badhouseplants/k8s-deployment
4
0
Fork 0
Code Issues 3 Pull Requests 2 Actions Packages Projects Releases Activity

Compare commits

base: badhouseplants:main
Branches Tags
badhouseplants:main
badhouseplants:renovate/postgresql-16.x
badhouseplants:add-ci
badhouseplants:refactor-again
badhouseplants:stale-teleport-installation
badhouseplants:script-fox-xray
badhouseplants:before-single-node
..
compare: badhouseplants:refactor-again
Branches Tags
badhouseplants:main
badhouseplants:renovate/postgresql-16.x
badhouseplants:add-ci
badhouseplants:refactor-again
badhouseplants:stale-teleport-installation
badhouseplants:script-fox-xray
badhouseplants:before-single-node

1 Commits
main ... refactor-a

Author SHA1 Message Date
Nikolai Rodionov
327ae13752
Huge refactoring 2024-12-16 14:55:35 +01:00
187 changed files with 2124 additions and 4270 deletions
Show Stats Expand all files Collapse all files

10
.pre-commit-config.yaml
View File

@ -9,13 +9,13 @@ repos:
- id: yamlfmt - id: yamlfmt
exclude: | exclude: |
(?x)( (?x)(
^charts/|
^.*secrets.*yaml| ^.*secrets.*yaml|
^charts/
) )
# - repo: https://github.com/codespell-project/codespell - repo: https://github.com/codespell-project/codespell
# rev: v2.2.4 rev: v2.2.4
# hooks: hooks:
# - id: codespell - id: codespell
- repo: local - repo: local
hooks: hooks:
- id: check-sops-secrets - id: check-sops-secrets

4
.sops.yaml
View File

@ -8,7 +8,3 @@ creation_rules:
key_groups: key_groups:
- age: - age:
- age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
- path_regex: common/values/secrets.*
key_groups:
- age:
- age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8

0
charts/metallb-resources/.helmignore → charts/apply-log/.helmignore
View File

6
charts/apply-log/Chart.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v2
name: apply-log
description: A Helm chart for Kubernetes
type: application
version: 0.1.0
appVersion: "1.16.0"

20
charts/metallb-resources/templates/_helpers.tpl → charts/apply-log/templates/_helpers.tpl
View File

@ -1,7 +1,7 @@
{{/* {{/*
Expand the name of the chart. Expand the name of the chart.
*/}} */}}
{{- define "metallb-resources.name" -}} {{- define "apply-log.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }} {{- end }}
@ -10,7 +10,7 @@ Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name. If release name contains chart name it will be used as a full name.
*/}} */}}
{{- define "metallb-resources.fullname" -}} {{- define "apply-log.fullname" -}}
{{- if .Values.fullnameOverride }} {{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }} {{- else }}
@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name.
{{/* {{/*
Create chart name and version as used by the chart label. Create chart name and version as used by the chart label.
*/}} */}}
{{- define "metallb-resources.chart" -}} {{- define "apply-log.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }} {{- end }}
{{/* {{/*
Common labels Common labels
*/}} */}}
{{- define "metallb-resources.labels" -}} {{- define "apply-log.labels" -}}
helm.sh/chart: {{ include "metallb-resources.chart" . }} helm.sh/chart: {{ include "apply-log.chart" . }}
{{ include "metallb-resources.selectorLabels" . }} {{ include "apply-log.selectorLabels" . }}
{{- if .Chart.AppVersion }} {{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }} {{- end }}
@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
{{/* {{/*
Selector labels Selector labels
*/}} */}}
{{- define "metallb-resources.selectorLabels" -}} {{- define "apply-log.selectorLabels" -}}
app.kubernetes.io/name: {{ include "metallb-resources.name" . }} app.kubernetes.io/name: {{ include "apply-log.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }} {{- end }}
{{/* {{/*
Create the name of the service account to use Create the name of the service account to use
*/}} */}}
{{- define "metallb-resources.serviceAccountName" -}} {{- define "apply-log.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }} {{- if .Values.serviceAccount.create }}
{{- default (include "metallb-resources.fullname" .) .Values.serviceAccount.name }} {{- default (include "apply-log.fullname" .) .Values.serviceAccount.name }}
{{- else }} {{- else }}
{{- default "default" .Values.serviceAccount.name }} {{- default "default" .Values.serviceAccount.name }}
{{- end }} {{- end }}

20
charts/apply-log/templates/configmap.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-apply-log
namespace: {{ .Release.Namespace }}
labels:
k8s.badhouseplants.net/configmap-kind: helmfile-apply-log
{{- include "apply-log.labels" . | nindent 4 }}
data:
author: {{ .Values.author }}
{{- if .Values.ci }}
ci: {{ .Values.ci | quote }}
{{- else }}
{{- with .Values.cdDisabled }}
cdDisabled: {{ . | quote }}
{{- end }}
branch: {{ .Values.branch }}
sha: {{ .Values.sha | quote | replace " " "" }}
status: {{ .Values.status }}
{{- end }}

7
charts/apply-log/values.yaml Normal file
View File

@ -0,0 +1,7 @@
name: test
ci: false
branch: main
author: test
sha: dummy
status: clean
cdDisabled: false

21
charts/issuer/templates/issuer.yaml
View File

@ -1,23 +1,10 @@
{{- range $name, $issuer := .Values.clusterIssuers }}
--- ---
apiVersion: cert-manager.io/v1 apiVersion: cert-manager.io/v1
kind: ClusterIssuer kind: ClusterIssuer
metadata: metadata:
labels: labels:
{{- include "issuer.labels" $ | nindent 4 }} {{- include "issuer.labels" . | nindent 4 }}
name: "{{ $name }}" name: "{{ .Values.name }}"
spec: spec:
{{ $issuer.spec | toYaml | indent 2 }} acme:
{{- end }} {{ .Values.spec | toYaml | indent 2 }}
{{- range $name, $issuer := .Values.issuers }}
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
labels:
{{- include "issuer.labels" $ | nindent 4 }}
name: "{{ $name }}"
namespace: {{ $issuer.namespace }}
spec:
{{ $issuer.spec | toYaml | indent 2 }}
{{- end }}

24
charts/metallb-resources/Chart.yaml
View File

@ -1,24 +0,0 @@
apiVersion: v2
name: metallb-resources
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"

7
charts/metallb-resources/templates/ip_address_pool.tpl
View File

@ -1,7 +0,0 @@
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: {{ include "metallb-resources.fullname" . }}
spec:
addresses:
- {{ .Values.addresses}}

1
charts/metallb-resources/values.yaml
View File

@ -1 +0,0 @@
addresses: 1.1.1.1-1.1.1.1

19
charts/namespaces/templates/namespaces.yaml
View File

@ -15,24 +15,5 @@ metadata:
{{- with $ns.annotations}} {{- with $ns.annotations}}
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
{{- if $ns.defaultRegcred }}
---
apiVersion: v1
kind: Secret
type: kubernetes.io/dockerconfigjson
metadata:
name: regcred
namespace: {{ $ns.name }}
data:
.dockerconfigjson: {{ $.Values.defaultRegcred }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: default
namespace: {{ $ns.name }}
imagePullSecrets:
- name: regcred
{{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}

23
charts/root/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/root/Chart.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v2
name: root
description: A Helm chart for Kubernetes
type: application
version: 0.1.5
appVersion: "1.16.0"

62
charts/root/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "root.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "root.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "root.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "root.labels" -}}
helm.sh/chart: {{ include "root.chart" . }}
{{ include "root.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "root.selectorLabels" -}}
app.kubernetes.io/name: {{ include "root.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "root.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "root.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

25
charts/root/templates/root.yaml Normal file
View File

@ -0,0 +1,25 @@
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: root
spec:
interval: 30s
url: {{ .Values.url }}
ref:
branch: {{ .Values.branch }}
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: root
spec:
interval: 30s
targetNamespace: flux-system
sourceRef:
kind: GitRepository
name: root
path: "."
prune: false
timeout: 1m
{{- end }}

25
charts/root/templates/self.yaml Normal file
View File

@ -0,0 +1,25 @@
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: root-self
spec:
interval: 30s
url: {{ .Values.self.url }}
ref:
branch: {{ .Values.self.branch }}
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: root-self
spec:
interval: 30s
targetNamespace: flux-system
sourceRef:
kind: GitRepository
name: root-self
path: "."
prune: false
timeout: 1m
{{- end }}

5
charts/root/values.yaml Normal file
View File

@ -0,0 +1,5 @@
url: https://git.badhouseplants.net/giantswarm/cluster-example.git
branch: main
self:
url: git@git.badhouseplants.net:giantswarm/root-config.git
branch: master

23
charts/tf-ocloud/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/tf-ocloud/Chart.lock Normal file
View File

@ -0,0 +1,6 @@
dependencies:
- name: helm-library
repository: oci://ghcr.io/allanger/allangers-helm-library
version: 0.1.4
digest: sha256:6306a6a8d3c51b2b5f37cffa88c3731550da789d1ce2317a83a3f9a657310f8e
generated: "2024-10-16T20:01:59.337767+02:00"

15
charts/tf-ocloud/Chart.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v2
name: tf-ocloud
type: application
version: 0.1.0
appVersion: 0.1.5
maintainers:
- name: allanger
email: allanger@zohomail.com
url: https://badhouseplants.net
dependencies:
- name: helm-library
version: 0.1.5
repository: oci://ghcr.io/allanger/allangers-helm-library
annotations:
allowed_workload_kinds: "Deployment"

BIN
charts/tf-ocloud/charts/helm-library-0.1.4.tgz Normal file
View File

Binary file not shown.

3
charts/tf-ocloud/templates/install.yaml Normal file
View File

@ -0,0 +1,3 @@
{{ include "lib.component.workload" . }}
{{ include "lib.component.files" . }}
{{ include "lib.component.env" . }}

67
charts/tf-ocloud/values.yaml Normal file
View File

@ -0,0 +1,67 @@
---
workload:
kind: Deployment
strategy:
type: RollingUpdate
securityContext: {}
containers:
tf:
securityContext: {}
image:
registry: zot.badhouseplants.net
repository: badhouseplants/terraform-ocloud
tag: 7eae6ec805bc99618a196abf9d4d2e0fd19f75e6
pullPolicy: Always
envFrom:
- main
mounts:
files:
ocloudkey:
path: /src/key.pem
subPath: key.pem
publickey:
path: /src/public_key
subPath: public-key
privatekey:
path: /src/ssh_key
subPath: ssh-key
tfvars:
path: /src/terraform.tfvars
subPath: terraform.tfvars
extraVolumes:
dottf:
path: /src/.terraform
extraVolumes:
dottf:
emptyDir: {}
files:
ocloudkey:
enabled: true
sensitive: false
remove: []
entries:
key.pem:
data: dummy
publickey:
enabled: true
sensitive: false
remove: []
entries:
public-key:
data: dummy
privatekey:
enabled: true
sensitive: false
remove: []
entries:
ssh-key:
data: dummy
tfvars:
enabled: true
sensitive: false
remove: []
entries:
terraform.tfvars:
data: dummy

50
common/environments.yaml
View File

@ -2,7 +2,6 @@ environments:
badhouseplants: badhouseplants:
kubeContext: badhouseplants kubeContext: badhouseplants
values: values:
- ./common/values/values.badhouseplants.yaml
- base: - base:
enabled: true enabled: true
- velero: - velero:
@ -22,11 +21,10 @@ environments:
- redis: - redis:
enabled: true enabled: true
- istio: - istio:
enabled: true enabled: false
etersoft: etersoft:
kubeContext: etersoft kubeContext: etersoft
values: values:
- ./common/values/values.etersoft.yaml
- base: - base:
enabled: true enabled: true
- velero: - velero:
@ -43,6 +41,52 @@ environments:
enabled: false enabled: false
- redis: - redis:
enabled: false enabled: false
- postgres16:
enabled: true
- istio:
enabled: false
xray-1:
kubeContext: xray-1
values:
- base:
enabled: false
- velero:
enabled: false
- workload:
enabled: false
- backups:
enabled: false
- openebs:
enabled: false
- localpath:
enabled: false
- postgres17:
enabled: false
- redis:
enabled: false
- postgres16:
enabled: false
- istio:
enabled: false
xray-2:
kubeContext: xray-2
values:
- base:
enabled: false
- velero:
enabled: false
- workload:
enabled: false
- backups:
enabled: false
- openebs:
enabled: false
- localpath:
enabled: false
- postgres17:
enabled: false
- redis:
enabled: false
- postgres16: - postgres16:
enabled: false enabled: false
- istio: - istio:

24
common/repositories.yaml Normal file
View File

@ -0,0 +1,24 @@
repositories:
- name: bedag
url: https://bedag.github.io/helm-charts/
- name: metrics-server
url: https://kubernetes-sigs.github.io/metrics-server/
- name: jetstack
url: https://charts.jetstack.io
- name: metallb
url: https://metallb.github.io/metallb
- name: traefik
url: https://traefik.github.io/charts
- name: coredns
url: https://coredns.github.io/helm
- name: cilium
url: https://helm.cilium.io/
- name: vmware-tanzu
url: https://vmware-tanzu.github.io/helm-charts/
- name: openebs
url: https://openebs.github.io/openebs
- name: local-path-provisioner
url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=master
- name: istio
url: https://istio-release.storage.googleapis.com/charts

80
common/templates.yaml
View File

@ -1,10 +1,4 @@
helmDefaults:
kubeContext: {{ .StateValues.kubeContext }}
templates: templates:
# ---------------------------
# -- Hooks
# ---------------------------
crd-management-hook: crd-management-hook:
hooks: hooks:
- events: ["preapply"] - events: ["preapply"]
@ -28,33 +22,42 @@ templates:
args: args:
- -c - -c
- "helm show crds {{ `{{ .Release.Chart }}` }} --version {{ `{{ .Release.Version }}` }} | kubectl delete -f - || true" - "helm show crds {{ `{{ .Release.Chart }}` }} --version {{ `{{ .Release.Version }}` }} | kubectl delete -f - || true"
apply-log:
disableOpenAPIValidation: true
disableValidation: true
dependencies:
- chart: ./charts/apply-log
version: '0.1.0'
alias: apply-log
set:
- name: apply-log.ci
value: '{{ env "CI" }}'
- name: apply-log.author
value: '{{ env "USER" }}'
- name: apply-log.branch
value: '{{ exec "git" (list "rev-parse" "--abbrev-ref" "HEAD") }}'
- name: apply-log.sha
value: '{{exec "git" (list "rev-parse" "--short" "HEAD") }}'
- name: apply-log.status
value: '{{ exec "sh" (list "-c" "test -z $(git status --porcelain) && echo clean || echo dirty") }}'
disable-cd:
labels:
k8s.onpier.de/cd-disabled: 'true'
set:
- name: apply-log.cdDisabled
value: "true"
# ---------------------------- # ----------------------------
# -- Configs # -- Configs
# ---------------------------- # ----------------------------
default-common-values: default-common-values:
values: values:
- '{{ requiredEnv "PWD" }}/values/common/values.{{ `{{ .Release.Name }}` }}.yaml' - ./values/common/values.{{ `{{ .Release.Name }}` }}.yaml
default-env-values: default-env-values:
values: values:
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/values.{{ `{{ .Release.Name }}` }}.yaml' - ./values/{{ .Environment.Name }}/values.{{ `{{ .Release.Name }}` }}.yaml
default-env-secrets: default-env-secrets:
secrets: secrets:
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/secrets.{{ `{{ .Release.Name }}` }}.yaml' - ./values/{{ .Environment.Name }}/secrets.{{ `{{ .Release.Name }}` }}.yaml
common-values:
values:
- '../values/common/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
common-values-tpl:
values:
- '../values/common/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.gotmpl'
env-values:
values:
- '../values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
env-values-tpl:
values:
- '../values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.gotmpl'
env-secrets:
secrets:
- '../values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/secrets.yaml'
# ---------------------------- # ----------------------------
# -- Extensions # -- Extensions
# ---------------------------- # ----------------------------
@ -64,56 +67,56 @@ templates:
version: 2.0.0 version: 2.0.0
alias: istio-gateway alias: istio-gateway
values: values:
- '{{ requiredEnv "PWD" }}/values/common/values.istio-gateway.yaml' - ./values/common/values.istio-gateway.yaml
ext-tcp-routes: ext-tcp-routes:
dependencies: dependencies:
- chart: bedag/raw - chart: bedag/raw
version: 2.0.0 version: 2.0.0
alias: traefik alias: traefik
values: values:
- '../values/common/values.tcp-route.yaml' - ./values/common/values.tcp-route.yaml
ext-udp-routes: ext-udp-routes:
dependencies: dependencies:
- chart: bedag/raw - chart: bedag/raw
version: 2.0.0 version: 2.0.0
alias: traefik-udp alias: traefik-udp
values: values:
- '{{ requiredEnv "PWD" }}/values/common/values.udp-route.yaml' - ./values/common/values.udp-route.yaml
ext-traefik-middleware: ext-traefik-middleware:
dependencies: dependencies:
- chart: bedag/raw - chart: bedag/raw
version: 2.0.0 version: 2.0.0
alias: middleware alias: middleware
values: values:
- '{{ requiredEnv "PWD" }}/values/common/values.middleware.yaml' - ./values/common/values.middleware.yaml
ext-istio-resource: ext-istio-resource:
dependencies: dependencies:
- chart: bedag/raw - chart: bedag/raw
version: 2.0.0 version: 2.0.0
alias: istio alias: istio
values: values:
- '{{ requiredEnv "PWD" }}/values/common/values.istio.yaml' - ./values/common/values.istio.yaml
ext-certificate: ext-certificate:
dependencies: dependencies:
- chart: bedag/raw - chart: bedag/raw
version: 2.0.0 version: 2.0.0
alias: certificate alias: certificate
values: values:
- '{{ requiredEnv "PWD" }}/values/common/values.certificate.yaml' - ./values/common/values.certificate.yaml
ext-metallb: ext-metallb:
dependencies: dependencies:
- chart: bedag/raw - chart: bedag/raw
version: 2.0.0 version: 2.0.0
alias: metallb alias: metallb
values: values:
- '{{ requiredEnv "PWD" }}/common/extensions/metallb.yaml' - ./common/extensions/metallb.yaml
service-monitor: service-monitor:
dependencies: dependencies:
- chart: bedag/raw - chart: bedag/raw
version: 2.0.0 version: 2.0.0
alias: service-monitor alias: service-monitor
values: values:
- '{{ requiredEnv "PWD" }}/values/common/values.service-monitor.yaml' - ./values/common/values.service-monitor.yaml
namespace: namespace:
dependencies: dependencies:
- chart: bedag/raw - chart: bedag/raw
@ -128,25 +131,18 @@ templates:
version: 2.0.0 version: 2.0.0
alias: ext-database alias: ext-database
values: values:
- '../values/common/values.database.yaml' - ./values/common/values.database.yaml
ext-secret: ext-secret:
dependencies: dependencies:
- chart: bedag/raw - chart: bedag/raw
version: 2.0.0 version: 2.0.0
alias: ext-secret alias: ext-secret
values: values:
- '{{ requiredEnv "PWD" }}/values/common/values.secret.yaml' - ./values/common/values.secret.yaml
ext-cilium: ext-cilium:
dependencies: dependencies:
- chart: bedag/raw - chart: bedag/raw
version: 2.0.0 version: 2.0.0
alias: ext-cilium alias: ext-cilium
values: values:
- '{{ requiredEnv "PWD" }}/values/common/values.ext-cilium.yaml' - ./values/common/values.ext-cilium.yaml
ext-self-signed-cert:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: ext-self-signed-cert
values:
- '{{ requiredEnv "PWD" }}/common/extensions/self-signed-cert.yaml'

10
common/values/values.badhouseplants.yaml
View File

@ -1,6 +1,4 @@
registry: registry.badhouseplants.net/containers namespaces:
registry_url: registry.badhouseplants.net kubeSystem: kube-system
main_ip: 195.201.249.91 kubePublic: kube-public
tools:
openebs:
enabled: true

6
common/values/values.etersoft.yaml
View File

@ -1,6 +0,0 @@
registry: registry.ru.badhouseplants.net/containers
registry_url: registry.ru.badhouseplants.net
main_ip: 91.232.225.63
tools:
openebs:
enabled: false

158
helmfile.yaml Normal file
View File

@ -0,0 +1,158 @@
bases:
- ./common/environments.yaml
- ./common/templates.yaml
- ./common/repositories.yaml
helmDefaults:
postRenderer: ./scripts/post_render_apply_log.sh
releases:
# -------------------------------------------------------------------
# -- Bootstrap the cluster resources
# -------------------------------------------------------------------
# -- Prepare all the required namespaces
- name: namespaces
postRendererArgs:
- "{{` {{ . }} `}}"
chart: ./charts/namespaces
namespace: kube-public
createNamespace: false
inherit:
- template: default-env-values
# -------------------------------------------------------------------
# -- Prepare all the required roles
- name: roles
chart: ./charts/roles
namespace: kube-public
createNamespace: false
needs:
- kube-public/namespaces
inherit:
- template: default-env-values
- template: apply-log
# -------------------------------------------------------------------
# -- Deploy the core cluster workload
# -------------------------------------------------------------------
- name: coredns
chart: coredns/coredns
version: 1.37.0
namespace: kube-system
inherit:
- template: default-common-values
- template: apply-log
- name: cilium
chart: cilium/cilium
version: 1.16.4
condition: base.enabled
namespace: kube-system
needs:
- kube-system/coredns
inherit:
- template: default-env-values
- template: apply-log
- name: cert-manager
chart: jetstack/cert-manager
version: v1.16.2
namespace: kube-system
condition: base.enabled
missingFileHandler: Warn
needs:
- kube-system/cilium
inherit:
- template: default-common-values
- template: default-env-values
- template: apply-log
- name: issuer
chart: ./charts/issuer
namespace: kube-public
missingFileHandler: Warn
condition: base.enabled
needs:
- kube-system/cert-manager
inherit:
- template: default-common-values
- template: default-env-values
- template: apply-log
- name: metrics-server
chart: metrics-server/metrics-server
version: 3.12.2
namespace: kube-system
needs:
- kube-system/cilium
inherit:
- template: default-common-values
- template: apply-log
- name: metallb
chart: metallb/metallb
namespace: kube-system
condition: base.enabled
version: 0.14.8
needs:
- kube-system/cilium
inherit:
- template: default-common-values
- template: apply-log
- name: metallb-resources
chart: bedag/raw
version: 2.0.0
condition: base.enabled
namespace: kube-system
needs:
- kube-system/metallb
inherit:
- template: ext-metallb
- template: default-env-values
- template: apply-log
- name: traefik
chart: traefik/traefik
version: 33.1.0
condition: base.enabled
namespace: kube-system
needs:
- kube-system/cilium
inherit:
- template: default-common-values
- template: default-env-values
- template: apply-log
- name: velero
chart: vmware-tanzu/velero
namespace: velero
version: 8.1.0
condition: velero.enabled
needs:
- kube-system/cilium
inherit:
- template: default-env-values
- template: default-env-secrets
- template: crd-management-hook
- template: apply-log
- name: openebs
chart: openebs/openebs
condition: openebs.enabled
namespace: kube-system
version: 4.1.1
needs:
- kube-system/cilium
inherit:
- template: default-env-values
- template: apply-log
# -- Not versions since it's idnstalled from git
- name: local-path-provisioner
chart: local-path-provisioner/local-path-provisioner
condition: localpath.enabled
namespace: kube-system
needs:
- kube-system/cilium
inherit:
- template: default-env-values
- template: apply-log

25
helmfile.yaml.gotmpl
View File

@ -1,25 +0,0 @@
---
bases:
- ./common/environments.yaml
---
helmfiles:
- path: ./helmfiles/base.yaml
values:
- kubeContext: "{{ .Environment.KubeContext }}"
- {{ toYaml .Environment.Values | nindent 8 }}
- path: ./helmfiles/system.yaml
values:
- kubeContext: "{{ .Environment.KubeContext }}"
- {{ toYaml .Environment.Values | nindent 8 }}
- path: ./helmfiles/platform.yaml
values:
- kubeContext: "{{ .Environment.KubeContext }}"
- {{ toYaml .Environment.Values | nindent 8 }}
- path: ./helmfiles/databases.yaml
values:
- kubeContext: "{{ .Environment.KubeContext }}"
- {{ toYaml .Environment.Values | nindent 8 }}
- path: ./helmfiles/applications.yaml
values:
- kubeContext: "{{ .Environment.KubeContext }}"
- {{ toYaml .Environment.Values | nindent 8 }}

28
helmfiles/applications.yaml
View File

@ -1,28 +0,0 @@
bases:
- ../common/templates.yaml
repositories:
- name: gitea
url: https://dl.gitea.io/charts/
- name: bedag
url: https://bedag.github.io/helm-charts/
- name: minecraft
url: https://itzg.github.io/minecraft-server-charts/
releases:
- name: app-gitea
chart: gitea/gitea
version: 11.0.1
namespace: org-badhouseplants
inherit:
- template: env-values
- template: env-secrets
- name: minecraft
chart: minecraft/minecraft
namespace: games
version: 4.26.3
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets

21
helmfiles/base.yaml
View File

@ -1,21 +0,0 @@
bases:
- ../common/templates.yaml
releases:
# -- This one must be executed with --take-ownership at least once
- name: namespaces
chart: ../charts/namespaces
namespace: kube-system
createNamespace: false
inherit:
- template: env-values
- template: env-secrets
- name: roles
chart: ../charts/roles
namespace: kube-system
createNamespace: false
needs:
- kube-system/namespaces
inherit:
- template: env-values

122
helmfiles/platform.yaml
View File

@ -1,122 +0,0 @@
bases:
- ../common/templates.yaml
repositories:
- name: keel
url: https://keel-hq.github.io/keel/
- name: uptime-kuma
url: https://helm.irsigler.cloud
- name: external-dns
url: https://kubernetes-sigs.github.io/external-dns/
- name: minio-standalone
url: https://charts.min.io/
- name: db-operator
url: https://db-operator.github.io/charts
- name: zot
url: https://zotregistry.dev/helm-charts/
- name: goauthentik
url: https://charts.goauthentik.io/
- name: flux-community
url: ghcr.io/fluxcd-community/charts
oci: true
- name: bedag
url: https://bedag.github.io/helm-charts/
- name: argo
url: https://argoproj.github.io/argo-helm
releases:
- name: external-dns
chart: external-dns/external-dns
version: 1.16.1
namespace: platform
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets
- name: flux2
chart: flux-community/flux2
installed: false
version: 2.15.0
namespace: flux-system
inherit:
- template: common-values-tpl
- name: argocd
chart: argo/argo-cd
version: 7.8.23
namespace: argocd
inherit:
- template: env-values
- template: env-secrets
- name: keel
chart: keel/keel
version: v1.0.5
labels:
layer: platform
namespace: platform
inherit:
- template: common-values-tpl
- name: uptime-kuma
chart: uptime-kuma/uptime-kuma
version: 2.21.2
namespace: platform
labels:
layer: platform
inherit:
- template: common-values-tpl
- template: env-values
- name: minio
chart: minio-standalone/minio
version: 5.4.0
namespace: platform
labels:
layer: platform
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets
- name: db-operator
namespace: platform
chart: db-operator/db-operator
version: 1.34.0
inherit:
- template: common-values-tpl
- name: db-instances
chart: db-operator/db-instances
namespace: platform
needs:
- platform/db-operator
version: 2.4.0
inherit:
- template: env-values
- template: env-secrets
- name: zot
chart: zot/zot
version: 0.1.68
namespace: platform
condition: workload.enabled
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets
- name: authentik
chart: goauthentik/authentik
version: 2025.2.4
namespace: platform
createNamespace: false
condition: workload.enabled
needs:
- platform/db-operator
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets
- template: ext-database

176
installations/applications/helmfile-badhouseplants.yaml
View File

@ -1,91 +1,127 @@
bases: bases:
- ../../common/environments.yaml - ../../common/environments.yaml
- ../../common/templates.yaml - ../../common/templates.yaml
repositories: repositories:
- name: softplayer-oci
url: zot.badhouseplants.net/softplayer/helm
oci: true
- name: allanger-oci
url: zot.badhouseplants.net/allanger/helm
oci: true
- name: requarks
url: https://charts.js.wiki
- name: ananace-charts
url: https://ananace.gitlab.io/charts
- name: gitea - name: gitea
url: https://dl.gitea.io/charts/ url: https://dl.gitea.io/charts/
- name: mailu
url: https://mailu.github.io/helm-charts/
- name: bedag
url: https://bedag.github.io/helm-charts/
- name: bitnami
url: https://charts.bitnami.com/bitnami
- name: allangers-charts - name: allangers-charts
url: ghcr.io/allanger/allangers-charts url: ghcr.io/allanger/allangers-charts
oci: true oci: true
- name: robjuz
url: https://robjuz.github.io/helm-charts/
- name: badhouseplants-helm - name: badhouseplants-helm
url: git+https://gitea.badhouseplants.net/badhouseplants/badhouseplants-helm@charts?ref=main url: git+https://gitea.badhouseplants.net/badhouseplants/badhouseplants-helm@charts?ref=main
- name: bedag
url: https://bedag.github.io/helm-charts/
#- name: open-strike
# url: git+https://gitea.badhouseplants.net/badhouseplants/open-strike-2.git@helm?ref=main
releases: releases:
- name: app-vaultwarden - name: funkwhale
chart: allangers-charts/vaultwarden chart: ananace-charts/funkwhale
version: 3.1.1 namespace: applications
namespace: org-badhouseplants
inherit:
- template: env-values
- template: env-secrets
- name: app-stalwart
chart: allangers-charts/stalwart
version: 1.0.1
namespace: org-badhouseplants
inherit:
- template: env-values
- template: env-secrets
- name: app-tandoor-recipes
chart: allangers-charts/tandoor-recipes
version: 0.2.0
namespace: org-allanger
inherit:
- template: env-values
- template: env-secrets
- template: ext-database
- name: app-navidrome
chart: allangers-charts/navidrome
namespace: org-badhouseplants
version: 0.5.0
inherit:
- template: env-values
- template: ext-traefik-middleware
- name: app-navidrome-private
chart: allangers-charts/navidrome
namespace: org-badhouseplants
version: 0.5.0
inherit:
- template: env-values
- template: env-secrets
- name: server-xray-public
chart: allangers-charts/server-xray
namespace: public-xray
version: 0.6.0
inherit:
- template: default-env-secrets
- template: default-env-values
- template: ext-tcp-routes
- template: ext-cilium
- template: ext-certificate
- name: server-xray-public-edge
chart: allangers-charts/server-xray
installed: false installed: false
namespace: public-xray version: 2.0.5
version: 0.6.0
inherit: inherit:
- template: default-env-secrets
- template: default-env-values - template: default-env-values
- template: ext-tcp-routes - template: default-env-secrets
- template: ext-cilium - template: ext-database
- template: ext-certificate - name: gitea
chart: gitea/gitea
- name: memos version: 10.6.0
chart: allangers-charts/memos
version: 0.3.0
namespace: applications namespace: applications
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets
- template: ext-database
- template: ext-tcp-routes
- name: openvpn
chart: allangers-charts/openvpn
version: 0.0.2
namespace: applications
inherit:
- template: default-env-values
- template: ext-tcp-routes
- name: vaultwarden
chart: allangers-charts/vaultwarden
version: 2.3.0
namespace: applications
inherit:
- template: default-env-values
- template: default-env-secrets
- template: ext-database
- name: stalwart
chart: allangers-charts/stalwart
version: 0.4.0
namespace: applications
inherit:
- template: default-env-values
- template: default-env-secrets
- template: ext-tcp-routes
- name: navidrome
chart: allangers-charts/navidrome
namespace: applications
version: 0.2.0
inherit:
- template: default-env-values
- template: ext-traefik-middleware
- name: navidrome-private
chart: allangers-charts/navidrome
namespace: applications
version: 0.2.0
inherit:
- template: default-env-values
- template: default-env-secrets
- name: server-xray-public
chart: allangers-charts/server-xray
namespace: public-xray
version: 0.4.0
inherit:
- template: default-env-secrets
- template: default-env-values
- template: ext-tcp-routes
- template: ext-cilium
- template: ext-certificate
- name: server-xray-public-edge
chart: allangers-charts/server-xray
installed: true
namespace: public-xray
version: 0.4.0
inherit:
- template: default-env-secrets
- template: default-env-values
- template: ext-tcp-routes
- template: ext-cilium
- template: ext-certificate
- name: vaultwardentest
chart: allangers-charts/vaultwarden
version: 2.4.0
namespace: applications
installed: false
inherit:
- template: default-env-values
- template: default-env-secrets
- template: ext-database
- name: tandoor-recipes
chart: allangers-charts/tandoor-recipes
installed: false
version: 0.1.0
namespace: applications
inherit:
- template: default-env-values
- template: default-env-secrets
- template: ext-database - template: ext-database
- name: badhouseplants-net - name: badhouseplants-net

47
installations/applications/helmfile-etersoft.yaml
View File

@ -8,12 +8,17 @@ repositories:
- name: gabe565 - name: gabe565
url: ghcr.io/gabe565/charts url: ghcr.io/gabe565/charts
oci: true oci: true
- name: xray-docs
url: git+https://gitea.badhouseplants.net/badhouseplants/xray-docs.git@helm?ref=main
releases: releases:
- name: openvpn
chart: allangers-charts/openvpn
version: 0.0.2
namespace: applications
inherit:
- template: default-env-values
- template: ext-tcp-routes
- name: qbittorrent - name: qbittorrent
chart: gabe565/qbittorrent chart: gabe565/qbittorrent
version: 0.4.1 version: 0.4.0
namespace: applications namespace: applications
inherit: inherit:
- template: default-env-values - template: default-env-values
@ -21,39 +26,35 @@ releases:
- template: ext-traefik-middleware - template: ext-traefik-middleware
- name: vaultwardentest - name: vaultwardentest
chart: allangers-charts/vaultwarden chart: allangers-charts/vaultwarden
version: 3.1.1 version: 2.4.0
namespace: applications namespace: applications
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
- template: ext-database
- name: tf-ocloud
chart: ../../charts/tf-ocloud
namespace: pipelines
installed: false
inherit:
- template: default-env-secrets
- name: memos - name: nrodionov
chart: allangers-charts/memos chart: bitnami/wordpress
version: 0.3.0 version: 23.1.28
namespace: applications namespace: applications
installed: true
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets
- name: server-xray-public-bridge
- name: external-service-xray chart: allangers-charts/server-xray
chart: ../../kustomizations/external-service-xray
installed: true installed: true
namespace: public-xray namespace: public-xray
version: 0.4.0
- name: server-xray-public
chart: allangers-charts/server-xray
namespace: public-xray
version: 0.6.0
inherit: inherit:
- template: default-env-secrets - template: default-env-secrets
- template: default-env-values - template: default-env-values
- template: ext-tcp-routes - template: ext-tcp-routes
- template: ext-cilium - template: ext-cilium
- template: ext-certificate - template: ext-certificate
- name: xray-docs
chart: xray-docs/xray-docs
installed: true
namespace: public-xray
inherit:
- template: default-env-values

23
installations/applications/helmfile-xray-1.yaml Normal file
View File

@ -0,0 +1,23 @@
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
repositories:
- name: allangers-charts
url: ghcr.io/allanger/allangers-charts
oci: true
releases:
- name: server-xray-public
chart: allangers-charts/server-xray
namespace: public-xray
version: 0.4.0
inherit:
- template: default-env-secrets
- template: default-env-values
- template: ext-self-signed-cert
- name: promtail
chart: grafana/promtail
namespace: promtail
version: 6.16.6
inherit:
- template: default-env-values
- template: default-env-secrets

16
installations/applications/helmfile-xray-2.yaml Normal file
View File

@ -0,0 +1,16 @@
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
repositories:
- name: allangers-charts
url: ghcr.io/allanger/allangers-charts
oci: true
releases:
- name: server-xray-public
chart: allangers-charts/server-xray
namespace: public-xray
version: 0.4.0
inherit:
- template: default-env-secrets
- template: default-env-values
- template: ext-self-signed-cert

27
helmfiles/databases.yaml → installations/databases/helmfile.yaml
View File

@ -1,25 +1,21 @@
bases: bases:
- ../common/templates.yaml - ../../common/environments.yaml
- ../../common/templates.yaml
repositories: repositories:
- name: bitnami - name: bitnami
url: registry-1.docker.io/bitnamicharts url: registry-1.docker.io/bitnamicharts
oci: true oci: true
- name: bedag - name: bedag
url: https://bedag.github.io/helm-charts/ url: https://bedag.github.io/helm-charts/
commonLabels:
installation: databases
releases: releases:
- name: redis - name: redis
chart: bitnami/redis chart: bitnami/redis
namespace: databases namespace: databases
condition: redis.enabled condition: redis.enabled
version: 20.12.1 version: 20.4.0
inherit: inherit:
- template: common-values-tpl - template: default-env-values
- template: env-values - template: default-env-secrets
- template: env-secrets
- name: postgres16 - name: postgres16
labels: labels:
bundle: postgres bundle: postgres
@ -28,18 +24,15 @@ releases:
condition: postgres16.enabled condition: postgres16.enabled
version: 15.5.38 version: 15.5.38
inherit: inherit:
- template: common-values-tpl - template: default-env-values
- template: env-values - template: default-env-secrets
- template: env-secrets
- name: postgres17 - name: postgres17
labels: labels:
bundle: postgres bundle: postgres
namespace: databases namespace: databases
chart: bitnami/postgresql chart: bitnami/postgresql
condition: postgres17.enabled condition: postgres17.enabled
version: 16.3.4 version: 16.0.6
inherit: inherit:
- template: common-values-tpl - template: default-env-values
- template: env-values - template: default-env-secrets
- template: env-secrets

9
installations/development/helmfile.yaml Normal file
View File

@ -0,0 +1,9 @@
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
repositories:
- name: argo
url: https://argoproj.github.io/argo-helm
releases:
- name: badhouseplants
namespace: platform

11
installations/games/helmfile.yaml
View File

@ -13,7 +13,16 @@ releases:
- name: minecraft - name: minecraft
chart: minecraft/minecraft chart: minecraft/minecraft
namespace: games namespace: games
version: 4.26.3 version: 4.23.6
inherit:
- template: ext-tcp-routes
- template: default-env-values
- template: default-env-secrets
- name: team-fortress-2
chart: allangers-charts/team-fortress-2
namespace: team-fortress-2
version: 0.1.2
inherit: inherit:
- template: ext-tcp-routes - template: ext-tcp-routes
- template: default-env-values - template: default-env-values

6
installations/monitoring/helmfile.yaml
View File

@ -12,7 +12,7 @@ releases:
- name: prometheus - name: prometheus
chart: prometheus-community/kube-prometheus-stack chart: prometheus-community/kube-prometheus-stack
namespace: observability namespace: observability
version: 70.7.0 version: 66.3.1
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
@ -20,7 +20,7 @@ releases:
- name: grafana - name: grafana
chart: grafana/grafana chart: grafana/grafana
namespace: observability namespace: observability
version: 8.12.1 version: 8.6.4
installed: true installed: true
inherit: inherit:
- template: default-env-values - template: default-env-values
@ -28,7 +28,7 @@ releases:
- name: loki - name: loki
chart: grafana/loki chart: grafana/loki
namespace: observability namespace: observability
version: 6.29.0 version: 6.23.0
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: ext-secret - template: ext-secret

7
installations/pipelines/helmfile.yaml
View File

@ -12,7 +12,7 @@ releases:
- name: woodpecker-ci - name: woodpecker-ci
chart: woodpecker/woodpecker chart: woodpecker/woodpecker
namespace: pipelines namespace: pipelines
version: 3.0.7 version: 2.0.2
inherit: inherit:
- template: ext-database - template: ext-database
- template: default-env-values - template: default-env-values
@ -20,15 +20,14 @@ releases:
- name: renovate-gitea - name: renovate-gitea
chart: renovate/renovate chart: renovate/renovate
namespace: pipelines namespace: pipelines
version: 39.251.0 version: 39.57.4
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
- name: renovate-github - name: renovate-github
chart: renovate/renovate chart: renovate/renovate
installed: true
namespace: pipelines namespace: pipelines
version: 39.251.0 version: 39.57.4
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets

114
installations/platform/helmfile.yaml Normal file
View File

@ -0,0 +1,114 @@
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
repositories:
- name: argo
url: https://argoproj.github.io/argo-helm
- name: db-operator
url: https://db-operator.github.io/charts
- name: zot
url: https://zotregistry.dev/helm-charts/
- name: bedag
url: https://bedag.github.io/helm-charts/
- name: crossplane-stable
url: https://charts.crossplane.io/stable
- name: goauthentik
url: https://charts.goauthentik.io/
- name: minio-standalone
url: https://charts.min.io/
- name: kyverno
url: https://kyverno.github.io/kyverno/
- name: external-dns
url: https://kubernetes-sigs.github.io/external-dns/
- name: keel
url: https://keel-hq.github.io/keel/
releases:
- name: db-operator
namespace: platform
chart: db-operator/db-operator
version: 1.30.0
- name: db-instances
chart: db-operator/db-instances
namespace: platform
needs:
- platform/db-operator
version: 2.4.0
inherit:
- template: default-env-values
- template: default-env-secrets
- name: zot
chart: zot/zot
version: 0.1.65
createNamespace: false
installed: true
namespace: platform
condition: workload.enabled
inherit:
- template: default-env-values
- template: default-env-secrets
- name: authentik
chart: goauthentik/authentik
version: 2024.10.5
namespace: platform
createNamespace: false
condition: workload.enabled
needs:
- platform/db-operator
inherit:
- template: default-env-values
- template: default-env-secrets
- template: ext-database
- name: minio
chart: minio-standalone/minio
version: 5.3.0
namespace: platform
inherit:
- template: default-env-values
- template: default-env-secrets
- name: kyverno
chart: kyverno/kyverno
namespace: kyverno
condition: workload.enabled
labels:
bootstrap: true
version: 3.3.3
- name: kyverno-policies
chart: kyverno/kyverno-policies
namespace: kyverno
condition: workload.enabled
labels:
bootstrap: true
version: 3.3.2
needs:
- kyverno/kyverno
- name: custom-kyverno-policies
chart: ../../kustomizations/kyverno/
namespace: kyverno
condition: workload.enabled
labels:
bootstrap: true
needs:
- kyverno/kyverno
- name: external-dns
chart: external-dns/external-dns
version: 1.15.0
namespace: platform
inherit:
- template: default-env-values
- template: default-env-secrets
- name: keel
chart: keel/keel
version: 1.0.4
namespace: platform
condition: workload.enabled

34
installations/storage/helmfile.yaml Normal file
View File

@ -0,0 +1,34 @@
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
repositories:
- name: longhorn
url: https://charts.longhorn.io
- name: rook-release
url: https://charts.rook.io/release
releases:
- name: rook-ceph
chart: rook-release/rook-ceph
installed: true
namespace: rook-ceph
version: v1.14.6
inherit:
- template: default-env-values
- name: rook-ceph-cluster
chart: rook-release/rook-ceph-cluster
installed: false
namespace: rook-ceph
version: v1.14.6
needs:
- rook-ceph/rook-ceph
inherit:
- template: default-env-values
- name: longhorn
chart: longhorn/longhorn
namespace: longhorn-system
installed: true
version: 1.7.2
inherit:
- template: default-env-values
- template: default-env-secrets
- template: ext-secret

220
helmfiles/system.yaml → installations/system/helmfile.yaml
View File

@ -1,13 +1,10 @@
bases: bases:
- ../common/templates.yaml - ../../common/environments.yaml
- ../../common/templates.yaml
repositories: repositories:
- name: coredns - name: bedag
url: https://coredns.github.io/helm url: https://bedag.github.io/helm-charts/
- name: zot
url: https://zotregistry.dev/helm-charts/
- name: cilium
url: https://helm.cilium.io/
- name: metrics-server - name: metrics-server
url: https://kubernetes-sigs.github.io/metrics-server/ url: https://kubernetes-sigs.github.io/metrics-server/
- name: jetstack - name: jetstack
@ -16,166 +13,171 @@ repositories:
url: https://metallb.github.io/metallb url: https://metallb.github.io/metallb
- name: traefik - name: traefik
url: https://traefik.github.io/charts url: https://traefik.github.io/charts
- name: local-path-provisioner - name: coredns
url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=master url: https://coredns.github.io/helm
- name: kyverno - name: cilium
url: https://kyverno.github.io/kyverno/ url: https://helm.cilium.io/
- name: vmware-tanzu - name: vmware-tanzu
url: https://vmware-tanzu.github.io/helm-charts/ url: https://vmware-tanzu.github.io/helm-charts/
- name: openebs - name: openebs
url: https://openebs.github.io/openebs url: https://openebs.github.io/openebs
- name: local-path-provisioner
url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=master
- name: istio - name: istio
url: https://istio-release.storage.googleapis.com/charts url: https://istio-release.storage.googleapis.com/charts
releases: releases:
- name: namespaces
chart: '{{ requiredEnv "PWD" }}/charts/namespaces/chart'
namespace: kube-public
createNamespace: false
inherit:
- template: default-env-values
- template: apply-log
- name: roles
chart: '{{ requiredEnv "PWD" }}/charts/roles'
namespace: kube-public
createNamespace: false
needs:
- kube-public/namespaces
inherit:
- template: default-env-values
- name: coredns - name: coredns
chart: coredns/coredns chart: coredns/coredns
version: 1.39.2 version: 1.37.0
namespace: kube-system namespace: kube-system
inherit: inherit:
- template: common-values-tpl - template: default-common-values
- name: cilium - name: cilium
chart: cilium/cilium chart: cilium/cilium
version: 1.17.2 version: 1.16.4
condition: base.enabled
namespace: kube-system namespace: kube-system
needs: needs:
- kube-system/coredns - kube-system/coredns
inherit: inherit:
- template: common-values - template: default-env-values
- template: common-values-tpl
- name: cert-manager - name: cert-manager
chart: jetstack/cert-manager chart: jetstack/cert-manager
version: v1.17.1 version: v1.16.2
namespace: kube-system namespace: kube-system
condition: base.enabled
missingFileHandler: Warn missingFileHandler: Warn
needs: needs:
- kube-system/cilium - kube-system/cilium
inherit: inherit:
- template: common-values - template: default-common-values
- template: common-values-tpl - template: default-env-values
- name: issuer - name: issuer
chart: ../charts/issuer chart: '{{ requiredEnv "PWD" }}/charts/issuer'
namespace: kube-system namespace: kube-public
missingFileHandler: Warn missingFileHandler: Warn
condition: base.enabled
needs: needs:
- kube-system/cert-manager - kube-system/cert-manager
inherit: inherit:
- template: common-values - template: default-common-values
- template: default-env-values
- name: local-path-provisioner
chart: local-path-provisioner/local-path-provisioner
namespace: kube-system
inherit:
- template: common-values-tpl
- name: kyverno
chart: kyverno/kyverno
namespace: kyverno
version: 3.3.7
needs:
- kube-system/cilium
inherit:
- template: common-values-tpl
- name: kyverno-policies
chart: kyverno/kyverno-policies
namespace: kyverno
version: 3.3.4
needs:
- kyverno/kyverno
- name: custom-kyverno-policies
chart: ../kustomizations/kyverno/{{ .Environment.Name }}
namespace: kyverno
needs:
- kyverno/kyverno
- name: metallb
chart: metallb/metallb
namespace: kube-system
condition: base.enabled
version: 0.14.9
needs:
- registry/cluster-mirror
inherit:
- template: common-values
- template: common-values-tpl
- name: metallb-resources
chart: ../charts/metallb-resources
version: 2.0.0
condition: base.enabled
namespace: kube-system
needs:
- kube-system/metallb
inherit:
- template: common-values-tpl
- name: traefik
chart: traefik/traefik
version: 35.0.1
condition: base.enabled
namespace: kube-system
inherit:
- template: common-values-tpl
- template: common-values
- template: env-values
- name: cluster-mirror
chart: zot/zot
version: 0.1.68
createNamespace: false
installed: true
namespace: registry
needs:
- kube-system/cilium
inherit:
- template: common-values-tpl
- template: env-secrets
- name: metrics-server - name: metrics-server
chart: metrics-server/metrics-server chart: metrics-server/metrics-server
version: 3.12.2 version: 3.12.2
namespace: kube-system namespace: kube-system
needs: needs:
- registry/cluster-mirror - kube-system/cilium
inherit: inherit:
- template: common-values-tpl - template: default-common-values
- name: openebs - name: metallb
chart: openebs/openebs chart: metallb/metallb
condition: tools.openebs.enabled
namespace: kube-system namespace: kube-system
version: 4.2.0 condition: base.enabled
version: 0.14.8
needs:
- kube-system/cilium
inherit: inherit:
- template: common-values-tpl - template: default-common-values
- template: env-values
- name: metallb-resources
chart: bedag/raw
version: 2.0.0
condition: base.enabled
namespace: kube-system
needs:
- kube-system/metallb
inherit:
- template: ext-metallb
- template: default-env-values
- name: traefik
chart: traefik/traefik
version: 33.1.0
condition: base.enabled
namespace: kube-system
needs:
- kube-system/cilium
inherit:
- template: default-common-values
- template: default-env-values
- name: velero - name: velero
chart: vmware-tanzu/velero chart: vmware-tanzu/velero
namespace: velero namespace: velero
version: 8.7.2 version: 8.1.0
condition: velero.enabled condition: velero.enabled
needs:
- kube-system/cilium
inherit: inherit:
- template: common-values-tpl - template: default-env-values
- template: env-values - template: default-env-secrets
- template: env-secrets - template: crd-management-hook
- name: openebs
chart: openebs/openebs
condition: openebs.enabled
namespace: kube-system
version: 4.1.1
needs:
- kube-system/cilium
inherit:
- template: default-env-values
# -- Not versions since it's idnstalled from git
- name: local-path-provisioner
chart: local-path-provisioner/local-path-provisioner
condition: localpath.enabled
namespace: kube-system
needs:
- kube-system/cilium
inherit:
- template: default-env-values
- name: istio-base - name: istio-base
chart: istio/base chart: istio/base
condition: istio.enabled
namespace: istio-system namespace: istio-system
version: 1.25.1
inherit: inherit:
- template: common-values - template: crd-management-hook
- name: istio-ingressgateway
chart: istio/gateway
condition: istio.enabled
namespace: istio-system
needs:
- istio-system/istio-base
inherit:
- template: default-env-values
- name: istiod - name: istiod
chart: istio/istiod chart: istio/istiod
condition: istio.enabled
namespace: istio-system namespace: istio-system
version: 1.25.1
inherit: inherit:
- template: common-values-tpl - template: default-env-values
needs: needs:
- istio-system/istio-base - istio-system/istio-base

23
kustomizations/external-service-xray/service.yaml
View File

@ -1,23 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: xray-external-proxy
spec:
externalName: xray-public.badhouseplants.net
sessionAffinity: None
type: ExternalName
---
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: xray-external-proxy
spec:
entryPoints:
- xray-public
routes:
- match: HostSNI(`*`)
services:
- name: xray-external-proxy
nativeLB: true
port: 27015

20
kustomizations/kyverno/add-applied-by.yaml
View File

@ -1,20 +0,0 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: add-applied-by
spec:
background: false
rules:
- name: add-applied-by
match:
any:
- resources:
kinds:
- '*'
namespaces:
- org-*
mutate:
patchStrategicMerge:
metadata:
annotations:
applied-by: "{{ request.userInfo.username }}"

58
kustomizations/kyverno/badhouseplants/pvc-patch.yaml
View File

@ -1,58 +0,0 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: replace-storage-class-by-openebs
spec:
rules:
- name: local-path-fix
match:
any:
- resources:
kinds:
- PersistentVolumeClaim
namespaces:
- registry
mutate:
patchStrategicMerge:
metadata:
annotations:
volume.kubernetes.io/selected-node: bordeaux
- name: replace-storage-class
match:
any:
- resources:
kinds:
- PersistentVolumeClaim
namespaces:
- games
- application
- platform
- pipelines
mutate:
patchStrategicMerge:
metadata:
annotations:
volume.beta.kubernetes.io/storage-class: openebs-hostpath
spec:
storageClassName: openebs-hostpath
accessModes:
- ReadWriteOnce
#- name: remove-unwanted-annotations
# match:
# any:
# - resources:
# kinds:
# - PersistentVolumeClaim
# namespaces:
# - games
# mutate:
# patchesJson6902: |-
# - path: "/metadata/annotations/volume.beta.kubernetes.io~1storage-class"
# op: replace
# value: openebs-hostpath
# - path: "/metadata/annotations/volume.beta.kubernetes.io~1storage-provisioner"
# op: replace
# value: openebs.io/local
# - path: "/metadata/annotations/volume.kubernetes.io~1storage-provisioner"
# op: replace
# value: openebs.io/local

21
kustomizations/kyverno/etersoft/pvc-patch.yaml
View File

@ -1,21 +0,0 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: append-node-name-to-pvc
spec:
rules:
- name: replace-storage-class
match:
any:
- resources:
kinds:
- PersistentVolumeClaim
namespaces:
- applications
- platform
- registry
mutate:
patchStrategicMerge:
metadata:
annotations:
volume.kubernetes.io/selected-node: yekaterinburg

44
kustomizations/kyverno/pvc-patch.yaml Normal file
View File

@ -0,0 +1,44 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: replace-storage-class-by-openebs
spec:
rules:
- name: replace-storage-class
match:
any:
- resources:
kinds:
- PersistentVolumeClaim
namespaces:
- games
- application
- platform
mutate:
patchStrategicMerge:
metadata:
annotations:
volume.beta.kubernetes.io/storage-class: openebs-hostpath
spec:
storageClassName: openebs-hostpath
accessModes:
- ReadWriteOnce
- name: remove-unwanted-annotations
match:
any:
- resources:
kinds:
- PersistentVolumeClaim
namespaces:
- games
mutate:
patchesJson6902: |-
- path: "/metadata/annotations/volume.beta.kubernetes.io~1storage-class"
op: replace
value: openebs-hostpath
- path: "/metadata/annotations/volume.beta.kubernetes.io~1storage-provisioner"
op: replace
value: openebs.io/local
- path: "/metadata/annotations/volume.kubernetes.io~1storage-provisioner"
op: replace
value: openebs.io/local

8
manifests/peerauth.yaml
View File

@ -1,8 +0,0 @@
apiVersion: security.istio.io/v1
kind: PeerAuthentication
metadata:
name: default
namespace: public-xray
spec:
mtls:
mode: STRICT

11
scripts/post_render_apply_log.sh Executable file
View File

@ -0,0 +1,11 @@
#!/bin/bash
WORKDIR=$(mktemp -d)
cat <&0 > "${WORKDIR}/result.yaml"
echo "---" >> "${WORKDIR}/result.yaml"
kubectl create configmap --dry-run=client "${1}-apply-log" -o yaml --from-literal author="${USER}" >> "${WORKDIR}/result.yaml"
cat "${WORKDIR}/result.yaml"

21
values/badhouseplants/argocd/argocd/secrets.yaml
View File

@ -1,21 +0,0 @@
configs:
cm:
dex.config: ENC[AES256_GCM,data:U+BKH82hTX8a08ZVJM8WJ2NuwIJR2Diax4VUxziFhHlZWMJKWCl2BNSquKxaFincmoR3Lqn95wyfsoGKwjPxINqYw0F3zbZttlfpyG84Jg2Y4E3+NDE0YtPv1stE47aW8ZWDycjcvrW9UGANEQWHGoEMVC7sIDmSEKc4zZYVOrDPnIDOl8Fdt+7oQb9XcITvkt28DJymMvm2FLJPEB9Iz/M9V72r8QhA9ASYEWnhjYUnv63A92YH7FBr+5rdlaRSW/jJfnTWViHdi9F0fYyPmjgcyAitSXZNbPs3bd8uV7ZZTWIQGMb1IpB9SFHxMBHLNv510kFmdn0RpThIrSiDrbau4OiXcFj3N3JOStlz/AlWBkAj/zNfCcdZfsSvICARcAuw4Jowh0fGSzi3uJrr9CezWTj5t3SN+KoKGs2vO5DoD8dmjtI3vStICVs9jN8QXiPb4WpUALyM9AT41Eg+oo/58SnxNjovJ2xw/DV4GTQxpzaPCC1yagR4vSR+/qlRYU9SUinw53kzm2tZjabAVbfpTlbq7F7Ld/GuW3IQh/fULBTxYGys9s++72GdG/P0elLjvCV0Xt3vIona//uVKQFXQB8rxAMWLnTHFbM9Y6uWlZkN/W63ceJAYzXNBtC/uzfMV8GRZQpbb/QVO9U/F54yefoB7XJ8BSrHYiCvIeV/SwWINNw9Lo/Cy4nsC6UrqYdanz32HrwawSGikfGjQGXDE1n3DcPXbA6rGR2N7bbxZnIeI7TLP+pNxEg8Apr550Vh1qM9oCDx7cYgFkAEb/X/P4PYqRe1yRn+jzomAPidhGCuHibtihCXU8bht4i3uwT91SJDNEmJI9yBSxAMY9pgjmSuVTO22tI=,iv:D+KOoEOhvNSEbx4h8ltF0Kj8XBp5B6ipCXFtREvqXdw=,tag:jVZjICBTlwEUAeaH7Rgkbg==,type:str]
credentialTemplates:
ssh-creds:
sshPrivateKey: ENC[AES256_GCM,data:NFkcWS4nL0KOtNaXU+InVIoVJhCiasJWN2JTJ2AP9WH9caU5pDw2mpT1mF0zZuRw/hvwJTrkSjA2pV6hiCEVwJegEWqWIKgnakEeF6XZPJK+ryWSLA2jg3Ba8BCMZxMTq9olZEt4ap/irKhvkoDxERdvGp/bsWYwNsy/lo92xNqAeGAWlyS4H5bBPx8RtzJx7MrVmGsOGmtPhaX9AxGtot13FZ07Y0lW0PZ75VgQzNS05Y9obO99hrdJ2sfGdmZtvqtENJGQh9sLzAKKbZFj5bE+A7TA54qVItmePEg6JhWdJ+0QMoyGXUaX1b1XsdwV8TOZEFOj9KI1RwsrOhwlD1sqkKJC1l498mOwP+xeFXJkGOtT2DB+Ds6LU4byXKMkvhwNQho2BBkQ/+W59IIL1+4a6RHMJwO1dhK94AsQDjy0TNyKKTSk8erotlwefR5ny+ZnARe2V5mLObmAZWdbni+AzvfHCrOQcmk3dxwLBCc98/hDzAMlbjsE34GWUEI5rcp+uHhFgnLaTNJE/PJOwP1WlFiyoDIpi2lj,iv:3XAh3cSFA2r1PMlXMo/1ubpIIgyGDDMhpni7hlinSBg=,tag:9po/JY+NFnOz3Xaw5L60PQ==,type:str]
sops:
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoZzFUTVVQNit4eTNiYWcw
Z2JsNEVGcm9Qa2NkWnQ3Ym1RSmV5ang4dGt3CkJhdSsyeHJlZWdtbkx3alhqemxD
NWdHdGV2K1ZOeGpqSS84SHVWMUN3OGMKLS0tIFhNWXBHcFg5VDNVUWVaY3RhY0dz
aXNSKzVjZEZRZlBaelk1TTNYcTkxcWMKC1gn1y9T0PsFOE4hKYS7m4OgHGkFcK/p
SSFtTltvEs6jEeXitHhGcn1IWy4hxEvUBnVMGwTkweIKefwxkHi9/A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-14T12:08:28Z"
mac: ENC[AES256_GCM,data:YzmFndPEnQAs9LDD41xQPGTUvU2zUup7J3dTUPLVmBZVHbV2Ml2xAmxMLXJ0G1VOM6h+TEQasU/ZUadLc41GM4m8aZfvxnQtMxPJEP9L1g4zhE3zzXAGXixcQ9xDY3aDhVwdoipyMo23kQqaHageVIfoBxE5ClI+ci0FepeBO/I=,iv:8hAfCtpoecVU8WgAStfqFArAMqBAiPJQGgKMJhJnDBE=,tag:lbJOH1IAf6Enl8g/Pe2I+Q==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.1

26
values/badhouseplants/databases/redis/secrets.yaml
View File

@ -1,26 +0,0 @@
global:
redis:
#ENC[AES256_GCM,data:INOZ17f72Qf6D+drbcvmnZRBRIeXLSAV9RmfOLZFp45qt8GWSHMnevqq9ge4Zlydtsd3BDek/JLUNl6YHPPq9qM1EFujY2htbOHyf0Cn,iv:zZDMizNKFllCyNH/bUF+vuB9YOikjo3q5ebzu3LYvCc=,tag:H0XX/D9xh0HS0Xnqgs/aag==,type:comment]
#ENC[AES256_GCM,data:JiLOpJanuZnMpN5dMvw2,iv:YEVZSdRHez1lCb61hWLvalLq8F67l7KF0WXmmuj9bck=,tag:KnpfgwUYBQLZsj4Jk13RtQ==,type:comment]
#ENC[AES256_GCM,data:mzDGjHlXUunu1yA=,iv:LOOU/QGaHKeDrssbk1haYd0lPclbFak9GygEbbN0gFs=,tag:4cUubeiY6aJj5KVKVkdFUA==,type:comment]
password: ENC[AES256_GCM,data:kN93kIMiVTGWbaYgMC1n1MWqdl8s3cbZS5vvYTa2,iv:Qy+GQchC6s2PoarPWtquipF9gAVYZR6mn0GeHABRogE=,tag:V/xbfm9u51UUG+we/3nNLQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrOHRuN1J1ODYvc0Z3OW5H
NFhVM0dWWGZETU0vTzVkeUk1NFVWc2FSaGprCm5NalJKUWxtLzA5VTU3YjR5VWtx
NExtbTZZZUZteVBTYnNWTVZvbnF5VFUKLS0tIEpBTDhPbkVLVytaY29aUktmZGF2
bnVKWmI4RWpLaGU5WTIwblJRcDFDMlUK2BHkUNbpRMo0jm2Sk+Qcf4giufJtaJyM
xuoG41AqGs4+KEDS8/rF9HK7z+2Wk9H5b8L+/W0n+J5EPOvwvFePTA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-26T12:23:02Z"
mac: ENC[AES256_GCM,data:xrA6hCFIH/R/j/V1T60xx5Eix5Z5ETREQP4zYriLkZQ4hEzL2WdJFExK1VXSfX4KmIR8215XHmHnWu70eIoAnFUaozBosIFtJz0YNrNNok6MeDGD5fy5mcBQfCqLw+rwbW/uxY7DQrchgVT9iFAkpRSoVPUzn6ku/xCmTmSlv3E=,iv:lNLR5QHKPUWb1Mz8mIFCHnjpuQVF7ttNTOy9+jEzLyo=,tag:G4iZ/9nWKh97JLGOxbgSQg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

21
values/badhouseplants/kube-system/namespaces/secrets.yaml
View File

@ -1,21 +0,0 @@
defaultRegcred: ENC[AES256_GCM,data:lsqr2fBEosOQqYLBwps1hmgFs90zkzbdHpO8UwJWcMl1/CGkyzroACqHkL8taaOnnvwWwadIL8FU3382jamw0Xk5O51bFSBbCxTs3xd4ibwe39ha5YI6YQDHADDb/u1Yw4TctJ/h9xykXHDOL4foE5Z860e16vtMiVvniLD9OGfR6utb9gvZHE2QqZTlHR9U4PY2vLWWQMN3VRvipT7hulmOUzXMVcuBswmyDF39PvTba6Ea7A83V9h6HpqNeSA1ewKREIDOFqjhl7tIit8aQnuee58bJCTVIdg6gyR6yfu6sF22wdUlsJ7CAHtd41sbhEhWGyzJIqg=,iv:J1CfAJmNpI7lgQalYJlXs+JX5I0e6COGrsenMhvDGLA=,tag:nHkq8VF47I/9FS8uGcEyuw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwWHpPUkZqbC9LaEtJYzhF
L0hIZUtOa3E4KzJDOFlwaFRVWDdJRnBtR1ZjCnVLNzhyQkdxS2dtK2lFaWRJUkJq
dThURHRTRG5GT1BqaTZRbzlUbXYzWHMKLS0tIFRSa1lkSGQrN1RGdklzYzZNU3BH
ZE0wMk1sRGg1M1lrNVFMTityK3cwK00Kbhugumz27RVo1SJjaljEbklHY6CW7xGD
UCbN0LGh5PPpN6eCbZW8dB1+/lLR9AnyYr6okrGM2iztaJQdlwRvww==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-27T10:24:56Z"
mac: ENC[AES256_GCM,data:xGqmh1TPg0OJLSycbnjsF4Ai844ZzlCzawQXmROpORJEiSL/3R1W+2PsBT5KcAfG7y2+Ovyk+l1FeorIPuqnbcezX9zUxMOaFXJylmwvNYXCwoihU6Yx2hg9SuFhnwINAhCLqOaRKIh8xPUaK8nRVqwJJa0jW6eCyZ5lsLtpz90=,iv:pmPfpSv3VfVz/MvTGTWoMxzkF3BvCMhK+HxEeN5pzNI=,tag:WkLcTz/WlLXmq8EojHfdlA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

39
values/badhouseplants/kube-system/namespaces/values.yaml
View File

@ -1,39 +0,0 @@
namespaces:
- name: registry
- name: flux-system
defaultRegcred: true
- name: argocd
defaultRegcred: true
- name: kube-system
defaultRegcred: true
- name: production
defaultRegcred: true
- name: kyverno
defaultRegcred: true
- name: velero
defaultRegcred: true
- name: observability
defaultRegcred: true
- name: databases
defaultRegcred: true
- name: istio-system
defaultRegcred: true
- name: applications
defaultRegcred: true
labels:
istio-injection: enabled
- name: platform
defaultRegcred: true
- name: games
defaultRegcred: true
- name: pipelines
defaultRegcred: true
- name: public-xray
defaultRegcred: true
labels:
istio-injection: disabled
- name: org-badhouseplants
defaultRegcred: true
- name: org-allanger
labels:
istio-injection: enabled

24
values/badhouseplants/kube-system/roles/values.yaml
View File

@ -1,24 +0,0 @@
roles:
- name: xray-admin
namespace: public-xray
kind: Role
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
namespace: ["public-xray"]
bindings:
- name: woodpecker-ci
namespace: pipelines
kind: ClusterRoleBinding
subjects:
- kind: ServiceAccount
namespace: pipelines
name: woodpecker-ci
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
sa:
- name: woodpecker-ci
namespace: pipelines

25
values/badhouseplants/org-allanger/app-tandoor-recipes/secrets.yaml
View File

@ -1,25 +0,0 @@
env:
secrets:
data:
SECRET_KEY: ENC[AES256_GCM,data:bLecWaJafPbXT2/dvKt3R2KNfuxxgQ6yLxviYbOf,iv:liuexfgYScH+eg/qSO23SQxE7hKpudgkOH3JRDkaa+A=,tag:DEcAbY6rg7mQnhsnukWtFA==,type:str]
SOCIALACCOUNT_PROVIDERS: ENC[AES256_GCM,data:kx9ziZhxWcWTu1UG7BPi/sdG1tHhzugq65xxL3IPVx8i1oHXwy+00KaOEsIYP+TJqX5516Zq6JqtXe9dQwI4uVIy538FdXeEQDHKNS0xesSx8jG0tKa71GiqyQGBrBBxiy144za9y1QHB9k1pvuaza8mVEQOoktmMFfiHzEOhYDQxIzTulOMWxN2ImTsYSupHS6HLR13gDCyROVDzj1Io/U1VHxN5RZBPiqthNiB+/Aj+2FuCwAaxgEE6VVNFJlghi2yiZbl/PvZ3MDT+dAx/NijawVt0qdBBmPvB3jKZkgRN2tyystGiu47hnLosuzjrOjAMA6rP7XkT2gQ5e6hoLlJxWD5IiAHI+gQK7REbyJrEmSwwH0aCVsd1H4FOBNk+rfKpTIr7sRZFTVcZLtUdTZW6EW0XWmrBBPr5jodmouoFZY+dGlWP1vQkG+2eymw5aJCan0oq+x+J9dB+CVZc/2M1zBeRa6Crg7w3smCqOr46jkaRxfoDxV2NdRSla5zkwwFSS7MqPYlqre2oW+pgP7lvRa4MW9++5q+Zg==,iv:RZMNm66PhTWvjJG5jtpJW22TFInHw8LT04qui3fMLgA=,tag:ETMqmFO/8Kve/W55WP21dA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKcTM5RTNIakwwZHNrQXE2
U2FsK1gwMDhUTDd1MVorbENtQXdnZjYrM1c4CmNQaG5TcU9wK25qQUg5a29UUXBK
WlZHK0M0dHEvZWVyZmJzR0RLU1pGWmMKLS0tIGk4TFArQnJyTWJJa3FJRlJhY0do
ZE81bENWM3ZUdlR0N2RKMnJkUnJxSG8Ky2ngwj6ZnToGhnAJChU8NXUG+XPPZc2F
fOD35BFO5bUNe+V8MkDLae+GQ1hr55r4WnvFpSWywRIjCFYmUJHTgQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-22T12:32:43Z"
mac: ENC[AES256_GCM,data:khcLV/lPaY6J5QQmX8466jx9bsXn+NwA3TLIUYs9ipKa539OjIWstwyydVxILSBCwEWGEW86c8EzLBwptBBgg6gehfRJAax5TAn0lBd1lAAiAxZhdNpc2tfoaMaUWfWdpwYjdrtnvAlAkN3/16nvx+TIq7WdU/cWsic96PqhU0A=,iv:I81QvtZ7S+mSAzoXhU0YBMN0L4K+SRHW3UtcSLxwK5s=,tag:gAeAIjyJ13A8gfE7ppBeRg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

57
values/badhouseplants/org-allanger/app-tandoor-recipes/values.yaml
View File

@ -1,57 +0,0 @@
shortcuts:
hostname: tandoor.badhouseplants.net
ext-database:
enabled: true
name: tandoor-postgres17
instance: postgres17
credentials:
POSTGRES_HOST: "{{ .Hostname }}"
POSTGRES_PORT: "{{ .Port }}"
workload:
kind: Deployment
strategy:
type: RollingUpdate
containers:
tandoor:
securityContext:
runAsUser: 1001
runAsGroup: 1001
fsGroup: 1001
envFrom:
- main
- secrets
- secretRef:
name: tandoor-postgres17-creds
extraVolumes:
common:
path: /opt/recipes
livenessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 10
failureThreshold: 30
periodSeconds: 10
ingress:
main:
class: traefik
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
extraVolumes:
common:
emptyDir: {}
env:
main:
enabled: true
sensitive: false
data:
DB_ENGINE: django.db.backends.postgresql
SOCIAL_PROVIDERS: allauth.socialaccount.providers.openid_connect
REMOTE_USER_AUTH: 1
SOCIAL_DEFAULT_ACCESS: 1
SOCIAL_DEFAULT_GROUP: guest

50
values/badhouseplants/org-badhouseplants/app-gitea/secrets.yaml
View File

@ -1,50 +0,0 @@
gitea:
admin:
username: ENC[AES256_GCM,data:U230S8544mg=,iv:yL45Opnqp5T4h7erEv0pRHWtH1th8uu1Y4wfeY2aJcQ=,tag:a4vsJEOxlmHj1mwqcUGbiw==,type:str]
password: ENC[AES256_GCM,data:IpwOetFEvxt0/tGkiJ8bBI+OR/E=,iv:8OA48CiWeMyqZVs2lp+UzfyymUNQfdgmAQV33+AVQ+s=,tag:stgAMSnB5dCzFu4zvZeVRA==,type:str]
config:
storage:
MINIO_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:cn3NsFx0TH0fw6mJt6cArMRyQ6Qng3gIPQ==,iv:Jv+rweQzEXfVWuWycjGSi54jRAm0XEEcNxZ6flbUZWM=,tag:6O9KvcnaVEME5lXl6msZLw==,type:str]
mailer:
PASSWD: ENC[AES256_GCM,data:3UL0uvz49J3GIOo/eVWKYLrDG+u/lvCr8Q==,iv:HBQKF42R3tHFQxkUoRzsiPCUkFM40qpjM0SYrQSxugE=,tag:iua/nXoogjxnkj9T6UB/Sw==,type:str]
database:
PASSWD: ENC[AES256_GCM,data:DbL7wryYRQAEzujWNL4I0AwEq6Cr2r78FXQOAw==,iv:Oc2IYwD7iy7AlYVnhvSc61ttOf20qJyuuDnx4yF3/YE=,tag:aLa8+r0kYvzFSuF3hvhL2w==,type:str]
session:
PROVIDER_CONFIG: ENC[AES256_GCM,data:owsHUHdmzGiFgtD3+nRBmHYKcsNQXblbuCO8V0tLAAMvJBRHSA5YG1TL3Quy2186yoZCPiAdeQwg/o2Iutk2Mlc6/NmeurZbxomV8dWBuqJfn6t44xnDgFnEXpxE5kB5lNCtcjKXmpxC4fkoUVscOyZFmKp9uTgH,iv:evmTZH5NzMB3nhqLhuBmTTF4ztJX9a/ZMTOmYMqSaxs=,tag:dLnk9xt+moGoBhx7tqazig==,type:str]
cache:
HOST: ENC[AES256_GCM,data:feiTcBqztm76LZgNShj0Go0IRNgG9UwCQP9KrdexosP2XCnSe+giyKoIcADiHQFYVbnnkpw7/UqNxgM0Tx+EQ9eyFKY+PaFyCSFmQwikmAWakDJ+hQNM1VaNaDKdeLiGIeI7nO2MH9hGDMzPWtUgMNBxc9tTS38l,iv:Rcr+uiZMWbG9IPeMm+eiNf3W3yz2L7yqSkJSKUhWHtk=,tag:3cLuUAEU6CZvvUYKF1cCAQ==,type:str]
queue:
CONN_STR: ENC[AES256_GCM,data:Mw7W72M3HitiAEG1ihWctXyYqHJuSiKBZvQDDRjA4O9Yg9Zsbq+/HVcnh074zbiTjCO/496FLiy88HuAw8lksZ7MXXVvRI7rIcFKFZLpHcjAqkBnB301SGalK/R4bSisECsYIFPjKuh+s4PIuPEIgFtZuiEvYdbT,iv:uYwjzUObav2Hs/JgRIYbGBFNcZm++qS2QqKpz6Ma6EA=,tag:0okDz0yzL4eSat/0roYJ2A==,type:str]
oauth:
- name: ENC[AES256_GCM,data:sN+DzBKd,iv:0HNSbQEDLsV76DIRHdWnPs9SI/bHRZz6Fw+8B8Hhuns=,tag:mwTWy9VSXapPu3uLk7LgSQ==,type:str]
provider: ENC[AES256_GCM,data:m74moJ8h,iv:QfE5F3vpIlEzIftHlX/qpNvsnAab8gTd4CHyECHNcmQ=,tag:JefFm9mfYJSKzBDOb/l6BA==,type:str]
key: ENC[AES256_GCM,data:7ScP3oXE0zTnaqL3AigHby39fMk=,iv:sXllPawkQ5BcKmC1iBUJ2WOEPK2lm6W3q+GrprHZhAc=,tag:vSCB9w5x6jjPNu5b5ZEMzw==,type:str]
secret: ENC[AES256_GCM,data:XG9D5IUX4MqJzKf+aB7MCeDJAQlIzMxSv3ByAZQAdZCI+5my+cMfeg==,iv:s3e0wFznoX55MeEQj+dK0QrzzatGzDBKfT4xDD00cOA=,tag:vk32YQcPs0kAIOj61YwHww==,type:str]
- name: ENC[AES256_GCM,data:eBSL9xrBDN50,iv:TiC3jjpfwS6A9x6PAkMIorwJ9CecxblzEFt5+ZmSW6I=,tag:XA6UrnJbkUyDBgOY9xfIPw==,type:str]
provider: ENC[AES256_GCM,data:yh4TBYDI2R0a4f1qSg==,iv:hx8pAuo//U+YY5a2cq/KyoK4qcKbSXWtkrDvACWLU2c=,tag:uJ9JNWdDjb0eTS0ZJXHDaw==,type:str]
skip_local_2fa: ENC[AES256_GCM,data:8YwpOw==,iv:2R3Zc4HK/U31SVcXR3xi9J/kJySR3osA8xN3YhvRxBk=,tag:SzBFOwEmczW59SHLGCMb5Q==,type:str]
key: ENC[AES256_GCM,data:rLR8ve4=,iv:qOVIBiFjsOrrRg/mca5l7SHc2GdVAdyz0TV3Q7lJlQg=,tag:tYEzx7SoeoAC9/lgWU91uA==,type:str]
secret: ENC[AES256_GCM,data:r7sWVeqWTnqbt7ArzpADD5A1fYU6+KSpLohWJuSbEUyPAzOSxfZGxSYNfAwaxACOgmJJnxUeQ9l71nyUDWzGMrFkLr+o+WcQmSTPV3+3iMHDsTdgjEb+tIZFdi0Z5PJ8DCBxjckmbG5cx3O3Kyrjc24SNHCVb62lhduZH1fIlT0=,iv:kvtMCpiOUx10zTKt/ZYQh3leYaY9+v169Sq+sYIScHQ=,tag:t8txjt3xuVKWA7QgBJYuiw==,type:str]
autoDiscoverUrl: ENC[AES256_GCM,data:SG2ev/BshOBP0NQnpZRQErZDAEWdReiwp2pb2JJBWZmFvC67//t8WZu1/wilfQjJvJdsDGwk9Rwncoxya5Fb9uKYDAQKzqULJk70Er9pyNaowFbMxiMm+ws=,iv:B9GM9MLIrKTtRfyDxltlFvvm01aRCTQnyiemH4qzjGs=,tag:Wqji+fKliEGJRZ4inTmbXw==,type:str]
iconUrl: ENC[AES256_GCM,data:lcW3npgyrc50GIYCyTh5Gpht2CU6hX67j13XNOvGQybU2dsA9BtqpmH0OMQz4b1g/XkuHAp5j3I0wLnGvhXXf4mEugzt8g==,iv:X/kHS77OJLDuNN2lTAWLqPARJ1QZMY1ImuS+xmkUlgM=,tag:0ZRh7eH6dYdZd250Lb/+xA==,type:str]
scopes: ENC[AES256_GCM,data:GtTGDrDZwU1r5vEsxg==,iv:/7yMuJpxlML3R1X8onDSFbJVwpYFtnLamaI+X148Tlk=,tag:e8HkvzdpkhDvedVzm7jG3w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6d2JneUUzM1VkM1lvclA3
aC9wMGpKSGU5ZnVaUTNlVDNsMlNaOVRNYVdzCkpzVUJzNHN2TmhHektzOC93Vjlj
SVU3cUxVUm4wWjJQRWZRdWlRMEU1eUEKLS0tIHRLOEJERXBMd0NFajNjbHhPVVNl
b1cyT0RYa3hzbFJjc254bHJMcDIzeTgK/aX6f60NBz6w1TaOFSZDRE7rPniebb75
iwO74fJtl5g9WxAG5yByxJ455Uhc2R/+VBbK5BcYFt9cboIgkUrS2A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-25T19:15:08Z"
mac: ENC[AES256_GCM,data:ySAOo8j+p9O0v8xYFcjuD6e/pc9LtLxLWC4TdP7mjhdfwwaaoJW96DLEbSYxYN7Co8zHFqdMp5e76SgvhWwP2LNmHLunJ3LNU6u6NSMEFLCSyjAM8KiqB4bTNq7Kf9H2FZbAN58YKXpZEFECJpxoLg2Q9MdRp+BvgURDa2QLZRc=,iv:Ay5vMdrKbNpFyir/N4+mPuOwKwIVupZbeJFKA+DWFDA=,tag:+YUSXQYMfu59oF+hjg0XMg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

179
values/badhouseplants/org-badhouseplants/app-gitea/values.yaml
View File

@ -1,179 +0,0 @@
# ------------------------------------------
# -- Kubernetes related values
# ------------------------------------------
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
external-dns.alpha.kubernetes.io/ingress-hostname-source: defined-hosts-only
hosts:
- host: gitea.badhouseplants.net
paths:
- path: /
pathType: Prefix
tls:
- secretName: gitea.badhouseplants.net
hosts:
- gitea.badhouseplants.net
replicaCount: 1
clusterDomain: cluster.local
resources:
limits:
memory: 1.5Gi
requests:
cpu: 1.5
memory: 1.5Gi
persistence:
enabled: true
size: 15Gi
accessModes:
- ReadWriteOnce
# ------------------------------------------
# -- Main Gitea settings
# ------------------------------------------
gitea:
metrics:
enabled: false
serviceMonitor:
enabled: false
config:
database:
DB_TYPE: postgres
HOST: postgres17-postgresql.databases.svc.cluster.local
NAME: org-badhouseplants-app-gitea
USER: org-badhouseplants-app-gitea
APP_NAME: Bad Houseplants Gitea
ui:
meta:
AUTHOR: Bad Houseplants
DESCRIPTION: '...by allanger'
repository:
DEFAULT_BRANCH: main
MAX_CREATION_LIMIT: 0
DISABLED_REPO_UNITS: repo.wiki
service:
DISABLE_REGISTRATION: true
server:
DOMAIN: gitea.badhouseplants.net
ROOT_URL: https://gitea.badhouseplants.net
LFS_START_SERVER: true
LANDING_PAGE: explore
START_SSH_SERVER: true
ENABLE_PPROF: false
storage:
STORAGE_TYPE: minio
MINIO_ENDPOINT: "s3.badhouseplants.net:443"
MINIO_ACCESS_KEY_ID: gitea
MINIO_BUCKET: gitea
MINIO_LOCATION: us-east-1
MINIO_USE_SSL: true
admin:
DISABLE_REGULAR_ORG_CREATION: true
packages:
ENABLED: true
cron:
enabled: true
attachment:
MAX_SIZE: 100
actions:
ENABLED: true
oauth2_client:
REGISTER_EMAIL_CONFIRM: false
ENABLE_AUTO_REGISTRATION: true
session:
PROVIDER: redis
cache:
ENABLED: true
ADAPTER: redis
queue:
TYPE: redis
mailer:
ENABLED: true
FROM: bot@badhouseplants.net
PROTOCOL: smtp+startls
SMTP_ADDR: stalwart.badhouseplants.net
SMTP_PORT: 587
USER: bot
indexer:
REPO_INDEXER_ENABLED: true
REPO_INDEXER_PATH: indexers/repos.bleve
MAX_FILE_SIZE: 1048576
REPO_INDEXER_EXCLUDE: resources/bin/**
picture:
ENABLE_FEDERATED_AVATAR: false
service:
ssh:
type: ClusterIP
port: 22
clusterIP:
deployment:
env:
- name: REQUIRE_SIGNIN_VIEW
value: expensive
extraDeploy:
- |-
apiVersion: kinda.rocks/v1beta1
kind: Database
metadata:
generation: 1
labels:
app.kubernetes.io/managed-by: Helm
name: {{ include "gitea.fullname" $ }}
spec:
backup:
cron: 0 0 * * *
enable: false
credentials:
templates:
- name: CONNECTION_STRING
secret: true
template: {{` '{{ .Protocol }}://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{.Port }}/{{ .Database }}' `}}
deletionProtected: true
instance: postgres17
postgres: {}
secretName: {{ include "gitea.fullname" $ }}-db-creds
- |-
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: {{ include "gitea.fullname" $ }}-ssh
spec:
entryPoints:
- ssh
routes:
- match: HostSNI(`*`)
services:
- name: {{ include "gitea.fullname" $ }}-ssh
nativeLB: true
port: 22
# ------------------------------------------
# -- Disabled dependencies
# ------------------------------------------
postgresql-ha:
enabled: false
redis-cluster:
enabled: false
# extraDeploy:
# - |
# {{- if $.Capabilities.APIVersions.Has "traefik.io/v1alpha1/IngressRouteTCP" }}
# apiVersion: traefik.io/v1alpha1
# kind: IngressRouteTCP
# metadata:
# name: {{ include "gitea.fullname" . }}-ssh
# spec:
# entryPoints:
# - ssh
# routes:
# - match: HostSNI('*')
# services:
# - name: "{{ include "gitea.fullname" . }}-ssh"
# port: 22
# nativeLB: true
# {{- end }}

28
values/badhouseplants/org-badhouseplants/app-navidrome-private/secrets.yaml
View File

@ -1,28 +0,0 @@
files:
rclone-config:
enabled: ENC[AES256_GCM,data:3y4DCg==,iv:n+Pfj4j405WR17aY7RbF6lpOQ58ZQmWrH6dgUTQ0jX4=,tag:xbKEnPnASJTl27ch1Hi00g==,type:bool]
sensitive: ENC[AES256_GCM,data:DGby8Q==,iv:nibU4CkdcYlT1F7OkgqE1apUuyJA5M9Vj5x40F9zt3w=,tag:oW+jPP7F1vWY5gf0JyrPdw==,type:bool]
remove: []
entries:
rclone.conf:
data: ENC[AES256_GCM,data:m4K3yt7no9mnUOzn/iGtaKqBrDXoLCgxEWV8NacXlOvh7c5ngmTmwoxzTaNxbsCQA7dECYb0dFtPvhF33AqgpcbRnqGrK54v8V+NaldQrgT2up4iQfdYA+sh+yNG3QAXU7eOEBvyFctJ+9dEaBII1sF/xFSkcTwrWkQFTQKLDdNIYU9a8ttEysz0cBWWXL3h9Y7C/mBjPdWIhpaf6Z63hy5P0hnYFftZsVM=,iv:qBBk9xMlZl3FriY2oYk4DQB1EKTsl7/qUj4s8naVvts=,tag:tDUKvK8ZuIxVeJjyUUqeXQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxalE3bUtCWmFVejBJMlZq
dUg0U0R2VytsZHZ5QlQ4UGdrRmdsWGhWbEI4Clk1WEZ4U1lEdTJoRVBTbEFXaE1O
TW1wb0dycS9HeWdQcUx3KzJKb2kwTVUKLS0tIDU1bE9JWnp3Q3U4V0pVOGs4Z3Rq
Q1VsM3orOUZmS3lDaFpNN2g0cnllVWMKqZlPfiIFKn8h56gspbbUhpv9RkL5gF73
NzqtFJJwQOGaD3lk2ocaLLkvywJ/DKNf7JupTWlmggHijId4hmpytw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-20T15:04:15Z"
mac: ENC[AES256_GCM,data:XRmw86oJLHXMAY/SPv6ptQLV1Eocbig6CQSG1SdOO9scMpfgD3tMY43z5aB16DkW+6AG1ti+TS4JRgXKLaSsAmORqRN0yTwGEktiLs0GxhtDvMYwnclj/Cx76WbZyMkgVzCHe7ZsAI+9DrejSFYbB/CzA+8yq1KmMf/L5NWcv7o=,iv:AcYK48ywr2pzNw/HEY5hWOcjdnmnG2/eWp+r/o15Lbk=,tag:HLKLFYFV+7SWUaFYiNUS3g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

49
values/badhouseplants/org-badhouseplants/app-navidrome-private/values.yaml
View File

@ -1,49 +0,0 @@
shortcuts:
hostname: navidrome.badhouseplants.net
ingress:
main:
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
env:
main:
enabled: true
sensitive: false
remove: []
data:
ND_MUSICFOLDER: /app/music
ND_DATAFOLDER: /app/data
ND_LOGLEVEL: info
ND_BASEURL: 'https://{{ .Values.shortcuts.hostname }}'
files:
rclone-config:
enabled: true
sensitive: true
remove: []
entries:
rclone.conf:
data: |
[music-data]
type = s3
provider = Minio
endpoint = s3.badhouseplants.net
location_constraint = us-west-1
access_key_id = allanger
secret_access_key = fPN3Nv6yDWVnZ7V7eRZ
rclone-script:
enabled: true
sensitive: false
remove: []
entries:
rclone-script:
data: |
#!/usr/bin/sh
while true; do
rclone --config /app/rclone.conf sync -P music-data:/music /app/music
sleep 10
done

54
values/badhouseplants/org-badhouseplants/app-navidrome/values.yaml
View File

@ -1,54 +0,0 @@
middleware:
enabled: true
middlewares:
- name: navidromeauth
spec:
headers:
customRequestHeaders:
Remote-User: "guest"
shortcuts:
hostname: music.badhouseplants.net
ingress:
main:
annotations:
traefik.ingress.kubernetes.io/router.middlewares: org-badhouseplants-navidromeauth@kubernetescrd
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
env:
main:
enabled: true
sensitive: false
remove: []
data:
ND_MUSICFOLDER: /app/music
ND_DATAFOLDER: /app/data
ND_LOGLEVEL: info
ND_BASEURL: 'https://{{ .Values.shortcuts.hostname }}'
ND_REVERSEPROXYUSERHEADER: "Remote-User"
ND_REVERSEPROXYWHITELIST: "0.0.0.0/0"
ND_LASTFM_ENABLED: false
ND_LISTENBRAINZ_ENABLED: false
ND_ENABLEUSEREDITING: false
ND_ENABLEFAVOURITES: false
ND_ENABLESTARRATING: false
ND_ENABLEEXTERNALSERVICES: false
ND_ENABLESHARING: true
files:
rclone-config:
enabled: true
sensitive: false
remove: []
entries:
rclone.conf:
data: |
[music-data]
type = s3
provider = Minio
endpoint = s3.badhouseplants.net
location_constraint = us-west-1

20
values/badhouseplants/org-badhouseplants/app-open-strike-2/values.yaml
View File

@ -1,20 +0,0 @@
deployAnnotations:
keel.sh/policy: force
keel.sh/trigger: poll
keel.sh/initContainers: 'true'
extra:
templates:
- |-
apiVersion: traefik.io/v1alpha1
kind: IngressRouteUDP
metadata:
name: "{{ .Release.Name }}-game"
spec:
entryPoints:
- game-udp
routes:
- services:
- name: app-open-strike-2-main
nativeLB: true
port: 27015

27
values/badhouseplants/org-badhouseplants/app-stalwart/secrets.yaml
View File

@ -1,27 +0,0 @@
config:
env:
secrets:
data:
SW_ADMIN_SECRET: ENC[AES256_GCM,data:dG2zVmvycL7TZM922XADQ/SwWMBrUvXd+BPwpxIvmaDnjejpEaHUfB0xhpkhZqhAB8M=,iv:5hDpUFLLGLf4VLj8h3weOZhiwJKYORg5uKVgXVXKbgM=,tag:9FQru61B5hDPcIoIUDvUtg==,type:str]
MINIO_ACCESS_ID: ENC[AES256_GCM,data:HvZa/kOy8ZI=,iv:T2433k3OmZTmPTx2QWEAELlN7zY37LUynapVWpASrJ0=,tag:Kvr4wIgq5dMmXRJDoxqGxA==,type:str]
MINIO_SECRET_KEY: ENC[AES256_GCM,data:Tv5VWQprCKtJCghzhZ8YD8/9,iv:hioZ+d0ns+Hr3pBVyfFWgcuRKDrPQmskSnU0XOMwhzA=,tag:nuFn0qV9UMy2ywiFfx5gHg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGMTZGN2NSYXUzcXNJVUx2
YXE3Nk5MbnV1dyttUEtmUExabFYvOGdHcTBRCkM1WE9uNlF1OGh4NnNDL3NabXhi
OW1NcDlydUMraTVQV2tjLzVla2tpSnMKLS0tIHN6RXVJTzNvZlkyTmdDb09UTUNy
TVJyRVI5U2NmV1VIQTk4cjlYM1htMFkKkxsXzn+7nFiTs3mANqO0+f7/TTGKogFk
8ix4OpiA9b33kuqi4Z7bXx4ucyCmlDwtxuHvmOEOyW4yJ9F1cgm+Uw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-15T23:05:04Z"
mac: ENC[AES256_GCM,data:Kix/IdONJ79Lj1dc/gigpM7BUPyg7EIsPQzkhtu8+nbIQZQsm0CYqlqPx1V7w0r9vef+rCd/8GX8RdKw0o5ZaDZY5l0nXEi9E7dEtcHTYlrr8fqljcsGRAKmOiBRMkPh0jGTEPlFRtb0Inrn85rWUiMJP12hwIIS0t7GpAydKdI=,iv:1pMdzj1x0Hf65nmZ28Lv7yu6Y+suQKxv274nYl8J3HI=,tag:GQL8HOSswz2N56iNAS9l9w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

318
values/badhouseplants/org-badhouseplants/app-stalwart/values.yaml
View File

@ -1,318 +0,0 @@
shortcuts:
hostname: stalwart.badhouseplants.net
base:
workload:
initContainers:
prepare-config:
image:
registry: registry.hub.docker.com
repository: library/alpine
tag: latest
pullPolicy: Always
volumeMounts:
files:
config:
path: /app/config/config.toml
subPath: config.toml
extraVolumes:
config:
path: /app/etc
command:
- sh
args:
- -c
- cp /app/config/config.toml /app/etc/config.toml && echo "" >> /app/etc/config.toml
containers:
stalwart:
volumeMounts:
extraVolumes:
certs:
path: /app/certs
stalwart:
path: /opt/stalwart-mail
config:
path: /opt/stalwart-mail/etc
envFrom:
secrets: {}
raw:
- secretRef:
name: app-stalwart-db-creds-17
extraVolumes:
certs:
secret:
secretName: stalwart.badhouseplants.net
stalwart:
emptyDir: {}
config:
emptyDir: {}
ingress:
main:
metadata:
annotations:
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.class: traefik
kubernetes.io/ingress.global-static-ip-name: ""
kubernetes.io/tls-acme: "true"
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
config:
files:
config:
enabled: true
sensitive: false
remove: []
entries:
# Ref: https://github.com/stalwartlabs/mail-server/blob/main/resources/config/config.toml
config.toml:
data: |-
[lookup.default]
hostname = "{{ .Values.shortcuts.hostname }}"
[server.listener."smtp"]
bind = ["[::]:25"]
protocol = "smtp"
proxy.override = true
proxy.trusted-networks.0 = "192.168.0.0/16"
[server.listener."smtp-startls"]
bind = ["[::]:587"]
protocol = "smtp"
proxy.override = true
proxy.trusted-networks.0 = "192.168.0.0/16"
[server.listener."smtps"]
bind = ["[::]:465"]
protocol = "smtp"
tls.implicit = true
proxy.override = true
proxy.trusted-networks.0 = "192.168.0.0/16"
[server.listener."imap"]
bind = ["[::]:143"]
protocol = "imap"
proxy.override = true
proxy.trusted-networks.0 = "192.168.0.0/16"
[server.listener."imaptls"]
bind = ["[::]:993"]
protocol = "imap"
tls.implicit = true
proxy.override = true
proxy.trusted-networks.0 = "192.168.0.0/16"
[server.listener.pop3]
bind = "[::]:110"
protocol = "pop3"
proxy.override = true
proxy.trusted-networks.0 = "192.168.0.0/16"
[server.listener.pop3s]
bind = "[::]:995"
protocol = "pop3"
tls.implicit = true
proxy.override = true
proxy.trusted-networks.0 = "192.168.0.0/16"
[server.listener."sieve"]
bind = ["[::]:4190"]
protocol = "managesieve"
proxy.override = true
proxy.trusted-networks.0 = "192.168.0.0/16"
[server.listener."https"]
protocol = "https"
bind = ["[::]:443"]
tls.implicit = false
[server.listener."http"]
bind = "[::]:8080"
protocol = "http"
hsts = true
[store."minio"]
type = "s3"
bucket = "stalwart"
region = "eu-central-1"
access-key = "%{env:MINIO_ACCESS_ID}%"
secret-key = "%{env:MINIO_SECRET_KEY}%"
endpoint = "https://s3.badhouseplants.net:443"
timeout = "30s"
key-prefix = "/"
[store."postgresql"]
type = "postgresql"
host = "postgres17-postgresql.databases.svc.cluster.local"
port = 5432
database = "%{env:POSTGRES_DB}%"
user = "%{env:POSTGRES_USER}%"
password = "%{env:POSTGRES_PASSWORD}%"
timeout = "15s"
[storage]
data = "postgresql"
fts = "postgresql"
blob = "minio"
lookup = "postgresql"
directory = "internal"
[directory."internal"]
type = "internal"
store = "postgresql"
[authentication.fallback-admin]
user = "overlord"
secret = "%{env:SW_ADMIN_SECRET}%"
[tracer.console]
type = "console"
level = "info"
ansi = true
enable = true
[certificate."default"]
cert = "%{file:/app/certs/tls.crt}%"
private-key = "%{file:/app/certs/tls.key}%"
env:
secrets:
enabled: true
sensitive: true
extra:
templates:
- |
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: "{{ .Release.Name }}-smtp"
spec:
entryPoints:
- smtp
routes:
- match: HostSNI(`*`)
services:
- name: app-stalwart-mail
nativeLB: true
port: 25
proxyProtocol:
version: 2
- |
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: "{{ .Release.Name }}-smtps"
spec:
entryPoints:
- smtps
routes:
- match: HostSNI(`*`)
services:
- name: app-stalwart-mail
nativeLB: true
port: 465
proxyProtocol:
version: 2
- |
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: "{{ .Release.Name }}-smtp-startls"
spec:
entryPoints:
- smtp-startls
routes:
- match: HostSNI(`*`)
services:
- name: app-stalwart-mail
nativeLB: true
port: 587
proxyProtocol:
version: 2
- |
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: "{{ .Release.Name }}-imap"
spec:
entryPoints:
- imap
routes:
- match: HostSNI(`*`)
services:
- name: app-stalwart-mail
nativeLB: true
port: 143
proxyProtocol:
version: 2
- |
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: "{{ .Release.Name }}-imaps"
spec:
entryPoints:
- imaps
routes:
- match: HostSNI(`*`)
services:
- name: app-stalwart-mail
nativeLB: true
port: 993
proxyProtocol:
version: 2
- |
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: "{{ .Release.Name }}-pop3"
spec:
entryPoints:
- pop3
routes:
- match: HostSNI(`*`)
services:
- name: app-stalwart-mail
nativeLB: true
port: 110
proxyProtocol:
version: 2
- |
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: "{{ .Release.Name }}-pop3s"
spec:
entryPoints:
- pop3s
routes:
- match: HostSNI(`*`)
services:
- name: app-stalwart-mail
nativeLB: true
port: 995
proxyProtocol:
version: 2
- |
apiVersion: kinda.rocks/v1beta1
kind: Database
metadata:
name: "{{ .Release.Name }}-postgres17"
spec:
secretName: {{ .Release.Name }}-db-creds-17
backup:
cron: 0 0 * * *
enable: false
credentials:
templates:
- name: POSTGRES_HOST
secret: true
template: "{{` {{ .Hostname }} `}}"
- name: POSTGRES_PORT
secret: true
template: "{{` {{ .Port }} `}}"
deletionProtected: true
instance: postgres17
postgres: {}

25
values/badhouseplants/org-badhouseplants/app-tandoor-recipes/secrets.yaml
View File

@ -1,25 +0,0 @@
env:
secrets:
data:
SECRET_KEY: ENC[AES256_GCM,data:bLecWaJafPbXT2/dvKt3R2KNfuxxgQ6yLxviYbOf,iv:liuexfgYScH+eg/qSO23SQxE7hKpudgkOH3JRDkaa+A=,tag:DEcAbY6rg7mQnhsnukWtFA==,type:str]
SOCIALACCOUNT_PROVIDERS: ENC[AES256_GCM,data:kx9ziZhxWcWTu1UG7BPi/sdG1tHhzugq65xxL3IPVx8i1oHXwy+00KaOEsIYP+TJqX5516Zq6JqtXe9dQwI4uVIy538FdXeEQDHKNS0xesSx8jG0tKa71GiqyQGBrBBxiy144za9y1QHB9k1pvuaza8mVEQOoktmMFfiHzEOhYDQxIzTulOMWxN2ImTsYSupHS6HLR13gDCyROVDzj1Io/U1VHxN5RZBPiqthNiB+/Aj+2FuCwAaxgEE6VVNFJlghi2yiZbl/PvZ3MDT+dAx/NijawVt0qdBBmPvB3jKZkgRN2tyystGiu47hnLosuzjrOjAMA6rP7XkT2gQ5e6hoLlJxWD5IiAHI+gQK7REbyJrEmSwwH0aCVsd1H4FOBNk+rfKpTIr7sRZFTVcZLtUdTZW6EW0XWmrBBPr5jodmouoFZY+dGlWP1vQkG+2eymw5aJCan0oq+x+J9dB+CVZc/2M1zBeRa6Crg7w3smCqOr46jkaRxfoDxV2NdRSla5zkwwFSS7MqPYlqre2oW+pgP7lvRa4MW9++5q+Zg==,iv:RZMNm66PhTWvjJG5jtpJW22TFInHw8LT04qui3fMLgA=,tag:ETMqmFO/8Kve/W55WP21dA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKcTM5RTNIakwwZHNrQXE2
U2FsK1gwMDhUTDd1MVorbENtQXdnZjYrM1c4CmNQaG5TcU9wK25qQUg5a29UUXBK
WlZHK0M0dHEvZWVyZmJzR0RLU1pGWmMKLS0tIGk4TFArQnJyTWJJa3FJRlJhY0do
ZE81bENWM3ZUdlR0N2RKMnJkUnJxSG8Ky2ngwj6ZnToGhnAJChU8NXUG+XPPZc2F
fOD35BFO5bUNe+V8MkDLae+GQ1hr55r4WnvFpSWywRIjCFYmUJHTgQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-22T12:32:43Z"
mac: ENC[AES256_GCM,data:khcLV/lPaY6J5QQmX8466jx9bsXn+NwA3TLIUYs9ipKa539OjIWstwyydVxILSBCwEWGEW86c8EzLBwptBBgg6gehfRJAax5TAn0lBd1lAAiAxZhdNpc2tfoaMaUWfWdpwYjdrtnvAlAkN3/16nvx+TIq7WdU/cWsic96PqhU0A=,iv:I81QvtZ7S+mSAzoXhU0YBMN0L4K+SRHW3UtcSLxwK5s=,tag:gAeAIjyJ13A8gfE7ppBeRg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

26
values/badhouseplants/org-badhouseplants/app-vaultwarden/secrets.yaml
View File

@ -1,26 +0,0 @@
config:
env:
secrets:
enabled: ENC[AES256_GCM,data:bai2CQ==,iv:NG7q1ZsDpCW9Lu00fGsibpTEHGtew+l5TFOLOpljlwU=,tag:Z2/fXmsEEqhDzCdTWS/Qhw==,type:bool]
sensitive: ENC[AES256_GCM,data:n+dNXA==,iv:iFM0+5G5Bsw4NI+JH1vMMrty3Zo0El0HE9F6PEDsJrY=,tag:EcbzQHVeOHVLVC7kgaRPXw==,type:bool]
data:
SMTP_USERNAME: ENC[AES256_GCM,data:eQ4c,iv:4vX/ioHWEA6DzMwZ+23dgUN4PJ7Asz7bbufG5Fy80iI=,tag:1Mq0Hj/23T4fvGEXuNUtxA==,type:str]
ADMIN_PASSWORD: ENC[AES256_GCM,data:B08urSqwYgekI6I5LDYGHbPK5n3r+woRZw==,iv:K2O9aSJLRMbK+N2lfX4ojSqhbmb9KbWsuW2DtYZHCOA=,tag:Qz0OJ7aWwC+/9d1oc38ySw==,type:str]
ADMIN_TOKEN: ENC[AES256_GCM,data:sKVugfrrR9L5LtozHPibGiPULiwv8pAot925Z/rQ0V/mW+DVvNPEw4odgfX596Ddmd8oV5zo5Mz8WIPUCmrVmfdoz+3YzVywEy8=,iv:npthfz4xcW6fF10RhHCF6uXH/6526l3gjZGRu+Xpylg=,tag:vsPsRZ7EIQ7FMvqJga3hhg==,type:str]
DATABASE_URL: null
SMTP_PASSWORD: ENC[AES256_GCM,data:quvcZQKauXeW+l8xkYgVBElBQveoRWKDBA==,iv:KpQH+Ef87jl/M9XpBtIKNhn7ATHoV+Jgjpzg2Li28Kg=,tag:jniePrO7UVp/cz/eIh19mg==,type:str]
sops:
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGNnFwbWFpTWgxRk45S240
cVI5ekJXdVIwaG5NcGRPa2xTN2pFV2tyN1JBClNVMGhNL2FaM2pCK0sxbjgyalJN
MnpQeHBxY2RtWkI2c1htV3oyQmNnbVUKLS0tIGg4ZXNwaFRKNTlIRDluT3k0VDRD
Y3pIaEdFb1JwMnVrYnJ4UkpWMERmZFUKa45EvUqkvjaL85xh3gyxTeJ02IxPJf9a
TGjAvpjBrym9v++OrHn2otw1NOeZwSP1hmSCc+sa6/0yFqcU031xjQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-01T10:29:47Z"
mac: ENC[AES256_GCM,data:VmYotoR4BJJv2mZ+kt+NNn+oXLKWHed0o/TkJO93/4eLUm8Wg9SPMA1ZYYe9YRfgbIhYxPlQbPPKQBv95XeOS1FFL24VyenTTP3TXWroeXxOWubko/Fp88U3glJXs5jfL5DLYKvGwTXG3tchFDwH9m6QOABX+aRxvNBEP5zXUxs=,iv:HMzuvl8YCPj9ZA5tKfExQfSbvwu4IEHz6sMLAe8g7vo=,tag:lI2fh1b7prHsBS8Snrbdtw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.0

63
values/badhouseplants/org-badhouseplants/app-vaultwarden/values.yaml
View File

@ -1,63 +0,0 @@
shortcuts:
hostname: vaultwarden.badhouseplants.net
base:
workload:
kind: Deployment
strategy:
type: RollingUpdate
containers:
vaultwarden:
envFrom:
raw:
- secretRef:
name: app-vaultwarden-db-creds-17
ingress:
main:
class: traefik
metadata:
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
config:
env:
main:
enabled: true
sensitive: false
data:
SMTP_HOST: stalwart.badhouseplants.net
SMTP_SECURITY: "starttls"
SMTP_PORT: 587
SMTP_FROM: bot@badhouseplants.net
SMTP_FROM_NAME: Vault Warden
SMTP_AUTH_MECHANISM: "Plain"
SMTP_ACCEPT_INVALID_HOSTNAMES: "false"
SMTP_ACCEPT_INVALID_CERTS: "false"
SMTP_DEBUG: false
DOMAIN: "{{ .Values.shortcuts.hostname }}"
LOG_FILE: /app/logs/log.txt
extra:
templates:
- |-
apiVersion: kinda.rocks/v1beta1
kind: Database
metadata:
name: "{{ .Release.Name }}-postgres17"
spec:
secretName: "{{ .Release.Name }}-db-creds-17"
instance: postgres17
deletionProtected: true
backup:
enable: false
cron: 0 0 * * *
credentials:
templates:
- name: DATABASE_URL
template: "{{ `{{ .Protocol }}://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}` }}"
secret: true

43
values/badhouseplants/org-onpier/app-memos/values.yaml
View File

@ -1,43 +0,0 @@
shortcuts:
hostname: notes-onpier.badhouseplants.net
ext-database:
enabled: true
name: memos-postgres16
instance: postgres16
credentials:
MEMOS_DRIVER: postgres
MEMOS_DSN: "{{ .Protocol }}://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable"
workload:
containers:
memos:
envFrom:
- main
- secretRef:
name: memos-postgres16-creds
ingress:
main:
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
traefik.ingress.kubernetes.io/router.middlewares: org\-onpier-memosauth@kubernetescrd
ext-secret:
enabled: true
name: memos-basic-auth
data:
users: |
allanger:$apr1$kNwkQ0S.$9q29sib/xWEp3NDp.tquw/
middleware:
enabled: true
middlewares:
- name: memosauth
spec:
basicAuth:
secret: memos-basic-auth

19
values/badhouseplants/platform/authentik/secrets.yaml
View File

@ -1,19 +0,0 @@
authentik:
email:
password: ENC[AES256_GCM,data:aP/oiXCzwLsEd0qAp8aAPufQ1Ko=,iv:T5YdegcjWEK4MDdzLhFmsvV56OPl0jkhmtepohujP/s=,tag:EXerXi4m06Ryy7WVD3ZURg==,type:str]
secret_key: ENC[AES256_GCM,data:Oh/csFD5+FDfyXUYRVCEPrBE6UXPFZkR5VEep1bkAjs4hltuOaO22Q==,iv:IiBtFjBbsjepC2VmEk6wEe7r14lv48DBX12SpXaUCmc=,tag:ITR6OJiCYMxUoTGnSCPTQQ==,type:str]
sops:
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSUNmTVZ0ZC9LaytCUTZy
TTRNR0M0WDVmN0RPVllWTmR0dnMrdzBCOFJnCkMrNGVCc1FnYkZTaE1vUFRCVWI0
WERUTWMwanFZUDFnVExZL2NyVTNWTk0KLS0tIEN2K0wzQm8vUkw4azZPaE9LZGsx
UW05cHVjemNBeDFGbHhoVXR4ckUxUXMKgfTTlw0Q3J+pFSW+eEyfK1tkrbEd4ZzR
x0ONWS1GTx+um+r76NYNRI+W93FD5d4/jiiZGPB6rupMSje9DV41MQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-12T15:22:14Z"
mac: ENC[AES256_GCM,data:xwt0NRuygT/qAlhnfKHLqgVFfEMKMIgiGvjCl7baIplwl94Kxqhh6JMgCogjjtoI2iGrAY3QPamfTDQIOEItB/yqQ7S9NApWIfsXtA8t85YuWwnP3OTCDmpy6dcP1FOV4lGmSvsqr65+OYKALrPTRkA7pV9kGo3roO6BPJbpb+Y=,iv:5eY4EOBM0ZFSjiyKmOJ07YNStOg0+Db3cM27g8+Y//s=,tag:rT1aCz5M0k9AbxKSWhmJ1A==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.1

29
values/badhouseplants/platform/db-instances/secrets.yaml
View File

@ -1,29 +0,0 @@
dbinstances:
postgres16:
secrets:
adminUser: ENC[AES256_GCM,data:uuu/xvwJkHk=,iv:Pk+i8bf7AeeG9wKVh1RDJy7Dt3r5b1UKy4SJijlZfq0=,tag:QO3gwYXAG0sBBuHcKfTNQg==,type:str]
adminPassword: ENC[AES256_GCM,data:tjWATjuJT+C97D4TLQgk55BZOwVv,iv:1MWYtksmrEBQtOdGvtc6MZyLP4yBKA88eIpQ4mZCULM=,tag:3hOlT5n2Wd81ebxeEgW5tw==,type:str]
postgres17:
secrets:
adminUser: ENC[AES256_GCM,data:4w2EItIM++Q=,iv:cQLryeBskm2Y9OlbMFgQEWEBi7z/VxucLWbwZXsRtto=,tag:Ir2Q7KZv/sSDdA1MX/Niqw==,type:str]
adminPassword: ENC[AES256_GCM,data:wHUL2p8CXYwoEFu3ffCCsQO9xn/GqOZ6JPrcHKzy,iv:khoogPPFHSd+4xyp+jf1w0RfOUgrKzAmFjLnisQ8HXU=,tag:GRnkCQ0uOlUt2AiEAceFRQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuL1lwdVNHMm9nZHRld2lO
Rm4xVnVHWG9hNDc1cUVyakxzUU1PcFJhalM4CkNicEdUV2lEYWMwaWNqeGcrQ2p1
Qmw1b1FzRllqYW85bjF0cmRGcW1MbjQKLS0tIENUcG1oOXFNV3REaFU0aUEyd2k4
RDgzRmlKT1ArblpOV1plcFpyMnJXZTQKgm8Eaw591+EHZWofXAADTXRHPOdOvdOM
jYne1szB/V9UJz+pmLa10tNgruga+P5yP/j+DGcYrTj0pVh5IJLjTA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-30T19:59:46Z"
mac: ENC[AES256_GCM,data:3KrwiArDx/bPAHbFGgb9BdDVHC+uC1IHp4LZXlYRZzWSKtX1t+ODQVzUW97kigGFG1sx6WXddl/w3XeNOoT9JbS5iPXJQe6KAPleNV50S/oab+U53WeloO8uL68Wrk9v/NwMhCKwE9cCqBBhqk7wCb6N9ivt45mLrUf06L8fok0=,iv:bOWhyIm8FhKtZAZH/78bukkeDp5P4XShSD20mgr4Neo=,tag:RZMx9bi+ZEcLwTzk+Gm8RQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

21
values/badhouseplants/platform/db-instances/values.yaml
View File

@ -1,21 +0,0 @@
dbinstances:
postgres16:
monitoring:
enabled: false
adminSecretRef:
Name: postgres16-secret
Namespace: databases
engine: postgres
generic:
host: postgres16-postgresql.databases.svc.cluster.local
port: 5432
postgres17:
monitoring:
enabled: false
adminSecretRef:
Name: postgres17-secret
Namespace: databases
engine: postgres
generic:
host: postgres17-postgresql.databases.svc.cluster.local
port: 5432

23
values/badhouseplants/platform/external-dns/secrets.yaml
View File

@ -1,23 +0,0 @@
env:
- name: ENC[AES256_GCM,data:iUkU/BNlitD6f6RQ,iv:x5aENGi0aw9gDh2a7h92DfxwQgdbacM3hHtnPVdIKWA=,tag:4vyOlP7XcC1F6pjnUieAuA==,type:str]
value: ENC[AES256_GCM,data:cFypu5mF+ktwjNFCBcy0U/1UIt4Fc/CAtH/SngvaaBXY0yinYzaiOQ==,iv:2VQ1Cpmppkz2ylt5NMP84o+0EQkI43jz267HNRjMugg=,tag:co3LJzwxbmxT09km65MVuw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwMXNsQjEwYXdaR0Y3bktt
UGFYS09Nc29IR0w0YmpweUtyV2pPbXFPeFJnCjZkclRSVjREanorbk5MKzJybWJI
UDlwdlVqWGZockVVeFVrNnZlZGp1NUkKLS0tIDhnUzgxdlFWa1NicVJEUk81cXp5
M2xvSjRrNUx5OFRqbUFpSXdyZ04xVzgKMsBwKA8dVSW9BR2jSTBxMPKevual5P8I
V+YUcIIUAP1sFjs4jVhTduBSMI/ZSArWYIEX+dQ46oGDLcRzODm9xQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-16T14:21:33Z"
mac: ENC[AES256_GCM,data:5nE5vx69ESp0HW0/uxYGp8Lq35Cjb5UpSmNkx1H4ux67K3xs3zEBSrupDuUqzrrj/WFFgTf8fIAnfu//bEUvRqtqkIOb7eTqBlQTCzdKWLMvfwhv3WnfXLljJvZZH+e430z7ayw6psfNbwm5sPr+/sPSijg31xv8x9wN8LfZqno=,iv:BKyKMqQ/eLiDspSlvMh0/I7hKb3xn2BUQhuHwrl+Pfc=,tag:is4SHDuAT2c3Ip2O5ifgWw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

15
values/badhouseplants/platform/external-dns/values.yaml
View File

@ -1,15 +0,0 @@
provider:
name: cloudflare
domainFilters:
- badhouseplants.net
excludeDomains:
- ru.badhouseplants.net
policy: sync
txtOwnerId: badhp
txtPrefix: badhp-ext-dns-
logFormat: json
logLevel: info
sources:
- service
- ingress
- crd

50
values/badhouseplants/platform/minio/secrets.yaml
View File

@ -1,50 +0,0 @@
rootPassword: ENC[AES256_GCM,data:edKknfs0kqBVSTQ4CQUdRdKH22c=,iv:PcSajWchrPOfdPek9OP5s0nfWlFWToHTfLZ89iBZeSs=,tag:5kK4eHmNza1arao76EVHzA==,type:str]
users:
- accessKey: ENC[AES256_GCM,data:mjmjYJCJofI=,iv:4nN3dt4CKACC7C1/Zfn76SixKmTW4NUxDj+WWbp4DSo=,tag:4lNCTXo+isM+/crCNRtEyA==,type:str]
secretKey: ENC[AES256_GCM,data:qkQbZVszNgwmjSvtMtNlEjVBKw==,iv:k+xYu3RFJNovJMBrNqO7QICIvkhe0niHnbGSEwaXe9s=,tag:A2j4EgUB4+3ywZMbroydUw==,type:str]
policy: ENC[AES256_GCM,data:KOG9rF5sQtA=,iv:g+KBqLtKBmuj8saUomFjewp1/MiTqXNqxOua2rL19yc=,tag:ibsvSJsGbNuqp5Q8azpcog==,type:str]
- accessKey: ENC[AES256_GCM,data:JvnF,iv:T2eXmfOvFInwpsHzrV4oY9vTsJkdHKvb4+UEriunGQw=,tag:MEudOOKBDi42DU+w7K8MEQ==,type:str]
secretKey: ENC[AES256_GCM,data:NVFcExw9K2Xw5SbtvXLh3OfoGXNe0IhGmA==,iv:lW0gJ/l3v6BWGCKK/W8B/T2cWq9i6akk2gcsxqPAJpU=,tag:4hxkcaOBc8lHwkMQbzXCbg==,type:str]
policy: ENC[AES256_GCM,data:TzNg,iv:/5IRuuS/lO0eo9dos0nNjFoar9PPYlDna5G0dezORvg=,tag:5vyT7jsmU561wFh5NXXG7w==,type:str]
- accessKey: ENC[AES256_GCM,data:42SdqYzhNp6Q,iv:pzLnTOITSXJQ8mSNEE+H7EMpa/KO3+W2WJndRgs96Ps=,tag:fZBGTCRPvjRny9FcpvUEmg==,type:str]
secretKey: ENC[AES256_GCM,data:J7qAgeWCk6ASt5xBqyrlRNbzQWc=,iv:KC2rpT+lZMyWCch32ycvDtCtqtEWPst/xt5KE1kfYuQ=,tag:9K/Aj54OrbC2qeRWE1bXYg==,type:str]
policy: ENC[AES256_GCM,data:DOlqPrIkMCai,iv:q6lULKICvr74qPC/hp90E0XBOFNEs9sYZGfMkcfGZx8=,tag:grNwZst6JUXTpirYIz2XAw==,type:str]
- accessKey: ENC[AES256_GCM,data:sy6+E6w=,iv:oHZeQp3BwjB94V/sYxqH5d2L60QMI9m4ZrbolKLRBC4=,tag:7huBXPr027Sn3agLTMd28A==,type:str]
secretKey: ENC[AES256_GCM,data:BD4AjbQj9EEK9tKuyaD2OQ2Xrdjg0OlYpw==,iv:52AzwMOA97K40T+QbJ+0Pr4yNdNLw+yfWDEXsEWyIpM=,tag:j+CUMCoUykq05i81C8kEiw==,type:str]
policy: ENC[AES256_GCM,data:+BUO1Qo=,iv:kH4rHe5wb0xqOfI2vBGXcyMSCzuSEOCYZ1D8P+7KcnY=,tag:l3twpA6C+gvDZv4qeevVsQ==,type:str]
- accessKey: ENC[AES256_GCM,data:FAtE8kxRyrLC,iv:M2O1MPh1s0r1gNof/2oUybxQxDIOTR3HNfFOLyi6kPA=,tag:gf5HJZbfmn2XTutqeAo0uw==,type:str]
secretKey: ENC[AES256_GCM,data:GV4Hrq5p1mh3chle1XrvlTpPn7EGQFy1tQ==,iv:xYTNNavejVJmtKLPS9OzFbamcZaz+eRtAn68gGddby0=,tag:HkareuwAwA7QWE6mLO4Bug==,type:str]
policy: ENC[AES256_GCM,data:iHNhp3SM29lZ,iv:/y927HxGNOVuayMc1hl8DB/l8l5ioMXb0Fkf7RAA2qw=,tag:w0oC4RgAmYKaWq5sredNTQ==,type:str]
- accessKey: ENC[AES256_GCM,data:u2jY6VH7W3c=,iv:vR5C1FqK5wxY2QXxKKxaaadoWqPptxtLUGsjmyq0q/E=,tag:enHvPhEd6KahnVq6KjFhQw==,type:str]
secretKey: ENC[AES256_GCM,data:BQTRMAKezwRAtLE3jhFK71Cp,iv:M1VmxliYG0+VNuiDr++hJPe2fa/X32ZJCYAD/VDwYNU=,tag:8jIzJHhE5k7QAjm8vnlYrQ==,type:str]
policy: ENC[AES256_GCM,data:6qgyKj01Big=,iv:wB3Adf71VPXTu668fq+yLT2gCPru6nDVqqdnh63OfCs=,tag:d5xLh1eLZEXxksg/DxfVHQ==,type:str]
oidc:
enabled: ENC[AES256_GCM,data:IotxfQ==,iv:vi5Fn3a7My9nyOb67zTTEzHLoFS8IsEQMcQ2i8f2Nns=,tag:/DMVcbOb0s5mZH3uuStXXQ==,type:bool]
configUrl: ENC[AES256_GCM,data:Y7/Qzdy1RLbFgX3ynK6v8KIP5D5qKmwtRx3VCFWVJoch+q5tqHYnENgTcagkOwkHEhQY8DFcSJRrj7VwSGU6f/Rd4LrPdVboe8IRGFdaaZHXobwVooHGlCs=,iv:urkXua9hA6dVcltwwD2ZAb1ysZjU5eKegM2ifWtO5wc=,tag:zgs9I0aVVyAbuyd80ajlZQ==,type:str]
clientId: ENC[AES256_GCM,data:aZraoow=,iv:XhlAZly8Pb4LFzt4K1XWyvdeEQnU9VEpn9jHvwdm+34=,tag:T5CvtIU6SJ/hUM69GUfSHg==,type:str]
clientSecret: ENC[AES256_GCM,data:WtIcgBfFGvfswBTRAp8IqUV5o6HAklMs8C6Yu9xNjadqtcvuUARMeVLGddioZJZFDu9e9wrX/O9Z5nAZrPjSNLVjjlC6hZL3OhqkMYhkowD7g0lLlTcBtWrQ0gzzKzgEv3AxldHlpGvsj7xKFzrH9Og0Dpw6ysYSV2pdRT654zE=,iv:JyHrOmIhP8yf/X5cI9kLNrvPPWhtTiSqj7id2/qE9Hc=,tag:MhApKAE5DVjGihxzqQPZBQ==,type:str]
claimName: ENC[AES256_GCM,data:Brw0M+jN,iv:V4YgI6J+QD2TnlQwBekS1PBI/Hgc0n/iIttPzNPK3eA=,tag:cDSu70i0QkVDHjoa+wKEvw==,type:str]
redirectUri: ENC[AES256_GCM,data:Hrg/3/GLHX2vEQwSuRJi2rtFekVNN0Idtt4IQ5fHxdRzLkKiBGi7kesHfquju8Q=,iv:OMeIhw8DWKJN2RZLxv/14+nI363tLjzKniffjT5t204=,tag:AokFVHtetOF0vLMBFpvuHQ==,type:str]
comment: ENC[AES256_GCM,data:ILnDkL8NNhKHkpZABUmpJ3nsxRY=,iv:Q6Ndcr7LzyViOKmtfX6ZSf0O5/6+ehRRn0V9Alrec7w=,tag:dxZxfUIEEMTHTHwQNHOHgg==,type:str]
claimPrefix: ""
scopes: ENC[AES256_GCM,data:ZP6O/NVbf67rZujeJVpgHsxjN2jtuP6rmjFB,iv:6DSLl24QqUZVD3hbd9Khxah1yEyri0FUTSVEceZTkDw=,tag:/C+y4oP7cOibwalDPzpv6w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpbVVjMlVGckdFazhPWVov
a2NTQWU5RGlmTGFSeFZqaW04MU1rVXQ3blhBCnNwQ1daNzY3L1JPK3FCVDFETU00
SnAxM0dNM0RlaEpJc21WamtJV0ZsNzQKLS0tIFdFK3pvemtJa1FyRnl5TnBZdjdh
aVR2T3dIQkFOSWV5S0QzZE51RGNPYmMKGTDousxnJn8mBe4AiYSz+zApYEQVQU0e
DQMlPYEQbmeT25G3C8XksSvEslTtPs9jwZv+mPTDXgzihxe8V6VQDQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-01T19:07:25Z"
mac: ENC[AES256_GCM,data:4PN2B86mG1Vy4BhV3hI0ec7nBowJnz1PDgDz1SGdKIzshxkEl9tAAt4eGnT5dwndO78R+cmmpbKOdSZXecE1PAHmGyp8e4vi/Y0F8EXTTl2rXcST3Lg5ivuIswKxpNhn7ZMZaUiJMFqOJUK5liGR8vzrNhJc6oPi65LJR8XgnII=,iv:XSm8C570MqHELojSxUUHmNppEVvHX0033BOXWxP4Bhk=,tag:hwWJuHYMdZd+OH2HJG3CIw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

20
values/badhouseplants/platform/uptime-kuma/values.yaml
View File

@ -1,20 +0,0 @@
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
external-dns.alpha.kubernetes.io/ingress-hostname-source: defined-hosts-only
hosts:
- host: uptime.badhouseplants.net
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: uptime.badhouseplants.net
hosts:
- uptime.badhouseplants.net

20
values/badhouseplants/platform/zot/secrets.yaml
View File

File diff suppressed because one or more lines are too long

27
values/badhouseplants/platform/zot/values.yaml
View File

@ -1,27 +0,0 @@
image:
repository: ghcr.io/project-zot/zot
tag: v2.1.3-rc4
ingress:
enabled: true
className: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
pathtype: Prefix
hosts:
- host: zot.badhouseplants.net
paths:
- path: /
tls:
- secretName: zot.badhouseplants.net
hosts:
- zot.badhouseplants.net
service:
type: ClusterIP
persistence: false
pvc:
create: false
mountConfig: true
mountSecret: true

22
values/badhouseplants/registry/cluster-mirror/secrets.yaml
View File

@ -1,22 +0,0 @@
authHeader: ENC[AES256_GCM,data:BWmu4bpFjlIDStIcWfpsgbm1hfxlvZAK9LabhXuAdArJzflc4VA+Dy5fJRAMu9Mv,iv:+rwtfnjJCZKPmdcUkTfklq19uSgavOKaySK/O/xd2PE=,tag:3yXa+0LbIqMDk6KLWAAN0Q==,type:str]
_mirror_password: ENC[AES256_GCM,data:0aa6fqR3+0ZY5KhRKJa0SKBcBnF/KizHXTIm2NQB,iv:DUB8ItYbT+K31XLbWzi5909RPVn9DG9HRDU120VxbdY=,tag:DniRwku2rQX44ffMn4mU6Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsQ0U5L01iNFo5Y0t5SFo2
MXlwVDhQZ2R5QnVlUndmQ0x5L2ppU1h6aEVZCmhaUW1JY0RDMEM0T1JkZkk3TGVD
R0JjaEN0MGxVV1RIZUxkbjgzMTlTMmsKLS0tIFdDNW8xaWsxamFvUGRFaVZsVUV4
S3ZiYTJGOUFzZlNwSUZvNGtmSFNpczQK/npaHLqHSxMnCXNvDFw0eB9KfMJ7bWfV
ZuteeaXG+eZNX4l1ZY1pLNUv9kui4oXI8payp7sTZJI6WYZCQz6Oaw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-27T20:50:16Z"
mac: ENC[AES256_GCM,data:XtX4NUZ9PCdAFckdlygywFQ8vJRAszOjqPItr0MNRM0ndk/PkYYGzY0phMan7FgxY3Cz5XMJcv/MEogLedM+uH5vMbsOpRY49jpILMORL3Ni1tZFG5Px5NbfExGQmjFyefotRzCHlsUSTZEHlBIp4+FeBI41CgBbLw45rEoneL8=,iv:Ilk7TXqKSSV5WYnptLRaOk/lwwHHLesbSslOCarlVEA=,tag:vWXe+r3tHXoMtWYeJN9T0g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

26
values/badhouseplants/secrets.argocd.yaml Normal file
View File

@ -0,0 +1,26 @@
configs:
cm:
dex.config: ENC[AES256_GCM,data:bSlWRFGEJG2minUCqhi822rrOd/oiYtiiH6+qN58W1ZgWED8Fk2v6BfH4oIircNOKi57SDl/LU9L6ZtjN4rE1WApRUrffdvfVEz9n6wSfz3IZAzr0X4QXqqybpsj0M02yJYYmu/BQn2HBI6mCuARZRo9XN14+qamF59fg+/uPYQ0ZYPemgU0xPaCKBt2YAPLZEJdxOi1lBTFSNnJ1bLSC5aaW3/C4RqRIwAlEn0EEoimiBXaVSiCvqEqgvtTFjq8PCu+zmZ9wy1Kw/BvfLDXIRNZzR3uV/8TnUy2+joU5wlYKHNUxehE/tIn9T1hOoFKKmBbVKHs6Wh8Nwo5iIy0x0EatZP/5KrgRZPc7ZF03ZlGjOKk6Ap5AvhWQgO9JFJ94dgCdmk9gzCuuHjiZh9qat7alkFBnEYsOrprEvLkpavxFj9om3pY61Qg/i9fk9gFtxoM7yTaxHTuIUsXpto+/ofviFPTm7dgrIMPbERJYaN7ETcrHglJPp/zizQkaKNspOcBCMkAnFCaVn257/an7iLhm7orcdDt7nVLGlCQyq4GBEdy5+x4JVIF9H27R2d9774TTHrFYWo68pDndrT5OCviZebuVqPj0W9LASkUcIwB2mPj6Gi3OBAuQLX48f5s9uGLfNh4UXdz4Rp6zKJJ0IImly7ut5yglrwFxDpXcLoku8/lyEeQlkOADP3+bBcpB36rBLm9gZ77CjHMNsu2zCNx3pMu6W2GAWJbv7FysAMASHfikhaCDx6oxlJdaGnYk8LJeWhSLERsP2qwkSEDr42A4YRsmsvkKohcZy4Ub3xQWE3dwTrc6vr8wJ8Sqj0cK8y7RaM79SulBJ8WExg6nzvZRfOcp8I=,iv:/xI16L5fvHC2IPAsEpg5QR4vz7Tnjlnl0C7cEDSSnek=,tag:5XLlpaauuQQuy3SrPdYZNw==,type:str]
credentialTemplates:
ssh-creds:
sshPrivateKey: ENC[AES256_GCM,data:iIxxWhxfKhcHoTOfECWhOP+725xbUWIlq+cIoehrxMBP6XfHvxZpN3tQegeH5geYlbYWy5/kvJ5aLWVPEtWy19GjwoGk0ozS5l3AufIroWm3W/zkD+bcCgG+4wKTI6YQq0KVQDYY2ZMyxFnKLPXWdKDJSIS0y0dQB8G9fQeANUvtozXAcMpLfoAPKEUpZQhY5e3vMut3lUDF12u3S0kWJJF8xTjTNjmR0IrLWILc8TH5EKTHrLGfFB8M+T3P8+zatIFE9w+RInp1t0yU+OHFWeu0WSt+tLOc+DBTQhdugKd62nnmRAav/O3DJqCVGe7/JP6ZwGdHw8f/zEf+FnDJq6I8LnHQl35KGYH8FftzA0uG5UCoXPkTz69HRa2gDsuY4YSuAoWkDIFIrf85hfC+pl//1McjIExkY2fW+t4FWWZSoCAGRzQymXetDh6KColRGNMk1LOjUXFTV+AHB8rm7ZQ4+mGw5IVdBLE/TcmmHOyQq9fHQaUZMvj/9/p2DIS39rQbRRplR9JJIA7OrlwZUZLuLxXshUjP3hB8TJHXdo1eJWEWB8XaCwOX8mI4xVa+tVC4GazHvpvhOxWAgBhG/Ba6eXSFY+bQz6tySg3WEESEZ+ihC20AjAn1kFKQz55vxI9/NLcUw++LmwV5f0f0Qk91HLkQR16/P6h8ce71P8knhDP5gDBVuPHM94NJ3TW9klzfhMFwNZXwtEqwiTUBSbYwzYs5AMwLhYjLDHrWodulmVFfhw6qCekDkMup/PPim/Khk/6yZPDW/Re4MNpRWsfM+AT5SomhRBf3VFI0PRyXaPHXNU62OwjCs6+Z0SBjdx357qt8q3G35eF1Ido79U5W7YtPN8V/lgNJxGCZsOgX6+Mgq1JIlrHkU//emgRXVQnAtQDr9SGf9NR4L4qwzGpdbhzYNlQ3756ycdjFZ+itaBP6vaq2Eszj6EzTODunMonFWCAyxlgeAMXpQAhlJVvu02cdipK6mkwC++nPqCknCnLEKJNHKEBlzcmJ7Bg09HiS4IXkXryEQ+BU0YLJWDIDTVFRG8tleATDJ6uFhBoryS52SVbfXPK88SGL1bAFdtvNXF4bsefQC3gI/pBKW4gS5EyCr11joocAsHX+CIe54K+UQdGF3cvIAjwbBRDjzW8+JTnZWdb0z5joWi2pQGpg9aB6XddBww5VJhRoiOOJrc+RKzg4WMwNDm1Th8QaTrAHpO+ILiDFXTviexk+Ggg9m0MpqKX25EHQVmjL68D03lyJ99xlU7Ee9Uvk5DeamPpdvuwWTSm6NUrJ1LeKt1Sw7wIAwbVan45G7yRahIH/+BJPm6byMAyB109jTJdfEqzNgowN4rJXd+1g7K6+jMCbgv0pA3aqHLbWZt0n1ZCA4BztwxuT3zvzXZnLpe0HJeauZls49YEGhvWpcxXDRNoZ5nXKZ94K0hbaLVzpx1mWp0lGxSTlGFyBQVhhAKF0MClVuyGVLRuuYCHcPdx521pK4qeEQo3gr6XTM4H3fkqhKsxsJVx43gjtj8bhEmlScHX839+D8rlVYQZwupSmSCYfnUnk9Izm5hcEGkpzemribmv/pD7Lqu72TbqpI7dj4GKFjfeG8gIwKlqHhBY64YBeYGVRjJrxYIQBkLswA5yrIeu9UZJMF4uc2s90sYye8jrI6FNV4C5EhD2HDUGOvjDwgIlV6RyDJCuPeuR6Qm6OO9NMby9Xi5xQdg/tGtkghTQzgRUGMW+bpurr1IplYpJfY8mQBz38ibvKp6Xjl7bTlc8IUanugG9HKETiXhNDDQVhhfZrsfwIwx6ejCNombMrMlV3k9ZSvKyvg/dpUQPxayKMolE11b2mA71dkNUVt0LjhjIO2PA1Das5PRAqu6QBevXSoBSb2A5VLok2BtqZo4kKhboL8vl2FcJO9lGB3ZuxQaNX7c30H4n57Ri/JgXG22L1IJMfAvw4e1HlLvop0sgoGkz0Ngz+U2VzPRMuUwPjKTUSN/tq4FpXvUCA5g/YmNhCnDH/LGTJsN26zEjqjYvALtTprmFqSN1I+8QM3ZA3ZaE+EcquhD4CNfcN1kvkz/4Yv+9sQym2fqbLGKzSSEXKVtnJnIlttfiDD/4wU3ARDqnzwWq+SJe3aEnnz05i13m5TGdQV1QQ3NwHIpk0leRIu9X9afvR/uInjkSNKhB00JWPhYzp7htnFo0uVvqHGBKRuK2KQOnANjaQweesoIHM+bj/v1ryr/i6Owf8D+Go5ESMPVTUD6xVTvdkE2gn+DN6mYZH3G2vIjbze5PNJ1GA11Mzhekh+1QxyBpbHPlDaaVzF+sEyCPdnvlAYZ4bycae2eIrToxmSv1EBTmBRJEq42RcC16xB9I+uxBFEJFM0A8lVOW/7J4qbMfyYb7+naptsNN3wgPg5E2iQI6kLLAy1cDtkbDLhczm4w9sz+4SRLcAt0jXMx8422BjxuuwEApyyVjTwtzL3p0z1fCNlBBfwOBlUfTR42Z04Q6XnQFmCUMaL9ZZQHHjVYlQTvY/61eLcADFxu77Y1pYh8NP6jJyuAynJmy6IRMMoYw1mhvZWxnqxgyvPZQ6a952yd24GArB8YRTcKM1d6cbVTvyOrHns+rNeviwqb2c1446/mdUvHurYfnxbc/NTzNTaKWnwRMcnPRkpqbH0XkIAooQLKgmTvDs4IdK89Ja5iHu408TMZUgNkXqCjJ7WsZQZ2I3ogZPdMCxpZdcRNhcS98Sf6BlF3zxbBtLSc5Jv5buXPYYOFGrDJa09LG6YEU4Sk1P62Sm1KtR8XgaKWbx+jXQSbgBKavGC8Wh1C0OHVlJzDirskjSs6Unr2lUpyp75IaGDaWin1we3J+kxfpFKZDBh147Bf9XoTXVvi/GtSMYGmv77r7kZHuNTriXlW+lrak6wnATo9+Bi4bT3B6KurTcEROM2RC+fnG8Az9eUOSg/SUtaV3swmN6g/9DfeYCZY06zpXpmDV1Ib3hexidrnu5FvQcUofr/FzwP+Md2KZ3rapDXcFxRGG1Pggf/N3bXpGkHJXkeAghWXn6UWObrssbcCEsTKBI9vnioP0a62tObwrLKJQMvEZDm6WDGcFmZIWmpHAXakpxdGiqqOe/NMJAneGZWTdLYFs5OUKiMVAf4UUCdM/j4W2i/h1uluqJvRlZxOsM1XK0tj3KMveWqVsJeT8MK6QESLVa7o03ZVvv92KBamNy/16N66U4imzo+23FKPJupPnaMuhYCt5nVK+2DerhtismXBrWKyIPpoAW/8L9KXPW/UzMuClDSZ7Uo2e5pZ3PTHH+EBpjbCQj1veIskTXog2KFbv0bgiXzX3oWrmlFh1D9pwg752V9ZSGOP/eZdQ/cxdOURhu+ZWPG7WgxyyX/ZVh1aZRaBRuw5FAsqhZtjhkqiWtUHznaBRgn55poux+GFkN7XxHxO7idum6ecPLF6xPNyqkvPm5lUNdfml6qP6tQfO0uQ==,iv:cswd5iTvERSH5JQUz6IT7U9+agzsS3PheG4Md71hSrY=,tag:QeBr865/eWBrZtcrE3QRYQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlOVJweE5UeUlhUkNId0w2
a1kwM1dsWjJtZUt1QmNTZmlJNHkxRHdwaFhjCnoySGZDYUVJdzNGYUNyRnRKOXIr
SktxNlNBbmRDRXdZTDFFRnRnSVpwNXcKLS0tIHJaOUwya0pqRlBRVFZvaERjQk5N
aWVQUFo3bDJpK1R6SEJpMVdmWks1dkkK50KPI/hji2aJ1CLYqtxU87oE2tsBcl+I
d+Vs4aKRjY/mpdO7NWhmeguH1boGhMaKpZlSV+TZGBtEsl7RQ6mbtQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-14T08:08:21Z"
mac: ENC[AES256_GCM,data:pRtlf2AnmG9ztZyXwbxR2foagCMBX8BwfhLrsoLeEpSyFLbNMKIGKMSZKaJ3r9IU7gErXh4KoUGXcg31LB80B1G+YFlICvxmlXX0MB3MmedzTi6I6N7ydFse11n3WF/XaRUhpZVE9sCyZgNxgyuhf0LTnS0FU7tauVgAERAazYE=,iv:zwojdj+/HIglNNdS/lYokVqiAvH0pTZIk5jK20oiA7c=,tag:rRi0uEIP8ag/45cv8/4FYg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

24
values/badhouseplants/secrets.authentik.yaml Normal file
View File

@ -0,0 +1,24 @@
authentik:
email:
password: ENC[AES256_GCM,data:OtaK90UmvOkSjHYe/37W5aSlZo0=,iv:WQR0YIz4U5QIxc7YSQ2JZRLnA3ZF0JouZtnggTW674g=,tag:Us163wc95RbiN8XdXogt3g==,type:str]
secret_key: ENC[AES256_GCM,data:/6gM3ZUb6mIYaJO2CyCuVxLFOxdogTMbKb4c3HYXpvxZIqoFt0t9fHY+XU/mC0OGue4=,iv:TfGI7jXixrI/YBp++AFHz+rCliuo6zhbgXeMviw7rHY=,tag:G52eT7OlxDub1pL27LWHKw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwNG9RVzltVnZraWNnTW1q
aUIvWDNWcEovWC9yWU5OdmxjamFyREgwSFhvCjNwM3FLNmZUV0tHK25tNDRsNGpn
UTZDUFIrVmQyRUNZa3d4R2NpbFZqM2cKLS0tIFVoMnBtSUNRd1VHVmx2RXVvdDN2
UzFDZDRJRzV6cUVpY0NNWmR5aU9qRlkK6dudxILhTOjvNi2Pwo5jg13GqRG52igd
3yXhaIzRp+fcgAXMlTTTwe2jBNRYCv84+wLvV2NkfHyPeE0t9Wh/ow==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-14T08:08:22Z"
mac: ENC[AES256_GCM,data:qHD7CYM7sFBiJtGADcFeBHSFlmvEZaEVRGXTr02Tk+uLGWn9lP5CuOX1sU4x3Gd8nilwZy0fRAL523HDLvYQBPwsi26Vbp6OgZ9shjp5CvrQMUTg1qRCfjWAw66Y5NHHUJrrYc0sOPlTWXxRyU1Xk9aMvtRQi1ooum9wF3vhuoA=,iv:ADzHjgi72Ureve1CxQhkySvLZ07//Q1oBMKpvgXfNy4=,tag:RAIEupIsOviKYlQJO/rgsg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

23
values/badhouseplants/secrets.external-dns.yaml Normal file
View File

@ -0,0 +1,23 @@
env:
- name: ENC[AES256_GCM,data:RLLp8toAkoWLWRjp,iv:UUP3i5QkNBw/pgYmxHtRUDx0E6i42e/Ioh1z6WnLESk=,tag:+PEinrzkisEQx5gVCpdJ3g==,type:str]
value: ENC[AES256_GCM,data:RKiCvUOctYha7fusMWNrOKHPgmMMjuejDCip470QMHQcxY1S+yJfXA==,iv:ESfZNZimJkD5T4tzRPMu53H+ushbhOuXaOdX73MaWV0=,tag:F516VFRCw6k589vClX8Jfw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3eE5LTURCa1pyRjBocVpP
ZGxXMUZkUC9XK0xNb2duRnJiOHNzNGp0YXdrCkNvNWMvYWkyTHhQU1ZZeng2bmlz
bGRrd3p2dmx6MjBuc0lYakhMNERMOVUKLS0tIGpsRHcxdUFtTHlXVGZLTEZ0c0ov
b0RMSlFCM250MXJHbWhRTWtGbkxHc0kKpyzba8yp0xN1KjcUACcmlznH9vQtYAsL
3bm7Cw2AZO7nkdCxky/ITd8N3rbqAVGeM2CeTAxpcMbEXKq66/yqDA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-15T15:21:16Z"
mac: ENC[AES256_GCM,data:aIXlmeiqaFu9Jn0zI1qyU3iAkhLKgqMwwLcLDlr+LeYX/88cZtzgP683jW3MYC/LxnNh4LG7v8EK/HViNnCkrvZ5iC9cibRPQYZJrkR3B3oGk4L+RxPws2VUa72pJsG0bQ8M2DDCoDO2T9OuuflqYENPLyYLL7D7CaeSj9w8G0A=,iv:EDaGmWFUnzp0vkIeR1J8iZ9+PjOMuRi4YltoqJAN0P0=,tag:DsSd6Nplvy0nIWaCJgnhgg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

96
values/badhouseplants/secrets.gitea.yaml
View File

@ -1,50 +1,50 @@
gitea: gitea:
admin: admin:
username: ENC[AES256_GCM,data:u1KcCwDNplU=,iv:s9mWKPTz+8rFKS2RmFPxCGOIPXFHLvLX3v0t+DemDEU=,tag:MmGR2LqDmHw10uJdPe/tSw==,type:str] username: ENC[AES256_GCM,data:1yKnMnzbHno=,iv:AWqprQPRloJhZEtyhF8+5dgxyHXtK+2HLxHa+gU+Aw0=,tag:Irk65xjOWgFBfPUJGVcQcg==,type:str]
password: ENC[AES256_GCM,data:mBhL52UJwOwWpRGRfc5WNAvYwHo=,iv:hGt1kGA2miwzMidwD0AT62oXs1CAwAFpKk3XltqsCz8=,tag:bfhsQxef8cKEes1JkTQw/w==,type:str] password: ENC[AES256_GCM,data:8hbWwHlNyxzNe6PCYJ2w5b8oUi0=,iv:GtkHDZFUzk9rVh7ASmk+Qb/litPD5QX38hWLR24pgSU=,tag:bmdNTBDt2Mrxp1cVXmJwcQ==,type:str]
config: config:
storage: storage:
MINIO_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:5VjeSHLIDvZB/VE7OJ1eqWOnT5NU64om0g==,iv:OFK7MYlb9QfV4ZHIECa3vHG9pBp1TCGSqqUJX3D7uGE=,tag:Ibmihyp3TXarFtr/tDtEEQ==,type:str] MINIO_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:tLHwP5ZsoxKnaG38hNNXvXoy4PTuxlUT3w==,iv:bR0eL0MHOdT3CnsQrjdlEfwCEye41/ts/vsQf3ju1cU=,tag:XxpkrS88muDolMcB0r9rWg==,type:str]
mailer: mailer:
PASSWD: ENC[AES256_GCM,data:lIv1/BEEkouDVqNy4u+u7WCY4zz3ow7fWg==,iv:we77bHyHyAYCMxFGG13sE/M+5Tv2VeYfrg9bsa3leec=,tag:TOltFQbhrXMJW5w5x27YjQ==,type:str] PASSWD: ENC[AES256_GCM,data:tw+vJSoedon/a3VhXkcpupumdbBnyMbSzQ==,iv:xoxIm855BhNsNfq+5L33yIDFKx8igNuEV71IDt0WNzQ=,tag:i9FJe0x4PqaMb/SBN0yXCg==,type:str]
database: database:
PASSWD: ENC[AES256_GCM,data:a3AV8QMYOxlWiU7G1DRCaOSdHKA=,iv:3ZCwEMo3/3rmGJXgDr/Pw+rNQBU14rUKQ7330otX1qQ=,tag:KjwexsLkYaHsTdXoHwXBJA==,type:str] PASSWD: ENC[AES256_GCM,data:pB7YPucwcXwD9fzJsckZshz7ZLM=,iv:23k90tX465WltrQwSyx8Hixe2hnya/dx6aIvr3ti1wA=,tag:NvgN1g181yCBu5Mf7uYmGQ==,type:str]
session: session:
PROVIDER_CONFIG: ENC[AES256_GCM,data:nPtmi3wG3+wVkyb+IV832he9rUo2TRRx6cTqvGdVSIZMfcfUvS4rmSH7CQ28OYK6f+WEKs8PkjfrBzEP1mPFHC5eRQfg4ryaqM7eWmHaJipcg4h2nzH9ii6FXyYtmm2zFsTnodOJryEo0T/nMaGhEt7+eylCL+L4,iv:8UFjsAEtMjMqyC9Ib3ipoqpshFrsdE9d3dg7Cewv7dU=,tag:gGVNGk66/Kr/dZ6B3wbD4A==,type:str] PROVIDER_CONFIG: ENC[AES256_GCM,data:Ipcta9fyfGCygYqpisgiy0rCckP5Ma5bNs2ClFNn0lnm1LQOJDdDLiQDr5u9L/WG6Bs2WhHbeSrdjxyZdCKv9pd1CfmB7S9eNcp2w+4hhofwUVcKW89rj9HYEHSLuY8C4Y5KbJKKl6PkY/JmTzyVSpSMDHYadf3j,iv:YsMR3zwZODENuy+WvKy8AdByKTuI7ng0hf1AJT+CMQk=,tag:9hOo08OLybdNgr7wvRPvyw==,type:str]
cache: cache:
HOST: ENC[AES256_GCM,data:tXEIBKqGyeuAc/adO6DjcyAAGgcIuwxJ8T0Zsi1xMy3I3gXbzeTG6XwyAesiUoHifoYTpn3wWbf+pIh8KtGFXb58UcEOgHmnADPWALiXKFoZmvtHDL+JEjOjd0tyoskJNf4Oi4BckJDnfpYuMqJW9qcQbsxlB1My,iv:kJ7XRqvUVEGUC9aAPYO+1oZA3QPc/SE9apaeTgLf3wA=,tag:525IBTPiuZIkAxAIiRE35w==,type:str] HOST: ENC[AES256_GCM,data:K0FpmrMo1TlUnHHHRKcKVQ8NYeOr+YEeQjajEIM1x5XPjkxYUmywyVL8f5qNLkvotAtD941Rw9CQ7NRof0NketkYyC8gJsndfznGPjhfqH5a0MUWDu9tAfGUzWGzXxC0uq4Ne1eRhu4SjZljZybqk5qQR00Zc/qX,iv:izMvr/kdes3+Gl1a6URnWyQ5TwYqTDMOBskHxPZZpgo=,tag:MWdLA5PV/+bEPWgXHw9OQA==,type:str]
queue: queue:
CONN_STR: ENC[AES256_GCM,data:Z1+u7JAcgNXkrO80YC2bMDk5VMyTFRAxDPc75ZPKbaD5+nsWQusvnHTS68rAu/WT21xAFpny7geERIOEZIewpucNoCTlqHVfJu/tsl40qMoBfjEWuwfaRM+AlNaXm5USTXkk+alQ3eJ2KIIhfhY1cd1yohRoKvAd,iv:bmLkzWqR8SwHLgWG6SWdeNr1w0fcZP8qNRlhfQfvJqs=,tag:QY5A8YGy0+3BnWSLBcsK5w==,type:str] CONN_STR: ENC[AES256_GCM,data:MsKkRcKpCGmvcL2lP5N+WuCNGp68gPw5HCpvCjEbYPoJcl5j6mAV5bBGqmiaIpvRbBu1EL1riHMmFD55efSJ6XueOXPG997iwE7KISdPjAWA92ZFe/zFzSW5EfBz3BvgsxzkMk3gR2usid0BvKXLPztLSvAYOR1l,iv:S4BunQMCS33JZUL8x4dRSbMtKQoI0f3Iw9IQ663hqfw=,tag:G7Xpp4d0VKzHRb0ju+F+WA==,type:str]
oauth: oauth:
- name: ENC[AES256_GCM,data:7KhuIzC/,iv:nn4bNQ1/tBiqjnQxcyocZd0h/54mH+LlRtiAjWuPCOc=,tag:e+55SHN49Q6NzT7KSsh52A==,type:str] - name: ENC[AES256_GCM,data:ruqXMi7A,iv:hzOf08m5WO/0ZLrsDdco2RuWquiR9n5hwZqcug7Gx1E=,tag:hwumITH28nq0z5i4Z4FvcQ==,type:str]
provider: ENC[AES256_GCM,data:+TrDQq3Z,iv:AAwjnHG40IKAkSPO5gzwEC745NH+Y5BgZIiJJ5Z2+AE=,tag:DENE8aAHAG9DZhkPmZWYVQ==,type:str] provider: ENC[AES256_GCM,data:Sx2HqTQ/,iv:DDhq7jVZdgD5MAFFeSt6KdsC0FSrpQWA+gu9gOg6Iwo=,tag:kOnrbDlwGLMrgKsF8hTGdA==,type:str]
key: ENC[AES256_GCM,data:uOY9iM/dAkhGbWSsUbmN5rnbqUY=,iv:BQ3KjcHN1jJG28RkjjhsTgWm+lHmHzYS4/P4Vlp89hs=,tag:HY3fZysu7sCdyoR0TuRd6A==,type:str] key: ENC[AES256_GCM,data:itycutnIMsO2lb8M5UysL72Iq9k=,iv:E1b1zBGfew3bf72OxLoKQoosgPDqy8my1JMWvwBGpcE=,tag:iJGrMKbrqTD5NHYWvFxqxQ==,type:str]
secret: ENC[AES256_GCM,data:5s12mFDJJLPRg/IsypTx/BpvobX0hluTSddTaCQ0SgYjt4lthZDGGg==,iv:ojiXiVQ7BFUNO2ukAK0ygUTu6KVDKu8AMVmHfBw8Ii0=,tag:0zcD8iNT8iutij1C+Hk7Hg==,type:str] secret: ENC[AES256_GCM,data:mOpFm2yKl1aBu3TcJkO/Gm69XQh36le4ohsueq9t58cIHDucrksBmA==,iv:zW3zde+XcD3wmJcOKZ0lrPCBA2OPHoF+8/T+6PJpP5w=,tag:27ssfjvp2oX9yglNJLalFQ==,type:str]
- name: ENC[AES256_GCM,data:S/RV60Bc3/lH,iv:xIG+UJnmkEvuo2mgu904Hdn18BhsOCtWVl/eL6ybcZs=,tag:nFKPEisO3U3hPJZASrytiw==,type:str] - name: ENC[AES256_GCM,data:8LPw6LKoUcMf,iv:/jNSUD9jcGxghxexh5063Le+t+xAbirHlc/1oG3JCq0=,tag:OA1LpeMNRi+Pkhr4cdseAw==,type:str]
provider: ENC[AES256_GCM,data:eZOq2jNeqLM7BzePXA==,iv:vHhMOtF/mqUorcKSe2djtWKcyc5F2c+udWclcOkxK/A=,tag:6yKwQj/9oDDIdHcRtIgW3A==,type:str] provider: ENC[AES256_GCM,data:aqLm3vOS5b+cDBjnaA==,iv:/3teGaszsJEo9ya1Uy51xAxPC4zyMO08qm1Ag6sFb2A=,tag:iByKJjRGQcEiT8Zoe4cRnA==,type:str]
skip_local_2fa: ENC[AES256_GCM,data:B8ObUg==,iv:mmfGkA+8HK6H3DS+Hl5Hz3s/pwGBoYcXQfJiPiBKYFs=,tag:ErmgC/mcQZJ5sI5eEtLHzg==,type:str] skip_local_2fa: ENC[AES256_GCM,data:YZMe+A==,iv:VE8i+fA/xbv4Ii6vDjsclbuzHp9lva+jOBIYE0vsKNA=,tag:OXAZnoa/zISVBmhaojVB+w==,type:str]
key: ENC[AES256_GCM,data:+w1/goQ=,iv:cIOxkdP38IaiNZ3dig5xo2kYrXdAwqerojCXcBifYds=,tag:5/+QimbfqpfnaFgFT3gfLg==,type:str] key: ENC[AES256_GCM,data:6mbjR2k=,iv:8zRBVFyF7XyTA96yfaWX8NtOC2f2abbyv7qUzizB+dc=,tag:BeBR+bijZFHepscsXJkoNw==,type:str]
secret: ENC[AES256_GCM,data:Rg4rEk9j8zZcUCWbm6xmuEbRb107f5HaU8ClbUkXWKnnERkN91QYtSNlAEWfHBk30xmBObm/O2LlypYJWT5wO7LNw4G6q9yv5JaIc7vS1pjicDi2QNxAW89euELdlthFa2fXj4lNlKLgQr8TbC5wpX0oysC261MM9kgjLuTQnw8=,iv:ft8IMPIu2JuzeWdM53qN5kJQQR5Oq9d2yyNbAQdtdY4=,tag:cBMEqmoP3KAuOhuX364hew==,type:str] secret: ENC[AES256_GCM,data:vM4LI6MFwF9co+qCzZwl+q7pKDtIiMj7jMwckleijtVOgnfafrMTKZsA4LbeKICm1p3kuj1qmdRzDgyCzGyCejwMwsd8Yze4gMKZb6wfnhOhaj11Yby40+xHHb8ogCzPfAH7TkOi+99Y2yMpfiw2i5UZvQK1oTjZLzMfJ0fK15k=,iv:F01nIJjOiZCueOaIa1p//ND4XA1wvNow9Crq73nHUVQ=,tag:KifiHsOa49Iah4SW28YMVA==,type:str]
autoDiscoverUrl: ENC[AES256_GCM,data:IlykewahSerO46QAqJrvryzHkZONrEDHYBgwq9Nkg1pja9X1l3YaMbsg9DYWUkod/ZlzrGUA8Qyi58WW07chkFDPvy/Cfbp7GZSosr9ZVv7LI7TlpZHxeaA=,iv:rp05dCHRMnysz98G3EbKBZWsBzHrGzSuC6FCr/S8evw=,tag:6UtCbpVoWLbv5W/cB1+qBg==,type:str] autoDiscoverUrl: ENC[AES256_GCM,data:k1O5weiok0ybMfEwDfEaXu76AvUmgRHz3vGy5bShvdGxf/SQZVJJv0XntF9ifbfhYRKzJCt1BpVGkXQnHhMWntkolLUsv/r6OKZPjpwOtEozhI95fcjax1Y=,iv:2LFUB07dWs2tcCSibhoiJ8w3NoPMrpfEhAqb28TbdxY=,tag:iJtqPNf8nsjMVzF2Du+DVw==,type:str]
iconUrl: ENC[AES256_GCM,data:Tp16796JFzlYfOSfI+ld+Lf7hCeS74ZDz0kA/I9P3v6G+3LQAUGOtfFTzx5mTsfpP1eQN4HgD2uU3lfLhSozril1qq3AZA==,iv:dQSq+IiRcepUZqLipRr6DOHH7Hg6h45gnr9LH9dWYdU=,tag:zeq3tVobXsOasCkIAw/riw==,type:str] iconUrl: ENC[AES256_GCM,data:Jr8Ej4zfe319HX4ruXrDSB5ZuuEfbuvEeIVHt13E7xx3NvPF9qrOZip40hmAR7dc1nW5m6aX6GxP5gbonr90wZRCf8HA9A==,iv:ykfp9vlCZnjR+7H9NTokW8AOr0EHEq6vkwWDSMYiU5Q=,tag:MbX/8yRj6XwBgU+MbylAKg==,type:str]
scopes: ENC[AES256_GCM,data:3qwG8sYZER/p9GgnuA==,iv:hvJvc1pwUgeatq9R8GBde1EQDJunwZBl+cmsqJr1PBY=,tag:ov+WHCFaNaA40PPvOzVPqQ==,type:str] scopes: ENC[AES256_GCM,data:Lr+kdYTfCVQE25ZGeA==,iv:O6OYdDg/PGj0p2A9vjxPaDBRtUctS1j4TO/5V1gSQ88=,tag:tlDUKeGRIL3Rqep/mpdRZQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRZ0IxQnpLSmJjTm1jTkI4 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2V1RNMmlZaDJDMzBXekF1
NkhuMUN3RVp0TEFSNHhtTkFvWDFaUXVpUlIwCkxWbkxnQkY2R3g0cUY5VG1Kb251 YmdlYjNBTEhaYU5YYTZ6U1pHckl5YVZ4WVV3Cml5RzkyeHVCV3FlbEpoanlZOWk4
VUhYZlNCWC82Z0h3SHpaSnVST2h0WTAKLS0tIHJWR2FuT1ArRFhMWnV4cW9EcnZw RlVoL1VISDEzODRaYUs0N3JldXE4Q28KLS0tIDdqK3IxcHpQdWJoNHR4VCt4MVNm
UHpBeWgyN21CUThydi9XdFc2V2c0TTQK38CQDRnFpUmWjyvDGGQ3vQxhBvy2Xva+ M25EVzZsS21OajdEKytoc2VBYm5SMU0K1wvfQOqBbAPyh1SxiONFSFO+a591HG/2
SCd8sJZc/bnVDOEidvV9oxJz4y0nj6RvgzcsU+M99YBJcuV12xPqag== DJvP643yXIWBOiNTxjbQDygYmxwk9GbFmGlVf0pQoUEuH9D4SgCwJA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-26T11:56:44Z" lastmodified: "2024-10-14T08:08:22Z"
mac: ENC[AES256_GCM,data:cc0H+6P0uTl5kpMR0B9o5BP8l1KHjLHdMetPlmNEVQo3NCzm+0SBjGYOqNhr0EG2Gd6RKdsAADrZAwyH+pXA2pmNVdIehDBu4Xncwi8nrUY3gm3jBIG/01H5VLqtZCoLfbqQ4ANHrGhn7JE5bwrXbbmD4t/7E2i7qHLukPj4S8w=,iv:3+llbgLRU2tMr+S2nvyA8hGfCnnWnqprGSW9H3VSCH0=,tag:gzMc8wSjZfa4h0eN3V5Ylw==,type:str] mac: ENC[AES256_GCM,data:Mel9AWdHERKt5xsDI7KmgINBCMAsfYrs/jgwQol+UVuiFXU73tAFeUqOZRDFwuzKBfxQExv8etBlgV8Q6Pdg0VojBLLz75BYZdqz5RD1VnllJ7y5/jCwCTyTbWxYQZpgj8dle0KA2NxoMraLIQY+gnvunqlAcIJgPZG9KY1UB3w=,iv:Nozpe5X8kwSrb2sturuCQBA8XhEQSI5nLRzBuCDFfz0=,tag:8kVcjwLDNTBmvDRPj2ELyQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.4 version: 3.9.1

0
values/badhouseplants/games/minecraft/secrets.yaml → values/badhouseplants/secrets.minecraft.yaml
View File

47
values/badhouseplants/secrets.minio.yaml Normal file
View File

@ -0,0 +1,47 @@
rootPassword: ENC[AES256_GCM,data:X4PQGfbMObmHkD7Qk1AGlnMK748=,iv:+obQfzC6F7cBNY1d6WpMPAMRZgfO9XXc8jFPZ36ShLs=,tag:79EvpFwM+vqqhBazwejXHw==,type:str]
users:
- accessKey: ENC[AES256_GCM,data:nhagvffOzcI=,iv:HvLmKNCLapLpzpWt/xBRmAWhf73SnDA5qqbmOTxZi/0=,tag:dzBP0Yyv/M6Xvjv+fpFDew==,type:str]
secretKey: ENC[AES256_GCM,data:9IEqubInFr+m9QAnttGQYQTtVA==,iv:adfRWA2TYK+KrcnmziiBA3AgUZ+TUOzA4HfXUITQIFM=,tag:xDcFCmJA4svH7mcgeQseRg==,type:str]
policy: ENC[AES256_GCM,data:gQd5QKGHVrQ=,iv:nTWo4wHr4xzZn08DrJGXeceZqdVjy1ZY4bX3kMXl7Kk=,tag:5ZjPAtQyhsg7nBQTA2Kr7w==,type:str]
- accessKey: ENC[AES256_GCM,data:XDX5,iv:520OfJb8RJgWpeAJ9J4V1jIAwXl9jT/V7GuAMr8PmBY=,tag:LOETQbQT7kwA7EIjAlPWLg==,type:str]
secretKey: ENC[AES256_GCM,data:QlVpl3lks1P81dLQdUuM6a9irH2ny53ZsA==,iv:eFADkYo9oj+ODQ1CPbIVc/rfA6rr8iF7wglfFksrkDo=,tag:JyFMTyuuQyWHaMLHKXOxEQ==,type:str]
policy: ENC[AES256_GCM,data:yeC1,iv:FE7WNpWN/dxgkBi9QJxtYRzZTnpgjYJ/ar9/45bETMo=,tag:eXN54Gvw9PXbp/vNoZLrNQ==,type:str]
- accessKey: ENC[AES256_GCM,data:drqrZ3/nCyGX,iv:ey3xBAhJG3htB6sehhAONQApwUgR0redb11wIyanyhE=,tag:2PM5xvwY9YjvJLm/+clF+Q==,type:str]
secretKey: ENC[AES256_GCM,data:iKpEQkDFqYn7k5I2OVcIDrWDIpQ=,iv:m7FeYAIt0/jm66gWenOrOj2X989vpRQKr+GYdw8mrRU=,tag:GHOPwRLdRfpc2wLH4tX/Cw==,type:str]
policy: ENC[AES256_GCM,data:4XqHiO4Ut76p,iv:KbwPkexAVDaahi4F/Q6Wh6geGy28OggE2Rptmq1Lxrw=,tag:M5wFcNICGstXXGP5e+umcg==,type:str]
- accessKey: ENC[AES256_GCM,data:ghT3JzY=,iv:65gARnb6O1r7nSJioVyZs7SyBk4aiDgyEq8iLFeMatI=,tag:pLx4r6txAjBBjnmG7AcTUA==,type:str]
secretKey: ENC[AES256_GCM,data:Eq4OG7kPFxkhQ+gX7/ICSvjaWxf68nUs9g==,iv:1bgYfjXZLgVvcPTHNtOBaRKV5dWp/RmkisRdQUfWJqo=,tag:t8T9DY6+lr4VPofnOI+g+g==,type:str]
policy: ENC[AES256_GCM,data:7bF0/18=,iv:k5zb0KRyfOQvSWiVhy0au683aJhthrBoqxLHWyXuQD0=,tag:y0P69LtUb+dBc3BARp9p3w==,type:str]
- accessKey: ENC[AES256_GCM,data:b923YDOG9Oxl,iv:rSDiwfWEzCof7Lj5zkOpvcH2p+zI4iqQC+uPxQUUvyI=,tag:gRUDQha2EITQ1VkCurnT0g==,type:str]
secretKey: ENC[AES256_GCM,data:iwpLzRUfZTqWWwzw+KOjko8rMcWwz0P4eg==,iv:THFj+8ILYlTHU8dAcCony7bI/5q5A83dRsjHoqeXa74=,tag:bo3VK4WflhXN9iGdkthYcQ==,type:str]
policy: ENC[AES256_GCM,data:v+H0vmJXHeJK,iv:S3JjrjZm4XdJnsg7hvXBsnZ0y+QSVD0zPS1cJlGxIw0=,tag:KBWkrID8knK6pvB8oa30ZA==,type:str]
oidc:
enabled: ENC[AES256_GCM,data:c+ODwg==,iv:bY7yZXxhj5fGdT85yPEGD+2lsQ2l0+6BJkMcYzcZCwo=,tag:uHxzyeUpypMvcswCVv2pGw==,type:bool]
configUrl: ENC[AES256_GCM,data:pzbhMON4qNE96d0AYDO1ojvXvQXBVgIWtjeRkpj7psDo5HBOLew73dzDPJgThWsZYthv5ROaLqQo2hmheuc0cP/AAa8JSaTGWFD13iN3d18iPI8ZaxnxZFg=,iv:GEYB7lX4+NWeD9VgjFu1CChg/ClDGvO3rGkuxvIcql0=,tag:QWEg0kMMcmIcJdsFgSCYqQ==,type:str]
clientId: ENC[AES256_GCM,data:DXn3ZGs=,iv:xHYHMB+LpMwdGgiiMcq5RE5idlEII1sY/7NWw0rT3aw=,tag:oG1pOyPnJCd1DUXtPQA8Bg==,type:str]
clientSecret: ENC[AES256_GCM,data:XwMEAxsyYnN3b2zTSIy7a3WGqGAQLF8MSQPMNXkx/zVNd9q6hVINXRbqeVRgF+y923DZYO5qnNdKhrVgby1qg7xYxgPfkK/ouDrzuftDa4agEjzJXw4QXRpHpaWujyYk3ltaRzi6ySgbMwj2z6G+ZMsbKuNKbv1yS1NOI/T45+Q=,iv:MkiPUjZV0HslDSZwc7sqzHzrejHRRVa6AIbLYZzciLQ=,tag:hp3uZjYJcDoalUOxGGnOGg==,type:str]
claimName: ENC[AES256_GCM,data:Mml/efpg,iv:imZD0TjiyhQRntes4Z0AcnjvsTjgdsRaFTnhFlqcxQ0=,tag:+oAMOz4tmi0yvmNPiDuqsA==,type:str]
redirectUri: ENC[AES256_GCM,data:lRx520z6aq+UJc8a7NY/MNPQjOuDqY0Xuha9bOJn47tR+pkq63jh1ShYhmOM73Q=,iv:jCG6lxPV5jXdyvF7Td4yasHiqC1U22Kg6LdLqj8rKh0=,tag:5ix40wSSEW2JgzAZlgOuIQ==,type:str]
comment: ENC[AES256_GCM,data:mhzyX2SGy+12XjOl6PICR2Yvazs=,iv:o0O70wKypt6+HB7ex1Pno4A4XxB8ldTU5NTh627vMcw=,tag:1hlYLXJyzhLb3x0oYIee2w==,type:str]
claimPrefix: ""
scopes: ENC[AES256_GCM,data:ztX8pA35GP2+kLLvQo5tLcsGdz2+/AGrwFJw,iv:qldaOWV5asc+WAAiHVAYoNkXVNMPVZfVTIHj3jd/cO4=,tag:6A+JiirnO7aMjO8i0zYbjA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBONzFwREQ1dGdpS01VQ21I
RFRna2QxejdiSUppZDlaeHpNdzhFWlQ4ZDE0CmNpR0hNMTZBWm9FdDhWY24wc0hD
RFBCWHhHekdja0xnL1BVOFVST2FGOFUKLS0tIDRkVW9ESnJLWmtuS3VWRDFna3hB
aWlhcU9qSmNsRERJRDhqc1h3eVVOUncKQc21maFwBHZzD3xMedoqmCEFOwaTZkG8
OD0o9sqjHqrHj4vqlWjj2LwAAoq3bL/ttvbEjm7jm8tHGIHTh13TDQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-16T09:16:55Z"
mac: ENC[AES256_GCM,data:+gZ0lhBo4j1GKfGupQh5UxYt6C+yfTRrMM2rwabU8Tr5ZNWviNfGQiDk67Dyio01NH4wAL6EhcL+xwG0+94DlTd/++VieKBQuCABhnugi0wvJO/wp2HOjotmb9hWhF+kIXLj2bPdkd0iJQuZM5CbDy1XLUlYaRT0H7s7IGA8QI4=,iv:jhrH7+Io7lx5xMS7feq/4g5iW58QFWjRyCfDoUZVC4g=,tag:6ozB9/8ULOJg8WHvAZYgpg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

0
values/badhouseplants/databases/postgres16/secrets.yaml → values/badhouseplants/secrets.postgres16.yaml
View File

0
values/badhouseplants/databases/postgres17/secrets.yaml → values/badhouseplants/secrets.postgres17.yaml
View File

26
values/badhouseplants/secrets.redis.yaml Normal file
View File

@ -0,0 +1,26 @@
global:
redis:
#ENC[AES256_GCM,data:d/vtscwAkAPFyRz6Ap29M/oZGEcX3POnzAd6GCkHIiTLFinXzOAn/ruMSiMsnL9lJxj50foVeLIXnmtFDGxUPsxNU9jePD037t6vbtja,iv:ALXE7IPi2d79rOpBMwlfi9IPtcvfoSAxsDHwiVItk8U=,tag:cMoKK0zkagLc3uC8Ry5hBw==,type:comment]
#ENC[AES256_GCM,data:XQ6nK+hlKfFOBDye9a2a,iv:ptA0TWsjVjOQGOCe8leC7ZjRX8gSnbjb94NWZMccxSs=,tag:9vw4k4N1wI/C7jf7ZPxi7w==,type:comment]
#ENC[AES256_GCM,data:eTsTA07O2Y/468A=,iv:ZWOZO3GAYbU/Bq5ejdzDUsrYpkfwNtK23zH+XS5PUsk=,tag:KL1Z0a+BxBW4Y+aeJb78lA==,type:comment]
password: ENC[AES256_GCM,data:kFbVUyKL0B9GhOapmqOS/FyTaXZEGUmSFFLxYIzX,iv:sLue4AmkT12DoPrWH3VxpvXFBHYhYRUTWcNoC+ojhGY=,tag:ikQsyximPvONoANv/61GXA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBORUEvSlFCTzh4N2NGVkhO
SlJXQlNvYjdCQmVjQWVpZ2YyUjlmWkZrWVdVCk1FK1VjVmpCWEVScVo0YldZQWxE
L2I1RnNsVWJGRll5MXNjam1zMzU5OWcKLS0tIFI0eUFEYTdyWkFEb0xQeTBaZi9J
aUJ0Umg5T1BFN1lEbThJTXErUkxKaGsK1Vvk45dshvEGF3OZfrLJPabHgvWFT8ps
f7Ygd+3XhZUBUBi50Em/xzmKQXL0I0Ps9JetSbQ/Amlmp9gU8VqRGw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-14T08:08:22Z"
mac: ENC[AES256_GCM,data:9dykGJs5NFjahNZ+4orzMh2u7UBRHMVCv5J9QxRqAzE2aT556W6bZoV9n0V5b7Z6jhVGHFxA4do9RoFT2lq7aMVpQ4nl4iSXuavPiuoBeq8aIwykpCF0cs5dHxQP7R5US2A8rzsSScIBbB2i1LhRtpiVVGmekVp1YSZJWcNhMNk=,iv:tWf4DjEcAff4LupkpFiR/Ss3iYBqtvcQGW/xAeCDIvw=,tag:nbWpyxzNKKrbo8HjMBbeMg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

35
values/badhouseplants/secrets.renovate-github.yaml
View File

@ -1,17 +1,22 @@
secrets: secrets:
RENOVATE_TOKEN: ENC[AES256_GCM,data:ohd4EhTlhRpQ+IXVf1Nb73+h0VHrMZduPhkbm53s3/+HRKUZd7JepA==,iv:qtbH0lz9Li+jjWcef6JGRpbcsOGlG+e3TNHDukAK2HE=,tag:KVmari0LUGHVb61VSFtgXw==,type:str] RENOVATE_TOKEN: ENC[AES256_GCM,data:NwkAP50vrUc7dVB0wyWTgFDd+axltTqdyXuXFHHkmO2VF4QyV/svsw==,iv:kr53r5w7lVo9luC36mHghZ8fabo6/da8vLFEzhEOgDE=,tag:UnGnSXuvwlSzVuL6pEUXsw==,type:str]
sops: sops:
age: kms: []
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 gcp_kms: []
enc: | azure_kv: []
-----BEGIN AGE ENCRYPTED FILE----- hc_vault: []
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4TGozODRjVzQvdzlvSE5s age:
RTlReWNSWDlzUVVLVmZXV1c3dWVwUU9hbWw4CnJUL20yTFpHMUJFWTdYQ2JWUisx - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
Y0djU2FhaEtVSTlRWEY3Z0RnOUhVVjAKLS0tIEZEUjhqUTRtTEo0L3haWFlRT2JS enc: |
QTFVWU5RSTBldzBjalg1TFBDY3hGUEEKCH1rY+tGtRNGMYrfSjqXbVsrPAleVHDO -----BEGIN AGE ENCRYPTED FILE-----
Altiz0ceC5ODo01zwBf63vDVqjZtbIQNZ8oQ8Pjlktp3jCpL7JNK9A== YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtZDVVZm1UallMRzJpRVF0
-----END AGE ENCRYPTED FILE----- b2dHaUJlQldOeHN5RVhydm5oaG52ZG95SVVzCkZ0enk4Mit4KzV6Z0ErTmxhU29W
lastmodified: "2025-04-01T08:52:26Z" R0p6NVBiRjFSU0NWUjNKdGU2WXdrcFUKLS0tIHFURlFVLzJ5NkJVRVpCV2I5U2E4
mac: ENC[AES256_GCM,data:6PyWgR3f7lnen5Jun04Tsw1P7rcAgTSuF+YEh0fq3r3xHvQYFGesfEO4PHLfCGYtjyyCeyzpwBUIoUHTmI5tRYjLwjwRiIu/GH75eSLOx0y0gYMl8JUeaPxSpPvElpii3XAm7vKEJhTR9QzNuzduf0Q1JdlR6TM68XM8g78zeSc=,iv:CqTrPYoLg4IgW5zTsIcmGQUg5RfK+IQmxeQIQbd6oqk=,tag:P8Je5EhAv5TqqT77nPwlHw==,type:str] dE1VWExmY0xEdVlrZW8wRzlPRkVrRzAKVZHyy3AGktGuv7KEQX/M0xjyU/7FpgSB
unencrypted_suffix: _unencrypted OrWzXXds9h8PWC/19FU2puvdIER1G/2CajEq0PQmaC9YMvb8nLMv0w==
version: 3.10.1 -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-14T08:08:22Z"
mac: ENC[AES256_GCM,data:5FV7wwVyhB1UQOLW+iYyeImXAPv3dtTlw3Qjg2rBVBmbC8vHNpXFWloBhFeTSN4VAEjxm5tqACdP3IfNkrVT1SnYeySh6Xl/sdcAuAIao7uMjLDT/MK02AcS55T9pt7h+H4nkdNatMAX7jLKbHJwNoAnL5a/FgX+gKizAg4PRHc=,iv:7HRq2xMClJXYF2S9SQeYLZwCn2EOEc4JkEFzgze2e20=,tag:Fb3fm+wlnywr0hBfw5xyQQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

37
values/badhouseplants/secrets.server-xray-public-edge.yaml
View File

File diff suppressed because one or more lines are too long

37
values/badhouseplants/secrets.server-xray-public.yaml
View File

File diff suppressed because one or more lines are too long

24
values/badhouseplants/secrets.stalwart.yaml Normal file
View File

@ -0,0 +1,24 @@
env:
secrets:
data:
SW_ADMIN_SECRET: ENC[AES256_GCM,data:SsReruQ9zGMiDcgfcjscnUH/4JBvGDNOyCH0vs75xXdSEPhERR+jju4aHGfd+mRcwvc=,iv:Oz3evN/OXUvEAWeYsP4wIVMwA2qwuB+Ny2Xy0EchrJM=,tag:C7CpSzG3RR1WhsDr6BfQAw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKUjdWR3pubjRuT3M5TEM4
eHhycWdZdTlRbFBaRnE1a3BqWDBCcHNIcUZFCjcwZ0tmVWZ6RkppNExWVFlJK2Ju
ZkEwam5PRXNQTUcveUE3c3NWdFE0amcKLS0tIGFnZ1dNRWppTEVURXVpN1F2Um9L
dm1HZ291WWhBbEtmdDB6aWJETUNLRGMKuP5y1lzxs3vusvJZLqlnTR+mWnC7YmNo
dhGpvh+W3nIrgb50OJV64xDU9Hqc2jVETmFq4RWqwEQTwSRv14grwg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-14T08:08:21Z"
mac: ENC[AES256_GCM,data:+/WrvENJ/B5YjRb2K5D9V90ziuEOmP4a1D6CfdQHRShRPp4BZHtBFb5vr2kRIIY88eiv9cZm29G4U4X/46wi0SotxTpVOrefmM1ZQ7cV1J9o/mf2mnguno7WAsxEyTkk+MZoCgZEWbLEKZ+zqlHgRTN0VfBgBjbLR5bP39fd5xg=,iv:otaCp/LxQVUIZLAmLzceDQpvAY4bnPUm3MlyWUMW78M=,tag:6CXYN6/uAbetm7i8OeZA7g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

25
values/badhouseplants/secrets.tandoor-recipes.yaml Normal file
View File

@ -0,0 +1,25 @@
env:
secrets:
data:
SECRET_KEY: ENC[AES256_GCM,data:9ABsIVICRj0LO7q1iKPatWkjPLaqpBa7EaXIHzT7,iv:2P2qRyUnP7GP0VXTulxbgplagyaAV4RvHsUPEXuieq0=,tag:juNh+eY/7GfxWMb5VXlNjQ==,type:str]
SOCIALACCOUNT_PROVIDERS: ENC[AES256_GCM,data:VaPaCl6QAn7cn1OlZYD/tkJk8jgDCyiTvrfGydWrFtpUJFyNA+Wfj6sWvkTqhHTk5GYN4h0IIfqQScxhTmbxHmnEctyorC0AvFEZRw6IQ0KGFgdoQFZ5MPcb1kL3neY+GJwm7UAmH2AjAwG7PTZJsnha7N8q672IkAljCAVAokL7s6IS0vGzVHbyRy/tbR1BxCWcJX2WF2kpXAlc+mTKMZWsFChvrjjK1h4RyrYIDgbKGhJVM4cnrOzGrliuI58Ief+QERMXsFMIY6fbUsPT3eGe+oQQ+lKZxvlEbgVZsnsafQX6ZSWvtylmYVMgNsXbdqsWKlCnRfmATkS9sSJiUX59/ZtZcL3giRrXNlnv5poumEp9PO5euexXwlmJURXOnnD/kEcJn/PxuL2aV390I8TmaNGUZe0vzrNDSVOhCsykGMxf1L+MO5+aU+OndT0FH6l1GTQHNzzeo8XRrF5U9EPN6dTxbYWsu4GL9WuL0jhm/wYlbn1bhNnr5+1+xTpAHl20MeVQ0t+cCiB/7ALraPnFS88HQiA59YfiJA==,iv:qZa9zUL3c2bemBFk2SexY5TfDYUVNkk8QbB8Ucj/040=,tag:8e6CddYfCPnCKSN4bh3XMA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTZ3JPMzhhVlVFR2R0R1hP
L25HUUdZRGp3dzViSk9vVXVvMVNTWWN0VmhnCkF1Y2F3SWdzR1p2LzJFd2xiWExW
UnhjZVpFM3NOaVkyYXBKUGZiMXFSM1EKLS0tIGJyS1VRTnJKYjAzcXpMbnd5LzhP
bHd1UGd0R3NZMXdUblAzMXZFUWtPUncKab/saT736wWdksBB1swEZMY25LICviqc
pzSL7VWlN4d+KEZu2mS4Z8Fxd+PqLmbKFtBL0pIYyXxmHmfI2AVS6Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-01T23:22:38Z"
mac: ENC[AES256_GCM,data:+5B69+er2ofT3sk1a7bvZiTqNpGjlaPTWza+pZP2O0wOw52IxhLtJdzQbxaCeAYoztYqAnFuqnaSZM7BL9AoV8bq1aAwnq64/KquWQ5KtBaY5YxDSrt0XFqDW63gAmcO+kyi777HwYSjpphMg8L3hRMebnypVju08il0twaDfww=,iv:xI3cU0WfH9TQ8YyLwqsJqnPKhVCKX+3EXQrm3ToY7ZY=,tag:Lz1jjjiZnd11AZaQv//9CA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

26
values/badhouseplants/secrets.velero.yaml Normal file
View File

@ -0,0 +1,26 @@
credentials:
useSecret: ENC[AES256_GCM,data:YMinfw==,iv:+Qq/IPuOB9dy0fodE2wN34MGCOT1fG+jepnF4VeqFVU=,tag:Ppa2fDe+U8wPdoUiAc5WEw==,type:bool]
name: ENC[AES256_GCM,data:NjoOMcyyQFu+IEYlMenp,iv:IPYaDEk3961dghv0YaS9KL01J2L8xO3GDyf5+KwN6JI=,tag:muNgQF0a2w9+gFtbkcNx2A==,type:str]
secretContents:
data: ENC[AES256_GCM,data:VNP0AqRTmZueuVMRlEm/fRTM9nGDHTnhq4Q+NwFuuUU7JUPR2VGexvPSocxp7ttkX4TdDmWfA99Rp5Dfy8NfkX7LbYjf31RUvemQhPOJV5SIa8BnU4q/dYIiB8+4ZCEb5IDiTodEnOihOBmgMo24NA==,iv:g2C8qsylw+g9zuX1D6XKWvnYePjErswWXZ4NXx5bDBk=,tag:qSBCNL03919w4f6ki1CPpw==,type:str]
etersoft: ENC[AES256_GCM,data:o7Amke1w2ZGOL5bfvCzksawCB5lxjdhx9+E7goR4M5xn1JhWR1cqfrFOzciA4iAkii5LAqp5czWPqy5v+mJw8XrQxgJwLtxy2SMgk431p1x3RX0=,iv:QJ9Sl/j5/N5T4HL1kk9hle8bhe89w4GOdG88Ay8f+Ag=,tag:jzqX2xi77NZg1oY3jTRGZw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFV1NySnlkTjZ6clBITGZy
NFN1SktjY1M1TFMzclhUUjU4ZWRFNjg0WGh3Cm1uS1JpV0lYT3RmWDlHU2RnTGI2
VE02Tk8yWVhaRzNtMTJXaXlXWXNvT0UKLS0tIFBhR2kwNXUwaFdDVEdnZExFODhD
WHBOeWhvRUM1bUM4N3VVMEs0ejh0K1kK4eMGjbd5lrMXXwztGH5SIKK/oHeRV9DA
hh191ORRBwbXLuEDZpeB4D8jVGRBIZw/6ebPkOp9e3NHa7DjXwGbHw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-16T09:02:52Z"
mac: ENC[AES256_GCM,data:2X3exohU6Q4wAlwtNzpZoz6y/392PllxisvJ34I/Ai54fuvqZ1xl9vnrJYZYFVArRRXKN1XK9UhydFfIzUzgIHc/w6spMr40xecqyRT6BjyLPZsHaBBZf7S60d/2eBX5CQop+2RVXvXyn6A7OTOuaCFd+VnT1JzJxePNgypw4sI=,iv:kZncxToQEiip8iW7adJTByFMCyd9u/uZOL08Nr49xfM=,tag:nymx5+L1Q4l6fMXyQ2pCZQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

22
values/badhouseplants/secrets.zot-mirror.yaml
View File

@ -1,22 +0,0 @@
authHeader: ENC[AES256_GCM,data:nmlP0vRoKJRivvwJArnEO26sqIwFtnK5MYVPJBBCmAGCPpe/U00gYu6JET0gPqGV,iv:+GZwWrxoWw0mAZxZdITBLtHgRKYIyaj/NQwHbD8KppA=,tag:MAer3FiaBxyNwJr0BbDtow==,type:str]
_mirror_password: ENC[AES256_GCM,data:W2xy2RMmD4d6N+DNceIgtDGUpygOGEbWgGa9Icsy,iv:YsQfm/EmBYY35q2irlZ2rmzkbJzlFnfgMSEKq0G1I5o=,tag:7rNG02Wm9g8GUXeM4nTHqA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVUlyVFZWcWFuWnEyS2Nv
Tkx6aTZKY1czQ25RTHhKNWNNQ0xIaWJLb1VFCkdoT0RBTW9EWG8zbzYxekdsUEY2
bE9nQUthV3NCa0kzRnBwZ2U2MWlVNzAKLS0tIFY4RVJDM05ZVmR3NEt5YUlpOWZa
ZVc1bmJnU1o4U3NGaGN0Sk90YTR0ckkK8gmkHty4Gwt4vuVK3xhWWg4h/EgvJULh
Trgn0lzx2pCThg/+82u5J1T/QLXdbbDFFFwGldiMwNjZQfpOmrZpVw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-26T21:04:45Z"
mac: ENC[AES256_GCM,data:cTN6wq1m1XtsfNujCfQ4nKtX1Pkc8MFCipUeScDLJUuZZwg4St0h1OkYtYJBWeVSt3CSjjexQpb7Oi9K8wukboIVevaIj0BTT1hkf2ZUFeIV8W62mtftfdRex0yJ/4h1gTZaYBhHEw+qD6r+XvavDs1m22FF5RuF+5qfGUEWA4I=,iv:RsVuXbLVfZSJ7AkIvEdf7H2auFTiqXgpXLe/LbATAo8=,tag:1V5eIiJzjzv4C1JNNf5Quw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

25
values/badhouseplants/secrets.zot.yaml Normal file
View File

@ -0,0 +1,25 @@
configFiles:
config.json: ENC[AES256_GCM,data:/fAmvOe5kzboNsk/qhDrQ+wutaK1YE2W44MspKTwtOCVQLggGInfTCzlvTCgJibpeSXh7T8KF1IbIzG/pvIAB5zbXL/GxycU35iwhEC4llayb5aNovGmI5WdyhoRh7ldX0aSD6msKtvU1L5G9eTV0IZ9e2Td1/6CRnFr1a6DruFzPyIv+RLWaFUmTZzWbnFHM3zOvNFQ6Hr9L/niLIKvdhiTRzaqglfFgbNJzNfFQCKph3Y9P8K8YFtKST0G++xjI0GePhJdquQ4iwilq6Z9Khed9F+DpH/5k+wCBnPdt/Oto5mKc3d+XFMNznx3taKsVfR43hVdc6Z4qdu0YnHdHH5y++eI7MD0dVJPSl0QdkSN8yIcxj0VIoSFejhlwjQeZ47ySIDtNenkL75VCeZhPbahfwPIiIUDaLe2Gn6KFMDa7Q6VDi0atr3Lh6h2BYDrzf1wVEQhZFSChdS89T5okm7vUTMPIjFc43ag0uPjN3qLdHBRniMHzOIUnue/5h6ok9IkTD7veGpYkbPvQFWYJsl2sEDJ+lTlTc5t6QRFoL01J23YkzoIz9nRwe3h8SX+0VYsXXsS27OHlfY6laP++GPvdpTmAhTsmvDIyjMSUv1WpzETnaxm8Ym2MB/9rJloIpGhgsdLN2MxOrAaYMMJZeiQJZxnEWiKTl9moB0BtHM7Bs7/NeSU84yO9QZRvGoGWi0A0Hh9VbdPkpgMQbyL6wpCrQQ5msPTXef3K9MetiMLXbORrFyVE9BuxrGXVzF0d7DQOUiYzqSltW5Bf1eZ9uDrcHI1y3Hmn8Uh2Ga+ua2K5qT+XLjyybDwd4IlAUtaTnxcFBXALwuSrb6JYJZqeHZ7oxEfTMHDYcWviJA6xII1TzGRN8uJVKp14yTAcR3yVa/UcSOXdI7kBimS5oZPzUeE7KJeFZwcJiJdmsWEq3MExeJQ2o6ffdVdrR2AVH/VhYNJNG/Mrq3Vc+9WVQNQxapR6vapNx7FjQlFeDP5+YLzAzwCjgQcAi2i2gDqCIypfKJLFAJQidTEy10AG6Jx6hvUiQJfupazBvt2n/Snuyh/BQmdoIWYWlFhTspXMXrYAl9wV6a7H4QPa7Ijza+hZSpOa+vclfHXrBEIBo/KPt+k1Ly9sZZR1DFnVsR4BSxdTAvnLgJlr/qrgIw8j30Tczj5QOAjUNF3UeOVycODGoPlW+8jm96IaL+Ez3tTxDSFPR45BywVK06MRqKF4lL+h2nNOebTQDkQqVBglXOuXZrKA2UdKRFA/GaoGUjAaOGvG1ARpmU4oujECEaTkiCa1naCMs9Jx2PvKdHwPR97QE7nXrsgv7YhnYGKKfrgZRBz0v7259ZtZ9zShr0tOI8psVA6GRgg5Ly9Wz7j761get+VFCK6toOW3VQ1wBfEr++CfhvFfoWPQszfvjAqESvXcW16ScliWm4FoNm2XqtQi/q/R84sXSDNZq0dpauZEL70kuOGU4xSFNZQQSQ9AGDjv1wJYZuGp9T6M/GWUlplQaEj72DwZxDK7l5EWGa2FI/NZzUi/KxGI6c1YSR4bZQ02uOgDRHd679NnXUwsGyZ+kbwhvgOEQLIYzCJhtjvz7/l8weHkVn0MDm0Jnn4nk09FH4xkULr3kH/+eknSTVI1HB72GlOSnAR1v4dJfxzNRmRCmfqlPNS2PYWBjhRf5HbqdCAHhb2BYkijDS2JQlCW+0Yxdlem+7ScLCapidg5B5riP59NqVa+ZNoB34bw6rFCj4Pg165BMPezG8j1OYe8I133/zAuaQg4HwSY0O1M5O7xU3W2SftbBh0T0C23e/7aARvx+FFWXD0WtK1IaSmeXiJo/SclgQa+KkVd5JRB3GYvDwsP7Eens9lX63F73mub56v6hCZ0p2+rm7DVn2U/zUHTKmoy0YMkAU4Sg2aR1Gy9ZenX9Qkja3Tvw539GtvI9XYbHFgajuDnvmDOcq2+QKVHJtHk3rQ/h8ShB6KgzmIiQp7FW3otvwWN2WS7yXYNwJtQy2hf5fbQwnd/fO54vS/xQ0XiEJeOrjpVImAbJJDoy1YlP/tzVZj2SOHkuKw12m0Zvk78Oj0fPwx0SwRLe2GFkmBS+WJhPNp2y6lWJpVPxBt5DRhZGuwsJQxx/5vhVZpJQGGt7ojo31++IZYtG7GkcnyMPJvBJSgAZ7LpAsqIZHwWFpL+1kjcHcmQ0O0goNL0JFNfWYUEH1z8SF1cFjFv57XnyWcNwepgia5o0JZSOwtDlbrfsYhrc9rvqk36xxXSnpiqUYHUNskOF2lUcPPJZZmLTJE4pXt0AA7itP69OtLo47qeP+5F3rN51X804LSzE5h5tUMG0+t4u0fR/+MiJhwj+C4iDJ0kYb7lkyIYFLrkJ7TB5eIPfECbwCIdpHI5ylBD/ZYVetJnCtd1pTNFuP8BBxS2yjq2/AzuGDYYG7Cn+AB9ISmVI285t+8wGmweArXNXmzkeiwFE915WnpsDHPYp8wEYfASWx2oDx+CbMQzAEM6vmaxM92BizZDb5cjRqSpZN3uzjG8SaCI6L6UOJaCu19YGRWNp3O3vetsV7YVaSFPjPaAMS2p9UWzJETPBXY+GA9LI94rwfhreRTCEAK0abxbUyqc9NRLcdGmM7i5gwD+zBu9hjPqDJWxwNnUP/Dt2qXcPK1qXvAdJRDSAm4724CtyuuDshukL/F/x+oB1PNNnqzUrszTSjuzx834x9DzRG+KBB94RRuePsWksEPr5i5LhImb8BLz7AD7GCl/OsgCWF4VrwlS4cPvvChnaWV6CyGMjwUXHu0xt0tNBjQYPVF8gB7sjDo1AwP3tvcP9bqIu1KpzXPlrs53NpOgoRdETSW+P3Eh3pu5/WfT1Q6iRvhDmcSKRmtdUB+cd8yodTbTSKl2Dd1CQ5qEVR8+GvlqdTo+f2vtB3LDx1Kn544KNSwS9GF60PJmsSDHJf1BEkewQIt/LWeJrerXY3N/QgNR4+hz4BkVumh6zRjQTjetuFWznZKZQG6gHaatQGPeffL9n8xfORruhQUPeSrnbyOr9+91LJ1K0pnfIMRByUM/VK04/zekenh88x/Aj1DfQ/ELQ1tOfZJgCUBy3ox5jttYqNsyU2NRhKx+KYd0U1PJVLf0PBPfjFTqCBjG5bL/zJnAxx4eUgC1nTlswuRqlnkhHHjUcSumPcFjgbwspd43mC3HkX40XcGtzw4iPC1bv3JwQyfXb7cOPHRXFw2YnXiBWtOMXtF/piMILb+EE4gxWVWxFKHxwQhhnOrzXnS1sQMbbBb5/0U0K0UGnZygKAfptkFHzgPg24lxQGl54x0EtvNCJFhumq/wbauhX5TczitO8okgiJaH6hWuSASzHVqVPc3M5DNDZ4iBkOOOn1UPVpd0UnN28sjVv7ogPwcjNGJ6mK9BYCyNP+64HlpyYFbtCCF4A6u/PCI8ZBPhcgnnLxvGEW9m73fFI+xUWxzVvsVKZX/JHuOGu8RwN25/WaRr6wnN9sLkbUpkoQFisGrT8w78EZIVVmo5DgawJR/XDi0FjUkf2Gmmmvl5JuGq+HDpnswF8uPNMoXWJlACmn4LKV2Zl/aaYxa6vBfjAGFADtpP9JJS62iJyZ/+uBhYpw0x/NfDLnqbcGWKAwYP5vmrPlbTRB8irIUErcVW2bm8geEstj0W4UnYsAW1LX1vn9fajDW8yHPyI+3ejvAL39mAQ7csSqfI5uTEJGWDSJ3r9BYKydE/lvfKH+Pqfd/QEVD8Y5wSnfG3P0GlYYd2nEgAaM07ziPZ3BrA/+sAYF3o6+m+JXVKDW0vNqHymS1E6gdsur03vPFnIrolMwlOFq7DUdBf138r+fcBL9kqQVKpcLsRsFsduKeqC/pZwB79hKXp5kaR/S12jCTD9gGNhxS+xiRafpBF9kYoy6P2R6sHk4c+3k8iBEJr1iPsPvfPWMOrLJuP972tpmvYgi3llEJZp9usblT3Dr8CiTh1/DmHn7qAg==,iv:Ly38JP1MKsdms6UotTYCUCHDzTpc0LHNcU1rz4opPc0=,tag:9o6NALA1c/gAbnLcWlysAg==,type:str]
secretFiles:
htpasswd: ENC[AES256_GCM,data:ypD56yI24fQKQpnjVwI8gdU5CrVhXiCGADUfNuv4a0pQ1LoRgPAHQRdzo5lnUd3qYt6EMytVzREr8UNMuYMOgVqLagcMWysC2oGYSc4x+DiBxmNgvfFmOEW8o/CF4qou7ev2SArKuMyuRX90qzkiMp8o3le6eLwbshL/74GNbjwxeKIgq0cx5Q==,iv:nRs/PJSjiE9VBjhzXuWLSPIX0oyJXyexRAyxI9Ex6AY=,tag:MMoAZP9VUO1k3Uzmo/FQAQ==,type:str]
authHeader: ENC[AES256_GCM,data:Xgix86b5wpqxLN8q/NecVtJ+cpRyYqdxNpFWTz+/yS49gmAzzVBgA56QqZDUKdkw,iv:5HcLyVlmSV6gG74xfewjEFxnqCQuYoiQslqL9gDxFhQ=,tag:R9y3LwvizL9snTXcBaUZ3Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYRHQ3OWNzYm5uWE51ZExY
ZU5tWHVnVlFiQS84TXovNllza25GUTdramxvCkwycHR6RXZUSUtZVjZSclJHWlht
bXcrOS8wREtla3p0eHBqZFVUdERtU00KLS0tIHNHenRiLzBwQzBOeEpCSWlPVVRi
bGRLRkphQnlHeWlPRysxS1JhSmpqd3MKOTrVSZCfw43CTmkUjZ94xHTGRDpdIOCC
turoYL+HZAeT81pI6cE4V6id7ep5kjJOVbXY3sLJ1nBNrYw5dscxpQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-14T08:08:22Z"
mac: ENC[AES256_GCM,data:UmIKltGrKM5geOIDHAykozPUKeW5fm0rIAb4TO8DZlhx2HA9esT+pWPQRKp8IiS1HogcXdoKT8wJisCZtlJ8xLDyl8dJZitsJ+DQI85QqsxaGzMhK1VnLwIja27MnzapNXplBdZ7wFRON09poY9lfN00QIE8UPqEpHy4aT+OLCE=,iv:m7ao4dl1qfj/FPIBrSaLeWbrJO4t7ssm6ssoYuFzm3g=,tag:cGMrLk99Ac3hFYn6VDytdw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

51
values/badhouseplants/argocd/argocd/values.yaml → values/badhouseplants/values.argocd.yaml
View File

@ -42,7 +42,7 @@ redis:
enabled: false enabled: false
global: global:
domain: argocd.badhouseplants.net domain: argo.badhouseplants.net
server: server:
ingress: ingress:
@ -71,7 +71,7 @@ server:
kubernetes.io/ingress.global-static-ip-name: "" kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
ingressClassName: traefik ingressClassName: traefik
hostname: "argocdgrpc.badhouseplants.net" hostname: "argogrpc.badhouseplants.net"
path: / path: /
pathType: Prefix pathType: Prefix
tls: true tls: true
@ -95,42 +95,31 @@ configs:
g, allanger@zohomail.com, role:admin g, allanger@zohomail.com, role:admin
g, allanger@badhouseplants.net, role:admin g, allanger@badhouseplants.net, role:admin
g, rodion.n.rodionov@gmail.com, role:admin g, rodion.n.rodionov@gmail.com, role:admin
g, jacklull@badhouseplants.net, role:admin
p, drone, applications, *, badhouseplants/*,allow p, drone, applications, *, badhouseplants/*,allow
cm: cm:
exec.enabled: "true" exec.enabled: "true"
url: https://argocd.badhouseplants.net url: https://argo.badhouseplants.net
kustomize.buildOptions: "--enable-alpha-plugins" kustomize.buildOptions: "--enable-alpha-plugins"
accounts.drone: apiKey, login accounts.drone: apiKey, login
accounts.drone.enabled: "true" accounts.drone.enabled: "true"
credentialTemplates: credentialTemplates:
ssh-creds: ssh-creds:
url: git@gitea.badhouseplants.net url: git@github.com
ssh:
# -- Specifies if the argocd-ssh-known-hosts-cm configmap should be created by Helm. applicationSet:
create: true metrics:
knownHosts: | enabled: false
gitea.badhouseplants.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDpR4dE3oAGModn9GWtwVYrsnFod6pBXU8Z/uRj8l/hHjQaipISwNu8pqteGvssZatXBPkRj3zcf6yqgzufz9dXvt42XBN+H8c9UfeVrysivfTZ2DY3/J+vj0UBZy6kmf/sj83MTDaO2fIpnXOD2o3YYUeRVLL5YzTX1l22ih+LvvynY3gtmncf1SZOee1FTNJ2PdYi38F8Vp1MLAgcOTTsBd0WjCgx5xinzlPXwSxp6l4tp+aB6tsL4j5/6yudJfMkaOGTBCqybXyt6xYnYLTBbgmNlMd/0N9iOw4RYZfIaPDry6lTgNlJUWO5E7psckyjnCs1dvDRrJgL98q7X7+v8WNOqJMOFczLDAVtYq9akSFkJfAoNZ6FY4p//Xbgy3kukRlcSbot5ecBxPw0Cr9HAmO46uiaUHhPnVySyPKTiaDpOc5pjp6vak277jhSOqx0fX38aSVXyGJ5DYDgcg6f2nWjjhiLC3N3HDLtVjDJ6aw/yilldCRLugxXYT+nDtJjz84S8c13HvsREeW0vTncsBiY7y0WWCQyWj2W3Hp9SSNHuwl5xr+gQWSlhzBuDTceDlf4/TjaUIngWV+hVdkJEBFAcb9Oxib6AqF6Qrrw5lJUaboEA5RQs9Lh0lFfuirANzpVy1t279wZ0AEf6oFdeXLeHiV56QzKJLnbkzg8Q== serviceMonitor:
enabled: false
repositories: repositories:
go-test: argo-deployment:
url: git@gitea.badhouseplants.net:sharing/go-test-project.git url: git@github.com:allanger/argo-deployment.git
name: go-test name: argo-deployment
insecure: "true"
type: git
cluster-config:
url: git@github.com:allanger/cluster-config.git
name: cluster-config
insecure: "true"
type: git type: git
project: default
#applicationSet:
# metrics:
# enabled: false
# serviceMonitor:
# enabled: false
#
# repositories:
# argo-deployment:
# url: git@github.com:allanger/argo-deployment.git
# name: argo-deployment
# insecure: "true"
# type: git
# cluster-config:
# url: git@github.com:allanger/cluster-config.git
# name: cluster-config
# insecure: "true"
# type: git

Some files were not shown because too many files have changed in this diff Show More