├── .github ├── renovate.json5 ├── renovate │ ├── allowedVersions.json5 │ ├── autoMerge.json5 │ ├── commitMessage.json5 │ ├── customManagers.json5 │ ├── grafanaDashboards.json5 │ ├── groups.json5 │ ├── labels.json5 │ ├── packageRules.json5 │ └── semanticCommits.json5 └── workflows │ ├── kubeconform.yaml │ ├── lint.yml │ └── pre-commit.yml ├── .gitignore ├── .minijinja.toml ├── .mise.toml ├── .pre-commit-config.yaml ├── .prettierignore ├── .sops.yaml ├── .sourceignore ├── .taskfiles ├── Flux │ └── Taskfile.yaml ├── Kubernetes │ └── Taskfile.yaml ├── Rook │ ├── Taskfile.yaml │ ├── scripts │ │ └── wait-for-job.sh │ └── templates │ │ ├── WipeDataJob.tmpl.yaml │ │ └── WipeDiskJob.tmpl.yaml ├── Sops │ └── Taskfile.yaml ├── talos │ └── Taskfile.yaml └── volsync │ ├── Taskfile.yaml │ └── resources │ ├── replicationdestination.yaml.j2 │ └── unlock.yaml.j2 ├── .yamllint.yaml ├── LICENSE ├── README.md ├── Taskfile.yaml ├── ansible ├── .ansible-lint ├── README.md ├── ansible.cfg ├── inventory │ ├── group_vars │ │ └── all │ │ │ └── os.yml │ ├── host_vars │ │ ├── curiosity.yml │ │ ├── singularity.sops.yml │ │ ├── singularity.yml │ │ ├── sun.sops.yml │ │ └── sun.yml │ └── hosts.yml ├── playbooks │ ├── bootstrap.yml │ ├── curiosity.yml │ ├── nut-monitor.yml │ ├── singularity.yml │ ├── sun.yml │ └── unifi.yml ├── requirements.txt ├── requirements.yml └── roles │ ├── nut_monitor │ ├── handlers │ │ └── main.yml │ └── tasks │ │ └── main.yml │ ├── os │ ├── handlers │ │ └── main.yml │ ├── tasks │ │ ├── coral-tpu.yml │ │ ├── filesystem.yml │ │ ├── journald.yml │ │ ├── kernel.yml │ │ ├── main.yml │ │ ├── motd.yml │ │ ├── network.yml │ │ ├── packages.yml │ │ ├── pi.yml │ │ ├── power-button.yml │ │ ├── terminfo.yml │ │ ├── time.yml │ │ └── unattended-upgrades.yml │ └── vars │ │ └── main.yml │ ├── printer3d │ └── tasks │ │ └── main.yml │ ├── synology │ └── tasks │ │ ├── main.yml │ │ ├── matchbox.yml │ │ ├── minio.yml │ │ ├── prometheus-node-exporter.yml │ │ └── user.yml │ ├── ufw │ ├── defaults │ │ └── main.yml │ └── tasks │ │ └── main.yml │ └── unifi │ ├── README.md │ ├── files │ └── config.properties │ ├── handlers │ └── main.yml │ ├── tasks │ ├── config.yml │ ├── install.yml │ └── main.yml │ └── templates │ └── config.gateway.json.j2 ├── kubernetes ├── apps │ ├── cert-manager │ │ ├── cert-manager │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── prometheusrule.yaml │ │ │ ├── issuers │ │ │ │ ├── cloudflare-secret.sops.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── letsencrypt-production.yaml │ │ │ │ └── letsencrypt-staging.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ └── namespace.yaml │ ├── database │ │ ├── cloudnative-pg │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ │ ├── cluster │ │ │ │ ├── cluster16.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── prometheusrule.yaml │ │ │ │ ├── scheduledbackup.yaml │ │ │ │ └── service.yaml │ │ │ └── ks.yaml │ │ ├── dragonfly │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── rbac.yaml │ │ │ ├── cluster │ │ │ │ ├── cluster.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── podmonitor.yaml │ │ │ └── ks.yaml │ │ ├── emqx │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── init-user-secret.sops.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ │ ├── cluster │ │ │ │ ├── cluster.yaml │ │ │ │ ├── ingress.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── podmonitor.yaml │ │ │ │ └── resources │ │ │ │ │ └── init-mqtt.py │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ └── namespace.yaml │ ├── default │ │ ├── kustomization.yaml │ │ ├── mealie │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ │ └── ks.yaml │ │ ├── miniflux │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ │ └── ks.yaml │ │ ├── namespace.yaml │ │ ├── paperless │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ │ └── ks.yaml │ │ └── vaultwarden │ │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── secret.sops.yaml │ │ │ └── ks.yaml │ ├── download │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── qbittorrent │ │ │ ├── app │ │ │ │ ├── gluetun.sops.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── resources │ │ │ │ │ └── dnsdist.conf │ │ │ │ └── secret.sops.yaml │ │ │ └── ks.yaml │ │ └── sabnzbd │ │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ ├── flux-system │ │ ├── addons │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── monitoring │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── podmonitor.yaml │ │ │ │ │ └── prometheusrule.yaml │ │ │ │ ├── notifications │ │ │ │ │ ├── github │ │ │ │ │ │ ├── alert.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── provider.yaml │ │ │ │ │ │ └── secret.sops.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── webhooks │ │ │ │ │ ├── github │ │ │ │ │ ├── ingress.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── receiver.yaml │ │ │ │ │ └── secret.sops.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ └── namespace.yaml │ ├── home-automation │ │ ├── esphome │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── frigate │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── resources │ │ │ │ │ └── config.yml │ │ │ │ └── secret.sops.yaml │ │ │ └── ks.yaml │ │ ├── go2rtc │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ │ └── go2rtc.yaml │ │ │ └── ks.yaml │ │ ├── home-assistant │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── zigbee2mqtt-secondary │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ │ └── ks.yaml │ │ └── zigbee2mqtt │ │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── secret.sops.yaml │ │ │ └── ks.yaml │ ├── kube-system │ │ ├── cilium │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ └── values.yaml │ │ │ ├── config │ │ │ │ ├── bgp-peering-policy.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── l2-announcement-policy.yaml │ │ │ │ └── lb-ip-pool.yaml │ │ │ └── ks.yaml │ │ ├── coredns │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ └── values.yaml │ │ │ └── ks.yaml │ │ ├── descheduler │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── generic-device-plugin │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ │ └── config.yaml │ │ │ └── ks.yaml │ │ ├── intel-device-plugin │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── gpu │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kubelet-csr-approver │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ └── values.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── metrics-server │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── namespace.yaml │ │ ├── node-feature-discovery │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── ks.yaml │ │ │ └── rules │ │ │ │ ├── e1000e-device.yaml │ │ │ │ ├── google-coral-device.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── ups-apc-device.yaml │ │ ├── reloader │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ └── spegel │ │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── kustomizeconfig.yaml │ │ │ └── values.yaml │ │ │ └── ks.yaml │ ├── media │ │ ├── audiobookshelf │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── autobrr │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── resources │ │ │ │ │ └── lokirule.yaml │ │ │ │ └── secret.sops.yaml │ │ │ └── ks.yaml │ │ ├── flaresolverr │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── jellyfin │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── jellyseerr │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── jellystat │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ │ └── ks.yaml │ │ ├── kavita │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── lidarr │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ │ └── ks.yaml │ │ ├── namespace.yaml │ │ ├── prowlarr │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ │ └── ks.yaml │ │ ├── radarr │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ │ └── ks.yaml │ │ ├── readarr-audio │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ │ └── ks.yaml │ │ ├── readarr │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ │ └── ks.yaml │ │ ├── recyclarr │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ │ └── recyclarr.yml │ │ │ └── ks.yaml │ │ ├── sonarr │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ │ └── ks.yaml │ │ └── unpackerr │ │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── secret.sops.yaml │ │ │ └── ks.yaml │ ├── network │ │ ├── blocky │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ │ └── config.yml │ │ │ └── ks.yaml │ │ ├── cloudflared │ │ │ ├── app │ │ │ │ ├── dnsendpoint.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── resources │ │ │ │ │ └── config.yaml │ │ │ │ └── secret.sops.yaml │ │ │ └── ks.yaml │ │ ├── e1000e-fix │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── echo-server │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── external-dns-internal │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── external-dns │ │ │ ├── app │ │ │ │ ├── cloudflare-secret.sops.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── k8s-gateway │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── nginx │ │ │ ├── external │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── internal │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── ks.yaml │ │ │ └── shared │ │ │ │ ├── certificate.yaml │ │ │ │ └── kustomization.yaml │ │ └── singularity │ │ │ ├── app │ │ │ ├── ingress.yaml │ │ │ ├── kustomization.yaml │ │ │ └── service.yaml │ │ │ └── ks.yaml │ ├── observability │ │ ├── gatus │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── rbac.yaml │ │ │ │ ├── resources │ │ │ │ │ └── config.yaml │ │ │ │ └── secret.sops.yaml │ │ │ └── ks.yaml │ │ ├── grafana │ │ │ ├── app │ │ │ │ ├── admin-secret.sops.yaml │ │ │ │ ├── env-secret.sops.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kromgo │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ │ └── config.yaml │ │ │ └── ks.yaml │ │ ├── kube-prometheus-stack │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── prometheusrule.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── loki │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── namespace.yaml │ │ ├── nut-server-basement │ │ │ ├── app │ │ │ │ ├── config │ │ │ │ │ ├── nut.conf │ │ │ │ │ ├── ups.conf │ │ │ │ │ ├── upsd.conf │ │ │ │ │ └── upsd.users │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── prometheusrule.yaml │ │ │ │ └── servicemonitor.yaml │ │ │ └── ks.yaml │ │ ├── prometheus-operator-crds │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── promtail │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ └── unpoller │ │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── secret.sops.yaml │ │ │ └── ks.yaml │ ├── openebs-system │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── openebs │ │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ ├── rook-ceph │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── rook-ceph │ │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── secret.sops.yaml │ │ │ ├── cluster │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ ├── security │ │ ├── authelia │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── resources │ │ │ │ │ └── configuration.yaml │ │ │ │ └── secret.sops.yaml │ │ │ └── ks.yaml │ │ ├── glauth │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ └── namespace.yaml │ ├── system-upgrade │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── system-upgrade-controller │ │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── rbac.yaml │ │ │ ├── ks.yaml │ │ │ └── plans │ │ │ ├── kubernetes.yaml │ │ │ ├── kustomization.yaml │ │ │ └── talos.yaml │ └── volsync-system │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── snapshot-controller │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ │ └── volsync │ │ ├── app │ │ ├── helmrelease.yaml │ │ ├── kustomization.yaml │ │ └── prometheusrule.yaml │ │ └── ks.yaml ├── bootstrap │ ├── flux │ │ ├── github-deploy-key-secret.sops.yaml │ │ └── kustomization.yaml │ ├── helmfile.yaml │ └── talos │ │ ├── clusterconfig │ │ └── .gitignore │ │ ├── patches │ │ ├── controller │ │ │ ├── admission-control.yaml │ │ │ ├── api-access.yaml │ │ │ ├── audit-policy.yaml │ │ │ └── cluster.yaml │ │ └── global │ │ │ ├── machine-features.yaml │ │ │ ├── machine-files.yaml │ │ │ ├── machine-kubelet.yaml │ │ │ ├── machine-network.yaml │ │ │ └── machine-sysctls.yaml │ │ ├── talconfig.yaml │ │ ├── talenv.yaml │ │ └── talsecret.sops.yaml ├── flux │ ├── apps.yaml │ ├── config │ │ ├── cluster.yaml │ │ ├── flux.yaml │ │ └── kustomization.yaml │ ├── repositories │ │ ├── git │ │ │ └── kustomization.yaml │ │ ├── helm │ │ │ ├── action-runner-controller.yaml │ │ │ ├── angelnu.yaml │ │ │ ├── backube.yaml │ │ │ ├── bitnami.yaml │ │ │ ├── bjw-s.yaml │ │ │ ├── cilium.yaml │ │ │ ├── cloudnative-pg.yaml │ │ │ ├── coredns.yaml │ │ │ ├── descheduler.yaml │ │ │ ├── emqx.yaml │ │ │ ├── external-dns.yaml │ │ │ ├── external-secrets.yaml │ │ │ ├── grafana.yaml │ │ │ ├── ingress-nginx.yaml │ │ │ ├── intel.yaml │ │ │ ├── jetstack.yaml │ │ │ ├── k8s-gateway.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── metrics-server.yaml │ │ │ ├── node-feature-discovery.yaml │ │ │ ├── openebs.yaml │ │ │ ├── piraeus.yaml │ │ │ ├── postfinance.yaml │ │ │ ├── prometheus-community.yaml │ │ │ ├── rook.yaml │ │ │ ├── spegel.yaml │ │ │ ├── stakater.yaml │ │ │ ├── stevehipwell.yaml │ │ │ └── vector.yaml │ │ ├── kustomization.yaml │ │ └── oci │ │ │ └── kustomization.yaml │ └── vars │ │ ├── cluster-secrets.sops.yaml │ │ ├── cluster-settings.yaml │ │ └── kustomization.yaml └── templates │ ├── gatus │ ├── external │ │ ├── configmap.yaml │ │ └── kustomization.yaml │ └── guarded │ │ ├── configmap.yaml │ │ └── kustomization.yaml │ └── persistence │ ├── kustomization.yaml │ ├── pvc.yaml │ ├── replicationdestination.yaml │ ├── replicationsource.yaml │ └── secret.yaml ├── requirements.txt └── scripts ├── kubeconform.sh ├── kustomize.sh └── sops-mismatch.sh /.github/renovate/allowedVersions.json5: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "packageRules": [ 4 | { 5 | "matchDatasources": ["docker"], 6 | "matchPackagePatterns": ["postgresql"], 7 | "allowedVersions": "<17" 8 | } 9 | ] 10 | } 11 | -------------------------------------------------------------------------------- /.github/renovate/autoMerge.json5: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "packageRules": [ 4 | { 5 | "description": ["Auto-merge container digests updates for trusted containers"], 6 | "matchDatasources": ["docker"], 7 | "automerge": true, 8 | "automergeType": "branch", 9 | "matchUpdateTypes": ["digest"], 10 | "matchPackagePatterns": [ 11 | "ghcr.io/bjw-s", 12 | "ghcr.io/onedr0p", 13 | "ghcr.io/recyclarr", 14 | "ghcr.io/unpackerr", 15 | ] 16 | }, 17 | { 18 | "description": ["Auto-merge GitHub Actions for minor and patch"], 19 | "matchManagers": ["github-actions"], 20 | "matchDatasources": ["github-tags"], 21 | "automerge": true, 22 | "automergeType": "branch", 23 | "matchUpdateTypes": ["minor", "patch"] 24 | } 25 | ] 26 | } 27 | -------------------------------------------------------------------------------- /.github/renovate/commitMessage.json5: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "commitMessageTopic": "{{depName}}", 4 | "commitMessageExtra": "to {{newVersion}}", 5 | "commitMessageSuffix": "", 6 | "packageRules": [ 7 | { 8 | "matchDatasources": ["helm"], 9 | "commitMessageTopic": "chart {{depName}}" 10 | }, 11 | { 12 | "matchDatasources": ["docker"], 13 | "commitMessageTopic": "image {{depName}}" 14 | } 15 | ] 16 | } 17 | -------------------------------------------------------------------------------- /.github/workflows/kubeconform.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json 3 | name: Kubeconform 4 | 5 | on: 6 | pull_request: 7 | branches: ["main"] 8 | paths: ["kubernetes/**"] 9 | push: 10 | branches: ["main"] 11 | paths: ["kubernetes/**"] 12 | 13 | jobs: 14 | kubeconform: 15 | name: Kubeconform 16 | runs-on: ubuntu-latest 17 | steps: 18 | - name: Checkout 19 | uses: actions/checkout@v4 20 | 21 | - name: Setup Homebrew 22 | uses: Homebrew/actions/setup-homebrew@master 23 | 24 | - name: Setup Workflow Tools 25 | run: brew install fluxcd/tap/flux kubeconform kustomize 26 | 27 | - name: Run kubeconform 28 | shell: bash 29 | run: bash ./scripts/kubeconform.sh 30 | -------------------------------------------------------------------------------- /.github/workflows/lint.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json 3 | name: Lint 4 | 5 | on: 6 | pull_request: 7 | branches: ["main"] 8 | push: 9 | branches: ["main"] 10 | 11 | jobs: 12 | shellcheck: 13 | name: Shellcheck 14 | runs-on: ubuntu-latest 15 | steps: 16 | - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 17 | 18 | - name: Run shellcheck 19 | uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0 20 | with: 21 | severity: error 22 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # k8s 2 | kubeconfig 3 | talosconfig 4 | .decrypted~*.yaml 5 | .config.env 6 | *.agekey 7 | *.pub 8 | *.key 9 | 10 | # direnv 11 | .direnv/ 12 | -------------------------------------------------------------------------------- /.minijinja.toml: -------------------------------------------------------------------------------- 1 | autoescape = "none" 2 | newline = true 3 | trim-blocks = true 4 | lstrip-blocks = true 5 | env = true 6 | -------------------------------------------------------------------------------- /.mise.toml: -------------------------------------------------------------------------------- 1 | [env] 2 | _.python.venv = { path = "{{config_root}}/.venv", create = true } 3 | KUBECONFIG = "{{config_root}}/kubeconfig" 4 | SOPS_AGE_KEY_FILE = "{{config_root}}/age.key" 5 | TALOSCONFIG = "{{config_root}}/kubernetes/bootstrap/talos/clusterconfig/talosconfig" 6 | TASK_X_ENV_PRECEDENCE = 1 7 | TASK_X_MAP_VARIABLES = 0 8 | 9 | [tasks.deps] 10 | description = "Install dependencies" 11 | run = "uv pip install -r requirements.txt" 12 | 13 | [tools] 14 | python = "3.13" 15 | uv = "latest" 16 | "aqua:budimanjojo/talhelper" = "latest" 17 | "aqua:cloudflare/cloudflared" = "latest" 18 | "aqua:FiloSottile/age" = "latest" 19 | "aqua:fluxcd/flux2" = "latest" 20 | "aqua:getsops/sops" = "latest" 21 | "aqua:go-task/task" = "latest" 22 | "aqua:helm/helm" = "latest" 23 | "aqua:helmfile/helmfile" = "latest" 24 | "aqua:jqlang/jq" = "latest" 25 | "aqua:kubernetes-sigs/kustomize" = "latest" 26 | "aqua:kubernetes/kubectl" = "latest" 27 | "aqua:mikefarah/yq" = "latest" 28 | "aqua:siderolabs/talos" = "latest" 29 | "aqua:yannh/kubeconform" = "latest" 30 | -------------------------------------------------------------------------------- /.prettierignore: -------------------------------------------------------------------------------- 1 | # sops yaml files 2 | *.sops.yaml 3 | -------------------------------------------------------------------------------- /.sops.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | creation_rules: 3 | - path_regex: ansible/.*\.sops\.ya?ml 4 | pgp: >- 5 | 86170CE5CB464ADDC6BE8E597450F180356132B6 6 | - path_regex: talos/.*\.sops\.ya?ml 7 | pgp: >- 8 | 86170CE5CB464ADDC6BE8E597450F180356132B6 9 | age: >- 10 | age1xrxcj4d3zj8pnnyysph9qpve8stj8wr9dk7y0nq8ns4nukcruyxq5cc5at 11 | - path_regex: kubernetes/.*\.sops\.ya?ml 12 | encrypted_regex: "^(data|stringData)$" 13 | pgp: >- 14 | 86170CE5CB464ADDC6BE8E597450F180356132B6 15 | age: >- 16 | age1xrxcj4d3zj8pnnyysph9qpve8stj8wr9dk7y0nq8ns4nukcruyxq5cc5at 17 | -------------------------------------------------------------------------------- /.sourceignore: -------------------------------------------------------------------------------- 1 | # flux ignore file 2 | # see https://toolkit.fluxcd.io/components/source/gitrepositories/#excluding-files 3 | .github/ 4 | ansible/ 5 | hack/ 6 | os/ 7 | .envrc 8 | .gitignore 9 | .pre-commit-config.yaml 10 | .sops.yaml 11 | .yamllint.yaml 12 | LICENSE 13 | README.md 14 | -------------------------------------------------------------------------------- /.taskfiles/Rook/scripts/wait-for-job.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | JOB=$1 4 | NAMESPACE="${2:-default}" 5 | 6 | [[ -z "${JOB}" ]] && echo "Job name not specified" && exit 1 7 | while true; do 8 | STATUS="$(kubectl -n "${NAMESPACE}" get pod -l job-name="${JOB}" -o jsonpath='{.items[*].status.phase}')" 9 | if [ "${STATUS}" == "Pending" ]; then 10 | break 11 | fi 12 | sleep 1 13 | done 14 | -------------------------------------------------------------------------------- /.taskfiles/Rook/templates/WipeDataJob.tmpl.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: batch/v1 3 | kind: Job 4 | metadata: 5 | name: ${job} 6 | namespace: default 7 | spec: 8 | ttlSecondsAfterFinished: 3600 9 | template: 10 | spec: 11 | automountServiceAccountToken: false 12 | restartPolicy: Never 13 | nodeName: ${node} 14 | containers: 15 | - name: main 16 | image: docker.io/library/alpine:latest 17 | command: ["/bin/sh", "-c"] 18 | args: ["rm -rf /mnt/host_var/lib/rook"] 19 | volumeMounts: 20 | - mountPath: /mnt/host_var 21 | name: host-var 22 | securityContext: 23 | privileged: true 24 | resources: {} 25 | volumes: 26 | - name: host-var 27 | hostPath: 28 | path: /var 29 | -------------------------------------------------------------------------------- /.taskfiles/Rook/templates/WipeDiskJob.tmpl.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: batch/v1 3 | kind: Job 4 | metadata: 5 | name: ${job} 6 | namespace: default 7 | spec: 8 | ttlSecondsAfterFinished: 3600 9 | template: 10 | spec: 11 | automountServiceAccountToken: false 12 | restartPolicy: Never 13 | nodeName: ${node} 14 | containers: 15 | - name: main 16 | image: docker.io/library/alpine:latest 17 | command: ["/bin/sh", "-c"] 18 | args: 19 | - apk add --no-cache sgdisk util-linux util-linux-misc parted device-mapper; 20 | sgdisk --zap-all ${disk}; 21 | wipefs -a ${disk}; 22 | dd if=/dev/zero of=${disk} bs=1M count=100 oflag=direct,append; 23 | blkdiscard ${disk}; 24 | partprobe ${disk}; 25 | fdisk -l ${disk}; 26 | securityContext: 27 | privileged: true 28 | resources: {} 29 | -------------------------------------------------------------------------------- /.taskfiles/volsync/resources/replicationdestination.yaml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: volsync.backube/v1alpha1 3 | kind: ReplicationDestination 4 | metadata: 5 | name: {{ ENV.APP }}-manual 6 | namespace: {{ ENV.NS }} 7 | spec: 8 | trigger: 9 | manual: restore-once 10 | restic: 11 | repository: {{ ENV.APP }}-volsync 12 | destinationPVC: {{ ENV.CLAIM }} 13 | copyMethod: Direct 14 | storageClassName: {{ ENV.STORAGE_CLASS_NAME }} 15 | accessModes: {{ ENV.ACCESS_MODES }} 16 | previous: {{ ENV.PREVIOUS }} 17 | moverSecurityContext: 18 | runAsUser: {{ ENV.PUID }} 19 | runAsGroup: {{ ENV.PGID }} 20 | fsGroup: {{ ENV.PGID }} 21 | enableFileDeletion: true 22 | cleanupCachePVC: true 23 | cleanupTempPVC: true 24 | -------------------------------------------------------------------------------- /.taskfiles/volsync/resources/unlock.yaml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: batch/v1 3 | kind: Job 4 | metadata: 5 | name: volsync-unlock-{{ ENV.APP }} 6 | namespace: {{ ENV.NS }} 7 | spec: 8 | ttlSecondsAfterFinished: 3600 9 | template: 10 | spec: 11 | automountServiceAccountToken: false 12 | restartPolicy: OnFailure 13 | containers: 14 | - name: main 15 | image: docker.io/restic/restic:latest 16 | args: ["unlock", "--remove-all"] 17 | envFrom: 18 | - secretRef: 19 | name: {{ ENV.APP }}-volsync 20 | resources: {} 21 | -------------------------------------------------------------------------------- /.yamllint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | extends: default 3 | 4 | ignore: | 5 | .github/ 6 | .direnv/ 7 | ansible/roles/xanmanning.k3s/ 8 | gotk-components.yaml 9 | user-data*.yaml 10 | *.sops.yml 11 | 12 | rules: 13 | indentation: 14 | spaces: 2 15 | comments: 16 | min-spaces-from-content: 1 17 | line-length: disable 18 | brackets: 19 | min-spaces-inside: 0 20 | max-spaces-inside: 1 21 | braces: 22 | min-spaces-inside: 0 23 | max-spaces-inside: 1 24 | truthy: 25 | level: error 26 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | This is free and unencumbered software released into the public domain. 2 | 3 | Anyone is free to copy, modify, publish, use, compile, sell, or 4 | distribute this software, either in source code form or as a compiled 5 | binary, for any purpose, commercial or non-commercial, and by any 6 | means. 7 | 8 | In jurisdictions that recognize copyright laws, the author or authors 9 | of this software dedicate any and all copyright interest in the 10 | software to the public domain. We make this dedication for the benefit 11 | of the public at large and to the detriment of our heirs and 12 | successors. We intend this dedication to be an overt act of 13 | relinquishment in perpetuity of all present and future rights to this 14 | software under copyright law. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 17 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 18 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 19 | IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR 20 | OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, 21 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 22 | OTHER DEALINGS IN THE SOFTWARE. 23 | 24 | For more information, please refer to 25 | -------------------------------------------------------------------------------- /Taskfile.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://taskfile.dev/schema.json 3 | version: "3" 4 | 5 | vars: 6 | # Directories 7 | ANSIBLE_DIR: "{{.ROOT_DIR}}/ansible" 8 | KUBERNETES_DIR: "{{.ROOT_DIR}}/kubernetes" 9 | TALHELPER_DIR: "{{.ROOT_DIR}}/kubernetes/bootstrap/talos" 10 | SCRIPTS_DIR: "{{.ROOT_DIR}}/scripts" 11 | 12 | # Files 13 | AGE_FILE: "{{.ROOT_DIR}}/age.key" 14 | KUBECONFIG_FILE: "{{.ROOT_DIR}}/kubeconfig" 15 | TALOSCONFIG_FILE: "{{.ROOT_DIR}}/kubernetes/bootstrap/talos/clusterconfig/talosconfig" 16 | 17 | env: 18 | KUBECONFIG: "{{.KUBECONFIG_FILE}}" 19 | TALOSCONFIG: "{{.TALOSCONFIG_FILE}}" 20 | MINIJINJA_CONFIG_FILE: "{{.ROOT_DIR}}/.minijinja.toml" 21 | SOPS_AGE_KEY_FILE: "{{.AGE_FILE}}" 22 | 23 | includes: 24 | flux: .taskfiles/Flux 25 | kubernetes: .taskfiles/Kubernetes 26 | rook: .taskfiles/Rook 27 | sops: .taskfiles/Sops 28 | talos: .taskfiles/talos 29 | volsync: .taskfiles/volsync 30 | 31 | tasks: 32 | default: 33 | silent: true 34 | cmd: task -l 35 | -------------------------------------------------------------------------------- /ansible/.ansible-lint: -------------------------------------------------------------------------------- 1 | skip_list: 2 | - yaml 3 | 4 | exclude_paths: 5 | - roles/xanmanning.k3s/ 6 | - inventory/host_vars/*.sops.yml 7 | -------------------------------------------------------------------------------- /ansible/README.md: -------------------------------------------------------------------------------- 1 | ## :building_construction: Playbooks 2 | 3 | ### Bootstrap 4 | Setup ssh on a machine (not needed for kubernetes: part of cloud-init) 5 | ```bash 6 | ansible-playbook playbooks/bootstrap.yml 7 | ``` 8 | 9 | ### OS Preparation 10 | With Kubernetes requirements 11 | ```bash 12 | ansible-playbook playbooks/cluster/os.yml 13 | ``` 14 | 15 | ### K3S Installation 16 | Using [xanmanning.k3s](https://galaxy.ansible.com/xanmanning/k3s) role 17 | ```bash 18 | ansible-playbook playbooks/cluster/k3s.yml 19 | ``` 20 | 21 | ### CNI 22 | Using [Calico](https://www.projectcalico.org/). If using BGP, make sure to 23 | configure your router accordingly. 24 | ```bash 25 | ansible-playbook playbooks/cluster/calico.yml 26 | ``` 27 | *Note: This is later managed in-cluster.* 28 | 29 | ## :fire: Uninstall Playbooks 30 | Because sometimes it's the only thing left to do... 31 | 32 | Most of the playbooks have an `uninstall` variant that will attempt to 33 | remove what has been installed, e.g. 34 | ```bash 35 | ansible-playbook playbooks/cluster/calico-uninstall.yml 36 | ``` 37 | 38 | ## :radioactive: Nuke Playbooks 39 | :warning: **Unrecoverable data loss!** 40 | ```bash 41 | ansible-playbook playbooks/cluster/rook-ceph-nuke.yml 42 | ``` 43 | -------------------------------------------------------------------------------- /ansible/ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | inventory = ./inventory 3 | roles_path = ./roles 4 | stdout_callback = yaml 5 | fact_caching = jsonfile 6 | fact_caching_connection = ~/.ansible/facts_cache 7 | fact_caching_timeout = 7200 8 | vars_plugins_enabled = host_group_vars,community.sops.sops 9 | 10 | [ssh_connection] 11 | pipelining = True 12 | -------------------------------------------------------------------------------- /ansible/inventory/group_vars/all/os.yml: -------------------------------------------------------------------------------- 1 | --- 2 | os_timezone: Europe/Paris 3 | -------------------------------------------------------------------------------- /ansible/inventory/host_vars/curiosity.yml: -------------------------------------------------------------------------------- 1 | --- 2 | pi_config: 3 | disable_camera_led: 1 4 | -------------------------------------------------------------------------------- /ansible/inventory/host_vars/singularity.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ansible_python_interpreter: /var/packages/python38/target/bin/python3.8 3 | ansible_user: Antoine 4 | -------------------------------------------------------------------------------- /ansible/inventory/host_vars/sun.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ansible_python_interpreter: /usr/bin/python3 3 | 4 | unifi_cluster_domain: cluster.milkyway 5 | unifi_certificate_store: /mnt/singularity/certificates/sun.milkyway.pfx 6 | -------------------------------------------------------------------------------- /ansible/inventory/hosts.yml: -------------------------------------------------------------------------------- 1 | --- 2 | unifi_controller: 3 | hosts: 4 | sun: 5 | 6 | storage: 7 | hosts: 8 | singularity: 9 | 10 | printer3d: 11 | hosts: 12 | curiosity: 13 | 14 | pi: 15 | hosts: 16 | curiosity: 17 | -------------------------------------------------------------------------------- /ansible/playbooks/bootstrap.yml: -------------------------------------------------------------------------------- 1 | # setup ssh on a machine 2 | # not needed for cloud-init 3 | --- 4 | - name: Bootstrap 5 | hosts: pi 6 | vars: 7 | user: antoine 8 | ssh_authorized_keys: | 9 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE6mQ4yBpDESYhJrIv/G2daw5I2X0cwh0Hj9K1YxCp7n openpgp:0x66FDC5CE 10 | become: true 11 | tasks: 12 | - name: Add user 13 | ansible.builtin.user: 14 | name: "{{ user }}" 15 | shell: /bin/bash 16 | 17 | - name: Add user to sudoers nopasswd 18 | ansible.builtin.copy: 19 | dest: /etc/sudoers.d/020_{{ user }}-nopasswd 20 | content: "{{ user }} ALL=(ALL) NOPASSWD: ALL" 21 | mode: 0440 22 | 23 | - name: Add user SSH public keys 24 | ansible.posix.authorized_key: 25 | user: "{{ user }}" 26 | key: "{{ ssh_authorized_keys }}" 27 | exclusive: true 28 | notify: restart sshd 29 | 30 | - name: Disable SSH password authentication 31 | ansible.builtin.lineinfile: 32 | dest: /etc/ssh/sshd_config 33 | regex: "^#?PasswordAuthentication" 34 | line: "PasswordAuthentication no" 35 | notify: restart sshd 36 | 37 | handlers: 38 | - name: Restart sshd service 39 | ansible.builtin.systemd: 40 | name: sshd.service 41 | state: restarted 42 | listen: restart sshd 43 | -------------------------------------------------------------------------------- /ansible/playbooks/curiosity.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Curiosity 3 | hosts: 4 | - curiosity 5 | vars_prompt: 6 | - name: "restart_confirmation" 7 | prompt: "Restart when complete? [Y/n]" 8 | default: "n" 9 | private: false 10 | roles: 11 | - os 12 | - printer3d 13 | tasks: 14 | - name: Flush handlers 15 | ansible.builtin.meta: flush_handlers 16 | - name: Reboot 17 | ignore_errors: true # noqa ignore-errors 18 | ansible.builtin.reboot: 19 | msg: "Rebooting..." 20 | when: restart_confirmation == "Y" 21 | tags: 22 | - always 23 | -------------------------------------------------------------------------------- /ansible/playbooks/nut-monitor.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: NUT monitor 3 | hosts: 4 | - unifi_controller 5 | gather_facts: false 6 | roles: 7 | - nut_monitor 8 | -------------------------------------------------------------------------------- /ansible/playbooks/singularity.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Singularity 3 | hosts: 4 | - singularity 5 | roles: 6 | - synology 7 | -------------------------------------------------------------------------------- /ansible/playbooks/sun.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Sun 3 | hosts: 4 | - sun 5 | roles: 6 | - os 7 | - unifi 8 | -------------------------------------------------------------------------------- /ansible/playbooks/unifi.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Unifi 3 | hosts: 4 | - sun 5 | roles: 6 | - unifi 7 | -------------------------------------------------------------------------------- /ansible/requirements.txt: -------------------------------------------------------------------------------- 1 | ansible==11.6.0 2 | ansible-lint==25.5.0 3 | openshift==0.13.2 4 | pyunifi==2.21 5 | -------------------------------------------------------------------------------- /ansible/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | collections: 3 | - name: ansible.posix 4 | version: 2.0.0 5 | - name: community.general 6 | version: 10.7.0 7 | - name: community.docker 8 | version: 4.6.0 9 | - name: community.kubernetes 10 | version: 2.0.1 11 | - name: community.sops 12 | version: 2.0.5 13 | 14 | roles: 15 | - name: xanmanning.k3s 16 | src: https://github.com/PyratLabs/ansible-role-k3s 17 | version: v3.4.4 18 | -------------------------------------------------------------------------------- /ansible/roles/nut_monitor/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Restart nut-monitor 3 | ansible.builtin.service: 4 | name: nut-monitor 5 | state: restarted 6 | become: true 7 | listen: configuration changed 8 | -------------------------------------------------------------------------------- /ansible/roles/nut_monitor/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install nut-client package 3 | ansible.builtin.apt: 4 | name: 5 | - nut-client 6 | become: true 7 | 8 | - name: Set netclient mode in nut.conf 9 | ansible.builtin.lineinfile: 10 | dest: /etc/nut/nut.conf 11 | regex: "^MODE=" 12 | line: "MODE=netclient" 13 | become: true 14 | notify: configuration changed 15 | 16 | - name: Set MONITOR in upsmon.conf 17 | ansible.builtin.lineinfile: 18 | dest: /etc/nut/upsmon.conf 19 | insertafter: "^# MONITOR" 20 | regex: "^MONITOR" 21 | line: "MONITOR {{ upsmon_upsname }}@{{ upsmon_host }} {{ upsmon_powervalue }} {{ upsmon_username }} {{ upsmon_password }} {{ upsmon_mode }}" 22 | become: true 23 | notify: configuration changed 24 | 25 | - name: Enable nut-monitor service 26 | ansible.builtin.service: 27 | name: nut-monitor 28 | enabled: true 29 | state: started 30 | become: true 31 | -------------------------------------------------------------------------------- /ansible/roles/os/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Restart logind systemd service 3 | ansible.builtin.systemd: 4 | name: systemd-logind.service 5 | state: restarted 6 | listen: restart logind 7 | 8 | - name: Restart unattended-upgrades systemd service 9 | ansible.builtin.service: 10 | name: unattended-upgrades.service 11 | state: restarted 12 | listen: unattended-upgrades configuration changed 13 | 14 | - name: Restart timesyncd systemd service 15 | ansible.builtin.service: 16 | name: systemd-timesyncd.service 17 | state: restarted 18 | listen: systemd-timesyncd configuration changed 19 | 20 | - name: Restart journald systemd service 21 | ansible.builtin.systemd: 22 | name: systemd-journald.service 23 | state: restarted 24 | listen: systemd-journald configuration changed 25 | 26 | - name: Write to system clock 27 | ansible.builtin.command: hwclock --systohc 28 | listen: systemd-timesyncd configuration changed 29 | when: ansible_virtualization_role == "host" 30 | or ansible_virtualization_role == "NA" 31 | 32 | - name: Grub mkconfig 33 | ansible.builtin.command: grub-mkconfig -o /boot/grub/grub.cfg 34 | listen: grub configuration changed 35 | -------------------------------------------------------------------------------- /ansible/roles/os/tasks/filesystem.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Update user open file limit 3 | ansible.builtin.copy: 4 | content: | 5 | * hard nofile 97816 6 | * soft nofile 97816 7 | session required pam_limits.so 8 | dest: /etc/security/limits.d/10-kubernetes.conf 9 | mode: 0644 10 | when: '"kubernetes" in group_names' 11 | 12 | - name: Sysctl increase max_user_watches 13 | ansible.posix.sysctl: 14 | name: fs.inotify.max_user_watches 15 | value: "524288" 16 | sysctl_file: /etc/sysctl.d/98-kubernetes-fs.conf 17 | when: '"kubernetes" in group_names' 18 | 19 | - name: Sysctl increase max_user_instances 20 | ansible.posix.sysctl: 21 | name: fs.inotify.max_user_instances 22 | value: "512" 23 | sysctl_file: /etc/sysctl.d/98-kubernetes-fs.conf 24 | when: '"kubernetes" in group_names' 25 | 26 | - name: Swap 27 | block: 28 | - name: Disable swap 29 | ansible.builtin.command: swapoff -a 30 | when: ansible_swaptotal_mb > 0 31 | - name: Disable swap system start 32 | ansible.posix.mount: 33 | name: "{{ item }}" 34 | fstype: swap 35 | state: absent 36 | loop: 37 | - swap 38 | - none 39 | -------------------------------------------------------------------------------- /ansible/roles/os/tasks/journald.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Limit size to 1GB 3 | ansible.builtin.lineinfile: 4 | path: /etc/systemd/journald.conf 5 | regex: "^#?SystemMaxUse=" 6 | line: "SystemMaxUse=1G" 7 | notify: systemd-journald configuration changed 8 | -------------------------------------------------------------------------------- /ansible/roles/os/tasks/motd.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Disable motd 3 | ansible.builtin.lineinfile: 4 | dest: /etc/default/motd-news 5 | regexp: "^ENABLED=" 6 | line: "ENABLED=0" 7 | when: ansible_distribution == "Ubuntu" 8 | -------------------------------------------------------------------------------- /ansible/roles/os/tasks/network.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Sysctl network configuration 3 | ansible.posix.sysctl: 4 | name: "{{ item.key }}" 5 | value: "{{ item.value }}" 6 | sysctl_file: /etc/sysctl.d/99-kubernetes-cri.conf 7 | loop: "{{ sysctl_config | dict2items }}" 8 | vars: 9 | sysctl_config: 10 | net.ipv4.ip_forward: 1 11 | net.ipv4.conf.all.forwarding: 1 12 | net.ipv6.conf.all.forwarding: 1 13 | net.bridge.bridge-nf-call-iptables: 1 14 | net.bridge.bridge-nf-call-ip6tables: 1 15 | net.ipv4.conf.default.rp_filter: 0 16 | net.ipv4.conf.all.rp_filter: 0 17 | net.core.rmem_max: 2500000 18 | net.core.wmem_max: 2500000 19 | when: '"kubernetes" in group_names' 20 | 21 | - name: Update hostname 22 | ansible.builtin.hostname: 23 | name: "{{ inventory_hostname }}" 24 | when: ansible_hostname != inventory_hostname 25 | 26 | - name: Update /etc/hosts 27 | ansible.builtin.lineinfile: 28 | dest: /etc/hosts 29 | regexp: '^127\.0\.1\.1' 30 | line: "127.0.1.1 {{ inventory_hostname }}" 31 | -------------------------------------------------------------------------------- /ansible/roles/os/tasks/packages.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Gather the package facts 3 | ansible.builtin.package_facts: 4 | manager: auto 5 | 6 | - name: Upgrade all packages 7 | ansible.builtin.apt: 8 | upgrade: full 9 | update_cache: true 10 | cache_valid_time: 3600 11 | autoclean: true 12 | autoremove: true 13 | 14 | - name: Install packages 15 | ansible.builtin.apt: 16 | name: "{{ os_packages.install }}" 17 | update_cache: true 18 | cache_valid_time: 3600 19 | autoclean: true 20 | when: os_packages.install 21 | 22 | - name: Remove snaps 23 | community.general.snap: 24 | name: "{{ item }}" 25 | state: absent 26 | loop: 27 | - lxd 28 | - core18 29 | - core20 30 | - snapd 31 | when: 32 | - '"snapd" in ansible_facts.packages' 33 | - '"snapd" in os_packages.remove' 34 | 35 | - name: Remove packages 36 | ansible.builtin.apt: 37 | name: "{{ os_packages.remove }}" 38 | state: absent 39 | autoremove: true 40 | purge: true 41 | when: os_packages.remove 42 | -------------------------------------------------------------------------------- /ansible/roles/os/tasks/pi.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Apply boot config options 3 | ansible.builtin.lineinfile: 4 | path: /boot/config.txt 5 | regex: "^#?{{ item.key }}=" 6 | line: "{{ item.key }}={{ item.value }}" 7 | loop: "{{ pi_config | dict2items }}" 8 | when: pi_config is defined 9 | -------------------------------------------------------------------------------- /ansible/roles/os/tasks/power-button.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Disable single power button press shutdown 3 | ansible.builtin.lineinfile: 4 | path: /etc/systemd/logind.conf 5 | regexp: "{{ item.setting }}" 6 | line: "{{ item.setting }}={{ item.value }}" 7 | loop: 8 | - setting: HandlePowerKey 9 | value: ignore 10 | when: ansible_product_name == 'NUC8i5BEH' or ansible_product_name == 'NUC8i3BEH' 11 | notify: restart logind 12 | -------------------------------------------------------------------------------- /ansible/roles/os/tasks/time.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set timezone 3 | community.general.timezone: 4 | name: "{{ os_timezone }}" 5 | when: os_timezone is defined 6 | notify: systemd-timesyncd configuration changed 7 | -------------------------------------------------------------------------------- /ansible/roles/os/tasks/unattended-upgrades.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install 3 | ansible.builtin.apt: 4 | name: unattended-upgrades 5 | 6 | - name: Configure 50unattended-upgrades 7 | ansible.builtin.lineinfile: 8 | dest: /etc/apt/apt.conf.d/50unattended-upgrades 9 | regex: "{{ item.key }}" 10 | line: '{{ item.key }} "{{ item.value }}";' 11 | loop: 12 | - key: Unattended-Upgrade::Automatic-Reboot 13 | value: "false" 14 | - key: Unattended-Upgrade::Remove-Unused-Dependencies 15 | value: "true" 16 | notify: unattended-upgrades configuration changed 17 | 18 | - name: Configure 20auto-upgrades 19 | ansible.builtin.lineinfile: 20 | dest: /etc/apt/apt.conf.d/20auto-upgrades 21 | regex: "{{ item.key }}" 22 | line: '{{ item.key }} "{{ item.value }}";' 23 | loop: 24 | - key: APT::Periodic::Unattended-Upgrade 25 | value: "1" 26 | - key: APT::Periodic::Update-Package-Lists 27 | value: "1" 28 | - key: APT::Periodic::Download-Upgradeable-Packages 29 | value: "1" 30 | - key: APT::Periodic::AutocleanInterval 31 | value: "7" 32 | notify: unattended-upgrades configuration changed 33 | 34 | - name: Enable service 35 | ansible.builtin.service: 36 | name: unattended-upgrades.service 37 | enabled: true 38 | -------------------------------------------------------------------------------- /ansible/roles/os/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ansible_become: true 3 | os_timezone: Europe/Paris 4 | os_packages: 5 | install: 6 | - apt-transport-https 7 | - arptables 8 | - ebtables 9 | - nfs-common 10 | - open-iscsi 11 | remove: 12 | - apparmor 13 | - cloud-init 14 | - plymouth 15 | - snapd 16 | - ufw 17 | -------------------------------------------------------------------------------- /ansible/roles/printer3d/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install avrdude 3 | ansible.builtin.apt: 4 | name: avrdude 5 | -------------------------------------------------------------------------------- /ansible/roles/synology/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: User 3 | ansible.builtin.import_tasks: user.yml 4 | tags: 5 | - user 6 | 7 | - name: Prometheus 8 | ansible.builtin.import_tasks: prometheus-node-exporter.yml 9 | tags: 10 | - prometheus-node-exporter 11 | 12 | - name: Minio 13 | ansible.builtin.import_tasks: minio.yml 14 | tags: 15 | - minio 16 | 17 | - name: Matchbox 18 | ansible.builtin.import_tasks: matchbox.yml 19 | tags: 20 | - matchbox 21 | -------------------------------------------------------------------------------- /ansible/roles/synology/tasks/matchbox.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install docker and docker-compose python modules 3 | ansible.builtin.pip: 4 | name: 5 | - docker 6 | become: true 7 | 8 | - name: Install matchbox 9 | community.docker.docker_container: 10 | name: matchbox 11 | image: quay.io/poseidon/matchbox:v0.11.0 12 | restart_policy: unless-stopped 13 | network_mode: host 14 | command: > 15 | -address=0.0.0.0:8080 16 | -rpc-address=0.0.0.0:8081 17 | -log-level=debug 18 | volumes: 19 | - /volume2/matchbox/lib:/var/lib/matchbox:Z 20 | - /volume2/matchbox/etc:/etc/matchbox:Z,ro 21 | become: true 22 | -------------------------------------------------------------------------------- /ansible/roles/synology/tasks/minio.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install docker and docker-compose python modules 3 | ansible.builtin.pip: 4 | name: 5 | - docker 6 | - docker-compose 7 | become: true 8 | 9 | - name: Install minio 10 | community.docker.docker_compose: 11 | project_name: minio 12 | pull: true 13 | definition: 14 | version: "3.7" 15 | services: 16 | minio: 17 | image: quay.io/minio/minio:RELEASE.2025-05-24T17-08-30Z@sha256:a616cd8f37758b0296db62cc9e6af05a074e844cc7b5c0a0e62176d73828d440 18 | container_name: minio 19 | restart: unless-stopped 20 | command: server --console-address ":9010" /data 21 | volumes: 22 | - /volume2/minio:/data 23 | ports: 24 | - "9000:9000" 25 | - "9010:9010" 26 | environment: 27 | MINIO_ROOT_USER: "{{ minio_root_user }}" 28 | MINIO_ROOT_PASSWORD: "{{ minio_root_password }}" 29 | MINIO_PROMETHEUS_AUTH_TYPE: public 30 | become: true 31 | -------------------------------------------------------------------------------- /ansible/roles/synology/tasks/prometheus-node-exporter.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install docker and docker-compose python modules 3 | ansible.builtin.pip: 4 | name: 5 | - docker 6 | - docker-compose 7 | become: true 8 | 9 | - name: Install prometheus node-exporter 10 | community.docker.docker_compose: 11 | project_name: node-exporter 12 | pull: true 13 | definition: 14 | version: "3.7" 15 | services: 16 | node-exporter: 17 | privileged: true 18 | image: quay.io/prometheus/node-exporter:latest 19 | container_name: node-exporter 20 | restart: unless-stopped 21 | network_mode: host 22 | pid: host 23 | volumes: 24 | - /proc:/host/proc:ro 25 | - /sys:/host/sys:ro 26 | - /:/rootfs:ro 27 | command: 28 | - "--path.procfs=/host/proc" 29 | - "--path.sysfs=/host/sys" 30 | - "--collector.filesystem.ignored-mount-points" 31 | - "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)" 32 | become: true 33 | -------------------------------------------------------------------------------- /ansible/roles/synology/tasks/user.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Add user to sudoers 3 | ansible.builtin.copy: 4 | content: "{{ ansible_user }} ALL=(ALL) NOPASSWD: ALL" 5 | dest: "/etc/sudoers.d/{{ ansible_user }}_nopasswd" 6 | mode: 0440 7 | become: true 8 | -------------------------------------------------------------------------------- /ansible/roles/ufw/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ufw_allow: [] 3 | ufw_reset: false 4 | -------------------------------------------------------------------------------- /ansible/roles/ufw/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install package 3 | ansible.builtin.apt: 4 | name: ufw 5 | become: true 6 | 7 | - name: Reset configuration 8 | community.general.ufw: 9 | state: reset 10 | become: true 11 | when: ufw_reset 12 | 13 | - name: Set logging 14 | community.general.ufw: 15 | logging: "on" 16 | become: true 17 | 18 | - name: Allow ssh 19 | community.general.ufw: 20 | rule: allow 21 | port: ssh 22 | become: true 23 | 24 | - name: Allow ports 25 | community.general.ufw: 26 | rule: allow 27 | port: "{{ item.port }}" 28 | proto: "{{ item.proto }}" 29 | loop: "{{ ufw_allow }}" 30 | become: true 31 | when: ufw_allow is defined and ufw_allow|length 32 | 33 | - name: Deny incoming traffic 34 | community.general.ufw: 35 | policy: deny 36 | direction: incoming 37 | become: true 38 | 39 | - name: Enable 40 | community.general.ufw: 41 | state: enabled 42 | become: true 43 | -------------------------------------------------------------------------------- /ansible/roles/unifi/files/config.properties: -------------------------------------------------------------------------------- 1 | config.system_cfg.1=system.analytics.anonymous=disabled 2 | -------------------------------------------------------------------------------- /ansible/roles/unifi/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Restart unifi 3 | ansible.builtin.service: 4 | name: unifi 5 | state: restarted 6 | become: true 7 | listen: certificate changed 8 | 9 | - name: Force provision 10 | ansible.builtin.pause: 11 | prompt: Configuration has changed, trigger a Provision of the device 12 | listen: configuration changed 13 | -------------------------------------------------------------------------------- /ansible/roles/unifi/tasks/config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create config directory 3 | ansible.builtin.file: 4 | path: /etc/unifi/data/sites/default 5 | state: directory 6 | mode: 0755 7 | become: true 8 | notify: configuration changed 9 | 10 | - name: Copy config.properties 11 | ansible.builtin.copy: 12 | src: files/config.properties 13 | dest: /etc/unifi/data/sites/default/config.properties 14 | mode: 0644 15 | become: true 16 | notify: configuration changed 17 | 18 | - name: Copy config.gateway.json 19 | ansible.builtin.template: 20 | src: config.gateway.json.j2 21 | dest: /etc/unifi/data/sites/default/config.gateway.json 22 | mode: 0644 23 | become: true 24 | notify: configuration changed 25 | -------------------------------------------------------------------------------- /ansible/roles/unifi/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install 3 | ansible.builtin.import_tasks: install.yml 4 | tags: 5 | - install 6 | 7 | - name: Config 8 | ansible.builtin.import_tasks: config.yml 9 | tags: 10 | - config 11 | -------------------------------------------------------------------------------- /ansible/roles/unifi/templates/config.gateway.json.j2: -------------------------------------------------------------------------------- 1 | {} 2 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: cert-manager 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: cert-manager 12 | version: v1.17.2 13 | sourceRef: 14 | kind: HelmRepository 15 | name: jetstack 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | strategy: rollback 24 | retries: 3 25 | values: 26 | installCRDs: true 27 | dns01RecursiveNameservers: https://1.1.1.1:443/dns-query,https://1.0.0.1:443/dns-query 28 | dns01RecursiveNameserversOnly: true 29 | prometheus: 30 | enabled: true 31 | servicemonitor: 32 | enabled: true 33 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./prometheusrule.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/issuers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./cloudflare-secret.sops.yaml 7 | - ./letsencrypt-staging.yaml 8 | - ./letsencrypt-production.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/issuers/letsencrypt-production.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/cert-manager.io/clusterissuer_v1.json 3 | apiVersion: cert-manager.io/v1 4 | kind: ClusterIssuer 5 | metadata: 6 | name: letsencrypt-production 7 | spec: 8 | acme: 9 | email: ${EMAIL_ADDRESS_1} 10 | server: https://acme-v02.api.letsencrypt.org/directory 11 | privateKeySecretRef: 12 | name: letsencrypt-production 13 | solvers: 14 | - dns01: 15 | cloudflare: 16 | email: ${EMAIL_ADDRESS_1} 17 | apiTokenSecretRef: 18 | name: cert-manager-cloudflare 19 | key: api-token 20 | selector: 21 | dnsZones: ["${DOMAIN}"] 22 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/issuers/letsencrypt-staging.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/cert-manager.io/clusterissuer_v1.json 3 | apiVersion: cert-manager.io/v1 4 | kind: ClusterIssuer 5 | metadata: 6 | name: letsencrypt-staging 7 | spec: 8 | acme: 9 | email: ${EMAIL_ADDRESS_1} 10 | server: https://acme-staging-v02.api.letsencrypt.org/directory 11 | privateKeySecretRef: 12 | name: letsencrypt-staging 13 | solvers: 14 | - dns01: 15 | cloudflare: 16 | email: ${EMAIL_ADDRESS_1} 17 | apiTokenSecretRef: 18 | name: cert-manager-cloudflare 19 | key: api-token 20 | selector: 21 | dnsZones: ["${DOMAIN}"] 22 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./cert-manager/ks.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: cert-manager 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /kubernetes/apps/database/cloudnative-pg/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: cloudnative-pg 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: cloudnative-pg 12 | version: 0.24.0 13 | sourceRef: 14 | kind: HelmRepository 15 | name: cloudnative-pg 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | strategy: rollback 24 | retries: 3 25 | dependsOn: 26 | - name: openebs 27 | namespace: openebs-system 28 | values: 29 | crds: 30 | create: true 31 | monitoring: 32 | podMonitorEnabled: false 33 | grafanaDashboard: 34 | create: true 35 | -------------------------------------------------------------------------------- /kubernetes/apps/database/cloudnative-pg/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./secret.sops.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/database/cloudnative-pg/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./cluster16.yaml 7 | - ./service.yaml 8 | - ./scheduledbackup.yaml 9 | - ./prometheusrule.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/database/cloudnative-pg/cluster/scheduledbackup.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/postgresql.cnpg.io/scheduledbackup_v1.json 3 | apiVersion: postgresql.cnpg.io/v1 4 | kind: ScheduledBackup 5 | metadata: 6 | name: postgres 7 | spec: 8 | schedule: "@daily" 9 | immediate: true 10 | backupOwnerReference: self 11 | cluster: 12 | name: postgres16 13 | -------------------------------------------------------------------------------- /kubernetes/apps/database/cloudnative-pg/cluster/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: postgres-lb 6 | annotations: 7 | external-dns.alpha.kubernetes.io/hostname: postgres.${DOMAIN} 8 | lbipam.cilium.io/ips: ${POSTGRES_IP} 9 | spec: 10 | type: LoadBalancer 11 | ports: 12 | - name: postgres 13 | port: 5432 14 | protocol: TCP 15 | targetPort: 5432 16 | selector: 17 | cnpg.io/cluster: postgres16 18 | role: primary 19 | -------------------------------------------------------------------------------- /kubernetes/apps/database/dragonfly/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # renovate: datasource=github-releases depName=dragonflydb/dragonfly-operator 7 | - https://raw.githubusercontent.com/dragonflydb/dragonfly-operator/v1.1.11/manifests/crd.yaml 8 | - ./helmrelease.yaml 9 | - ./rbac.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/database/dragonfly/cluster/cluster.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/dragonflydb.io/dragonfly_v1alpha1.json 3 | apiVersion: dragonflydb.io/v1alpha1 4 | kind: Dragonfly 5 | metadata: 6 | name: dragonfly 7 | spec: 8 | image: ghcr.io/dragonflydb/dragonfly:v1.30.3 9 | replicas: 3 10 | env: 11 | - name: MAX_MEMORY 12 | valueFrom: 13 | resourceFieldRef: 14 | resource: limits.memory 15 | divisor: 1Mi 16 | args: 17 | - --maxmemory=$(MAX_MEMORY)Mi 18 | - --proactor_threads=2 19 | - --cluster_mode=emulated 20 | - --lock_on_hashtags 21 | topologySpreadConstraints: 22 | - maxSkew: 1 23 | topologyKey: kubernetes.io/hostname 24 | whenUnsatisfiable: DoNotSchedule 25 | labelSelector: 26 | matchLabels: 27 | app.kubernetes.io/part-of: dragonfly 28 | resources: 29 | requests: 30 | cpu: 100m 31 | limits: 32 | memory: 512Mi 33 | -------------------------------------------------------------------------------- /kubernetes/apps/database/dragonfly/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./cluster.yaml 7 | - ./podmonitor.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/database/dragonfly/cluster/podmonitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/podmonitor_v1.json 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: PodMonitor 5 | metadata: 6 | name: dragonfly 7 | spec: 8 | selector: 9 | matchLabels: 10 | app: dragonfly 11 | podTargetLabels: ["app"] 12 | podMetricsEndpoints: 13 | - port: admin 14 | -------------------------------------------------------------------------------- /kubernetes/apps/database/dragonfly/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app dragonfly 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: database 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/database/dragonfly/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | --- 23 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 24 | apiVersion: kustomize.toolkit.fluxcd.io/v1 25 | kind: Kustomization 26 | metadata: 27 | name: &app dragonfly-cluster 28 | namespace: flux-system 29 | spec: 30 | targetNamespace: database 31 | commonMetadata: 32 | labels: 33 | app.kubernetes.io/name: *app 34 | path: ./kubernetes/apps/database/dragonfly/cluster 35 | sourceRef: 36 | kind: GitRepository 37 | name: home-kubernetes 38 | dependsOn: 39 | - name: dragonfly 40 | prune: true 41 | wait: false 42 | interval: 30m 43 | retryInterval: 1m 44 | timeout: 5m 45 | -------------------------------------------------------------------------------- /kubernetes/apps/database/emqx/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: emqx 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: emqx-operator 12 | version: 2.2.29 13 | sourceRef: 14 | kind: HelmRepository 15 | name: emqx 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | strategy: rollback 24 | retries: 3 25 | dependsOn: 26 | - name: cert-manager 27 | namespace: cert-manager 28 | values: 29 | fullnameOverride: emqx-operator 30 | -------------------------------------------------------------------------------- /kubernetes/apps/database/emqx/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./secret.sops.yaml 8 | - ./init-user-secret.sops.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/database/emqx/cluster/ingress.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: emqx-dashboard 6 | spec: 7 | rules: 8 | - host: emqx.${DOMAIN} 9 | http: 10 | paths: 11 | - path: / 12 | pathType: Prefix 13 | backend: 14 | service: 15 | name: emqx-dashboard 16 | port: 17 | number: 18083 18 | -------------------------------------------------------------------------------- /kubernetes/apps/database/emqx/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./cluster.yaml 7 | - ./ingress.yaml 8 | - ./podmonitor.yaml 9 | configMapGenerator: 10 | - name: emqx-init-mqtt 11 | files: 12 | - ./resources/init-mqtt.py 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | -------------------------------------------------------------------------------- /kubernetes/apps/database/emqx/cluster/podmonitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/podmonitor_v1.json 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: PodMonitor 5 | metadata: 6 | name: emqx 7 | spec: 8 | selector: 9 | matchLabels: 10 | apps.emqx.io/instance: emqx 11 | apps.emqx.io/managed-by: emqx-operator 12 | podMetricsEndpoints: 13 | - port: dashboard 14 | path: /api/v5/prometheus/stats 15 | relabelings: 16 | - action: replace 17 | # user-defined cluster name, requires unique 18 | replacement: emqx5 19 | targetLabel: cluster 20 | - action: replace 21 | # fix value, don't modify 22 | replacement: emqx 23 | targetLabel: from 24 | - action: replace 25 | # fix value, don't modify 26 | sourceLabels: ["pod"] 27 | targetLabel: "instance" 28 | -------------------------------------------------------------------------------- /kubernetes/apps/database/emqx/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app emqx 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: database 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/database/emqx/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | --- 23 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 24 | apiVersion: kustomize.toolkit.fluxcd.io/v1 25 | kind: Kustomization 26 | metadata: 27 | name: &app emqx-cluster 28 | namespace: flux-system 29 | spec: 30 | targetNamespace: database 31 | commonMetadata: 32 | labels: 33 | app.kubernetes.io/name: *app 34 | path: ./kubernetes/apps/database/emqx/cluster 35 | sourceRef: 36 | kind: GitRepository 37 | name: home-kubernetes 38 | dependsOn: 39 | - name: emqx 40 | prune: true 41 | wait: false 42 | interval: 30m 43 | retryInterval: 1m 44 | timeout: 5m 45 | -------------------------------------------------------------------------------- /kubernetes/apps/database/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./cloudnative-pg/ks.yaml 8 | - ./dragonfly/ks.yaml 9 | - ./emqx/ks.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/database/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: database 6 | annotations: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /kubernetes/apps/default/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./mealie/ks.yaml 8 | - ./miniflux/ks.yaml 9 | - ./paperless/ks.yaml 10 | - ./vaultwarden/ks.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/apps/default/mealie/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./secret.sops.yaml 8 | - ../../../../templates/persistence 9 | - ../../../../templates/gatus/external 10 | -------------------------------------------------------------------------------- /kubernetes/apps/default/mealie/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app mealie 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: default 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/default/mealie/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | CAPACITY: 100Mi 26 | GATUS_PATH: /api/app/about 27 | -------------------------------------------------------------------------------- /kubernetes/apps/default/miniflux/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./secret.sops.yaml 8 | - ../../../../templates/gatus/external 9 | -------------------------------------------------------------------------------- /kubernetes/apps/default/miniflux/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app miniflux 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: default 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/default/miniflux/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | dependsOn: 18 | - name: cloudnative-pg-cluster 19 | prune: true 20 | wait: false 21 | interval: 30m 22 | retryInterval: 1m 23 | timeout: 5m 24 | postBuild: 25 | substitute: 26 | APP: *app 27 | GATUS_PATH: /healthcheck 28 | -------------------------------------------------------------------------------- /kubernetes/apps/default/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: default 6 | annotations: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /kubernetes/apps/default/paperless/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./secret.sops.yaml 8 | - ../../../../templates/persistence 9 | - ../../../../templates/gatus/guarded 10 | -------------------------------------------------------------------------------- /kubernetes/apps/default/paperless/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app paperless 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: default 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/default/paperless/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | CAPACITY: 5Gi 26 | -------------------------------------------------------------------------------- /kubernetes/apps/default/vaultwarden/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./secret.sops.yaml 8 | - ../../../../templates/persistence 9 | - ../../../../templates/gatus/external 10 | -------------------------------------------------------------------------------- /kubernetes/apps/default/vaultwarden/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app vaultwarden 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: default 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/default/vaultwarden/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | CAPACITY: 200Mi 26 | -------------------------------------------------------------------------------- /kubernetes/apps/download/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./qbittorrent/ks.yaml 8 | - ./sabnzbd/ks.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/download/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: download 6 | annotations: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /kubernetes/apps/download/qbittorrent/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./secret.sops.yaml 8 | - ./gluetun.sops.yaml 9 | - ../../../../templates/persistence 10 | configMapGenerator: 11 | - name: qbittorrent-dnsdist 12 | files: 13 | - ./resources/dnsdist.conf 14 | generatorOptions: 15 | disableNameSuffixHash: true 16 | annotations: 17 | kustomize.toolkit.fluxcd.io/substitute: disabled 18 | -------------------------------------------------------------------------------- /kubernetes/apps/download/qbittorrent/app/resources/dnsdist.conf: -------------------------------------------------------------------------------- 1 | -- udp/tcp dns listening 2 | setLocal("127.0.0.2:53", {}) 3 | 4 | -- K8S DNS 5 | newServer({ 6 | address = "10.43.0.10", 7 | pool = "k8s", 8 | healthCheckMode = "lazy", 9 | lazyHealthCheckMode = 'TimeoutOnly', 10 | }) 11 | 12 | -- CloudFlare DNS over TLS 13 | newServer({ 14 | address = "1.1.1.1:853", 15 | tls = "openssl", 16 | subjectName = "cloudflare-dns.com", 17 | validateCertificates = true, 18 | healthCheckMode = "lazy", 19 | lazyHealthCheckMode = 'TimeoutOnly', 20 | }) 21 | newServer({ 22 | address = "1.0.0.1:853", 23 | tls = "openssl", 24 | subjectName = "cloudflare-dns.com", 25 | validateCertificates = true, 26 | healthCheckMode = "lazy", 27 | lazyHealthCheckMode = 'TimeoutOnly', 28 | }) 29 | 30 | -- Routing rules 31 | addAction('cluster.local', PoolAction('k8s')) 32 | -------------------------------------------------------------------------------- /kubernetes/apps/download/qbittorrent/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app qbittorrent 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: download 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/download/qbittorrent/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | CAPACITY: 100Mi 26 | -------------------------------------------------------------------------------- /kubernetes/apps/download/sabnzbd/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ../../../../templates/persistence 8 | -------------------------------------------------------------------------------- /kubernetes/apps/download/sabnzbd/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app sabnzbd 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: download 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/download/sabnzbd/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | CAPACITY: 100Mi 26 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/addons/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./monitoring 7 | - ./notifications 8 | - ./webhooks 9 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/addons/app/monitoring/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./podmonitor.yaml 7 | - ./prometheusrule.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/addons/app/monitoring/podmonitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/podmonitor_v1.json 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: PodMonitor 5 | metadata: 6 | name: flux-system 7 | namespace: flux-system 8 | labels: 9 | app.kubernetes.io/part-of: flux 10 | app.kubernetes.io/component: monitoring 11 | spec: 12 | namespaceSelector: 13 | matchNames: 14 | - flux-system 15 | selector: 16 | matchExpressions: 17 | - key: app 18 | operator: In 19 | values: 20 | - helm-controller 21 | - source-controller 22 | - kustomize-controller 23 | - notification-controller 24 | - image-automation-controller 25 | - image-reflector-controller 26 | podMetricsEndpoints: 27 | - port: http-prom 28 | relabelings: 29 | # Ref: https://github.com/prometheus-operator/prometheus-operator/issues/4816 30 | - sourceLabels: [__meta_kubernetes_pod_phase] 31 | action: keep 32 | regex: Running 33 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/addons/app/monitoring/prometheusrule.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/prometheusrule_v1.json 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: PrometheusRule 5 | metadata: 6 | name: flux-rules 7 | namespace: flux-system 8 | spec: 9 | groups: 10 | - name: flux.rules 11 | rules: 12 | - alert: FluxComponentAbsent 13 | annotations: 14 | summary: Flux component has disappeared from Prometheus target discovery. 15 | expr: | 16 | absent(up{job=~".*flux-system.*"} == 1) 17 | for: 15m 18 | labels: 19 | severity: critical 20 | - alert: FluxReconciliationFailure 21 | annotations: 22 | summary: >- 23 | {{ $labels.kind }} {{ $labels.namespace }}/{{ $labels.name }} reconciliation 24 | has been failing for more than 15 minutes. 25 | expr: | 26 | max(gotk_reconcile_condition{status="False",type="Ready"}) by (namespace, name, kind) 27 | + 28 | on(namespace, name, kind) (max(gotk_reconcile_condition{status="Deleted"}) 29 | by (namespace, name, kind)) * 2 == 1 30 | for: 15m 31 | labels: 32 | severity: critical 33 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/addons/app/notifications/github/alert.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/notification.toolkit.fluxcd.io/alert_v1beta3.json 3 | apiVersion: notification.toolkit.fluxcd.io/v1beta3 4 | kind: Alert 5 | metadata: 6 | name: github 7 | spec: 8 | providerRef: 9 | name: github 10 | eventSeverity: info 11 | eventSources: 12 | - kind: Kustomization 13 | name: "*" 14 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/addons/app/notifications/github/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./alert.yaml 7 | - ./provider.yaml 8 | - ./secret.sops.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/addons/app/notifications/github/provider.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/notification.toolkit.fluxcd.io/provider_v1beta3.json 3 | apiVersion: notification.toolkit.fluxcd.io/v1beta3 4 | kind: Provider 5 | metadata: 6 | name: github 7 | namespace: flux-system 8 | spec: 9 | type: github 10 | address: https://github.com/Diaoul/home-ops 11 | secretRef: 12 | name: github-token 13 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/addons/app/notifications/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./github 7 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/addons/app/webhooks/github/ingress.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: flux-webhook 6 | annotations: 7 | # disabled 8 | nginx.ingress.kubernetes.io/custom-http-errors: 599 9 | spec: 10 | ingressClassName: external 11 | rules: 12 | - host: flux-webhook.${DOMAIN} 13 | http: 14 | paths: 15 | - path: /hook/ 16 | pathType: Prefix 17 | backend: 18 | service: 19 | name: webhook-receiver 20 | port: 21 | number: 80 22 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/addons/app/webhooks/github/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./ingress.yaml 7 | - ./receiver.yaml 8 | - ./secret.sops.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/addons/app/webhooks/github/receiver.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/notification.toolkit.fluxcd.io/receiver_v1.json 3 | apiVersion: notification.toolkit.fluxcd.io/v1 4 | kind: Receiver 5 | metadata: 6 | name: github 7 | spec: 8 | type: github 9 | events: 10 | - ping 11 | - push 12 | secretRef: 13 | name: github-webhook-token 14 | resources: 15 | - apiVersion: source.toolkit.fluxcd.io/v1 16 | kind: GitRepository 17 | name: home-kubernetes 18 | namespace: flux-system 19 | - apiVersion: kustomize.toolkit.fluxcd.io/v1 20 | kind: Kustomization 21 | name: cluster 22 | namespace: flux-system 23 | - apiVersion: kustomize.toolkit.fluxcd.io/v1 24 | kind: Kustomization 25 | name: cluster-apps 26 | namespace: flux-system 27 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/addons/app/webhooks/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./github 7 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/addons/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app flux-addons 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: flux-system 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/flux-system/addons/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./addons/ks.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: flux-system 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /kubernetes/apps/home-automation/esphome/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ../../../../templates/persistence 8 | - ../../../../templates/gatus/guarded 9 | -------------------------------------------------------------------------------- /kubernetes/apps/home-automation/esphome/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app esphome 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: home-automation 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/home-automation/esphome/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | CAPACITY: 3Gi 26 | -------------------------------------------------------------------------------- /kubernetes/apps/home-automation/frigate/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./secret.sops.yaml 8 | - ../../../../templates/persistence 9 | - ../../../../templates/gatus/guarded 10 | configMapGenerator: 11 | - name: frigate-config 12 | files: 13 | - ./resources/config.yml 14 | generatorOptions: 15 | disableNameSuffixHash: true 16 | -------------------------------------------------------------------------------- /kubernetes/apps/home-automation/frigate/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app frigate 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: home-automation 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/home-automation/frigate/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | dependsOn: 18 | - name: emqx-cluster 19 | - name: node-feature-discovery-rules 20 | prune: true 21 | wait: false 22 | interval: 30m 23 | retryInterval: 1m 24 | timeout: 5m 25 | postBuild: 26 | substitute: 27 | APP: *app 28 | CAPACITY: 2Gi 29 | -------------------------------------------------------------------------------- /kubernetes/apps/home-automation/go2rtc/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ../../../../templates/gatus/guarded 8 | configMapGenerator: 9 | - name: go2rtc-config 10 | files: 11 | - ./resources/go2rtc.yaml 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/apps/home-automation/go2rtc/app/resources/go2rtc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | api: 3 | listen: :80 4 | rtsp: 5 | listen: :554 6 | webrtc: 7 | listen: :8555 8 | candidates: 9 | - 10.44.0.24:8555 10 | - stun:8555 11 | ice_servers: 12 | - urls: 13 | - stun:stun.cloudflare.com:3478 14 | streams: 15 | entrance_lq: 16 | - rtspx://10.0.1.3:7441/aR7s7R2TTtXyxYU6 17 | entrance_hq: 18 | - rtspx://10.0.1.3:7441/tRQBbVxBgt53Kiq0 19 | dining_room_lq: 20 | - rtspx://10.0.1.3:7441/UArYysQ9DZfj6vPU 21 | dining_room_hq: 22 | - rtspx://10.0.1.3:7441/UkGlOo8qDsabuGNC 23 | living_room_lq: 24 | - rtspx://10.0.1.3:7441/7LvLL0WaeL1vFdfO 25 | living_room_hq: 26 | - rtspx://10.0.1.3:7441/6vCB9HnOkFjSMOfW 27 | office_lq: 28 | - rtspx://10.0.1.3:7441/zsEl9fSROKT3KBVu 29 | office_hq: 30 | - rtspx://10.0.1.3:7441/d5SYyhFVj4pLIJiF 31 | -------------------------------------------------------------------------------- /kubernetes/apps/home-automation/go2rtc/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app go2rtc 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: home-automation 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/home-automation/go2rtc/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /kubernetes/apps/home-automation/home-assistant/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ../../../../templates/persistence 8 | - ../../../../templates/gatus/external 9 | -------------------------------------------------------------------------------- /kubernetes/apps/home-automation/home-assistant/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app home-assistant 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: home-automation 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/home-automation/home-assistant/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | dependsOn: 18 | - name: emqx-cluster 19 | prune: true 20 | wait: false 21 | interval: 30m 22 | retryInterval: 1m 23 | timeout: 5m 24 | postBuild: 25 | substitute: 26 | APP: *app 27 | CAPACITY: 2Gi 28 | GATUS_SUBDOMAIN: hass 29 | -------------------------------------------------------------------------------- /kubernetes/apps/home-automation/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./esphome/ks.yaml 8 | - ./frigate/ks.yaml 9 | - ./go2rtc/ks.yaml 10 | - ./home-assistant/ks.yaml 11 | - ./zigbee2mqtt/ks.yaml 12 | - ./zigbee2mqtt-secondary/ks.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/home-automation/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: home-automation 6 | annotations: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | volsync.backube/privileged-movers: "true" 9 | -------------------------------------------------------------------------------- /kubernetes/apps/home-automation/zigbee2mqtt-secondary/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./secret.sops.yaml 8 | - ../../../../templates/persistence 9 | - ../../../../templates/gatus/guarded 10 | -------------------------------------------------------------------------------- /kubernetes/apps/home-automation/zigbee2mqtt-secondary/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app zigbee2mqtt-secondary 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: home-automation 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/home-automation/zigbee2mqtt-secondary/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | dependsOn: 18 | - name: emqx-cluster 19 | prune: true 20 | wait: false 21 | interval: 30m 22 | retryInterval: 1m 23 | timeout: 5m 24 | postBuild: 25 | substitute: 26 | APP: *app 27 | CAPACITY: 500Mi 28 | -------------------------------------------------------------------------------- /kubernetes/apps/home-automation/zigbee2mqtt/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./secret.sops.yaml 8 | - ../../../../templates/persistence 9 | - ../../../../templates/gatus/guarded 10 | -------------------------------------------------------------------------------- /kubernetes/apps/home-automation/zigbee2mqtt/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app zigbee2mqtt 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: home-automation 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/home-automation/zigbee2mqtt/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | dependsOn: 18 | - name: emqx-cluster 19 | prune: true 20 | wait: false 21 | interval: 30m 22 | retryInterval: 1m 23 | timeout: 5m 24 | postBuild: 25 | substitute: 26 | APP: *app 27 | CAPACITY: 500Mi 28 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: cilium 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: cilium 12 | version: 1.17.4 13 | sourceRef: 14 | kind: HelmRepository 15 | name: cilium 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | retries: 3 24 | valuesFrom: 25 | - kind: ConfigMap 26 | name: cilium-helm-values 27 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ../../../../templates/gatus/guarded 8 | configMapGenerator: 9 | - name: cilium-helm-values 10 | files: 11 | - ./values.yaml 12 | configurations: 13 | - kustomizeconfig.yaml 14 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/config/bgp-peering-policy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # https://docs.cilium.io/en/latest/network/bgp-control-plane/ 3 | apiVersion: cilium.io/v2alpha1 4 | kind: CiliumBGPPeeringPolicy 5 | metadata: 6 | name: bgp-peering-policy 7 | spec: 8 | nodeSelector: 9 | matchLabels: 10 | kubernetes.io/os: linux 11 | virtualRouters: 12 | - localASN: 64512 13 | neighbors: 14 | - peerAddress: ${ROUTER_IP}/32 15 | peerASN: 64512 16 | gracefulRestart: 17 | enabled: true 18 | restartTimeSeconds: 120 19 | serviceSelector: 20 | matchExpressions: 21 | - { key: io.cilium/bgp, operator: NotIn, values: ["false"] } 22 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./bgp-peering-policy.yaml 7 | # - ./l2-announcement-policy.yaml 8 | - ./lb-ip-pool.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/config/l2-announcement-policy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/cilium.io/ciliuml2announcementpolicy_v2alpha1.json 3 | apiVersion: cilium.io/v2alpha1 4 | kind: CiliumL2AnnouncementPolicy 5 | metadata: 6 | name: l2-announcement-policy 7 | spec: 8 | loadBalancerIPs: true 9 | nodeSelector: 10 | matchLabels: 11 | kubernetes.io/os: linux 12 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/config/lb-ip-pool.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/cilium.io/ciliumloadbalancerippool_v2alpha1.json 3 | apiVersion: cilium.io/v2alpha1 4 | kind: CiliumLoadBalancerIPPool 5 | metadata: 6 | name: lb-ip-pool 7 | spec: 8 | blocks: 9 | - cidr: 10.44.0.0/16 10 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/coredns/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: coredns 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: coredns 12 | version: 1.42.2 13 | sourceRef: 14 | kind: HelmRepository 15 | name: coredns 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | strategy: rollback 24 | retries: 3 25 | valuesFrom: 26 | - kind: ConfigMap 27 | name: coredns-helm-values 28 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/coredns/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: coredns-helm-values 9 | files: 10 | - ./values.yaml 11 | configurations: 12 | - kustomizeconfig.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/coredns/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/coredns/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app coredns 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: kube-system 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/kube-system/coredns/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: false 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/descheduler/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/descheduler/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app descheduler 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: kube-system 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/kube-system/descheduler/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/generic-device-plugin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: generic-device-plugin 9 | files: 10 | - ./resources/config.yaml 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/generic-device-plugin/app/resources/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | devices: 3 | - name: tun 4 | groups: 5 | - count: 1000 6 | paths: 7 | - path: /dev/net/tun 8 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/generic-device-plugin/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app generic-device-plugin 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: kube-system 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/kube-system/generic-device-plugin/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/intel-device-plugin/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: intel-device-plugin-operator 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: intel-device-plugins-operator 12 | version: 0.32.1 13 | sourceRef: 14 | kind: HelmRepository 15 | name: intel 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | crds: CreateReplace 21 | upgrade: 22 | cleanupOnFail: true 23 | remediation: 24 | strategy: rollback 25 | retries: 3 26 | crds: CreateReplace 27 | dependsOn: 28 | - name: node-feature-discovery 29 | namespace: kube-system 30 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/intel-device-plugin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/intel-device-plugin/gpu/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: intel-device-plugin-gpu 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: intel-device-plugins-gpu 12 | version: 0.32.1 13 | sourceRef: 14 | kind: HelmRepository 15 | name: intel 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | strategy: rollback 24 | retries: 3 25 | dependsOn: 26 | - name: intel-device-plugin-operator 27 | namespace: kube-system 28 | values: 29 | name: intel-gpu-plugin 30 | sharedDevNum: 3 31 | nodeFeatureRule: true 32 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/intel-device-plugin/gpu/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/intel-device-plugin/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app intel-device-plugin 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: kube-system 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/kube-system/intel-device-plugin/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | --- 23 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 24 | apiVersion: kustomize.toolkit.fluxcd.io/v1 25 | kind: Kustomization 26 | metadata: 27 | name: &app intel-device-plugin-gpu 28 | namespace: flux-system 29 | spec: 30 | targetNamespace: kube-system 31 | commonMetadata: 32 | labels: 33 | app.kubernetes.io/name: *app 34 | path: ./kubernetes/apps/kube-system/intel-device-plugin/gpu 35 | sourceRef: 36 | kind: GitRepository 37 | name: home-kubernetes 38 | prune: true 39 | wait: false 40 | interval: 30m 41 | retryInterval: 1m 42 | timeout: 5m 43 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/kubelet-csr-approver/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: kubelet-csr-approver 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: kubelet-csr-approver 12 | version: 1.2.10 13 | sourceRef: 14 | kind: HelmRepository 15 | name: postfinance 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | retries: 3 24 | valuesFrom: 25 | - kind: ConfigMap 26 | name: kubelet-csr-approver-helm-values 27 | values: 28 | metrics: 29 | enable: true 30 | serviceMonitor: 31 | enabled: true 32 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: kubelet-csr-approver-helm-values 9 | files: 10 | - ./values.yaml 11 | configurations: 12 | - kustomizeconfig.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/kubelet-csr-approver/app/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | providerRegex: ^(k8s-node-\d)$ 3 | bypassDnsResolution: true 4 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/kubelet-csr-approver/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app kubelet-csr-approver 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: kube-system 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/kube-system/kubelet-csr-approver/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: false 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./namespace.yaml 6 | - ./cilium/ks.yaml 7 | - ./coredns/ks.yaml 8 | - ./descheduler/ks.yaml 9 | - ./generic-device-plugin/ks.yaml 10 | - ./intel-device-plugin/ks.yaml 11 | - ./kubelet-csr-approver/ks.yaml 12 | - ./metrics-server/ks.yaml 13 | - ./node-feature-discovery/ks.yaml 14 | - ./reloader/ks.yaml 15 | - ./spegel/ks.yaml 16 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/metrics-server/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: metrics-server 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: metrics-server 12 | version: 3.12.2 13 | sourceRef: 14 | kind: HelmRepository 15 | name: metrics-server 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | retries: 3 24 | values: 25 | args: 26 | - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname 27 | - --kubelet-use-node-status-port 28 | - --metric-resolution=15s 29 | metrics: 30 | enabled: true 31 | serviceMonitor: 32 | enabled: true 33 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/metrics-server/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/metrics-server/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app metrics-server 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: kube-system 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/kube-system/metrics-server/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: kube-system 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/node-feature-discovery/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: node-feature-discovery 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: node-feature-discovery 12 | version: 0.17.3 13 | sourceRef: 14 | kind: HelmRepository 15 | name: node-feature-discovery 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | crds: CreateReplace 21 | upgrade: 22 | cleanupOnFail: true 23 | remediation: 24 | strategy: rollback 25 | retries: 3 26 | crds: CreateReplace 27 | values: 28 | worker: 29 | config: 30 | core: 31 | sources: [system, pci, usb] 32 | prometheus: 33 | enable: true 34 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/node-feature-discovery/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/node-feature-discovery/rules/e1000e-device.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: nfd.k8s-sigs.io/v1alpha1 3 | kind: NodeFeatureRule 4 | metadata: 5 | name: e1000e-device 6 | spec: 7 | rules: 8 | - name: e1000e 9 | labels: 10 | feature.node.kubernetes.io/custom-e1000e: "true" 11 | matchFeatures: 12 | - feature: kernel.loadedmodule 13 | matchExpressions: 14 | e1000e: { op: Exists } 15 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/node-feature-discovery/rules/google-coral-device.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: nfd.k8s-sigs.io/v1alpha1 3 | kind: NodeFeatureRule 4 | metadata: 5 | name: google-coral-device 6 | spec: 7 | rules: 8 | - name: google.coral 9 | labels: 10 | feature.node.kubernetes.io/custom-google-coral: "true" 11 | matchFeatures: 12 | - feature: pci.device 13 | matchExpressions: 14 | class: { op: In, value: ["0880"] } 15 | vendor: { op: In, value: ["1ac1"] } 16 | device: { op: In, value: ["089a"] } 17 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/node-feature-discovery/rules/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./e1000e-device.yaml 7 | - ./google-coral-device.yaml 8 | - ./ups-apc-device.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/node-feature-discovery/rules/ups-apc-device.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: nfd.k8s-sigs.io/v1alpha1 3 | kind: NodeFeatureRule 4 | metadata: 5 | name: ups-apc-device 6 | spec: 7 | rules: 8 | - name: ups.apc 9 | labels: 10 | feature.node.kubernetes.io/custom-ups-apc: "true" 11 | matchFeatures: 12 | - feature: usb.device 13 | matchExpressions: 14 | class: { op: In, value: ["03"] } 15 | vendor: { op: In, value: ["051d"] } 16 | device: { op: In, value: ["0002"] } 17 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/reloader/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: reloader 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: reloader 12 | version: 2.1.3 13 | sourceRef: 14 | kind: HelmRepository 15 | name: stakater 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | retries: 3 24 | values: 25 | fullnameOverride: reloader 26 | reloader: 27 | readOnlyRootFileSystem: true 28 | podMonitor: 29 | enabled: true 30 | namespace: "{{ .Release.Namespace }}" 31 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/reloader/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/reloader/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app reloader 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: kube-system 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/kube-system/reloader/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/spegel/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: spegel 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: spegel 12 | version: 0.2.0 13 | sourceRef: 14 | kind: HelmRepository 15 | name: spegel 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | retries: 3 24 | valuesFrom: 25 | - kind: ConfigMap 26 | name: spegel-helm-values 27 | values: 28 | grafanaDashboard: 29 | enabled: true 30 | serviceMonitor: 31 | enabled: true 32 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/spegel/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: spegel-helm-values 9 | files: 10 | - ./values.yaml 11 | configurations: 12 | - kustomizeconfig.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/spegel/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/spegel/app/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | spegel: 3 | containerdSock: /run/containerd/containerd.sock 4 | containerdRegistryConfigPath: /etc/cri/conf.d/hosts 5 | service: 6 | registry: 7 | hostPort: 29999 8 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/spegel/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app spegel 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: kube-system 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/kube-system/spegel/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/media/audiobookshelf/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ../../../../templates/persistence 8 | - ../../../../templates/gatus/external 9 | -------------------------------------------------------------------------------- /kubernetes/apps/media/audiobookshelf/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app audiobookshelf 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: media 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/media/audiobookshelf/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | CAPACITY: 500Mi 26 | GATUS_PATH: /ping 27 | -------------------------------------------------------------------------------- /kubernetes/apps/media/autobrr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./secret.sops.yaml 8 | - ../../../../templates/gatus/guarded 9 | configMapGenerator: 10 | - name: autobrr-loki-rules 11 | files: 12 | - autobrr.yaml=./resources/lokirule.yaml 13 | options: 14 | labels: 15 | loki_rule: "true" 16 | generatorOptions: 17 | disableNameSuffixHash: true 18 | -------------------------------------------------------------------------------- /kubernetes/apps/media/autobrr/app/resources/lokirule.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | groups: 3 | - name: autobrr 4 | rules: 5 | - alert: AutobrrNetworkUnhealthy 6 | expr: | 7 | sum by (app) (count_over_time({app="autobrr"} |~ "(?i)network unhealthy"[2m])) > 0 8 | for: 2m 9 | labels: 10 | severity: critical 11 | category: logs 12 | annotations: 13 | app: "{{ $labels.app }}" 14 | summary: "{{ $labels.app }} has a unhealthy network" 15 | -------------------------------------------------------------------------------- /kubernetes/apps/media/autobrr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app autobrr 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: media 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/media/autobrr/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | dependsOn: 18 | - name: cloudnative-pg-cluster 19 | prune: true 20 | wait: false 21 | interval: 30m 22 | retryInterval: 1m 23 | timeout: 5m 24 | postBuild: 25 | substitute: 26 | APP: *app 27 | -------------------------------------------------------------------------------- /kubernetes/apps/media/flaresolverr/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: flaresolverr 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: app-template 12 | version: 3.7.3 13 | sourceRef: 14 | kind: HelmRepository 15 | name: bjw-s 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | strategy: rollback 24 | retries: 3 25 | values: 26 | controllers: 27 | flaresolverr: 28 | containers: 29 | app: 30 | image: 31 | repository: ghcr.io/flaresolverr/flaresolverr 32 | tag: v3.3.21@sha256:f104ee51e5124d83cf3be9b37480649355d223f7d8f9e453d0d5ef06c6e3b31b 33 | resources: 34 | requests: 35 | cpu: 10m 36 | memory: 150Mi 37 | limits: 38 | memory: 500Mi 39 | service: 40 | app: 41 | controller: flaresolverr 42 | ports: 43 | http: 44 | port: 8191 45 | -------------------------------------------------------------------------------- /kubernetes/apps/media/flaresolverr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/media/flaresolverr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app flaresolverr 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: media 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/media/flaresolverr/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/media/jellyfin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ../../../../templates/persistence 8 | - ../../../../templates/gatus/external 9 | -------------------------------------------------------------------------------- /kubernetes/apps/media/jellyfin/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app jellyfin 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: media 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/media/jellyfin/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | CAPACITY: 5Gi 26 | GATUS_PATH: /System/Ping 27 | -------------------------------------------------------------------------------- /kubernetes/apps/media/jellyseerr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ../../../../templates/persistence 8 | - ../../../../templates/gatus/guarded 9 | -------------------------------------------------------------------------------- /kubernetes/apps/media/jellyseerr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app jellyseerr 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: media 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/media/jellyseerr/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | CAPACITY: 2Gi 26 | -------------------------------------------------------------------------------- /kubernetes/apps/media/jellystat/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./secret.sops.yaml 8 | - ../../../../templates/gatus/guarded 9 | -------------------------------------------------------------------------------- /kubernetes/apps/media/jellystat/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app jellystat 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: media 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/media/jellystat/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | dependsOn: 18 | - name: cloudnative-pg-cluster 19 | prune: true 20 | wait: false 21 | interval: 30m 22 | retryInterval: 1m 23 | timeout: 5m 24 | postBuild: 25 | substitute: 26 | APP: *app 27 | CAPACITY: 500Mi 28 | -------------------------------------------------------------------------------- /kubernetes/apps/media/kavita/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ../../../../templates/persistence 8 | -------------------------------------------------------------------------------- /kubernetes/apps/media/kavita/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app kavita 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: media 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/media/kavita/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | CAPACITY: 500Mi 26 | -------------------------------------------------------------------------------- /kubernetes/apps/media/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./audiobookshelf/ks.yaml 8 | - ./autobrr/ks.yaml 9 | - ./flaresolverr/ks.yaml 10 | - ./jellyfin/ks.yaml 11 | - ./jellyseerr/ks.yaml 12 | - ./jellystat/ks.yaml 13 | - ./kavita/ks.yaml 14 | - ./lidarr/ks.yaml 15 | - ./prowlarr/ks.yaml 16 | - ./radarr/ks.yaml 17 | - ./readarr-audio/ks.yaml 18 | - ./readarr/ks.yaml 19 | - ./recyclarr/ks.yaml 20 | - ./sonarr/ks.yaml 21 | - ./unpackerr/ks.yaml 22 | -------------------------------------------------------------------------------- /kubernetes/apps/media/lidarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./secret.sops.yaml 8 | - ../../../../templates/persistence 9 | - ../../../../templates/gatus/external 10 | -------------------------------------------------------------------------------- /kubernetes/apps/media/lidarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app lidarr 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: media 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/media/lidarr/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | CAPACITY: 1Gi 26 | GATUS_PATH: /ping 27 | -------------------------------------------------------------------------------- /kubernetes/apps/media/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: media 6 | annotations: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /kubernetes/apps/media/prowlarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./secret.sops.yaml 8 | - ../../../../templates/persistence 9 | - ../../../../templates/gatus/external 10 | -------------------------------------------------------------------------------- /kubernetes/apps/media/prowlarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app prowlarr 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: media 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/media/prowlarr/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | CAPACITY: 1Gi 26 | GATUS_PATH: /ping 27 | -------------------------------------------------------------------------------- /kubernetes/apps/media/radarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./secret.sops.yaml 8 | - ../../../../templates/persistence 9 | - ../../../../templates/gatus/external 10 | -------------------------------------------------------------------------------- /kubernetes/apps/media/radarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app radarr 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: media 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/media/radarr/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | CAPACITY: 1Gi 26 | GATUS_PATH: /ping 27 | -------------------------------------------------------------------------------- /kubernetes/apps/media/readarr-audio/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./secret.sops.yaml 8 | - ../../../../templates/persistence 9 | - ../../../../templates/gatus/external 10 | -------------------------------------------------------------------------------- /kubernetes/apps/media/readarr-audio/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app readarr-audio 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: media 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/media/readarr-audio/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | CAPACITY: 1Gi 26 | GATUS_PATH: /ping 27 | -------------------------------------------------------------------------------- /kubernetes/apps/media/readarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./secret.sops.yaml 8 | - ../../../../templates/persistence 9 | - ../../../../templates/gatus/external 10 | -------------------------------------------------------------------------------- /kubernetes/apps/media/readarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app readarr 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: media 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/media/readarr/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | CAPACITY: 1Gi 26 | GATUS_PATH: /ping 27 | -------------------------------------------------------------------------------- /kubernetes/apps/media/recyclarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ../../../../templates/persistence 8 | configMapGenerator: 9 | - name: recyclarr 10 | files: 11 | - ./resources/recyclarr.yml 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/apps/media/recyclarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app recyclarr 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: media 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/media/recyclarr/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | CAPACITY: 200Mi 26 | -------------------------------------------------------------------------------- /kubernetes/apps/media/sonarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./secret.sops.yaml 8 | - ../../../../templates/persistence 9 | - ../../../../templates/gatus/external 10 | -------------------------------------------------------------------------------- /kubernetes/apps/media/sonarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app sonarr 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: media 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/media/sonarr/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | CAPACITY: 1Gi 26 | GATUS_PATH: /ping 27 | -------------------------------------------------------------------------------- /kubernetes/apps/media/unpackerr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./secret.sops.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/media/unpackerr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app unpackerr 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: media 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/media/unpackerr/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/network/blocky/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: blocky 9 | files: 10 | - ./resources/config.yml 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | -------------------------------------------------------------------------------- /kubernetes/apps/network/blocky/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app blocky 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: network 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/network/blocky/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/network/cloudflared/app/dnsendpoint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/externaldns.k8s.io/dnsendpoint_v1alpha1.json 3 | apiVersion: externaldns.k8s.io/v1alpha1 4 | kind: DNSEndpoint 5 | metadata: 6 | name: cloudflared 7 | spec: 8 | endpoints: 9 | - dnsName: external.${DOMAIN} 10 | recordType: CNAME 11 | targets: ["${CLOUDFLARE_TUNNEL_ID}.cfargotunnel.com"] 12 | -------------------------------------------------------------------------------- /kubernetes/apps/network/cloudflared/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./dnsendpoint.yaml 7 | - ./secret.sops.yaml 8 | - ./helmrelease.yaml 9 | configMapGenerator: 10 | - name: cloudflared 11 | files: 12 | - ./resources/config.yaml 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | -------------------------------------------------------------------------------- /kubernetes/apps/network/cloudflared/app/resources/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | originRequest: 3 | originServerName: external.${DOMAIN} 4 | 5 | ingress: 6 | - hostname: ${DOMAIN} 7 | service: https://nginx-external-controller.network.svc.cluster.local:443 8 | - hostname: "*.${DOMAIN}" 9 | service: https://nginx-external-controller.network.svc.cluster.local:443 10 | - service: http_status:404 11 | -------------------------------------------------------------------------------- /kubernetes/apps/network/cloudflared/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app cloudflared 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: network 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/network/cloudflared/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | dependsOn: 18 | - name: external-dns 19 | prune: true 20 | wait: true 21 | interval: 30m 22 | retryInterval: 1m 23 | timeout: 5m 24 | -------------------------------------------------------------------------------- /kubernetes/apps/network/e1000e-fix/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/network/e1000e-fix/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app e1000e-fix 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: network 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/network/e1000e-fix/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/network/echo-server/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/network/echo-server/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app echo-server 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: network 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/network/echo-server/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/network/external-dns-internal/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/network/external-dns-internal/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app external-dns-internal 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: network 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/network/external-dns-internal/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/network/external-dns/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./cloudflare-secret.sops.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/network/external-dns/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app external-dns 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: network 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/network/external-dns/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/network/k8s-gateway/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: k8s-gateway 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: k8s-gateway 12 | version: 2.4.0 13 | sourceRef: 14 | kind: HelmRepository 15 | name: k8s-gateway 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | strategy: rollback 24 | retries: 3 25 | values: 26 | fullnameOverride: k8s-gateway 27 | image: 28 | registry: quay.io 29 | repository: oriedge/k8s_gateway 30 | tag: v0.4.0 31 | replicaCount: 2 32 | domain: ${DOMAIN} 33 | service: 34 | type: LoadBalancer 35 | annotations: 36 | lbipam.cilium.io/ips: ${K8S_GATEWAY_IP} 37 | fallthrough: 38 | enabled: true 39 | zones: 40 | - andromeda.${DOMAIN} 41 | - sunflower.${DOMAIN} 42 | -------------------------------------------------------------------------------- /kubernetes/apps/network/k8s-gateway/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/network/k8s-gateway/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app k8s-gateway 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: network 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/network/k8s-gateway/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/network/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./blocky/ks.yaml 8 | - ./cloudflared/ks.yaml 9 | - ./e1000e-fix/ks.yaml 10 | - ./echo-server/ks.yaml 11 | - ./external-dns/ks.yaml 12 | - ./external-dns-internal/ks.yaml 13 | - ./k8s-gateway/ks.yaml 14 | - ./nginx/ks.yaml 15 | - ./singularity/ks.yaml 16 | -------------------------------------------------------------------------------- /kubernetes/apps/network/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: network 6 | annotations: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /kubernetes/apps/network/nginx/external/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/network/nginx/internal/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/network/nginx/shared/certificate.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/cert-manager.io/certificate_v1.json 3 | apiVersion: cert-manager.io/v1 4 | kind: Certificate 5 | metadata: 6 | name: ${DOMAIN/./-} 7 | spec: 8 | secretName: ${DOMAIN/./-}-tls 9 | issuerRef: 10 | name: letsencrypt-production 11 | kind: ClusterIssuer 12 | commonName: ${DOMAIN} 13 | dnsNames: 14 | - "${DOMAIN}" 15 | - "*.${DOMAIN}" 16 | -------------------------------------------------------------------------------- /kubernetes/apps/network/nginx/shared/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./certificate.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/network/singularity/app/ingress.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: singularity 6 | annotations: 7 | nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" 8 | spec: 9 | ingressClassName: external 10 | rules: 11 | - host: singularity.${DOMAIN} 12 | http: 13 | paths: 14 | - path: / 15 | pathType: Prefix 16 | backend: 17 | service: 18 | name: singularity 19 | port: 20 | number: 5001 21 | -------------------------------------------------------------------------------- /kubernetes/apps/network/singularity/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./ingress.yaml 7 | - ./service.yaml 8 | - ../../../../templates/gatus/external 9 | -------------------------------------------------------------------------------- /kubernetes/apps/network/singularity/app/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: singularity 6 | spec: 7 | type: ExternalName 8 | externalName: singularity.milkyway 9 | -------------------------------------------------------------------------------- /kubernetes/apps/network/singularity/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app singularity 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: network 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/network/singularity/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/gatus/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./rbac.yaml 8 | - ./secret.sops.yaml 9 | configMapGenerator: 10 | - name: gatus 11 | files: 12 | - ./resources/config.yaml 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/gatus/app/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: gatus 6 | rules: 7 | - apiGroups: [""] 8 | resources: ["configmaps", "secrets"] 9 | verbs: ["get", "watch", "list"] 10 | --- 11 | apiVersion: rbac.authorization.k8s.io/v1 12 | kind: ClusterRoleBinding 13 | metadata: 14 | name: gatus 15 | roleRef: 16 | apiGroup: rbac.authorization.k8s.io 17 | kind: ClusterRole 18 | name: gatus 19 | subjects: 20 | - kind: ServiceAccount 21 | name: gatus 22 | namespace: observability 23 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/gatus/app/resources/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Note: Gatus vars should be escaped with $${VAR_NAME} to avoid interpolation by Flux 3 | web: 4 | port: $${WEB_PORT} 5 | storage: 6 | type: postgres 7 | path: postgres://$${INIT_POSTGRES_USER}:$${INIT_POSTGRES_PASS}@$${INIT_POSTGRES_HOST}:5432/$${INIT_POSTGRES_DBNAME}?sslmode=disable 8 | caching: true 9 | metrics: true 10 | debug: false 11 | ui: 12 | title: Status | Gatus 13 | header: Status 14 | connectivity: 15 | checker: 16 | target: 1.1.1.1:53 17 | interval: 1m 18 | endpoints: 19 | - name: status 20 | group: external 21 | url: https://status.${DOMAIN} 22 | interval: 1m 23 | client: 24 | dns-resolver: tcp://1.1.1.1:53 25 | ignore-redirect: true 26 | conditions: 27 | - "[STATUS] == 200" 28 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/gatus/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app gatus 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: observability 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/observability/gatus/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | dependsOn: 18 | - name: cloudnative-pg-cluster 19 | prune: true 20 | wait: false 21 | interval: 30m 22 | retryInterval: 1m 23 | timeout: 5m 24 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/grafana/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./env-secret.sops.yaml 8 | - ./admin-secret.sops.yaml 9 | - ../../../../templates/gatus/external 10 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/grafana/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app grafana 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: observability 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/observability/grafana/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | GATUS_PATH: /login 26 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/kromgo/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ../../../../templates/gatus/external 8 | configMapGenerator: 9 | - name: kromgo 10 | files: 11 | - ./resources/config.yaml 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/kromgo/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app kromgo 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: observability 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/observability/kromgo/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | GATUS_PATH: /-/ready 26 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/kube-prometheus-stack/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./prometheusrule.yaml 8 | - ../../../../templates/gatus/guarded 9 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/kube-prometheus-stack/app/prometheusrule.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/prometheusrule_v1.json 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: PrometheusRule 5 | metadata: 6 | name: miscellaneous-rules 7 | spec: 8 | groups: 9 | - name: dockerhub 10 | rules: 11 | - alert: BootstrapRateLimitRisk 12 | annotations: 13 | summary: Kubernetes cluster at risk of being rate limited by dockerhub on bootstrap 14 | expr: count(time() - container_last_seen{image=~"(docker.io).*",container!=""} < 30) > 100 15 | for: 15m 16 | labels: 17 | severity: critical 18 | - name: oom 19 | rules: 20 | - alert: OOMKilled 21 | annotations: 22 | summary: Container {{ $labels.container }} in pod {{ $labels.namespace }}/{{ $labels.pod }} has been OOMKilled {{ $value }} times in the last 10 minutes. 23 | expr: (kube_pod_container_status_restarts_total - kube_pod_container_status_restarts_total offset 10m >= 1) and ignoring (reason) min_over_time(kube_pod_container_status_last_terminated_reason{reason="OOMKilled"}[10m]) == 1 24 | labels: 25 | severity: critical 26 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/kube-prometheus-stack/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app kube-prometheus-stack 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: observability 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/observability/kube-prometheus-stack/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 15m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | GATUS_SUBDOMAIN: prometheus 26 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./gatus/ks.yaml 8 | - ./grafana/ks.yaml 9 | - ./kube-prometheus-stack/ks.yaml 10 | - ./kromgo/ks.yaml 11 | - ./loki/ks.yaml 12 | - ./nut-server-basement/ks.yaml 13 | - ./prometheus-operator-crds/ks.yaml 14 | - ./promtail/ks.yaml 15 | - ./unpoller/ks.yaml 16 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/loki/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/loki/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app loki 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: observability 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/observability/loki/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 15m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: observability 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/nut-server-basement/app/config/nut.conf: -------------------------------------------------------------------------------- 1 | MODE=netserver 2 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/nut-server-basement/app/config/ups.conf: -------------------------------------------------------------------------------- 1 | [ups] 2 | driver = usbhid-ups 3 | port = auto 4 | desc = "APC Back-UPS RS 900G" 5 | vendorid = 051d 6 | productid = 0002 7 | serial = 3B1227X00136 8 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/nut-server-basement/app/config/upsd.conf: -------------------------------------------------------------------------------- 1 | LISTEN 0.0.0.0 2 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/nut-server-basement/app/config/upsd.users: -------------------------------------------------------------------------------- 1 | [monuser] 2 | password = secret 3 | upsmon slave 4 | [monmaster] 5 | password = secret 6 | upsmon master 7 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/nut-server-basement/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./servicemonitor.yaml 8 | - ./prometheusrule.yaml 9 | configMapGenerator: 10 | - name: nut-server-basement-config 11 | files: 12 | - ./config/nut.conf 13 | - ./config/ups.conf 14 | - ./config/upsd.conf 15 | - ./config/upsd.users 16 | generatorOptions: 17 | disableNameSuffixHash: true 18 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/nut-server-basement/app/servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: nut-server-basement 6 | spec: 7 | selector: 8 | matchLabels: 9 | app.kubernetes.io/name: nut-server-basement 10 | app.kubernetes.io/instance: nut-server-basement 11 | endpoints: 12 | - port: metrics 13 | scheme: http 14 | interval: 15s 15 | scrapeTimeout: 10s 16 | path: /ups_metrics 17 | params: 18 | ups: 19 | - ups 20 | relabelings: 21 | - targetLabel: ups 22 | replacement: nut-server-basement 23 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/nut-server-basement/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app nut-server-basement 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: observability 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/observability/nut-server-basement/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/prometheus-operator-crds/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: prometheus-operator-crds 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: prometheus-operator-crds 12 | version: 20.0.0 13 | sourceRef: 14 | kind: HelmRepository 15 | name: prometheus-community 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | retries: 3 24 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/prometheus-operator-crds/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/prometheus-operator-crds/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app prometheus-operator-crds 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: observability 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/observability/prometheus-operator-crds/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: false 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/promtail/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: promtail 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: promtail 12 | version: 6.16.6 13 | sourceRef: 14 | kind: HelmRepository 15 | name: grafana 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | retries: 3 24 | values: 25 | fullnameOverride: promtail 26 | config: 27 | clients: 28 | - url: http://loki-headless.observability.svc.cluster.local:3100/loki/api/v1/push 29 | serviceMonitor: 30 | enabled: true 31 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/promtail/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/promtail/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app promtail 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: observability 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/observability/promtail/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/unpoller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./secret.sops.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/unpoller/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app unpoller 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: observability 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/observability/unpoller/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/openebs-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./openebs/ks.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/openebs-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: openebs-system 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /kubernetes/apps/openebs-system/openebs/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: openebs 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: openebs 12 | version: 4.2.0 13 | sourceRef: 14 | kind: HelmRepository 15 | name: openebs 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | retries: 3 24 | values: 25 | engines: 26 | local: 27 | lvm: 28 | enabled: false 29 | zfs: 30 | enabled: false 31 | replicated: 32 | mayastor: 33 | enabled: false 34 | openebs-crds: 35 | csi: 36 | volumeSnapshots: 37 | enabled: false 38 | localpv-provisioner: 39 | localpv: 40 | image: 41 | registry: quay.io/ 42 | hostpathClass: 43 | enabled: true 44 | name: openebs-hostpath 45 | isDefaultClass: false 46 | basePath: /var/openebs/local 47 | -------------------------------------------------------------------------------- /kubernetes/apps/openebs-system/openebs/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/openebs-system/openebs/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app openebs 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: openebs-system 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/openebs-system/openebs/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/rook-ceph/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./rook-ceph/ks.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/rook-ceph/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: rook-ceph 6 | annotations: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /kubernetes/apps/rook-ceph/rook-ceph/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: rook-ceph-operator 7 | spec: 8 | interval: 30m 9 | timeout: 15m 10 | chart: 11 | spec: 12 | chart: rook-ceph 13 | version: v1.17.2 14 | sourceRef: 15 | kind: HelmRepository 16 | name: rook 17 | namespace: flux-system 18 | install: 19 | remediation: 20 | retries: 3 21 | upgrade: 22 | cleanupOnFail: true 23 | remediation: 24 | strategy: rollback 25 | retries: 3 26 | dependsOn: 27 | - name: snapshot-controller 28 | namespace: volsync-system 29 | values: 30 | csi: 31 | cephFSKernelMountOptions: ms_mode=prefer-crc 32 | enableLiveness: true 33 | serviceMonitor: 34 | enabled: true 35 | monitoring: 36 | enabled: true 37 | -------------------------------------------------------------------------------- /kubernetes/apps/rook-ceph/rook-ceph/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./secret.sops.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/rook-ceph/rook-ceph/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ../../../../templates/gatus/guarded 8 | -------------------------------------------------------------------------------- /kubernetes/apps/security/authelia/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./secret.sops.yaml 8 | configMapGenerator: 9 | - name: authelia 10 | files: 11 | - ./resources/configuration.yaml 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/apps/security/authelia/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app authelia 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: security 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/security/authelia/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | dependsOn: 18 | - name: cloudnative-pg-cluster 19 | - name: dragonfly-cluster 20 | prune: true 21 | wait: false 22 | interval: 30m 23 | retryInterval: 1m 24 | timeout: 5m 25 | -------------------------------------------------------------------------------- /kubernetes/apps/security/glauth/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./secret.sops.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/security/glauth/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app glauth 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: security 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/security/glauth/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/security/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./authelia/ks.yaml 8 | - ./glauth/ks.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/security/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: security 6 | annotations: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /kubernetes/apps/system-upgrade/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./system-upgrade-controller/ks.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/system-upgrade/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: system-upgrade 6 | annotations: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /kubernetes/apps/system-upgrade/system-upgrade-controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | - rbac.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/system-upgrade/system-upgrade-controller/app/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: system-upgrade 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: cluster-admin 10 | subjects: 11 | - kind: ServiceAccount 12 | name: system-upgrade 13 | namespace: system-upgrade 14 | --- 15 | apiVersion: talos.dev/v1alpha1 16 | kind: ServiceAccount 17 | metadata: 18 | name: talos 19 | spec: 20 | roles: 21 | - os:admin 22 | -------------------------------------------------------------------------------- /kubernetes/apps/system-upgrade/system-upgrade-controller/plans/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./kubernetes.yaml 7 | - ./talos.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/volsync-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./snapshot-controller/ks.yaml 8 | - ./volsync/ks.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/volsync-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: volsync-system 6 | annotations: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /kubernetes/apps/volsync-system/snapshot-controller/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: snapshot-controller 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: snapshot-controller 12 | version: 4.0.2 13 | sourceRef: 14 | kind: HelmRepository 15 | name: piraeus 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | crds: CreateReplace 21 | upgrade: 22 | cleanupOnFail: true 23 | remediation: 24 | strategy: rollback 25 | retries: 3 26 | crds: CreateReplace 27 | values: 28 | controller: 29 | serviceMonitor: 30 | create: true 31 | webhook: 32 | enabled: false 33 | -------------------------------------------------------------------------------- /kubernetes/apps/volsync-system/snapshot-controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/volsync-system/snapshot-controller/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app snapshot-controller 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: volsync-system 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/volsync-system/snapshot-controller/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-kubernetes 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/volsync-system/volsync/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: volsync 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: volsync 12 | version: 0.12.1 13 | sourceRef: 14 | kind: HelmRepository 15 | name: backube 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | strategy: rollback 24 | retries: 3 25 | dependsOn: 26 | - name: snapshot-controller 27 | namespace: volsync-system 28 | values: 29 | manageCRDs: true 30 | metrics: 31 | disableAuth: true 32 | -------------------------------------------------------------------------------- /kubernetes/apps/volsync-system/volsync/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./prometheusrule.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/volsync-system/volsync/app/prometheusrule.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/prometheusrule_v1.json 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: PrometheusRule 5 | metadata: 6 | name: volsync 7 | spec: 8 | groups: 9 | - name: volsync.rules 10 | rules: 11 | - alert: VolSyncComponentAbsent 12 | annotations: 13 | summary: VolSync component has disappeared from Prometheus target discovery. 14 | expr: | 15 | absent(up{job="volsync-metrics"}) 16 | for: 15m 17 | labels: 18 | severity: critical 19 | - alert: VolSyncVolumeOutOfSync 20 | annotations: 21 | summary: >- 22 | {{ $labels.obj_namespace }}/{{ $labels.obj_name }} volume 23 | is out of sync. 24 | expr: | 25 | volsync_volume_out_of_sync == 1 26 | for: 15m 27 | labels: 28 | severity: critical 29 | -------------------------------------------------------------------------------- /kubernetes/apps/volsync-system/volsync/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: volsync 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: volsync-system 10 | path: ./kubernetes/apps/volsync-system/volsync/app 11 | sourceRef: 12 | kind: GitRepository 13 | name: home-kubernetes 14 | prune: true 15 | wait: false 16 | interval: 30m 17 | retryInterval: 1m 18 | timeout: 5m 19 | -------------------------------------------------------------------------------- /kubernetes/bootstrap/talos/clusterconfig/.gitignore: -------------------------------------------------------------------------------- 1 | talosconfig 2 | home-kubernetes-k8s-node-1.yaml 3 | home-kubernetes-k8s-node-2.yaml 4 | home-kubernetes-k8s-node-3.yaml 5 | home-kubernetes-k8s-node-4.yaml 6 | home-kubernetes-k8s-node-5.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/bootstrap/talos/patches/controller/admission-control.yaml: -------------------------------------------------------------------------------- 1 | - op: remove 2 | path: /cluster/apiServer/admissionControl 3 | -------------------------------------------------------------------------------- /kubernetes/bootstrap/talos/patches/controller/api-access.yaml: -------------------------------------------------------------------------------- 1 | machine: 2 | features: 3 | kubernetesTalosAPIAccess: 4 | enabled: true 5 | allowedRoles: 6 | - os:admin 7 | allowedKubernetesNamespaces: 8 | - system-upgrade 9 | -------------------------------------------------------------------------------- /kubernetes/bootstrap/talos/patches/controller/audit-policy.yaml: -------------------------------------------------------------------------------- 1 | - op: remove 2 | path: /cluster/apiServer/auditPolicy 3 | -------------------------------------------------------------------------------- /kubernetes/bootstrap/talos/patches/controller/cluster.yaml: -------------------------------------------------------------------------------- 1 | cluster: 2 | allowSchedulingOnControlPlanes: true 3 | apiServer: 4 | extraArgs: 5 | # https://kubernetes.io/docs/tasks/extend-kubernetes/configure-aggregation-layer/ 6 | enable-aggregator-routing: true 7 | controllerManager: 8 | extraArgs: 9 | bind-address: 0.0.0.0 10 | coreDNS: 11 | disabled: true 12 | etcd: 13 | extraArgs: 14 | listen-metrics-urls: http://0.0.0.0:2381 15 | advertisedSubnets: 16 | - 10.0.3.0/24 17 | network: 18 | cni: 19 | name: none 20 | proxy: 21 | disabled: true 22 | scheduler: 23 | extraArgs: 24 | bind-address: 0.0.0.0 25 | config: 26 | apiVersion: kubescheduler.config.k8s.io/v1 27 | kind: KubeSchedulerConfiguration 28 | profiles: 29 | - schedulerName: default-scheduler 30 | plugins: 31 | score: 32 | disabled: 33 | - name: ImageLocality 34 | pluginConfig: 35 | - name: PodTopologySpread 36 | args: 37 | defaultingType: List 38 | defaultConstraints: 39 | - maxSkew: 1 40 | topologyKey: kubernetes.io/hostname 41 | whenUnsatisfiable: ScheduleAnyway 42 | -------------------------------------------------------------------------------- /kubernetes/bootstrap/talos/patches/global/machine-features.yaml: -------------------------------------------------------------------------------- 1 | machine: 2 | features: 3 | hostDNS: 4 | enabled: true 5 | resolveMemberNames: true 6 | forwardKubeDNSToHost: false 7 | -------------------------------------------------------------------------------- /kubernetes/bootstrap/talos/patches/global/machine-files.yaml: -------------------------------------------------------------------------------- 1 | machine: 2 | files: 3 | - op: create 4 | path: /etc/cri/conf.d/20-customization.part 5 | permissions: 0o644 6 | content: |- 7 | [plugins."io.containerd.cri.v1.images"] 8 | discard_unpacked_layers = false 9 | -------------------------------------------------------------------------------- /kubernetes/bootstrap/talos/patches/global/machine-kubelet.yaml: -------------------------------------------------------------------------------- 1 | machine: 2 | kubelet: 3 | extraConfig: 4 | serializeImagePulls: false 5 | nodeIP: 6 | validSubnets: 7 | - 10.0.3.0/24 8 | extraArgs: 9 | rotate-server-certificates: true 10 | # TODO: change to /var/mnt/extra and have openebs-system write to /var/mnt/extra/openebs/local 11 | extraMounts: 12 | - destination: /var/openebs/local 13 | type: bind 14 | source: /var/openebs/local 15 | options: 16 | - bind 17 | - rshared 18 | - rw 19 | -------------------------------------------------------------------------------- /kubernetes/bootstrap/talos/patches/global/machine-network.yaml: -------------------------------------------------------------------------------- 1 | machine: 2 | network: 3 | disableSearchDomain: true 4 | -------------------------------------------------------------------------------- /kubernetes/bootstrap/talos/patches/global/machine-sysctls.yaml: -------------------------------------------------------------------------------- 1 | machine: 2 | sysctls: 3 | fs.inotify.max_user_watches: "1048576" # Watchdog 4 | fs.inotify.max_user_instances: "8192" # Watchdog 5 | net.core.rmem_max: "7500000" # Cloudflared | QUIC 6 | net.core.wmem_max: "7500000" # Cloudflared | QUIC 7 | -------------------------------------------------------------------------------- /kubernetes/bootstrap/talos/talenv.yaml: -------------------------------------------------------------------------------- 1 | # renovate: datasource=docker depName=ghcr.io/siderolabs/installer 2 | talosVersion: v1.10.2 3 | # renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet 4 | kubernetesVersion: v1.33.1 5 | -------------------------------------------------------------------------------- /kubernetes/flux/config/cluster.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/gitrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: GitRepository 5 | metadata: 6 | name: home-kubernetes 7 | namespace: flux-system 8 | spec: 9 | interval: 30m 10 | url: ssh://git@github.com/Diaoul/home-ops.git 11 | secretRef: 12 | name: github-deploy-key 13 | ref: 14 | branch: main 15 | ignore: | 16 | # exclude all 17 | /* 18 | # include kubernetes directory 19 | !/kubernetes 20 | --- 21 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 22 | apiVersion: kustomize.toolkit.fluxcd.io/v1 23 | kind: Kustomization 24 | metadata: 25 | name: cluster 26 | namespace: flux-system 27 | spec: 28 | interval: 30m 29 | path: ./kubernetes/flux 30 | prune: true 31 | wait: false 32 | sourceRef: 33 | kind: GitRepository 34 | name: home-kubernetes 35 | decryption: 36 | provider: sops 37 | secretRef: 38 | name: sops-age 39 | postBuild: 40 | substituteFrom: 41 | - kind: ConfigMap 42 | name: cluster-settings 43 | - kind: Secret 44 | name: cluster-secrets 45 | -------------------------------------------------------------------------------- /kubernetes/flux/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./flux.yaml 7 | - ./cluster.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/git/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: [] 6 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/helm/action-runner-controller.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: actions-runner-controller 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 5m 11 | url: oci://ghcr.io/actions/actions-runner-controller-charts 12 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/helm/angelnu.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: angelnu 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://angelnu.github.io/helm-charts 11 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/helm/backube.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: backube 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://backube.github.io/helm-charts/ 11 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/helm/bitnami.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: bitnami 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 5m 11 | url: oci://registry-1.docker.io/bitnamicharts 12 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/helm/bjw-s.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: bjw-s 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 5m 11 | url: oci://ghcr.io/bjw-s/helm 12 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/helm/cilium.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: cilium 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://helm.cilium.io 11 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/helm/cloudnative-pg.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: cloudnative-pg 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://cloudnative-pg.github.io/charts 11 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/helm/coredns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: coredns 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://coredns.github.io/helm 11 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/helm/descheduler.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: descheduler 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://kubernetes-sigs.github.io/descheduler 11 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/helm/emqx.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: emqx 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://repos.emqx.io/charts 11 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/helm/external-dns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: external-dns 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://kubernetes-sigs.github.io/external-dns 11 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/helm/external-secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: external-secrets 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://charts.external-secrets.io 11 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/helm/grafana.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: grafana 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://grafana.github.io/helm-charts 11 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/helm/ingress-nginx.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: ingress-nginx 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://kubernetes.github.io/ingress-nginx 11 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/helm/intel.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: intel 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://intel.github.io/helm-charts 11 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/helm/jetstack.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: jetstack 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://charts.jetstack.io/ 11 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/helm/k8s-gateway.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: k8s-gateway 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://ori-edge.github.io/k8s_gateway/ 11 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/helm/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./action-runner-controller.yaml 7 | - ./angelnu.yaml 8 | - ./backube.yaml 9 | - ./bitnami.yaml 10 | - ./bjw-s.yaml 11 | - ./cilium.yaml 12 | - ./cloudnative-pg.yaml 13 | - ./coredns.yaml 14 | - ./descheduler.yaml 15 | - ./emqx.yaml 16 | - ./external-dns.yaml 17 | - ./external-secrets.yaml 18 | - ./grafana.yaml 19 | - ./ingress-nginx.yaml 20 | - ./intel.yaml 21 | - ./jetstack.yaml 22 | - ./k8s-gateway.yaml 23 | - ./metrics-server.yaml 24 | - ./node-feature-discovery.yaml 25 | - ./openebs.yaml 26 | - ./piraeus.yaml 27 | - ./postfinance.yaml 28 | - ./prometheus-community.yaml 29 | - ./rook.yaml 30 | - ./spegel.yaml 31 | - ./stakater.yaml 32 | - ./stevehipwell.yaml 33 | - ./vector.yaml 34 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/helm/metrics-server.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: metrics-server 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://kubernetes-sigs.github.io/metrics-server 11 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/helm/node-feature-discovery.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: node-feature-discovery 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://kubernetes-sigs.github.io/node-feature-discovery/charts 11 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/helm/openebs.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: openebs 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://openebs.github.io/openebs 11 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/helm/piraeus.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: piraeus 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://piraeus.io/helm-charts/ 11 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/helm/postfinance.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: postfinance 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://postfinance.github.io/kubelet-csr-approver 11 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/helm/prometheus-community.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: prometheus-community 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://prometheus-community.github.io/helm-charts 11 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/helm/rook.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: rook 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://charts.rook.io/release 11 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/helm/spegel.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: spegel 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 5m 11 | url: oci://ghcr.io/spegel-org/helm-charts 12 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/helm/stakater.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: stakater 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://stakater.github.io/stakater-charts 11 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/helm/stevehipwell.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: stevehipwell 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 5m 11 | url: oci://ghcr.io/stevehipwell/helm-charts 12 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/helm/vector.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: vector 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://helm.vector.dev 11 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./git 7 | - ./helm 8 | - ./oci 9 | -------------------------------------------------------------------------------- /kubernetes/flux/repositories/oci/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: [] 6 | -------------------------------------------------------------------------------- /kubernetes/flux/vars/cluster-settings.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: cluster-settings 6 | namespace: flux-system 7 | data: 8 | TIMEZONE: Europe/Paris 9 | K8S_CLUSTER_CIDR: 10.42.0.0/16 10 | K8S_POD_CIDR: 10.42.0.0/16 11 | K8S_SERVICE_CIDR: 10.43.0.0/16 12 | K8S_LB_CIDR: 10.44.0.0/16 13 | SERVER_CIDR: 10.0.3.0/24 14 | ROUTER_IP: 10.0.3.1 15 | INGRESS_NGINX_EXTERNAL_IP: 10.44.0.1 16 | INGRESS_NGINX_INTERNAL_IP: 10.44.0.2 17 | K8S_GATEWAY_IP: 10.44.0.3 18 | BLOCKY_IP: 10.44.0.6 19 | GO2RTC_IP: 10.44.0.24 20 | NUT_BASEMENT_IP: 10.44.0.8 21 | VECTOR_IP: 10.44.0.12 22 | EMQX_IP: 10.44.0.16 23 | POSTGRES_IP: 10.44.0.17 24 | JELLYFIN_IP: 10.44.0.20 25 | QBITTORRENT_IP: 10.44.0.64 26 | LOCAL_DOMAIN: milkyway 27 | UNIFI_CONTROLLER_URL: https://sun.milkyway:8443/ 28 | VOLSYNC_RESTIC_REPOSITORY: s3:http://singularity.milkyway:9000/volsync 29 | -------------------------------------------------------------------------------- /kubernetes/flux/vars/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./cluster-settings.yaml 7 | - ./cluster-secrets.sops.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/templates/gatus/external/configmap.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: "${APP}-gatus" 6 | labels: 7 | gatus.io/enabled: "true" 8 | data: 9 | config.yaml: | 10 | endpoints: 11 | - name: "${APP}" 12 | group: external 13 | url: "https://${GATUS_SUBDOMAIN:-${APP}}.${DOMAIN}${GATUS_PATH:-/}" 14 | interval: 1m 15 | client: 16 | dns-resolver: tcp://1.1.1.1:53 17 | ignore-redirect: ${GATUS_IGNORE_REDIRECT:-true} 18 | conditions: 19 | - "[STATUS] == ${GATUS_STATUS:-200}" 20 | -------------------------------------------------------------------------------- /kubernetes/templates/gatus/external/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./configmap.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/templates/gatus/guarded/configmap.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: "${APP}-gatus" 6 | labels: 7 | gatus.io/enabled: "true" 8 | data: 9 | config.yaml: | 10 | endpoints: 11 | - name: "${APP}" 12 | group: guarded 13 | url: 1.1.1.1 14 | interval: 1m 15 | ui: 16 | hide-hostname: true 17 | hide-url: true 18 | dns: 19 | query-name: "${GATUS_SUBDOMAIN:-${APP}}.${DOMAIN}" 20 | query-type: A 21 | conditions: 22 | - "len([BODY]) == 0" 23 | -------------------------------------------------------------------------------- /kubernetes/templates/gatus/guarded/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./configmap.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/templates/persistence/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./pvc.yaml 7 | - ./secret.yaml 8 | - ./replicationsource.yaml 9 | - ./replicationdestination.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/templates/persistence/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: "${APP}" 6 | spec: 7 | accessModes: 8 | - ReadWriteOnce 9 | dataSourceRef: 10 | kind: ReplicationDestination 11 | apiGroup: volsync.backube 12 | name: "${APP}" 13 | resources: 14 | requests: 15 | storage: "${CAPACITY}" 16 | storageClassName: ceph-block 17 | -------------------------------------------------------------------------------- /kubernetes/templates/persistence/replicationdestination.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationdestination_v1alpha1.json 3 | apiVersion: volsync.backube/v1alpha1 4 | kind: ReplicationDestination 5 | metadata: 6 | name: "${APP}" 7 | spec: 8 | trigger: 9 | manual: restore-once 10 | restic: 11 | repository: "${APP}-volsync" 12 | copyMethod: Snapshot 13 | volumeSnapshotClassName: ceph-block 14 | cacheStorageClassName: openebs-hostpath 15 | cacheAccessModes: 16 | - ReadWriteOnce 17 | cacheCapacity: 4Gi 18 | storageClassName: ceph-block 19 | accessModes: 20 | - ReadWriteOnce 21 | capacity: "${CAPACITY}" 22 | moverSecurityContext: 23 | runAsUser: 568 24 | runAsGroup: 568 25 | fsGroup: 568 26 | -------------------------------------------------------------------------------- /kubernetes/templates/persistence/replicationsource.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationsource_v1alpha1.json 3 | apiVersion: volsync.backube/v1alpha1 4 | kind: ReplicationSource 5 | metadata: 6 | name: "${APP}" 7 | spec: 8 | sourcePVC: "${APP}" 9 | trigger: 10 | schedule: 0 * * * * 11 | restic: 12 | repository: "${APP}-volsync" 13 | copyMethod: Snapshot 14 | pruneIntervalDays: 7 15 | volumeSnapshotClassName: ceph-block 16 | cacheStorageClassName: openebs-hostpath 17 | cacheAccessModes: 18 | - ReadWriteOnce 19 | cacheCapacity: 8Gi 20 | storageClassName: ceph-block 21 | accessModes: 22 | - ReadWriteOnce 23 | moverSecurityContext: 24 | runAsUser: 568 25 | runAsGroup: 568 26 | fsGroup: 568 27 | retain: 28 | hourly: 24 29 | daily: 7 30 | weekly: 5 31 | -------------------------------------------------------------------------------- /kubernetes/templates/persistence/secret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: "${APP}-volsync" 6 | type: Opaque 7 | stringData: 8 | RESTIC_REPOSITORY: ${VOLSYNC_RESTIC_REPOSITORY}/${APP} 9 | RESTIC_PASSWORD: ${VOLSYNC_RESTIC_PASSWORD} 10 | AWS_ACCESS_KEY_ID: ${VOLSYNC_MINIO_ACCESS_KEY} 11 | AWS_SECRET_ACCESS_KEY: ${VOLSYNC_MINIO_SECRET_KEY} 12 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | pre-commit==4.2.0 2 | -r ansible/requirements.txt 3 | -------------------------------------------------------------------------------- /scripts/kustomize.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -o errexit 3 | set -o pipefail 4 | 5 | files=$(git diff --staged --name-only | grep "^kubernetes/") 6 | lcp=$(echo "$files" | sed -e 'N;s/^\(.*\).*\n\1.*$/\1\n\1/;D') 7 | parent=$(echo "$lcp" | sed 's/\(.*\)\/.*/\1/') 8 | 9 | if [ -f "$parent/kustomization.yaml" ]; then 10 | echo "Running kustomize build $parent..." 11 | kustomize build "$parent" >/dev/null 12 | else 13 | echo "No kustomization.yaml in $parent" 14 | fi 15 | -------------------------------------------------------------------------------- /scripts/sops-mismatch.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Ref: https://github.com/getsops/sops/issues/52#issuecomment-726807596 3 | 4 | set -o errexit 5 | set -o pipefail 6 | set -o nounset 7 | 8 | find . -name '*.sops.yaml' | while read -r file; do 9 | sops -d "$file" >/dev/null 2>&1 && rc=$? || rc=$? 10 | # In case of MAC mismatch, then MAC is regenerated 11 | # See https://github.com/mozilla/sops/blob/v3.6.1/cmd/sops/codes/codes.go#L19 12 | if [ $rc -eq 51 ]; then 13 | echo "Regenerating sops MAC for: $file" 14 | EDITOR="vim -es +'norm Go' +':wq'" sops --ignore-mac "$file" 15 | fi 16 | done 17 | --------------------------------------------------------------------------------