├── .editorconfig ├── .gitignore ├── .taskfiles ├── argo-cd │ └── Taskfile.yaml ├── external-secrets │ └── Taskfile.yaml ├── helm │ └── Taskfile.yaml ├── kcl │ └── Taskfile.yaml ├── kube │ ├── Taskfile.yaml │ ├── scripts │ │ └── kubeconform.sh │ └── templates │ │ ├── netshoot.tmpl.yaml │ │ └── netshoot_node.tmpl.yaml ├── kyverno │ └── Taskfile.yaml ├── repo │ └── Taskfile.yaml ├── rook-ceph │ ├── Taskfile.yaml │ ├── scripts │ │ ├── reset-app.sh │ │ └── wait-for-job.sh │ └── templates │ │ ├── wipe-data-job.tmpl.yaml │ │ └── wipe-disk-job.tmpl.yaml ├── talos │ └── Taskfile.yaml ├── terraform │ └── Taskfile.yaml └── turing-pi │ └── Taskfile.yaml ├── .vscode └── settings.json ├── LICENSE ├── README.md ├── Taskfile.yaml ├── applications ├── .gitignore ├── README.md ├── applications.yaml ├── base │ ├── .gitignore │ ├── adguard-home │ │ ├── AdGuardHome.yaml │ │ ├── application.libsonnet │ │ ├── certs.yaml │ │ ├── config.libsonnet │ │ ├── ingress.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ ├── network-policy.yaml │ │ └── values.yaml │ ├── argo-workflows │ │ ├── application.libsonnet │ │ ├── auth.yaml │ │ ├── ingress.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ ├── roles │ │ │ ├── main.libsonnet │ │ │ └── read-only.yaml │ │ └── values.yaml │ ├── argocd │ │ ├── application.libsonnet │ │ ├── auth.yaml │ │ ├── ingress.libsonnet │ │ ├── main.jsonnet │ │ ├── redis-dragonfly.yaml │ │ ├── secrets.yaml │ │ ├── service-monitor.yaml │ │ └── values.yaml │ ├── authentik-secrets │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── middleware.yaml │ │ ├── namespace.libsonnet │ │ └── rbac.yaml │ ├── authentik │ │ ├── README.md │ │ ├── application.libsonnet │ │ ├── auth │ │ │ ├── main.libsonnet │ │ │ ├── provider-config.yaml │ │ │ ├── vars.libsonnet │ │ │ ├── workspace-argo-workflows.yaml │ │ │ ├── workspace-argocd.yaml │ │ │ ├── workspace-grafana.yaml │ │ │ ├── workspace-ocis.yaml │ │ │ └── workspace.yaml │ │ ├── database │ │ │ ├── database.yaml │ │ │ ├── main.libsonnet │ │ │ ├── role.yaml │ │ │ └── secrets.yaml │ │ ├── ingress.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ ├── redis-dragonfly.yaml │ │ ├── secrets.yaml │ │ └── values.yaml │ ├── beyla │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── cert-manager │ │ ├── application.libsonnet │ │ ├── issuer-sa.yaml │ │ ├── issuer.yaml │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ ├── secrets.yaml │ │ └── values.yaml │ ├── cilium │ │ ├── application.libsonnet │ │ ├── dashboards.yaml │ │ ├── ingress.libsonnet │ │ ├── main.jsonnet │ │ ├── policies │ │ │ ├── bgp.yaml │ │ │ ├── ipam.yaml │ │ │ └── main.libsonnet │ │ ├── values.yaml │ │ └── vector-sidecar.yaml │ ├── cloudnative-pg │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── crossplane-packages │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── providers │ │ │ ├── authentik.yaml │ │ │ ├── kubernetes.yaml │ │ │ ├── main.libsonnet │ │ │ ├── sql.yaml │ │ │ └── terraform.yaml │ ├── crossplane │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── defectdojo │ │ ├── application.libsonnet │ │ ├── database │ │ │ ├── database.yaml │ │ │ ├── main.libsonnet │ │ │ ├── role.yaml │ │ │ └── secrets.yaml │ │ ├── ingress.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ ├── post-install │ │ │ ├── main.libsonnet │ │ │ ├── main.py │ │ │ └── script-config.libsonnet │ │ ├── redis-dragonfly.yaml │ │ ├── secrets.yaml │ │ ├── values-post-install.yaml │ │ └── values.yaml │ ├── descheduler │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── dragonfly-operator │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── excoredns │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ └── values.yaml │ ├── external-dns-cloudflare │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ ├── secrets.yaml │ │ └── values.yaml │ ├── external-secrets │ │ ├── application.libsonnet │ │ ├── doppler-store.yaml │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ ├── service-monitor.yaml │ │ └── values.yaml │ ├── external-services │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── services.libsonnet │ ├── gadget │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── grafana-operator │ │ ├── application.libsonnet │ │ ├── kustomization.yaml │ │ ├── namespace.libsonnet │ │ └── namespace.yaml │ ├── grafana │ │ ├── application.libsonnet │ │ ├── auth.yaml │ │ ├── configmap-provisioning.yaml │ │ ├── dashboards │ │ │ ├── argocd.json │ │ │ ├── grafana-cloud-usage.json │ │ │ ├── k8s-home.json │ │ │ ├── k8s-oversized-requests.json │ │ │ ├── k8s-system-api-server.json │ │ │ ├── k8s-system-coredns.json │ │ │ ├── k8s-views-global.json │ │ │ ├── k8s-views-namespaces.json │ │ │ ├── k8s-views-nodes.json │ │ │ ├── k8s-views-pods.json │ │ │ ├── main.libsonnet │ │ │ ├── node-exporter-full.json │ │ │ ├── pfsense-net-quality.json │ │ │ ├── servarr.json │ │ │ ├── windows-node-processes.json │ │ │ ├── windows-node.json │ │ │ └── windows-summary.json │ │ ├── database │ │ │ ├── database.yaml │ │ │ ├── main.libsonnet │ │ │ ├── role.yaml │ │ │ └── secrets.yaml │ │ ├── datasources │ │ │ ├── grafanacloud-loki.yaml │ │ │ ├── grafanacloud-tempo.yaml │ │ │ ├── grafanacloud-usage.yaml │ │ │ └── main.libsonnet │ │ ├── grafana.yaml │ │ ├── ingress.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── secrets.libsonnet │ ├── harbor │ │ ├── application.libsonnet │ │ ├── bucket.yaml │ │ ├── database │ │ │ ├── database.yaml │ │ │ ├── main.libsonnet │ │ │ ├── role.yaml │ │ │ └── secrets.yaml │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ ├── redis-dragonfly.yaml │ │ ├── secrets.yaml │ │ └── values.yaml │ ├── home-assistant │ │ ├── config.yaml │ │ ├── database.yaml │ │ ├── kustomization.yaml │ │ ├── manifests │ │ │ ├── deployment.yaml │ │ │ ├── init.yaml │ │ │ ├── pvc.yaml │ │ │ ├── service.yaml │ │ │ └── servicemonitor.yaml │ │ └── secrets.yaml │ ├── homepage │ │ ├── application.libsonnet │ │ ├── ingress.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── iperf │ │ ├── README.md │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── jaeger-aio │ │ ├── application.libsonnet │ │ ├── ingress.libsonnet │ │ ├── jaeger.yaml │ │ └── main.jsonnet │ ├── jaeger-operator │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ ├── rbac.yaml │ │ └── values.yaml │ ├── k8s-event-logger │ │ ├── application.libsonnet │ │ └── main.jsonnet │ ├── k8up │ │ ├── application.libsonnet │ │ ├── crd.yaml │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── komoplane │ │ ├── application.libsonnet │ │ ├── ingress.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── kubelet-csr-approver │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ └── values.yaml │ ├── kyverno-policies │ │ ├── application.libsonnet │ │ ├── kustomization.yaml │ │ ├── namespace.libsonnet │ │ └── policies │ │ │ ├── add-resizepolicy │ │ │ └── policy.yaml │ │ │ ├── create-pdb │ │ │ └── policy.yaml │ │ │ ├── drop-all-capabilities │ │ │ └── policy.yaml │ │ │ ├── set-daemonset-affinity │ │ │ └── policy.yaml │ │ │ └── spread-pods │ │ │ ├── .kyverno-test │ │ │ ├── kyverno-test.yaml │ │ │ ├── patched.yaml │ │ │ └── resource.yaml │ │ │ └── policy.yaml │ ├── kyverno │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── librespeed │ │ ├── application.libsonnet │ │ ├── ingress.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── liqo │ │ ├── application.libsonnet │ │ ├── dashboards.yaml │ │ ├── ingress.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── local-ai │ │ ├── application.libsonnet │ │ ├── ingress.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── loki │ │ ├── application.libsonnet │ │ ├── bucket.yaml │ │ ├── grafana.yaml │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ ├── rules │ │ │ └── rules.libsonnet │ │ └── values.yaml │ ├── metrics-server │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── nack │ │ ├── application.libsonnet │ │ ├── crds.yaml │ │ └── main.jsonnet │ ├── network │ │ ├── Chart.yaml │ │ ├── Taskfile.yaml │ │ ├── guestbook │ │ │ ├── Chart.yaml │ │ │ ├── Taskfile.yaml │ │ │ ├── home-values.yaml │ │ │ └── values.yaml │ │ └── values.yaml │ ├── node-feature-discovery │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── ntp-server │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ ├── network-policy.yaml │ │ └── values.yaml │ ├── ocis-nack │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ ├── streams.yaml │ │ └── values.yaml │ ├── ocis-nats │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── ocis │ │ ├── application.libsonnet │ │ ├── ldap-auth.yaml │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ ├── patch-ocis-oidc.yaml │ │ ├── secrets.yaml │ │ ├── uuids.yaml │ │ └── values.yaml │ ├── opentelemetry-collector │ │ ├── application.libsonnet │ │ ├── collector.yaml │ │ ├── instrumentation.yaml │ │ ├── main.jsonnet │ │ └── namespace.libsonnet │ ├── opentelemetry-operator │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── osrs-ge-exporter │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── policy-reporter │ │ ├── application.libsonnet │ │ ├── ingress.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── postgres-shared │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ ├── provider-secret-sa.yaml │ │ ├── provider-secret.yaml │ │ └── provider.yaml │ ├── prometheus-stack │ │ ├── application.libsonnet │ │ ├── grafana.yaml │ │ ├── ingress.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ ├── secrets.yaml │ │ └── values.yaml │ ├── prometheus │ │ ├── application.libsonnet │ │ ├── kustomization.yaml │ │ └── namespace.yaml │ ├── prowlarr │ │ ├── application.libsonnet │ │ ├── database │ │ │ ├── database.yaml │ │ │ ├── main.libsonnet │ │ │ ├── role.yaml │ │ │ └── secrets.yaml │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ ├── secrets.yaml │ │ ├── terraform │ │ │ ├── main.libsonnet │ │ │ ├── provider-config.yaml │ │ │ ├── vars.libsonnet │ │ │ └── workspace-radarr.yaml │ │ └── values.yaml │ ├── radarr │ │ ├── application.libsonnet │ │ ├── database │ │ │ ├── database.yaml │ │ │ ├── main.libsonnet │ │ │ ├── role.yaml │ │ │ └── secrets.yaml │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ ├── secrets.yaml │ │ ├── terraform │ │ │ ├── main.libsonnet │ │ │ ├── provider-config.yaml │ │ │ └── workspace.yaml │ │ └── values.yaml │ ├── rclone-restic │ │ ├── README.md │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ ├── secrets.yaml │ │ └── values.yaml │ ├── recyclarr │ │ ├── application.libsonnet │ │ ├── config │ │ │ ├── recyclarr-config.libsonnet │ │ │ └── recyclarr.yaml │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── reloader │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── robusta │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ ├── secrets.yaml │ │ └── values.yaml │ ├── rook-ceph-cluster │ │ ├── application.libsonnet │ │ ├── ingress.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ ├── values.yaml │ │ └── wipe │ │ │ ├── README.md │ │ │ ├── wipe-resources.sh │ │ │ ├── wipe-rook.sh │ │ │ └── wipe-rook.yaml │ ├── rook-ceph-operator │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── securecodebox-addons │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ ├── secrets.yaml │ │ ├── values-auto-discovery-kubernetes.yaml │ │ ├── values-cascading-scans.yaml │ │ ├── values-nmap-privileged.yaml │ │ ├── values-nmap.yaml │ │ ├── values-nuclei.yaml │ │ ├── values-persistence-defectdojo.yaml │ │ ├── values-ssh-audit.yaml │ │ └── values-zap.yaml │ ├── securecodebox-config │ │ ├── application.libsonnet │ │ ├── config-sa.yaml │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ ├── scans │ │ │ ├── main.libsonnet │ │ │ └── scan-nmap.yaml │ │ └── secrets.yaml │ ├── securecodebox │ │ ├── application.libsonnet │ │ ├── bucket.yaml │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ ├── patch-deployment.yaml │ │ └── values.yaml │ ├── servarr │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── offloading.yaml │ ├── sonarr │ │ ├── application.libsonnet │ │ ├── config-secrets.yaml │ │ ├── config.yaml │ │ ├── init-scripts-secrets.yaml │ │ ├── init-scripts.yaml │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ ├── secrets.yaml │ │ └── values.yaml │ ├── spegel │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── template-controller │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── tetragon │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ ├── policies │ │ │ ├── creds-capability-checks.yaml │ │ │ └── main.libsonnet │ │ └── values.yaml │ ├── traefik │ │ ├── README.md │ │ ├── application.libsonnet │ │ ├── dashboard_ingress.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ ├── secrets.yaml │ │ └── values.yaml │ ├── transmission-anime │ │ ├── application.libsonnet │ │ ├── config-secrets.yaml │ │ ├── config.yaml │ │ ├── ingress.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── transmission-audio │ │ ├── application.libsonnet │ │ ├── config-secrets.yaml │ │ ├── config.yaml │ │ ├── ingress.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── transmission-movies │ │ ├── application.libsonnet │ │ ├── config-secrets.yaml │ │ ├── config.yaml │ │ ├── ingress.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── transmission-music │ │ ├── application.libsonnet │ │ ├── config-secrets.yaml │ │ ├── config.yaml │ │ ├── ingress.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── transmission-tv │ │ ├── application.libsonnet │ │ ├── config-secrets.yaml │ │ ├── config.yaml │ │ ├── ingress.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── transmission-webdav │ │ ├── application.libsonnet │ │ ├── ingress.libsonnet │ │ ├── main.jsonnet │ │ ├── middleware.yaml │ │ ├── namespace.libsonnet │ │ ├── secrets.yaml │ │ └── values.yaml │ ├── transmission │ │ ├── application.libsonnet │ │ ├── backup.yaml │ │ ├── claims.yaml │ │ ├── main.jsonnet │ │ └── namespace.libsonnet │ ├── trivy │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ ├── values-polr-adapter.yaml │ │ └── values.yaml │ ├── twitch-channel-points-miner │ │ ├── application.libsonnet │ │ ├── ingress.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ ├── run-config.libsonnet │ │ ├── run.py │ │ ├── secrets.libsonnet │ │ └── values.yaml │ ├── vector-agent │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── vector-aggregator │ │ ├── application.libsonnet │ │ ├── dns.yaml │ │ ├── ingress.yaml │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── vector │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ └── namespace.libsonnet │ ├── vpa │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── wakatime-exporter │ │ ├── application.libsonnet │ │ ├── github-readme │ │ │ ├── cronjob.libsonnet │ │ │ ├── main.libsonnet │ │ │ ├── secrets.libsonnet │ │ │ ├── update-graph-config.libsonnet │ │ │ └── update-graph.sh │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ ├── secrets.libsonnet │ │ └── values.yaml │ ├── wireguard-operator │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── values.yaml │ ├── wireguard-site-to-site │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ ├── network-policy.yaml │ │ └── server.yaml │ └── wireguard │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ ├── namespace.libsonnet │ │ └── network-policy.yaml ├── environments │ ├── hcloud │ │ ├── argocd │ │ │ └── application.libsonnet │ │ ├── cert-manager │ │ │ └── application.libsonnet │ │ ├── crossplane-packages │ │ │ └── application.libsonnet │ │ ├── crossplane │ │ │ └── application.libsonnet │ │ ├── descheduler │ │ │ └── application.libsonnet │ │ ├── external-dns │ │ │ └── application.libsonnet │ │ ├── external-secrets │ │ │ └── application.libsonnet │ │ ├── fip-controller │ │ │ ├── application.libsonnet │ │ │ ├── kustomization.yaml │ │ │ ├── namespace.yaml │ │ │ └── secrets.yaml │ │ ├── homepage │ │ │ └── application.libsonnet │ │ ├── imports.libsonnet │ │ ├── jaeger-operator │ │ │ └── application.libsonnet │ │ ├── k8s-event-logger │ │ │ └── application.libsonnet │ │ ├── main.jsonnet │ │ ├── metrics-server │ │ │ └── application.libsonnet │ │ ├── opentelemetry-operator │ │ │ └── application.libsonnet │ │ ├── prometheus-stack │ │ │ └── application.libsonnet │ │ ├── prometheus │ │ │ └── application.libsonnet │ │ ├── rclone-restic │ │ │ ├── application.libsonnet │ │ │ └── ingress-restic.yaml │ │ ├── tailscale-operator │ │ │ └── application.libsonnet │ │ ├── template-controller │ │ │ └── application.libsonnet │ │ ├── traefik │ │ │ └── application.libsonnet │ │ └── vpa │ │ │ └── application.libsonnet │ ├── home │ │ ├── adguard-home │ │ │ └── application.libsonnet │ │ ├── argo-workflows │ │ │ └── application.libsonnet │ │ ├── argocd │ │ │ └── application.libsonnet │ │ ├── authentik-secrets │ │ │ └── application.libsonnet │ │ ├── authentik │ │ │ ├── application.libsonnet │ │ │ ├── cert.yaml │ │ │ └── main.jsonnet │ │ ├── beyla │ │ │ └── application.libsonnet │ │ ├── cert-manager │ │ │ └── application.libsonnet │ │ ├── cilium │ │ │ └── application.libsonnet │ │ ├── cloudnative-pg │ │ │ └── application.libsonnet │ │ ├── coredns │ │ │ ├── application.libsonnet │ │ │ ├── config.libsonnet │ │ │ └── main.jsonnet │ │ ├── crossplane-packages │ │ │ └── application.libsonnet │ │ ├── crossplane │ │ │ └── application.libsonnet │ │ ├── defectdojo │ │ │ └── application.libsonnet │ │ ├── descheduler │ │ │ └── application.libsonnet │ │ ├── dragonfly-operator │ │ │ └── application.libsonnet │ │ ├── excoredns │ │ │ └── application.libsonnet │ │ ├── external-secrets │ │ │ └── application.libsonnet │ │ ├── external-services │ │ │ └── application.libsonnet │ │ ├── gadget │ │ │ └── application.libsonnet │ │ ├── grafana-operator │ │ │ └── application.libsonnet │ │ ├── grafana │ │ │ └── application.libsonnet │ │ ├── harbor │ │ │ └── application.libsonnet │ │ ├── homepage │ │ │ └── application.libsonnet │ │ ├── imports.libsonnet │ │ ├── iperf │ │ │ └── application.libsonnet │ │ ├── jaeger-aio │ │ │ └── application.libsonnet │ │ ├── jaeger-operator │ │ │ └── application.libsonnet │ │ ├── k8s-event-logger │ │ │ └── application.libsonnet │ │ ├── k8up │ │ │ └── application.libsonnet │ │ ├── komoplane │ │ │ └── application.libsonnet │ │ ├── kubelet-csr-approver │ │ │ └── application.libsonnet │ │ ├── kyverno-policies │ │ │ └── application.libsonnet │ │ ├── kyverno │ │ │ └── application.libsonnet │ │ ├── librespeed │ │ │ └── application.libsonnet │ │ ├── liqo │ │ │ └── application.libsonnet │ │ ├── local-ai │ │ │ └── application.libsonnet │ │ ├── loki │ │ │ └── application.libsonnet │ │ ├── main.jsonnet │ │ ├── metrics-server │ │ │ └── application.libsonnet │ │ ├── nack │ │ │ └── application.libsonnet │ │ ├── network │ │ │ ├── guestbook │ │ │ │ └── values.yaml │ │ │ └── values.yaml │ │ ├── node-feature-discovery │ │ │ └── application.libsonnet │ │ ├── ntp-server │ │ │ └── application.libsonnet │ │ ├── ocis-nack │ │ │ └── application.libsonnet │ │ ├── ocis-nats │ │ │ └── application.libsonnet │ │ ├── ocis │ │ │ └── application.libsonnet │ │ ├── opentelemetry-collector │ │ │ └── application.libsonnet │ │ ├── opentelemetry-operator │ │ │ └── application.libsonnet │ │ ├── osrs-ge-exporter │ │ │ └── application.libsonnet │ │ ├── policy-reporter │ │ │ └── application.libsonnet │ │ ├── postgres-shared │ │ │ ├── application.libsonnet │ │ │ ├── cluster.yaml │ │ │ ├── main.jsonnet │ │ │ └── offloading.yaml │ │ ├── prometheus-stack │ │ │ └── application.libsonnet │ │ ├── prometheus │ │ │ └── application.libsonnet │ │ ├── prowlarr │ │ │ └── application.libsonnet │ │ ├── radarr │ │ │ └── application.libsonnet │ │ ├── rclone-restic │ │ │ └── application.libsonnet │ │ ├── recyclarr │ │ │ └── application.libsonnet │ │ ├── reloader │ │ │ └── application.libsonnet │ │ ├── robusta │ │ │ └── application.libsonnet │ │ ├── rook-ceph-cluster │ │ │ └── application.libsonnet │ │ ├── rook-ceph-operator │ │ │ └── application.libsonnet │ │ ├── securecodebox-addons │ │ │ └── application.libsonnet │ │ ├── securecodebox-config │ │ │ └── application.libsonnet │ │ ├── securecodebox │ │ │ └── application.libsonnet │ │ ├── servarr │ │ │ └── application.libsonnet │ │ ├── spegel │ │ │ └── application.libsonnet │ │ ├── template-controller │ │ │ └── application.libsonnet │ │ ├── tetragon │ │ │ └── application.libsonnet │ │ ├── traefik │ │ │ ├── application.libsonnet │ │ │ ├── issuer.yaml │ │ │ └── main.jsonnet │ │ ├── trivy │ │ │ └── application.libsonnet │ │ ├── twitch-channel-points-miner │ │ │ └── application.libsonnet │ │ ├── vector-agent │ │ │ └── application.libsonnet │ │ ├── vector-aggregator │ │ │ └── application.libsonnet │ │ ├── vector │ │ │ └── application.libsonnet │ │ ├── vpa │ │ │ └── application.libsonnet │ │ └── wakatime-exporter │ │ │ └── application.libsonnet │ ├── nas01 │ │ ├── argocd │ │ │ └── application.libsonnet │ │ ├── authentik-secrets │ │ │ └── application.libsonnet │ │ ├── beyla │ │ │ └── application.libsonnet │ │ ├── cert-manager │ │ │ └── application.libsonnet │ │ ├── coredns │ │ │ ├── application.libsonnet │ │ │ ├── config.libsonnet │ │ │ └── main.jsonnet │ │ ├── dragonfly-operator │ │ │ └── application.libsonnet │ │ ├── excoredns │ │ │ └── application.libsonnet │ │ ├── external-secrets │ │ │ └── application.libsonnet │ │ ├── homepage │ │ │ └── application.libsonnet │ │ ├── imports.libsonnet │ │ ├── iperf │ │ │ └── application.libsonnet │ │ ├── jaeger-aio │ │ │ └── application.libsonnet │ │ ├── jaeger-operator │ │ │ └── application.libsonnet │ │ ├── kyverno-policies │ │ │ ├── application.libsonnet │ │ │ ├── kustomization.yaml │ │ │ └── policies │ │ │ │ └── set-replica-count │ │ │ │ └── policy.yaml │ │ ├── kyverno │ │ │ └── application.libsonnet │ │ ├── librespeed │ │ │ └── application.libsonnet │ │ ├── liqo │ │ │ └── application.libsonnet │ │ ├── main.jsonnet │ │ ├── opentelemetry-collector │ │ │ └── application.libsonnet │ │ ├── opentelemetry-operator │ │ │ └── application.libsonnet │ │ ├── prometheus │ │ │ └── application.libsonnet │ │ ├── reloader │ │ │ └── application.libsonnet │ │ ├── template-controller │ │ │ └── application.libsonnet │ │ └── traefik │ │ │ ├── application.libsonnet │ │ │ ├── issuer.yaml │ │ │ └── main.jsonnet │ └── seedbox │ │ ├── argocd │ │ └── application.libsonnet │ │ ├── authentik-secrets │ │ └── application.libsonnet │ │ ├── authentik │ │ ├── application.libsonnet │ │ ├── cert.yaml │ │ └── main.jsonnet │ │ ├── cert-manager │ │ └── application.libsonnet │ │ ├── cloudnative-pg │ │ └── application.libsonnet │ │ ├── crossplane-packages │ │ └── application.libsonnet │ │ ├── crossplane │ │ └── application.libsonnet │ │ ├── descheduler │ │ └── application.libsonnet │ │ ├── dragonfly-operator │ │ └── application.libsonnet │ │ ├── excoredns │ │ └── application.libsonnet │ │ ├── external-secrets │ │ └── application.libsonnet │ │ ├── grafana-operator │ │ └── application.libsonnet │ │ ├── homepage │ │ └── application.libsonnet │ │ ├── imports.libsonnet │ │ ├── iperf │ │ └── application.libsonnet │ │ ├── jaeger-operator │ │ └── application.libsonnet │ │ ├── k8s-event-logger │ │ └── application.libsonnet │ │ ├── k8up │ │ └── application.libsonnet │ │ ├── librespeed │ │ └── application.libsonnet │ │ ├── local-volume-static-provisioner │ │ ├── application.libsonnet │ │ └── values.yaml │ │ ├── main.jsonnet │ │ ├── metrics-server │ │ └── application.libsonnet │ │ ├── opentelemetry-operator │ │ └── application.libsonnet │ │ ├── postgres-shared │ │ ├── application.libsonnet │ │ ├── cluster.yaml │ │ └── main.jsonnet │ │ ├── prometheus-stack │ │ └── application.libsonnet │ │ ├── prometheus │ │ └── application.libsonnet │ │ ├── rclone-restic │ │ ├── application.libsonnet │ │ └── ingress-restic.yaml │ │ ├── reloader │ │ └── application.libsonnet │ │ ├── template-controller │ │ └── application.libsonnet │ │ ├── traefik │ │ ├── application.libsonnet │ │ ├── issuer.yaml │ │ └── main.jsonnet │ │ ├── transmission-anime │ │ └── application.libsonnet │ │ ├── transmission-audio │ │ └── application.libsonnet │ │ ├── transmission-movies │ │ └── application.libsonnet │ │ ├── transmission-music │ │ └── application.libsonnet │ │ ├── transmission-tv │ │ └── application.libsonnet │ │ ├── transmission-webdav │ │ └── application.libsonnet │ │ ├── transmission │ │ └── application.libsonnet │ │ ├── wireguard-operator │ │ └── application.libsonnet │ │ ├── wireguard-site-to-site │ │ ├── application.libsonnet │ │ ├── main.jsonnet │ │ └── peers.yaml │ │ └── wireguard │ │ └── application.libsonnet ├── jsonnetfile.json ├── jsonnetfile.lock.json ├── lib │ ├── app.libsonnet │ ├── charts │ │ ├── application │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ └── application.yaml │ │ │ └── values.yaml │ │ ├── namespace │ │ │ └── Chart.yaml │ │ ├── policy │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ └── configmap.yaml │ │ │ └── values.yaml │ │ ├── project │ │ │ ├── Chart.yaml │ │ │ └── values.yaml │ │ ├── secrets │ │ │ ├── Chart.yaml │ │ │ └── values.yaml │ │ └── tenant │ │ │ └── Chart.yaml │ ├── external_secret.libsonnet │ ├── external_service.libsonnet │ ├── ingress.libsonnet │ ├── k.libsonnet │ └── service_monitor.libsonnet ├── tenants.yaml └── vendor │ ├── 1.27 │ ├── doc-util │ ├── github.com │ ├── grafana │ │ └── jsonnet-libs │ │ │ └── ksonnet-util │ │ │ ├── grafana.libsonnet │ │ │ ├── k-compat.libsonnet │ │ │ ├── kausal.libsonnet │ │ │ ├── legacy-custom.libsonnet │ │ │ ├── legacy-noname.libsonnet │ │ │ ├── legacy-subtypes.libsonnet │ │ │ ├── legacy-types.libsonnet │ │ │ └── util.libsonnet │ └── jsonnet-libs │ │ ├── docsonnet │ │ └── doc-util │ │ │ ├── README.md │ │ │ ├── main.libsonnet │ │ │ └── render.libsonnet │ │ └── k8s-libsonnet │ │ └── 1.27 │ │ ├── _custom │ │ ├── apps.libsonnet │ │ ├── autoscaling.libsonnet │ │ ├── batch.libsonnet │ │ ├── core.libsonnet │ │ ├── list.libsonnet │ │ ├── mapContainers.libsonnet │ │ ├── rbac.libsonnet │ │ └── volumeMounts.libsonnet │ │ ├── _gen │ │ ├── admissionregistration │ │ │ ├── main.libsonnet │ │ │ ├── v1 │ │ │ │ ├── main.libsonnet │ │ │ │ ├── matchCondition.libsonnet │ │ │ │ ├── mutatingWebhook.libsonnet │ │ │ │ ├── mutatingWebhookConfiguration.libsonnet │ │ │ │ ├── ruleWithOperations.libsonnet │ │ │ │ ├── serviceReference.libsonnet │ │ │ │ ├── validatingWebhook.libsonnet │ │ │ │ ├── validatingWebhookConfiguration.libsonnet │ │ │ │ └── webhookClientConfig.libsonnet │ │ │ └── v1alpha1 │ │ │ │ ├── auditAnnotation.libsonnet │ │ │ │ ├── expressionWarning.libsonnet │ │ │ │ ├── main.libsonnet │ │ │ │ ├── matchCondition.libsonnet │ │ │ │ ├── matchResources.libsonnet │ │ │ │ ├── namedRuleWithOperations.libsonnet │ │ │ │ ├── paramKind.libsonnet │ │ │ │ ├── paramRef.libsonnet │ │ │ │ ├── typeChecking.libsonnet │ │ │ │ ├── validatingAdmissionPolicy.libsonnet │ │ │ │ ├── validatingAdmissionPolicyBinding.libsonnet │ │ │ │ ├── validatingAdmissionPolicyBindingSpec.libsonnet │ │ │ │ ├── validatingAdmissionPolicySpec.libsonnet │ │ │ │ ├── validatingAdmissionPolicyStatus.libsonnet │ │ │ │ └── validation.libsonnet │ │ ├── apiregistration │ │ │ ├── main.libsonnet │ │ │ └── v1 │ │ │ │ ├── apiService.libsonnet │ │ │ │ ├── apiServiceCondition.libsonnet │ │ │ │ ├── apiServiceSpec.libsonnet │ │ │ │ ├── apiServiceStatus.libsonnet │ │ │ │ ├── main.libsonnet │ │ │ │ └── serviceReference.libsonnet │ │ ├── apiserverinternal │ │ │ ├── main.libsonnet │ │ │ └── v1alpha1 │ │ │ │ ├── main.libsonnet │ │ │ │ ├── serverStorageVersion.libsonnet │ │ │ │ ├── storageVersion.libsonnet │ │ │ │ ├── storageVersionCondition.libsonnet │ │ │ │ ├── storageVersionSpec.libsonnet │ │ │ │ └── storageVersionStatus.libsonnet │ │ ├── apps │ │ │ ├── main.libsonnet │ │ │ └── v1 │ │ │ │ ├── controllerRevision.libsonnet │ │ │ │ ├── daemonSet.libsonnet │ │ │ │ ├── daemonSetCondition.libsonnet │ │ │ │ ├── daemonSetSpec.libsonnet │ │ │ │ ├── daemonSetStatus.libsonnet │ │ │ │ ├── daemonSetUpdateStrategy.libsonnet │ │ │ │ ├── deployment.libsonnet │ │ │ │ ├── deploymentCondition.libsonnet │ │ │ │ ├── deploymentSpec.libsonnet │ │ │ │ ├── deploymentStatus.libsonnet │ │ │ │ ├── deploymentStrategy.libsonnet │ │ │ │ ├── main.libsonnet │ │ │ │ ├── replicaSet.libsonnet │ │ │ │ ├── replicaSetCondition.libsonnet │ │ │ │ ├── replicaSetSpec.libsonnet │ │ │ │ ├── replicaSetStatus.libsonnet │ │ │ │ ├── rollingUpdateDaemonSet.libsonnet │ │ │ │ ├── rollingUpdateDeployment.libsonnet │ │ │ │ ├── rollingUpdateStatefulSetStrategy.libsonnet │ │ │ │ ├── statefulSet.libsonnet │ │ │ │ ├── statefulSetCondition.libsonnet │ │ │ │ ├── statefulSetOrdinals.libsonnet │ │ │ │ ├── statefulSetPersistentVolumeClaimRetentionPolicy.libsonnet │ │ │ │ ├── statefulSetSpec.libsonnet │ │ │ │ ├── statefulSetStatus.libsonnet │ │ │ │ └── statefulSetUpdateStrategy.libsonnet │ │ ├── authentication │ │ │ ├── main.libsonnet │ │ │ ├── v1 │ │ │ │ ├── boundObjectReference.libsonnet │ │ │ │ ├── main.libsonnet │ │ │ │ ├── tokenRequest.libsonnet │ │ │ │ ├── tokenRequestSpec.libsonnet │ │ │ │ ├── tokenRequestStatus.libsonnet │ │ │ │ ├── tokenReview.libsonnet │ │ │ │ ├── tokenReviewSpec.libsonnet │ │ │ │ ├── tokenReviewStatus.libsonnet │ │ │ │ └── userInfo.libsonnet │ │ │ ├── v1alpha1 │ │ │ │ ├── main.libsonnet │ │ │ │ ├── selfSubjectReview.libsonnet │ │ │ │ └── selfSubjectReviewStatus.libsonnet │ │ │ └── v1beta1 │ │ │ │ ├── main.libsonnet │ │ │ │ ├── selfSubjectReview.libsonnet │ │ │ │ └── selfSubjectReviewStatus.libsonnet │ │ ├── authorization │ │ │ ├── main.libsonnet │ │ │ └── v1 │ │ │ │ ├── localSubjectAccessReview.libsonnet │ │ │ │ ├── main.libsonnet │ │ │ │ ├── nonResourceAttributes.libsonnet │ │ │ │ ├── nonResourceRule.libsonnet │ │ │ │ ├── resourceAttributes.libsonnet │ │ │ │ ├── resourceRule.libsonnet │ │ │ │ ├── selfSubjectAccessReview.libsonnet │ │ │ │ ├── selfSubjectAccessReviewSpec.libsonnet │ │ │ │ ├── selfSubjectRulesReview.libsonnet │ │ │ │ ├── selfSubjectRulesReviewSpec.libsonnet │ │ │ │ ├── subjectAccessReview.libsonnet │ │ │ │ ├── subjectAccessReviewSpec.libsonnet │ │ │ │ ├── subjectAccessReviewStatus.libsonnet │ │ │ │ └── subjectRulesReviewStatus.libsonnet │ │ ├── autoscaling │ │ │ ├── main.libsonnet │ │ │ ├── v1 │ │ │ │ ├── crossVersionObjectReference.libsonnet │ │ │ │ ├── horizontalPodAutoscaler.libsonnet │ │ │ │ ├── horizontalPodAutoscalerSpec.libsonnet │ │ │ │ ├── horizontalPodAutoscalerStatus.libsonnet │ │ │ │ ├── main.libsonnet │ │ │ │ ├── scale.libsonnet │ │ │ │ ├── scaleSpec.libsonnet │ │ │ │ └── scaleStatus.libsonnet │ │ │ └── v2 │ │ │ │ ├── containerResourceMetricSource.libsonnet │ │ │ │ ├── containerResourceMetricStatus.libsonnet │ │ │ │ ├── crossVersionObjectReference.libsonnet │ │ │ │ ├── externalMetricSource.libsonnet │ │ │ │ ├── externalMetricStatus.libsonnet │ │ │ │ ├── horizontalPodAutoscaler.libsonnet │ │ │ │ ├── horizontalPodAutoscalerBehavior.libsonnet │ │ │ │ ├── horizontalPodAutoscalerCondition.libsonnet │ │ │ │ ├── horizontalPodAutoscalerSpec.libsonnet │ │ │ │ ├── horizontalPodAutoscalerStatus.libsonnet │ │ │ │ ├── hpaScalingPolicy.libsonnet │ │ │ │ ├── hpaScalingRules.libsonnet │ │ │ │ ├── main.libsonnet │ │ │ │ ├── metricIdentifier.libsonnet │ │ │ │ ├── metricSpec.libsonnet │ │ │ │ ├── metricStatus.libsonnet │ │ │ │ ├── metricTarget.libsonnet │ │ │ │ ├── metricValueStatus.libsonnet │ │ │ │ ├── objectMetricSource.libsonnet │ │ │ │ ├── objectMetricStatus.libsonnet │ │ │ │ ├── podsMetricSource.libsonnet │ │ │ │ ├── podsMetricStatus.libsonnet │ │ │ │ ├── resourceMetricSource.libsonnet │ │ │ │ └── resourceMetricStatus.libsonnet │ │ ├── batch │ │ │ ├── main.libsonnet │ │ │ └── v1 │ │ │ │ ├── cronJob.libsonnet │ │ │ │ ├── cronJobSpec.libsonnet │ │ │ │ ├── cronJobStatus.libsonnet │ │ │ │ ├── job.libsonnet │ │ │ │ ├── jobCondition.libsonnet │ │ │ │ ├── jobSpec.libsonnet │ │ │ │ ├── jobStatus.libsonnet │ │ │ │ ├── jobTemplateSpec.libsonnet │ │ │ │ ├── main.libsonnet │ │ │ │ ├── podFailurePolicy.libsonnet │ │ │ │ ├── podFailurePolicyOnExitCodesRequirement.libsonnet │ │ │ │ ├── podFailurePolicyOnPodConditionsPattern.libsonnet │ │ │ │ ├── podFailurePolicyRule.libsonnet │ │ │ │ └── uncountedTerminatedPods.libsonnet │ │ ├── certificates │ │ │ ├── main.libsonnet │ │ │ ├── v1 │ │ │ │ ├── certificateSigningRequest.libsonnet │ │ │ │ ├── certificateSigningRequestCondition.libsonnet │ │ │ │ ├── certificateSigningRequestSpec.libsonnet │ │ │ │ ├── certificateSigningRequestStatus.libsonnet │ │ │ │ └── main.libsonnet │ │ │ └── v1alpha1 │ │ │ │ ├── clusterTrustBundle.libsonnet │ │ │ │ ├── clusterTrustBundleSpec.libsonnet │ │ │ │ └── main.libsonnet │ │ ├── coordination │ │ │ ├── main.libsonnet │ │ │ └── v1 │ │ │ │ ├── lease.libsonnet │ │ │ │ ├── leaseSpec.libsonnet │ │ │ │ └── main.libsonnet │ │ ├── core │ │ │ ├── main.libsonnet │ │ │ └── v1 │ │ │ │ ├── affinity.libsonnet │ │ │ │ ├── attachedVolume.libsonnet │ │ │ │ ├── awsElasticBlockStoreVolumeSource.libsonnet │ │ │ │ ├── azureDiskVolumeSource.libsonnet │ │ │ │ ├── azureFilePersistentVolumeSource.libsonnet │ │ │ │ ├── azureFileVolumeSource.libsonnet │ │ │ │ ├── binding.libsonnet │ │ │ │ ├── capabilities.libsonnet │ │ │ │ ├── cephFSPersistentVolumeSource.libsonnet │ │ │ │ ├── cephFSVolumeSource.libsonnet │ │ │ │ ├── cinderPersistentVolumeSource.libsonnet │ │ │ │ ├── cinderVolumeSource.libsonnet │ │ │ │ ├── claimSource.libsonnet │ │ │ │ ├── clientIPConfig.libsonnet │ │ │ │ ├── componentCondition.libsonnet │ │ │ │ ├── componentStatus.libsonnet │ │ │ │ ├── configMap.libsonnet │ │ │ │ ├── configMapEnvSource.libsonnet │ │ │ │ ├── configMapKeySelector.libsonnet │ │ │ │ ├── configMapNodeConfigSource.libsonnet │ │ │ │ ├── configMapProjection.libsonnet │ │ │ │ ├── configMapVolumeSource.libsonnet │ │ │ │ ├── container.libsonnet │ │ │ │ ├── containerImage.libsonnet │ │ │ │ ├── containerPort.libsonnet │ │ │ │ ├── containerResizePolicy.libsonnet │ │ │ │ ├── containerState.libsonnet │ │ │ │ ├── containerStateRunning.libsonnet │ │ │ │ ├── containerStateTerminated.libsonnet │ │ │ │ ├── containerStateWaiting.libsonnet │ │ │ │ ├── containerStatus.libsonnet │ │ │ │ ├── csiPersistentVolumeSource.libsonnet │ │ │ │ ├── csiVolumeSource.libsonnet │ │ │ │ ├── daemonEndpoint.libsonnet │ │ │ │ ├── downwardAPIProjection.libsonnet │ │ │ │ ├── downwardAPIVolumeFile.libsonnet │ │ │ │ ├── downwardAPIVolumeSource.libsonnet │ │ │ │ ├── emptyDirVolumeSource.libsonnet │ │ │ │ ├── endpointAddress.libsonnet │ │ │ │ ├── endpointPort.libsonnet │ │ │ │ ├── endpointSubset.libsonnet │ │ │ │ ├── endpoints.libsonnet │ │ │ │ ├── envFromSource.libsonnet │ │ │ │ ├── envVar.libsonnet │ │ │ │ ├── envVarSource.libsonnet │ │ │ │ ├── ephemeralContainer.libsonnet │ │ │ │ ├── ephemeralVolumeSource.libsonnet │ │ │ │ ├── event.libsonnet │ │ │ │ ├── eventSeries.libsonnet │ │ │ │ ├── eventSource.libsonnet │ │ │ │ ├── execAction.libsonnet │ │ │ │ ├── fcVolumeSource.libsonnet │ │ │ │ ├── flexPersistentVolumeSource.libsonnet │ │ │ │ ├── flexVolumeSource.libsonnet │ │ │ │ ├── flockerVolumeSource.libsonnet │ │ │ │ ├── gcePersistentDiskVolumeSource.libsonnet │ │ │ │ ├── gitRepoVolumeSource.libsonnet │ │ │ │ ├── glusterfsPersistentVolumeSource.libsonnet │ │ │ │ ├── glusterfsVolumeSource.libsonnet │ │ │ │ ├── grpcAction.libsonnet │ │ │ │ ├── hostAlias.libsonnet │ │ │ │ ├── hostPathVolumeSource.libsonnet │ │ │ │ ├── httpGetAction.libsonnet │ │ │ │ ├── httpHeader.libsonnet │ │ │ │ ├── iscsiPersistentVolumeSource.libsonnet │ │ │ │ ├── iscsiVolumeSource.libsonnet │ │ │ │ ├── keyToPath.libsonnet │ │ │ │ ├── lifecycle.libsonnet │ │ │ │ ├── lifecycleHandler.libsonnet │ │ │ │ ├── limitRange.libsonnet │ │ │ │ ├── limitRangeItem.libsonnet │ │ │ │ ├── limitRangeSpec.libsonnet │ │ │ │ ├── loadBalancerIngress.libsonnet │ │ │ │ ├── loadBalancerStatus.libsonnet │ │ │ │ ├── localObjectReference.libsonnet │ │ │ │ ├── localVolumeSource.libsonnet │ │ │ │ ├── main.libsonnet │ │ │ │ ├── namespace.libsonnet │ │ │ │ ├── namespaceCondition.libsonnet │ │ │ │ ├── namespaceSpec.libsonnet │ │ │ │ ├── namespaceStatus.libsonnet │ │ │ │ ├── nfsVolumeSource.libsonnet │ │ │ │ ├── node.libsonnet │ │ │ │ ├── nodeAddress.libsonnet │ │ │ │ ├── nodeAffinity.libsonnet │ │ │ │ ├── nodeCondition.libsonnet │ │ │ │ ├── nodeConfigSource.libsonnet │ │ │ │ ├── nodeConfigStatus.libsonnet │ │ │ │ ├── nodeDaemonEndpoints.libsonnet │ │ │ │ ├── nodeSelector.libsonnet │ │ │ │ ├── nodeSelectorRequirement.libsonnet │ │ │ │ ├── nodeSelectorTerm.libsonnet │ │ │ │ ├── nodeSpec.libsonnet │ │ │ │ ├── nodeStatus.libsonnet │ │ │ │ ├── nodeSystemInfo.libsonnet │ │ │ │ ├── objectFieldSelector.libsonnet │ │ │ │ ├── objectReference.libsonnet │ │ │ │ ├── persistentVolume.libsonnet │ │ │ │ ├── persistentVolumeClaim.libsonnet │ │ │ │ ├── persistentVolumeClaimCondition.libsonnet │ │ │ │ ├── persistentVolumeClaimSpec.libsonnet │ │ │ │ ├── persistentVolumeClaimStatus.libsonnet │ │ │ │ ├── persistentVolumeClaimTemplate.libsonnet │ │ │ │ ├── persistentVolumeClaimVolumeSource.libsonnet │ │ │ │ ├── persistentVolumeSpec.libsonnet │ │ │ │ ├── persistentVolumeStatus.libsonnet │ │ │ │ ├── photonPersistentDiskVolumeSource.libsonnet │ │ │ │ ├── pod.libsonnet │ │ │ │ ├── podAffinity.libsonnet │ │ │ │ ├── podAffinityTerm.libsonnet │ │ │ │ ├── podAntiAffinity.libsonnet │ │ │ │ ├── podCondition.libsonnet │ │ │ │ ├── podDNSConfig.libsonnet │ │ │ │ ├── podDNSConfigOption.libsonnet │ │ │ │ ├── podIP.libsonnet │ │ │ │ ├── podOS.libsonnet │ │ │ │ ├── podReadinessGate.libsonnet │ │ │ │ ├── podResourceClaim.libsonnet │ │ │ │ ├── podSchedulingGate.libsonnet │ │ │ │ ├── podSecurityContext.libsonnet │ │ │ │ ├── podSpec.libsonnet │ │ │ │ ├── podStatus.libsonnet │ │ │ │ ├── podTemplate.libsonnet │ │ │ │ ├── podTemplateSpec.libsonnet │ │ │ │ ├── portStatus.libsonnet │ │ │ │ ├── portworxVolumeSource.libsonnet │ │ │ │ ├── preferredSchedulingTerm.libsonnet │ │ │ │ ├── probe.libsonnet │ │ │ │ ├── projectedVolumeSource.libsonnet │ │ │ │ ├── quobyteVolumeSource.libsonnet │ │ │ │ ├── rbdPersistentVolumeSource.libsonnet │ │ │ │ ├── rbdVolumeSource.libsonnet │ │ │ │ ├── replicationController.libsonnet │ │ │ │ ├── replicationControllerCondition.libsonnet │ │ │ │ ├── replicationControllerSpec.libsonnet │ │ │ │ ├── replicationControllerStatus.libsonnet │ │ │ │ ├── resourceClaim.libsonnet │ │ │ │ ├── resourceFieldSelector.libsonnet │ │ │ │ ├── resourceQuota.libsonnet │ │ │ │ ├── resourceQuotaSpec.libsonnet │ │ │ │ ├── resourceQuotaStatus.libsonnet │ │ │ │ ├── resourceRequirements.libsonnet │ │ │ │ ├── scaleIOPersistentVolumeSource.libsonnet │ │ │ │ ├── scaleIOVolumeSource.libsonnet │ │ │ │ ├── scopeSelector.libsonnet │ │ │ │ ├── scopedResourceSelectorRequirement.libsonnet │ │ │ │ ├── seLinuxOptions.libsonnet │ │ │ │ ├── seccompProfile.libsonnet │ │ │ │ ├── secret.libsonnet │ │ │ │ ├── secretEnvSource.libsonnet │ │ │ │ ├── secretKeySelector.libsonnet │ │ │ │ ├── secretProjection.libsonnet │ │ │ │ ├── secretReference.libsonnet │ │ │ │ ├── secretVolumeSource.libsonnet │ │ │ │ ├── securityContext.libsonnet │ │ │ │ ├── service.libsonnet │ │ │ │ ├── serviceAccount.libsonnet │ │ │ │ ├── serviceAccountTokenProjection.libsonnet │ │ │ │ ├── servicePort.libsonnet │ │ │ │ ├── serviceSpec.libsonnet │ │ │ │ ├── serviceStatus.libsonnet │ │ │ │ ├── sessionAffinityConfig.libsonnet │ │ │ │ ├── storageOSPersistentVolumeSource.libsonnet │ │ │ │ ├── storageOSVolumeSource.libsonnet │ │ │ │ ├── sysctl.libsonnet │ │ │ │ ├── taint.libsonnet │ │ │ │ ├── tcpSocketAction.libsonnet │ │ │ │ ├── toleration.libsonnet │ │ │ │ ├── topologySelectorLabelRequirement.libsonnet │ │ │ │ ├── topologySelectorTerm.libsonnet │ │ │ │ ├── topologySpreadConstraint.libsonnet │ │ │ │ ├── typedLocalObjectReference.libsonnet │ │ │ │ ├── typedObjectReference.libsonnet │ │ │ │ ├── volume.libsonnet │ │ │ │ ├── volumeDevice.libsonnet │ │ │ │ ├── volumeMount.libsonnet │ │ │ │ ├── volumeNodeAffinity.libsonnet │ │ │ │ ├── volumeProjection.libsonnet │ │ │ │ ├── vsphereVirtualDiskVolumeSource.libsonnet │ │ │ │ ├── weightedPodAffinityTerm.libsonnet │ │ │ │ └── windowsSecurityContextOptions.libsonnet │ │ ├── discovery │ │ │ ├── main.libsonnet │ │ │ └── v1 │ │ │ │ ├── endpoint.libsonnet │ │ │ │ ├── endpointConditions.libsonnet │ │ │ │ ├── endpointHints.libsonnet │ │ │ │ ├── endpointPort.libsonnet │ │ │ │ ├── endpointSlice.libsonnet │ │ │ │ ├── forZone.libsonnet │ │ │ │ └── main.libsonnet │ │ ├── events │ │ │ ├── main.libsonnet │ │ │ └── v1 │ │ │ │ ├── event.libsonnet │ │ │ │ ├── eventSeries.libsonnet │ │ │ │ └── main.libsonnet │ │ ├── flowcontrol │ │ │ ├── main.libsonnet │ │ │ ├── v1beta2 │ │ │ │ ├── flowDistinguisherMethod.libsonnet │ │ │ │ ├── flowSchema.libsonnet │ │ │ │ ├── flowSchemaCondition.libsonnet │ │ │ │ ├── flowSchemaSpec.libsonnet │ │ │ │ ├── flowSchemaStatus.libsonnet │ │ │ │ ├── groupSubject.libsonnet │ │ │ │ ├── limitResponse.libsonnet │ │ │ │ ├── limitedPriorityLevelConfiguration.libsonnet │ │ │ │ ├── main.libsonnet │ │ │ │ ├── nonResourcePolicyRule.libsonnet │ │ │ │ ├── policyRulesWithSubjects.libsonnet │ │ │ │ ├── priorityLevelConfiguration.libsonnet │ │ │ │ ├── priorityLevelConfigurationCondition.libsonnet │ │ │ │ ├── priorityLevelConfigurationReference.libsonnet │ │ │ │ ├── priorityLevelConfigurationSpec.libsonnet │ │ │ │ ├── priorityLevelConfigurationStatus.libsonnet │ │ │ │ ├── queuingConfiguration.libsonnet │ │ │ │ ├── resourcePolicyRule.libsonnet │ │ │ │ ├── serviceAccountSubject.libsonnet │ │ │ │ ├── subject.libsonnet │ │ │ │ └── userSubject.libsonnet │ │ │ └── v1beta3 │ │ │ │ ├── flowDistinguisherMethod.libsonnet │ │ │ │ ├── flowSchema.libsonnet │ │ │ │ ├── flowSchemaCondition.libsonnet │ │ │ │ ├── flowSchemaSpec.libsonnet │ │ │ │ ├── flowSchemaStatus.libsonnet │ │ │ │ ├── groupSubject.libsonnet │ │ │ │ ├── limitResponse.libsonnet │ │ │ │ ├── limitedPriorityLevelConfiguration.libsonnet │ │ │ │ ├── main.libsonnet │ │ │ │ ├── nonResourcePolicyRule.libsonnet │ │ │ │ ├── policyRulesWithSubjects.libsonnet │ │ │ │ ├── priorityLevelConfiguration.libsonnet │ │ │ │ ├── priorityLevelConfigurationCondition.libsonnet │ │ │ │ ├── priorityLevelConfigurationReference.libsonnet │ │ │ │ ├── priorityLevelConfigurationSpec.libsonnet │ │ │ │ ├── priorityLevelConfigurationStatus.libsonnet │ │ │ │ ├── queuingConfiguration.libsonnet │ │ │ │ ├── resourcePolicyRule.libsonnet │ │ │ │ ├── serviceAccountSubject.libsonnet │ │ │ │ ├── subject.libsonnet │ │ │ │ └── userSubject.libsonnet │ │ ├── meta │ │ │ ├── main.libsonnet │ │ │ └── v1 │ │ │ │ ├── apiGroup.libsonnet │ │ │ │ ├── apiGroupList.libsonnet │ │ │ │ ├── apiResource.libsonnet │ │ │ │ ├── apiResourceList.libsonnet │ │ │ │ ├── apiVersions.libsonnet │ │ │ │ ├── condition.libsonnet │ │ │ │ ├── deleteOptions.libsonnet │ │ │ │ ├── fieldsV1.libsonnet │ │ │ │ ├── groupVersionForDiscovery.libsonnet │ │ │ │ ├── labelSelector.libsonnet │ │ │ │ ├── labelSelectorRequirement.libsonnet │ │ │ │ ├── listMeta.libsonnet │ │ │ │ ├── main.libsonnet │ │ │ │ ├── managedFieldsEntry.libsonnet │ │ │ │ ├── microTime.libsonnet │ │ │ │ ├── objectMeta.libsonnet │ │ │ │ ├── ownerReference.libsonnet │ │ │ │ ├── patch.libsonnet │ │ │ │ ├── preconditions.libsonnet │ │ │ │ ├── serverAddressByClientCIDR.libsonnet │ │ │ │ ├── statusCause.libsonnet │ │ │ │ ├── statusDetails.libsonnet │ │ │ │ ├── time.libsonnet │ │ │ │ └── watchEvent.libsonnet │ │ ├── networking │ │ │ ├── main.libsonnet │ │ │ ├── v1 │ │ │ │ ├── httpIngressPath.libsonnet │ │ │ │ ├── httpIngressRuleValue.libsonnet │ │ │ │ ├── ingress.libsonnet │ │ │ │ ├── ingressBackend.libsonnet │ │ │ │ ├── ingressClass.libsonnet │ │ │ │ ├── ingressClassParametersReference.libsonnet │ │ │ │ ├── ingressClassSpec.libsonnet │ │ │ │ ├── ingressLoadBalancerIngress.libsonnet │ │ │ │ ├── ingressLoadBalancerStatus.libsonnet │ │ │ │ ├── ingressPortStatus.libsonnet │ │ │ │ ├── ingressRule.libsonnet │ │ │ │ ├── ingressServiceBackend.libsonnet │ │ │ │ ├── ingressSpec.libsonnet │ │ │ │ ├── ingressStatus.libsonnet │ │ │ │ ├── ingressTLS.libsonnet │ │ │ │ ├── ipBlock.libsonnet │ │ │ │ ├── main.libsonnet │ │ │ │ ├── networkPolicy.libsonnet │ │ │ │ ├── networkPolicyEgressRule.libsonnet │ │ │ │ ├── networkPolicyIngressRule.libsonnet │ │ │ │ ├── networkPolicyPeer.libsonnet │ │ │ │ ├── networkPolicyPort.libsonnet │ │ │ │ ├── networkPolicySpec.libsonnet │ │ │ │ ├── networkPolicyStatus.libsonnet │ │ │ │ └── serviceBackendPort.libsonnet │ │ │ └── v1alpha1 │ │ │ │ ├── clusterCIDR.libsonnet │ │ │ │ ├── clusterCIDRSpec.libsonnet │ │ │ │ ├── ipAddress.libsonnet │ │ │ │ ├── ipAddressSpec.libsonnet │ │ │ │ ├── main.libsonnet │ │ │ │ └── parentReference.libsonnet │ │ ├── node │ │ │ ├── main.libsonnet │ │ │ └── v1 │ │ │ │ ├── main.libsonnet │ │ │ │ ├── overhead.libsonnet │ │ │ │ ├── runtimeClass.libsonnet │ │ │ │ └── scheduling.libsonnet │ │ ├── policy │ │ │ ├── main.libsonnet │ │ │ └── v1 │ │ │ │ ├── eviction.libsonnet │ │ │ │ ├── main.libsonnet │ │ │ │ ├── podDisruptionBudget.libsonnet │ │ │ │ ├── podDisruptionBudgetSpec.libsonnet │ │ │ │ └── podDisruptionBudgetStatus.libsonnet │ │ ├── rbac │ │ │ ├── main.libsonnet │ │ │ └── v1 │ │ │ │ ├── aggregationRule.libsonnet │ │ │ │ ├── clusterRole.libsonnet │ │ │ │ ├── clusterRoleBinding.libsonnet │ │ │ │ ├── main.libsonnet │ │ │ │ ├── policyRule.libsonnet │ │ │ │ ├── role.libsonnet │ │ │ │ ├── roleBinding.libsonnet │ │ │ │ ├── roleRef.libsonnet │ │ │ │ └── subject.libsonnet │ │ ├── resource │ │ │ ├── main.libsonnet │ │ │ └── v1alpha2 │ │ │ │ ├── allocationResult.libsonnet │ │ │ │ ├── main.libsonnet │ │ │ │ ├── podSchedulingContext.libsonnet │ │ │ │ ├── podSchedulingContextSpec.libsonnet │ │ │ │ ├── podSchedulingContextStatus.libsonnet │ │ │ │ ├── resourceClaim.libsonnet │ │ │ │ ├── resourceClaimConsumerReference.libsonnet │ │ │ │ ├── resourceClaimParametersReference.libsonnet │ │ │ │ ├── resourceClaimSchedulingStatus.libsonnet │ │ │ │ ├── resourceClaimSpec.libsonnet │ │ │ │ ├── resourceClaimStatus.libsonnet │ │ │ │ ├── resourceClaimTemplate.libsonnet │ │ │ │ ├── resourceClaimTemplateSpec.libsonnet │ │ │ │ ├── resourceClass.libsonnet │ │ │ │ ├── resourceClassParametersReference.libsonnet │ │ │ │ └── resourceHandle.libsonnet │ │ ├── scheduling │ │ │ ├── main.libsonnet │ │ │ └── v1 │ │ │ │ ├── main.libsonnet │ │ │ │ └── priorityClass.libsonnet │ │ └── storage │ │ │ ├── main.libsonnet │ │ │ └── v1 │ │ │ ├── csiDriver.libsonnet │ │ │ ├── csiDriverSpec.libsonnet │ │ │ ├── csiNode.libsonnet │ │ │ ├── csiNodeDriver.libsonnet │ │ │ ├── csiNodeSpec.libsonnet │ │ │ ├── csiStorageCapacity.libsonnet │ │ │ ├── main.libsonnet │ │ │ ├── storageClass.libsonnet │ │ │ ├── tokenRequest.libsonnet │ │ │ ├── volumeAttachment.libsonnet │ │ │ ├── volumeAttachmentSource.libsonnet │ │ │ ├── volumeAttachmentSpec.libsonnet │ │ │ ├── volumeAttachmentStatus.libsonnet │ │ │ ├── volumeError.libsonnet │ │ │ └── volumeNodeResources.libsonnet │ │ ├── gen.libsonnet │ │ └── main.libsonnet │ └── ksonnet-util ├── apps ├── .template │ ├── .gitignore │ ├── main.go │ └── templates │ │ ├── _tenant │ │ ├── base │ │ │ ├── .tenant-disabled.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ └── shared │ │ │ ├── .tenant-disabled.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ └── app │ │ ├── base │ │ ├── kcl.mod │ │ ├── main.k │ │ └── values.yaml │ │ └── mgmt │ │ ├── .app-disabled.yaml │ │ ├── kcl.mod │ │ ├── main.k │ │ └── values.yaml ├── argo │ ├── _tenant │ │ ├── base │ │ │ ├── .tenant.yaml │ │ │ ├── kcl.mod │ │ │ ├── kcl.mod.lock │ │ │ └── main.k │ │ └── shared │ │ │ ├── .tenant.yaml │ │ │ ├── kcl.mod │ │ │ ├── kcl.mod.lock │ │ │ └── main.k │ └── cd │ │ ├── base │ │ ├── kcl.mod │ │ ├── kcl.mod.lock │ │ ├── main.k │ │ └── values.yaml │ │ └── mgmt │ │ ├── .app.yaml │ │ ├── kcl.mod │ │ ├── kcl.mod.lock │ │ ├── main.k │ │ └── values.yaml ├── cilium │ ├── _tenant │ │ ├── base │ │ │ ├── .tenant.yaml │ │ │ ├── kcl.mod │ │ │ ├── kcl.mod.lock │ │ │ └── main.k │ │ └── shared │ │ │ ├── .tenant.yaml │ │ │ ├── kcl.mod │ │ │ ├── kcl.mod.lock │ │ │ └── main.k │ └── system │ │ ├── base │ │ ├── kcl.mod │ │ ├── kcl.mod.lock │ │ ├── main.k │ │ └── values.yaml │ │ ├── mgmt │ │ ├── .app.yaml │ │ ├── kcl.mod │ │ ├── kcl.mod.lock │ │ ├── main.k │ │ └── values.yaml │ │ └── nas01 │ │ ├── .app.yaml │ │ ├── kcl.mod │ │ ├── kcl.mod.lock │ │ ├── main.k │ │ └── values.yaml ├── external │ ├── _tenant │ │ ├── base │ │ │ ├── .tenant.yaml │ │ │ ├── kcl.mod │ │ │ ├── kcl.mod.lock │ │ │ └── main.k │ │ └── shared │ │ │ ├── .tenant.yaml │ │ │ ├── kcl.mod │ │ │ ├── kcl.mod.lock │ │ │ └── main.k │ ├── certs │ │ ├── base │ │ │ ├── kcl.mod │ │ │ ├── kcl.mod.lock │ │ │ ├── main.k │ │ │ └── values.yaml │ │ ├── mgmt │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ ├── kcl.mod.lock │ │ │ └── main.k │ │ └── nas01 │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ ├── kcl.mod.lock │ │ │ └── main.k │ ├── dns │ │ ├── base │ │ │ ├── kcl.mod │ │ │ ├── kcl.mod.lock │ │ │ ├── main.k │ │ │ └── values.yaml │ │ ├── mgmt │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ ├── kcl.mod.lock │ │ │ └── main.k │ │ └── nas01 │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ ├── kcl.mod.lock │ │ │ └── main.k │ └── secrets │ │ ├── base │ │ ├── kcl.mod │ │ ├── kcl.mod.lock │ │ ├── main.k │ │ └── values.yaml │ │ ├── mgmt │ │ ├── .app.yaml │ │ ├── kcl.mod │ │ ├── kcl.mod.lock │ │ └── main.k │ │ └── nas01 │ │ ├── .app.yaml │ │ ├── kcl.mod │ │ ├── kcl.mod.lock │ │ └── main.k ├── kube │ ├── _tenant │ │ ├── base │ │ │ ├── .tenant.yaml │ │ │ ├── kcl.mod │ │ │ ├── kcl.mod.lock │ │ │ └── main.k │ │ └── shared │ │ │ ├── .tenant.yaml │ │ │ ├── kcl.mod │ │ │ ├── kcl.mod.lock │ │ │ └── main.k │ ├── csr-approver │ │ ├── base │ │ │ ├── kcl.mod │ │ │ ├── kcl.mod.lock │ │ │ └── main.k │ │ └── mgmt │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ ├── kcl.mod.lock │ │ │ └── main.k │ ├── descheduler │ │ └── base │ │ │ ├── kcl.mod │ │ │ ├── kcl.mod.lock │ │ │ └── main.k │ └── dragonfly │ │ ├── base │ │ ├── kcl.mod │ │ ├── kcl.mod.lock │ │ ├── main.k │ │ └── values.yaml │ │ └── mgmt │ │ ├── .app.yaml │ │ ├── kcl.mod │ │ ├── kcl.mod.lock │ │ ├── main.k │ │ └── values.yaml └── o11y │ ├── _tenant │ ├── .argocd.yaml │ ├── kcl.mod │ ├── kcl.mod.lock │ └── main.k │ └── grafana │ ├── base │ ├── kcl.mod │ ├── kcl.mod.lock │ └── main.k │ └── home │ ├── .argocd.yaml │ ├── dashboards │ ├── argocd.json │ ├── grafana-cloud-usage.json │ ├── k8s-home.json │ ├── k8s-oversized-requests.json │ ├── k8s-system-api-server.json │ ├── k8s-system-coredns.json │ ├── k8s-views-global.json │ ├── k8s-views-namespaces.json │ ├── k8s-views-nodes.json │ ├── k8s-views-pods.json │ ├── node-exporter-full.json │ ├── pfsense-net-quality.json │ ├── servarr.json │ ├── windows-node-processes.json │ ├── windows-node.json │ └── windows-summary.json │ ├── kcl.mod │ ├── kcl.mod.lock │ └── main.k ├── appsets └── tenants.yaml ├── bootstrap └── core │ ├── base │ ├── kcl.mod │ ├── kcl.mod.lock │ └── main.k │ ├── mgmt │ ├── kcl.mod │ ├── kcl.mod.lock │ └── main.k │ └── nas01 │ ├── kcl.mod │ ├── kcl.mod.lock │ └── main.k ├── charts ├── argo_cd │ ├── api │ │ └── v1alpha1 │ │ │ ├── argoproj_io_v1alpha1_app_project.k │ │ │ ├── argoproj_io_v1alpha1_application.k │ │ │ └── argoproj_io_v1alpha1_application_set.k │ ├── chart.k │ ├── values.schema.json │ └── values.schema.k ├── cert_manager │ ├── api │ │ └── v1 │ │ │ ├── acme_cert_manager_io_v1_challenge.k │ │ │ ├── acme_cert_manager_io_v1_order.k │ │ │ ├── cert_manager_io_v1_certificate.k │ │ │ ├── cert_manager_io_v1_certificate_request.k │ │ │ ├── cert_manager_io_v1_cluster_issuer.k │ │ │ └── cert_manager_io_v1_issuer.k │ ├── chart.k │ ├── values.schema.json │ └── values.schema.k ├── charts.k ├── cilium │ ├── api │ │ ├── v2 │ │ │ ├── cilium_io_v2_cilium_clusterwide_envoy_config.k │ │ │ ├── cilium_io_v2_cilium_clusterwide_network_policy.k │ │ │ ├── cilium_io_v2_cilium_egress_gateway_policy.k │ │ │ ├── cilium_io_v2_cilium_endpoint.k │ │ │ ├── cilium_io_v2_cilium_envoy_config.k │ │ │ ├── cilium_io_v2_cilium_external_workload.k │ │ │ ├── cilium_io_v2_cilium_identity.k │ │ │ ├── cilium_io_v2_cilium_local_redirect_policy.k │ │ │ ├── cilium_io_v2_cilium_network_policy.k │ │ │ ├── cilium_io_v2_cilium_node.k │ │ │ └── cilium_io_v2_cilium_node_config.k │ │ └── v2alpha1 │ │ │ ├── cilium_io_v2alpha1_cilium_b_g_p_advertisement.k │ │ │ ├── cilium_io_v2alpha1_cilium_b_g_p_cluster_config.k │ │ │ ├── cilium_io_v2alpha1_cilium_b_g_p_node_config.k │ │ │ ├── cilium_io_v2alpha1_cilium_b_g_p_node_config_override.k │ │ │ ├── cilium_io_v2alpha1_cilium_b_g_p_peer_config.k │ │ │ ├── cilium_io_v2alpha1_cilium_b_g_p_peering_policy.k │ │ │ ├── cilium_io_v2alpha1_cilium_c_id_r_group.k │ │ │ ├── cilium_io_v2alpha1_cilium_endpoint_slice.k │ │ │ ├── cilium_io_v2alpha1_cilium_l2_announcement_policy.k │ │ │ ├── cilium_io_v2alpha1_cilium_load_balancer_ip_pool.k │ │ │ ├── cilium_io_v2alpha1_cilium_node_config.k │ │ │ └── cilium_io_v2alpha1_cilium_pod_ip_pool.k │ ├── chart.k │ ├── values.schema.json │ └── values.schema.k ├── descheduler │ ├── chart.k │ ├── values.schema.json │ └── values.schema.k ├── dragonfly_operator │ ├── api │ │ └── v1alpha1 │ │ │ └── dragonflydb_io_v1alpha1_dragonfly_swagger.k │ ├── chart.k │ ├── values.schema.json │ └── values.schema.k ├── external_dns │ ├── api │ │ └── v1alpha1 │ │ │ └── externaldns_k8s_io_v1alpha1_dns_endpoint.k │ ├── chart.k │ ├── values.schema.json │ └── values.schema.k ├── external_secrets │ ├── api │ │ ├── v1alpha1 │ │ │ ├── external_secrets_io_v1alpha1_push_secret.k │ │ │ ├── generators_external_secrets_io_v1alpha1_a_c_r_access_token.k │ │ │ ├── generators_external_secrets_io_v1alpha1_cluster_generator.k │ │ │ ├── generators_external_secrets_io_v1alpha1_e_c_r_authorization_token.k │ │ │ ├── generators_external_secrets_io_v1alpha1_fake.k │ │ │ ├── generators_external_secrets_io_v1alpha1_g_c_r_access_token.k │ │ │ ├── generators_external_secrets_io_v1alpha1_generator_state.k │ │ │ ├── generators_external_secrets_io_v1alpha1_github_access_token.k │ │ │ ├── generators_external_secrets_io_v1alpha1_grafana.k │ │ │ ├── generators_external_secrets_io_v1alpha1_password.k │ │ │ ├── generators_external_secrets_io_v1alpha1_quay_access_token.k │ │ │ ├── generators_external_secrets_io_v1alpha1_s_t_s_session_token.k │ │ │ ├── generators_external_secrets_io_v1alpha1_uuid.k │ │ │ ├── generators_external_secrets_io_v1alpha1_vault_dynamic_secret.k │ │ │ └── generators_external_secrets_io_v1alpha1_webhook.k │ │ └── v1beta1 │ │ │ ├── external_secrets_io_v1beta1_cluster_external_secret.k │ │ │ ├── external_secrets_io_v1beta1_cluster_secret_store.k │ │ │ ├── external_secrets_io_v1beta1_external_secret.k │ │ │ └── external_secrets_io_v1beta1_secret_store.k │ ├── chart.k │ ├── values.schema.json │ └── values.schema.k ├── grafana_operator │ ├── api │ │ └── v1beta1 │ │ │ ├── grafana_integreatly_org_v1beta1_grafana.k │ │ │ ├── grafana_integreatly_org_v1beta1_grafana_alert_rule_group.k │ │ │ ├── grafana_integreatly_org_v1beta1_grafana_contact_point.k │ │ │ ├── grafana_integreatly_org_v1beta1_grafana_dashboard.k │ │ │ ├── grafana_integreatly_org_v1beta1_grafana_datasource.k │ │ │ ├── grafana_integreatly_org_v1beta1_grafana_folder.k │ │ │ ├── grafana_integreatly_org_v1beta1_grafana_notification_policy.k │ │ │ └── grafana_integreatly_org_v1beta1_grafana_notification_template.k │ ├── chart.k │ ├── values.schema.json │ └── values.schema.k ├── kcl.mod ├── kcl.mod.lock └── kubelet_csr_approver │ ├── chart.k │ ├── values.schema.json │ └── values.schema.k ├── clusters ├── main │ ├── .gitignore │ ├── talconfig.yaml │ └── talsecret.yaml ├── mgmt │ ├── .gitignore │ ├── kcl.mod │ ├── kcl.mod.lock │ ├── main.k │ ├── talconfig.yaml │ └── talsecret.yaml └── nas01 │ ├── kcl.mod │ ├── kcl.mod.lock │ └── main.k ├── devbox.json ├── devbox.lock ├── docs ├── bgp │ └── udm-bgp.md ├── dns │ ├── .drawio │ │ └── dns.drawio │ ├── README.md │ └── img │ │ └── dns.png ├── img │ ├── k8shappy.png │ ├── k8shappy.svg │ ├── k8spega.png │ ├── k8spega.svg │ ├── k8spega_sq.png │ ├── peepoK8S.png │ └── peepoK8S.svg ├── storage │ ├── drive-cloning.md │ ├── drive-erasure.md │ ├── hdd-burn-in.md │ └── rclone-copy.md ├── topology │ ├── .drawio │ │ └── cluster.drawio │ ├── cluster.md │ ├── img │ │ └── cluster.png │ └── network.md ├── truenas-scale │ ├── jails │ │ ├── README.md │ │ └── k3s │ │ │ └── config │ ├── k3s │ │ ├── README.md │ │ └── configuration.nix │ └── on-boot.sh └── turing-pi │ ├── rk1.md │ ├── setup.md │ ├── talos.md │ └── v1-to-v2-upgrade.md ├── go.mod ├── go.work ├── go.work.sum ├── konfig ├── README.md ├── kcl.mod ├── kcl.mod.lock ├── models │ ├── backend │ │ ├── app_backend.k │ │ ├── shared_app_backend.k │ │ ├── tenant_backend.k │ │ └── tenant_patch.k │ ├── frontend │ │ ├── app.k │ │ ├── common │ │ │ ├── metadata.k │ │ │ └── reference.k │ │ ├── configmap │ │ │ └── configmap.k │ │ ├── container │ │ │ └── env.k │ │ ├── grafana │ │ │ └── dashboard.k │ │ ├── ingress │ │ │ └── ingress.k │ │ ├── networkpolicy │ │ │ └── networkpolicy.k │ │ ├── patch.schema.json │ │ ├── rbac │ │ │ ├── cluster_role.k │ │ │ ├── cluster_role_binding.k │ │ │ ├── role.k │ │ │ └── role_binding.k │ │ ├── secret │ │ │ ├── externalsecret.k │ │ │ ├── secret.k │ │ │ └── secretstore.k │ │ ├── service │ │ │ └── service.k │ │ ├── serviceaccount │ │ │ └── service_account.k │ │ ├── shared_app.k │ │ ├── storage │ │ │ ├── database.k │ │ │ ├── objectstorage.k │ │ │ └── redis.k │ │ └── tenant.k │ ├── metadata │ │ └── metadata.k │ ├── mixins │ │ ├── chart_mixin.k │ │ ├── configmap_mixin.k │ │ ├── grafana_mixin.k │ │ ├── ingress_mixin.k │ │ ├── metadata_mixin.k │ │ ├── networkpolicy_mixin.k │ │ ├── rbac_mixin.k │ │ ├── secret_mixin.k │ │ ├── service_mixin.k │ │ ├── serviceaccount_mixin.k │ │ └── storage_mixin.k │ ├── protocol │ │ ├── app_protocol.k │ │ └── tenant_protocol.k │ ├── render │ │ └── render.k │ ├── resource │ │ └── resource.k │ ├── templates │ │ └── networkpolicy.k │ └── utils │ │ ├── app_metadata_builder.k │ │ ├── argocd_option_builder.k │ │ ├── dashboard_builder.k │ │ ├── env_builder.k │ │ └── metadata_builder.k ├── utils │ ├── dedent.k │ ├── file.k │ └── json_merge_patch.k └── vendored │ └── crossplane_provider_sql │ ├── README.md │ ├── crds │ └── provider-sql.yaml │ ├── kcl.mod │ ├── kcl.mod.lock │ ├── mssql │ └── v1alpha1 │ │ ├── mssql_sql_crossplane_io_v1alpha1_database.k │ │ ├── mssql_sql_crossplane_io_v1alpha1_grant.k │ │ ├── mssql_sql_crossplane_io_v1alpha1_provider_config.k │ │ ├── mssql_sql_crossplane_io_v1alpha1_provider_config_usage.k │ │ ├── mssql_sql_crossplane_io_v1alpha1_user.k │ │ ├── mysql_sql_crossplane_io_v1alpha1_database.k │ │ ├── mysql_sql_crossplane_io_v1alpha1_grant.k │ │ ├── mysql_sql_crossplane_io_v1alpha1_provider_config.k │ │ ├── mysql_sql_crossplane_io_v1alpha1_provider_config_usage.k │ │ └── mysql_sql_crossplane_io_v1alpha1_user.k │ └── postgres │ └── v1alpha1 │ ├── postgresql_sql_crossplane_io_v1alpha1_database.k │ ├── postgresql_sql_crossplane_io_v1alpha1_extension.k │ ├── postgresql_sql_crossplane_io_v1alpha1_grant.k │ ├── postgresql_sql_crossplane_io_v1alpha1_provider_config.k │ ├── postgresql_sql_crossplane_io_v1alpha1_provider_config_usage.k │ └── postgresql_sql_crossplane_io_v1alpha1_role.k ├── renovate.json └── terraform ├── hcloud-relay ├── .auto.tfvars.tpl ├── .terraform.lock.hcl ├── cloud-config.yaml ├── get_tfvars.sh ├── init.sh ├── main.tf ├── providers.tf └── variables.tf ├── hcloud-robot ├── .terraform.lock.hcl ├── README.md ├── extra-manifests │ ├── apps.yaml │ ├── argocd │ │ ├── get-install.sh │ │ ├── install.yaml │ │ └── kustomization.yaml │ ├── kustomization.yaml.tpl │ ├── namespaces │ │ ├── argocd.yaml │ │ └── kustomization.yaml │ └── secrets.yaml ├── main.tf ├── modules │ └── k3s │ │ ├── LICENSE │ │ ├── agents.tf │ │ ├── control_planes.tf │ │ ├── data.tf │ │ ├── init.tf │ │ ├── kube.tf.example │ │ ├── kubeconfig.tf │ │ ├── kustomization_backup.tf │ │ ├── kustomization_user.tf │ │ ├── kustomize │ │ ├── kured.yaml │ │ └── system-upgrade-controller.yaml │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── modules │ │ └── host │ │ │ ├── main.tf │ │ │ ├── out.tf │ │ │ ├── templates │ │ │ ├── cloud.cfg.tpl │ │ │ └── userdata.yaml.tpl │ │ │ └── variables.tf │ │ ├── output.tf │ │ ├── templates │ │ ├── autoscaler-cloudinit.yaml.tpl │ │ ├── autoscaler.yaml.tpl │ │ ├── calico.yaml.tpl │ │ ├── ccm.yaml.tpl │ │ ├── cert_manager.yaml.tpl │ │ ├── cilium.yaml.tpl │ │ ├── longhorn.yaml.tpl │ │ ├── nginx_ingress.yaml.tpl │ │ ├── plans.yaml.tpl │ │ ├── rancher.yaml.tpl │ │ └── traefik_config.yaml.tpl │ │ ├── variables.tf │ │ └── versions.tf └── variables.tf ├── hcloud ├── .terraform.lock.hcl ├── extra-manifests │ ├── apps.yaml │ ├── argocd │ │ ├── get-install.sh │ │ ├── install.yaml │ │ └── kustomization.yaml │ ├── ccm-networks.yaml │ ├── kustomization.yaml.tpl │ ├── namespaces │ │ ├── argocd.yaml │ │ └── kustomization.yaml │ └── secrets.yaml ├── main.tf ├── modules │ └── floating-ip │ │ ├── main.tf │ │ ├── variables.tf │ │ └── versions.tf ├── output.tf └── versions.tf ├── home ├── .auto.tfvars.tpl ├── .terraform.lock.hcl ├── README.md ├── get_kubeconfig.sh ├── get_tfvars.sh ├── main.tf ├── modules │ ├── mikrotik-api │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ └── variables.tf │ ├── mikrotik │ │ ├── main.tf │ │ ├── providers.tf │ │ └── variables.tf │ └── truenas-k3s │ │ ├── main.tf │ │ ├── providers.tf │ │ └── variables.tf ├── nas01_k3s.tf ├── nas01_storage.tf ├── providers.tf ├── unifi.tf └── variables.tf ├── modules ├── truenas-common │ └── outputs.tf ├── truenas │ ├── dataset.tf │ ├── providers.tf │ └── variables.tf ├── unifi-common │ └── outputs.tf └── unifi │ ├── clients.tf │ ├── firewall.tf │ ├── ipv6.tf │ ├── lan.tf │ ├── outputs.tf │ ├── providers.tf │ ├── variables.tf │ └── wifi.tf └── remote-spr ├── .auto.tfvars.tpl ├── .terraform.lock.hcl ├── get_tfvars.sh ├── main.tf ├── providers.tf ├── unifi.tf └── variables.tf /.editorconfig: -------------------------------------------------------------------------------- 1 | # EditorConfig is awesome: https://EditorConfig.org 2 | 3 | # top-most EditorConfig file 4 | root = true 5 | 6 | [*] 7 | end_of_line = lf 8 | charset = utf-8 9 | insert_final_newline = true 10 | trim_trailing_whitespace = true 11 | -------------------------------------------------------------------------------- /.taskfiles/rook-ceph/scripts/wait-for-job.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | JOB=$1 4 | NAMESPACE="${2:-default}" 5 | 6 | [[ -z "${JOB}" ]] && echo "Job name not specified" && exit 1 7 | while true; do 8 | STATUS="$(kubectl -n "${NAMESPACE}" get pod -l job-name="${JOB}" -o jsonpath='{.items[*].status.phase}')" 9 | if [ "${STATUS}" == "Pending" ]; then 10 | break 11 | fi 12 | sleep 1 13 | done 14 | -------------------------------------------------------------------------------- /.vscode/settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "terminal.integrated.profiles.osx": { 3 | "devboxCompatibleShell": { 4 | "path": "/opt/homebrew/bin/fish", 5 | "args": [ 6 | "--no-config" 7 | ] 8 | } 9 | }, 10 | "terminal.integrated.defaultProfile.osx": "devboxCompatibleShell", 11 | "editor.inlayHints.enabled": "offUnlessPressed" 12 | } 13 | -------------------------------------------------------------------------------- /applications/.gitignore: -------------------------------------------------------------------------------- 1 | # Helm charts 2 | base/**/charts/ 3 | environments/**/charts/ 4 | Chart.lock 5 | -------------------------------------------------------------------------------- /applications/base/.gitignore: -------------------------------------------------------------------------------- 1 | **/charts 2 | -------------------------------------------------------------------------------- /applications/base/adguard-home/certs.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: Certificate 4 | metadata: 5 | name: dns-cert 6 | spec: 7 | secretName: dns-cert 8 | duration: 2160h0m0s # 90d 9 | renewBefore: 720h0m0s # 30d 10 | issuerRef: 11 | kind: ClusterIssuer 12 | name: cloudflare-issuer 13 | dnsNames: 14 | - dns.home.macro.network 15 | -------------------------------------------------------------------------------- /applications/base/adguard-home/config.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | [ 4 | k.core.v1.configMap.new('adguard-home-config', data={ 5 | 'AdGuardHome.yaml': (importstr 'AdGuardHome.yaml'), 6 | }), 7 | ] 8 | -------------------------------------------------------------------------------- /applications/base/adguard-home/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/adguard-home/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | local ingress = import 'ingress.libsonnet'; 5 | local config = import 'config.libsonnet'; 6 | local certs = std.parseYaml(importstr 'certs.yaml'); 7 | local netPolicy = std.parseYaml(importstr 'network-policy.yaml'); 8 | 9 | [ns] + ingress + config + certs + netPolicy 10 | -------------------------------------------------------------------------------- /applications/base/adguard-home/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('adguard-home') 4 | -------------------------------------------------------------------------------- /applications/base/argo-workflows/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/argo-workflows/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | local auth = std.parseYaml(importstr 'auth.yaml'); 5 | local ingress = import 'ingress.libsonnet'; 6 | local roles = import 'roles/main.libsonnet'; 7 | 8 | [ns] + auth + ingress + roles 9 | -------------------------------------------------------------------------------- /applications/base/argo-workflows/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('argo-workflows') 4 | -------------------------------------------------------------------------------- /applications/base/argo-workflows/roles/main.libsonnet: -------------------------------------------------------------------------------- 1 | [] 2 | + std.parseYaml(importstr 'read-only.yaml') 3 | -------------------------------------------------------------------------------- /applications/base/argocd/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | 3 | app.new( 4 | name='argocd', 5 | path='applications/base/argocd', 6 | namespace='argocd', 7 | ).withChart( 8 | name='argo-cd', 9 | repoURL='https://argoproj.github.io/argo-helm', 10 | targetRevision='7.8.7', 11 | releaseName='argocd', 12 | values='values.yaml' 13 | ) 14 | -------------------------------------------------------------------------------- /applications/base/argocd/secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1beta1 3 | kind: ExternalSecret 4 | metadata: 5 | name: argocd-credentials 6 | spec: 7 | secretStoreRef: 8 | kind: ClusterSecretStore 9 | name: default 10 | 11 | target: 12 | name: argocd-credentials 13 | 14 | data: 15 | - secretKey: redis-password 16 | remoteRef: 17 | key: ARGOCD_REDIS_PASSWORD 18 | -------------------------------------------------------------------------------- /applications/base/authentik-secrets/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | app.new( 5 | name='authentik-secrets', 6 | path='applications/base/authentik-secrets', 7 | namespace=ns.metadata.name, 8 | ) 9 | -------------------------------------------------------------------------------- /applications/base/authentik-secrets/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/authentik-secrets/main.jsonnet -J vendor 2 | 3 | local middleware = std.parseYaml(importstr 'middleware.yaml'); 4 | local rbac = std.parseYaml(importstr 'rbac.yaml'); 5 | 6 | middleware + rbac 7 | -------------------------------------------------------------------------------- /applications/base/authentik-secrets/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | import '../authentik/namespace.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/base/authentik/README.md: -------------------------------------------------------------------------------- 1 | # Authentik 2 | 3 | ## Bootstrapping 4 | 5 | Get started at: 6 | 7 | https:// /if/flow/initial-setup/ 8 | -------------------------------------------------------------------------------- /applications/base/authentik/auth/main.libsonnet: -------------------------------------------------------------------------------- 1 | [] 2 | + std.parseYaml(importstr 'provider-config.yaml') 3 | + std.parseYaml(importstr 'workspace-argo-workflows.yaml') 4 | + std.parseYaml(importstr 'workspace-argocd.yaml') 5 | + std.parseYaml(importstr 'workspace-grafana.yaml') 6 | + std.parseYaml(importstr 'workspace-ocis.yaml') 7 | + std.parseYaml(importstr 'workspace.yaml') 8 | + import 'vars.libsonnet' 9 | -------------------------------------------------------------------------------- /applications/base/authentik/database/database.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: postgresql.sql.crossplane.io/v1alpha1 3 | kind: Database 4 | metadata: 5 | name: authentik 6 | spec: 7 | deletionPolicy: Delete 8 | forProvider: 9 | owner: authentik 10 | encoding: utf8 11 | providerConfigRef: 12 | name: postgres-shared 13 | -------------------------------------------------------------------------------- /applications/base/authentik/database/main.libsonnet: -------------------------------------------------------------------------------- 1 | [] 2 | + std.parseYaml(importstr 'secrets.yaml') 3 | + std.parseYaml(importstr 'role.yaml') 4 | + std.parseYaml(importstr 'database.yaml') 5 | -------------------------------------------------------------------------------- /applications/base/authentik/database/secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1beta1 3 | kind: ExternalSecret 4 | metadata: 5 | name: authentik-database-credentials 6 | spec: 7 | secretStoreRef: 8 | kind: ClusterSecretStore 9 | name: default 10 | target: 11 | name: authentik-database-credentials 12 | data: 13 | - secretKey: AUTHENTIK_DB_PASS 14 | remoteRef: 15 | key: AUTHENTIK_DB_PASS 16 | -------------------------------------------------------------------------------- /applications/base/authentik/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('authentik') 4 | -------------------------------------------------------------------------------- /applications/base/beyla/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | app.new( 5 | name='beyla', 6 | path='applications/base/beyla', 7 | namespace=ns.metadata.name, 8 | ).withChart( 9 | name='beyla', 10 | repoURL='https://grafana.github.io/helm-charts', 11 | targetRevision='1.7.3', 12 | releaseName='beyla', 13 | values='values.yaml' 14 | ) 15 | -------------------------------------------------------------------------------- /applications/base/beyla/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/beyla/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | 5 | [ns] 6 | -------------------------------------------------------------------------------- /applications/base/beyla/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('beyla') 4 | -------------------------------------------------------------------------------- /applications/base/cert-manager/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/cert-manager/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | local secrets = std.parseYaml(importstr 'secrets.yaml'); 5 | local issuerSA = std.parseYaml(importstr 'issuer-sa.yaml'); 6 | local issuer = std.parseYaml(importstr 'issuer.yaml'); 7 | 8 | [ns] + secrets + issuerSA + issuer 9 | -------------------------------------------------------------------------------- /applications/base/cert-manager/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('cert-manager') 4 | -------------------------------------------------------------------------------- /applications/base/cilium/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/cilium/main.jsonnet -J vendor 2 | 3 | local policies = import 'policies/main.libsonnet'; 4 | local ingress = import 'ingress.libsonnet'; 5 | local vectorSidecar = std.parseYaml(importstr 'vector-sidecar.yaml'); 6 | local dashboards = std.parseYaml(importstr 'dashboards.yaml'); 7 | 8 | policies 9 | + ingress 10 | + vectorSidecar 11 | + dashboards 12 | -------------------------------------------------------------------------------- /applications/base/cilium/policies/ipam.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: "cilium.io/v2alpha1" 3 | kind: CiliumLoadBalancerIPPool 4 | metadata: 5 | name: main 6 | spec: 7 | cidrs: 8 | - cidr: "10.10.30.0/24" 9 | - cidr: "2603:6010:5300:ad0a::10:0/108" 10 | -------------------------------------------------------------------------------- /applications/base/cilium/policies/main.libsonnet: -------------------------------------------------------------------------------- 1 | [] 2 | + std.parseYaml(importstr 'bgp.yaml') 3 | + std.parseYaml(importstr 'ipam.yaml') 4 | -------------------------------------------------------------------------------- /applications/base/cloudnative-pg/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/cloudnative-pg/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | 5 | [ns] 6 | -------------------------------------------------------------------------------- /applications/base/cloudnative-pg/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('cloudnative-pg') 4 | -------------------------------------------------------------------------------- /applications/base/cloudnative-pg/values.yaml: -------------------------------------------------------------------------------- 1 | replicaCount: 2 2 | 3 | resources: {} 4 | 5 | monitoring: 6 | podMonitorEnabled: true 7 | -------------------------------------------------------------------------------- /applications/base/crossplane-packages/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | app.new( 5 | name='crossplane-packages', 6 | path='applications/base/crossplane-packages', 7 | namespace=ns.metadata.name, 8 | ) 9 | -------------------------------------------------------------------------------- /applications/base/crossplane-packages/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/crossplane-packages/main.jsonnet -J vendor 2 | 3 | local providers = import 'providers/main.libsonnet'; 4 | 5 | providers 6 | -------------------------------------------------------------------------------- /applications/base/crossplane-packages/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | import '../crossplane/namespace.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/base/crossplane-packages/providers/main.libsonnet: -------------------------------------------------------------------------------- 1 | [] 2 | + std.parseYaml(importstr 'authentik.yaml') 3 | + std.parseYaml(importstr 'kubernetes.yaml') 4 | + std.parseYaml(importstr 'sql.yaml') 5 | + std.parseYaml(importstr 'terraform.yaml') 6 | -------------------------------------------------------------------------------- /applications/base/crossplane/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/crossplane/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | 5 | [ns] 6 | -------------------------------------------------------------------------------- /applications/base/crossplane/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('crossplane') 4 | -------------------------------------------------------------------------------- /applications/base/crossplane/values.yaml: -------------------------------------------------------------------------------- 1 | webhooks: 2 | enabled: true 3 | 4 | rbacManager: 5 | deploy: true 6 | 7 | metrics: 8 | enabled: true 9 | -------------------------------------------------------------------------------- /applications/base/defectdojo/database/database.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: postgresql.sql.crossplane.io/v1alpha1 3 | kind: Database 4 | metadata: 5 | name: defectdojo 6 | spec: 7 | deletionPolicy: Delete 8 | forProvider: 9 | owner: defectdojo 10 | encoding: utf8 11 | providerConfigRef: 12 | name: postgres-shared 13 | -------------------------------------------------------------------------------- /applications/base/defectdojo/database/main.libsonnet: -------------------------------------------------------------------------------- 1 | [] 2 | + std.parseYaml(importstr 'secrets.yaml') 3 | + std.parseYaml(importstr 'role.yaml') 4 | + std.parseYaml(importstr 'database.yaml') 5 | -------------------------------------------------------------------------------- /applications/base/defectdojo/database/secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1beta1 3 | kind: ExternalSecret 4 | metadata: 5 | name: defectdojo-database-credentials 6 | spec: 7 | secretStoreRef: 8 | kind: ClusterSecretStore 9 | name: default 10 | target: 11 | name: defectdojo-database-credentials 12 | data: 13 | - secretKey: DEFECTDOJO_DB_PASS 14 | remoteRef: 15 | key: DEFECTDOJO_DB_PASS 16 | -------------------------------------------------------------------------------- /applications/base/defectdojo/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('defectdojo') 4 | -------------------------------------------------------------------------------- /applications/base/defectdojo/post-install/main.libsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/defectdojo/post-install/main.libsonnet -J vendor | yq -o yaml -P '.[] | split_doc' | kubectl apply -f - 2 | 3 | local scriptConfig = import 'script-config.libsonnet'; 4 | 5 | scriptConfig 6 | -------------------------------------------------------------------------------- /applications/base/defectdojo/post-install/script-config.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../../lib/k.libsonnet'; 2 | 3 | [ 4 | k.core.v1.configMap.new('get-api-token', data={ 5 | 'main.py': (importstr 'main.py'), 6 | }), 7 | ] 8 | -------------------------------------------------------------------------------- /applications/base/descheduler/main.jsonnet: -------------------------------------------------------------------------------- 1 | [ 2 | import 'namespace.libsonnet', 3 | ] 4 | -------------------------------------------------------------------------------- /applications/base/descheduler/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('descheduler') 4 | -------------------------------------------------------------------------------- /applications/base/dragonfly-operator/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/dragonfly-operator/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | 5 | [ns] 6 | -------------------------------------------------------------------------------- /applications/base/dragonfly-operator/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('dragonfly-operator') 4 | -------------------------------------------------------------------------------- /applications/base/excoredns/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/k8s-gateway-dns/main.jsonnet -J vendor 2 | 3 | [] 4 | -------------------------------------------------------------------------------- /applications/base/external-dns-cloudflare/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/external-dns-cloudflare/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | local secrets = std.parseYaml(importstr 'secrets.yaml'); 5 | 6 | [ns] + secrets 7 | -------------------------------------------------------------------------------- /applications/base/external-dns-cloudflare/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('external-dns') 4 | -------------------------------------------------------------------------------- /applications/base/external-dns-cloudflare/secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1beta1 3 | kind: ExternalSecret 4 | metadata: 5 | name: external-dns-credentials 6 | spec: 7 | secretStoreRef: 8 | kind: ClusterSecretStore 9 | name: default 10 | 11 | target: 12 | name: external-dns-credentials 13 | 14 | data: 15 | - secretKey: CLOUDFLARE_API_TOKEN 16 | remoteRef: 17 | key: CLOUDFLARE_API_TOKEN 18 | -------------------------------------------------------------------------------- /applications/base/external-secrets/doppler-store.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1beta1 3 | kind: ClusterSecretStore 4 | metadata: 5 | name: default 6 | spec: 7 | provider: 8 | doppler: 9 | auth: 10 | secretRef: 11 | dopplerToken: 12 | name: doppler-credentials 13 | key: token 14 | namespace: kube-system 15 | -------------------------------------------------------------------------------- /applications/base/external-secrets/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/external-secrets/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | local dopplerStore = std.parseYaml(importstr 'doppler-store.yaml'); 5 | local serviceMonitor = std.parseYaml(importstr 'service-monitor.yaml'); 6 | 7 | [ns] + dopplerStore + serviceMonitor 8 | -------------------------------------------------------------------------------- /applications/base/external-secrets/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('external-secrets') 4 | -------------------------------------------------------------------------------- /applications/base/external-secrets/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: external-secrets-metrics 6 | spec: 7 | endpoints: 8 | - interval: 30s 9 | port: metrics 10 | scrapeTimeout: 25s 11 | namespaceSelector: 12 | matchNames: 13 | - kube-system 14 | selector: 15 | matchLabels: 16 | app.kubernetes.io/name: external-secrets 17 | -------------------------------------------------------------------------------- /applications/base/external-secrets/values.yaml: -------------------------------------------------------------------------------- 1 | replicaCount: 2 2 | leaderElect: true 3 | 4 | webhook: 5 | replicaCount: 2 6 | 7 | # Disable this when support for cert-manager is added. 8 | certController: 9 | create: true 10 | replicaCount: 2 11 | 12 | # Use custom serviceMonitor. 13 | serviceMonitor: 14 | enabled: false 15 | 16 | metrics: 17 | service: 18 | enabled: true 19 | -------------------------------------------------------------------------------- /applications/base/external-services/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | app.new( 5 | name='external-services', 6 | path='applications/base/external-services', 7 | namespace=ns.metadata.name, 8 | ) 9 | -------------------------------------------------------------------------------- /applications/base/external-services/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/external-services/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | local services = import 'services.libsonnet'; 5 | 6 | [ns] + services 7 | -------------------------------------------------------------------------------- /applications/base/external-services/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('external-services') 4 | -------------------------------------------------------------------------------- /applications/base/external-services/services.libsonnet: -------------------------------------------------------------------------------- 1 | local external_service = import '../../lib/external_service.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | [] 5 | -------------------------------------------------------------------------------- /applications/base/gadget/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | app.new( 5 | name='gadget', 6 | path='applications/base/gadget', 7 | namespace=ns.metadata.name, 8 | ).withChart( 9 | name='gadget', 10 | repoURL='https://inspektor-gadget.github.io/charts', 11 | targetRevision='0.37.0', 12 | releaseName='gadget', 13 | values='values.yaml' 14 | ) 15 | -------------------------------------------------------------------------------- /applications/base/gadget/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/gadget/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | 5 | [ns] 6 | -------------------------------------------------------------------------------- /applications/base/gadget/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('gadget') 4 | -------------------------------------------------------------------------------- /applications/base/grafana-operator/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | app.new( 5 | name='grafana-operator', 6 | path='applications/base/grafana-operator', 7 | namespace=ns.metadata.name, 8 | renderer='kustomize', 9 | ) 10 | -------------------------------------------------------------------------------- /applications/base/grafana-operator/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | std.parseYaml(importstr 'namespace.yaml') 2 | -------------------------------------------------------------------------------- /applications/base/grafana-operator/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: grafana 5 | -------------------------------------------------------------------------------- /applications/base/grafana/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | app.new( 5 | name='grafana', 6 | path='applications/base/grafana', 7 | namespace=ns.metadata.name, 8 | ) 9 | -------------------------------------------------------------------------------- /applications/base/grafana/database/database.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: postgresql.sql.crossplane.io/v1alpha1 3 | kind: Database 4 | metadata: 5 | name: grafana 6 | spec: 7 | deletionPolicy: Delete 8 | forProvider: 9 | owner: grafana 10 | encoding: utf8 11 | providerConfigRef: 12 | name: postgres-shared 13 | -------------------------------------------------------------------------------- /applications/base/grafana/database/main.libsonnet: -------------------------------------------------------------------------------- 1 | [] 2 | + std.parseYaml(importstr 'secrets.yaml') 3 | + std.parseYaml(importstr 'role.yaml') 4 | + std.parseYaml(importstr 'database.yaml') 5 | -------------------------------------------------------------------------------- /applications/base/grafana/database/secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1beta1 3 | kind: ExternalSecret 4 | metadata: 5 | name: grafana-database-credentials 6 | spec: 7 | secretStoreRef: 8 | kind: ClusterSecretStore 9 | name: default 10 | target: 11 | name: grafana-database-credentials 12 | data: 13 | - secretKey: GRAFANA_DB_PASS 14 | remoteRef: 15 | key: GRAFANA_DB_PASS 16 | -------------------------------------------------------------------------------- /applications/base/grafana/datasources/main.libsonnet: -------------------------------------------------------------------------------- 1 | [] 2 | + std.parseYaml(importstr 'grafanacloud-loki.yaml') 3 | + std.parseYaml(importstr 'grafanacloud-tempo.yaml') 4 | + std.parseYaml(importstr 'grafanacloud-usage.yaml') 5 | -------------------------------------------------------------------------------- /applications/base/grafana/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | import '../grafana-operator/namespace.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/base/grafana/secrets.libsonnet: -------------------------------------------------------------------------------- 1 | local external_secret = import '../../lib/external_secret.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | [ 5 | external_secret.new( 6 | name='grafana-credentials', 7 | namespace=ns.metadata.name, 8 | data=[ 9 | external_secret.data(key='GRAFANA_ADMIN_USER'), 10 | external_secret.data(key='GRAFANA_ADMIN_PASS'), 11 | ] 12 | ), 13 | ] 14 | -------------------------------------------------------------------------------- /applications/base/harbor/bucket.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: objectbucket.io/v1alpha1 3 | kind: ObjectBucketClaim 4 | metadata: 5 | name: harbor-bucket 6 | spec: 7 | bucketName: harbor 8 | storageClassName: ceph-bucket 9 | -------------------------------------------------------------------------------- /applications/base/harbor/database/database.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: postgresql.sql.crossplane.io/v1alpha1 3 | kind: Database 4 | metadata: 5 | name: harbor 6 | spec: 7 | deletionPolicy: Delete 8 | forProvider: 9 | owner: harbor 10 | encoding: utf8 11 | providerConfigRef: 12 | name: postgres-shared 13 | -------------------------------------------------------------------------------- /applications/base/harbor/database/main.libsonnet: -------------------------------------------------------------------------------- 1 | [] 2 | + std.parseYaml(importstr 'secrets.yaml') 3 | + std.parseYaml(importstr 'role.yaml') 4 | + std.parseYaml(importstr 'database.yaml') 5 | -------------------------------------------------------------------------------- /applications/base/harbor/database/role.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: postgresql.sql.crossplane.io/v1alpha1 3 | kind: Role 4 | metadata: 5 | name: harbor 6 | spec: 7 | deletionPolicy: Orphan 8 | forProvider: 9 | privileges: 10 | login: true 11 | passwordSecretRef: 12 | name: harbor-database-credentials 13 | key: password 14 | namespace: harbor 15 | providerConfigRef: 16 | name: postgres-shared 17 | -------------------------------------------------------------------------------- /applications/base/harbor/database/secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1beta1 3 | kind: ExternalSecret 4 | metadata: 5 | name: harbor-database-credentials 6 | spec: 7 | secretStoreRef: 8 | kind: ClusterSecretStore 9 | name: default 10 | data: 11 | - secretKey: password 12 | remoteRef: 13 | key: HARBOR_DB_PASS 14 | -------------------------------------------------------------------------------- /applications/base/harbor/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('harbor') 4 | -------------------------------------------------------------------------------- /applications/base/home-assistant/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | namespace: automation 5 | 6 | resources: 7 | - database.yaml 8 | - secrets.yaml 9 | - config.yaml 10 | - manifests/init.yaml 11 | - manifests/pvc.yaml 12 | - manifests/deployment.yaml 13 | - manifests/service.yaml 14 | - manifests/servicemonitor.yaml 15 | -------------------------------------------------------------------------------- /applications/base/home-assistant/manifests/init.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: home-assistant-init 5 | labels: 6 | app.kubernetes.io/name: home-assistant 7 | app.kubernetes.io/instance: home-assistant 8 | app.kubernetes.io/component: scripts 9 | data: 10 | init.sh: | 11 | cp /tmp/config/* /config 12 | cp /tmp/secrets/* /config 13 | chmod -R a=r,u+w,a+X /config 14 | -------------------------------------------------------------------------------- /applications/base/home-assistant/manifests/pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: home-assistant-pvc 5 | labels: 6 | app.kubernetes.io/name: home-assistant 7 | app.kubernetes.io/instance: home-assistant 8 | spec: 9 | accessModes: 10 | - ReadWriteOnce 11 | resources: 12 | requests: 13 | storage: 10Gi 14 | storageClassName: home-assistant-storage 15 | -------------------------------------------------------------------------------- /applications/base/homepage/main.jsonnet: -------------------------------------------------------------------------------- 1 | local ingress = import 'ingress.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | [ns] + ingress 5 | -------------------------------------------------------------------------------- /applications/base/homepage/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('homepage') 4 | -------------------------------------------------------------------------------- /applications/base/iperf/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | app.new( 5 | name='iperf', 6 | path='applications/base/iperf', 7 | namespace=ns.metadata.name, 8 | ).withChart( 9 | name='template', 10 | repoURL='https://jacobcolvin.com/helm-charts', 11 | targetRevision='0.2.0', 12 | releaseName='iperf', 13 | values='values.yaml' 14 | ) 15 | -------------------------------------------------------------------------------- /applications/base/iperf/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/iperf/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | 5 | [ns] 6 | -------------------------------------------------------------------------------- /applications/base/iperf/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('iperf') 4 | -------------------------------------------------------------------------------- /applications/base/iperf/values.yaml: -------------------------------------------------------------------------------- 1 | image: 2 | repository: networkstatic/iperf3@sha256 3 | tag: 79afcd17d056897a7a1d5948b32d9557ca03c2e52a0bbe759388a7c1aa807851 4 | 5 | args: [-s] 6 | 7 | service: 8 | main: 9 | annotations: 10 | tailscale.com/expose: "true" 11 | tailscale.com/hostname: "iperf" 12 | ports: 13 | http: 14 | port: 5201 15 | -------------------------------------------------------------------------------- /applications/base/jaeger-aio/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | local ns = import '../jaeger-operator/namespace.libsonnet'; 3 | 4 | app.new( 5 | name='jaeger-aio', 6 | path='applications/base/jaeger-aio', 7 | namespace=ns.metadata.name, 8 | ) 9 | -------------------------------------------------------------------------------- /applications/base/jaeger-aio/main.jsonnet: -------------------------------------------------------------------------------- 1 | [ 2 | std.parseYaml(importstr 'jaeger.yaml'), 3 | ] + import 'ingress.libsonnet' 4 | -------------------------------------------------------------------------------- /applications/base/jaeger-operator/main.jsonnet: -------------------------------------------------------------------------------- 1 | local ns = import 'namespace.libsonnet'; 2 | local rbac = std.parseYaml(importstr 'rbac.yaml'); 3 | 4 | [ns] + rbac 5 | -------------------------------------------------------------------------------- /applications/base/jaeger-operator/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('jaeger') + 4 | k.core.v1.namespace.metadata.withLabelsMixin({}) 5 | -------------------------------------------------------------------------------- /applications/base/jaeger-operator/values.yaml: -------------------------------------------------------------------------------- 1 | # https://artifacthub.io/packages/helm/jaegertracing/jaeger-operator 2 | 3 | rbac: 4 | clusterRole: true 5 | -------------------------------------------------------------------------------- /applications/base/k8s-event-logger/main.jsonnet: -------------------------------------------------------------------------------- 1 | [ 2 | 3 | ] 4 | -------------------------------------------------------------------------------- /applications/base/k8up/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | app.new( 5 | name='k8up', 6 | path='applications/base/k8up', 7 | namespace=ns.metadata.name, 8 | ).withChart( 9 | name='k8up', 10 | repoURL='https://k8up-io.github.io/k8up', 11 | targetRevision='4.8.3', 12 | releaseName='k8up', 13 | values='values.yaml' 14 | ) 15 | -------------------------------------------------------------------------------- /applications/base/k8up/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/k8up/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | local crd = std.parseYaml(importstr 'crd.yaml'); 5 | 6 | [ns] + crd 7 | -------------------------------------------------------------------------------- /applications/base/k8up/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('k8up') + 4 | k.core.v1.namespace.metadata.withLabelsMixin({}) + 5 | k.core.v1.namespace.metadata.withAnnotationsMixin({}) 6 | -------------------------------------------------------------------------------- /applications/base/komoplane/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/komoplane/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | local ingress = import 'ingress.libsonnet'; 5 | 6 | [ns] + ingress 7 | -------------------------------------------------------------------------------- /applications/base/komoplane/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('komoplane') 4 | -------------------------------------------------------------------------------- /applications/base/komoplane/values.yaml: -------------------------------------------------------------------------------- 1 | # https://github.com/komodorio/komoplane/blob/main/charts/komoplane/values.yaml 2 | 3 | replicaCount: 2 4 | 5 | resources: 6 | requests: 7 | cpu: 200m 8 | memory: 256Mi 9 | limits: 10 | cpu: 1 11 | memory: 1Gi 12 | -------------------------------------------------------------------------------- /applications/base/kubelet-csr-approver/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/kubelet-csr-approver/main.jsonnet -J vendor 2 | 3 | [] 4 | -------------------------------------------------------------------------------- /applications/base/kubelet-csr-approver/values.yaml: -------------------------------------------------------------------------------- 1 | providerRegex: ^knode\d\d$ 2 | providerIpPrefixes: 3 | - 10.10.0.0/16 4 | - 2603:6010:5300:ad0a::/64 5 | bypassDnsResolution: true 6 | ignoreNonSystemNode: true 7 | 8 | metrics: 9 | serviceMonitor: 10 | enabled: true 11 | 12 | resources: 13 | requests: 14 | memory: 100Mi 15 | cpu: 10m 16 | limits: 17 | memory: 100Mi 18 | cpu: 1000m 19 | -------------------------------------------------------------------------------- /applications/base/kyverno-policies/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - policies/add-resizepolicy/policy.yaml 5 | - policies/create-pdb/policy.yaml 6 | - policies/drop-all-capabilities/policy.yaml 7 | - policies/set-daemonset-affinity/policy.yaml 8 | - policies/spread-pods/policy.yaml 9 | -------------------------------------------------------------------------------- /applications/base/kyverno-policies/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | import '../kyverno/namespace.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/base/kyverno/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/kyverno/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | 5 | [ns] 6 | -------------------------------------------------------------------------------- /applications/base/kyverno/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('kyverno') 4 | -------------------------------------------------------------------------------- /applications/base/librespeed/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/librespeed/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | local ingress = import 'ingress.libsonnet'; 5 | 6 | [ns] + ingress 7 | -------------------------------------------------------------------------------- /applications/base/librespeed/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('librespeed') 4 | -------------------------------------------------------------------------------- /applications/base/liqo/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | app.new( 5 | name='liqo', 6 | path='applications/base/liqo', 7 | namespace=ns.metadata.name, 8 | ).withChart( 9 | name='liqo', 10 | repoURL='https://helm.liqo.io/', 11 | targetRevision='0.10.3', 12 | releaseName='liqo', 13 | values='values.yaml' 14 | ) 15 | -------------------------------------------------------------------------------- /applications/base/liqo/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/liqo/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | local ingress = import 'ingress.libsonnet'; 5 | local dashboards = std.parseYaml(importstr 'dashboards.yaml'); 6 | 7 | [ns] + ingress + dashboards 8 | -------------------------------------------------------------------------------- /applications/base/liqo/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('liqo') 4 | -------------------------------------------------------------------------------- /applications/base/local-ai/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/local-ai/main.jsonnet -J vendor --ext-str ingressAnnotations='{}' --ext-str ingressSuffix='' 2 | 3 | local ingress = import 'ingress.libsonnet'; 4 | local ns = import 'namespace.libsonnet'; 5 | 6 | [ns] + ingress 7 | -------------------------------------------------------------------------------- /applications/base/local-ai/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('local-ai') 4 | -------------------------------------------------------------------------------- /applications/base/loki/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | app.new( 5 | name='loki', 6 | path='applications/base/loki', 7 | namespace=ns.metadata.name, 8 | ).withChart( 9 | name='loki', 10 | repoURL='https://grafana.github.io/helm-charts', 11 | targetRevision='6.27.0', 12 | releaseName='loki', 13 | values='values.yaml' 14 | ) 15 | -------------------------------------------------------------------------------- /applications/base/loki/bucket.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: objectbucket.io/v1alpha1 3 | kind: ObjectBucketClaim 4 | metadata: 5 | name: loki-bucket 6 | spec: 7 | bucketName: loki 8 | storageClassName: ceph-bucket 9 | -------------------------------------------------------------------------------- /applications/base/loki/grafana.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: grafana.integreatly.org/v1beta1 3 | kind: GrafanaDatasource 4 | metadata: 5 | name: loki 6 | spec: 7 | allowCrossNamespaceImport: true 8 | instanceSelector: 9 | matchLabels: 10 | dashboards: grafana 11 | datasource: 12 | name: loki 13 | type: loki 14 | access: proxy 15 | url: http://loki-gateway.loki.svc:80 16 | -------------------------------------------------------------------------------- /applications/base/loki/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/loki/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | local bucket = std.parseYaml(importstr 'bucket.yaml'); 5 | local rules = import 'rules/rules.libsonnet'; 6 | local grafana = std.parseYaml(importstr 'grafana.yaml'); 7 | 8 | [ns] + bucket + rules + grafana 9 | -------------------------------------------------------------------------------- /applications/base/loki/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('loki') 4 | -------------------------------------------------------------------------------- /applications/base/loki/rules/rules.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../../lib/k.libsonnet'; 2 | 3 | [ 4 | k.core.v1.configMap.new('loki-rules', data={ 5 | }), 6 | ] 7 | -------------------------------------------------------------------------------- /applications/base/metrics-server/main.jsonnet: -------------------------------------------------------------------------------- 1 | local ns = import 'namespace.libsonnet'; 2 | 3 | [ns] 4 | -------------------------------------------------------------------------------- /applications/base/metrics-server/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('metrics-server') 4 | -------------------------------------------------------------------------------- /applications/base/metrics-server/values.yaml: -------------------------------------------------------------------------------- 1 | replicas: 2 2 | 3 | defaultArgs: ~ 4 | 5 | args: 6 | - --cert-dir=/tmp 7 | - --kubelet-insecure-tls 8 | - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname 9 | - --kubelet-use-node-status-port 10 | - --metric-resolution=15s 11 | -------------------------------------------------------------------------------- /applications/base/nack/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | app.new( 5 | name='nack', 6 | path='applications/base/nack', 7 | namespace='kube-system', 8 | ).withIgnoreDifferences([{ 9 | 'group': 'apiextensions.k8s.io', 10 | 'kind': 'CustomResourceDefinition', 11 | 'jsonPointers': [ 12 | '/metadata/resourceVersion', 13 | ], 14 | }]) 15 | -------------------------------------------------------------------------------- /applications/base/nack/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/nack/main.jsonnet -J vendor 2 | 3 | local crds = std.parseYaml(importstr 'crds.yaml'); 4 | 5 | crds 6 | -------------------------------------------------------------------------------- /applications/base/network/Chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/chart.json 3 | 4 | apiVersion: v2 5 | name: network 6 | version: 0.0.0 # This value is ignored. 7 | dependencies: 8 | - name: project 9 | version: 0.1.0 10 | repository: file://../../lib/charts/project 11 | - name: secrets 12 | version: 0.1.0 13 | repository: file://../../lib/charts/secrets 14 | -------------------------------------------------------------------------------- /applications/base/network/guestbook/home-values.yaml: -------------------------------------------------------------------------------- 1 | application: 2 | syncPolicy: 3 | automated: 4 | prune: false 5 | 6 | template: 7 | ingress: 8 | main: 9 | enabled: true 10 | hosts: 11 | - host: guestbook.home.macro.network 12 | paths: 13 | - path: / 14 | -------------------------------------------------------------------------------- /applications/base/network/values.yaml: -------------------------------------------------------------------------------- 1 | secrets: 2 | clusterStores: 3 | - name: "" 4 | conditions: 5 | - namespaceSelectors: 6 | - matchLabels: { argocd.argoproj.io/project: guestbook } 7 | provider: {} 8 | 9 | project: 10 | rbac: [] 11 | -------------------------------------------------------------------------------- /applications/base/node-feature-discovery/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/node-feature-discovery/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | 5 | [ns] 6 | -------------------------------------------------------------------------------- /applications/base/node-feature-discovery/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('node-feature-discovery') 4 | -------------------------------------------------------------------------------- /applications/base/ntp-server/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/chronyd/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | 5 | [ns] 6 | -------------------------------------------------------------------------------- /applications/base/ntp-server/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('ntp-server') 4 | -------------------------------------------------------------------------------- /applications/base/ocis-nack/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/ocis-nack/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | local streams = std.parseYaml(importstr 'streams.yaml'); 5 | 6 | [ns] + streams 7 | -------------------------------------------------------------------------------- /applications/base/ocis-nack/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('ocis-nack') 4 | -------------------------------------------------------------------------------- /applications/base/ocis-nack/values.yaml: -------------------------------------------------------------------------------- 1 | jetstream: 2 | enabled: true 3 | 4 | nats: 5 | url: nats://nats.ocis-nats.svc:4222 6 | 7 | namespaced: true 8 | readOnly: false 9 | -------------------------------------------------------------------------------- /applications/base/ocis-nats/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/ocis-nats/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | 5 | [ns] 6 | -------------------------------------------------------------------------------- /applications/base/ocis-nats/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('ocis-nats') 4 | -------------------------------------------------------------------------------- /applications/base/ocis/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | app.new( 5 | name='ocis', 6 | path='applications/base/ocis', 7 | namespace=ns.metadata.name, 8 | ).withChart( 9 | name='ocis', 10 | repoURL='https://jacobcolvin.com/helm-charts', 11 | targetRevision='0.7.1', 12 | releaseName='ocis', 13 | values='values.yaml' 14 | ) 15 | -------------------------------------------------------------------------------- /applications/base/ocis/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base//main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | local ldapAuth = std.parseYaml(importstr 'ldap-auth.yaml'); 5 | local uuids = std.parseYaml(importstr 'uuids.yaml'); 6 | local secrets = std.parseYaml(importstr 'secrets.yaml'); 7 | local patchOcisOidc = std.parseYaml(importstr 'patch-ocis-oidc.yaml'); 8 | 9 | [ns] + ldapAuth + uuids + secrets + patchOcisOidc 10 | -------------------------------------------------------------------------------- /applications/base/ocis/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('ocis') 4 | -------------------------------------------------------------------------------- /applications/base/opentelemetry-collector/instrumentation.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: opentelemetry.io/v1alpha1 3 | kind: Instrumentation 4 | metadata: 5 | name: default 6 | spec: 7 | exporter: 8 | endpoint: http://main-collector.opentelemetry.svc:4317 9 | propagators: 10 | - tracecontext 11 | - baggage 12 | sampler: 13 | type: always_on 14 | -------------------------------------------------------------------------------- /applications/base/opentelemetry-collector/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/opentelemetry-collector/main.jsonnet -J vendor 2 | 3 | local collector = std.parseYaml(importstr 'collector.yaml'); 4 | local instrumentation = std.parseYaml(importstr 'instrumentation.yaml'); 5 | 6 | collector + instrumentation 7 | -------------------------------------------------------------------------------- /applications/base/opentelemetry-collector/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | import '../opentelemetry-operator/namespace.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/base/opentelemetry-operator/main.jsonnet: -------------------------------------------------------------------------------- 1 | [ 2 | import 'namespace.libsonnet', 3 | ] 4 | -------------------------------------------------------------------------------- /applications/base/opentelemetry-operator/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('opentelemetry') 4 | -------------------------------------------------------------------------------- /applications/base/opentelemetry-operator/values.yaml: -------------------------------------------------------------------------------- 1 | manager: 2 | collectorImage: 3 | repository: otel/opentelemetry-collector-contrib 4 | tag: 0.120.0 5 | resources: 6 | limits: 7 | cpu: 100m 8 | memory: 128Mi 9 | requests: 10 | cpu: 100m 11 | memory: 128Mi 12 | serviceMonitor: 13 | enabled: true 14 | -------------------------------------------------------------------------------- /applications/base/osrs-ge-exporter/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/osrs-ge-exporter/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | 5 | [ns] 6 | -------------------------------------------------------------------------------- /applications/base/osrs-ge-exporter/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('osrs-ge-exporter') 4 | -------------------------------------------------------------------------------- /applications/base/policy-reporter/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/policy-reporter/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | local ingress = import 'ingress.libsonnet'; 5 | 6 | [ns] + ingress 7 | -------------------------------------------------------------------------------- /applications/base/policy-reporter/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('policy-reporter') 4 | -------------------------------------------------------------------------------- /applications/base/postgres-shared/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | app.new( 5 | name='postgres-shared', 6 | path='applications/base/postgres-shared', 7 | namespace=ns.metadata.name, 8 | ) 9 | -------------------------------------------------------------------------------- /applications/base/postgres-shared/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('postgres-shared') 4 | -------------------------------------------------------------------------------- /applications/base/postgres-shared/provider.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: postgresql.sql.crossplane.io/v1alpha1 3 | kind: ProviderConfig 4 | metadata: 5 | name: postgres-shared 6 | spec: 7 | defaultDatabase: postgres 8 | sslMode: require 9 | credentials: 10 | source: PostgreSQLConnectionSecret 11 | connectionSecretRef: 12 | namespace: postgres-shared 13 | name: postgres-shared-provider-credentials 14 | -------------------------------------------------------------------------------- /applications/base/prometheus-stack/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/prometheus-stack/main.jsonnet -J vendor --ext-str ingressAnnotations='{}' --ext-str ingressHost='prometheus-stack.example.com' 2 | 3 | local ingress = import 'ingress.libsonnet'; 4 | local secrets = std.parseYaml(importstr 'secrets.yaml'); 5 | local grafana = std.parseYaml(importstr 'grafana.yaml'); 6 | 7 | ingress + secrets + grafana 8 | -------------------------------------------------------------------------------- /applications/base/prometheus-stack/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | std.parseYaml(importstr '../prometheus/namespace.yaml') 2 | -------------------------------------------------------------------------------- /applications/base/prometheus/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | 3 | app.new( 4 | name='prometheus', 5 | path='applications/base/prometheus', 6 | namespace='prometheus', 7 | renderer='kustomize', 8 | ) 9 | -------------------------------------------------------------------------------- /applications/base/prometheus/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: prometheus 5 | -------------------------------------------------------------------------------- /applications/base/prowlarr/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | app.new( 5 | name='prowlarr', 6 | path='applications/base/prowlarr', 7 | namespace=ns.metadata.name, 8 | ).withChart( 9 | name='app-template', 10 | repoURL='ghcr.io/bjw-s/helm', 11 | targetRevision='3.2.1', 12 | releaseName='prowlarr', 13 | values='values.yaml' 14 | ) 15 | -------------------------------------------------------------------------------- /applications/base/prowlarr/database/main.libsonnet: -------------------------------------------------------------------------------- 1 | [] 2 | + std.parseYaml(importstr 'secrets.yaml') 3 | + std.parseYaml(importstr 'role.yaml') 4 | + std.parseYaml(importstr 'database.yaml') 5 | -------------------------------------------------------------------------------- /applications/base/prowlarr/database/role.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: postgresql.sql.crossplane.io/v1alpha1 3 | kind: Role 4 | metadata: 5 | name: prowlarr 6 | spec: 7 | deletionPolicy: Orphan 8 | forProvider: 9 | privileges: 10 | login: true 11 | passwordSecretRef: 12 | name: prowlarr-database-credentials 13 | key: password 14 | namespace: servarr 15 | providerConfigRef: 16 | name: postgres-shared 17 | -------------------------------------------------------------------------------- /applications/base/prowlarr/database/secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1beta1 3 | kind: ExternalSecret 4 | metadata: 5 | name: prowlarr-database-credentials 6 | spec: 7 | secretStoreRef: 8 | kind: ClusterSecretStore 9 | name: default 10 | data: 11 | - secretKey: password 12 | remoteRef: 13 | key: PROWLARR_DB_PASS 14 | -------------------------------------------------------------------------------- /applications/base/prowlarr/main.jsonnet: -------------------------------------------------------------------------------- 1 | local database = import 'database/main.libsonnet'; 2 | local secrets = std.parseYaml(importstr 'secrets.yaml'); 3 | local terraform = import 'terraform/main.libsonnet'; 4 | 5 | database + secrets + terraform 6 | -------------------------------------------------------------------------------- /applications/base/prowlarr/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | import '../servarr/namespace.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/base/prowlarr/secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1beta1 3 | kind: ExternalSecret 4 | metadata: 5 | name: prowlarr-credentials 6 | spec: 7 | secretStoreRef: 8 | kind: ClusterSecretStore 9 | name: default 10 | data: 11 | - secretKey: apikey 12 | remoteRef: 13 | key: PROWLARR_API_KEY 14 | -------------------------------------------------------------------------------- /applications/base/prowlarr/terraform/main.libsonnet: -------------------------------------------------------------------------------- 1 | [] 2 | + std.parseYaml(importstr 'provider-config.yaml') 3 | + std.parseYaml(importstr 'workspace-radarr.yaml') 4 | + import 'vars.libsonnet' 5 | -------------------------------------------------------------------------------- /applications/base/radarr/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | app.new( 5 | name='radarr', 6 | path='applications/base/radarr', 7 | namespace=ns.metadata.name, 8 | ).withChart( 9 | name='app-template', 10 | repoURL='ghcr.io/bjw-s/helm', 11 | targetRevision='3.2.1', 12 | releaseName='radarr', 13 | values='values.yaml' 14 | ) 15 | -------------------------------------------------------------------------------- /applications/base/radarr/database/main.libsonnet: -------------------------------------------------------------------------------- 1 | [] 2 | + std.parseYaml(importstr 'secrets.yaml') 3 | + std.parseYaml(importstr 'role.yaml') 4 | + std.parseYaml(importstr 'database.yaml') 5 | -------------------------------------------------------------------------------- /applications/base/radarr/database/role.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: postgresql.sql.crossplane.io/v1alpha1 3 | kind: Role 4 | metadata: 5 | name: radarr 6 | spec: 7 | deletionPolicy: Orphan 8 | forProvider: 9 | privileges: 10 | login: true 11 | passwordSecretRef: 12 | name: radarr-database-credentials 13 | key: password 14 | namespace: servarr 15 | providerConfigRef: 16 | name: postgres-shared 17 | -------------------------------------------------------------------------------- /applications/base/radarr/database/secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1beta1 3 | kind: ExternalSecret 4 | metadata: 5 | name: radarr-database-credentials 6 | spec: 7 | secretStoreRef: 8 | kind: ClusterSecretStore 9 | name: default 10 | data: 11 | - secretKey: password 12 | remoteRef: 13 | key: RADARR_DB_PASS 14 | -------------------------------------------------------------------------------- /applications/base/radarr/main.jsonnet: -------------------------------------------------------------------------------- 1 | local database = import 'database/main.libsonnet'; 2 | local secrets = std.parseYaml(importstr 'secrets.yaml'); 3 | local terraform = import 'terraform/main.libsonnet'; 4 | 5 | database + secrets + terraform 6 | -------------------------------------------------------------------------------- /applications/base/radarr/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | import '../servarr/namespace.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/base/radarr/secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1beta1 3 | kind: ExternalSecret 4 | metadata: 5 | name: radarr-credentials 6 | spec: 7 | secretStoreRef: 8 | kind: ClusterSecretStore 9 | name: default 10 | data: 11 | - secretKey: apikey 12 | remoteRef: 13 | key: RADARR_API_KEY 14 | -------------------------------------------------------------------------------- /applications/base/radarr/terraform/main.libsonnet: -------------------------------------------------------------------------------- 1 | [] 2 | + std.parseYaml(importstr 'provider-config.yaml') 3 | + std.parseYaml(importstr 'workspace.yaml') 4 | -------------------------------------------------------------------------------- /applications/base/rclone-restic/main.jsonnet: -------------------------------------------------------------------------------- 1 | local ns = import 'namespace.libsonnet'; 2 | local secrets = std.parseYaml(importstr 'secrets.yaml'); 3 | 4 | [ns] + [secrets] 5 | -------------------------------------------------------------------------------- /applications/base/rclone-restic/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('restic') 4 | -------------------------------------------------------------------------------- /applications/base/rclone-restic/secrets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: external-secrets.io/v1beta1 2 | kind: ExternalSecret 3 | metadata: 4 | name: rclone-config 5 | spec: 6 | secretStoreRef: 7 | kind: ClusterSecretStore 8 | name: default 9 | 10 | target: 11 | name: rclone-config 12 | 13 | data: 14 | - secretKey: rclone.conf 15 | remoteRef: 16 | key: RCLONE_RESTIC_CONFIG 17 | -------------------------------------------------------------------------------- /applications/base/recyclarr/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | app.new( 5 | name='recyclarr', 6 | path='applications/base/recyclarr', 7 | namespace=ns.metadata.name, 8 | ).withChart( 9 | name='app-template', 10 | repoURL='ghcr.io/bjw-s/helm', 11 | targetRevision='3.2.1', 12 | releaseName='recyclarr', 13 | values='values.yaml' 14 | ) 15 | -------------------------------------------------------------------------------- /applications/base/recyclarr/config/recyclarr-config.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../../lib/k.libsonnet'; 2 | 3 | [ 4 | k.core.v1.configMap.new('recyclarr-config', data={ 5 | 'recyclarr.yaml': (importstr 'recyclarr.yaml'), 6 | }), 7 | ] 8 | -------------------------------------------------------------------------------- /applications/base/recyclarr/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/recyclarr/main.jsonnet -J vendor 2 | 3 | local config = import 'config/recyclarr-config.libsonnet'; 4 | 5 | config 6 | -------------------------------------------------------------------------------- /applications/base/recyclarr/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | import '../servarr/namespace.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/base/reloader/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/reloader/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | 5 | [ns] 6 | -------------------------------------------------------------------------------- /applications/base/reloader/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('reloader') 4 | -------------------------------------------------------------------------------- /applications/base/robusta/main.jsonnet: -------------------------------------------------------------------------------- 1 | [ 2 | import 'namespace.libsonnet', 3 | ] + std.parseYaml(importstr 'secrets.yaml') 4 | -------------------------------------------------------------------------------- /applications/base/robusta/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('robusta') + 4 | k.core.v1.namespace.metadata.withLabelsMixin({}) 5 | -------------------------------------------------------------------------------- /applications/base/rook-ceph-cluster/main.jsonnet: -------------------------------------------------------------------------------- 1 | local ingress = import 'ingress.libsonnet'; 2 | 3 | ingress 4 | -------------------------------------------------------------------------------- /applications/base/rook-ceph-cluster/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | import '../rook-ceph-operator/namespace.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/base/rook-ceph-cluster/wipe/README.md: -------------------------------------------------------------------------------- 1 | # Wipe Rook-Ceph Cluster 2 | 3 | This is a helper script to wipe a Rook-Ceph cluster from Talos nodes. 4 | 5 | Taken from [szinn](https://github.com/szinn/k8s-homelab/). 6 | -------------------------------------------------------------------------------- /applications/base/rook-ceph-operator/main.jsonnet: -------------------------------------------------------------------------------- 1 | local ns = import 'namespace.libsonnet'; 2 | 3 | [ns] 4 | -------------------------------------------------------------------------------- /applications/base/rook-ceph-operator/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('rook-ceph') + 4 | k.core.v1.namespace.metadata.withLabelsMixin({ 5 | 'policy.jacobcolvin.com/drop-all-capabilities': 'false', 6 | }) 7 | -------------------------------------------------------------------------------- /applications/base/securecodebox-addons/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/securecodebox-addons/main.jsonnet -J vendor 2 | 3 | local secrets = std.parseYaml(importstr 'secrets.yaml'); 4 | 5 | secrets 6 | -------------------------------------------------------------------------------- /applications/base/securecodebox-addons/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | import '../securecodebox/namespace.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/base/securecodebox-config/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | app.new( 5 | name='securecodebox-config', 6 | path='applications/base/securecodebox-config', 7 | namespace=ns.metadata.name, 8 | ) 9 | -------------------------------------------------------------------------------- /applications/base/securecodebox-config/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/securecodebox-config/main.jsonnet -J vendor 2 | 3 | local configSA = std.parseYaml(importstr 'config-sa.yaml'); 4 | local secrets = std.parseYaml(importstr 'secrets.yaml'); 5 | local scans = import 'scans/main.libsonnet'; 6 | 7 | configSA + secrets + scans 8 | -------------------------------------------------------------------------------- /applications/base/securecodebox-config/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | import '../securecodebox/namespace.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/base/securecodebox-config/scans/main.libsonnet: -------------------------------------------------------------------------------- 1 | local scanNmap = std.parseYaml(importstr 'scan-nmap.yaml'); 2 | 3 | scanNmap 4 | -------------------------------------------------------------------------------- /applications/base/securecodebox-config/secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1beta1 3 | kind: ExternalSecret 4 | metadata: 5 | name: securecodebox-config 6 | spec: 7 | secretStoreRef: 8 | kind: ClusterSecretStore 9 | name: default 10 | target: 11 | name: securecodebox-config 12 | data: 13 | - secretKey: SECURECODEBOX_SEEDBOX_IP 14 | remoteRef: 15 | key: SECURECODEBOX_SEEDBOX_IP 16 | -------------------------------------------------------------------------------- /applications/base/securecodebox/bucket.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: objectbucket.io/v1alpha1 3 | kind: ObjectBucketClaim 4 | metadata: 5 | name: securecodebox-bucket 6 | spec: 7 | bucketName: securecodebox 8 | storageClassName: ceph-bucket 9 | -------------------------------------------------------------------------------- /applications/base/securecodebox/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/securecodebox/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | local bucket = std.parseYaml(importstr 'bucket.yaml'); 5 | local patchDeployment = std.parseYaml(importstr 'patch-deployment.yaml'); 6 | 7 | [ns] + bucket + patchDeployment 8 | -------------------------------------------------------------------------------- /applications/base/securecodebox/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('securecodebox') 4 | -------------------------------------------------------------------------------- /applications/base/servarr/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | app.new( 5 | name='servarr', 6 | path='applications/base/servarr', 7 | namespace=ns.metadata.name, 8 | ) 9 | -------------------------------------------------------------------------------- /applications/base/servarr/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/servarr/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | local offloading = std.parseYaml(importstr 'offloading.yaml'); 5 | 6 | [ns] + offloading 7 | -------------------------------------------------------------------------------- /applications/base/servarr/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('servarr') 4 | -------------------------------------------------------------------------------- /applications/base/sonarr/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | app.new( 5 | name='sonarr', 6 | path='applications/base/sonarr', 7 | namespace=ns.metadata.name, 8 | ).withChart( 9 | name='servarr', 10 | repoURL='https://jacobcolvin.com/helm-charts/', 11 | targetRevision='0.1.2', 12 | releaseName='sonarr', 13 | values='values.yaml' 14 | ) 15 | -------------------------------------------------------------------------------- /applications/base/sonarr/main.jsonnet: -------------------------------------------------------------------------------- 1 | [ 2 | import 'namespace.libsonnet', 3 | std.parseYaml(importstr 'init-scripts.yaml'), 4 | std.parseYaml(importstr 'secrets.yaml'), 5 | std.parseYaml(importstr 'config.yaml'), 6 | std.parseYaml(importstr 'init-scripts-secrets.yaml'), 7 | std.parseYaml(importstr 'config-secrets.yaml'), 8 | ] 9 | -------------------------------------------------------------------------------- /applications/base/sonarr/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('sonarr') 4 | -------------------------------------------------------------------------------- /applications/base/sonarr/secrets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: external-secrets.io/v1beta1 2 | kind: ExternalSecret 3 | metadata: 4 | name: sonarr-credentials 5 | spec: 6 | secretStoreRef: 7 | kind: ClusterSecretStore 8 | name: default 9 | 10 | target: 11 | name: sonarr-credentials 12 | 13 | data: 14 | - secretKey: SONARR_API_KEY 15 | remoteRef: 16 | key: SONARR_API_KEY 17 | -------------------------------------------------------------------------------- /applications/base/spegel/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | app.new( 5 | name='spegel', 6 | path='applications/base/spegel', 7 | namespace=ns.metadata.name, 8 | ).withChart( 9 | name='spegel', 10 | repoURL='ghcr.io/spegel-org/helm-charts', 11 | targetRevision='v0.0.23', 12 | releaseName='spegel', 13 | values='values.yaml' 14 | ) 15 | -------------------------------------------------------------------------------- /applications/base/spegel/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/spegel/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | 5 | [ns] 6 | -------------------------------------------------------------------------------- /applications/base/spegel/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('spegel') 4 | -------------------------------------------------------------------------------- /applications/base/template-controller/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/template-controller/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | 5 | [ns] 6 | -------------------------------------------------------------------------------- /applications/base/template-controller/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('template-controller') 4 | -------------------------------------------------------------------------------- /applications/base/template-controller/values.yaml: -------------------------------------------------------------------------------- 1 | # https://github.com/kluctl/charts/blob/main/charts/template-controller/values.yaml 2 | 3 | resources: 4 | requests: 5 | cpu: 100m 6 | memory: 1Gi 7 | limits: 8 | cpu: 1000m 9 | memory: 1Gi 10 | -------------------------------------------------------------------------------- /applications/base/tetragon/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | app.new( 5 | name='tetragon', 6 | path='applications/base/tetragon', 7 | namespace=ns.metadata.name, 8 | ).withChart( 9 | name='tetragon', 10 | repoURL='https://helm.cilium.io/', 11 | targetRevision='1.3.0', 12 | releaseName='tetragon', 13 | values='values.yaml' 14 | ) 15 | -------------------------------------------------------------------------------- /applications/base/tetragon/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/tetragon/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | local policies = import 'policies/main.libsonnet'; 5 | 6 | [ns] + policies 7 | -------------------------------------------------------------------------------- /applications/base/tetragon/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('tetragon') 4 | -------------------------------------------------------------------------------- /applications/base/tetragon/policies/main.libsonnet: -------------------------------------------------------------------------------- 1 | [] 2 | + std.parseYaml(importstr 'creds-capability-checks.yaml') 3 | -------------------------------------------------------------------------------- /applications/base/traefik/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | app.new( 5 | name='traefik', 6 | path='applications/base/traefik', 7 | namespace=ns.metadata.name, 8 | ).withChart( 9 | name='traefik', 10 | repoURL='https://helm.traefik.io/traefik', 11 | targetRevision='29.0.1', 12 | releaseName='traefik', 13 | values='values.yaml' 14 | ) 15 | -------------------------------------------------------------------------------- /applications/base/traefik/main.jsonnet: -------------------------------------------------------------------------------- 1 | local ns = import 'namespace.libsonnet'; 2 | local secrets = std.parseYaml(importstr 'secrets.yaml'); 3 | local dashboard_ingress = import 'dashboard_ingress.libsonnet'; 4 | 5 | [ns] + secrets + dashboard_ingress 6 | -------------------------------------------------------------------------------- /applications/base/traefik/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('traefik') 4 | -------------------------------------------------------------------------------- /applications/base/transmission-anime/main.jsonnet: -------------------------------------------------------------------------------- 1 | local ingress = import 'ingress.libsonnet'; 2 | local config = std.parseYaml(importstr 'config.yaml'); 3 | local config_secrets = std.parseYaml(importstr 'config-secrets.yaml'); 4 | 5 | ingress + 6 | [config] + 7 | [config_secrets] 8 | -------------------------------------------------------------------------------- /applications/base/transmission-anime/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | import '../transmission/namespace.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/base/transmission-audio/main.jsonnet: -------------------------------------------------------------------------------- 1 | local ingress = import 'ingress.libsonnet'; 2 | local config = std.parseYaml(importstr 'config.yaml'); 3 | local config_secrets = std.parseYaml(importstr 'config-secrets.yaml'); 4 | 5 | ingress + 6 | [config] + 7 | [config_secrets] 8 | -------------------------------------------------------------------------------- /applications/base/transmission-audio/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | import '../transmission/namespace.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/base/transmission-movies/main.jsonnet: -------------------------------------------------------------------------------- 1 | local ingress = import 'ingress.libsonnet'; 2 | local config = std.parseYaml(importstr 'config.yaml'); 3 | local config_secrets = std.parseYaml(importstr 'config-secrets.yaml'); 4 | 5 | ingress + 6 | [config] + 7 | [config_secrets] 8 | -------------------------------------------------------------------------------- /applications/base/transmission-movies/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | import '../transmission/namespace.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/base/transmission-music/main.jsonnet: -------------------------------------------------------------------------------- 1 | local ingress = import 'ingress.libsonnet'; 2 | local config = std.parseYaml(importstr 'config.yaml'); 3 | local config_secrets = std.parseYaml(importstr 'config-secrets.yaml'); 4 | 5 | ingress + 6 | [config] + 7 | [config_secrets] 8 | -------------------------------------------------------------------------------- /applications/base/transmission-music/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | import '../transmission/namespace.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/base/transmission-tv/main.jsonnet: -------------------------------------------------------------------------------- 1 | local ingress = import 'ingress.libsonnet'; 2 | local config = std.parseYaml(importstr 'config.yaml'); 3 | local config_secrets = std.parseYaml(importstr 'config-secrets.yaml'); 4 | 5 | ingress + 6 | [config] + 7 | [config_secrets] 8 | -------------------------------------------------------------------------------- /applications/base/transmission-tv/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | import '../transmission/namespace.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/base/transmission-webdav/main.jsonnet: -------------------------------------------------------------------------------- 1 | local ingress = import 'ingress.libsonnet'; 2 | local middleware = std.parseYaml(importstr 'middleware.yaml'); 3 | local secrets = std.parseYaml(importstr 'secrets.yaml'); 4 | 5 | ingress + 6 | [middleware] + 7 | secrets 8 | -------------------------------------------------------------------------------- /applications/base/transmission-webdav/middleware.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: traefik.io/v1alpha1 2 | kind: Middleware 3 | metadata: 4 | name: webdav-auth 5 | spec: 6 | basicAuth: 7 | secret: rclone-credentials 8 | removeHeader: true 9 | -------------------------------------------------------------------------------- /applications/base/transmission-webdav/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | import '../transmission/namespace.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/base/transmission/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | app.new( 5 | name='transmission', 6 | path='applications/base/transmission', 7 | namespace=ns.metadata.name, 8 | ) 9 | -------------------------------------------------------------------------------- /applications/base/transmission/main.jsonnet: -------------------------------------------------------------------------------- 1 | local ns = import 'namespace.libsonnet'; 2 | local backup = std.parseYaml(importstr 'backup.yaml'); 3 | local claims = std.parseYaml(importstr 'claims.yaml'); 4 | 5 | [ns] + backup + claims 6 | -------------------------------------------------------------------------------- /applications/base/transmission/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('transmission') + 4 | k.core.v1.namespace.metadata.withLabelsMixin({}) 5 | -------------------------------------------------------------------------------- /applications/base/trivy/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/trivy/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | 5 | [ns] 6 | -------------------------------------------------------------------------------- /applications/base/trivy/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('trivy') 4 | -------------------------------------------------------------------------------- /applications/base/twitch-channel-points-miner/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/twitch-channel-points-miner/main.jsonnet -J vendor --ext-str ingressAnnotations='{}' --ext-str ingressHost='' 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | local ingress = import 'ingress.libsonnet'; 5 | local runConfig = import 'run-config.libsonnet'; 6 | local secrets = import 'secrets.libsonnet'; 7 | 8 | [ns] + ingress + runConfig + secrets 9 | -------------------------------------------------------------------------------- /applications/base/twitch-channel-points-miner/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('twitch-channel-points-miner') 4 | -------------------------------------------------------------------------------- /applications/base/twitch-channel-points-miner/run-config.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | [ 4 | k.core.v1.configMap.new('twitch-config', data={ 5 | 'run.py': (importstr 'run.py'), 6 | }), 7 | ] 8 | -------------------------------------------------------------------------------- /applications/base/vector-agent/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/vector-agent/main.jsonnet -J vendor 2 | 3 | [] 4 | -------------------------------------------------------------------------------- /applications/base/vector-agent/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | import '../vector/namespace.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/base/vector-aggregator/dns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: externaldns.k8s.io/v1alpha1 3 | kind: DNSEndpoint 4 | metadata: 5 | name: syslog 6 | spec: 7 | endpoints: 8 | - dnsName: syslog.home.macro.network 9 | recordTTL: 300 10 | recordType: A 11 | targets: 12 | - 10.0.6.10 13 | -------------------------------------------------------------------------------- /applications/base/vector-aggregator/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/vector-aggregator/main.jsonnet -J vendor 2 | 3 | local dns = std.parseYaml(importstr 'dns.yaml'); 4 | local ingress = std.parseYaml(importstr 'ingress.yaml'); 5 | 6 | dns + ingress 7 | -------------------------------------------------------------------------------- /applications/base/vector-aggregator/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | import '../vector/namespace.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/base/vector/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | app.new( 5 | name='vector', 6 | path='applications/base/vector', 7 | namespace=ns.metadata.name, 8 | ) 9 | -------------------------------------------------------------------------------- /applications/base/vector/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/vector/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | 5 | [ns] 6 | -------------------------------------------------------------------------------- /applications/base/vector/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('vector') 4 | -------------------------------------------------------------------------------- /applications/base/vpa/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | app.new( 5 | name='vpa', 6 | path='applications/base/vpa', 7 | namespace=ns.metadata.name, 8 | ).withChart( 9 | name='vpa', 10 | repoURL='https://charts.fairwinds.com/stable', 11 | targetRevision='4.7.2', 12 | releaseName='vpa', 13 | values='values.yaml' 14 | ) 15 | -------------------------------------------------------------------------------- /applications/base/vpa/main.jsonnet: -------------------------------------------------------------------------------- 1 | [ 2 | import 'namespace.libsonnet', 3 | ] 4 | -------------------------------------------------------------------------------- /applications/base/vpa/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('vertical-pod-autoscaler') 4 | -------------------------------------------------------------------------------- /applications/base/wakatime-exporter/github-readme/main.libsonnet: -------------------------------------------------------------------------------- 1 | local cronJob = import 'cronjob.libsonnet'; 2 | local secrets = import 'secrets.libsonnet'; 3 | local updateGraphConfig = import 'update-graph-config.libsonnet'; 4 | 5 | cronJob + secrets + updateGraphConfig 6 | -------------------------------------------------------------------------------- /applications/base/wakatime-exporter/github-readme/secrets.libsonnet: -------------------------------------------------------------------------------- 1 | local external_secret = import '../../../lib/external_secret.libsonnet'; 2 | local ns = import '../namespace.libsonnet'; 3 | 4 | [ 5 | external_secret.new( 6 | name='github-readme-credentials', 7 | namespace=ns.metadata.name, 8 | data=[ 9 | external_secret.data(key='WAKATIME_GITHUB_REPO_URL'), 10 | ] 11 | ), 12 | ] 13 | -------------------------------------------------------------------------------- /applications/base/wakatime-exporter/github-readme/update-graph-config.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../../lib/k.libsonnet'; 2 | 3 | [ 4 | k.core.v1.configMap.new('github-readme-scripts', data={ 5 | 'update-graph.sh': (importstr 'update-graph.sh'), 6 | }), 7 | ] 8 | -------------------------------------------------------------------------------- /applications/base/wakatime-exporter/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/wakatime-exporter/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | local secrets = import 'secrets.libsonnet'; 5 | local githubReadme = import 'github-readme/main.libsonnet'; 6 | 7 | [ns] + secrets + githubReadme 8 | -------------------------------------------------------------------------------- /applications/base/wakatime-exporter/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('wakatime-exporter') 4 | -------------------------------------------------------------------------------- /applications/base/wakatime-exporter/secrets.libsonnet: -------------------------------------------------------------------------------- 1 | local external_secret = import '../../lib/external_secret.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | [ 5 | external_secret.new( 6 | name='wakatime-credentials', 7 | namespace=ns.metadata.name, 8 | data=[ 9 | external_secret.data(key='WAKATIME_API_KEY'), 10 | ] 11 | ), 12 | ] 13 | -------------------------------------------------------------------------------- /applications/base/wakatime-exporter/values.yaml: -------------------------------------------------------------------------------- 1 | env: 2 | WAKA_API_KEY: 3 | valueFrom: 4 | secretKeyRef: 5 | name: wakatime-credentials 6 | key: WAKATIME_API_KEY 7 | 8 | serviceMonitor: 9 | main: 10 | enabled: true 11 | -------------------------------------------------------------------------------- /applications/base/wireguard-operator/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/wireguard-operator/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | 5 | [ns] 6 | -------------------------------------------------------------------------------- /applications/base/wireguard-operator/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('wireguard-operator') 4 | -------------------------------------------------------------------------------- /applications/base/wireguard-site-to-site/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | app.new( 5 | name='wireguard-site-to-site', 6 | path='applications/base/wireguard-site-to-site', 7 | namespace=ns.metadata.name, 8 | ) 9 | -------------------------------------------------------------------------------- /applications/base/wireguard-site-to-site/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/wireguard-site-to-site/main.jsonnet -J vendor 2 | 3 | local netPolicy = std.parseYaml(importstr 'network-policy.yaml'); 4 | local server = std.parseYaml(importstr 'server.yaml'); 5 | 6 | netPolicy + server 7 | -------------------------------------------------------------------------------- /applications/base/wireguard-site-to-site/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | import '../wireguard/namespace.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/base/wireguard/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../lib/app.libsonnet'; 2 | local ns = import 'namespace.libsonnet'; 3 | 4 | app.new( 5 | name='wireguard', 6 | path='applications/base/wireguard', 7 | namespace=ns.metadata.name, 8 | ) 9 | -------------------------------------------------------------------------------- /applications/base/wireguard/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/wireguard/main.jsonnet -J vendor 2 | 3 | local ns = import 'namespace.libsonnet'; 4 | local netPolicy = std.parseYaml(importstr 'network-policy.yaml'); 5 | 6 | [ns] + netPolicy 7 | -------------------------------------------------------------------------------- /applications/base/wireguard/namespace.libsonnet: -------------------------------------------------------------------------------- 1 | local k = import '../../lib/k.libsonnet'; 2 | 3 | k.core.v1.namespace.new('wireguard') 4 | -------------------------------------------------------------------------------- /applications/environments/hcloud/argocd/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/argocd/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/hcloud/cert-manager/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/cert-manager/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/hcloud/crossplane-packages/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/crossplane-packages/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/hcloud/crossplane/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/crossplane/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/hcloud/descheduler/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/descheduler/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/hcloud/external-dns/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/external-dns-cloudflare/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/hcloud/external-secrets/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/external-secrets/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/hcloud/fip-controller/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../../lib/app.libsonnet'; 2 | 3 | app.new( 4 | name='fip-controller', 5 | path='applications/environments/hcloud/fip-controller', 6 | namespace='fip-controller', 7 | ) 8 | -------------------------------------------------------------------------------- /applications/environments/hcloud/fip-controller/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: fip-controller 5 | -------------------------------------------------------------------------------- /applications/environments/hcloud/fip-controller/secrets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: external-secrets.io/v1beta1 2 | kind: ExternalSecret 3 | metadata: 4 | name: fip-controller-secrets 5 | spec: 6 | secretStoreRef: 7 | kind: ClusterSecretStore 8 | name: default 9 | 10 | target: 11 | name: fip-controller-secrets 12 | 13 | data: 14 | - secretKey: HCLOUD_API_TOKEN 15 | remoteRef: 16 | key: HCLOUD_API_TOKEN 17 | -------------------------------------------------------------------------------- /applications/environments/hcloud/jaeger-operator/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/jaeger-operator/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/hcloud/k8s-event-logger/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/k8s-event-logger/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/hcloud/metrics-server/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/metrics-server/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/hcloud/opentelemetry-operator/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/opentelemetry-operator/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/hcloud/prometheus-stack/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../../base/prometheus-stack/application.libsonnet'; 2 | 3 | app.withChartParams({ 4 | 'prometheus.prometheusSpec.retention': '2h', 5 | 'prometheus.prometheusSpec.resources.requests.cpu': '250m', 6 | 'prometheus.prometheusSpec.resources.requests.memory': '2Gi', 7 | 'prometheus.prometheusSpec.resources.limits.memory': '2Gi', 8 | }) 9 | -------------------------------------------------------------------------------- /applications/environments/hcloud/prometheus/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/prometheus/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/hcloud/rclone-restic/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/rclone-restic/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/hcloud/tailscale-operator/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../../base/tailscale-operator/application.libsonnet'; 2 | 3 | app.withChartParams({ 4 | 'operatorConfig.hostname': 'tailscale-operator.macro.network', 5 | }) 6 | -------------------------------------------------------------------------------- /applications/environments/hcloud/template-controller/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/template-controller/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/hcloud/traefik/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../../base/traefik/application.libsonnet'; 2 | 3 | app.withChartParams({ 4 | 'service.annotations.metallb\\.universe\\.tf/allow-shared-ip': 'main', 5 | }) 6 | -------------------------------------------------------------------------------- /applications/environments/hcloud/vpa/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/vpa/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/adguard-home/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/adguard-home/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/argo-workflows/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/argo-workflows/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/argocd/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/argocd/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/authentik-secrets/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/authentik-secrets/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/authentik/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../../base/authentik/application.libsonnet'; 2 | 3 | app.withBasePath('applications/environments/home/authentik') 4 | -------------------------------------------------------------------------------- /applications/environments/home/authentik/cert.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: Certificate 4 | metadata: 5 | name: authentik-cert 6 | spec: 7 | secretName: authentik-cert 8 | issuerRef: 9 | kind: ClusterIssuer 10 | name: cloudflare-issuer 11 | privateKey: 12 | algorithm: RSA 13 | encoding: PKCS1 14 | size: 2048 15 | dnsNames: 16 | - "authentik.home.macro.network" 17 | -------------------------------------------------------------------------------- /applications/environments/home/authentik/main.jsonnet: -------------------------------------------------------------------------------- 1 | local base = import '../../../base/authentik/main.jsonnet'; 2 | 3 | local cert = std.parseYaml(importstr 'cert.yaml'); 4 | 5 | base + cert 6 | -------------------------------------------------------------------------------- /applications/environments/home/beyla/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/beyla/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/cert-manager/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/cert-manager/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/cilium/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/cilium/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/cloudnative-pg/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/cloudnative-pg/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/coredns/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../../lib/app.libsonnet'; 2 | 3 | app.new( 4 | name='coredns', 5 | path='applications/environments/home/coredns', 6 | namespace='kube-system', 7 | ) 8 | -------------------------------------------------------------------------------- /applications/environments/home/coredns/main.jsonnet: -------------------------------------------------------------------------------- 1 | [ 2 | import 'config.libsonnet', 3 | ] 4 | -------------------------------------------------------------------------------- /applications/environments/home/crossplane-packages/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/crossplane-packages/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/crossplane/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/crossplane/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/defectdojo/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/defectdojo/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/descheduler/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/descheduler/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/dragonfly-operator/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/dragonfly-operator/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/excoredns/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/excoredns/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/external-secrets/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/external-secrets/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/external-services/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/external-services/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/gadget/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/gadget/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/grafana-operator/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/grafana-operator/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/grafana/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/grafana/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/harbor/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/harbor/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/homepage/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../../base/homepage/application.libsonnet'; 2 | 3 | app.withChartParams({ 4 | 'config.widgets[1].greeting.text': 'Home', 5 | 'config.settings.title': 'Home', 6 | 'config.settings.background.image': 'https://images.unsplash.com/photo-1509226704106-8a5a71ffbfa4?auto=format&fit=crop&w=2560&q=80', 7 | }) 8 | -------------------------------------------------------------------------------- /applications/environments/home/iperf/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/iperf/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/jaeger-aio/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/jaeger-aio/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/jaeger-operator/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/jaeger-operator/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/k8s-event-logger/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/k8s-event-logger/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/k8up/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/k8up/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/komoplane/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/komoplane/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/kubelet-csr-approver/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/kubelet-csr-approver/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/kyverno-policies/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/kyverno-policies/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/kyverno/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/kyverno/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/librespeed/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/librespeed/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/local-ai/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/local-ai/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/loki/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/loki/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/metrics-server/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/metrics-server/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/nack/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/nack/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/network/guestbook/values.yaml: -------------------------------------------------------------------------------- 1 | application: 2 | source: 3 | helm: 4 | valueFiles: 5 | - values.yaml 6 | - home-values.yaml 7 | -------------------------------------------------------------------------------- /applications/environments/home/network/values.yaml: -------------------------------------------------------------------------------- 1 | valueFiles: 2 | - values.yaml 3 | 4 | project: 5 | rbac: [] 6 | -------------------------------------------------------------------------------- /applications/environments/home/node-feature-discovery/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/node-feature-discovery/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/ntp-server/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/ntp-server/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/ocis-nack/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/ocis-nack/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/ocis-nats/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/ocis-nats/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/ocis/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/ocis/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/opentelemetry-collector/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/opentelemetry-collector/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/opentelemetry-operator/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/opentelemetry-operator/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/osrs-ge-exporter/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/osrs-ge-exporter/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/policy-reporter/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/policy-reporter/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/postgres-shared/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../../base/postgres-shared/application.libsonnet'; 2 | 3 | app.withBasePath('applications/environments/home/postgres-shared') 4 | -------------------------------------------------------------------------------- /applications/environments/home/postgres-shared/main.jsonnet: -------------------------------------------------------------------------------- 1 | // jsonnet base/postgres-shared/main.jsonnet -J vendor 2 | 3 | local base = import '../../../base/postgres-shared/main.jsonnet'; 4 | local cluster = std.parseYaml(importstr 'cluster.yaml'); 5 | local offloading = std.parseYaml(importstr 'offloading.yaml'); 6 | 7 | base + cluster + offloading 8 | -------------------------------------------------------------------------------- /applications/environments/home/prometheus/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/prometheus/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/prowlarr/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/prowlarr/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/radarr/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/radarr/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/rclone-restic/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/rclone-restic/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/recyclarr/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/recyclarr/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/reloader/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/reloader/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/robusta/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/robusta/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/rook-ceph-cluster/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/rook-ceph-cluster/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/rook-ceph-operator/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/rook-ceph-operator/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/securecodebox-addons/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/securecodebox-addons/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/securecodebox-config/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/securecodebox-config/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/securecodebox/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/securecodebox/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/servarr/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/servarr/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/spegel/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/spegel/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/template-controller/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/template-controller/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/tetragon/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/tetragon/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/traefik/issuer.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: Certificate 4 | metadata: 5 | name: traefik-cert 6 | spec: 7 | secretName: traefik-cert 8 | issuerRef: 9 | kind: ClusterIssuer 10 | name: cloudflare-issuer 11 | dnsNames: 12 | - "home.macro.network" 13 | - "*.home.macro.network" 14 | -------------------------------------------------------------------------------- /applications/environments/home/traefik/main.jsonnet: -------------------------------------------------------------------------------- 1 | local dashboard_ingresss = import '../../../base/traefik/dashboard_ingress.libsonnet'; 2 | local ns = import '../../../base/traefik/namespace.libsonnet'; 3 | local issuer = std.parseYaml(importstr 'issuer.yaml'); 4 | 5 | [ns] + issuer + dashboard_ingresss 6 | -------------------------------------------------------------------------------- /applications/environments/home/trivy/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/trivy/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/twitch-channel-points-miner/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/twitch-channel-points-miner/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/vector-agent/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/vector-agent/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/vector-aggregator/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/vector-aggregator/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/vector/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/vector/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/vpa/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/vpa/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/home/wakatime-exporter/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/wakatime-exporter/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/nas01/argocd/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../../base/argocd/application.libsonnet'; 2 | 3 | app.withChartParams({ 4 | 'controller.replicas': '1', 5 | 'server.replicas': '1', 6 | 'repoServer.replicas': '1', 7 | 'applicationSet.replicas': '1', 8 | }) 9 | -------------------------------------------------------------------------------- /applications/environments/nas01/authentik-secrets/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/authentik-secrets/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/nas01/beyla/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/beyla/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/nas01/cert-manager/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/cert-manager/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/nas01/coredns/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../../lib/app.libsonnet'; 2 | 3 | app.new( 4 | name='coredns', 5 | path='applications/environments/nas01/coredns', 6 | namespace='kube-system', 7 | ) 8 | -------------------------------------------------------------------------------- /applications/environments/nas01/coredns/main.jsonnet: -------------------------------------------------------------------------------- 1 | [ 2 | import 'config.libsonnet', 3 | ] 4 | -------------------------------------------------------------------------------- /applications/environments/nas01/dragonfly-operator/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/dragonfly-operator/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/nas01/excoredns/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../../base/excoredns/application.libsonnet'; 2 | 3 | app.withChartParams({ 4 | 'domain': 'nas01.home.macro.network', 5 | 'service.clusterIP': '10.133.0.11', 6 | 'replicaCount': '1', 7 | 'topologySpreadConstraints': null, 8 | }) 9 | -------------------------------------------------------------------------------- /applications/environments/nas01/external-secrets/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/external-secrets/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/nas01/homepage/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../../base/homepage/application.libsonnet'; 2 | 3 | app.withChartParams({ 4 | 'config.widgets[1].greeting.text': 'NAS', 5 | 'config.settings.title': 'NAS', 6 | 'config.settings.background.image': 'https://images.unsplash.com/photo-1509226704106-8a5a71ffbfa4?auto=format&fit=crop&w=2560&q=80', 7 | }) 8 | -------------------------------------------------------------------------------- /applications/environments/nas01/iperf/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/iperf/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/nas01/jaeger-aio/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/jaeger-aio/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/nas01/jaeger-operator/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/jaeger-operator/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/nas01/kyverno-policies/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../../base/kyverno-policies/application.libsonnet'; 2 | 3 | app.withBasePath('applications/environments/nas01/kyverno-policies') 4 | -------------------------------------------------------------------------------- /applications/environments/nas01/kyverno-policies/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../../base/kyverno-policies/policies/drop-all-capabilities/policy.yaml 5 | - policies/set-replica-count/policy.yaml 6 | -------------------------------------------------------------------------------- /applications/environments/nas01/kyverno/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/kyverno/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/nas01/librespeed/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/librespeed/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/nas01/opentelemetry-collector/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/opentelemetry-collector/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/nas01/opentelemetry-operator/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/opentelemetry-operator/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/nas01/prometheus/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/prometheus/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/nas01/reloader/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/reloader/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/nas01/template-controller/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/template-controller/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/nas01/traefik/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../../base/traefik/application.libsonnet'; 2 | 3 | app.withBasePath('applications/environments/nas01/traefik') 4 | -------------------------------------------------------------------------------- /applications/environments/nas01/traefik/issuer.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: Certificate 4 | metadata: 5 | name: traefik-cert 6 | spec: 7 | secretName: traefik-cert 8 | issuerRef: 9 | kind: ClusterIssuer 10 | name: cloudflare-issuer 11 | dnsNames: 12 | - "*.nas01.home.macro.network" 13 | -------------------------------------------------------------------------------- /applications/environments/nas01/traefik/main.jsonnet: -------------------------------------------------------------------------------- 1 | local dashboard_ingresss = import '../../../base/traefik/dashboard_ingress.libsonnet'; 2 | local ns = import '../../../base/traefik/namespace.libsonnet'; 3 | local issuer = std.parseYaml(importstr 'issuer.yaml'); 4 | 5 | [ns] + issuer + dashboard_ingresss 6 | -------------------------------------------------------------------------------- /applications/environments/seedbox/authentik-secrets/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/authentik-secrets/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/seedbox/authentik/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../../base/authentik/application.libsonnet'; 2 | 3 | app.withBasePath('applications/environments/seedbox/authentik') 4 | -------------------------------------------------------------------------------- /applications/environments/seedbox/authentik/cert.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: Certificate 4 | metadata: 5 | name: authentik-cert 6 | spec: 7 | secretName: authentik-cert 8 | issuerRef: 9 | kind: ClusterIssuer 10 | name: cloudflare-issuer 11 | privateKey: 12 | algorithm: RSA 13 | encoding: PKCS1 14 | size: 2048 15 | dnsNames: 16 | - "authentik.seedbox.macro.network" 17 | -------------------------------------------------------------------------------- /applications/environments/seedbox/authentik/main.jsonnet: -------------------------------------------------------------------------------- 1 | local base = import '../../../base/authentik/main.jsonnet'; 2 | local cert = std.parseYaml(importstr 'cert.yaml'); 3 | 4 | base + cert 5 | -------------------------------------------------------------------------------- /applications/environments/seedbox/cert-manager/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/cert-manager/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/seedbox/cloudnative-pg/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/cloudnative-pg/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/seedbox/crossplane-packages/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/crossplane-packages/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/seedbox/crossplane/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/crossplane/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/seedbox/descheduler/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/descheduler/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/seedbox/dragonfly-operator/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/dragonfly-operator/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/seedbox/excoredns/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../../base/excoredns/application.libsonnet'; 2 | 3 | app.withChartParams({ 4 | 'domain': 'seedbox.macro.network', 5 | 'service.clusterIP': '10.43.0.11', 6 | 'replicaCount': '1', 7 | 'topologySpreadConstraints': null, 8 | }) 9 | -------------------------------------------------------------------------------- /applications/environments/seedbox/external-secrets/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/external-secrets/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/seedbox/grafana-operator/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/grafana-operator/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/seedbox/homepage/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../../base/homepage/application.libsonnet'; 2 | 3 | app.withChartParams({ 4 | 'config.widgets[1].greeting.text': 'Seedbox', 5 | 'config.settings.title': 'Seedbox', 6 | 'config.settings.background.image': 'https://images.unsplash.com/photo-1502790671504-542ad42d5189?auto=format&fit=crop&w=2560&q=80', 7 | 'config.services': '[]', 8 | }) 9 | -------------------------------------------------------------------------------- /applications/environments/seedbox/iperf/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/iperf/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/seedbox/jaeger-operator/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/jaeger-operator/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/seedbox/k8s-event-logger/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/k8s-event-logger/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/seedbox/k8up/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/k8up/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/seedbox/librespeed/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/librespeed/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/seedbox/metrics-server/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/metrics-server/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/seedbox/opentelemetry-operator/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/opentelemetry-operator/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/seedbox/postgres-shared/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../../base/postgres-shared/application.libsonnet'; 2 | 3 | app.withBasePath('applications/environments/seedbox/postgres-shared') 4 | -------------------------------------------------------------------------------- /applications/environments/seedbox/prometheus-stack/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../../base/prometheus-stack/application.libsonnet'; 2 | 3 | app.withChartParams({ 4 | 'prometheus.prometheusSpec.retention': '2h', 5 | 'prometheus.prometheusSpec.resources.requests.cpu': '250m', 6 | 'prometheus.prometheusSpec.resources.requests.memory': '4Gi', 7 | 'prometheus.prometheusSpec.resources.limits.memory': '4Gi', 8 | }) 9 | -------------------------------------------------------------------------------- /applications/environments/seedbox/prometheus/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/prometheus/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/seedbox/rclone-restic/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/rclone-restic/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/seedbox/reloader/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/reloader/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/seedbox/template-controller/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/template-controller/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/seedbox/traefik/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../../base/traefik/application.libsonnet'; 2 | 3 | app.withBasePath('applications/environments/seedbox/traefik').withChartValues(||| 4 | service: 5 | additionalServices: 6 | internal: 7 | spec: 8 | clusterIP: 10.43.0.20 9 | |||) 10 | -------------------------------------------------------------------------------- /applications/environments/seedbox/traefik/issuer.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: Certificate 4 | metadata: 5 | name: traefik-cert 6 | spec: 7 | secretName: traefik-cert 8 | issuerRef: 9 | kind: ClusterIssuer 10 | name: cloudflare-issuer 11 | dnsNames: 12 | - "seedbox.macro.network" 13 | - "*.seedbox.macro.network" 14 | -------------------------------------------------------------------------------- /applications/environments/seedbox/traefik/main.jsonnet: -------------------------------------------------------------------------------- 1 | local dashboard_ingresss = import '../../../base/traefik/dashboard_ingress.libsonnet'; 2 | local ns = import '../../../base/traefik/namespace.libsonnet'; 3 | local issuer = std.parseYaml(importstr 'issuer.yaml'); 4 | 5 | [ns] + issuer + dashboard_ingresss 6 | -------------------------------------------------------------------------------- /applications/environments/seedbox/transmission-anime/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/transmission-anime/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/seedbox/transmission-audio/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/transmission-audio/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/seedbox/transmission-movies/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/transmission-movies/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/seedbox/transmission-music/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/transmission-music/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/seedbox/transmission-tv/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/transmission-tv/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/seedbox/transmission-webdav/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/transmission-webdav/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/seedbox/transmission/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/transmission/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/seedbox/wireguard-operator/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/wireguard-operator/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/environments/seedbox/wireguard-site-to-site/application.libsonnet: -------------------------------------------------------------------------------- 1 | local app = import '../../../base/wireguard-site-to-site/application.libsonnet'; 2 | 3 | app.withBasePath('applications/environments/seedbox/wireguard-site-to-site') 4 | -------------------------------------------------------------------------------- /applications/environments/seedbox/wireguard-site-to-site/main.jsonnet: -------------------------------------------------------------------------------- 1 | local base = import '../../../base/wireguard-site-to-site/main.jsonnet'; 2 | local peers = std.parseYaml(importstr 'peers.yaml'); 3 | 4 | base + peers 5 | -------------------------------------------------------------------------------- /applications/environments/seedbox/wireguard/application.libsonnet: -------------------------------------------------------------------------------- 1 | import '../../../base/wireguard/application.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/lib/charts/application/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: application 3 | version: 0.1.0 4 | -------------------------------------------------------------------------------- /applications/lib/charts/namespace/Chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/chart.json 3 | 4 | apiVersion: v2 5 | name: namespace 6 | version: 0.1.0 7 | dependencies: 8 | - name: application 9 | version: 0.1.0 10 | repository: file://../application 11 | - name: policy 12 | version: 0.1.0 13 | repository: file://../policy 14 | -------------------------------------------------------------------------------- /applications/lib/charts/policy/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: policy 3 | version: 0.1.0 4 | -------------------------------------------------------------------------------- /applications/lib/charts/project/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: project 3 | version: 0.1.0 4 | -------------------------------------------------------------------------------- /applications/lib/charts/project/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MacroPower/homelab/cbd91bd59b926ac9de4c186cb3bd3f6566272ade/applications/lib/charts/project/values.yaml -------------------------------------------------------------------------------- /applications/lib/charts/secrets/Chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/chart.json 3 | 4 | apiVersion: v2 5 | name: secrets 6 | version: 0.1.0 7 | -------------------------------------------------------------------------------- /applications/lib/charts/secrets/values.yaml: -------------------------------------------------------------------------------- 1 | clusterStores: [] 2 | clusterExternal: [] 3 | 4 | stores: [] 5 | external: [] 6 | -------------------------------------------------------------------------------- /applications/lib/charts/tenant/Chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/chart.json 3 | 4 | apiVersion: v2 5 | name: tenant 6 | version: 0.1.0 7 | dependencies: 8 | - name: project 9 | version: 0.1.0 10 | repository: file://../project 11 | - name: secrets 12 | version: 0.1.0 13 | repository: file://../secrets 14 | -------------------------------------------------------------------------------- /applications/lib/k.libsonnet: -------------------------------------------------------------------------------- 1 | import 'github.com/jsonnet-libs/k8s-libsonnet/1.27/main.libsonnet' 2 | -------------------------------------------------------------------------------- /applications/vendor/1.27: -------------------------------------------------------------------------------- 1 | github.com/jsonnet-libs/k8s-libsonnet/1.27 -------------------------------------------------------------------------------- /applications/vendor/doc-util: -------------------------------------------------------------------------------- 1 | github.com/jsonnet-libs/docsonnet/doc-util -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/admissionregistration/main.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='admissionregistration', url='', help=''), 4 | v1: (import 'v1/main.libsonnet'), 5 | v1alpha1: (import 'v1alpha1/main.libsonnet'), 6 | } 7 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/apiregistration/main.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='apiregistration', url='', help=''), 4 | v1: (import 'v1/main.libsonnet'), 5 | } 6 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/apiserverinternal/main.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='apiserverinternal', url='', help=''), 4 | v1alpha1: (import 'v1alpha1/main.libsonnet'), 5 | } 6 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/apiserverinternal/v1alpha1/storageVersionSpec.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='storageVersionSpec', url='', help='"StorageVersionSpec is an empty spec."'), 4 | '#mixin': 'ignore', 5 | mixin: self, 6 | } 7 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/apps/main.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='apps', url='', help=''), 4 | v1: (import 'v1/main.libsonnet'), 5 | } 6 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/authentication/main.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='authentication', url='', help=''), 4 | v1: (import 'v1/main.libsonnet'), 5 | v1alpha1: (import 'v1alpha1/main.libsonnet'), 6 | v1beta1: (import 'v1beta1/main.libsonnet'), 7 | } 8 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/authentication/v1alpha1/main.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='v1alpha1', url='', help=''), 4 | selfSubjectReview: (import 'selfSubjectReview.libsonnet'), 5 | selfSubjectReviewStatus: (import 'selfSubjectReviewStatus.libsonnet'), 6 | } 7 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/authentication/v1beta1/main.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='v1beta1', url='', help=''), 4 | selfSubjectReview: (import 'selfSubjectReview.libsonnet'), 5 | selfSubjectReviewStatus: (import 'selfSubjectReviewStatus.libsonnet'), 6 | } 7 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/authorization/main.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='authorization', url='', help=''), 4 | v1: (import 'v1/main.libsonnet'), 5 | } 6 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/autoscaling/main.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='autoscaling', url='', help=''), 4 | v1: (import 'v1/main.libsonnet'), 5 | v2: (import 'v2/main.libsonnet'), 6 | } 7 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/batch/main.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='batch', url='', help=''), 4 | v1: (import 'v1/main.libsonnet'), 5 | } 6 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/certificates/main.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='certificates', url='', help=''), 4 | v1: (import 'v1/main.libsonnet'), 5 | v1alpha1: (import 'v1alpha1/main.libsonnet'), 6 | } 7 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/certificates/v1alpha1/main.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='v1alpha1', url='', help=''), 4 | clusterTrustBundle: (import 'clusterTrustBundle.libsonnet'), 5 | clusterTrustBundleSpec: (import 'clusterTrustBundleSpec.libsonnet'), 6 | } 7 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/coordination/main.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='coordination', url='', help=''), 4 | v1: (import 'v1/main.libsonnet'), 5 | } 6 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/coordination/v1/main.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='v1', url='', help=''), 4 | lease: (import 'lease.libsonnet'), 5 | leaseSpec: (import 'leaseSpec.libsonnet'), 6 | } 7 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/core/main.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='core', url='', help=''), 4 | v1: (import 'v1/main.libsonnet'), 5 | } 6 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/discovery/main.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='discovery', url='', help=''), 4 | v1: (import 'v1/main.libsonnet'), 5 | } 6 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/events/main.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='events', url='', help=''), 4 | v1: (import 'v1/main.libsonnet'), 5 | } 6 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/events/v1/main.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='v1', url='', help=''), 4 | event: (import 'event.libsonnet'), 5 | eventSeries: (import 'eventSeries.libsonnet'), 6 | } 7 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/flowcontrol/main.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='flowcontrol', url='', help=''), 4 | v1beta2: (import 'v1beta2/main.libsonnet'), 5 | v1beta3: (import 'v1beta3/main.libsonnet'), 6 | } 7 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/meta/main.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='meta', url='', help=''), 4 | v1: (import 'v1/main.libsonnet'), 5 | } 6 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/meta/v1/microTime.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='microTime', url='', help='"MicroTime is version of Time with microsecond level precision."'), 4 | '#mixin': 'ignore', 5 | mixin: self, 6 | } 7 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/meta/v1/patch.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='patch', url='', help='"Patch is provided to give a concrete name and type to the Kubernetes PATCH request body."'), 4 | '#mixin': 'ignore', 5 | mixin: self, 6 | } 7 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/meta/v1/time.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='time', url='', help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."'), 4 | '#mixin': 'ignore', 5 | mixin: self, 6 | } 7 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/networking/main.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='networking', url='', help=''), 4 | v1: (import 'v1/main.libsonnet'), 5 | v1alpha1: (import 'v1alpha1/main.libsonnet'), 6 | } 7 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/node/main.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='node', url='', help=''), 4 | v1: (import 'v1/main.libsonnet'), 5 | } 6 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/node/v1/main.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='v1', url='', help=''), 4 | overhead: (import 'overhead.libsonnet'), 5 | runtimeClass: (import 'runtimeClass.libsonnet'), 6 | scheduling: (import 'scheduling.libsonnet'), 7 | } 8 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/policy/main.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='policy', url='', help=''), 4 | v1: (import 'v1/main.libsonnet'), 5 | } 6 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/rbac/main.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='rbac', url='', help=''), 4 | v1: (import 'v1/main.libsonnet'), 5 | } 6 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/resource/main.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='resource', url='', help=''), 4 | v1alpha2: (import 'v1alpha2/main.libsonnet'), 5 | } 6 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/scheduling/main.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='scheduling', url='', help=''), 4 | v1: (import 'v1/main.libsonnet'), 5 | } 6 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/scheduling/v1/main.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='v1', url='', help=''), 4 | priorityClass: (import 'priorityClass.libsonnet'), 5 | } 6 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/_gen/storage/main.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | local d = (import 'doc-util/main.libsonnet'), 3 | '#':: d.pkg(name='storage', url='', help=''), 4 | v1: (import 'v1/main.libsonnet'), 5 | } 6 | -------------------------------------------------------------------------------- /applications/vendor/github.com/jsonnet-libs/k8s-libsonnet/1.27/main.libsonnet: -------------------------------------------------------------------------------- 1 | (import 'gen.libsonnet') + (import '_custom/apps.libsonnet') + (import '_custom/autoscaling.libsonnet') + (import '_custom/batch.libsonnet') + (import '_custom/core.libsonnet') + (import '_custom/list.libsonnet') + (import '_custom/mapContainers.libsonnet') + (import '_custom/rbac.libsonnet') + (import '_custom/volumeMounts.libsonnet') 2 | -------------------------------------------------------------------------------- /applications/vendor/ksonnet-util: -------------------------------------------------------------------------------- 1 | github.com/grafana/jsonnet-libs/ksonnet-util -------------------------------------------------------------------------------- /apps/.template/.gitignore: -------------------------------------------------------------------------------- 1 | kcl.mod.lock 2 | -------------------------------------------------------------------------------- /apps/.template/templates/_tenant/base/.tenant-disabled.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/.template/templates/_tenant/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "{{.TenantName}}_tenant" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | konfig = { path = "../../../../konfig" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/.template/templates/_tenant/base/main.k: -------------------------------------------------------------------------------- 1 | import konfig.models.frontend 2 | 3 | tenantConfiguration = frontend.Tenant { 4 | name = "{{.TenantName}}" 5 | } 6 | -------------------------------------------------------------------------------- /apps/.template/templates/_tenant/shared/.tenant-disabled.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/.template/templates/_tenant/shared/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "{{.TenantName}}" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | {{.TenantName}}_tenant = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/.template/templates/_tenant/shared/main.k: -------------------------------------------------------------------------------- 1 | import {{.TenantName}}_tenant 2 | import konfig.models.frontend 3 | 4 | tenant = {{.TenantName}}_tenant.tenantConfiguration 5 | 6 | shared = frontend.SharedApp {} 7 | -------------------------------------------------------------------------------- /apps/.template/templates/app/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "{{.TenantName}}_{{.AppName}}_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | {{.TenantName}} = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/.template/templates/app/base/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/{{.TenantName}}_{{.AppName}}/values.schema.json 2 | -------------------------------------------------------------------------------- /apps/.template/templates/app/mgmt/.app-disabled.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/.template/templates/app/mgmt/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "{{.TenantName}}_{{.AppName}}_mgmt" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | {{.TenantName}}_{{.AppName}}_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/.template/templates/app/mgmt/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/{{.TenantName}}_{{.AppName}}/values.schema.json 2 | -------------------------------------------------------------------------------- /apps/argo/_tenant/base/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/argo/_tenant/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "argo_tenant" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | konfig = { path = "../../../../konfig" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/argo/_tenant/base/main.k: -------------------------------------------------------------------------------- 1 | import konfig.models.frontend 2 | 3 | tenantConfiguration = frontend.Tenant { 4 | name = "argo" 5 | } 6 | -------------------------------------------------------------------------------- /apps/argo/_tenant/shared/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/argo/_tenant/shared/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "argo" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | argo_tenant = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/argo/cd/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "argo_cd_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | argo = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/argo/cd/mgmt/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/argo/cd/mgmt/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "argo_cd_mgmt" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | argo_cd_base = { path = "../base" } 7 | cluster = { path = "../../../../clusters/mgmt" } 8 | 9 | [profile] 10 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 11 | -------------------------------------------------------------------------------- /apps/cilium/_tenant/base/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/cilium/_tenant/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "cilium_tenant" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | konfig = { path = "../../../../konfig" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/cilium/_tenant/base/main.k: -------------------------------------------------------------------------------- 1 | import konfig.models.frontend 2 | 3 | tenantConfiguration = frontend.Tenant { 4 | name = "cilium" 5 | } 6 | -------------------------------------------------------------------------------- /apps/cilium/_tenant/shared/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/cilium/_tenant/shared/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "cilium_shared" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | cilium_tenant = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/cilium/_tenant/shared/main.k: -------------------------------------------------------------------------------- 1 | import cilium_tenant 2 | import konfig.models.frontend 3 | 4 | tenant = cilium_tenant.tenantConfiguration 5 | 6 | shared = frontend.SharedApp {} 7 | -------------------------------------------------------------------------------- /apps/cilium/system/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "cilium_system_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | cilium_shared = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/cilium/system/mgmt/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/cilium/system/mgmt/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "cilium_system_mgmt" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | cilium_system_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/cilium/system/nas01/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/cilium/system/nas01/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "cilium_system_nas01" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | cilium_system_base = { path = "../base" } 7 | cluster = { path = "../../../../clusters/nas01" } 8 | 9 | [profile] 10 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 11 | -------------------------------------------------------------------------------- /apps/external/_tenant/base/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/external/_tenant/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "external_tenant" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | konfig = { path = "../../../../konfig" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/external/_tenant/base/main.k: -------------------------------------------------------------------------------- 1 | import konfig.models.frontend 2 | 3 | tenantConfiguration = frontend.Tenant { 4 | name = "external" 5 | } 6 | -------------------------------------------------------------------------------- /apps/external/_tenant/shared/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/external/_tenant/shared/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "external" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | external_tenant = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/external/certs/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "external_certs_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | external = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/external/certs/mgmt/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/external/certs/mgmt/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "external_certs_mgmt" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | external_certs_base = { path = "../base" } 7 | cluster = { path = "../../../../clusters/mgmt" } 8 | 9 | [profile] 10 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 11 | -------------------------------------------------------------------------------- /apps/external/certs/nas01/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/external/certs/nas01/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "external_certs_nas01" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | external_certs_base = { path = "../base" } 7 | cluster = { path = "../../../../clusters/nas01" } 8 | 9 | [profile] 10 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 11 | -------------------------------------------------------------------------------- /apps/external/dns/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "external_dns_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | external = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/external/dns/base/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/external_dns/values.schema.json 2 | 3 | # https://github.com/kubernetes-sigs/external-dns/blob/master/charts/external-dns/values.yaml 4 | 5 | logFormat: json 6 | logLevel: info 7 | 8 | sources: 9 | - service 10 | - ingress 11 | 12 | policy: upsert-only 13 | 14 | serviceMonitor: 15 | enabled: false 16 | -------------------------------------------------------------------------------- /apps/external/dns/mgmt/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/external/dns/mgmt/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "external_dns_mgmt" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | external_dns_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/external/dns/nas01/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/external/dns/nas01/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "external_dns_nas01" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | external_dns_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/external/secrets/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "external_secrets_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | external = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/external/secrets/mgmt/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/external/secrets/mgmt/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "external_secrets_mgmt" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | external_secrets_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/external/secrets/mgmt/main.k: -------------------------------------------------------------------------------- 1 | import charts.external_secrets 2 | import external_secrets_base 3 | 4 | _baseValues = external_secrets_base.app.charts.external_secrets.values 5 | 6 | app = external_secrets_base.app | { 7 | charts.external_secrets.values = _baseValues | external_secrets.Values { 8 | replicaCount = 2 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /apps/external/secrets/nas01/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/external/secrets/nas01/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "external_secrets_nas01" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | external_secrets_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/external/secrets/nas01/main.k: -------------------------------------------------------------------------------- 1 | import charts.external_secrets 2 | import external_secrets_base 3 | 4 | _baseValues = external_secrets_base.app.charts.external_secrets.values 5 | 6 | app = external_secrets_base.app | { 7 | charts.external_secrets.values = _baseValues | external_secrets.Values {} 8 | } 9 | -------------------------------------------------------------------------------- /apps/kube/_tenant/base/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/kube/_tenant/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_tenant" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | konfig = { path = "../../../../konfig" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/kube/_tenant/base/main.k: -------------------------------------------------------------------------------- 1 | import konfig.models.frontend 2 | 3 | tenantConfiguration = frontend.Tenant { 4 | name = "kube" 5 | } 6 | -------------------------------------------------------------------------------- /apps/kube/_tenant/shared/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/kube/_tenant/shared/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | kube_tenant = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/kube/_tenant/shared/main.k: -------------------------------------------------------------------------------- 1 | import kube_tenant 2 | import konfig.models.frontend 3 | 4 | tenant = kube_tenant.tenantConfiguration 5 | 6 | shared = frontend.SharedApp {} 7 | -------------------------------------------------------------------------------- /apps/kube/csr-approver/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_csr_approver_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | kube = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/kube/csr-approver/mgmt/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/kube/csr-approver/mgmt/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_csr_approver_mgmt" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | kube_csr_approver_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/kube/csr-approver/mgmt/main.k: -------------------------------------------------------------------------------- 1 | import charts.kubelet_csr_approver as kca 2 | import kube_csr_approver_base 3 | 4 | _kcaValues = kca.Values { 5 | providerRegex = "^kmgmt\d\d$" 6 | providerIpPrefixes = [ 7 | "10.10.0.0/16", 8 | "fc42:0:0:a::/64", 9 | ] 10 | } 11 | 12 | app = kube_csr_approver_base.app | { 13 | charts.kubelet_csr_approver.values: _kcaValues 14 | } 15 | -------------------------------------------------------------------------------- /apps/kube/descheduler/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_descheduler_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | kube_tenant = { path = "../../_tenant" } 7 | -------------------------------------------------------------------------------- /apps/kube/dragonfly/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_dragonfly_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | dragonfly = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/kube/dragonfly/mgmt/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/kube/dragonfly/mgmt/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_dragonfly_mgmt" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | kube_dragonfly_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/kube/dragonfly/mgmt/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/dragonfly_operator/values.schema.json 2 | 3 | replicaCount: 1 4 | 5 | manager: 6 | resources: 7 | requests: 8 | cpu: 10m 9 | memory: 150Mi 10 | limits: 11 | cpu: 500m 12 | memory: 150Mi 13 | -------------------------------------------------------------------------------- /apps/o11y/_tenant/.argocd.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/o11y/_tenant/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "o11y_tenant" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | konfig = { path = "../../../konfig" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/o11y/_tenant/main.k: -------------------------------------------------------------------------------- 1 | import konfig.models.frontend 2 | 3 | tenantConfiguration = frontend.Tenant { 4 | name = "o11y" 5 | 6 | secretStores.default = { 7 | name = "o11y" 8 | provider.doppler.auth.secretRef.dopplerToken = { 9 | name = "doppler-credentials" 10 | key = "token" 11 | namespace = "kube-system" 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /apps/o11y/grafana/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "o11y_grafana_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | o11y_tenant = { path = "../../_tenant" } 7 | -------------------------------------------------------------------------------- /apps/o11y/grafana/home/.argocd.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/o11y/grafana/home/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "o11y_grafana_home" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | o11y_grafana_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/o11y/grafana/home/main.k: -------------------------------------------------------------------------------- 1 | import konfig.models.utils 2 | import o11y_grafana_base 3 | 4 | app = o11y_grafana_base.app | { 5 | environment = "home" 6 | domainName = "home.macro.network" 7 | 8 | grafanaDashboards = utils.DashboardPathBuilder("dashboards") 9 | 10 | extraResources.grafana.spec.config = o11y_grafana_base.GrafanaConfigBuilder(domainName) 11 | } 12 | -------------------------------------------------------------------------------- /bootstrap/core/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "bootstrap_core_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | charts = { path = "../../../charts" } 7 | k8s = "1.31.2" 8 | konfig = { path = "../../../konfig" } 9 | -------------------------------------------------------------------------------- /bootstrap/core/mgmt/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "bootstrap_core_mgmt" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | bootstrap = { path = "../base" } 7 | kube_csr_approver = { path = "../../../apps/kube/csr-approver/mgmt" } 8 | cilium_system = { path = "../../../apps/cilium/system/mgmt" } 9 | argo_cd = { path = "../../../apps/argo/cd/base" } 10 | 11 | [profile] 12 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 13 | -------------------------------------------------------------------------------- /bootstrap/core/nas01/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "bootstrap_core_nas01" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | bootstrap = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /bootstrap/core/nas01/main.k: -------------------------------------------------------------------------------- 1 | import bootstrap 2 | 3 | _cluster_name = "nas01" 4 | 5 | app = bootstrap.app | {} 6 | -------------------------------------------------------------------------------- /charts/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "charts" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | filepath = { oci = "oci://ghcr.io/macropower/kclipper/filepath", tag = "0.14.0" } 7 | helm = { oci = "oci://ghcr.io/macropower/kclipper/helm", tag = "0.14.0" } 8 | -------------------------------------------------------------------------------- /clusters/main/.gitignore: -------------------------------------------------------------------------------- 1 | cluster/ 2 | clusterconfig/ 3 | *.macro.network/ 4 | kubernetesResources/ 5 | support.zip 6 | -------------------------------------------------------------------------------- /clusters/mgmt/.gitignore: -------------------------------------------------------------------------------- 1 | cluster/ 2 | clusterconfig/ 3 | *.macro.network/ 4 | kubernetesResources/ 5 | support.zip 6 | -------------------------------------------------------------------------------- /clusters/mgmt/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "cluster_mgmt" 3 | version = "0.1.0" 4 | -------------------------------------------------------------------------------- /clusters/mgmt/kcl.mod.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MacroPower/homelab/cbd91bd59b926ac9de4c186cb3bd3f6566272ade/clusters/mgmt/kcl.mod.lock -------------------------------------------------------------------------------- /clusters/mgmt/main.k: -------------------------------------------------------------------------------- 1 | DOMAIN_NAME = "kmgmt.cin.macro.network" 2 | -------------------------------------------------------------------------------- /clusters/nas01/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "cluster_mgmt" 3 | version = "0.1.0" 4 | -------------------------------------------------------------------------------- /clusters/nas01/kcl.mod.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MacroPower/homelab/cbd91bd59b926ac9de4c186cb3bd3f6566272ade/clusters/nas01/kcl.mod.lock -------------------------------------------------------------------------------- /clusters/nas01/main.k: -------------------------------------------------------------------------------- 1 | DOMAIN_NAME = "knas01.cin.macro.network" 2 | -------------------------------------------------------------------------------- /docs/dns/README.md: -------------------------------------------------------------------------------- 1 | # DNS 2 | 3 | ## Diagram 4 | 5 | ![](img/dns.png) 6 | -------------------------------------------------------------------------------- /docs/dns/img/dns.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MacroPower/homelab/cbd91bd59b926ac9de4c186cb3bd3f6566272ade/docs/dns/img/dns.png -------------------------------------------------------------------------------- /docs/img/k8shappy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MacroPower/homelab/cbd91bd59b926ac9de4c186cb3bd3f6566272ade/docs/img/k8shappy.png -------------------------------------------------------------------------------- /docs/img/k8spega.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MacroPower/homelab/cbd91bd59b926ac9de4c186cb3bd3f6566272ade/docs/img/k8spega.png -------------------------------------------------------------------------------- /docs/img/k8spega_sq.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MacroPower/homelab/cbd91bd59b926ac9de4c186cb3bd3f6566272ade/docs/img/k8spega_sq.png -------------------------------------------------------------------------------- /docs/img/peepoK8S.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MacroPower/homelab/cbd91bd59b926ac9de4c186cb3bd3f6566272ade/docs/img/peepoK8S.png -------------------------------------------------------------------------------- /docs/storage/drive-cloning.md: -------------------------------------------------------------------------------- 1 | # Drive Cloning 2 | 3 | ## Healthy Disks 4 | 5 | ```sh 6 | dd status=progress if=/dev/sdX of=/mnt/user/Backups/--.img 7 | ``` 8 | -------------------------------------------------------------------------------- /docs/topology/cluster.md: -------------------------------------------------------------------------------- 1 | # Cluster 2 | 3 | - Nodes of the same type are numbered sequentially 4 | - IP Address assigned as 10.0.5.\ 5 | - A full AZ can be removed and all groups will still have enough nodes 6 | 7 | ![](img/cluster.png) 8 | -------------------------------------------------------------------------------- /docs/topology/img/cluster.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MacroPower/homelab/cbd91bd59b926ac9de4c186cb3bd3f6566272ade/docs/topology/img/cluster.png -------------------------------------------------------------------------------- /docs/truenas-scale/jails/README.md: -------------------------------------------------------------------------------- 1 | # Jails 2 | 3 | ## k3s 4 | 5 | ./jlmkr.py create --start --config config/k3s k3s 6 | -------------------------------------------------------------------------------- /docs/truenas-scale/on-boot.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | iptables -I INPUT 1 -p tcp -m tcp --dport 6443 -j ACCEPT -m comment \ 4 | --comment "iX Custom Rule to allow connection requests to k8s cluster from all external sources" 5 | -------------------------------------------------------------------------------- /docs/turing-pi/talos.md: -------------------------------------------------------------------------------- 1 | # Talos 2 | 3 | To flash Talos, get an image here: 4 | 5 | https://factory.talos.dev/ 6 | 7 | Choose the `rpi_generic` overlay for CM4. 8 | 9 | Make sure to download the `arm64 metal disk image`. It should be a .raw.xz file. 10 | 11 | Extract the .raw and rename it to .img. 12 | 13 | You can use this .img to flash the node using the Turing Pi's web UI. 14 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/MacroPower/homelab 2 | 3 | go 1.21 4 | -------------------------------------------------------------------------------- /go.work: -------------------------------------------------------------------------------- 1 | go 1.21.4 2 | 3 | use ./applications/flux-manifests 4 | -------------------------------------------------------------------------------- /go.work.sum: -------------------------------------------------------------------------------- 1 | github.com/fatih/color v1.12.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM= 2 | github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= 3 | github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= 4 | golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 5 | -------------------------------------------------------------------------------- /konfig/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "konfig" 3 | edition = "v0.11.1" 4 | version = "0.0.1" 5 | 6 | [dependencies] 7 | charts = { path = "../charts" } 8 | k8s = "1.31.2" 9 | -------------------------------------------------------------------------------- /konfig/models/frontend/common/reference.k: -------------------------------------------------------------------------------- 1 | schema SecretKeyReference: 2 | """ 3 | SecretKeyReference is a reference to a secret key. 4 | """ 5 | name: str 6 | key: str 7 | -------------------------------------------------------------------------------- /konfig/models/frontend/grafana/dashboard.k: -------------------------------------------------------------------------------- 1 | import models.frontend.common 2 | 3 | schema GrafanaDashboard(common.Metadata): 4 | """ 5 | Grafana Dashboard 6 | """ 7 | resyncPeriod?: str = "1h" 8 | allowCrossNamespaceImport?: bool = True 9 | url?: str 10 | json?: str 11 | -------------------------------------------------------------------------------- /konfig/models/frontend/rbac/role.k: -------------------------------------------------------------------------------- 1 | import k8s.api.rbac.v1 as rbacv1 2 | import models.frontend.common 3 | 4 | schema Role(common.Metadata): 5 | """ 6 | Attributes 7 | ---------- 8 | rules: [PolicyRule], default is Undefined, optional 9 | Rules holds all the PolicyRules for this ClusterRole 10 | """ 11 | rules?: [rbacv1.PolicyRule] 12 | -------------------------------------------------------------------------------- /konfig/models/frontend/storage/redis.k: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MacroPower/homelab/cbd91bd59b926ac9de4c186cb3bd3f6566272ade/konfig/models/frontend/storage/redis.k -------------------------------------------------------------------------------- /konfig/models/metadata/metadata.k: -------------------------------------------------------------------------------- 1 | __META_REPO_URL = option("repo_url") or "https://github.com/MacroPower/homelab" 2 | __META_REVISION = option("revision") or "main" 3 | -------------------------------------------------------------------------------- /konfig/models/mixins/metadata_mixin.k: -------------------------------------------------------------------------------- 1 | mixin MetadataMixin: 2 | metadata?: {str:} = { 3 | name: name?.lower() 4 | annotations: annotations 5 | namespace: namespace 6 | labels: labels 7 | } -------------------------------------------------------------------------------- /konfig/models/protocol/app_protocol.k: -------------------------------------------------------------------------------- 1 | import models.frontend.app 2 | import models.resource 3 | 4 | protocol AppProtocol: 5 | """AppProtocol provides constraints on mixins required by the app backend.""" 6 | config: app.App 7 | kubernetes: resource.ResourceMapping 8 | -------------------------------------------------------------------------------- /konfig/models/protocol/tenant_protocol.k: -------------------------------------------------------------------------------- 1 | import models.frontend.tenant 2 | import models.resource 3 | 4 | protocol TenantProtocol: 5 | """TenantProtocol provides constraints on mixins required by the tenant backend.""" 6 | config: tenant.Tenant 7 | kubernetes: resource.ResourceMapping 8 | -------------------------------------------------------------------------------- /konfig/models/resource/resource.k: -------------------------------------------------------------------------------- 1 | schema ResourceMapping: 2 | [str]: any 3 | 4 | -------------------------------------------------------------------------------- /konfig/models/utils/env_builder.k: -------------------------------------------------------------------------------- 1 | import models.frontend.container 2 | 3 | EnvBuilder = lambda env: container.EnvMap -> [any] { 4 | [ 5 | { 6 | name = k 7 | if typeof(v) == "EnvValueFrom": 8 | valueFrom = v 9 | else: 10 | value = v 11 | } 12 | for k, v in env 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /konfig/models/utils/metadata_builder.k: -------------------------------------------------------------------------------- 1 | MetadataBuilder = lambda metadata -> {str:} { 2 | { 3 | name: metadata?.name 4 | namespace: metadata?.namespace 5 | labels: metadata?.labels 6 | annotations: metadata?.annotations 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /konfig/utils/json_merge_patch.k: -------------------------------------------------------------------------------- 1 | import json_merge_patch as p 2 | 3 | json_merge_patch = lambda a: any, b: any -> any { 4 | """ 5 | `json_merge_patch` merges two JSON objects using a JSON Merge Patch. 6 | """ 7 | p.merge(a, b) 8 | } 9 | -------------------------------------------------------------------------------- /konfig/vendored/crossplane_provider_sql/README.md: -------------------------------------------------------------------------------- 1 | # crossplane-provider-sql 2 | 3 | ## Index 4 | 5 | 6 | -------------------------------------------------------------------------------- /konfig/vendored/crossplane_provider_sql/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "crossplane-provider-sql" 3 | edition = "v0.9.0" 4 | version = "0.0.1" 5 | 6 | [dependencies] 7 | k8s = "1.28" 8 | -------------------------------------------------------------------------------- /konfig/vendored/crossplane_provider_sql/kcl.mod.lock: -------------------------------------------------------------------------------- 1 | [dependencies] 2 | [dependencies.k8s] 3 | name = "k8s" 4 | full_name = "k8s_1.28" 5 | version = "1.28" 6 | reg = "ghcr.io" 7 | repo = "kcl-lang/k8s" 8 | oci_tag = "1.28" 9 | -------------------------------------------------------------------------------- /terraform/hcloud-relay/.auto.tfvars.tpl: -------------------------------------------------------------------------------- 1 | hcloud_token = "${HCLOUD_TOKEN}" 2 | 3 | cloudflare_api_token = "${CLOUDFLARE_API_TOKEN}" 4 | 5 | public_keys_openssh = { 6 | personal = "${PERSONAL_PUBLIC_KEY_OPENSSH}" 7 | } 8 | 9 | tailscale_auth_key = "${TAILSCALE_AUTH_KEY}" 10 | -------------------------------------------------------------------------------- /terraform/hcloud-relay/get_tfvars.sh: -------------------------------------------------------------------------------- 1 | doppler run -p hcloud-relay -c main envsubst < .auto.tfvars.tpl > .auto.tfvars 2 | -------------------------------------------------------------------------------- /terraform/hcloud-robot/extra-manifests/argocd/get-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | curl -X GET https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml --output install.yaml 4 | -------------------------------------------------------------------------------- /terraform/hcloud-robot/extra-manifests/namespaces/argocd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: argocd 5 | -------------------------------------------------------------------------------- /terraform/hcloud-robot/extra-manifests/namespaces/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - argocd.yaml 6 | -------------------------------------------------------------------------------- /terraform/hcloud-robot/extra-manifests/secrets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: doppler-credentials 5 | namespace: kube-system 6 | type: Opaque 7 | -------------------------------------------------------------------------------- /terraform/hcloud-robot/modules/k3s/data.tf: -------------------------------------------------------------------------------- 1 | // github_release for kured 2 | data "github_release" "kured" { 3 | repository = "kured" 4 | owner = "weaveworks" 5 | retrieve_by = "latest" 6 | } 7 | -------------------------------------------------------------------------------- /terraform/hcloud-robot/modules/k3s/templates/cert_manager.yaml.tpl: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: cert-manager 6 | --- 7 | apiVersion: helm.cattle.io/v1 8 | kind: HelmChart 9 | metadata: 10 | name: cert-manager 11 | namespace: kube-system 12 | spec: 13 | chart: cert-manager 14 | repo: https://charts.jetstack.io 15 | targetNamespace: cert-manager 16 | valuesContent: |- 17 | ${values} 18 | -------------------------------------------------------------------------------- /terraform/hcloud-robot/modules/k3s/templates/cilium.yaml.tpl: -------------------------------------------------------------------------------- 1 | apiVersion: helm.cattle.io/v1 2 | kind: HelmChart 3 | metadata: 4 | name: cilium 5 | namespace: kube-system 6 | spec: 7 | chart: cilium 8 | repo: https://helm.cilium.io/ 9 | targetNamespace: kube-system 10 | bootstrap: true 11 | valuesContent: |- 12 | ${values} -------------------------------------------------------------------------------- /terraform/hcloud-robot/modules/k3s/templates/nginx_ingress.yaml.tpl: -------------------------------------------------------------------------------- 1 | apiVersion: helm.cattle.io/v1 2 | kind: HelmChart 3 | metadata: 4 | name: ngx 5 | namespace: kube-system 6 | spec: 7 | chart: ingress-nginx 8 | repo: https://kubernetes.github.io/ingress-nginx 9 | targetNamespace: kube-system 10 | bootstrap: true 11 | valuesContent: |- 12 | ${values} -------------------------------------------------------------------------------- /terraform/hcloud-robot/modules/k3s/templates/traefik_config.yaml.tpl: -------------------------------------------------------------------------------- 1 | apiVersion: helm.cattle.io/v1 2 | kind: HelmChartConfig 3 | metadata: 4 | name: traefik 5 | namespace: kube-system 6 | spec: 7 | failurePolicy: abort 8 | valuesContent: |- 9 | ${values} -------------------------------------------------------------------------------- /terraform/hcloud-robot/modules/k3s/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.3.3" 3 | required_providers { 4 | github = { 5 | source = "integrations/github" 6 | version = ">= 4.0.0" 7 | } 8 | local = { 9 | source = "hashicorp/local" 10 | version = ">= 2.0.0" 11 | } 12 | remote = { 13 | source = "tenstad/remote" 14 | version = ">= 0.0.23" 15 | } 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /terraform/hcloud/extra-manifests/argocd/get-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | curl -X GET https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml --output install.yaml 4 | -------------------------------------------------------------------------------- /terraform/hcloud/extra-manifests/namespaces/argocd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: argocd 5 | -------------------------------------------------------------------------------- /terraform/hcloud/extra-manifests/namespaces/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - argocd.yaml 6 | -------------------------------------------------------------------------------- /terraform/hcloud/extra-manifests/secrets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: doppler-credentials 5 | namespace: kube-system 6 | type: Opaque 7 | -------------------------------------------------------------------------------- /terraform/hcloud/modules/floating-ip/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.3.3" 3 | required_providers { 4 | hcloud = { 5 | source = "hetznercloud/hcloud" 6 | version = ">= 1.35.2" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /terraform/hcloud/output.tf: -------------------------------------------------------------------------------- 1 | output "kubeconfig" { 2 | description = "Kubeconfig file content with external IP address" 3 | value = module.kube-hetzner.kubeconfig 4 | sensitive = true 5 | } 6 | 7 | output "kubeconfig_data" { 8 | description = "Structured kubeconfig data to supply to other providers" 9 | value = module.kube-hetzner.kubeconfig_data 10 | sensitive = true 11 | } 12 | -------------------------------------------------------------------------------- /terraform/hcloud/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.2.0" 3 | required_providers { 4 | hcloud = { 5 | source = "hetznercloud/hcloud" 6 | version = ">= 1.35.1" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /terraform/home/.auto.tfvars.tpl: -------------------------------------------------------------------------------- 1 | nas01_fqdn = "nas01.cin.macro.network" 2 | nas01_ipv4 = "10.10.1.1" 3 | nas01_api_key = "${NAS01_API_KEY}" 4 | 5 | unifi_username = "${UNIFI_USERNAME}" 6 | unifi_password = "${UNIFI_PASSWORD}" 7 | unifi_api_url = "https://unifi.cin.macro.network" 8 | unifi_site = "default" 9 | 10 | domain_name = "cin.macro.network" 11 | 12 | doppler_token = "${TERRAFORM_DOPPLER_TOKEN}" 13 | -------------------------------------------------------------------------------- /terraform/home/get_kubeconfig.sh: -------------------------------------------------------------------------------- 1 | terraform output -raw kubeconfig > kubeconfig.yaml 2 | 3 | cp ~/.kube/config ~/.kube/config.bak 4 | KUBECONFIG=~/.kube/config.bak:kubeconfig.yaml kubectl config view --flatten > ~/.kube/config 5 | -------------------------------------------------------------------------------- /terraform/home/get_tfvars.sh: -------------------------------------------------------------------------------- 1 | doppler run -p terraform -c main_home envsubst < .auto.tfvars.tpl > .auto.tfvars 2 | -------------------------------------------------------------------------------- /terraform/home/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | cloud { 3 | organization = "MacroPower" 4 | hostname = "app.terraform.io" 5 | 6 | workspaces { 7 | name = "home" 8 | } 9 | } 10 | } 11 | 12 | data "doppler_secrets" "tf_main_home" { 13 | project = "terraform" 14 | config = "main_home" 15 | } 16 | -------------------------------------------------------------------------------- /terraform/home/modules/mikrotik-api/outputs.tf: -------------------------------------------------------------------------------- 1 | output "identity" { 2 | value = routeros_system_identity.identity.name 3 | } 4 | -------------------------------------------------------------------------------- /terraform/home/modules/mikrotik-api/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | routeros = { 4 | source = "terraform-routeros/routeros" 5 | } 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /terraform/home/modules/mikrotik-api/variables.tf: -------------------------------------------------------------------------------- 1 | variable "name" { 2 | type = string 3 | } 4 | 5 | variable "ipv4" { 6 | type = string 7 | } 8 | -------------------------------------------------------------------------------- /terraform/home/modules/mikrotik/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | routeros = { 4 | source = "terraform-routeros/routeros" 5 | } 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /terraform/home/modules/mikrotik/variables.tf: -------------------------------------------------------------------------------- 1 | variable "name" { 2 | type = string 3 | } 4 | -------------------------------------------------------------------------------- /terraform/home/modules/truenas-k3s/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | remote = { 4 | source = "tenstad/remote" 5 | version = "0.1.3" 6 | } 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /terraform/modules/truenas/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | truenas = { 4 | source = "dariusbakunas/truenas" 5 | version = "0.11.1" 6 | } 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /terraform/modules/unifi/outputs.tf: -------------------------------------------------------------------------------- 1 | output "port_profile" { 2 | value = { 3 | for k, v in merge(unifi_port_profile.lan, {disabled = unifi_port_profile.disabled}) : k => { 4 | id = v.id 5 | } 6 | } 7 | } 8 | 9 | output "default_network_id" { 10 | value = unifi_network.lan_default.id 11 | } 12 | -------------------------------------------------------------------------------- /terraform/modules/unifi/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | unifi = { 4 | source = "akerl/unifi" 5 | } 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /terraform/remote-spr/.auto.tfvars.tpl: -------------------------------------------------------------------------------- 1 | unifi_username = "${UNIFI_USERNAME}" 2 | unifi_password = "${UNIFI_PASSWORD}" 3 | unifi_api_url = "https://unifi.spr.macro.network" 4 | unifi_site = "default" 5 | 6 | domain_name = "spr.macro.network" 7 | -------------------------------------------------------------------------------- /terraform/remote-spr/get_tfvars.sh: -------------------------------------------------------------------------------- 1 | doppler run -p terraform -c main_remote_spr envsubst < .auto.tfvars.tpl > .auto.tfvars 2 | -------------------------------------------------------------------------------- /terraform/remote-spr/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | cloud { 3 | organization = "MacroPower" 4 | hostname = "app.terraform.io" 5 | 6 | workspaces { 7 | name = "remote-spr" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /terraform/remote-spr/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | unifi = { 4 | source = "akerl/unifi" 5 | version = "0.41.10" 6 | } 7 | } 8 | } 9 | 10 | provider "unifi" { 11 | username = var.unifi_username 12 | password = var.unifi_password 13 | api_url = var.unifi_api_url 14 | site = var.unifi_site 15 | allow_insecure = true 16 | } 17 | -------------------------------------------------------------------------------- /terraform/remote-spr/variables.tf: -------------------------------------------------------------------------------- 1 | variable "domain_name" { 2 | type = string 3 | } 4 | 5 | variable "unifi_username" { 6 | type = string 7 | } 8 | 9 | variable "unifi_password" { 10 | type = string 11 | sensitive = true 12 | } 13 | 14 | variable "unifi_api_url" { 15 | type = string 16 | } 17 | 18 | variable "unifi_site" { 19 | type = string 20 | } 21 | --------------------------------------------------------------------------------