13 changed files with 228 additions and 177 deletions
--- a/cluster/apps/game-servers/kustomization.yaml
+++ b/cluster/apps/game-servers/kustomization.yaml
@ -3,5 +3,4 @@ kind: Kustomization
 resources:
 - ./namespace.yaml
 - ./network_policy.yaml
-#- ./factorio
+- ./factorio
 - ./palworld
--- a/cluster/apps/game-servers/network_policy.yaml
+++ b/cluster/apps/game-servers/network_policy.yaml
@ -12,6 +12,7 @@ spec:
    - namespaceSelector:
        matchLabels:
          name: "game-servers"
 #    - podSelector: {}
    # Allow traefik pods
    - namespaceSelector:
@ -21,18 +22,4 @@ spec:
    # Allow all pods with this label
    - podSelector:
        matchLabels:
-          needsGameServers: "yes"
+          needsGameServers: "yes"
  egress:
  - to:
    - ipBlock:
        cidr: 192.168.87.0/24 # server lan
    ports:
    # palworld
    - protocol: UDP
      port: 8211
    - protocol: UDP
      port: 38211
    - protocol: UDP
      port: 25575
    - protocol: UDP
      port: 32575
--- a/cluster/apps/game-servers/palworld/helm-release.yaml
+++ b/cluster/apps/game-servers/palworld/helm-release.yaml
@ -1,84 +0,0 @@
 apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
  name: palworld
  namespace: game-servers
 spec:
  interval: 5m
  chart:
    spec:
      chart: app-template
      version: 1.3.x
      sourceRef:
        kind: HelmRepository
        name: bjws-charts
        namespace: flux-system
  values:
    image:
      repository: ghcr.io/jammsen/docker-palworld-dedicated-server
      tag: 1ea15dc
    env:
      TZ: America/New_York
      COMMUNITY_SERVER: false
      # Game settings
      IS_MULTIPLAY: true
      DIFFICULTY: Difficult
      NIGHTTIME_SPEEDRATE: 0.8 # shorter nights
      SERVER_NAME: ThePalFuckers
      SERVER_DESCRIPTION: A private Palworld dedi server running on a dedi server
      COOP_PLAYER_MAX_NUM: 6 # 4 is default
      RCON_ENABLED: true
      RCON_PORT: 25575
    envFrom:
      - secretRef:
          name: palworld-server-secret
    service:
      main:
        type: NodePort
 #        annotations:
 #          metallb.universe.tf/allow-shared-ip: "main-ip-192.168.87.10"
 #          metallb.universe.tf/loadBalancerIPs: 192.168.87.10
        ports:
          http:
            enabled: false
          game:
            enabled: true
            primary: true
            port: &game_port 8211
            nodePort: 38211
            protocol: UDP
          rcon:
            enabled: true
            primary: true
            port: 25575
            nodePort: 32575
            protocol: TCP
    ingress:
      main:
        enabled: true
        annotations:
          traefik.ingress.kubernetes.io/router.entrypoints: factorio
        hosts:
          - host: "pal.${SECRET_NEW_DOMAIN}"
            paths:
              - path: /
                pathType: Prefix
                service:
                  port: *game_port
    persistence:
      data:
        enabled: true
        type: hostPath
        hostPath: /mnt/MainPool/Kubernetes/game-servers/palworld
        mountPath: /palworld
--- a/cluster/apps/game-servers/palworld/kustomization.yaml
+++ b/cluster/apps/game-servers/palworld/kustomization.yaml
@ -1,5 +0,0 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - ./server-pass.sops.yaml
 - ./helm-release.yaml
--- a/cluster/apps/game-servers/palworld/server-pass.sops.yaml
+++ b/cluster/apps/game-servers/palworld/server-pass.sops.yaml
@ -1,70 +0,0 @@
 apiVersion: v1
 kind: Secret
 metadata:
    name: palworld-server-secret
 data:
    SERVER_PASSWORD: ENC[AES256_GCM,data:hmgj4tzEFH4Q3HZa,iv:1iQrKKeKC+FlPUmhSrrwlJvPCHK8rtEcHeCJtkwdpos=,tag:/TPAzdUsYbEP04JCOlogZw==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age: []
    lastmodified: "2024-01-27T04:33:48Z"
    mac: ENC[AES256_GCM,data:n36Uh2qW0+TIMoSAEDUpbKUmr+dju0Iu7TcZr9uh01WeWrF2pKpfs13kpOay84GyDcsz+EgBYWHoR5SqgRVVWtt82yI+GP5FMo1JNhQ9gdwvqAAlIj9gb6ZkzXm8K9IdKGwvsZciapJNMMQamgYsm/PInRQL++/uq0CqcByJLy4=,iv:m62/FUmrr9Z+4La0TLXC3Mz9RkbqoGYfq3uOqsVu1pk=,tag:IDBoF2PzYGzygD/AJLvo2A==,type:str]
    pgp:
        - created_at: "2024-01-27T04:33:48Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----
            hQIMAyqlIeyoxYovAQ/9GWC4lYqJ+dlITYSESAGVrlWJ5qajTUoDtpIOtVfm5H5U
            GAuQouQjferazQN6aBwtFLgCTN/IfOITOGrPuIm9rAzTyMdAF+lpt+lQ/9tnllgS
            m+90cVx/KsrU+qWYkUZqB8Zelz2IMXZdbNtqfiSgTiZRv11pLqILFasjYQMoGajC
            j99X4ytAf/lcDuRphKL5OLpBAkxduZHX9XzJKX/1SjQlGHhnrXYlYmH+5qAU83Kk
            F0TT6fPtuQC+xCpk706nAGBKJV1qkebf9wgGw1Qpv87ZnrYYv1j9slOPJnkkHocq
            wq/IKU/SeRUyWO1Plh/u+rq70lhvuQirR57qfV060HOiZBop5iGeRcno3eiOok7F
            Qf4+FtkRGlSnxPzOKdCwmVdzpRa4g+NC5Y+hEWma5lFRq7qJ/aLMOhvNNjlo9wVX
            pWfruPP25FckVCViGLOOfQs85rLdle+T/krwPXEZSdNCyUkb4rUFALpEBNUY4VRs
            56pFml1EgGmDTUkJHtjF55gjKqVeFrJRjHRfOyQgmr9QTeZ7IQMFUPcPbhpYF46o
            TI38aTFzNipQnnaT1fO3c6BDBOfm1F5gsaczagMjsBUmmobRSd89HN151g+10CNb
            7MW/m+MppXxqKEZNqc2Aab303uuxygfFrMVBm//jqRaZXcmwM8J0wIExf7XgbaaF
            AgwDXjg0p2IN1X8BEADHAv0TKr7ZR5209ABeaNsHTsnVzxPghgWQPxveeedZOUGo
            WRa0SJVx76TTgGZ2xSnm1xBEHuU68yqtyDfBI2L/mOMp/6d/KIa96aH7LaWL9tip
            6knWBBKt0VZVW5o731gBE6Nr3K9pPVsXOrHTjL8JsQld+84dLpkkL4WcryajPJCA
            VXjf/CzXhbRK7vrqSiyuZbIZL99YGPusCgGzdTF0Qj7D9ZjMUg73AbqTNkrsvgIn
            7nIuoLpktP9IsbS8Q0oMsWYdi/vBvMbcDdU2rERFf0sfmZqrPbllLLW9HvHtwOse
            Xz6DZoF9eft9kbSpO9BdYM3/dWfY6Jsvs/bW5C87IXgdF90nqqQ4yhqJroL+1IvK
            KazkT4Uq4WNPfVMTkHmZEiS5H4Ak1P4S40kbRsZZWiOqrfx/qVhKvgd5r87/DBPq
            HWtkI9tWL5T59NbbA+YJCDfbdHqRpN0gxBewfhHwpH7tMhRdGCZ4ISgm9yNnr0Nk
            MSAYT1aMb9mdAHDU6QYCK6CO8z96fuMyqe3B9Ga0UBPPJB/OEQFWJsgFfBJurYKg
            xbboPeQ+XWhDgJFV4yDAooolPG+CDLrfTHWMwVFPHqKyf6zN7G+69Bfyqnk0M21U
            XWDrw0LU/2lrZh8AxwhDS1Zpz/KJ15Y+EweW6HKtH3Rb2Dhmznv5G7Czr9C1ddRo
            AQkCEJAZgZ/NkuwMTLk+Np5QFi2bmuexCHNFhUoEy/ojJtPo6Ck5F8O6GmAWSD9w
            S/Yk/tWkEVKxw+vl6gDybGwq+p+udhciU5dHkmbdpxOeVrA2PsQI1nUDqLrd9gCG
            wigodoObUTc=
            =x08X
            -----END PGP MESSAGE-----
          fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
        - created_at: "2024-01-27T04:33:48Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----
            hQIMAy5t8IMoPu4VARAAsxfnIPUWatZhWCEQNVWGa1+SsZqbLHXbJiF0kqw+2Uix
            lnpa5mIs+L8gFDb0wzS15PsO9IU81YR5LJ7t4M0M6WA/sRHVREzkn6nozIqX0zaZ
            qgqiMyhNss4kvKoJTGHvl0F49HUjCJn5PB0dynG0YjdphOnFZs5BrtNfnlYjqZvf
            2+ncbWAlPs/fcmB4TQs/Xvug19zxz9VDbmMfxmU26kNiNF45D4fgb+qJDEPB2TdB
            CkftMUz1YDuLSi9icLNo2UhxAS8+JX5z1NkL7KOajEsueJIMWlFwt7IWMcx/7I51
            qQquNvlNmaSoap49Ca/pA/X7K34uzrSQjslOz1H6lrbNJSVVCmkYzDbt4XrmnocR
            Y7fO6Co2qKbVqZwmGKsBqUlH9NRDXkWTEjS25+igAItPeJRFR1nHXp/ZYu6HUh4g
            tjF6V43KLn/1mssbeS7xkNRM3BfU67LyeeVUGWU79CFfTJSakwkTr1VW2HrwBrsU
            C1m7BMDXpAlwdEooa/JfVNAdzzjE2B/o0Hlzbu9HfPC7alT06ExkUvl1tRgeZIwy
            pfySkno2pvl2yxTzyBKDNAg/++PDk0xHfHwf15YOeowQZfspncJYPAplT45GWmoL
            0E1WAY6oXmdlqjzCeNIkirB7fOtk1hGvC41UP+fKxtW3oqorn29ODCF0rxS+BG/U
            aAEJAhD4aWEYAsC3g0Lb9mmcFNgmDAPKJdqeSgf1vh4Hd4NnM8Z/LUPQP5IZZma4
            dw/Dv3kbDLOIgEacnil3VXgIv4ECSSR7tZcC1ouaAHVALzVdh+/tSE53Io5IqEnV
            D00W0y+1grgp
            =AzxP
            -----END PGP MESSAGE-----
          fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
    encrypted_regex: ^(data|stringData)$
    version: 3.8.1
--- a/cluster/apps/harbor/harbor-ingress.yaml
+++ b/cluster/apps/harbor/harbor-ingress.yaml
@ -0,0 +1,24 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: harbor-core-ingress
  namespace: harbor
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-production
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
 spec:
  rules:
    - host: &host "oci.${SECRET_NEW_DOMAIN}"
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: harbor
                port:
                  number: 80
  tls:
  - hosts:
    - *host
    secretName: wildcard-main-tls
--- a/cluster/apps/harbor/harbor-pv.yaml
+++ b/cluster/apps/harbor/harbor-pv.yaml
@ -0,0 +1,27 @@
 apiVersion: v1
 kind: PersistentVolume
 metadata:
  name: harbor-pv
  namespace: harbor
 spec:
  storageClassName: hostpath
  persistentVolumeReclaimPolicy: Retain
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteOnce
  hostPath:
    path: "/mnt/MainPool/Kubernetes/harbor"
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: harbor-pv-claim
  namespace: harbor
 spec:
  storageClassName: hostpath
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 5Gi
--- a/cluster/apps/harbor/harbor.sops.yaml
+++ b/cluster/apps/harbor/harbor.sops.yaml
@ -0,0 +1,64 @@
 apiVersion: v1
 kind: Secret
 metadata:
    name: harbor-secret
    namespace: harbor
 stringData:
    REGISTRY_STORAGE_S3_ACCESSKEY: ENC[AES256_GCM,data:1k2KYsDvvQs=,iv:6GEFFeLSKH8+QxDg3rLR7q9h0jglYU4ou1byklt2x8w=,tag:JjFAs/3jsVhSBGJmbul4iQ==,type:str]
    REGISTRY_STORAGE_S3_SECRETKEY: ENC[AES256_GCM,data:0U40z0y7vn2wPPyGt0dYQx80QuGoj7Ni/uJMtHgrc5U=,iv:YX9acsf2G2B4RLnGez6VLD2UiwKFIqhz2X4S+uTyX50=,tag:hVJVh2aSpVz22BjGGcPOuA==,type:str]
    #ENC[AES256_GCM,data:JGk1Br4y3LKLTdPHRD4F+hwP,iv:rzYB5JF0SeE9BWwp5btZABpfHgqKfQukXpXAa0Dy2A0=,tag:K9pJFFtcDhmrE4SfYlivwg==,type:comment]
    password: ENC[AES256_GCM,data:XkJEhaoRRSlxbKP94GN8dIZbj8KCwZFkcpgWNjn4vZE=,iv:Bi0D/T1izvN+l8LoZDwyUrcoN1ViS2Q6ambq2xyJFk8=,tag:ojUu0VOdnXJjbsb0XigkDg==,type:str]
    REDIS_PASSWORD: ENC[AES256_GCM,data:8kEbWelcGhd4v/yewnM4QshW2hzx+VWX2iFE76sKhYc=,iv:kbGieMQhMbml2SIznBX1pTncnSaxdsZ0PUynCECpjyU=,tag:HfRJA+P57IzpxuFtKD+tTg==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age: []
    lastmodified: "2023-04-16T05:54:57Z"
    mac: ENC[AES256_GCM,data:c4DP6+KnDOXYubNbf5NqVZPxBik0a0BDiKqNLqm5dlNqjReeQFMa5BJxENelMwLMH2T/pHZ40i1UVfkTDbsy//+oWgUwZDcmN4MVDC+Y0nPqgF48K6obxJ0XgNg5tDqPWyxTMJuslMP3QDCZVyBWODb51Zzfwpd6fuiBogKdlBM=,iv:JiHRd3tFLg+UKcRfKlnyK6CEK6K6EAe/QNc0lm4Lf4w=,tag:wkt+kX3I//yN1Ob2+aiw5A==,type:str]
    pgp:
        - created_at: "2023-06-19T18:35:58Z"
          enc: |
            -----BEGIN PGP MESSAGE-----
            hQIMAzKleRwoSoixAQ/8DxiD1YIAVNgg45XOY/mTWNfWy/IScUmkxdRygygmPEEX
            OWU4sR7fW44U0hNRbWZX0Rl99ifn//eAjbTX9vnEj50de5dHW8r17piOaPtYEOqa
            5woX+O+VgHCw9KM1rao8w34EZEeHKinXYiDhPrlZ3w2UFU+Jzi2DM+n2+dLhpxUU
            QUYn3l3e/igLo00rA3/HzxRF2U0OaAtbnRENkSpOblAjdlrSpTFRmdvsw6F7RRO1
            ddVFaVu7+EewH4YEerrP1VeZyuQ5wtSCrGqYNbuDko6/kizAz02JRbTNlPmCVqeI
            liBIz6DJQWZe+6aN0cARBRi+POP/mFY/aL87vL7n13Oz8OLVwc5nb5ZXWZrJguEb
            SRIX3m5gR24MIg0y5J0VzE4XQeJHhHv2CFptXqDATi8z05gmgYAaaO63KMh4Ztgw
            Q9KLyT6RV2ipoUdwE0t+aY5JqKXlIj5iYhLkdkGrVZ5DJWYnxQThZJeE0oEGI7Xa
            xNxJHONCuOTXXcS8wIpCsHAMKq2CjCa4PT2vGFsgoN5AL/DoU6M44T/YQpBG3vDA
            /y8AVv6+jhp42iWWlkmqkjhlqOZbRrTqYaQTsMTSdZ5USE+p94TujFcaDWl40tkz
            lY52y8sQ9iL2MmE2c6VqLvKK4zL/PbOxp8Hmq0wknoFrltJ8ln1PqN8xWYn/IHbU
            aAEJAhBewFZNfVPgYFQF08q2PxaL5f12yeeDV/r6x66+INJixSFn2KAT8l9B4r3f
            PMQRIj5HAwVu1pHh02dSqApy5nSFCapxonxFFEhyp5sFnTIAJIYrtOp3qlGiC+DF
            ISEsf0H2tK5G
            =1vmu
            -----END PGP MESSAGE-----
          fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5
        - created_at: "2023-06-19T18:35:58Z"
          enc: |
            -----BEGIN PGP MESSAGE-----
            hQIMAy5t8IMoPu4VAQ/7BEeLXvCMGrx5tmkipqFlu3z8ERLJ53uqLobFgevs0Cjw
            gMnC74vQned+UFqwygWYjE1uAmZAx1MEZN64wPKBbin7wpcgdFl5b0BFGr1CoruG
            tMlvWOtQMfJOPkAAwltqdkYrHMqjYuK8c5UD7k/X7cbf9zviN9L74JdwWrR8/EOO
            WfhreYnGTyMRIw7nHE+lDoOt0SsW0e/N3beuWZEcYlkYaWQxwMKnNIfOpoyJqIcM
            KpFTYVLsOGu5BJL6yWGfMFZ3FH/cwbWxOS11I7nVZVHHrQNRyMt/9vomU7+tpye3
            XW+BESYEyHb7c+8t0zW3Vf7PfBYl434fy5qh3QY1qZPzf0AJeF+am19moebmNmO/
            ZEi4avaefM7a7ruTbqKJJBMTqfR9Lc/XpTKcmCWyTYu/NGYxJn3CPaXoxyd94PVi
            UD0caq8xdoDsszlI/iCv0A83CXV8THOT0Ak+vaMYLJ9FsxlTyL8ApcrhV3X7pgTT
            GOCtPTe5cq1PxIyWnzynBwwbc9iIVduXgrjkbTZrri78T6ySGoj+G4m2CpXFibV5
            QLoom4t13UROPrFpiPlwHb/yMYIds32FhFuW8wEzd8LXal2U1TgRYu0qa6GmGRqy
            qkPGuKIZb6ahtJm7rRN6Kd8CuUQo3pV+YwX2ljHde8H3tDeUJijJPAgwZVk5kXLU
            aAEJAhBA2OUNkgAOFcVgrrym90PW+PnTP2oFLwngZIg5izvCyhTXRoL7D1j/blhx
            1EDzHzqQKmNoEN46y+sgbJMu9MzjahE7CfcoTCYs3A69eFiD/y6cfY4t/yBMFzWr
            LDYnqh+p0PBC
            =sfsx
            -----END PGP MESSAGE-----
          fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
    encrypted_regex: ^(data|stringData)$
    version: 3.7.3
--- a/cluster/apps/harbor/helm-release.yaml
+++ b/cluster/apps/harbor/helm-release.yaml
@ -0,0 +1,85 @@
 apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
  name: harbor
  namespace: harbor
 spec:
  interval: 5m
  chart:
    spec:
      chart: harbor
      version: 1.14.x
      sourceRef:
        kind: HelmRepository
        name: harbor-charts
        namespace: flux-system
  values:
    logLevel: debug
    expose:
      type: clusterIP
      tls:
        enabled: false
 #        secret:
 #          secretName: wildcard-main-tls
 #          notarySecretName: wildcard-main-tls
 #
 #      ingress:
 #        hosts:
 #          core: oci.${SECRET_NEW_DOMAIN}
 #          notary: charts.${SECRET_NEW_DOMAIN}
 #
 #        annotations:
 #          cert-manager.io/cluster-issuer: letsencrypt-production
 #          traefik.ingress.kubernetes.io/router.entrypoints: websecure
    persistence:
      persistentVolumeClaim:
        registry:
          existingClaim: harbor-pv-claim
          subPath: "registry/"
        jobservice:
          jobLog:
            existingClaim: harbor-pv-claim
            subPath: "jobservice/"
 #        trivy:
 #          existingClaim:
 #          subPath: "trivy/"
    imageChartStorage:
      type: s3
      s3:
        bucket: harbor
        existingSecret: "harbor-secret"
        regionendpoint: https://s3.seanomik.net:9000
    notary:
      enabled: false
    trivy:
      enabled: false
    database:
      type: external
      external:
        host: "postgresql.database"
        port: "5432"
        username: "k3spostgresql"
        existingSecret: "harbor-secret"
        coreDatabase: "harbor-registry"
    redis:
      type: external
      external:
        addr: "redis-master.database:6379"
        username: ""
        existingSecret: "harbor-secret"
    metrics:
      enabled: true
      serviceMonitor:
        enabled: true
--- a/cluster/apps/harbor/helm-repository.yaml
+++ b/cluster/apps/harbor/helm-repository.yaml
@ -0,0 +1,8 @@
 apiVersion: source.toolkit.fluxcd.io/v1beta2
 kind: HelmRepository
 metadata:
  name: harbor-charts
  namespace: flux-system
 spec:
  interval: 1m
  url: https://helm.goharbor.io
--- a/cluster/apps/harbor/kustomization.yaml
+++ b/cluster/apps/harbor/kustomization.yaml
@ -0,0 +1,9 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - ./namespace.yaml
 - ./harbor.sops.yaml
 - ./harbor-pv.yaml
 - ./helm-repository.yaml
 - ./helm-release.yaml
 - ./harbor-ingress.yaml
--- a/cluster/apps/harbor/namespace.yaml
+++ b/cluster/apps/harbor/namespace.yaml
@ -0,0 +1,6 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: harbor
  labels:
    name: harbor
--- a/cluster/apps/kustomization.yaml
+++ b/cluster/apps/kustomization.yaml
@ -10,5 +10,6 @@ resources:
 - ./irc
 - ./monitoring
 - ./default
- ./game-servers
+#- ./game-servers
 - ./dev
 #- ./harbor