Compare commits
1 Commits
main
...
script-fox
| Author | SHA1 | Date | |
|---|---|---|---|
| d6796ca2b7 |
@ -7,26 +7,10 @@ repos:
|
||||
rev: v0.13.0
|
||||
hooks:
|
||||
- id: yamlfmt
|
||||
exclude: |
|
||||
(?x)(
|
||||
^charts/|
|
||||
^.*secrets.*yaml|
|
||||
)
|
||||
# - repo: https://github.com/codespell-project/codespell
|
||||
# rev: v2.2.4
|
||||
# hooks:
|
||||
# - id: codespell
|
||||
exclude: '^charts/|^secrets.*'
|
||||
- repo: local
|
||||
hooks:
|
||||
- id: check-sops-secrets
|
||||
name: check sops secrets
|
||||
name: check-sops-secrets
|
||||
entry: ./scripts/sops_check.sh
|
||||
language: script
|
||||
# - name: check unused values (disable by setting DISABLE_ADDITIONAL_CHECKS=1)
|
||||
# id: check-unused-values
|
||||
# entry: ./scripts/find_unused_values.sh
|
||||
# language: script
|
||||
# - name: lint helmfiles (it might take a while, disable by setting DISABLE_ADDITIONAL_CHECKS=1)
|
||||
# id: lint-all-envs
|
||||
# entry: ./scripts/lint_all_envs.sh
|
||||
# language: script
|
||||
|
||||
11
.sops.yaml
11
.sops.yaml
@ -1,14 +1,15 @@
|
||||
creation_rules:
|
||||
- path_regex: values/.*/secrets.server-xray-public./*
|
||||
- path_regex: values/.*/secrets.server-xray-public.yaml*
|
||||
key_groups:
|
||||
- age:
|
||||
- age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
- age17fyzv5mezck364lvyepp9pa3tnjn7jvsgcpykhhz2smnxyq6fdusvl7waf
|
||||
- path_regex: values/.*/secrets.minecraft.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
- age1fwhu5m8df98kk2ldf36z24t9vfcz3875fd3uzecke0yv2qqts9dse0jqrn
|
||||
- path_regex: values/.*/secrets.*
|
||||
key_groups:
|
||||
- age:
|
||||
- age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
- path_regex: common/values/secrets.*
|
||||
key_groups:
|
||||
- age:
|
||||
- age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
|
||||
@ -1,9 +0,0 @@
|
||||
<<<<<<< Updated upstream
|
||||
k8s-deployemnt
|
||||
=======
|
||||
# Helmfile deployments for Bad Houseplants
|
||||
|
||||
## Project structure
|
||||
|
||||
|
||||
>>>>>>> Stashed changes
|
||||
@ -1,23 +1,10 @@
|
||||
{{- range $name, $issuer := .Values.clusterIssuers }}
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "issuer.labels" $ | nindent 4 }}
|
||||
name: "{{ $name }}"
|
||||
{{- include "issuer.labels" . | nindent 4 }}
|
||||
name: "{{ .Values.name }}"
|
||||
spec:
|
||||
{{ $issuer.spec | toYaml | indent 2 }}
|
||||
{{- end }}
|
||||
{{- range $name, $issuer := .Values.issuers }}
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "issuer.labels" $ | nindent 4 }}
|
||||
name: "{{ $name }}"
|
||||
namespace: {{ $issuer.namespace }}
|
||||
spec:
|
||||
{{ $issuer.spec | toYaml | indent 2 }}
|
||||
{{- end }}
|
||||
acme:
|
||||
{{ .Values.spec | toYaml | indent 2 }}
|
||||
|
||||
@ -1,24 +0,0 @@
|
||||
apiVersion: v2
|
||||
name: metallb-resources
|
||||
description: A Helm chart for Kubernetes
|
||||
|
||||
# A chart can be either an 'application' or a 'library' chart.
|
||||
#
|
||||
# Application charts are a collection of templates that can be packaged into versioned archives
|
||||
# to be deployed.
|
||||
#
|
||||
# Library charts provide useful utilities or functions for the chart developer. They're included as
|
||||
# a dependency of application charts to inject those utilities and functions into the rendering
|
||||
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
|
||||
type: application
|
||||
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||
version: 0.1.0
|
||||
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application. Versions are not expected to
|
||||
# follow Semantic Versioning. They should reflect the version the application is using.
|
||||
# It is recommended to use it with quotes.
|
||||
appVersion: "1.16.0"
|
||||
@ -1,7 +0,0 @@
|
||||
apiVersion: metallb.io/v1beta1
|
||||
kind: IPAddressPool
|
||||
metadata:
|
||||
name: {{ include "metallb-resources.fullname" . }}
|
||||
spec:
|
||||
addresses:
|
||||
- {{ .Values.addresses}}
|
||||
@ -1 +0,0 @@
|
||||
addresses: 1.1.1.1-1.1.1.1
|
||||
@ -15,24 +15,5 @@ metadata:
|
||||
{{- with $ns.annotations}}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if $ns.defaultRegcred }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
type: kubernetes.io/dockerconfigjson
|
||||
metadata:
|
||||
name: regcred
|
||||
namespace: {{ $ns.name }}
|
||||
data:
|
||||
.dockerconfigjson: {{ $.Values.defaultRegcred }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: default
|
||||
namespace: {{ $ns.name }}
|
||||
imagePullSecrets:
|
||||
- name: regcred
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
6
charts/namespaces/kustomize/flux-system.yml
Normal file
6
charts/namespaces/kustomize/flux-system.yml
Normal file
@ -0,0 +1,6 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: flux-system
|
||||
labels:
|
||||
name: flux-system
|
||||
6
charts/namespaces/kustomize/giantswarm-flux.yml
Normal file
6
charts/namespaces/kustomize/giantswarm-flux.yml
Normal file
@ -0,0 +1,6 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: giantswarm-flux
|
||||
labels:
|
||||
name: giantswarm-flux
|
||||
6
charts/namespaces/kustomize/giantswarm.yml
Normal file
6
charts/namespaces/kustomize/giantswarm.yml
Normal file
@ -0,0 +1,6 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: giantswarm
|
||||
labels:
|
||||
name: giantswarm
|
||||
5
charts/namespaces/kustomize/kustomization.yaml
Normal file
5
charts/namespaces/kustomize/kustomization.yaml
Normal file
@ -0,0 +1,5 @@
|
||||
resources:
|
||||
- ./giantswarm-flux.yml
|
||||
- ./giantswarm.yml
|
||||
- ./monitoring.yml
|
||||
- ./org-giantswarm.yml
|
||||
6
charts/namespaces/kustomize/monitoring.yml
Normal file
6
charts/namespaces/kustomize/monitoring.yml
Normal file
@ -0,0 +1,6 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: monitoring
|
||||
labels:
|
||||
name: monitoring
|
||||
6
charts/namespaces/kustomize/org-giantswarm.yml
Normal file
6
charts/namespaces/kustomize/org-giantswarm.yml
Normal file
@ -0,0 +1,6 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: org-giantswarm
|
||||
labels:
|
||||
name: org-giantswarm
|
||||
@ -1,5 +1,5 @@
|
||||
{{- if .Values.sa }}
|
||||
{{- range $sa := .Values.sa }}
|
||||
{{- range $sa := .Values.roles }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
|
||||
6
charts/root/Chart.yaml
Normal file
6
charts/root/Chart.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
apiVersion: v2
|
||||
name: root
|
||||
description: A Helm chart for Kubernetes
|
||||
type: application
|
||||
version: 0.1.5
|
||||
appVersion: "1.16.0"
|
||||
@ -1,7 +1,7 @@
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "metallb-resources.name" -}}
|
||||
{{- define "root.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
@ -10,7 +10,7 @@ Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "metallb-resources.fullname" -}}
|
||||
{{- define "root.fullname" -}}
|
||||
{{- if .Values.fullnameOverride }}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name.
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "metallb-resources.chart" -}}
|
||||
{{- define "root.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "metallb-resources.labels" -}}
|
||||
helm.sh/chart: {{ include "metallb-resources.chart" . }}
|
||||
{{ include "metallb-resources.selectorLabels" . }}
|
||||
{{- define "root.labels" -}}
|
||||
helm.sh/chart: {{ include "root.chart" . }}
|
||||
{{ include "root.selectorLabels" . }}
|
||||
{{- if .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
{{- end }}
|
||||
@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "metallb-resources.selectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "metallb-resources.name" . }}
|
||||
{{- define "root.selectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "root.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "metallb-resources.serviceAccountName" -}}
|
||||
{{- define "root.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
{{- default (include "metallb-resources.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- default (include "root.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else }}
|
||||
{{- default "default" .Values.serviceAccount.name }}
|
||||
{{- end }}
|
||||
25
charts/root/templates/root.yaml
Normal file
25
charts/root/templates/root.yaml
Normal file
@ -0,0 +1,25 @@
|
||||
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
|
||||
apiVersion: source.toolkit.fluxcd.io/v1
|
||||
kind: GitRepository
|
||||
metadata:
|
||||
name: root
|
||||
spec:
|
||||
interval: 30s
|
||||
url: {{ .Values.url }}
|
||||
ref:
|
||||
branch: {{ .Values.branch }}
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: root
|
||||
spec:
|
||||
interval: 30s
|
||||
targetNamespace: flux-system
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: root
|
||||
path: "."
|
||||
prune: false
|
||||
timeout: 1m
|
||||
{{- end }}
|
||||
25
charts/root/templates/self.yaml
Normal file
25
charts/root/templates/self.yaml
Normal file
@ -0,0 +1,25 @@
|
||||
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
|
||||
apiVersion: source.toolkit.fluxcd.io/v1
|
||||
kind: GitRepository
|
||||
metadata:
|
||||
name: root-self
|
||||
spec:
|
||||
interval: 30s
|
||||
url: {{ .Values.self.url }}
|
||||
ref:
|
||||
branch: {{ .Values.self.branch }}
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: root-self
|
||||
spec:
|
||||
interval: 30s
|
||||
targetNamespace: flux-system
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: root-self
|
||||
path: "."
|
||||
prune: false
|
||||
timeout: 1m
|
||||
{{- end }}
|
||||
5
charts/root/values.yaml
Normal file
5
charts/root/values.yaml
Normal file
@ -0,0 +1,5 @@
|
||||
url: https://git.badhouseplants.net/giantswarm/cluster-example.git
|
||||
branch: main
|
||||
self:
|
||||
url: git@git.badhouseplants.net:giantswarm/root-config.git
|
||||
branch: master
|
||||
@ -2,37 +2,15 @@ environments:
|
||||
badhouseplants:
|
||||
kubeContext: badhouseplants
|
||||
values:
|
||||
- ./common/values/values.badhouseplants.yaml
|
||||
- base:
|
||||
enabled: true
|
||||
- velero:
|
||||
enabled: true
|
||||
- workload:
|
||||
enabled: true
|
||||
- backups:
|
||||
enabled: false
|
||||
- localpath:
|
||||
enabled: false
|
||||
- openebs:
|
||||
enabled: true
|
||||
- postgres17:
|
||||
enabled: true
|
||||
- postgres16:
|
||||
enabled: true
|
||||
- redis:
|
||||
enabled: true
|
||||
- istio:
|
||||
enabled: true
|
||||
- dbOperator:
|
||||
enabled: true
|
||||
- monitoring:
|
||||
enabled: true
|
||||
etersoft:
|
||||
kubeContext: etersoft
|
||||
values:
|
||||
- ./common/values/values.etersoft.yaml
|
||||
- base:
|
||||
enabled: true
|
||||
- velero:
|
||||
enabled: false
|
||||
- workload:
|
||||
@ -41,17 +19,3 @@ environments:
|
||||
enabled: true
|
||||
- openebs:
|
||||
enabled: false
|
||||
- localpath:
|
||||
enabled: true
|
||||
- postgres17:
|
||||
enabled: false
|
||||
- redis:
|
||||
enabled: false
|
||||
- postgres16:
|
||||
enabled: false
|
||||
- istio:
|
||||
enabled: false
|
||||
- dbOperator:
|
||||
enabled: false
|
||||
- monitoring:
|
||||
enabled: false
|
||||
|
||||
@ -1,14 +0,0 @@
|
||||
metallb:
|
||||
templates:
|
||||
- |
|
||||
{{ range .Values.ippools }}
|
||||
---
|
||||
apiVersion: metallb.io/v1beta1
|
||||
kind: IPAddressPool
|
||||
metadata:
|
||||
name: {{ .name }}
|
||||
spec:
|
||||
addresses:
|
||||
- {{ .addresses }}
|
||||
{{ end }}
|
||||
|
||||
@ -1,13 +0,0 @@
|
||||
ext-self-signed-cert:
|
||||
templates:
|
||||
- |
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ .Values.name }}
|
||||
data:
|
||||
{{- $ca := genCA .Values.domain 365 -}}
|
||||
{{- $cert := genSignedCert .Values.domain nil (list .Values.domain ) 365 $ca }}
|
||||
tls.crt: {{ $cert.Cert | b64enc }}
|
||||
tls.key: {{ $cert.Key | b64enc }}
|
||||
@ -1,19 +0,0 @@
|
||||
certificate:
|
||||
templates:
|
||||
- |
|
||||
{{ range .Values.certificate }}
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: {{ .name }}
|
||||
spec:
|
||||
dnsNames:
|
||||
{{- range .dnsNames }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
issuerRef:
|
||||
kind: {{ .issuer.kind }}
|
||||
name: {{ .issuer.name }}
|
||||
secretName: {{ .secretName }}
|
||||
{{ end }}
|
||||
@ -1,15 +0,0 @@
|
||||
istio-gateway:
|
||||
templates:
|
||||
- |
|
||||
{{ range .Values.gateways }}
|
||||
---
|
||||
apiVersion: networking.istio.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
name: {{ .name }}
|
||||
spec:
|
||||
selector:
|
||||
istio: ingressgateway
|
||||
servers:
|
||||
{{ toYaml .servers | indent 4 }}
|
||||
{{ end }}
|
||||
@ -1,6 +1,3 @@
|
||||
helmDefaults:
|
||||
kubeContext: {{ .StateValues.kubeContext }}
|
||||
|
||||
templates:
|
||||
# ---------------------------
|
||||
# -- Hooks
|
||||
@ -40,21 +37,6 @@ templates:
|
||||
default-env-secrets:
|
||||
secrets:
|
||||
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/secrets.{{ `{{ .Release.Name }}` }}.yaml'
|
||||
common-values:
|
||||
values:
|
||||
- '../values/common/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
|
||||
common-values-tpl:
|
||||
values:
|
||||
- '../values/common/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.gotmpl'
|
||||
env-values:
|
||||
values:
|
||||
- '../values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
|
||||
env-values-tpl:
|
||||
values:
|
||||
- '../values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.gotmpl'
|
||||
env-secrets:
|
||||
secrets:
|
||||
- '../values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/secrets.yaml'
|
||||
# ----------------------------
|
||||
# -- Extensions
|
||||
# ----------------------------
|
||||
@ -71,7 +53,7 @@ templates:
|
||||
version: 2.0.0
|
||||
alias: traefik
|
||||
values:
|
||||
- '../values/common/values.tcp-route.yaml'
|
||||
- '{{ requiredEnv "PWD" }}/values/common/values.tcp-route.yaml'
|
||||
ext-udp-routes:
|
||||
dependencies:
|
||||
- chart: bedag/raw
|
||||
@ -106,7 +88,7 @@ templates:
|
||||
version: 2.0.0
|
||||
alias: metallb
|
||||
values:
|
||||
- '{{ requiredEnv "PWD" }}/common/extensions/metallb.yaml'
|
||||
- '{{ requiredEnv "PWD" }}/values/common/values.metallb.yaml'
|
||||
service-monitor:
|
||||
dependencies:
|
||||
- chart: bedag/raw
|
||||
@ -128,7 +110,7 @@ templates:
|
||||
version: 2.0.0
|
||||
alias: ext-database
|
||||
values:
|
||||
- '../values/common/values.database.yaml'
|
||||
- '{{ requiredEnv "PWD" }}/values/common/values.database.yaml'
|
||||
ext-secret:
|
||||
dependencies:
|
||||
- chart: bedag/raw
|
||||
@ -136,17 +118,3 @@ templates:
|
||||
alias: ext-secret
|
||||
values:
|
||||
- '{{ requiredEnv "PWD" }}/values/common/values.secret.yaml'
|
||||
ext-cilium:
|
||||
dependencies:
|
||||
- chart: bedag/raw
|
||||
version: 2.0.0
|
||||
alias: ext-cilium
|
||||
values:
|
||||
- '{{ requiredEnv "PWD" }}/values/common/values.ext-cilium.yaml'
|
||||
ext-self-signed-cert:
|
||||
dependencies:
|
||||
- chart: bedag/raw
|
||||
version: 2.0.0
|
||||
alias: ext-self-signed-cert
|
||||
values:
|
||||
- '{{ requiredEnv "PWD" }}/common/extensions/self-signed-cert.yaml'
|
||||
@ -1,6 +0,0 @@
|
||||
registry: registry.badhouseplants.net/containers
|
||||
registry_url: registry.badhouseplants.net
|
||||
main_ip: 195.201.249.91
|
||||
tools:
|
||||
openebs:
|
||||
enabled: true
|
||||
@ -1,6 +0,0 @@
|
||||
registry: registry.ru.badhouseplants.net/containers
|
||||
registry_url: registry.ru.badhouseplants.net
|
||||
main_ip: 91.232.225.63
|
||||
tools:
|
||||
openebs:
|
||||
enabled: false
|
||||
@ -1,5 +0,0 @@
|
||||
namespaces:
|
||||
kubePublic: kube-public
|
||||
kubeSystem: kube-system
|
||||
traefikSystem: traefik-system
|
||||
|
||||
11
helmfile.yaml
Normal file
11
helmfile.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
bases:
|
||||
- ./common/environments.yaml
|
||||
- ./common/templates.yaml
|
||||
helmfiles:
|
||||
- ./installations/system/
|
||||
- ./installations/databases/
|
||||
- ./installations/platform/
|
||||
- ./installations/pipelines/
|
||||
- ./installations/monitoring/
|
||||
- ./installations/applications/
|
||||
- ./installations/games/
|
||||
@ -1,29 +0,0 @@
|
||||
---
|
||||
bases:
|
||||
- ./common/environments.yaml
|
||||
---
|
||||
helmfiles:
|
||||
- path: ./helmfiles/base.yaml
|
||||
values:
|
||||
- kubeContext: "{{ .Environment.KubeContext }}"
|
||||
- {{ toYaml .Environment.Values | nindent 8 }}
|
||||
- path: ./helmfiles/system.yaml
|
||||
values:
|
||||
- kubeContext: "{{ .Environment.KubeContext }}"
|
||||
- {{ toYaml .Environment.Values | nindent 8 }}
|
||||
- path: ./helmfiles/platform.yaml
|
||||
values:
|
||||
- kubeContext: "{{ .Environment.KubeContext }}"
|
||||
- {{ toYaml .Environment.Values | nindent 8 }}
|
||||
- path: ./helmfiles/databases.yaml
|
||||
values:
|
||||
- kubeContext: "{{ .Environment.KubeContext }}"
|
||||
- {{ toYaml .Environment.Values | nindent 8 }}
|
||||
- path: ./helmfiles/monitoring.yaml
|
||||
values:
|
||||
- kubeContext: "{{ .Environment.KubeContext }}"
|
||||
- {{ toYaml .Environment.Values | nindent 8 }}
|
||||
- path: ./helmfiles/{{ .Environment.Name }}-applications.yaml
|
||||
values:
|
||||
- kubeContext: "{{ .Environment.KubeContext }}"
|
||||
- {{ toYaml .Environment.Values | nindent 8 }}
|
||||
@ -1,135 +0,0 @@
|
||||
bases:
|
||||
- ../common/templates.gotmpl
|
||||
|
||||
repositories:
|
||||
- name: gitea
|
||||
url: https://dl.gitea.io/charts/
|
||||
- name: bedag
|
||||
url: https://bedag.github.io/helm-charts/
|
||||
- name: minecraft
|
||||
url: https://itzg.github.io/minecraft-server-charts/
|
||||
- name: allangers-charts
|
||||
url: ghcr.io/allanger/allangers-charts
|
||||
oci: true
|
||||
- name: woodpecker
|
||||
url: https://woodpecker-ci.org
|
||||
- name: renovate
|
||||
url: https://docs.renovatebot.com/helm-charts
|
||||
- name: badhouseplants-helm
|
||||
url: git+https://gitea.badhouseplants.net/badhouseplants/badhouseplants-helm@charts?ref=main
|
||||
|
||||
releases:
|
||||
- name: app-gitea
|
||||
chart: gitea/gitea
|
||||
version: 11.0.1
|
||||
namespace: org-badhouseplants
|
||||
inherit:
|
||||
- template: env-values
|
||||
- template: env-secrets
|
||||
|
||||
- name: minecraft
|
||||
chart: minecraft/minecraft
|
||||
namespace: games
|
||||
version: 4.26.3
|
||||
inherit:
|
||||
- template: common-values-tpl
|
||||
- template: env-values
|
||||
- template: env-secrets
|
||||
|
||||
- name: app-vaultwarden
|
||||
chart: allangers-charts/vaultwarden
|
||||
version: 3.1.1
|
||||
namespace: org-badhouseplants
|
||||
inherit:
|
||||
- template: env-values
|
||||
- template: env-secrets
|
||||
|
||||
- name: app-stalwart
|
||||
chart: allangers-charts/stalwart
|
||||
version: 1.2.0
|
||||
namespace: org-badhouseplants
|
||||
inherit:
|
||||
- template: env-values
|
||||
- template: env-secrets
|
||||
|
||||
- name: app-navidrome
|
||||
chart: allangers-charts/navidrome
|
||||
namespace: org-badhouseplants
|
||||
version: 0.56.0
|
||||
inherit:
|
||||
- template: env-values
|
||||
- template: ext-traefik-middleware
|
||||
|
||||
- name: app-navidrome-private
|
||||
chart: allangers-charts/navidrome
|
||||
namespace: org-badhouseplants
|
||||
version: 0.56.0
|
||||
inherit:
|
||||
- template: env-values
|
||||
- template: env-secrets
|
||||
|
||||
- name: app-memos
|
||||
chart: allangers-charts/memos
|
||||
version: 0.4.0
|
||||
namespace: org-allanger
|
||||
inherit:
|
||||
- template: env-values
|
||||
- template: ext-database
|
||||
|
||||
- name: badhouseplants-net
|
||||
chart: badhouseplants-helm/badhouseplants-net
|
||||
namespace: production
|
||||
values:
|
||||
- deployAnnotations:
|
||||
keel.sh/policy: force
|
||||
keel.sh/trigger: poll
|
||||
keel.sh/initContainers: 'true'
|
||||
|
||||
- name: server-xray-public-edge
|
||||
chart: allangers-charts/server-xray
|
||||
installed: true
|
||||
namespace: public-xray
|
||||
version: 0.7.0
|
||||
inherit:
|
||||
- template: env-secrets
|
||||
- template: env-values
|
||||
- template: ext-tcp-routes
|
||||
- template: ext-cilium
|
||||
- template: ext-certificate
|
||||
|
||||
- name: server-xray-public
|
||||
chart: allangers-charts/server-xray
|
||||
namespace: public-xray
|
||||
version: 0.7.0
|
||||
inherit:
|
||||
- template: env-secrets
|
||||
- template: env-values
|
||||
- template: ext-tcp-routes
|
||||
- template: ext-cilium
|
||||
- template: ext-certificate
|
||||
|
||||
- name: woodpecker-ci
|
||||
chart: woodpecker/woodpecker
|
||||
namespace: pipelines
|
||||
version: 3.1.0
|
||||
inherit:
|
||||
- template: ext-database
|
||||
- template: env-values
|
||||
- template: env-secrets
|
||||
|
||||
- name: renovate-gitea
|
||||
chart: renovate/renovate
|
||||
namespace: pipelines
|
||||
version: 40.7.0
|
||||
inherit:
|
||||
- template: env-values
|
||||
- template: env-secrets
|
||||
|
||||
- name: renovate-github
|
||||
chart: renovate/renovate
|
||||
installed: false
|
||||
namespace: pipelines
|
||||
version: 40.7.0
|
||||
inherit:
|
||||
- template: env-values
|
||||
- template: env-secrets
|
||||
@ -1,21 +0,0 @@
|
||||
bases:
|
||||
- ../common/templates.gotmpl
|
||||
|
||||
releases:
|
||||
# -- This one must be executed with --take-ownership at least once
|
||||
- name: namespaces
|
||||
chart: ../charts/namespaces
|
||||
namespace: kube-system
|
||||
createNamespace: false
|
||||
inherit:
|
||||
- template: env-values
|
||||
- template: env-secrets
|
||||
|
||||
- name: roles
|
||||
chart: ../charts/roles
|
||||
namespace: kube-system
|
||||
createNamespace: false
|
||||
needs:
|
||||
- kube-system/namespaces
|
||||
inherit:
|
||||
- template: env-values
|
||||
@ -1,33 +0,0 @@
|
||||
bases:
|
||||
- ../common/templates.gotmpl
|
||||
|
||||
repositories:
|
||||
- name: bitnami
|
||||
url: registry-1.docker.io/bitnamicharts
|
||||
oci: true
|
||||
- name: bedag
|
||||
url: https://bedag.github.io/helm-charts/
|
||||
commonLabels:
|
||||
installation: databases
|
||||
releases:
|
||||
- name: redis
|
||||
chart: bitnami/redis
|
||||
namespace: databases
|
||||
condition: redis.enabled
|
||||
version: 20.13.4
|
||||
inherit:
|
||||
- template: common-values-tpl
|
||||
- template: env-values
|
||||
- template: env-secrets
|
||||
|
||||
- name: postgres17
|
||||
labels:
|
||||
bundle: postgres
|
||||
namespace: databases
|
||||
chart: bitnami/postgresql
|
||||
condition: postgres17.enabled
|
||||
version: 16.6.7
|
||||
inherit:
|
||||
- template: common-values-tpl
|
||||
- template: env-values
|
||||
- template: env-secrets
|
||||
@ -1,58 +0,0 @@
|
||||
bases:
|
||||
- ../common/templates.gotmpl
|
||||
repositories:
|
||||
- name: allangers-charts
|
||||
url: ghcr.io/allanger/allangers-charts
|
||||
oci: true
|
||||
- name: gabe565
|
||||
url: ghcr.io/gabe565/charts
|
||||
oci: true
|
||||
- name: xray-docs
|
||||
url: git+https://gitea.badhouseplants.net/badhouseplants/xray-docs.git@helm?ref=main
|
||||
|
||||
releases:
|
||||
- name: qbittorrent
|
||||
chart: gabe565/qbittorrent
|
||||
version: 0.4.1
|
||||
namespace: applications
|
||||
inherit:
|
||||
- template: env-values
|
||||
- template: ext-secret
|
||||
- template: ext-traefik-middleware
|
||||
- name: vaultwardentest
|
||||
chart: allangers-charts/vaultwarden
|
||||
version: 3.1.1
|
||||
namespace: applications
|
||||
inherit:
|
||||
- template: env-values
|
||||
- template: env-secrets
|
||||
|
||||
- name: memos
|
||||
chart: allangers-charts/memos
|
||||
version: 0.4.0
|
||||
namespace: applications
|
||||
inherit:
|
||||
- template: env-values
|
||||
|
||||
- name: external-service-xray
|
||||
chart: ../kustomizations/external-service-xray
|
||||
installed: true
|
||||
namespace: public-xray
|
||||
|
||||
- name: server-xray-public
|
||||
chart: allangers-charts/server-xray
|
||||
namespace: public-xray
|
||||
version: 0.7.0
|
||||
inherit:
|
||||
- template: env-secrets
|
||||
- template: env-values
|
||||
- template: ext-tcp-routes
|
||||
- template: ext-cilium
|
||||
- template: ext-certificate
|
||||
|
||||
- name: xray-docs
|
||||
chart: xray-docs/xray-docs
|
||||
installed: true
|
||||
namespace: public-xray
|
||||
inherit:
|
||||
- template: env-values
|
||||
@ -1,35 +0,0 @@
|
||||
bases:
|
||||
- ../common/templates.gotmpl
|
||||
|
||||
repositories:
|
||||
- name: woodpecker
|
||||
url: https://woodpecker-ci.org
|
||||
- name: renovate
|
||||
url: https://docs.renovatebot.com/helm-charts
|
||||
- name: bedag
|
||||
url: https://bedag.github.io/helm-charts/
|
||||
|
||||
releases:
|
||||
- name: woodpecker-ci
|
||||
chart: woodpecker/woodpecker
|
||||
namespace: pipelines
|
||||
version: 3.1.0
|
||||
inherit:
|
||||
- template: ext-database
|
||||
- template: env-values
|
||||
- template: env-secrets
|
||||
- name: renovate-gitea
|
||||
chart: renovate/renovate
|
||||
namespace: pipelines
|
||||
version: 40.7.0
|
||||
inherit:
|
||||
- template: env-values
|
||||
- template: env-secrets
|
||||
- name: renovate-github
|
||||
chart: renovate/renovate
|
||||
installed: true
|
||||
namespace: pipelines
|
||||
version: 40.7.0
|
||||
inherit:
|
||||
- template: env-values
|
||||
- template: env-secrets
|
||||
@ -1,125 +0,0 @@
|
||||
bases:
|
||||
- ../common/templates.gotmpl
|
||||
|
||||
repositories:
|
||||
- name: keel
|
||||
url: https://keel-hq.github.io/keel/
|
||||
- name: uptime-kuma
|
||||
url: https://helm.irsigler.cloud
|
||||
- name: external-dns
|
||||
url: https://kubernetes-sigs.github.io/external-dns/
|
||||
- name: minio-standalone
|
||||
url: https://charts.min.io/
|
||||
- name: db-operator
|
||||
url: https://db-operator.github.io/charts
|
||||
- name: zot
|
||||
url: https://zotregistry.dev/helm-charts/
|
||||
- name: goauthentik
|
||||
url: https://charts.goauthentik.io/
|
||||
- name: flux-community
|
||||
url: ghcr.io/fluxcd-community/charts
|
||||
oci: true
|
||||
- name: bedag
|
||||
url: https://bedag.github.io/helm-charts/
|
||||
- name: argo
|
||||
url: https://argoproj.github.io/argo-helm
|
||||
|
||||
releases:
|
||||
- name: external-dns
|
||||
chart: external-dns/external-dns
|
||||
version: 1.16.1
|
||||
namespace: platform
|
||||
inherit:
|
||||
- template: common-values-tpl
|
||||
- template: env-values
|
||||
- template: env-secrets
|
||||
|
||||
- name: flux2
|
||||
chart: flux-community/flux2
|
||||
installed: false
|
||||
version: 2.15.0
|
||||
namespace: flux-system
|
||||
inherit:
|
||||
- template: common-values-tpl
|
||||
|
||||
- name: argocd
|
||||
chart: argo/argo-cd
|
||||
version: 7.9.1
|
||||
namespace: argocd
|
||||
installed: false
|
||||
inherit:
|
||||
- template: env-values
|
||||
- template: env-secrets
|
||||
|
||||
- name: keel
|
||||
chart: keel/keel
|
||||
version: v1.0.5
|
||||
labels:
|
||||
layer: platform
|
||||
namespace: platform
|
||||
inherit:
|
||||
- template: common-values-tpl
|
||||
|
||||
- name: uptime-kuma
|
||||
chart: uptime-kuma/uptime-kuma
|
||||
version: 2.21.2
|
||||
namespace: platform
|
||||
labels:
|
||||
layer: platform
|
||||
inherit:
|
||||
- template: common-values-tpl
|
||||
- template: env-values
|
||||
|
||||
- name: minio
|
||||
chart: minio-standalone/minio
|
||||
version: 5.4.0
|
||||
namespace: platform
|
||||
labels:
|
||||
layer: platform
|
||||
inherit:
|
||||
- template: common-values-tpl
|
||||
- template: env-values
|
||||
- template: env-secrets
|
||||
|
||||
- name: db-operator
|
||||
namespace: platform
|
||||
chart: db-operator/db-operator
|
||||
condition: dbOperator.enabled
|
||||
version: 1.35.0
|
||||
inherit:
|
||||
- template: common-values-tpl
|
||||
|
||||
- name: db-instances
|
||||
chart: db-operator/db-instances
|
||||
condition: dbOperator.enabled
|
||||
namespace: platform
|
||||
needs:
|
||||
- platform/db-operator
|
||||
version: 2.4.0
|
||||
inherit:
|
||||
- template: env-values
|
||||
- template: env-secrets
|
||||
|
||||
- name: zot
|
||||
chart: zot/zot
|
||||
version: 0.1.68
|
||||
namespace: platform
|
||||
condition: workload.enabled
|
||||
inherit:
|
||||
- template: common-values-tpl
|
||||
- template: env-values
|
||||
- template: env-secrets
|
||||
|
||||
- name: authentik
|
||||
chart: goauthentik/authentik
|
||||
version: 2025.4.0
|
||||
namespace: platform
|
||||
createNamespace: false
|
||||
condition: workload.enabled
|
||||
needs:
|
||||
- platform/db-operator
|
||||
inherit:
|
||||
- template: common-values-tpl
|
||||
- template: env-values
|
||||
- template: env-secrets
|
||||
- template: ext-database
|
||||
@ -1,181 +0,0 @@
|
||||
bases:
|
||||
- ../common/templates.gotmpl
|
||||
|
||||
repositories:
|
||||
- name: coredns
|
||||
url: https://coredns.github.io/helm
|
||||
- name: zot
|
||||
url: https://zotregistry.dev/helm-charts/
|
||||
- name: cilium
|
||||
url: https://helm.cilium.io/
|
||||
- name: metrics-server
|
||||
url: https://kubernetes-sigs.github.io/metrics-server/
|
||||
- name: jetstack
|
||||
url: https://charts.jetstack.io
|
||||
- name: metallb
|
||||
url: https://metallb.github.io/metallb
|
||||
- name: traefik
|
||||
url: https://traefik.github.io/charts
|
||||
- name: local-path-provisioner
|
||||
url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=master
|
||||
- name: kyverno
|
||||
url: https://kyverno.github.io/kyverno/
|
||||
- name: vmware-tanzu
|
||||
url: https://vmware-tanzu.github.io/helm-charts/
|
||||
- name: openebs
|
||||
url: https://openebs.github.io/openebs
|
||||
- name: istio
|
||||
url: https://istio-release.storage.googleapis.com/charts
|
||||
|
||||
releases:
|
||||
- name: coredns
|
||||
chart: coredns/coredns
|
||||
version: 1.42.1
|
||||
namespace: kube-system
|
||||
inherit:
|
||||
- template: common-values-tpl
|
||||
|
||||
- name: cilium
|
||||
chart: cilium/cilium
|
||||
version: 1.17.3
|
||||
namespace: kube-system
|
||||
needs:
|
||||
- kube-system/coredns
|
||||
inherit:
|
||||
- template: common-values
|
||||
- template: common-values-tpl
|
||||
|
||||
- name: cert-manager
|
||||
chart: jetstack/cert-manager
|
||||
version: v1.17.2
|
||||
namespace: kube-system
|
||||
missingFileHandler: Warn
|
||||
needs:
|
||||
- kube-system/cilium
|
||||
inherit:
|
||||
- template: common-values
|
||||
- template: common-values-tpl
|
||||
|
||||
- name: issuer
|
||||
chart: ../charts/issuer
|
||||
namespace: kube-system
|
||||
missingFileHandler: Warn
|
||||
needs:
|
||||
- kube-system/cert-manager
|
||||
inherit:
|
||||
- template: common-values
|
||||
|
||||
- name: local-path-provisioner
|
||||
chart: local-path-provisioner/local-path-provisioner
|
||||
namespace: kube-system
|
||||
inherit:
|
||||
- template: common-values-tpl
|
||||
|
||||
- name: kyverno
|
||||
chart: kyverno/kyverno
|
||||
namespace: kyverno
|
||||
version: 3.4.1
|
||||
needs:
|
||||
- kube-system/cilium
|
||||
inherit:
|
||||
- template: common-values-tpl
|
||||
|
||||
- name: kyverno-policies
|
||||
chart: kyverno/kyverno-policies
|
||||
namespace: kyverno
|
||||
version: 3.4.1
|
||||
needs:
|
||||
- kyverno/kyverno
|
||||
|
||||
- name: custom-kyverno-policies
|
||||
chart: ../kustomizations/kyverno/{{ .Environment.Name }}
|
||||
namespace: kyverno
|
||||
needs:
|
||||
- kyverno/kyverno
|
||||
|
||||
- name: metallb
|
||||
chart: metallb/metallb
|
||||
namespace: kube-system
|
||||
condition: base.enabled
|
||||
version: 0.14.9
|
||||
needs:
|
||||
- registry/cluster-mirror
|
||||
inherit:
|
||||
- template: common-values
|
||||
- template: common-values-tpl
|
||||
|
||||
- name: metallb-resources
|
||||
chart: ../charts/metallb-resources
|
||||
version: 2.0.0
|
||||
condition: base.enabled
|
||||
namespace: kube-system
|
||||
needs:
|
||||
- kube-system/metallb
|
||||
inherit:
|
||||
- template: common-values-tpl
|
||||
|
||||
- name: traefik
|
||||
chart: traefik/traefik
|
||||
version: 35.2.0
|
||||
condition: base.enabled
|
||||
namespace: kube-system
|
||||
inherit:
|
||||
- template: common-values-tpl
|
||||
- template: common-values
|
||||
- template: env-values
|
||||
|
||||
- name: cluster-mirror
|
||||
chart: zot/zot
|
||||
version: 0.1.68
|
||||
createNamespace: false
|
||||
installed: true
|
||||
namespace: registry
|
||||
needs:
|
||||
- kube-system/cilium
|
||||
inherit:
|
||||
- template: common-values-tpl
|
||||
- template: env-secrets
|
||||
|
||||
- name: metrics-server
|
||||
chart: metrics-server/metrics-server
|
||||
version: 3.12.2
|
||||
namespace: kube-system
|
||||
needs:
|
||||
- registry/cluster-mirror
|
||||
inherit:
|
||||
- template: common-values-tpl
|
||||
|
||||
- name: openebs
|
||||
chart: openebs/openebs
|
||||
condition: tools.openebs.enabled
|
||||
namespace: kube-system
|
||||
version: 4.2.0
|
||||
inherit:
|
||||
- template: common-values-tpl
|
||||
- template: env-values
|
||||
|
||||
- name: velero
|
||||
chart: vmware-tanzu/velero
|
||||
namespace: velero
|
||||
version: 9.0.4
|
||||
condition: velero.enabled
|
||||
inherit:
|
||||
- template: common-values-tpl
|
||||
- template: env-values
|
||||
- template: env-secrets
|
||||
|
||||
- name: istio-base
|
||||
chart: istio/base
|
||||
namespace: istio-system
|
||||
version: 1.25.2
|
||||
inherit:
|
||||
- template: common-values
|
||||
|
||||
- name: istiod
|
||||
chart: istio/istiod
|
||||
namespace: istio-system
|
||||
version: 1.25.2
|
||||
inherit:
|
||||
- template: common-values-tpl
|
||||
needs:
|
||||
- istio-system/istio-base
|
||||
126
installations/applications/helmfile.yaml
Normal file
126
installations/applications/helmfile.yaml
Normal file
@ -0,0 +1,126 @@
|
||||
bases:
|
||||
- ../../common/environments.yaml
|
||||
- ../../common/templates.yaml
|
||||
repositories:
|
||||
- name: softplayer-oci
|
||||
url: zot.badhouseplants.net/softplayer/helm
|
||||
oci: true
|
||||
- name: allanger-oci
|
||||
url: zot.badhouseplants.net/allanger/helm
|
||||
oci: true
|
||||
- name: requarks
|
||||
url: https://charts.js.wiki
|
||||
- name: ananace-charts
|
||||
url: https://ananace.gitlab.io/charts
|
||||
- name: gitea
|
||||
url: https://dl.gitea.io/charts/
|
||||
- name: mailu
|
||||
url: https://mailu.github.io/helm-charts/
|
||||
- name: bedag
|
||||
url: https://bedag.github.io/helm-charts/
|
||||
- name: grafana
|
||||
url: https://grafana.github.io/helm-charts
|
||||
- name: bitnami
|
||||
url: https://charts.bitnami.com/bitnami
|
||||
- name: allangers-charts
|
||||
url: ghcr.io/allanger/allangers-charts
|
||||
oci: true
|
||||
- name: robjuz
|
||||
url: https://robjuz.github.io/helm-charts/
|
||||
releases:
|
||||
- name: funkwhale
|
||||
chart: ananace-charts/funkwhale
|
||||
namespace: applications
|
||||
version: 2.0.5
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-database
|
||||
- name: gitea
|
||||
chart: gitea/gitea
|
||||
version: 10.4.1
|
||||
namespace: applications
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-database
|
||||
- template: ext-tcp-routes
|
||||
- name: nrodionov
|
||||
chart: bitnami/wordpress
|
||||
version: 23.1.21
|
||||
namespace: applications
|
||||
installed: false
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-database
|
||||
- name: openvpn
|
||||
chart: allangers-charts/openvpn
|
||||
version: 0.0.1
|
||||
namespace: applications
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: ext-tcp-routes
|
||||
- name: vaultwarden
|
||||
chart: allangers-charts/vaultwarden
|
||||
version: 2.2.0
|
||||
namespace: applications
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-database
|
||||
- name: stalwart
|
||||
chart: allangers-charts/stalwart
|
||||
version: 0.2.0
|
||||
namespace: applications
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-tcp-routes
|
||||
#- name: vaultwardentest
|
||||
# chart: allangers-charts/vaultwarden
|
||||
# version: 2.1.0
|
||||
# namespace: applications
|
||||
# inherit:
|
||||
# - template: default-env-values
|
||||
# - template: default-env-secrets
|
||||
#- name: shadowsocks-libev
|
||||
# chart: allangers-charts/shadowsocks-libev
|
||||
# namespace: applications
|
||||
# version: 3.3.5
|
||||
# inherit:
|
||||
# - template: default-env-secrets
|
||||
# - template: default-env-values
|
||||
# - template: ext-tcp-routes
|
||||
# - template: ext-udp-routes
|
||||
- name: navidrome
|
||||
chart: allangers-charts/navidrome
|
||||
namespace: applications
|
||||
version: 0.1.0
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: ext-traefik-middleware
|
||||
- name: grafana
|
||||
chart: grafana/grafana
|
||||
namespace: applications
|
||||
version: 8.5.2
|
||||
installed: true
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- name: server-xray
|
||||
chart: allangers-charts/server-xray
|
||||
namespace: applications
|
||||
version: 0.1.0
|
||||
inherit:
|
||||
- template: default-env-secrets
|
||||
- template: default-env-values
|
||||
- template: ext-tcp-routes
|
||||
- name: server-xray-public
|
||||
chart: allangers-charts/server-xray
|
||||
namespace: public-xray
|
||||
version: 0.1.0
|
||||
inherit:
|
||||
- template: default-env-secrets
|
||||
- template: default-env-values
|
||||
- template: ext-tcp-routes
|
||||
43
installations/databases/helmfile.yaml
Normal file
43
installations/databases/helmfile.yaml
Normal file
@ -0,0 +1,43 @@
|
||||
bases:
|
||||
- ../../common/environments.yaml
|
||||
- ../../common/templates.yaml
|
||||
repositories:
|
||||
- name: bitnami
|
||||
url: https://charts.bitnami.com/bitnami
|
||||
- name: bedag
|
||||
url: https://bedag.github.io/helm-charts/
|
||||
releases:
|
||||
- name: mariadb
|
||||
chart: bitnami/mariadb
|
||||
namespace: databases
|
||||
installed: false
|
||||
version: 19.0.7
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- name: redis
|
||||
chart: bitnami/redis
|
||||
namespace: databases
|
||||
version: 20.1.7
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- name: postgres16
|
||||
labels:
|
||||
bundle: postgres
|
||||
namespace: databases
|
||||
chart: bitnami/postgresql
|
||||
version: 15.5.38
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- name: postgres16-gitea
|
||||
labels:
|
||||
bundle: postgres
|
||||
installed: false
|
||||
namespace: databases
|
||||
chart: bitnami/postgresql
|
||||
version: 15.5.38
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
9
installations/development/helmfile.yaml
Normal file
9
installations/development/helmfile.yaml
Normal file
@ -0,0 +1,9 @@
|
||||
bases:
|
||||
- ../../common/environments.yaml
|
||||
- ../../common/templates.yaml
|
||||
repositories:
|
||||
- name: argo
|
||||
url: https://argoproj.github.io/argo-helm
|
||||
releases:
|
||||
- name: badhouseplants
|
||||
namespace: platform
|
||||
17
installations/games/helmfile.yaml
Normal file
17
installations/games/helmfile.yaml
Normal file
@ -0,0 +1,17 @@
|
||||
bases:
|
||||
- ../../common/environments.yaml
|
||||
- ../../common/templates.yaml
|
||||
repositories:
|
||||
- name: bedag
|
||||
url: https://bedag.github.io/helm-charts/
|
||||
- name: minecraft
|
||||
url: https://itzg.github.io/minecraft-server-charts/
|
||||
releases:
|
||||
- name: minecraft
|
||||
chart: minecraft/minecraft
|
||||
namespace: games
|
||||
version: 4.23.2
|
||||
inherit:
|
||||
- template: ext-tcp-routes
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
@ -1,6 +1,6 @@
|
||||
bases:
|
||||
- ../common/templates.gotmpl
|
||||
|
||||
- ../../common/environments.yaml
|
||||
- ../../common/templates.yaml
|
||||
repositories:
|
||||
- name: bedag
|
||||
url: https://bedag.github.io/helm-charts/
|
||||
@ -8,39 +8,32 @@ repositories:
|
||||
url: https://prometheus-community.github.io/helm-charts
|
||||
- name: grafana
|
||||
url: https://grafana.github.io/helm-charts
|
||||
|
||||
releases:
|
||||
- name: prometheus
|
||||
chart: prometheus-community/kube-prometheus-stack
|
||||
namespace: observability
|
||||
condition: monitoring.enabled
|
||||
version: 72.0.1
|
||||
version: 65.1.1
|
||||
inherit:
|
||||
- template: env-values
|
||||
- template: env-secrets
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: crd-management-hook
|
||||
- name: grafana
|
||||
chart: grafana/grafana
|
||||
namespace: observability
|
||||
condition: monitoring.enabled
|
||||
version: 8.15.0
|
||||
version: 8.5.2
|
||||
installed: true
|
||||
inherit:
|
||||
- template: env-values
|
||||
- template: env-secrets
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- name: loki
|
||||
chart: grafana/loki
|
||||
condition: monitoring.enabled
|
||||
namespace: observability
|
||||
version: 6.29.0
|
||||
version: 6.16.0
|
||||
inherit:
|
||||
- template: env-values
|
||||
- template: ext-secret
|
||||
- template: ext-traefik-middleware
|
||||
- template: default-env-values
|
||||
- name: promtail
|
||||
chart: grafana/promtail
|
||||
condition: monitoring.enabled
|
||||
namespace: observability
|
||||
version: 6.16.6
|
||||
inherit:
|
||||
- template: env-values
|
||||
- template: default-env-values
|
||||
40
installations/pipelines/helmfile.yaml
Normal file
40
installations/pipelines/helmfile.yaml
Normal file
@ -0,0 +1,40 @@
|
||||
bases:
|
||||
- ../../common/environments.yaml
|
||||
- ../../common/templates.yaml
|
||||
repositories:
|
||||
- name: woodpecker
|
||||
url: https://woodpecker-ci.org
|
||||
- name: renovate
|
||||
url: https://docs.renovatebot.com/helm-charts
|
||||
- name: bedag
|
||||
url: https://bedag.github.io/helm-charts/
|
||||
releases:
|
||||
- name: woodpecker-ci
|
||||
chart: woodpecker/woodpecker
|
||||
namespace: pipelines
|
||||
version: 1.6.0
|
||||
inherit:
|
||||
- template: ext-database
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- name: woodpecker-ci-kube
|
||||
chart: woodpecker/woodpecker
|
||||
namespace: pipelines
|
||||
version: 1.6.0
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- name: renovate-gitea
|
||||
chart: renovate/renovate
|
||||
namespace: pipelines
|
||||
version: 38.110.4
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- name: renovate-github
|
||||
chart: renovate/renovate
|
||||
namespace: pipelines
|
||||
version: 38.110.4
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
102
installations/platform/helmfile.yaml
Normal file
102
installations/platform/helmfile.yaml
Normal file
@ -0,0 +1,102 @@
|
||||
bases:
|
||||
- ../../common/environments.yaml
|
||||
- ../../common/templates.yaml
|
||||
repositories:
|
||||
- name: argo
|
||||
url: https://argoproj.github.io/argo-helm
|
||||
- name: db-operator
|
||||
url: https://db-operator.github.io/charts
|
||||
- name: zot
|
||||
url: https://zotregistry.dev/helm-charts/
|
||||
- name: bedag
|
||||
url: https://bedag.github.io/helm-charts/
|
||||
- name: crossplane-stable
|
||||
url: https://charts.crossplane.io/stable
|
||||
- name: goauthentik
|
||||
url: https://charts.goauthentik.io/
|
||||
- name: minio-standalone
|
||||
url: https://charts.min.io/
|
||||
- name: kyverno
|
||||
url: https://kyverno.github.io/kyverno/
|
||||
releases:
|
||||
- name: argocd
|
||||
chart: argo/argo-cd
|
||||
namespace: platform
|
||||
condition: workload.enabled
|
||||
installed: false
|
||||
version: 7.6.8
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- name: db-operator
|
||||
namespace: platform
|
||||
chart: db-operator/db-operator
|
||||
condition: workload.enabled
|
||||
version: 1.29.0
|
||||
- name: db-instances
|
||||
chart: db-operator/db-instances
|
||||
namespace: platform
|
||||
condition: workload.enabled
|
||||
needs:
|
||||
- platform/db-operator
|
||||
version: 2.3.4
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- name: zot
|
||||
chart: zot/zot
|
||||
version: 0.1.62
|
||||
createNamespace: false
|
||||
installed: true
|
||||
namespace: platform
|
||||
condition: workload.enabled
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- name: crossplane
|
||||
chart: crossplane-stable/crossplane
|
||||
installed: false
|
||||
version: 1.17.1
|
||||
namespace: platform
|
||||
condition: workload.enabled
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- name: authentik
|
||||
chart: goauthentik/authentik
|
||||
version: 2024.8.3
|
||||
namespace: platform
|
||||
createNamespace: false
|
||||
needs:
|
||||
- platform/db-operator
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-database
|
||||
- name: minio
|
||||
chart: minio-standalone/minio
|
||||
version: 5.2.0
|
||||
namespace: platform
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- name: kyverno
|
||||
chart: kyverno/kyverno
|
||||
namespace: kyverno
|
||||
labels:
|
||||
bootstrap: true
|
||||
version: 3.2.7
|
||||
- name: kyverno-policies
|
||||
chart: kyverno/kyverno-policies
|
||||
namespace: kyverno
|
||||
labels:
|
||||
bootstrap: true
|
||||
version: 3.2.6
|
||||
needs:
|
||||
- kyverno/kyverno
|
||||
- name: custom-kyverno-policies
|
||||
chart: ../../kustomizations/kyverno/
|
||||
namespace: kyverno
|
||||
labels:
|
||||
bootstrap: true
|
||||
needs:
|
||||
- kyverno/kyverno
|
||||
34
installations/storage/helmfile.yaml
Normal file
34
installations/storage/helmfile.yaml
Normal file
@ -0,0 +1,34 @@
|
||||
bases:
|
||||
- ../../common/environments.yaml
|
||||
- ../../common/templates.yaml
|
||||
repositories:
|
||||
- name: longhorn
|
||||
url: https://charts.longhorn.io
|
||||
- name: rook-release
|
||||
url: https://charts.rook.io/release
|
||||
releases:
|
||||
- name: rook-ceph
|
||||
chart: rook-release/rook-ceph
|
||||
installed: true
|
||||
namespace: rook-ceph
|
||||
version: v1.14.6
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- name: rook-ceph-cluster
|
||||
chart: rook-release/rook-ceph-cluster
|
||||
installed: false
|
||||
namespace: rook-ceph
|
||||
version: v1.14.6
|
||||
needs:
|
||||
- rook-ceph/rook-ceph
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- name: longhorn
|
||||
chart: longhorn/longhorn
|
||||
namespace: longhorn-system
|
||||
installed: true
|
||||
version: 1.7.1
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-secret
|
||||
133
installations/system/helmfile.yaml
Normal file
133
installations/system/helmfile.yaml
Normal file
@ -0,0 +1,133 @@
|
||||
bases:
|
||||
- ../../common/environments.yaml
|
||||
- ../../common/templates.yaml
|
||||
repositories:
|
||||
- name: metrics-server
|
||||
url: https://kubernetes-sigs.github.io/metrics-server/
|
||||
- name: jetstack
|
||||
url: https://charts.jetstack.io
|
||||
- name: bedag
|
||||
url: https://bedag.github.io/helm-charts/
|
||||
- name: metallb
|
||||
url: https://metallb.github.io/metallb
|
||||
- name: traefik
|
||||
url: https://traefik.github.io/charts
|
||||
- name: coredns
|
||||
url: https://coredns.github.io/helm
|
||||
- name: cilium
|
||||
url: https://helm.cilium.io/
|
||||
- name: bedag
|
||||
url: https://bedag.github.io/helm-charts/
|
||||
- name: piraeus-charts
|
||||
url: https://piraeus.io/helm-charts/
|
||||
- name: vmware-tanzu
|
||||
url: https://vmware-tanzu.github.io/helm-charts/
|
||||
- name: openebs
|
||||
url: https://openebs.github.io/openebs
|
||||
releases:
|
||||
- name: namespaces
|
||||
chart: '{{ requiredEnv "PWD" }}/charts/namespaces/chart'
|
||||
namespace: kube-public
|
||||
createNamespace: false
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- name: roles
|
||||
chart: '{{ requiredEnv "PWD" }}/charts/roles'
|
||||
namespace: kube-public
|
||||
createNamespace: false
|
||||
needs:
|
||||
- kube-public/namespaces
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- name: coredns
|
||||
chart: coredns/coredns
|
||||
version: 1.36.0
|
||||
namespace: kube-system
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- name: snapshot-controller
|
||||
chart: piraeus-charts/snapshot-controller
|
||||
installed: true
|
||||
version: 3.0.6
|
||||
namespace: kube-system
|
||||
condition: velero.enabled
|
||||
needs:
|
||||
- kube-system/cilium
|
||||
inherit:
|
||||
- template: crd-management-hook
|
||||
- name: cilium
|
||||
chart: cilium/cilium
|
||||
version: 1.16.2
|
||||
namespace: kube-system
|
||||
needs:
|
||||
- kube-system/coredns
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- name: cert-manager
|
||||
chart: jetstack/cert-manager
|
||||
version: v1.16.1
|
||||
namespace: kube-system
|
||||
needs:
|
||||
- kube-system/cilium
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- name: issuer
|
||||
chart: '{{ requiredEnv "PWD" }}/charts/issuer'
|
||||
namespace: kube-public
|
||||
needs:
|
||||
- kube-system/cert-manager
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- name: metrics-server
|
||||
chart: metrics-server/metrics-server
|
||||
version: 3.12.2
|
||||
namespace: kube-system
|
||||
needs:
|
||||
- kube-system/cilium
|
||||
inherit:
|
||||
- template: default-common-values
|
||||
- name: metallb
|
||||
chart: metallb/metallb
|
||||
namespace: kube-system
|
||||
version: 0.14.8
|
||||
needs:
|
||||
- kube-system/cilium
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- name: metallb-resources
|
||||
chart: bedag/raw
|
||||
version: 2.0.0
|
||||
namespace: kube-system
|
||||
needs:
|
||||
- kube-system/metallb
|
||||
inherit:
|
||||
- template: ext-metallb
|
||||
- template: default-env-values
|
||||
- name: traefik
|
||||
chart: traefik/traefik
|
||||
version: 32.1.0
|
||||
namespace: kube-system
|
||||
needs:
|
||||
- kube-system/cilium
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- name: velero
|
||||
chart: vmware-tanzu/velero
|
||||
namespace: kube-system
|
||||
version: 7.2.1
|
||||
condition: velero.enabled
|
||||
needs:
|
||||
- kube-system/cilium
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: crd-management-hook
|
||||
- name: openebs
|
||||
chart: openebs/openebs
|
||||
condition: openebs.enabled
|
||||
namespace: kube-system
|
||||
version: 4.1.1
|
||||
needs:
|
||||
- kube-system/cilium
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
3
key.txt
Normal file
3
key.txt
Normal file
@ -0,0 +1,3 @@
|
||||
# created: 2024-09-26T22:52:39+02:00
|
||||
# public key: age1fwhu5m8df98kk2ldf36z24t9vfcz3875fd3uzecke0yv2qqts9dse0jqrn
|
||||
AGE-SECRET-KEY-1GHMQKZHLVGV5CGZQD4HNMP3UCA8D75557KVKJ82JGZX3LTFHCEVQZ9FSVR
|
||||
@ -1,23 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: xray-external-proxy
|
||||
spec:
|
||||
externalName: xray-public.badhouseplants.net
|
||||
sessionAffinity: None
|
||||
type: ExternalName
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRouteTCP
|
||||
metadata:
|
||||
name: xray-external-proxy
|
||||
spec:
|
||||
entryPoints:
|
||||
- xray-public
|
||||
routes:
|
||||
- match: HostSNI(`*`)
|
||||
services:
|
||||
- name: xray-external-proxy
|
||||
nativeLB: true
|
||||
port: 27015
|
||||
|
||||
@ -1,20 +0,0 @@
|
||||
apiVersion: kyverno.io/v1
|
||||
kind: ClusterPolicy
|
||||
metadata:
|
||||
name: add-applied-by
|
||||
spec:
|
||||
background: false
|
||||
rules:
|
||||
- name: add-applied-by
|
||||
match:
|
||||
any:
|
||||
- resources:
|
||||
kinds:
|
||||
- '*'
|
||||
namespaces:
|
||||
- org-*
|
||||
mutate:
|
||||
patchStrategicMerge:
|
||||
metadata:
|
||||
annotations:
|
||||
applied-by: "{{ request.userInfo.username }}"
|
||||
@ -1,58 +0,0 @@
|
||||
apiVersion: kyverno.io/v1
|
||||
kind: ClusterPolicy
|
||||
metadata:
|
||||
name: replace-storage-class-by-openebs
|
||||
spec:
|
||||
rules:
|
||||
- name: local-path-fix
|
||||
match:
|
||||
any:
|
||||
- resources:
|
||||
kinds:
|
||||
- PersistentVolumeClaim
|
||||
namespaces:
|
||||
- registry
|
||||
mutate:
|
||||
patchStrategicMerge:
|
||||
metadata:
|
||||
annotations:
|
||||
volume.kubernetes.io/selected-node: bordeaux
|
||||
- name: replace-storage-class
|
||||
match:
|
||||
any:
|
||||
- resources:
|
||||
kinds:
|
||||
- PersistentVolumeClaim
|
||||
namespaces:
|
||||
- games
|
||||
- application
|
||||
- platform
|
||||
- pipelines
|
||||
mutate:
|
||||
patchStrategicMerge:
|
||||
metadata:
|
||||
annotations:
|
||||
volume.beta.kubernetes.io/storage-class: openebs-hostpath
|
||||
spec:
|
||||
storageClassName: openebs-hostpath
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
#- name: remove-unwanted-annotations
|
||||
# match:
|
||||
# any:
|
||||
# - resources:
|
||||
# kinds:
|
||||
# - PersistentVolumeClaim
|
||||
# namespaces:
|
||||
# - games
|
||||
# mutate:
|
||||
# patchesJson6902: |-
|
||||
# - path: "/metadata/annotations/volume.beta.kubernetes.io~1storage-class"
|
||||
# op: replace
|
||||
# value: openebs-hostpath
|
||||
# - path: "/metadata/annotations/volume.beta.kubernetes.io~1storage-provisioner"
|
||||
# op: replace
|
||||
# value: openebs.io/local
|
||||
# - path: "/metadata/annotations/volume.kubernetes.io~1storage-provisioner"
|
||||
# op: replace
|
||||
# value: openebs.io/local
|
||||
@ -1,21 +0,0 @@
|
||||
apiVersion: kyverno.io/v1
|
||||
kind: ClusterPolicy
|
||||
metadata:
|
||||
name: append-node-name-to-pvc
|
||||
spec:
|
||||
rules:
|
||||
- name: replace-storage-class
|
||||
match:
|
||||
any:
|
||||
- resources:
|
||||
kinds:
|
||||
- PersistentVolumeClaim
|
||||
namespaces:
|
||||
- applications
|
||||
- platform
|
||||
- registry
|
||||
mutate:
|
||||
patchStrategicMerge:
|
||||
metadata:
|
||||
annotations:
|
||||
volume.kubernetes.io/selected-node: yekaterinburg
|
||||
40
kustomizations/kyverno/pvc-patch.yaml
Normal file
40
kustomizations/kyverno/pvc-patch.yaml
Normal file
@ -0,0 +1,40 @@
|
||||
apiVersion: kyverno.io/v1
|
||||
kind: ClusterPolicy
|
||||
metadata:
|
||||
name: replace-storage-class-by-openebs
|
||||
spec:
|
||||
rules:
|
||||
- name: replace-storage-class
|
||||
match:
|
||||
any:
|
||||
- resources:
|
||||
kinds:
|
||||
- PersistentVolumeClaim
|
||||
mutate:
|
||||
patchStrategicMerge:
|
||||
metadata:
|
||||
annotations:
|
||||
volume.beta.kubernetes.io/storage-class: openebs-hostpath
|
||||
spec:
|
||||
storageClassName: openebs-hostpath
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
- name: remove-unwanted-annotations
|
||||
match:
|
||||
any:
|
||||
- resources:
|
||||
kinds:
|
||||
- PersistentVolumeClaim
|
||||
namespaces:
|
||||
- games
|
||||
mutate:
|
||||
patchesJson6902: |-
|
||||
- path: "/metadata/annotations/volume.beta.kubernetes.io~1storage-class"
|
||||
op: replace
|
||||
value: openebs-hostpath
|
||||
- path: "/metadata/annotations/volume.beta.kubernetes.io~1storage-provisioner"
|
||||
op: replace
|
||||
value: openebs.io/local
|
||||
- path: "/metadata/annotations/volume.kubernetes.io~1storage-provisioner"
|
||||
op: replace
|
||||
value: openebs.io/local
|
||||
@ -26,16 +26,6 @@ spec:
|
||||
- port: "45000"
|
||||
endPort: 60000
|
||||
protocol: UDP
|
||||
- port: "6672"
|
||||
protocol: UDP
|
||||
- port: "61455"
|
||||
protocol: UDP
|
||||
- port: "61457"
|
||||
protocol: UDP
|
||||
- port: "61456"
|
||||
protocol: UDP
|
||||
- port: "61458"
|
||||
protocol: UDP
|
||||
toEntities:
|
||||
- world
|
||||
#- host
|
||||
|
||||
@ -1,7 +1,11 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/instance: server-xray-public
|
||||
app.kubernetes.io/name: server-xray
|
||||
name: debug
|
||||
namespace: public-xray
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
|
||||
@ -1,8 +0,0 @@
|
||||
apiVersion: security.istio.io/v1
|
||||
kind: PeerAuthentication
|
||||
metadata:
|
||||
name: default
|
||||
namespace: public-xray
|
||||
spec:
|
||||
mtls:
|
||||
mode: STRICT
|
||||
@ -2,10 +2,5 @@
|
||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||
"extends": [
|
||||
"config:recommended"
|
||||
],
|
||||
"helmfile": {
|
||||
"fileMatch": [
|
||||
"(^|/)helmfile.*\\.ya?ml(?:\\.gotmpl)?$"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -7,6 +7,9 @@ CONFIG=$(sops -d ./values/badhouseplants/secrets.server-xray-public.yaml | yq '.
|
||||
read -p "Enter fullname (Ivan Ivanov): " FULLNAME
|
||||
read -p "Enter email (ivan@fakemail.net): " EMAIL
|
||||
PASS=$(openssl rand -base64 10)
|
||||
export DOCKER="${CONTAINER_TOOL:-docker}"
|
||||
echo "Generating UUID, please wait"
|
||||
UUID=$(${DOCKER} run ghcr.io/xtls/xray-core:main uuid -i "${FULLNAME}")
|
||||
|
||||
CONFIG_ENTRY=$(cat <<-EndOfMessage
|
||||
[
|
||||
@ -27,15 +30,22 @@ read -p "Type 'YES' to continue " AGREE
|
||||
if [ "${AGREE}" != "YES" ]; then echo "Alright, goodbye" && exit 1; fi
|
||||
|
||||
NEW_CONFIG=$(jq '.inbounds[].settings.clients += '"${CONFIG_ENTRY}"'' <<< "${CONFIG}" | jq)
|
||||
echo $NEW_CONFIG
|
||||
|
||||
export NEW_CONFIG
|
||||
sops -d ./values/badhouseplants/secrets.server-xray-public.yaml | yq '.files.config.entries."config.json".data = strenv(NEW_CONFIG)' > ./values/badhouseplants/secrets.server-xray-public.yaml
|
||||
sops encrypt -i ./values/badhouseplants/secrets.server-xray-public.yaml
|
||||
|
||||
echo "Does the diff looks correct?"
|
||||
diff <(echo $CONFIG) <(echo $NEW_CONFIG) || true
|
||||
helmfile -e badhouseplants -f ./installations/applications -l name=server-xray-public diff
|
||||
read -p "Type 'YES' to continue " AGREE
|
||||
if [ "${AGREE}" != "YES" ]; then echo "Alright, goodbye" && exit 1; fi
|
||||
|
||||
WORKDIR=$(mktemp -d)
|
||||
export NEW_CONFIG
|
||||
sops -d ./values/badhouseplants/secrets.server-xray-public.yaml | yq '.files.config.entries."config.json".data = strenv(NEW_CONFIG)' > ./values/badhouseplants/secrets.server-xray-public.yaml && sops -e ./values/badhouseplants/secrets.server-xray-public.yaml
|
||||
export FULLNAME
|
||||
export BRANCH="add-$(echo $FULLNAME | sed -e 's/ /_/g')-to-xray"
|
||||
|
||||
helmfile -e badhouseplants -f ./installations/applications -l name=server-xray-public diff
|
||||
git checkout -b $BRANCH
|
||||
git add ./values/badhouseplants/secrets.server-xray-public.yaml
|
||||
git commit -m "xray maintenance: adding ${FULLNAME}"
|
||||
git push
|
||||
|
||||
echo $UUID
|
||||
|
||||
@ -1,32 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
if ! [ -z $DISABLE_ADDITIONAL_CHECKS ]; then
|
||||
echo "Check is disabled"
|
||||
exit 0
|
||||
fi
|
||||
# -- Get all the envs from the current helmfile installation
|
||||
ENVS=$(yq '.environments | keys | .[]' ./common/environments.yaml)
|
||||
|
||||
ALL_VALUES=$(find ./values -type f)
|
||||
|
||||
USED_VALUES=""
|
||||
for ENV in $ENVS; do
|
||||
USED_VALUES="$(helmfile --log-level error -e $ENV build | yq '.releases[].values[]'):$USED_VALUES"
|
||||
USED_VALUES="$(helmfile --log-level error -e $ENV build| yq '.releases[].secrets[]'):$USED_VALUES"
|
||||
done
|
||||
|
||||
UNUSED_VALUES=""
|
||||
for FILE in $ALL_VALUES; do
|
||||
if [[ ${USED_VALUES} != *"$FILE"* ]]; then
|
||||
UNUSED_VALUES="${FILE}\n${UNUSED_VALUES}"
|
||||
fi
|
||||
done
|
||||
|
||||
if [ -z "${UNUSED_VALUES}" ]; then
|
||||
exit 0;
|
||||
fi
|
||||
|
||||
printf "\n ** There are unused values in the repo ** \n"
|
||||
printf "${UNUSED_VALUES}\n"
|
||||
printf "Please remove them from the repo to keep it clean"
|
||||
exit 1
|
||||
@ -1,20 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
if ! [ -z $DISABLE_ADDITIONAL_CHECKS ]; then
|
||||
echo "Check is disabled"
|
||||
exit 0
|
||||
fi
|
||||
# -- Get all the envs from the current helmfile installation
|
||||
ENVS=$(yq '.environments | keys | .[]' ./common/environments.yaml)
|
||||
|
||||
|
||||
FAILED_LINTERS=""
|
||||
for ENV in $ENVS; do
|
||||
if ! helmfile -e $ENV lint; then FAILED_LINTERS="$ENV\n$FAILED_LINTERS"; fi
|
||||
done
|
||||
if ! [ -z $FAILED_LINTERS ]; then
|
||||
printf "\n\nSome env can't pass the linter:\n $FAILED_LINTERS"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "The linter is happy"
|
||||
@ -1,18 +1,8 @@
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
|
||||
# -- Default exit status, that should be thrown
|
||||
# -- when all the secrets are encrypted
|
||||
EXIT_STATUS=0
|
||||
|
||||
for secrets in $(find . -type 'f' -name 'secrets.*'); do
|
||||
echo "Checking ${secrets}"
|
||||
STATUS=$(sops filestatus $secrets)
|
||||
if [[ "${STATUS}" == *"false"* ]]; then
|
||||
echo "ERROR: Found an unencrypted secret: $secrets"
|
||||
EXIT_STATUS=1
|
||||
sops encrypt -i $secrets;
|
||||
fi;
|
||||
done
|
||||
|
||||
exit "${EXIT_STATUS}"
|
||||
for secrets in $(find . -type 'f' -name 'secrets.*');
|
||||
do sops filestatus $secrets;
|
||||
done | grep false && \
|
||||
echo "There are unencrypted secrets in the repo" && exit 1 || \
|
||||
exit 0
|
||||
|
||||
@ -1,6 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
for file in $(find values -type f -depth 2 -name "secrets.*"); do
|
||||
echo $file
|
||||
sops decrypt -i $file
|
||||
sops encrypt -i $file
|
||||
done
|
||||
@ -1,4 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
for file in $(find values -type f -depth 2 -name "secrets.*"); do sops updatekeys $file; done
|
||||
for file in $(find values -type f -depth 2 -name "secrets.*"); do sops rotate -i $file; done
|
||||
@ -1,21 +0,0 @@
|
||||
configs:
|
||||
cm:
|
||||
dex.config: ENC[AES256_GCM,data:U+BKH82hTX8a08ZVJM8WJ2NuwIJR2Diax4VUxziFhHlZWMJKWCl2BNSquKxaFincmoR3Lqn95wyfsoGKwjPxINqYw0F3zbZttlfpyG84Jg2Y4E3+NDE0YtPv1stE47aW8ZWDycjcvrW9UGANEQWHGoEMVC7sIDmSEKc4zZYVOrDPnIDOl8Fdt+7oQb9XcITvkt28DJymMvm2FLJPEB9Iz/M9V72r8QhA9ASYEWnhjYUnv63A92YH7FBr+5rdlaRSW/jJfnTWViHdi9F0fYyPmjgcyAitSXZNbPs3bd8uV7ZZTWIQGMb1IpB9SFHxMBHLNv510kFmdn0RpThIrSiDrbau4OiXcFj3N3JOStlz/AlWBkAj/zNfCcdZfsSvICARcAuw4Jowh0fGSzi3uJrr9CezWTj5t3SN+KoKGs2vO5DoD8dmjtI3vStICVs9jN8QXiPb4WpUALyM9AT41Eg+oo/58SnxNjovJ2xw/DV4GTQxpzaPCC1yagR4vSR+/qlRYU9SUinw53kzm2tZjabAVbfpTlbq7F7Ld/GuW3IQh/fULBTxYGys9s++72GdG/P0elLjvCV0Xt3vIona//uVKQFXQB8rxAMWLnTHFbM9Y6uWlZkN/W63ceJAYzXNBtC/uzfMV8GRZQpbb/QVO9U/F54yefoB7XJ8BSrHYiCvIeV/SwWINNw9Lo/Cy4nsC6UrqYdanz32HrwawSGikfGjQGXDE1n3DcPXbA6rGR2N7bbxZnIeI7TLP+pNxEg8Apr550Vh1qM9oCDx7cYgFkAEb/X/P4PYqRe1yRn+jzomAPidhGCuHibtihCXU8bht4i3uwT91SJDNEmJI9yBSxAMY9pgjmSuVTO22tI=,iv:D+KOoEOhvNSEbx4h8ltF0Kj8XBp5B6ipCXFtREvqXdw=,tag:jVZjICBTlwEUAeaH7Rgkbg==,type:str]
|
||||
credentialTemplates:
|
||||
ssh-creds:
|
||||
sshPrivateKey: ENC[AES256_GCM,data:NFkcWS4nL0KOtNaXU+InVIoVJhCiasJWN2JTJ2AP9WH9caU5pDw2mpT1mF0zZuRw/hvwJTrkSjA2pV6hiCEVwJegEWqWIKgnakEeF6XZPJK+ryWSLA2jg3Ba8BCMZxMTq9olZEt4ap/irKhvkoDxERdvGp/bsWYwNsy/lo92xNqAeGAWlyS4H5bBPx8RtzJx7MrVmGsOGmtPhaX9AxGtot13FZ07Y0lW0PZ75VgQzNS05Y9obO99hrdJ2sfGdmZtvqtENJGQh9sLzAKKbZFj5bE+A7TA54qVItmePEg6JhWdJ+0QMoyGXUaX1b1XsdwV8TOZEFOj9KI1RwsrOhwlD1sqkKJC1l498mOwP+xeFXJkGOtT2DB+Ds6LU4byXKMkvhwNQho2BBkQ/+W59IIL1+4a6RHMJwO1dhK94AsQDjy0TNyKKTSk8erotlwefR5ny+ZnARe2V5mLObmAZWdbni+AzvfHCrOQcmk3dxwLBCc98/hDzAMlbjsE34GWUEI5rcp+uHhFgnLaTNJE/PJOwP1WlFiyoDIpi2lj,iv:3XAh3cSFA2r1PMlXMo/1ubpIIgyGDDMhpni7hlinSBg=,tag:9po/JY+NFnOz3Xaw5L60PQ==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoZzFUTVVQNit4eTNiYWcw
|
||||
Z2JsNEVGcm9Qa2NkWnQ3Ym1RSmV5ang4dGt3CkJhdSsyeHJlZWdtbkx3alhqemxD
|
||||
NWdHdGV2K1ZOeGpqSS84SHVWMUN3OGMKLS0tIFhNWXBHcFg5VDNVUWVaY3RhY0dz
|
||||
aXNSKzVjZEZRZlBaelk1TTNYcTkxcWMKC1gn1y9T0PsFOE4hKYS7m4OgHGkFcK/p
|
||||
SSFtTltvEs6jEeXitHhGcn1IWy4hxEvUBnVMGwTkweIKefwxkHi9/A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-04-14T12:08:28Z"
|
||||
mac: ENC[AES256_GCM,data:YzmFndPEnQAs9LDD41xQPGTUvU2zUup7J3dTUPLVmBZVHbV2Ml2xAmxMLXJ0G1VOM6h+TEQasU/ZUadLc41GM4m8aZfvxnQtMxPJEP9L1g4zhE3zzXAGXixcQ9xDY3aDhVwdoipyMo23kQqaHageVIfoBxE5ClI+ci0FepeBO/I=,iv:8hAfCtpoecVU8WgAStfqFArAMqBAiPJQGgKMJhJnDBE=,tag:lbJOH1IAf6Enl8g/Pe2I+Q==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.1
|
||||
@ -1,24 +0,0 @@
|
||||
global:
|
||||
postgresql:
|
||||
auth:
|
||||
postgresPassword: ENC[AES256_GCM,data:WIgce24XYrwtjxj95M8Jsfe+PJRmdDsd4H8cupbR,iv:VY4NZfY8Y7xM7zcRwX8WMshtnGVl8ad88PpMnRBuaHo=,tag:O2VonlpkE5Xg0dQJR28GyQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEUEd0REtSS0xZdUNZOC9s
|
||||
NUVTNlRxR0ZVandaWmRsSEVINTNuUllBK1ZNCm5ObSsrVzl5SnNycXpjRjNWb3pu
|
||||
U0R5ckM4bUlvVENiZ2gxeGJKZTNIR0UKLS0tIExsdTkyWDl2dzNVbmk5ZHNXSUJV
|
||||
K1FqbjBWUkVRcFcxbmtCNWtOaDduYUEKDy2DQVcFCwHGEj+k2fkYAeHU7JWgoeet
|
||||
ZeqW6H1tafj8dCiBYrbv+RufC3nSWgglVx7VVRtwHh/5MyikpSQGmw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-10-30T19:59:35Z"
|
||||
mac: ENC[AES256_GCM,data:RSJqYBKwE0d1cWmb9yXrroRJ5SgQpfEbkCVDUHF/3+XsBDb4yFmbhdkJcWytSj5GK4th0lnuLoxGc/79dqSjlTy2vn1fJSCIrqso3hic6GEp4ZeVuN63D6tkRw2vCpXwHL7LM+VoE2pDW/c3bkkyYoP7486GHA/+jha/ZMxYHsA=,iv:qs6Eq1KVMzAWvecuSSf2LBHYeY1wbD1VgFCDCDurz+o=,tag:h/mprk9v9eNurJl++SCphQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
@ -1,19 +0,0 @@
|
||||
architecture: standalone
|
||||
|
||||
auth:
|
||||
database: postgres
|
||||
|
||||
metrics:
|
||||
enabled: false
|
||||
|
||||
primary:
|
||||
persistence:
|
||||
size: 2Gi
|
||||
resources:
|
||||
limits:
|
||||
ephemeral-storage: 1Gi
|
||||
memory: 512Mi
|
||||
requests:
|
||||
cpu: 512m
|
||||
ephemeral-storage: 50Mi
|
||||
memory: 128Mi
|
||||
@ -1,26 +0,0 @@
|
||||
global:
|
||||
redis:
|
||||
#ENC[AES256_GCM,data:INOZ17f72Qf6D+drbcvmnZRBRIeXLSAV9RmfOLZFp45qt8GWSHMnevqq9ge4Zlydtsd3BDek/JLUNl6YHPPq9qM1EFujY2htbOHyf0Cn,iv:zZDMizNKFllCyNH/bUF+vuB9YOikjo3q5ebzu3LYvCc=,tag:H0XX/D9xh0HS0Xnqgs/aag==,type:comment]
|
||||
#ENC[AES256_GCM,data:JiLOpJanuZnMpN5dMvw2,iv:YEVZSdRHez1lCb61hWLvalLq8F67l7KF0WXmmuj9bck=,tag:KnpfgwUYBQLZsj4Jk13RtQ==,type:comment]
|
||||
#ENC[AES256_GCM,data:mzDGjHlXUunu1yA=,iv:LOOU/QGaHKeDrssbk1haYd0lPclbFak9GygEbbN0gFs=,tag:4cUubeiY6aJj5KVKVkdFUA==,type:comment]
|
||||
password: ENC[AES256_GCM,data:kN93kIMiVTGWbaYgMC1n1MWqdl8s3cbZS5vvYTa2,iv:Qy+GQchC6s2PoarPWtquipF9gAVYZR6mn0GeHABRogE=,tag:V/xbfm9u51UUG+we/3nNLQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrOHRuN1J1ODYvc0Z3OW5H
|
||||
NFhVM0dWWGZETU0vTzVkeUk1NFVWc2FSaGprCm5NalJKUWxtLzA5VTU3YjR5VWtx
|
||||
NExtbTZZZUZteVBTYnNWTVZvbnF5VFUKLS0tIEpBTDhPbkVLVytaY29aUktmZGF2
|
||||
bnVKWmI4RWpLaGU5WTIwblJRcDFDMlUK2BHkUNbpRMo0jm2Sk+Qcf4giufJtaJyM
|
||||
xuoG41AqGs4+KEDS8/rF9HK7z+2Wk9H5b8L+/W0n+J5EPOvwvFePTA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-03-26T12:23:02Z"
|
||||
mac: ENC[AES256_GCM,data:xrA6hCFIH/R/j/V1T60xx5Eix5Z5ETREQP4zYriLkZQ4hEzL2WdJFExK1VXSfX4KmIR8215XHmHnWu70eIoAnFUaozBosIFtJz0YNrNNok6MeDGD5fy5mcBQfCqLw+rwbW/uxY7DQrchgVT9iFAkpRSoVPUzn6ku/xCmTmSlv3E=,iv:lNLR5QHKPUWb1Mz8mIFCHnjpuQVF7ttNTOy9+jEzLyo=,tag:G4iZ/9nWKh97JLGOxbgSQg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.4
|
||||
@ -1,28 +0,0 @@
|
||||
minecraftServer:
|
||||
rcon:
|
||||
password: ENC[AES256_GCM,data:WEDxz61E0FT6qsk+4n/J1U6StnISu6qCCg==,iv:MGD1ONaSkbBoTgR1G7w/prefPHpNeoU1XkyTZCr3dQM=,tag:9kif0moX90lglV8zLNOr3Q==,type:str]
|
||||
mcbackup:
|
||||
resticEnvs:
|
||||
RESTIC_PASSWORD: ENC[AES256_GCM,data:f3A8EsUfA8BkM/VtW4HXsmu/vkRhOuvEVls4JUFg,iv:+svddzq+ILiMoijIGdnNVJpBD33fw2PkfzSeoQC+Kkg=,tag:rUyat/2l3y2fB+UajG6j6A==,type:str]
|
||||
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:0flAJJMncGcpq2A2wds=,iv:4q/3301l3wR9m1dgJNN6Yqkrlf9gfENivLtQ4s4/BLg=,tag:LLgqNyHqdVI5uBOEKlK5PQ==,type:str]
|
||||
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:H6SS4ogc,iv:nYYIyJWjnhU487PzVDD+1xbKd6NatL990gWgrZFNw88=,tag:/yiY2bcmOVW+PjALlUXS3Q==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2MFByOEpYVkI3TlJEbVRi
|
||||
Vmp1QkRxY3V5aDdvelpHbndxS25QTTk0NVhrCnJQbEVCMFN3WmhpSWY3RXVMaEtz
|
||||
K2lZMFlUSzZ5NHRSeHNXbWxVQ2RNTXcKLS0tIG95Qnc4VHFpL3o3L3FieUVIWk1W
|
||||
U0FTYkVLVHAvcWcrdEt4dHo3bEM3Z2cK3OOXl4aGPF43umfNFPIQOgwxktoK9Ppz
|
||||
Xj/EQlAqUAvEcs2Mfe1lWymHyK6HpZSN66jTf0a/0kh21cebVzwtnA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-10-14T08:08:21Z"
|
||||
mac: ENC[AES256_GCM,data:7NgnMjs9R/tk+KzpY4A8d10V/ZERkdSZE/U+xq5k1OLeQ8P/Di+TI2LNSPZp4+qtG0UNFflVtBniZNJwjcg8tqLiSOuWmHJgc4C5CmEyESwL7igv5DZ+qfImuepDUJyJEvQFkyBISqkyKvJjBBoFPse1TU6EF0lOSNdBYOJ4up8=,iv:ss1VF5vKnaIt2r9PaT2vsy3zgLAH18/e+gX6YU5E/7I=,tag:mkvZGTd1ZRpaBQwoWfVmfQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
@ -1,140 +0,0 @@
|
||||
# --------------------------------------------------
|
||||
# -- Main values
|
||||
# --------------------------------------------------
|
||||
image:
|
||||
tag: java23-graalvm
|
||||
pullPolicy: Always
|
||||
resources:
|
||||
requests:
|
||||
memory: 2.7Gi
|
||||
cpu: 2.5
|
||||
limits:
|
||||
memory: 2.7Gi
|
||||
lifecycle:
|
||||
postStart:
|
||||
- bash
|
||||
- -c
|
||||
- for i in {1..100}; do mc-health && break || sleep 20; done && rcon-cli auth setGlobalPassword 11223345
|
||||
nodeSelector:
|
||||
node-role.kubernetes.io/minecraft: "true"
|
||||
livenessProbe:
|
||||
command:
|
||||
- mc-health
|
||||
initialDelaySeconds: 120
|
||||
periodSeconds: 5
|
||||
failureThreshold: 50
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 20
|
||||
readinessProbe:
|
||||
command:
|
||||
- mc-health
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 5
|
||||
failureThreshold: 20
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 20
|
||||
minecraftServer:
|
||||
memory: 2000M
|
||||
jvmOpts: |
|
||||
-server
|
||||
jvmXXOpts: |
|
||||
-Xms2000G -Xmx2500G -XX:+UseG1GC -XX:+UnlockExperimentalVMOptions -XX:G1NewSizePercent=20 -XX:G1ReservePercent=20 -XX:MaxGCPauseMillis=50 -XX:G1HeapRegionSize=32M
|
||||
overrideServerProperties: true
|
||||
eula: "TRUE"
|
||||
onlineMode: false
|
||||
difficulty: hard
|
||||
hardcore: true
|
||||
version: "1.21.5"
|
||||
maxWorldSize: 90000
|
||||
type: "FABRIC"
|
||||
gameMode: survival
|
||||
pvp: true
|
||||
modUrls: []
|
||||
serviceType: NodePort
|
||||
rcon:
|
||||
enabled: true
|
||||
withGeneratedPassword: false
|
||||
port: 25575
|
||||
serviceType: ClusterIP
|
||||
extraPorts:
|
||||
- name: metrics
|
||||
containerPort: 19565
|
||||
protocol: TCP
|
||||
service:
|
||||
enabled: true
|
||||
embedded: false
|
||||
labels:
|
||||
exporter: minecraft
|
||||
type: ClusterIP
|
||||
port: 19565
|
||||
ingress:
|
||||
enabled: false
|
||||
persistence:
|
||||
storageClass: openebs-hostpath
|
||||
dataDir:
|
||||
enabled: true
|
||||
Size: 9Gi
|
||||
mcbackup:
|
||||
enabled: false
|
||||
backupInterval: 2h
|
||||
pauseIfNoPlayers: "false"
|
||||
pruneBackupsDays: 2
|
||||
rconRetries: 5
|
||||
rconRetryInterval: 10s
|
||||
excludes: "*.jar,cache,logs"
|
||||
backupMethod: restic
|
||||
resticRepository: s3:https://s3.e.badhouseplants.net:443/restic/minecraft
|
||||
resticAdditionalTags: "mc_backups"
|
||||
pruneResticRetention: "--keep-last 12 --keep-daily 1 --keep-weekly 2 --keep-monthly 2 --keep-yearly 2"
|
||||
resources:
|
||||
requests:
|
||||
memory: 512Mi
|
||||
cpu: 100m
|
||||
persistence:
|
||||
backupDir:
|
||||
enabled: false
|
||||
extraVolumes:
|
||||
- volumeMounts:
|
||||
- name: plugins
|
||||
mountPath: /data/mods
|
||||
readOnly: false
|
||||
volumes:
|
||||
- name: plugins
|
||||
emptyDir:
|
||||
sizeLimit: 500Mi
|
||||
- name: download
|
||||
emptyDir:
|
||||
sizeLimit: 500Mi
|
||||
extraDeploy:
|
||||
- |-
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: minecraft
|
||||
spec:
|
||||
endpoints:
|
||||
- interval: 30s
|
||||
port: metrics
|
||||
scrapeTimeout: 10s
|
||||
path: '/'
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- games
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/instance: minecraft
|
||||
- |-
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRouteTCP
|
||||
metadata:
|
||||
name: minecraft-tcp
|
||||
spec:
|
||||
entryPoints:
|
||||
- minecraft
|
||||
routes:
|
||||
- match: HostSNI(`*`)
|
||||
services:
|
||||
- name: minecraft
|
||||
nativeLB: true
|
||||
port: 25565
|
||||
|
||||
@ -1,21 +0,0 @@
|
||||
defaultRegcred: ENC[AES256_GCM,data:lsqr2fBEosOQqYLBwps1hmgFs90zkzbdHpO8UwJWcMl1/CGkyzroACqHkL8taaOnnvwWwadIL8FU3382jamw0Xk5O51bFSBbCxTs3xd4ibwe39ha5YI6YQDHADDb/u1Yw4TctJ/h9xykXHDOL4foE5Z860e16vtMiVvniLD9OGfR6utb9gvZHE2QqZTlHR9U4PY2vLWWQMN3VRvipT7hulmOUzXMVcuBswmyDF39PvTba6Ea7A83V9h6HpqNeSA1ewKREIDOFqjhl7tIit8aQnuee58bJCTVIdg6gyR6yfu6sF22wdUlsJ7CAHtd41sbhEhWGyzJIqg=,iv:J1CfAJmNpI7lgQalYJlXs+JX5I0e6COGrsenMhvDGLA=,tag:nHkq8VF47I/9FS8uGcEyuw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwWHpPUkZqbC9LaEtJYzhF
|
||||
L0hIZUtOa3E4KzJDOFlwaFRVWDdJRnBtR1ZjCnVLNzhyQkdxS2dtK2lFaWRJUkJq
|
||||
dThURHRTRG5GT1BqaTZRbzlUbXYzWHMKLS0tIFRSa1lkSGQrN1RGdklzYzZNU3BH
|
||||
ZE0wMk1sRGg1M1lrNVFMTityK3cwK00Kbhugumz27RVo1SJjaljEbklHY6CW7xGD
|
||||
UCbN0LGh5PPpN6eCbZW8dB1+/lLR9AnyYr6okrGM2iztaJQdlwRvww==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-03-27T10:24:56Z"
|
||||
mac: ENC[AES256_GCM,data:xGqmh1TPg0OJLSycbnjsF4Ai844ZzlCzawQXmROpORJEiSL/3R1W+2PsBT5KcAfG7y2+Ovyk+l1FeorIPuqnbcezX9zUxMOaFXJylmwvNYXCwoihU6Yx2hg9SuFhnwINAhCLqOaRKIh8xPUaK8nRVqwJJa0jW6eCyZ5lsLtpz90=,iv:pmPfpSv3VfVz/MvTGTWoMxzkF3BvCMhK+HxEeN5pzNI=,tag:WkLcTz/WlLXmq8EojHfdlA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.4
|
||||
@ -1,36 +0,0 @@
|
||||
namespaces:
|
||||
- name: registry
|
||||
- name: flux-system
|
||||
defaultRegcred: true
|
||||
- name: argocd
|
||||
defaultRegcred: true
|
||||
- name: kube-system
|
||||
defaultRegcred: true
|
||||
- name: production
|
||||
defaultRegcred: true
|
||||
- name: kyverno
|
||||
defaultRegcred: true
|
||||
- name: velero
|
||||
defaultRegcred: true
|
||||
- name: observability
|
||||
defaultRegcred: true
|
||||
- name: databases
|
||||
defaultRegcred: true
|
||||
- name: istio-system
|
||||
defaultRegcred: true
|
||||
- name: platform
|
||||
defaultRegcred: true
|
||||
- name: games
|
||||
defaultRegcred: true
|
||||
- name: pipelines
|
||||
defaultRegcred: true
|
||||
- name: public-xray
|
||||
defaultRegcred: true
|
||||
labels:
|
||||
istio-injection: disabled
|
||||
- name: org-badhouseplants
|
||||
defaultRegcred: true
|
||||
- name: org-allanger
|
||||
defaultRegcred: true
|
||||
labels:
|
||||
istio-injection: enabled
|
||||
@ -1,23 +0,0 @@
|
||||
grafana.ini:
|
||||
auth.generic_oauth:
|
||||
client_secret: ENC[AES256_GCM,data:EPEO9WcCA6zIclGNDzQ//oezgRtd8d1o6qC815rDrjViDzSEJziyEw2i1glwyPIilhuLLqy/Ad9ZaBjqKqjw0fHTnr/tPxZ1pAliAxWmXXlkvFi+leztRNwz4rS18Rl+eLRUFGBpl7Qp1M9+lOydko0Kz0gxTSwo5PKH82l3DQw=,iv:lb5vc01pB5jm5kz4XMqpiQSnctFnbQzCoKa3CgOS1fg=,tag:p2YV+WzlfI0LCk4jRIUuPw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsRDJMTUJreitIWFY1QUl2
|
||||
VVNaVTR2M3UzWnZKUzkyY0NQYXFvQnlHOFNFCkwweGF4OStJSW5iSEh1K2tjd1JI
|
||||
NFh3dlp2TURtaUxQSjlUVVJhWGdRSzQKLS0tIGtHN04rYXNwc3dwU1kra0dVeVR1
|
||||
WmExMjZ2cTFYZXUrRUIwbjlRU1BzREkKjlIgwXsho40hSqAjtBKjz4MihEbXzXjA
|
||||
H2IqLAlQpReQ8WAI9/Pd4VB3qLXbszVfdP8bGLyEUFNl97wbOnjdZQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-10-14T08:08:22Z"
|
||||
mac: ENC[AES256_GCM,data:jXBIOhff4579D8Blvrf/673wpICMehRAqm7tIpFPsNu/3ONdJlrh1+bVfxhb0K1ncb4GNctPURuLUuaJ1OcA27KCy7M5qw9j18Pa4EPIqjeZW3UgfELmD0ie4Wx0XGEak7LEc8HmhX2KcFV4QzG39s89QhHIqy4ZlzAVJ6EzLsU=,iv:AXz1YPUdm0WYFP34XgreyMgo2YhIJj4PKLAE9Q3Xgl0=,tag:3QXtZsj+PCBvuhnoB4etig==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
@ -1,26 +0,0 @@
|
||||
grafana:
|
||||
adminPassword: ENC[AES256_GCM,data:OjUlnKgoGvw1YfljcFkz7kS8QrE8qrD3RtrQCILU,iv:eD1PD9+ne/8K2VL0T9z6SSbUr6Vq78+887RmpbVsa9g=,tag:OvWQgZS/OQMpeUvxQloeQw==,type:str]
|
||||
adminUser: ENC[AES256_GCM,data:jZZdrE3j2iY=,iv:DxjzMhmzVxw+GjglRX075T6MpBu5Hh643kMGV6FLU6g=,tag:ZsfQFRZjnPyya3IiZxyTrA==,type:str]
|
||||
grafana.ini:
|
||||
auth.generic_oauth:
|
||||
client_secret: ENC[AES256_GCM,data:ut38uW2tfR/YhParSGavhV/t7zIlQ2jETyTQfhIy/vCg/DCv13j9r/z+yNTG3c8VM6VkAeQ8XQM=,iv:V8s6DuLWQamj1hnlHF9bQMgO6jfcrVA5+2MaJzlWC/g=,tag:lnw3/RYW+xtNUEtCz2KoaA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXTENvMlVOazBWSjE0cWxL
|
||||
SStQZFRXSWdkKzc4UUdLNHFaUjhMdEFGR0FnCmI4eVN2QVRxNEJCQXdpUytaZWpD
|
||||
bEw4S0xuNjg1RE1YZnBoZ3NIVnJpekkKLS0tIDh1SkFtdUZ6YmtyY09YU3NOZCtr
|
||||
ekMybFpzUDgwUFMxdW1BTDEwNFFsak0KQWwwNbo75QfVy+kQPo/1KPw7ceAd6KCz
|
||||
UxXdGA9jAeVxA9EFS+d4fkrTOe2x7SdJulnmr13lVz+QJs6AuFSAog==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-10-14T08:08:21Z"
|
||||
mac: ENC[AES256_GCM,data:kcCG50GrAbW/scwYQn6s6KuoiNGvTSOhu+VKGTUEg8B+wDCl/g8BHMOuRdM1p8bMPbsgO8CID18sLPEvTgUXfVD7uyeEMWctTgPtPeurZmDyaVEcvtMD9NFxVIzBGN29tSCskB6eErJtm+j6ea8n+6/0uKMMpUAsW4McV4RV8+c=,iv:d1r3altHBAeQq9sLG8xfc+nFRKTxzw10QzjEqgvDMP8=,tag:TDoCR7ikaKkazm7mKmNY5A==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
@ -1,35 +0,0 @@
|
||||
shortcuts:
|
||||
hostname: notes.badhouseplants.net
|
||||
ext-database:
|
||||
enabled: true
|
||||
name: memos-postgres17
|
||||
instance: postgres17
|
||||
credentials:
|
||||
MEMOS_DRIVER: postgres
|
||||
MEMOS_DSN: "{{ .Protocol }}://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable"
|
||||
base:
|
||||
workload:
|
||||
containers:
|
||||
memos:
|
||||
envFrom:
|
||||
main: {}
|
||||
raw:
|
||||
- secretRef:
|
||||
name: memos-postgres17-creds
|
||||
|
||||
storage:
|
||||
data:
|
||||
metadata:
|
||||
annotations:
|
||||
volume.kubernetes.io/selected-node: bordeaux
|
||||
storageClassName: openebs-hostpath
|
||||
ingress:
|
||||
main:
|
||||
metadata:
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
||||
@ -1,50 +0,0 @@
|
||||
gitea:
|
||||
admin:
|
||||
username: ENC[AES256_GCM,data:U230S8544mg=,iv:yL45Opnqp5T4h7erEv0pRHWtH1th8uu1Y4wfeY2aJcQ=,tag:a4vsJEOxlmHj1mwqcUGbiw==,type:str]
|
||||
password: ENC[AES256_GCM,data:IpwOetFEvxt0/tGkiJ8bBI+OR/E=,iv:8OA48CiWeMyqZVs2lp+UzfyymUNQfdgmAQV33+AVQ+s=,tag:stgAMSnB5dCzFu4zvZeVRA==,type:str]
|
||||
config:
|
||||
storage:
|
||||
MINIO_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:cn3NsFx0TH0fw6mJt6cArMRyQ6Qng3gIPQ==,iv:Jv+rweQzEXfVWuWycjGSi54jRAm0XEEcNxZ6flbUZWM=,tag:6O9KvcnaVEME5lXl6msZLw==,type:str]
|
||||
mailer:
|
||||
PASSWD: ENC[AES256_GCM,data:3UL0uvz49J3GIOo/eVWKYLrDG+u/lvCr8Q==,iv:HBQKF42R3tHFQxkUoRzsiPCUkFM40qpjM0SYrQSxugE=,tag:iua/nXoogjxnkj9T6UB/Sw==,type:str]
|
||||
database:
|
||||
PASSWD: ENC[AES256_GCM,data:DbL7wryYRQAEzujWNL4I0AwEq6Cr2r78FXQOAw==,iv:Oc2IYwD7iy7AlYVnhvSc61ttOf20qJyuuDnx4yF3/YE=,tag:aLa8+r0kYvzFSuF3hvhL2w==,type:str]
|
||||
session:
|
||||
PROVIDER_CONFIG: ENC[AES256_GCM,data:owsHUHdmzGiFgtD3+nRBmHYKcsNQXblbuCO8V0tLAAMvJBRHSA5YG1TL3Quy2186yoZCPiAdeQwg/o2Iutk2Mlc6/NmeurZbxomV8dWBuqJfn6t44xnDgFnEXpxE5kB5lNCtcjKXmpxC4fkoUVscOyZFmKp9uTgH,iv:evmTZH5NzMB3nhqLhuBmTTF4ztJX9a/ZMTOmYMqSaxs=,tag:dLnk9xt+moGoBhx7tqazig==,type:str]
|
||||
cache:
|
||||
HOST: ENC[AES256_GCM,data:feiTcBqztm76LZgNShj0Go0IRNgG9UwCQP9KrdexosP2XCnSe+giyKoIcADiHQFYVbnnkpw7/UqNxgM0Tx+EQ9eyFKY+PaFyCSFmQwikmAWakDJ+hQNM1VaNaDKdeLiGIeI7nO2MH9hGDMzPWtUgMNBxc9tTS38l,iv:Rcr+uiZMWbG9IPeMm+eiNf3W3yz2L7yqSkJSKUhWHtk=,tag:3cLuUAEU6CZvvUYKF1cCAQ==,type:str]
|
||||
queue:
|
||||
CONN_STR: ENC[AES256_GCM,data:Mw7W72M3HitiAEG1ihWctXyYqHJuSiKBZvQDDRjA4O9Yg9Zsbq+/HVcnh074zbiTjCO/496FLiy88HuAw8lksZ7MXXVvRI7rIcFKFZLpHcjAqkBnB301SGalK/R4bSisECsYIFPjKuh+s4PIuPEIgFtZuiEvYdbT,iv:uYwjzUObav2Hs/JgRIYbGBFNcZm++qS2QqKpz6Ma6EA=,tag:0okDz0yzL4eSat/0roYJ2A==,type:str]
|
||||
oauth:
|
||||
- name: ENC[AES256_GCM,data:sN+DzBKd,iv:0HNSbQEDLsV76DIRHdWnPs9SI/bHRZz6Fw+8B8Hhuns=,tag:mwTWy9VSXapPu3uLk7LgSQ==,type:str]
|
||||
provider: ENC[AES256_GCM,data:m74moJ8h,iv:QfE5F3vpIlEzIftHlX/qpNvsnAab8gTd4CHyECHNcmQ=,tag:JefFm9mfYJSKzBDOb/l6BA==,type:str]
|
||||
key: ENC[AES256_GCM,data:7ScP3oXE0zTnaqL3AigHby39fMk=,iv:sXllPawkQ5BcKmC1iBUJ2WOEPK2lm6W3q+GrprHZhAc=,tag:vSCB9w5x6jjPNu5b5ZEMzw==,type:str]
|
||||
secret: ENC[AES256_GCM,data:XG9D5IUX4MqJzKf+aB7MCeDJAQlIzMxSv3ByAZQAdZCI+5my+cMfeg==,iv:s3e0wFznoX55MeEQj+dK0QrzzatGzDBKfT4xDD00cOA=,tag:vk32YQcPs0kAIOj61YwHww==,type:str]
|
||||
- name: ENC[AES256_GCM,data:eBSL9xrBDN50,iv:TiC3jjpfwS6A9x6PAkMIorwJ9CecxblzEFt5+ZmSW6I=,tag:XA6UrnJbkUyDBgOY9xfIPw==,type:str]
|
||||
provider: ENC[AES256_GCM,data:yh4TBYDI2R0a4f1qSg==,iv:hx8pAuo//U+YY5a2cq/KyoK4qcKbSXWtkrDvACWLU2c=,tag:uJ9JNWdDjb0eTS0ZJXHDaw==,type:str]
|
||||
skip_local_2fa: ENC[AES256_GCM,data:8YwpOw==,iv:2R3Zc4HK/U31SVcXR3xi9J/kJySR3osA8xN3YhvRxBk=,tag:SzBFOwEmczW59SHLGCMb5Q==,type:str]
|
||||
key: ENC[AES256_GCM,data:rLR8ve4=,iv:qOVIBiFjsOrrRg/mca5l7SHc2GdVAdyz0TV3Q7lJlQg=,tag:tYEzx7SoeoAC9/lgWU91uA==,type:str]
|
||||
secret: ENC[AES256_GCM,data:r7sWVeqWTnqbt7ArzpADD5A1fYU6+KSpLohWJuSbEUyPAzOSxfZGxSYNfAwaxACOgmJJnxUeQ9l71nyUDWzGMrFkLr+o+WcQmSTPV3+3iMHDsTdgjEb+tIZFdi0Z5PJ8DCBxjckmbG5cx3O3Kyrjc24SNHCVb62lhduZH1fIlT0=,iv:kvtMCpiOUx10zTKt/ZYQh3leYaY9+v169Sq+sYIScHQ=,tag:t8txjt3xuVKWA7QgBJYuiw==,type:str]
|
||||
autoDiscoverUrl: ENC[AES256_GCM,data:SG2ev/BshOBP0NQnpZRQErZDAEWdReiwp2pb2JJBWZmFvC67//t8WZu1/wilfQjJvJdsDGwk9Rwncoxya5Fb9uKYDAQKzqULJk70Er9pyNaowFbMxiMm+ws=,iv:B9GM9MLIrKTtRfyDxltlFvvm01aRCTQnyiemH4qzjGs=,tag:Wqji+fKliEGJRZ4inTmbXw==,type:str]
|
||||
iconUrl: ENC[AES256_GCM,data:lcW3npgyrc50GIYCyTh5Gpht2CU6hX67j13XNOvGQybU2dsA9BtqpmH0OMQz4b1g/XkuHAp5j3I0wLnGvhXXf4mEugzt8g==,iv:X/kHS77OJLDuNN2lTAWLqPARJ1QZMY1ImuS+xmkUlgM=,tag:0ZRh7eH6dYdZd250Lb/+xA==,type:str]
|
||||
scopes: ENC[AES256_GCM,data:GtTGDrDZwU1r5vEsxg==,iv:/7yMuJpxlML3R1X8onDSFbJVwpYFtnLamaI+X148Tlk=,tag:e8HkvzdpkhDvedVzm7jG3w==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6d2JneUUzM1VkM1lvclA3
|
||||
aC9wMGpKSGU5ZnVaUTNlVDNsMlNaOVRNYVdzCkpzVUJzNHN2TmhHektzOC93Vjlj
|
||||
SVU3cUxVUm4wWjJQRWZRdWlRMEU1eUEKLS0tIHRLOEJERXBMd0NFajNjbHhPVVNl
|
||||
b1cyT0RYa3hzbFJjc254bHJMcDIzeTgK/aX6f60NBz6w1TaOFSZDRE7rPniebb75
|
||||
iwO74fJtl5g9WxAG5yByxJ455Uhc2R/+VBbK5BcYFt9cboIgkUrS2A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-03-25T19:15:08Z"
|
||||
mac: ENC[AES256_GCM,data:ySAOo8j+p9O0v8xYFcjuD6e/pc9LtLxLWC4TdP7mjhdfwwaaoJW96DLEbSYxYN7Co8zHFqdMp5e76SgvhWwP2LNmHLunJ3LNU6u6NSMEFLCSyjAM8KiqB4bTNq7Kf9H2FZbAN58YKXpZEFECJpxoLg2Q9MdRp+BvgURDa2QLZRc=,iv:Ay5vMdrKbNpFyir/N4+mPuOwKwIVupZbeJFKA+DWFDA=,tag:+YUSXQYMfu59oF+hjg0XMg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.4
|
||||
@ -1,28 +0,0 @@
|
||||
files:
|
||||
rclone-config:
|
||||
enabled: ENC[AES256_GCM,data:3y4DCg==,iv:n+Pfj4j405WR17aY7RbF6lpOQ58ZQmWrH6dgUTQ0jX4=,tag:xbKEnPnASJTl27ch1Hi00g==,type:bool]
|
||||
sensitive: ENC[AES256_GCM,data:DGby8Q==,iv:nibU4CkdcYlT1F7OkgqE1apUuyJA5M9Vj5x40F9zt3w=,tag:oW+jPP7F1vWY5gf0JyrPdw==,type:bool]
|
||||
remove: []
|
||||
entries:
|
||||
rclone.conf:
|
||||
data: ENC[AES256_GCM,data:m4K3yt7no9mnUOzn/iGtaKqBrDXoLCgxEWV8NacXlOvh7c5ngmTmwoxzTaNxbsCQA7dECYb0dFtPvhF33AqgpcbRnqGrK54v8V+NaldQrgT2up4iQfdYA+sh+yNG3QAXU7eOEBvyFctJ+9dEaBII1sF/xFSkcTwrWkQFTQKLDdNIYU9a8ttEysz0cBWWXL3h9Y7C/mBjPdWIhpaf6Z63hy5P0hnYFftZsVM=,iv:qBBk9xMlZl3FriY2oYk4DQB1EKTsl7/qUj4s8naVvts=,tag:tDUKvK8ZuIxVeJjyUUqeXQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxalE3bUtCWmFVejBJMlZq
|
||||
dUg0U0R2VytsZHZ5QlQ4UGdrRmdsWGhWbEI4Clk1WEZ4U1lEdTJoRVBTbEFXaE1O
|
||||
TW1wb0dycS9HeWdQcUx3KzJKb2kwTVUKLS0tIDU1bE9JWnp3Q3U4V0pVOGs4Z3Rq
|
||||
Q1VsM3orOUZmS3lDaFpNN2g0cnllVWMKqZlPfiIFKn8h56gspbbUhpv9RkL5gF73
|
||||
NzqtFJJwQOGaD3lk2ocaLLkvywJ/DKNf7JupTWlmggHijId4hmpytw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-11-20T15:04:15Z"
|
||||
mac: ENC[AES256_GCM,data:XRmw86oJLHXMAY/SPv6ptQLV1Eocbig6CQSG1SdOO9scMpfgD3tMY43z5aB16DkW+6AG1ti+TS4JRgXKLaSsAmORqRN0yTwGEktiLs0GxhtDvMYwnclj/Cx76WbZyMkgVzCHe7ZsAI+9DrejSFYbB/CzA+8yq1KmMf/L5NWcv7o=,iv:AcYK48ywr2pzNw/HEY5hWOcjdnmnG2/eWp+r/o15Lbk=,tag:HLKLFYFV+7SWUaFYiNUS3g==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
@ -1,49 +0,0 @@
|
||||
shortcuts:
|
||||
hostname: navidrome.badhouseplants.net
|
||||
ingress:
|
||||
main:
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
||||
env:
|
||||
main:
|
||||
enabled: true
|
||||
sensitive: false
|
||||
remove: []
|
||||
data:
|
||||
ND_MUSICFOLDER: /app/music
|
||||
ND_DATAFOLDER: /app/data
|
||||
ND_LOGLEVEL: info
|
||||
ND_BASEURL: 'https://{{ .Values.shortcuts.hostname }}'
|
||||
files:
|
||||
rclone-config:
|
||||
enabled: true
|
||||
sensitive: true
|
||||
remove: []
|
||||
entries:
|
||||
rclone.conf:
|
||||
data: |
|
||||
[music-data]
|
||||
type = s3
|
||||
provider = Minio
|
||||
endpoint = s3.badhouseplants.net
|
||||
location_constraint = us-west-1
|
||||
access_key_id = allanger
|
||||
secret_access_key = fPN3Nv6yDWVnZ7V7eRZ
|
||||
rclone-script:
|
||||
enabled: true
|
||||
sensitive: false
|
||||
remove: []
|
||||
entries:
|
||||
rclone-script:
|
||||
data: |
|
||||
#!/usr/bin/sh
|
||||
while true; do
|
||||
rclone --config /app/rclone.conf sync -P music-data:/music /app/music
|
||||
sleep 10
|
||||
done
|
||||
@ -1,20 +0,0 @@
|
||||
deployAnnotations:
|
||||
keel.sh/policy: force
|
||||
keel.sh/trigger: poll
|
||||
keel.sh/initContainers: 'true'
|
||||
|
||||
extra:
|
||||
templates:
|
||||
- |-
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRouteUDP
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-game"
|
||||
spec:
|
||||
entryPoints:
|
||||
- game-udp
|
||||
routes:
|
||||
- services:
|
||||
- name: app-open-strike-2-main
|
||||
nativeLB: true
|
||||
port: 27015
|
||||
@ -1,27 +0,0 @@
|
||||
config:
|
||||
env:
|
||||
secrets:
|
||||
data:
|
||||
SW_ADMIN_SECRET: ENC[AES256_GCM,data:dG2zVmvycL7TZM922XADQ/SwWMBrUvXd+BPwpxIvmaDnjejpEaHUfB0xhpkhZqhAB8M=,iv:5hDpUFLLGLf4VLj8h3weOZhiwJKYORg5uKVgXVXKbgM=,tag:9FQru61B5hDPcIoIUDvUtg==,type:str]
|
||||
MINIO_ACCESS_ID: ENC[AES256_GCM,data:HvZa/kOy8ZI=,iv:T2433k3OmZTmPTx2QWEAELlN7zY37LUynapVWpASrJ0=,tag:Kvr4wIgq5dMmXRJDoxqGxA==,type:str]
|
||||
MINIO_SECRET_KEY: ENC[AES256_GCM,data:Tv5VWQprCKtJCghzhZ8YD8/9,iv:hioZ+d0ns+Hr3pBVyfFWgcuRKDrPQmskSnU0XOMwhzA=,tag:nuFn0qV9UMy2ywiFfx5gHg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGMTZGN2NSYXUzcXNJVUx2
|
||||
YXE3Nk5MbnV1dyttUEtmUExabFYvOGdHcTBRCkM1WE9uNlF1OGh4NnNDL3NabXhi
|
||||
OW1NcDlydUMraTVQV2tjLzVla2tpSnMKLS0tIHN6RXVJTzNvZlkyTmdDb09UTUNy
|
||||
TVJyRVI5U2NmV1VIQTk4cjlYM1htMFkKkxsXzn+7nFiTs3mANqO0+f7/TTGKogFk
|
||||
8ix4OpiA9b33kuqi4Z7bXx4ucyCmlDwtxuHvmOEOyW4yJ9F1cgm+Uw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-02-15T23:05:04Z"
|
||||
mac: ENC[AES256_GCM,data:Kix/IdONJ79Lj1dc/gigpM7BUPyg7EIsPQzkhtu8+nbIQZQsm0CYqlqPx1V7w0r9vef+rCd/8GX8RdKw0o5ZaDZY5l0nXEi9E7dEtcHTYlrr8fqljcsGRAKmOiBRMkPh0jGTEPlFRtb0Inrn85rWUiMJP12hwIIS0t7GpAydKdI=,iv:1pMdzj1x0Hf65nmZ28Lv7yu6Y+suQKxv274nYl8J3HI=,tag:GQL8HOSswz2N56iNAS9l9w==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.4
|
||||
@ -1,318 +0,0 @@
|
||||
shortcuts:
|
||||
hostname: stalwart.badhouseplants.net
|
||||
|
||||
base:
|
||||
workload:
|
||||
initContainers:
|
||||
prepare-config:
|
||||
image:
|
||||
registry: registry.hub.docker.com
|
||||
repository: library/alpine
|
||||
tag: latest
|
||||
pullPolicy: Always
|
||||
volumeMounts:
|
||||
files:
|
||||
config:
|
||||
path: /app/config/config.toml
|
||||
subPath: config.toml
|
||||
extraVolumes:
|
||||
config:
|
||||
path: /app/etc
|
||||
command:
|
||||
- sh
|
||||
args:
|
||||
- -c
|
||||
- cp /app/config/config.toml /app/etc/config.toml && echo "" >> /app/etc/config.toml
|
||||
containers:
|
||||
stalwart:
|
||||
volumeMounts:
|
||||
extraVolumes:
|
||||
certs:
|
||||
path: /app/certs
|
||||
stalwart:
|
||||
path: /opt/stalwart-mail
|
||||
config:
|
||||
path: /opt/stalwart-mail/etc
|
||||
|
||||
envFrom:
|
||||
secrets: {}
|
||||
raw:
|
||||
- secretRef:
|
||||
name: app-stalwart-db-creds-17
|
||||
|
||||
extraVolumes:
|
||||
certs:
|
||||
secret:
|
||||
secretName: stalwart.badhouseplants.net
|
||||
stalwart:
|
||||
emptyDir: {}
|
||||
config:
|
||||
emptyDir: {}
|
||||
ingress:
|
||||
main:
|
||||
metadata:
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.class: traefik
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
kubernetes.io/tls-acme: "true"
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
||||
config:
|
||||
files:
|
||||
config:
|
||||
enabled: true
|
||||
sensitive: false
|
||||
remove: []
|
||||
entries:
|
||||
# Ref: https://github.com/stalwartlabs/mail-server/blob/main/resources/config/config.toml
|
||||
config.toml:
|
||||
data: |-
|
||||
[lookup.default]
|
||||
hostname = "{{ .Values.shortcuts.hostname }}"
|
||||
|
||||
[server.listener."smtp"]
|
||||
bind = ["[::]:25"]
|
||||
protocol = "smtp"
|
||||
proxy.override = true
|
||||
proxy.trusted-networks.0 = "192.168.0.0/16"
|
||||
|
||||
[server.listener."smtp-startls"]
|
||||
bind = ["[::]:587"]
|
||||
protocol = "smtp"
|
||||
proxy.override = true
|
||||
proxy.trusted-networks.0 = "192.168.0.0/16"
|
||||
|
||||
[server.listener."smtps"]
|
||||
bind = ["[::]:465"]
|
||||
protocol = "smtp"
|
||||
tls.implicit = true
|
||||
proxy.override = true
|
||||
proxy.trusted-networks.0 = "192.168.0.0/16"
|
||||
|
||||
[server.listener."imap"]
|
||||
bind = ["[::]:143"]
|
||||
protocol = "imap"
|
||||
proxy.override = true
|
||||
proxy.trusted-networks.0 = "192.168.0.0/16"
|
||||
|
||||
[server.listener."imaptls"]
|
||||
bind = ["[::]:993"]
|
||||
protocol = "imap"
|
||||
tls.implicit = true
|
||||
proxy.override = true
|
||||
proxy.trusted-networks.0 = "192.168.0.0/16"
|
||||
|
||||
[server.listener.pop3]
|
||||
bind = "[::]:110"
|
||||
protocol = "pop3"
|
||||
proxy.override = true
|
||||
proxy.trusted-networks.0 = "192.168.0.0/16"
|
||||
|
||||
[server.listener.pop3s]
|
||||
bind = "[::]:995"
|
||||
protocol = "pop3"
|
||||
tls.implicit = true
|
||||
proxy.override = true
|
||||
proxy.trusted-networks.0 = "192.168.0.0/16"
|
||||
|
||||
[server.listener."sieve"]
|
||||
bind = ["[::]:4190"]
|
||||
protocol = "managesieve"
|
||||
proxy.override = true
|
||||
proxy.trusted-networks.0 = "192.168.0.0/16"
|
||||
|
||||
[server.listener."https"]
|
||||
protocol = "https"
|
||||
bind = ["[::]:443"]
|
||||
tls.implicit = false
|
||||
|
||||
[server.listener."http"]
|
||||
bind = "[::]:8080"
|
||||
protocol = "http"
|
||||
hsts = true
|
||||
|
||||
[store."minio"]
|
||||
type = "s3"
|
||||
bucket = "stalwart"
|
||||
region = "eu-central-1"
|
||||
access-key = "%{env:MINIO_ACCESS_ID}%"
|
||||
secret-key = "%{env:MINIO_SECRET_KEY}%"
|
||||
endpoint = "https://s3.badhouseplants.net:443"
|
||||
timeout = "30s"
|
||||
key-prefix = "/"
|
||||
|
||||
[store."postgresql"]
|
||||
type = "postgresql"
|
||||
host = "postgres17-postgresql.databases.svc.cluster.local"
|
||||
port = 5432
|
||||
database = "%{env:POSTGRES_DB}%"
|
||||
user = "%{env:POSTGRES_USER}%"
|
||||
password = "%{env:POSTGRES_PASSWORD}%"
|
||||
timeout = "15s"
|
||||
|
||||
[storage]
|
||||
data = "postgresql"
|
||||
fts = "postgresql"
|
||||
blob = "minio"
|
||||
lookup = "postgresql"
|
||||
directory = "internal"
|
||||
|
||||
[directory."internal"]
|
||||
type = "internal"
|
||||
store = "postgresql"
|
||||
|
||||
[authentication.fallback-admin]
|
||||
user = "overlord"
|
||||
secret = "%{env:SW_ADMIN_SECRET}%"
|
||||
|
||||
[tracer.console]
|
||||
type = "console"
|
||||
level = "info"
|
||||
ansi = true
|
||||
enable = true
|
||||
|
||||
[certificate."default"]
|
||||
cert = "%{file:/app/certs/tls.crt}%"
|
||||
private-key = "%{file:/app/certs/tls.key}%"
|
||||
|
||||
env:
|
||||
secrets:
|
||||
enabled: true
|
||||
sensitive: true
|
||||
|
||||
extra:
|
||||
templates:
|
||||
- |
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRouteTCP
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-smtp"
|
||||
spec:
|
||||
entryPoints:
|
||||
- smtp
|
||||
routes:
|
||||
- match: HostSNI(`*`)
|
||||
services:
|
||||
- name: app-stalwart-mail
|
||||
nativeLB: true
|
||||
port: 25
|
||||
proxyProtocol:
|
||||
version: 2
|
||||
- |
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRouteTCP
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-smtps"
|
||||
spec:
|
||||
entryPoints:
|
||||
- smtps
|
||||
routes:
|
||||
- match: HostSNI(`*`)
|
||||
services:
|
||||
- name: app-stalwart-mail
|
||||
nativeLB: true
|
||||
port: 465
|
||||
proxyProtocol:
|
||||
version: 2
|
||||
- |
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRouteTCP
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-smtp-startls"
|
||||
spec:
|
||||
entryPoints:
|
||||
- smtp-startls
|
||||
routes:
|
||||
- match: HostSNI(`*`)
|
||||
services:
|
||||
- name: app-stalwart-mail
|
||||
nativeLB: true
|
||||
port: 587
|
||||
proxyProtocol:
|
||||
version: 2
|
||||
- |
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRouteTCP
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-imap"
|
||||
spec:
|
||||
entryPoints:
|
||||
- imap
|
||||
routes:
|
||||
- match: HostSNI(`*`)
|
||||
services:
|
||||
- name: app-stalwart-mail
|
||||
nativeLB: true
|
||||
port: 143
|
||||
proxyProtocol:
|
||||
version: 2
|
||||
- |
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRouteTCP
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-imaps"
|
||||
spec:
|
||||
entryPoints:
|
||||
- imaps
|
||||
routes:
|
||||
- match: HostSNI(`*`)
|
||||
services:
|
||||
- name: app-stalwart-mail
|
||||
nativeLB: true
|
||||
port: 993
|
||||
proxyProtocol:
|
||||
version: 2
|
||||
- |
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRouteTCP
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-pop3"
|
||||
spec:
|
||||
entryPoints:
|
||||
- pop3
|
||||
routes:
|
||||
- match: HostSNI(`*`)
|
||||
services:
|
||||
- name: app-stalwart-mail
|
||||
nativeLB: true
|
||||
port: 110
|
||||
proxyProtocol:
|
||||
version: 2
|
||||
- |
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRouteTCP
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-pop3s"
|
||||
spec:
|
||||
entryPoints:
|
||||
- pop3s
|
||||
routes:
|
||||
- match: HostSNI(`*`)
|
||||
services:
|
||||
- name: app-stalwart-mail
|
||||
nativeLB: true
|
||||
port: 995
|
||||
proxyProtocol:
|
||||
version: 2
|
||||
- |
|
||||
apiVersion: kinda.rocks/v1beta1
|
||||
kind: Database
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-postgres17"
|
||||
spec:
|
||||
secretName: {{ .Release.Name }}-db-creds-17
|
||||
backup:
|
||||
cron: 0 0 * * *
|
||||
enable: false
|
||||
credentials:
|
||||
templates:
|
||||
- name: POSTGRES_HOST
|
||||
secret: true
|
||||
template: "{{` {{ .Hostname }} `}}"
|
||||
- name: POSTGRES_PORT
|
||||
secret: true
|
||||
template: "{{` {{ .Port }} `}}"
|
||||
deletionProtected: true
|
||||
instance: postgres17
|
||||
postgres: {}
|
||||
@ -1,25 +0,0 @@
|
||||
env:
|
||||
secrets:
|
||||
data:
|
||||
SECRET_KEY: ENC[AES256_GCM,data:bLecWaJafPbXT2/dvKt3R2KNfuxxgQ6yLxviYbOf,iv:liuexfgYScH+eg/qSO23SQxE7hKpudgkOH3JRDkaa+A=,tag:DEcAbY6rg7mQnhsnukWtFA==,type:str]
|
||||
SOCIALACCOUNT_PROVIDERS: ENC[AES256_GCM,data:kx9ziZhxWcWTu1UG7BPi/sdG1tHhzugq65xxL3IPVx8i1oHXwy+00KaOEsIYP+TJqX5516Zq6JqtXe9dQwI4uVIy538FdXeEQDHKNS0xesSx8jG0tKa71GiqyQGBrBBxiy144za9y1QHB9k1pvuaza8mVEQOoktmMFfiHzEOhYDQxIzTulOMWxN2ImTsYSupHS6HLR13gDCyROVDzj1Io/U1VHxN5RZBPiqthNiB+/Aj+2FuCwAaxgEE6VVNFJlghi2yiZbl/PvZ3MDT+dAx/NijawVt0qdBBmPvB3jKZkgRN2tyystGiu47hnLosuzjrOjAMA6rP7XkT2gQ5e6hoLlJxWD5IiAHI+gQK7REbyJrEmSwwH0aCVsd1H4FOBNk+rfKpTIr7sRZFTVcZLtUdTZW6EW0XWmrBBPr5jodmouoFZY+dGlWP1vQkG+2eymw5aJCan0oq+x+J9dB+CVZc/2M1zBeRa6Crg7w3smCqOr46jkaRxfoDxV2NdRSla5zkwwFSS7MqPYlqre2oW+pgP7lvRa4MW9++5q+Zg==,iv:RZMNm66PhTWvjJG5jtpJW22TFInHw8LT04qui3fMLgA=,tag:ETMqmFO/8Kve/W55WP21dA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKcTM5RTNIakwwZHNrQXE2
|
||||
U2FsK1gwMDhUTDd1MVorbENtQXdnZjYrM1c4CmNQaG5TcU9wK25qQUg5a29UUXBK
|
||||
WlZHK0M0dHEvZWVyZmJzR0RLU1pGWmMKLS0tIGk4TFArQnJyTWJJa3FJRlJhY0do
|
||||
ZE81bENWM3ZUdlR0N2RKMnJkUnJxSG8Ky2ngwj6ZnToGhnAJChU8NXUG+XPPZc2F
|
||||
fOD35BFO5bUNe+V8MkDLae+GQ1hr55r4WnvFpSWywRIjCFYmUJHTgQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-02-22T12:32:43Z"
|
||||
mac: ENC[AES256_GCM,data:khcLV/lPaY6J5QQmX8466jx9bsXn+NwA3TLIUYs9ipKa539OjIWstwyydVxILSBCwEWGEW86c8EzLBwptBBgg6gehfRJAax5TAn0lBd1lAAiAxZhdNpc2tfoaMaUWfWdpwYjdrtnvAlAkN3/16nvx+TIq7WdU/cWsic96PqhU0A=,iv:I81QvtZ7S+mSAzoXhU0YBMN0L4K+SRHW3UtcSLxwK5s=,tag:gAeAIjyJ13A8gfE7ppBeRg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.4
|
||||
@ -1,57 +0,0 @@
|
||||
shortcuts:
|
||||
hostname: tandoor.badhouseplants.net
|
||||
ext-database:
|
||||
enabled: true
|
||||
name: tandoor-postgres17
|
||||
instance: postgres17
|
||||
credentials:
|
||||
POSTGRES_HOST: "{{ .Hostname }}"
|
||||
POSTGRES_PORT: "{{ .Port }}"
|
||||
workload:
|
||||
kind: Deployment
|
||||
strategy:
|
||||
type: RollingUpdate
|
||||
containers:
|
||||
tandoor:
|
||||
securityContext:
|
||||
runAsUser: 1001
|
||||
runAsGroup: 1001
|
||||
fsGroup: 1001
|
||||
envFrom:
|
||||
- main
|
||||
- secrets
|
||||
- secretRef:
|
||||
name: tandoor-postgres16-creds
|
||||
extraVolumes:
|
||||
common:
|
||||
path: /opt/recipes
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 8080
|
||||
initialDelaySeconds: 10
|
||||
failureThreshold: 30
|
||||
periodSeconds: 10
|
||||
ingress:
|
||||
main:
|
||||
class: traefik
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
extraVolumes:
|
||||
common:
|
||||
emptyDir: {}
|
||||
env:
|
||||
main:
|
||||
enabled: true
|
||||
sensitive: false
|
||||
data:
|
||||
DB_ENGINE: django.db.backends.postgresql
|
||||
SOCIAL_PROVIDERS: allauth.socialaccount.providers.openid_connect
|
||||
REMOTE_USER_AUTH: 1
|
||||
SOCIAL_DEFAULT_ACCESS: 1
|
||||
SOCIAL_DEFAULT_GROUP: guest
|
||||
@ -1,26 +0,0 @@
|
||||
config:
|
||||
env:
|
||||
secrets:
|
||||
enabled: ENC[AES256_GCM,data:bai2CQ==,iv:NG7q1ZsDpCW9Lu00fGsibpTEHGtew+l5TFOLOpljlwU=,tag:Z2/fXmsEEqhDzCdTWS/Qhw==,type:bool]
|
||||
sensitive: ENC[AES256_GCM,data:n+dNXA==,iv:iFM0+5G5Bsw4NI+JH1vMMrty3Zo0El0HE9F6PEDsJrY=,tag:EcbzQHVeOHVLVC7kgaRPXw==,type:bool]
|
||||
data:
|
||||
SMTP_USERNAME: ENC[AES256_GCM,data:eQ4c,iv:4vX/ioHWEA6DzMwZ+23dgUN4PJ7Asz7bbufG5Fy80iI=,tag:1Mq0Hj/23T4fvGEXuNUtxA==,type:str]
|
||||
ADMIN_PASSWORD: ENC[AES256_GCM,data:B08urSqwYgekI6I5LDYGHbPK5n3r+woRZw==,iv:K2O9aSJLRMbK+N2lfX4ojSqhbmb9KbWsuW2DtYZHCOA=,tag:Qz0OJ7aWwC+/9d1oc38ySw==,type:str]
|
||||
ADMIN_TOKEN: ENC[AES256_GCM,data:sKVugfrrR9L5LtozHPibGiPULiwv8pAot925Z/rQ0V/mW+DVvNPEw4odgfX596Ddmd8oV5zo5Mz8WIPUCmrVmfdoz+3YzVywEy8=,iv:npthfz4xcW6fF10RhHCF6uXH/6526l3gjZGRu+Xpylg=,tag:vsPsRZ7EIQ7FMvqJga3hhg==,type:str]
|
||||
DATABASE_URL: null
|
||||
SMTP_PASSWORD: ENC[AES256_GCM,data:quvcZQKauXeW+l8xkYgVBElBQveoRWKDBA==,iv:KpQH+Ef87jl/M9XpBtIKNhn7ATHoV+Jgjpzg2Li28Kg=,tag:jniePrO7UVp/cz/eIh19mg==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGNnFwbWFpTWgxRk45S240
|
||||
cVI5ekJXdVIwaG5NcGRPa2xTN2pFV2tyN1JBClNVMGhNL2FaM2pCK0sxbjgyalJN
|
||||
MnpQeHBxY2RtWkI2c1htV3oyQmNnbVUKLS0tIGg4ZXNwaFRKNTlIRDluT3k0VDRD
|
||||
Y3pIaEdFb1JwMnVrYnJ4UkpWMERmZFUKa45EvUqkvjaL85xh3gyxTeJ02IxPJf9a
|
||||
TGjAvpjBrym9v++OrHn2otw1NOeZwSP1hmSCc+sa6/0yFqcU031xjQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-04-01T10:29:47Z"
|
||||
mac: ENC[AES256_GCM,data:VmYotoR4BJJv2mZ+kt+NNn+oXLKWHed0o/TkJO93/4eLUm8Wg9SPMA1ZYYe9YRfgbIhYxPlQbPPKQBv95XeOS1FFL24VyenTTP3TXWroeXxOWubko/Fp88U3glJXs5jfL5DLYKvGwTXG3tchFDwH9m6QOABX+aRxvNBEP5zXUxs=,iv:HMzuvl8YCPj9ZA5tKfExQfSbvwu4IEHz6sMLAe8g7vo=,tag:lI2fh1b7prHsBS8Snrbdtw==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.0
|
||||
@ -1,63 +0,0 @@
|
||||
shortcuts:
|
||||
hostname: vaultwarden.badhouseplants.net
|
||||
|
||||
base:
|
||||
workload:
|
||||
kind: Deployment
|
||||
strategy:
|
||||
type: RollingUpdate
|
||||
containers:
|
||||
vaultwarden:
|
||||
envFrom:
|
||||
raw:
|
||||
- secretRef:
|
||||
name: app-vaultwarden-db-creds-17
|
||||
ingress:
|
||||
main:
|
||||
class: traefik
|
||||
metadata:
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
|
||||
config:
|
||||
env:
|
||||
main:
|
||||
enabled: true
|
||||
sensitive: false
|
||||
data:
|
||||
SMTP_HOST: stalwart.badhouseplants.net
|
||||
SMTP_SECURITY: "starttls"
|
||||
SMTP_PORT: 587
|
||||
SMTP_FROM: bot@badhouseplants.net
|
||||
SMTP_FROM_NAME: Vault Warden
|
||||
SMTP_AUTH_MECHANISM: "Plain"
|
||||
SMTP_ACCEPT_INVALID_HOSTNAMES: "false"
|
||||
SMTP_ACCEPT_INVALID_CERTS: "false"
|
||||
SMTP_DEBUG: false
|
||||
DOMAIN: "{{ .Values.shortcuts.hostname }}"
|
||||
LOG_FILE: /app/logs/log.txt
|
||||
|
||||
extra:
|
||||
templates:
|
||||
- |-
|
||||
apiVersion: kinda.rocks/v1beta1
|
||||
kind: Database
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-postgres17"
|
||||
spec:
|
||||
secretName: "{{ .Release.Name }}-db-creds-17"
|
||||
instance: postgres17
|
||||
deletionProtected: true
|
||||
backup:
|
||||
enable: false
|
||||
cron: 0 0 * * *
|
||||
credentials:
|
||||
templates:
|
||||
- name: DATABASE_URL
|
||||
template: "{{ `{{ .Protocol }}://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}` }}"
|
||||
secret: true
|
||||
@ -1,23 +0,0 @@
|
||||
secrets:
|
||||
RENOVATE_TOKEN: ENC[AES256_GCM,data:4PcZwgDWomLwizlaYd/nGVn1wsh2N5EciGov3OpvV5k9v4szSsQZug==,iv:fJQ03dY+c4MLcsRzJK/UXVqbqZOs+dzrT1sQLgY/RzI=,tag:VZ5Yda26+j+un998Y4YYsg==,type:str]
|
||||
BACKUP_RENOVATE_GIT_PRIVATE_KEY: ENC[AES256_GCM,data:lOJ2zPeRLc1GAvp2VQox8+skw9AZ+8MVkkNrRb/X8it+uH8QFwEUi0hT122pe/9RhMQJ5U+UI1xGIABwW3R65FusNsnv0RutDKWZFLsokgqKaPupTKA6YwxcrwT+BB3KUKToqozy0XyMv4fhwxUpLGQMSYLBt4yiAj2n3tlcNDBt6U+JnqsYJfUfFTtbQn6JgEqgD3mwZtZeh2z27JLYCaD/3ogpUiwdfZOYvxdUmLYPcooKc2LUOfy81ChB9o85l6yMJBX4ee/yZnYmYcRDDx0Lz4lm0tlqlH5DfIhulozQQWWmQWL7P9R8Uwrjks+Tkoo0+yIn2i8/klzhwLWrBhUgoKpJ1GSH+gq6QKtVW3aUVeIdzk4JNonxO2K/dXJxzVrstCrsFIflrJ/flpBHCLqjchXh/JzhOa6w0sr9syGGcgoYyMS8QZj8b/47tvPLFuVAcUpv+gRqfCq9EM1qR8YpeRBfNViP7HKEnmiHCBA9WyiEnSDQzZAHcIGD1SRJjDk1KjwXBVeU2OqMru03VU6ZWRYU0BtYFS5V27udZj37K1brg3cszZWtaB9t8IfCsPDW+GWmM+roL1/yMf4D07QSoPA9FL5euUGeZ53GxPaone21DA0UWptSuHMQkaNDjyo5J21o/3nu6brmY+05DsENLuuv+fmSSQOCma6RsAS0vQMOCwIjxfGIak8RRxHGUfnFHXp65iLWaDpkru46tOgehffPCBs1M6OLLcIH9BsSVWZkASupgWSmZwOi5magxsQQPHh9xHZFQhimL1GDb86BqVpfOBHEinRlr6Z5plwNkXlVGylnXOWRJdCDE37JbExQnhf+SDl5qEL41c6/UfPJp9hPRQzRrJk5V4MdPgpppbsHB1UVZWpo2+tNgw/uZYtYax4Dh89VdkHds+Nuymc3wKy6JWGZTadeigFXL4ne7o2Pe6UN2a9oCsshMs5UEJDnusVz+k+SZPTIqFN0yshLVmeOPPPne4k0gdHWsfLR8zoPBURUUohvo8OsumW4CX8R/8LMdeDl93Fg1IghpLbR8az0Y4wKT3inyaf8gjUXBP9qggRUn+bpch6p+PSTYc1jzceTlwm0qD4pwP0CUranU1Ihyvlx1rFaHhR3acz4MBy6f4YenlwZ5TITGYZVlZWV5acgbkNeyKxb5ZgDogsMsb+B08d1sGS4YIKj34WLt0V8aNUH8n4Dl6bG0UnCnlRfAyAJrsK5W0PX/5GTjyOxvLRw6JqJWIMt1UsPWxZG1ZJKELd8Gmug2Ou8LvKP5t15XRnTN246/O421qOK5H2KcKPBeeIbqgwCtVCCEZTkZVYCr+SpZ/kfltZtKtsGbiEcztMHyyzaong5gD3RljtDv1VrkdoTnNTTPbnw7lFG7pd4VQpagku5IpYA63+ouHq+wEpc2ZfylW3PKDSazzmKf7AmxWA4eYCFZ1VBNpfAeew/Va8Uu9bFLgTNXToGE8KD41H6+DH+klMBBCdwOBSMSUXH3IqSNFQ0PdA0Wrqw+wNPtT8rqwjcOfcs3hNEXyOvsr+6jMa7qqgEWLbHYck+NubMoV4BQVtgu4fppaa4+aZfhxuFqU5R8MKHEvQnt8VNAGzAARe2H5CHv9IDRVTchOfkX5y3yMeX24hf9dvDphufeJZEg6nwo2Wnqfd8kJ6Vz+LdXT0XadEsOROl8x/QNiYuiNXqB6BhE6LALWjdLciBP0sJnFKenK7PqrXa0eMKCVfimQEkVnpad5XgAzu1HFepsS1UigyV24LE9ukEQt+52wCJB1lft2BuWxC1kcqJaOO0koNDramLCbXcYcO2HWdicIuuh4Z/H5uOow+OSTYfk5iaXZBP/uqwV5n1rXgbK/VVPeY0DklkUPHP/840ENo/KLAN5ufartYYQ/VYvL7v/v4CDDq8Fvy8AEJBuaP+qumjZn/E3CKAljQF3t8HsHEK9vRgw4+DmNisgJ5ZQtdUxXSFTCeOSlo+XQb3rcTtyxsn4BMqvKY7CFeqwd17uLO7U5TjXU6YcbSRhbqHQLTpZjeHyxLZLUCIxDZwCshWVxI/RfHwtVm4AgaQS9CFWKIw7Ocfe7r9Q5BFKj4Lb/BsbKKtYaagKydhYdHr6lcKtL0skajg3GJOdLsw90MLU8vtE/G4tkFhrelWh6VYjBsuItDYdGeYHJc20Gu8yHZV9ppPwDEs/2CUpQfDq1FjuUUCYYKGbsT+HxwRpGbGRuRAW+JZCX8Skgr7kMgFQfsePEVfUisbxmh7P9+/yp3W99de7k+NOfRBOOFNBAV4ErXyRR1ETVKh577rAJ8XwMYMNmuhl3/g8O5cfKiBYojJS+0KWQSfVn34mfA1KnDL2UvtzKRsD9zm/H+oSqasnoaD4OjEX4wUxTsnyPVx5Vos+A7MAb6CNs8Vt5yLGSk6m72TNO5T6HjsJKnB8KH5ZD38+RgSkV8GUKYH2GaN8KadkiL5+3FBkt8TaaCamQn9ghEvQWiAPOKXtbBd+i7wMnhSZZRgjtdGMhoXRRgbsnkkxJ2MTHv82wEOvVIJrG2rjc94o2JwCDAp4lzC2VUTmO7dKM2/t1oq/ZncFupk0z71rBGKdZn2OKwioqN+Q1kvovpi5AJ6GWkldcg/Wjb0NLZSpScUdgcsTE7vqYrCAHB2Q3aQItSiFOp28Ng95FVAYbRBCD/WnL6BES0Zdh3fuHLUjgmgv8lJVuNim9psb07DJVpEIP2NZRL/yfy7RM4Ywvh4j5LaTq30EzZEPN8jihcEQehwcp5sUQrMl38tLDgeyhpG9rY83PT4UFa507R3B+Jz3RPX3feBLfMlbt9Fxah6FiI+tWyFfmLdVQeTQLKHZjL0pKPemzLMZCeMluWIbi0F7LGgGHpwRkJfXaPBTRph9TB2GtNNiHICG5ExFXC9xrdE38BHerJL8f3Xz2ALRjzeSvxZxZzhDs5YL5A5UySNzmzIRKg942KB3aX4+yfs3UIPkioqEkhx1PilwRIreGhhmzIEz9S6WalMb4ZXasBoqMCv+QXoIPD3xwnKkhkhAAHL8xUW98br5TnAOh2N1V0ioRpt9mdxEw7mUXuy3vwyW5phB/NbI//mC5GVCmmWi/sOW2Zo/9HraPM9OSif9cEh9o8Uy00kKG0I7LdOllFZ9VIQm2OMAr1LGTYXdrCZY5WBY+NajiihKbHOGgwSE20STOjAXxtWsLNNW2MoNrHFIj0U/FQOMCS7u9ERxhC8MFqh4/m2PHOp8gg/XBfjgqx6MtpXXjJlTzSl4f3PfM4RYpfACR3QJKXBfL0R1PY2QgNqBK+zZ85B9ejykCFI+HQjugdsOzA8tdZP0kR84O1sjpKE+lDwLm4g6FcGizQzoT00ajKvHN9Aggd9mZHw7iBspcM9DiKkuEquDPnTuzUFScWAYNsuD5YnqD+K3eBsBao76LdAsODcaQfIkUJmmZdN9dKwE0CT/hViiUyCluujW8r9uo3y4sVZe1/u32G1RWn8D4+pu5YiEsz8JyuikI5G1PBoTkVRW480COoBZn4C/IsBvhGvcdpLL81uKsg902LLmaQUUM395LEI1KK/58ye6Vu+j06HIrLL1wOvWGukZ/x8VCkuf18lfVr4l2NA/7na+c9TIvpKMpgCSTERCPGBbJOnOcs/wJ/Ttupif8pCU66vy+otYCHd6LlWM4VVo8t2Fe+JpC325c76f3PoiWslvq9jYLv9TTyYvUmikbCcwMLD6W1mmmmHlPkVP9KVNxkVGpewFEzxMRqwCnlKd72tF17zHeBDS+Jn8/aer+KZ9HV/omWjH+aouqCnAUlZ6HSPPWMUasobAz90BIkseUwwCMkJrWRYfmyApdhZ6hzk3LBij6wDyIxOZz94zNBuWEk9LlNYvJJy+EzpyPVwftfx69QXPRE/4MPSeyOCviFIVTqo1s3ZdzHxWHZIX/wLdaSMIXoD60amXp4IyOHKoU2whaTW8ZxzS6imkrtOywispWobUln1x6IHL6GYG9MEJb2IaHMXI3bd7P5z++04NTFEpia3CjAIVUKtf4CeviNjwudIIugtfVcgsrzakAU5tYsjgZEck/ZTlKN96FnGq908fzbv6LTSsvMVF1P2rOKkKGIwL8/QxstXmFBdKeU/D+ENNQSBqWY3T9dzrtk624M+NMj41cw9HxV7WpX9RLJ0yJMkfKsGRqsYSOBsyVECeXOaBxRdbcfDZTP2dS9VlXJRiRHz9wuhncQQcR2FR4VJxNnUSllpY/DPyJmhfPIxDZVjeslk/4r7844amAtQnCKvjW3XgB8uQhhu5PoeTj72R+myAccB2DeEFR8898EXY+1AZBi4J58Fbe4GWl99wh6VyQMZEDy43QQqDSKUDnIwT6/NbcEPcL+gkjJSZS9woubLpewsBbOhn/AZkkQJZSy25Q3CltyFMQdye3SScVqL7v2RcoRlz+o11RzmOnHidG979TM/rC0UbVwM0sj4d16l09l5T24C6QzsH3cFO3g72hSsCUOdoFpj+h8e9HiA/n8gxhdKZav99AfyQ0OYsKbaOIghz7o2htZkS/4JKHHBsBcJg7RwHfUhNVTH/AuTULlUpAE/ZwxBJC5VwPluMxl4d0qMUWtNVWh8JM2QBOO1jJBm59MJXa0=,iv:8TpX+aV9t+6ECQ2RMUy99RNBuawVEjPZ6Jp4TydgR8g=,tag:pxe7B3j+ATBdUuxzoJau2A==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2bGFycUpabXdiYjVCOUQr
|
||||
d2kySjFlSVpWOFVNWERZbXg5OVNnMnd2ZTI0ClJDTEp0L1VMVXFUT3lhUEU1QTVO
|
||||
NlZJNzJUQWZiSmlVbjFnYzBiNDNkNnMKLS0tIGlyeUpwZkk4c0hFUm5VTmR2TTVa
|
||||
NERwdU5hQlNoc3BQSDhWN1RPeHZ6cGcKLKS+HekCWvwknxqSro/afXZsox6BZa/X
|
||||
VscdD+rGjWoa+pch7A+DjJ5oLgBi/UHmMpg6UA1/COq+ULPlRDwTtw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-10-14T08:08:21Z"
|
||||
mac: ENC[AES256_GCM,data:fhbazXAMAblZes2sweqlJMHJNL9Kamycnmxsdpmy1I0zAbgtZb/p6csqk8kvw5Tyv+/6MFocElLwvVQvkt31+uTdmDwg33vKyY68v3qTh/7nCoHAyVI6C2AyqB6igvo8EJmxFFqyZdlt8Af9uuN9j7Pqwb7qOylFii40bH2CUTs=,iv:UBi9ZqYYkhzaw3vcJsv9afol0l+/nidtd8Jqk5bGJ7A=,tag:bI8OWWk2mctYBj69HCfp5g==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
@ -1,17 +0,0 @@
|
||||
secrets:
|
||||
RENOVATE_TOKEN: ENC[AES256_GCM,data:ohd4EhTlhRpQ+IXVf1Nb73+h0VHrMZduPhkbm53s3/+HRKUZd7JepA==,iv:qtbH0lz9Li+jjWcef6JGRpbcsOGlG+e3TNHDukAK2HE=,tag:KVmari0LUGHVb61VSFtgXw==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4TGozODRjVzQvdzlvSE5s
|
||||
RTlReWNSWDlzUVVLVmZXV1c3dWVwUU9hbWw4CnJUL20yTFpHMUJFWTdYQ2JWUisx
|
||||
Y0djU2FhaEtVSTlRWEY3Z0RnOUhVVjAKLS0tIEZEUjhqUTRtTEo0L3haWFlRT2JS
|
||||
QTFVWU5RSTBldzBjalg1TFBDY3hGUEEKCH1rY+tGtRNGMYrfSjqXbVsrPAleVHDO
|
||||
Altiz0ceC5ODo01zwBf63vDVqjZtbIQNZ8oQ8Pjlktp3jCpL7JNK9A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-04-01T08:52:26Z"
|
||||
mac: ENC[AES256_GCM,data:6PyWgR3f7lnen5Jun04Tsw1P7rcAgTSuF+YEh0fq3r3xHvQYFGesfEO4PHLfCGYtjyyCeyzpwBUIoUHTmI5tRYjLwjwRiIu/GH75eSLOx0y0gYMl8JUeaPxSpPvElpii3XAm7vKEJhTR9QzNuzduf0Q1JdlR6TM68XM8g78zeSc=,iv:CqTrPYoLg4IgW5zTsIcmGQUg5RfK+IQmxeQIQbd6oqk=,tag:P8Je5EhAv5TqqT77nPwlHw==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.1
|
||||
@ -1,27 +0,0 @@
|
||||
server:
|
||||
env:
|
||||
WOODPECKER_GITEA_SECRET: ENC[AES256_GCM,data:kf+JUqlc2hXNXYhuRaPnvf84oPPV0Du/cfZBOTibew4C9Jrn9oJ7ZaHNLLpq268cSPU4yH7Rh+w=,iv:I3tjqOT66Bjf9TYwVZOspxY1+9k+vX/D8eMYEaOkV5U=,tag:RbQ+/zJz8XryYox/sW63LA==,type:str]
|
||||
WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:ndIljGRejtzZG0JksJuHNVDceVWP5jY6YwIJpaJHESD2MKrKU3pPm6OrkL/MAnUv1Pb68iJzPuld1nXTI5RQkQ==,iv:K/9rHNwUSk8UYDDW/Bjg/P48bdR+hUo800yclhu87lQ=,tag:kzPdAQS8DLNufdTpHtCFQA==,type:str]
|
||||
agent:
|
||||
env:
|
||||
WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:eCw1v1MwJZ4qPQLHHO9cXVFgdtBUSR4Y3SncgakT8NVH3C+wfx8NAdEbcgPU2pDOrCLuyAxZ/MhVyRqmntpfqw==,iv:SBx4orFPfKeg/cuLmSTCHYwYWrGRIbN+DK845Pqzydo=,tag:921xn4QnZKXdiKOnEb5UAw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGSmFXSXBVeklpVW5JUWth
|
||||
aDczSVp6ZXBGYnlHazRtaGlWSCtMY3ltWUFNCnk2bnZpdG9RM1NjallQbTZZOUQz
|
||||
dUxqdmRiUnFZL0pFOHVvMjdMZ0VkZ0EKLS0tIHEvLy8vWk81dklkVFZrY0FiOHUv
|
||||
UTJrVGVFTGx4OUVsMFdwY3hEbktwbGsKniv5h/9TCyAWaw5Dq8jg43ttgdJDaDw4
|
||||
t2M8sa7rLZlRK/4Udm7Chv3jgscni3J+OpJa1j2LZ8NF8vn8CZ8ntw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-10-14T08:08:22Z"
|
||||
mac: ENC[AES256_GCM,data:W8K98mnf13boTClSRodw0LLz717rgE2qusnmVXxAYykYKggDycI+/8PL49wlg+RUNZzUsHBCJLqTVUpBkq1LD5pJ4ragY/PVGkDFRJMfCKoEFM6lwRHwntHI345O8t0tF66rV25McmJIFSls5TVUrMhcxpybbLOAbcaiUKowg/o=,iv:jQsxV+4gT16+upjrQi2s0qS8PD2As078RiSrd78l0Ec=,tag:ejZIt4r/UiD8Z2jPYEkgZw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
@ -1,19 +0,0 @@
|
||||
authentik:
|
||||
email:
|
||||
password: ENC[AES256_GCM,data:Ai0jLsHymPDXBkTC8+IG0tLeFw4=,iv:Ev0LCJQtHxwiAPwPKih0Yay9TpenoKkNizpNAN85un4=,tag:kWdMGjzyiZAMq+cyahX9hg==,type:str]
|
||||
secret_key: ENC[AES256_GCM,data:jYOrFumK2SatpvhrAtdkznNjOZfELIXVvavu0Kx+njBoOu28lFk+3A==,iv:4RL8UnBvPk5gZCuEyJZ39AFEMukOTu6QsjciNmofYOs=,tag:d87HNop+AlOB31XuKD7iDA==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1WkpPcy9BM0hiVDF1Q0x2
|
||||
NTBFRnNjTk1HWktUZ0k2SjdjRE9EU1YyT1FrCk9zZDhzM0FyU2tKMmxjVXArUDdk
|
||||
eEpFaVdWWm44dG9mazBwNTRIQ0JucGcKLS0tIGhSNmRBNzVHTm5mZlAyTGdZTFpU
|
||||
a0N0TGViZnlXOEVFZkxwTWJDL2p1eWcKrhSyt4j7pjIE+GZyttCO9MC145J2V8I4
|
||||
fya4hMVEr5w/i3mibQIsHWszofnMO/pex8oYmsq0zBeBchQbt5xdCA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-05-05T13:18:25Z"
|
||||
mac: ENC[AES256_GCM,data:JHOeGn984F1Yvfn1eUqqVxnQKF7SL6yXXVvM32FvHzLKIFRlOMwAh0Qa2DTB55nRkZA4AazGM0AhyvNJ4ggX8eftpOrTvMOPReaQ//X7VRXcsJnimVuxNanj3E2wJ6J3nuVjTN4pM0FxH8zlr/DqWzIZSBXHNxOWVaJsbhqUXcs=,iv:XTKudFFEgtKfbvG31McmIyorsMwFFrPkb0YNWxTTvrg=,tag:jd3L4TSuDJxRLd33FyBc7Q==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
@ -1,20 +0,0 @@
|
||||
dbinstances:
|
||||
postgres17:
|
||||
secrets:
|
||||
adminUser: ENC[AES256_GCM,data:fzNOuvTLnLk=,iv:3rZSUx1r6sPhtA6Uj5db1JUvhSNE4nzvuaRSAc3kbmo=,tag:jITuAPaPMeviG7NxptFGXw==,type:str]
|
||||
adminPassword: ENC[AES256_GCM,data:L+x7P+lbezrOYCA0+BbS3g7jJjkkuPgGJ4MuP94D,iv:xDpopUYJmm3JNYNSKQwbAR0qJ3eXZW7nGsXkVbxMna8=,tag:INlZlvAdb5nhI7qC6++DKA==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1NlY2WVp5UlhRZmxGVm9i
|
||||
UHM1cVZzR2QrakRiaFNxQUQ3R09GRTNrRHhrClBwUG14WTZQaklIZWZ4RmRkdW8y
|
||||
ZEN1R0tTUDdwT3ZrU0VBUGp5UUQwNUEKLS0tIFJNQnFQdFVySVkrdUIyNC9Vc1pK
|
||||
WVVMaDE3dVBvRmJCUUlsMVc1SC9GWGMKEnyXXE58x4Ni0Ze6dXray0Yk2OPJKDqm
|
||||
qZmHnVOnSZxsV4roFWqI+BSgD1mZub07tLhNWKubUJnAMQfIWtJ3vQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-05-05T13:27:36Z"
|
||||
mac: ENC[AES256_GCM,data:bJ5Jt0BUYGAEZTvY7CTiktqeuqjYmAMhEhO67Avw+HaajMcwORavi746X6eCas7+JsafkwllOKs/j3VjJ3tXsk0wti1cCliBHyz31Gxa+pGGRVDcJ3RwntWkkSCQzjft/b+2XCqB7Qa5et693rDs8c2EX9v9OCpztSeIA1ErPsI=,iv:iKo8/eku5K4t/4OKPy/Mz8XPHMuzaSFttdxZaV0X/uU=,tag:yuEhdYXC+yVMv9wKLcd36Q==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
@ -1,11 +0,0 @@
|
||||
dbinstances:
|
||||
postgres17:
|
||||
monitoring:
|
||||
enabled: false
|
||||
adminSecretRef:
|
||||
Name: postgres17-secret
|
||||
Namespace: databases
|
||||
engine: postgres
|
||||
generic:
|
||||
host: postgres17-postgresql.databases.svc.cluster.local
|
||||
port: 5432
|
||||
@ -1,23 +0,0 @@
|
||||
env:
|
||||
- name: ENC[AES256_GCM,data:iUkU/BNlitD6f6RQ,iv:x5aENGi0aw9gDh2a7h92DfxwQgdbacM3hHtnPVdIKWA=,tag:4vyOlP7XcC1F6pjnUieAuA==,type:str]
|
||||
value: ENC[AES256_GCM,data:cFypu5mF+ktwjNFCBcy0U/1UIt4Fc/CAtH/SngvaaBXY0yinYzaiOQ==,iv:2VQ1Cpmppkz2ylt5NMP84o+0EQkI43jz267HNRjMugg=,tag:co3LJzwxbmxT09km65MVuw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwMXNsQjEwYXdaR0Y3bktt
|
||||
UGFYS09Nc29IR0w0YmpweUtyV2pPbXFPeFJnCjZkclRSVjREanorbk5MKzJybWJI
|
||||
UDlwdlVqWGZockVVeFVrNnZlZGp1NUkKLS0tIDhnUzgxdlFWa1NicVJEUk81cXp5
|
||||
M2xvSjRrNUx5OFRqbUFpSXdyZ04xVzgKMsBwKA8dVSW9BR2jSTBxMPKevual5P8I
|
||||
V+YUcIIUAP1sFjs4jVhTduBSMI/ZSArWYIEX+dQ46oGDLcRzODm9xQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-02-16T14:21:33Z"
|
||||
mac: ENC[AES256_GCM,data:5nE5vx69ESp0HW0/uxYGp8Lq35Cjb5UpSmNkx1H4ux67K3xs3zEBSrupDuUqzrrj/WFFgTf8fIAnfu//bEUvRqtqkIOb7eTqBlQTCzdKWLMvfwhv3WnfXLljJvZZH+e430z7ayw6psfNbwm5sPr+/sPSijg31xv8x9wN8LfZqno=,iv:BKyKMqQ/eLiDspSlvMh0/I7hKb3xn2BUQhuHwrl+Pfc=,tag:is4SHDuAT2c3Ip2O5ifgWw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.4
|
||||
@ -1,15 +0,0 @@
|
||||
provider:
|
||||
name: cloudflare
|
||||
domainFilters:
|
||||
- badhouseplants.net
|
||||
excludeDomains:
|
||||
- ru.badhouseplants.net
|
||||
policy: sync
|
||||
txtOwnerId: badhp
|
||||
txtPrefix: badhp-ext-dns-
|
||||
logFormat: json
|
||||
logLevel: info
|
||||
sources:
|
||||
- service
|
||||
- ingress
|
||||
- crd
|
||||
@ -1,50 +0,0 @@
|
||||
rootPassword: ENC[AES256_GCM,data:edKknfs0kqBVSTQ4CQUdRdKH22c=,iv:PcSajWchrPOfdPek9OP5s0nfWlFWToHTfLZ89iBZeSs=,tag:5kK4eHmNza1arao76EVHzA==,type:str]
|
||||
users:
|
||||
- accessKey: ENC[AES256_GCM,data:mjmjYJCJofI=,iv:4nN3dt4CKACC7C1/Zfn76SixKmTW4NUxDj+WWbp4DSo=,tag:4lNCTXo+isM+/crCNRtEyA==,type:str]
|
||||
secretKey: ENC[AES256_GCM,data:qkQbZVszNgwmjSvtMtNlEjVBKw==,iv:k+xYu3RFJNovJMBrNqO7QICIvkhe0niHnbGSEwaXe9s=,tag:A2j4EgUB4+3ywZMbroydUw==,type:str]
|
||||
policy: ENC[AES256_GCM,data:KOG9rF5sQtA=,iv:g+KBqLtKBmuj8saUomFjewp1/MiTqXNqxOua2rL19yc=,tag:ibsvSJsGbNuqp5Q8azpcog==,type:str]
|
||||
- accessKey: ENC[AES256_GCM,data:JvnF,iv:T2eXmfOvFInwpsHzrV4oY9vTsJkdHKvb4+UEriunGQw=,tag:MEudOOKBDi42DU+w7K8MEQ==,type:str]
|
||||
secretKey: ENC[AES256_GCM,data:NVFcExw9K2Xw5SbtvXLh3OfoGXNe0IhGmA==,iv:lW0gJ/l3v6BWGCKK/W8B/T2cWq9i6akk2gcsxqPAJpU=,tag:4hxkcaOBc8lHwkMQbzXCbg==,type:str]
|
||||
policy: ENC[AES256_GCM,data:TzNg,iv:/5IRuuS/lO0eo9dos0nNjFoar9PPYlDna5G0dezORvg=,tag:5vyT7jsmU561wFh5NXXG7w==,type:str]
|
||||
- accessKey: ENC[AES256_GCM,data:42SdqYzhNp6Q,iv:pzLnTOITSXJQ8mSNEE+H7EMpa/KO3+W2WJndRgs96Ps=,tag:fZBGTCRPvjRny9FcpvUEmg==,type:str]
|
||||
secretKey: ENC[AES256_GCM,data:J7qAgeWCk6ASt5xBqyrlRNbzQWc=,iv:KC2rpT+lZMyWCch32ycvDtCtqtEWPst/xt5KE1kfYuQ=,tag:9K/Aj54OrbC2qeRWE1bXYg==,type:str]
|
||||
policy: ENC[AES256_GCM,data:DOlqPrIkMCai,iv:q6lULKICvr74qPC/hp90E0XBOFNEs9sYZGfMkcfGZx8=,tag:grNwZst6JUXTpirYIz2XAw==,type:str]
|
||||
- accessKey: ENC[AES256_GCM,data:sy6+E6w=,iv:oHZeQp3BwjB94V/sYxqH5d2L60QMI9m4ZrbolKLRBC4=,tag:7huBXPr027Sn3agLTMd28A==,type:str]
|
||||
secretKey: ENC[AES256_GCM,data:BD4AjbQj9EEK9tKuyaD2OQ2Xrdjg0OlYpw==,iv:52AzwMOA97K40T+QbJ+0Pr4yNdNLw+yfWDEXsEWyIpM=,tag:j+CUMCoUykq05i81C8kEiw==,type:str]
|
||||
policy: ENC[AES256_GCM,data:+BUO1Qo=,iv:kH4rHe5wb0xqOfI2vBGXcyMSCzuSEOCYZ1D8P+7KcnY=,tag:l3twpA6C+gvDZv4qeevVsQ==,type:str]
|
||||
- accessKey: ENC[AES256_GCM,data:FAtE8kxRyrLC,iv:M2O1MPh1s0r1gNof/2oUybxQxDIOTR3HNfFOLyi6kPA=,tag:gf5HJZbfmn2XTutqeAo0uw==,type:str]
|
||||
secretKey: ENC[AES256_GCM,data:GV4Hrq5p1mh3chle1XrvlTpPn7EGQFy1tQ==,iv:xYTNNavejVJmtKLPS9OzFbamcZaz+eRtAn68gGddby0=,tag:HkareuwAwA7QWE6mLO4Bug==,type:str]
|
||||
policy: ENC[AES256_GCM,data:iHNhp3SM29lZ,iv:/y927HxGNOVuayMc1hl8DB/l8l5ioMXb0Fkf7RAA2qw=,tag:w0oC4RgAmYKaWq5sredNTQ==,type:str]
|
||||
- accessKey: ENC[AES256_GCM,data:u2jY6VH7W3c=,iv:vR5C1FqK5wxY2QXxKKxaaadoWqPptxtLUGsjmyq0q/E=,tag:enHvPhEd6KahnVq6KjFhQw==,type:str]
|
||||
secretKey: ENC[AES256_GCM,data:BQTRMAKezwRAtLE3jhFK71Cp,iv:M1VmxliYG0+VNuiDr++hJPe2fa/X32ZJCYAD/VDwYNU=,tag:8jIzJHhE5k7QAjm8vnlYrQ==,type:str]
|
||||
policy: ENC[AES256_GCM,data:6qgyKj01Big=,iv:wB3Adf71VPXTu668fq+yLT2gCPru6nDVqqdnh63OfCs=,tag:d5xLh1eLZEXxksg/DxfVHQ==,type:str]
|
||||
oidc:
|
||||
enabled: ENC[AES256_GCM,data:IotxfQ==,iv:vi5Fn3a7My9nyOb67zTTEzHLoFS8IsEQMcQ2i8f2Nns=,tag:/DMVcbOb0s5mZH3uuStXXQ==,type:bool]
|
||||
configUrl: ENC[AES256_GCM,data:Y7/Qzdy1RLbFgX3ynK6v8KIP5D5qKmwtRx3VCFWVJoch+q5tqHYnENgTcagkOwkHEhQY8DFcSJRrj7VwSGU6f/Rd4LrPdVboe8IRGFdaaZHXobwVooHGlCs=,iv:urkXua9hA6dVcltwwD2ZAb1ysZjU5eKegM2ifWtO5wc=,tag:zgs9I0aVVyAbuyd80ajlZQ==,type:str]
|
||||
clientId: ENC[AES256_GCM,data:aZraoow=,iv:XhlAZly8Pb4LFzt4K1XWyvdeEQnU9VEpn9jHvwdm+34=,tag:T5CvtIU6SJ/hUM69GUfSHg==,type:str]
|
||||
clientSecret: ENC[AES256_GCM,data:WtIcgBfFGvfswBTRAp8IqUV5o6HAklMs8C6Yu9xNjadqtcvuUARMeVLGddioZJZFDu9e9wrX/O9Z5nAZrPjSNLVjjlC6hZL3OhqkMYhkowD7g0lLlTcBtWrQ0gzzKzgEv3AxldHlpGvsj7xKFzrH9Og0Dpw6ysYSV2pdRT654zE=,iv:JyHrOmIhP8yf/X5cI9kLNrvPPWhtTiSqj7id2/qE9Hc=,tag:MhApKAE5DVjGihxzqQPZBQ==,type:str]
|
||||
claimName: ENC[AES256_GCM,data:Brw0M+jN,iv:V4YgI6J+QD2TnlQwBekS1PBI/Hgc0n/iIttPzNPK3eA=,tag:cDSu70i0QkVDHjoa+wKEvw==,type:str]
|
||||
redirectUri: ENC[AES256_GCM,data:Hrg/3/GLHX2vEQwSuRJi2rtFekVNN0Idtt4IQ5fHxdRzLkKiBGi7kesHfquju8Q=,iv:OMeIhw8DWKJN2RZLxv/14+nI363tLjzKniffjT5t204=,tag:AokFVHtetOF0vLMBFpvuHQ==,type:str]
|
||||
comment: ENC[AES256_GCM,data:ILnDkL8NNhKHkpZABUmpJ3nsxRY=,iv:Q6Ndcr7LzyViOKmtfX6ZSf0O5/6+ehRRn0V9Alrec7w=,tag:dxZxfUIEEMTHTHwQNHOHgg==,type:str]
|
||||
claimPrefix: ""
|
||||
scopes: ENC[AES256_GCM,data:ZP6O/NVbf67rZujeJVpgHsxjN2jtuP6rmjFB,iv:6DSLl24QqUZVD3hbd9Khxah1yEyri0FUTSVEceZTkDw=,tag:/C+y4oP7cOibwalDPzpv6w==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpbVVjMlVGckdFazhPWVov
|
||||
a2NTQWU5RGlmTGFSeFZqaW04MU1rVXQ3blhBCnNwQ1daNzY3L1JPK3FCVDFETU00
|
||||
SnAxM0dNM0RlaEpJc21WamtJV0ZsNzQKLS0tIFdFK3pvemtJa1FyRnl5TnBZdjdh
|
||||
aVR2T3dIQkFOSWV5S0QzZE51RGNPYmMKGTDousxnJn8mBe4AiYSz+zApYEQVQU0e
|
||||
DQMlPYEQbmeT25G3C8XksSvEslTtPs9jwZv+mPTDXgzihxe8V6VQDQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-03-01T19:07:25Z"
|
||||
mac: ENC[AES256_GCM,data:4PN2B86mG1Vy4BhV3hI0ec7nBowJnz1PDgDz1SGdKIzshxkEl9tAAt4eGnT5dwndO78R+cmmpbKOdSZXecE1PAHmGyp8e4vi/Y0F8EXTTl2rXcST3Lg5ivuIswKxpNhn7ZMZaUiJMFqOJUK5liGR8vzrNhJc6oPi65LJR8XgnII=,iv:XSm8C570MqHELojSxUUHmNppEVvHX0033BOXWxP4Bhk=,tag:hwWJuHYMdZd+OH2HJG3CIw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.4
|
||||
@ -1,20 +0,0 @@
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
||||
external-dns.alpha.kubernetes.io/ingress-hostname-source: defined-hosts-only
|
||||
hosts:
|
||||
- host: uptime.badhouseplants.net
|
||||
paths:
|
||||
- path: /
|
||||
pathType: ImplementationSpecific
|
||||
|
||||
tls:
|
||||
- secretName: uptime.badhouseplants.net
|
||||
hosts:
|
||||
- uptime.badhouseplants.net
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user