Compare commits

..

1 Commits

104 changed files with 810 additions and 2016 deletions

View File

@ -1,6 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./namespace.yaml
- ./snapshot-controller/ks.yaml
- ./volsync/ks.yaml

View File

@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: volsync-system

View File

@ -1,28 +0,0 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: snapshot-controller
namespace: volsync-system
spec:
interval: 30m
timeout: 15m
chart:
spec:
chart: snapshot-controller
version: 3.0.6
sourceRef:
kind: HelmRepository
name: piraeus
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
strategy: rollback
retries: 3
values:
webhook:
enabled: false

View File

@ -1,19 +0,0 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: snapshot-controller
namespace: flux-system
spec:
timeout: 5m
interval: 10m
#targetNamespace: volsync-system
path: ./kubernetes/common/apps/volsync-system/snapshot-controller/app
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg

View File

@ -1,19 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: volsync
namespace: volsync-system
spec:
interval: 5m
chart:
spec:
chart: volsync
version: 0.10.0
sourceRef:
kind: HelmRepository
name: backube
namespace: flux-system
values:
manageCRDs: true
metrics:
disableAuth: true

View File

@ -1,8 +0,0 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: backube
namespace: flux-system
spec:
interval: 1m
url: https://backube.github.io/helm-charts/

View File

@ -1,21 +0,0 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: volsync
namespace: flux-system
spec:
timeout: 5m
interval: 10m
#targetNamespace: volsync-system
path: ./kubernetes/common/apps/volsync-system/volsync/app
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
dependsOn:
- name: snapshot-controller
decryption:
provider: sops
secretRef:
name: sops-gpg

View File

@ -5,72 +5,72 @@ metadata:
namespace: flux-system namespace: flux-system
type: Opaque type: Opaque
stringData: stringData:
identity: ENC[AES256_GCM,data:XdDbrb6Hkn6DkSkFzvrFf6zvxbVMOiGkdDoZwOnu5S6Fj/Ln8jeP6QxpKYqJH62J5SaFtLQs4Eb443vURFqRRZO/s9E9bDUfToFcCvTOF+DcigO03yk81wPRnu19Zr+VJK/R3d5EYfc/aDv/52mm/MnH4ytwFdN/ped7vT6zwbgWByPGtn5lN7pgsmnFSOXJvpfHrbyWva/mAntf6tRXEMO97xs9VazH9PlVrBp6y9qEsVb/EzNFLMx6VYCj/e+/wiegb0+SAUTgHbf6WrEpEtpY+RBmJqVPrK68F9oxvXNgBcBb0LWg9p81pl8QfJHDKDtDUW08mnibT+IMqiwoECwKuArvCyI7fjd/VRBRYhcHZkJwJxIbEmIxHxs9ubCMUGvBtcuKfctQ/KwkyeuAvoPeFqOJlRfYooRxF3tLutE5XsSWEI87PdU7VrGYKnYTO+9aItAK60w/BsiJbkF1xrvBcLmOJx7p1zcDNuAuYBz9QBsSUChSzwUsrGmxebN/3XAmB/n/mcp8bka7d/vtmjSpVBruVu9olg00,iv:/39YiKJ5i6LRchiElgrClE20iJuV4SF7HB95Qi7lRdo=,tag:IQCxRRHEFg5XypwjQP7VDQ==,type:str] identity: ENC[AES256_GCM,data:Sx6ZC5nQFKwjKl1ohqCKz7x71JT0JFRf+IQqciujxeUWAzYd5Ui12BGiUW/zu2l56vFXa0zqf2F2rsqjv8IvrkhGYXp5crm0Q709o3Gw2GWE6FrSsJqKN9s6vz0mettAUdnjjZKr1wGf56NWrrKXe/1WYEBRhDAt11e8Uei2wCXf0DP2AIGH5BThV980IitD3qhmBvJWrZhurIt8HMyxFdtzEkr3zbfh+U33uLOIC1tOvVnShNyv+Khgc0CjzM+OrQAUCkMOiEPPAjjVrnHcgzHnNZaxQ4SaSMW1lqBpW1Nxqzp/LP3UVIffJjvqtvcPkC9fdBQyAgzbhNDuQV7HDPdCBcac3GZVGYnaPFG7OpWYkBUp2RBY5fjkXjJ4NFfIcS2JQtkVgwmd8ywm6I/laWUZn5qBPG9yz0HIQv3mc0zPv8v7ae/r9Bet/vrVioLhyK/MD73eTKWz7wFTTytiMSgSeejwm9wCog/QLMGp+qdVR/Fnzh75xjGnIk8y+oqkLB6e6mGX9saRccJOlYKvBqd+DYOKyou2Gux/,iv:GkEzgT4SSoqkl6Q7ceZrmt9U303lB3JFQ7AiLj27ElE=,tag:2nsq2GgkkvZts40lztg17g==,type:str]
identity.pub: ENC[AES256_GCM,data:qNJjZriw2GgTMUz85E7R91n2m0cAlqWn4mZdOUgppOMGWEwxiIma4vM3YGkx2Ltt0u78rzng1KJBLSHRXvygJiQLj72+nDYqNuoSK5EQDjk=,iv:VVIX7dU/JO7mCBa/J7gBSYvNX+xyQRtKRzx/BEe0Ny0=,tag:5VO+ib7+qKX6FFefXIGODQ==,type:str] identity.pub: ENC[AES256_GCM,data:D+Vm8UYZnigJpJ4G6BWaXJx0aASRmfURe9HmMPCgXBTHYtqEaU3MAZ2/YcBBBSrLBjziaS1D86g2coPfWOcmwJ4NPOKjJSV10cFsZIPnk4w=,iv:TDZi/AxIJHY2IGgTyOS7oGErPxaYMtBek8efalLmsJw=,tag:feL7jyXQabIvmbB0y5qNiQ==,type:str]
known_hosts: ENC[AES256_GCM,data:MHZdra08vS1QvRWuAvmaKhHxAkhfZuznMhWvM21X6oriI8ylfeaI2Ho2DIUmToiSKGS4wZiTNiB7lMvrPBcCO/l+f2bGXFu4YdXrTLFoV3O9K9cwQRftsqAKgq+zLP5zy11Jd8Hy5J1numqhCb/DmP9AjZflDfhANckBHuDlEJiV4xitbLaMWzmgLDS34K/h1Q+u92j2OgBD5lHiHxszlTkTsqAtSdChCDExOS2Z2nMQIIRI7+E2uGlNtaQ9AhviZlREUWAxGUr8y+fK9jN/XGnaUWEjS5SXUXwtzHnBzv+t5dCtuMLQ2eOki7qcYU5jaQ2uhMrovmaYiIdEgVMtt6VQOoo/5uQx5CHzTwrbqA5lm0hMArf1ZvuzoUf6rJvRBL3KKolWW5wjb57xQxGNgkJ03SI2AYFIVrCB/glEmKK3ZEOn0AFkWTB0rchgjuKnVLuwh5Q5e7yCLrMgQdUcRZCPt0W9CEkVirmBYN8CB6Cuh5cnzXUDrmSvJxJRXFLv/RR+IOEBzQFujMSbp4WdXqZzORx/GrbFKECGuOO0srFdeE+EJVehmvX/OWqQsV21fia3VuUm36w5TjrgsyHQBB70s59RGy6XPzPbmYD/BYk4n7D3Tq7ngukbWqO7ImP0DbUEZlW+ZqEg7S/rYGbeI3oiJs36MLJnMCyXmJ0T7znPoKTZAu4MFQY2JvOcngGTq8ua1ftbQFYVQbOBcF0nkQoe81uj4S8YBziq2rT1vFfgw26OeWlwmUCWQ0i3a7US3VzoJ9D/qU4HAOrjz8REekfwLcL6rEqwSKbDl6gerye5os/iWaXHhOQDFrntc+kodgNLpI003/AXS598Wshzl1iX1FUN5N/Ak6JMKwa4Gv3om6DYiWnHETbkl/6KKtlZFfJ/b7KDjrVGIizT/CZdYegWzg/y8uzTZ9hscO+KfUqda0hg7gWzm+puMrLrVQNvWomtB5eqo6rq1sRER555HTv7ieacha+ZOrwcv1YgpKEB5fpf1vrKrMSCUbVPG/QEDp8PacLcxHpkIiC1sFW3FcvDfw1NzJ6pP4R4FAR1IomBq15+78BM7axx0LXFq8ILYKm7tw643qj5l5HYyoTYAKjji6eLXhG03l2gGeOBa2Qzu2PgudjwoT2uZvZv3MT921na2gQ1Ri8LvhFMXyw+Gvmc3PSOxigoegvWCiDlvS3cfEg7+Dl7IlpaeADWBSWT6qE3x2eYW3V6PtUjuaM/vlJm7RunMYicIB/JMK3Biw+2fhU2RlmINtA2dMDUsaOdetC9DeYltVQPY0XYlV9Kn0OpiPf6mpq2R9ceiQ1QZ4wVBijNHvWqEr92ytodUpLZPxY7qCZ0ArPAFh36YliZg43tlB1041ukqWrWqwtRGINTvGGFW57XHvBVzR0osjwS,iv:5Zi1hQ7sQQFJMB4Ynk8QfyEDco4KrSsriFYHgho6YLU=,tag:t+Z8okFnDFCvt/uLfr06Cw==,type:str] known_hosts: ENC[AES256_GCM,data:n01pTAMd2h98vRT8OtCvw/M6o57FCE73nGgH8vLbiQH4EkA8QPEGUR48r+YS6hFP8n8FXVjuoGDFYdjuZchtm3/CqZBqqhlg9DPtrDwjYfjhf3GpB72iE+R9qNPMlF+aHe45egOzzr3OYZ/wuRDo25x8+d4r19FFLKZDEQdpx5FJnr4H1x9+hm8VKGvh8eJpYDzLm73LdsfCJ37ZjecmnTEkK0BHIOPsglhDwXOfAtKSk9DlUz9veaoFhTwJQK6zJbUYj+vIMc3Z8ACVLJbkxWePHKpkKBAwlEcYP83j/mCZbFITRhBxcyIF+Z2gnheH3KCoaAhl8WW0jK3hM752tu8UxdAa6FMRio0hZ+d4IDKFe9oJNHchUT7pmeL4lrqnUNC7/YdL30WX8aCTWL5anYYyBTYS8TgQmDrKgOz+daw26y9Bte+omkjOIO1avdyu7ZBTNffN5xySma6ARX6X5V4e43vJMPT5+plJSZK7LoMsuY0+ZYlE5ajmYvtIIbQaYvk4OHchH/jhMuW4djlW4ZmJ/ihdGj4hj7reNdc+QyPoYgHuz/SekrdSxJsjFQH9Ke7KQAuxrblwMtUHlsPO3iFd1JmGUD0Ff/IMldL6AVAprcoBgnUmubyRCN4innxkgTdPH74AelBSjOvYRvd6osK4zl+gY9R0NohJTAJWdvsZr8CU9zyth15kLVJpdlyK0iXNFL/+Tg5MKwhBNiucsYrlTDYqyHpT4ssn2ECXygy3IJy84g29L9gI+D+UVlNS0xYpeHNb+8FN10qjITmY5PV5izLnNM+QIitr3UDnMGWPzHqyK5SoKPZZQIUw7engtGKNoLRm0cNWElbHmVHzYXN/9dToxqiWpjsGQsYXMLgeBxwRJ351cKjqYq2mJ3HMsLzjssx/D1GtD5j5AcTV+hKCrOP482SBpB8kdBwFck6IR4jVZTKxhde/4xvtOFcPSb8fUMh4VtItK62RRXbgCd6MsEGz4ZzO9Qmd37QRW0HUtBTtDZ2v4LceQ2IrvzQa85McSDoqFtF8ikkGZytrns0jsrtUi/q0f8AebB0hViU+pBD5/7/Kqi14XCTfp3+BCqhl5tVeiEHRN2aF3C9k26zOwZYzp7mmOdz2CMl5TSyrFt0FAe4ZPaKGQx5ZMvQ45yxY8XGu28sRfOGJ4DvE/ieyrzN4MAWB6XugxHkeE4T9NUZGeNPOSZ/+1hoVQ4648I8+zZ4eoWHpJk0ROFQpS98VsDA8NFWUcKBZL/wnSApxEm/5M4XPeoZ1qsjvMTm4q7di8MARhkx9iibli5AoEq8HXCZ2yOOkF3Jybt5iQ8ET5lHrCPm6dAAdOGDxJFEoVxc9Jzgg778OjpEaBlpdcnTYnZe5fgM4xVzv7+dFM5LSwNRiXBG4RDDMQJxkVpGl,iv:r63R2DHRHmWEOklp8Fp60R293bphRo0fEtBbfY6kwtE=,tag:WvAkb38Bb+nco/ZpaXhP3A==,type:str]
password: ENC[AES256_GCM,data:fGFEgW7D5M0if8qqfNGFUP3cUCW8Nn/XsmRf0PM21vDLjrYzuOLHJA==,iv:ds829XOqukonj7fqZWO+ErK6IDGb61nCa/lwEp0P91Y=,tag:gtudo2jdx6Totv6JcUKBEg==,type:str] password: ENC[AES256_GCM,data:6VdCKBqa6tSVKr+zh/X4eTEX3kG6k1VjFt3PJ5Sx064viFfxOdl5Xw==,iv:Um82ZkCtJr7UZAhu3e06tzQYPJhU+nCrwyH1lQ/FP6A=,tag:Ydookfcn2C+hpdDcHhdBbg==,type:str]
username: ENC[AES256_GCM,data:44LM,iv:uBoSRjeqqq0CC4BRcpp2F0ua09nOI3kaWcAJA2AOFyU=,tag:cjyOHOG+hoPHc2pVvJ8+5A==,type:str] username: ENC[AES256_GCM,data:XneA,iv:6jH3tuWgC6J1GfSvQ2DxumxhJfNHCE+EvLy1CVKomy4=,tag:Jpk+AqScz8SrGRNEaVfoiA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: [] age: []
lastmodified: "2024-10-18T23:02:46Z" lastmodified: "2024-08-03T21:27:12Z"
mac: ENC[AES256_GCM,data:8ESBtPXyeYNjGJ8FLmslEolr/F1gq5XBAkPuPQQxm5SnM++TwbG0E2oyy8TD7FYa62l48Rsdl+o02cwAI8KFk7zcy6588Ti7IBszmkanlDZy0VqoD4rAY4WJZ2m8m0yJEx7roM7gQm0nYJGRufRyK+g2OjVh1YQBxGymnrL2Jtg=,iv:CvFWYFxHfCH8ChQp9XA6S36vswnhUBNRkfW2ZmuIvGE=,tag:Jl+vffpyK1iYzXC1lgJT+Q==,type:str] mac: ENC[AES256_GCM,data:lbcdmV8GaSg/7IEvBTASEOamqLae4SlKEd0pwejnWam6UGWqiYYRYHeHdPJCycWC6xQYc6/S0i7tZf41jhb78nYdp5LsPQ//p9m2/eYKTuNFUuOOnhV6WVP+bkPexsWGPvL85F8hwNutCEpAs6msKkR8Fj2SRgmUn2L/fyx8KKY=,iv:d1y86x1svh9T6XVMi+7sGx/iVDvlk9pgXAogtwHwpmw=,tag:kRZ5xZKpj727O20efLpSyg==,type:str]
pgp: pgp:
- created_at: "2024-10-18T23:02:46Z" - created_at: "2024-08-03T21:27:12Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQIMAwAAAAAAAAAAAQ//cYkEt2KpQw/5VtIM9Ym1c2i2MCSh7y+nQdzocy4RF2Iw hQIMAyqlIeyoxYovARAAyPqbpe2mT3Ki6HURqq4VS35Yt8fmx1acasEtvBNCUVat
H7jR99FHl7vFfNp4tJyfz+OGnE/3B2EqDUM2bCmrp1628iQext0ExKSAheIJygPZ 8Oj3LEvjYvvtBC7LY5msI4HZJnbSoUExPMKR0j1HB1pX/SB8MIjpIQpS8SvnJEnS
6lMpOEBlW51BMdYxSE+PJh+F/Q7Bpnwnf5BJDkobeoKdTrItu24krFJdMjakZmwN B9Mws5F5QzGEQDWg8d/wVia8LaEDehtPXeTx3FZVjfJCMVi7SS61ymg5vbZI0toR
96yGH0C80rtEHHn1A2/MpgBnCBClsJx+HRdp8Tc4552uD2mYYahJmrKzh7euqJbV mCmNh1QkD7lGYPyKfKXjDzM+m6dPf0NYj1etMRxaV3yEsFaOo5P8oi1ewzY4xr5/
jgCgJtL8RxBArNsDiWCCe2QuKjMCjpstuP6xS7RDMVkB7U//IrIa3D1RqQOEYzTP jISkL01xfupeqJSiVnuYXgSDbnKj14hA7DAbsQYsqTevCRVeickmdS6yF7GICOrJ
s9HngMBuvxj6T1iHBXPYIzqr/cHMPtXd/1wJIPpICe6dThbJruPUAyg4cO/bPy1C gqo88b/Aju9gU+6pzaoZCHm5GAszHouUqTWukICPqAIChRKrQRF8eaj22q/+PBS4
UhxWyqLKY3i3OyI9YvlXpNEyordqgVMuA9SYnLB9M7es+MjKMcHFwG0zX4hs6Qaq 3/BzHaRNuZvh2PElshj96dlw2f9hhpkYkbZBElMYidlEe1iRalqWmKBaCYDdoHkc
Bozf51pzogZcjIuEM+sl54IwQsAnAWcpNGRPNtzIKf8LwEihJhfkOCRFArbuIxzB x7vBNtYxkwwUUMz+NIGZPYtyeS/1k9rx+UErad6XDir1/jJK6ICzmYwDJydFRVmR
8Am7CMkcQLTqN4jckdYfSELK2pUfLgV73XMcmgtUz7/NugpdvcIpByLmSz0+04L0 pwzhsmyDdrTRhK0wvClO/QBc55ZYnGa3ecKRC7Sxb2qYsCZzgABnuRAavdmzf4F+
/FYWAy5rto0c5HDkF3tV+88EuThbsuYp3zQpA7QP9eH7TdZqnvE6ouhQhmxUR/99 WoHubjO4vYUswoaV14r5tO3HgS9JkRDzPfK9BfhyeE/9XfUfkNdYVMw4oP/uFkJw
4aZHHQ7sIbtscmyU9eUo6M8pCHpk7tfkp8wWQjoo99oyxE/1qfY58BonaQ4+E/mF aTtVmy9txhsTAQ7yCRKsnA9Itnmu8IQfYYU0MwLK9p93ABORmhpEbzZO5pW/l22F
AgwDAAAAAAAAAAABD/4v3+2tYz9hkNRN11ubHqYDkLT4PB1+2YLxXUJlYr44UWkl AgwDXjg0p2IN1X8BEACQPAKN0TVUzxykhMW1f57HqHfMzNZog9K541Sj9sbyd2fQ
JLv1jwGdLHuGiC/nF0YQpvEU7+yMnz8JUKU1S3vdJxFm3t1qvx57iSPCgs04/9rI 24Z+UX6IZ1I9VOZmRY9ffTjZTG+MUa1jSk6A9BMb9s5c5+PH2bzFxpXcSWf6QNyK
sQHdmpYd1ejvRM7pVUrUvXFEilWxCtwU4JnSH5IlJ+43srgC2vmlIld8/oyghwc3 tY3MmW2jLxqqYfUv/ZnhbfPK4P2846HpkVVZX/lmT4JuHa4t8UFrEeBmWbJfbnL0
9KeN1iFabBcnbqvxdL0WCfEipFJh0gI0WeM9N+t0MahbAm2MGIkj9ZMJ9O+XZX0P Fcu7TDVmf2+z4ArevFUPSCL/ALluYiMqASqvw9acYR7vIjoyjA2o91usOF2Q4oO+
MgoHvfRnkFrSYadTzXX9/gF0N8GGayY/AVgcFFJIn1HFyxoB1gHP5F5/GV8YVpWP QmhaDCm08fvftUDJWCKKmFK49s5jiVr6Fy6E0QUZB2zcaCv6VoTJzxVhCCi2J6rQ
W5o/v5NKYmS22LJQNdFNCgUtjjrdmeeP5SIOCDTytJEahWtlZE4xgmIfHMlbS9fX fVCG1s6k+QVMTQxsIBQM7jmU7XdVPb+hSTFbY6kmn0ijhqLt3n0/JVZKz2y80Mti
c+/pSAakV9Nz39EDUUlMAyj9uoEuE0RDaSRIIzOEvVJmCy40cczpbux4vRE55CBb RYQXvIlKL2lBYy7Fz30TWLoGTmGW1SHS3WmuMv/VPB7o1iqmmjTcgkaHWEiIav5s
Kpj4IW3NnRavXucVt/gtSp+jz8IEpxGjTbgAMxtTi88XZkE2mjDjH0wXGm3Cdr8E j7gLBytITp+yyVm5CBtSMhS0J9gaC90vesjYBNryFRhszTZuO3VzgKspvWf+dIQS
+cG01WXKZnV+Rw3EEthyg9A3Yhl2dCXa+9xeuIbM7R5Ay+VUmkcuhrPxhyCMA5OT ATn64C2XcjIhw6BmAzlaGcieoJrtmi/+ukCyM7Ri2l/WlImUBAKUvIsd5M7PzrRK
+1StnHTwC2qTJnhfrgnEsRAetu/q0wGrWVj7+/2sfLgABuqqByX9l3N3mRyLG3ZK R2dV+saJIb6VoKAXerh9oIvFUPCFqTRqCauRUTTSp35u6kilnKRDy0USiRvQ8owr
HUwPYoHis00J88P2h/5q/Fg9QB6ShsOhv3kvGpr5y3vBpQ9aAwdJcg6fdSzvqNRo NUuT3ZKRNaGISgzhxCOULGKCcOUxv9A51UF6dlwNLWgKp3oVqKZqW6ZJkdE76NRo
AQkCEJL1gcVBMb6aiPKDqR1QRH6pNh7qHm9DFem7xd+5CcgF11ONq8/vlAY86ENo AQkCEDi0uiaPJsm+SJ2PyYSTxKEkWIY9kW6OwZ3kAk8Vn0QeNiojLok8kOGs55vE
SRqFBVYU+00cpzF+yE589J2h3PvNLpO/u2C9J5rrmmvTp9WRnvJnzW+Y521ZPQAJ jlVBnm0tFjALwAfy6H0EOvZcolOdq3+E7j1abgR+yC5RaorwR4rkslpYHsBs9J8Z
XrZhPjnaDkE= DYAMMrBG2A0=
=P5CG =wybq
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
- created_at: "2024-10-18T23:02:46Z" - created_at: "2024-08-03T21:27:12Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQIMAwAAAAAAAAAAAQ//W/yyW7xw283FVjRldWn0DcdYmU59yL4qxFyuWWRfFTng hQIMAy5t8IMoPu4VARAAhMkGlwiYmzonAe4DD9dOn0GkD97bR7fhq9Un+EAjJx73
kfGc+9DkPdCBwWKQsRzc3sm8b4hU6dRL2BTRysUwc2V6QDkjGZsR/jhpBtNjB9y3 F7KAP35VdYoa2iZT1Zbv0IJSBcqKfSgaWMpPqzJNq5FKqvYdyytAV/CSybgODtn0
FbyB3KKyCOl89ADJBY+WgBuqUlHdlqyTlPDCNIQfFngiFGNQd3LZ/6fToo8ZeA3A zZUfLsPu8C1yD7e4TiJcL2ABlll5yU/HwYBJm4rqEl0TO/ogXd4Tj05aDRkYtiDz
jLQA/ZB4t0umccc1O2tyG6j5/UjtSyfUrHyMahDEZ9umwsJ/xmTxT/cHVJA3tYr6 TLLgmNEeq9Z35ir/8Od8WtdjhCVq9RRe2NnE+PT2B+EbT5GFq2kYCxUbdRP8FjFA
WAo2ZD9qJxB8knYM175E9g+4I1ZI8xrTDuXOecxXW4zLELH0RyPxNkAwCGI2L+fH 81RXxbRGm4coBt6ReGBaMr38PTI7wPcJ8JqecAyuX4jjMn8CWi3DIIlHz9cTmyFo
7CZvgxRjmsgGXK7Y7fg4mj4YLqkKkuiReUIU4DACdkVlKHTD+rkHynnOJGqn7FYA HLpdM7K8iYGvTk0LJMQHlUbPSvXLlBUk/WXHZyTR2cmiS3mzVKA/zffNjCpUIAF6
D107J94rZpXZTsbpu+Sp93fzbac4tmSZmXDcfY5aYQ9hdvX+/MkInfmcpMVoYmIm 8EsyKBfXxMKT28q9d8D/rWrAMHjKYlEL0QxCdw036FN6mwn4d4auDG56FC71+FvG
2xghVNii1MUqaGtvsLgXdbIGoCH6ylQA6eCWOjBISFkGgzQQKykV7PxA7QjluY35 wOJxbuviOgok6NZfWKqx0IGXcOQMcL/bCkRtdiUux4WVyj8OgJZJ74gqgK5LEDzD
0+vJfHCHriqee6KTJVGoKfgFswZYGsD/tfV4llQLQg8gmdBblBWizEp4JhRI0ZUn lg3vHQYMqD45i3ig8rfhiK4fKOAIa4QDNXbyWqt9oCh3OwBnNSte2hc9b3szrSqN
iC5AJ9KJAmDImS/tS1hmlFBrWOFSm5NkfwYBZ8A9lKnfX7TcY1Cx5ixeNjKOHINr g0X3eDwuI2EA1qc+Y4PJuz0fXWZBDT39AA99Ruv7v4BvnzvC8DaUlebL7Ky4/dnp
zyhDvVgokewAc8/ggI0yE7QS4ekaeYcp9ezycSlL5/aUaNgf4EGBI/p3yG7Xwa/U 279MToEiE8yFGx4GVhNKR1jSez7I+UoalIkq3vvW91jZIeE790EGxrkT1Gp6lITU
aAEJAhBONeevknrsrKbLCNpr1qIfR49r22EFRNTkk9HKbrau9VZTG7eQRZN1UglG aAEJAhDyOpEoEYc0/XA8uq9BY9bNUshm9ZVS1Kg00im0LE4jxLG0n2Nr2k1NNlv2
btfE/KdfUcz5+YnroPF3Dc5Qpjwzzi4SYLUgOwITBvzOfxkRg2MWqlUza5C+Qjgm tF/5bV0D3CCSzc6CVUSqlvBJ18XYw1gpCuBJsY1ylU8IKbZEXNuwCsJJNleSCsQJ
ueCa0/OcMKbb 8mGx07XqhVal
=FxSv =aq7o
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
encrypted_regex: ^(data|stringData)$ encrypted_regex: ^(data|stringData)$
version: 3.9.1 version: 3.8.1

View File

@ -1,25 +0,0 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationsource_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: "${APP}-b2"
spec:
sourcePVC: "${APP}"
trigger:
schedule: "0 0 * * *"
restic:
copyMethod: "${VOLSYNC_COPYMETHOD:-Snapshot}"
pruneIntervalDays: 7
repository: "${APP}-volsync-b2-secret"
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-zfs-mainpool}"
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}"
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-mainpool-hostpath}"
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
storageClassName: "${VOLSYNC_STORAGECLASS:-openebs-zfs-mainpool}"
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
moverSecurityContext:
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
retain:
daily: 7

View File

@ -1,74 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: ${APP}-volsync-b2-secret
type: Opaque
stringData:
RESTIC_REPOSITORY: ENC[AES256_GCM,data:FgWKr+aNrb73J1m89nSL0mZ15c7sqI8+Zsc6PsfNccNx2N+ZAlEsSlyl4YgOKgKO6CI0CVglkA==,iv:uLqzK+5jfF3g/2jDFf7uSXudnAydfRTI9UhQxfBwIbQ=,tag:JMnC7YnuaLqWbGgXXjmHbg==,type:str]
RESTIC_PASSWORD: ENC[AES256_GCM,data:KFVHg1tT6o7TvifVT/RWPdbbtSh6WoIx68eGQ8uuGRE=,iv:XRJ2iQWrcLELy+2ACcJi2IDV16L6yA7qBhk1xmU+y8c=,tag:FpkUCPMlY9+GEvBwWvfn0g==,type:str]
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:Cl2VoK3FKQdbmYX6CZrSTZBLHMIgR/6HtQ==,iv:CsW/T56z2tn+VLzWItTmm0QfvrztBNrVUvzF3+0thbk=,tag:ADDMdb6EYFzGCNCPomOa1A==,type:str]
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:+LbMKuEQGY2926sq726xeRpLlM07BGAMiPeT7HLEPw==,iv:C/mEPP2xsQI72AGtKjaCEHdYAC898QbB3wUpIcomN1U=,tag:pRF2oYFythF7b/WwysEjZg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-10-17T01:29:44Z"
mac: ENC[AES256_GCM,data:i5zvyCogUkQiFGKvVjh5w5fzoZTBhZRlbiTq8MhWdD3UB8Bdi8gUd2RIk2cti2rpGq+iOPowpquIGVnItirES07MQ0cW9cnS7Lntp6cNerv7mi5SV8qhAvX+43qnDsvLWfxKI/UYyEc84Z0GCT66EdlWhTk/jGrTrYuF1CLaVo0=,iv:XbFwq3GBEMxBWoJNHUxD53ws5TCpCpzclpcBGzSm7Hk=,tag:Uwmfd+Kxeihm0XSRfbM27g==,type:str]
pgp:
- created_at: "2024-10-17T01:29:44Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwAAAAAAAAAAARAAjTJUSRR9PHp8bSVXA+TgBgV8XcqW1R0T093FTCiHJR52
onK9p+nJ/z+FeG26wpWpoc5VoaV5vgHY5MMX6t9EMXU99XPdnLOX3myOSF4UHo8P
YG8eXuOJL2IXu6Ch58Y2W0ua++heep/bLBua8oIHDqFZyuFcmo1U2NdtrpfEyGXf
8uQmUYuCHwigYWbKYqzCBIZwOpRV09tLF4Xwm9f8bEVCJv09k4befiJS6mlgjKHY
9VzUA/Zn/ZC7iD/MuMG+Rd6yEE6DMxcBahM/bmFKKJ5S4Sax0Ij31xR1jh5jZ06z
AdmVz9iGcjAVcC91nsZcBttXMwCNAn0WvWRcTG5SgJQ0U0LdTp4Gnjf36zDOpqOp
5NgTXptL1bb16EOeC/uHjq35MvPxMfUzkogkwv1P9J9Q2NaGR337N4GwTpKPNa9A
j3C1j4WPSs7/N2OeeUr+KDcHFCk7vvSWblQcZ0JtErA0XsSzYWwfahKHt32fomTZ
ncCb/RvllQfafU1tPLco1JM08wDutTEcO11roVmItaUsuxjj+X8AgLBMnH1ajg2F
hbJQ37C4JFUN155VQpvUG3i+jS/aHHgeEagy2AzJoaFtF5/PU7Y14RD/F7YSD26R
DTSq2ysghtFXlTWK3BjgoG4nc0IuFyh1x2iae2/Z8HwkDC8o7IhtItzWnqVXQtGF
AgwDAAAAAAAAAAABD/9r+6dhOYiAk7V6waMcArG6oQo5vffFI0b1165DmHss/KNg
zWX3FMccAi8OscYavxe97ESETXN77Ix2KEz2xbh2cqzgZN0qzqsgpqCR93N5gHKy
58ITR0+fUq8xWK/YcSDU099Kj7M8GL5rVl00a6AFpJOni21/cbBusRlSP0tBlgnO
VgLZqCk3/+i4P53+XSppOR0xjxaXgihPqrOaEwRk5DlJCSHWCUneGIiNJs06KV/D
TX0qMkABKw3ljkTzXT8uP5qG5VhrgC00r3DQPs+FZy+O9Fapsbz0z+QTSetsxCzW
oNQFu/0fttfbPiMHLyrOx4I04h3Q3vqM6PfJMc/70larlGmpQQf9qANzbDDW5sj8
5rvV9JAJ9/YGnAIlOzuEehoY3fmyfDTWwF1aGt8oHjlTKSL9KOh7vPyso/HoCzrt
cSpFsxrLdryrSAyb33NLVEQrDCH/WPqnChowwt+1o6OPiHy5R21r9Pt7BWRVX/AS
T6DEXXpLicYeJABFT8U+emXLBPo3fMOADLTnH48J4PNlCiWObDGOPBT/4e/n07wf
9GidDBEvCDOftOxaK2sGpkJ1ZDFZuDUaizP1Vu1NVl0IVj8r1H8a6C1y7qIEDyST
1MH5GrabRX6MfFOjXd0NFmXuPchXxBqwg+ZCuqeSWbVQA6TlJBHE2CY9uQTZa9Ro
AQkCEBBUfKvzmguNcG4GxZFeqK15yj2FYFLIS3duuUbaOAz5etAHadtB0z+cBwPt
Z5QwxEU/8Uf4JxzMSWyHVirPgxYGd0LWbiV1shiwm81cudQtpSOJeV4wYE1y9rZP
uqtwSypCwtA=
=Gd8M
-----END PGP MESSAGE-----
fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
- created_at: "2024-10-17T01:29:44Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwAAAAAAAAAAAQ/+JzeuokOO0qdLb1HmZoNiL17dYHUFGBLqs8td4uNJRhwQ
CafrelpvuC0KhpEqxnfmsnBgZkArpzabtQN2VipkI3+bJFnBftyzXr84UTeM8MzX
DYs6JNQ4+LujxAN0h1K17wTw9HL2azujfhC+IHmQog7lOg7DlKTIk1NuVfG6u/bt
AJYJfwj125UU+eHrAPmg1NBYbPhvqJbEC3FZ94SN8saNSRazU7OdXDHoiz3ZWisS
SgDgesTeS+MZev7y1TdlX9XIs4X/4xdaE/DLiwQSB/n53lghyFj8cDu/n2oIh/Uf
APmlQ/CPUXXn12RgIb2hZPfdBieiBSekR71iC8ZXptm14BoycTCzX/lN+rYmQbH4
GNY7d7IPZUO5+jXXAaTtM7rNS4VsEDILN8aTSgrxNoD1HoeB76po8fvaVNnh/FuA
5a8LEDeNMzYwJdWLsnUudtPCofQmFRyM78JLj47Bi0ovhWLeN651sgG8/UEubC3x
VMoTDUO+MR6P+YVvla9hGTp2k+3bVjW4nNT4OL7aAflYmbGAGlLmRjeLV5HmEMr3
ftYSdIg337Kj+Aw7mpUuFXKCn8hAbxIWjyeA/L0xEhnlygBVCeRCWyABmdztXYyg
1732VWWiT3wyMY6QWPL9fyVNKv0rNl+76xwzbbtiXtTVZuL2OEqlse4rXzxbbZvU
aAEJAhDflMnNROqHuqiqOmm85rN/Hkdunmt60dq3fz8ROhNJwD8MN1sMYcSZAe+B
LlP/sYD2M0Vt8aLN041GstmIfq2p5hAMMKPnmo+IxHfoGUnVi0UbNbOF2lyRm1XT
C0IsI8I1ccHR
=KrSe
-----END PGP MESSAGE-----
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
encrypted_regex: ^(data|stringData)$
version: 3.9.1

View File

@ -1,9 +0,0 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./backup-creds.sops.yaml
- ./minio-creds.sops.yaml
- ./pvc.yaml
- ./minio.yaml
- ./b2.yaml

View File

@ -1,74 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: ${APP}-volsync-secret
type: Opaque
stringData:
RESTIC_REPOSITORY: ENC[AES256_GCM,data:JQZci/kqmOyRURSMmPBJqrzaJN0xti+BZVgbcgHC9axiq0qoNrumJHGL8+ffyd7q,iv:nG1cokfJKkmmMuwch64KxQ4/eG6OE76pypQFqUDf650=,tag:xr3DhMBsWFf2cjrPLRC1AA==,type:str]
RESTIC_PASSWORD: ENC[AES256_GCM,data:9IOyIGO6TCoeRserdXs6V1vnTBI2n65ChqpBECgX5Kc=,iv:GCwhW9pFAx8GwvxvR81s3+Ippt7YPYVSSVuFmKMjjdU=,tag:YytjzuPbkU+Gh0h67eS76A==,type:str]
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:MjXpPFMdpxyZdg/sHhp50g==,iv:r5bHD7usqnY3M1jn40CG79ed6eOiLRJaCNHDGyixJ2E=,tag:pFRELVZmsS9/HztqAuDc8g==,type:str]
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:6ZQwXEXSyMQGZmnf4zEVyCzeWIZKoshheIgu2WLmDeU=,iv:+ETwZmOJaDlH7CC+zNQc1NqbOfoVV+jT5zPEP2cCA0Y=,tag:l1V2LHN0RgeMSImga5zDaQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-10-17T01:29:50Z"
mac: ENC[AES256_GCM,data:6acDu36pbKhN3j2k4XkOU1zPlT1tGWOxwtyPKEDWLu1FMvL5Sk/xdJh8OT0MqNsgagO2bk0kvgHh3YhM3NErXalJx0HSwCUOKpHikN2OMQg02X+u2zUMRMsOblkzZWfY6XWAQD0PWxpnAV9ndVtB68gPCN5lX3Ios1n0zzqhFNk=,iv:QIlc3hiCsrQdM0LBBVqYau9QBJxVyArG1o2+3F6NgLA=,tag:wqaWWnLRthJAqfRKyl401w==,type:str]
pgp:
- created_at: "2024-10-17T01:29:50Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwAAAAAAAAAAARAAxDMPYaG4/Vq1UZnM2yx9QXu6D2ZlnAg3/A0xu8rbbise
YPc+PEIjvzXoQE7sFmcLCjPDWU23Mj5jMxq9QLt05cpt9EGMyvcGEqmYEcZFYalI
ROgc0rQwg57hkqA6JJRExtJUfqB5MQSS7BqkCtrUvvxZNq340l3oBzLXBmE9vS7C
JYqiNx8eJfv7AcVow5/R8kiFBCqI9VhOMr8VxNLcX5iA/pdL3HaQXph0LN3FvBmF
cPLHdooHODgR77ucYiVZT+pT5weSLJ4NND8VgAw8oN2vJ3xCu4G2xIcWq3q4u9SR
t3brI9qZcxN50PcJhNmRQVDLm3zXWoHTJ8/40KgTn1luRx+VaQTSzxjCe+KComdD
mFnma1lWIyji7JkCe5Mro5YVocInZrNACdVHmE/tl5qhSM4Qv1OBfTPYeMoW852z
7oKxgnfluKqkNjnWDL6yCaHvpJFDbYz3wqfa2D+Ci0t6BNp7vA0qWTxRqGzXVKc9
YRz1QE1AIoQ8Y93UVJe6JBODgbtZ11FuEJsIJIeB3SXF9nzP5n+jsP/G5kA5P5vj
IfwMTblIZ3dov0uZXhg6a3aSAGn2VcGLoxvK/I96c2VYvY9LAA4KJz9R8wDTagFg
+HEe3BgXkgrnNVD58NLpYOBbch+hDuqkuGh+a5qqFZ3h2yySwEWy+6bcnqG8yQWF
AgwDAAAAAAAAAAABEACYFHrG0SrtyiykAqyf/dMPZ35fyI7aHfr4ABZNMC71Kulu
haAqOYWgkhpjQvTe9PqMI6EtEJGya0iVkTtNLV0O2B1/8apXz298xxaR7S5JPpAI
+GKjugAB9atRnf69FkN58PNcL8TJpNsrR3CiOX6Bbjc5DCkQMpDIgny9mO3mwlHa
xvaS9o3DYgo9UvKWptvpiJKC8ve47eX/cQmUZjPMpUGUYpUGSeK8oJGQl4hgAnC2
pXz89ZTM0rTp/YW123wO4OPvJ4lMpitzG73Gbmd1vUOk+5IpVaI+q6a0VYXVeAEU
ol+l84h5jhNSR38sYfTD9fCzXvK/49sBhf7kWG+pH6dnmpO/hqXMXOREXlnkC10m
uU5LieRX0otYgiPs9pMCSLRSa1my8UsHNdM6eVMsn0+Ji7UFoIYAnq79cdVeKDHN
Q5YNF+i1cKPnNarIU4XOqVny7t2YE7B01j3PDYbrp3W5yMAoAF4j9uQ8h7XEX7y4
SlKO8HYcuYTIWcTm+L8FTZMVrQS2cn9HnyZfCxHHD4vbmxAO6hmWodAJv1rFBLYj
yO/4L/MyEVCSnE94vUudR79oQ+6qJOWZypfCPiqn2HVDiHvmbf/Iwc1v+v/GZkFX
6wTqkJ8oi4nGuFU0AfYJG6ENEEmz1dpvnXLIy9vDWq98vrBPFrqOnrTgd6eQQNRo
AQkCEHVlPi7Sn/dhXhcIgGiQzV45MPoo47FSQ+AjjPh6tzIZPj2dcDDdM7TBYGsF
KEknmv9JOX+Web9E9O+n9uJY6RM5zWsf1JNJ5EGMYgQ54wwgoO3DRs6ikg1Bfozb
rXV9iM2Pens=
=jPuh
-----END PGP MESSAGE-----
fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
- created_at: "2024-10-17T01:29:50Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwAAAAAAAAAAAQ/9EfpjOanGUTYg4qCnwmykiGcEqVmGSj9+aJ4PdrPcLuqe
IiZavUGQXhh9kviR8oRRXzwpQeyWQmYNdeKjL1f1sj635I0e+quSh5Y21UsBjYHm
EP2JnmTlDAWYL02FKrZ9OqSfeoI2tdObWjBzC5cDnUiIbJ40abuFcI3wtNqx8MZf
x4V9j17FYejDIRIShSzm95TfVbcadX6BAsDHO7zjpgi7jtpeYtBa/7/s+dHyiPoJ
ZWQ2HD4fzRtfiah1sJl9GrvWK+BAyRkbO2C3Ob0nNTWjujWYQkJYhQb4f5DYbMka
B481UqDcj1hssTU1w7TmaYl2s8QxwSdfa1yIm4GaRofmKW67MMIynksFRPz40p+5
DWAcDoRshY8yi+EvSMUA0h2pstGo0kV1zqYwkDN1Gl2/D5zn2SnkbKuytLAzjUTe
sxWf1TTqXF4bvfVGIo+It6saIfMOKtUeIxnwbc+6lb95Ah9YEaMY5RtAmEgMF6m7
+c4+NyGCJ/A2E26pLDOWf1TwbomlqwR3ertq744hLgOja23DJgMhZDfSWjjwVj79
vDj9E5/3HRNOrC/J0HTaqq6wxh5LD8jY/INNi3+BDWWiQ3YJ4c7kjwgrwp297PiS
QtRQel3QIlrdpQSydDs3mhWs1RMPiCzkjatq0eQVvl/zkxlw1qpbslPEpOR8JI3U
aAEJAhDMV7aqU+viKvHsxGgEEDyfd2Mj1/FQtE5OA5+9GL/Y42AyV4fFct2bdhTO
+e1Ry5EE7Y8PMK9/HAjn78XY4hkqf8wIPaooL8Poq6Lq9Ylt+KVq80IFYgS8LXOS
nYrbk7kpGaUp
=n3YG
-----END PGP MESSAGE-----
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
encrypted_regex: ^(data|stringData)$
version: 3.9.1

View File

@ -1,51 +0,0 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationsource_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: "${APP}"
spec:
sourcePVC: "${APP}"
trigger:
schedule: "0 * * * *"
restic:
copyMethod: "${VOLSYNC_COPYMETHOD:-Snapshot}"
pruneIntervalDays: 7
repository: "${APP}-volsync-secret"
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-zfs-mainpool}"
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}"
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-mainpool-hostpath}"
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
storageClassName: "${VOLSYNC_STORAGECLASS:-openebs-zfs-mainpool}"
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
moverSecurityContext:
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
retain:
hourly: 24
daily: 7
weekly: 5
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationdestination_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationDestination
metadata:
name: "${APP}-dst"
spec:
trigger:
manual: restore-once
restic:
repository: "${APP}-volsync-secret"
copyMethod: Snapshot # must be Snapshot
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-zfs-mainpool}"
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-mainpool-hostpath}"
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-8Gi}"
storageClassName: "${VOLSYNC_STORAGECLASS:-openebs-zfs-mainpool}"
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
capacity: "${VOLSYNC_CAPACITY}"
# moverSecurityContext:
# runAsUser: 10000
# runAsGroup: 10000
# fsGroup: 10000

View File

@ -1,14 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: "${APP}"
spec:
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
dataSourceRef:
kind: ReplicationDestination
apiGroup: volsync.backube
name: "${APP}-dst"
resources:
requests:
storage: "${VOLSYNC_CAPACITY}"
storageClassName: "${VOLSYNC_STORAGECLASS:-openebs-zfs-mainpool}"

View File

@ -1,4 +1,3 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2 apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease kind: HelmRelease
metadata: metadata:
@ -16,9 +15,6 @@ spec:
kind: HelmRepository kind: HelmRepository
name: authentik-charts name: authentik-charts
namespace: flux-system namespace: flux-system
dependsOn:
- name: redis
namespace: database
values: values:
global: global:
env: env:
@ -88,7 +84,7 @@ spec:
enabled: true enabled: true
environment: "k3s" environment: "k3s"
postgresql: postgresql:
host: "postgres16-rw.database.svc" host: "postgresql.database"
name: "authentik" # database name name: "authentik" # database name
user: "authentik" user: "authentik"
redis: redis:

View File

@ -1,26 +0,0 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: authentik
namespace: flux-system
spec:
timeout: 5m
interval: 10m
path: ./kubernetes/main/apps/authentik/app
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
dependsOn:
- name: cloudnative-pg-cluster
postBuild:
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets

View File

@ -3,7 +3,7 @@ kind: Kustomization
resources: resources:
- ./namespace.yaml - ./namespace.yaml
#- ./network_policy.yaml #- ./network_policy.yaml
- ./postgresql/ks.yaml - ./postgresql
- ./redis - ./redis
- ./minio - ./minio
- ./mysql - ./mysql

View File

@ -1,37 +0,0 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: cloudnative-pg
namespace: database
spec:
interval: 30m
chart:
spec:
chart: cloudnative-pg
version: 0.22.0
sourceRef:
kind: HelmRepository
name: cloudnative-pg
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
strategy: rollback
retries: 3
dependsOn:
- name: minio
namespace: database
- name: openebs
namespace: openebs-system
values:
crds:
create: true
monitoring:
podMonitorEnabled: false
grafanaDashboard:
create: true

View File

@ -1,8 +0,0 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: cloudnative-pg
namespace: flux-system
spec:
interval: 2h
url: https://cloudnative-pg.io/charts

View File

@ -1,76 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: cloudnative-pg-secret
namespace: database
labels:
cnpg.io/reload: "true"
stringData:
username: ENC[AES256_GCM,data:SZUXJOMnDmI=,iv:huI5AHvtfU6aCo6drbdZxJ2QwOGwKAd4CfSi8WWUQHU=,tag:fIETu/Yyx01raNTnmBt8AA==,type:str]
password: ENC[AES256_GCM,data:qlcpDS3RhNtSowFuMYlpL11WdR4tZK9M3eZug9TerA4=,iv:9d7ChBA4VcFRszCm3rfPJSYESK2it/dryK0TetDM2Ns=,tag:Z7EI76aBEltrUym/T8MuiA==,type:str]
minioAccessKey: ENC[AES256_GCM,data:CsmN8wuSLLOtiA0PWeaWuw==,iv:oRNB1nhRPH7fRf98exEZ7lGSpvqVRx4l+tQyjPU2rog=,tag:Gx9SRd2UnHNgBiVtalrHAA==,type:str]
minioSecretKey: ENC[AES256_GCM,data:gW5lUoSY2oTLhczB0CySIOadmrltk+zMpYJ6XPRQmtI=,iv:NfnjIwfILvCS99tUdHbCvJwztNPpT8ne4oAg4yOjgFM=,tag:kC6EKVPCGbQxwKySjkgYhw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-10-16T23:46:50Z"
mac: ENC[AES256_GCM,data:1j9tp3Z30k3LC40djCriXYr78LLmSAUkssqBJgk/RKDt6eHbBPwtUhzmLewF8dSxo2shLl/jzKPCsL8HP+kHSvL9bCtrgDBnIEJabGISAHDTDBXkLB+uzVlfx0diDbX0fpZZNBSPCzFHYiebGqY1scUVsN1sBOPxUNrbIi9iKro=,iv:rYsu3+KPmuXBAp/ciYmojj3LEBL8F6PjwXQ1pmJVm5c=,tag:d3r+p29s4POVhCKeAal1cg==,type:str]
pgp:
- created_at: "2024-10-16T23:46:50Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwAAAAAAAAAAAQ/8CSIYw9BE0BxpPpMtJ9xK6xTHIuWnlWAOwhugvLal6i5T
xPFPfRH0uJp9fhayw//pvGz+4JaoqjcHymxEVtqWhAlFRo1WZdllAx97svKySZpC
WxtpEZhur1iwaylKLUinxaltGxumIGD6pGw8VowlyFic944SKqgJAfM8myuddnAk
waWX8H4coSBFLOcsEavieKhOOrsd6D3ppzKNtvYFOb4BAy3YyJHkfw3N1zkraw2L
D5kdBBugLITYpZX8Iqj/UiOAOn05Xgy31p2XjsX0c3JGm5oCcwf+u3BgrVyHvYXN
Z2k7j8e5FbjaxOcBzS0rrrHM+yJahJfQOyCL4A7guISBlLYaJ+BHh3qg4kxhtCau
jHKjglj1Jz50xY9hnH/+UK9jhCMActmZmAQg45hTDynGr6NsOPr43Q6XoUoGUB6X
WbamAIbEnM9u6/Ve6MUkCxMBlA45pQc72v6j4p40aZDqoNWp0PTr4BcYfYvgJafq
MIzxI431+l5x4MAw4ZC14tvhKJX6wNqujn7ZZW8qFAixQwIBuZcogh8YrcLGqHEo
iTbrg2xRnT9C3npm+gQsk80h78sHyPlm0P9EAOCWjnRSZeixSjly9htn5sIKBS+O
yxWfQVDlplYv5V10roKxbfCzMIzHEeayyUaAQib0Z5RsYZfQkemT7zE/U8DftK+F
AgwDAAAAAAAAAAABEACy1DQRnTKLAY8UzS6xRQrauc82a6VzW5TDfiMGiXDZKa+y
9mij9kY7n+727YFZqZiUfEUpOL3pArj+I3PDSv2viPLWo0+1mN4stLt9SwMt+F0m
5DuoTCslrJpupoFxrw+N1uzI0c6UZtYFP5c2iLy3JLPlbCCAdbB6vLqDDaXko8J/
Mf/i5H5Q1Qqfa33NbdfeDkVU6yN+QlbFK3P42FkddUwfKHc7hBn0XpkwheCR+WIj
ocntnX6ksgbbZQmiISWIfBRbxDQaKQ+OIW72OxAY5g6/E2+mIOMraV2YC7zfT/aO
zARTjdoV+hknKlv788i4JBN569YligYo3BB/j6YAczp0V5KvF/4RmcDQYGXIWSjG
9kevuO/5uD82aQCkXkmrjyeNsBUQAFxjTU/ULxanMzud3bcistbejrGkfunuYune
bnPlMDwjd0Wnxv05fmaJ05K5W35ngLCa+7bsoTdqi4KLmWe/OQDOkbRL7awRfEXA
J2JqCiPfZeC+VxM+ysMIYMvpaTyQ+LXNbRRYpMXlHRlqkU2WXeM5vKwj0wqivQ30
mmffcBpTFBspHjO1Gz4asrZnoKh9IiPK/qtoi0EEKXQAPFV8AQcN7gtzCSUpASq6
mkL+uhjeRd8UjQZnGrZnhNOkQuwiM/pvoAODz5NgNgi5NBTnsgvi4rtXopiTytRm
AQkCEMbcxdunAlkuYk3TYUGstkww6uVItWY+9pgipjTEhXXDXdNvjpler7793AJj
1XSt0W1FGnpJUYMrhnMFgUAdDh+pCXkKnyk8bR6OlEnoDlR6AZqlqtcYUn8lIRq5
dXeV4tC4
=xH0Y
-----END PGP MESSAGE-----
fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
- created_at: "2024-10-16T23:46:50Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwAAAAAAAAAAAQ/+Im71eAhkMXAiemDau+TBGU3DEsw9LrdmOPvODknhmUF5
kONOLSDoN9C4F36iGhFrnAFBa/Z/y3wgZdzgSdFZaXjZyja9aRzwu0eC5jfniR/6
r8MFHwP0OA9Vi66Iin77fzpl9bK7W/XY+KHtI6a6rxcGYcp8cqeeIRqUco8jPUpx
gTwaYyi3C/vzLdZhljQw/5TR8HN11P/pvDu4SGDhNMMEEZi3AphimExrbD9efXFJ
QYVvMlgN0X+CqVHmeyasXnsR9dcMoJXxz054BsPiRkJVPPQOR7+1lRu3h3gVfvym
ZzgMikmZArI+lUVXwppNHPRj9fVpqTq7GBuUrwdOCU9crXx/vi4+M20ocesRaV58
bZqzyV92fN8YeqLRkpHm3Mlf8HK9L/Rk4tdpD2MtL29uUlu8wEecLW0dLXx8QoLG
h+m9XOqFHssmCRY5QxHhtzk5BclE3X8iYZRns43puMC3ZZwdINqE8t9FOMJ0lZJq
Q2mzkpyo3ozCh8gKOOAO1McjVGdoqURSngbQgGmmX+qBBcSuHv03134aEq4aqYkB
F7g+9dbacs1MphuN5CaMRhOMY7v87KOQKtziVK4DcX1AsR8EoGc9TzNa1h/7jJ2Y
gfA0Mg1kAYdm9973o6PHV7fpJ/AS6xqvma9N6SaQJtyiqquXFU7Fuf0hNEsI1+TU
ZgEJAhCImWzfnwav7b6R9xzAYrwkkKhrHA4B4cG8XzvZfmWOEMvWkr+CaOppbVxJ
zg0KInkWzw0RU/NVx3bTrKOXwv4Q8vlswFaioA+eDkYEcMtqAiT3LEvhF5Ueqi6d
BhnMEZd1cw==
=txQ7
-----END PGP MESSAGE-----
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
encrypted_regex: ^(data|stringData)$
version: 3.9.1

View File

@ -0,0 +1,17 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: postgres-cert
namespace: database
spec:
secretName: postgres-cert
duration: 2160h # 90d
renewBefore: 360h # 15d
issuerRef:
name: ca-issuer
kind: ClusterIssuer
dnsNames:
- postgresql.database

View File

@ -1,83 +0,0 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/postgresql.cnpg.io/cluster_v1.json
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: postgres16
namespace: database
spec:
instances: 3
imageName: ghcr.io/cloudnative-pg/postgresql:16.4-28
primaryUpdateStrategy: unsupervised
storage:
size: 20Gi
storageClass: openebs-zfs-mainpool
superuserSecret:
name: cloudnative-pg-secret
enableSuperuserAccess: true
postgresql:
parameters:
max_connections: "400"
shared_buffers: 256MB
nodeMaintenanceWindow:
inProgress: false
reusePVC: true
resources:
requests:
cpu: 500m
limits:
memory: 4Gi
monitoring:
enablePodMonitor: true
backup:
retentionPolicy: 30d
barmanObjectStore: &barmanObjectStore
data:
compression: bzip2
wal:
compression: bzip2
maxParallel: 8
destinationPath: s3://cloudnative-pg/
endpointURL: http://minio.database.svc:9000
# Note: serverName version needs to be inclemented
# when recovering from an existing cnpg cluster
serverName: &currentCluster postgres16-v2
s3Credentials:
accessKeyId:
name: cloudnative-pg-secret
key: minioAccessKey
secretAccessKey:
name: cloudnative-pg-secret
key: minioSecretKey
# Note: previousCluster needs to be set to the name of the previous
# cluster when recovering from an existing cnpg cluster
bootstrap:
recovery:
source: &previousCluster postgres16-v1
# initdb:
# import:
# type: monolith
# databases:
# - "*"
# roles:
# - "*"
# source:
# externalCluster: old-cluster
# Note: externalClusters is needed when recovering from an existing cnpg cluster
externalClusters:
- name: *previousCluster
barmanObjectStore:
<<: *barmanObjectStore
serverName: *previousCluster
# - name: old-cluster
# connectionParameters:
# # Use the correct IP or host name for the source database
# host: postgresql.database.svc
# user: postgres
# dbname: postgres
# #sslmode: require
# password:
# name: cloudnative-pg-secret
# key: password

View File

@ -1,8 +0,0 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./cluster16.yaml
- ./scheduledbackup.yaml
- ./prometheusrule.yaml

View File

@ -1,74 +0,0 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/prometheusrule_v1.json
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: cloudnative-pg-rules
namespace: database
spec:
groups:
- name: cloudnative-pg.rules
rules:
- alert: LongRunningTransaction
annotations:
description: Pod {{ $labels.pod }} is taking more than 5 minutes (300 seconds) for a query.
summary: A query is taking longer than 5 minutes.
expr: |-
cnpg_backends_max_tx_duration_seconds > 300
for: 1m
labels:
severity: warning
- alert: BackendsWaiting
annotations:
description: Pod {{ $labels.pod }} has been waiting for longer than 5 minutes
summary: If a backend is waiting for longer than 5 minutes
expr: |-
cnpg_backends_waiting_total > 300
for: 1m
labels:
severity: warning
- alert: PGDatabase
annotations:
description: Over 300,000,000 transactions from frozen xid on pod {{ $labels.pod }}
summary: Number of transactions from the frozen XID to the current one
expr: |-
cnpg_pg_database_xid_age > 300000000
for: 1m
labels:
severity: warning
- alert: PGReplication
annotations:
description: Standby is lagging behind by over 300 seconds (5 minutes)
summary: The standby is lagging behind the primary
expr: |-
cnpg_pg_replication_lag > 300
for: 1m
labels:
severity: warning
- alert: LastFailedArchiveTime
annotations:
description: Archiving failed for {{ $labels.pod }}
summary: Checks the last time archiving failed. Will be < 0 when it has not failed.
expr: |-
(cnpg_pg_stat_archiver_last_failed_time - cnpg_pg_stat_archiver_last_archived_time) > 1
for: 1m
labels:
severity: warning
- alert: DatabaseDeadlockConflicts
annotations:
description: There are over 10 deadlock conflicts in {{ $labels.pod }}
summary: Checks the number of database conflicts
expr: |-
cnpg_pg_stat_database_deadlocks > 10
for: 1m
labels:
severity: warning
- alert: ReplicaFailingReplication
annotations:
description: Replica {{ $labels.pod }} is failing to replicate
summary: Checks if the replica is failing to replicate
expr: |-
cnpg_pg_replication_in_recovery > cnpg_pg_replication_is_wal_receiver_up
for: 1m
labels:
severity: warning

View File

@ -1,13 +0,0 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/postgresql.cnpg.io/scheduledbackup_v1.json
apiVersion: postgresql.cnpg.io/v1
kind: ScheduledBackup
metadata:
name: postgres
namespace: database
spec:
schedule: "@daily"
immediate: true
backupOwnerReference: self
cluster:
name: postgres16

View File

@ -0,0 +1,49 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: postgresql
namespace: database
spec:
interval: 5m
chart:
spec:
chart: postgresql
version: 14.3.x
sourceRef:
kind: HelmRepository
name: bitnami-charts
namespace: flux-system
values:
auth:
existingSecret: "pgsql-secrets"
secretKeys:
adminPasswordKey: "adminPassword"
replicationPasswordKey: "replicationPassword"
tls:
enabled: true
certificatesSecret: postgres-cert
certFilename: "tls.crt"
certKeyFilename: "tls.key"
serviceMonitor:
enabled: true
labels:
release: kube-prometheus-stack
volumePermissions:
enabled: true
primary:
persistence:
existingClaim: "postgresql-pv-claim"
containerSecurityContext:
enabled: true
runAsUser: 10000
readReplicas:
containerSecurityContext:
enabled: true
runAsUser: 10000

View File

@ -1,57 +0,0 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cloudnative-pg
namespace: flux-system
spec:
timeout: 5m
interval: 10m
path: ./kubernetes/main/apps/database/postgresql/app
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
dependsOn:
- name: openebs
- name: openebs-sc
postBuild:
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cloudnative-pg-cluster
namespace: flux-system
spec:
timeout: 5m
interval: 10m
path: ./kubernetes/main/apps/database/postgresql/cluster
prune: true
targetNamespace: database
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
dependsOn:
- name: openebs
- name: openebs-sc
- name: cloudnative-pg
postBuild:
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets

View File

@ -1,7 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ./pvc.yaml - ./pgsql-pv.yaml
- ./secret.sops.yaml - ./pgsql.sops.yaml
- ./cert.yaml
- ./helm-release.yaml - ./helm-release.yaml
- ./sonarr-exportarr-metrics.yaml #- ./pgadmin4

View File

@ -0,0 +1,47 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: pgadmin4
namespace: database
spec:
interval: 5m
chart:
spec:
chart: pgadmin4
version: "1.29.0"
sourceRef:
kind: HelmRepository
name: runix-charts
namespace: flux-system
values:
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- host: &host pgadm.${SECRET_NEW_DOMAIN}
paths:
- path: "/"
pathType: Prefix
tls:
- hosts:
- *host
# securityContext:
# runAsUser: 10000
# runAsGroup: 10000
# fsGroup: 10000
#
# containerSecurityContext:
# enabled: true
# allowPrivilegeEscalation: false
# envVarsFromConfigMaps:
# - pgadmin4-secret
persistentVolume:
enabled: false
volumePermissions:
enabled: true

View File

@ -1,8 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1 apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository kind: HelmRepository
metadata: metadata:
name: piraeus name: runix-charts
namespace: flux-system namespace: flux-system
spec: spec:
interval: 1m interval: 1m
url: https://piraeus.io/helm-charts/ url: https://helm.runix.net

View File

@ -1,6 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ./secret.sops.yaml - ./pgadmin4.sops.yaml
- ./helm-repository.yaml - ./helm-repository.yaml
- ./helm-release.yaml - ./helm-release.yaml

View File

@ -0,0 +1,27 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: postgresql-pv
namespace: database
spec:
storageClassName: hostpath
persistentVolumeReclaimPolicy: Retain
capacity:
storage: 12Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/mnt/MainPool/Kubernetes/databases/postgresql"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: postgresql-pv-claim
namespace: database
spec:
storageClassName: hostpath
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi

View File

@ -0,0 +1,62 @@
apiVersion: v1
kind: Secret
metadata:
name: pgsql-secrets
namespace: database
stringData:
adminPassword: ENC[AES256_GCM,data:gJ7rl2V/VlbIIRvRHcwMaZKN87t5n8bVWZCj/tRv8Uw=,iv:b/5eEnOrHzJrtnO+E2IGwJLHy2AdJQwv9WfUR5fUHY4=,tag:nTtaDNHVfYpChQX9UWwdKA==,type:str]
userPassword: ENC[AES256_GCM,data:gR7q508lUaRDRJ/z5lH99JLJSS9zWfg0O+TAm2B9uvo=,iv:9DDQxwd/BGtLQDacAH/crfT+qU4Pn5sGkWuEtmMprUI=,tag:tK3WoUd7729LQDVqU7pckQ==,type:str]
replicationPassword: ENC[AES256_GCM,data:BSA5IfYhhvN445yp2i3BI5zlIXgdj+LejCPzvlTMnVo=,iv:Qku2NAQPLxt+NUnk2dSx1+WAoyx3aEuA3+piU2mubYk=,tag:MnI+atK6VLZUc3eGS1OE1w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2023-10-22T16:25:15Z"
mac: ENC[AES256_GCM,data:uWVPfKwPpR212js7f2RnCzEsMnxk2JpGPcf2L5i4gJCddJCrRJkdhjWGyVVpp/ociP3JLRTI95+WSEUH0KkPZpY1ptQevCVsUemRytOCtBlR0yR4qsBwEisSu8m4B5dbAYsqlXAndrBNL2WGB7uBv+ILgNxkhlN58unseSWJBDM=,iv:e7QyZSlhpyQ+A8OmV4p1848itIUxyam6CJOI9/N7DDY=,tag:N28mfrAjUTTYkly1hu0OhA==,type:str]
pgp:
- created_at: "2023-06-19T18:35:15Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMAzKleRwoSoixAQ//aQdUERyq3G7V29F5rpY6LdDgo8+hqrrZvdI3JnON0VUM
Tj3AAYg+xvYh8aPQywF9fJvn6qNw8fqrb2GiuuNTa9ZPCFsD+WXbuYHmQ9z6tAtV
opXe3QLNBuo9zEtUfGPbaCp8EH7f1TxQsTJoe9iE/1B2S69cHNUdgXZtfQyhpmlG
iyAk/G04kPazweIuFNjOYaN/12J/s2Cf5AZUeROkMxg8/GTPO68LeEBz9v4vl/1z
JlxmZyXR/9IeoBlO63asDrR85fcvSDb31K4qE3WVkag20bXClv1lehLVKO4bxA/F
lW1tXDR3odC9Ozme884Znd05L0NWkzYKYRta198IV6JuSCeMdjTscGGlMM9wqqKz
SZgs81FHXT16YCVupfI22CqMiD0EzQXrGEtJ4NqaBvhZu+MDxszNRzIl73b0HANc
8JQqQqOJh7ltrWnf39Xlv73yVC/pYbaV1LWGnMfqWvOcksa9QjOH9Ysfj/RxdaMw
VQhydU+21+xeuEQBL7OsiJQUzgJjFREnTRPXcorCtWxocCn5zwdct1SFchFzCOTp
H0ubpD+MP4RTWxuYbZRhE5ty6GJU9liRH7dUJtVaQiv8V+G1DungTqq36AbbnHzd
9cy+4cM3wZx2VYElL7DBom8nqqm7Xhffr0UaaY8VFuV5bBry3BmM5rOr8vDYqf7U
aAEJAhC/4yiBMuhEB+fwXIq/dBjMzW+p8SotK2QK03yaTFQchnBDknwVdqcKQxIZ
di3kupnjB+KllWOZhl121tT9L35ymL53BUu1FKCTFdIS2wXxy6UlIS98n0bvWJYN
c5WTfk81xmbT
=UE14
-----END PGP MESSAGE-----
fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5
- created_at: "2023-06-19T18:35:15Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMAy5t8IMoPu4VAQ/9G2JDsJw6YJMjstWPrv07tnU0ErWZx5WGcNUGhw6T5tOJ
kXCAuaZax8NxoTtZnQ9Cd+WgJr7R0FuVPEPTc4G2RsfntSZq5rBgCpT0fgwyASFX
64b6YTbLcCL+G6sg/FwIi9SRqqCsaljATjoU685vrjaxYYfAdhyUoM3qSNjMMaMl
zVjn0kbWrQn4GqfuRMqcr+zCIQdHNTTJ12+c6UUo/zJp4zzjA68Yur9aiw1iHtR1
rYCPHX2/ZmQjADTHXqwpuMdb5j0VDcd5JcZabdcJkhn/6MRJiN+XryZN/Neq9UbF
5WrMaZz5v0iRnMUCr8HMw29P0ttu5Sma+RyCOZuWlpsXj+C84pJ8CjBbFhzSJzGP
cKI8Syn0CPLN3X6vKs+LJXEHg1jxJ9kuN+RgW+SQRctUX3A0JtFg2tWplkptNtLl
hN5rW+fWxk7BV9dP7wouwVJiKcW3Y/OMCF5H8YHwL/KVHvANBwNM+nmFPrHaqN2s
0RghznmZMVG+9IYedSM6d8ZJLnO/QsNTE0QTGM/3dmBAn9jcndCLTgcgThAtvcmw
lFJYaMN3W455Cccaif93xnb44yn47actgEuM6GOuP15GGJaHD2iBQ2atHcaQhNQR
mxhIIouu+Kaa6g34MA/VGDNoN0eNYI5RZIUSSBl7bgaOXs9/3j1Uvap9yesCaOTU
aAEJAhDDqjX7RUazeEByAiKjv5TxpQzsi8gR4zyrhf6tTx34jHzQNoVjYEtLMEVl
ZlAJ06RoxOj8O6+8RGYd/ZUE+TQPQ4jx+PgWrZPUQx8TSxevuduw5XZ1lKytUSCZ
GFDjOxp0lMGV
=LHSB
-----END PGP MESSAGE-----
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
encrypted_regex: ^(data|stringData)$
version: 3.8.0

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

View File

@ -9,7 +9,7 @@ spec:
chart: chart:
spec: spec:
chart: app-template chart: app-template
version: 3.4.0 version: 3.1.0
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: bjws-charts name: bjws-charts
@ -69,7 +69,20 @@ spec:
globalMounts: globalMounts:
- path: /etc/dendrite - path: /etc/dendrite
data: searchindex:
existingClaim: dendrite type: hostPath
hostPath: /mnt/MainPool/Kubernetes/matrix/searchindex
globalMounts: globalMounts:
- path: /var/dendrite - path: /var/dendrite/searchindex
media-store:
type: hostPath
hostPath: /mnt/MainPool/Kubernetes/matrix/media
globalMounts:
- path: /var/dendrite/media_store
jetstream:
type: hostPath
hostPath: /mnt/MainPool/Kubernetes/matrix/jetstream
globalMounts:
- path: /var/dendrite/jetstream

View File

@ -1,32 +0,0 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app dendrite
namespace: flux-system
spec:
timeout: 5m
interval: 10m
targetNamespace: default
path: ./kubernetes/main/apps/default/dendrite/app
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
dependsOn:
- name: openebs
- name: openebs-sc
- name: volsync
postBuild:
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets
substitute:
APP: *app
VOLSYNC_CAPACITY: 10Gi

View File

@ -1,6 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ../../../../../common/templates/volsync
- ./config.sops.yaml - ./config.sops.yaml
- ./helm-release.yaml - ./helm-release.yaml

View File

@ -1,134 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: firefly-env-secret
namespace: default
stringData:
ALLOW_WEBHOOKS: ENC[AES256_GCM,data:Xxto4J8=,iv:kpOdBrY555myNwllEcwVzg3CCqQX/AfLKzuGZyEwQSc=,tag:zKnJV9jCIcw7cHRja+NAhw==,type:str]
APP_DEBUG: ENC[AES256_GCM,data:G+3my+Q=,iv:xqormW3/yiOsCcBReBd6tNT9wi60f3kTOZsyp2OKvG4=,tag:WtEJ5w88bYF9KBNDp/Pa6w==,type:str]
APP_ENV: ENC[AES256_GCM,data:p4C1h9M=,iv:wtzHEP38BTRol2PFv1YkP8fHWDV118UGGvAcG17Se84=,tag:isAuMLi8DRmJ34VjJcr8sg==,type:str]
APP_KEY: ENC[AES256_GCM,data:h+t2SyxNnv8trqbVHChHu715vATc4V3TrwTHiArG02c=,iv:BZa25GDMZkuOnFolSizrBsPCXxpQhOZsXrLzD5er7/A=,tag:h7VqqqmGUwALfFrog+7r3A==,type:str]
APP_LOG_LEVEL: ENC[AES256_GCM,data:3kDlJYiw,iv:VAlgQFMykqprZ5VcEi5pr3F6q8fUeWvuT5UxYzz0u8Y=,tag:GmmHyOHNzN1DSvFusGY8HA==,type:str]
APP_NAME: ENC[AES256_GCM,data:1sdMi0oSvS/qqA==,iv:UGtsnoz18nzrTZdbNq9yhL1jk9+Xn/MqD4KlC81sa/M=,tag:MLyGbFEH1xhITWSkxx9xsQ==,type:str]
APP_URL: ENC[AES256_GCM,data:SOIw95XStnLsNtcGU9a5Ag==,iv:q+XukA9v2LnR8hNfSL2h52htswDCQC9TSWwdlXhSlTA=,tag:g/MB5/+6v7Srlll/nDb1Kw==,type:str]
AUDIT_LOG_LEVEL: ENC[AES256_GCM,data:Oxn3lA==,iv:wLWmv5B1guQ+3Rqa2ltRRc1peSbTxTSWhe1EF66H35U=,tag:Q1h7ysz/wc0puT1EUvIskA==,type:str]
AUTHENTICATION_GUARD: ENC[AES256_GCM,data:847UILd+icRCFRvkH0cSagM=,iv:/Y3jwxfls8SlKl7buQaqHV/w2mo+U2ZpX4R15fipfQE=,tag:hoDZ973UOjWp6rLGEBVkaQ==,type:str]
AUTHENTICATION_GUARD_HEADER: ENC[AES256_GCM,data:96dC8h0LvpRdn/OiQseWMKbFNkdf6Q==,iv:EPEd09Ykxj2khSMIjDhBNgYpEf4VXZJSad5dtU1gbRc=,tag:Lcc1/HDbsNXMwtbWqPgPjg==,type:str]
BROADCAST_DRIVER: ENC[AES256_GCM,data:rSJL,iv:ccaunQdmOa7yaVkLVDSTCttyJZAs16qX7pw8/ofKWk8=,tag:98QHf78i6Owm8oNA5S3jpA==,type:str]
CACHE_DRIVER: ENC[AES256_GCM,data:tzYKrFY=,iv:6ddHudAzcn2ZUrqa9g+Rr7bG++r8jsCJUKmI34fP+us=,tag:aA/W3N9uiXFzvmznYKYvAQ==,type:str]
CACHE_PREFIX: ENC[AES256_GCM,data:nY2Ck8/LqA==,iv:tfUGZAC4rroja1Hn2tvybwKBi0j92qjcugsVwJGxU6U=,tag:SUmAWATTIrE68Chi+w+4yw==,type:str]
COOKIE_PATH: ENC[AES256_GCM,data:gA==,iv:SO5+C/oRCRvMnxTnf/Uhc2sdMMMtNLIPc3JuqJApY8w=,tag:TAv5wfcDVz9iRfW0JoeISQ==,type:str]
COOKIE_SAMESITE: ENC[AES256_GCM,data:PhGj,iv:pDke8PCUQguCrU67nzUqf54czHOZJAA97gtefugjAuk=,tag:ww4WMdwoyv4bImpCNZWYkQ==,type:str]
COOKIE_SECURE: ENC[AES256_GCM,data:qtZoimA=,iv:60alWp5X4AEdMJJPYl8RLKf6eJCC3cXBQkNxVk16bbI=,tag:VV1G7ayGfyiRlNTVSnLuew==,type:str]
DB_CONNECTION: ENC[AES256_GCM,data:7JuSbA0=,iv:apzB7UuHqKWOMRT8O9IXztTmKD/WBBl5z+p7+ovlNuU=,tag:dUQd4aney67Jz6mmlD7ldA==,type:str]
DB_DATABASE: ENC[AES256_GCM,data:h0C3m/idBA==,iv:KrLnKAWCwcZh+awD2VGi0OSMjFNjE89MOJK0+2hj5vw=,tag:kuENZ9I6DU3kvsVgHTIJKA==,type:str]
DB_HOST: ENC[AES256_GCM,data:suZVnTKeokhPhUkQPlAb11ZeWS1iBAG63UI=,iv:hr5Bji6OoNGwk7dLSsKEaLi2+aMjtf3LrLZEFAELT0A=,tag:1MmNtjFy4vM1wAGpBDrEKA==,type:str]
DB_PASSWORD: ENC[AES256_GCM,data:Jcc8b3a6dkxcY7U1JRL1hvpv/APKPD6xZTO5iz36vSU=,iv:1or2rNKG82uGhb9HpBa9bZyZ8/CJ1B2KQNXuLWchvh8=,tag:FQuv3NpYxWYafSFMoUedDA==,type:str]
DB_PORT: ENC[AES256_GCM,data:l70Rpw==,iv:XD8m8nOOIFQHgqxMn5xQk6WJII37/hHVzQ1j8WHT1ko=,tag:Wcmo+puST26D1aGYsa6YhA==,type:str]
DB_USERNAME: ENC[AES256_GCM,data:2TWWeu0f7g==,iv:UKgzLVE+IxWpTvapVwfNUh01nIjMKEGo0HoxzYZ2gTc=,tag:SYyJr7iNFA9THKs4X2HcLg==,type:str]
DEFAULT_LANGUAGE: ENC[AES256_GCM,data:KeM7X6A=,iv:240BQTfOKiB9r2bVPNSEGdY5o/iAJmf1yV/35FZLEsI=,tag:lQkNFE5hfFGM5DuXVkt8Lw==,type:str]
DEFAULT_LOCALE: ENC[AES256_GCM,data:Uxe2nm0=,iv:VKfvZfduIyErX9H2c/U882vGFJfixQkHJ62EhODNS90=,tag:g49fNNArcaGYeXbuCh2k5w==,type:str]
DISABLE_CSP_HEADER: ENC[AES256_GCM,data:xDdKfBc=,iv:Hsn3VF+vx248TfQyeZXWdM9/+cslpe/+jCp+eKhSbgg=,tag:yuwRMDIt/pVFtXN/R69tYQ==,type:str]
DISABLE_FRAME_HEADER: ENC[AES256_GCM,data:JM9c6yA=,iv:xPZT0uAOgwsTDDxMvfX8xT43SfV9Hci0q8Nki4CmZhY=,tag:5sYoAI8r+nEdxiTl0mp8hw==,type:str]
DKR_BUILD_LOCALE: ENC[AES256_GCM,data:2HKiJyI=,iv:MrKsKfpmpEt+meTsddFIa6yvIr2UcV04wwKq+PKrShw=,tag:JFaEoAbasU2QcfS/ERyWww==,type:str]
DKR_CHECK_SQLITE: ENC[AES256_GCM,data:EkmP0A==,iv:b6bOouqULZQQtUxORzU+Vbcly4bnaob7nQ/lbdHZEEA=,tag:rjNLVF/C4w0BHy7v3wBD2Q==,type:str]
DKR_RUN_MIGRATION: ENC[AES256_GCM,data:A0X5Vg==,iv:ry7Kl+5MtK3ibSGgtzDo6ou/VIy89Y59+In79K047JQ=,tag:W/CuY43sY0f/ioPjoSkGpw==,type:str]
DKR_RUN_PASSPORT_INSTALL: ENC[AES256_GCM,data:mnpCGg==,iv:js+DjnezsJ0FIiML+LYnwqMRnIs56n6/8q1qcqEn/00=,tag:r2ebsWf2x07E41LLPQUAzw==,type:str]
DKR_RUN_REPORT: ENC[AES256_GCM,data:2lL4gg==,iv:x8/qd5ywFXrLliw2Q7ou7/HuW+MC2bkgeGGyNFR58I0=,tag:/kDbkZ1domLWEMjJIKbqMA==,type:str]
DKR_RUN_UPGRADE: ENC[AES256_GCM,data:51UGrQ==,iv:nfn7G2deUUJzgGYX/5lHXQeyQrfDYzVOJ5Febx536fU=,tag:qlX0bmF6wwr8F7/qlEt7ng==,type:str]
DKR_RUN_VERIFY: ENC[AES256_GCM,data:b+dXtg==,iv:ENGxxzAGi9U/w062gIFAmOFefEIOy4K4Hvj2AniRYDA=,tag:xnsGoumtfS4brf1xtoKxug==,type:str]
ENABLE_EXTERNAL_MAP: ENC[AES256_GCM,data:4iVBWE0=,iv:AC00gQW5dK/GaloS5eqFCs45uBdI/HWdd8FVvtgUeBo=,tag:BeDQ8/gZKC9WYwNkN+WYzg==,type:str]
ENABLE_EXTERNAL_RATES: ENC[AES256_GCM,data:argo7PA=,iv:RrT4yl2m5guf/xEHeeggQ66OaK5bTA1KswggBXlR5mc=,tag:8fOZfSKzfZVRJT6/MT1Zaw==,type:str]
FIREFLY_III_LAYOUT: ENC[AES256_GCM,data:iuA=,iv:9tC3yvo01IkYsd6JRCRM6aEIsm1CWXyg4f5n364XgHM=,tag:dMrSUIq98cw3XuflE8FNXQ==,type:str]
IS_HEROKU: ENC[AES256_GCM,data:o1Lo6+Q=,iv:oyzn/BpHWPef0OD7emyxw6BnmK74s0vpAGvzmrRXgUk=,tag:AAKCNapT/JUBLe/Orp0J6A==,type:str]
LOG_CHANNEL: ENC[AES256_GCM,data:JssmWkA=,iv:jM6/uTa4nw0DIeHSN2SRsvHR47gvhWj9fSX+GAvIXHM=,tag:qtnMj5VmdIEBAQmpyE+G9w==,type:str]
MAIL_FROM: ENC[AES256_GCM,data:SA/WMvmJc3KIRpZELsiwbf1NsB4=,iv:a766KIX+wmbHLgm/xLAGYHpM9MOYOhZAZKMsHSZ4iGU=,tag:k7OSWx6mPNJREUzS7JOLXA==,type:str]
MAIL_MAILER: ENC[AES256_GCM,data:dX3U,iv:jAxKMjeilj4DE1QEzBqT9xz9yE1TA6dqXj7SQwQ1P+Y=,tag:o/V2IEbfbYJpgHpFHXWhRQ==,type:str]
MAIL_PORT: ENC[AES256_GCM,data:j2/KWw==,iv:QLJrY1rdwjNwScUHhVq4gW0lEJ1V+dZH78M5Z6TtFYI=,tag:2Xycd/Oppdq31e6EtjzM2Q==,type:str]
MAILGUN_ENDPOINT: ENC[AES256_GCM,data:V7gFVEqy1rwBPHqkNRpc,iv:pOotLv1yuPaBbGYQ3sLSy0VJffkDN0FLNnroB61LnW8=,tag:9AURHDTDEVmW/pWXIXy17A==,type:str]
MAP_DEFAULT_LAT: ENC[AES256_GCM,data:XiOpIndogm+Y,iv:hbgzN6AK+sDmmRQ83zye8f9a1IiGQGdfEI+LF2RLBo4=,tag:iKKUPXUdYhTTcWNT1/a8zA==,type:str]
MAP_DEFAULT_LONG: ENC[AES256_GCM,data:brWzIY9uFRU=,iv:Rssnw2po0rz8UuD6kPzq9AMpy6kuU0vYtZfbGl5eH7c=,tag:V/T1EgIxfKKiXweTRoh0Rg==,type:str]
MAP_DEFAULT_ZOOM: ENC[AES256_GCM,data:3A==,iv:DS23RJUIAjxnWAWGnoaMnE91C0vNjBsgWyzjOP9Jdx0=,tag:0zodJUWJP3PPOei1mhFcYw==,type:str]
MYSQL_SSL_CAPATH: ENC[AES256_GCM,data:ZADLtd66eCRjuMMf0nsh,iv:Vjj4+5OdbMm4V2TOF6YYfbkJFVe3kHpfS6PcrbWWifg=,tag:VTLoPLRAGX/AonK7gR68tg==,type:str]
MYSQL_SSL_VERIFY_SERVER_CERT: ENC[AES256_GCM,data:DJXHgg==,iv:j2eV2VRZ56HMCCkbV5V9vmI1hpOnGWx4362wnhamrGs=,tag:g4OJOGCr6HVrabZ+DwsqcQ==,type:str]
MYSQL_USE_SSL: ENC[AES256_GCM,data:YnB9eyU=,iv:xN2rvs+67Ei/HI2xrvXRsqJ3Lq9JxxOUAheF+8/Zc3Q=,tag:MqhC2GTEnZ+OKMUMVzPzBQ==,type:str]
PGSQL_SCHEMA: ENC[AES256_GCM,data:CYo9vhMD,iv:odi7vEiG6cmXKqMmSZq8qTRMOM2wCeSSxm/um3ij66I=,tag:ekDtW2K4vXvXFdhBMF87FQ==,type:str]
PGSQL_SSL_MODE: ENC[AES256_GCM,data:ITeruVVJ,iv:QRsRTugVCOIG0KZDo86GFDtzyu7ovAqyuxqOcCSOxOE=,tag:vZYyM45ewbhvswtd0wsvlQ==,type:str]
QUEUE_DRIVER: ENC[AES256_GCM,data:l6IcPw==,iv:Z370K4KhfY46YaRIYoE4iWjlKX1BdwHJpeNzThkBdfE=,tag:MYa/clN72+A3tTtfG6qtzw==,type:str]
REDIS_CACHE_DB: ENC[AES256_GCM,data:mQ==,iv:jey3wT+7uJk4SwEBbthm2ZclWiPPMjrEfUELTORPtXs=,tag:ZfCb08z1G9JJrjoR41+3Zw==,type:str]
REDIS_DB: ENC[AES256_GCM,data:EQ==,iv:KbFQy7Z6vjOnv7ryevsl0C8itt/OnE/Fy+AaE7K26rI=,tag:N7jnaM+HxjnJXTPRxf+/Yw==,type:str]
REDIS_HOST: ENC[AES256_GCM,data:XgjQh1KlMyVdYBy/4S+1F7GYkQde,iv:L6cZhVxbe55yWQI8akqEPIrKoN4Edtqs4bosa4VOIdE=,tag:qQ01MbfirFPKdRUNXH+Wjg==,type:str]
REDIS_PASSWORD: ENC[AES256_GCM,data:n2Wb6AQ2stM7AzyjrN3G7XN9lJC0EwVxr2nxcUr2bGo=,iv:0tExhKBE8K7obpInPkeemdRPU1bY+ofvMGaXzCKNUpM=,tag:x1N9GvOF1nEuhcJN3Z5xAA==,type:str]
REDIS_PORT: ENC[AES256_GCM,data:3E4exg==,iv:hpqydc05ay6yPhFCX4WuSrtWNgFTvK7PpXcIvipBzUs=,tag:aDJTwFNp8J56wq+LcwTzeA==,type:str]
REDIS_SCHEME: ENC[AES256_GCM,data:3mGo,iv:ruIJ8NVVC366cHr1ZsfdyU6G8fkjwNS5QRctdVc5I/Y=,tag:++pVD8OMqStBQO8AD3W/xg==,type:str]
SEND_ERROR_MESSAGE: ENC[AES256_GCM,data:zoEtng==,iv:qyhycmEevYNHLUSllogSsTiHNqJ13i7AEUZ5RRWMBew=,tag:E/2w1qzFvsJx0dSaKz1Cjw==,type:str]
SEND_REPORT_JOURNALS: ENC[AES256_GCM,data:I8oPsQ==,iv:epCv5EOgXROYZDaS+dWLYvTJ3+6nYZd/YLHAlpCXRdU=,tag:59DyVe6S0/Ghr+VWj0gauw==,type:str]
SESSION_DRIVER: ENC[AES256_GCM,data:ptIntjU=,iv:4xGQcq/hHN6U2wDVloFQuJ9IStt1wzftGvFshscaDuc=,tag:5lxwRlzoscLuQWhhayz8jA==,type:str]
SITE_OWNER: ENC[AES256_GCM,data:NliL2v+5L2hgtAypHsx/SZIV,iv:USZTjct97S69oC1qQw1LvsVM14h79sPK6C4kT0tU+9c=,tag:cMo1NulvqtEmviv7bNfhtg==,type:str]
TRUSTED_PROXIES: ENC[AES256_GCM,data:mso=,iv:i8oCKh+Do4pitQIG9rjcwxfR+QyJo0a8ZwhpbTmPCjc=,tag:KDYBjKNDxVXmIlQuk6obiQ==,type:str]
TZ: ENC[AES256_GCM,data:JKar98ec1U+TgrUJKORIDg==,iv:/KpoEhX94QgN6dfDjYLcZoMbamwuI9ITKT2qI9C9n60=,tag:YzwHNXVCJaz2FetJCGK94Q==,type:str]
STATIC_CRON_TOKEN: ENC[AES256_GCM,data:aBoz/nZEyniQSV54roz5q15Yzuz6mTqmoAllT+wlvf4=,iv:GzsNSmuqHF0jC9rQTi+vvr6eGM4/V8n1JxX8Mb3ryO0=,tag:sfBpnGh6Mw4W4yqnYiJ1/g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-10-16T01:01:17Z"
mac: ENC[AES256_GCM,data:teviNiyB72tpMJuAc0ap18RFz9zY1KOs9oJRz7Da9CuHAeAYqZrrQ+CSX0N+Mp7t7HIgfDr5grq10DgdjRQYDsUYS/T3UsihdD488i1aBZB5dGb6mo5wUIdBz0CQ4lJkEutnCMHIAuKAMsUYxPnEEqXMKs5BAfF+GtIM0+I1Yi8=,iv:QpaDboQOZ4gPB0PhDWaYZ5HDy8M5W7gvcyO3xpDN/H0=,tag:bAzRW/k/BDbc/c8amU5dyQ==,type:str]
pgp:
- created_at: "2024-10-16T01:01:17Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwAAAAAAAAAAARAAnpEVRD9lQQYNJ6KutXCbuWwoaOf85NX5AyN/xfisWQKW
Wmw+LMvxET8B0Vl95luhhwBa+eFh8SjpRirueFw0q20Fb9RANXtk+EXiT9DG1HdB
ZLJxQtcjOOv/alxgRnaft+CD0szNY9QzkvAs9D4hxXNh634JBEf5BmvzNiwcwTtF
osFFNJfA5bjVzJGEdnkTcfwwkgDYtQqMibwSbtz93jutmZplEUlAhXqUl/+kwtai
Rb2O3CYPLL+vC7H5N0zXxLXcFNjUk9sQrcmBiz2i9DTlav1YHy3NB3EVu+OkvoYO
PacIkKNFjWurhmfuAN0dElCBy+gdDvIEXL9mbW07mkqZ/HTlR0xF2Szj5Ax5Drrx
+/K4IoanRKp3emkD9YRft9MMIpRboorw4u9t+Zv1kTlmIoIpxpBmJ7/kD3uXRb7s
LC5Lth1nk1hK2ZtpBNd1Ldpd4lJ0DodTIs6iBAQ2Tfk3BfZG2EFf+zJQa5YjkPTI
YbyT2skSsteRwCrwZMOUC27LwBWXGukU2Zf2aZH3Y2OY/T4KqArmTz4pMpbhnDWT
9ueNHwbf38/q1IB1n1TDypybWZa1V4IyRstmORoE1sAHEW07PDqFD3dgtkcGtmUb
xCO96GYqrE9kEk1Y5EIaAnN9SrFmpXMxPgvNMuX908OWylPwmVR+p2xXw+Q0GpeF
AgwDAAAAAAAAAAABD/99lYaqpgoba0WNLCdn50NNIduiicH2IUNObXyIoGvO2PrH
T5BXanicIVDz/WuPRV+cZnNKQ0w4fVMo2wgVNpl53b6XQKm2WWUHFayzbBPQ/zJw
xOS/d5onbdrrYqTX8DQ1D0R/uYx3P59YVKcqnt/iSO9WqftxPf82ek8a5DJ/CguM
d0HeeyuxOVfpiMRZksMg2VMjZ2GslvlAtkgtam8dE4v4wJ4+9nzVTNCPUAp2rNKC
zA/rFvZlNEJuj/+UIVxzM2NR36VQklm82Lcql83f49Xmc56cDXpz0UN+NvKJadc0
58dBJhUxKFjmE//rLR8acIR465OEG4x00Xo2260gR2e1Gy8RkRddqOtESwxshnjb
k+uDJoVSlJAv1N/VKAZ2HyZHqBGL1rZ8pAhalVUvLOAKDtVymXPDMN1d62tnSag9
NUQub1IBOjwYfPNGgAYXBu2/AnXv5eY4yvyJZKoLviauNrQGLHCfnGHtsI59szlZ
BEkGWLoq1ScwyfbE3CC6HaDWXgQpdJvOXeIuuYZ5g5aMdIj6fOIGEn7pSvZ0xiVN
vjeXtEkLF8uHXCgaqTN4v/jFgRJFymZFNbwkKp5qLkF+LjaLb1U142LlaF1Um/us
1Yxue1Et9BYODmSjELEX+vITil3oJMbirwoPcwH2ukfDuoG9hRGK0iwkdb+XXNRo
AQkCED1xPAW5o5NG7rPlUzZKeT2/f+wVIM/cR8JJwZI9xUVdwvBYw6jVtcXl9KIo
IS7mndJ5YHOgh8HXfcWxG57xtEgh4OjJYXV0Mx43uqVEQ+iiVz2JlR9c5gDOZFGG
BJEgufqqSUU=
=8uNi
-----END PGP MESSAGE-----
fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
- created_at: "2024-10-16T01:01:17Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwAAAAAAAAAAAQ/7BFBba7dxizR76JOfHWp1c/UJgFuHHCiP53kn3SdIGQqs
ZKJh/CZL9WgEp82WIL9+UN805FKdLmlfU0cu2xkjxx7jTF2iSG8QBhRkli0X6UsD
EGCFTXjVazilJfe6YpW6bnqPRq15wTwcp7YVdBi9hSlRgEc8OPSh2fTk29L6Q1nQ
oVKih+EFmLhX028w0ys+pXaOjJ15btybR+Y53xizwbYcCKNPOgEJO0TSbMb1zJJa
RSqljazLSAeFubMxsXEUv9dvmv4U01ImpQUcuw8U6b8OVvgfD478SOyWmXrk1WrH
FLuIt53TTsOzWyAf/vutQo2WwFk7SNBluEFXtB+L9F6ZhKRyuWlFMlV/BQlBJmJD
pyX+hBWXac012uiNj45RvFnsCWmIywSuwfCaTuMwl/I01WI7kYhea/2qye6oRwQj
3o4svRbjvcMPgwdw6tSnJu6XQ9MV2YSEcDl1FlopzOv9qiX06fWUCvOFfZf/5wH6
EKT5vHoFT78WRVBMWzCsqge77joquykEx9X+x6NvtBLVb57RM2a8kMqYDy936+zQ
2sw0EXDaSw8HfKFEboixLayndSjQlznBSw80WRKBizTU0bmBMjW8e5Y7X9D9olb3
oyrG/EqAkEwvnp4z6M5BBWPyNmQYWLYXb4bTHwRDbom9BK8eRvOjA8EDacxFshbU
aAEJAhCFpjbNB5TmbBa9MYlDXfWzo8ONGKupwvpjCvamvD1lwcnaefFxFEjUqLZv
J1513onnvdLwNhymnGmVMnY6X+qwXjayi/jRrBdvkNBjmocH4qGr5iZTcpO8HLNA
nvRyz440bS22
=Q/Bc
-----END PGP MESSAGE-----
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
encrypted_regex: ^(data|stringData)$
version: 3.9.1

View File

@ -0,0 +1,123 @@
apiVersion: v1
kind: Secret
metadata:
name: firefly-env-secret
namespace: default
stringData:
ALLOW_WEBHOOKS: ENC[AES256_GCM,data:qdisaso=,iv:rT7WID3kRMPEGmWJepNmrj1tutxsT5Arw5AN9oVFoXE=,tag:jkYkRaGLEB3iBEjEVIAVCg==,type:str]
APP_DEBUG: ENC[AES256_GCM,data:Jyo8QmI=,iv:Gq2Ldh+H+oturcglphQb7ERHX8jD/5j01qtEJDRPAn4=,tag:m96oouPtT9J5zQHPs2QaVw==,type:str]
APP_ENV: ENC[AES256_GCM,data:19kiyms=,iv:KLwsQOsDvg/7f18FEsg+e2rgnXSbsxwSNbItmgLGy8M=,tag:mUX/UeXFi0eeZ68bsJpq8Q==,type:str]
APP_KEY: ENC[AES256_GCM,data:PI70apm/K8/1el4lW3KR6wLgBDgj0YAQ6KwngqxSv2Y=,iv:S7xrpAeY3wM3moCL/i5R045yst7Zz8ahXbLyNfvacZ0=,tag:hOXR1kKdxVoQxZyjZu+ajg==,type:str]
APP_LOG_LEVEL: ENC[AES256_GCM,data:ZwJTcn8y,iv:wk+jX9Zp1TTn1EHv0OLgt+0alm5JBHdWcEtIn1dTI6o=,tag:gR1Ls7dFGyt4hKGiwLU5wQ==,type:str]
APP_NAME: ENC[AES256_GCM,data:yfd2OQk6NvjKcA==,iv:jLL2Dt0YlWODwCKSnqR1yuSWJsKySQNZY/pEfxi5jJM=,tag:XoHlMsMuRG6S4Wm0PVjtBA==,type:str]
APP_URL: ENC[AES256_GCM,data:+bveNLjanPPMkoMrDO4KsA==,iv:xQWHzRKBMBumi2bFCUKoWLRiuNNV3HQLv1WGEiZ6RRg=,tag:h9IF4XwIK2P8sB4V1Su5Ug==,type:str]
AUDIT_LOG_LEVEL: ENC[AES256_GCM,data:OA7nqw==,iv:9BcE5Bf9QDf3kzA4Xbf0XkbkFjGAv6id7vdSI12wRm8=,tag:QN7o1eEbGSTvrGGBzzouSg==,type:str]
AUTHENTICATION_GUARD: ENC[AES256_GCM,data:wsQZSzAP0hE4o9DAwNtwSEM=,iv:U6513HaOzDDlCehFuSs8ey0KFWup9S8tAYiSX89EyNg=,tag:i5q9W6uglFZ9bKc2f4QPvQ==,type:str]
AUTHENTICATION_GUARD_HEADER: ENC[AES256_GCM,data:0GfWuR+1RhLsED/T5iEDYV3tkmx2wA==,iv:x/6xxFAv5+J8e55a9JnIZ49v/FJRL066rSf2bBxhHHU=,tag:hAhhsDDMeM29b8iMx3xwqA==,type:str]
BROADCAST_DRIVER: ENC[AES256_GCM,data:2iYs,iv:5oeuA+08uDRSJyLwwkdFC2q4LZKNs2OSoQjsnIX0aYY=,tag:m2ybfxtY98j39sBnax7IVA==,type:str]
CACHE_DRIVER: ENC[AES256_GCM,data:2lv9YGE=,iv:xuk6ih2wApMuWJIlm9clwYCnMR973lG7EOHDUZtlDvc=,tag:cdEh6/zAZ+7IcQMvHojgXQ==,type:str]
CACHE_PREFIX: ENC[AES256_GCM,data:OS/jr/Qo5A==,iv:wLeRO4uAo+HHB/1tK3m4MEeefmMRTc0+aTYuUGGrYyg=,tag:8cv8oxfwMkTeZ8+JsCoWVA==,type:str]
COOKIE_PATH: ENC[AES256_GCM,data:pQ==,iv:5QR02hlvi9n/gl6LLdSR2HSybzohlCisq51+QzUJv1k=,tag:hpwUD0ctU0pX7S+V6UNz/w==,type:str]
COOKIE_SAMESITE: ENC[AES256_GCM,data:HNlS,iv:f/kbAOVyWFEH6yKr+N3zM+9tNQQCpQA7/iKAg8ejFdk=,tag:g1rmzfnWSYIzxFJA0l/uUA==,type:str]
COOKIE_SECURE: ENC[AES256_GCM,data:fxJkE2M=,iv:0JXgzyybtMtIgxh6VSwAS5oehpVMFkLKvJFOBDcwhVM=,tag:RAhNUuJKOho6bvXJyNT6cg==,type:str]
DB_CONNECTION: ENC[AES256_GCM,data:Y7b+kts=,iv:1vZBNoO4O0Z8LPH3ZPSDpx49jtbQOEl6+BitbKyat4A=,tag:eOUpSlZGZKM0LPHdZMjb+Q==,type:str]
DB_DATABASE: ENC[AES256_GCM,data:1rRtAXfMaA==,iv:vErtoqpi1KsHVL0nQ6x2MVNe6JCKxjCxivXXjtUT6Uw=,tag:AYxHWADlGq4NHbcVx8QcHg==,type:str]
DB_HOST: ENC[AES256_GCM,data:sjYDEi8q4bAgpdnxin6yDBtNJw==,iv:6rxqBNvXSsE+2oxWbwiztmlxtKP8C0aeYMdmuGTyF/g=,tag:lRB3EwV4vwa64CI3xqi2lQ==,type:str]
DB_PASSWORD: ENC[AES256_GCM,data:PeysFTbHeZHTnkn0XlJ58AMZbS3EzANUQ8UnhQXRIoU=,iv:NM8c3dx8TlQkPVJGECnyg2L6JM7CQwlx/LQ59x15dY0=,tag:xuLow/AXp+yOUm4hO2527g==,type:str]
DB_PORT: ENC[AES256_GCM,data:yXp98w==,iv:a/jbQI7/3QMKaSJRiZGhdYBzdIzyNA0M3sL83bD/1is=,tag:PxauXvxyQlNo8EaFMzdjKg==,type:str]
DB_USERNAME: ENC[AES256_GCM,data:UOz2K8KusA==,iv:75KRLL7F0mtzESvfvVaIJiBqAz1i8JIcS2VwAMm3KVE=,tag:HmjzrLg4hLuAjQ88U3CDbw==,type:str]
DEFAULT_LANGUAGE: ENC[AES256_GCM,data:U2qo/Z0=,iv:duSb5g58hXy+BjmU51cWVc2APmz/THtQrmfKyWJL8Xs=,tag:3578FhaZxtyLXjFOJA7sVQ==,type:str]
DEFAULT_LOCALE: ENC[AES256_GCM,data:DX3VePo=,iv:d3P66DEPoI3yiZj00YaYVEsu9zCSQ+Nz0vCOxJjfkNk=,tag:JNeGcODHleBBOJrewOWq2w==,type:str]
DISABLE_CSP_HEADER: ENC[AES256_GCM,data:mS45ZNE=,iv:7twp7yAggJfGDKnoqoi4OY97uMQuOq1Y3y6LFst9qFY=,tag:mselnIDI/OzNplWsdq2YlA==,type:str]
DISABLE_FRAME_HEADER: ENC[AES256_GCM,data:lIO+3IU=,iv:/jCBrh9pxsNouU+glpvXqEXI3veHsqaHWkSDEJcJzHI=,tag:JHWUyPl6Ir+XczlkEm/xsw==,type:str]
DKR_BUILD_LOCALE: ENC[AES256_GCM,data:43nBSlc=,iv:pylnsBF4HORItmtHxLxaXjojdyazm1rseMtqgTwwX8k=,tag:mi7eWamr3l/H+foZUJYsJg==,type:str]
DKR_CHECK_SQLITE: ENC[AES256_GCM,data:TssvPA==,iv:N6kVxo9w7pjUy5PSt0nF3yPS7imaKaWbizPZdMv7rKQ=,tag:DpWzkfkFbFaQpuLTirsP1g==,type:str]
DKR_RUN_MIGRATION: ENC[AES256_GCM,data:6+nNEA==,iv:TxFrPKxoaN/neoRK09F5SJswfh+ULHw/tFQz+ouOOsU=,tag:UsMPAYDhgccBtBUAXxTNaQ==,type:str]
DKR_RUN_PASSPORT_INSTALL: ENC[AES256_GCM,data:rA1uHQ==,iv:TKV5pRA65C8FNHOrpzx90qA7maX5ld3aLCv/PrQamII=,tag:bqtT9pqHILiV1AEzkkYk5Q==,type:str]
DKR_RUN_REPORT: ENC[AES256_GCM,data:bqE/+A==,iv:PWlGji8/zVoosDeoWaTG4f9rDJwKOilwENI1JtzatPA=,tag:cHCeTgnB7c0TZ+9bSxFW4A==,type:str]
DKR_RUN_UPGRADE: ENC[AES256_GCM,data:76w+1w==,iv:XZwFW5WoWRBhfgM8Jf71IAEsWJxaWj6nmzh4arjV9IY=,tag:wm49cS3mMPPj0l7rNRm7nA==,type:str]
DKR_RUN_VERIFY: ENC[AES256_GCM,data:GE3u0A==,iv:hZc9+yCN781Hm/M6UrzAnFELJopG/m0PTaHCwJuK4Ic=,tag:SwJ/ujTY9VsrS8payg5FbA==,type:str]
ENABLE_EXTERNAL_MAP: ENC[AES256_GCM,data:jwbL3WE=,iv:EmuPlxlldYIK57w44oeiOUx4dNUx88avn/MXGw0khqk=,tag:6UqgxY3eTE/DQ4znx5NNzw==,type:str]
ENABLE_EXTERNAL_RATES: ENC[AES256_GCM,data://NWaSg=,iv:l1k7TLg2d4impHiGyHtVmXFBpHSK1X+MIIMEvqHmFCc=,tag:7FX96H6R+ez0corFjpzoWA==,type:str]
FIREFLY_III_LAYOUT: ENC[AES256_GCM,data:KGo=,iv:xvBorcd8fPvlGYeomuexZBtORPc7LJRII9pYP1ZNBsg=,tag:ibFX6k0a12rXElxRODc1YA==,type:str]
IS_HEROKU: ENC[AES256_GCM,data:Ffu4Sro=,iv:Q5txv1a/DcH+Utlr12zQJUBy4vlcdxcHFsNDWuWVOeU=,tag:NTay0IKz6s7a9dFpx1BZ+w==,type:str]
LOG_CHANNEL: ENC[AES256_GCM,data:Njfav/E=,iv:xwccazZYrtARU7xKooAnBKJcCDJH5xUSN0C+nIs8Pos=,tag:jI3pelMMZQQ37uuUmUmENQ==,type:str]
MAIL_FROM: ENC[AES256_GCM,data:ILVOrph55Ku8pIfsHtU8DjMuUjo=,iv:c4wzRvDugyRUbKZKq/fgQ2eP3CJ1wJzkQo89tBCZ0WU=,tag:tx2lUsnCBbYIk0h4gL/CBA==,type:str]
MAIL_MAILER: ENC[AES256_GCM,data:rdoZ,iv:NBi4YtbtTkDJHQmXBu9lGUfCWhfRgtYLI3UCayMpq2k=,tag:o+cXYLXlJ0bWVQAPr85CJA==,type:str]
MAIL_PORT: ENC[AES256_GCM,data:lffjiQ==,iv:GsZWiMZGuhpPJfX6vPcr3PKuq2YXS3oQ8v8NojufyKk=,tag:rHcfDoLZdU5wCQR4g/qV6A==,type:str]
MAILGUN_ENDPOINT: ENC[AES256_GCM,data:rrw7Rwjo//tdEyxN98pE,iv:3aeAQM4RV5hDFfZ08voXgk7IrejoM8YACluo75AmRrE=,tag:cAmTiI0vPAnY7NX+YlM6Og==,type:str]
MAP_DEFAULT_LAT: ENC[AES256_GCM,data:i8I6LaPPLFoi,iv:sG6dP5GS2G6kGXEsn8P3KJmyEThJ73WIN2gkMJwNDBA=,tag:uefjbg5pZdIIONBklcsSyw==,type:str]
MAP_DEFAULT_LONG: ENC[AES256_GCM,data:+ESO4h6cGSE=,iv:hAFNmDfc6XWnQbpLQXjUsdZSOwPu964MlFBXYsNr9O0=,tag:iXfs5Z+Ojojzp2H2u1kHxA==,type:str]
MAP_DEFAULT_ZOOM: ENC[AES256_GCM,data:zw==,iv:soYKokimSKxSS0x9nM7GcZfpXtwxjuXVls+KFh61w30=,tag:ryX2Rj1TakKRfynh7bFEtw==,type:str]
MYSQL_SSL_CAPATH: ENC[AES256_GCM,data:Mo68CXbhV7kK5ZGi5MS8,iv:pVKSl5Tu8xzZVk4FX0DIA3vpVYZ9V0RXtfkoUTYeAAU=,tag:bez1DYHFlOn5TZ/oz7F6fQ==,type:str]
MYSQL_SSL_VERIFY_SERVER_CERT: ENC[AES256_GCM,data:DT7Jow==,iv:ZEOzfc0IepdvDNo2vWanOsYAT4EGLvFnSpL8qiiOwes=,tag:eEilJ8cwgCer7H/8qpDPgg==,type:str]
MYSQL_USE_SSL: ENC[AES256_GCM,data:rsKgGpE=,iv:nEJbHiaqOvVauAtCyL6uvfmkAmgvjjSFb28L3/j1PmU=,tag:6d5whsZ30buXkc0W4+5JIg==,type:str]
PGSQL_SCHEMA: ENC[AES256_GCM,data:pmFdRyiy,iv:mYXXlj7R7T3RTuK7QNRKiY6HwCezQYaMpn6de0st+FA=,tag:xFs7kAnFuRjDVRjKyyrJOw==,type:str]
PGSQL_SSL_MODE: ENC[AES256_GCM,data:/spE//X3,iv:qCBP7fJVFixBrB1ApGti1Nq0S87RcVxpHqmPBW9GuWU=,tag:MyCEseplfPX9PNdoqGLvmw==,type:str]
QUEUE_DRIVER: ENC[AES256_GCM,data:tTmRSg==,iv:2KdDPsJ9PlyHsVsFdknC7A4cShE5bBBpRxWslF/0wgY=,tag:7QN0MlfyoDyukmAgmgQvxg==,type:str]
REDIS_CACHE_DB: ENC[AES256_GCM,data:9w==,iv:MKfWJO941vxlJ0VP/0ob9JeFnHkI+okOkd/ifxkbKTA=,tag:PyyjVTRCUSvZxpHekP9ENQ==,type:str]
REDIS_DB: ENC[AES256_GCM,data:Bw==,iv:h3v/+cO1W7eGDAGjVtgeDh8UekMg+ZvIRkNZx+iE/Es=,tag:nF143FAtE181ZJfAjtau7A==,type:str]
REDIS_HOST: ENC[AES256_GCM,data:7hVDI2P+443UGlw/jyBFmNTDBM2p,iv:sbLD+/wdDEiKYpR3ttrey6HTlI5n76trH3wZjU7s3uQ=,tag:qZP1nb9+tOr7Lm4i9HR4wg==,type:str]
REDIS_PASSWORD: ENC[AES256_GCM,data:/i9UM5Cx6h61xbDQ//ocmW1BtmT0LILnwwemOwaTTkw=,iv:FINFRW1006Ljnb1JSi+Ctae3Jw9xR5EW73Ut8FCNfHI=,tag:+6raDqY1TgQQgbkcCcbCLg==,type:str]
REDIS_PORT: ENC[AES256_GCM,data:ME1O4Q==,iv:FhqTqv645wnhhQdGW0IsemeXOlJuCKjbMa3tBw0kueI=,tag:b7TdkDklkFwE/X3lE6XZGA==,type:str]
REDIS_SCHEME: ENC[AES256_GCM,data:puE6,iv:XvOpz9QO7Fn14bbHT8L2p0HquNxIzxomN3Bg3K2NOQY=,tag:qerZcGVGKXW+YAyj6RK9Tg==,type:str]
SEND_ERROR_MESSAGE: ENC[AES256_GCM,data:9xoXVw==,iv:m20IvyDsNzw7v3U8Ai34MhhxrIUGnU3OK9LHwZAdlJo=,tag:BgrhqBiqc9RYo9EzOCvSsw==,type:str]
SEND_REPORT_JOURNALS: ENC[AES256_GCM,data:+ErZjA==,iv:dcrc2+U7MoSBQ3b7w2qe0wIb50AbLDQ8/N9TK03ub5o=,tag:ub6+5g77qZxq8IjxDmk7og==,type:str]
SESSION_DRIVER: ENC[AES256_GCM,data:QlF9bSQ=,iv:I1cjDE4EFVG166ISZaNuM0eFMs6U55y7LUl2cVIONrI=,tag:VxKEC67A3Y0IRNKJ/nZV0g==,type:str]
SITE_OWNER: ENC[AES256_GCM,data:KbzTQ/QdlMmxnSDr1mCo4EG9,iv:287MEAzZFE3+zp3bWWA5Y2u3w7iQH+7AAZ812I4Elx0=,tag:TlljmsgLww7EJIBMdDrKvA==,type:str]
TRUSTED_PROXIES: ENC[AES256_GCM,data:cAU=,iv:MBL/z8pmM2CxlDT1sY4my2gC3jsDo6O1NSa11w3en5U=,tag:zqzHOR69HT3+U7tQOFQQSw==,type:str]
TZ: ENC[AES256_GCM,data:45gLKxH0OsAfMPkgnjKgWQ==,iv:P9CUovVI4WSfZi1nyFHVzHJ7Oioai1FUZRcgBNhQb64=,tag:S7IF8Oxg7hYNcT0mcgkg7Q==,type:str]
STATIC_CRON_TOKEN: ENC[AES256_GCM,data:1xck+8s3ifQmregeKU6891pErxZy86fO0I6XPE83l3o=,iv:XSsCSJkkGwG12f2lhd6IDl07OLVCW8J/945acFP99lA=,tag:XNxSQGyHvR/6/A3EVT69gg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2023-06-17T19:05:29Z"
mac: ENC[AES256_GCM,data:GWtQz5/wKpk38ZYLwn+kGyCT8hFo2SmoaI9vuEFju6N9ipJW1MNQONqTx/Qa8Cje8pT7xIxdoTf+23PaFG91v/gcilMCYjE+OFnVBk80d6ZBTXiSmoQ0DYO3hWiXyMfXTJ1OPqExOkY09QSAfXOrN0JphnWpPNZnaVuxMJZS/Og=,iv:/QbEi6hhsPpeSa5bOxPObP8UUpAwA/I6wU8VXQ6NcOc=,tag:FYYj1y/zTl82SVva0oauuA==,type:str]
pgp:
- created_at: "2023-06-19T18:36:01Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMAzKleRwoSoixAQ//So248m5bmfJG0gp5ZIAK2dVhH44xEg/6yzZ6TC9W4px2
SPqB+gmwswX64NGcGZQ8LQZExyy2poxh7lfQHIdsv2QSTbf0vmOZqG9L7Fv/DSU0
EnUpt04K1yyVyW09tlcE/SIyMy9HhWyH0vZfwqHc/pHnaAhZKEuBH+kFiNPz4Bfd
xtXeieOGYV9ois2vM2NFNohEagrkbpMb8ZEOrWlB8+ZJZhkIeNc2kA+w0n0TEEtR
WefrBwear6YloK89hEfWRdJYksfKvOsU7U+L6MKpMxqGBIpLIV5kTifRAt8pdrNX
m7MY/laTWcqTp1VXUMZQUq+tCa/jjIh4MDvmzGcrRfhSLDvkFz8W43yHvy/hTKgc
nes55vhrWK9ABcZ5sZ3xdfH3ys3tODUsUkaLALaCbXUdg15cQRwvdNkgHou/oY26
jAc38EpeBEtIpkH+nBHLgbflFkElqOcpcS/5OR4mL0dGQ0EhhYTzxES+jcVYg9ka
Na163uPvhNnFNMUACKsDU/u2WngU8B5ISjlsiX9EkbKqDgHrLSJywKcoYESgnU/K
q+24HIFH8cmghRYJZ7SXDahsEw8VrcqQEWTSMM4YnwJeBZH9pjeUK6RySLHxK9F7
rK2djzc6so2Lk/AhYot9FNNwXWqrBKQq7kjFF8Mr6ALydZgst/tSBPtpTxpADZDU
aAEJAhDuDefWmaUMfyK+B21JoUTJtAp1icQZrIFg+mTH+qDWPXdpM1qsaci59aq/
vkML3TwjiytUNRMVORlLPv2z8adUuXIgPx8yEclTxCDKM3bqIfVs1xj2GAItyO4K
XYBV8oIdHegO
=GI4b
-----END PGP MESSAGE-----
fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5
- created_at: "2023-06-19T18:36:01Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMAy5t8IMoPu4VARAApwoZ01GS0soprXAf20Ye1XQVLIFvIuYjub01ibNZmb3m
uJiPyClzMqcjy6TKWvCc6sT1W5DQ3aY9E1ARhgwR/yaIZ31WvNcnLczaOACHPlaW
7e4o9tauN8CYpQqPmTxDyQehKe1EbWqq+63FRAUV0+9qEY/ACCwNtv1HCa2dgyto
0I6v/BmW+KJ10iGCsRv8g5IgPSjYT66a2fsDg24kjtqygHwZ5BPe6xUBJ7zxCmVT
z/3WKaNx5Rdv8l45QQcl2fe1qNNdljJNgowCq23uODcQPJPGEY4wOeYHOlGTKE+E
JojnysVUhILhZtTZ5/AcP36RCzMDGQX7wYtvwh6bgf4qf4InX8+O/WK3u+jOreUl
zbcy/lB7bsQ0usZNPsfy2Qh2LPlziBce9JtkPnWXBwS+lZUCXKDS8pizmj7DZnlo
+3L1f26rn21ye/iOyBArzVmqI4QLJzHJI7l6TZgvvv1dZKHyLW5jCHSq4f098roO
kIKxRThFvTZ9jqM7uDYGiAsGt1L7p+HJRY5WdAVGEaL8jWADW7jjF8qTF3BJ05A9
OgnRxIew6ofB5WeYSrU5dn5di6pTNI6bqHVHbZf3BTrGwdpqsAcniUtDM1FAdU/4
QtB7tXNAYV+ZTDez/MMm7l1xKS6FpPbM5ZUtrcv27I51e2HAyYSsj6FNWWyvXEbU
aAEJAhCfDkAnvink2rBria46BR0IPWSLaVEpnusa/OED/Xw4EEgiFq3XonPTHaqG
iXSfeD0XauMxpLan+YesEv9SRP3ef9iX5OGNwVPpIDlkOyUztBWtf3I7tP2LCf2p
/GKlxeQfAlpx
=zWYo
-----END PGP MESSAGE-----
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
encrypted_regex: ^(data|stringData)$
version: 3.7.3

View File

@ -60,7 +60,8 @@ spec:
port: http port: http
persistence: persistence:
uploads: firefly-uploads:
existingClaim: fireflyiii type: hostPath
hostPath: /mnt/MainPool/Kubernetes/fireflyiii-uploads
globalMounts: globalMounts:
- path: /var/www/html/storage/upload - path: /var/www/html/storage/upload

View File

@ -1,32 +0,0 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app fireflyiii
namespace: flux-system
spec:
timeout: 5m
interval: 10m
targetNamespace: default
path: ./kubernetes/main/apps/default/fireflyiii/app
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
dependsOn:
- name: openebs
- name: openebs-sc
- name: volsync
postBuild:
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets
substitute:
APP: *app
VOLSYNC_CAPACITY: 5Gi

View File

@ -1,7 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ../../../../../common/templates/volsync
- ./env-secret.sops.yaml - ./env-secret.sops.yaml
- ./helm-release.yaml - ./helm-release.yaml
- ./daily-cronjob.yaml - ./daily-cronjob.yaml

View File

@ -38,13 +38,13 @@ spec:
env: env:
- name: PUID - name: PUID
value: 10555 value: 555
- name: PGID - name: PGID
value: 10555 value: 555
- name: TZ - name: TZ
value: "America/New_York" # Set to your timezone value: "America/New_York" # Set to your timezone
- name: DB_HOST - name: DB_HOST
value: "postgres16-rw.database.svc" value: "postgresql.database"
- name: DB_PORT - name: DB_PORT
value: "5432" value: "5432"
- name: DB_USER - name: DB_USER

View File

@ -38,7 +38,7 @@ spec:
name: ganymede-env name: ganymede-env
key: dbPassword key: dbPassword
- name: POSTGRES_SEEDS # postgres hostname, idk why its called SEEDS - name: POSTGRES_SEEDS # postgres hostname, idk why its called SEEDS
value: postgres16-rw.database.svc value: postgresql.database
service: service:
app: app:

View File

@ -38,7 +38,7 @@ spec:
env: env:
DATABASE_ADAPTER: postgresql DATABASE_ADAPTER: postgresql
DATABASE_HOST: postgres16-rw.database.svc DATABASE_HOST: postgresql.database
DATABASE_PORT: 5432 DATABASE_PORT: 5432
DATABASE_NAME: huginn DATABASE_NAME: huginn

View File

@ -1,13 +1,13 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ./fireflyiii/ks.yaml - ./fireflyiii
- ./cdn - ./cdn
- ./trilium/ks.yaml - ./trilium
- ./mealie/ks.yaml - ./mealie
- ./huginn - ./huginn
- ../../../common/apps/exim/ks.yaml - ../../../common/apps/exim/ks.yaml
- ./well-known-site - ./well-known-site
- ./dendrite/ks.yaml - ./dendrite
- ./ganymede - ./ganymede
- ./piwigo/ks.yaml - ./piwigo

View File

@ -46,7 +46,7 @@ spec:
POSTGRES_USER: mealie POSTGRES_USER: mealie
# specified in mealie-env # specified in mealie-env
# POSTGRES_PASSWORD # POSTGRES_PASSWORD
POSTGRES_SERVER: postgres16-rw.database.svc POSTGRES_SERVER: postgresql.database
POSTGRES_PORT: 5432 POSTGRES_PORT: 5432
POSTGRES_DB: mealie POSTGRES_DB: mealie
@ -92,6 +92,7 @@ spec:
persistence: persistence:
data: data:
existingClaim: mealie type: hostPath
hostPath: /mnt/MainPool/Kubernetes/Mealie
globalMounts: globalMounts:
- path: /app/data - path: /app/data

View File

@ -1,32 +0,0 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app mealie
namespace: flux-system
spec:
timeout: 5m
interval: 10m
targetNamespace: default
path: ./kubernetes/main/apps/default/mealie/app
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
dependsOn:
- name: openebs
- name: openebs-sc
- name: volsync
postBuild:
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets
substitute:
APP: *app
VOLSYNC_CAPACITY: 5Gi

View File

@ -1,6 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ../../../../../common/templates/volsync
- ./env-secret.sops.yaml - ./env-secret.sops.yaml
- ./helm-release.yaml - ./helm-release.yaml

View File

@ -61,10 +61,14 @@ spec:
port: http port: http
persistence: persistence:
data: config:
existingClaim: piwigo type: hostPath
hostPath: /mnt/MainPool/Kubernetes/piwigo/config
globalMounts: globalMounts:
- path: /config - path: /config
subPath: config
gallery:
type: hostPath
hostPath: /mnt/MainPool/Kubernetes/piwigo/gallery
globalMounts:
- path: /gallery - path: /gallery
subPath: gallery

View File

@ -1,32 +0,0 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app piwigo
namespace: flux-system
spec:
timeout: 5m
interval: 10m
targetNamespace: default
path: ./kubernetes/main/apps/default/piwigo/app
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
dependsOn:
- name: openebs
- name: openebs-sc
- name: volsync
postBuild:
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets
substitute:
APP: *app
VOLSYNC_CAPACITY: 10Gi

View File

@ -1,5 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ./helm-repo.yaml
- ./helm-release.yaml - ./helm-release.yaml

View File

@ -1,61 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: trilium
namespace: default
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 3.4.0
sourceRef:
kind: HelmRepository
name: bjws-charts
namespace: flux-system
values:
controllers:
main:
containers:
main:
image:
repository: ghcr.io/zadam/trilium
tag: 0.63.7
env:
TRILIUM_PORT: &port 8080
service:
app:
controller: main
ports:
http:
port: *port
ingress:
main:
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- host: "notes.${SECRET_NEW_DOMAIN}"
paths:
- path: /
service:
identifier: app
port: http
persistence:
data:
existingClaim: trilium
globalMounts:
- path: /home/node/trilium-data
temp:
type: persistentVolumeClaim
storageClass: openebs-zfs-mainpool
accessMode: ReadWriteOnce
size: 2G
globalMounts:
- path: /home/node/trilium-data/log
subPath: log
- path: /home/node/trilium-data/sessions
subPath: sessions
- path: /home/node/trilium-data/backup
subPath: backup

View File

@ -1,5 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../common/templates/volsync
- ./helm-release.yaml

View File

@ -0,0 +1,50 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: trilium
namespace: default
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 1.3.x
sourceRef:
kind: HelmRepository
name: bjws-charts
namespace: flux-system
values:
image:
repository: ghcr.io/zadam/trilium
tag: 0.63.7
env:
TRILIUM_PORT: &port 8080
service:
main:
ports:
http:
port: *port
ingress:
main:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- host: &host "notes.${SECRET_NEW_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
persistence:
storage:
enabled: true
type: hostPath
hostPath: /mnt/MainPool/Kubernetes/trilium
mountPath: /home/node/trilium-data

View File

@ -1,32 +0,0 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app trilium
namespace: flux-system
spec:
timeout: 5m
interval: 10m
targetNamespace: default
path: ./kubernetes/main/apps/default/trilium/app
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
dependsOn:
- name: openebs
- name: openebs-sc
- name: volsync
postBuild:
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets
substitute:
APP: *app
VOLSYNC_CAPACITY: 5Gi

View File

@ -1,5 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ./helm-repo.yaml
- ./helm-release.yaml - ./helm-release.yaml

View File

@ -259,7 +259,7 @@ spec:
externalDatabase: externalDatabase:
type: postgres type: postgres
host: postgres16-rw.database.svc host: postgresql.database
port: 5432 port: 5432
## the schema which will contain the airflow tables ## the schema which will contain the airflow tables

View File

@ -5,8 +5,8 @@ resources:
#- ./network_policy.yaml #- ./network_policy.yaml
- ./qbittorrent - ./qbittorrent
- ./qbit-manage - ./qbit-manage
- ./radarr/ks.yaml - ./radarr
- ./sonarr/ks.yaml - ./sonarr
- ./prowlarr - ./prowlarr
- ./bazarr - ./bazarr
- ./readarr - ./readarr

View File

@ -2,5 +2,5 @@ apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: download name: download
annotations: labels:
volsync.backube/privileged-movers: "true" name: download

View File

@ -1,148 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: radarr
namespace: download
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 3.4.0
sourceRef:
kind: HelmRepository
name: bjws-charts
namespace: flux-system
values:
controllers:
radarr:
initContainers:
init-db:
image:
repository: ghcr.io/onedr0p/postgres-init
tag: 16
env:
INIT_POSTGRES_DBNAME: &dbName radarr_main
INIT_POSTGRES_HOST: &dbHost postgres16-rw.database.svc
INIT_POSTGRES_PORT: &dbPort "5432"
envFrom: &envFrom
- secretRef:
name: radarr-secret
containers:
app:
image:
repository: ghcr.io/onedr0p/radarr-develop
tag: 5.12.0.9255
envFrom: *envFrom
env:
TZ: America/New_York
RADARR__APP__INSTANCENAME: Radarr
RADARR__APP__THEME: dark
RADARR__AUTH__METHOD: External
RADARR__AUTH__REQUIRED: DisabledForLocalAddresses
RADARR__LOG__DBENABLED: "False"
RADARR__LOG__LEVEL: info
RADARR__POSTGRES__HOST: *dbHost
RADARR__POSTGRES__PORT: *dbPort
RADARR__POSTGRES__MAINDB: *dbName
RADARR__SERVER__PORT: &port 7878
RADARR__UPDATE__BRANCH: develop
probes:
liveness: &probes
enabled: true
custom: true
spec:
httpGet:
path: /ping
port: *port
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
readiness: *probes
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities: { drop: ["ALL"] }
resources:
requests:
memory: 100Mi
limits:
memory: 4Gi
exportarr:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.0.1
args:
- radarr
env:
- name: URL
value: "http://localhost"
- name: PORT
value: &metricsPort 9000
- name: ENABLE_ADDITIONAL_METRICS
value: "true"
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: "true"
- name: API_KEY
secretKeyRef:
name: radarr-secret
key: RADARR__AUTH__APIKEY
defaultPodOptions:
securityContext:
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
service:
app:
controller: radarr
ports:
http:
port: *port
metrics:
port: *metricsPort
protocol: HTTP
ingress:
app:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
hosts:
- host: "radarr.${SECRET_NEW_DOMAIN}"
paths:
- path: /
service:
identifier: app
port: http
persistence:
config:
#type: hostPath
#hostPath: /mnt/MainPool/Kubernetes/radarr
existingClaim: radarr
globalMounts:
- path: /config
# main: # controller name
# radarr: # container name
# - path: /config
# exportarr:
# - path: /config
# readOnly: true
storage:
type: hostPath
hostPath: /mnt/MainPool/Media
advancedMounts:
radarr: # controller name
app: # container name
- path: /storage

View File

@ -1,8 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
#- ../../../../../common/templates/volsync
- ./pvc.yaml
- ./secret.sops.yaml
- ./helm-release.yaml
- ./radarr-exportarr-metrics.yaml

View File

@ -1,10 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: radarr
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 15Gi
storageClassName: openebs-zfs-mainpool

View File

@ -1,76 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: radarr-secret
namespace: download
stringData:
RADARR__AUTH__APIKEY: ENC[AES256_GCM,data:4YjKtZCtMpQbH4UekHNAJo8XCHQsFzk/VC4dFQqwq60=,iv:D+LyeryyOEfAsecY3dI5jL2WVoKYXh5KKbr+nOzwjP8=,tag:1XTPGSADTN8ajqeabDnewA==,type:str]
RADARR__POSTGRES__USER: ENC[AES256_GCM,data:G+8/0CJN,iv:fxHLk5YPz2sC2GQ8TCvJskpjo8A0FlwwyvCgfQx+stI=,tag:S1z679b57weJNa5CJ+UCug==,type:str]
RADARR__POSTGRES__PASSWORD: ENC[AES256_GCM,data:bc5CDUJgEG2BQN33Jd39xLfSzjmgEoy17kcGXGhJR3A=,iv:i9rx+uLRC6oRyCk08TaxMUJWZYM28sC0+86cg6/HUd0=,tag:H6fQnNYhZCE9gEbOfAn0YA==,type:str]
INIT_POSTGRES_USER: ENC[AES256_GCM,data:9TuuqOuW,iv:HPPBvVxAxEdF3dT4GChiuH5QUOyZF/zatwTBcvsiZpM=,tag:1gqQynXybB92MS5fBD5rzA==,type:str]
INIT_POSTGRES_PASS: ENC[AES256_GCM,data:LUpXvIhljefhWr9oWaI9EE1pSVDIwfx3aRykLmLV7vo=,iv:puMPzgBnNiwPeGCN4yncOBHTBkVFcZQHo240/oDhVPs=,tag:kXW1Zz6vLAnp2TWRt61r/Q==,type:str]
INIT_POSTGRES_SUPER_PASS: ENC[AES256_GCM,data:MJ3bEXMPjDGc9VC96H9tAwrXqx9ufgCuC53862faGGQ=,iv:/KnIW8x0s07KHtX2/+S7KxTkjD1U3M2dhrOdqTrIgMo=,tag:tlrLFcSYURIIFiH1q6awBQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-10-16T01:04:26Z"
mac: ENC[AES256_GCM,data:GJWny77+79pyRm/wGJtnlpJEaxZVvisiyTwHfUkymE1WKtKRuWFTuwag6aV0N6gIxtH4ko69ciNGgbanVaxpQ1LvS5YYk+xhIUp3AzPF/FWb7orQnOcirXDO7n5QWBl6fiE0TUiUSJ9usZXH/RsSCG+F11LWJP2sI7OXhAxIsz8=,iv:qj5JsEGYx2OMfQEmCxdVWv/5LrhPZH3CVD+iiO1Ruok=,tag:0QMsaIqvJ+V53rIGXeTpIQ==,type:str]
pgp:
- created_at: "2024-10-16T01:04:26Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwAAAAAAAAAAARAAlVvZKk+zcf+j22YM0ZwYIAKlNWbQcL6oODPpQ1BN80by
NiTFc88i8cDOh3AySWOYVVKB5v9UcYPWqw212uvEleyvb3UlHPrn/8XmWzUaLOyP
AfPXuPTBvFp3LvsbSXSvHRJok2EzF9vf7jv6wx1be+EObcwibUBN3FIdey/lB1fH
Ja/X25aotqkheoM/0QAQb3jL4w95LjiY0EdaGE0RZcRJY4AHqGNyMv07Hquu7GRN
17B+DfOKUg61eJ0aTX0LdCGwjr1HGvg694SujSzeivkAHFQgu7zuqg4J7BfxSKrT
tEjnSuXzjVs/zedLBt4xhNNki3gttQz1duQL8VvvK2V60sbu5HwvVHo19qxf++Zm
7GhYtv0R8DstQ/9DcXVbst67y11ilGbJyvITfci/TAwJm8undukwFjXwlvK6lJOa
hIili789G0Djfznw5rJXbjgAHACD7mMgvV32Ii5t4dG8Bn/GEwyS5+C70vy0LZPZ
lQXmR50d15SAyNEDWmfSG9Me7mfn4d59FrtMIQkKdvDVRdCWRN8cqUTRuteq1ERz
dngXwSzf55fabOvAQohFgDwvIOHnhAazimjrx235g39HMNtlkFvMCU0J8lux50iI
zy1jvzpB8f31iFal/ylDTJNR4g3DhzphHRaD97AqVCxjPRTQbTsU3KEYEZWhndaF
AgwDAAAAAAAAAAABD/9hwr+yVE4VuefE5qfqNY6yAodeZxlsYXluTsBMli+Hbu1z
Jsyd2TlMBjuA/4st8fjZl+wBdTbiMcFoZ2hRnAzIuJvPapoeZM9nB3w3jHV8g+UJ
rtgq0cuM969o+TKa7dzmeg2fVZ7OsKVe4ZwM26c7WjhWrFo4SMd2D91bc+op0A25
ouEigbsvIUHzCws3IOf8gmAZs60zRo3CP8rafhmhyoGXOrh6vQWby8I/JMkvuf4F
bAuwAsUqFdIDwH65DI6zsPuaD8SJ00FVLqliQB/kbbhz0K7no49jJZuJlGJ/9GjU
gFPOFJzWUT09hdvd7zOVXO4xmo87Zx+H08lb+VC7GMf7REjbrLISgZPJqY4N9gff
hVetnOErlQgTEv8ZJUn228ndtR9s9L17v+lsO+a7XRQW3i1aAcHBED7nZEoN5b0Y
k5EJOMOAxxEVmT3aMNEkC7O+X9Ojxxxja1qBFDQu59QTwCagb1nRtPaXnSZ2wDoc
S1QBxHPGK0vIw6hCJTXkWAqKQpQx/gBvEuMQsyO8Vzg/9tbX6lBxVHZIpBzl689R
Csu3WlMJbscqL0FjPKjNo2unUE7epGBvr0vcQJ76bvmCNHlb2xLhy+AiXtHTVhuA
abC9tNwOTxJbpxIhBIJPidotOcvX6pCZlmVOd5Hrec+VUWG8SWVH8/gm9ixCztRm
AQkCEMHFPeChsZuPd8ZYGHT2EDhkgO7Fc+DqPIb78yYsBsnEFQGVRHcnXvmfMvyZ
jHqDqkVoYUlPsssMIJhGZOlLhgoiVEiePZ1DrBAKkhctB+vtVLhwuJddh6tdZelh
1FJKtdR4
=CkVe
-----END PGP MESSAGE-----
fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
- created_at: "2024-10-16T01:04:26Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwAAAAAAAAAAARAAmXUF7aBFkVd9j4dHGVsR53c9EVJOv/dx0ZnAjOLvw71r
9n+T412OAxqABUnmS0nOOSaESYRMvNwaCyx5NJBAF2VrWlwFFCVSB4pXzkPHzLA1
8lscA99wFMYN9DQByaPTneBV6W+LDu6LKj/O7A7FZfuomaNNtmJ+iITVLp2NKDcY
575hmVGiQDC2I+gxx2TeSjCYJpNDZW18AuY9Z9zeQzKGbfj2541o4BZ8kgs+NUo/
CnwXwVIPbIr2nW1jqlXmCusTQhyZ78wOf2TbBn/Qm4hBJZTpxKKJyTKJBpF1olyV
usnLiMwZkSLCHVb7AzzVfXQGIiiuKF3wpy7kfAq86PpCW9JP0h8sdjyK/8wbeE2x
w/EhilfNFEtMiyD38KSFJ/gf0l9Vy+GkzHcq6LjxBPIIFSe6x6EIWge6GScQJ0pd
1wAzNIXswYzUkRIyVUuzCdLSRUVzaqh6ICixu7PQVhlQeAbZ6uvBxP2vDfxGJE+E
HNJhwTSDXgwY/mibNpKLsoduaN28FfWRdRk1hCTHNo7vcmN4xp0vtbZdAAyRgU4F
fzINAG9ep484SIPUCIho6qI0pfC9DETpo0OLh2KddLAT0gAu8XgLTH2KYNSd7UEy
euxrZtLQIx7cGExdXFBcGHIPdXolZPESvSUZ/UuF7sQewjDS5ReyBoYisux1YwfU
ZgEJAhC779UuniZgT7WYra3v2u2JkBhCy29GIc5EW4dH9n2KoK9MfbIIxbDC599r
SUbvN8RV226CLfD8rJz9dNYrygEXGyrTTkBLHC76ru5inj3g7DN3HaJPrWPMVpTq
rVs3c98SBQ==
=UOM9
-----END PGP MESSAGE-----
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
encrypted_regex: ^(data|stringData)$
version: 3.9.1

View File

@ -0,0 +1,119 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: radarr
namespace: download
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 1.3.x
sourceRef:
kind: HelmRepository
name: bjws-charts
namespace: flux-system
values:
image:
repository: ghcr.io/onedr0p/radarr-develop
tag: "5.12.0.9255"
# Metrics sidecar
sidecars:
exportarr:
image: ghcr.io/onedr0p/exportarr:v2.0.1
args:
- radarr
ports:
- name: metrics
containerPort: 9000
env:
- name: URL
value: "http://localhost"
- name: CONFIG
value: "/config/config.xml"
- name: PORT
value: 9000
- name: ENABLE_ADDITIONAL_METRICS
value: "true"
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: "true"
volumeMounts:
- name: config
mountPath: /config
readOnly: true
env:
TZ: America/New_York
service:
main:
labels:
app: radarr-service
ports:
http:
port: 7878
metrics:
enabled: true
port: 9000
protocol: HTTP
probes:
liveness:
enabled: false
# custom: true
# spec:
# httpGet:
# path: /ping
# port: 7878
# initialDelaySeconds: 10
# periodSeconds: 10
# timeoutSeconds: 3
# failureThreshold: 3
startup:
enabled: false
ingress:
main:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
hosts:
- host: &host "radarr.${SECRET_NEW_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
persistence:
config:
enabled: true
type: hostPath
hostPath: /mnt/MainPool/Kubernetes/radarr
mountPath: /config
storage:
enabled: true
type: hostPath
hostPath: /mnt/MainPool/Media
mountPath: /storage
podSecurityContext:
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
resources:
requests:
cpu: 1m
memory: 350Mi
limits:
memory: 1500Mi

View File

@ -1,31 +0,0 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app radarr
namespace: flux-system
spec:
timeout: 5m
interval: 10m
targetNamespace: download
path: ./kubernetes/main/apps/download/radarr/app
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
dependsOn:
- name: openebs
- name: openebs-sc
postBuild:
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets
substitute:
APP: *app
VOLSYNC_CAPACITY: 15Gi

View File

@ -1,7 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ./namespace.yaml
- ./helm-repository.yaml
- ./helm-release.yaml - ./helm-release.yaml
- ./monitoring-helm-release.yaml - ./radarr-exportarr-metrics.yaml

View File

@ -1,142 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: sonarr
namespace: download
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 3.4.0
sourceRef:
kind: HelmRepository
name: bjws-charts
namespace: flux-system
values:
controllers:
sonarr:
initContainers:
init-db:
image:
repository: ghcr.io/onedr0p/postgres-init
tag: 16
env:
INIT_POSTGRES_DBNAME: &dbName sonarr_main
INIT_POSTGRES_HOST: &dbHost postgres16-rw.database.svc
INIT_POSTGRES_PORT: &dbPort "5432"
envFrom: &envFrom
- secretRef:
name: sonarr-secret
containers:
app:
image:
repository: ghcr.io/onedr0p/sonarr-develop
tag: 4.0.9.2457
envFrom: *envFrom
env:
TZ: America/New_York
SONARR__APP__INSTANCENAME: Sonarr
SONARR__APP__THEME: dark
SONARR__AUTH__METHOD: External
SONARR__AUTH__REQUIRED: DisabledForLocalAddresses
SONARR__LOG__DBENABLED: "False"
SONARR__LOG__LEVEL: info
SONARR__POSTGRES__HOST: *dbHost
SONARR__POSTGRES__PORT: *dbPort
SONARR__POSTGRES__MAINDB: *dbName
SONARR__SERVER__PORT: &port 8989
SONARR__UPDATE__BRANCH: develop
probes:
liveness: &probes
enabled: true
custom: true
spec:
httpGet:
path: /ping
port: *port
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
readiness: *probes
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities: { drop: ["ALL"] }
resources:
requests:
memory: 100Mi
limits:
memory: 4Gi
exportarr:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.0.1
args:
- sonarr
env:
- name: URL
value: "http://localhost"
- name: PORT
value: &metricsPort 9000
- name: ENABLE_ADDITIONAL_METRICS
value: "true"
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: "true"
- name: API_KEY
secretKeyRef:
name: sonarr-secret
key: SONARR__AUTH__APIKEY
defaultPodOptions:
securityContext:
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
service:
app:
controller: sonarr
ports:
http:
port: *port
metrics:
port: *metricsPort
protocol: HTTP
ingress:
app:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
hosts:
- host: "sonarr.${SECRET_NEW_DOMAIN}"
paths:
- path: /
service:
identifier: app
port: http
persistence:
config:
existingClaim: sonarr
globalMounts:
- path: /config
storage:
type: hostPath
hostPath: /mnt/MainPool/Media
advancedMounts:
sonarr: # controller name
app: # container name
- path: /storage

View File

@ -1,10 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sonarr
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 15Gi
storageClassName: openebs-zfs-mainpool

View File

@ -1,76 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: sonarr-secret
namespace: download
stringData:
SONARR__AUTH__APIKEY: ENC[AES256_GCM,data:PWRlk76a7RYZ03VCvmqmIZO5HhaGvyEXcW2DECI2vGA=,iv:fITW+yradbG6OJ94mmLOtAlpW6yfN574s8cwQ1e9uOI=,tag:oJJ5dG6L4mXrthi+CRWUcA==,type:str]
SONARR__POSTGRES__USER: ENC[AES256_GCM,data:LI08bpMG,iv:Qp0NWVtIFWiKgEUrT/BdMzwa7+8fjggKWUBy8Ru4g8M=,tag:gB1Uj/WfTGWStk5nk0mNnA==,type:str]
SONARR__POSTGRES__PASSWORD: ENC[AES256_GCM,data:VwG6Sr80tQf2otnE2BhCJi0uQKwgsPrRwJ+3F8uriVw=,iv:sFJYYpcjmQp89NZ4m+RF8AXFN2ICe2xB3vRVZHcmrv8=,tag:cWRNeAN3L07VRI4fwv8A1w==,type:str]
INIT_POSTGRES_USER: ENC[AES256_GCM,data:oTucnP6X,iv:jcpa5bpxQqoo976y5SPTy/0wJ1/p711omqzYgbOe6KM=,tag:HoI/9ejCZO0F6wd4SFJMJg==,type:str]
INIT_POSTGRES_PASS: ENC[AES256_GCM,data:SQxqWbm9WpozkytSmzrjQYZfkZ3A8sP7wJEL8J/iFjU=,iv:V/XXsoOGhSACVe3ZP18+2oxOCDhwvPcX7ITSBAuBals=,tag:zGPMmZ9161/zlOBPxDYKMQ==,type:str]
INIT_POSTGRES_SUPER_PASS: ENC[AES256_GCM,data:2p9pzuEfRhsS9HqR0weJnE8Z2v5jUZXuD21NwBOiDH8=,iv:WISDSdnnuOCIDt6WFapkq5xAr+26stvJcD8Iqj8aS6c=,tag:BgFKami5xIxsCTr/7M/mLQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-10-16T01:05:42Z"
mac: ENC[AES256_GCM,data:T0EoAhc+rtPMHQRUcu/PlzwtKXQh4zaYjTvGO+YI6eVWaxHSQbT8J4VmRl4+MdBf5rj8qUlxGEpo0bv9vPLm2IAAQMMVKxDeVwWqFywdzDLJod/WX2BODuun2JTBTF1ELDkMlWKFYV4Y71ZWpyXY1VFBBvM3dL7JNn7oI5X9UZg=,iv:xYgjaAiwKHaEa8tP8OZCT6JiNVRm1Ex509lYjMciD5k=,tag:C3q1lbG+rTVFaFXzQZMONw==,type:str]
pgp:
- created_at: "2024-10-16T01:05:42Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwAAAAAAAAAAAQ/+NRZ2RB5WCLg+k4zKrC0g5XOcMeS3BGXexjrHluCbtvgZ
BI+V49yhaJz/KrowfP3d3/mXC3sc4oelcgoLL4th12s2RdFH3OT1OD2JNe9+Krg3
M1EgKcZjA/T4Qdq1MBbp5XWw3rxnm5KDoIJ7q6eo/qi+k+hD+4InoV2AWTsROCK3
iCHSY7ZMymw0ZXYUdeevzuWCl91osznk1HqQf09NXnYHAJo/yoAsT/enmQjyPQ91
VXTp+oRs/rMYyWhQA8dqL1rvzIKO0n0iuc01DiephstUqNs0Sl9uMUSiaa0pHthq
TWe7z9LvCRZoUCFyobYtb2V8m/o6Hh2pUPX6E3T7oAs8BQfOeyL9vXlALUGu84Sz
3cjAfrfNPgY90thEnpJaC/FbIo0QoW9vbQPk4amd3ZB7FD0LFCEkJB2IIEVPLgUj
xIUG7Cj4Sbt0Y56E25bq34R8pxuj/VgzPTAG3ezTRGgpYBmubPRFzic3EEVt9nw7
fAgaUW5Xyncxcc6PSx1iB424od1H/tTxHWDeQvOrwNzRqWSlsCUUv/7iyNWhSWTd
+hpC9dZaCrKKNotyYmqVmCdINvXTh/M7viVYUCa+n08BOp6FT+VXn/jG9rdtoPIb
OQE/OtwkVQordHFDTms/a1t5CaSPAnbVyZHbF+hAWF4ii2ZqPRHNoh8ZiwcYkqOF
AgwDAAAAAAAAAAABEACASFOBSDzeOrKNsIGBlrFdcCxBe+0zRAKj08qZVwlQ1NBa
+0/QsJKyf6s4PxcCBFbiPyGzhVkMM47Uvpez+Yd7cLoBUCIquPwBF3pI7BUNcIZ6
Sn+6pcyIg/PwhyGSvr0vCDNTfgMAZx+pFowpGMJpGGH1N1hvOrSgPniS6h4iusPc
dIWQRiyb2HknXD2Kl4VwvYPYmsVbRDafN/w6oJooXO1VJCE8tcRYvAleYkXKU+Yx
IWolheFiJHf9psKR9hV1Z0qBAXQrL7FNybh1vkdPx9rfO/ZW5I0k23dYTQLQGeds
BsxsDEwuIatiIWqyxjqiOvFVjgMUQrGY+W/1RxAT/rPgVSltyLrNBj5Aftn2HSgA
XEqfQsEudkiANxSb9N1dhH6xPurWrpo03BrPPEZxs4PgKSG1gqHrnc3ZfX2CzLJf
nC4KANCM+od4CE/n6lQRjTMHxE6YSR4YxoYaPEHAVRyBntOkWmmgJLSm4jDHf/GC
Mmm12kjZFwj1saE8ez/dcoKEFgopBSD9423WogwX17Ds9B8GMLrxpqBjEF5WUFv2
68QZuNvONgMEP9Y0qJERH5WTFxdtynkHE3Nw0lXbxKUjK/GYfwQ7A2UBOXlpxXCE
8oAEPd/gvzy0SdI8UA2De6OG/HU6P7wEcQIxiclEiw8zRMtIlnkrvMgoqf7vu9Ro
AQkCEFoSRJpIZnFThNv1WXQmh6ssYzdwzczzWIthociPckS4bglxAm88r/iikUcO
iS2RD4EofwECn9fKkaJbfqFLOEpRdMdKnO04SHpgM0u4sxDuG9Y6bPptqQxELHSo
S5j9msdiAj8=
=A/Lt
-----END PGP MESSAGE-----
fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
- created_at: "2024-10-16T01:05:42Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwAAAAAAAAAAAQ/9GppcaU9jTMDfyzkU35WWqaJ2o9boG5BrYzPNLsoZuNHc
czMiMTw/WZM9QITQuMOZaWKBQ8uPjjP+BIzMz7iZmxNs4Mq29TolrRaFBUvcc2Sq
xRJyoN4+h0ly2uo0+8Uzp8JQUqPGpWZnmQIQWx6bkT5BBtAGvrHlf5mYsno9P0Lp
gRlnuNNiMcN0AV/SJ4NDjBZ9EmhuVTvyCZin4XJr6nvCZqZPBD+0yUvB8qd7QzPK
G+6+63b1VruDBA/MAbZLaiDGTDMVE5ax3TLwmBdhxcSaCK0jHJiTUmHaq0mIq+0m
QqACid7xymmE9rGPWIpAMh31ANm7zD+cVdu0n+FOsa4aR+WfRB3cfP2ccMj2iCxY
YbnfBuu9YyVKA3vB68ol+W5gqfP0+vVsUub/1F1cV97tbybhnvvV+a7Hs41aSdfk
9z91OplIanTRuk/5wttH6m8RzIIbZ2QWE04Y53tcrhwFZkPeq62OreD0UndJVl0z
tucdkxZlMT/qKMT72+gjdJzkpytJkqbJIR6A9rWW7v+h2Iv42RhmJKJGrcFY1hhe
l0y7DTdo3vggiU4OLnLXwvBVObiI8ob4o1nbHZzm0Ok1Gkd2X6Ftl+4N/43xhO/2
5mjTtZrlMblzT/tcZcqnfYY2m0DFzu6dVE1uqwJ3+a13m/YYtFjJBLwQsJmuDXLU
aAEJAhAKyZtbruxt4b1JANjH+OMa/WgQSJk13aVe1R4YWtJMdI8VEYvPJOY2r18O
eNvVjigAn0K78wrm2g6OHEZWKIHyUveMi2DDU+zmzRIx2RsRpmTq8+tCeVXAV7Y4
Po01Sb2rKcjV
=HGeQ
-----END PGP MESSAGE-----
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
encrypted_regex: ^(data|stringData)$
version: 3.9.1

View File

@ -0,0 +1,120 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: sonarr
namespace: download
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 1.3.x
sourceRef:
kind: HelmRepository
name: bjws-charts
namespace: flux-system
values:
image:
repository: ghcr.io/onedr0p/sonarr-develop
tag: "4.0.9.2457"
# Metrics sidecar
sidecars:
exportarr:
image: ghcr.io/onedr0p/exportarr:v2.0.1
args:
- sonarr
ports:
- name: metrics
containerPort: 9000
env:
- name: URL
value: "http://localhost"
- name: CONFIG
value: "/config/config.xml"
- name: PORT
value: 9000
- name: ENABLE_ADDITIONAL_METRICS
value: "true"
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: "true"
volumeMounts:
- name: config
mountPath: /config
readOnly: true
env:
TZ: America/New_York
SONARR__AUTHENTICATION_METHOD: "External"
service:
main:
labels:
app: sonarr-service
ports:
http:
port: 8989
metrics:
enabled: true
port: 9000
protocol: HTTP
probes:
liveness:
enabled: true
custom: true
spec:
httpGet:
path: /ping
port: 8989
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
startup:
enabled: false
ingress:
main:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
hosts:
- host: &host "sonarr.${SECRET_NEW_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
persistence:
config:
enabled: true
type: hostPath
hostPath: /mnt/MainPool/Kubernetes/sonarr
mountPath: /config
storage:
enabled: true
type: hostPath
hostPath: /mnt/MainPool/Media
mountPath: /storage
podSecurityContext:
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
resources:
requests:
cpu: 2m
memory: 350Mi
limits:
memory: 2500Mi

View File

@ -1,28 +0,0 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: sonarr
namespace: flux-system
spec:
timeout: 5m
interval: 10m
targetNamespace: download
path: ./kubernetes/main/apps/download/sonarr/app
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
dependsOn:
- name: openebs
- name: openebs-sc
postBuild:
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets

View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helm-release.yaml
- ./sonarr-exportarr-metrics.yaml

View File

@ -1,9 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ../../common/apps/volsync-system
- ./database - ./database
- ./authentik/ks.yaml - ./authentik
- ./media - ./media
- ./download - ./download
- ./management - ./management

View File

@ -19,7 +19,7 @@ metadata:
namespace: monitoring namespace: monitoring
subsets: subsets:
- addresses: - addresses:
- ip: 192.168.10.42 - ip: 192.168.10.41
ports: ports:
- name: metrics - name: metrics
port: 9100 port: 9100

View File

@ -1,6 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
#- ./air-quality.yaml - ./air-quality.yaml
#- ./air-quality-dashboard.yaml - ./air-quality-dashboard.yaml
- ./essential-node-exporter.yaml - ./essential-node-exporter.yaml

View File

@ -59,21 +59,11 @@ spec:
prometheusSpec: prometheusSpec:
enableAdminAPI: false enableAdminAPI: false
retention: 1d retention: 1d
remoteWrite: remoteWrite:
- url: http://victoria-metrics-server.monitoring.svc:8428/api/v1/write - url: http://victoria-metrics-server.monitoring.svc:8428/api/v1/write
# select everything
podMonitorSelectorNilUsesHelmValues: false
podMonitorSelector: {}
serviceMonitorSelectorNilUsesHelmValues: false
serviceMonitorSelector: {}
ruleSelectorNilUsesHelmValues: false
ruleSelector: {}
probeSelectorNilUsesHelmValues: false
probeSelector: {}
scrapeConfigSelectorNilUsesHelmValues: false
scrapeConfigSelector: {}
storageSpec: storageSpec:
volumeClaimTemplate: volumeClaimTemplate:

View File

@ -10,5 +10,5 @@ resources:
- ./victoria-metrics - ./victoria-metrics
- ./varken - ./varken
- ./proxmoxve-exporter - ./proxmoxve-exporter
- ./external-monitors #- ./external-monitors
- ./flux - ./flux

View File

@ -8,7 +8,7 @@ spec:
chart: chart:
spec: spec:
chart: victoria-metrics-single chart: victoria-metrics-single
version: 0.12.3 version: 0.12.2
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: victoria-metrics-charts name: victoria-metrics-charts

View File

@ -8,7 +8,7 @@ resources:
- ./traefik/ks.yaml - ./traefik/ks.yaml
# storage # storage
- ./longhorn - ./longhorn
- ./openebs/ks.yaml - ./openebs
- ./kube-replicator - ./kube-replicator

View File

@ -5,5 +5,4 @@ resources:
- ./helm-repository.yaml - ./helm-repository.yaml
- ./helm-release.yaml - ./helm-release.yaml
- ./alerts.yaml - ./alerts.yaml
- ./service-monitor.yaml - ./service-monitor.yaml
- ./snapshot-class.yaml

View File

@ -1,7 +0,0 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/snapshot.storage.k8s.io/volumesnapshotclass_v1.json
kind: VolumeSnapshotClass
apiVersion: snapshot.storage.k8s.io/v1
metadata:
name: longhorn
driver: driver.longhorn.io
deletionPolicy: Delete

View File

@ -1,59 +0,0 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: openebs
namespace: openebs-system
spec:
interval: 5m
chart:
spec:
chart: openebs
version: 4.1.0
sourceRef:
kind: HelmRepository
name: openebs
namespace: flux-system
values:
openebs-crds:
csi:
volumeSnapshots:
enabled: false
keep: false
zfs-localpv:
crds:
zfsLocalPv:
enabled: true
csi:
volumeSnapshots:
enabled: false
# Refer to https://github.com/openebs/dynamic-localpv-provisioner/blob/HEAD/deploy/helm/charts/values.yaml for complete set of values.
localpv-provisioner:
rbac:
create: true
# Refer to https://github.com/openebs/lvm-localpv/blob/lvm-localpv-1.6.2/deploy/helm/charts/values.yaml for complete set of values.
lvm-localpv:
crds:
lvmLocalPv:
enabled: false
csi:
volumeSnapshots:
enabled: false
# Refer to https://github.com/openebs/mayastor-extensions/blob/v2.7.0/chart/values.yaml for complete set of values.
mayastor:
enabled: false
engines:
local:
lvm:
enabled: false
zfs:
enabled: true
replicated:
mayastor:
enabled: false

View File

@ -1,17 +0,0 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: openebs
namespace: flux-system
spec:
interval: 1m
url: https://openebs.github.io/openebs
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: openebs-monitoring
namespace: flux-system
spec:
interval: 1m
url: https://openebs.github.io/monitoring

View File

@ -1,39 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: openebs-monitoring
namespace: openebs-system
spec:
interval: 5m
chart:
spec:
chart: openebs-monitoring
version: 0.4.13
sourceRef:
kind: HelmRepository
name: openebs-monitoring-charts
namespace: flux-system
values:
kube-prometheus-stack:
install: false
openebsMonitoringAddon:
# this is the only provisioner enabled
localPV:
enabled: true
cStore:
enabled: false
jiva:
enabled: false
ndm:
enabled: false
npd:
enabled: false
deviceLocalPV:
enabled: false
lvmLocalPV:
enabled: false
zfsLocalPV:
enabled: true

View File

@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: openebs-system

View File

@ -1,54 +0,0 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: openebs
namespace: flux-system
spec:
targetNamespace: openebs-system
timeout: 5m
interval: 10m
path: ./kubernetes/main/core/openebs/app
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
postBuild:
substitute: {}
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: openebs-sc
namespace: flux-system
spec:
timeout: 5m
interval: 10m
path: ./kubernetes/main/core/openebs/storage-class
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
dependsOn:
- name: openebs
postBuild:
substitute: {}
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets

View File

@ -1,5 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ../../../../../common/templates/volsync - ../../../common/apps/openebs
- ./helm-release.yaml - ./mainpool-sc.yaml

Some files were not shown because too many files have changed in this diff Show More