
- name: navidrome-private
chart: allangers-charts/navidrome
namespace: applications
@ -93,36 +83,45 @@ releases:
inherit:
- template: default-env-values
- template: default-env-secrets
- name: server-xray-public
chart: allangers-charts/server-xray
namespace: public-xray
version: 0.5.0
version: 0.4.0
inherit:
- template: default-env-secrets
- template: default-env-values
- template: ext-tcp-routes
- template: ext-cilium
- template: ext-certificate
- name: server-xray-public-edge
chart: allangers-charts/server-xray
installed: true
namespace: public-xray
version: 0.5.0
version: 0.4.0
inherit:
- template: default-env-secrets
- template: default-env-values
- template: ext-tcp-routes
- template: ext-cilium
- template: ext-certificate
- name: vaultwardentest
chart: allangers-charts/vaultwarden
version: 2.4.0
namespace: applications
installed: false
inherit:
- template: default-env-values
- template: default-env-secrets
- template: ext-database
- name: memos
chart: allangers-charts/memos
- name: tandoor-recipes
chart: allangers-charts/tandoor-recipes
installed: false
version: 0.1.0
namespace: applications
inherit:
- template: default-env-values
- template: default-env-secrets
- template: ext-database
- name: badhouseplants-net
@ -133,9 +132,3 @@ releases:
keel.sh/policy: force
keel.sh/trigger: poll
keel.sh/initContainers: 'true'
- name: app-open-strike-2
chart: open-strike/open-strike-2
namespace: org-badhouseplants
inherit:
- template: env-values

26
installations/applications/helmfile-etersoft.yaml
View File

@ -8,8 +8,6 @@ repositories:
- name: gabe565
url: ghcr.io/gabe565/charts
oci: true
- name: xray-docs
url: git+https://gitea.badhouseplants.net/badhouseplants/xray-docs.git@helm?ref=main
releases:
- name: openvpn
chart: allangers-charts/openvpn
@ -34,6 +32,12 @@ releases:
- template: default-env-values
- template: default-env-secrets
- template: ext-database
- name: tf-ocloud
chart: ../../charts/tf-ocloud
namespace: pipelines
installed: false
inherit:
- template: default-env-secrets
- name: nrodionov
chart: bitnami/wordpress
@ -43,26 +47,14 @@ releases:
inherit:
- template: default-env-values
- template: default-env-secrets
- name: external-service-xray
chart: ../../kustomizations/external-service-xray
- name: server-xray-public-bridge
chart: allangers-charts/server-xray
installed: true
namespace: public-xray
- name: server-xray-public
chart: allangers-charts/server-xray
namespace: public-xray
version: 0.5.0
version: 0.4.0
inherit:
- template: default-env-secrets
- template: default-env-values
- template: ext-tcp-routes
- template: ext-cilium
- template: ext-certificate
- name: xray-docs
chart: xray-docs/xray-docs
installed: true
namespace: public-xray
inherit:
- template: default-env-values

2
installations/applications/helmfile-xray-1.yaml
View File

@ -9,7 +9,7 @@ releases:
- name: server-xray-public
chart: allangers-charts/server-xray
namespace: public-xray
version: 0.5.0
version: 0.4.0
inherit:
- template: default-env-secrets
- template: default-env-values

2
installations/applications/helmfile-xray-2.yaml
View File

@ -9,7 +9,7 @@ releases:
- name: server-xray-public
chart: allangers-charts/server-xray
namespace: public-xray
version: 0.5.0
version: 0.4.0
inherit:
- template: default-env-secrets
- template: default-env-values

4
installations/databases/helmfile.yaml
View File

@ -12,7 +12,7 @@ releases:
chart: bitnami/redis
namespace: databases
condition: redis.enabled
version: 20.6.2
version: 20.4.0
inherit:
- template: default-env-values
- template: default-env-secrets
@ -32,7 +32,7 @@ releases:
namespace: databases
chart: bitnami/postgresql
condition: postgres17.enabled
version: 16.3.4
version: 16.0.6
inherit:
- template: default-env-values
- template: default-env-secrets

2
installations/games/helmfile.yaml
View File

@ -13,7 +13,7 @@ releases:
- name: minecraft
chart: minecraft/minecraft
namespace: games
version: 4.23.7
version: 4.23.6
inherit:
- template: ext-tcp-routes
- template: default-env-values

6
installations/monitoring/helmfile.yaml
View File

@ -12,7 +12,7 @@ releases:
- name: prometheus
chart: prometheus-community/kube-prometheus-stack
namespace: observability
version: 68.5.0
version: 66.3.1
inherit:
- template: default-env-values
- template: default-env-secrets
@ -20,7 +20,7 @@ releases:
- name: grafana
chart: grafana/grafana
namespace: observability
version: 8.9.0
version: 8.6.4
installed: true
inherit:
- template: default-env-values
@ -28,7 +28,7 @@ releases:
- name: loki
chart: grafana/loki
namespace: observability
version: 6.25.1
version: 6.23.0
inherit:
- template: default-env-values
- template: ext-secret

6
installations/pipelines/helmfile.yaml
View File

@ -12,7 +12,7 @@ releases:
- name: woodpecker-ci
chart: woodpecker/woodpecker
namespace: pipelines
version: 3.0.1
version: 2.0.2
inherit:
- template: ext-database
- template: default-env-values
@ -20,14 +20,14 @@ releases:
- name: renovate-gitea
chart: renovate/renovate
namespace: pipelines
version: 39.164.0
version: 39.57.4
inherit:
- template: default-env-values
- template: default-env-secrets
- name: renovate-github
chart: renovate/renovate
namespace: pipelines
version: 39.164.0
version: 39.57.4
inherit:
- template: default-env-values
- template: default-env-secrets

31
installations/platform/helmfile.yaml
View File

@ -23,14 +23,12 @@ repositories:
url: https://kubernetes-sigs.github.io/external-dns/
- name: keel
url: https://keel-hq.github.io/keel/
- name: uptime-kuma
url: https://helm.irsigler.cloud
releases:
- name: db-operator
namespace: platform
chart: db-operator/db-operator
version: 1.32.0
version: 1.30.0
- name: db-instances
chart: db-operator/db-instances
@ -44,7 +42,7 @@ releases:
- name: zot
chart: zot/zot
version: 0.1.66
version: 0.1.65
createNamespace: false
installed: true
namespace: platform
@ -55,7 +53,7 @@ releases:
- name: authentik
chart: goauthentik/authentik
version: 2024.12.3
version: 2024.10.5
namespace: platform
createNamespace: false
condition: workload.enabled
@ -68,7 +66,7 @@ releases:
- name: minio
chart: minio-standalone/minio
version: 5.4.0
version: 5.3.0
namespace: platform
inherit:
- template: default-env-values
@ -77,22 +75,25 @@ releases:
- name: kyverno
chart: kyverno/kyverno
namespace: kyverno
condition: workload.enabled
labels:
bootstrap: true
version: 3.3.6
version: 3.3.3
- name: kyverno-policies
chart: kyverno/kyverno-policies
namespace: kyverno
condition: workload.enabled
labels:
bootstrap: true
version: 3.3.4
version: 3.3.2
needs:
- kyverno/kyverno
- name: custom-kyverno-policies
chart: "../../kustomizations/kyverno/{{ .Environment.Name }}"
chart: ../../kustomizations/kyverno/
namespace: kyverno
condition: workload.enabled
labels:
bootstrap: true
needs:
@ -100,7 +101,7 @@ releases:
- name: external-dns
chart: external-dns/external-dns
version: 1.15.1
version: 1.15.0
namespace: platform
inherit:
- template: default-env-values
@ -108,12 +109,6 @@ releases:
- name: keel
chart: keel/keel
version: v1.0.5
version: 1.0.4
namespace: platform
- name: uptime-kuma
chart: uptime-kuma/uptime-kuma
version: 2.21.2
namespace: platform
inherit:
- template: default-env-values
condition: workload.enabled

15
installations/system/helmfile.yaml
View File

@ -45,14 +45,14 @@ releases:
- name: coredns
chart: coredns/coredns
version: 1.39.0
version: 1.37.0
namespace: kube-system
inherit:
- template: default-common-values
- name: cilium
chart: cilium/cilium
version: 1.17.0
version: 1.16.4
condition: base.enabled
namespace: kube-system
needs:
@ -62,7 +62,7 @@ releases:
- name: cert-manager
chart: jetstack/cert-manager
version: v1.17.0
version: v1.16.2
namespace: kube-system
condition: base.enabled
missingFileHandler: Warn
@ -96,7 +96,7 @@ releases:
chart: metallb/metallb
namespace: kube-system
condition: base.enabled
version: 0.14.9
version: 0.14.8
needs:
- kube-system/cilium
inherit:
@ -115,7 +115,7 @@ releases:
- name: traefik
chart: traefik/traefik
version: 34.3.0
version: 33.1.0
condition: base.enabled
namespace: kube-system
needs:
@ -127,7 +127,7 @@ releases:
- name: velero
chart: vmware-tanzu/velero
namespace: velero
version: 8.3.0
version: 8.1.0
condition: velero.enabled
needs:
- kube-system/cilium
@ -140,7 +140,7 @@ releases:
chart: openebs/openebs
condition: openebs.enabled
namespace: kube-system
version: 4.1.3
version: 4.1.1
needs:
- kube-system/cilium
inherit:
@ -166,7 +166,6 @@ releases:
- name: istio-ingressgateway
chart: istio/gateway
condition: istio.enabled
installed: false
namespace: istio-system
needs:
- istio-system/istio-base

23
kustomizations/external-service-xray/service.yaml
View File

@ -1,23 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: xray-external-proxy
spec:
externalName: xray-public.badhouseplants.net
sessionAffinity: None
type: ExternalName
---
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: xray-external-proxy
spec:
entryPoints:
- xray-public
routes:
- match: HostSNI(`*`)
services:
- name: xray-external-proxy
nativeLB: true
port: 27015

20
kustomizations/kyverno/etersoft/pvc-patch.yaml
View File

@ -1,20 +0,0 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: replace-storage-class-by-openebs
spec:
rules:
- name: replace-storage-class
match:
any:
- resources:
kinds:
- PersistentVolumeClaim
namespaces:
- application
- platform
mutate:
patchStrategicMerge:
metadata:
annotations:
volume.kubernetes.io/selected-node: yekaterinburg

0
kustomizations/kyverno/badhouseplants/pvc-patch.yaml → kustomizations/kyverno/pvc-patch.yaml
View File

8
manifests/peerauth.yaml
View File

@ -1,8 +0,0 @@
apiVersion: security.istio.io/v1
kind: PeerAuthentication
metadata:
name: default
namespace: public-xray
spec:
mtls:
mode: STRICT

49
scripts/get_kubeconfig_from_sa.sh Executable file
View File

@ -0,0 +1,49 @@
#!/usr/bin/env bash
# you need to have kubectl on PATH with the context set to the cluster you want to create the config for
# Cosmetics for the created config
clusterName="${CLUSTER_NAME}"
# your server address goes here get it via `kubectl cluster-info`
server="${CLUSTER_URL}"
# the Namespace and ServiceAccount name that is used for the config
export namespace='pipelines'
export serviceAccount='woodpecker-ci'
# The following automation does not work from Kubernetes 1.24 and up.
# You might need to
# define a Secret, reference the ServiceAccount there and set the secretName by hand!
# See https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#manually-create-a-long-lived-api-token-for-a-serviceaccount for details
secretName=$(kubectl --namespace="$namespace" get serviceAccount "$serviceAccount" -o=jsonpath='{.secrets[0].name}')
######################
# actual script starts
set -o errexit
ca=$(kubectl --namespace="$namespace" get secret/"$secretName" -o=jsonpath='{.data.ca\.crt}')
token=$(kubectl --namespace="$namespace" get secret/"$secretName" -o=jsonpath='{.data.token}' | base64 --decode)
echo "
---
apiVersion: v1
kind: Config
clusters:
- name: ${clusterName}
cluster:
certificate-authority-data: ${ca}
server: ${server}
contexts:
- name: ${serviceAccount}@${clusterName}
context:
cluster: ${clusterName}
namespace: ${namespace}
user: ${serviceAccount}
users:
- name: ${serviceAccount}
user:
token: ${token}
current-context: ${serviceAccount}@${clusterName}
"

15
values/badhouseplants/org-badhouseplants/app-linkstack/values.yaml
View File

@ -1,15 +0,0 @@
shortcuts:
hostname: links.badhouseplants.net
adminEmail: allanger@badhouseplants.net
ingress:
main:
class: traefik
metadata:
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01

20
values/badhouseplants/org-badhouseplants/app-open-strike-2/values.yaml
View File

@ -1,20 +0,0 @@
deployAnnotations:
keel.sh/policy: force
keel.sh/trigger: poll
keel.sh/initContainers: 'true'
extra:
templates:
- |-
apiVersion: traefik.io/v1alpha1
kind: IngressRouteUDP
metadata:
name: "{{ .Release.Name }}-game"
spec:
entryPoints:
- game-udp
routes:
- services:
- name: app-open-strike-2-main
nativeLB: true
port: 27015

31
values/badhouseplants/org-badhouseplants/app-vaultwarden/secrets.yaml
View File

@ -1,31 +0,0 @@
config:
env:
secrets:
enabled: ENC[AES256_GCM,data:hwTU7Q==,iv:1/GEM3RSfu11iQVA5uEm/PoZm3Vr6CZ1w7Qc4edUqgc=,tag:gAUwZ4IekLiyyPZoM8FlLQ==,type:bool]
sensitive: ENC[AES256_GCM,data:tbFk/g==,iv:FaKXMZxlcdGB3YI5+RC9LZR7S9FNZ87yPrJZsDJlhqw=,tag:+V77+cV4fRLTzi75o5OYQg==,type:bool]
data:
SMTP_USERNAME: ENC[AES256_GCM,data:Bq10,iv:h17Bam1uR/dhz9um0ixzVPKHlqY5GtU6V2+CjTPvuaw=,tag:x+WCQVTySTyHAkoooZg2NA==,type:str]
ADMIN_PASSWORD: ENC[AES256_GCM,data:eeJY2z6+Is3+PtZsRC6oyrJ9ArPMBpa2VQ==,iv:hHf/6AYUT3wHbKHPd3dfiTbmoaWr5OSnnRC68/15A90=,tag:qEQyvC+MiAdy3GcpYBIWFQ==,type:str]
ADMIN_TOKEN: ENC[AES256_GCM,data:pMh4vnJ6t80okBE5ywe+8LBSb5U9owebWuavCYPwqQ7bpB7qNfYijTbWS0afZGag4wEeTe4t49dNeFTEZ0ztrfm4yXyKcLFCV1E=,iv:RmV55yv8ytW/LvuuK9IPTsKPPdgiIdKX5PnkF5YCKBc=,tag:uRsiwnhYm/1lRfhDjDKqJA==,type:str]
DATABASE_URL: null
SMTP_PASSWORD: ENC[AES256_GCM,data:xx56/9ha07j5fcwDBuzOuFiS6PG1JHE7rQ==,iv:bT47zy9xk5eNz/CCRV5WEy0PAiFsBBxUxkZTCRASfE0=,tag:h3V9peXifp9lT/84TzWKLw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoaG8vRkM1cll5VDlUVW5v
WVA0SjdaOWkrTVoydERvcmFjN3ppTjFQdEZvClZENVpYWXMwTVoyOXFYL0xSRGFw
NnZDWUM1MGNla3daMU42dEptZzkrWUEKLS0tIG0reXRYMmpuOVZWbXJTbXYyaWJK
TE1rZDJ0QmY4VXJSZXoxMTRkNFgrZncK2AL7+jWWeEiV4ERoaCN9M4H1qlzz9i+F
23w3rtioCm2hJcBCnswU8Bs7OsBZqC8++35V1U54WktynWnPUcjcrw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-29T11:38:09Z"
mac: ENC[AES256_GCM,data:d9902N6sfF3aMokh9rZemL97i2hkwoPdAaJOoy/xFvFyDa2pxKuhwGJH4QU6JRnoqtay1HtnHsDXLggdxHgmUbUtNReVQdPbJhSHRhlDsuAM2ed+GCnecFQE9ggpRnwDn1wjemBqpn40uo9ka4XyMtuLJ9uaHqXRuFR+8y8oW18=,iv:EspFcGUXPgtgXzEWB1fE5O3ig0JJBIca+b6LLb9wJ0s=,tag:6UexlW0uVZUUG/zleiXnZQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

63
values/badhouseplants/org-badhouseplants/app-vaultwarden/values.yaml
View File

@ -1,63 +0,0 @@
shortcuts:
hostname: vaultwarden.badhouseplants.net
base:
workload:
kind: Deployment
strategy:
type: RollingUpdate
containers:
vaultwarden:
envFrom:
raw:
- secretRef:
name: app-vaultwarden-db-creds-17
ingress:
main:
class: traefik
metadata:
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
config:
env:
main:
enabled: true
sensitive: false
data:
SMTP_HOST: stalwart.badhouseplants.net
SMTP_SECURITY: "starttls"
SMTP_PORT: 587
SMTP_FROM: bot@badhouseplants.net
SMTP_FROM_NAME: Vault Warden
SMTP_AUTH_MECHANISM: "Plain"
SMTP_ACCEPT_INVALID_HOSTNAMES: "false"
SMTP_ACCEPT_INVALID_CERTS: "false"
SMTP_DEBUG: false
DOMAIN: "{{ .Values.shortcuts.hostname }}"
LOG_FILE: /app/logs/log.txt
extra:
templates:
- |-
apiVersion: kinda.rocks/v1beta1
kind: Database
metadata:
name: "{{ .Release.Name }}-postgres17"
spec:
secretName: "{{ .Release.Name }}-db-creds-17"
instance: postgres17
deletionProtected: true
backup:
enable: false
cron: 0 0 * * *
credentials:
templates:
- name: DATABASE_URL
template: "{{ `{{ .Protocol }}://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}` }}"
secret: true

24
values/badhouseplants/org-badhouseplants/stalwart/secrets.yaml
View File

@ -1,24 +0,0 @@
env:
secrets:
data:
SW_ADMIN_SECRET: ENC[AES256_GCM,data:EzZUkRCBk1iIZuRQYmue6L/sUwqm96qVJ8nQs4ty2QwHGotrjifW8oWfxoE76WsgYYw=,iv:HQVcN7PTy7bN/pkjex/QxWNQhK2aPdWIiky2UJSKo3o=,tag:5Dt7yazdrcqGb73bK9Isgw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMSUVFaU5uMnFJaFJTTXdO
T1FyM3RxTHdSWDJNZ21wN2dmU0g5OUIwSzN3Ck1KZXltR1pjbUMrbEhkaWtwQ0RW
NXlwckU2TlVTbTFzekJnWDg1WWR3bncKLS0tIFU1MHlkNzYxNEI3bkhqTmR0UFRV
dmpFS1B3S0h0K1BEa0RSUVBlYXZQUE0KjELkNpkCbGf7+ASkfTXpcu14VzBqlSaQ
hJwXowb60BjEDJvofQs93K1Rw+dtrqA6HGphcki5wzVF8T1VEFTCqg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-29T09:50:18Z"
mac: ENC[AES256_GCM,data:1iNJf9Li4yAyJtrPW4qZ8nNTFZQhxOK4Q2QU3Fg3IvBr8b9KyyyXAuZaA4iY2TYSWMtwN6Re7Fdkw7ZZb20dYMIMqAGOZvb9U11OY2/CIr+/dm2hVpsHv8E7Oe3hRQCLMvWbu9X6q/G4/y5i5ITq6TNME1+NAkRYgfX26/mL9Ws=,iv:I6e2GnN1b9CwuRhkxJq41ZR2zMUnitqYCRIiO1Rdi3M=,tag:2ObuHNCvYuhCdP+Cm20pAw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

218
values/badhouseplants/org-badhouseplants/stalwart/values.yaml
View File

@ -1,218 +0,0 @@
shortcuts:
hostname: stalwart.badhouseplants.net
workload:
strategy:
type: Recreate
initContainers:
prepare-config:
image:
registry: registry.hub.docker.com
repository: stalwartlabs/mail-server
tag:
pullPolicy: Always
mounts:
files:
config:
path: /app/config/config.toml
subPath: config.toml
extraVolumes:
etc:
path: /app/etc
command:
- sh
args:
- -c
- cp /app/config/config.toml /app/etc/config.toml
containers:
stalwart:
args:
- --config
- /app/etc/config.toml
mounts:
storage:
data:
path: /app/data
extraVolumes:
certs:
path: /app/certs
logs:
path: /app/logs
etc:
path: /app/etc
envFrom:
- secrets
storage:
data:
enabled: true
storageClassName: openebs-hostpath
size: 1Gi
accessModes:
- ReadWriteOnce
extraVolumes:
certs:
secret:
secretName: stalwart.badhouseplants.net
etc:
emptyDir: {}
logs:
emptyDir: {}
ingress:
main:
annotations:
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.class: traefik
kubernetes.io/ingress.global-static-ip-name: ""
kubernetes.io/tls-acme: "true"
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
traefik:
enabled: true
tcpRoutes:
- name: stalwart-smtp
service: stalwart-smtp
match: HostSNI(`*`)
entrypoint: smtp
port: 25
proxyProtocolVersion: 2
- name: stalwart-smpt-startls
match: HostSNI(`*`)
service: stalwart-submission
entrypoint: smtp-startls
port: 587
proxyProtocolVersion: 2
- name: stalwart-imap
match: HostSNI(`*`)
service: stalwart-imap
entrypoint: imap
port: 143
proxyProtocolVersion: 2
- name: stalwart-imaps
match: HostSNI(`*`)
service: stalwart-imaptls
entrypoint: imaps
port: 993
proxyProtocolVersion: 2
- name: stalwart-pop3
match: HostSNI(`*`)
service: stalwart-pop3
entrypoint: pop3
proxyProtocolVersion: 2
port: 110
- name: stalwart-pop3s
match: HostSNI(`*`)
service: stalwart-pop3s
entrypoint: pop3s
port: 995
proxyProtocolVersion: 2
files:
config:
enabled: true
sensitive: false
remove: []
entries:
# Ref: https://github.com/stalwartlabs/mail-server/blob/main/resources/config/config.toml
config.toml:
data: |
[lookup.default]
hostname = "stalwart.badhouseplants.net"
[server.listener."smtp"]
bind = ["[::]:25"]
protocol = "smtp"
proxy.override = true
proxy.trusted-networks.0 = "192.168.0.0/16"
[server.listener."submission"]
bind = ["[::]:587"]
protocol = "smtp"
proxy.override = true
proxy.trusted-networks.0 = "192.168.0.0/16"
[server.listener."submissions"]
bind = ["[::]:465"]
protocol = "smtp"
tls.implicit = true
proxy.override = true
proxy.trusted-networks.0 = "192.168.0.0/16"
[server.listener."imap"]
bind = ["[::]:143"]
protocol = "imap"
proxy.override = true
proxy.trusted-networks.0 = "192.168.0.0/16"
[server.listener."imaptls"]
bind = ["[::]:993"]
protocol = "imap"
tls.implicit = true
proxy.override = true
proxy.trusted-networks.0 = "192.168.0.0/16"
[server.listener.pop3]
bind = "[::]:110"
protocol = "pop3"
proxy.override = true
proxy.trusted-networks.0 = "192.168.0.0/16"
[server.listener.pop3s]
bind = "[::]:995"
protocol = "pop3"
tls.implicit = true
proxy.override = true
proxy.trusted-networks.0 = "192.168.0.0/16"
[server.listener."sieve"]
bind = ["[::]:4190"]
protocol = "managesieve"
proxy.override = true
proxy.trusted-networks.0 = "192.168.0.0/16"
[server.listener."https"]
protocol = "https"
bind = ["[::]:443"]
tls.implicit = false
[server.listener."http"]
bind = "[::]:8080"
protocol = "http"
hsts = true
[storage]
data = "rocksdb"
fts = "rocksdb"
blob = "rocksdb"
lookup = "rocksdb"
directory = "internal"
[store."rocksdb"]
type = "rocksdb"
path = "/app/data"
compression = "lz4"
[directory."internal"]
type = "internal"
store = "rocksdb"
[tracer."stdout"]
type = "stdout"
level = "info"
ansi = false
enable = true
[authentication.fallback-admin]
user = "overlord"
secret = "%{env:SW_ADMIN_SECRET}%"
[tracer.console]
type = "console"
level = "info"
ansi = true
enable = true
[certificate."default"]
cert = "%{file:/app/certs/tls.crt}%"
private-key = "%{file:/app/certs/tls.key}%"
env:
secrets:
enabled: true
sensitive: true

65
values/badhouseplants/secrets.minio.yaml
View File

@ -1,33 +1,30 @@
rootPassword: ENC[AES256_GCM,data:sJGSChjXcFdQLw3y6SHcCGAlnGk=,iv:vaiYnGKy3me55xu02nMfk74ee23fbFu2YwRA1gal6ig=,tag:HwxHK4RVxyYuLgwjqHdsJQ==,type:str]
rootPassword: ENC[AES256_GCM,data:X4PQGfbMObmHkD7Qk1AGlnMK748=,iv:+obQfzC6F7cBNY1d6WpMPAMRZgfO9XXc8jFPZ36ShLs=,tag:79EvpFwM+vqqhBazwejXHw==,type:str]
users:
- accessKey: ENC[AES256_GCM,data:cv2x9ZOcgDQ=,iv:lnotFIWXhfIzUB1ELZ7Wg5eWpFPLe8Yy9sOgIwGgy7o=,tag:jZ34pMSPHdwLqvGQSCFaBg==,type:str]
secretKey: ENC[AES256_GCM,data:5jnXunyWDFlMhbTKvcl9aVxUgg==,iv:0M4oTh7xsHlaMIIeY0oKZnL0eBuLLC6GwHbadKQ4hKo=,tag:R3Ol1JTv8bCx2vC0L6r/1g==,type:str]
policy: ENC[AES256_GCM,data:AcLMNdGxifg=,iv:FztbxQiFUY0ePW8b0oObzI4JcLTgsxO5OEUDk9UM/rA=,tag:EBO/UYMl9f6oLPY3WJa54Q==,type:str]
- accessKey: ENC[AES256_GCM,data:6D3o,iv:e6jnfVOkPdDmCg0v5alDuonepiI/+uoRthE+ftYiH1M=,tag:LNZe6/iYsvBu50Ko1MjG5g==,type:str]
secretKey: ENC[AES256_GCM,data:C9ID123+9FdAOT3HDoSDVyJPDmscebPhiA==,iv:JB2A2/UkD5CjG8FmxeHVTJTnrfOO+X1mqdwq1XN27wg=,tag:HHOWRWFZgn25ee33JR/X1w==,type:str]
policy: ENC[AES256_GCM,data:Z5RW,iv:Plr4yqz5/BqGNg3BS8Tuh8ogH7I8lG3HRVT79obBipI=,tag:XudAwmcQIyUCBk+gz4oI3A==,type:str]
- accessKey: ENC[AES256_GCM,data:OCq2b0+8qR7z,iv:E8urI+iZuVjY8s4azAyPGqLchq5AYhzWOxPb6FamQKg=,tag:UCdntq8CwZESAFkYPPuszw==,type:str]
secretKey: ENC[AES256_GCM,data:s9+00AeOVth550s71oGdRyKEX3Y=,iv:VVEP4UEmMOexVTCSEFUgYYldy/H3eC8ZC6ix9pFhjH4=,tag:cCyLKkkf8GQJM0bR7pBQPg==,type:str]
policy: ENC[AES256_GCM,data:JyMlqYaTbbEA,iv:3R2tPzimIRFrFbUHWVc2+ZzcAyL/hVTvrrdHA8GGR7g=,tag:kKReqB7g/MQ5XDUFdgFQUQ==,type:str]
- accessKey: ENC[AES256_GCM,data:E24PEOI=,iv:Y/Mv2+v/njmtgIoH58HdRBsZ/zY5EbjL4ivyOmNz2Dw=,tag:R/M2xUvEyRcsb72kUjqhcg==,type:str]
secretKey: ENC[AES256_GCM,data:HMtrVFMGTMbM0iB3XBycWiRV6Xo01xcOsA==,iv:ArLTABNf/hPlx7F/+TeU80SUHB/zHAWRPw2KSAVyeWs=,tag:BfS/+2YJKj2pOc7IvIanLg==,type:str]
policy: ENC[AES256_GCM,data:fp9kBiA=,iv:gIQ0Rag6WxAc5vE8SqtgdUUWg2bm+LNdthrWJ39+WcI=,tag:rXsrF8Vl/ziP5hwyCQwufA==,type:str]
- accessKey: ENC[AES256_GCM,data:s28I8iqDqiv3,iv:QlywXCiFPLltb8PBebAlmXI1AL9nZeW675FslV5WdNc=,tag:PJuZ3ZwElC1jUZtAQ8Gotg==,type:str]
secretKey: ENC[AES256_GCM,data:HLRPdu3o/Th02ReYHAfG9Y3A1Hc3U7FBJw==,iv:JLYBpYOm1Q3ris2cuCO8jWpviujLBXAj7sjIBVJLhK8=,tag:vRRX8Hk5KSKw5wPmrs2HUw==,type:str]
policy: ENC[AES256_GCM,data:fqE3hImxx7QY,iv:0ld3h1yFeaxW8GOoM/PIlAX2Ew2N8323POTxKYCzlcI=,tag:S7LAxvxMaB17lEy+U5WkZQ==,type:str]
- accessKey: ENC[AES256_GCM,data:GE6aFDONIgA=,iv:wIegWijhuJlsrVazFnIjns88j4MFMz361nDH9Cf6J6k=,tag:MiuPQNc3A/bUI9A2lXhgPw==,type:str]
secretKey: ENC[AES256_GCM,data:dWt9DXB4mY+CIjNkdB3x0X2h,iv:KadnV3zXxLc2EHf0vPuwM5pRGuBySjgSFDZitvMGKbI=,tag:S0rMIsjY2ZGTVRVtCcDSYQ==,type:str]
policy: ENC[AES256_GCM,data:v2+9cOzKtPk=,iv:QVpl9CQwQtXigEen44BehN6aWdr+wTYsrK6THti/6Sw=,tag:0nffXvx+pLnXC4Thzk1GBw==,type:str]
- accessKey: ENC[AES256_GCM,data:nhagvffOzcI=,iv:HvLmKNCLapLpzpWt/xBRmAWhf73SnDA5qqbmOTxZi/0=,tag:dzBP0Yyv/M6Xvjv+fpFDew==,type:str]
secretKey: ENC[AES256_GCM,data:9IEqubInFr+m9QAnttGQYQTtVA==,iv:adfRWA2TYK+KrcnmziiBA3AgUZ+TUOzA4HfXUITQIFM=,tag:xDcFCmJA4svH7mcgeQseRg==,type:str]
policy: ENC[AES256_GCM,data:gQd5QKGHVrQ=,iv:nTWo4wHr4xzZn08DrJGXeceZqdVjy1ZY4bX3kMXl7Kk=,tag:5ZjPAtQyhsg7nBQTA2Kr7w==,type:str]
- accessKey: ENC[AES256_GCM,data:XDX5,iv:520OfJb8RJgWpeAJ9J4V1jIAwXl9jT/V7GuAMr8PmBY=,tag:LOETQbQT7kwA7EIjAlPWLg==,type:str]
secretKey: ENC[AES256_GCM,data:QlVpl3lks1P81dLQdUuM6a9irH2ny53ZsA==,iv:eFADkYo9oj+ODQ1CPbIVc/rfA6rr8iF7wglfFksrkDo=,tag:JyFMTyuuQyWHaMLHKXOxEQ==,type:str]
policy: ENC[AES256_GCM,data:yeC1,iv:FE7WNpWN/dxgkBi9QJxtYRzZTnpgjYJ/ar9/45bETMo=,tag:eXN54Gvw9PXbp/vNoZLrNQ==,type:str]
- accessKey: ENC[AES256_GCM,data:drqrZ3/nCyGX,iv:ey3xBAhJG3htB6sehhAONQApwUgR0redb11wIyanyhE=,tag:2PM5xvwY9YjvJLm/+clF+Q==,type:str]
secretKey: ENC[AES256_GCM,data:iKpEQkDFqYn7k5I2OVcIDrWDIpQ=,iv:m7FeYAIt0/jm66gWenOrOj2X989vpRQKr+GYdw8mrRU=,tag:GHOPwRLdRfpc2wLH4tX/Cw==,type:str]
policy: ENC[AES256_GCM,data:4XqHiO4Ut76p,iv:KbwPkexAVDaahi4F/Q6Wh6geGy28OggE2Rptmq1Lxrw=,tag:M5wFcNICGstXXGP5e+umcg==,type:str]
- accessKey: ENC[AES256_GCM,data:ghT3JzY=,iv:65gARnb6O1r7nSJioVyZs7SyBk4aiDgyEq8iLFeMatI=,tag:pLx4r6txAjBBjnmG7AcTUA==,type:str]
secretKey: ENC[AES256_GCM,data:Eq4OG7kPFxkhQ+gX7/ICSvjaWxf68nUs9g==,iv:1bgYfjXZLgVvcPTHNtOBaRKV5dWp/RmkisRdQUfWJqo=,tag:t8T9DY6+lr4VPofnOI+g+g==,type:str]
policy: ENC[AES256_GCM,data:7bF0/18=,iv:k5zb0KRyfOQvSWiVhy0au683aJhthrBoqxLHWyXuQD0=,tag:y0P69LtUb+dBc3BARp9p3w==,type:str]
- accessKey: ENC[AES256_GCM,data:b923YDOG9Oxl,iv:rSDiwfWEzCof7Lj5zkOpvcH2p+zI4iqQC+uPxQUUvyI=,tag:gRUDQha2EITQ1VkCurnT0g==,type:str]
secretKey: ENC[AES256_GCM,data:iwpLzRUfZTqWWwzw+KOjko8rMcWwz0P4eg==,iv:THFj+8ILYlTHU8dAcCony7bI/5q5A83dRsjHoqeXa74=,tag:bo3VK4WflhXN9iGdkthYcQ==,type:str]
policy: ENC[AES256_GCM,data:v+H0vmJXHeJK,iv:S3JjrjZm4XdJnsg7hvXBsnZ0y+QSVD0zPS1cJlGxIw0=,tag:KBWkrID8knK6pvB8oa30ZA==,type:str]
oidc:
enabled: ENC[AES256_GCM,data:iPRMVw==,iv:7+wiaPH+5p2jrN5V6HswUiM91aEw/ldUg1mHkZ+w9So=,tag:7e8wuwGn5JnJ2MWBkGDp7A==,type:bool]
configUrl: ENC[AES256_GCM,data:l5PfhY5UKYTKQEGDfR7K70O90f+46Yn3WBGA4fd/aewX1a19lEDfCVVUnEIH8wfkuCfWCatUHROohXmYDyHpNvzjrfWNaPvY6GFO78dFHtsQNViTZ4ZBu3w=,iv:pywiejbamZHmB1C03sDx7d+I7SoqTauV2VRPxQr28M8=,tag:eqda+SkyCs+cMVrVpgv+yg==,type:str]
clientId: ENC[AES256_GCM,data:0mSKgQ4=,iv:2tBcW5pyl6CnQy/iUNoetrfYV9RCkC8h1qmfSdCeOtw=,tag:2iCUmKWAi/lV5riGczLAmw==,type:str]
clientSecret: ENC[AES256_GCM,data:7vfYBA306AZHFw6yBWt4yeEPTbTv9E4nLywCNw7JNJs5uZ4dc4CaKgUnxkPsQT4RNqeY2RvitVwY5Ru9pfcLGKjBchfdzyHZx510LJXrRAjwWvA6S7DbuVtmzQPt/afkjyRNnSmiSh3p1Qq4tm9cUcCq1liicDt1VpbegMYZwe8=,iv:pBi1lX8Tnl2WrWD6m3WYwbrUp4mmsR7rdkAfJ/3tvD8=,tag:VbBw5EUHba/wzm9Px0oljg==,type:str]
claimName: ENC[AES256_GCM,data:BhPyfRA6,iv:45Kwdw8y6CmRvgXK1q1V2Kul0Eojopdd8jP9b5F1xP4=,tag:mkYeV+KfyBv1CXpZDEdIbw==,type:str]
redirectUri: ENC[AES256_GCM,data:gTBj75u9a92gz/x2RQhRaenVYHh2U/EWPs8Yfc3XMZ3A3p5288DDTcrE+BzJKiA=,iv:jsAgOw/Aar7xlhQrB2HhOq9kInXeDRqBDfBVdpW33Kc=,tag:+XjmwVvugLE50UNBiVpaMw==,type:str]
comment: ENC[AES256_GCM,data:wqDr/C7UgdRdwr2BvxtXYnqiXlk=,iv:22Ox/IUWztNSYLrhkNRhNclXiCfaNSXFip4AmLHBBLw=,tag:oplGVbVwQml9n74JweeGjQ==,type:str]
enabled: ENC[AES256_GCM,data:c+ODwg==,iv:bY7yZXxhj5fGdT85yPEGD+2lsQ2l0+6BJkMcYzcZCwo=,tag:uHxzyeUpypMvcswCVv2pGw==,type:bool]
configUrl: ENC[AES256_GCM,data:pzbhMON4qNE96d0AYDO1ojvXvQXBVgIWtjeRkpj7psDo5HBOLew73dzDPJgThWsZYthv5ROaLqQo2hmheuc0cP/AAa8JSaTGWFD13iN3d18iPI8ZaxnxZFg=,iv:GEYB7lX4+NWeD9VgjFu1CChg/ClDGvO3rGkuxvIcql0=,tag:QWEg0kMMcmIcJdsFgSCYqQ==,type:str]
clientId: ENC[AES256_GCM,data:DXn3ZGs=,iv:xHYHMB+LpMwdGgiiMcq5RE5idlEII1sY/7NWw0rT3aw=,tag:oG1pOyPnJCd1DUXtPQA8Bg==,type:str]
clientSecret: ENC[AES256_GCM,data:XwMEAxsyYnN3b2zTSIy7a3WGqGAQLF8MSQPMNXkx/zVNd9q6hVINXRbqeVRgF+y923DZYO5qnNdKhrVgby1qg7xYxgPfkK/ouDrzuftDa4agEjzJXw4QXRpHpaWujyYk3ltaRzi6ySgbMwj2z6G+ZMsbKuNKbv1yS1NOI/T45+Q=,iv:MkiPUjZV0HslDSZwc7sqzHzrejHRRVa6AIbLYZzciLQ=,tag:hp3uZjYJcDoalUOxGGnOGg==,type:str]
claimName: ENC[AES256_GCM,data:Mml/efpg,iv:imZD0TjiyhQRntes4Z0AcnjvsTjgdsRaFTnhFlqcxQ0=,tag:+oAMOz4tmi0yvmNPiDuqsA==,type:str]
redirectUri: ENC[AES256_GCM,data:lRx520z6aq+UJc8a7NY/MNPQjOuDqY0Xuha9bOJn47tR+pkq63jh1ShYhmOM73Q=,iv:jCG6lxPV5jXdyvF7Td4yasHiqC1U22Kg6LdLqj8rKh0=,tag:5ix40wSSEW2JgzAZlgOuIQ==,type:str]
comment: ENC[AES256_GCM,data:mhzyX2SGy+12XjOl6PICR2Yvazs=,iv:o0O70wKypt6+HB7ex1Pno4A4XxB8ldTU5NTh627vMcw=,tag:1hlYLXJyzhLb3x0oYIee2w==,type:str]
claimPrefix: ""
scopes: ENC[AES256_GCM,data:RGNvYxjR9jtmtvOvUAGhvrzpCPN4xhgcrdjr,iv:IgMUDeuF2EzSjyxLh4bFynUs1fSXebhMan04whxetSc=,tag:JdmYRGDl1y1uL7DAs+tAvg==,type:str]
scopes: ENC[AES256_GCM,data:ztX8pA35GP2+kLLvQo5tLcsGdz2+/AGrwFJw,iv:qldaOWV5asc+WAAiHVAYoNkXVNMPVZfVTIHj3jd/cO4=,tag:6A+JiirnO7aMjO8i0zYbjA==,type:str]
sops:
kms: []
gcp_kms: []
@ -37,14 +34,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzQjBWMTdGUVUrZ1dHSVRh
c1dCSGt6WXpWRFgzTStTa0lURzRMbHlEbGljClJxdjdFdFEyaFE1cXZOVUxybGpy
V2paMk5pQUplcWx0ZGM1MmtrMyt6ZGsKLS0tIHIwZzNCbmhpNUxUWjBwUkhjWDQy
YWlEVVNhU0Y0aHlwbGxZaVNYZFFMUm8KHtPp7rhWctd/5hTSkZxgUdUYcm04Syck
f2uanLd+LcS51+TaEyS6kPvvmnbr3vWBXmC2YlDodlFKtaa5wZ82hg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBONzFwREQ1dGdpS01VQ21I
RFRna2QxejdiSUppZDlaeHpNdzhFWlQ4ZDE0CmNpR0hNMTZBWm9FdDhWY24wc0hD
RFBCWHhHekdja0xnL1BVOFVST2FGOFUKLS0tIDRkVW9ESnJLWmtuS3VWRDFna3hB
aWlhcU9qSmNsRERJRDhqc1h3eVVOUncKQc21maFwBHZzD3xMedoqmCEFOwaTZkG8
OD0o9sqjHqrHj4vqlWjj2LwAAoq3bL/ttvbEjm7jm8tHGIHTh13TDQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-29T09:24:10Z"
mac: ENC[AES256_GCM,data:oepHWEe6sICVh2GSR0MFFeq/aCZUdF/darh8V4zUeB5FND6hvo1Jr7QkEE+b8PR+C4PsPTra8RSWieXsv3ZypSvs1fdYmve2fvCK7S/juExcVLYo2MjhtKqxkNffBOoY1D6bBjgJXD3s2u1BVHjUOqa5Swmn19kQs0c1VE0E55M=,iv:UvRVRBicxz2hvQk6pq3S9zh7zOq/KKi5jlMf4WdYUog=,tag:mxCXgDh0dNtckTgLSezqfA==,type:str]
lastmodified: "2024-12-16T09:16:55Z"
mac: ENC[AES256_GCM,data:+gZ0lhBo4j1GKfGupQh5UxYt6C+yfTRrMM2rwabU8Tr5ZNWviNfGQiDk67Dyio01NH4wAL6EhcL+xwG0+94DlTd/++VieKBQuCABhnugi0wvJO/wp2HOjotmb9hWhF+kIXLj2bPdkd0iJQuZM5CbDy1XLUlYaRT0H7s7IGA8QI4=,iv:jhrH7+Io7lx5xMS7feq/4g5iW58QFWjRyCfDoUZVC4g=,tag:6ozB9/8ULOJg8WHvAZYgpg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

32
values/badhouseplants/secrets.server-xray-public-edge.yaml
View File

File diff suppressed because one or more lines are too long

32
values/badhouseplants/secrets.server-xray-public.yaml
View File

File diff suppressed because one or more lines are too long

44
values/badhouseplants/secrets.stalwart.yaml
View File

@ -1,24 +1,24 @@
env:
secrets:
data:
SW_ADMIN_SECRET: ENC[AES256_GCM,data:EzZUkRCBk1iIZuRQYmue6L/sUwqm96qVJ8nQs4ty2QwHGotrjifW8oWfxoE76WsgYYw=,iv:HQVcN7PTy7bN/pkjex/QxWNQhK2aPdWIiky2UJSKo3o=,tag:5Dt7yazdrcqGb73bK9Isgw==,type:str]
secrets:
data:
SW_ADMIN_SECRET: ENC[AES256_GCM,data:SsReruQ9zGMiDcgfcjscnUH/4JBvGDNOyCH0vs75xXdSEPhERR+jju4aHGfd+mRcwvc=,iv:Oz3evN/OXUvEAWeYsP4wIVMwA2qwuB+Ny2Xy0EchrJM=,tag:C7CpSzG3RR1WhsDr6BfQAw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMSUVFaU5uMnFJaFJTTXdO
T1FyM3RxTHdSWDJNZ21wN2dmU0g5OUIwSzN3Ck1KZXltR1pjbUMrbEhkaWtwQ0RW
NXlwckU2TlVTbTFzekJnWDg1WWR3bncKLS0tIFU1MHlkNzYxNEI3bkhqTmR0UFRV
dmpFS1B3S0h0K1BEa0RSUVBlYXZQUE0KjELkNpkCbGf7+ASkfTXpcu14VzBqlSaQ
hJwXowb60BjEDJvofQs93K1Rw+dtrqA6HGphcki5wzVF8T1VEFTCqg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-29T09:50:18Z"
mac: ENC[AES256_GCM,data:1iNJf9Li4yAyJtrPW4qZ8nNTFZQhxOK4Q2QU3Fg3IvBr8b9KyyyXAuZaA4iY2TYSWMtwN6Re7Fdkw7ZZb20dYMIMqAGOZvb9U11OY2/CIr+/dm2hVpsHv8E7Oe3hRQCLMvWbu9X6q/G4/y5i5ITq6TNME1+NAkRYgfX26/mL9Ws=,iv:I6e2GnN1b9CwuRhkxJq41ZR2zMUnitqYCRIiO1Rdi3M=,tag:2ObuHNCvYuhCdP+Cm20pAw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKUjdWR3pubjRuT3M5TEM4
eHhycWdZdTlRbFBaRnE1a3BqWDBCcHNIcUZFCjcwZ0tmVWZ6RkppNExWVFlJK2Ju
ZkEwam5PRXNQTUcveUE3c3NWdFE0amcKLS0tIGFnZ1dNRWppTEVURXVpN1F2Um9L
dm1HZ291WWhBbEtmdDB6aWJETUNLRGMKuP5y1lzxs3vusvJZLqlnTR+mWnC7YmNo
dhGpvh+W3nIrgb50OJV64xDU9Hqc2jVETmFq4RWqwEQTwSRv14grwg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-14T08:08:21Z"
mac: ENC[AES256_GCM,data:+/WrvENJ/B5YjRb2K5D9V90ziuEOmP4a1D6CfdQHRShRPp4BZHtBFb5vr2kRIIY88eiv9cZm29G4U4X/46wi0SotxTpVOrefmM1ZQ7cV1J9o/mf2mnguno7WAsxEyTkk+MZoCgZEWbLEKZ+zqlHgRTN0VfBgBjbLR5bP39fd5xg=,iv:otaCp/LxQVUIZLAmLzceDQpvAY4bnPUm3MlyWUMW78M=,tag:6CXYN6/uAbetm7i8OeZA7g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

20
values/badhouseplants/secrets.tandoor-recipes.yaml
View File

@ -1,8 +1,8 @@
env:
secrets:
data:
SECRET_KEY: ENC[AES256_GCM,data:EUJXsWqV8l2YN5NkXvKqQRT86P3TS9d5fca8/vhN,iv:lFIhGFtCW9vAYwc5dSmkBYOqo6B5YcZygu6zAZ1qsrc=,tag:tIVk7YyN+bciP2wl/zMZOQ==,type:str]
SOCIALACCOUNT_PROVIDERS: ENC[AES256_GCM,data:ZOHbv2LiZFBpxwCwD3we2U/NN1WW5vT14Fata5mA0amjPiXMuGgZYjUhA78ukZPbVVtZ4NTrOj/xLT1SfIzqDi0noDFmFuLVvQ6kjZ7/qdjPXUS5BV+63Bd9aZcrsyAWGujDhzMcjJe7ravIh6ChuIdqq1tkP6FL7fKcpg8Y1PFkIy2PfPjtxogmiOEbakmIJJ56ykPn8O6g5zFa69o7MsVueJAKk7fR1n9SBeZg/bKGC/iY5i1bnAqRdpQO5zRliZfNvrtz0Dk7Cl+jwCjl3cn4lp1u1sBINvAE5x0vrxWKPLkW23hgMIaRAvFB99FiBdY8UjBNM30NNiQKr051S8IgMyTE7w54yZZQZrFprqE1VplKSuuF5ope5CRS1mu/FxiZFjl0T4cYGxJt49S6cVlL2ihKO8Kkw+Jw7FRe+1hfaF/3i1S4O2g6adbAStlnaFvJgXRUiZt7grQDsSqy6tr6hemlOOpVp+b9//NBxb+rXWqUSph1dmo03viRAW3OZKzl7tohrJbirMxHUN6gAIBAvnd0go3qbaWjNg==,iv:nfSnL0kLCvM6d5UtMqp//7FCoWBVdftRPJAWRTtu8Fc=,tag:o7S4B6rMP6bZnHguw/w2Cw==,type:str]
SECRET_KEY: ENC[AES256_GCM,data:9ABsIVICRj0LO7q1iKPatWkjPLaqpBa7EaXIHzT7,iv:2P2qRyUnP7GP0VXTulxbgplagyaAV4RvHsUPEXuieq0=,tag:juNh+eY/7GfxWMb5VXlNjQ==,type:str]
SOCIALACCOUNT_PROVIDERS: ENC[AES256_GCM,data:VaPaCl6QAn7cn1OlZYD/tkJk8jgDCyiTvrfGydWrFtpUJFyNA+Wfj6sWvkTqhHTk5GYN4h0IIfqQScxhTmbxHmnEctyorC0AvFEZRw6IQ0KGFgdoQFZ5MPcb1kL3neY+GJwm7UAmH2AjAwG7PTZJsnha7N8q672IkAljCAVAokL7s6IS0vGzVHbyRy/tbR1BxCWcJX2WF2kpXAlc+mTKMZWsFChvrjjK1h4RyrYIDgbKGhJVM4cnrOzGrliuI58Ief+QERMXsFMIY6fbUsPT3eGe+oQQ+lKZxvlEbgVZsnsafQX6ZSWvtylmYVMgNsXbdqsWKlCnRfmATkS9sSJiUX59/ZtZcL3giRrXNlnv5poumEp9PO5euexXwlmJURXOnnD/kEcJn/PxuL2aV390I8TmaNGUZe0vzrNDSVOhCsykGMxf1L+MO5+aU+OndT0FH6l1GTQHNzzeo8XRrF5U9EPN6dTxbYWsu4GL9WuL0jhm/wYlbn1bhNnr5+1+xTpAHl20MeVQ0t+cCiB/7ALraPnFS88HQiA59YfiJA==,iv:qZa9zUL3c2bemBFk2SexY5TfDYUVNkk8QbB8Ucj/040=,tag:8e6CddYfCPnCKSN4bh3XMA==,type:str]
sops:
kms: []
gcp_kms: []
@ -12,14 +12,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3NnFEV3ZJQ1Z4Z1FGb3Fj
bzRkVjUrTUFIYjVmRXVYMFVsaWtKc1lWU3lZCnp5QzAvR0FXalR2QlhNOWcxZ0Rh
OHJzak9vdWU0WlZYSVE2ZW5hUVcwdDAKLS0tIFZsNURiSjU4ZjZtNmh0K0xRaUpv
UjA3U3FDL200V3JPQ2Zmb1c0V0hYcDAKbq2ywx3x9aiG+pCA/e87ja/1HfuA1o+n
BNeRIrOo6y4DBoCfaYVZc8U8m46Ul18RyGePsGUTVp1SSX54XfPb0w==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTZ3JPMzhhVlVFR2R0R1hP
L25HUUdZRGp3dzViSk9vVXVvMVNTWWN0VmhnCkF1Y2F3SWdzR1p2LzJFd2xiWExW
UnhjZVpFM3NOaVkyYXBKUGZiMXFSM1EKLS0tIGJyS1VRTnJKYjAzcXpMbnd5LzhP
bHd1UGd0R3NZMXdUblAzMXZFUWtPUncKab/saT736wWdksBB1swEZMY25LICviqc
pzSL7VWlN4d+KEZu2mS4Z8Fxd+PqLmbKFtBL0pIYyXxmHmfI2AVS6Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-25T12:38:20Z"
mac: ENC[AES256_GCM,data:yGvodMxMZWnExrWayPH0tRdDHvzeVf4dLi/AlEU/Smfh16K1rM2vnVLuo2EhBbaGj4nPl+VHGFdMgz+AhnnUhTtV0ez2uIPyGDLBJL5JhDG2937FjvJ7qduT9b/h7u+y9V4jxquaFruCAOX+uRLmsKuEucEuAAkMydRmRAM3HBk=,iv:KJpcAWasTALTBDgTYV4dh9QR8NIUmu5O5vhbZiknLyw=,tag:esfjk8CBlNByqU21l6zW4g==,type:str]
lastmodified: "2024-12-01T23:22:38Z"
mac: ENC[AES256_GCM,data:+5B69+er2ofT3sk1a7bvZiTqNpGjlaPTWza+pZP2O0wOw52IxhLtJdzQbxaCeAYoztYqAnFuqnaSZM7BL9AoV8bq1aAwnq64/KquWQ5KtBaY5YxDSrt0XFqDW63gAmcO+kyi777HwYSjpphMg8L3hRMebnypVju08il0twaDfww=,iv:xI3cU0WfH9TQ8YyLwqsJqnPKhVCKX+3EXQrm3ToY7ZY=,tag:Lz1jjjiZnd11AZaQv//9CA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2
version: 3.9.1

5
values/badhouseplants/values.gitea.yaml
View File

@ -40,15 +40,16 @@ replicaCount: 1
clusterDomain: cluster.local
resources:
limits:
cpu: 512m
memory: 1024Mi
requests:
cpu: 512m
memory: 1024Mi
memory: 256Mi
persistence:
enabled: true
size: 15Gi
accessModes:
- ReadWriteOnce
- ReadWriteMany
# ------------------------------------------
# -- Main Gitea settings
# ------------------------------------------

26
values/badhouseplants/values.memos.yaml
View File

@ -1,26 +0,0 @@
shortcuts:
hostname: notes.badhouseplants.net
ext-database:
enabled: true
name: memos-postgres16
instance: postgres16
credentials:
MEMOS_DRIVER: postgres
MEMOS_DSN: "{{ .Protocol }}://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable"
workload:
containers:
memos:
envFrom:
- main
- secretRef:
name: memos-postgres16-creds
ingress:
main:
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure

30
values/badhouseplants/values.minio.yaml
View File

@ -1,3 +1,22 @@
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
istio:
enabled: true
istio:
- name: minio-http
gateway: istio-system/badhouseplants-net
kind: http
hostname: minio.badhouseplants.net
service: minio-console
port: 9001
- name: s3-http
gateway: istio-system/badhouseplants-net
kind: http
hostname: s3.badhouseplants.net
service: minio
port: 9000
ingress:
enabled: true
ingressClassName: ~
@ -100,10 +119,6 @@ buckets:
policy: false
purge: false
versioning: false
- name: memos
policy: false
purge: false
versioning: false
metrics:
serviceMonitor:
enabled: false
@ -182,10 +197,3 @@ policies:
- 'arn:aws:s3:::states/*'
actions:
- 's3:*'
- name: stalwart
statements:
- resources:
- 'arn:aws:s3:::stalwart'
- 'arn:aws:s3:::stalwart/*'
actions:
- 's3:*'

5
values/badhouseplants/values.namespaces.yaml
View File

@ -5,13 +5,8 @@ namespaces:
- name: databases
- name: istio-system
- name: applications
labels:
istio-injection: disabled
- name: platform
- name: games
- name: team-fortress-2
- name: pipelines
- name: public-xray
labels:
istio-injection: disabled
- name: org-badhouseplants

37
values/badhouseplants/values.server-xray-public-edge.yaml
View File

@ -9,13 +9,6 @@ certificate:
dnsNames:
- xray-public-edge.badhouseplants.net
- 195.201.249.91
workload:
replicas: 1
containers:
server-xray:
ports:
shadowsocks-tcp: tcp
shadowsocks-udp: udp
traefik:
enabled: true
@ -25,17 +18,6 @@ traefik:
match: HostSNI(`*`)
entrypoint: xray-edge
port: 443
- name: server-shadowsocks-public-edge-tcp
service: server-xray-public-edge-shadowsocks-tcp
match: HostSNI(`*`)
entrypoint: ssocks-etcp
port: 8443
udpRoutes:
- name: server-shadowsocks-public-edge-udp
service: server-xray-public-edge-shadowsocks-udp
match: HostSNI(`*`)
entrypoint: ssocks-eudp
port: 8443
shortcuts:
hostname: xray-public-edge.badhouseplants.net
ingress:
@ -51,23 +33,8 @@ extraVolumes:
certs:
secret:
secretName: xray-public-edge.badhouseplants.net
service:
shadowsocks-tcp:
enabled: true
type: ClusterIP
ports:
tcp:
port: 8443
targetPort: 8443
protocol: TCP
shadowsocks-udp:
enabled: true
type: ClusterIP
ports:
udp:
port: 8443
targetPort: 8443
protocol: UDP
workload:
replicas: 1
ext-cilium:
enabled: true
ciliumNetworkPolicies:

2
values/badhouseplants/values.server-xray-public.yaml
View File

@ -9,7 +9,7 @@ certificate:
dnsNames:
- xray-public-dyn.badhouseplants.net
- xray-public.badhouseplants.net
#- 195.201.249.91
- 195.201.249.91
traefik:
enabled: true

2
values/badhouseplants/values.stalwart.yaml
View File

@ -47,7 +47,7 @@ storage:
storageClassName: openebs-hostpath
size: 1Gi
accessModes:
- ReadWriteOnce
- ReadWriteMany
extraVolumes:
certs:
secret:

21
values/badhouseplants/values.tandoor-recipes.yaml
View File

@ -14,24 +14,15 @@ workload:
containers:
tandoor:
securityContext:
runAsUser: 1001
runAsGroup: 1001
fsGroup: 1001
runAsUser: 1000
runAsGroup: 3000
fsGroup: 3000
supplementalGroups: [3000]
envFrom:
- main
- secrets
- secretRef:
name: tandoor-postgres16-creds
extraVolumes:
common:
path: /opt/recipes
livenessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 10
failureThreshold: 30
periodSeconds: 10
ingress:
main:
class: traefik
@ -42,9 +33,7 @@ ingress:
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
extraVolumes:
common:
emptyDir: {}
env:
main:
enabled: true

4
values/badhouseplants/values.team-fortress-2.yaml
View File

@ -17,7 +17,7 @@ traefik:
enabled: true
tcpRoutes:
- name: team-fortress-2
service: team-fortress-2-tf2-rcon
service: team-fortress-2-rcon
match: HostSNI(`*`)
entrypoint: tf2-rcon
port: 27015
@ -25,7 +25,7 @@ traefik:
- name: team-fortress-2
service: team-fortress-2-tf2
match: HostSNI(`*`)
entrypoint: tf2-main
entrypoint: tf2
port: 27015
storage:

37
values/badhouseplants/values.traefik.yaml
View File

@ -101,38 +101,27 @@ ports:
proxyProtocol:
trustedIPs:
- "192.168.0.0/16"
minecraft:
port: 25565
protocol: TCP
exposedPort: 25565
expose:
default: true
game-udp:
shadowsocks:
port: 8388
protocol: TCP
exposedPort: 8388
expose:
default: true
tf2:
port: 37015
protocol: UDP
exposedPort: 37015
expose:
default: true
# tf2-rcon:
# port: 37015
# protocol: TCP
# exposedPort: 37015
# expose:
# default: true
# ssocks-etcp:
# port: 8444
# protocol: TCP
# exposedPort: 8443
# expose:
# default: true
#
# ssocks-eudp:
# port: 8445
# protocol: UDP
# exposedPort: 8443
# expose:
# default: true
tf2-rcon:
port: 37015
protocol: TCP
exposedPort: 37015
expose:
default: true

20
values/badhouseplants/values.uptime-kuma.yaml
View File

@ -1,20 +0,0 @@
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
external-dns.alpha.kubernetes.io/ingress-hostname-source: defined-hosts-only
hosts:
- host: uptime.badhouseplants.net
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: uptime.badhouseplants.net
hosts:
- uptime.badhouseplants.net

25
values/badhouseplants/values.velero.yaml
View File

@ -65,7 +65,6 @@ schedules:
- applications
- games
- databases
- org-badhouseplants
weekly:
disabled: false
labels:
@ -85,7 +84,6 @@ schedules:
- applications
- games
- databases
- org-badhouseplants
monthly:
disabled: false
labels:
@ -105,7 +103,6 @@ schedules:
- applications
- games
- databases
- org-badhouseplants
regular:
disabled: false
labels:
@ -125,7 +122,6 @@ schedules:
- applications
- games
- databases
- org-badhouseplants
offsite-weekly:
disabled: false
labels:
@ -142,27 +138,6 @@ schedules:
- applications
- games
- databases
- org-badhouseplants
storageLocation: etersoft
volumeSnapshotLocations:
- etersoft
offsite-daily:
disabled: false
labels:
backups: regular
storage: etersoft
schedule: "0 3 * * *"
useOwnerReferencesInBackup: true
paused: false
template:
defaultVolumesToFsBackup: true
ttl: "240h"
includedNamespaces:
- platform
- applications
- games
- databases
- org-badhouseplants
storageLocation: etersoft
volumeSnapshotLocations:
- etersoft

8
values/common/values.coredns.yaml
View File

@ -1,12 +1,6 @@
service:
clusterIP: 10.43.0.10
replicaCount: 2
resources:
limits:
cpu: 100m
memory: 256Mi
requests:
memory: 128Mi
servers:
- zones:
- zone: .

2
values/common/values.traefik.yaml
View File

@ -3,7 +3,7 @@ globalArguments:
- "--providers.kubernetesingress.ingressendpoint.publishedservice=kube-system/traefik"
ports:
web:
redirections:
redirectTo:
port: websecure
deployment:
replicas: 2

38
values/etersoft/secrets.minio-self.yaml
View File

@ -1,38 +0,0 @@
rootPassword: ENC[AES256_GCM,data:4rs7judCzIEqSRfGi8HLmzVftOinmHRAGA==,iv:t6bRBgKOQ+kGn9v0tixllqyeyEWuQTzBMLq36rixY8o=,tag:SZuW/gvFFI+nn/vtKSmc0w==,type:str]
users:
- accessKey: ENC[AES256_GCM,data:wJ+sB2Jlt84=,iv:lrhvu5BfIRl6kmmVp/SzDHkS7KlZ/bB8Al5hKUOzmNY=,tag:XuC2cM6Twl/KaOPbEphgWw==,type:str]
secretKey: ENC[AES256_GCM,data:n5SSGB1AhxZm2uOrdW5kVLbUid8sACwyQw==,iv:hrMcDAWiXz14Q6Wf+bnxxJxFLL1QJBEr0JjWqTPBLN0=,tag:vekhUJFpIv4QmXFTuupOOA==,type:str]
policy: ENC[AES256_GCM,data:javfx3iMs44=,iv:naNJLTEs62JDgUgKWSRcCclsslJZkiazyJ0iyhTO3cM=,tag:7yOHyC0BfV/41zWDd0m4sg==,type:str]
- accessKey: ENC[AES256_GCM,data:oRP+H3vA,iv:N6XQ34NYrCfFci5dw6nQroc/tqByz4ilnQCDh4ZKL5A=,tag:2UFZDLdjBUN0HqRLXh87lw==,type:str]
secretKey: ENC[AES256_GCM,data:LPzli0O0ePL2vghWNsf07P41G3+aXUdBUQ==,iv:vu/TI1jU9/m30DegKxUAaObUq9FyB1IXUB1vqL5kKoI=,tag:1Ar6MNR5pTCzeBlH7yl2hQ==,type:str]
policy: ENC[AES256_GCM,data:gj1EGs4L,iv:N9J+yXcG3fLyg7dPlICi7tdTk6OPLpVpC0IFprfbGaM=,tag:65lRXTg0R76y23QXNLD5pA==,type:str]
oidc:
enabled: ENC[AES256_GCM,data:ar/fBw==,iv:rs1ESCu8noZhU5nKkU6HS+qysYGQfFXo96uliAY+9xw=,tag:MvgSVLelQSlk1Swx47+s6g==,type:bool]
configUrl: ENC[AES256_GCM,data:195i1omIYscB5Qo+p+S0LBEI0CAHMaVz8smR7c4l57Yw05R4GfBJR16DswMgoF8FC+UFBlp46/WFYA5f1CZIlaVFipqBTYeEflDGQ59IJWVUo9Apw06Hfw43HrLC7POQL3w=,iv:x9WmZvzI3Gkf+2BMdIVkL/UxK6hIHJPVgOOVyDoPQHk=,tag:euHGWXq5PNLj55XuU3amGQ==,type:str]
clientId: ENC[AES256_GCM,data:DGIVa81hjIMmotzffms=,iv:mtuMKY07CKQD7GMyKJkUs3sQdbwnXCm3n78cfyxIvIY=,tag:sRQJXhOY4LPTry6TMtoqcg==,type:str]
clientSecret: ENC[AES256_GCM,data:HaRln7Az/+lP/01RFtlTCLSReAQ2OYxRlmQ3LSi9r1tVWZD501RaCif9/68BIOnhGUFGbZPobbRWOfQDULycXHdqK5nms5S0YOFNOwxUCPkttlljZ3fyw157lmFGUrivzMjWpIp5clqoWtIWE71q3UDJ95FoOBjG0HRtFoDo4d4=,iv:73/N0JSCwLd//HHOIjuPkHCY5lKtEuRahx93lG8Bipo=,tag:Tltx2XXeJYGQczCvb7rqBA==,type:str]
claimName: ENC[AES256_GCM,data:AnMUWTj8,iv:6tV4XKIT+utrSIbUVGHJVXjPI/i9mJrzki2zC4n+4Dc=,tag:iHnClGYFTHpUry/x/wZuTg==,type:str]
redirectUri: ENC[AES256_GCM,data:F30Q9PQvXb+bmkNib2/END1/E/my3kOo8RTvoN+/OJMCz/nDRR6lgoA3LYHXh88=,iv:47dIKSJW/5xQdmASUiPOfHo7193LfAQ/R/F+saAzSWg=,tag:SLREgi2vBl5mvh0J1K3nCw==,type:str]
comment: ENC[AES256_GCM,data:t/1OqmIDiudE536CpZUYIgIq9gI=,iv:uwzrEwQUO+eVpCTYYXHjfdnJmKm/mEwre7zTtbwO0Q0=,tag:J/vmOjueOqdUq8Kuq5Ke6Q==,type:str]
claimPrefix: ""
scopes: ENC[AES256_GCM,data:wqLHN7dmjg4Tly8wOIm/3zZyzx1Mw3NLNqpl,iv:p1iC127avWNcGV8Qj9WLFeAZTrZokF467nAqSwEe43k=,tag:SilNPiK+t2xvgvuTfQwhFQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1cWJpMDFLTHZlTlZPMW8r
ZFpqM3VnM3dQeThqb1pOdHlVbHkyeVo1ZlFvCmhDV01rZklMME12NVl4YmthWEd4
RndOYkgwSkwwaGhMNE1NZVFxaWZnbXcKLS0tIENqa0RwR3B1MEk0cjJhbkIxdW1W
bFRMQm9QOFRQaFVpaFpqMmdjRTAvODAKhhEOX3d51JWmAYMZdT2LZpkLkuCOcpEz
8sfofHVU+5gCOTZj6fTvIm0wvnVC7lmTaRkZBEKnuPavjTDfXKluGQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-01T18:57:37Z"
mac: ENC[AES256_GCM,data:JzgKhfxs3QI6um/3xFlik6B7vgWAcIoswucE0j6h4Z7smHgP+FuuJxXEeqJQaAhSGEQnm7XhJRoJ3HfIaPK87D8cU8g0GeOOQMF2ZZL5gQ3YxWDsI5g9HayoCYqRQHd6uq4x6zGKQ+zodnHBBQnujnDWwOykfyANav6eloW5tnI=,iv:jkxc313m9KCoUjdHfUqpwLzFJe6bmSlM4kGdqEsUbMw=,tag:SDEnSkv8jB/RfUGj4zX+4w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

46
values/etersoft/secrets.minio.yaml
View File

@ -1,21 +1,21 @@
rootPassword: ENC[AES256_GCM,data:OjZ/T/pAAotJvTUjkJ1yGooWnz6NfLZR2w==,iv:uG8cnfJJsx8yrAo1PONBPNF4pDC0PQz6LDpb97FRf58=,tag:/1KQ7Zp+UqA7TCloNkI5Xw==,type:str]
rootPassword: ENC[AES256_GCM,data:btF9/FtQLpalONXSRhY8/HC4gq8vnuaaHw==,iv:K48dhNKPsqwaqvR0z+7sFdlKt56aa85z7NeSvd5KxVk=,tag:Okg6vpyaxpDFuF0sGuGthA==,type:str]
users:
- accessKey: ENC[AES256_GCM,data:xaBSF0dMBQQ=,iv:1q33eR4d4Fw2m2m7d+gdT29/X8HKJAOyNcNO1vlNf+k=,tag:mcMkLEVqP7IgN6DcLjTagw==,type:str]
secretKey: ENC[AES256_GCM,data:GSjy0MYT5DAAIN86CATL68kqJGy7RApNLw==,iv:mVjOAzqLFB30plV2ZAHGNrphuwHhVY0gga2SH995NUM=,tag:rPxGHyfJIdzA10I1rhwb/Q==,type:str]
policy: ENC[AES256_GCM,data:SRhftF+GquY=,iv:b3kR9lbrz85Ji/9kcOwAtDJXhoSLa/ujiMAUHWrabRQ=,tag:Pg1YnFxUfFZeeda/Hc2OZw==,type:str]
- accessKey: ENC[AES256_GCM,data:De9lLs2l,iv:KL2afECLR7M5566v9aUzEr+vzOgld3yMJzjbP4wRpcQ=,tag:wXv33DjN+wm0FCa3/fQYfw==,type:str]
secretKey: ENC[AES256_GCM,data:FZDF6R2m0Z/UX9ywn4jgCsj+NcFh9v0aXA==,iv:Vr3icnAhYDZwyQVVHXnmZavP/8VEbIQs4nTOQNb8uyM=,tag:CowIx47b8T+kf/qhpBuqIg==,type:str]
policy: ENC[AES256_GCM,data:87m39jSs,iv:H2Yv8c8S13cm+Pi26UNeeS5f76ewskLsnT3aKyIAAT8=,tag:ixKsbZbZyVk5kS/Jqh35Cg==,type:str]
- accessKey: ENC[AES256_GCM,data:VU3XYBaFgnM=,iv:f8ph1DPZWHGQtfqgTby/P/ul7esiOaaUao4pjdxbW6w=,tag:MEpgtL5guJLdvELP+dUljQ==,type:str]
secretKey: ENC[AES256_GCM,data:rKH1j/NxhMtpPl5ugHftlAim4ZxWK2oCsQ==,iv:Dc3HGHyFzqwwBb2wau0H0Hu1d2cepckdp3O8AEsJ4xo=,tag:MXVe8mP/iAAxHV1yXReb6Q==,type:str]
policy: ENC[AES256_GCM,data:MjyZxYF52hw=,iv:xEb55FQfwZGa0ye9kvEqcXRD8lYojprnhiy3yZ+4ldA=,tag:cwo0RUXdS+ECYBHEqPs4tA==,type:str]
- accessKey: ENC[AES256_GCM,data:OgGOUoRh,iv:dznjmOZxw2YpCkyjfX61XkpRYk8sRq/vFsm2Vj2NUv4=,tag:3dZTLCRu7tLNfLxuGmuuGw==,type:str]
secretKey: ENC[AES256_GCM,data:GlUxSIQMcUNqrj6ucgqnfIzp73DtEN0Ihg==,iv:HpSmvfE0Nml3rlTVtZUnfCNEK9L6yjnwBoxMArZiraQ=,tag:vNJr62ntsRu9muSav0TXug==,type:str]
policy: ENC[AES256_GCM,data:aqDFdoy0,iv:nPNxbT0jwpTXDjs0hXgt5clFstAjbgqO6IH+Dnox/+Q=,tag:P/m0PHwZcqaF5QYQrD4oMQ==,type:str]
oidc:
enabled: ENC[AES256_GCM,data:P8GEXQ==,iv:qeB8rYpZny+1NX/fLQi3Uu1rwdHHDC2VZSCl2HbbqYU=,tag:N+zfQUX6onM+YCJRUiFImw==,type:bool]
configUrl: ENC[AES256_GCM,data:u0u2AxsupS4rC/C3PWZgNNrTyO12T/De81QHRa7NkiC/bb8hKJVutchNBpVr0zNg+Y9aRPo8cSlbepUVhFx5sZtdkaz98GeI5QmUzsi39LM7S9Mmp6fKP4aJTo4/vhXYF/A=,iv:d/g4Yxnpf4KlrAr1WjBNkKiobKHDYqgh7YwmTwpos60=,tag:CiOLeDM74ZOJav6Pmzzunw==,type:str]
clientId: ENC[AES256_GCM,data:doeMKUeB2L01bKiOjJw=,iv:Up3TS5W+ksedwN/lZRvSjBQ8QOty/0CCOQGzYZ6R9fE=,tag:vVuoKODoutu+oZPq8klJXw==,type:str]
clientSecret: ENC[AES256_GCM,data:YTg+KYc6oioRt5prvHTkA4GIhQgS/Oi3rpwpOSX/ImH9DHLxXcJnPDKzmW8DWTmG1YIkpJEfLWT+SAa3xz6jpd4EB0y5f86j8h0Ih00z5CS6HyfvFdwqSvKpK6B6b7LIE1x1wSbS4+0un1x6/zUKeqgkes3WMXfHzZCTnalWmqY=,iv:oas5s8SZauwoZHGPKQ1Kj0inn403ZSIrfUORBCAuPcw=,tag:+cB21h3D0jmDAO+MN5eU6A==,type:str]
claimName: ENC[AES256_GCM,data:GzxNUVk1,iv:SULbiq6jxrILbpVhxxxfUSsCfK2PvQ3cgrwefL4HykM=,tag:9vQ397kbTqP2hRetfCY+OA==,type:str]
redirectUri: ENC[AES256_GCM,data:goPjtLTzVlwNcibzNS7ys9MwvyxC0Zod6oI6Ubnh3EQvPMVbV8jqR9VveHmNiLo=,iv:Bk3Ul5icqIi04knqBvTH7osv8GLqmX5YFe0Y8lE03UM=,tag:W2sSoLEe88/r8WRLIdtl1g==,type:str]
comment: ENC[AES256_GCM,data:03n7KL8FN+RVac2Q6CDrGExDeXE=,iv:CKkwPr8qRkDKcWaSeSqRMeZCbnI67QKN2yQiVDTjTUs=,tag:A7PwDaoCvuHAdmYYDSYsSw==,type:str]
enabled: ENC[AES256_GCM,data:nxzzAQ==,iv:HTVeFQPTr0HUPBi9LDfRo5qVUv8XQsBnYqvFt8cKfuQ=,tag:ARZttgS1YwYW1QjIAtbJUQ==,type:bool]
configUrl: ENC[AES256_GCM,data:ZgPxRfSLkCtsFTq+MrZqm5ysRkAA8YemJsaxWl6WtRbnLnJZBQqBzx7qy5ZMFP4R4Z0+7JLg243gRS/PCyDWq3NJfmM4PasDe1WxAXWJHrp+lxcN7GOM5VHcsdCi5j6KDBg=,iv:/scg0KqjnngbpqBOPvl/T8wVKTZHcWsaYOi+M9YXsUg=,tag:HdSLxvw6+vGUxgOFUETLDw==,type:str]
clientId: ENC[AES256_GCM,data:EORYGlAJ6EFzOQCOKMw=,iv:XVhCaWaN65vFMEcSprkWKcciHbhZoCUz5PfWn4NNwo0=,tag:YDen+LDU8H0M8omnlvk0jw==,type:str]
clientSecret: ENC[AES256_GCM,data:O5mJ+uxo18o04LHjY31eVs2wzJePtEXoJxXn81NBcTs0GApVPciDfUPI4mZVXskBScqT9x9ZdgkTjD44gBMzqwBjmwHEeZfPD996uSKSu2soMELLDO+D1Vp/cNjSHnUx5VKgKWxcdSxQ2WN6kxRxgCDLk9B/Cpc+pRDFiR/w46c=,iv:yjg7NUiDxjXkeQu7gpxqaZ2oGOXCpEnN5OUowlbhSPc=,tag:2o80ngR33KLxVAAehON2EQ==,type:str]
claimName: ENC[AES256_GCM,data:0uU9ynkc,iv:e+0Bw9bEvr++OU8Gql0m16BRE+FwsiK9vkTjdLQXsGw=,tag:Sm/kP6a+tRHYj2cnvZf3+w==,type:str]
redirectUri: ENC[AES256_GCM,data:AMtRfHzCg4pUM2m7enLzMOgV+oVecMarndU99YTjZP1NqTlG6Dmo6beo3/FAQI4=,iv:0SuKeW6SoAuwnGLCWz6yUI7NSxlFz4P+QTA9IP5Dokc=,tag:Vp8pVYr72MfnZYKqD0o9Bg==,type:str]
comment: ENC[AES256_GCM,data:QTHyj0dXt/N2ZMyv1rQyN1fUjuc=,iv:hxTK/rs1UL1n7v/2CBkHvEFZzlGZLyDv9nBmVVO+X10=,tag:haa6Hfk7pnhmCNZDWPkt9A==,type:str]
claimPrefix: ""
scopes: ENC[AES256_GCM,data:06/xU5KnOnzSNksTrJxP31n+yL/uhm6oM6y+,iv:G84tDpX+qzWRYiQHaQDO9kHzK/15XRBLu2BGPmCeh7Y=,tag:kmdsIpB+BgejOxhuOy2XHQ==,type:str]
scopes: ENC[AES256_GCM,data:AENnoV/sNnYY/94ZTF8sbSowJn4rA1KQ4/NL,iv:+Aj93Y0j/irIfd7HsuM4n40BFwZx7zhIi5ccowLaaBY=,tag:PcT6Ywl/nnCp2bKEwsjUBg==,type:str]
sops:
kms: []
gcp_kms: []
@ -25,14 +25,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjUkJLbjYrYXAvSDZLeWo3
NGdNSDcxSTltd29oWmpiRXZxUE5NSE1jSUNnCjVnK2M5OEtaTjJDdDkwSzlDMHRv
b1ZRUDh2UUF5b0xsNjE3V1JpYTJIc3MKLS0tIFVLcXh2c05aNGY1TlNzRy9SVXV2
ZFM2eDBOZkdiV2p4d2tXYnZXRWJidjgKAL4Y+39jbNZo8cXZ7vmfxbfnrmOluE3A
XWl5Udebr3cJ14UwP59mYFVL6A/0GaYuRqOwN3omJX4NEMKmzvJf4g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBSXNKMVQySmJ5U0VMY09L
YklMNC9HZ3Jqb29Qa3Y0d3JJK3pqNHZEempzCkpkTnV4bHB2OU9rUExDNjFqdmkr
am1LNG1zdFJBb1VLS0xhR0xwOWN1QXMKLS0tIFFZcXpiTUpZbm1sRUxMYVJva0w4
RkhEbVRkLzZnWCtjVDYvNVVaRlpmRlEKQEq0OqdXuW56zNKrA2by3y2JfUnlIAV/
dIjedNebsu3E/lIAZdo+gsjrzGIZSgIxjfKoqlVP6J16aJnka8iROw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-08T19:47:27Z"
mac: ENC[AES256_GCM,data:hq8mAa0SIALlMh7xCAJ17l1IIHTStP5EAkqri9ueGDjLMDPdO2ewRL70SiNpP3CZgBvvqx2y/iwHrl8TKUGG1oiMK+CpKBZZG5JG53S4cDfvjk9koP0ZKek55MsqFVnhFNjoDhJUCKWnKmm+X4YuntmtNfsmkgWKuVGIDWcJ07Q=,iv:27ITELnJRW1M9XR02q2eEGSdUNWYCtBvameZBVo9iFo=,tag:gAOZsUZmSXcrlNLZVphVqA==,type:str]
lastmodified: "2024-12-15T18:54:09Z"
mac: ENC[AES256_GCM,data:CRYlt6HYTH/HhRT46pME5IJ0xU+oHj84AFGvSn6nPLLKAkh6sTzDqG+6/t3MZ42SUtYa77rc2dVQ47RnkIyqCWNy5PBYCS4MVuOD9nuy1YdLhQn9QCExFO2b3BgW8tRKRuEJw2tcpk6W/aoy8qh3NddMAZAAWhMLoLENnLGiMVk=,iv:JthKqEKMTsZObMQFQYBn1KFTJUmASXWdKV19IoMzvWY=,tag:N+3lEu+8hr3TUwbo5VlFrA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4
version: 3.9.2

37
values/etersoft/secrets.server-xray-public.yaml
View File

@ -1,37 +0,0 @@
files:
config:
enabled: ENC[AES256_GCM,data:QJdNMQ==,iv:m8KcSZ1Qi9lmCUTfJkceKMu1iWMBin2Y8P+6g7pSU4g=,tag:z4N53rRhoTNdlMK5nu8rYw==,type:bool]
sensitive: ENC[AES256_GCM,data:8ltdENw=,iv:qeBWpMCAxo0OwRc4B/6CAbkxn7Bal7iDfgidvqtEmpg=,tag:3ipWGmcf1ZjsNTP1zJuXhw==,type:bool]
remove: []
entries:
config.json:
data: ENC[AES256_GCM,data:8Lcjs0itPOyEy/ZQJS8KZBwFW5BEC039JJJCVhUjL29+NF31Os5vo8jLoCayW9e8tasVVhP8BQlGFq/ABQajXmLoLCSQI0yAOGdVSvQEXy4HjBxsDnPIvNq1/4dk0FsoQwTJYaVW0QxSUWkipyZD0cbzssJ9Zd+KnIIs4MGreXfibuyZI+HinrYlxP8CXNTn6o2eUSx3zXodD0K2IO7tUOlIbYK2PwIBvhz1JxUhqXIXfoEF2FoVU7ca6YCHA4b8kLLep9gz6z2yHrM6CMk2AUi6H90jGfUPu1dn+H0zBc9JsnVpbGp1KGtx5V6UAk8i4Ed1Iv8zVlvv/i8mmWhY2ue0doFj2cY6QgKc0fqgfkqTgy0k1IeTbxfWDH69KEKMpqk5UotvI31R6ZQlYNgc29IzdMDzXU9UVvDzwwP6bl10VYZp0pwwgV8nqOnr+ZTNR4Hy3Xrmq99SUAq1fc7/CPebj+g9v+PfjKMrOAL9kOVTNK7EJMMp7JQXTrtgifkz21HkfjMVKh3JMFs6gJla21zgYqHqpgU4t1dtA2+Y2OCJV43dZsNNnuEqvBVJhCMta/Lh6xoqtaLoC3TYRrkp1PWGNvP277UJnvS1RekDAl/RjFFOlOLHOrbQpFd5zTWeM6K8iOPcmugPreE8p9FQIFN9tyYW0SryrZ7V6dRb9qrEYbFXMqjLX9voTJyD7K6xX9omgX4OHC9RJA3P0hbsidwooZZBUDGs842LI5hCoEeEOYz1h5ZQV0tLUP8omIwZOvm5B9cXt3GmVvcWYw0Cy5h/1neuzZzQipveQoQkartZuvg+WjjJMOASdMuSqdvw+wCdGCGlNH8ACtFR3pvnXn3NIN5WaQukWpkpSWNGtr/teW/5KtFvICwg95ieNoAOar3T0txR4DQ4oHw8gh7JK/57E0HzC6q6gqCeqQGZYKt/0QVnQCMKHh7rD6nz1aiFgh15vzAU3sjWMlszt5Q6pNQCb9Ib8txJA3gvI2AuMr/614NwyN2WHtuangVBg/nLUQW/0IL0FZWYWAmjvn+e0Ucsx+gNt9XVzvJv8782gnt3LXMz9QqT+NbNW0lzrac5AQ5Ka/uImDFNmzKunk/3yTb9K2q2kzOx0QCBYGcvvCjeX4SP2cDOJkSQV7qB9AqiKJP4h/oDkrNHH+b6n624c9C/IDAqWu5Gr9RUbhADVbRsLJjbzNdQj9Feacvw2UDjE9BNz42RN5K+Nz8Cw72B3iUg/3gcAhhjUvI/liuZCf1Py6nxi1Hl4MpoAinKabIUGvoIt5fBv+iXKXmhe+qulKDuJj+maIAKKmcnVFxcl1waWLrVPLO4gSNVCTp8b7tCwGuLIcynPGCLxSOnis4YJi7ux5oA3pn9pq5jop3kXQTpU8AexU4bmDFF4pzqXogNSDbiy/fKQV2pFnMW3KwOSXCBTzS9RmnGm+X8zQbXxnX1cP/vSmh9Pqs/4FEVlg79P5uEY+0YGmKRqmzBFZEQgXaYhOMWWsIMCzES2wNe5LuHEYiVF0fXK0GsYswPejH2Y8kg4jT5gynzfHuQzNO2P9id/o+q/Ptf9w5fizPZOBeOLMPpDP5LzYA8mPyb3WMryUj6agYk/CnEc07R0Xqk62gh9l0kmmDJneciwUz9bcGQGwfZVDwJeHyI2cS1huU6Ay6s8D1XyZnzWRAk0uAdY1a7oYhs0X0XioG0jsz6NBhUfRMNTqxITmxLnrrC3RbZfHtKizBnBDZ/OsSvMcUDg+wxz84PKM3p+gXUzxXypWCBFxHUoAy5x1V9rVINha9LUdtWiYD3JeoUbmgTIWKGOTXuXGlDdqkVedAtLyqIwAxCRgLWra/NoLJ3ZSVjWB/bpsrDc6suVKTn2LXSk+QSHE/2mzIvO1XBDd2QvG0VnVXNwFFRP8321hERwgNDQgh2AlcPBFJX1VaP6EHqa/VjX3bIrXxZMmq3UKH+wxR1pn+D0x1npIk1lAOW9yvJH/CUpbXJcNzSRTy2OR2MFTJcW432KKdcm7VoWhmUciCfOnvcvJekH/1yjoXRd3D0T/2hdPnxdkcFyoM9QZ7/5T3NXnNxVwaZwqlzg5vKGf8YkqWL2PhsbqxkRk62oPYEAfamyyszn2WT8mxp1MjYmYxAxAxIiVBuZR/Vn/pU/Abpar+7hTUChKSz/hiR0vF6MiblMcyjLA4hZ0SRdkDDaofpvkg4qo4cAjTtIBHj4doPWPdieXYvxLp0SCUe41WnBj3Z4Cmxkc+V9UaFhRxmxCU18Q4eOZ5DMOikB9BbQooHQ/eqrkel8pT1ObtqxAmQmuFyiP5RvByEdyvM4R9hZ+nO/C9m4msoIxr0Zl3VR0oNZEjtIMS+RGfofK4Su611pkRk2nHVG9fJqvNjX30SZts7BZarrj3IZJNx0OGfXOEVAR2AftV0UlEIyjJm9oB/WTLlecUAXZgaVCkebB5R1rSB3Bxu4tFkb3AUdCFz9CpNH2IFVGaTPlQK9cowc+2s1fPVpDiVFU4NBPgPGKD3X7Reu/U0Z13J7gC9zcbPt+39GRomH/XhubjyWps1CQZRQ0XadiimQhlmiM+da9Gpy5VSUNCapr8+rw0SJhHP3oKbpPscBxjcaI5Q1wCMHzSfuF/rvGxeah2M/RHW8nFXWrZGMXHqjRQeDPagkRM782/wx1JBX5o0P1vbjV7pTRtySC9ukQPEoepjcGxR0eso1WHPO+oxaAc56ViORdfEBVMSdgVYJQJeCayIqYcQxFY1As0WT6JgQ9FyITIwJcPW8AQ6vzz6mDaBCpibNqWkv7SRe3vvivIaW+prQS+mujqsbgwtLq71LtGkjAbe5ANyBP9OfhIvYYY/yuENKfTe1pOnzQL1THyrfVTWhqsB9Smu7L3VCaULTLVxL/fELnunWNSWqzhAWLm3YP907phKt84bd/4vI/eN7RO6WpB/J0XpAbBfwVWB5A2fxToe9pfw9zJ//nJZg+iP0kX9aJkENV17YYINsd7QHgwWnAFgxcaQgco9VwugJz2B6mNAmhc3ahi6zdOon/E/mC7hKzKPIsf9Ll87L+1pcYO1yGdzKLl/vx6EcjqzIk/GnUnkr/8h6qNSUBPUzWqMce6DsxvbRYc07C3g/CjcS8SLoxLwHCsQhQev3vtSOT0VC3vuOKOu3f0zHJRyeyG2Ppn5hNtv3J6WWUOL3N8oVbOdH42JQnNxDrbXJNE93jN1YTgTUwhne4ZboqudGoZTnwzZo/1E0GvKA7aXq049isY9UdCU+LGb8pvJL/XjWXWApMiXDRMVAoG6+VxyIaDrrlSWoPdaSwhxNZM8Gzy0Y74=,iv:BdIS18qQNBFdjwlv0IH/t2L/R0FywZiu8+ExA7X2HIc=,tag:AiCzrJzmxzocT/fnshUttA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1OXIrRVJJS2hlZUQ0a3I5
SCtVeHFiWExFM1F5K1ZzVENOMGtvOWlJOEF3ClJTRXJ5NCtHT08zWkluL3oydkJR
aHd5ZmZKY0ZHcXdhaExiVE9tUVg4S0UKLS0tIEliYkxrck9tc2F2amF1TDVXZlZR
eU1ENGZHaUgwSXViNEY2cnhneUEvbDAKW4Ynu3DBBXRGn8l+yIMKTFp1+qnEEwhz
ZCX0RkdBusfX9IU+EZjAh6L0t+RKUf5vvC4giHbd4g0Fhui2E/NWpw==
-----END AGE ENCRYPTED FILE-----
- recipient: age17fyzv5mezck364lvyepp9pa3tnjn7jvsgcpykhhz2smnxyq6fdusvl7waf
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjUVNJN0VQSHlHVzRyem9H
a1pDT1lQZGRjRTcwUzFWSEgrdlljZDlnOEN3CktYakY5YWEvTloyaHBPR3hqVUph
WXFMb2krZnBWNWJhRWJBOFloNEFPUUUKLS0tIFRjYlNRb21TanF3SDkxRDk0N2k0
ZTZBWkxUbVZpYjdUZFZDK1JOREpDcmMKyBU5+qvwshU6LBzSPptQtqIY3X+gKgur
nhkMcV6g5z40EwfvuJvfAzqZrsuKOejungXunKV3Q/QyiTn+/RrJoA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-08T20:27:36Z"
mac: ENC[AES256_GCM,data:JT/yRb2b+wKSS66ZkqqzbTOQWs1dOjXSEKZeBP6hcaVwmPcFld4bOZgPmJeYl8ZTWJyIjNc5cwBB/VP95DdSBroFy2WCJeVjdSEWxQT37AvwJSXwHeODr5JOI+pwwubqzhorNKip/MDvZw3qnIUuFEaXWlwKMfMR01/M3nGB2HI=,iv:dfWIeGuk7S6jS12OOAzYVmDWFQmaiQP83roR1GxulaA=,tag:ZocnLTP4PO1QAw9F6oK1wQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

119
values/etersoft/values.minio-self.yaml
View File

@ -1,119 +0,0 @@
ingress:
enabled: true
ingressClassName: traefik
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/issuer: my-ca-issuer
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
path: /
hosts:
- s3eself.badhouseplants.net
tls:
- secretName: s3eself.badhouseplants.net
hosts:
- s3eself.badhouseplants.net
consoleIngress:
enabled: true
ingressClassName: traefik
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/issuer: my-ca-issuer
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
path: /
hosts:
- min.self.badhouseplants.net
tls:
- secretName: min.self.badhouseplants.net
hosts:
- min.eself.badhouseplants.net
rootUser: "overlord"
replicas: 1
mode: standalone
environment:
MINIO_SERVER_URL: "https://s3eself.badhouseplants.net"
tls:
enabled: false
certSecret: ""
publicCrt: public.crt
privateKey: private.key
persistence:
annotations:
volume.kubernetes.io/selected-node: yekaterinburg
storageClass: local-path
enabled: true
accessMode: ReadWriteOnce
size: 60Gi
service:
type: ClusterIP
clusterIP: ~
port: "9000"
consoleService:
type: ClusterIP
clusterIP: ~
port: "9001"
resources:
requests:
memory: 2Gi
buckets:
- name: velero
policy: none
purge: false
versioning: false
- name: xray-public
policy: download
purge: false
versioning: false
metrics:
serviceMonitor:
enabled: false
public: true
additionalLabels: {}
policies:
- name: allanger
statements:
- resources:
- "arn:aws:s3:::*"
actions:
- "s3:*"
- resources: []
actions:
- "admin:*"
- resources: []
actions:
- "kms:*"
- name: velero
statements:
- resources:
- "arn:aws:s3:::velero"
actions:
- "s3:*"
- resources:
- "arn:aws:s3:::velero/*"
actions:
- "s3:*"
- name: Admins
statements:
- resources:
- "arn:aws:s3:::*"
actions:
- "s3:*"
- resources: []
actions:
- "admin:*"
- resources: []
actions:
- "kms:*"
- name: DevOps
statements:
- resources:
- "arn:aws:s3:::badhouseplants-net"
actions:
- "s3:*"
- resources:
- "arn:aws:s3:::badhouseplants-net/*"
actions:
- "s3:*"

24
values/etersoft/values.minio.yaml
View File

@ -30,14 +30,14 @@ consoleIngress:
- secretName: min.e.badhouseplants.net
hosts:
- min.e.badhouseplants.net
rootUser: "overlord"
rootUser: 'overlord'
replicas: 1
mode: standalone
environment:
MINIO_SERVER_URL: "https://s3e.badhouseplants.net"
tls:
enabled: false
certSecret: ""
certSecret: ''
publicCrt: public.crt
privateKey: private.key
persistence:
@ -50,11 +50,11 @@ persistence:
service:
type: ClusterIP
clusterIP: ~
port: "9000"
port: '9000'
consoleService:
type: ClusterIP
clusterIP: ~
port: "9001"
port: '9001'
resources:
requests:
memory: 2Gi
@ -63,10 +63,6 @@ buckets:
policy: none
purge: false
versioning: false
- name: xray-public
policy: download
purge: false
versioning: false
metrics:
serviceMonitor:
enabled: false
@ -76,7 +72,7 @@ policies:
- name: allanger
statements:
- resources:
- "arn:aws:s3:::*"
- 'arn:aws:s3:::*'
actions:
- "s3:*"
- resources: []
@ -88,17 +84,17 @@ policies:
- name: velero
statements:
- resources:
- "arn:aws:s3:::velero"
- 'arn:aws:s3:::velero'
actions:
- "s3:*"
- resources:
- "arn:aws:s3:::velero/*"
- 'arn:aws:s3:::velero/*'
actions:
- "s3:*"
- name: Admins
statements:
- resources:
- "arn:aws:s3:::*"
- 'arn:aws:s3:::*'
actions:
- "s3:*"
- resources: []
@ -110,10 +106,10 @@ policies:
- name: DevOps
statements:
- resources:
- "arn:aws:s3:::badhouseplants-net"
- 'arn:aws:s3:::badhouseplants-net'
actions:
- "s3:*"
- resources:
- "arn:aws:s3:::badhouseplants-net/*"
- 'arn:aws:s3:::badhouseplants-net/*'
actions:
- "s3:*"

271
values/etersoft/values.server-xray-public.yaml
View File

@ -1,271 +0,0 @@
certificate:
enabled: true
certificate:
- name: xray-public-e.badhouseplants.net
secretName: xray-public-e.badhouseplants.net
issuer:
kind: ClusterIssuer
name: badhouseplants-issuer-http01
dnsNames:
- xray-public-e.badhouseplants.net
traefik:
enabled: true
tcpRoutes:
- name: server-xray-public
service: server-xray-public-xray-https
match: HostSNI(`*`)
entrypoint: xray-internal
port: 443
shortcuts:
hostname: xray-public-e.badhouseplants.net
ingress:
main:
enabled: true
annotations:
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.class: traefik
kubernetes.io/ingress.global-static-ip-name: ""
kubernetes.io/tls-acme: "true"
meta.helm.sh/release-name: xray
meta.helm.sh/release-namespace: xray
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
extraVolumes:
certs:
secret:
secretName: xray-public-e.badhouseplants.net
workload:
replicas: 2
ext-cilium:
enabled: true
ciliumNetworkPolicies:
- name: xray-public
endpointSelectors:
app.kubernetes.io/instance: server-xray-public
app.kubernetes.io/name: server-xray
egress:
- toEntities:
- cluster
- toPorts:
- ports:
- port: "53"
protocol: ANY
- toEntities:
- world
egressDeny:
- toCIDR:
- 93.158.213.92/32
- 93.158.213.92/32
- 185.243.218.213/32
- 91.216.110.53/32
- 23.157.120.14/32
- 94.243.222.100/32
- 208.83.20.20/32
- 156.234.201.18/32
- 209.141.59.16/32
- 34.89.51.235/32
- 109.201.134.183/32
- 83.102.180.21/32
- 185.230.4.150/32
- 45.9.60.30/32
- 5.181.156.41/32
- 156.234.201.18/32
- 34.89.51.235/32
- 83.6.102.25/32
- 51.222.82.36/32
- 125.227.79.123/32
- 193.42.111.57/32
- 135.125.202.143/32
- 176.56.7.44/32
- 185.87.45.163/32
- 181.214.58.63/32
- 143.198.64.177/32
- 5.255.124.190/32
- 52.58.128.163/32
- 15.204.57.168/32
- 34.94.76.146/32
- 211.23.142.127/32
- 64.23.195.62/32
- 23.153.248.83/32
- 82.156.24.219/32
- 37.235.176.37/32
- 176.123.1.180/32
- 35.227.59.57/32
- 62.210.114.129/32
- 185.216.179.62/32
- 34.94.76.146/32
- 121.199.16.229/32
- 23.163.56.66/32
- 176.99.7.59/32
- 207.241.231.226/32
- 207.241.226.111/32
- 27.151.84.136/32
- 104.244.77.14/32
- 5.102.159.190/32
- 184.61.17.58/32
- 125.227.79.123/32
- 181.214.58.63/32
- 95.217.167.10/32
- 159.148.57.222/32
- 15.204.57.168/32
- 211.23.142.127/32
- 34.94.76.146/32
- 187.56.163.73/32
- 109.71.253.37/32
- 5.182.86.242/32
- 104.244.77.14/32
- 190.146.242.81/32
- 89.110.76.229/32
- 138.124.183.78/32
- 209.126.11.233/32
- 167.99.185.219/32
- 37.59.48.81/32
- 27.151.84.136/32
- 142.132.183.104/32
- 193.53.126.151/32
- 74.48.17.122/32
- 93.158.213.92/32
- 156.234.201.18/32
- 35.227.59.57/32
- 34.89.51.235/32
- 34.94.76.146/32
- 184.61.17.58/32
- 125.227.79.123/32
- 104.21.58.176/32
- 172.67.162.102/32
- 181.214.58.63/32
- 93.185.165.29/32
- 95.217.167.10/32
- 159.148.57.222/32
- 15.204.57.168/32
- 211.75.210.220/32
- 125.227.79.123/32
- 211.23.142.127/32
- 172.67.165.72/32
- 104.21.57.182/32
- 35.227.59.57/32
- 34.89.51.235/32
- 34.94.76.146/32
- 187.56.163.73/32
- 109.71.253.37/32
- 5.182.86.242/32
- 104.244.77.14/32
- 193.53.126.151/32
- 104.19.22.31/32
- 104.19.22.22/32
- 104.19.22.27/32
- 104.19.22.23/32
- 104.19.22.30/32
- 104.19.22.24/32
- 104.19.22.26/32
- 104.19.22.29/32
- 104.19.22.32/32
- 104.19.22.28/32
- 104.19.22.25/32
- 74.48.17.122/32
- 184.61.17.58/32
- 104.21.62.230/32
- 172.67.139.235/32
- 172.67.135.244/32
- 104.21.26.114/32
- 104.21.72.244/32
- 172.67.136.175/32
- 172.67.183.130/32
- 104.21.64.112/32
- 104.26.10.105/32
- 104.26.11.105/32
- 172.67.70.119/32
- 172.67.144.128/32
- 104.21.71.114/32
- 172.67.161.130/32
- 104.21.65.89/32
- 172.67.156.75/32
- 104.21.40.186/32
- 65.21.91.32/32
- 184.61.17.58/32
- 104.21.82.111/32
- 172.67.200.173/32
- 104.21.13.129/32
- 172.67.200.14/32
- 104.21.89.147/32
- 172.67.160.224/32
- 172.67.139.235/32
- 104.21.62.230/32
- 93.158.213.92/32
- 185.243.218.213/32
- 91.216.110.53/32
- 23.157.120.14/32
- 94.243.222.100/32
- 208.83.20.20/32
- 156.234.201.18/32
- 209.141.59.16/32
- 34.94.76.146/32
- 35.227.59.57/32
- 34.89.51.235/32
- 109.201.134.183/32
- 83.102.180.21/32
- 185.230.4.150/32
- 45.9.60.30/32
- 5.181.156.41/32
- 83.6.102.25/32
- 54.39.48.3/32
- 51.222.82.36/32
- 125.227.79.123/32
- 193.42.111.57/32
- 135.125.202.143/32
- 176.56.7.44/32
- 185.87.45.163/32
- 93.185.165.29/32
- 181.214.58.63/32
- 143.198.64.177/32
- 5.255.124.190/32
- 52.58.128.163/32
- 15.204.57.168/32
- 35.227.59.57/32
- 34.89.51.235/32
- 34.94.76.146/32
- 211.23.142.127/32
- 211.75.210.220/32
- 125.227.79.123/32
- 64.23.195.62/32
- 51.81.222.188/32
- 23.153.248.83/32
- 82.156.24.219/32
- 37.235.176.37/32
- 51.15.41.46/32
- 176.123.1.180/32
- 104.244.77.87/32
- 34.94.76.146/32
- 34.89.51.235/32
- 35.227.59.57/32
- 62.210.114.129/32
- 185.216.179.62/32
- 34.94.76.146/32
- 34.89.51.235/32
- 35.227.59.57/32
- 121.199.16.229/32
- 35.227.59.57/32
- 34.89.51.235/32
- 34.94.76.146/32
- 23.163.56.66/32
- 176.99.7.59/32
- 207.241.231.226/32
- 207.241.226.111/32
- 27.151.84.136/32
- 51.159.54.68/32
- 104.244.77.14/32
- 5.102.159.190/32
- 190.146.242.81/32
- 89.110.76.229/32
- 89.47.160.50/32
- 138.124.183.78/32
- 209.126.11.233/32
- 167.99.185.219/32
- 27.151.84.136/32
- 37.59.48.81/32
- 27.151.84.136/32
- 142.132.183.104/32
- 159.148.57.222/32
- 159.148.57.222/32

8
values/etersoft/values.traefik.yaml
View File

@ -5,18 +5,12 @@ ports:
default: true
exposedPort: 1194
protocol: TCP
xray-public:
xray:
port: 27015
expose:
default: true
exposedPort: 27015
protocol: TCP
xray-internal:
port: 27016
expose:
default: true
exposedPort: 27016
protocol: TCP
providers: # @schema additionalProperties: false
kubernetesCRD:
enabled: true

20
values/etersoft/values.uptime-kuma.yaml
View File

@ -1,20 +0,0 @@
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
external-dns.alpha.kubernetes.io/ingress-hostname-source: defined-hosts-only
hosts:
- host: uptime.e.badhouseplants.net
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: uptime.e.badhouseplants.net
hosts:
- uptime.e.badhouseplants.net

38
values/etersoft/values.xray-docs.yaml
View File

@ -1,38 +0,0 @@
workload:
metadata:
annotations:
keel.sh/policy: force
keel.sh/trigger: poll
keel.sh/initContainers: 'true'
ingress:
main:
metadata:
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.middlewares: public-xray-xraydocsauth@kubernetescrd
extra:
templates:
- |-
apiVersion: v1
kind: Secret
metadata:
name: xray-docs-auth
stringData:
users: |
ilove:$apr1$N65S3o4r$Yc9pJnHPN4tUE1ZLzJsGI.
- |-
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: xraydocsauth
spec:
basicAuth:
secret: xray-docs-auth

27
values/xray-1/secrets.promtail.yaml Normal file
View File

@ -0,0 +1,27 @@
config:
clients:
- url: ENC[AES256_GCM,data:CFq8x1jLDO8aLitEOlCOXeG1yp8RqKHdeqf8x7o9YESOmTAKFTuLpcBUDeESNTv9,iv:68uLarfOiS4oTcvEQu4uHMQUzRhXhqAZb5c4ik4U2E4=,tag:GhkkzriBYhWmTxt0KNwMkg==,type:str]
tenant_id: ENC[AES256_GCM,data:Iad0xh30fhwNiDh8SRU=,iv:A9o5brTa/2YbdYCIg5D4RHY2LXkMauIZBfygGsyV8gM=,tag:vNbcRImDSRCkM34B03MiMQ==,type:str]
basic_auth:
username: ENC[AES256_GCM,data:kUgLwA==,iv:5rAxU463ynXXZQfmGykocKmWm+VKahatT2KokSux16E=,tag:vYe9g0mePeYAapJlHAOWVw==,type:str]
password: ENC[AES256_GCM,data:2Zb4d8Aj5M27V7YNvcdFIkHHAl5dvNIlB46sP2sJ,iv:wW31BhjGvN2ii60p+/hSs2IqaIhLbDgl70KFfGiTbXM=,tag:50DB7GxuuAl+8GJ7K2ePvA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBdjR0eFRDS2dCVTNENUFr
V0k4T2Q2cmxua05QeDlzdnB2WWJLQ2hQbUdZCndjT0cxcytPUW0zOWtxVy9sazlr
Z3RKSkFVeGx2UkdtWmhLQXhNUnpKeUEKLS0tIGV3L1pRNXlZMG92K1N6aGlvSVBz
ZVV1d3R6KzJtT0drOVNHSThDdjAxekkK1RXCHM6QhNXto5D6yFTlvANN3E4iYfOC
Bf8s76p0ynI3tqfH6IgA9NFRPxYPzMGC/1zsQ95n5N6fMXh/KouRqg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-17T16:09:55Z"
mac: ENC[AES256_GCM,data:EM9kmYq/6en0XwMtmDcx5yO6VflugTbqDgPvvIBl7m6EvFi9EkMx/Aa9jkVYS+VFvS+pJ9pVe8+F/TL5+o/K0O9rkgZ8+ciAYXoRDBb1o9qUMoy2+ZjbjI7FMXDp8c8UED0MK+SZYNZ2C+44C9kohX5cPwOQCHd+0HxJKOTzH8U=,iv:The91sevo/IqJIXBt8BAta5RYDtv1oFaGQRyqzrm+tM=,tag:fKduoewHPG/N1qGr76r/8A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

37
values/xray-1/secrets.server-xray-public.yaml Normal file
View File

@ -0,0 +1,37 @@
files:
config:
enabled: ENC[AES256_GCM,data:KhdaSQ==,iv:/RR/lub7n1fYtAntHcy4Ul0R9bxrfDJs1KlED+8tH/Y=,tag:VhQ6pjrRai9HD0nH1dqO9g==,type:bool]
sensitive: ENC[AES256_GCM,data:4WIq3z8=,iv:JMNb5dUGVWBUO4ymsp4MULD3kPMAmUzedSxB8IHCXtA=,tag:Xj8ItxuhgY5se8jAyFne5A==,type:bool]
remove: []
entries:
config.json:
data: ENC[AES256_GCM,data:XqWiy83f0OxEMu5exDowE3wkPz5/MARnsIhdq3dcZlK7NXZJERHO1UXr6emVnn8W9Wcg+BDl17FkA7A4DZNuAChRHNg3AqcX1dZYBGcU44VG5r8qS76o1+in7TrSN56TgEBEBcifsV6TE/snilq+SpRgLoPy0196XgBM+0FZasRHY/Feda/JTLubvrHYW/zY2ACxAEfaxQzqGt80SlZgvfVN+xk1vu7mR8TdQXQjE64Y9vSL+94UoeRSOUHLjdGNndtP5p62IfZS6QChA78f8s/yfYW8/oQZ2/WPPQFNCb2ZEJT7S/exUDzt5UpXVgLo+m5c3VpmDuR+Zj+uTBzWHs46Nw538xzJaDA6Xz60zhL7SSm8/qdkPc4TT04zGqPXmA2wftBjHFm3M3yM4KZix2C8ILfZiQoBLg9LV9In2kj60kyxwiASd8hyCrTWO6j9rnReBQwVIvmYFvU/A6CUvkrflJcIQ3ETnxQH9bkJEd1y+3Znqdn3rlkGFd2UJ/erLqowJPkLDFHMzs3RZHevrBMunuF4WSCggeXeIeZcqRcJzEjsUeSATUoot+T88XC/6B8xbqinn4Z7rlGajQdp+OIIU/5daMj7wMHZ99N6g0Mfpf331TzbUtDVBZj83VlIslVd6XXCLaBHswWBplMgBC5u/5kTy+cNK7Tif3ltWZLyAsafvchR1vJLmf3MaxUURZ5uqTQIvd4CB39i/Yju9CSuUoIgBR/LUEM9ErqXP52IapEEg2csepGBru5gjLR30SP1tGBPbszo7KuIN6MwtBxtxLqa9zBY+IVW19nDD6LoXZR463IYle2JuOEhpeOLIZcEpx/4vpWAeJSdVcA63ndTqWJ3lvzLUCXIK8XhoHxOAeGn4S6lGb+sNMNNIKQr7p3a7RvRq0zLTiC20bW6JoYj6BqQBC35w+mx9f6Qq3Bv8PggHzp5KSVUSOFWssrzFdGF7pOqnB+vK15VSu2IWa2vozcQlRG5xPnnN/OhiPXYcyvgxeL8a66pltrmrAm+NE4vn08OurE0nglAKJLz5lSWzkXyQtTs4TP8XcXdKMP5ZQv+Y1fH50D5Ubr9Sjbl0XHsG3uv1A5Ad+SaZiw7bJNRL8uuEIBOm52PoWczdI+ZM/uX6bntrZvWpj8Cy660y6iIeyIXuJHTxLpqJU6M4PdjXmEX2RIC14YAFqErzxk+o8sHNwrfHAaLDL3e80jET1kTq/UvQkkAYn8cudEIkOsyRo3hX1Gb+YifMGhFZC2TnvVG0Sh+seIKoQer8lSKJroVoOFB6V4i2isoq0k1gJK3ImqJb8Jn8RGMFill4izGFdlmSI0EPQO0FI5LEIrZpCfyuZdjVSyuiMwIXMpz8DPcAONETdgjRgIKFfKnVMNOqqSK+07asL+N7a2JsUPve2t7VinTXv6RpuQ92UqMtv+KtsrqRq1+b2JW1wl6ScI7ZTby0r1zaR8da1suxmpbSvUzp22hYj2gMJyFRklYF5QVm8qc4+CoARrsjAZDv6P4bZin8OBzFvLt4a0RDPa5I+rjTH8ZIUxYM75kMcIaziUESXeFaC9XGUUTaSiBWmZfe8oETe08S1tQB2kT2oZZCbMHW1JNBWwe8ujcQjRWL8s8bKJNRbmRqtEo8BpUQQBE+Y4QzQVYgsp7vj9fqYZeTIpWvpsI+TmScExGhkwqOSJC9+Cd51SBx/Op7IWhjL3quEr89KXSH5zva8aokM3/2LkYyYGq+RPOZyxwMdJXgHPMCqbuu9ephhD4wLFDbiDOKAkxUb7TBNS/wONt4wAzoRdZ78fxY/pbPOXhJ3470Z5K7fiXeL9JD7595kQM2pcNEI6JdFk+pPLSa3r6q8c6CaHH035TXCUhuJQzO1L0aXi+DSuj418gc1TyQxoXsZfoe9ZnnUO6qHZRALboitn2b2jENP79XeN62LVcko30LJ1nzfcNoqDaflGmwaH+24vdFsDC5WoONoQ9hX519pyeHHc7tKtPS0NLcKkljLckIaTN1OIEHIhsbm0Z3Vhdkymq7k3h5sp5nveBXmWcRoZgd7EJdB9aZDDEuLaGImtYhexyqcckzjyN5YroHOaKdEDtMIkfSDj/+Z9TVnfd0RFTV4emdzW/o0VTPpkKohTIOoavW3Axi95z/uqflIJL7C1gOwIQ0aaE2pvLf+BTj99Tt3aCZRpYf1mftoo7YKCQscr6+aEFgO0Kk0XEGjpIz1+JWhlm768QY7ZemZrMAuxT5CsqbfncZah5EV/iHIPWmjsUMckN7ff6OxK7jOjTIvDZJVCWFE1aeqiN9zHQhb2VX1r0cKyhjPEHhpEagxWGVmCMG1iyv/+FZWKcT+arvaNTyTwc2wKm9OHpJ3dckTO31bYnXYi/jGdoxN5u1lnkFJ2ERtnCRzCt4SCOUoejTb3+tI+rn/+Qg/Y6BIvx2LmpnFvSuw3/fEqZnI9gSObKjVJNywjkLYLvQoedwYaR0RVXhz1NQ0tyGQH5Z/ydEm0vcXOtzFqmGqHr6f1p9j7DEi7aK+0KDI/nTsrvDlUFp8oZBUpVjbwMrwm3a8CQWuF6JpadU8tbp0qllj6fOuLm2Tj1AEQzeCSRnZHIup+9k+Jh+U2rmx7ofpwJGYXiCOGUWQsSldscW2NEo5HOUPLRge7bUFNmZ9Kd9p/gon5cXdE4zgmf+c4XZ1zAvUsi74bJZTzYPay8OLurD8r5vIHYlHCQcScOvuh6i7qday3Wqw3jd4S7HxbQ19YqtBw2eGQj2A4iZqizdIhYPbmvJ65mponevIrPDiEgBmmQdXxYlpl/xUiv8hcFOB0RO6Plt6yyNxWhEtf0vuD8bR8UsZKuWAH2db1NHtFNBxn2g/nmnBpcFGgHkF30e3RHQ0DIMpiTAXDFoHMtCwlyiuTJjaAubg3KwVR4bOmmigz1Q40t09EZJNfnK9JEWaJlnUJOgiDlKlovq+cr+YVbqnGMDLa5tBCDLz2C3AoSTGbLuZ3A91pVHl6kTLrY4N5zRZstbDny4KXsAapIwCH7IfJd/9gBa/VCPetXB/ReTrYi6Y7Y25YhqEL1hks9IlO7Iz56DHk2spbBkJ8C4a525doBmKQ8AS2vwZ2BRJhYXFxaVP47o4+R+duDZzfhqZy1pT9HAMuBPUmEQDs+KxqgoKLiAyRYvcHgO/mBj1Oftu0SwzEMYan1fzyqCfCrZTO6EVcH4M3dmIbzTyCoyJvOCHS1HNqPNrTR5DMahVc527CImS4pBCv1vXvN/IXshrymJF5Z1seZ1HgGtU4rwcMEFvVGTgya4Z9Je9fa2SSG4S7YeV4urJME9xhoSyG58VWK7pJMI4kLfm6RPtQyT6i2pCGCzAujFwYoa0fl5tBhGO1kZkOMfXcaCOG3ymcEdQagvVcIa9hbNSvgkcT4VGnT4zA1QFazRfsi1n4vTTDk8yMq7jLQNn6aEgbewLq4wHNIZBli+gnijCNVts6bfPOTb82OVYirwtn+2IyMhO9kT1sqH4PEsxl20onYTatTP7Qk41RogLLP1IHvhwAj00DFPxg3iIWbzk4zATAkiZCe0Emb3+ci74uSnjDeVbVVZXprfcrjt+zAoZABCza4sHudp4fJcemHm69LV8yCZRz7HrnxcjQig7cDz12ma/9IVNV0wBCFxlT5NgVp9tZS+lWPtEI6bia1vtLVarEfm068+NRIs+GziTadip7c8QdGUKaonLjdR2G8o7x2k4X5fn65qYLqsOlEu0fWz8LhiC3bc2nwtQxVZ/qRKF0stdFvN9Lgqrf860QE6ubw2RE7MW/k8hLG0gjLctQqpTWrzW7C4KUBGBnOa9w5HyDwFNqvkV01tomjPvvkiHCC4qCiE/yQvDiNEFdWe3NGV0e1IdONmy8qdOs6ZWeSJ8MMQ+j+EP2Wh9ap1ntK1/Gg80pOw/UDldzQg3Duld+Rm4imLJAGNfB2NEOQd/S+SsbW4wg/vfT9VXkSahaWn2u0YG5hBHI=,iv:YE2VLQd+7RCULF/DRvrni6lM52jkpJJA5HlmUleNZZo=,tag:mGjeVtozDL3X8n37frkIPQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBveXp2aTlkcXkwelVCenlW
U1d3R0VxNFNyMGJYbHZtMTRrbDlkQWdFczJRCjVyd1V0OVJTNEkzUjBIZmJXejFX
WmVNcVM1SFRrN1Vna25DU2pua09HZWcKLS0tIEk4MEFjb3FGZHhzMHNuSXhJRXNv
ZVE2RExscWxhejV2YnBFTUxTVEFVSTAKxHqBMIgPFDESbmxip5sJDmZriijPqjjw
9JFRSrGYCZE2cnMwu8BuHQzQnTTNZBrRzqWKJ2q+HygxvIbki8EOpQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age17fyzv5mezck364lvyepp9pa3tnjn7jvsgcpykhhz2smnxyq6fdusvl7waf
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPTmxnUzFVbGtRbGY0a1Av
aEtUanBJVTcrSm5weFkxSnptSGNUM0dQZUFnCnNLdUhiektTQmEwUXY0bWZycTht
T20xdDJwdVAzdGdUMzFoVFBaSHNKNzAKLS0tIEYvVnF5a2VpMWVJNTV5TytIYUZZ
eWUvblIxK3pzV3ExTVpES2x3ZmVGV1kKA2sYyBydUNnN7V1o+PR5tL+pNQKUK8HP
/bRbyvQhx0V45LBdiJheNAenMo7DA6J5INsMt0X26k8wobqrTSEi0w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-20T03:07:02Z"
mac: ENC[AES256_GCM,data:t5qbsQu1PmRxw4C8pQuSWXPB6ojZpszsWnaBlcxvqOYoCMsdk6HAFfyIv1MTCOaA4zI53jy+u2wDwcQ72lCLicfQppce2ZeveIuBFUoKJ9AZdKKDJfQr1BeNbqu8/J+XO61teT7TCteiQARiI29xtwr3gyDX3SzIoKWlt6ySjq4=,iv:Cg+giduUBZCbBJuPtNoOaRSWWdEu7Wo0jolR0GMG3uc=,tag:TSR5jeF+v+4I6Z7NL7/3RA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

3
values/xray-1/values.namespaces.yaml Normal file
View File

@ -0,0 +1,3 @@
namespaces:
- name: public-xray
- name: promtail

7
values/xray-1/values.promtail.yaml Normal file
View File

@ -0,0 +1,7 @@
config:
snippets:
pipelineStages:
- match:
pipeline_name: "drop-all"
selector: '{namespace!~"public-xray"}'
action: drop

1
values/xray-1/values.roles.yaml Normal file
View File

@ -0,0 +1 @@
roles: []

26
values/xray-1/values.server-xray-public.yaml Normal file
View File

@ -0,0 +1,26 @@
ext-self-signed-cert:
enabled: true
name: xray.badhouseplants.net
domain: xray.badhouseplants.net
ingress:
main:
enabled: false
service:
xray-https:
enabled: true
type: NodePort
ports:
https:
port: 443
targetPort: 443
nodePort: 30015
protocol: TCP
xray-http:
enabled: true
type: NodePort
ports:
http:
port: 80
targetPort: 80
protocol: TCP
nodePort: 30014

27
values/xray-2/secrets.promtail.yaml Normal file
View File

@ -0,0 +1,27 @@
config:
clients:
- url: ENC[AES256_GCM,data:CFq8x1jLDO8aLitEOlCOXeG1yp8RqKHdeqf8x7o9YESOmTAKFTuLpcBUDeESNTv9,iv:68uLarfOiS4oTcvEQu4uHMQUzRhXhqAZb5c4ik4U2E4=,tag:GhkkzriBYhWmTxt0KNwMkg==,type:str]
tenant_id: ENC[AES256_GCM,data:Iad0xh30fhwNiDh8SRU=,iv:A9o5brTa/2YbdYCIg5D4RHY2LXkMauIZBfygGsyV8gM=,tag:vNbcRImDSRCkM34B03MiMQ==,type:str]
basic_auth:
username: ENC[AES256_GCM,data:kUgLwA==,iv:5rAxU463ynXXZQfmGykocKmWm+VKahatT2KokSux16E=,tag:vYe9g0mePeYAapJlHAOWVw==,type:str]
password: ENC[AES256_GCM,data:2Zb4d8Aj5M27V7YNvcdFIkHHAl5dvNIlB46sP2sJ,iv:wW31BhjGvN2ii60p+/hSs2IqaIhLbDgl70KFfGiTbXM=,tag:50DB7GxuuAl+8GJ7K2ePvA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBdjR0eFRDS2dCVTNENUFr
V0k4T2Q2cmxua05QeDlzdnB2WWJLQ2hQbUdZCndjT0cxcytPUW0zOWtxVy9sazlr
Z3RKSkFVeGx2UkdtWmhLQXhNUnpKeUEKLS0tIGV3L1pRNXlZMG92K1N6aGlvSVBz
ZVV1d3R6KzJtT0drOVNHSThDdjAxekkK1RXCHM6QhNXto5D6yFTlvANN3E4iYfOC
Bf8s76p0ynI3tqfH6IgA9NFRPxYPzMGC/1zsQ95n5N6fMXh/KouRqg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-17T16:09:55Z"
mac: ENC[AES256_GCM,data:EM9kmYq/6en0XwMtmDcx5yO6VflugTbqDgPvvIBl7m6EvFi9EkMx/Aa9jkVYS+VFvS+pJ9pVe8+F/TL5+o/K0O9rkgZ8+ciAYXoRDBb1o9qUMoy2+ZjbjI7FMXDp8c8UED0MK+SZYNZ2C+44C9kohX5cPwOQCHd+0HxJKOTzH8U=,iv:The91sevo/IqJIXBt8BAta5RYDtv1oFaGQRyqzrm+tM=,tag:fKduoewHPG/N1qGr76r/8A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

37
values/xray-2/secrets.server-xray-public.yaml Normal file
View File

@ -0,0 +1,37 @@
files:
config:
enabled: ENC[AES256_GCM,data:yOJqDw==,iv:p4YUaymPlFvDKex//IBK14xG82ekakbvXbdQ7wnXLkw=,tag:iVbfnbdtLZyf8ux4kw/JNg==,type:bool]
sensitive: ENC[AES256_GCM,data:XkpvCgA=,iv:vWxJBv0xhr0tcJvrW8E6OwAPQNlb/cGHeZULBHO51QU=,tag:XwbCtmnH5a59FmGrOXmA/w==,type:bool]
remove: []
entries:
config.json:
data: ENC[AES256_GCM,data:xOqEXdNdjjDvDVxrujUSaeUE8lTzW6tx3DE4NRL0FmJm/TibDR4uDpQPhHtXkLzwlKlongyal6/ts62Ord80ZfhqAcILp4zS6vfWqsZb1mJaHZMNrbeTqqvM8160bRHoHO6Cm48ANAK0qL3hxNoxzjoogpAKpXkYil+Puy8GvS6TshIUFFzpRYc0ROmdadUFdC4Nv2UxQW9tE8ZVLaHzdopBfSmE5rVAZqYeycj3ykSmRIu71JEdsF1ZLK6Fkv/L9l3XIf8TWFh9ztAGd940VCplwNv8iA/OgEokR8SNe5MdJvgTxabN+qZ4SwZy6Z1e8RsmVR4cah3vvIfa2YvvapKIwYLoVgC1VwDwdGxHRurg3czrzdgxi9vbbuX3Hz8Zxs/dyj7Twriftwu4KQeNCsn4Uvnkmz5V1Yo4scrtAkh6GViiat/pGtaF0oJgEEtMfUkDPiWdDVJpNS8vFUOEUo//8ftduc73lzqOuh08/YiCWAoovggJVweSX1ZglOg3KEUjBMgCW/Xj5Q8JZG6Yw4D4p7CImGLHgD1Ie/+xjjA/tdJtSpBtnCNybb55wNOBgrr9KwIyNLMBRLjXgQl5OgaNsh97DbaI7hxLdwQW1vJBmDUBYGVR0DLM42bGZzO6yJsphcQw6thvKQEZ+GExeDZKc/ic9y/2qP3K6A6xgkKe9hQWe45NfK5BFtTDeOS7U02y3lmEotV4+KicNILnetTHuGT9+XywocUew/BH/dWbaOdvQWmMGsecPz2F4R0jbVycKaITIaqn5C6IG4rOQ2lbI7nesLz9x6yFiiQDCURUY7kiSdFGl+F5Y+ydl1I8qus1bP0eKR54iYu2rms7EfapkBG04RJ3e0jix986QLG8kcXxxUlNixrTxH5H8HyK2eo38ZdYyCJTcHYoZ+/htbgUuI3iTuBI/u4mZvFrugbNHZrChOMaUpPgbMhtaLQ6X7OjkLzshV1/OPkXzNQXqXMMZxUn4ybL2yw2fImXwGfevXzx63nE1EVob+iph1q+EO0tGGn/n5d2WXEZ7Qopwdwhhl4oYA1co2DKb3rVd5PSgTrlBqhOsEbPjo5TdKHEHufkO60Kse6t5EMK2/fjN/6WOnSypzgqmMaCrZExB5GFh5BqwMAoa/xtw5dhLwgav5lZLckAxXucMH2p533WzHN0V5PM0DhRsrdm3EGT7gpG3E5avWw+pDexaja3uWp5wqvQOW6q5ImwkgZ+lAbKnArwqFBnnb9eOjgriTMYd9s79xpfJqCjGNbDWKy1mnuRR2EUVt3v1RIFQiIdtovyqB5KrSvukyIyUYDuqZhPAqc7nR0ATecvgiYnalL9xgr0L0x4Z9KNqOu1LqrykD3giNtcWnlXTQ9h4dwGwRAvzxzjANx9B6uJYSkN6k2kl6ScjSoIndhr2b8tEIIGLwM9TXMeNhg4OsOTm844rmweAOsCzaQqm++I8wtDY8l9OUnwVN+fbYdRsBntHO9fqliK2KRFs5rnl97GLqW5MjDl7gCgLKDULQp9yvuoTStnZ2qvgIWVKTvEDEybxutGvPVDuam34qSp80YlzR4MacHUgOshJbQ0nbTNNc+qjYi4DxEOj/T1OoRlS6UJmsrqec8uglfIYWd9ZqRSRazpsy1jLzPeUTY5OWjpkHFryjFFEhxy6tlpEHJr4FQbDA5taHI3TcfsBby8DNC1h3/maLBZMlHswxDolEPw4qQw7lqqmvY69CFTkUmZv7gAuOSyNSueVTnlccEnJNH5MNFzvJZLSYOlWuYW1GosnQT6EkNTM+Vu99nqiRnfs9jn8ObRdhsQMBTKKFN4mrdWsIhuw4WE1egi1HQP5ZT+/4944X1nAk4fWHmVgCrY4WTt+fxxjRr7NYGX+aXF7ploJydPtyI7IwPITBRQNoCizV5Z4ecMmj64PPDAXESO4427FMIC5qfGBtOIdEyKL1doOkCcYSrWZ1ngHu06HV69wECZumYmPE3+81F/QuSzoPw/5eLmkKmd/NDHhfai3064opCB+xQFvS7awoApzP91+nE0gd39xQQNbCCpmzFFMDwPp1uhxr60LcmwTE2anRjggUmqtqzraM7TATJWdTMlnov8KBoKwImpCA7fj+3N97FV1f+b/30uE+tC4bOW5RFjgY3MdA50P4PjoH0xiskAFXbrgD4BWm58vJT21gJP2cIXp1HfHjGxgpAX1W52wsnDwQs7bD+SdNVmR+h2IxH64DjKpbm3HIWTgSQ0xiXgjkqJIRKNXeDDGf4S7inkN6WtQH9v2KtWB2QeWJt+gAcqHKA3RbGGOyvVwxpBalrNMdV+dSqAF2jKOvJ5CEmWmyxpAREA9yKevSp7vjLpuFxhtT99N5NvM2K+iDKLH0VCJsp6WsPSbqnOwW8qvqzH7DXSW4LGdCgPFniJJ2zmwI1o2BkwwDxvbEk0sEAt8eSlZC1qb361AWBmIceHIXgtePRgHgrB1uUW7lMBLl+5Noj1SoszggAohUG0R8HFyZceGiHh9yW7+HxKcOUEzEH83WLZmlfKXmNlalVD3l2h1KKSEd5LEOPlE3AORQv89JBmDrAv3WAFPU1Fl7bej69Q9jOJuAmpOozi2qVxCVhJETfAvwj//2Z2cAZHqpEAEHdqfhqOR4EFFTLuUWsF9gIFfAxCBvjtb6n8zaQufYHfOk25So8GTtBtqSj59ZpwiG3R/wnQxFgJUx2otCn1sAC7w7Nr8PdbsIoxMJzAEsJfWddA/m77Bj7ckwMVw18Hneo18f7XDxf2PjdUpSGwbQ6PCSotWXsDol7jIQ3gAa5etVJ4J7q+7ban3JAGyCF7xnRRcCgK0QENS1bVeNoxKNsPzlLnNeirnnWwCHr3Fz4+eN04WhHEq1X3i0ftvnA0K7D7dTm0iXAsqZAXQeVZ/CN0ejdvtdjWNS23h+cPt63QeLflyZe6mHw8/wWPP0i3B8Y6ld/0R4OGiqORlV1S+SUzbUkSCgL9UuK4T6igGda5gLqgj32OYAH67iBsF29TNfjQ2/pOQyNf9dhJASWVuJAWy6B8QA/mVayqHFlKh9opQJHVhj8D27v2nAjN9YJOiz3RDbrBUOkTNGTRCL8YuOVXfpN6PVDVBXnR90X7AmXKi+wqZBfAIU1wdGoNq0Af8c+XuRxK+WrGpAhk0B72H4J7ATZl2vGb6+731s4tdW1b4LClhq6LJrn9TeXt1S/OyGSZY1tp/v5ShyeDSVq1XpTVDVn4dSLLVuigT6m8GK4WJRLzwQQ6sMZ1k8HmJNcoVjQxhPdp1SLP6z+kVcuRJpiGTTeF6bvH7OlxPnUKNLj2VJzQ9fisrR+vZ6TgrHAAu3xbMCgSg1Y0yV1xjYKyHudQ1WMqsbbkb9LugwPbLPCedyEmScER80Vvf4uTVh2DDYxMG1Y2FIAtInsAGg86b+t3zenOJWZNmD+EKNmud8vcl8ByIz/MS7sRtBlGaU4y1MzVWyCmQFTDhov1E2fuiMCYWSNsUa/lf7h9/yW9U1R0ZLYescgUfnHda10N6DprhNP/XiczIT07BesYRrAd/Dc1aNEAX5MrcouOK4OpSA9Fm+JI9R7qF2GLpptmIhAaUQs6U7paY9kxoqsVlpRTCylNczNdNkKQL+bfZklyefdMgdPN/XeOtVYUS0wZ/Ert6oXXVDa4MwNUOpOFwsj01j6bzLBzQ28zeneiW59ESKTplvBjZwx33BwYo49+MLksSJjjox4IspAHdFAI85ijqDHf2gbfvarjQ9vVpkgqQ0/Ff4e+oQ3sKvgjMd3edfHusezPr8N9nhzgp7DRNTkW/yt2jZkE+XIiLh7gkUc0BJvhXBfwwSp9JI0Db84qilmkitucI6eoHX9q+ycIVlO84SzrzBbzLW69IjNmUYytPzXm+9s0pg7mQH72Q11qvgLp5QLMLnnszbFRWVWkQhOSDY9wN9mqvJ1Xv0yM980ZvdTM6LhgXr95sTcsJ2u6pZo/Gir2B2I=,iv:aLUnJ9/VjkEbNa097xFNUyeFEzTqs2Pxgye/05TmgSI=,tag:sXp48SCtbCGRyVrZZHZv9g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhWHcxNDNucmt1THVHLytL
ZHdoMWI2SGF6bjJvQ0lKT0g2UklLS2xnRzNVCk1FcGxaa3hIbHpnTGtRRE9BT3do
a3ZlL0pLaXRibkc5bW1pL0xzMzlxUmsKLS0tIFUvV0F3QVozajZXb05MYXZjWVpT
OHJ3a1ZOLzEzS1N2Tis1L3pQVnhZYUkKRSEWDMZdaHsZeblED32ZUgtKlB1E5cTJ
c4k/tXW+KiwG2h2SVgTrsl/hIZiT98K0gKq0N/OCdA8CKiREA5Fa1Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age17fyzv5mezck364lvyepp9pa3tnjn7jvsgcpykhhz2smnxyq6fdusvl7waf
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4M3dXQys2VVFXcExVNHhj
eWJvU01BUExpSzZPVFBXbWk1UFRzSVJ3OFh3ClJ5ZEdVcWVEeG4yRFhLQndGcFBk
dWMxWlNjeEszMXFTZUx3RVcwNnR0L28KLS0tIDA4bVcvdjVBcnNQeHp0Q1RhTlZQ
R2t4Y1YycmpPT2JZdUxsUUdUMUdDT2cKyFvSZWn+0e058lRqTTN7DCRrp2gn77BX
4cT52WV+t4Ik621Eg/o7ZfdUUJimjS3dbuMg9A1ieGO2FcgxoNPkzg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-20T03:00:02Z"
mac: ENC[AES256_GCM,data:K0U7maV2lt8cUxkX/kNgily376Y2YbNnHoG92jWVCzjsw/wyE8jwMRW6cFVQqAWgnX5maScT+AJITRvvuM2CQTTItcCYe3FrTHw0WxJui3uzn85TViACo8YTj5DGYW890CBfBTSm9IgQPMtCIjQx/AazFtnhl7kOe7W68xpbAtQ=,iv:niMD6YjXxvY2OxQlXn5aoH8hf+5IhPogS5/F1JQFglk=,tag:z4X8npY1dAiit3Op0Iv3AQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

3
values/xray-2/values.namespaces.yaml Normal file
View File

@ -0,0 +1,3 @@
namespaces:
- name: public-xray
- name: promtail

7
values/xray-2/values.promtail.yaml Normal file
View File

@ -0,0 +1,7 @@
config:
snippets:
pipelineStages:
- match:
pipeline_name: "drop-all"
selector: '{namespace!~"public-xray"}'
action: drop

1
values/xray-2/values.roles.yaml Normal file
View File

@ -0,0 +1 @@
roles: []

26
values/xray-2/values.server-xray-public.yaml Normal file
View File

@ -0,0 +1,26 @@
ext-self-signed-cert:
enabled: true
name: xray.badhouseplants.net
domain: xray.badhouseplants.net
ingress:
main:
enabled: false
service:
xray-https:
enabled: true
type: NodePort
ports:
https:
port: 443
targetPort: 443
nodePort: 30015
protocol: TCP
xray-http:
enabled: true
type: NodePort
ports:
http:
port: 80
targetPort: 80
protocol: TCP
nodePort: 30014

30
workdir/ingress.yaml
View File

@ -1,30 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/issuer: my-ca-issuer
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.class: traefik
kubernetes.io/ingress.global-static-ip-name: ""
kubernetes.io/tls-acme: "true"
meta.helm.sh/release-name: minio
meta.helm.sh/release-namespace: platform
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
name: minioself
namespace: platform
spec:
rules:
- host: s3self.badhouseplants.net
http:
paths:
- backend:
service:
name: minio
port:
number: 9000
path: /
pathType: Prefix
tls:
- hosts:
- s3self.badhouseplants.net
secretName: s3-tls-secret

30
workdir/sandbox.yaml
View File

@ -1,30 +0,0 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: selfsigned-issuer
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: my-selfsigned-ca
spec:
isCA: true
commonName: my-selfsigned-ca
secretName: root-secret
privateKey:
algorithm: ECDSA
size: 256
issuerRef:
name: selfsigned-issuer
kind: ClusterIssuer
group: cert-manager.io
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: my-ca-issuer
spec:
ca:
secretName: root-secret