Compare commits

..

4 Commits

483 changed files with 12470 additions and 9267 deletions

View File

@ -15,17 +15,17 @@
//"schedule": ["on saturday"],
"flux": {
"fileMatch": [
"(^|/)kubernetes/.+/.+\\.ya?ml(\\.j2)?$"
"(^|/)cluster/.+\\.ya?ml(\\.j2)?$"
]
},
"helm-values": {
"fileMatch": [
"(^|/)kubernetes/.+/.+\\.ya?ml(\\.j2)?$"
"(^|/)cluster/.+\\.ya?ml(\\.j2)?$"
]
},
"kubernetes": {
"fileMatch": [
"(^|/)kubernetes/.+/.+\\.ya?ml(\\.j2)?$"
"(^|/)cluster/.+\\.ya?ml(\\.j2)?$"
]
},
"kustomize": {

View File

@ -1,22 +0,0 @@
---
# yaml-language-server: $schema=https://taskfile.dev/schema.json
version: "3"
vars:
CLUSTER_SECRET_SOPS_FILE: "{{.CLUSTERS_DIR}}/common/bootstrap/flux/sops-key.sops.yaml"
GITHUB_DEPLOY_KEY_FILE: "{{.CLUSTERS_DIR}}/common/bootstrap/flux/forgejo-deploy-key.sops.yaml"
tasks:
bootstrap:
desc: Bootstrap Flux into a Kubernetes cluster
cmds:
- kubectl apply --server-side --kustomize {{.CLUSTERS_DIR}}/common/bootstrap/flux
- sops --decrypt {{.CLUSTER_SECRET_SOPS_FILE}} | kubectl apply --server-side --filename -
- sops --decrypt {{.GITHUB_DEPLOY_KEY_FILE}} | kubectl apply --server-side --filename -
- kubectl apply --server-side --kustomize {{.CLUSTERS_DIR}}/{{.CLUSTER}}/flux/config
preconditions:
- { msg: "Missing cluster sops key", sh: "gpg -K 687802D4DFD8AA82EA55666CF7DADAC782D7663D" }
reconcile:
desc: Force update Flux to pull in changes from the Git repository
cmd: flux reconcile --namespace flux-system kustomization cluster --with-source

View File

@ -1,18 +0,0 @@
---
# yaml-language-server: $schema=https://taskfile.dev/schema.json
version: "3"
vars:
CLUSTERS_DIR: "{{.ROOT_DIR}}/kubernetes"
includes:
flux: .taskfiles/Flux/Taskfile.yaml
tasks:
execPostgres:
desc: Exec into the postgres pod as the postgres user
cmd: kubectl -n database exec -it postgresql-0 -- psql -d postgres -U postgres
execMysql:
desc: Exec into the mysql pod as the mysql user
cmd: kubectl -n database exec -it mysql-0 -- mysql -u root -p

View File

@ -1,5 +1,4 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: authentik
@ -11,21 +10,18 @@ spec:
chart:
spec:
chart: authentik
version: 2024.10.4
version: 2024.2.3
sourceRef:
kind: HelmRepository
name: authentik-charts
namespace: flux-system
dependsOn:
- name: redis
namespace: database
values:
global:
env:
- name: AUTHENTIK_HOST
value: http://authentik-server.authentik.svc
value: &host "auth.${SECRET_NEW_DOMAIN}"
- name: AUTHENTIK_HOST_BROWSER
value: "https://auth.${SECRET_NEW_DOMAIN}"
value: *host
- name: AUTHENTIK_SECRET_KEY
valueFrom:
secretKeyRef:
@ -55,7 +51,7 @@ spec:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- &host "auth.${SECRET_NEW_DOMAIN}"
- *host
paths:
- /
pathType: Prefix
@ -88,18 +84,8 @@ spec:
enabled: true
environment: "k3s"
postgresql:
host: "postgres16-rw.database.svc"
host: "postgresql.database"
name: "authentik" # database name
user: "authentik"
redis:
host: "redis-master.database"
email:
host: exim.default
port: 8025
username: ""
password: ""
use_tls: false
use_ssl: false
timeout: 30
from: karasu@${SECRET_NEW_DOMAIN}

View File

@ -1,4 +1,4 @@
apiVersion: source.toolkit.fluxcd.io/v1
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: authentik-charts

View File

@ -1,4 +1,4 @@
apiVersion: traefik.io/v1alpha1
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: authentik

View File

@ -3,7 +3,7 @@ kind: Kustomization
resources:
- ./namespace.yaml
#- ./network_policy.yaml
- ./postgresql/ks.yaml
- ./postgresql
- ./redis
- ./minio
- ./mysql
#- ./mariadb

View File

@ -0,0 +1,24 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: mariadb
namespace: database
spec:
interval: 5m
chart:
spec:
chart: mariadb
version: 18.0.x
sourceRef:
kind: HelmRepository
name: bitnami-charts
namespace: flux-system
values:
auth:
username: k3scluster
existingSecret: "mariadb-secret"
primary:
persistence:
existingClaim: mariadb-pv-claim

View File

@ -1,6 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./self-signed-issuer.yaml
- ./ca-cert.yaml
- ./ca-issuer.yaml
- ./mariadb-pv.yaml
- ./mariadb.sops.yaml
- ./helm-release.yaml

View File

@ -0,0 +1,27 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: mariadb-pv
namespace: database
spec:
storageClassName: hostpath
persistentVolumeReclaimPolicy: Retain
capacity:
storage: 12Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/mnt/MainPool/Kubernetes/databases/mariadb"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mariadb-pv-claim
namespace: database
spec:
storageClassName: hostpath
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 12Gi

View File

@ -0,0 +1,62 @@
apiVersion: v1
kind: Secret
metadata:
name: mariadb-secret
namespace: database
stringData:
mariadb-root-password: ENC[AES256_GCM,data:Fv/IBSYJ59NwAXIm4++j9ouW7QXAWMP8Et6qTtYZGWc=,iv:LpoL3VXqRMPR1jdtAG8hVRpslAZx5C4K1fxHyrjnrE0=,tag:0wi3E4snnKIxtDptgOSr4g==,type:str]
mariadb-replication-password: ENC[AES256_GCM,data:glOy5LsxWzngOjtH0cUrtH3KGA+6kOe0WJw5ul5BiQ4=,iv:URpyq5Sf3CCAqDOtPfM/EvgkMcejvM71gA69zgePlFM=,tag:OeZbv4wUBcoSVUMz1pSi5w==,type:str]
mariadb-password: ENC[AES256_GCM,data:FqraX9l4nFTWrZ3v9LnJJNFuhwURjBSrmMXLT/C9ej8=,iv:CLGc8XHUeLbixBN9Wdx81SJTe8L3HwPaHQ4Lc2iMFvY=,tag:voDFAnniUVshGRuv4+zYGw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2023-04-17T00:12:38Z"
mac: ENC[AES256_GCM,data:v7rimrwed+ElVHZyO7zdIQLoYR2tJrtZVNUgeBMwZUB6+/v52wa/OIIWoPrsXbGQe0W1w/e1t08ekB8tbanzItD1ftg9mYfAsfBkD2XQyyXornV2uDBbmifUq/yH3a89h97j26Ofzx8PZqFYYnFLSCTXHbdmDNsPHza70fYfk40=,iv:2A0pduramwAP4y3UUU73li9hzC5keGuAzmN2euPFSRI=,tag:tSygQLB9UyzFgR89An/j6w==,type:str]
pgp:
- created_at: "2023-06-19T18:35:30Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMAzKleRwoSoixAQ/+PYuDQqORZ7FPzlGb8Wm+DmCCKn4dywZQ/3xqVq1G4wYP
W8loUvA9mL8Ja5E6USWb+YdqWa95PAk5N/pDf3MVtnHQnQU9Ko5AjC5kEPFIdWNP
ShBE0y1sRCUeNw2T4ARa0C3bagL4EaI7C3ef0PxkCbpw4Yz6O9afOySD3u6Nwaa/
04ucDMIoH4VANCDgFo8nFkFV+23bm4cHbHwezaz7r0yL7bOzgt40eSw7tJfEN4nq
Yq/ak4iVor2zl5NxHtm08VXtDIyD5LyH5+jIrUKDGPOS6OVIQbyc6pyClCm4JAvq
NG0XZCIx+AnyQe7d6OmbrKy+ZarQFQOlJS+H0sWrm7DGWPZpNn8LnRDzlcrTlDv1
fP2fGz45gvWRFRaiAeGM2DADwuS4HD4o4nsXa/sWy2Vxstn8Ngjg3/GfMZR4CyDB
JzNOl4HjaKYi4kP+MJRSedwp5IGlLeG31MKdn7xU+gsYonsG8u2puTfbHQ8Pk92B
HjJ1hLoc65MZofQkeKmYjzQ+9yT2g4YYUyWnPX5agrlMhsVqkZiRirRg+uCT59qD
OA8BI9tmjtDjVSs4B5XayL4uppv8pHHk3B6LnKfVX61BAEF4LXV3X7RJMBoLACy4
v1UbX6J177xIxHCl/tbzZhwAH+NmceioH2OuPUAtnA3TziCjzr9dH8Fpnrlc26jU
aAEJAhCSe5Xs1RDXBUfhlqjwDTZbuyLF889WujKIRwopHqDvCpwA6ZqijElAZWS9
F8JAIq1PvyQJBvoGzc52jShobDYugzrFEDiF1Rf8/moXRx4VEa9F0049Zfa1U0bD
daX+Wf+7VNFs
=qkGs
-----END PGP MESSAGE-----
fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5
- created_at: "2023-06-19T18:35:30Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMAy5t8IMoPu4VAQ/+L3qBw73EbS1WJ/0qpZ4fiaV40Yd5Y0i9g0CXaNzKNc0n
qSr0r3yYsbJWcQwWOhORMwXaDChTf/d02kz+HSdAc+u1IdPAb8mtJ39C0Zlnu78y
S5CBF6zUg0BDdnzQKKyuzalmaGirRXUikfyRcIAHb/mmhUwCu/ekFg0QnUx1VvGx
Su/sAabRT6D10MF8lunZI63E05yxLSrlb/xGAfGBX/MN6qqdRdYZWzTWgiJAgO07
53a2SJE5SfTlEpPdacBV4MVxcHj9xstUDTjQYP69UTTEDKq/kwaZ5FubMWFUono5
fxeZr0PeYXwWVzHHbGTTagAzG8M/urPLje6IsWwb5TYyjTn7VSUOfyrdHnS8PZ8u
YYyJMftlc4EmTQqYxc9D/j2xk0Hja3cb9L9eLTVkikds07ZRTr+IikYpspYb3vEu
dhvMULKhNDoW9K83THQdwyqi8EO7RQoEnGzqRqW84WWN90Bo2YrOL/uZyvgKNEY/
lSgsPeWWqc8eHnZnm1zedc/0eiRIbKIwzKYTC2dr3ZbsaAlbt0JXXU8GQnvOWFeh
RFOt1WdoFv+Ssm4I+gfSvcMSMeqzUC8AOf0hdIXCwf1lQlVPT8GHq1H11aW9O6Gf
jPz5dLwMkGVDJ90i005ZdeUXGntRHOKOwag4MfD6JaDQ4hnj15pfQdbIgOKCRTzU
aAEJAhB08M0x5nMkguE9Yow9afmKTpzKoIvRFLw0iLy4T6FYxJ1k9+/UMAQ2Wa69
UiL0YCFldFzxcq0GGfrkIX+PUvYaYpsAB6Iid5RwPHtzcSv5pxN91uztaUCfOmPZ
fPiA+XqbXVzO
=DRJp
-----END PGP MESSAGE-----
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
encrypted_regex: ^(data|stringData)$
version: 3.7.3

View File

@ -1,4 +1,4 @@
apiVersion: helm.toolkit.fluxcd.io/v2
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: minio

View File

@ -1,4 +1,4 @@
apiVersion: helm.toolkit.fluxcd.io/v2
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: postgresql
@ -30,13 +30,13 @@ spec:
primary:
persistence:
existingClaim: "postgresql-pvc"
existingClaim: "postgresql-pv-claim"
containerSecurityContext:
enabled: true
runAsUser: 655
runAsUser: 10000
readReplicas:
containerSecurityContext:
enabled: true
runAsUser: 655
runAsUser: 10000

View File

@ -1,4 +1,4 @@
apiVersion: helm.toolkit.fluxcd.io/v2
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: pgadmin4
@ -8,7 +8,7 @@ spec:
chart:
spec:
chart: pgadmin4
version: "1.33.2"
version: "1.24.1"
sourceRef:
kind: HelmRepository
name: runix-charts

View File

@ -1,4 +1,4 @@
apiVersion: source.toolkit.fluxcd.io/v1
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: runix-charts

View File

@ -0,0 +1,27 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: postgresql-pv
namespace: database
spec:
storageClassName: hostpath
persistentVolumeReclaimPolicy: Retain
capacity:
storage: 12Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/mnt/MainPool/Kubernetes/databases/postgresql"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: postgresql-pv-claim
namespace: database
spec:
storageClassName: hostpath
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi

View File

@ -0,0 +1,62 @@
apiVersion: v1
kind: Secret
metadata:
name: pgsql-secrets
namespace: database
stringData:
adminPassword: ENC[AES256_GCM,data:gJ7rl2V/VlbIIRvRHcwMaZKN87t5n8bVWZCj/tRv8Uw=,iv:b/5eEnOrHzJrtnO+E2IGwJLHy2AdJQwv9WfUR5fUHY4=,tag:nTtaDNHVfYpChQX9UWwdKA==,type:str]
userPassword: ENC[AES256_GCM,data:gR7q508lUaRDRJ/z5lH99JLJSS9zWfg0O+TAm2B9uvo=,iv:9DDQxwd/BGtLQDacAH/crfT+qU4Pn5sGkWuEtmMprUI=,tag:tK3WoUd7729LQDVqU7pckQ==,type:str]
replicationPassword: ENC[AES256_GCM,data:BSA5IfYhhvN445yp2i3BI5zlIXgdj+LejCPzvlTMnVo=,iv:Qku2NAQPLxt+NUnk2dSx1+WAoyx3aEuA3+piU2mubYk=,tag:MnI+atK6VLZUc3eGS1OE1w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2023-10-22T16:25:15Z"
mac: ENC[AES256_GCM,data:uWVPfKwPpR212js7f2RnCzEsMnxk2JpGPcf2L5i4gJCddJCrRJkdhjWGyVVpp/ociP3JLRTI95+WSEUH0KkPZpY1ptQevCVsUemRytOCtBlR0yR4qsBwEisSu8m4B5dbAYsqlXAndrBNL2WGB7uBv+ILgNxkhlN58unseSWJBDM=,iv:e7QyZSlhpyQ+A8OmV4p1848itIUxyam6CJOI9/N7DDY=,tag:N28mfrAjUTTYkly1hu0OhA==,type:str]
pgp:
- created_at: "2023-06-19T18:35:15Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMAzKleRwoSoixAQ//aQdUERyq3G7V29F5rpY6LdDgo8+hqrrZvdI3JnON0VUM
Tj3AAYg+xvYh8aPQywF9fJvn6qNw8fqrb2GiuuNTa9ZPCFsD+WXbuYHmQ9z6tAtV
opXe3QLNBuo9zEtUfGPbaCp8EH7f1TxQsTJoe9iE/1B2S69cHNUdgXZtfQyhpmlG
iyAk/G04kPazweIuFNjOYaN/12J/s2Cf5AZUeROkMxg8/GTPO68LeEBz9v4vl/1z
JlxmZyXR/9IeoBlO63asDrR85fcvSDb31K4qE3WVkag20bXClv1lehLVKO4bxA/F
lW1tXDR3odC9Ozme884Znd05L0NWkzYKYRta198IV6JuSCeMdjTscGGlMM9wqqKz
SZgs81FHXT16YCVupfI22CqMiD0EzQXrGEtJ4NqaBvhZu+MDxszNRzIl73b0HANc
8JQqQqOJh7ltrWnf39Xlv73yVC/pYbaV1LWGnMfqWvOcksa9QjOH9Ysfj/RxdaMw
VQhydU+21+xeuEQBL7OsiJQUzgJjFREnTRPXcorCtWxocCn5zwdct1SFchFzCOTp
H0ubpD+MP4RTWxuYbZRhE5ty6GJU9liRH7dUJtVaQiv8V+G1DungTqq36AbbnHzd
9cy+4cM3wZx2VYElL7DBom8nqqm7Xhffr0UaaY8VFuV5bBry3BmM5rOr8vDYqf7U
aAEJAhC/4yiBMuhEB+fwXIq/dBjMzW+p8SotK2QK03yaTFQchnBDknwVdqcKQxIZ
di3kupnjB+KllWOZhl121tT9L35ymL53BUu1FKCTFdIS2wXxy6UlIS98n0bvWJYN
c5WTfk81xmbT
=UE14
-----END PGP MESSAGE-----
fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5
- created_at: "2023-06-19T18:35:15Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMAy5t8IMoPu4VAQ/9G2JDsJw6YJMjstWPrv07tnU0ErWZx5WGcNUGhw6T5tOJ
kXCAuaZax8NxoTtZnQ9Cd+WgJr7R0FuVPEPTc4G2RsfntSZq5rBgCpT0fgwyASFX
64b6YTbLcCL+G6sg/FwIi9SRqqCsaljATjoU685vrjaxYYfAdhyUoM3qSNjMMaMl
zVjn0kbWrQn4GqfuRMqcr+zCIQdHNTTJ12+c6UUo/zJp4zzjA68Yur9aiw1iHtR1
rYCPHX2/ZmQjADTHXqwpuMdb5j0VDcd5JcZabdcJkhn/6MRJiN+XryZN/Neq9UbF
5WrMaZz5v0iRnMUCr8HMw29P0ttu5Sma+RyCOZuWlpsXj+C84pJ8CjBbFhzSJzGP
cKI8Syn0CPLN3X6vKs+LJXEHg1jxJ9kuN+RgW+SQRctUX3A0JtFg2tWplkptNtLl
hN5rW+fWxk7BV9dP7wouwVJiKcW3Y/OMCF5H8YHwL/KVHvANBwNM+nmFPrHaqN2s
0RghznmZMVG+9IYedSM6d8ZJLnO/QsNTE0QTGM/3dmBAn9jcndCLTgcgThAtvcmw
lFJYaMN3W455Cccaif93xnb44yn47actgEuM6GOuP15GGJaHD2iBQ2atHcaQhNQR
mxhIIouu+Kaa6g34MA/VGDNoN0eNYI5RZIUSSBl7bgaOXs9/3j1Uvap9yesCaOTU
aAEJAhDDqjX7RUazeEByAiKjv5TxpQzsi8gR4zyrhf6tTx34jHzQNoVjYEtLMEVl
ZlAJ06RoxOj8O6+8RGYd/ZUE+TQPQ4jx+PgWrZPUQx8TSxevuduw5XZ1lKytUSCZ
GFDjOxp0lMGV
=LHSB
-----END PGP MESSAGE-----
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
encrypted_regex: ^(data|stringData)$
version: 3.8.0

View File

@ -1,4 +1,4 @@
apiVersion: helm.toolkit.fluxcd.io/v2
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: redis
@ -8,7 +8,7 @@ spec:
chart:
spec:
chart: redis
version: 20.3.x
version: 19.1.x
sourceRef:
kind: HelmRepository
name: bitnami-charts
@ -18,6 +18,11 @@ spec:
existingSecret: "redis-secrets"
existingSecretPasswordKey: "password"
serviceMonitor:
enabled: true
additionalLabels:
release: kube-prometheus-stack
master:
podSecurityContext:
enabled: true
@ -27,11 +32,6 @@ spec:
enabled: true
runAsUser: 10000
persistence:
enabled: true
storageClass: mainpool-hostpath
size: 8Gi
replica:
podSecurityContext:
enabled: true
@ -41,7 +41,15 @@ spec:
enabled: true
runAsUser: 10000
persistence:
sentinel:
containerSecurityContext:
enabled: true
storageClass: mainpool-hostpath
size: 8Gi
runAsUser: 10000
metrics:
containerSecurityContext:
enabled: true
runAsUser: 10000
volumePermissions:
enabled: true

View File

@ -0,0 +1,65 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: nginx-cdn
namespace: default
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 1.3.x
sourceRef:
kind: HelmRepository
name: bjws-charts
namespace: flux-system
values:
image:
repository: oci.seedno.de/seednode/nginx
tag: latest
args:
- -c
- /config/nginx.conf
service:
main:
ports:
http:
port: 6544
probes:
liveness:
enabled: false
ingress:
main:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- host: &host "cdn.${SECRET_NEW_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
persistence:
data:
enabled: true
type: hostPath
hostPath: /mnt/MainPool/Kubernetes/cdn/data
readOnly: true
mountPath: /data
config:
enabled: true
type: configMap
name: nginx-cdn-configmap
resources:
requests:
cpu: 1m

View File

@ -0,0 +1,10 @@
kind: ConfigMap
apiVersion: v1
metadata:
name: dendron-config
namespace: default
data:
config.yaml: |
bind-addr: 127.0.0.1:8080
auth: none
cert: false

View File

@ -0,0 +1,60 @@
apiVersion: v1
kind: Secret
metadata:
name: dendron-secret
namespace: default
stringData:
config: ENC[AES256_GCM,data:NxmEkvQaTeN535bFrFBs92pe59zmcqmxwH+3vwcgtnD35z0GzFDqUzgsQkY4suwkjekvZPiWxaoWNQ5GnQ==,iv:5kkHxRSSGQS4jDx+xZYTr1Xjn3vqcZIIy4JF4AWjcpg=,tag:1GDd1vtWx2C8J9zCKV+Yrg==,type:str]
id_rsa.pub: ENC[AES256_GCM,data:e/+K6q8dZqhydoaUHNfRsVOYBxL9RPWQEy/EaSJag+1GK26yY773MYAo+rbdCZnFMuDjGa2xN+Y5S+Bjcj8YMxZ8CCBFnqshfQa6FmDb1j0s46c4mjbRdxLAOXyl0ehwdq1YI0kslh19SK1/V+t96NDn9PQi1m7jTmw0k2FP74ooFx0d+DinDq4OpsAQ8XKj1twBXLf8YLxs1/qqDzAnB3jCh3ADmpAGGllJFzXPMR+uQjGhN04RnPZY81ofTFn2v4QucIFFf4HQCAvqMicc2haZk1+t6tKOqsSqM5LfBLlmOGZDUygauKZb22iECEUG9UXUUf52gcHINKBGKlN9ba+JEUEZaScod6AKceSOJoi9Dnfhqm6q9zYfjnkqSYKH+mFOS36VqTBbc+Vy7+MRfkDwu7uE3XFrDmar17eTesiWYDi91L/1eQSlGmmOhWcMkqgW4jWvsDCP1hSOOxZ1ke6UyLnzeqTm1a/gT+U6BtF3t7KZgR0gb+ygJ3ieX7PZFxoJf6urc5TDK5X8dT+VZkMMUZATbhlM3m0GdCZuBq+t2yCv9bGOAVvUIa2/rjZ02FtmBIoeuRAeBNdArw027eTYa02pXgmWy1RrDm08Aopzbe+Q3AVDo0MK4QyhFkr0RA61nLCqSh6WSSyFyCxHaeWv7s9EZF3MG2vKteWsz1/xGiFB7KuTSUbE8WArtPNStVLjF4UiRV5+PfJ15gySGNzImsT0MpKVSNxKSWafrPe+SpGQMQOWV4Mhekr29SxgNDziGDhmMAYmbr/Y95mSbIzXGtOmgT8p20fjcqHMAiA/xTcLNLDcB8QPB1EXZ5mZtdmnQsuvPaHQ/HMOmX5zOKbvNwBnOuznH3I3+kDWeEFLPlcYeRXXzFt7iw50yT7AEG9h6wKIHnLQm4HVPVP0z+HcNzJzSFOa4yElnnbcyWH3HiVttOXPAyI5PKIihyLZGB8XR78GULToup+aBW4TqeEXZFnMqyFPagn1y39tuCYgsFA=,iv:V3eSPCb9Mx00SksaoIQv0ACqMI0R06ZTLpJgkhHZxqA=,tag:3Pp0apL1vBdfNz09ctgwHg==,type:str]
id_rsa: ENC[AES256_GCM,data:na8KTV3ub1Cj30ss/iRJDFRghq1wGWyiE1GAGV2QPLPkJcGMySWQaU1VLtMW4aUVzLT6oG3Oj2tHrnls26VSlgD5dUgO6bJj38w0NqhFrl+FxBQyyeGhkO4/Rgo3m3IUnE4NhcFyxxP9BPXuMrSr82iWk3qaB/NHPSHyf71NT9C/aE/nJKpycj4RSbT59DYF08jti5rWzPnGDmgBO9K5gEtsZgzvVdthjvGdS2JFaV68hxOYWNxfdbBtxMuZNvXsdFhXHUKs6G0L1vA053kT26B/JLQzKG4pxeHikIneEsM9m9syL1OTHtoCqpg++usxxOKCioVgUsrNI0AyQX1Ywfq1l4AXQfQY3MKG9y+1Evssc0tlG4O5wRTojUkcyalcPZ26epLeFJehk3AeBB+uI0l/cSVrmOch+ax5k2UXLldk6qI3e3AT67tM0lIC92QXj3pUKa7qWog9thp1Nle0Gei/rGVY5Qf9jv8UYB7BzHROAzi3yO5oJPVQKMiAUAIOZhnIAGFFKL//3FSoWI3D9n9DWVrqjOM73M1NgKefVCywDQb8Fkgid6BMTArGqUn/V2fRHUS4rQGbsgc0QEl+cBilAXEQFdHQSkWP25H3ppH5Qxtz1/B3SgeR8Xnm84f4ED+F4xeospaV+DN//FnnPehEpIxtPJpB4PWxCRYzyTzXh+/sQ3YQbfOo4pH4yLgdWoR462E35VVa2GaZKG9ykTeRnALMI5hgf0HNW9CIcCfNVfRxxy/idQ7CoMI7QAwSwL433JPM0Al7tUTtUlk25jBh78IcDtHkK2WQeP4n2qTrBWbA5HqTEvPhPh1ip/z0NNsPUI1PoTdiEC56zpwJIbJ76L5+7A1OcJlCUbZXSMkjKnPGU0FIgRx8+qNJDO+IztYRoM5B/6pINbcWaAIFSSnu+zsNfyoZNxxeJJgs1JqQTvfCMM8jhnEWuTG72YscygDoTNWihsF3+Ie5yIX3L9+Cx9NkATjpUZjJFusKzGaY6PZ/UjYjSKDO9yVq8Qk95+3LJl8SAUgIVBKOuguTNbECu4khBJT+qt7SXnR0HfvcJ4VdN8iHZJBZFVJd/sIo3jSNpkQj046hBmN6XjjfHBdSIoBMcNAZQohYKV0Pw0DAsfn0xS25V2+heyKnxsPWpu4FcwXrsADMIuZUMjyos1F2cpK/b3eJCh4JHGTppwIyFVnLvMo0xYGaqn1CtF5Ju6Cr0bJXaDHqfZBWmFDPopPsOGRsNRXAmcO50zEZ8kYg0yPZHli/X/Q6to65+mQL/sgRiodzvJjecctG2G8558/e8gEWrGNCT5fgpUizzo59j517yQccKRsyftKqpH1ZQXQKyBn42JeqAr49IGqTMB3wt6KW1S+5WPUVsZIy0/C7UnwexmBSQ7MOixYybr1rlQClnIroViog2cdNPfQ05fv9Cry1Npo6z76UJRhWSyrXVaBzhBpTSxl0pix/4ZQouMwujb12spzo4PlXYeh039YKFRruSu5NZx+ELRGpeQvcn/FXJODlh63bI9BKb1jNkz77PcUJudrmQxIAm8dmCsyR6m+GizMm17673i/FWmqILLRE3NOPHepM6iyhEYu/WHb48/N9h4hvP0u7Qt0nS9k1FK3Ywbra1EQ3suj8kbF5cJ/jv0TP+WDaybTkzzb5Peb/OoJI6FIW++uvtqSmQ9fYOmE+cllh5cxkybm3LYfio2TLhUm5qclcEO+C0KmQ0PqUDI0VLPc1PukbYFxE/1o6+zpCDHPABItNjim2tAtm33ABooFcpvIBKmKnho5cT6iO5Rwdx24+YGN8pzb9bAsKbDkL+tpQ2R3xjz/lFptcSj3o5Ewee4EetJO03NpZ36qP50GBKT1CSNH1EfKocHIst1hLBL1E11caVEnoPX0mbBaxuA1hTEpIy0gE6axokn/xxkxbOSVu1zLNS6xtwW++L6td3yLfeDadAi0mOyJAkbpP3cZySJBNGxPJIePhC7/ALjhFMNJijZIgVYbv9YCYpHg3AF1gresocoDrQFHTqAWpPWXh1srBPA2Ke45AwRxE4/MDHu/QI4GH+nSX20VkbM53avuhAQrLXflirlDDMVsI0SPOJzEu90Yl3oZif+wXEL2clLUCq36uQCCRHx+Nvw32Ik5IhSo1ayQO0wCObCRT/HrT2ZAJxsHnS86QU+dgHSQcGCEawzUdta7FpoZcOec9ZH1RDPsmpKhd8Ry3rDrxURWoNwTfEZIrYghfuP4jqos+XJpO67sSzvlVW1PSElMTtcXWWoq0H5lHTYRV/wpothkc1MFWCgVqxJ+ynyhg2PHPOwNBas3rGKW3m2VK2rkHW2nnoavHLNNzLkjhyK3HLSdhCz2hzASdgO1Ae2fxgOOmaI04p6dB8un2ciEaTcMp0Q9Jj7+fxvTCVikLTBMeqmLe4gwRSfQ0N2k20vKoevKEX8CtAOXxLHXmRpIzadEFMVHIaaura76zXKLdSC295eWxXyHKDcnY6LQChrZIIbs3ymw9DSNuW0q4t0IcaN7SCg/weKE6ZVhc6Vm0fO0GmAOyTrky42GW/5L2DBxRonAQwOsCjIeUHhaetVzp+MFeQvAxpUEM6kwo1BDk+v1yS4oNGizNR44bSa7EjzLP3qQXcVfHt0FM/bwD2ajMmU4aYfd4yIFROaY89d1KHhnqwIbdeWKZrtxzyDl/b+i45clE+RG9FTRzKFyNCuB5CPqejKDyMa/q9XoppPABrX1MCi/0Q2jiwiir9EFc9rN6hdouU7N8BBt6lNOXycsgoyDB9v7QF+mTmpggfuB4lWmJSt3/vLqlaBOIlWf2LWaSNgm+O3XPUfkaSfa5IvtN5IusU8lfEabH8QY1DfAIIRL0IZfIezVWrnTvjbH8iJd6ZKDqfIN/GY8eItb3355giO4tNXJH//LnJrXFytXqGfxWT7tHLxij4alP9qSaG1DASXk7GOzrs9+nnLATK1Rfe8Cd2mK1n2AKLJeop5iXrAsiKaiRd6gXBciK7n6DZFDPRLb+TZLHoS/Az3QOvsVuoZASwB3CnJF/2GzrljkBH1DH2wpY0F1lGKk9zkqPs3kURs9Y3A0o7V6uf/JtqUA13sQyoY4SqdUHjxFBvrEn+qUe6ySsIgPTysUc/G+uwOcCRuaKCKPMF/tv/GiqSaUV0Otc3rlJwWiiAKLKpc0VXj0nq9Q1aW++h5OJrO1YIfFi8t21JOyLPs+W3kA0Yd9RY30DqWlFtyKrVDa6Sp+J/OX+NkqzgXARGGlaCZIkpIZ8oc7zUAga0j+2Jz8DNV0OZhWEf6zsTVntO7bCGseLeU95YQiwaRX7fopStoO0NydIxNfjp+LiZnLsockeRBuZTmghv6pch7EHNpr4WVn9/qbIQfZCRXOJChu8VB5i7diZXIW0Apr4DpnALyo1GcjyaOjmdyBOQN/mabE8SFLC1e6jr7+uRzFvxfJqka0RQBTbu/XlWcjFrDYSL8Pyg+LmN8yl7f4afl5YEa8mUvZ33xRgHYQvex4hB9EYwaiOe6HaMeAd+dnZouU1GxLblzTDjH8HQeAm+kMW26n4BM+jatz8PQyodGkFZN8zdyA2WE5dasifCYf21MosjwfJqgLTROXguBGPWBebDNI6NuB0Nwvif4C9Wai1r+CFQ3yz17huSfXTLpNaXiWVXAzRm73RpL2M/upJR6pCZOapHqTtQm1yEEBDn2KZuO5nGUIX6uB3ubIrgRBdHDO1mM0Au/IYeCZZlnIHoPzKPofEiVidVk3aeZqlfJ3TGFbKOG9LanjO702P0nvCHNcoQfHyTXghaiDtoHERrCIrRDoOUDDjt16V3EDSsZlNqYyQEw9jZ1cCm7OY26lFWDh69PU8UgV+DfK1aq1Dc/6S8gi4NnodGMGrw7Glja1XKEAzSG8cR6Jr8QErQY3YmagIQmHsdZ4hJxVRu/etohWVpwfw8R/PdmriOxwx+uZb0YFhAXICxSTKVA3ubWaVZRmrebnuyl1iFA9CE9H+e3MOQtnwosa0S4Tyd47gdASVKsru03nTJw1UmhpauXXjGRGq8aUoDi1GNXel8oLWILWQaVSKhdhIWLhfHsVg/TJwtm023fsBi/RBM7UkonikrFJ1s5KgM88oJaAavTUbwRmMsUjfpKnZw+Bm0Yemwb73IP1KPJrU4orVxDjffyzzMAorg6ifGDWHAiTsoSbHXjbCD4W7FxEjtT42spb2+FqPigLHhAVV3TG56CCCMPLRaw6xIi7lCYNVFt1jRUAWNlegzc1fRvBTf8YsqrOToIXu04Wwu3+nG3fcr5+2mWETShPDAd+NDPkxBc+ux3XfM5yYKiRPh2O5HNSX5LQG3zHY7yEU8ZXEiHdZWZPhc1N3wBVNlXh6srkuC3/BWt6PcAyZsDXIrBEc6zY3zbZ4qdYdXazMbhNunaRi3Mlull2CgJquwGsHQY098fUJVngmbrTXHqGMTBCFtCr9+q7vgA42GFevfNsCPLYg9u2MiaZqcmKPY4SWU4U2Roz8fv2BKBpmaxg1e79/sBzmTnjgsy2313D/T2zyhWzeWn1Oq9OeVuqcaELHkaxpySSCw5TkNYvSTwWJxLHw1ccXOQVNdNn1mgTsIA==,iv:8DWFQG4uoooU0U4yKYYiism0p6kGJVd4pwuhVyA7hIM=,tag:zTBz5yhUaM0h/hlR/Yh2gQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2023-07-25T05:01:34Z"
mac: ENC[AES256_GCM,data:+L/f2vsSjkpEzb8qUXCusMdYPbQO+we+SpE7sbbiiWAPjbkVgOg5ah3BzXvGIIWzZsXt4/Y5BXfB/54am42/WYQhnfzZdTWvFCUSK0bDiBEuybCej/Y0eGes7WchpBBvIRuVU0jly1m25MmCFXRLR15DjXIbIYeTA1WIsgSsBvk=,iv:pOIwEXCYIhZF2AJ5FcdbrtmWkNOSuTkP6dIVyHNdoWo=,tag:UO+ieaZ7Zdv0JJcBHKBpzA==,type:str]
pgp:
- created_at: "2023-07-25T05:01:33Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMAzKleRwoSoixAQ//eAJDYoFRZsEMBwInHBRnW6Bu7yVhqnun2f4EVWA8Ob/a
+DO3ojrh0oezmQA6Ttqv00gJLNGfsPPgVlF3f9bfSFulTYS37UggIOLpLmH2z4Vs
JElLDPgOAsNQ6+PYb92/ErqFg0vhOkDWSw0ILYL6TazQD3hj7iUathyJIW0CoOgO
qedmW1/1L3lV3Mg87cRR1gvBK/V20Dx90Y+MGNg88P3IYMIP0mSslNwvA59k61Ht
RXL8w8C+Ax6tigaOFlDeaarzDxdIwCrs4MWQYggXMjQzO/ohEfDospRitoxYnj8/
LY3BsRSFkIEeYz/ERW+EY23Skc7UGGfWPrvZbj334iceiZ34X8KMe7aU8oh7gkwu
bm4FsIW/HAfgcRbVir/3TffFTinqTBMi4G8GU4Q2M1JorkqrOJXtlvzA68b12b5w
0pPGMowWN2Xc3HzY40yVQ/9RPmDNBAFCaP3n1QjXz0jBgNOKVwmJKoNxi8m7hM2V
KOUseS80v0sDM+gJAwRGhZTmyphLP1v6116Duh8l4ZAhgz3Zw2gJ9nf9kCItL1if
g5u7pvpcVwuaxkm4UloZggHan6weHGutppO+rEUu6hM/JlMrtGz5iAQtOG8OdvWE
su0KZFRAHUayAltL1u0eQcQVzXQWVvWAgY0f7YYjjxkCygAAR4O+jS+IlTlIBEDS
XgGpYLZja758jdjkJx0Rt98Un4MWoXW/3zE2qKHmfQVu9T3uyPIn/ES2tN2O2WDp
kmacHAcz09Hfz55MPU7T63yF3+2xqwlNnnxdebXBI3HO9pIXNoKHNO4c55yh1f0=
=1D3U
-----END PGP MESSAGE-----
fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5
- created_at: "2023-07-25T05:01:33Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMAy5t8IMoPu4VAQ//TilqHh3NXeTVeHfTv+engCARGuSv6aWIDfSl2PM0hdO6
kgvxRubWFbTc/EH7JXZmdNmVYM7vnpSKBuGE2xyc1MxIFHmRgotzz6liM0H+Enen
BMeNunT5A3hZ3aZ9iaqUzSCjYgMoQy5XRKuS/DVp+o7qhXLcYBBPxsxLuxanEsE7
ZAMc2EYEDY+ZP4csY6RvEYBOjn5QWjOjgo7AGpcji3OsnHYc1RCIud8ZXhLKs29a
IkcdKYqRuDob82RivhhqcTjf8iL3LGUE9cR912RSmP5908DvVtOZzY8luw9VSlmx
fQF0HKrsN/VXTNZGuqIO/GFzL/21nOxNTgxRAwtg19urQ4/lGvobh0r52lJyX0Bj
tEggeZbq1Pa1UOEaRvIV70L73TzjzrQurDoqvbv7Brz0hjR/iu/U3Ry2IlPZNBQd
IJMNn9uYuIaO+9EnLwS2Jor9K8GrME51gv52B9RCQgAfC7jHlCmW/qCdcXGkW1Lv
l9tOsu/KDL6rNvqzAD0GNIj22m3mJjb4kMYeQxyuzjD+GZcYxpNFGOORhFqfPj8P
gelzIHxbH5xJitIqmTYAXgzvVtm0TEEKrUf3yBgd3r2zJtfmwd031PZrCM9XZmbE
6kIOUYpx1ZboaLzIVRLbb9eyTqyGlYcVL7Cl1aRtdbQKJPgTZCidzIpBwFd+20LS
XgG8Ckst3I0ewGTnokVZqP2bNWTA8KHasdvD69k2KjUqsE1j3xmXZJIqiFq2QAXn
zVwtM+I+S4yR+xN0xLowmUYVhh748NxCv3MyATu+EDE0v9OSrk3qiAkndFm9Z8Q=
=Cds7
-----END PGP MESSAGE-----
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
encrypted_regex: ^(data|stringData)$
version: 3.7.3

View File

@ -0,0 +1,92 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: dendron
namespace: default
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 1.3.x
sourceRef:
kind: HelmRepository
name: bjws-charts
namespace: flux-system
values:
image:
repository: oci.${SECRET_NEW_DOMAIN}/seanomik/dendron-codeserver
tag: v0.0.3
imagePullSecrets:
- name: orca-puller
service:
main:
ports:
http:
port: 8080
probes:
liveness:
enabled: false
ingress:
main:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
hosts:
- host: &host "dendron.${SECRET_NEW_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
podSecurityContext:
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
persistence:
data:
enabled: true
type: hostPath
hostPath: /mnt/MainPool/Kubernetes/dendron/notes
mountPath: /notes
user-config:
enabled: true
type: hostPath
hostPath: /mnt/MainPool/Kubernetes/dendron/code-settings
mountPath: /home/coder/.local/share/code-server/User
ssh-private:
enabled: true
type: secret
name: dendron-secret
readOnly: false
mountPath: /home/coder/.ssh/id_rsa
subPath: id_rsa
ssh-config:
enabled: true
type: secret
name: dendron-secret
readOnly: false
mountPath: /home/coder/.ssh/config
subPath: config
codeserver-config:
enabled: true
type: configMap
name: dendron-config
readOnly: false
mountPath: /home/coder/.config/code-server
resources:
requests:
cpu: 1m

View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./dendron-secret.sops.yaml
- ./dendron-config.yaml
- ./helm-release.yaml

View File

@ -19,7 +19,7 @@ spec:
command:
- /bin/bash
- -c
- wget -qO- http://fireflyiii:8080/api/v1/cron/$(cat /etc/crontoken)
- wget -qO- http://firefly-iii:8080/api/v1/cron/$(cat /etc/crontoken)
volumeMounts:
- name: ff-secret
mountPath: /etc/crontoken

View File

@ -0,0 +1,123 @@
apiVersion: v1
kind: Secret
metadata:
name: firefly-env-secret
namespace: default
stringData:
ALLOW_WEBHOOKS: ENC[AES256_GCM,data:qdisaso=,iv:rT7WID3kRMPEGmWJepNmrj1tutxsT5Arw5AN9oVFoXE=,tag:jkYkRaGLEB3iBEjEVIAVCg==,type:str]
APP_DEBUG: ENC[AES256_GCM,data:Jyo8QmI=,iv:Gq2Ldh+H+oturcglphQb7ERHX8jD/5j01qtEJDRPAn4=,tag:m96oouPtT9J5zQHPs2QaVw==,type:str]
APP_ENV: ENC[AES256_GCM,data:19kiyms=,iv:KLwsQOsDvg/7f18FEsg+e2rgnXSbsxwSNbItmgLGy8M=,tag:mUX/UeXFi0eeZ68bsJpq8Q==,type:str]
APP_KEY: ENC[AES256_GCM,data:PI70apm/K8/1el4lW3KR6wLgBDgj0YAQ6KwngqxSv2Y=,iv:S7xrpAeY3wM3moCL/i5R045yst7Zz8ahXbLyNfvacZ0=,tag:hOXR1kKdxVoQxZyjZu+ajg==,type:str]
APP_LOG_LEVEL: ENC[AES256_GCM,data:ZwJTcn8y,iv:wk+jX9Zp1TTn1EHv0OLgt+0alm5JBHdWcEtIn1dTI6o=,tag:gR1Ls7dFGyt4hKGiwLU5wQ==,type:str]
APP_NAME: ENC[AES256_GCM,data:yfd2OQk6NvjKcA==,iv:jLL2Dt0YlWODwCKSnqR1yuSWJsKySQNZY/pEfxi5jJM=,tag:XoHlMsMuRG6S4Wm0PVjtBA==,type:str]
APP_URL: ENC[AES256_GCM,data:+bveNLjanPPMkoMrDO4KsA==,iv:xQWHzRKBMBumi2bFCUKoWLRiuNNV3HQLv1WGEiZ6RRg=,tag:h9IF4XwIK2P8sB4V1Su5Ug==,type:str]
AUDIT_LOG_LEVEL: ENC[AES256_GCM,data:OA7nqw==,iv:9BcE5Bf9QDf3kzA4Xbf0XkbkFjGAv6id7vdSI12wRm8=,tag:QN7o1eEbGSTvrGGBzzouSg==,type:str]
AUTHENTICATION_GUARD: ENC[AES256_GCM,data:wsQZSzAP0hE4o9DAwNtwSEM=,iv:U6513HaOzDDlCehFuSs8ey0KFWup9S8tAYiSX89EyNg=,tag:i5q9W6uglFZ9bKc2f4QPvQ==,type:str]
AUTHENTICATION_GUARD_HEADER: ENC[AES256_GCM,data:0GfWuR+1RhLsED/T5iEDYV3tkmx2wA==,iv:x/6xxFAv5+J8e55a9JnIZ49v/FJRL066rSf2bBxhHHU=,tag:hAhhsDDMeM29b8iMx3xwqA==,type:str]
BROADCAST_DRIVER: ENC[AES256_GCM,data:2iYs,iv:5oeuA+08uDRSJyLwwkdFC2q4LZKNs2OSoQjsnIX0aYY=,tag:m2ybfxtY98j39sBnax7IVA==,type:str]
CACHE_DRIVER: ENC[AES256_GCM,data:2lv9YGE=,iv:xuk6ih2wApMuWJIlm9clwYCnMR973lG7EOHDUZtlDvc=,tag:cdEh6/zAZ+7IcQMvHojgXQ==,type:str]
CACHE_PREFIX: ENC[AES256_GCM,data:OS/jr/Qo5A==,iv:wLeRO4uAo+HHB/1tK3m4MEeefmMRTc0+aTYuUGGrYyg=,tag:8cv8oxfwMkTeZ8+JsCoWVA==,type:str]
COOKIE_PATH: ENC[AES256_GCM,data:pQ==,iv:5QR02hlvi9n/gl6LLdSR2HSybzohlCisq51+QzUJv1k=,tag:hpwUD0ctU0pX7S+V6UNz/w==,type:str]
COOKIE_SAMESITE: ENC[AES256_GCM,data:HNlS,iv:f/kbAOVyWFEH6yKr+N3zM+9tNQQCpQA7/iKAg8ejFdk=,tag:g1rmzfnWSYIzxFJA0l/uUA==,type:str]
COOKIE_SECURE: ENC[AES256_GCM,data:fxJkE2M=,iv:0JXgzyybtMtIgxh6VSwAS5oehpVMFkLKvJFOBDcwhVM=,tag:RAhNUuJKOho6bvXJyNT6cg==,type:str]
DB_CONNECTION: ENC[AES256_GCM,data:Y7b+kts=,iv:1vZBNoO4O0Z8LPH3ZPSDpx49jtbQOEl6+BitbKyat4A=,tag:eOUpSlZGZKM0LPHdZMjb+Q==,type:str]
DB_DATABASE: ENC[AES256_GCM,data:1rRtAXfMaA==,iv:vErtoqpi1KsHVL0nQ6x2MVNe6JCKxjCxivXXjtUT6Uw=,tag:AYxHWADlGq4NHbcVx8QcHg==,type:str]
DB_HOST: ENC[AES256_GCM,data:sjYDEi8q4bAgpdnxin6yDBtNJw==,iv:6rxqBNvXSsE+2oxWbwiztmlxtKP8C0aeYMdmuGTyF/g=,tag:lRB3EwV4vwa64CI3xqi2lQ==,type:str]
DB_PASSWORD: ENC[AES256_GCM,data:PeysFTbHeZHTnkn0XlJ58AMZbS3EzANUQ8UnhQXRIoU=,iv:NM8c3dx8TlQkPVJGECnyg2L6JM7CQwlx/LQ59x15dY0=,tag:xuLow/AXp+yOUm4hO2527g==,type:str]
DB_PORT: ENC[AES256_GCM,data:yXp98w==,iv:a/jbQI7/3QMKaSJRiZGhdYBzdIzyNA0M3sL83bD/1is=,tag:PxauXvxyQlNo8EaFMzdjKg==,type:str]
DB_USERNAME: ENC[AES256_GCM,data:UOz2K8KusA==,iv:75KRLL7F0mtzESvfvVaIJiBqAz1i8JIcS2VwAMm3KVE=,tag:HmjzrLg4hLuAjQ88U3CDbw==,type:str]
DEFAULT_LANGUAGE: ENC[AES256_GCM,data:U2qo/Z0=,iv:duSb5g58hXy+BjmU51cWVc2APmz/THtQrmfKyWJL8Xs=,tag:3578FhaZxtyLXjFOJA7sVQ==,type:str]
DEFAULT_LOCALE: ENC[AES256_GCM,data:DX3VePo=,iv:d3P66DEPoI3yiZj00YaYVEsu9zCSQ+Nz0vCOxJjfkNk=,tag:JNeGcODHleBBOJrewOWq2w==,type:str]
DISABLE_CSP_HEADER: ENC[AES256_GCM,data:mS45ZNE=,iv:7twp7yAggJfGDKnoqoi4OY97uMQuOq1Y3y6LFst9qFY=,tag:mselnIDI/OzNplWsdq2YlA==,type:str]
DISABLE_FRAME_HEADER: ENC[AES256_GCM,data:lIO+3IU=,iv:/jCBrh9pxsNouU+glpvXqEXI3veHsqaHWkSDEJcJzHI=,tag:JHWUyPl6Ir+XczlkEm/xsw==,type:str]
DKR_BUILD_LOCALE: ENC[AES256_GCM,data:43nBSlc=,iv:pylnsBF4HORItmtHxLxaXjojdyazm1rseMtqgTwwX8k=,tag:mi7eWamr3l/H+foZUJYsJg==,type:str]
DKR_CHECK_SQLITE: ENC[AES256_GCM,data:TssvPA==,iv:N6kVxo9w7pjUy5PSt0nF3yPS7imaKaWbizPZdMv7rKQ=,tag:DpWzkfkFbFaQpuLTirsP1g==,type:str]
DKR_RUN_MIGRATION: ENC[AES256_GCM,data:6+nNEA==,iv:TxFrPKxoaN/neoRK09F5SJswfh+ULHw/tFQz+ouOOsU=,tag:UsMPAYDhgccBtBUAXxTNaQ==,type:str]
DKR_RUN_PASSPORT_INSTALL: ENC[AES256_GCM,data:rA1uHQ==,iv:TKV5pRA65C8FNHOrpzx90qA7maX5ld3aLCv/PrQamII=,tag:bqtT9pqHILiV1AEzkkYk5Q==,type:str]
DKR_RUN_REPORT: ENC[AES256_GCM,data:bqE/+A==,iv:PWlGji8/zVoosDeoWaTG4f9rDJwKOilwENI1JtzatPA=,tag:cHCeTgnB7c0TZ+9bSxFW4A==,type:str]
DKR_RUN_UPGRADE: ENC[AES256_GCM,data:76w+1w==,iv:XZwFW5WoWRBhfgM8Jf71IAEsWJxaWj6nmzh4arjV9IY=,tag:wm49cS3mMPPj0l7rNRm7nA==,type:str]
DKR_RUN_VERIFY: ENC[AES256_GCM,data:GE3u0A==,iv:hZc9+yCN781Hm/M6UrzAnFELJopG/m0PTaHCwJuK4Ic=,tag:SwJ/ujTY9VsrS8payg5FbA==,type:str]
ENABLE_EXTERNAL_MAP: ENC[AES256_GCM,data:jwbL3WE=,iv:EmuPlxlldYIK57w44oeiOUx4dNUx88avn/MXGw0khqk=,tag:6UqgxY3eTE/DQ4znx5NNzw==,type:str]
ENABLE_EXTERNAL_RATES: ENC[AES256_GCM,data://NWaSg=,iv:l1k7TLg2d4impHiGyHtVmXFBpHSK1X+MIIMEvqHmFCc=,tag:7FX96H6R+ez0corFjpzoWA==,type:str]
FIREFLY_III_LAYOUT: ENC[AES256_GCM,data:KGo=,iv:xvBorcd8fPvlGYeomuexZBtORPc7LJRII9pYP1ZNBsg=,tag:ibFX6k0a12rXElxRODc1YA==,type:str]
IS_HEROKU: ENC[AES256_GCM,data:Ffu4Sro=,iv:Q5txv1a/DcH+Utlr12zQJUBy4vlcdxcHFsNDWuWVOeU=,tag:NTay0IKz6s7a9dFpx1BZ+w==,type:str]
LOG_CHANNEL: ENC[AES256_GCM,data:Njfav/E=,iv:xwccazZYrtARU7xKooAnBKJcCDJH5xUSN0C+nIs8Pos=,tag:jI3pelMMZQQ37uuUmUmENQ==,type:str]
MAIL_FROM: ENC[AES256_GCM,data:ILVOrph55Ku8pIfsHtU8DjMuUjo=,iv:c4wzRvDugyRUbKZKq/fgQ2eP3CJ1wJzkQo89tBCZ0WU=,tag:tx2lUsnCBbYIk0h4gL/CBA==,type:str]
MAIL_MAILER: ENC[AES256_GCM,data:rdoZ,iv:NBi4YtbtTkDJHQmXBu9lGUfCWhfRgtYLI3UCayMpq2k=,tag:o+cXYLXlJ0bWVQAPr85CJA==,type:str]
MAIL_PORT: ENC[AES256_GCM,data:lffjiQ==,iv:GsZWiMZGuhpPJfX6vPcr3PKuq2YXS3oQ8v8NojufyKk=,tag:rHcfDoLZdU5wCQR4g/qV6A==,type:str]
MAILGUN_ENDPOINT: ENC[AES256_GCM,data:rrw7Rwjo//tdEyxN98pE,iv:3aeAQM4RV5hDFfZ08voXgk7IrejoM8YACluo75AmRrE=,tag:cAmTiI0vPAnY7NX+YlM6Og==,type:str]
MAP_DEFAULT_LAT: ENC[AES256_GCM,data:i8I6LaPPLFoi,iv:sG6dP5GS2G6kGXEsn8P3KJmyEThJ73WIN2gkMJwNDBA=,tag:uefjbg5pZdIIONBklcsSyw==,type:str]
MAP_DEFAULT_LONG: ENC[AES256_GCM,data:+ESO4h6cGSE=,iv:hAFNmDfc6XWnQbpLQXjUsdZSOwPu964MlFBXYsNr9O0=,tag:iXfs5Z+Ojojzp2H2u1kHxA==,type:str]
MAP_DEFAULT_ZOOM: ENC[AES256_GCM,data:zw==,iv:soYKokimSKxSS0x9nM7GcZfpXtwxjuXVls+KFh61w30=,tag:ryX2Rj1TakKRfynh7bFEtw==,type:str]
MYSQL_SSL_CAPATH: ENC[AES256_GCM,data:Mo68CXbhV7kK5ZGi5MS8,iv:pVKSl5Tu8xzZVk4FX0DIA3vpVYZ9V0RXtfkoUTYeAAU=,tag:bez1DYHFlOn5TZ/oz7F6fQ==,type:str]
MYSQL_SSL_VERIFY_SERVER_CERT: ENC[AES256_GCM,data:DT7Jow==,iv:ZEOzfc0IepdvDNo2vWanOsYAT4EGLvFnSpL8qiiOwes=,tag:eEilJ8cwgCer7H/8qpDPgg==,type:str]
MYSQL_USE_SSL: ENC[AES256_GCM,data:rsKgGpE=,iv:nEJbHiaqOvVauAtCyL6uvfmkAmgvjjSFb28L3/j1PmU=,tag:6d5whsZ30buXkc0W4+5JIg==,type:str]
PGSQL_SCHEMA: ENC[AES256_GCM,data:pmFdRyiy,iv:mYXXlj7R7T3RTuK7QNRKiY6HwCezQYaMpn6de0st+FA=,tag:xFs7kAnFuRjDVRjKyyrJOw==,type:str]
PGSQL_SSL_MODE: ENC[AES256_GCM,data:/spE//X3,iv:qCBP7fJVFixBrB1ApGti1Nq0S87RcVxpHqmPBW9GuWU=,tag:MyCEseplfPX9PNdoqGLvmw==,type:str]
QUEUE_DRIVER: ENC[AES256_GCM,data:tTmRSg==,iv:2KdDPsJ9PlyHsVsFdknC7A4cShE5bBBpRxWslF/0wgY=,tag:7QN0MlfyoDyukmAgmgQvxg==,type:str]
REDIS_CACHE_DB: ENC[AES256_GCM,data:9w==,iv:MKfWJO941vxlJ0VP/0ob9JeFnHkI+okOkd/ifxkbKTA=,tag:PyyjVTRCUSvZxpHekP9ENQ==,type:str]
REDIS_DB: ENC[AES256_GCM,data:Bw==,iv:h3v/+cO1W7eGDAGjVtgeDh8UekMg+ZvIRkNZx+iE/Es=,tag:nF143FAtE181ZJfAjtau7A==,type:str]
REDIS_HOST: ENC[AES256_GCM,data:7hVDI2P+443UGlw/jyBFmNTDBM2p,iv:sbLD+/wdDEiKYpR3ttrey6HTlI5n76trH3wZjU7s3uQ=,tag:qZP1nb9+tOr7Lm4i9HR4wg==,type:str]
REDIS_PASSWORD: ENC[AES256_GCM,data:/i9UM5Cx6h61xbDQ//ocmW1BtmT0LILnwwemOwaTTkw=,iv:FINFRW1006Ljnb1JSi+Ctae3Jw9xR5EW73Ut8FCNfHI=,tag:+6raDqY1TgQQgbkcCcbCLg==,type:str]
REDIS_PORT: ENC[AES256_GCM,data:ME1O4Q==,iv:FhqTqv645wnhhQdGW0IsemeXOlJuCKjbMa3tBw0kueI=,tag:b7TdkDklkFwE/X3lE6XZGA==,type:str]
REDIS_SCHEME: ENC[AES256_GCM,data:puE6,iv:XvOpz9QO7Fn14bbHT8L2p0HquNxIzxomN3Bg3K2NOQY=,tag:qerZcGVGKXW+YAyj6RK9Tg==,type:str]
SEND_ERROR_MESSAGE: ENC[AES256_GCM,data:9xoXVw==,iv:m20IvyDsNzw7v3U8Ai34MhhxrIUGnU3OK9LHwZAdlJo=,tag:BgrhqBiqc9RYo9EzOCvSsw==,type:str]
SEND_REPORT_JOURNALS: ENC[AES256_GCM,data:+ErZjA==,iv:dcrc2+U7MoSBQ3b7w2qe0wIb50AbLDQ8/N9TK03ub5o=,tag:ub6+5g77qZxq8IjxDmk7og==,type:str]
SESSION_DRIVER: ENC[AES256_GCM,data:QlF9bSQ=,iv:I1cjDE4EFVG166ISZaNuM0eFMs6U55y7LUl2cVIONrI=,tag:VxKEC67A3Y0IRNKJ/nZV0g==,type:str]
SITE_OWNER: ENC[AES256_GCM,data:KbzTQ/QdlMmxnSDr1mCo4EG9,iv:287MEAzZFE3+zp3bWWA5Y2u3w7iQH+7AAZ812I4Elx0=,tag:TlljmsgLww7EJIBMdDrKvA==,type:str]
TRUSTED_PROXIES: ENC[AES256_GCM,data:cAU=,iv:MBL/z8pmM2CxlDT1sY4my2gC3jsDo6O1NSa11w3en5U=,tag:zqzHOR69HT3+U7tQOFQQSw==,type:str]
TZ: ENC[AES256_GCM,data:45gLKxH0OsAfMPkgnjKgWQ==,iv:P9CUovVI4WSfZi1nyFHVzHJ7Oioai1FUZRcgBNhQb64=,tag:S7IF8Oxg7hYNcT0mcgkg7Q==,type:str]
STATIC_CRON_TOKEN: ENC[AES256_GCM,data:1xck+8s3ifQmregeKU6891pErxZy86fO0I6XPE83l3o=,iv:XSsCSJkkGwG12f2lhd6IDl07OLVCW8J/945acFP99lA=,tag:XNxSQGyHvR/6/A3EVT69gg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2023-06-17T19:05:29Z"
mac: ENC[AES256_GCM,data:GWtQz5/wKpk38ZYLwn+kGyCT8hFo2SmoaI9vuEFju6N9ipJW1MNQONqTx/Qa8Cje8pT7xIxdoTf+23PaFG91v/gcilMCYjE+OFnVBk80d6ZBTXiSmoQ0DYO3hWiXyMfXTJ1OPqExOkY09QSAfXOrN0JphnWpPNZnaVuxMJZS/Og=,iv:/QbEi6hhsPpeSa5bOxPObP8UUpAwA/I6wU8VXQ6NcOc=,tag:FYYj1y/zTl82SVva0oauuA==,type:str]
pgp:
- created_at: "2023-06-19T18:36:01Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMAzKleRwoSoixAQ//So248m5bmfJG0gp5ZIAK2dVhH44xEg/6yzZ6TC9W4px2
SPqB+gmwswX64NGcGZQ8LQZExyy2poxh7lfQHIdsv2QSTbf0vmOZqG9L7Fv/DSU0
EnUpt04K1yyVyW09tlcE/SIyMy9HhWyH0vZfwqHc/pHnaAhZKEuBH+kFiNPz4Bfd
xtXeieOGYV9ois2vM2NFNohEagrkbpMb8ZEOrWlB8+ZJZhkIeNc2kA+w0n0TEEtR
WefrBwear6YloK89hEfWRdJYksfKvOsU7U+L6MKpMxqGBIpLIV5kTifRAt8pdrNX
m7MY/laTWcqTp1VXUMZQUq+tCa/jjIh4MDvmzGcrRfhSLDvkFz8W43yHvy/hTKgc
nes55vhrWK9ABcZ5sZ3xdfH3ys3tODUsUkaLALaCbXUdg15cQRwvdNkgHou/oY26
jAc38EpeBEtIpkH+nBHLgbflFkElqOcpcS/5OR4mL0dGQ0EhhYTzxES+jcVYg9ka
Na163uPvhNnFNMUACKsDU/u2WngU8B5ISjlsiX9EkbKqDgHrLSJywKcoYESgnU/K
q+24HIFH8cmghRYJZ7SXDahsEw8VrcqQEWTSMM4YnwJeBZH9pjeUK6RySLHxK9F7
rK2djzc6so2Lk/AhYot9FNNwXWqrBKQq7kjFF8Mr6ALydZgst/tSBPtpTxpADZDU
aAEJAhDuDefWmaUMfyK+B21JoUTJtAp1icQZrIFg+mTH+qDWPXdpM1qsaci59aq/
vkML3TwjiytUNRMVORlLPv2z8adUuXIgPx8yEclTxCDKM3bqIfVs1xj2GAItyO4K
XYBV8oIdHegO
=GI4b
-----END PGP MESSAGE-----
fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5
- created_at: "2023-06-19T18:36:01Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMAy5t8IMoPu4VARAApwoZ01GS0soprXAf20Ye1XQVLIFvIuYjub01ibNZmb3m
uJiPyClzMqcjy6TKWvCc6sT1W5DQ3aY9E1ARhgwR/yaIZ31WvNcnLczaOACHPlaW
7e4o9tauN8CYpQqPmTxDyQehKe1EbWqq+63FRAUV0+9qEY/ACCwNtv1HCa2dgyto
0I6v/BmW+KJ10iGCsRv8g5IgPSjYT66a2fsDg24kjtqygHwZ5BPe6xUBJ7zxCmVT
z/3WKaNx5Rdv8l45QQcl2fe1qNNdljJNgowCq23uODcQPJPGEY4wOeYHOlGTKE+E
JojnysVUhILhZtTZ5/AcP36RCzMDGQX7wYtvwh6bgf4qf4InX8+O/WK3u+jOreUl
zbcy/lB7bsQ0usZNPsfy2Qh2LPlziBce9JtkPnWXBwS+lZUCXKDS8pizmj7DZnlo
+3L1f26rn21ye/iOyBArzVmqI4QLJzHJI7l6TZgvvv1dZKHyLW5jCHSq4f098roO
kIKxRThFvTZ9jqM7uDYGiAsGt1L7p+HJRY5WdAVGEaL8jWADW7jjF8qTF3BJ05A9
OgnRxIew6ofB5WeYSrU5dn5di6pTNI6bqHVHbZf3BTrGwdpqsAcniUtDM1FAdU/4
QtB7tXNAYV+ZTDez/MMm7l1xKS6FpPbM5ZUtrcv27I51e2HAyYSsj6FNWWyvXEbU
aAEJAhCfDkAnvink2rBria46BR0IPWSLaVEpnusa/OED/Xw4EEgiFq3XonPTHaqG
iXSfeD0XauMxpLan+YesEv9SRP3ef9iX5OGNwVPpIDlkOyUztBWtf3I7tP2LCf2p
/GKlxeQfAlpx
=zWYo
-----END PGP MESSAGE-----
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
encrypted_regex: ^(data|stringData)$
version: 3.7.3

View File

@ -0,0 +1,54 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: firefly-iii
namespace: default
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 1.3.x
sourceRef:
kind: HelmRepository
name: bjws-charts
namespace: flux-system
values:
image:
repository: fireflyiii/core
tag: version-6.0.30
envFrom:
- secretRef:
name: "firefly-env-secret"
service:
main:
ports:
http:
port: 8080
ingress:
main:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
hosts:
- host: &host "budget.${SECRET_NEW_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
persistence:
firefly-uploads:
enabled: true
type: pvc
accessMode: ReadWriteOnce
size: 8Gi
mountPath: /var/www/html/storage/upload

View File

@ -3,3 +3,4 @@ kind: Kustomization
resources:
- ./env-secret.sops.yaml
- ./helm-release.yaml
- ./daily-cronjob.yaml

View File

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./fireflyiii
- ./cdn
#- ./gitea
#- ./dendron
- ./trilium
#- ./whoami
#- ./msrewards

View File

@ -0,0 +1,62 @@
apiVersion: v1
kind: Secret
metadata:
name: msrewards-env-secret
namespace: default
stringData:
TZ: ENC[AES256_GCM,data:rIp7EMSrKApRg03l4/59Xw==,iv:A0cFOA2pr7CvjQBiCcequq9WAA77x2k8iqTlMJ9lJBU=,tag:dYdQDtA1H1h/CufVSEbQGw==,type:str]
MSAccount_0_USERNAME: ENC[AES256_GCM,data:JIW/ueWXYfgP+rgMR/7aXWWyuRP1YQ==,iv:P69ybwaQPFfMJnfDiVM3TSSlc2YkAUUM6VANdhgFDtY=,tag:GlZwS/nWOJfm7NQzXLkPFA==,type:str]
MSAccount_0_PASSWORD: ENC[AES256_GCM,data:nUWE5vW9iSavWPKhVWcn,iv:NWI9ILx+M8EGWi4jaor8MpRWL9SYXibOp9Nct6rVB+U=,tag:CUqpuogj1BJk2ocicaj5vQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2023-05-15T02:13:48Z"
mac: ENC[AES256_GCM,data:q1QBZ3bGr90qXXHKEtKuSfC39pGJ90ss8cJtD8CIZYYB5CQAuz0fZH6nsim6FoyYhWXDzlDo8HH7Z+bLJt1BGXCSa0SDaOe9xcSZtBinSapTQ3sYSRul99xCD7QHGGFXZtYbPjCRv/qj58vRTLXHKejnh8hCbPJsNYCYYuBGXks=,iv:HDIA3WDGZwXhwRjioGnd2KHwWISinLLoxS4LaHLgRAU=,tag:ux9KEs0bYQUzkpnBdrIQAQ==,type:str]
pgp:
- created_at: "2023-06-19T18:36:09Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMAzKleRwoSoixAQ/5AWY3FJu5a6Gdw1bQSYp8vcQM8Y40oEcm7K8VGQITHLvc
EFMd0EVZal9czdTuGMjQCMfKYw2PumPbzNUzhejJOVG17vmJ8fAchK3XiF0Ru4pN
2zcfzP35WA5/2npx/A7Mqds/BZ/jG1TxzgRH5XH52Rnq7/hJnNlMiLjmLNfTSRA3
H3lT3lU6RpQsxXSTzWkuyHmPj/6fl68Yq8pjqJz1dW2wsbE911wHvwYKeT8xeOYa
p7JRQSnEssLisIy1PItXX3uNyaEPoLIUUpJjKA8pWIDeR9iVEnytM4UhrPxYNWTQ
hqw67pl8sROHNTNNxwJ2mcbvxRareVRMJpQFF9F4c3Qy+Dqfc38bIJWCsBois97x
0mqFyAdhDneNdmTUd8Mxvf7lJ1N/ZBXhNIaWmmEyHocadlgkNC2gu23KNU4iH0n5
jj1qARSTnoPQGZ7Xo+zS7rPrvN2khILW0LLQWwXYy1Tm2OplApx3R9DmQkCfzO6W
cYWbW7ANmk7+6hnopJnNRAn+vVnjoR8GLBieLt3lJQAx76H7IzyLdxgI6Wtkh9Vr
vNbg+l0YxkGIqaIvsk5/w/pmSiw37m+tsFLgRZZdLKXdQ9ZSgV9pYzdH2e3wBD8y
haQzBZYEPRuVQ5QEiE6/HJSHJEmY15Z7DEwHzb7qoWn0Jg0fyyyfC49jKQt/dZTU
aAEJAhD5okv70Fq0Uer6t3fbvyVFqbOkbTLxErN/VYGRJ9xWype9rSEa5jnEPVSe
V3KhnB+sU6ROJfxIT0145Hi6+BWK9qYCmUS6Qncupywleda88Qaw+TGT6b+LUNnk
e0+sta4SwbYi
=9koT
-----END PGP MESSAGE-----
fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5
- created_at: "2023-06-19T18:36:09Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMAy5t8IMoPu4VAQ/8DgLVCG813l/YHqZqrSKHpQNvolT2fIgxGPwWoCjpiDvL
C572dpnQpZ9dAU5J2i0UMYeH2MXnwHqSU+QcWXTcPPjmKdB0Pj4+BCsr/zUdHJbe
AMab8vqBuiOR9lL57t8tpV3HmhbKkDbUjL1BPBe+HBfFXjLNXu0HaIbChPAoroke
wpbua7lXQKyAle7Do9ROXO5Ol8nL548Kr1hYsZbhLBOJHYdW2O0OpTN80DtNKyhR
BEeKUrcAgXFLBXETPKbUgGELHJkn7LBiyxBHQJ7ihBrr8J0uH+4J5ucFm6K8iROs
KGjYLtmMWq9MMJTP7/I/XYlwaJvyM85LvBEkCWdEAFy/9JaQ/FXPM8BpqdVdB709
dt6smhY0jFd/J//0pSPW+qpyfp5tzY54IkYLM5BgU9G5pyQKV/SFsa446K272V7S
+yaBrpnEJXO7Wh2cAI5RKCkPI+YdvVpQUGnLVeMMBw/nMDG8wG3qI1lNGbetoCWr
P8K05M1rvKvwXY9mdMtnJ0hisidJwWxk2UohOV95Wpkd/EYsnzxuAsmwb3MrpeSi
c5vZluoxgDNZssnKYqOhavBHs15vIdevDB80X2ljeVrODX+HGfNrnTZ9NNe/TF2o
1aR6vUZ/rykJfYD2OhqX8hxD2ti9YWhOhD/TWo0mS/zMN1AxRbBRZbIg1YdoRYXU
aAEJAhB7B8y40+mMvqS8MEDuK8Bz5CQ75FyXA+hLr71ui95SQHvJgXpO9X8UkRJj
kxOXz6h4198C4iiNpcl9oXEtcNZRMUEm0Vr+2RBsK0phOJamlMKBwhExAcspHNr3
BiFxA9mIhB6h
=0koQ
-----END PGP MESSAGE-----
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
encrypted_regex: ^(data|stringData)$
version: 3.7.3

View File

@ -0,0 +1,35 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: msrewardfarmer
namespace: default
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 1.3.x
sourceRef:
kind: HelmRepository
name: bjws-charts
namespace: flux-system
values:
image:
repository: ghcr.io/binaryn3xus/msrewardfarmer
tag: latest
envFrom:
- secretRef:
name: "msrewards-env-secret"
service:
main:
enabled: false
podSecurityContext:
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch

View File

@ -0,0 +1,50 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: trilium
namespace: default
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 1.3.x
sourceRef:
kind: HelmRepository
name: bjws-charts
namespace: flux-system
values:
image:
repository: ghcr.io/zadam/trilium
tag: 0.63.5
env:
TRILIUM_PORT: &port 8080
service:
main:
ports:
http:
port: *port
ingress:
main:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- host: &host "notes.${SECRET_NEW_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
persistence:
storage:
enabled: true
type: hostPath
hostPath: /mnt/MainPool/Kubernetes/trilium
mountPath: /home/node/trilium-data

View File

@ -0,0 +1,45 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: whoami
namespace: default
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 1.3.x
sourceRef:
kind: HelmRepository
name: bjws-charts
namespace: flux-system
values:
image:
repository: containous/whoami
tag: latest
service:
main:
ports:
http:
port: 80
probes:
liveness:
enabled: false
ingress:
main:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
hosts:
- host: &host "whoami.${SECRET_NEW_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host

View File

@ -0,0 +1,72 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: code
namespace: dev
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 1.3.x
sourceRef:
kind: HelmRepository
name: bjws-charts
namespace: flux-system
values:
# Add init container for pulling znc modules and putting them into the modules directory
# initContainers:
# pull-module-source:
# image: alpine:latest
# command:
# - "sh"
# - "-c"
# - "sed -i -e's/ main/ main contrib non-free/g' /etc/apt/sources.list &&"
# volumeMounts:
# - mountPath: /znc-data
# name: config
image:
repository: codercom/code-server
tag: "4.23.1"
service:
main:
ports:
http:
port: 8080
probes:
liveness:
enabled: false
ingress:
main:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
hosts:
- host: &host "code.${SECRET_NEW_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
# persistence:
# config:
# enabled: true
# type: hostPath
# hostPath: /mnt/MainPool/Kubernetes/znc
# mountPath: /znc-data
resources:
requests:
cpu: 1m
memory: 4Mi
# limits:
# memory: 200Mi

View File

@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./namespace.yaml
- ./network_policy.yaml
- ./woodpecker

View File

@ -1,4 +1,4 @@
apiVersion: helm.toolkit.fluxcd.io/v2
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: woodpecker
@ -8,7 +8,7 @@ spec:
chart:
spec:
chart: woodpecker
version: "1.6.2"
version: "1.3.0"
sourceRef:
kind: HelmRepository
name: woodpecker-charts
@ -20,16 +20,13 @@ spec:
replicaCount: 4
extraSecretNamesForEnvFrom:
- woodpecker
# https://github.com/woodpecker-ci/helm/issues/154
secrets: {}
- woodpecker-secret
env:
WOODPECKER_BACKEND: kubernetes
WOODPECKER_SERVER: woodpecker-server.dev.svc.cluster.local:9000
WOODPECKER_BACKEND_K8S_NAMESPACE: dev
WOODPECKER_BACKEND_K8S_STORAGE_CLASS: mainpool-hostpath
WOODPECKER_BACKEND_K8S_STORAGE_CLASS: openebs-hostpath
WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 5G
WOODPECKER_BACKEND_K8S_STORAGE_RWX: false
WOODPECKER_BACKEND_K8S_POD_LABELS: ""
@ -44,16 +41,13 @@ spec:
WOODPECKER_BACKEND_K8S_NAMESPACE: dev
extraSecretNamesForEnvFrom:
- woodpecker
# https://github.com/woodpecker-ci/helm/issues/154
secrets: {}
- woodpecker-secret
persistentVolume:
enabled: true
size: 10Gi
mountPath: '/var/lib/woodpecker'
storageClass: mainpool-hostpath
storageClass: ''
prometheus:
podmonitor:

View File

@ -1,4 +1,4 @@
apiVersion: source.toolkit.fluxcd.io/v1
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: woodpecker-charts

View File

@ -0,0 +1,64 @@
apiVersion: v1
kind: Secret
metadata:
name: woodpecker-secret
namespace: dev
stringData:
WOODPECKER_ADMIN: ENC[AES256_GCM,data:TXqVhenIfPfwv1WZs3w=,iv:SxyUU9W+V/NBVqyjuMdWgrMpekp8apg7zV5XQUv8/Uk=,tag:TE4vesnF4ptKHumu9Rt69w==,type:str]
WOODPECKER_OPEN: ENC[AES256_GCM,data:GOD8OA==,iv:39gfTyWXmsUoRg8GuMP73bM16cN0CkY7AhJ7mKX35LI=,tag:j/L+C/O9WnWgexL29HznjA==,type:str]
WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:8jjlVX8rqX4YVUNj7pbwPCo+hYMGEwSl/KQ68yRi4R2aj8p5yddxQ8UH8hvRXEEhU3DX5lFW5mXfN+8EROsQuw==,iv:6y6ygCjT+stF3ObFZzNS8Qi2grJJCUSPzus/ebf0qcw=,tag:vCF4jrkT/h4PoOt5IGy6dw==,type:str]
WOODPECKER_GITEA: ENC[AES256_GCM,data:dLlVKw==,iv:wASS5ZoS0sBGuVB6pjygbPwp+33rDwV2x1intu2uguA=,tag:HumjgcBce0rXT377OhA3bA==,type:str]
WOODPECKER_GITEA_URL: ENC[AES256_GCM,data:cxw/whpjJ+FtymS6lT+M6Ayiz8T1ZZ6Bsw==,iv:6C3oTJ0FOXSKV5Sh5YHI5mFMH3azqBgCARWyKijnDdE=,tag:yt17NnyDlgyfrPJ6VLHjaQ==,type:str]
WOODPECKER_GITEA_CLIENT: ENC[AES256_GCM,data:OlwxTSfjtmk5MuHZ4qo+o3OkDfUOspBgS99q26doMrqC5Nj9,iv:mTH7jclMu47GoTlJstwTWXh+6ZnFwUSy3JBn1Y0dusU=,tag:KgHThNxIj8wRQdimtlv7EA==,type:str]
WOODPECKER_GITEA_SECRET: ENC[AES256_GCM,data:Six91NP9wP3HFFIHP4o2Q8k+JLEDbrhRKC520giheJbcFlpwWwN3FBwAApKDCIuV7/UrjKPs++E=,iv:yv8b5+PQ/eiLOBNV+OJ+WlCVIrZz+oPAcsNu8wfFU94=,tag:joSpLIzSAx79v/1kobMnyQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2023-09-07T16:43:19Z"
mac: ENC[AES256_GCM,data:JreywI1w6bDLlCntqpTfX+kNGO3GN4FT0egf6zi4dUwhIUOXRmVH0AXs3pYm8/1fMUrovG0W7uRXfHu5C28k+scEdLjuMhJbjz1yz6Gc9ewByN/nFGxS4vWdMkMQmPzi3Xnt7teVNkRXvlVODE9Qsn0pD627B+2sBboHar92kmI=,iv:hZ8B/oeuhT3DM7YENXbdYXI5toSG4xtp2iEyCSTxJQA=,tag:pHAE5CVr9xEMuAByANrrbA==,type:str]
pgp:
- created_at: "2023-09-07T16:27:38Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMAzKleRwoSoixARAAhfLs8yfYdUsm2H1rpnJ+s7IDvmPJfz1Zw6/IGxHKkXhJ
jeciJZX3D/Xkit5TTL8Rn8dj897bCORWd7Cr9hNj7sae5ZANiIQJAfraF4vsZEV4
GUBrxNOp+pdCqOc3NhE3p5jceZ4COgeMbIR0MFuOip6KOJR9Xi3y9UmdSpQn8T1V
SH5RpBpgmNk9P2q2I/m9+XtIBcvN1nXWRbblsrZ5g6JTacatBcjXInmvmEeMoABd
SE0BT2HHa+0i71MlkJl8qNcg5YWQAOPPa2NS0uJWBGwjn7M13eaiDIgmFLGXWd+k
UrAfAatrG7psg3bwGztpsTKoA6TvwJxfm3hba7FwsfhsWLlikmh3cOvaoS9w0Edk
WuIFrIjHnoHTGfTz63fUg+zyQHwCgxi17FKyVaz/zt4JgXQRw9OLwz1xurRjb2NG
INbkLShkQHNSvqG8kQNfjs5q34EE33N0C2TY9Fl4O243UdAd/jRM+3+QsDVQaEAZ
KYF/ZA/Df31dk637fQZABKdpmXqU32Gk/ZFGJhYe8GDLafI/tdUZQTeL/UA7NuQ8
D65at6vbpIgmOIfIAxuGPtNRksj0KEnJnqVj2U7dw/7rqNoZHPue36vQt/ic/dYO
f6jsX5fXExvSmI1w67sr2u/PPIPBn+ZSzRlUgUe38QZdDwxWq4GC7PcsDWVuMxHS
XgF/ki/LVMK6bI6FVJR/Cdrj5I9CjBwdQsmrMHoEoJXgpKY36E3hKK1Ryqs0qLE5
l/SpCEF8p6UBYd4Qlpx6Vc79PC7LbyWFENZvdPK9dIP1d8ssXsul1fUVHBPD4g8=
=wLQl
-----END PGP MESSAGE-----
fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5
- created_at: "2023-09-07T16:27:38Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMAy5t8IMoPu4VAQ//QYrbS6xfuWOrZ+NRwfqXJsDC0mVoDujFHUL8clhIB2dT
Kh1DGcqthw9cKRgkEc7Bz46GFak01XNP3EC/tl+B4Zwye6FSoGVabzC1jB8PwP2k
MeFtVFGQa9iBC/w+67wng2ELypLCVVye9Fd91Dzm7ezk6FuU/PprXRrCcW9UHyXj
9cMP87OE3Be/lMTuN9iz2PkNVg6EgHWtz6EIjDQYH3UFE2aAWeG4FuuYy2mdES4c
HO1/D2pf21LUAOkABe4ifgyeWfUfTSnshUzegvShQRohMdLohSF9lbH9l+o8Hvwx
ECYfq9jW3vkRpleZA87hsVyhBD8TCuGRByVgQbYRlrnC/kTyJllRdesYEuFN9Cqj
QEoD1nCrhU/vdNLR0o7WWIxl6jFYmroXLW5q8SP8XX1KPYIXzupWq9tHu6CHfmtr
/yBq4rbZOtAFitntg+FCMld2lmw1kr2H4VDxBGXdoC+va9PkjIS/ayorSWgmogck
tgR3wJzFA1Bi7slxyJfZhRxTbPCbrny54j4291ZcBbB8pzkACQErvomXTdZwaclq
laMQzrGoLF4MdmDnKcMQvAvgFimEd2BpPCJsxtH2wLgEfRodUzbb8dIZM+EEVbaw
XVwFzjOLnHSLp2JtkGDW6eNEJYCk7kxQtkqFZ2etTtO3E0JKiIHatX4wygMcWoLS
XgFyASgFilpOZpv2rE8A/90Mt4lVZrQO2c7dIRMaEqAOcCKWYxjshQ+/spkKe9eB
froZsj2oV5ZtVwfpLG7Pw8R2taPu5DQ8uZHi9XdFPmYwmqpjEj3uZA+oo/NjgEY=
=XD7x
-----END PGP MESSAGE-----
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
encrypted_regex: ^(data|stringData)$
version: 3.7.3

View File

@ -1,4 +1,4 @@
apiVersion: helm.toolkit.fluxcd.io/v2
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: bazarr
@ -17,7 +17,7 @@ spec:
values:
image:
repository: ghcr.io/onedr0p/bazarr
tag: "1.4.5"
tag: "1.4.2"
env:
TZ: America/New_York

View File

@ -0,0 +1,110 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: deluge
namespace: download
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 3.1.0
sourceRef:
kind: HelmRepository
name: bjws-charts
namespace: flux-system
values:
# defaultPodOptions:
# enableServiceLinks: true
# securityContext:
# runAsUser: 10000
# runAsGroup: 10000
# fsGroup: 10000
# fsGroupChangePolicy: "OnRootMismatch"
controllers:
deluge:
containers:
app:
image:
repository: lscr.io/linuxserver/deluge
tag: 2.1.1
pullPolicy: IfNotPresent
env:
PUID: 10000
PGID: 10000
gluetun:
image:
repository: qmcgaw/gluetun
tag: v3.38
pullPolicy: IfNotPresent
env:
FIREWALL_INPUT_PORTS: "8112" # webui
VPN_PORT_FORWARDING_STATUS_FILE: /tmp/gluetun/forwarded_port
envFrom:
- secretRef:
name: qbittorrent-secrets
securityContext:
capabilities:
add:
- NET_ADMIN
# volumeMounts:
# - name: gluetun-tmp
# mountPath: /tmp/gluetun/
service:
app:
controller: deluge
ports:
http:
port: 8112
ingress:
app:
#className: "ingress-nginx"
hosts:
- host: &host "deluge.${SECRET_NEW_DOMAIN}"
paths:
- path: /
service:
identifier: app
port: http
tls:
- hosts:
- *host
persistence:
torrents:
type: hostPath
hostPath: /mnt/MainPool/Media/Torrents
globalMounts:
- path: /storage/Torrents
config:
type: persistentVolumeClaim
storageClass: openebs-hostpath
size: 1Gi
accessMode: ReadWriteOnce
advancedMounts:
deluge:
app:
- path: /config
gluetun-tmp:
enabled: true
type: emptyDir
advancedMounts:
deluge: # deluge controller
gluetun: # gluetun container
- path: /tmp/gluetun/
app:
- path: /pia
readOnly: true

View File

@ -1,6 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./victoria-pv.yaml
- ./qbittorrent-secrets.sops.yaml
- ./helm-release.yaml
- ./dashboard.yaml

View File

@ -0,0 +1,87 @@
apiVersion: v1
kind: Secret
metadata:
name: qbittorrent-secrets
namespace: download
stringData:
#ENC[AES256_GCM,data:hVUP0NEEjjTAhzZapPc6d3PLvp7huWcz4569GPJRYd6eqH6sF8cPGiK0E10tT0iJt4kP0U7/kPM7qBB7O1/8,iv:rbSlay66clsnC5xp3IdtwgJhFzlxDaUZJc1Q0b7N3+0=,tag:nqigGlMYCYsWsGsZxxS4Hw==,type:comment]
#ENC[AES256_GCM,data:FIiiG1vanmdOLUrWPeUjb5+ekdZsuq1R2bxYcS3xAg==,iv:HUCzR7Dx/KXWzRvdKordFBFBJDfgrBkWEF2qOLGVgfA=,tag:U766fJaNH131ZFJRJji3ag==,type:comment]
#ENC[AES256_GCM,data:ZWwyij95YeT4abl4nusVAtVKAOVZpZ3IQlYAbap8Ui4oM1itnT/+F71aQu2gXw==,iv:/QtzKsXHzWYiMPpDeCbGQCVQQun6oYyRXAxePkcZ9is=,tag:z6xg79aDKwC8QEOtfGD9oQ==,type:comment]
#ENC[AES256_GCM,data:AIdqoKOrhrf5rnugikueqMIKKNKpIsqo6RMa7eJVhNhlIg==,iv:Ya7fOYgUovLcyFNFdHKRUMqx5ktGzRALIQDOGC1YnF4=,tag:lr46wZGUabTwfg3BJWcwSw==,type:comment]
#ENC[AES256_GCM,data:0hNlKrkzjadwxpRTXAIwfojellwKHJg+nhIEuGA+GrxvXL0ugqLLpqMNx8BNfWeFabM=,iv:HXnrLionvffl9JhatiBpxMNLaIH2+u63QCoh7Da8P8Y=,tag:ymk37nn1TM2izNzoTGaUyQ==,type:comment]
#ENC[AES256_GCM,data:8T1/jb66IO0okMOj2xzRm16O+dt2qELM+dEpNCaM4Q==,iv:fQOmpHJbaa6ypMEplwRaSnNTayuVPgwhi5HFz2C+zQ8=,tag:tkN9DprLBQL5U+kDZs4cMw==,type:comment]
#ENC[AES256_GCM,data:vUURELYCT9rnL2M4iBPx2rNxgf0VKdLdOw==,iv:oFvw78CxbMrfbTXjD1vsMSizwXQjWqL60LDnpsKrxpU=,tag:YuoAASoyxTMofzifie4qaw==,type:comment]
#ENC[AES256_GCM,data:G7nmvZ9A9MUgk7B0d/0LgoUSN8qgEX9xTegJY8LeT4AL2LrpnvnJ,iv:ade7/zMMSnKyx9ennhNSt6EOZndVS8YnvazOlcRwgug=,tag:13F0PzeCTf4sq+fLjUQgwg==,type:comment]
VPN_SERVICE_PROVIDER: ENC[AES256_GCM,data:d2bwaygE,iv:/H8eRpF+0uI3TsCtumIDLa3GqQsdpaupKRrO0NKTEAM=,tag:k2/4aHPO/T/WxeHRDAMJfA==,type:str]
VPN_TYPE: ENC[AES256_GCM,data:2Gdi1FoRXKW6,iv:vmaw8ipZnuNWDbIDM7dNXJB/ayzci+eodkoh4KmfQ5w=,tag:l9aNpYxTZpscqWDOCixT7A==,type:str]
VPN_ENDPOINT_IP: ENC[AES256_GCM,data:zSIcxZqiW34HEb8lH48=,iv:6emH7gyPiUC0JmAfH8iMdAb5DX1rLfqWQ6L7QUQBies=,tag:TOu4qMiHc7sr8EN8VLfxtg==,type:str]
VPN_ENDPOINT_PORT: ENC[AES256_GCM,data:lGluLJQ=,iv:f6mOJ5dhdGeft2aiN/RW1Dnt8C0CUTfzyh0q0Tmb/Qc=,tag:pSfgALoyRyWkJ0fZ78L68w==,type:str]
WIREGUARD_PUBLIC_KEY: ENC[AES256_GCM,data:jvpuoU2+Ff3EZIam8PoKkti8pQ4ZFR6xZbtCDXR+r/2duP84/WoPkpzvEMQ=,iv:JE7l83HBXYgAgeAVkYt0UsaTw4FWfZCyf9NRkcvadgw=,tag:gMInhqSiuTwpmioxnSrCpA==,type:str]
WIREGUARD_PRIVATE_KEY: ENC[AES256_GCM,data:ykpzCsvp+5w22IsHyjuRi10qPgE0sL6ygOvuhYChoRFnsgsL1D3XAbnZCUA=,iv:tvwPYaf/4Ggvw13kZp590bLbMsWtoiY/X2DQZ5SSj8w=,tag:48QQWi3rA8a0LpUEmKhu7Q==,type:str]
WIREGUARD_ADDRESSES: ENC[AES256_GCM,data:/bT2RKklhM2gsqA=,iv:8Dhb7S4TxcZyvldAiZIjkFj6sm1xEQ8t6zHgQQVnrfo=,tag:6wept1RssiW4e1gyXXtkeQ==,type:str]
VPN_PORT_FORWARDING: ENC[AES256_GCM,data:e8s=,iv:ioACZoXRKj/SbAIcu1DlNQzUQcAU09rT7MVtn8Uzz78=,tag:OPHLnDCuj3f5l12VCojPqw==,type:str]
VPN_PORT_FORWARDING_PROVIDER: ENC[AES256_GCM,data:M4Szf4sHaeVl,iv:ebrkUX78P2YUM7NOB/7vx6WEIqdoYtc5RDwo4AvqVTU=,tag:MNPfF6KHejYBkVyeQtQW6A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-04-13T16:41:54Z"
mac: ENC[AES256_GCM,data:pOPZPBA1svzBtvCfRLldL682Buhr5L18lYuO2vt/KxZ9ROCHeYTUjlux+HEcCd/cS0fsSZjFjr2oHLS4fKwakZaPE7QuYOqPZF/xvjf3yTXZbIouqWg7ViBeYe88qgdFKNlov1lMYELXRxn/4smlqF6xCPnf5DI3+R13/ludr1E=,iv:h+6mjiEr05V+YRk8e10vOL/4aHXUAogbYEb1aKv2lgw=,tag:XeoMsGo121tCnLp1bArEDg==,type:str]
pgp:
- created_at: "2024-04-13T16:41:54Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAyqlIeyoxYovAQ//Z+tYZXmf264YmJIE4lzzvDt0vYSUBg4RHh/snDs8CHRM
dBeC+gxtGrJSsDS1pv8Yz+DtgsPkIcg6gM9yfxt+9Qmug4mIDXgKUQoGJmuqXmoG
VtPZYamVErq11suyxFsWqJQYbxGoYMi7uzTP3UauGP2NQlwGlFs1fSyXfBLngJkA
T7hyWxbiC16pJIXp+YE/Fn/x3CKMpOK67ZWn6cpkRBjeI4LOWDddde1vJZOH2RWK
vJF2KP+jiZpTO4NXE1R+lQLYDP5t8Ufu6NXhTseJapoDHw0m1xVN1cntEgpLYwsH
p/Ef1WysCTddxdA93QrZ4NGjZpDqt7OYAQgt5QZgEUFGXbRW2CfkEX2d2VpXf55y
hK9Y8MZAQmf7HRkEPc1LwmUSJd3HBMpdph9ffEH8HRItYKXGnrPNUjhpp8mFy4MZ
eAQYO65e+xLE7AFpyGkdTtBb3b1IvMuPZ8sH2VzIc/Crh0Sej1GizlOcPWDFP6oe
2950UXkJo3yFnirPJWisejxV2zhymTIY8M7eiKX/Qt7eftcB8tnRZ+7F8Z5VknGr
EYmA4BgAkdPz7UyaVdmQ9tt6gqoFbGAy3ns64gO7HokjRQbGD+AQ0J5Vgpv9K1OB
QjLtwqgCGIAaJBgJ1euaM+Vfk0zKX/0zQsBe8SDs+NoWmqZc/MYygF3NBRbjrJyF
AgwDXjg0p2IN1X8BD/9jq68NwvQg5aQN64BFIL3TsWRonL29O65QyGaQtwdpT4f5
DS1LSpr6CEUpuaRsosG78xNVV8cvsPVc6VV8TuQWJgG+LJqcGkESzEekb5se8rDl
ijnaMawZ2ngf5EfHOBozoY0ybUjZCkHz+yI+zSaAJiJWQalYDwaiGkCk0ElIiZsk
vI9a38TT/lqOuDfW1EGjtOMY5JQ8p7DYZQhmRgQkEronQOyQySR7z0AjRmhdMjXl
BX08Pf6Ur6xEeownhchpmtiy2wuqQ0b2LyY7BpA/FxZRBSyVsgFu5vE2//YExEnv
WhsX5pbykfmar7OuaCN34M/COlw+lbnCKZERNu7vmux7nXWEMYYc9qKXdCqJZ09e
IfH9OYNb47se5DIrcbRUtxSbS6yWXyhGAJIW3VDmqpFRTC5eEfyo6y4TKcZ3LMFu
oqFGQRS6oHNcr+6nq9m83bIxHoFS3yJ5b6geVqTBi/Slz16mDKCsX0Pbd4CkqwQG
Z1bbMHb/UWUgfBAH2Jz8ShowsfS8waVpc1tcXDdr0d5zz0oVNrhDO9lkyvG4NZHQ
sMJGXSd1LfFO+nsX8wHymBp2B2pf3rFCKXJ1Z10DjVhFTIzK4mgim92QXfJcimN2
Fwc7P0o8oZNPxcktd47ren4P/jzztum9R3nOG186Eqdk2zMW6nt8LpOtuntab9Rm
AQkCEBoMAe2xtJ5Lqb4TqpdPQH10yUwP1c7loiCzDy2SHhR+y1f4g6oYjuVyFJpZ
j3TQxAz5WWEiCrk2NNEQjpq4LwtHStUTX9KfZVQ17QwRsTm4t8rcXDcb7HXUmDb9
UWICsLqU
=A1Ty
-----END PGP MESSAGE-----
fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
- created_at: "2024-04-13T16:41:54Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAy5t8IMoPu4VARAAhYIi/e9521WdgX56QICahfwt/tQzqpBnBusZeDTdYSGe
RzduUhMyvjs7kSXLVgfgfFBCFfjCIynWib2ja52tOfPuNEbBHv3iYnRfVzfbk4B6
3fYDahRjdJXYBWOthup8fSTi5PYuhgdUI3F084GLy6jA4GEf55wqMWlFS/dfUk2R
VJJEAI5h8XfIKqwFWBr8R6q2GA07uk5bwo6gy0220351OZrOtE8TMHfFsaaQbcy7
kmd1vUGvBP9TjmtNPjvTYXak8VHgui0zlft4K7Bi/Lh1tOspfeqjCjSstJlAxNAQ
pumCvhmWHWYBShY6QeulTNmMtsu8hY/C0HV4rkVpnx5hQtzPLcReeWe7oHn8QYYg
xZsJ7b805YW5OxGWyd5AnOv7yg5jInNA/aCYNgA0lwttVHKt7mBLmIvUOoI+my5+
V3A53dQ+OCNi/QbCJvf53+fNnJ0fwvQp1o1CurhKRUdPnBT+H9EelbalM1Snr/jQ
7DpskR5i1mCmatLK9KFuj/GmhDnFkvw9R7LAZjl2V9rP5ZFlhe9EcnRHvLCAH0cf
OQLqeIan3CypQmuoNTTbqCbQD8nFa0FjsG/SLmZS/VYh+HFlOgPk11cnQzr26v++
imZ4qYv6r6+XSrvZPAzNQoDaxyx4u2s6xc2LWLyZTSUC/5XeNXDQsPNKtGlGwjbU
ZgEJAhCM/GH3HPYRTityO8oAEDX3lPcLSa/BR5+ePQ3tPwTkV+tZa8HQMV5tOPIs
5KA18Evmc0ZJdkBcsWWozrSrYSx9cu0tcWSgZnTv1OJDP4A3CKvBIyYomRlFiFZ2
tnTLX555Sw==
=6Nra
-----END PGP MESSAGE-----
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
encrypted_regex: ^(data|stringData)$
version: 3.8.1

View File

@ -1,4 +1,4 @@
apiVersion: helm.toolkit.fluxcd.io/v2
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: flaresolverr
@ -17,7 +17,7 @@ spec:
values:
image:
repository: ghcr.io/flaresolverr/flaresolverr
tag: v3.3.21
tag: v3.3.17
env:
LOG_LEVEL: info

View File

@ -3,16 +3,15 @@ kind: Kustomization
resources:
- ./namespace.yaml
#- ./network_policy.yaml
- ./qbittorrent
- ./qbit-manage
- ./radarr/ks.yaml
- ./sonarr/ks.yaml
#- ./qbittorrent
#- ./qbit-manage
- ./deluge
- ./radarr
- ./sonarr
- ./prowlarr
- ./bazarr
- ./readarr
#- ./mylar3
- ./mylar3
- ./unpackerr
- ./media-dashboard.yaml
- ./flaresolverr
- ./kapowarr/ks.yaml
- ./sabnzbd

View File

@ -1,4 +1,4 @@
apiVersion: helm.toolkit.fluxcd.io/v2
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: mylar3

View File

@ -1,6 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: openebs-system
name: download
labels:
name: openebs-system
name: download

View File

@ -1,4 +1,4 @@
apiVersion: helm.toolkit.fluxcd.io/v2
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: prowlarr
@ -17,7 +17,7 @@ spec:
values:
image:
repository: ghcr.io/onedr0p/prowlarr-develop
tag: "1.27.0.4852"
tag: "1.16.1.4420"
# Metrics sidecar
sidecars:

View File

@ -14,7 +14,7 @@ data:
tag_update: True
rem_unregistered: False
tag_tracker_error: True
rem_orphaned: False
rem_orphaned: True
tag_nohardlinks: True
share_limits: False
skip_qb_version_check: False
@ -50,7 +50,7 @@ data:
#remote_dir: "/storage/Torrents/"
recycle_bin: "/storage/Torrents/.RecycleBin"
#torrents_dir: "/storage/Torrents/BT_backup"
#orphaned_dir: "/storage/Torrents/orphaned_data"
orphaned_dir: "/storage/Torrents/orphaned_data"
cat:
# Category & Path Parameters
@ -241,8 +241,7 @@ data:
- "**/.DS_Store"
- "**/Thumbs.db"
- "**/@eaDir"
- "/storage/Torrents/incomplete/**"
- "/storage/Torrents/files/**"
- "/storage/Torrents/.incomplete/**"
- "**/*.!qB"
- "**/*_unpackerred"

View File

@ -1,4 +1,4 @@
apiVersion: helm.toolkit.fluxcd.io/v2
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: qbit-manage
@ -19,7 +19,7 @@ spec:
# this init container copies the read only config from the configmap volume, into
# an emptydir volume mount that the pod can write to.
copy-config:
image: alpine:3.20
image: alpine:3.19
command:
- /bin/sh
- -c
@ -35,7 +35,7 @@ spec:
image:
repository: bobokun/qbit_manage
tag: "v4.1.13"
tag: "v4.1.1"
env:
QBT_STARTUP_DELAY: 45 # seconds

View File

@ -0,0 +1,125 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: qbittorrent
namespace: download
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 1.3.x
sourceRef:
kind: HelmRepository
name: bjws-charts
namespace: flux-system
values:
image:
repository: lscr.io/linuxserver/qbittorrent
tag: "4.6.2"
sidecars:
gluetun:
image: qmcgaw/gluetun:v3.38
env:
- name: FIREWALL_INPUT_PORTS
value: "8080,17871" # 17871 is the prometheus exporter
envFrom:
- secretRef:
name: qbittorrent-secrets
securityContext:
capabilities:
add:
- NET_ADMIN
volumeMounts:
- name: gluetun-tmp
mountPath: /tmp/gluetun/
port-manager:
image: git.seanomik.net/seanomik/gluetun-qbit-port-updater:v0.1.2
imagePullPolicy: Always
env:
PORT_UPD_QBITTORRENT_HOST: localhost
PORT_UPD_QBITTORRENT_PORT: "8080"
# safe to have in plain text since qbittorrent is exposed through authentik.
PORT_UPD_QBITTORRENT_LOGIN: &qbitLogin admin
PORT_UPD_QBITTORRENT_PASSWORD: &qbitPass adminadmin
PORT_UPD_PORT_FILE: /tmp/gluetun/forwarded_port
volumeMounts:
- name: gluetun-tmp
mountPath: /tmp/gluetun/
metrics:
image: caseyscarborough/qbittorrent-exporter:v1.3.5
env:
QBITTORRENT_BASE_URL: "http://localhost:8080"
# safe to have in plain text since qbittorrent is exposed through authentik.
QBITTORRENT_LOGIN: *qbitLogin
QBITTORRENT_PASSWORD: *qbitPass
ports:
- name: metrics
containerPort: 17871
env:
TZ: America/New_York
PGID: "10000"
PUID: "10000"
WEBUI_PORT: "8080"
service:
main:
labels:
app: qbittorrent-service
ports:
http:
port: 8080
metrics:
enabled: true
port: 17871
protocol: HTTP
ingress:
main:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
hosts:
- host: &host "qbit.${SECRET_NEW_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
persistence:
storage:
enabled: true
type: hostPath
hostPath: /mnt/MainPool/Media/Torrents
mountPath: /storage/Torrents
config:
enabled: true
type: hostPath
hostPath: /mnt/MainPool/Kubernetes/qbittorrent
mountPath: /config
cookies:
enabled: true
type: secret
name: cookie-secret
mountPath: /etc/tokens
gluetun-tmp:
enabled: true
type: emptyDir
resources:
requests:
cpu: 10m
memory: 250Mi
limits:
memory: 6000Mi

View File

@ -3,8 +3,8 @@ kind: Kustomization
resources:
- ./qbittorrent-secrets.sops.yaml
- ./helm-release.yaml
#- ./qbittorrent-metrics.yaml
- ./qbittorrent-metrics.yaml
- ./dashboard.yaml
#- ./cookie-secret.sops.yaml
#- ./updateip-script.yaml
#- ./updateip-job.yaml
- ./cookie-secret.sops.yaml
- ./updateip-script.yaml
- ./updateip-job.yaml

View File

@ -0,0 +1,87 @@
apiVersion: v1
kind: Secret
metadata:
name: qbittorrent-secrets
namespace: download
stringData:
#ENC[AES256_GCM,data:hVUP0NEEjjTAhzZapPc6d3PLvp7huWcz4569GPJRYd6eqH6sF8cPGiK0E10tT0iJt4kP0U7/kPM7qBB7O1/8,iv:rbSlay66clsnC5xp3IdtwgJhFzlxDaUZJc1Q0b7N3+0=,tag:nqigGlMYCYsWsGsZxxS4Hw==,type:comment]
#ENC[AES256_GCM,data:FIiiG1vanmdOLUrWPeUjb5+ekdZsuq1R2bxYcS3xAg==,iv:HUCzR7Dx/KXWzRvdKordFBFBJDfgrBkWEF2qOLGVgfA=,tag:U766fJaNH131ZFJRJji3ag==,type:comment]
#ENC[AES256_GCM,data:ZWwyij95YeT4abl4nusVAtVKAOVZpZ3IQlYAbap8Ui4oM1itnT/+F71aQu2gXw==,iv:/QtzKsXHzWYiMPpDeCbGQCVQQun6oYyRXAxePkcZ9is=,tag:z6xg79aDKwC8QEOtfGD9oQ==,type:comment]
#ENC[AES256_GCM,data:AIdqoKOrhrf5rnugikueqMIKKNKpIsqo6RMa7eJVhNhlIg==,iv:Ya7fOYgUovLcyFNFdHKRUMqx5ktGzRALIQDOGC1YnF4=,tag:lr46wZGUabTwfg3BJWcwSw==,type:comment]
#ENC[AES256_GCM,data:0hNlKrkzjadwxpRTXAIwfojellwKHJg+nhIEuGA+GrxvXL0ugqLLpqMNx8BNfWeFabM=,iv:HXnrLionvffl9JhatiBpxMNLaIH2+u63QCoh7Da8P8Y=,tag:ymk37nn1TM2izNzoTGaUyQ==,type:comment]
#ENC[AES256_GCM,data:8T1/jb66IO0okMOj2xzRm16O+dt2qELM+dEpNCaM4Q==,iv:fQOmpHJbaa6ypMEplwRaSnNTayuVPgwhi5HFz2C+zQ8=,tag:tkN9DprLBQL5U+kDZs4cMw==,type:comment]
#ENC[AES256_GCM,data:vUURELYCT9rnL2M4iBPx2rNxgf0VKdLdOw==,iv:oFvw78CxbMrfbTXjD1vsMSizwXQjWqL60LDnpsKrxpU=,tag:YuoAASoyxTMofzifie4qaw==,type:comment]
#ENC[AES256_GCM,data:G7nmvZ9A9MUgk7B0d/0LgoUSN8qgEX9xTegJY8LeT4AL2LrpnvnJ,iv:ade7/zMMSnKyx9ennhNSt6EOZndVS8YnvazOlcRwgug=,tag:13F0PzeCTf4sq+fLjUQgwg==,type:comment]
VPN_SERVICE_PROVIDER: ENC[AES256_GCM,data:d2bwaygE,iv:/H8eRpF+0uI3TsCtumIDLa3GqQsdpaupKRrO0NKTEAM=,tag:k2/4aHPO/T/WxeHRDAMJfA==,type:str]
VPN_TYPE: ENC[AES256_GCM,data:2Gdi1FoRXKW6,iv:vmaw8ipZnuNWDbIDM7dNXJB/ayzci+eodkoh4KmfQ5w=,tag:l9aNpYxTZpscqWDOCixT7A==,type:str]
VPN_ENDPOINT_IP: ENC[AES256_GCM,data:zSIcxZqiW34HEb8lH48=,iv:6emH7gyPiUC0JmAfH8iMdAb5DX1rLfqWQ6L7QUQBies=,tag:TOu4qMiHc7sr8EN8VLfxtg==,type:str]
VPN_ENDPOINT_PORT: ENC[AES256_GCM,data:lGluLJQ=,iv:f6mOJ5dhdGeft2aiN/RW1Dnt8C0CUTfzyh0q0Tmb/Qc=,tag:pSfgALoyRyWkJ0fZ78L68w==,type:str]
WIREGUARD_PUBLIC_KEY: ENC[AES256_GCM,data:jvpuoU2+Ff3EZIam8PoKkti8pQ4ZFR6xZbtCDXR+r/2duP84/WoPkpzvEMQ=,iv:JE7l83HBXYgAgeAVkYt0UsaTw4FWfZCyf9NRkcvadgw=,tag:gMInhqSiuTwpmioxnSrCpA==,type:str]
WIREGUARD_PRIVATE_KEY: ENC[AES256_GCM,data:ykpzCsvp+5w22IsHyjuRi10qPgE0sL6ygOvuhYChoRFnsgsL1D3XAbnZCUA=,iv:tvwPYaf/4Ggvw13kZp590bLbMsWtoiY/X2DQZ5SSj8w=,tag:48QQWi3rA8a0LpUEmKhu7Q==,type:str]
WIREGUARD_ADDRESSES: ENC[AES256_GCM,data:/bT2RKklhM2gsqA=,iv:8Dhb7S4TxcZyvldAiZIjkFj6sm1xEQ8t6zHgQQVnrfo=,tag:6wept1RssiW4e1gyXXtkeQ==,type:str]
VPN_PORT_FORWARDING: ENC[AES256_GCM,data:e8s=,iv:ioACZoXRKj/SbAIcu1DlNQzUQcAU09rT7MVtn8Uzz78=,tag:OPHLnDCuj3f5l12VCojPqw==,type:str]
VPN_PORT_FORWARDING_PROVIDER: ENC[AES256_GCM,data:M4Szf4sHaeVl,iv:ebrkUX78P2YUM7NOB/7vx6WEIqdoYtc5RDwo4AvqVTU=,tag:MNPfF6KHejYBkVyeQtQW6A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-04-13T16:41:54Z"
mac: ENC[AES256_GCM,data:pOPZPBA1svzBtvCfRLldL682Buhr5L18lYuO2vt/KxZ9ROCHeYTUjlux+HEcCd/cS0fsSZjFjr2oHLS4fKwakZaPE7QuYOqPZF/xvjf3yTXZbIouqWg7ViBeYe88qgdFKNlov1lMYELXRxn/4smlqF6xCPnf5DI3+R13/ludr1E=,iv:h+6mjiEr05V+YRk8e10vOL/4aHXUAogbYEb1aKv2lgw=,tag:XeoMsGo121tCnLp1bArEDg==,type:str]
pgp:
- created_at: "2024-04-13T16:41:54Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAyqlIeyoxYovAQ//Z+tYZXmf264YmJIE4lzzvDt0vYSUBg4RHh/snDs8CHRM
dBeC+gxtGrJSsDS1pv8Yz+DtgsPkIcg6gM9yfxt+9Qmug4mIDXgKUQoGJmuqXmoG
VtPZYamVErq11suyxFsWqJQYbxGoYMi7uzTP3UauGP2NQlwGlFs1fSyXfBLngJkA
T7hyWxbiC16pJIXp+YE/Fn/x3CKMpOK67ZWn6cpkRBjeI4LOWDddde1vJZOH2RWK
vJF2KP+jiZpTO4NXE1R+lQLYDP5t8Ufu6NXhTseJapoDHw0m1xVN1cntEgpLYwsH
p/Ef1WysCTddxdA93QrZ4NGjZpDqt7OYAQgt5QZgEUFGXbRW2CfkEX2d2VpXf55y
hK9Y8MZAQmf7HRkEPc1LwmUSJd3HBMpdph9ffEH8HRItYKXGnrPNUjhpp8mFy4MZ
eAQYO65e+xLE7AFpyGkdTtBb3b1IvMuPZ8sH2VzIc/Crh0Sej1GizlOcPWDFP6oe
2950UXkJo3yFnirPJWisejxV2zhymTIY8M7eiKX/Qt7eftcB8tnRZ+7F8Z5VknGr
EYmA4BgAkdPz7UyaVdmQ9tt6gqoFbGAy3ns64gO7HokjRQbGD+AQ0J5Vgpv9K1OB
QjLtwqgCGIAaJBgJ1euaM+Vfk0zKX/0zQsBe8SDs+NoWmqZc/MYygF3NBRbjrJyF
AgwDXjg0p2IN1X8BD/9jq68NwvQg5aQN64BFIL3TsWRonL29O65QyGaQtwdpT4f5
DS1LSpr6CEUpuaRsosG78xNVV8cvsPVc6VV8TuQWJgG+LJqcGkESzEekb5se8rDl
ijnaMawZ2ngf5EfHOBozoY0ybUjZCkHz+yI+zSaAJiJWQalYDwaiGkCk0ElIiZsk
vI9a38TT/lqOuDfW1EGjtOMY5JQ8p7DYZQhmRgQkEronQOyQySR7z0AjRmhdMjXl
BX08Pf6Ur6xEeownhchpmtiy2wuqQ0b2LyY7BpA/FxZRBSyVsgFu5vE2//YExEnv
WhsX5pbykfmar7OuaCN34M/COlw+lbnCKZERNu7vmux7nXWEMYYc9qKXdCqJZ09e
IfH9OYNb47se5DIrcbRUtxSbS6yWXyhGAJIW3VDmqpFRTC5eEfyo6y4TKcZ3LMFu
oqFGQRS6oHNcr+6nq9m83bIxHoFS3yJ5b6geVqTBi/Slz16mDKCsX0Pbd4CkqwQG
Z1bbMHb/UWUgfBAH2Jz8ShowsfS8waVpc1tcXDdr0d5zz0oVNrhDO9lkyvG4NZHQ
sMJGXSd1LfFO+nsX8wHymBp2B2pf3rFCKXJ1Z10DjVhFTIzK4mgim92QXfJcimN2
Fwc7P0o8oZNPxcktd47ren4P/jzztum9R3nOG186Eqdk2zMW6nt8LpOtuntab9Rm
AQkCEBoMAe2xtJ5Lqb4TqpdPQH10yUwP1c7loiCzDy2SHhR+y1f4g6oYjuVyFJpZ
j3TQxAz5WWEiCrk2NNEQjpq4LwtHStUTX9KfZVQ17QwRsTm4t8rcXDcb7HXUmDb9
UWICsLqU
=A1Ty
-----END PGP MESSAGE-----
fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
- created_at: "2024-04-13T16:41:54Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAy5t8IMoPu4VARAAhYIi/e9521WdgX56QICahfwt/tQzqpBnBusZeDTdYSGe
RzduUhMyvjs7kSXLVgfgfFBCFfjCIynWib2ja52tOfPuNEbBHv3iYnRfVzfbk4B6
3fYDahRjdJXYBWOthup8fSTi5PYuhgdUI3F084GLy6jA4GEf55wqMWlFS/dfUk2R
VJJEAI5h8XfIKqwFWBr8R6q2GA07uk5bwo6gy0220351OZrOtE8TMHfFsaaQbcy7
kmd1vUGvBP9TjmtNPjvTYXak8VHgui0zlft4K7Bi/Lh1tOspfeqjCjSstJlAxNAQ
pumCvhmWHWYBShY6QeulTNmMtsu8hY/C0HV4rkVpnx5hQtzPLcReeWe7oHn8QYYg
xZsJ7b805YW5OxGWyd5AnOv7yg5jInNA/aCYNgA0lwttVHKt7mBLmIvUOoI+my5+
V3A53dQ+OCNi/QbCJvf53+fNnJ0fwvQp1o1CurhKRUdPnBT+H9EelbalM1Snr/jQ
7DpskR5i1mCmatLK9KFuj/GmhDnFkvw9R7LAZjl2V9rP5ZFlhe9EcnRHvLCAH0cf
OQLqeIan3CypQmuoNTTbqCbQD8nFa0FjsG/SLmZS/VYh+HFlOgPk11cnQzr26v++
imZ4qYv6r6+XSrvZPAzNQoDaxyx4u2s6xc2LWLyZTSUC/5XeNXDQsPNKtGlGwjbU
ZgEJAhCM/GH3HPYRTityO8oAEDX3lPcLSa/BR5+ePQ3tPwTkV+tZa8HQMV5tOPIs
5KA18Evmc0ZJdkBcsWWozrSrYSx9cu0tcWSgZnTv1OJDP4A3CKvBIyYomRlFiFZ2
tnTLX555Sw==
=6Nra
-----END PGP MESSAGE-----
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
encrypted_regex: ^(data|stringData)$
version: 3.8.1

View File

@ -38,12 +38,11 @@ metadata:
namespace: download
spec:
# every 45 minutes
schedule: "0 * * * *"
schedule: "0/45 * * * *"
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 2
jobTemplate:
spec:
activeDeadlineSeconds: 60
template:
spec:
serviceAccountName: updateip-sa

View File

@ -9,7 +9,7 @@ data:
echo 'getting pod name'
POD_NAME=$(kubectl get pods -n download --selector "app.kubernetes.io/name=qbittorrent" --output=jsonpath={.items..metadata.name})
echo $POD_NAME
OUTPUT=$(kubectl exec -it $POD_NAME -c app -n download -- /bin/bash -c 'MAM_ID=$(cat /etc/tokens/mam-id); curl -i -c /etc/mam.cookies -b "mam_id=$MAM_ID" https://t.myanonamouse.net/json/dynamicSeedbox.php')
OUTPUT=$(kubectl exec -it $POD_NAME -n download -- /bin/bash -c 'MAM_ID=$(cat /etc/tokens/mam-id); curl -i -c /etc/mam.cookies -b "mam_id=$MAM_ID" https://t.myanonamouse.net/json/dynamicSeedbox.php')
echo $OUTPUT
if [[ $OUTPUT == *"Success\":true"* ]]; then
echo "Success"

View File

@ -0,0 +1,119 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: radarr
namespace: download
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 1.3.x
sourceRef:
kind: HelmRepository
name: bjws-charts
namespace: flux-system
values:
image:
repository: ghcr.io/onedr0p/radarr-develop
tag: "5.4.6.8723"
# Metrics sidecar
sidecars:
exportarr:
image: ghcr.io/onedr0p/exportarr:v2.0.1
args:
- radarr
ports:
- name: metrics
containerPort: 9000
env:
- name: URL
value: "http://localhost"
- name: CONFIG
value: "/config/config.xml"
- name: PORT
value: 9000
- name: ENABLE_ADDITIONAL_METRICS
value: "true"
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: "true"
volumeMounts:
- name: config
mountPath: /config
readOnly: true
env:
TZ: America/New_York
service:
main:
labels:
app: radarr-service
ports:
http:
port: 7878
metrics:
enabled: true
port: 9000
protocol: HTTP
probes:
liveness:
enabled: false
# custom: true
# spec:
# httpGet:
# path: /ping
# port: 7878
# initialDelaySeconds: 10
# periodSeconds: 10
# timeoutSeconds: 3
# failureThreshold: 3
startup:
enabled: false
ingress:
main:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
hosts:
- host: &host "radarr.${SECRET_NEW_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
persistence:
config:
enabled: true
type: hostPath
hostPath: /mnt/MainPool/Kubernetes/radarr
mountPath: /config
storage:
enabled: true
type: hostPath
hostPath: /mnt/MainPool/Media
mountPath: /storage
podSecurityContext:
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
resources:
requests:
cpu: 1m
memory: 350Mi
limits:
memory: 1500Mi

View File

@ -1,7 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./pvc.yaml
- ./secret.sops.yaml
- ./helm-release.yaml
- ./sonarr-exportarr-metrics.yaml
- ./radarr-exportarr-metrics.yaml

View File

@ -1,4 +1,4 @@
apiVersion: helm.toolkit.fluxcd.io/v2
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: readarr-audiobooks
@ -17,7 +17,7 @@ spec:
values:
image:
repository: ghcr.io/onedr0p/readarr-develop
tag: "0.3.32.2587"
tag: "0.3.22.2499"
pullPolicy: Always
# Metrics sidecar

View File

@ -1,4 +1,4 @@
apiVersion: helm.toolkit.fluxcd.io/v2
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: readarr-ebooks
@ -17,7 +17,7 @@ spec:
values:
image:
repository: ghcr.io/onedr0p/readarr-develop
tag: "0.3.32.2587"
tag: "0.3.22.2499"
pullPolicy: Always
# Metrics sidecar

View File

@ -0,0 +1,120 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: sonarr
namespace: download
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 1.3.x
sourceRef:
kind: HelmRepository
name: bjws-charts
namespace: flux-system
values:
image:
repository: ghcr.io/onedr0p/sonarr-develop
tag: "4.0.4.1515"
# Metrics sidecar
sidecars:
exportarr:
image: ghcr.io/onedr0p/exportarr:v2.0.1
args:
- sonarr
ports:
- name: metrics
containerPort: 9000
env:
- name: URL
value: "http://localhost"
- name: CONFIG
value: "/config/config.xml"
- name: PORT
value: 9000
- name: ENABLE_ADDITIONAL_METRICS
value: "true"
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: "true"
volumeMounts:
- name: config
mountPath: /config
readOnly: true
env:
TZ: America/New_York
SONARR__AUTHENTICATION_METHOD: "External"
service:
main:
labels:
app: sonarr-service
ports:
http:
port: 8989
metrics:
enabled: true
port: 9000
protocol: HTTP
probes:
liveness:
enabled: true
custom: true
spec:
httpGet:
path: /ping
port: 8989
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
startup:
enabled: false
ingress:
main:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
hosts:
- host: &host "sonarr.${SECRET_NEW_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
persistence:
config:
enabled: true
type: hostPath
hostPath: /mnt/MainPool/Kubernetes/sonarr
mountPath: /config
storage:
enabled: true
type: hostPath
hostPath: /mnt/MainPool/Media
mountPath: /storage
podSecurityContext:
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
resources:
requests:
cpu: 2m
memory: 350Mi
limits:
memory: 2500Mi

View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helm-release.yaml
- ./sonarr-exportarr-metrics.yaml

View File

@ -0,0 +1,77 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: unpackerr
namespace: download
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 1.3.x
sourceRef:
kind: HelmRepository
name: bjws-charts
namespace: flux-system
values:
image:
repository: ghcr.io/onedr0p/unpackerr
tag: "0.12.0"
probes:
liveness:
enabled: false
startup:
enabled: false
ingress:
main:
enabled: false
persistence:
config:
enabled: true
type: configMap
name: unpackerr-configmap
items:
- key: unpackerr-conf
path: "unpackerr.conf"
storage:
enabled: true
type: hostPath
hostPath: /mnt/MainPool/Media
mountPath: /storage
service:
main:
enabled: true
ports:
http:
port: 5656
serviceMonitor:
main:
enabled: true
labels:
release: kube-prometheus-stack
endpoints:
- port: http
interval: 15s
scrapeTimeout: 5s
path: /metrics
podSecurityContext:
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
resources:
requests:
cpu: 2m
memory: 6Mi
limits:
memory: 20Mi

Some files were not shown because too many files have changed in this diff Show More