Compare commits
2 Commits
main
...
feat/separ
| Author | SHA1 | Date |
|---|---|---|
 SeanOMik
|
bf7a1822bf
|
|
|
SeanOMik
|
60226b3ca9 |
|
|
@ -15,17 +15,17 @@
|
|||
//"schedule": ["on saturday"],
|
||||
"flux": {
|
||||
"fileMatch": [
|
||||
"(^|/)kubernetes/.+/.+\\.ya?ml(\\.j2)?$"
|
||||
"(^|/)cluster/.+\\.ya?ml(\\.j2)?$"
|
||||
]
|
||||
},
|
||||
"helm-values": {
|
||||
"fileMatch": [
|
||||
"(^|/)kubernetes/.+/.+\\.ya?ml(\\.j2)?$"
|
||||
"(^|/)cluster/.+\\.ya?ml(\\.j2)?$"
|
||||
]
|
||||
},
|
||||
"kubernetes": {
|
||||
"fileMatch": [
|
||||
"(^|/)kubernetes/.+/.+\\.ya?ml(\\.j2)?$"
|
||||
"(^|/)cluster/.+\\.ya?ml(\\.j2)?$"
|
||||
]
|
||||
},
|
||||
"kustomize": {
|
||||
|
|
|
|||
|
|
@ -3,20 +3,20 @@
|
|||
version: "3"
|
||||
|
||||
vars:
|
||||
CLUSTER_SECRET_SOPS_FILE: "{{.CLUSTERS_DIR}}/common/bootstrap/flux/sops-key.sops.yaml"
|
||||
GITHUB_DEPLOY_KEY_FILE: "{{.CLUSTERS_DIR}}/common/bootstrap/flux/forgejo-deploy-key.sops.yaml"
|
||||
CLUSTER_SECRET_SOPS_FILE: "{{.CLUSTER_DIR}}/bootstrap/flux/sops-key.sops.yaml"
|
||||
GITHUB_DEPLOY_KEY_FILE: "{{.CLUSTER_DIR}}/bootstrap/flux/forgejo-deploy-key.sops.yaml"
|
||||
|
||||
tasks:
|
||||
bootstrap:
|
||||
desc: Bootstrap Flux into a Kubernetes cluster
|
||||
cmds:
|
||||
- kubectl apply --server-side --kustomize {{.CLUSTERS_DIR}}/common/bootstrap/flux
|
||||
- kubectl apply --server-side --kustomize {{.CLUSTER_DIR}}/bootstrap/flux
|
||||
- sops --decrypt {{.CLUSTER_SECRET_SOPS_FILE}} | kubectl apply --server-side --filename -
|
||||
- sops --decrypt {{.GITHUB_DEPLOY_KEY_FILE}} | kubectl apply --server-side --filename -
|
||||
- kubectl apply --server-side --kustomize {{.CLUSTERS_DIR}}/{{.CLUSTER}}/flux/config
|
||||
- kubectl apply --server-side --kustomize {{.CLUSTER_DIR}}/flux/config
|
||||
preconditions:
|
||||
- { msg: "Missing cluster sops key", sh: "gpg -K 687802D4DFD8AA82EA55666CF7DADAC782D7663D" }
|
||||
|
||||
reconcile:
|
||||
desc: Force update Flux to pull in changes from the Git repository
|
||||
desc: Force update Flux to pull in changes from your Git repository
|
||||
cmd: flux reconcile --namespace flux-system kustomization cluster --with-source
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
version: "3"
|
||||
|
||||
vars:
|
||||
CLUSTERS_DIR: "{{.ROOT_DIR}}/kubernetes"
|
||||
CLUSTER_DIR: "{{.ROOT_DIR}}/cluster"
|
||||
|
||||
includes:
|
||||
flux: .taskfiles/Flux/Taskfile.yaml
|
||||
|
|
@ -12,7 +12,3 @@ tasks:
|
|||
execPostgres:
|
||||
desc: Exec into the postgres pod as the postgres user
|
||||
cmd: kubectl -n database exec -it postgresql-0 -- psql -d postgres -U postgres
|
||||
|
||||
execMysql:
|
||||
desc: Exec into the mysql pod as the mysql user
|
||||
cmd: kubectl -n database exec -it mysql-0 -- mysql -u root -p
|
||||
|
|
@ -1,4 +1,3 @@
|
|||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
|
|
@ -11,21 +10,18 @@ spec:
|
|||
chart:
|
||||
spec:
|
||||
chart: authentik
|
||||
version: 2024.10.4
|
||||
version: 2024.6.0
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: authentik-charts
|
||||
namespace: flux-system
|
||||
dependsOn:
|
||||
- name: redis
|
||||
namespace: database
|
||||
values:
|
||||
global:
|
||||
env:
|
||||
- name: AUTHENTIK_HOST
|
||||
value: http://authentik-server.authentik.svc
|
||||
value: &host "auth.${SECRET_NEW_DOMAIN}"
|
||||
- name: AUTHENTIK_HOST_BROWSER
|
||||
value: "https://auth.${SECRET_NEW_DOMAIN}"
|
||||
value: *host
|
||||
- name: AUTHENTIK_SECRET_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
|
|
@ -55,7 +51,7 @@ spec:
|
|||
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
hosts:
|
||||
- &host "auth.${SECRET_NEW_DOMAIN}"
|
||||
- *host
|
||||
paths:
|
||||
- /
|
||||
pathType: Prefix
|
||||
|
|
@ -88,7 +84,7 @@ spec:
|
|||
enabled: true
|
||||
environment: "k3s"
|
||||
postgresql:
|
||||
host: "postgres16-rw.database.svc"
|
||||
host: "postgresql.database"
|
||||
name: "authentik" # database name
|
||||
user: "authentik"
|
||||
redis:
|
||||
|
|
@ -3,7 +3,6 @@ kind: Kustomization
|
|||
resources:
|
||||
- ./namespace.yaml
|
||||
#- ./network_policy.yaml
|
||||
- ./postgresql/ks.yaml
|
||||
- ./postgresql
|
||||
- ./redis
|
||||
- ./minio
|
||||
- ./mysql
|
||||
|
|
@ -30,13 +30,13 @@ spec:
|
|||
|
||||
primary:
|
||||
persistence:
|
||||
existingClaim: "postgresql-pvc"
|
||||
existingClaim: "postgresql-pv-claim"
|
||||
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 655
|
||||
runAsUser: 10000
|
||||
|
||||
readReplicas:
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 655
|
||||
runAsUser: 10000
|
||||
|
|
@ -8,7 +8,7 @@ spec:
|
|||
chart:
|
||||
spec:
|
||||
chart: pgadmin4
|
||||
version: "1.33.2"
|
||||
version: "1.26.0"
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: runix-charts
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: postgresql-pv
|
||||
namespace: database
|
||||
spec:
|
||||
storageClassName: hostpath
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
capacity:
|
||||
storage: 12Gi
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
hostPath:
|
||||
path: "/mnt/MainPool/Kubernetes/databases/postgresql"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: postgresql-pv-claim
|
||||
namespace: database
|
||||
spec:
|
||||
storageClassName: hostpath
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 10Gi
|
||||
|
|
@ -0,0 +1,62 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: pgsql-secrets
|
||||
namespace: database
|
||||
stringData:
|
||||
adminPassword: ENC[AES256_GCM,data:gJ7rl2V/VlbIIRvRHcwMaZKN87t5n8bVWZCj/tRv8Uw=,iv:b/5eEnOrHzJrtnO+E2IGwJLHy2AdJQwv9WfUR5fUHY4=,tag:nTtaDNHVfYpChQX9UWwdKA==,type:str]
|
||||
userPassword: ENC[AES256_GCM,data:gR7q508lUaRDRJ/z5lH99JLJSS9zWfg0O+TAm2B9uvo=,iv:9DDQxwd/BGtLQDacAH/crfT+qU4Pn5sGkWuEtmMprUI=,tag:tK3WoUd7729LQDVqU7pckQ==,type:str]
|
||||
replicationPassword: ENC[AES256_GCM,data:BSA5IfYhhvN445yp2i3BI5zlIXgdj+LejCPzvlTMnVo=,iv:Qku2NAQPLxt+NUnk2dSx1+WAoyx3aEuA3+piU2mubYk=,tag:MnI+atK6VLZUc3eGS1OE1w==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2023-10-22T16:25:15Z"
|
||||
mac: ENC[AES256_GCM,data:uWVPfKwPpR212js7f2RnCzEsMnxk2JpGPcf2L5i4gJCddJCrRJkdhjWGyVVpp/ociP3JLRTI95+WSEUH0KkPZpY1ptQevCVsUemRytOCtBlR0yR4qsBwEisSu8m4B5dbAYsqlXAndrBNL2WGB7uBv+ILgNxkhlN58unseSWJBDM=,iv:e7QyZSlhpyQ+A8OmV4p1848itIUxyam6CJOI9/N7DDY=,tag:N28mfrAjUTTYkly1hu0OhA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-06-19T18:35:15Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMAzKleRwoSoixAQ//aQdUERyq3G7V29F5rpY6LdDgo8+hqrrZvdI3JnON0VUM
|
||||
Tj3AAYg+xvYh8aPQywF9fJvn6qNw8fqrb2GiuuNTa9ZPCFsD+WXbuYHmQ9z6tAtV
|
||||
opXe3QLNBuo9zEtUfGPbaCp8EH7f1TxQsTJoe9iE/1B2S69cHNUdgXZtfQyhpmlG
|
||||
iyAk/G04kPazweIuFNjOYaN/12J/s2Cf5AZUeROkMxg8/GTPO68LeEBz9v4vl/1z
|
||||
JlxmZyXR/9IeoBlO63asDrR85fcvSDb31K4qE3WVkag20bXClv1lehLVKO4bxA/F
|
||||
lW1tXDR3odC9Ozme884Znd05L0NWkzYKYRta198IV6JuSCeMdjTscGGlMM9wqqKz
|
||||
SZgs81FHXT16YCVupfI22CqMiD0EzQXrGEtJ4NqaBvhZu+MDxszNRzIl73b0HANc
|
||||
8JQqQqOJh7ltrWnf39Xlv73yVC/pYbaV1LWGnMfqWvOcksa9QjOH9Ysfj/RxdaMw
|
||||
VQhydU+21+xeuEQBL7OsiJQUzgJjFREnTRPXcorCtWxocCn5zwdct1SFchFzCOTp
|
||||
H0ubpD+MP4RTWxuYbZRhE5ty6GJU9liRH7dUJtVaQiv8V+G1DungTqq36AbbnHzd
|
||||
9cy+4cM3wZx2VYElL7DBom8nqqm7Xhffr0UaaY8VFuV5bBry3BmM5rOr8vDYqf7U
|
||||
aAEJAhC/4yiBMuhEB+fwXIq/dBjMzW+p8SotK2QK03yaTFQchnBDknwVdqcKQxIZ
|
||||
di3kupnjB+KllWOZhl121tT9L35ymL53BUu1FKCTFdIS2wXxy6UlIS98n0bvWJYN
|
||||
c5WTfk81xmbT
|
||||
=UE14
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5
|
||||
- created_at: "2023-06-19T18:35:15Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMAy5t8IMoPu4VAQ/9G2JDsJw6YJMjstWPrv07tnU0ErWZx5WGcNUGhw6T5tOJ
|
||||
kXCAuaZax8NxoTtZnQ9Cd+WgJr7R0FuVPEPTc4G2RsfntSZq5rBgCpT0fgwyASFX
|
||||
64b6YTbLcCL+G6sg/FwIi9SRqqCsaljATjoU685vrjaxYYfAdhyUoM3qSNjMMaMl
|
||||
zVjn0kbWrQn4GqfuRMqcr+zCIQdHNTTJ12+c6UUo/zJp4zzjA68Yur9aiw1iHtR1
|
||||
rYCPHX2/ZmQjADTHXqwpuMdb5j0VDcd5JcZabdcJkhn/6MRJiN+XryZN/Neq9UbF
|
||||
5WrMaZz5v0iRnMUCr8HMw29P0ttu5Sma+RyCOZuWlpsXj+C84pJ8CjBbFhzSJzGP
|
||||
cKI8Syn0CPLN3X6vKs+LJXEHg1jxJ9kuN+RgW+SQRctUX3A0JtFg2tWplkptNtLl
|
||||
hN5rW+fWxk7BV9dP7wouwVJiKcW3Y/OMCF5H8YHwL/KVHvANBwNM+nmFPrHaqN2s
|
||||
0RghznmZMVG+9IYedSM6d8ZJLnO/QsNTE0QTGM/3dmBAn9jcndCLTgcgThAtvcmw
|
||||
lFJYaMN3W455Cccaif93xnb44yn47actgEuM6GOuP15GGJaHD2iBQ2atHcaQhNQR
|
||||
mxhIIouu+Kaa6g34MA/VGDNoN0eNYI5RZIUSSBl7bgaOXs9/3j1Uvap9yesCaOTU
|
||||
aAEJAhDDqjX7RUazeEByAiKjv5TxpQzsi8gR4zyrhf6tTx34jHzQNoVjYEtLMEVl
|
||||
ZlAJ06RoxOj8O6+8RGYd/ZUE+TQPQ4jx+PgWrZPUQx8TSxevuduw5XZ1lKytUSCZ
|
||||
GFDjOxp0lMGV
|
||||
=LHSB
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.8.0
|
||||
|
|
@ -8,7 +8,7 @@ spec:
|
|||
chart:
|
||||
spec:
|
||||
chart: redis
|
||||
version: 20.3.x
|
||||
version: 19.5.x
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: bitnami-charts
|
||||
|
|
@ -0,0 +1,65 @@
|
|||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: nginx-cdn
|
||||
namespace: default
|
||||
spec:
|
||||
interval: 5m
|
||||
chart:
|
||||
spec:
|
||||
chart: app-template
|
||||
version: 1.3.x
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: bjws-charts
|
||||
namespace: flux-system
|
||||
|
||||
values:
|
||||
image:
|
||||
repository: oci.seedno.de/seednode/nginx
|
||||
tag: latest
|
||||
|
||||
args:
|
||||
- -c
|
||||
- /config/nginx.conf
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
http:
|
||||
port: 6544
|
||||
|
||||
probes:
|
||||
liveness:
|
||||
enabled: false
|
||||
|
||||
ingress:
|
||||
main:
|
||||
enabled: true
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
hosts:
|
||||
- host: &host "cdn.${SECRET_NEW_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- hosts:
|
||||
- *host
|
||||
|
||||
persistence:
|
||||
data:
|
||||
enabled: true
|
||||
type: hostPath
|
||||
hostPath: /mnt/MainPool/Kubernetes/cdn/data
|
||||
readOnly: true
|
||||
mountPath: /data
|
||||
config:
|
||||
enabled: true
|
||||
type: configMap
|
||||
name: nginx-cdn-configmap
|
||||
|
||||
resources:
|
||||
requests:
|
||||
cpu: 1m
|
||||
|
|
@ -0,0 +1,123 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: firefly-env-secret
|
||||
namespace: default
|
||||
stringData:
|
||||
ALLOW_WEBHOOKS: ENC[AES256_GCM,data:qdisaso=,iv:rT7WID3kRMPEGmWJepNmrj1tutxsT5Arw5AN9oVFoXE=,tag:jkYkRaGLEB3iBEjEVIAVCg==,type:str]
|
||||
APP_DEBUG: ENC[AES256_GCM,data:Jyo8QmI=,iv:Gq2Ldh+H+oturcglphQb7ERHX8jD/5j01qtEJDRPAn4=,tag:m96oouPtT9J5zQHPs2QaVw==,type:str]
|
||||
APP_ENV: ENC[AES256_GCM,data:19kiyms=,iv:KLwsQOsDvg/7f18FEsg+e2rgnXSbsxwSNbItmgLGy8M=,tag:mUX/UeXFi0eeZ68bsJpq8Q==,type:str]
|
||||
APP_KEY: ENC[AES256_GCM,data:PI70apm/K8/1el4lW3KR6wLgBDgj0YAQ6KwngqxSv2Y=,iv:S7xrpAeY3wM3moCL/i5R045yst7Zz8ahXbLyNfvacZ0=,tag:hOXR1kKdxVoQxZyjZu+ajg==,type:str]
|
||||
APP_LOG_LEVEL: ENC[AES256_GCM,data:ZwJTcn8y,iv:wk+jX9Zp1TTn1EHv0OLgt+0alm5JBHdWcEtIn1dTI6o=,tag:gR1Ls7dFGyt4hKGiwLU5wQ==,type:str]
|
||||
APP_NAME: ENC[AES256_GCM,data:yfd2OQk6NvjKcA==,iv:jLL2Dt0YlWODwCKSnqR1yuSWJsKySQNZY/pEfxi5jJM=,tag:XoHlMsMuRG6S4Wm0PVjtBA==,type:str]
|
||||
APP_URL: ENC[AES256_GCM,data:+bveNLjanPPMkoMrDO4KsA==,iv:xQWHzRKBMBumi2bFCUKoWLRiuNNV3HQLv1WGEiZ6RRg=,tag:h9IF4XwIK2P8sB4V1Su5Ug==,type:str]
|
||||
AUDIT_LOG_LEVEL: ENC[AES256_GCM,data:OA7nqw==,iv:9BcE5Bf9QDf3kzA4Xbf0XkbkFjGAv6id7vdSI12wRm8=,tag:QN7o1eEbGSTvrGGBzzouSg==,type:str]
|
||||
AUTHENTICATION_GUARD: ENC[AES256_GCM,data:wsQZSzAP0hE4o9DAwNtwSEM=,iv:U6513HaOzDDlCehFuSs8ey0KFWup9S8tAYiSX89EyNg=,tag:i5q9W6uglFZ9bKc2f4QPvQ==,type:str]
|
||||
AUTHENTICATION_GUARD_HEADER: ENC[AES256_GCM,data:0GfWuR+1RhLsED/T5iEDYV3tkmx2wA==,iv:x/6xxFAv5+J8e55a9JnIZ49v/FJRL066rSf2bBxhHHU=,tag:hAhhsDDMeM29b8iMx3xwqA==,type:str]
|
||||
BROADCAST_DRIVER: ENC[AES256_GCM,data:2iYs,iv:5oeuA+08uDRSJyLwwkdFC2q4LZKNs2OSoQjsnIX0aYY=,tag:m2ybfxtY98j39sBnax7IVA==,type:str]
|
||||
CACHE_DRIVER: ENC[AES256_GCM,data:2lv9YGE=,iv:xuk6ih2wApMuWJIlm9clwYCnMR973lG7EOHDUZtlDvc=,tag:cdEh6/zAZ+7IcQMvHojgXQ==,type:str]
|
||||
CACHE_PREFIX: ENC[AES256_GCM,data:OS/jr/Qo5A==,iv:wLeRO4uAo+HHB/1tK3m4MEeefmMRTc0+aTYuUGGrYyg=,tag:8cv8oxfwMkTeZ8+JsCoWVA==,type:str]
|
||||
COOKIE_PATH: ENC[AES256_GCM,data:pQ==,iv:5QR02hlvi9n/gl6LLdSR2HSybzohlCisq51+QzUJv1k=,tag:hpwUD0ctU0pX7S+V6UNz/w==,type:str]
|
||||
COOKIE_SAMESITE: ENC[AES256_GCM,data:HNlS,iv:f/kbAOVyWFEH6yKr+N3zM+9tNQQCpQA7/iKAg8ejFdk=,tag:g1rmzfnWSYIzxFJA0l/uUA==,type:str]
|
||||
COOKIE_SECURE: ENC[AES256_GCM,data:fxJkE2M=,iv:0JXgzyybtMtIgxh6VSwAS5oehpVMFkLKvJFOBDcwhVM=,tag:RAhNUuJKOho6bvXJyNT6cg==,type:str]
|
||||
DB_CONNECTION: ENC[AES256_GCM,data:Y7b+kts=,iv:1vZBNoO4O0Z8LPH3ZPSDpx49jtbQOEl6+BitbKyat4A=,tag:eOUpSlZGZKM0LPHdZMjb+Q==,type:str]
|
||||
DB_DATABASE: ENC[AES256_GCM,data:1rRtAXfMaA==,iv:vErtoqpi1KsHVL0nQ6x2MVNe6JCKxjCxivXXjtUT6Uw=,tag:AYxHWADlGq4NHbcVx8QcHg==,type:str]
|
||||
DB_HOST: ENC[AES256_GCM,data:sjYDEi8q4bAgpdnxin6yDBtNJw==,iv:6rxqBNvXSsE+2oxWbwiztmlxtKP8C0aeYMdmuGTyF/g=,tag:lRB3EwV4vwa64CI3xqi2lQ==,type:str]
|
||||
DB_PASSWORD: ENC[AES256_GCM,data:PeysFTbHeZHTnkn0XlJ58AMZbS3EzANUQ8UnhQXRIoU=,iv:NM8c3dx8TlQkPVJGECnyg2L6JM7CQwlx/LQ59x15dY0=,tag:xuLow/AXp+yOUm4hO2527g==,type:str]
|
||||
DB_PORT: ENC[AES256_GCM,data:yXp98w==,iv:a/jbQI7/3QMKaSJRiZGhdYBzdIzyNA0M3sL83bD/1is=,tag:PxauXvxyQlNo8EaFMzdjKg==,type:str]
|
||||
DB_USERNAME: ENC[AES256_GCM,data:UOz2K8KusA==,iv:75KRLL7F0mtzESvfvVaIJiBqAz1i8JIcS2VwAMm3KVE=,tag:HmjzrLg4hLuAjQ88U3CDbw==,type:str]
|
||||
DEFAULT_LANGUAGE: ENC[AES256_GCM,data:U2qo/Z0=,iv:duSb5g58hXy+BjmU51cWVc2APmz/THtQrmfKyWJL8Xs=,tag:3578FhaZxtyLXjFOJA7sVQ==,type:str]
|
||||
DEFAULT_LOCALE: ENC[AES256_GCM,data:DX3VePo=,iv:d3P66DEPoI3yiZj00YaYVEsu9zCSQ+Nz0vCOxJjfkNk=,tag:JNeGcODHleBBOJrewOWq2w==,type:str]
|
||||
DISABLE_CSP_HEADER: ENC[AES256_GCM,data:mS45ZNE=,iv:7twp7yAggJfGDKnoqoi4OY97uMQuOq1Y3y6LFst9qFY=,tag:mselnIDI/OzNplWsdq2YlA==,type:str]
|
||||
DISABLE_FRAME_HEADER: ENC[AES256_GCM,data:lIO+3IU=,iv:/jCBrh9pxsNouU+glpvXqEXI3veHsqaHWkSDEJcJzHI=,tag:JHWUyPl6Ir+XczlkEm/xsw==,type:str]
|
||||
DKR_BUILD_LOCALE: ENC[AES256_GCM,data:43nBSlc=,iv:pylnsBF4HORItmtHxLxaXjojdyazm1rseMtqgTwwX8k=,tag:mi7eWamr3l/H+foZUJYsJg==,type:str]
|
||||
DKR_CHECK_SQLITE: ENC[AES256_GCM,data:TssvPA==,iv:N6kVxo9w7pjUy5PSt0nF3yPS7imaKaWbizPZdMv7rKQ=,tag:DpWzkfkFbFaQpuLTirsP1g==,type:str]
|
||||
DKR_RUN_MIGRATION: ENC[AES256_GCM,data:6+nNEA==,iv:TxFrPKxoaN/neoRK09F5SJswfh+ULHw/tFQz+ouOOsU=,tag:UsMPAYDhgccBtBUAXxTNaQ==,type:str]
|
||||
DKR_RUN_PASSPORT_INSTALL: ENC[AES256_GCM,data:rA1uHQ==,iv:TKV5pRA65C8FNHOrpzx90qA7maX5ld3aLCv/PrQamII=,tag:bqtT9pqHILiV1AEzkkYk5Q==,type:str]
|
||||
DKR_RUN_REPORT: ENC[AES256_GCM,data:bqE/+A==,iv:PWlGji8/zVoosDeoWaTG4f9rDJwKOilwENI1JtzatPA=,tag:cHCeTgnB7c0TZ+9bSxFW4A==,type:str]
|
||||
DKR_RUN_UPGRADE: ENC[AES256_GCM,data:76w+1w==,iv:XZwFW5WoWRBhfgM8Jf71IAEsWJxaWj6nmzh4arjV9IY=,tag:wm49cS3mMPPj0l7rNRm7nA==,type:str]
|
||||
DKR_RUN_VERIFY: ENC[AES256_GCM,data:GE3u0A==,iv:hZc9+yCN781Hm/M6UrzAnFELJopG/m0PTaHCwJuK4Ic=,tag:SwJ/ujTY9VsrS8payg5FbA==,type:str]
|
||||
ENABLE_EXTERNAL_MAP: ENC[AES256_GCM,data:jwbL3WE=,iv:EmuPlxlldYIK57w44oeiOUx4dNUx88avn/MXGw0khqk=,tag:6UqgxY3eTE/DQ4znx5NNzw==,type:str]
|
||||
ENABLE_EXTERNAL_RATES: ENC[AES256_GCM,data://NWaSg=,iv:l1k7TLg2d4impHiGyHtVmXFBpHSK1X+MIIMEvqHmFCc=,tag:7FX96H6R+ez0corFjpzoWA==,type:str]
|
||||
FIREFLY_III_LAYOUT: ENC[AES256_GCM,data:KGo=,iv:xvBorcd8fPvlGYeomuexZBtORPc7LJRII9pYP1ZNBsg=,tag:ibFX6k0a12rXElxRODc1YA==,type:str]
|
||||
IS_HEROKU: ENC[AES256_GCM,data:Ffu4Sro=,iv:Q5txv1a/DcH+Utlr12zQJUBy4vlcdxcHFsNDWuWVOeU=,tag:NTay0IKz6s7a9dFpx1BZ+w==,type:str]
|
||||
LOG_CHANNEL: ENC[AES256_GCM,data:Njfav/E=,iv:xwccazZYrtARU7xKooAnBKJcCDJH5xUSN0C+nIs8Pos=,tag:jI3pelMMZQQ37uuUmUmENQ==,type:str]
|
||||
MAIL_FROM: ENC[AES256_GCM,data:ILVOrph55Ku8pIfsHtU8DjMuUjo=,iv:c4wzRvDugyRUbKZKq/fgQ2eP3CJ1wJzkQo89tBCZ0WU=,tag:tx2lUsnCBbYIk0h4gL/CBA==,type:str]
|
||||
MAIL_MAILER: ENC[AES256_GCM,data:rdoZ,iv:NBi4YtbtTkDJHQmXBu9lGUfCWhfRgtYLI3UCayMpq2k=,tag:o+cXYLXlJ0bWVQAPr85CJA==,type:str]
|
||||
MAIL_PORT: ENC[AES256_GCM,data:lffjiQ==,iv:GsZWiMZGuhpPJfX6vPcr3PKuq2YXS3oQ8v8NojufyKk=,tag:rHcfDoLZdU5wCQR4g/qV6A==,type:str]
|
||||
MAILGUN_ENDPOINT: ENC[AES256_GCM,data:rrw7Rwjo//tdEyxN98pE,iv:3aeAQM4RV5hDFfZ08voXgk7IrejoM8YACluo75AmRrE=,tag:cAmTiI0vPAnY7NX+YlM6Og==,type:str]
|
||||
MAP_DEFAULT_LAT: ENC[AES256_GCM,data:i8I6LaPPLFoi,iv:sG6dP5GS2G6kGXEsn8P3KJmyEThJ73WIN2gkMJwNDBA=,tag:uefjbg5pZdIIONBklcsSyw==,type:str]
|
||||
MAP_DEFAULT_LONG: ENC[AES256_GCM,data:+ESO4h6cGSE=,iv:hAFNmDfc6XWnQbpLQXjUsdZSOwPu964MlFBXYsNr9O0=,tag:iXfs5Z+Ojojzp2H2u1kHxA==,type:str]
|
||||
MAP_DEFAULT_ZOOM: ENC[AES256_GCM,data:zw==,iv:soYKokimSKxSS0x9nM7GcZfpXtwxjuXVls+KFh61w30=,tag:ryX2Rj1TakKRfynh7bFEtw==,type:str]
|
||||
MYSQL_SSL_CAPATH: ENC[AES256_GCM,data:Mo68CXbhV7kK5ZGi5MS8,iv:pVKSl5Tu8xzZVk4FX0DIA3vpVYZ9V0RXtfkoUTYeAAU=,tag:bez1DYHFlOn5TZ/oz7F6fQ==,type:str]
|
||||
MYSQL_SSL_VERIFY_SERVER_CERT: ENC[AES256_GCM,data:DT7Jow==,iv:ZEOzfc0IepdvDNo2vWanOsYAT4EGLvFnSpL8qiiOwes=,tag:eEilJ8cwgCer7H/8qpDPgg==,type:str]
|
||||
MYSQL_USE_SSL: ENC[AES256_GCM,data:rsKgGpE=,iv:nEJbHiaqOvVauAtCyL6uvfmkAmgvjjSFb28L3/j1PmU=,tag:6d5whsZ30buXkc0W4+5JIg==,type:str]
|
||||
PGSQL_SCHEMA: ENC[AES256_GCM,data:pmFdRyiy,iv:mYXXlj7R7T3RTuK7QNRKiY6HwCezQYaMpn6de0st+FA=,tag:xFs7kAnFuRjDVRjKyyrJOw==,type:str]
|
||||
PGSQL_SSL_MODE: ENC[AES256_GCM,data:/spE//X3,iv:qCBP7fJVFixBrB1ApGti1Nq0S87RcVxpHqmPBW9GuWU=,tag:MyCEseplfPX9PNdoqGLvmw==,type:str]
|
||||
QUEUE_DRIVER: ENC[AES256_GCM,data:tTmRSg==,iv:2KdDPsJ9PlyHsVsFdknC7A4cShE5bBBpRxWslF/0wgY=,tag:7QN0MlfyoDyukmAgmgQvxg==,type:str]
|
||||
REDIS_CACHE_DB: ENC[AES256_GCM,data:9w==,iv:MKfWJO941vxlJ0VP/0ob9JeFnHkI+okOkd/ifxkbKTA=,tag:PyyjVTRCUSvZxpHekP9ENQ==,type:str]
|
||||
REDIS_DB: ENC[AES256_GCM,data:Bw==,iv:h3v/+cO1W7eGDAGjVtgeDh8UekMg+ZvIRkNZx+iE/Es=,tag:nF143FAtE181ZJfAjtau7A==,type:str]
|
||||
REDIS_HOST: ENC[AES256_GCM,data:7hVDI2P+443UGlw/jyBFmNTDBM2p,iv:sbLD+/wdDEiKYpR3ttrey6HTlI5n76trH3wZjU7s3uQ=,tag:qZP1nb9+tOr7Lm4i9HR4wg==,type:str]
|
||||
REDIS_PASSWORD: ENC[AES256_GCM,data:/i9UM5Cx6h61xbDQ//ocmW1BtmT0LILnwwemOwaTTkw=,iv:FINFRW1006Ljnb1JSi+Ctae3Jw9xR5EW73Ut8FCNfHI=,tag:+6raDqY1TgQQgbkcCcbCLg==,type:str]
|
||||
REDIS_PORT: ENC[AES256_GCM,data:ME1O4Q==,iv:FhqTqv645wnhhQdGW0IsemeXOlJuCKjbMa3tBw0kueI=,tag:b7TdkDklkFwE/X3lE6XZGA==,type:str]
|
||||
REDIS_SCHEME: ENC[AES256_GCM,data:puE6,iv:XvOpz9QO7Fn14bbHT8L2p0HquNxIzxomN3Bg3K2NOQY=,tag:qerZcGVGKXW+YAyj6RK9Tg==,type:str]
|
||||
SEND_ERROR_MESSAGE: ENC[AES256_GCM,data:9xoXVw==,iv:m20IvyDsNzw7v3U8Ai34MhhxrIUGnU3OK9LHwZAdlJo=,tag:BgrhqBiqc9RYo9EzOCvSsw==,type:str]
|
||||
SEND_REPORT_JOURNALS: ENC[AES256_GCM,data:+ErZjA==,iv:dcrc2+U7MoSBQ3b7w2qe0wIb50AbLDQ8/N9TK03ub5o=,tag:ub6+5g77qZxq8IjxDmk7og==,type:str]
|
||||
SESSION_DRIVER: ENC[AES256_GCM,data:QlF9bSQ=,iv:I1cjDE4EFVG166ISZaNuM0eFMs6U55y7LUl2cVIONrI=,tag:VxKEC67A3Y0IRNKJ/nZV0g==,type:str]
|
||||
SITE_OWNER: ENC[AES256_GCM,data:KbzTQ/QdlMmxnSDr1mCo4EG9,iv:287MEAzZFE3+zp3bWWA5Y2u3w7iQH+7AAZ812I4Elx0=,tag:TlljmsgLww7EJIBMdDrKvA==,type:str]
|
||||
TRUSTED_PROXIES: ENC[AES256_GCM,data:cAU=,iv:MBL/z8pmM2CxlDT1sY4my2gC3jsDo6O1NSa11w3en5U=,tag:zqzHOR69HT3+U7tQOFQQSw==,type:str]
|
||||
TZ: ENC[AES256_GCM,data:45gLKxH0OsAfMPkgnjKgWQ==,iv:P9CUovVI4WSfZi1nyFHVzHJ7Oioai1FUZRcgBNhQb64=,tag:S7IF8Oxg7hYNcT0mcgkg7Q==,type:str]
|
||||
STATIC_CRON_TOKEN: ENC[AES256_GCM,data:1xck+8s3ifQmregeKU6891pErxZy86fO0I6XPE83l3o=,iv:XSsCSJkkGwG12f2lhd6IDl07OLVCW8J/945acFP99lA=,tag:XNxSQGyHvR/6/A3EVT69gg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2023-06-17T19:05:29Z"
|
||||
mac: ENC[AES256_GCM,data:GWtQz5/wKpk38ZYLwn+kGyCT8hFo2SmoaI9vuEFju6N9ipJW1MNQONqTx/Qa8Cje8pT7xIxdoTf+23PaFG91v/gcilMCYjE+OFnVBk80d6ZBTXiSmoQ0DYO3hWiXyMfXTJ1OPqExOkY09QSAfXOrN0JphnWpPNZnaVuxMJZS/Og=,iv:/QbEi6hhsPpeSa5bOxPObP8UUpAwA/I6wU8VXQ6NcOc=,tag:FYYj1y/zTl82SVva0oauuA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-06-19T18:36:01Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMAzKleRwoSoixAQ//So248m5bmfJG0gp5ZIAK2dVhH44xEg/6yzZ6TC9W4px2
|
||||
SPqB+gmwswX64NGcGZQ8LQZExyy2poxh7lfQHIdsv2QSTbf0vmOZqG9L7Fv/DSU0
|
||||
EnUpt04K1yyVyW09tlcE/SIyMy9HhWyH0vZfwqHc/pHnaAhZKEuBH+kFiNPz4Bfd
|
||||
xtXeieOGYV9ois2vM2NFNohEagrkbpMb8ZEOrWlB8+ZJZhkIeNc2kA+w0n0TEEtR
|
||||
WefrBwear6YloK89hEfWRdJYksfKvOsU7U+L6MKpMxqGBIpLIV5kTifRAt8pdrNX
|
||||
m7MY/laTWcqTp1VXUMZQUq+tCa/jjIh4MDvmzGcrRfhSLDvkFz8W43yHvy/hTKgc
|
||||
nes55vhrWK9ABcZ5sZ3xdfH3ys3tODUsUkaLALaCbXUdg15cQRwvdNkgHou/oY26
|
||||
jAc38EpeBEtIpkH+nBHLgbflFkElqOcpcS/5OR4mL0dGQ0EhhYTzxES+jcVYg9ka
|
||||
Na163uPvhNnFNMUACKsDU/u2WngU8B5ISjlsiX9EkbKqDgHrLSJywKcoYESgnU/K
|
||||
q+24HIFH8cmghRYJZ7SXDahsEw8VrcqQEWTSMM4YnwJeBZH9pjeUK6RySLHxK9F7
|
||||
rK2djzc6so2Lk/AhYot9FNNwXWqrBKQq7kjFF8Mr6ALydZgst/tSBPtpTxpADZDU
|
||||
aAEJAhDuDefWmaUMfyK+B21JoUTJtAp1icQZrIFg+mTH+qDWPXdpM1qsaci59aq/
|
||||
vkML3TwjiytUNRMVORlLPv2z8adUuXIgPx8yEclTxCDKM3bqIfVs1xj2GAItyO4K
|
||||
XYBV8oIdHegO
|
||||
=GI4b
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5
|
||||
- created_at: "2023-06-19T18:36:01Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMAy5t8IMoPu4VARAApwoZ01GS0soprXAf20Ye1XQVLIFvIuYjub01ibNZmb3m
|
||||
uJiPyClzMqcjy6TKWvCc6sT1W5DQ3aY9E1ARhgwR/yaIZ31WvNcnLczaOACHPlaW
|
||||
7e4o9tauN8CYpQqPmTxDyQehKe1EbWqq+63FRAUV0+9qEY/ACCwNtv1HCa2dgyto
|
||||
0I6v/BmW+KJ10iGCsRv8g5IgPSjYT66a2fsDg24kjtqygHwZ5BPe6xUBJ7zxCmVT
|
||||
z/3WKaNx5Rdv8l45QQcl2fe1qNNdljJNgowCq23uODcQPJPGEY4wOeYHOlGTKE+E
|
||||
JojnysVUhILhZtTZ5/AcP36RCzMDGQX7wYtvwh6bgf4qf4InX8+O/WK3u+jOreUl
|
||||
zbcy/lB7bsQ0usZNPsfy2Qh2LPlziBce9JtkPnWXBwS+lZUCXKDS8pizmj7DZnlo
|
||||
+3L1f26rn21ye/iOyBArzVmqI4QLJzHJI7l6TZgvvv1dZKHyLW5jCHSq4f098roO
|
||||
kIKxRThFvTZ9jqM7uDYGiAsGt1L7p+HJRY5WdAVGEaL8jWADW7jjF8qTF3BJ05A9
|
||||
OgnRxIew6ofB5WeYSrU5dn5di6pTNI6bqHVHbZf3BTrGwdpqsAcniUtDM1FAdU/4
|
||||
QtB7tXNAYV+ZTDez/MMm7l1xKS6FpPbM5ZUtrcv27I51e2HAyYSsj6FNWWyvXEbU
|
||||
aAEJAhCfDkAnvink2rBria46BR0IPWSLaVEpnusa/OED/Xw4EEgiFq3XonPTHaqG
|
||||
iXSfeD0XauMxpLan+YesEv9SRP3ef9iX5OGNwVPpIDlkOyUztBWtf3I7tP2LCf2p
|
||||
/GKlxeQfAlpx
|
||||
=zWYo
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.7.3
|
||||
|
|
@ -60,7 +60,8 @@ spec:
|
|||
port: http
|
||||
|
||||
persistence:
|
||||
uploads:
|
||||
existingClaim: fireflyiii
|
||||
firefly-uploads:
|
||||
type: hostPath
|
||||
hostPath: /mnt/MainPool/Kubernetes/fireflyiii-uploads
|
||||
globalMounts:
|
||||
- path: /var/www/html/storage/upload
|
||||
|
|
@ -1,7 +1,6 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ../../../../../common/templates/volsync
|
||||
- ./env-secret.sops.yaml
|
||||
- ./helm-release.yaml
|
||||
- ./daily-cronjob.yaml
|
||||
|
|
@ -0,0 +1,41 @@
|
|||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2beta2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: huginn-agent
|
||||
namespace: default
|
||||
spec:
|
||||
interval: 5m
|
||||
chart:
|
||||
spec:
|
||||
chart: app-template
|
||||
version: 3.1.0
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: bjws-charts
|
||||
namespace: flux-system
|
||||
|
||||
values:
|
||||
controllers:
|
||||
main:
|
||||
replicas: 1
|
||||
|
||||
pod:
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
|
||||
containers:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/huginn/huginn-single-process
|
||||
tag: 5a1509b51188e0d16868be893c983d6fcfd232a5
|
||||
|
||||
command:
|
||||
- /scripts/init
|
||||
- bin/threaded.rb
|
||||
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: huginn-env
|
||||
- configMapRef:
|
||||
name: huginn-env
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: huginn-env
|
||||
namespace: default
|
||||
data:
|
||||
DATABASE_ADAPTER: postgresql
|
||||
DATABASE_HOST: postgresql.database
|
||||
DATABASE_PORT: "5432"
|
||||
|
||||
DATABASE_NAME: huginn
|
||||
DATABASE_RECONNECT: "true"
|
||||
# Specified in huginn-env secret
|
||||
# DATABASE_USERNAME:
|
||||
# DATABASE_PASSWORD:
|
||||
|
||||
#TIMEZONE: ${SERVER_TIMEZONE}
|
||||
USE_GRAPHVIZ_DOT: dot
|
||||
USE_EVERNOTE_SANDBOX: "false" # set to production
|
||||
RAILS_ENV: production
|
||||
|
|
@ -29,31 +29,14 @@ spec:
|
|||
containers:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/huginn/huginn
|
||||
tag: 0533a3768537f7a6a157227bfd9a9caefada768f
|
||||
|
||||
command:
|
||||
- /scripts/init
|
||||
- bin/threaded.rb
|
||||
|
||||
env:
|
||||
DATABASE_ADAPTER: postgresql
|
||||
DATABASE_HOST: postgres16-rw.database.svc
|
||||
DATABASE_PORT: 5432
|
||||
|
||||
DATABASE_NAME: huginn
|
||||
DATABASE_RECONNECT: true
|
||||
# Specified in huginn-env
|
||||
# DATABASE_USERNAME:
|
||||
# DATABASE_PASSWORD:
|
||||
|
||||
#TIMEZONE: ${SERVER_TIMEZONE}
|
||||
USE_GRAPHVIZ_DOT: dot
|
||||
USE_EVERNOTE_SANDBOX: false # set to production
|
||||
repository: ghcr.io/huginn/huginn-single-process
|
||||
tag: 5a1509b51188e0d16868be893c983d6fcfd232a5
|
||||
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: huginn-env
|
||||
- configMapRef:
|
||||
name: huginn-env
|
||||
|
||||
service:
|
||||
app:
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ../../../../../common/templates/volsync
|
||||
- ./env-configmap.sops.yaml
|
||||
- ./env-secret.sops.yaml
|
||||
- ./helm-release.yaml
|
||||
- ./agent-helm-release.yaml
|
||||
|
|
@ -1,6 +1,9 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ./self-signed-issuer.yaml
|
||||
- ./ca-cert.yaml
|
||||
- ./ca-issuer.yaml
|
||||
- ./fireflyiii
|
||||
- ./cdn
|
||||
- ./trilium
|
||||
- ./mealie
|
||||
- ./huginn
|
||||
- ./exim
|
||||
|
|
@ -30,7 +30,7 @@ spec:
|
|||
main:
|
||||
image:
|
||||
repository: ghcr.io/mealie-recipes/mealie
|
||||
tag: v2.2.0
|
||||
tag: v1.9.0
|
||||
|
||||
env:
|
||||
ALLOW_SIGNUP: true
|
||||
|
|
@ -46,7 +46,7 @@ spec:
|
|||
POSTGRES_USER: mealie
|
||||
# specified in mealie-env
|
||||
# POSTGRES_PASSWORD
|
||||
POSTGRES_SERVER: postgres16-rw.database.svc
|
||||
POSTGRES_SERVER: postgresql.database
|
||||
POSTGRES_PORT: 5432
|
||||
POSTGRES_DB: mealie
|
||||
|
||||
|
|
@ -92,6 +92,7 @@ spec:
|
|||
|
||||
persistence:
|
||||
data:
|
||||
existingClaim: mealie
|
||||
type: hostPath
|
||||
hostPath: /mnt/MainPool/Kubernetes/Mealie
|
||||
globalMounts:
|
||||
- path: /app/data
|
||||
|
|
@ -0,0 +1,50 @@
|
|||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: trilium
|
||||
namespace: default
|
||||
spec:
|
||||
interval: 5m
|
||||
chart:
|
||||
spec:
|
||||
chart: app-template
|
||||
version: 1.3.x
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: bjws-charts
|
||||
namespace: flux-system
|
||||
|
||||
values:
|
||||
image:
|
||||
repository: ghcr.io/zadam/trilium
|
||||
tag: 0.63.7
|
||||
|
||||
env:
|
||||
TRILIUM_PORT: &port 8080
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
http:
|
||||
port: *port
|
||||
|
||||
ingress:
|
||||
main:
|
||||
enabled: true
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
hosts:
|
||||
- host: &host "notes.${SECRET_NEW_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- hosts:
|
||||
- *host
|
||||
|
||||
persistence:
|
||||
storage:
|
||||
enabled: true
|
||||
type: hostPath
|
||||
hostPath: /mnt/MainPool/Kubernetes/trilium
|
||||
mountPath: /home/node/trilium-data
|
||||
|
|
@ -38,7 +38,7 @@ spec:
|
|||
|
||||
containers:
|
||||
- name: runner
|
||||
image: ghcr.io/christopherhx/gitea-actions-runner:v0.0.13
|
||||
image: ghcr.io/christopherhx/gitea-actions-runner:v0.0.12
|
||||
imagePullPolicy: Always
|
||||
|
||||
env:
|
||||
|
|
@ -4,4 +4,3 @@ resources:
|
|||
- ./namespace.yaml
|
||||
- ./woodpecker
|
||||
- ./forgejo-runner
|
||||
- ./airflow
|
||||
|
|
@ -8,7 +8,7 @@ spec:
|
|||
chart:
|
||||
spec:
|
||||
chart: woodpecker
|
||||
version: "1.6.2"
|
||||
version: "1.5.0"
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: woodpecker-charts
|
||||
|
|
@ -17,7 +17,7 @@ spec:
|
|||
values:
|
||||
image:
|
||||
repository: ghcr.io/onedr0p/bazarr
|
||||
tag: "1.4.5"
|
||||
tag: "1.4.3"
|
||||
|
||||
env:
|
||||
TZ: America/New_York
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
|
|
@ -9,14 +9,15 @@ spec:
|
|||
chart:
|
||||
spec:
|
||||
chart: app-template
|
||||
version: 3.5.1
|
||||
version: 3.1.0
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: bjws-charts
|
||||
namespace: flux-system
|
||||
|
||||
values:
|
||||
controllers:
|
||||
kapowarr:
|
||||
main:
|
||||
pod:
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
|
|
@ -24,26 +25,29 @@ spec:
|
|||
runAsGroup: 10000
|
||||
fsGroup: 10000
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
|
||||
containers:
|
||||
app:
|
||||
main:
|
||||
image:
|
||||
repository: git.seanomik.net/seanomik/kapowarr
|
||||
tag: v1.0.0
|
||||
tag: rolling-e74ec0e4
|
||||
pullPolicy: Always
|
||||
|
||||
service:
|
||||
app:
|
||||
controller: kapowarr
|
||||
controller: main
|
||||
|
||||
ports:
|
||||
http:
|
||||
port: 5656
|
||||
|
||||
ingress:
|
||||
app:
|
||||
main:
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
|
||||
|
||||
hosts:
|
||||
- host: "kapowarr.${SECRET_NEW_DOMAIN}"
|
||||
paths:
|
||||
|
|
@ -53,12 +57,14 @@ spec:
|
|||
port: http
|
||||
|
||||
persistence:
|
||||
data:
|
||||
existingClaim: kapowarr
|
||||
globalMounts:
|
||||
- path: /data
|
||||
storage:
|
||||
type: hostPath
|
||||
hostPath: /mnt/MainPool/Media
|
||||
globalMounts:
|
||||
- path: /storage
|
||||
|
||||
config:
|
||||
type: hostPath
|
||||
hostPath: /mnt/MainPool/Kubernetes/kapowarr
|
||||
globalMounts:
|
||||
- path: /app/db
|
||||
|
|
@ -5,8 +5,8 @@ resources:
|
|||
#- ./network_policy.yaml
|
||||
- ./qbittorrent
|
||||
- ./qbit-manage
|
||||
- ./radarr/ks.yaml
|
||||
- ./sonarr/ks.yaml
|
||||
- ./radarr
|
||||
- ./sonarr
|
||||
- ./prowlarr
|
||||
- ./bazarr
|
||||
- ./readarr
|
||||
|
|
@ -14,5 +14,5 @@ resources:
|
|||
- ./unpackerr
|
||||
- ./media-dashboard.yaml
|
||||
- ./flaresolverr
|
||||
- ./kapowarr/ks.yaml
|
||||
- ./kapowarr
|
||||
- ./sabnzbd
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: traefik
|
||||
name: download
|
||||
labels:
|
||||
name: traefik
|
||||
name: download
|
||||
|
|
@ -17,7 +17,7 @@ spec:
|
|||
values:
|
||||
image:
|
||||
repository: ghcr.io/onedr0p/prowlarr-develop
|
||||
tag: "1.26.1.4844"
|
||||
tag: "1.19.0.4568"
|
||||
|
||||
# Metrics sidecar
|
||||
sidecars:
|
||||
|
|
@ -35,7 +35,7 @@ spec:
|
|||
|
||||
image:
|
||||
repository: bobokun/qbit_manage
|
||||
tag: "v4.1.13"
|
||||
tag: "v4.1.6"
|
||||
|
||||
env:
|
||||
QBT_STARTUP_DELAY: 45 # seconds
|
||||
|
|
@ -28,7 +28,7 @@ spec:
|
|||
app:
|
||||
image:
|
||||
repository: ghcr.io/onedr0p/qbittorrent
|
||||
tag: 4.6.6
|
||||
tag: 4.5.2
|
||||
|
||||
env:
|
||||
QBITTORRENT__PORT: 8080
|
||||
|
|
@ -0,0 +1,119 @@
|
|||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: radarr
|
||||
namespace: download
|
||||
spec:
|
||||
interval: 5m
|
||||
chart:
|
||||
spec:
|
||||
chart: app-template
|
||||
version: 1.3.x
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: bjws-charts
|
||||
namespace: flux-system
|
||||
|
||||
values:
|
||||
image:
|
||||
repository: ghcr.io/onedr0p/radarr-develop
|
||||
tag: "5.7.0.8882"
|
||||
|
||||
# Metrics sidecar
|
||||
sidecars:
|
||||
exportarr:
|
||||
image: ghcr.io/onedr0p/exportarr:v2.0.1
|
||||
args:
|
||||
- radarr
|
||||
ports:
|
||||
- name: metrics
|
||||
containerPort: 9000
|
||||
env:
|
||||
- name: URL
|
||||
value: "http://localhost"
|
||||
- name: CONFIG
|
||||
value: "/config/config.xml"
|
||||
- name: PORT
|
||||
value: 9000
|
||||
- name: ENABLE_ADDITIONAL_METRICS
|
||||
value: "true"
|
||||
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
|
||||
value: "true"
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /config
|
||||
readOnly: true
|
||||
|
||||
env:
|
||||
TZ: America/New_York
|
||||
|
||||
service:
|
||||
main:
|
||||
labels:
|
||||
app: radarr-service
|
||||
|
||||
ports:
|
||||
http:
|
||||
port: 7878
|
||||
|
||||
metrics:
|
||||
enabled: true
|
||||
port: 9000
|
||||
protocol: HTTP
|
||||
|
||||
probes:
|
||||
liveness:
|
||||
enabled: false
|
||||
# custom: true
|
||||
# spec:
|
||||
# httpGet:
|
||||
# path: /ping
|
||||
# port: 7878
|
||||
# initialDelaySeconds: 10
|
||||
# periodSeconds: 10
|
||||
# timeoutSeconds: 3
|
||||
# failureThreshold: 3
|
||||
startup:
|
||||
enabled: false
|
||||
|
||||
ingress:
|
||||
main:
|
||||
enabled: true
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
|
||||
hosts:
|
||||
- host: &host "radarr.${SECRET_NEW_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- hosts:
|
||||
- *host
|
||||
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
type: hostPath
|
||||
hostPath: /mnt/MainPool/Kubernetes/radarr
|
||||
mountPath: /config
|
||||
storage:
|
||||
enabled: true
|
||||
type: hostPath
|
||||
hostPath: /mnt/MainPool/Media
|
||||
mountPath: /storage
|
||||
|
||||
podSecurityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 10000
|
||||
runAsGroup: 10000
|
||||
fsGroup: 10000
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
|
||||
resources:
|
||||
requests:
|
||||
cpu: 1m
|
||||
memory: 350Mi
|
||||
limits:
|
||||
memory: 1500Mi
|
||||
|
|
@ -1,7 +1,5 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ./pvc.yaml
|
||||
- ./secret.sops.yaml
|
||||
- ./helm-release.yaml
|
||||
- ./sonarr-exportarr-metrics.yaml
|
||||
- ./radarr-exportarr-metrics.yaml
|
||||
|
|
@ -17,7 +17,7 @@ spec:
|
|||
values:
|
||||
image:
|
||||
repository: ghcr.io/onedr0p/readarr-develop
|
||||
tag: "0.3.32.2587"
|
||||
tag: "0.3.28.2554"
|
||||
pullPolicy: Always
|
||||
|
||||
# Metrics sidecar
|
||||
|
|
@ -17,7 +17,7 @@ spec:
|
|||
values:
|
||||
image:
|
||||
repository: ghcr.io/onedr0p/readarr-develop
|
||||
tag: "0.3.32.2587"
|
||||
tag: "0.3.28.2554"
|
||||
pullPolicy: Always
|
||||
|
||||
# Metrics sidecar
|
||||
|
|
@ -30,7 +30,7 @@ spec:
|
|||
app:
|
||||
image:
|
||||
repository: lscr.io/linuxserver/sabnzbd
|
||||
tag: 4.3.3
|
||||
tag: 4.3.2
|
||||
|
||||
env:
|
||||
PGID: 10000
|
||||
|
|
@ -39,7 +39,7 @@ spec:
|
|||
metrics:
|
||||
image:
|
||||
repository: msroest/sabnzbd_exporter
|
||||
tag: 0.1.78
|
||||
tag: 0.1.73
|
||||
|
||||
env:
|
||||
- name: SABNZBD_BASEURLS
|
||||
|
|
@ -0,0 +1,120 @@
|
|||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: sonarr
|
||||
namespace: download
|
||||
spec:
|
||||
interval: 5m
|
||||
chart:
|
||||
spec:
|
||||
chart: app-template
|
||||
version: 1.3.x
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: bjws-charts
|
||||
namespace: flux-system
|
||||
|
||||
values:
|
||||
image:
|
||||
repository: ghcr.io/onedr0p/sonarr-develop
|
||||
tag: "4.0.5.1778"
|
||||
|
||||
# Metrics sidecar
|
||||
sidecars:
|
||||
exportarr:
|
||||
image: ghcr.io/onedr0p/exportarr:v2.0.1
|
||||
args:
|
||||
- sonarr
|
||||
ports:
|
||||
- name: metrics
|
||||
containerPort: 9000
|
||||
env:
|
||||
- name: URL
|
||||
value: "http://localhost"
|
||||
- name: CONFIG
|
||||
value: "/config/config.xml"
|
||||
- name: PORT
|
||||
value: 9000
|
||||
- name: ENABLE_ADDITIONAL_METRICS
|
||||
value: "true"
|
||||
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
|
||||
value: "true"
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /config
|
||||
readOnly: true
|
||||
|
||||
env:
|
||||
TZ: America/New_York
|
||||
SONARR__AUTHENTICATION_METHOD: "External"
|
||||
|
||||
service:
|
||||
main:
|
||||
labels:
|
||||
app: sonarr-service
|
||||
|
||||
ports:
|
||||
http:
|
||||
port: 8989
|
||||
|
||||
metrics:
|
||||
enabled: true
|
||||
port: 9000
|
||||
protocol: HTTP
|
||||
|
||||
probes:
|
||||
liveness:
|
||||
enabled: true
|
||||
custom: true
|
||||
spec:
|
||||
httpGet:
|
||||
path: /ping
|
||||
port: 8989
|
||||
initialDelaySeconds: 0
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 1
|
||||
failureThreshold: 3
|
||||
startup:
|
||||
enabled: false
|
||||
|
||||
ingress:
|
||||
main:
|
||||
enabled: true
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
|
||||
hosts:
|
||||
- host: &host "sonarr.${SECRET_NEW_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- hosts:
|
||||
- *host
|
||||
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
type: hostPath
|
||||
hostPath: /mnt/MainPool/Kubernetes/sonarr
|
||||
mountPath: /config
|
||||
storage:
|
||||
enabled: true
|
||||
type: hostPath
|
||||
hostPath: /mnt/MainPool/Media
|
||||
mountPath: /storage
|
||||
|
||||
podSecurityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 10000
|
||||
runAsGroup: 10000
|
||||
fsGroup: 10000
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
|
||||
resources:
|
||||
requests:
|
||||
cpu: 2m
|
||||
memory: 350Mi
|
||||
limits:
|
||||
memory: 2500Mi
|
||||
|
|
@ -1,6 +1,5 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ./namespace.yaml
|
||||
- ./app/ks.yaml
|
||||
- ./certs/ks.yaml
|
||||
- ./helm-release.yaml
|
||||
- ./sonarr-exportarr-metrics.yaml
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue