Compare commits
No commits in common. "main" and "feature/zfs-alerts" have entirely different histories.
main
...
feature/zf
|
@ -1,209 +0,0 @@
|
||||||
{
|
|
||||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
|
||||||
"extends": [
|
|
||||||
"config:recommended",
|
|
||||||
"docker:enableMajor",
|
|
||||||
":disableRateLimiting",
|
|
||||||
":dependencyDashboard",
|
|
||||||
":semanticCommits",
|
|
||||||
":automergeBranch"
|
|
||||||
],
|
|
||||||
"dependencyDashboard": true,
|
|
||||||
"dependencyDashboardTitle": "Renovate Dashboard 🤖",
|
|
||||||
"suppressNotifications": ["prEditedNotification", "prIgnoreNotification"],
|
|
||||||
"rebaseWhen": "conflicted",
|
|
||||||
//"schedule": ["on saturday"],
|
|
||||||
"flux": {
|
|
||||||
"fileMatch": [
|
|
||||||
"(^|/)kubernetes/.+/.+\\.ya?ml(\\.j2)?$"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"helm-values": {
|
|
||||||
"fileMatch": [
|
|
||||||
"(^|/)kubernetes/.+/.+\\.ya?ml(\\.j2)?$"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"kubernetes": {
|
|
||||||
"fileMatch": [
|
|
||||||
"(^|/)kubernetes/.+/.+\\.ya?ml(\\.j2)?$"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"kustomize": {
|
|
||||||
"fileMatch": [
|
|
||||||
"(^|/)kustomization\\.ya?ml(\\.j2)?$"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
// commit message topics
|
|
||||||
"commitMessageTopic": "{{depName}}",
|
|
||||||
"commitMessageExtra": "to {{newVersion}}",
|
|
||||||
"commitMessageSuffix": "",
|
|
||||||
// package rules
|
|
||||||
"packageRules": [
|
|
||||||
// automerge
|
|
||||||
{
|
|
||||||
"description": "Auto merge Github Actions",
|
|
||||||
"matchManagers": ["github-actions"],
|
|
||||||
"automerge": true,
|
|
||||||
"automergeType": "branch",
|
|
||||||
"ignoreTests": true,
|
|
||||||
"matchUpdateTypes": ["minor", "patch"]
|
|
||||||
},
|
|
||||||
// groups
|
|
||||||
{
|
|
||||||
"description": "Flux Group",
|
|
||||||
"groupName": "Flux",
|
|
||||||
"matchPackagePatterns": ["flux"],
|
|
||||||
"matchDatasources": ["docker", "github-tags"],
|
|
||||||
"versioning": "semver",
|
|
||||||
"group": {
|
|
||||||
"commitMessageTopic": "{{{groupName}}} group"
|
|
||||||
},
|
|
||||||
"separateMinorPatch": true
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"description": "System Upgrade Controller Group",
|
|
||||||
"groupName": "System Upgrade Controller",
|
|
||||||
"matchPackagePatterns": ["rancher/system-upgrade-controller"],
|
|
||||||
"matchDatasources": ["docker", "github-releases"],
|
|
||||||
"group": {
|
|
||||||
"commitMessageTopic": "{{{groupName}}} group"
|
|
||||||
},
|
|
||||||
"separateMinorPatch": true
|
|
||||||
},
|
|
||||||
// custom versioning
|
|
||||||
{
|
|
||||||
"description": "Use custom versioning for k0s/k3s",
|
|
||||||
"matchDatasources": ["github-releases"],
|
|
||||||
"versioning": "regex:^v(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)(?<compatibility>\\+k.s)\\.?(?<build>\\d+)$",
|
|
||||||
"matchPackagePatterns": ["k0s", "k3s"]
|
|
||||||
},
|
|
||||||
// commit message topics
|
|
||||||
{
|
|
||||||
"matchDatasources": ["helm"],
|
|
||||||
"commitMessageTopic": "chart {{depName}}"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"matchDatasources": ["docker"],
|
|
||||||
"commitMessageTopic": "image {{depName}}"
|
|
||||||
},
|
|
||||||
// commit messages
|
|
||||||
{
|
|
||||||
"matchDatasources": ["docker"],
|
|
||||||
"matchUpdateTypes": ["major"],
|
|
||||||
"commitMessagePrefix": "feat(container)!: "
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"matchDatasources": ["docker"],
|
|
||||||
"matchUpdateTypes": ["minor"],
|
|
||||||
"semanticCommitType": "feat",
|
|
||||||
"semanticCommitScope": "container"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"matchDatasources": ["docker"],
|
|
||||||
"matchUpdateTypes": ["patch"],
|
|
||||||
"semanticCommitType": "fix",
|
|
||||||
"semanticCommitScope": "container"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"matchDatasources": ["docker"],
|
|
||||||
"matchUpdateTypes": ["digest"],
|
|
||||||
"semanticCommitType": "chore",
|
|
||||||
"semanticCommitScope": "container"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"matchDatasources": ["helm"],
|
|
||||||
"matchUpdateTypes": ["major"],
|
|
||||||
"commitMessagePrefix": "feat(helm)!: "
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"matchDatasources": ["helm"],
|
|
||||||
"matchUpdateTypes": ["minor"],
|
|
||||||
"semanticCommitType": "feat",
|
|
||||||
"semanticCommitScope": "helm"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"matchDatasources": ["helm"],
|
|
||||||
"matchUpdateTypes": ["patch"],
|
|
||||||
"semanticCommitType": "fix",
|
|
||||||
"semanticCommitScope": "helm"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"matchDatasources": ["github-releases", "github-tags"],
|
|
||||||
"matchUpdateTypes": ["major"],
|
|
||||||
"commitMessagePrefix": "feat(github-release)!: "
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"matchDatasources": ["github-releases", "github-tags"],
|
|
||||||
"matchUpdateTypes": ["minor"],
|
|
||||||
"semanticCommitType": "feat",
|
|
||||||
"semanticCommitScope": "github-release"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"matchDatasources": ["github-releases", "github-tags"],
|
|
||||||
"matchUpdateTypes": ["patch"],
|
|
||||||
"semanticCommitType": "fix",
|
|
||||||
"semanticCommitScope": "github-release"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"matchManagers": ["github-actions"],
|
|
||||||
"matchUpdateTypes": ["major"],
|
|
||||||
"commitMessagePrefix": "feat(github-action)!: "
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"matchManagers": ["github-actions"],
|
|
||||||
"matchUpdateTypes": ["minor"],
|
|
||||||
"semanticCommitType": "feat",
|
|
||||||
"semanticCommitScope": "github-action"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"matchManagers": ["github-actions"],
|
|
||||||
"matchUpdateTypes": ["patch"],
|
|
||||||
"semanticCommitType": "fix",
|
|
||||||
"semanticCommitScope": "github-action"
|
|
||||||
},
|
|
||||||
// labels
|
|
||||||
{
|
|
||||||
"matchUpdateTypes": ["major"],
|
|
||||||
"labels": ["type/major"]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"matchUpdateTypes": ["minor"],
|
|
||||||
"labels": ["type/minor"]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"matchUpdateTypes": ["patch"],
|
|
||||||
"labels": ["type/patch"]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"matchDatasources": ["docker"],
|
|
||||||
"addLabels": ["renovate/container"]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"matchDatasources": ["helm"],
|
|
||||||
"addLabels": ["renovate/helm"]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"matchDatasources": ["github-releases", "github-tags"],
|
|
||||||
"addLabels": ["renovate/github-release"]
|
|
||||||
},
|
|
||||||
],
|
|
||||||
// custom managers
|
|
||||||
"customManagers": [
|
|
||||||
{
|
|
||||||
"customType": "regex",
|
|
||||||
"description": "Process various other dependencies",
|
|
||||||
"fileMatch": [
|
|
||||||
"(^|/)kubernetes/.+\\.ya?ml(\\.j2)?$"
|
|
||||||
],
|
|
||||||
"matchStrings": [
|
|
||||||
// Example:
|
|
||||||
// k3s_release_version: "v1.27.3+k3s1"
|
|
||||||
"datasource=(?<datasource>\\S+) depName=(?<depName>\\S+)( repository=(?<registryUrl>\\S+))?( extractVersion=(?<extractVersion>\\S+))?\n.*?\"(?<currentValue>.*)\"\n",
|
|
||||||
// Example:
|
|
||||||
// - https://github.com/rancher/system-upgrade-controller/releases/download/v0.11.0/crd.yaml
|
|
||||||
"datasource=(?<datasource>\\S+) depName=(?<depName>\\S+)\n.*?-\\s(.*?)\/(?<currentValue>[^/]+)\/[^/]+\n",
|
|
||||||
],
|
|
||||||
"datasourceTemplate": "{{#if datasource}}{{{datasource}}}{{else}}github-releases{{/if}}"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
|
@ -1,7 +1,5 @@
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- encrypted_regex: "^(data|stringData)$"
|
- encrypted_regex: "^(data|stringData)$"
|
||||||
# BD1A: new gpg key
|
|
||||||
# 6878: in cluster key
|
|
||||||
pgp: >-
|
pgp: >-
|
||||||
BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD,
|
2CC2B3631D5C3393901335DB68F95C5D753EE1E5,
|
||||||
687802D4DFD8AA82EA55666CF7DADAC782D7663D
|
687802D4DFD8AA82EA55666CF7DADAC782D7663D
|
||||||
|
|
|
@ -1,22 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://taskfile.dev/schema.json
|
|
||||||
version: "3"
|
|
||||||
|
|
||||||
vars:
|
|
||||||
CLUSTER_SECRET_SOPS_FILE: "{{.CLUSTERS_DIR}}/common/bootstrap/flux/sops-key.sops.yaml"
|
|
||||||
GITHUB_DEPLOY_KEY_FILE: "{{.CLUSTERS_DIR}}/common/bootstrap/flux/forgejo-deploy-key.sops.yaml"
|
|
||||||
|
|
||||||
tasks:
|
|
||||||
bootstrap:
|
|
||||||
desc: Bootstrap Flux into a Kubernetes cluster
|
|
||||||
cmds:
|
|
||||||
- kubectl apply --server-side --kustomize {{.CLUSTERS_DIR}}/common/bootstrap/flux
|
|
||||||
- sops --decrypt {{.CLUSTER_SECRET_SOPS_FILE}} | kubectl apply --server-side --filename -
|
|
||||||
- sops --decrypt {{.GITHUB_DEPLOY_KEY_FILE}} | kubectl apply --server-side --filename -
|
|
||||||
- kubectl apply --server-side --kustomize {{.CLUSTERS_DIR}}/{{.CLUSTER}}/flux/config
|
|
||||||
preconditions:
|
|
||||||
- { msg: "Missing cluster sops key", sh: "gpg -K 687802D4DFD8AA82EA55666CF7DADAC782D7663D" }
|
|
||||||
|
|
||||||
reconcile:
|
|
||||||
desc: Force update Flux to pull in changes from the Git repository
|
|
||||||
cmd: flux reconcile --namespace flux-system kustomization cluster --with-source
|
|
|
@ -1,18 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://taskfile.dev/schema.json
|
|
||||||
version: "3"
|
|
||||||
|
|
||||||
vars:
|
|
||||||
CLUSTERS_DIR: "{{.ROOT_DIR}}/kubernetes"
|
|
||||||
|
|
||||||
includes:
|
|
||||||
flux: .taskfiles/Flux/Taskfile.yaml
|
|
||||||
|
|
||||||
tasks:
|
|
||||||
execPostgres:
|
|
||||||
desc: Exec into the postgres pod as the postgres user
|
|
||||||
cmd: kubectl -n database exec -it postgresql-0 -- psql -d postgres -U postgres
|
|
||||||
|
|
||||||
execMysql:
|
|
||||||
desc: Exec into the mysql pod as the mysql user
|
|
||||||
cmd: kubectl -n database exec -it mysql-0 -- mysql -u root -p
|
|
|
@ -0,0 +1,93 @@
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: authentik
|
||||||
|
namespace: authentik
|
||||||
|
labels:
|
||||||
|
needsDatabase: "yes"
|
||||||
|
spec:
|
||||||
|
interval: 5m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: authentik
|
||||||
|
version: 2023.3.1
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: authentik-charts
|
||||||
|
namespace: flux-system
|
||||||
|
values:
|
||||||
|
containerSecurityContext: &securityContext
|
||||||
|
runAsUser: 10000
|
||||||
|
runAsGroup: 10000
|
||||||
|
fsGroup: 10000
|
||||||
|
fsGroupChangePolicy: OnRootMismatch
|
||||||
|
|
||||||
|
worker:
|
||||||
|
containerSecurityContext: *securityContext
|
||||||
|
|
||||||
|
geoip:
|
||||||
|
containerSecurityContext: *securityContext
|
||||||
|
|
||||||
|
authentik:
|
||||||
|
# secret_key: "${SECRET_AUTHENTIK_SECRET_KEY}"
|
||||||
|
# This sends anonymous usage-data, stack traces on errors and
|
||||||
|
# performance data to sentry.beryju.org, and is fully opt-in
|
||||||
|
#log_level: debug
|
||||||
|
error_reporting:
|
||||||
|
enabled: true
|
||||||
|
environment: "k3s"
|
||||||
|
postgresql:
|
||||||
|
host: "postgresql.database"
|
||||||
|
name: "authentik" # database name
|
||||||
|
user: "authentik"
|
||||||
|
# password: "${SECRET_DATABASE_PGSQL_ADMIN_PASS}"
|
||||||
|
# port: 5432
|
||||||
|
redis:
|
||||||
|
host: "redis-master.database"
|
||||||
|
# password: "${SECRET_DATABASE_REDIS_PASS}"
|
||||||
|
|
||||||
|
# prometheus:
|
||||||
|
# serviceMonitor:
|
||||||
|
# create: true
|
||||||
|
# labels:
|
||||||
|
# release: kube-prometheus-stack
|
||||||
|
# rules:
|
||||||
|
# create: true
|
||||||
|
# labels:
|
||||||
|
# release: kube-prometheus-stack
|
||||||
|
|
||||||
|
env:
|
||||||
|
AUTHENTIK_HOST: &host "auth.${SECRET_NEW_DOMAIN}"
|
||||||
|
AUTHENTIK_HOST_BROWSER: *host
|
||||||
|
|
||||||
|
envValueFrom:
|
||||||
|
AUTHENTIK_SECRET_KEY:
|
||||||
|
secretKeyRef:
|
||||||
|
key: authentikSecretKey
|
||||||
|
name: authentik-secrets
|
||||||
|
AUTHENTIK_POSTGRESQL__PASSWORD:
|
||||||
|
secretKeyRef:
|
||||||
|
key: pgsqlUserPassword
|
||||||
|
name: authentik-secrets
|
||||||
|
AUTHENTIK_REDIS__PASSWORD:
|
||||||
|
secretKeyRef:
|
||||||
|
key: redisUserPassword
|
||||||
|
name: authentik-secrets
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
enabled: true
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
|
hosts:
|
||||||
|
- host: *host
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- *host
|
||||||
|
secretName: wildcard-main-tls
|
||||||
|
|
||||||
|
monitoring:
|
||||||
|
enabled: false # temporarily disable monitoring
|
|
@ -1,4 +1,4 @@
|
||||||
apiVersion: source.toolkit.fluxcd.io/v1
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
metadata:
|
metadata:
|
||||||
name: authentik-charts
|
name: authentik-charts
|
|
@ -8,3 +8,5 @@ resources:
|
||||||
#- ./network_policy.yaml
|
#- ./network_policy.yaml
|
||||||
- ./traefik-middleware.yaml
|
- ./traefik-middleware.yaml
|
||||||
- ./dashboard.yaml
|
- ./dashboard.yaml
|
||||||
|
- ./service-monitor.yaml
|
||||||
|
#- ./ldap-outpost
|
|
@ -0,0 +1,70 @@
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: authentik-ldap
|
||||||
|
namespace: authentik
|
||||||
|
spec:
|
||||||
|
interval: 5m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: app-template
|
||||||
|
version: 1.3.x
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: bjws-charts
|
||||||
|
namespace: flux-system
|
||||||
|
|
||||||
|
values:
|
||||||
|
image:
|
||||||
|
repository: ghcr.io/goauthentik/ldap
|
||||||
|
tag: "2023.6.1"
|
||||||
|
|
||||||
|
env:
|
||||||
|
AUTHENTIK_HOST: "http://authentik.authentik:80"
|
||||||
|
AUTHENTIK_INSECURE: "true"
|
||||||
|
AUTHENTIK_HOST_BROWSER: "https://auth.${SECRET_DOMAIN}"
|
||||||
|
|
||||||
|
envFrom:
|
||||||
|
# Sets AUTHENTIK_TOKEN
|
||||||
|
- secretRef:
|
||||||
|
name: ldap-authentik-secret
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
ports:
|
||||||
|
# Disable http port
|
||||||
|
http:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
ldap:
|
||||||
|
enabled: true
|
||||||
|
primary: true
|
||||||
|
port: 3389
|
||||||
|
targetPort: 389
|
||||||
|
protocol: TCP
|
||||||
|
|
||||||
|
ldaps:
|
||||||
|
enabled: true
|
||||||
|
primary: false
|
||||||
|
port: 6636
|
||||||
|
targetPort: 636
|
||||||
|
protocol: TCP
|
||||||
|
|
||||||
|
probes:
|
||||||
|
liveness:
|
||||||
|
enabled: false
|
||||||
|
startup:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 2m
|
||||||
|
memory: 80Mi
|
||||||
|
|
||||||
|
limits:
|
||||||
|
memory: 500Mi
|
|
@ -1,5 +1,5 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./helm-repo.yaml
|
- ./ldap-secret.sops.yaml
|
||||||
- ./helm-release.yaml
|
- ./helm-release.yaml
|
|
@ -0,0 +1,60 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: ldap-authentik-secret
|
||||||
|
namespace: authentik
|
||||||
|
stringData:
|
||||||
|
AUTHENTIK_TOKEN: ENC[AES256_GCM,data:qBh9rgEbGBQj9yO1MVdtZtzdyhYdfTpsHUzeQd6RSDZsOEhRB2AMVXANoVh+EHeKnDdL6G4TQrsmIVZc,iv:0sFEKTyZOoR0IFGdroFCuyDBdPszqnlkYtV1nL+FCPE=,tag:bVc2MvsE0ePnBBfdc88Fqg==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age: []
|
||||||
|
lastmodified: "2023-04-09T19:41:26Z"
|
||||||
|
mac: ENC[AES256_GCM,data:SV/xyF9z5exA50GG3WJtaaGLaQ4s4eojEWR/UoDOcx09QcDtuRxtS/O0QPptQh4BoF1STIR+JuG9Yod7buVaVtbH8RQ9KimBWIEKHR8kuRl1AAXJiX4/Sr3xyD3k52oM1BIBpLKu4Osw7uG/+7so2l/vEHPlS1g3188yW6ICqH8=,iv:EPltYcBP+j+9z6JTZgrp26JY+yAkamZwUhn7We+hesk=,tag:0iwERzh8mJtSOm78FSQ9Ag==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2023-06-19T18:35:37Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAzKleRwoSoixARAAnO7KxtJ9tnguhyxu5oSa9HsLsxsxldLjSfMk4nutZfDo
|
||||||
|
vpreFt/KjSrlyTlCro1zIjhZvJGnWaz52FrwTAO8rk/2imId+2V3xyU5Ng2XnQbS
|
||||||
|
+neRZs/jtfMpUNfux/sGXDtBFp01eAzsu2+PqAVXzlZC8nk+WdBGmwGJSUNxKZ3B
|
||||||
|
e0WSFV54Y9j84Zn/4u8bTk2EVth33fY7jQk9gXUH6bxCgWGQS+kZDoxcxiZRd2lF
|
||||||
|
svDfZbefgvTCDMxOIUweA2s4KHwIzhh3fuRRx4hRcTM5dnu/SKHp3dIBLCO/XpOe
|
||||||
|
Ik5VziwKy4GptbxkNfeBSupIcg+ydzEHB8bffW3hx7ZZi6aXZ0YosrUoEczgo7Sq
|
||||||
|
SdFCX139GCm7sCAHFMNe942smnVs/8+lOoFyR/nJ9FtlIWlTQ/tORHHNDyLz12mI
|
||||||
|
7wyRaFSj0+W6XQBFg/Uc0TzNVsU4L5aTKdWz9Xcto7aE4Kwi93ZVFKGSfKmTCeWR
|
||||||
|
7K8/Ghj6majNUPz2TAB//9Jc30QgN+eRbzcSFA40Kwjs71JzcthiSo8OFPJEQox4
|
||||||
|
I5VIHdaxxLIzvCZDZ89Qe8KYHps9sge2/BMP70wSm6i00zuA3EO1cArJchIBtXLB
|
||||||
|
ZtBrCSKRwkatflNTriPCNUIRkn4YUkcVJtlHbamBAK/G3kzE99i137MFf8A2GhvU
|
||||||
|
aAEJAhCgx8blQrlhpPudkC024dlBhTtHI+xhAu8p/6ONvoCKLxcUlCmGcVOgN0z6
|
||||||
|
vG2CVtzzhNBMqSgzBxNzH5e0KdzZTp7dMxxcMHm1deKrQO+B2bpc6ekzMe2fliK0
|
||||||
|
0wr5Pf79W0JA
|
||||||
|
=CYbO
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5
|
||||||
|
- created_at: "2023-06-19T18:35:37Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAy5t8IMoPu4VARAAkdm5dbHYnPRwvjz72mxFIKDUtExXofUeOvMLAeiO3AKg
|
||||||
|
aoa0TnA8YeuWNYLTsAyPCHxuAmkdqwIfKaOgukLMWYA2PkkjrCXdDhS+w/eAIARU
|
||||||
|
TGDuZaChXgkGPCcupzbanuerIBoJmeyOIRqBtwYLiuOytgZDpoYargMWERMXDCr9
|
||||||
|
otUk/o6z01yoE+cvZgcGdzg3MbcVURLA7PbG8lAuB5sWMeF8hSaV/aWI4dwPRv6V
|
||||||
|
k2YsOIPhApIEcOEVsIziFFhFMVjeTEYnkyY7gYkRi8Z1+TEgI2LZLf+6EFurG4pW
|
||||||
|
KpjK0/NcsuRI48gHwpGYK4fS3GeblsJ4CzklzphZoZ4NsdqHQ5kLV7p8Jf6b9IBf
|
||||||
|
qVqdfrsys4ghoKXVbHK4l3tF3n9WIdKGW/dvaIYcphbPDlWaFnaeElBECJI81DxK
|
||||||
|
Xglu25fWYB0FdYLAbHJ9b54fXbrabKoBHUg6CFPl20J7eg7gwds49HXZngwqSwV7
|
||||||
|
2Hd4cIV/PcLcwpZN9RWVSUsqQAiutZb5zNV3CWfjNLozOWJ6QhY1YUbMvp/tgkZJ
|
||||||
|
97Rq8fjket/21u/cuABjbVMReO00JvSskvXCjFJhpTFzmQABVKNjvbVESzIiI64w
|
||||||
|
KWGcKrgoj5ZQQsAUfBgd68Xw5kp3NdQOSC5nfFgMcUeq1wNZckbPRTj+LZPLDjzU
|
||||||
|
aAEJAhA9lvevq5PKjNBKraWlxIosWyI+SFlJ6KBHpFZWJBKNcz9v796Hne0VtKyP
|
||||||
|
gY/8pAnBwWZqMxCBvTlIZXMCf0JjqfzCXXmbUttCl0fPUI7AEJPm0o+P7oL3SMlI
|
||||||
|
Sk7B5aX752Xe
|
||||||
|
=vnTM
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
version: 3.7.3
|
|
@ -0,0 +1,17 @@
|
||||||
|
apiVersion: monitoring.coreos.com/v1
|
||||||
|
kind: ServiceMonitor
|
||||||
|
metadata:
|
||||||
|
name: authentik
|
||||||
|
namespace: authentik
|
||||||
|
labels:
|
||||||
|
release: kube-prometheus-stack
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/instance: authentik
|
||||||
|
app.kubernetes.io/name: authentik
|
||||||
|
endpoints:
|
||||||
|
- port: http-metrics
|
||||||
|
interval: 30s
|
||||||
|
scrapeTimeout: 3s
|
||||||
|
path: /metrics
|
|
@ -1,11 +1,11 @@
|
||||||
apiVersion: traefik.io/v1alpha1
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
kind: Middleware
|
kind: Middleware
|
||||||
metadata:
|
metadata:
|
||||||
name: authentik
|
name: authentik
|
||||||
namespace: traefik
|
namespace: traefik
|
||||||
spec:
|
spec:
|
||||||
forwardAuth:
|
forwardAuth:
|
||||||
address: http://authentik-server.authentik/outpost.goauthentik.io/auth/traefik
|
address: http://authentik.authentik/outpost.goauthentik.io/auth/traefik
|
||||||
trustForwardHeader: true
|
trustForwardHeader: true
|
||||||
authResponseHeaders:
|
authResponseHeaders:
|
||||||
- X-authentik-username
|
- X-authentik-username
|
||||||
|
@ -19,5 +19,3 @@ spec:
|
||||||
- X-authentik-meta-provider
|
- X-authentik-meta-provider
|
||||||
- X-authentik-meta-app
|
- X-authentik-meta-app
|
||||||
- X-authentik-meta-version
|
- X-authentik-meta-version
|
||||||
- X-WebAuth-User
|
|
||||||
- Remote-User
|
|
|
@ -3,7 +3,7 @@ kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./namespace.yaml
|
- ./namespace.yaml
|
||||||
#- ./network_policy.yaml
|
#- ./network_policy.yaml
|
||||||
- ./postgresql/ks.yaml
|
- ./postgresql
|
||||||
- ./redis
|
- ./redis
|
||||||
- ./minio
|
- ./minio
|
||||||
- ./mysql
|
#- ./mariadb
|
|
@ -0,0 +1,24 @@
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: mariadb
|
||||||
|
namespace: database
|
||||||
|
spec:
|
||||||
|
interval: 5m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: mariadb
|
||||||
|
version: 11.5.x
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: bitnami-charts
|
||||||
|
namespace: flux-system
|
||||||
|
|
||||||
|
values:
|
||||||
|
auth:
|
||||||
|
username: k3scluster
|
||||||
|
existingSecret: "mariadb-secret"
|
||||||
|
|
||||||
|
primary:
|
||||||
|
persistence:
|
||||||
|
existingClaim: mariadb-pv-claim
|
|
@ -1,6 +1,6 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./self-signed-issuer.yaml
|
- ./mariadb-pv.yaml
|
||||||
- ./ca-cert.yaml
|
- ./mariadb.sops.yaml
|
||||||
- ./ca-issuer.yaml
|
- ./helm-release.yaml
|
|
@ -0,0 +1,27 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: PersistentVolume
|
||||||
|
metadata:
|
||||||
|
name: mariadb-pv
|
||||||
|
namespace: database
|
||||||
|
spec:
|
||||||
|
storageClassName: hostpath
|
||||||
|
persistentVolumeReclaimPolicy: Retain
|
||||||
|
capacity:
|
||||||
|
storage: 12Gi
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
hostPath:
|
||||||
|
path: "/mnt/MainPool/Kubernetes/databases/mariadb"
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: PersistentVolumeClaim
|
||||||
|
metadata:
|
||||||
|
name: mariadb-pv-claim
|
||||||
|
namespace: database
|
||||||
|
spec:
|
||||||
|
storageClassName: hostpath
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 12Gi
|
|
@ -0,0 +1,62 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: mariadb-secret
|
||||||
|
namespace: database
|
||||||
|
stringData:
|
||||||
|
mariadb-root-password: ENC[AES256_GCM,data:Fv/IBSYJ59NwAXIm4++j9ouW7QXAWMP8Et6qTtYZGWc=,iv:LpoL3VXqRMPR1jdtAG8hVRpslAZx5C4K1fxHyrjnrE0=,tag:0wi3E4snnKIxtDptgOSr4g==,type:str]
|
||||||
|
mariadb-replication-password: ENC[AES256_GCM,data:glOy5LsxWzngOjtH0cUrtH3KGA+6kOe0WJw5ul5BiQ4=,iv:URpyq5Sf3CCAqDOtPfM/EvgkMcejvM71gA69zgePlFM=,tag:OeZbv4wUBcoSVUMz1pSi5w==,type:str]
|
||||||
|
mariadb-password: ENC[AES256_GCM,data:FqraX9l4nFTWrZ3v9LnJJNFuhwURjBSrmMXLT/C9ej8=,iv:CLGc8XHUeLbixBN9Wdx81SJTe8L3HwPaHQ4Lc2iMFvY=,tag:voDFAnniUVshGRuv4+zYGw==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age: []
|
||||||
|
lastmodified: "2023-04-17T00:12:38Z"
|
||||||
|
mac: ENC[AES256_GCM,data:v7rimrwed+ElVHZyO7zdIQLoYR2tJrtZVNUgeBMwZUB6+/v52wa/OIIWoPrsXbGQe0W1w/e1t08ekB8tbanzItD1ftg9mYfAsfBkD2XQyyXornV2uDBbmifUq/yH3a89h97j26Ofzx8PZqFYYnFLSCTXHbdmDNsPHza70fYfk40=,iv:2A0pduramwAP4y3UUU73li9hzC5keGuAzmN2euPFSRI=,tag:tSygQLB9UyzFgR89An/j6w==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2023-06-19T18:35:30Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAzKleRwoSoixAQ/+PYuDQqORZ7FPzlGb8Wm+DmCCKn4dywZQ/3xqVq1G4wYP
|
||||||
|
W8loUvA9mL8Ja5E6USWb+YdqWa95PAk5N/pDf3MVtnHQnQU9Ko5AjC5kEPFIdWNP
|
||||||
|
ShBE0y1sRCUeNw2T4ARa0C3bagL4EaI7C3ef0PxkCbpw4Yz6O9afOySD3u6Nwaa/
|
||||||
|
04ucDMIoH4VANCDgFo8nFkFV+23bm4cHbHwezaz7r0yL7bOzgt40eSw7tJfEN4nq
|
||||||
|
Yq/ak4iVor2zl5NxHtm08VXtDIyD5LyH5+jIrUKDGPOS6OVIQbyc6pyClCm4JAvq
|
||||||
|
NG0XZCIx+AnyQe7d6OmbrKy+ZarQFQOlJS+H0sWrm7DGWPZpNn8LnRDzlcrTlDv1
|
||||||
|
fP2fGz45gvWRFRaiAeGM2DADwuS4HD4o4nsXa/sWy2Vxstn8Ngjg3/GfMZR4CyDB
|
||||||
|
JzNOl4HjaKYi4kP+MJRSedwp5IGlLeG31MKdn7xU+gsYonsG8u2puTfbHQ8Pk92B
|
||||||
|
HjJ1hLoc65MZofQkeKmYjzQ+9yT2g4YYUyWnPX5agrlMhsVqkZiRirRg+uCT59qD
|
||||||
|
OA8BI9tmjtDjVSs4B5XayL4uppv8pHHk3B6LnKfVX61BAEF4LXV3X7RJMBoLACy4
|
||||||
|
v1UbX6J177xIxHCl/tbzZhwAH+NmceioH2OuPUAtnA3TziCjzr9dH8Fpnrlc26jU
|
||||||
|
aAEJAhCSe5Xs1RDXBUfhlqjwDTZbuyLF889WujKIRwopHqDvCpwA6ZqijElAZWS9
|
||||||
|
F8JAIq1PvyQJBvoGzc52jShobDYugzrFEDiF1Rf8/moXRx4VEa9F0049Zfa1U0bD
|
||||||
|
daX+Wf+7VNFs
|
||||||
|
=qkGs
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5
|
||||||
|
- created_at: "2023-06-19T18:35:30Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAy5t8IMoPu4VAQ/+L3qBw73EbS1WJ/0qpZ4fiaV40Yd5Y0i9g0CXaNzKNc0n
|
||||||
|
qSr0r3yYsbJWcQwWOhORMwXaDChTf/d02kz+HSdAc+u1IdPAb8mtJ39C0Zlnu78y
|
||||||
|
S5CBF6zUg0BDdnzQKKyuzalmaGirRXUikfyRcIAHb/mmhUwCu/ekFg0QnUx1VvGx
|
||||||
|
Su/sAabRT6D10MF8lunZI63E05yxLSrlb/xGAfGBX/MN6qqdRdYZWzTWgiJAgO07
|
||||||
|
53a2SJE5SfTlEpPdacBV4MVxcHj9xstUDTjQYP69UTTEDKq/kwaZ5FubMWFUono5
|
||||||
|
fxeZr0PeYXwWVzHHbGTTagAzG8M/urPLje6IsWwb5TYyjTn7VSUOfyrdHnS8PZ8u
|
||||||
|
YYyJMftlc4EmTQqYxc9D/j2xk0Hja3cb9L9eLTVkikds07ZRTr+IikYpspYb3vEu
|
||||||
|
dhvMULKhNDoW9K83THQdwyqi8EO7RQoEnGzqRqW84WWN90Bo2YrOL/uZyvgKNEY/
|
||||||
|
lSgsPeWWqc8eHnZnm1zedc/0eiRIbKIwzKYTC2dr3ZbsaAlbt0JXXU8GQnvOWFeh
|
||||||
|
RFOt1WdoFv+Ssm4I+gfSvcMSMeqzUC8AOf0hdIXCwf1lQlVPT8GHq1H11aW9O6Gf
|
||||||
|
jPz5dLwMkGVDJ90i005ZdeUXGntRHOKOwag4MfD6JaDQ4hnj15pfQdbIgOKCRTzU
|
||||||
|
aAEJAhB08M0x5nMkguE9Yow9afmKTpzKoIvRFLw0iLy4T6FYxJ1k9+/UMAQ2Wa69
|
||||||
|
UiL0YCFldFzxcq0GGfrkIX+PUvYaYpsAB6Iid5RwPHtzcSv5pxN91uztaUCfOmPZ
|
||||||
|
fPiA+XqbXVzO
|
||||||
|
=DRJp
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
version: 3.7.3
|
|
@ -1,4 +1,4 @@
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
name: minio
|
name: minio
|
||||||
|
@ -39,20 +39,6 @@ spec:
|
||||||
enabled: true
|
enabled: true
|
||||||
port: &api-port 9000
|
port: &api-port 9000
|
||||||
|
|
||||||
serviceMonitor:
|
|
||||||
main:
|
|
||||||
enabled: true
|
|
||||||
labels:
|
|
||||||
release: kube-prometheus-stack
|
|
||||||
endpoints:
|
|
||||||
- port: api
|
|
||||||
interval: 15s
|
|
||||||
scrapeTimeout: 5s
|
|
||||||
path: /minio/v2/metrics/cluster
|
|
||||||
bearerTokenSecret:
|
|
||||||
name: minio-metrics-token
|
|
||||||
key: bearerToken
|
|
||||||
|
|
||||||
probes:
|
probes:
|
||||||
liveness: &probes
|
liveness: &probes
|
||||||
enabled: true
|
enabled: true
|
||||||
|
@ -85,6 +71,7 @@ spec:
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- *console-host
|
- *console-host
|
||||||
|
secretName: wildcard-main-tls
|
||||||
|
|
||||||
s3:
|
s3:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
@ -108,6 +95,7 @@ spec:
|
||||||
- hosts:
|
- hosts:
|
||||||
- *api-host
|
- *api-host
|
||||||
- *api-host-wildcard
|
- *api-host-wildcard
|
||||||
|
secretName: wildcard-main-tls
|
||||||
|
|
||||||
podSecurityContext:
|
podSecurityContext:
|
||||||
runAsUser: 10000
|
runAsUser: 10000
|
|
@ -2,5 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./minio.sops.yaml
|
- ./minio.sops.yaml
|
||||||
- ./metrics-token.sops.yaml
|
|
||||||
- ./helm-release.yaml
|
- ./helm-release.yaml
|
|
@ -1,4 +1,4 @@
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
name: postgresql
|
name: postgresql
|
||||||
|
@ -8,7 +8,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: postgresql
|
chart: postgresql
|
||||||
version: 14.3.x
|
version: 12.2.x
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: bitnami-charts
|
name: bitnami-charts
|
||||||
|
@ -20,23 +20,18 @@ spec:
|
||||||
adminPasswordKey: "adminPassword"
|
adminPasswordKey: "adminPassword"
|
||||||
replicationPasswordKey: "replicationPassword"
|
replicationPasswordKey: "replicationPassword"
|
||||||
|
|
||||||
serviceMonitor:
|
|
||||||
enabled: true
|
|
||||||
labels:
|
|
||||||
release: kube-prometheus-stack
|
|
||||||
|
|
||||||
volumePermissions:
|
volumePermissions:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
primary:
|
primary:
|
||||||
persistence:
|
persistence:
|
||||||
existingClaim: "postgresql-pvc"
|
existingClaim: "postgresql-pv-claim"
|
||||||
|
|
||||||
containerSecurityContext:
|
containerSecurityContext:
|
||||||
enabled: true
|
enabled: true
|
||||||
runAsUser: 655
|
runAsUser: 10000
|
||||||
|
|
||||||
readReplicas:
|
readReplicas:
|
||||||
containerSecurityContext:
|
containerSecurityContext:
|
||||||
enabled: true
|
enabled: true
|
||||||
runAsUser: 655
|
runAsUser: 10000
|
|
@ -1,4 +1,4 @@
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
name: pgadmin4
|
name: pgadmin4
|
||||||
|
@ -8,7 +8,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: pgadmin4
|
chart: pgadmin4
|
||||||
version: "1.33.2"
|
version: 1.14.x
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: runix-charts
|
name: runix-charts
|
||||||
|
@ -20,13 +20,14 @@ spec:
|
||||||
cert-manager.io/cluster-issuer: letsencrypt-production
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host pgadm.${SECRET_NEW_DOMAIN}
|
- host: &host pgadm.database.${SECRET_DOMAIN}
|
||||||
paths:
|
paths:
|
||||||
- path: "/"
|
- path: "/"
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- *host
|
- *host
|
||||||
|
secretName: wildcard-main-tls
|
||||||
|
|
||||||
# securityContext:
|
# securityContext:
|
||||||
# runAsUser: 10000
|
# runAsUser: 10000
|
||||||
|
@ -37,11 +38,5 @@ spec:
|
||||||
# enabled: true
|
# enabled: true
|
||||||
# allowPrivilegeEscalation: false
|
# allowPrivilegeEscalation: false
|
||||||
|
|
||||||
# envVarsFromConfigMaps:
|
|
||||||
# - pgadmin4-secret
|
|
||||||
|
|
||||||
persistentVolume:
|
|
||||||
enabled: false
|
|
||||||
|
|
||||||
volumePermissions:
|
volumePermissions:
|
||||||
enabled: true
|
enabled: true
|
|
@ -1,4 +1,4 @@
|
||||||
apiVersion: source.toolkit.fluxcd.io/v1
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
metadata:
|
metadata:
|
||||||
name: runix-charts
|
name: runix-charts
|
|
@ -0,0 +1,27 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: PersistentVolume
|
||||||
|
metadata:
|
||||||
|
name: postgresql-pv
|
||||||
|
namespace: database
|
||||||
|
spec:
|
||||||
|
storageClassName: hostpath
|
||||||
|
persistentVolumeReclaimPolicy: Retain
|
||||||
|
capacity:
|
||||||
|
storage: 12Gi
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
hostPath:
|
||||||
|
path: "/mnt/MainPool/Kubernetes/databases/postgresql"
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: PersistentVolumeClaim
|
||||||
|
metadata:
|
||||||
|
name: postgresql-pv-claim
|
||||||
|
namespace: database
|
||||||
|
spec:
|
||||||
|
storageClassName: hostpath
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 10Gi
|
|
@ -0,0 +1,62 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: pgsql-secrets
|
||||||
|
namespace: database
|
||||||
|
stringData:
|
||||||
|
adminPassword: ENC[AES256_GCM,data:gJ7rl2V/VlbIIRvRHcwMaZKN87t5n8bVWZCj/tRv8Uw=,iv:b/5eEnOrHzJrtnO+E2IGwJLHy2AdJQwv9WfUR5fUHY4=,tag:nTtaDNHVfYpChQX9UWwdKA==,type:str]
|
||||||
|
userPassword: ENC[AES256_GCM,data:gR7q508lUaRDRJ/z5lH99JLJSS9zWfg0O+TAm2B9uvo=,iv:9DDQxwd/BGtLQDacAH/crfT+qU4Pn5sGkWuEtmMprUI=,tag:tK3WoUd7729LQDVqU7pckQ==,type:str]
|
||||||
|
replicationPassword: ENC[AES256_GCM,data:BSA5IfYhhvN445yp2i3BI5zlIXgdj+LejCPzvlTMnVo=,iv:Qku2NAQPLxt+NUnk2dSx1+WAoyx3aEuA3+piU2mubYk=,tag:MnI+atK6VLZUc3eGS1OE1w==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age: []
|
||||||
|
lastmodified: "2023-04-07T01:57:23Z"
|
||||||
|
mac: ENC[AES256_GCM,data:wvjHgGOMyuVpy4klW5/aO434NKABQJc0907BIwLOXMxSOuIsedAeRhCWdi70IJfv5m8gIcRCb/jWVtDgQePd6CALglH72VlA3NiZI5EQrdBLQUmpGSglLNScrLDOjqNrXG/UgmikATskO5R0vl/203jt1S4OupuEHiPqPRHSSdc=,iv:qHHpufOzzjk8NCuldShenJbC1BlzhMpy4Tz2wWBolvw=,tag:HpoB7PM1gZfv6qfun7ucRw==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2023-06-19T18:35:15Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAzKleRwoSoixAQ//aQdUERyq3G7V29F5rpY6LdDgo8+hqrrZvdI3JnON0VUM
|
||||||
|
Tj3AAYg+xvYh8aPQywF9fJvn6qNw8fqrb2GiuuNTa9ZPCFsD+WXbuYHmQ9z6tAtV
|
||||||
|
opXe3QLNBuo9zEtUfGPbaCp8EH7f1TxQsTJoe9iE/1B2S69cHNUdgXZtfQyhpmlG
|
||||||
|
iyAk/G04kPazweIuFNjOYaN/12J/s2Cf5AZUeROkMxg8/GTPO68LeEBz9v4vl/1z
|
||||||
|
JlxmZyXR/9IeoBlO63asDrR85fcvSDb31K4qE3WVkag20bXClv1lehLVKO4bxA/F
|
||||||
|
lW1tXDR3odC9Ozme884Znd05L0NWkzYKYRta198IV6JuSCeMdjTscGGlMM9wqqKz
|
||||||
|
SZgs81FHXT16YCVupfI22CqMiD0EzQXrGEtJ4NqaBvhZu+MDxszNRzIl73b0HANc
|
||||||
|
8JQqQqOJh7ltrWnf39Xlv73yVC/pYbaV1LWGnMfqWvOcksa9QjOH9Ysfj/RxdaMw
|
||||||
|
VQhydU+21+xeuEQBL7OsiJQUzgJjFREnTRPXcorCtWxocCn5zwdct1SFchFzCOTp
|
||||||
|
H0ubpD+MP4RTWxuYbZRhE5ty6GJU9liRH7dUJtVaQiv8V+G1DungTqq36AbbnHzd
|
||||||
|
9cy+4cM3wZx2VYElL7DBom8nqqm7Xhffr0UaaY8VFuV5bBry3BmM5rOr8vDYqf7U
|
||||||
|
aAEJAhC/4yiBMuhEB+fwXIq/dBjMzW+p8SotK2QK03yaTFQchnBDknwVdqcKQxIZ
|
||||||
|
di3kupnjB+KllWOZhl121tT9L35ymL53BUu1FKCTFdIS2wXxy6UlIS98n0bvWJYN
|
||||||
|
c5WTfk81xmbT
|
||||||
|
=UE14
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5
|
||||||
|
- created_at: "2023-06-19T18:35:15Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAy5t8IMoPu4VAQ/9G2JDsJw6YJMjstWPrv07tnU0ErWZx5WGcNUGhw6T5tOJ
|
||||||
|
kXCAuaZax8NxoTtZnQ9Cd+WgJr7R0FuVPEPTc4G2RsfntSZq5rBgCpT0fgwyASFX
|
||||||
|
64b6YTbLcCL+G6sg/FwIi9SRqqCsaljATjoU685vrjaxYYfAdhyUoM3qSNjMMaMl
|
||||||
|
zVjn0kbWrQn4GqfuRMqcr+zCIQdHNTTJ12+c6UUo/zJp4zzjA68Yur9aiw1iHtR1
|
||||||
|
rYCPHX2/ZmQjADTHXqwpuMdb5j0VDcd5JcZabdcJkhn/6MRJiN+XryZN/Neq9UbF
|
||||||
|
5WrMaZz5v0iRnMUCr8HMw29P0ttu5Sma+RyCOZuWlpsXj+C84pJ8CjBbFhzSJzGP
|
||||||
|
cKI8Syn0CPLN3X6vKs+LJXEHg1jxJ9kuN+RgW+SQRctUX3A0JtFg2tWplkptNtLl
|
||||||
|
hN5rW+fWxk7BV9dP7wouwVJiKcW3Y/OMCF5H8YHwL/KVHvANBwNM+nmFPrHaqN2s
|
||||||
|
0RghznmZMVG+9IYedSM6d8ZJLnO/QsNTE0QTGM/3dmBAn9jcndCLTgcgThAtvcmw
|
||||||
|
lFJYaMN3W455Cccaif93xnb44yn47actgEuM6GOuP15GGJaHD2iBQ2atHcaQhNQR
|
||||||
|
mxhIIouu+Kaa6g34MA/VGDNoN0eNYI5RZIUSSBl7bgaOXs9/3j1Uvap9yesCaOTU
|
||||||
|
aAEJAhDDqjX7RUazeEByAiKjv5TxpQzsi8gR4zyrhf6tTx34jHzQNoVjYEtLMEVl
|
||||||
|
ZlAJ06RoxOj8O6+8RGYd/ZUE+TQPQ4jx+PgWrZPUQx8TSxevuduw5XZ1lKytUSCZ
|
||||||
|
GFDjOxp0lMGV
|
||||||
|
=LHSB
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
version: 3.7.3
|
|
@ -1,4 +1,4 @@
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
name: redis
|
name: redis
|
||||||
|
@ -8,7 +8,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: redis
|
chart: redis
|
||||||
version: 20.3.x
|
version: 17.9.x
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: bitnami-charts
|
name: bitnami-charts
|
||||||
|
@ -27,11 +27,6 @@ spec:
|
||||||
enabled: true
|
enabled: true
|
||||||
runAsUser: 10000
|
runAsUser: 10000
|
||||||
|
|
||||||
persistence:
|
|
||||||
enabled: true
|
|
||||||
storageClass: mainpool-hostpath
|
|
||||||
size: 8Gi
|
|
||||||
|
|
||||||
replica:
|
replica:
|
||||||
podSecurityContext:
|
podSecurityContext:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
@ -41,7 +36,15 @@ spec:
|
||||||
enabled: true
|
enabled: true
|
||||||
runAsUser: 10000
|
runAsUser: 10000
|
||||||
|
|
||||||
persistence:
|
sentinel:
|
||||||
|
containerSecurityContext:
|
||||||
|
enabled: true
|
||||||
|
runAsUser: 10000
|
||||||
|
|
||||||
|
metrics:
|
||||||
|
containerSecurityContext:
|
||||||
|
enabled: true
|
||||||
|
runAsUser: 10000
|
||||||
|
|
||||||
|
volumePermissions:
|
||||||
enabled: true
|
enabled: true
|
||||||
storageClass: mainpool-hostpath
|
|
||||||
size: 8Gi
|
|
|
@ -0,0 +1,66 @@
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: nginx-cdn
|
||||||
|
namespace: default
|
||||||
|
spec:
|
||||||
|
interval: 5m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: app-template
|
||||||
|
version: 1.3.x
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: bjws-charts
|
||||||
|
namespace: flux-system
|
||||||
|
|
||||||
|
values:
|
||||||
|
image:
|
||||||
|
repository: oci.seedno.de/seednode/nginx
|
||||||
|
tag: latest
|
||||||
|
|
||||||
|
args:
|
||||||
|
- -c
|
||||||
|
- /config/nginx.conf
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
ports:
|
||||||
|
http:
|
||||||
|
port: 6544
|
||||||
|
|
||||||
|
probes:
|
||||||
|
liveness:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
|
hosts:
|
||||||
|
- host: &host "cdn.${SECRET_NEW_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- *host
|
||||||
|
secretName: wildcard-main-tls
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
data:
|
||||||
|
enabled: true
|
||||||
|
type: hostPath
|
||||||
|
hostPath: /mnt/MainPool/Kubernetes/cdn/data
|
||||||
|
readOnly: true
|
||||||
|
mountPath: /data
|
||||||
|
config:
|
||||||
|
enabled: true
|
||||||
|
type: configMap
|
||||||
|
name: nginx-cdn-configmap
|
||||||
|
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 1m
|
|
@ -0,0 +1,10 @@
|
||||||
|
kind: ConfigMap
|
||||||
|
apiVersion: v1
|
||||||
|
metadata:
|
||||||
|
name: dendron-config
|
||||||
|
namespace: default
|
||||||
|
data:
|
||||||
|
config.yaml: |
|
||||||
|
bind-addr: 127.0.0.1:8080
|
||||||
|
auth: none
|
||||||
|
cert: false
|
|
@ -0,0 +1,60 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: dendron-secret
|
||||||
|
namespace: default
|
||||||
|
stringData:
|
||||||
|
config: ENC[AES256_GCM,data:NxmEkvQaTeN535bFrFBs92pe59zmcqmxwH+3vwcgtnD35z0GzFDqUzgsQkY4suwkjekvZPiWxaoWNQ5GnQ==,iv:5kkHxRSSGQS4jDx+xZYTr1Xjn3vqcZIIy4JF4AWjcpg=,tag:1GDd1vtWx2C8J9zCKV+Yrg==,type:str]
|
||||||
|
id_rsa.pub: ENC[AES256_GCM,data:e/+K6q8dZqhydoaUHNfRsVOYBxL9RPWQEy/EaSJag+1GK26yY773MYAo+rbdCZnFMuDjGa2xN+Y5S+Bjcj8YMxZ8CCBFnqshfQa6FmDb1j0s46c4mjbRdxLAOXyl0ehwdq1YI0kslh19SK1/V+t96NDn9PQi1m7jTmw0k2FP74ooFx0d+DinDq4OpsAQ8XKj1twBXLf8YLxs1/qqDzAnB3jCh3ADmpAGGllJFzXPMR+uQjGhN04RnPZY81ofTFn2v4QucIFFf4HQCAvqMicc2haZk1+t6tKOqsSqM5LfBLlmOGZDUygauKZb22iECEUG9UXUUf52gcHINKBGKlN9ba+JEUEZaScod6AKceSOJoi9Dnfhqm6q9zYfjnkqSYKH+mFOS36VqTBbc+Vy7+MRfkDwu7uE3XFrDmar17eTesiWYDi91L/1eQSlGmmOhWcMkqgW4jWvsDCP1hSOOxZ1ke6UyLnzeqTm1a/gT+U6BtF3t7KZgR0gb+ygJ3ieX7PZFxoJf6urc5TDK5X8dT+VZkMMUZATbhlM3m0GdCZuBq+t2yCv9bGOAVvUIa2/rjZ02FtmBIoeuRAeBNdArw027eTYa02pXgmWy1RrDm08Aopzbe+Q3AVDo0MK4QyhFkr0RA61nLCqSh6WSSyFyCxHaeWv7s9EZF3MG2vKteWsz1/xGiFB7KuTSUbE8WArtPNStVLjF4UiRV5+PfJ15gySGNzImsT0MpKVSNxKSWafrPe+SpGQMQOWV4Mhekr29SxgNDziGDhmMAYmbr/Y95mSbIzXGtOmgT8p20fjcqHMAiA/xTcLNLDcB8QPB1EXZ5mZtdmnQsuvPaHQ/HMOmX5zOKbvNwBnOuznH3I3+kDWeEFLPlcYeRXXzFt7iw50yT7AEG9h6wKIHnLQm4HVPVP0z+HcNzJzSFOa4yElnnbcyWH3HiVttOXPAyI5PKIihyLZGB8XR78GULToup+aBW4TqeEXZFnMqyFPagn1y39tuCYgsFA=,iv:V3eSPCb9Mx00SksaoIQv0ACqMI0R06ZTLpJgkhHZxqA=,tag:3Pp0apL1vBdfNz09ctgwHg==,type:str]
|
||||||
|
id_rsa: ENC[AES256_GCM,data:na8KTV3ub1Cj30ss/iRJDFRghq1wGWyiE1GAGV2QPLPkJcGMySWQaU1VLtMW4aUVzLT6oG3Oj2tHrnls26VSlgD5dUgO6bJj38w0NqhFrl+FxBQyyeGhkO4/Rgo3m3IUnE4NhcFyxxP9BPXuMrSr82iWk3qaB/NHPSHyf71NT9C/aE/nJKpycj4RSbT59DYF08jti5rWzPnGDmgBO9K5gEtsZgzvVdthjvGdS2JFaV68hxOYWNxfdbBtxMuZNvXsdFhXHUKs6G0L1vA053kT26B/JLQzKG4pxeHikIneEsM9m9syL1OTHtoCqpg++usxxOKCioVgUsrNI0AyQX1Ywfq1l4AXQfQY3MKG9y+1Evssc0tlG4O5wRTojUkcyalcPZ26epLeFJehk3AeBB+uI0l/cSVrmOch+ax5k2UXLldk6qI3e3AT67tM0lIC92QXj3pUKa7qWog9thp1Nle0Gei/rGVY5Qf9jv8UYB7BzHROAzi3yO5oJPVQKMiAUAIOZhnIAGFFKL//3FSoWI3D9n9DWVrqjOM73M1NgKefVCywDQb8Fkgid6BMTArGqUn/V2fRHUS4rQGbsgc0QEl+cBilAXEQFdHQSkWP25H3ppH5Qxtz1/B3SgeR8Xnm84f4ED+F4xeospaV+DN//FnnPehEpIxtPJpB4PWxCRYzyTzXh+/sQ3YQbfOo4pH4yLgdWoR462E35VVa2GaZKG9ykTeRnALMI5hgf0HNW9CIcCfNVfRxxy/idQ7CoMI7QAwSwL433JPM0Al7tUTtUlk25jBh78IcDtHkK2WQeP4n2qTrBWbA5HqTEvPhPh1ip/z0NNsPUI1PoTdiEC56zpwJIbJ76L5+7A1OcJlCUbZXSMkjKnPGU0FIgRx8+qNJDO+IztYRoM5B/6pINbcWaAIFSSnu+zsNfyoZNxxeJJgs1JqQTvfCMM8jhnEWuTG72YscygDoTNWihsF3+Ie5yIX3L9+Cx9NkATjpUZjJFusKzGaY6PZ/UjYjSKDO9yVq8Qk95+3LJl8SAUgIVBKOuguTNbECu4khBJT+qt7SXnR0HfvcJ4VdN8iHZJBZFVJd/sIo3jSNpkQj046hBmN6XjjfHBdSIoBMcNAZQohYKV0Pw0DAsfn0xS25V2+heyKnxsPWpu4FcwXrsADMIuZUMjyos1F2cpK/b3eJCh4JHGTppwIyFVnLvMo0xYGaqn1CtF5Ju6Cr0bJXaDHqfZBWmFDPopPsOGRsNRXAmcO50zEZ8kYg0yPZHli/X/Q6to65+mQL/sgRiodzvJjecctG2G8558/e8gEWrGNCT5fgpUizzo59j517yQccKRsyftKqpH1ZQXQKyBn42JeqAr49IGqTMB3wt6KW1S+5WPUVsZIy0/C7UnwexmBSQ7MOixYybr1rlQClnIroViog2cdNPfQ05fv9Cry1Npo6z76UJRhWSyrXVaBzhBpTSxl0pix/4ZQouMwujb12spzo4PlXYeh039YKFRruSu5NZx+ELRGpeQvcn/FXJODlh63bI9BKb1jNkz77PcUJudrmQxIAm8dmCsyR6m+GizMm17673i/FWmqILLRE3NOPHepM6iyhEYu/WHb48/N9h4hvP0u7Qt0nS9k1FK3Ywbra1EQ3suj8kbF5cJ/jv0TP+WDaybTkzzb5Peb/OoJI6FIW++uvtqSmQ9fYOmE+cllh5cxkybm3LYfio2TLhUm5qclcEO+C0KmQ0PqUDI0VLPc1PukbYFxE/1o6+zpCDHPABItNjim2tAtm33ABooFcpvIBKmKnho5cT6iO5Rwdx24+YGN8pzb9bAsKbDkL+tpQ2R3xjz/lFptcSj3o5Ewee4EetJO03NpZ36qP50GBKT1CSNH1EfKocHIst1hLBL1E11caVEnoPX0mbBaxuA1hTEpIy0gE6axokn/xxkxbOSVu1zLNS6xtwW++L6td3yLfeDadAi0mOyJAkbpP3cZySJBNGxPJIePhC7/ALjhFMNJijZIgVYbv9YCYpHg3AF1gresocoDrQFHTqAWpPWXh1srBPA2Ke45AwRxE4/MDHu/QI4GH+nSX20VkbM53avuhAQrLXflirlDDMVsI0SPOJzEu90Yl3oZif+wXEL2clLUCq36uQCCRHx+Nvw32Ik5IhSo1ayQO0wCObCRT/HrT2ZAJxsHnS86QU+dgHSQcGCEawzUdta7FpoZcOec9ZH1RDPsmpKhd8Ry3rDrxURWoNwTfEZIrYghfuP4jqos+XJpO67sSzvlVW1PSElMTtcXWWoq0H5lHTYRV/wpothkc1MFWCgVqxJ+ynyhg2PHPOwNBas3rGKW3m2VK2rkHW2nnoavHLNNzLkjhyK3HLSdhCz2hzASdgO1Ae2fxgOOmaI04p6dB8un2ciEaTcMp0Q9Jj7+fxvTCVikLTBMeqmLe4gwRSfQ0N2k20vKoevKEX8CtAOXxLHXmRpIzadEFMVHIaaura76zXKLdSC295eWxXyHKDcnY6LQChrZIIbs3ymw9DSNuW0q4t0IcaN7SCg/weKE6ZVhc6Vm0fO0GmAOyTrky42GW/5L2DBxRonAQwOsCjIeUHhaetVzp+MFeQvAxpUEM6kwo1BDk+v1yS4oNGizNR44bSa7EjzLP3qQXcVfHt0FM/bwD2ajMmU4aYfd4yIFROaY89d1KHhnqwIbdeWKZrtxzyDl/b+i45clE+RG9FTRzKFyNCuB5CPqejKDyMa/q9XoppPABrX1MCi/0Q2jiwiir9EFc9rN6hdouU7N8BBt6lNOXycsgoyDB9v7QF+mTmpggfuB4lWmJSt3/vLqlaBOIlWf2LWaSNgm+O3XPUfkaSfa5IvtN5IusU8lfEabH8QY1DfAIIRL0IZfIezVWrnTvjbH8iJd6ZKDqfIN/GY8eItb3355giO4tNXJH//LnJrXFytXqGfxWT7tHLxij4alP9qSaG1DASXk7GOzrs9+nnLATK1Rfe8Cd2mK1n2AKLJeop5iXrAsiKaiRd6gXBciK7n6DZFDPRLb+TZLHoS/Az3QOvsVuoZASwB3CnJF/2GzrljkBH1DH2wpY0F1lGKk9zkqPs3kURs9Y3A0o7V6uf/JtqUA13sQyoY4SqdUHjxFBvrEn+qUe6ySsIgPTysUc/G+uwOcCRuaKCKPMF/tv/GiqSaUV0Otc3rlJwWiiAKLKpc0VXj0nq9Q1aW++h5OJrO1YIfFi8t21JOyLPs+W3kA0Yd9RY30DqWlFtyKrVDa6Sp+J/OX+NkqzgXARGGlaCZIkpIZ8oc7zUAga0j+2Jz8DNV0OZhWEf6zsTVntO7bCGseLeU95YQiwaRX7fopStoO0NydIxNfjp+LiZnLsockeRBuZTmghv6pch7EHNpr4WVn9/qbIQfZCRXOJChu8VB5i7diZXIW0Apr4DpnALyo1GcjyaOjmdyBOQN/mabE8SFLC1e6jr7+uRzFvxfJqka0RQBTbu/XlWcjFrDYSL8Pyg+LmN8yl7f4afl5YEa8mUvZ33xRgHYQvex4hB9EYwaiOe6HaMeAd+dnZouU1GxLblzTDjH8HQeAm+kMW26n4BM+jatz8PQyodGkFZN8zdyA2WE5dasifCYf21MosjwfJqgLTROXguBGPWBebDNI6NuB0Nwvif4C9Wai1r+CFQ3yz17huSfXTLpNaXiWVXAzRm73RpL2M/upJR6pCZOapHqTtQm1yEEBDn2KZuO5nGUIX6uB3ubIrgRBdHDO1mM0Au/IYeCZZlnIHoPzKPofEiVidVk3aeZqlfJ3TGFbKOG9LanjO702P0nvCHNcoQfHyTXghaiDtoHERrCIrRDoOUDDjt16V3EDSsZlNqYyQEw9jZ1cCm7OY26lFWDh69PU8UgV+DfK1aq1Dc/6S8gi4NnodGMGrw7Glja1XKEAzSG8cR6Jr8QErQY3YmagIQmHsdZ4hJxVRu/etohWVpwfw8R/PdmriOxwx+uZb0YFhAXICxSTKVA3ubWaVZRmrebnuyl1iFA9CE9H+e3MOQtnwosa0S4Tyd47gdASVKsru03nTJw1UmhpauXXjGRGq8aUoDi1GNXel8oLWILWQaVSKhdhIWLhfHsVg/TJwtm023fsBi/RBM7UkonikrFJ1s5KgM88oJaAavTUbwRmMsUjfpKnZw+Bm0Yemwb73IP1KPJrU4orVxDjffyzzMAorg6ifGDWHAiTsoSbHXjbCD4W7FxEjtT42spb2+FqPigLHhAVV3TG56CCCMPLRaw6xIi7lCYNVFt1jRUAWNlegzc1fRvBTf8YsqrOToIXu04Wwu3+nG3fcr5+2mWETShPDAd+NDPkxBc+ux3XfM5yYKiRPh2O5HNSX5LQG3zHY7yEU8ZXEiHdZWZPhc1N3wBVNlXh6srkuC3/BWt6PcAyZsDXIrBEc6zY3zbZ4qdYdXazMbhNunaRi3Mlull2CgJquwGsHQY098fUJVngmbrTXHqGMTBCFtCr9+q7vgA42GFevfNsCPLYg9u2MiaZqcmKPY4SWU4U2Roz8fv2BKBpmaxg1e79/sBzmTnjgsy2313D/T2zyhWzeWn1Oq9OeVuqcaELHkaxpySSCw5TkNYvSTwWJxLHw1ccXOQVNdNn1mgTsIA==,iv:8DWFQG4uoooU0U4yKYYiism0p6kGJVd4pwuhVyA7hIM=,tag:zTBz5yhUaM0h/hlR/Yh2gQ==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age: []
|
||||||
|
lastmodified: "2023-07-25T05:01:34Z"
|
||||||
|
mac: ENC[AES256_GCM,data:+L/f2vsSjkpEzb8qUXCusMdYPbQO+we+SpE7sbbiiWAPjbkVgOg5ah3BzXvGIIWzZsXt4/Y5BXfB/54am42/WYQhnfzZdTWvFCUSK0bDiBEuybCej/Y0eGes7WchpBBvIRuVU0jly1m25MmCFXRLR15DjXIbIYeTA1WIsgSsBvk=,iv:pOIwEXCYIhZF2AJ5FcdbrtmWkNOSuTkP6dIVyHNdoWo=,tag:UO+ieaZ7Zdv0JJcBHKBpzA==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2023-07-25T05:01:33Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAzKleRwoSoixAQ//eAJDYoFRZsEMBwInHBRnW6Bu7yVhqnun2f4EVWA8Ob/a
|
||||||
|
+DO3ojrh0oezmQA6Ttqv00gJLNGfsPPgVlF3f9bfSFulTYS37UggIOLpLmH2z4Vs
|
||||||
|
JElLDPgOAsNQ6+PYb92/ErqFg0vhOkDWSw0ILYL6TazQD3hj7iUathyJIW0CoOgO
|
||||||
|
qedmW1/1L3lV3Mg87cRR1gvBK/V20Dx90Y+MGNg88P3IYMIP0mSslNwvA59k61Ht
|
||||||
|
RXL8w8C+Ax6tigaOFlDeaarzDxdIwCrs4MWQYggXMjQzO/ohEfDospRitoxYnj8/
|
||||||
|
LY3BsRSFkIEeYz/ERW+EY23Skc7UGGfWPrvZbj334iceiZ34X8KMe7aU8oh7gkwu
|
||||||
|
bm4FsIW/HAfgcRbVir/3TffFTinqTBMi4G8GU4Q2M1JorkqrOJXtlvzA68b12b5w
|
||||||
|
0pPGMowWN2Xc3HzY40yVQ/9RPmDNBAFCaP3n1QjXz0jBgNOKVwmJKoNxi8m7hM2V
|
||||||
|
KOUseS80v0sDM+gJAwRGhZTmyphLP1v6116Duh8l4ZAhgz3Zw2gJ9nf9kCItL1if
|
||||||
|
g5u7pvpcVwuaxkm4UloZggHan6weHGutppO+rEUu6hM/JlMrtGz5iAQtOG8OdvWE
|
||||||
|
su0KZFRAHUayAltL1u0eQcQVzXQWVvWAgY0f7YYjjxkCygAAR4O+jS+IlTlIBEDS
|
||||||
|
XgGpYLZja758jdjkJx0Rt98Un4MWoXW/3zE2qKHmfQVu9T3uyPIn/ES2tN2O2WDp
|
||||||
|
kmacHAcz09Hfz55MPU7T63yF3+2xqwlNnnxdebXBI3HO9pIXNoKHNO4c55yh1f0=
|
||||||
|
=1D3U
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5
|
||||||
|
- created_at: "2023-07-25T05:01:33Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAy5t8IMoPu4VAQ//TilqHh3NXeTVeHfTv+engCARGuSv6aWIDfSl2PM0hdO6
|
||||||
|
kgvxRubWFbTc/EH7JXZmdNmVYM7vnpSKBuGE2xyc1MxIFHmRgotzz6liM0H+Enen
|
||||||
|
BMeNunT5A3hZ3aZ9iaqUzSCjYgMoQy5XRKuS/DVp+o7qhXLcYBBPxsxLuxanEsE7
|
||||||
|
ZAMc2EYEDY+ZP4csY6RvEYBOjn5QWjOjgo7AGpcji3OsnHYc1RCIud8ZXhLKs29a
|
||||||
|
IkcdKYqRuDob82RivhhqcTjf8iL3LGUE9cR912RSmP5908DvVtOZzY8luw9VSlmx
|
||||||
|
fQF0HKrsN/VXTNZGuqIO/GFzL/21nOxNTgxRAwtg19urQ4/lGvobh0r52lJyX0Bj
|
||||||
|
tEggeZbq1Pa1UOEaRvIV70L73TzjzrQurDoqvbv7Brz0hjR/iu/U3Ry2IlPZNBQd
|
||||||
|
IJMNn9uYuIaO+9EnLwS2Jor9K8GrME51gv52B9RCQgAfC7jHlCmW/qCdcXGkW1Lv
|
||||||
|
l9tOsu/KDL6rNvqzAD0GNIj22m3mJjb4kMYeQxyuzjD+GZcYxpNFGOORhFqfPj8P
|
||||||
|
gelzIHxbH5xJitIqmTYAXgzvVtm0TEEKrUf3yBgd3r2zJtfmwd031PZrCM9XZmbE
|
||||||
|
6kIOUYpx1ZboaLzIVRLbb9eyTqyGlYcVL7Cl1aRtdbQKJPgTZCidzIpBwFd+20LS
|
||||||
|
XgG8Ckst3I0ewGTnokVZqP2bNWTA8KHasdvD69k2KjUqsE1j3xmXZJIqiFq2QAXn
|
||||||
|
zVwtM+I+S4yR+xN0xLowmUYVhh748NxCv3MyATu+EDE0v9OSrk3qiAkndFm9Z8Q=
|
||||||
|
=Cds7
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
version: 3.7.3
|
|
@ -0,0 +1,93 @@
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: dendron
|
||||||
|
namespace: default
|
||||||
|
spec:
|
||||||
|
interval: 5m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: app-template
|
||||||
|
version: 1.3.x
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: bjws-charts
|
||||||
|
namespace: flux-system
|
||||||
|
|
||||||
|
values:
|
||||||
|
image:
|
||||||
|
repository: oci.${SECRET_NEW_DOMAIN}/seanomik/dendron-codeserver
|
||||||
|
tag: v0.0.3
|
||||||
|
|
||||||
|
imagePullSecrets:
|
||||||
|
- name: orca-puller
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
ports:
|
||||||
|
http:
|
||||||
|
port: 8080
|
||||||
|
|
||||||
|
probes:
|
||||||
|
liveness:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
|
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
|
||||||
|
hosts:
|
||||||
|
- host: &host "dendron.${SECRET_NEW_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- *host
|
||||||
|
secretName: wildcard-main-tls
|
||||||
|
|
||||||
|
podSecurityContext:
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 10000
|
||||||
|
runAsGroup: 10000
|
||||||
|
fsGroup: 10000
|
||||||
|
fsGroupChangePolicy: OnRootMismatch
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
data:
|
||||||
|
enabled: true
|
||||||
|
type: hostPath
|
||||||
|
hostPath: /mnt/MainPool/Kubernetes/dendron/notes
|
||||||
|
mountPath: /notes
|
||||||
|
user-config:
|
||||||
|
enabled: true
|
||||||
|
type: hostPath
|
||||||
|
hostPath: /mnt/MainPool/Kubernetes/dendron/code-settings
|
||||||
|
mountPath: /home/coder/.local/share/code-server/User
|
||||||
|
ssh-private:
|
||||||
|
enabled: true
|
||||||
|
type: secret
|
||||||
|
name: dendron-secret
|
||||||
|
readOnly: false
|
||||||
|
mountPath: /home/coder/.ssh/id_rsa
|
||||||
|
subPath: id_rsa
|
||||||
|
ssh-config:
|
||||||
|
enabled: true
|
||||||
|
type: secret
|
||||||
|
name: dendron-secret
|
||||||
|
readOnly: false
|
||||||
|
mountPath: /home/coder/.ssh/config
|
||||||
|
subPath: config
|
||||||
|
codeserver-config:
|
||||||
|
enabled: true
|
||||||
|
type: configMap
|
||||||
|
name: dendron-config
|
||||||
|
readOnly: false
|
||||||
|
mountPath: /home/coder/.config/code-server
|
||||||
|
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 1m
|
|
@ -0,0 +1,6 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- ./dendron-secret.sops.yaml
|
||||||
|
- ./dendron-config.yaml
|
||||||
|
- ./helm-release.yaml
|
|
@ -19,7 +19,7 @@ spec:
|
||||||
command:
|
command:
|
||||||
- /bin/bash
|
- /bin/bash
|
||||||
- -c
|
- -c
|
||||||
- wget -qO- http://fireflyiii:8080/api/v1/cron/$(cat /etc/crontoken)
|
- wget -qO- http://firefly-iii:8080/api/v1/cron/$(cat /etc/crontoken)
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: ff-secret
|
- name: ff-secret
|
||||||
mountPath: /etc/crontoken
|
mountPath: /etc/crontoken
|
|
@ -0,0 +1,123 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: firefly-env-secret
|
||||||
|
namespace: default
|
||||||
|
stringData:
|
||||||
|
ALLOW_WEBHOOKS: ENC[AES256_GCM,data:qdisaso=,iv:rT7WID3kRMPEGmWJepNmrj1tutxsT5Arw5AN9oVFoXE=,tag:jkYkRaGLEB3iBEjEVIAVCg==,type:str]
|
||||||
|
APP_DEBUG: ENC[AES256_GCM,data:Jyo8QmI=,iv:Gq2Ldh+H+oturcglphQb7ERHX8jD/5j01qtEJDRPAn4=,tag:m96oouPtT9J5zQHPs2QaVw==,type:str]
|
||||||
|
APP_ENV: ENC[AES256_GCM,data:19kiyms=,iv:KLwsQOsDvg/7f18FEsg+e2rgnXSbsxwSNbItmgLGy8M=,tag:mUX/UeXFi0eeZ68bsJpq8Q==,type:str]
|
||||||
|
APP_KEY: ENC[AES256_GCM,data:PI70apm/K8/1el4lW3KR6wLgBDgj0YAQ6KwngqxSv2Y=,iv:S7xrpAeY3wM3moCL/i5R045yst7Zz8ahXbLyNfvacZ0=,tag:hOXR1kKdxVoQxZyjZu+ajg==,type:str]
|
||||||
|
APP_LOG_LEVEL: ENC[AES256_GCM,data:ZwJTcn8y,iv:wk+jX9Zp1TTn1EHv0OLgt+0alm5JBHdWcEtIn1dTI6o=,tag:gR1Ls7dFGyt4hKGiwLU5wQ==,type:str]
|
||||||
|
APP_NAME: ENC[AES256_GCM,data:yfd2OQk6NvjKcA==,iv:jLL2Dt0YlWODwCKSnqR1yuSWJsKySQNZY/pEfxi5jJM=,tag:XoHlMsMuRG6S4Wm0PVjtBA==,type:str]
|
||||||
|
APP_URL: ENC[AES256_GCM,data:+bveNLjanPPMkoMrDO4KsA==,iv:xQWHzRKBMBumi2bFCUKoWLRiuNNV3HQLv1WGEiZ6RRg=,tag:h9IF4XwIK2P8sB4V1Su5Ug==,type:str]
|
||||||
|
AUDIT_LOG_LEVEL: ENC[AES256_GCM,data:OA7nqw==,iv:9BcE5Bf9QDf3kzA4Xbf0XkbkFjGAv6id7vdSI12wRm8=,tag:QN7o1eEbGSTvrGGBzzouSg==,type:str]
|
||||||
|
AUTHENTICATION_GUARD: ENC[AES256_GCM,data:wsQZSzAP0hE4o9DAwNtwSEM=,iv:U6513HaOzDDlCehFuSs8ey0KFWup9S8tAYiSX89EyNg=,tag:i5q9W6uglFZ9bKc2f4QPvQ==,type:str]
|
||||||
|
AUTHENTICATION_GUARD_HEADER: ENC[AES256_GCM,data:0GfWuR+1RhLsED/T5iEDYV3tkmx2wA==,iv:x/6xxFAv5+J8e55a9JnIZ49v/FJRL066rSf2bBxhHHU=,tag:hAhhsDDMeM29b8iMx3xwqA==,type:str]
|
||||||
|
BROADCAST_DRIVER: ENC[AES256_GCM,data:2iYs,iv:5oeuA+08uDRSJyLwwkdFC2q4LZKNs2OSoQjsnIX0aYY=,tag:m2ybfxtY98j39sBnax7IVA==,type:str]
|
||||||
|
CACHE_DRIVER: ENC[AES256_GCM,data:2lv9YGE=,iv:xuk6ih2wApMuWJIlm9clwYCnMR973lG7EOHDUZtlDvc=,tag:cdEh6/zAZ+7IcQMvHojgXQ==,type:str]
|
||||||
|
CACHE_PREFIX: ENC[AES256_GCM,data:OS/jr/Qo5A==,iv:wLeRO4uAo+HHB/1tK3m4MEeefmMRTc0+aTYuUGGrYyg=,tag:8cv8oxfwMkTeZ8+JsCoWVA==,type:str]
|
||||||
|
COOKIE_PATH: ENC[AES256_GCM,data:pQ==,iv:5QR02hlvi9n/gl6LLdSR2HSybzohlCisq51+QzUJv1k=,tag:hpwUD0ctU0pX7S+V6UNz/w==,type:str]
|
||||||
|
COOKIE_SAMESITE: ENC[AES256_GCM,data:HNlS,iv:f/kbAOVyWFEH6yKr+N3zM+9tNQQCpQA7/iKAg8ejFdk=,tag:g1rmzfnWSYIzxFJA0l/uUA==,type:str]
|
||||||
|
COOKIE_SECURE: ENC[AES256_GCM,data:fxJkE2M=,iv:0JXgzyybtMtIgxh6VSwAS5oehpVMFkLKvJFOBDcwhVM=,tag:RAhNUuJKOho6bvXJyNT6cg==,type:str]
|
||||||
|
DB_CONNECTION: ENC[AES256_GCM,data:Y7b+kts=,iv:1vZBNoO4O0Z8LPH3ZPSDpx49jtbQOEl6+BitbKyat4A=,tag:eOUpSlZGZKM0LPHdZMjb+Q==,type:str]
|
||||||
|
DB_DATABASE: ENC[AES256_GCM,data:1rRtAXfMaA==,iv:vErtoqpi1KsHVL0nQ6x2MVNe6JCKxjCxivXXjtUT6Uw=,tag:AYxHWADlGq4NHbcVx8QcHg==,type:str]
|
||||||
|
DB_HOST: ENC[AES256_GCM,data:sjYDEi8q4bAgpdnxin6yDBtNJw==,iv:6rxqBNvXSsE+2oxWbwiztmlxtKP8C0aeYMdmuGTyF/g=,tag:lRB3EwV4vwa64CI3xqi2lQ==,type:str]
|
||||||
|
DB_PASSWORD: ENC[AES256_GCM,data:PeysFTbHeZHTnkn0XlJ58AMZbS3EzANUQ8UnhQXRIoU=,iv:NM8c3dx8TlQkPVJGECnyg2L6JM7CQwlx/LQ59x15dY0=,tag:xuLow/AXp+yOUm4hO2527g==,type:str]
|
||||||
|
DB_PORT: ENC[AES256_GCM,data:yXp98w==,iv:a/jbQI7/3QMKaSJRiZGhdYBzdIzyNA0M3sL83bD/1is=,tag:PxauXvxyQlNo8EaFMzdjKg==,type:str]
|
||||||
|
DB_USERNAME: ENC[AES256_GCM,data:UOz2K8KusA==,iv:75KRLL7F0mtzESvfvVaIJiBqAz1i8JIcS2VwAMm3KVE=,tag:HmjzrLg4hLuAjQ88U3CDbw==,type:str]
|
||||||
|
DEFAULT_LANGUAGE: ENC[AES256_GCM,data:U2qo/Z0=,iv:duSb5g58hXy+BjmU51cWVc2APmz/THtQrmfKyWJL8Xs=,tag:3578FhaZxtyLXjFOJA7sVQ==,type:str]
|
||||||
|
DEFAULT_LOCALE: ENC[AES256_GCM,data:DX3VePo=,iv:d3P66DEPoI3yiZj00YaYVEsu9zCSQ+Nz0vCOxJjfkNk=,tag:JNeGcODHleBBOJrewOWq2w==,type:str]
|
||||||
|
DISABLE_CSP_HEADER: ENC[AES256_GCM,data:mS45ZNE=,iv:7twp7yAggJfGDKnoqoi4OY97uMQuOq1Y3y6LFst9qFY=,tag:mselnIDI/OzNplWsdq2YlA==,type:str]
|
||||||
|
DISABLE_FRAME_HEADER: ENC[AES256_GCM,data:lIO+3IU=,iv:/jCBrh9pxsNouU+glpvXqEXI3veHsqaHWkSDEJcJzHI=,tag:JHWUyPl6Ir+XczlkEm/xsw==,type:str]
|
||||||
|
DKR_BUILD_LOCALE: ENC[AES256_GCM,data:43nBSlc=,iv:pylnsBF4HORItmtHxLxaXjojdyazm1rseMtqgTwwX8k=,tag:mi7eWamr3l/H+foZUJYsJg==,type:str]
|
||||||
|
DKR_CHECK_SQLITE: ENC[AES256_GCM,data:TssvPA==,iv:N6kVxo9w7pjUy5PSt0nF3yPS7imaKaWbizPZdMv7rKQ=,tag:DpWzkfkFbFaQpuLTirsP1g==,type:str]
|
||||||
|
DKR_RUN_MIGRATION: ENC[AES256_GCM,data:6+nNEA==,iv:TxFrPKxoaN/neoRK09F5SJswfh+ULHw/tFQz+ouOOsU=,tag:UsMPAYDhgccBtBUAXxTNaQ==,type:str]
|
||||||
|
DKR_RUN_PASSPORT_INSTALL: ENC[AES256_GCM,data:rA1uHQ==,iv:TKV5pRA65C8FNHOrpzx90qA7maX5ld3aLCv/PrQamII=,tag:bqtT9pqHILiV1AEzkkYk5Q==,type:str]
|
||||||
|
DKR_RUN_REPORT: ENC[AES256_GCM,data:bqE/+A==,iv:PWlGji8/zVoosDeoWaTG4f9rDJwKOilwENI1JtzatPA=,tag:cHCeTgnB7c0TZ+9bSxFW4A==,type:str]
|
||||||
|
DKR_RUN_UPGRADE: ENC[AES256_GCM,data:76w+1w==,iv:XZwFW5WoWRBhfgM8Jf71IAEsWJxaWj6nmzh4arjV9IY=,tag:wm49cS3mMPPj0l7rNRm7nA==,type:str]
|
||||||
|
DKR_RUN_VERIFY: ENC[AES256_GCM,data:GE3u0A==,iv:hZc9+yCN781Hm/M6UrzAnFELJopG/m0PTaHCwJuK4Ic=,tag:SwJ/ujTY9VsrS8payg5FbA==,type:str]
|
||||||
|
ENABLE_EXTERNAL_MAP: ENC[AES256_GCM,data:jwbL3WE=,iv:EmuPlxlldYIK57w44oeiOUx4dNUx88avn/MXGw0khqk=,tag:6UqgxY3eTE/DQ4znx5NNzw==,type:str]
|
||||||
|
ENABLE_EXTERNAL_RATES: ENC[AES256_GCM,data://NWaSg=,iv:l1k7TLg2d4impHiGyHtVmXFBpHSK1X+MIIMEvqHmFCc=,tag:7FX96H6R+ez0corFjpzoWA==,type:str]
|
||||||
|
FIREFLY_III_LAYOUT: ENC[AES256_GCM,data:KGo=,iv:xvBorcd8fPvlGYeomuexZBtORPc7LJRII9pYP1ZNBsg=,tag:ibFX6k0a12rXElxRODc1YA==,type:str]
|
||||||
|
IS_HEROKU: ENC[AES256_GCM,data:Ffu4Sro=,iv:Q5txv1a/DcH+Utlr12zQJUBy4vlcdxcHFsNDWuWVOeU=,tag:NTay0IKz6s7a9dFpx1BZ+w==,type:str]
|
||||||
|
LOG_CHANNEL: ENC[AES256_GCM,data:Njfav/E=,iv:xwccazZYrtARU7xKooAnBKJcCDJH5xUSN0C+nIs8Pos=,tag:jI3pelMMZQQ37uuUmUmENQ==,type:str]
|
||||||
|
MAIL_FROM: ENC[AES256_GCM,data:ILVOrph55Ku8pIfsHtU8DjMuUjo=,iv:c4wzRvDugyRUbKZKq/fgQ2eP3CJ1wJzkQo89tBCZ0WU=,tag:tx2lUsnCBbYIk0h4gL/CBA==,type:str]
|
||||||
|
MAIL_MAILER: ENC[AES256_GCM,data:rdoZ,iv:NBi4YtbtTkDJHQmXBu9lGUfCWhfRgtYLI3UCayMpq2k=,tag:o+cXYLXlJ0bWVQAPr85CJA==,type:str]
|
||||||
|
MAIL_PORT: ENC[AES256_GCM,data:lffjiQ==,iv:GsZWiMZGuhpPJfX6vPcr3PKuq2YXS3oQ8v8NojufyKk=,tag:rHcfDoLZdU5wCQR4g/qV6A==,type:str]
|
||||||
|
MAILGUN_ENDPOINT: ENC[AES256_GCM,data:rrw7Rwjo//tdEyxN98pE,iv:3aeAQM4RV5hDFfZ08voXgk7IrejoM8YACluo75AmRrE=,tag:cAmTiI0vPAnY7NX+YlM6Og==,type:str]
|
||||||
|
MAP_DEFAULT_LAT: ENC[AES256_GCM,data:i8I6LaPPLFoi,iv:sG6dP5GS2G6kGXEsn8P3KJmyEThJ73WIN2gkMJwNDBA=,tag:uefjbg5pZdIIONBklcsSyw==,type:str]
|
||||||
|
MAP_DEFAULT_LONG: ENC[AES256_GCM,data:+ESO4h6cGSE=,iv:hAFNmDfc6XWnQbpLQXjUsdZSOwPu964MlFBXYsNr9O0=,tag:iXfs5Z+Ojojzp2H2u1kHxA==,type:str]
|
||||||
|
MAP_DEFAULT_ZOOM: ENC[AES256_GCM,data:zw==,iv:soYKokimSKxSS0x9nM7GcZfpXtwxjuXVls+KFh61w30=,tag:ryX2Rj1TakKRfynh7bFEtw==,type:str]
|
||||||
|
MYSQL_SSL_CAPATH: ENC[AES256_GCM,data:Mo68CXbhV7kK5ZGi5MS8,iv:pVKSl5Tu8xzZVk4FX0DIA3vpVYZ9V0RXtfkoUTYeAAU=,tag:bez1DYHFlOn5TZ/oz7F6fQ==,type:str]
|
||||||
|
MYSQL_SSL_VERIFY_SERVER_CERT: ENC[AES256_GCM,data:DT7Jow==,iv:ZEOzfc0IepdvDNo2vWanOsYAT4EGLvFnSpL8qiiOwes=,tag:eEilJ8cwgCer7H/8qpDPgg==,type:str]
|
||||||
|
MYSQL_USE_SSL: ENC[AES256_GCM,data:rsKgGpE=,iv:nEJbHiaqOvVauAtCyL6uvfmkAmgvjjSFb28L3/j1PmU=,tag:6d5whsZ30buXkc0W4+5JIg==,type:str]
|
||||||
|
PGSQL_SCHEMA: ENC[AES256_GCM,data:pmFdRyiy,iv:mYXXlj7R7T3RTuK7QNRKiY6HwCezQYaMpn6de0st+FA=,tag:xFs7kAnFuRjDVRjKyyrJOw==,type:str]
|
||||||
|
PGSQL_SSL_MODE: ENC[AES256_GCM,data:/spE//X3,iv:qCBP7fJVFixBrB1ApGti1Nq0S87RcVxpHqmPBW9GuWU=,tag:MyCEseplfPX9PNdoqGLvmw==,type:str]
|
||||||
|
QUEUE_DRIVER: ENC[AES256_GCM,data:tTmRSg==,iv:2KdDPsJ9PlyHsVsFdknC7A4cShE5bBBpRxWslF/0wgY=,tag:7QN0MlfyoDyukmAgmgQvxg==,type:str]
|
||||||
|
REDIS_CACHE_DB: ENC[AES256_GCM,data:9w==,iv:MKfWJO941vxlJ0VP/0ob9JeFnHkI+okOkd/ifxkbKTA=,tag:PyyjVTRCUSvZxpHekP9ENQ==,type:str]
|
||||||
|
REDIS_DB: ENC[AES256_GCM,data:Bw==,iv:h3v/+cO1W7eGDAGjVtgeDh8UekMg+ZvIRkNZx+iE/Es=,tag:nF143FAtE181ZJfAjtau7A==,type:str]
|
||||||
|
REDIS_HOST: ENC[AES256_GCM,data:7hVDI2P+443UGlw/jyBFmNTDBM2p,iv:sbLD+/wdDEiKYpR3ttrey6HTlI5n76trH3wZjU7s3uQ=,tag:qZP1nb9+tOr7Lm4i9HR4wg==,type:str]
|
||||||
|
REDIS_PASSWORD: ENC[AES256_GCM,data:/i9UM5Cx6h61xbDQ//ocmW1BtmT0LILnwwemOwaTTkw=,iv:FINFRW1006Ljnb1JSi+Ctae3Jw9xR5EW73Ut8FCNfHI=,tag:+6raDqY1TgQQgbkcCcbCLg==,type:str]
|
||||||
|
REDIS_PORT: ENC[AES256_GCM,data:ME1O4Q==,iv:FhqTqv645wnhhQdGW0IsemeXOlJuCKjbMa3tBw0kueI=,tag:b7TdkDklkFwE/X3lE6XZGA==,type:str]
|
||||||
|
REDIS_SCHEME: ENC[AES256_GCM,data:puE6,iv:XvOpz9QO7Fn14bbHT8L2p0HquNxIzxomN3Bg3K2NOQY=,tag:qerZcGVGKXW+YAyj6RK9Tg==,type:str]
|
||||||
|
SEND_ERROR_MESSAGE: ENC[AES256_GCM,data:9xoXVw==,iv:m20IvyDsNzw7v3U8Ai34MhhxrIUGnU3OK9LHwZAdlJo=,tag:BgrhqBiqc9RYo9EzOCvSsw==,type:str]
|
||||||
|
SEND_REPORT_JOURNALS: ENC[AES256_GCM,data:+ErZjA==,iv:dcrc2+U7MoSBQ3b7w2qe0wIb50AbLDQ8/N9TK03ub5o=,tag:ub6+5g77qZxq8IjxDmk7og==,type:str]
|
||||||
|
SESSION_DRIVER: ENC[AES256_GCM,data:QlF9bSQ=,iv:I1cjDE4EFVG166ISZaNuM0eFMs6U55y7LUl2cVIONrI=,tag:VxKEC67A3Y0IRNKJ/nZV0g==,type:str]
|
||||||
|
SITE_OWNER: ENC[AES256_GCM,data:KbzTQ/QdlMmxnSDr1mCo4EG9,iv:287MEAzZFE3+zp3bWWA5Y2u3w7iQH+7AAZ812I4Elx0=,tag:TlljmsgLww7EJIBMdDrKvA==,type:str]
|
||||||
|
TRUSTED_PROXIES: ENC[AES256_GCM,data:cAU=,iv:MBL/z8pmM2CxlDT1sY4my2gC3jsDo6O1NSa11w3en5U=,tag:zqzHOR69HT3+U7tQOFQQSw==,type:str]
|
||||||
|
TZ: ENC[AES256_GCM,data:45gLKxH0OsAfMPkgnjKgWQ==,iv:P9CUovVI4WSfZi1nyFHVzHJ7Oioai1FUZRcgBNhQb64=,tag:S7IF8Oxg7hYNcT0mcgkg7Q==,type:str]
|
||||||
|
STATIC_CRON_TOKEN: ENC[AES256_GCM,data:1xck+8s3ifQmregeKU6891pErxZy86fO0I6XPE83l3o=,iv:XSsCSJkkGwG12f2lhd6IDl07OLVCW8J/945acFP99lA=,tag:XNxSQGyHvR/6/A3EVT69gg==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age: []
|
||||||
|
lastmodified: "2023-06-17T19:05:29Z"
|
||||||
|
mac: ENC[AES256_GCM,data:GWtQz5/wKpk38ZYLwn+kGyCT8hFo2SmoaI9vuEFju6N9ipJW1MNQONqTx/Qa8Cje8pT7xIxdoTf+23PaFG91v/gcilMCYjE+OFnVBk80d6ZBTXiSmoQ0DYO3hWiXyMfXTJ1OPqExOkY09QSAfXOrN0JphnWpPNZnaVuxMJZS/Og=,iv:/QbEi6hhsPpeSa5bOxPObP8UUpAwA/I6wU8VXQ6NcOc=,tag:FYYj1y/zTl82SVva0oauuA==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2023-06-19T18:36:01Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAzKleRwoSoixAQ//So248m5bmfJG0gp5ZIAK2dVhH44xEg/6yzZ6TC9W4px2
|
||||||
|
SPqB+gmwswX64NGcGZQ8LQZExyy2poxh7lfQHIdsv2QSTbf0vmOZqG9L7Fv/DSU0
|
||||||
|
EnUpt04K1yyVyW09tlcE/SIyMy9HhWyH0vZfwqHc/pHnaAhZKEuBH+kFiNPz4Bfd
|
||||||
|
xtXeieOGYV9ois2vM2NFNohEagrkbpMb8ZEOrWlB8+ZJZhkIeNc2kA+w0n0TEEtR
|
||||||
|
WefrBwear6YloK89hEfWRdJYksfKvOsU7U+L6MKpMxqGBIpLIV5kTifRAt8pdrNX
|
||||||
|
m7MY/laTWcqTp1VXUMZQUq+tCa/jjIh4MDvmzGcrRfhSLDvkFz8W43yHvy/hTKgc
|
||||||
|
nes55vhrWK9ABcZ5sZ3xdfH3ys3tODUsUkaLALaCbXUdg15cQRwvdNkgHou/oY26
|
||||||
|
jAc38EpeBEtIpkH+nBHLgbflFkElqOcpcS/5OR4mL0dGQ0EhhYTzxES+jcVYg9ka
|
||||||
|
Na163uPvhNnFNMUACKsDU/u2WngU8B5ISjlsiX9EkbKqDgHrLSJywKcoYESgnU/K
|
||||||
|
q+24HIFH8cmghRYJZ7SXDahsEw8VrcqQEWTSMM4YnwJeBZH9pjeUK6RySLHxK9F7
|
||||||
|
rK2djzc6so2Lk/AhYot9FNNwXWqrBKQq7kjFF8Mr6ALydZgst/tSBPtpTxpADZDU
|
||||||
|
aAEJAhDuDefWmaUMfyK+B21JoUTJtAp1icQZrIFg+mTH+qDWPXdpM1qsaci59aq/
|
||||||
|
vkML3TwjiytUNRMVORlLPv2z8adUuXIgPx8yEclTxCDKM3bqIfVs1xj2GAItyO4K
|
||||||
|
XYBV8oIdHegO
|
||||||
|
=GI4b
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5
|
||||||
|
- created_at: "2023-06-19T18:36:01Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAy5t8IMoPu4VARAApwoZ01GS0soprXAf20Ye1XQVLIFvIuYjub01ibNZmb3m
|
||||||
|
uJiPyClzMqcjy6TKWvCc6sT1W5DQ3aY9E1ARhgwR/yaIZ31WvNcnLczaOACHPlaW
|
||||||
|
7e4o9tauN8CYpQqPmTxDyQehKe1EbWqq+63FRAUV0+9qEY/ACCwNtv1HCa2dgyto
|
||||||
|
0I6v/BmW+KJ10iGCsRv8g5IgPSjYT66a2fsDg24kjtqygHwZ5BPe6xUBJ7zxCmVT
|
||||||
|
z/3WKaNx5Rdv8l45QQcl2fe1qNNdljJNgowCq23uODcQPJPGEY4wOeYHOlGTKE+E
|
||||||
|
JojnysVUhILhZtTZ5/AcP36RCzMDGQX7wYtvwh6bgf4qf4InX8+O/WK3u+jOreUl
|
||||||
|
zbcy/lB7bsQ0usZNPsfy2Qh2LPlziBce9JtkPnWXBwS+lZUCXKDS8pizmj7DZnlo
|
||||||
|
+3L1f26rn21ye/iOyBArzVmqI4QLJzHJI7l6TZgvvv1dZKHyLW5jCHSq4f098roO
|
||||||
|
kIKxRThFvTZ9jqM7uDYGiAsGt1L7p+HJRY5WdAVGEaL8jWADW7jjF8qTF3BJ05A9
|
||||||
|
OgnRxIew6ofB5WeYSrU5dn5di6pTNI6bqHVHbZf3BTrGwdpqsAcniUtDM1FAdU/4
|
||||||
|
QtB7tXNAYV+ZTDez/MMm7l1xKS6FpPbM5ZUtrcv27I51e2HAyYSsj6FNWWyvXEbU
|
||||||
|
aAEJAhCfDkAnvink2rBria46BR0IPWSLaVEpnusa/OED/Xw4EEgiFq3XonPTHaqG
|
||||||
|
iXSfeD0XauMxpLan+YesEv9SRP3ef9iX5OGNwVPpIDlkOyUztBWtf3I7tP2LCf2p
|
||||||
|
/GKlxeQfAlpx
|
||||||
|
=zWYo
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
version: 3.7.3
|
|
@ -0,0 +1,73 @@
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: firefly-iii
|
||||||
|
namespace: default
|
||||||
|
spec:
|
||||||
|
interval: 5m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: app-template
|
||||||
|
version: 1.3.x
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: bjws-charts
|
||||||
|
namespace: flux-system
|
||||||
|
|
||||||
|
values:
|
||||||
|
image:
|
||||||
|
repository: fireflyiii/core
|
||||||
|
tag: version-6.0.19
|
||||||
|
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: "firefly-env-secret"
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
ports:
|
||||||
|
http:
|
||||||
|
port: 8080
|
||||||
|
|
||||||
|
probes:
|
||||||
|
liveness:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
|
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
|
||||||
|
hosts:
|
||||||
|
- host: &host "budget.${SECRET_NEW_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- *host
|
||||||
|
secretName: wildcard-main-tls
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
firefly-uploads:
|
||||||
|
enabled: true
|
||||||
|
type: pvc
|
||||||
|
accessMode: ReadWriteOnce
|
||||||
|
size: 8Gi
|
||||||
|
mountPath: /var/www/html/storage/upload
|
||||||
|
|
||||||
|
# podSecurityContext:
|
||||||
|
# runAsNonRoot: true
|
||||||
|
# runAsUser: 10000
|
||||||
|
# runAsGroup: 10000
|
||||||
|
# fsGroup: 10000
|
||||||
|
# fsGroupChangePolicy: OnRootMismatch
|
||||||
|
|
||||||
|
# resources:
|
||||||
|
# requests:
|
||||||
|
# cpu: 1m
|
||||||
|
# memory: 275Mi
|
||||||
|
# limits:
|
||||||
|
# memory: 500Mi
|
|
@ -3,3 +3,4 @@ kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./env-secret.sops.yaml
|
- ./env-secret.sops.yaml
|
||||||
- ./helm-release.yaml
|
- ./helm-release.yaml
|
||||||
|
- ./daily-cronjob.yaml
|
|
@ -0,0 +1,64 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: gitea-secret
|
||||||
|
namespace: default
|
||||||
|
stringData:
|
||||||
|
GITEA__database__DB_TYPE: ENC[AES256_GCM,data:CxKLDkwWDro=,iv:vMzk5XUyeiUog3uaNWQi3YKOpnhUTUbZLWi8aQe1GOI=,tag:cIa3sjnmZZeqf8RkHaHyCA==,type:str]
|
||||||
|
GITEA__database__HOST: ENC[AES256_GCM,data:SPy0h0kvhTMzbx7IhmOrOZ2RfVF0h2E4,iv:YvrmhhZfPGzjuuppfBumrKjQzGAwmScZ4Kv88bTRTa4=,tag:xnrGbDv0XwhYrCeJ3l+Cvg==,type:str]
|
||||||
|
GITEA__database__NAME: ENC[AES256_GCM,data:K1lM4P8=,iv:5sN41GkSZ4sPLwIyVjiy6JNm20WFq3qNYFZ1gWfqG/4=,tag:hBoBRIgae5QRoMirGgEWmg==,type:str]
|
||||||
|
GITEA__database__USER: ENC[AES256_GCM,data:aQvMk8Y=,iv:SaDZ5fWWbhu66BqYJ+KKs6/zMrdTDoDZvBQKd2IyLck=,tag:4z7jRIT158aUxaOmYWewAQ==,type:str]
|
||||||
|
GITEA__database__PASSWD: ENC[AES256_GCM,data:n6ywTKo/Eb8JU9/MBvwlbLxcPJp1VRRrMKniktMZjS4=,iv:c7DSl3ReYNWoRN2TPeGkxIUo/OXz7EtKr416nBtFUxA=,tag:zEf7GhN3RNkfbSn13WA1Yg==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age: []
|
||||||
|
lastmodified: "2023-04-27T23:49:11Z"
|
||||||
|
mac: ENC[AES256_GCM,data:tAs7ev9V8nwDlpUeYC6D79gpT2IztnIppycM3GSmiLwock9XrJilAyaahd+OdmLQXjEqqqOZjLKVCm67xf+3jiPFkmCsIfP9A0incrySEJBVsum9/7i3nbUTf2tJyhj7mlex33KG3Arsinx3oPfY1U5QykYBBLR6dEan69Vg6Fc=,iv:IrrJnQgpyGW6B2Nu2IKetT279/WRDU9yG/A6r+5gtXo=,tag:ZXdVSvVsP3IJECSCguSdVw==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2023-06-19T18:36:04Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAzKleRwoSoixARAAgNVBrn+y64VuYMkJBTyBQBE3REx7MR+OlX1Rw8gSsyIf
|
||||||
|
A9sSQsNEGuiOVAovuoDbz5uOCEcu6FBh1i17NEQj1f4VYQJ4W2f3+SFkRqfXmXgJ
|
||||||
|
CEW4Ho5M4q30Lztp+8qy4coP6we7KkiFrVdyfWhFhI+J27D4VBpmlRszdDzjKSWn
|
||||||
|
iQ9EYIxSbTnTZlo/79XNB5vmb/JIQz6K7PKjd2X16VJNp/Q6iIJ4pYFD9F0qsnTJ
|
||||||
|
lfeo38cuKYkbx026hg91uTJKRnoKtpJVFmcvZ206/4o3ACp6pMbOMMREq273aFfn
|
||||||
|
c/da8+rpTzK9h2oSLRJA8Xeo8Ki/40VxVerKhxzEFeeV+SGXHSW8wn9hjbq1PFrd
|
||||||
|
9CM15YGBE7ikgllbW87SbcN870Zfo9O8aNSrLFtVYkBVNQGBuJ8WKKLGaHYY9LMl
|
||||||
|
9jBBaNRQG0vKCZ+72cDVLNa+M0U7IU8PO/G05ksHZUFPGLOXIV+k8hzFbcQ+Xy+l
|
||||||
|
2ofNe6v6PDG3kI6V3epizzR4x+zXF4LOKZe124PuQTLnuaAEUQzZfMGHHr9QsAae
|
||||||
|
PmaM9BWZ39pwKETWIDnuYwI5gdJdIBQjNIpCo13qZBk85k36RhoY/TO9Gs6iCyot
|
||||||
|
qXY6TraqnL5o1pda8gDBdl5PvB1A9K0bYF/KZYG3tVz0oFb+3QPNkJ2ThNqwji/U
|
||||||
|
aAEJAhCF1XMZ7b7KXIiArVZU0aWlr1ft+nHLNjQHaj6+8F6trh+Zz3acnvk8YLaK
|
||||||
|
7RweedA8WMtRJY2gRpZaPU6XVLt8IZmnKGSDoAf0mi6+9oCttadxz7Mp1Cvd3sgX
|
||||||
|
ahD5a4xk5FiZ
|
||||||
|
=6Lqx
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5
|
||||||
|
- created_at: "2023-06-19T18:36:04Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAy5t8IMoPu4VARAAir4hbzyy5fcgrdFcTPcI6uyVRoETFz7VfSdo6pl6zOYc
|
||||||
|
ZYSDO8F+Hg5PBCHbE6LrTf1lMXtRKTOI4sIXGisACd7xdfDXvdvmBTuntovpk10L
|
||||||
|
4uj/umXjxOZVUyQ6642EU6FgxfNYKBOSR2lXoKtXh76GWOBPQ6uKF1VAW0MzFiXq
|
||||||
|
OFgt4U4KqTQoBdb4h8or+z1Yvp9U0hY1JDOUVzT6ymXxzjvjNcRLFpYxbaWynkG/
|
||||||
|
n1NkjY7nMxaDwcZowDfinNOD9VeIvZXthYr3eFuRzxHB8vKZlBLce4YpUL7lT56V
|
||||||
|
VQxt5h9gNJiXevuKUrLB9rnEPUBIqhf5RNH+qa/w7c4VaQlGj6p0Ns6giS+mIjYX
|
||||||
|
6h0yImGLnwCAbLgotVrUlir6a6Qodbote8LKa4G5hIKkF+O6gKjWZ+R4aO0OEQv3
|
||||||
|
tnTptRdVHA0oDiVXJk/RrFQHR7xo24AFAs+OXoBmMUrl5YxigV+qmWG1fnCNj1/l
|
||||||
|
TOMIM2hd9Lbz5iS8TZwKfpoZY8BJQNcd1Wab7F1KboGAAnCRLezMKmVDRzOQ1GIu
|
||||||
|
tY9ub63JqwQ1LgDKaLxgyflixPj+1460Qw2wBK5bT529QZ5EMlUIucKlF1MPWo1t
|
||||||
|
NGRXYR+gI80bb+tq5KvItL6s8JfJYm7HcqslT7/mCepJqCMulGh31Yai6NR+lQrU
|
||||||
|
aAEJAhAPp1uMcNtvlDzZ5ETnOxY39UV7h7RmWXvl5JsfYWXD3E+8O2hY5Z3u8viD
|
||||||
|
K3g41eXvY6+d6qyRQEzrkdTVQVU3bjxxp5cbkSrVWlZa93CjYR4Kypbw2TJspDq/
|
||||||
|
CyoEhvxtdypD
|
||||||
|
=8bDx
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
version: 3.7.3
|
|
@ -0,0 +1,64 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: gitea-sidecar-secret
|
||||||
|
namespace: default
|
||||||
|
stringData:
|
||||||
|
GITHUB_USERNAME: ENC[AES256_GCM,data:hf2VmtB4nmo=,iv:g6OflUpWClklphmVsGmNh0dmYWFmP75326yupzU2DFY=,tag:d7pmSAL9ND0V3BtkfTXmnQ==,type:str]
|
||||||
|
GITEA_URL: ENC[AES256_GCM,data:jqGmGnLfz7vwleKXOj1JNt2RdxgtrR9E,iv:QTTajHdzb9mtYY5xCiLzI09pIBE8Dtl7WAR0gB5yOwA=,tag:0KHQ4ezr7diAs7v04ZHPIg==,type:str]
|
||||||
|
GITEA_TOKEN: ENC[AES256_GCM,data:bHjjouHJeYgxE5iLZxeXCqubOj8U3oizxmWZThDj73e7DbLsMoPWOw==,iv:Uh9OGeAw5iuwqFDKB4/Q6xvck2nQWewBMbFoyv/9zPQ=,tag:2U+KD+0qY+iceVhhVNKXuQ==,type:str]
|
||||||
|
GITHUB_TOKEN: ENC[AES256_GCM,data:S5RVGUibveqUoj7mSf+4m9DtHxgd2ybifOkqJTsE1eDGOZwgpWrSZQ==,iv:GMqA/xAHFR5EAhYgnPaJfKVLtdVgtccbBa46g+RBOwI=,tag:fU17aUJC3dsj+aayNEs/zA==,type:str]
|
||||||
|
MIRROR_PRIVATE_REPOSITORIES: ENC[AES256_GCM,data:8ClWoA==,iv:g1N26o9upienKfmd9GPZq/1IvJsKDVsOkvQfU9xyf7E=,tag:C0LBixZWj2o4XJUjf3WX4A==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age: []
|
||||||
|
lastmodified: "2023-06-04T16:03:26Z"
|
||||||
|
mac: ENC[AES256_GCM,data:ky6LUNwPWZrQAgQbdcLc9pFPDKuuHQHLT/t4825fzDKT8LZNwfTkr7tjcnrfxp3zt/btdGWDRI3hDL2IqfuccBfcVqofRSE9FnnYKsvGPuUxnxbmWYtO1VNIQ7j0mHWsivQnwoQGPjmHGqg34vaQvNeq+2F0VrnGCHCoSrT5dFw=,iv:BRpJxXVmHPPYVBPK3LX2xRrLlIWd9iKTkaJf/Wm79DI=,tag:rrn6DBaws6hYohE0ObWJ+Q==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2023-06-19T18:36:07Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAzKleRwoSoixARAAmXw7G2AAr7hRPYMsHwRjv54Vuj7G0fjiNB5cSRgFWgYx
|
||||||
|
0QmLx9yyWMXcXk8HDT0JUINtind1BkaSrmWFWR5BDt0zWBxl7aIBxbpVQX/ngro6
|
||||||
|
GBHoUcmg3mp9JquBhvPPfRFrZ6MeG9YBSlExevK/ibHxJH8KGTX1ZgUhXHt7SFct
|
||||||
|
a2wCU2d/8boN35hhnvuyHk9S7HtC83G+6aMboVJHtTV4XqtJQIkrifTkMfQZ/S/U
|
||||||
|
bxeHrf248GzCOIRkUuWKtLiMSC2eV+oJkcxrX218xZa7lEBL+Qr3StvtXEMoPiN4
|
||||||
|
h7qVmOHyXza6Z3Im+fDFtEVf/OiLDzISxgq373XQONRy5bYI0znTEldREnl6lY9W
|
||||||
|
GMnAdSBDMwyskKUOcpt8UfOM1Lgs77s7/BhfjU3bFHVoIZro090wceBSBKnD5s8Z
|
||||||
|
egHvJUBUcoij8hc6lJwS8HPpj/t0CVJu4p83Hzk71Swgtm3ZYkfops410c05VyoH
|
||||||
|
3JGFT+3dgH70zPqhkn7QHHpJq05dVgZyZq0iG9FRb3qZ/zG+Eh5UPXWoHjec6rGY
|
||||||
|
ElIJZTHB5cLqxuj1+gXXvi8ALXZfK9kUMUlmNTRh/hIMFUcCwrDt03HqVS4hBmFY
|
||||||
|
RGPywtAK12inSqg9OKNm2p0fOADKeAVQe8gGcF9yylVQqqije2IBPRhhUIy1t/3U
|
||||||
|
ZgEJAhDJi+OhQ2vMkt8ym/uhs2zHL3ZdsbC1HpbHcQHfxgJY5f7utKJsp+4emPu5
|
||||||
|
aljIcismK3U/PgB6XN/3NiSCMEGd6KogGrOY4TWmDPhzvEKGsVchk7O6eQKH3CR6
|
||||||
|
pN6JTThdGw==
|
||||||
|
=S1Z/
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5
|
||||||
|
- created_at: "2023-06-19T18:36:07Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAy5t8IMoPu4VAQ//YwcVVkVzS1lQeX77wGkYEPw/zPnBPWA99eI/+UyvoRaw
|
||||||
|
croZrtQvudBQVuKjMa/JlUhLYp3+skrv/rCNG3xG9L28FQn4fkqP08vLEMH3Q+BV
|
||||||
|
+6m7Z41mqjXvxHzlbQLjtMB+d642LfRyOCgP1VPpA6J5QuD4Gxw2yH1a12lSXCy8
|
||||||
|
1ZnMw2EPIAXoy9uLeX5klzxNGih5aFATzx1oHGWbh7HHQwPQtn6KMoNUYPJrJDku
|
||||||
|
qkPxHewxA9jKTGNIc5N9HTfHm5VjYLwTO9MOsJ2DpkJkFYTgVCgyooHCyQCvfpod
|
||||||
|
SEvntJxvkz0WFHhIQVVqxCCdKwjw1T82EVnqCAN08x+4olHVApoEt0dnFohlt1mL
|
||||||
|
7FXQot0VddnJ6D0ZPowmRl49Yu2U7yyM+Gwg8N0JdDCqwjBEKIFuR5GRAHGBwb4D
|
||||||
|
RotZ0he1lR2arbJBjnIcjgO0Yb8+YzXvVTjmp/TjPx2PRID4B00AsvLdmWdHU57W
|
||||||
|
gWszKwtE3tUAcxGY9T+BiQOTJuFR8bOa1EiUF0p2pbrM/Xc4g4LHNnnH4bZzZm2v
|
||||||
|
oRPWrQunch+sNujlObP2akbmrHZvhj00mN/d+/PKNVaCPQ+j6UGtFyKYfUJyLjsi
|
||||||
|
WWjm/OSc4HmITKG5BI1OjWsIKtCbMLNMHIvPgKeW9qwmMDU3J+/toKZEIz/pIt7U
|
||||||
|
ZgEJAhB4YPeqQgy9FVmDsKNK7iQpM6wZXVR+uj9Tx/KLe4MSBzpG7zYqBUBNW94T
|
||||||
|
Hyq/OxupUWsxSgtly5yEoihyBQhBf0ECXHw5v5xhxFgouqm/NwSixwt6baRr5lmI
|
||||||
|
d3rYPlnimA==
|
||||||
|
=sP0R
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
version: 3.7.3
|
|
@ -0,0 +1,84 @@
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: gitea
|
||||||
|
namespace: default
|
||||||
|
spec:
|
||||||
|
interval: 5m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: app-template
|
||||||
|
version: 1.3.x
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: bjws-charts
|
||||||
|
namespace: flux-system
|
||||||
|
|
||||||
|
values:
|
||||||
|
image:
|
||||||
|
repository: gitea/gitea
|
||||||
|
tag: "1.19.0"
|
||||||
|
|
||||||
|
podLabels:
|
||||||
|
needsDatabase: "yes"
|
||||||
|
needsAuthentik: "yes"
|
||||||
|
|
||||||
|
env:
|
||||||
|
USER_UID: 1000
|
||||||
|
USER_GID: 1000
|
||||||
|
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: gitea-secret
|
||||||
|
|
||||||
|
# Sidecar used for mirroring GitHub repos to gitea
|
||||||
|
sidecars:
|
||||||
|
mirror-to-gitea:
|
||||||
|
image: jaedle/mirror-to-gitea:latest
|
||||||
|
imagePullPolicy: Always
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: gitea-sidecar-secret
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
ports:
|
||||||
|
http:
|
||||||
|
port: 3000
|
||||||
|
|
||||||
|
ssh:
|
||||||
|
enabled: true
|
||||||
|
type: NodePort
|
||||||
|
ports:
|
||||||
|
ssh:
|
||||||
|
enabled: true
|
||||||
|
port: 22
|
||||||
|
protocol: TCP
|
||||||
|
nodePort: 30022
|
||||||
|
|
||||||
|
probes:
|
||||||
|
liveness:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
|
hosts:
|
||||||
|
- host: &host "git.${SECRET_NEW_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- *host
|
||||||
|
secretName: wildcard-main-tls
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
storage:
|
||||||
|
enabled: true
|
||||||
|
type: hostPath
|
||||||
|
hostPath: /mnt/MainPool/Kubernetes/gitea
|
||||||
|
mountPath: /data
|
|
@ -0,0 +1,6 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- ./gitea-secret.sops.yaml
|
||||||
|
- ./gitea-sidecar-secret.sops.yaml
|
||||||
|
- ./helm-release.yaml
|
|
@ -0,0 +1,9 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- ./fireflyiii
|
||||||
|
- ./cdn
|
||||||
|
- ./gitea
|
||||||
|
- ./dendron
|
||||||
|
#- ./whoami
|
||||||
|
#- ./msrewards
|
|
@ -0,0 +1,62 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: msrewards-env-secret
|
||||||
|
namespace: default
|
||||||
|
stringData:
|
||||||
|
TZ: ENC[AES256_GCM,data:rIp7EMSrKApRg03l4/59Xw==,iv:A0cFOA2pr7CvjQBiCcequq9WAA77x2k8iqTlMJ9lJBU=,tag:dYdQDtA1H1h/CufVSEbQGw==,type:str]
|
||||||
|
MSAccount_0_USERNAME: ENC[AES256_GCM,data:JIW/ueWXYfgP+rgMR/7aXWWyuRP1YQ==,iv:P69ybwaQPFfMJnfDiVM3TSSlc2YkAUUM6VANdhgFDtY=,tag:GlZwS/nWOJfm7NQzXLkPFA==,type:str]
|
||||||
|
MSAccount_0_PASSWORD: ENC[AES256_GCM,data:nUWE5vW9iSavWPKhVWcn,iv:NWI9ILx+M8EGWi4jaor8MpRWL9SYXibOp9Nct6rVB+U=,tag:CUqpuogj1BJk2ocicaj5vQ==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age: []
|
||||||
|
lastmodified: "2023-05-15T02:13:48Z"
|
||||||
|
mac: ENC[AES256_GCM,data:q1QBZ3bGr90qXXHKEtKuSfC39pGJ90ss8cJtD8CIZYYB5CQAuz0fZH6nsim6FoyYhWXDzlDo8HH7Z+bLJt1BGXCSa0SDaOe9xcSZtBinSapTQ3sYSRul99xCD7QHGGFXZtYbPjCRv/qj58vRTLXHKejnh8hCbPJsNYCYYuBGXks=,iv:HDIA3WDGZwXhwRjioGnd2KHwWISinLLoxS4LaHLgRAU=,tag:ux9KEs0bYQUzkpnBdrIQAQ==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2023-06-19T18:36:09Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAzKleRwoSoixAQ/5AWY3FJu5a6Gdw1bQSYp8vcQM8Y40oEcm7K8VGQITHLvc
|
||||||
|
EFMd0EVZal9czdTuGMjQCMfKYw2PumPbzNUzhejJOVG17vmJ8fAchK3XiF0Ru4pN
|
||||||
|
2zcfzP35WA5/2npx/A7Mqds/BZ/jG1TxzgRH5XH52Rnq7/hJnNlMiLjmLNfTSRA3
|
||||||
|
H3lT3lU6RpQsxXSTzWkuyHmPj/6fl68Yq8pjqJz1dW2wsbE911wHvwYKeT8xeOYa
|
||||||
|
p7JRQSnEssLisIy1PItXX3uNyaEPoLIUUpJjKA8pWIDeR9iVEnytM4UhrPxYNWTQ
|
||||||
|
hqw67pl8sROHNTNNxwJ2mcbvxRareVRMJpQFF9F4c3Qy+Dqfc38bIJWCsBois97x
|
||||||
|
0mqFyAdhDneNdmTUd8Mxvf7lJ1N/ZBXhNIaWmmEyHocadlgkNC2gu23KNU4iH0n5
|
||||||
|
jj1qARSTnoPQGZ7Xo+zS7rPrvN2khILW0LLQWwXYy1Tm2OplApx3R9DmQkCfzO6W
|
||||||
|
cYWbW7ANmk7+6hnopJnNRAn+vVnjoR8GLBieLt3lJQAx76H7IzyLdxgI6Wtkh9Vr
|
||||||
|
vNbg+l0YxkGIqaIvsk5/w/pmSiw37m+tsFLgRZZdLKXdQ9ZSgV9pYzdH2e3wBD8y
|
||||||
|
haQzBZYEPRuVQ5QEiE6/HJSHJEmY15Z7DEwHzb7qoWn0Jg0fyyyfC49jKQt/dZTU
|
||||||
|
aAEJAhD5okv70Fq0Uer6t3fbvyVFqbOkbTLxErN/VYGRJ9xWype9rSEa5jnEPVSe
|
||||||
|
V3KhnB+sU6ROJfxIT0145Hi6+BWK9qYCmUS6Qncupywleda88Qaw+TGT6b+LUNnk
|
||||||
|
e0+sta4SwbYi
|
||||||
|
=9koT
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5
|
||||||
|
- created_at: "2023-06-19T18:36:09Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAy5t8IMoPu4VAQ/8DgLVCG813l/YHqZqrSKHpQNvolT2fIgxGPwWoCjpiDvL
|
||||||
|
C572dpnQpZ9dAU5J2i0UMYeH2MXnwHqSU+QcWXTcPPjmKdB0Pj4+BCsr/zUdHJbe
|
||||||
|
AMab8vqBuiOR9lL57t8tpV3HmhbKkDbUjL1BPBe+HBfFXjLNXu0HaIbChPAoroke
|
||||||
|
wpbua7lXQKyAle7Do9ROXO5Ol8nL548Kr1hYsZbhLBOJHYdW2O0OpTN80DtNKyhR
|
||||||
|
BEeKUrcAgXFLBXETPKbUgGELHJkn7LBiyxBHQJ7ihBrr8J0uH+4J5ucFm6K8iROs
|
||||||
|
KGjYLtmMWq9MMJTP7/I/XYlwaJvyM85LvBEkCWdEAFy/9JaQ/FXPM8BpqdVdB709
|
||||||
|
dt6smhY0jFd/J//0pSPW+qpyfp5tzY54IkYLM5BgU9G5pyQKV/SFsa446K272V7S
|
||||||
|
+yaBrpnEJXO7Wh2cAI5RKCkPI+YdvVpQUGnLVeMMBw/nMDG8wG3qI1lNGbetoCWr
|
||||||
|
P8K05M1rvKvwXY9mdMtnJ0hisidJwWxk2UohOV95Wpkd/EYsnzxuAsmwb3MrpeSi
|
||||||
|
c5vZluoxgDNZssnKYqOhavBHs15vIdevDB80X2ljeVrODX+HGfNrnTZ9NNe/TF2o
|
||||||
|
1aR6vUZ/rykJfYD2OhqX8hxD2ti9YWhOhD/TWo0mS/zMN1AxRbBRZbIg1YdoRYXU
|
||||||
|
aAEJAhB7B8y40+mMvqS8MEDuK8Bz5CQ75FyXA+hLr71ui95SQHvJgXpO9X8UkRJj
|
||||||
|
kxOXz6h4198C4iiNpcl9oXEtcNZRMUEm0Vr+2RBsK0phOJamlMKBwhExAcspHNr3
|
||||||
|
BiFxA9mIhB6h
|
||||||
|
=0koQ
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
version: 3.7.3
|
|
@ -0,0 +1,35 @@
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: msrewardfarmer
|
||||||
|
namespace: default
|
||||||
|
spec:
|
||||||
|
interval: 5m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: app-template
|
||||||
|
version: 1.3.x
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: bjws-charts
|
||||||
|
namespace: flux-system
|
||||||
|
|
||||||
|
values:
|
||||||
|
image:
|
||||||
|
repository: ghcr.io/binaryn3xus/msrewardfarmer
|
||||||
|
tag: latest
|
||||||
|
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: "msrewards-env-secret"
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
podSecurityContext:
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 10000
|
||||||
|
runAsGroup: 10000
|
||||||
|
fsGroup: 10000
|
||||||
|
fsGroupChangePolicy: OnRootMismatch
|
|
@ -1,8 +1,8 @@
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
name: freshrss
|
name: whoami
|
||||||
namespace: media
|
namespace: default
|
||||||
spec:
|
spec:
|
||||||
interval: 5m
|
interval: 5m
|
||||||
chart:
|
chart:
|
||||||
|
@ -16,13 +16,8 @@ spec:
|
||||||
|
|
||||||
values:
|
values:
|
||||||
image:
|
image:
|
||||||
repository: linuxserver/freshrss
|
repository: containous/whoami
|
||||||
tag: "1.24.3"
|
tag: latest
|
||||||
|
|
||||||
env:
|
|
||||||
PUID: 10000
|
|
||||||
PGID: 10000
|
|
||||||
TZ: America/New_York
|
|
||||||
|
|
||||||
service:
|
service:
|
||||||
main:
|
main:
|
||||||
|
@ -30,6 +25,10 @@ spec:
|
||||||
http:
|
http:
|
||||||
port: 80
|
port: 80
|
||||||
|
|
||||||
|
probes:
|
||||||
|
liveness:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
main:
|
main:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
@ -38,25 +37,11 @@ spec:
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
|
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "rss.${SECRET_NEW_DOMAIN}"
|
- host: &host "whoami.${SECRET_NEW_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- *host
|
- *host
|
||||||
|
secretName: wildcard-main-tls
|
||||||
persistence:
|
|
||||||
config:
|
|
||||||
enabled: true
|
|
||||||
type: hostPath
|
|
||||||
hostPath: /mnt/MainPool/Kubernetes/freshrss
|
|
||||||
mountPath: /config
|
|
||||||
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
cpu: 2m
|
|
||||||
memory: 200Mi
|
|
||||||
|
|
||||||
limits:
|
|
||||||
memory: 300Mi
|
|
|
@ -0,0 +1,73 @@
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: code
|
||||||
|
namespace: dev
|
||||||
|
spec:
|
||||||
|
interval: 5m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: app-template
|
||||||
|
version: 1.3.x
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: bjws-charts
|
||||||
|
namespace: flux-system
|
||||||
|
|
||||||
|
values:
|
||||||
|
# Add init container for pulling znc modules and putting them into the modules directory
|
||||||
|
# initContainers:
|
||||||
|
# pull-module-source:
|
||||||
|
# image: alpine:latest
|
||||||
|
# command:
|
||||||
|
# - "sh"
|
||||||
|
# - "-c"
|
||||||
|
# - "sed -i -e's/ main/ main contrib non-free/g' /etc/apt/sources.list &&"
|
||||||
|
# volumeMounts:
|
||||||
|
# - mountPath: /znc-data
|
||||||
|
# name: config
|
||||||
|
|
||||||
|
image:
|
||||||
|
repository: codercom/code-server
|
||||||
|
tag: "4.16.1"
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
ports:
|
||||||
|
http:
|
||||||
|
port: 8080
|
||||||
|
|
||||||
|
probes:
|
||||||
|
liveness:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
|
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
|
||||||
|
hosts:
|
||||||
|
- host: &host "code.${SECRET_NEW_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- *host
|
||||||
|
secretName: wildcard-main-tls
|
||||||
|
|
||||||
|
# persistence:
|
||||||
|
# config:
|
||||||
|
# enabled: true
|
||||||
|
# type: hostPath
|
||||||
|
# hostPath: /mnt/MainPool/Kubernetes/znc
|
||||||
|
# mountPath: /znc-data
|
||||||
|
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 1m
|
||||||
|
memory: 4Mi
|
||||||
|
# limits:
|
||||||
|
# memory: 200Mi
|
|
@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./namespace.yaml
|
- ./namespace.yaml
|
||||||
- ./network_policy.yaml
|
- ./code
|
|
@ -1,4 +1,4 @@
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
name: bazarr
|
name: bazarr
|
||||||
|
@ -17,7 +17,7 @@ spec:
|
||||||
values:
|
values:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/onedr0p/bazarr
|
repository: ghcr.io/onedr0p/bazarr
|
||||||
tag: "1.4.5"
|
tag: "1.2.4"
|
||||||
|
|
||||||
env:
|
env:
|
||||||
TZ: America/New_York
|
TZ: America/New_York
|
||||||
|
@ -47,6 +47,7 @@ spec:
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- *host
|
- *host
|
||||||
|
secretName: wildcard-main-tls
|
||||||
|
|
||||||
persistence:
|
persistence:
|
||||||
config:
|
config:
|
|
@ -1,4 +1,4 @@
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
name: flaresolverr
|
name: flaresolverr
|
||||||
|
@ -17,7 +17,7 @@ spec:
|
||||||
values:
|
values:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/flaresolverr/flaresolverr
|
repository: ghcr.io/flaresolverr/flaresolverr
|
||||||
tag: v3.3.21
|
tag: v3.3.2
|
||||||
|
|
||||||
env:
|
env:
|
||||||
LOG_LEVEL: info
|
LOG_LEVEL: info
|
|
@ -4,15 +4,12 @@ resources:
|
||||||
- ./namespace.yaml
|
- ./namespace.yaml
|
||||||
#- ./network_policy.yaml
|
#- ./network_policy.yaml
|
||||||
- ./qbittorrent
|
- ./qbittorrent
|
||||||
- ./qbit-manage
|
- ./radarr
|
||||||
- ./radarr/ks.yaml
|
- ./sonarr
|
||||||
- ./sonarr/ks.yaml
|
|
||||||
- ./prowlarr
|
- ./prowlarr
|
||||||
- ./bazarr
|
- ./bazarr
|
||||||
- ./readarr
|
- ./readarr
|
||||||
#- ./mylar3
|
- ./mylar3
|
||||||
- ./unpackerr
|
- ./unpackerr
|
||||||
- ./media-dashboard.yaml
|
- ./media-dashboard.yaml
|
||||||
- ./flaresolverr
|
- ./flaresolverr
|
||||||
- ./kapowarr/ks.yaml
|
|
||||||
- ./sabnzbd
|
|
|
@ -1,4 +1,4 @@
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
name: mylar3
|
name: mylar3
|
||||||
|
@ -17,7 +17,7 @@ spec:
|
||||||
values:
|
values:
|
||||||
image:
|
image:
|
||||||
repository: lscr.io/linuxserver/mylar3
|
repository: lscr.io/linuxserver/mylar3
|
||||||
tag: "0.8.0"
|
tag: "0.7.3"
|
||||||
|
|
||||||
env:
|
env:
|
||||||
TZ: America/New_York
|
TZ: America/New_York
|
||||||
|
@ -51,6 +51,7 @@ spec:
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- *host
|
- *host
|
||||||
|
secretName: wildcard-main-tls
|
||||||
|
|
||||||
persistence:
|
persistence:
|
||||||
config:
|
config:
|
|
@ -1,6 +1,6 @@
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Namespace
|
kind: Namespace
|
||||||
metadata:
|
metadata:
|
||||||
name: openebs-system
|
name: download
|
||||||
labels:
|
labels:
|
||||||
name: openebs-system
|
name: download
|
|
@ -1,4 +1,4 @@
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
name: prowlarr
|
name: prowlarr
|
||||||
|
@ -17,12 +17,12 @@ spec:
|
||||||
values:
|
values:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/onedr0p/prowlarr-develop
|
repository: ghcr.io/onedr0p/prowlarr-develop
|
||||||
tag: "1.26.1.4844"
|
tag: "1.8.1.3837"
|
||||||
|
|
||||||
# Metrics sidecar
|
# Metrics sidecar
|
||||||
sidecars:
|
sidecars:
|
||||||
exportarr:
|
exportarr:
|
||||||
image: ghcr.io/onedr0p/exportarr:v2.0.1
|
image: ghcr.io/onedr0p/exportarr:v1.5.3
|
||||||
args:
|
args:
|
||||||
- prowlarr
|
- prowlarr
|
||||||
ports:
|
ports:
|
||||||
|
@ -91,6 +91,7 @@ spec:
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- *host
|
- *host
|
||||||
|
secretName: wildcard-main-tls
|
||||||
|
|
||||||
persistence:
|
persistence:
|
||||||
config:
|
config:
|
|
@ -0,0 +1,102 @@
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: qbittorrent
|
||||||
|
namespace: download
|
||||||
|
spec:
|
||||||
|
interval: 5m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: app-template
|
||||||
|
version: 1.3.x
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: bjws-charts
|
||||||
|
namespace: flux-system
|
||||||
|
|
||||||
|
values:
|
||||||
|
image:
|
||||||
|
repository: lscr.io/linuxserver/qbittorrent
|
||||||
|
tag: "4.5.4"
|
||||||
|
|
||||||
|
# Metrics sidecar
|
||||||
|
sidecars:
|
||||||
|
gluetun:
|
||||||
|
image: qmcgaw/gluetun:v3.35
|
||||||
|
env:
|
||||||
|
- name: FIREWALL
|
||||||
|
value: "off"
|
||||||
|
- name: DOT
|
||||||
|
value: "off"
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: qbittorrent-secrets
|
||||||
|
securityContext:
|
||||||
|
capabilities:
|
||||||
|
add:
|
||||||
|
- NET_ADMIN
|
||||||
|
|
||||||
|
metrics:
|
||||||
|
image: caseyscarborough/qbittorrent-exporter:v1.3.2
|
||||||
|
env:
|
||||||
|
- name: QBITTORRENT_BASE_URL
|
||||||
|
value: "http://localhost:8080"
|
||||||
|
ports:
|
||||||
|
- name: metrics
|
||||||
|
containerPort: 17871
|
||||||
|
|
||||||
|
env:
|
||||||
|
TZ: America/New_York
|
||||||
|
PGID: "10000"
|
||||||
|
PUID: "10000"
|
||||||
|
WEBUI_PORT: "8080"
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
labels:
|
||||||
|
app: qbittorrent-service
|
||||||
|
|
||||||
|
ports:
|
||||||
|
http:
|
||||||
|
port: 8080
|
||||||
|
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
port: 17871
|
||||||
|
protocol: HTTP
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
|
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
|
||||||
|
hosts:
|
||||||
|
- host: &host "qbit.${SECRET_NEW_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- *host
|
||||||
|
secretName: wildcard-main-tls
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
storage:
|
||||||
|
enabled: true
|
||||||
|
type: hostPath
|
||||||
|
hostPath: /mnt/MainPool/Media/Torrents
|
||||||
|
mountPath: /storage/Torrents
|
||||||
|
config:
|
||||||
|
enabled: true
|
||||||
|
type: hostPath
|
||||||
|
hostPath: /mnt/MainPool/Kubernetes/qbittorrent
|
||||||
|
mountPath: /config
|
||||||
|
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 10m
|
||||||
|
memory: 250Mi
|
||||||
|
limits:
|
||||||
|
memory: 6000Mi
|
|
@ -1,7 +1,7 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./pvc.yaml
|
- ./qbittorrent-secrets.sops.yaml
|
||||||
- ./secret.sops.yaml
|
|
||||||
- ./helm-release.yaml
|
- ./helm-release.yaml
|
||||||
- ./sonarr-exportarr-metrics.yaml
|
- ./qbittorrent-metrics.yaml
|
||||||
|
- ./dashboard.yaml
|
|
@ -0,0 +1,65 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: qbittorrent-secrets
|
||||||
|
namespace: download
|
||||||
|
stringData:
|
||||||
|
VPN_SERVICE_PROVIDER: ENC[AES256_GCM,data:R8/w2f+rPQ==,iv:jy1iVRtJq9l/fYKjCdSrSneNZh8V9/LHVopGWdjtpNY=,tag:HkzAyAuflvqEcdHGF6jnfw==,type:str]
|
||||||
|
VPN_TYPE: ENC[AES256_GCM,data:Dff2qD9mAVX7,iv:jhLEkfAulvPxN/uRdSF3MR9GbxnRt2cSLqDOkXO7qPA=,tag:dMB6aEhwLssc3JPKdFULTQ==,type:str]
|
||||||
|
WIREGUARD_PRIVATE_KEY: ENC[AES256_GCM,data:tJ4kblrOftyBrYgqDSJ57enBP7mBBEXMrmKJZercTB3fKtMooclg2/n8FCc=,iv:dKWOyUIYm3RvyYG1vff3LRMMD5gwgx+yis7zolmyusA=,tag:5/x3Hf9Ruj/6F+6Tk63WLA==,type:str]
|
||||||
|
WIREGUARD_ADDRESSES: ENC[AES256_GCM,data:pMw8j00STTuwVrt/oj2D,iv:o83njlr35dFg5SiTTxr91l9ox/u3AqQ4iHoozSTd9OY=,tag:ybBGtoEqqJTu4DuJwbEPWw==,type:str]
|
||||||
|
SERVER_COUNTRIES: ENC[AES256_GCM,data:pyid,iv:gItcOstdlJ6t5uICxGHiEFjcz7pu+t62HBhja+mjaT8=,tag:4aNdJXDgyrWHa5LV0D5EfQ==,type:str]
|
||||||
|
SERVER_CITIES: ENC[AES256_GCM,data:XwiVflyqpQA=,iv:9ZAV0kS2WNKBezsAVROh3IEIBw4igkNLJqG44oboTq8=,tag:Z6KJUbiU5WL5QfJcWjFo4A==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age: []
|
||||||
|
lastmodified: "2023-06-06T23:36:59Z"
|
||||||
|
mac: ENC[AES256_GCM,data:dcRFIAQMo6352koEJwcvx9cRx+e2mYebcJdw3sgyMSGQ3i1x5GHu856l4R9Yu9i/t+5v0HLbi1Tsv0+19JnmLN0dpMPb+NkbM7wjtExkMzT+HITOAr8kvyPPwZkyl/hdJSyV3/tF4epC7X+7nvjklyueeZpuIBn1NnKO6Sx+BCQ=,iv:vSYzOh7Lln3O+upSn8y1B0DBLR7pobXCO4DtBLDAzto=,tag:AD7BBAPhvXII1dbEC+8+3A==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2023-06-19T18:35:06Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAzKleRwoSoixAQ/+LSh/Pcu6Nvg4gon1CiT6yNrOriepFC94bRm35ia1rmhw
|
||||||
|
NqqW40gjTFW1oR2rPV3fKDVozNiCIAxH+wFm8jTqpE9tFYWzSae3gq9ms8KTj8xi
|
||||||
|
EEPX/U+s1a8QCvUC2z2Pg4i4i5+j+rNcmb0capm1zpIP51PfMgvREgdLRgEa8+vq
|
||||||
|
w1h4dLMy+PERXepWZmv3b0VL9irjUHK3kHhBcTrMeL8AmPfHICBUs0zxzvlZsB3d
|
||||||
|
8AIlvHmyuaJg2uae3HKcSWoCGQxFGGSfIgYNT20566GIHckg/hlSymxEw34sA7iR
|
||||||
|
20X+58U7Tzm8ekGyr+y6VOuk0XmvSPSnegpvUFhhJG9r5equUmVJo7zeDwlFSDOd
|
||||||
|
dxi2R0aBitCO7XnhGKvA/x9loyUhm5IekDh1fn5jBeGeBoGdm0zXmpxINH/T8hSp
|
||||||
|
B7BcxhifxnctCRpMVpOLZcDRPzZPPqgGpnM4b8GCiy33T5wt6ufWOJh3JfRQAMpf
|
||||||
|
PnFxPWZiRsbGYMC0+sGeOPOe9oYlhAmJroDn/zn7p5rYKWIYKWfQDnOBzaO6wB6r
|
||||||
|
zG8bEFmj44ikfOTasBMTOtIdkrk33yxYvEUUqu5zDPE6I8hsmjMBQQIQMffyO0Ki
|
||||||
|
Z9eXM/A7XtR5+12D2gEl/C8LP92T2MXFTo7T6WenPBt6D7exwP4NfmHotRRM1eXU
|
||||||
|
aAEJAhD9Z79FLyo0CJwz4P9JDDzz2PBEqnkbxHD7UeNHdIg6kSJz6dRCZpAbixOs
|
||||||
|
mvqyo1PQzwj1ihYdD0fmpUCoqrNYuW/nPes3wEv6JfU6Ez97RHaknHDlOtVs9cX0
|
||||||
|
pNhiuu2eV0V9
|
||||||
|
=vaBY
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5
|
||||||
|
- created_at: "2023-06-19T18:35:06Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAy5t8IMoPu4VAQ//fd7iSVur7i0ontjdR1BuC8mxaxd5grBm4VZpTidySOxU
|
||||||
|
XvKlQ3eEaW5Ekt2aCDsTR0B8oHAxyiq9qjh9492i2nZJhdwZVMgmFuLcLr1YuVGs
|
||||||
|
5j54Rig8Kf47VegFuppq/qR9Se240u5lMyngouU6+fDv7Nz2dkk+tmyvIvuXaXK2
|
||||||
|
xr9coQ89gKTINOFle+dlf1lKam4nMRvnXF/FPoGzt2/T8QFGpRyT6gM4OO8ab+qb
|
||||||
|
Qtw7CYSjX5bzLeo+Yphv6QArC3cyixQJD6CCxbcyyz6W5NOMWqakF3JlqBZvU2XK
|
||||||
|
ypXg7d1884xPEZv6W2ENJ1fgtu88hbsLX/D8BWPGenRoYKAfLJanA+bt8XfCipg6
|
||||||
|
aXYlkRRHkQuEKnZ8H7uEgYgp4IQv7Ae231GRBVXeLwSzX/TX7DpVDDcuyYyRJsV0
|
||||||
|
FNF4/xpgJOhb4DSl5OW6pW3SDTAn/jtC1M0Rrx6dDSCgUUyFXYK+klsu0LXtDbvf
|
||||||
|
e1kRpOrq9urpPnpqdTK0hE4qawWkuAc3CniFJ89zr4rlRdPLFychonr/ELWlt5Hs
|
||||||
|
vyKiGJVj3nFwGzb/FGQm1lWts6j/a+tFSprneMh5hkrVDvIjd+qSLELacGZOkp1C
|
||||||
|
sSMzkurhd3xHedQA261rXfOFxhooWMofFiUEp3CFCHC1n9IA1me2RxfcFu5x/kzU
|
||||||
|
aAEJAhCgz5TIm8pQa1zQIE10FMCkQouhTeimyWOeQRcrZVFZZPQLOFxhUQwFxbtg
|
||||||
|
B+gjo8q2XMq4szzKa6ZEp8C1Qkw9zOXWxmhjug/oGHlGwsh2BK5aAFlvGSkZf9yA
|
||||||
|
yTDIrThWUe1w
|
||||||
|
=lQX5
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
version: 3.7.3
|
|
@ -0,0 +1,120 @@
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: radarr
|
||||||
|
namespace: download
|
||||||
|
spec:
|
||||||
|
interval: 5m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: app-template
|
||||||
|
version: 1.3.x
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: bjws-charts
|
||||||
|
namespace: flux-system
|
||||||
|
|
||||||
|
values:
|
||||||
|
image:
|
||||||
|
repository: ghcr.io/onedr0p/radarr-develop
|
||||||
|
tag: "4.7.3.7731"
|
||||||
|
|
||||||
|
# Metrics sidecar
|
||||||
|
sidecars:
|
||||||
|
exportarr:
|
||||||
|
image: ghcr.io/onedr0p/exportarr:v1.5.3
|
||||||
|
args:
|
||||||
|
- radarr
|
||||||
|
ports:
|
||||||
|
- name: metrics
|
||||||
|
containerPort: 9000
|
||||||
|
env:
|
||||||
|
- name: URL
|
||||||
|
value: "http://localhost"
|
||||||
|
- name: CONFIG
|
||||||
|
value: "/config/config.xml"
|
||||||
|
- name: PORT
|
||||||
|
value: 9000
|
||||||
|
- name: ENABLE_ADDITIONAL_METRICS
|
||||||
|
value: "true"
|
||||||
|
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
|
||||||
|
value: "true"
|
||||||
|
volumeMounts:
|
||||||
|
- name: config
|
||||||
|
mountPath: /config
|
||||||
|
readOnly: true
|
||||||
|
|
||||||
|
env:
|
||||||
|
TZ: America/New_York
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
labels:
|
||||||
|
app: radarr-service
|
||||||
|
|
||||||
|
ports:
|
||||||
|
http:
|
||||||
|
port: 7878
|
||||||
|
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
port: 9000
|
||||||
|
protocol: HTTP
|
||||||
|
|
||||||
|
probes:
|
||||||
|
liveness:
|
||||||
|
enabled: false
|
||||||
|
# custom: true
|
||||||
|
# spec:
|
||||||
|
# httpGet:
|
||||||
|
# path: /ping
|
||||||
|
# port: 7878
|
||||||
|
# initialDelaySeconds: 10
|
||||||
|
# periodSeconds: 10
|
||||||
|
# timeoutSeconds: 3
|
||||||
|
# failureThreshold: 3
|
||||||
|
startup:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
|
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
|
||||||
|
hosts:
|
||||||
|
- host: &host "radarr.${SECRET_NEW_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- *host
|
||||||
|
secretName: wildcard-main-tls
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
config:
|
||||||
|
enabled: true
|
||||||
|
type: hostPath
|
||||||
|
hostPath: /mnt/MainPool/Kubernetes/radarr
|
||||||
|
mountPath: /config
|
||||||
|
storage:
|
||||||
|
enabled: true
|
||||||
|
type: hostPath
|
||||||
|
hostPath: /mnt/MainPool/Media
|
||||||
|
mountPath: /storage
|
||||||
|
|
||||||
|
podSecurityContext:
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 10000
|
||||||
|
runAsGroup: 10000
|
||||||
|
fsGroup: 10000
|
||||||
|
fsGroupChangePolicy: OnRootMismatch
|
||||||
|
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 1m
|
||||||
|
memory: 350Mi
|
||||||
|
limits:
|
||||||
|
memory: 1500Mi
|
|
@ -2,5 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./helm-release.yaml
|
- ./helm-release.yaml
|
||||||
- ./dashboard.yaml
|
- ./radarr-exportarr-metrics.yaml
|
||||||
- ./alerts.yaml
|
|
|
@ -1,4 +1,4 @@
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
name: readarr-audiobooks
|
name: readarr-audiobooks
|
||||||
|
@ -17,13 +17,13 @@ spec:
|
||||||
values:
|
values:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/onedr0p/readarr-develop
|
repository: ghcr.io/onedr0p/readarr-develop
|
||||||
tag: "0.3.32.2587"
|
tag: "0.3.0.2091"
|
||||||
pullPolicy: Always
|
pullPolicy: Always
|
||||||
|
|
||||||
# Metrics sidecar
|
# Metrics sidecar
|
||||||
sidecars:
|
sidecars:
|
||||||
exportarr:
|
exportarr:
|
||||||
image: ghcr.io/onedr0p/exportarr:v2.0.1
|
image: ghcr.io/onedr0p/exportarr:v1.5.3
|
||||||
args:
|
args:
|
||||||
- readarr
|
- readarr
|
||||||
ports:
|
ports:
|
||||||
|
@ -92,6 +92,7 @@ spec:
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- *host
|
- *host
|
||||||
|
secretName: wildcard-main-tls
|
||||||
|
|
||||||
persistence:
|
persistence:
|
||||||
config:
|
config:
|
|
@ -1,4 +1,4 @@
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
name: readarr-ebooks
|
name: readarr-ebooks
|
||||||
|
@ -17,13 +17,13 @@ spec:
|
||||||
values:
|
values:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/onedr0p/readarr-develop
|
repository: ghcr.io/onedr0p/readarr-develop
|
||||||
tag: "0.3.32.2587"
|
tag: "0.3.0.2091"
|
||||||
pullPolicy: Always
|
pullPolicy: Always
|
||||||
|
|
||||||
# Metrics sidecar
|
# Metrics sidecar
|
||||||
sidecars:
|
sidecars:
|
||||||
exportarr:
|
exportarr:
|
||||||
image: ghcr.io/onedr0p/exportarr:v2.0.1
|
image: ghcr.io/onedr0p/exportarr:v1.5.3
|
||||||
args:
|
args:
|
||||||
- readarr
|
- readarr
|
||||||
ports:
|
ports:
|
||||||
|
@ -92,6 +92,7 @@ spec:
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- *host
|
- *host
|
||||||
|
secretName: wildcard-main-tls
|
||||||
|
|
||||||
persistence:
|
persistence:
|
||||||
config:
|
config:
|
|
@ -0,0 +1,121 @@
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: sonarr
|
||||||
|
namespace: download
|
||||||
|
spec:
|
||||||
|
interval: 5m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: app-template
|
||||||
|
version: 1.3.x
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: bjws-charts
|
||||||
|
namespace: flux-system
|
||||||
|
|
||||||
|
values:
|
||||||
|
image:
|
||||||
|
repository: ghcr.io/onedr0p/sonarr-develop
|
||||||
|
tag: "4.0.0.610"
|
||||||
|
|
||||||
|
# Metrics sidecar
|
||||||
|
sidecars:
|
||||||
|
exportarr:
|
||||||
|
image: ghcr.io/onedr0p/exportarr:v1.5.3
|
||||||
|
args:
|
||||||
|
- sonarr
|
||||||
|
ports:
|
||||||
|
- name: metrics
|
||||||
|
containerPort: 9000
|
||||||
|
env:
|
||||||
|
- name: URL
|
||||||
|
value: "http://localhost"
|
||||||
|
- name: CONFIG
|
||||||
|
value: "/config/config.xml"
|
||||||
|
- name: PORT
|
||||||
|
value: 9000
|
||||||
|
- name: ENABLE_ADDITIONAL_METRICS
|
||||||
|
value: "true"
|
||||||
|
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
|
||||||
|
value: "true"
|
||||||
|
volumeMounts:
|
||||||
|
- name: config
|
||||||
|
mountPath: /config
|
||||||
|
readOnly: true
|
||||||
|
|
||||||
|
env:
|
||||||
|
TZ: America/New_York
|
||||||
|
SONARR__AUTHENTICATION_METHOD: "External"
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
labels:
|
||||||
|
app: sonarr-service
|
||||||
|
|
||||||
|
ports:
|
||||||
|
http:
|
||||||
|
port: 8989
|
||||||
|
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
port: 9000
|
||||||
|
protocol: HTTP
|
||||||
|
|
||||||
|
probes:
|
||||||
|
liveness:
|
||||||
|
enabled: true
|
||||||
|
custom: true
|
||||||
|
spec:
|
||||||
|
httpGet:
|
||||||
|
path: /ping
|
||||||
|
port: 8989
|
||||||
|
initialDelaySeconds: 0
|
||||||
|
periodSeconds: 10
|
||||||
|
timeoutSeconds: 1
|
||||||
|
failureThreshold: 3
|
||||||
|
startup:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
|
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
|
||||||
|
hosts:
|
||||||
|
- host: &host "sonarr.${SECRET_NEW_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- *host
|
||||||
|
secretName: wildcard-main-tls
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
config:
|
||||||
|
enabled: true
|
||||||
|
type: hostPath
|
||||||
|
hostPath: /mnt/MainPool/Kubernetes/sonarr
|
||||||
|
mountPath: /config
|
||||||
|
storage:
|
||||||
|
enabled: true
|
||||||
|
type: hostPath
|
||||||
|
hostPath: /mnt/MainPool/Media
|
||||||
|
mountPath: /storage
|
||||||
|
|
||||||
|
podSecurityContext:
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 10000
|
||||||
|
runAsGroup: 10000
|
||||||
|
fsGroup: 10000
|
||||||
|
fsGroupChangePolicy: OnRootMismatch
|
||||||
|
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 2m
|
||||||
|
memory: 350Mi
|
||||||
|
limits:
|
||||||
|
memory: 2500Mi
|
|
@ -1,6 +1,5 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./victoria-pv.yaml
|
|
||||||
- ./helm-release.yaml
|
- ./helm-release.yaml
|
||||||
- ./dashboard.yaml
|
- ./sonarr-exportarr-metrics.yaml
|
|
@ -0,0 +1,63 @@
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: unpackerr
|
||||||
|
namespace: download
|
||||||
|
spec:
|
||||||
|
interval: 5m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: app-template
|
||||||
|
version: 1.3.x
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: bjws-charts
|
||||||
|
namespace: flux-system
|
||||||
|
|
||||||
|
values:
|
||||||
|
image:
|
||||||
|
repository: ghcr.io/onedr0p/unpackerr
|
||||||
|
tag: "0.12.0"
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
probes:
|
||||||
|
liveness:
|
||||||
|
enabled: false
|
||||||
|
startup:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
config:
|
||||||
|
enabled: true
|
||||||
|
type: configMap
|
||||||
|
name: unpackerr-configmap
|
||||||
|
items:
|
||||||
|
- key: unpackerr-conf
|
||||||
|
path: "unpackerr.conf"
|
||||||
|
|
||||||
|
storage:
|
||||||
|
enabled: true
|
||||||
|
type: hostPath
|
||||||
|
hostPath: /mnt/MainPool/Media
|
||||||
|
mountPath: /storage
|
||||||
|
|
||||||
|
podSecurityContext:
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 10000
|
||||||
|
runAsGroup: 10000
|
||||||
|
fsGroup: 10000
|
||||||
|
fsGroupChangePolicy: OnRootMismatch
|
||||||
|
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 2m
|
||||||
|
memory: 6Mi
|
||||||
|
limits:
|
||||||
|
memory: 20Mi
|
|
@ -3,4 +3,3 @@ kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./unpackerr-config.sops.yaml
|
- ./unpackerr-config.sops.yaml
|
||||||
- ./helm-release.yaml
|
- ./helm-release.yaml
|
||||||
- ./dashboard.yaml
|
|
File diff suppressed because one or more lines are too long
|
@ -1,4 +1,4 @@
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
name: factorio
|
name: factorio
|
||||||
|
@ -17,15 +17,15 @@ spec:
|
||||||
values:
|
values:
|
||||||
image:
|
image:
|
||||||
repository: goofball222/factorio
|
repository: goofball222/factorio
|
||||||
tag: "2.0.21"
|
tag: "1.1.80"
|
||||||
|
|
||||||
service:
|
service:
|
||||||
main:
|
main:
|
||||||
type: NodePort
|
type: NodePort
|
||||||
|
|
||||||
# annotations:
|
# annotations:
|
||||||
# metallb.universe.tf/allow-shared-ip: "main-ip-192.168.10.70"
|
# metallb.universe.tf/allow-shared-ip: "main-ip-192.168.87.10"
|
||||||
# metallb.universe.tf/loadBalancerIPs: 192.168.10.70
|
# metallb.universe.tf/loadBalancerIPs: 192.168.87.10
|
||||||
|
|
||||||
ports:
|
ports:
|
||||||
http:
|
http:
|
|
@ -2,5 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./namespace.yaml
|
- ./namespace.yaml
|
||||||
- ./app/ks.yaml
|
- ./network_policy.yaml
|
||||||
- ./certs/ks.yaml
|
- ./factorio
|
|
@ -12,6 +12,7 @@ spec:
|
||||||
- namespaceSelector:
|
- namespaceSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
name: "game-servers"
|
name: "game-servers"
|
||||||
|
# - podSelector: {}
|
||||||
|
|
||||||
# Allow traefik pods
|
# Allow traefik pods
|
||||||
- namespaceSelector:
|
- namespaceSelector:
|
||||||
|
@ -22,15 +23,3 @@ spec:
|
||||||
- podSelector:
|
- podSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
needsGameServers: "yes"
|
needsGameServers: "yes"
|
||||||
egress:
|
|
||||||
- to:
|
|
||||||
- ipBlock:
|
|
||||||
# allow all IPs
|
|
||||||
cidr: 0.0.0.0/0
|
|
||||||
except:
|
|
||||||
# except the private IP ranges: https://en.wikipedia.org/wiki/Private_network
|
|
||||||
- 10.0.0.0/8
|
|
||||||
- 192.168.0.0/16
|
|
||||||
- 172.16.0.0/20
|
|
||||||
- ipBlock:
|
|
||||||
cidr: 192.168.87.250/24 # server
|
|
|
@ -0,0 +1,24 @@
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: harbor-core-ingress
|
||||||
|
namespace: harbor
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
|
spec:
|
||||||
|
rules:
|
||||||
|
- host: &host "oci.${SECRET_NEW_DOMAIN}"
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: harbor
|
||||||
|
port:
|
||||||
|
number: 80
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- *host
|
||||||
|
secretName: wildcard-main-tls
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue