├── clusters ├── main │ ├── kcl.mod.lock │ ├── kcl.mod │ ├── main.k │ ├── .gitignore │ ├── manifests │ │ ├── volume-zfs-pool.yaml │ │ └── volume-mayastor-pool.yaml │ └── talsecret.yaml └── mgmt │ ├── kcl.mod.lock │ ├── kcl.mod │ ├── .gitignore │ ├── main.k │ └── talsecret.yaml ├── konfig ├── models │ ├── frontend │ │ ├── storage │ │ │ └── redis.k │ │ ├── common │ │ │ └── reference.k │ │ ├── gateway │ │ │ ├── gateway.k │ │ │ ├── security_policy.k │ │ │ └── route.k │ │ ├── grafana │ │ │ └── dashboard.k │ │ ├── rbac │ │ │ ├── role.k │ │ │ ├── role_binding.k │ │ │ └── cluster_role_binding.k │ │ └── tenant.k │ ├── resource │ │ └── resource.k │ ├── metadata │ │ └── metadata.k │ ├── mixins │ │ ├── metadata_mixin.k │ │ ├── configmap_mixin.k │ │ ├── serviceaccount_mixin.k │ │ ├── chart_mixin.k │ │ └── networkpolicy_mixin.k │ ├── utils │ │ ├── metadata_builder.k │ │ ├── env_builder.k │ │ └── dashboard_builder.k │ └── protocol │ │ ├── app_protocol.k │ │ └── tenant_protocol.k ├── kcl.mod ├── objects │ └── json_merge_patch.k └── files │ └── files.k ├── apps ├── .template │ ├── .gitignore │ └── templates │ │ ├── app │ │ ├── base │ │ │ ├── values.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ ├── main │ │ │ ├── values.yaml │ │ │ ├── .app-disabled.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ └── mgmt │ │ │ ├── values.yaml │ │ │ ├── .app-disabled.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ └── _tenant │ │ ├── base │ │ ├── main.k │ │ ├── .tenant-disabled.yaml │ │ └── kcl.mod │ │ └── shared │ │ ├── .tenant-disabled.yaml │ │ ├── main.k │ │ └── kcl.mod ├── starr │ ├── system │ │ ├── main │ │ │ ├── main.k │ │ │ ├── .app.yaml │ │ │ └── kcl.mod │ │ └── base │ │ │ └── kcl.mod │ ├── radarr │ │ ├── main │ │ │ ├── values.yaml │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ └── base │ │ │ ├── kcl.mod │ │ │ └── tofu │ │ │ └── providers.tf │ ├── sonarr │ │ ├── main │ │ │ ├── values.yaml │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ └── base │ │ │ ├── kcl.mod │ │ │ └── tofu │ │ │ └── providers.tf │ ├── configarr │ │ ├── main │ │ │ ├── values.yaml │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ └── base │ │ │ └── kcl.mod │ ├── prowlarr │ │ ├── main │ │ │ ├── values.yaml │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ └── base │ │ │ ├── kcl.mod │ │ │ └── tofu │ │ │ └── providers.tf │ ├── qbt │ │ └── base │ │ │ ├── kcl.mod │ │ │ └── main.k │ ├── qbt-tv │ │ ├── main │ │ │ ├── main.k │ │ │ ├── .app.yaml │ │ │ └── kcl.mod │ │ └── base │ │ │ ├── kcl.mod │ │ │ └── values.yaml │ ├── qbt-audio │ │ ├── main │ │ │ ├── main.k │ │ │ ├── .app.yaml │ │ │ └── kcl.mod │ │ └── base │ │ │ ├── kcl.mod │ │ │ └── values.yaml │ ├── qbt-movies │ │ ├── main │ │ │ ├── main.k │ │ │ ├── .app.yaml │ │ │ └── kcl.mod │ │ └── base │ │ │ ├── kcl.mod │ │ │ └── values.yaml │ └── _tenant │ │ ├── base │ │ ├── .tenant.yaml │ │ ├── kcl.mod.lock │ │ ├── kcl.mod │ │ └── main.k │ │ └── shared │ │ ├── .tenant.yaml │ │ ├── kcl.mod │ │ └── main.k ├── kube │ ├── nack │ │ ├── main │ │ │ ├── values.yaml │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ └── base │ │ │ ├── values.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ ├── openebs │ │ ├── mgmt │ │ │ ├── values.yaml │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ ├── base │ │ │ ├── kcl.mod │ │ │ ├── main.k │ │ │ └── values.yaml │ │ └── main │ │ │ ├── .app.yaml │ │ │ └── kcl.mod │ ├── spegel │ │ ├── main │ │ │ ├── values.yaml │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ ├── mgmt │ │ │ ├── values.yaml │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ └── base │ │ │ ├── kcl.mod │ │ │ └── main.k │ ├── reloader │ │ ├── main │ │ │ ├── values.yaml │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ ├── mgmt │ │ │ ├── values.yaml │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ └── base │ │ │ ├── kcl.mod │ │ │ ├── values.yaml │ │ │ └── main.k │ ├── descheduler │ │ ├── main │ │ │ ├── values.yaml │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ ├── mgmt │ │ │ ├── values.yaml │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ └── base │ │ │ ├── kcl.mod │ │ │ └── main.k │ ├── _tenant │ │ ├── base │ │ │ ├── main.k │ │ │ ├── .tenant.yaml │ │ │ └── kcl.mod │ │ └── shared │ │ │ ├── main.k │ │ │ ├── .tenant.yaml │ │ │ └── kcl.mod │ ├── metrics-server │ │ ├── main │ │ │ ├── values.yaml │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ ├── mgmt │ │ │ ├── .app.yaml │ │ │ ├── values.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ └── base │ │ │ ├── kcl.mod │ │ │ ├── values.yaml │ │ │ └── main.k │ ├── volsync │ │ ├── base │ │ │ ├── values.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ └── main │ │ │ ├── .app.yaml │ │ │ ├── values.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ ├── csr-approver │ │ ├── base │ │ │ └── kcl.mod │ │ ├── main │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ └── mgmt │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ └── dragonfly │ │ ├── base │ │ ├── kcl.mod │ │ └── main.k │ │ └── mgmt │ │ ├── .app.yaml │ │ ├── kcl.mod │ │ ├── values.yaml │ │ └── main.k ├── o11y │ ├── robusta │ │ ├── main │ │ │ ├── values.yaml │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ └── base │ │ │ └── kcl.mod │ ├── _tenant │ │ ├── base │ │ │ ├── main.k │ │ │ ├── .tenant.yaml │ │ │ └── kcl.mod │ │ └── shared │ │ │ ├── .tenant.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ ├── osrs-ge-exporter │ │ ├── main │ │ │ ├── values.yaml │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ └── base │ │ │ ├── kcl.mod │ │ │ ├── main.k │ │ │ └── values.yaml │ ├── wakatime-exporter │ │ ├── main │ │ │ ├── values.yaml │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ └── base │ │ │ ├── kcl.mod │ │ │ └── values.yaml │ ├── loki │ │ ├── base │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ └── main │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ └── values.yaml │ ├── mimir │ │ ├── base │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ └── main │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ └── values.yaml │ ├── tempo │ │ ├── base │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ └── main │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ └── values.yaml │ ├── grafana │ │ ├── base │ │ │ └── kcl.mod │ │ └── main │ │ │ ├── .app.yaml │ │ │ └── kcl.mod │ ├── seaweedfs │ │ ├── base │ │ │ ├── kcl.mod │ │ │ └── values.yaml │ │ └── main │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ └── k8s-monitoring │ │ ├── base │ │ ├── kcl.mod │ │ └── main.k │ │ └── main │ │ ├── .app.yaml │ │ ├── kcl.mod │ │ ├── main.k │ │ └── values.yaml ├── cilium │ ├── tetragon │ │ ├── main │ │ │ ├── values.yaml │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ ├── mgmt │ │ │ ├── values.yaml │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ └── base │ │ │ ├── kcl.mod │ │ │ └── values.yaml │ ├── _tenant │ │ ├── base │ │ │ ├── main.k │ │ │ ├── .tenant.yaml │ │ │ └── kcl.mod │ │ └── shared │ │ │ ├── main.k │ │ │ ├── .tenant.yaml │ │ │ └── kcl.mod │ └── system │ │ ├── base │ │ └── kcl.mod │ │ ├── main │ │ ├── .app.yaml │ │ ├── kcl.mod │ │ └── values.yaml │ │ └── mgmt │ │ ├── .app.yaml │ │ ├── kcl.mod │ │ └── values.yaml ├── public │ ├── adguard │ │ ├── main │ │ │ ├── values.yaml │ │ │ ├── .app.yaml │ │ │ └── kcl.mod │ │ └── base │ │ │ └── kcl.mod │ ├── homepage │ │ ├── main │ │ │ ├── values.yaml │ │ │ ├── .app.yaml │ │ │ └── kcl.mod │ │ ├── mgmt │ │ │ ├── values.yaml │ │ │ ├── .app.yaml │ │ │ └── kcl.mod │ │ └── base │ │ │ ├── config │ │ │ ├── kubernetes.yaml │ │ │ ├── settings.yaml │ │ │ └── widgets.yaml │ │ │ └── kcl.mod │ ├── opencloud │ │ ├── base │ │ │ └── kcl.mod │ │ └── main │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ ├── main.k │ │ │ └── values.yaml │ └── _tenant │ │ ├── base │ │ ├── .tenant.yaml │ │ ├── kcl.mod │ │ └── main.k │ │ └── shared │ │ ├── .tenant.yaml │ │ ├── kcl.mod │ │ └── main.k ├── envoy │ ├── gateway │ │ ├── main │ │ │ ├── values.yaml │ │ │ ├── .app.yaml │ │ │ └── kcl.mod │ │ ├── mgmt │ │ │ ├── values.yaml │ │ │ ├── .app.yaml │ │ │ └── kcl.mod │ │ └── base │ │ │ ├── kcl.mod │ │ │ └── values.yaml │ └── _tenant │ │ ├── base │ │ ├── main.k │ │ ├── .tenant.yaml │ │ └── kcl.mod │ │ └── shared │ │ ├── main.k │ │ ├── .tenant.yaml │ │ └── kcl.mod ├── argo │ ├── _tenant │ │ ├── base │ │ │ ├── main.k │ │ │ ├── .tenant.yaml │ │ │ └── kcl.mod │ │ └── shared │ │ │ ├── .tenant.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ └── cd │ │ ├── base │ │ ├── kcl.mod │ │ └── main.k │ │ └── mgmt │ │ ├── .app.yaml │ │ └── kcl.mod ├── cnpg │ ├── _tenant │ │ ├── base │ │ │ ├── main.k │ │ │ ├── .tenant.yaml │ │ │ ├── kcl.mod.lock │ │ │ └── kcl.mod │ │ └── shared │ │ │ ├── .tenant.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ └── system │ │ ├── base │ │ ├── kcl.mod │ │ ├── values.yaml │ │ └── main.k │ │ ├── main │ │ ├── values.yaml │ │ ├── .app.yaml │ │ ├── kcl.mod │ │ └── main.k │ │ └── mgmt │ │ ├── values.yaml │ │ ├── .app.yaml │ │ ├── kcl.mod │ │ └── main.k ├── twitch │ ├── channel-points-miner │ │ ├── main │ │ │ ├── values.yaml │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ └── base │ │ │ ├── kcl.mod │ │ │ ├── README.md │ │ │ └── values.yaml │ └── _tenant │ │ ├── base │ │ ├── .tenant.yaml │ │ ├── kcl.mod.lock │ │ ├── kcl.mod │ │ └── main.k │ │ └── shared │ │ ├── .tenant.yaml │ │ ├── kcl.mod │ │ └── main.k ├── external │ ├── _tenant │ │ ├── base │ │ │ ├── main.k │ │ │ ├── .tenant.yaml │ │ │ └── kcl.mod │ │ └── shared │ │ │ ├── .tenant.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ ├── dns │ │ ├── base │ │ │ ├── kcl.mod │ │ │ └── values.yaml │ │ ├── main │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ └── mgmt │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ ├── certs │ │ ├── base │ │ │ └── kcl.mod │ │ ├── main │ │ │ ├── .app.yaml │ │ │ └── kcl.mod │ │ └── mgmt │ │ │ ├── .app.yaml │ │ │ └── kcl.mod │ └── secrets │ │ ├── base │ │ ├── kcl.mod │ │ └── values.yaml │ │ ├── main │ │ ├── .app.yaml │ │ ├── kcl.mod │ │ └── main.k │ │ └── mgmt │ │ ├── .app.yaml │ │ ├── kcl.mod │ │ └── main.k ├── crossplane │ ├── _tenant │ │ ├── base │ │ │ ├── main.k │ │ │ ├── .tenant.yaml │ │ │ └── kcl.mod │ │ └── shared │ │ │ ├── .tenant.yaml │ │ │ ├── main.k │ │ │ └── kcl.mod │ ├── providers │ │ ├── base │ │ │ ├── kcl.mod │ │ │ └── main.k │ │ └── main │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ └── system │ │ ├── main │ │ ├── .app.yaml │ │ ├── kcl.mod │ │ ├── values.yaml │ │ └── main.k │ │ ├── mgmt │ │ ├── .app.yaml │ │ ├── kcl.mod │ │ ├── values.yaml │ │ └── main.k │ │ └── base │ │ ├── kcl.mod │ │ ├── values.yaml │ │ └── main.k ├── securecodebox │ ├── _tenant │ │ ├── base │ │ │ ├── main.k │ │ │ ├── .tenant.yaml │ │ │ ├── kcl.mod.lock │ │ │ └── kcl.mod │ │ └── shared │ │ │ ├── .tenant.yaml │ │ │ ├── kcl.mod │ │ │ └── main.k │ ├── system │ │ ├── base │ │ │ ├── values.yaml │ │ │ └── kcl.mod │ │ └── main │ │ │ ├── .app.yaml │ │ │ ├── kcl.mod │ │ │ └── values.yaml │ ├── scanners │ │ ├── main │ │ │ ├── .app.yaml │ │ │ └── kcl.mod │ │ └── base │ │ │ ├── kcl.mod │ │ │ └── config │ │ │ ├── stdout.sh │ │ │ └── hooks.yaml │ └── seaweedfs │ │ ├── main │ │ ├── .app.yaml │ │ ├── kcl.mod │ │ └── main.k │ │ └── base │ │ ├── kcl.mod │ │ └── values.yaml └── truenas │ ├── command │ ├── base │ │ └── kcl.mod │ └── main │ │ ├── .app.yaml │ │ ├── kcl.mod │ │ ├── values.yaml │ │ └── main.k │ └── _tenant │ ├── base │ ├── .tenant.yaml │ ├── kcl.mod │ └── main.k │ └── shared │ ├── main.k │ ├── .tenant.yaml │ └── kcl.mod ├── docs ├── dns │ ├── README.md │ └── img │ │ └── dns.png ├── img │ ├── k8shappy.png │ ├── k8spega.png │ ├── peepoK8S.png │ └── k8spega_sq.png ├── topology │ ├── img │ │ └── cluster.png │ └── cluster.md ├── truenas-scale │ ├── on-boot.sh │ ├── nas01 │ │ └── setup.md │ └── robot01 │ │ └── setup.md ├── storage │ ├── drive-cloning.md │ ├── rclone-copy.md │ └── drive-erasure.md └── turing-pi │ ├── talos.md │ └── setup.md ├── go.mod ├── terraform ├── home │ ├── modules │ │ ├── mikrotik │ │ │ ├── variables.tf │ │ │ ├── providers.tf │ │ │ └── main.tf │ │ ├── mikrotik-api │ │ │ ├── outputs.tf │ │ │ ├── variables.tf │ │ │ └── providers.tf │ │ └── truenas-k3s │ │ │ ├── providers.tf │ │ │ └── variables.tf │ ├── get_tfvars.sh │ ├── get_kubeconfig.sh │ ├── main.tf │ ├── .auto.tfvars.tpl │ ├── nas01.tf │ ├── providers.tf │ └── variables.tf ├── remote-spr │ ├── get_tfvars.sh │ ├── main.tf │ ├── .auto.tfvars.tpl │ ├── variables.tf │ └── providers.tf ├── hcloud-robot │ ├── extra-manifests │ │ ├── namespaces │ │ │ ├── argocd.yaml │ │ │ └── kustomization.yaml │ │ ├── secrets.yaml │ │ ├── argocd │ │ │ └── get-install.sh │ │ ├── kustomization.yaml.tpl │ │ └── apps.yaml │ ├── modules │ │ └── k3s │ │ │ ├── data.tf │ │ │ ├── templates │ │ │ ├── traefik_config.yaml.tpl │ │ │ ├── cilium.yaml.tpl │ │ │ ├── nginx_ingress.yaml.tpl │ │ │ ├── cert_manager.yaml.tpl │ │ │ ├── rancher.yaml.tpl │ │ │ └── calico.yaml.tpl │ │ │ ├── versions.tf │ │ │ ├── modules │ │ │ └── host │ │ │ │ └── out.tf │ │ │ ├── kustomize │ │ │ ├── kured.yaml │ │ │ └── system-upgrade-controller.yaml │ │ │ └── kustomization_backup.tf │ └── variables.tf ├── modules │ ├── unifi │ │ ├── providers.tf │ │ ├── outputs.tf │ │ └── clients.tf │ ├── truenas │ │ └── providers.tf │ └── unifi-common │ │ └── outputs.tf ├── auth │ ├── main.tf │ ├── variables.tf │ └── connections.tf └── hcloud-wireguard │ └── variables.tf ├── bootstrap └── core │ ├── nas01 │ ├── main.k │ └── kcl.mod │ ├── base │ ├── kcl.mod │ └── main.k │ ├── main │ ├── kcl.mod │ └── main.k │ ├── robot │ ├── kcl.mod │ └── main.k │ └── mgmt │ └── kcl.mod ├── .vscode └── mcp.json ├── charts ├── adguard │ ├── values.schema.json │ └── values.schema.k ├── mimir │ ├── values.schema.json │ └── values.schema.k ├── opentofu │ ├── values.schema.json │ └── values.schema.k ├── kcl.mod └── cilium │ └── chart.k ├── .editorconfig ├── .taskfiles ├── renovate │ └── Taskfile.yaml ├── rook-ceph │ └── scripts │ │ └── wait-for-job.sh ├── kube │ └── templates │ │ └── netshoot.tmpl.yaml ├── repo │ └── Taskfile.yaml └── terraform │ └── Taskfile.yaml ├── .envrc └── .katrc.yaml /clusters/main/kcl.mod.lock: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /clusters/mgmt/kcl.mod.lock: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /konfig/models/frontend/storage/redis.k: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /apps/.template/.gitignore: -------------------------------------------------------------------------------- 1 | kcl.mod.lock 2 | -------------------------------------------------------------------------------- /docs/dns/README.md: -------------------------------------------------------------------------------- 1 | # DNS 2 | 3 | ## Diagram 4 | 5 | ![](img/dns.png) 6 | -------------------------------------------------------------------------------- /clusters/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "cluster_main" 3 | version = "0.1.0" 4 | -------------------------------------------------------------------------------- /clusters/mgmt/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "cluster_mgmt" 3 | version = "0.1.0" 4 | -------------------------------------------------------------------------------- /konfig/models/resource/resource.k: -------------------------------------------------------------------------------- 1 | schema ResourceMapping: 2 | [str]: any 3 | 4 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/macropower/homelab 2 | 3 | go 1.24 4 | 5 | toolchain go1.25.5 6 | -------------------------------------------------------------------------------- /terraform/home/modules/mikrotik/variables.tf: -------------------------------------------------------------------------------- 1 | variable "name" { 2 | type = string 3 | } 4 | -------------------------------------------------------------------------------- /docs/dns/img/dns.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MacroPower/homelab/HEAD/docs/dns/img/dns.png -------------------------------------------------------------------------------- /docs/img/k8shappy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MacroPower/homelab/HEAD/docs/img/k8shappy.png -------------------------------------------------------------------------------- /docs/img/k8spega.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MacroPower/homelab/HEAD/docs/img/k8spega.png -------------------------------------------------------------------------------- /docs/img/peepoK8S.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MacroPower/homelab/HEAD/docs/img/peepoK8S.png -------------------------------------------------------------------------------- /apps/starr/system/main/main.k: -------------------------------------------------------------------------------- 1 | import starr_system_base 2 | 3 | app = starr_system_base.app | {} 4 | -------------------------------------------------------------------------------- /docs/img/k8spega_sq.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MacroPower/homelab/HEAD/docs/img/k8spega_sq.png -------------------------------------------------------------------------------- /clusters/main/main.k: -------------------------------------------------------------------------------- 1 | NAME = "main" 2 | DOMAIN_NAME = "main.cin.macro.network" 3 | FRIENDLY_NAME = "Main" 4 | -------------------------------------------------------------------------------- /docs/topology/img/cluster.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MacroPower/homelab/HEAD/docs/topology/img/cluster.png -------------------------------------------------------------------------------- /terraform/home/get_tfvars.sh: -------------------------------------------------------------------------------- 1 | doppler run -p terraform -c main_home envsubst < .auto.tfvars.tpl > .auto.tfvars 2 | -------------------------------------------------------------------------------- /bootstrap/core/nas01/main.k: -------------------------------------------------------------------------------- 1 | import bootstrap 2 | 3 | _cluster_name = "nas01" 4 | 5 | app = bootstrap.app | {} 6 | -------------------------------------------------------------------------------- /clusters/main/.gitignore: -------------------------------------------------------------------------------- 1 | cluster/ 2 | clusterconfig/ 3 | *.macro.network/ 4 | kubernetesResources/ 5 | support.zip 6 | -------------------------------------------------------------------------------- /clusters/mgmt/.gitignore: -------------------------------------------------------------------------------- 1 | cluster/ 2 | clusterconfig/ 3 | *.macro.network/ 4 | kubernetesResources/ 5 | support.zip 6 | -------------------------------------------------------------------------------- /clusters/mgmt/main.k: -------------------------------------------------------------------------------- 1 | NAME = "mgmt" 2 | DOMAIN_NAME = "mgmt.cin.macro.network" 3 | FRIENDLY_NAME = "Management" 4 | -------------------------------------------------------------------------------- /apps/kube/nack/main/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/nack/values.schema.json 2 | 3 | {} 4 | -------------------------------------------------------------------------------- /apps/kube/openebs/mgmt/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/openebs/values.schema.json 2 | 3 | {} 4 | -------------------------------------------------------------------------------- /apps/kube/spegel/main/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/spegel/values.schema.json 2 | 3 | {} 4 | -------------------------------------------------------------------------------- /apps/kube/spegel/mgmt/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/spegel/values.schema.json 2 | 3 | {} 4 | -------------------------------------------------------------------------------- /apps/o11y/robusta/main/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/robusta/values.schema.json 2 | 3 | {} 4 | -------------------------------------------------------------------------------- /apps/starr/radarr/main/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/radarr/values.schema.json 2 | 3 | {} 4 | -------------------------------------------------------------------------------- /apps/starr/sonarr/main/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/sonarr/values.schema.json 2 | 3 | {} 4 | -------------------------------------------------------------------------------- /terraform/remote-spr/get_tfvars.sh: -------------------------------------------------------------------------------- 1 | doppler run -p terraform -c main_remote_spr envsubst < .auto.tfvars.tpl > .auto.tfvars 2 | -------------------------------------------------------------------------------- /apps/cilium/tetragon/main/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/tetragon/values.schema.json 2 | 3 | {} 4 | -------------------------------------------------------------------------------- /apps/cilium/tetragon/mgmt/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/tetragon/values.schema.json 2 | 3 | {} 4 | -------------------------------------------------------------------------------- /apps/kube/reloader/main/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/reloader/values.schema.json 2 | 3 | {} 4 | -------------------------------------------------------------------------------- /apps/kube/reloader/mgmt/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/reloader/values.schema.json 2 | 3 | {} 4 | -------------------------------------------------------------------------------- /apps/public/adguard/main/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/adguard/values.schema.json 2 | 3 | {} 4 | -------------------------------------------------------------------------------- /apps/public/homepage/main/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/homepage/values.schema.json 2 | 3 | {} 4 | -------------------------------------------------------------------------------- /apps/public/homepage/mgmt/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/homepage/values.schema.json 2 | 3 | {} 4 | -------------------------------------------------------------------------------- /apps/starr/configarr/main/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/configarr/values.schema.json 2 | 3 | {} 4 | -------------------------------------------------------------------------------- /apps/starr/prowlarr/main/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/prowlarr/values.schema.json 2 | 3 | {} 4 | -------------------------------------------------------------------------------- /terraform/hcloud-robot/extra-manifests/namespaces/argocd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: argocd 5 | -------------------------------------------------------------------------------- /terraform/home/modules/mikrotik-api/outputs.tf: -------------------------------------------------------------------------------- 1 | output "identity" { 2 | value = routeros_system_identity.identity.name 3 | } 4 | -------------------------------------------------------------------------------- /apps/envoy/gateway/main/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/envoy_gateway/values.schema.json 2 | 3 | {} 4 | -------------------------------------------------------------------------------- /apps/envoy/gateway/mgmt/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/envoy_gateway/values.schema.json 2 | 3 | {} 4 | -------------------------------------------------------------------------------- /apps/kube/descheduler/main/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/descheduler/values.schema.json 2 | 3 | {} 4 | -------------------------------------------------------------------------------- /apps/kube/descheduler/mgmt/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/descheduler/values.schema.json 2 | 3 | {} 4 | -------------------------------------------------------------------------------- /apps/argo/_tenant/base/main.k: -------------------------------------------------------------------------------- 1 | import konfig.models.frontend 2 | 3 | tenantConfiguration = frontend.Tenant { 4 | name = "argo" 5 | } 6 | -------------------------------------------------------------------------------- /apps/cnpg/_tenant/base/main.k: -------------------------------------------------------------------------------- 1 | import konfig.models.frontend 2 | 3 | tenantConfiguration = frontend.Tenant { 4 | name = "cnpg" 5 | } 6 | -------------------------------------------------------------------------------- /apps/envoy/_tenant/base/main.k: -------------------------------------------------------------------------------- 1 | import konfig.models.frontend 2 | 3 | tenantConfiguration = frontend.Tenant { 4 | name = "envoy" 5 | } 6 | -------------------------------------------------------------------------------- /apps/kube/_tenant/base/main.k: -------------------------------------------------------------------------------- 1 | import konfig.models.frontend 2 | 3 | tenantConfiguration = frontend.Tenant { 4 | name = "kube" 5 | } 6 | -------------------------------------------------------------------------------- /apps/kube/metrics-server/main/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/metrics_server/values.schema.json 2 | 3 | {} 4 | -------------------------------------------------------------------------------- /apps/o11y/_tenant/base/main.k: -------------------------------------------------------------------------------- 1 | import konfig.models.frontend 2 | 3 | tenantConfiguration = frontend.Tenant { 4 | name = "o11y" 5 | } 6 | -------------------------------------------------------------------------------- /apps/twitch/channel-points-miner/main/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/tcpm/values.schema.json 2 | 3 | {} 4 | -------------------------------------------------------------------------------- /apps/.template/templates/app/base/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/{{.AppName}}/values.schema.json 2 | 3 | {} 4 | -------------------------------------------------------------------------------- /apps/.template/templates/app/main/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/{{.AppName}}/values.schema.json 2 | 3 | {} 4 | -------------------------------------------------------------------------------- /apps/.template/templates/app/mgmt/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/{{.AppName}}/values.schema.json 2 | 3 | {} 4 | -------------------------------------------------------------------------------- /apps/cilium/_tenant/base/main.k: -------------------------------------------------------------------------------- 1 | import konfig.models.frontend 2 | 3 | tenantConfiguration = frontend.Tenant { 4 | name = "cilium" 5 | } 6 | -------------------------------------------------------------------------------- /apps/external/_tenant/base/main.k: -------------------------------------------------------------------------------- 1 | import konfig.models.frontend 2 | 3 | tenantConfiguration = frontend.Tenant { 4 | name = "external" 5 | } 6 | -------------------------------------------------------------------------------- /apps/o11y/osrs-ge-exporter/main/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/osrs_ge_exporter/values.schema.json 2 | 3 | {} 4 | -------------------------------------------------------------------------------- /apps/o11y/wakatime-exporter/main/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/wakatime_exporter/values.schema.json 2 | 3 | {} 4 | -------------------------------------------------------------------------------- /apps/crossplane/_tenant/base/main.k: -------------------------------------------------------------------------------- 1 | import konfig.models.frontend 2 | 3 | tenantConfiguration = frontend.Tenant { 4 | name = "crossplane" 5 | } 6 | -------------------------------------------------------------------------------- /terraform/home/modules/mikrotik-api/variables.tf: -------------------------------------------------------------------------------- 1 | variable "name" { 2 | type = string 3 | } 4 | 5 | variable "ipv4" { 6 | type = string 7 | } 8 | -------------------------------------------------------------------------------- /apps/argo/cd/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "argo_cd_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | argo = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/kube/nack/base/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/nack/values.schema.json 2 | 3 | namespaced: false 4 | readOnly: false 5 | -------------------------------------------------------------------------------- /apps/kube/volsync/base/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/volsync/values.schema.json 2 | 3 | metrics: 4 | disableAuth: true 5 | -------------------------------------------------------------------------------- /apps/public/homepage/base/config/kubernetes.yaml: -------------------------------------------------------------------------------- 1 | # https://gethomepage.dev/configs/kubernetes/ 2 | 3 | mode: cluster 4 | ingress: true 5 | gateway: true 6 | -------------------------------------------------------------------------------- /apps/securecodebox/_tenant/base/main.k: -------------------------------------------------------------------------------- 1 | import konfig.models.frontend 2 | 3 | tenantConfiguration = frontend.Tenant { 4 | name = "securecodebox" 5 | } 6 | -------------------------------------------------------------------------------- /terraform/modules/unifi/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | unifi = { 4 | source = "akerl/unifi" 5 | } 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /apps/kube/nack/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_nack_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | kube = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/o11y/loki/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "o11y_loki_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | o11y = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/o11y/mimir/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "o11y_mimir_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | o11y = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/o11y/tempo/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "o11y_tempo_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | o11y = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/starr/qbt/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "starr_qbt_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | konfig = { path = "../../../../konfig" } 7 | -------------------------------------------------------------------------------- /apps/.template/templates/_tenant/base/main.k: -------------------------------------------------------------------------------- 1 | import konfig.models.frontend 2 | 3 | tenantConfiguration = frontend.Tenant { 4 | name = "{{.TenantName}}" 5 | } 6 | -------------------------------------------------------------------------------- /apps/cnpg/system/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "cnpg_system_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | cnpg = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/kube/openebs/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_openebs_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | kube = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/kube/reloader/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_reloader_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | kube = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/kube/spegel/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_spegel_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | kube = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/kube/volsync/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_volsync_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | kube = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/o11y/grafana/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "o11y_grafana_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | o11y = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/o11y/robusta/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "o11y_robusta_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | o11y = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/securecodebox/system/base/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/securecodebox/values.schema.json 2 | 3 | minio: 4 | enabled: false 5 | -------------------------------------------------------------------------------- /apps/starr/qbt-tv/main/main.k: -------------------------------------------------------------------------------- 1 | import cluster 2 | import starr_qbt_tv_base 3 | 4 | app = starr_qbt_tv_base.app | { 5 | domainName = cluster.DOMAIN_NAME 6 | } 7 | -------------------------------------------------------------------------------- /apps/starr/radarr/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "starr_radarr_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | starr = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/starr/sonarr/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "starr_sonarr_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | starr = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/starr/system/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "starr_system_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | starr = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /konfig/models/metadata/metadata.k: -------------------------------------------------------------------------------- 1 | __META_REPO_URL = option("repo_url") or "https://github.com/MacroPower/homelab" 2 | __META_REVISION = option("revision") or "main" 3 | -------------------------------------------------------------------------------- /apps/cnpg/system/main/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/cloudnative_pg/values.schema.json 2 | 3 | replicaCount: 1 4 | 5 | resources: {} 6 | -------------------------------------------------------------------------------- /apps/cnpg/system/mgmt/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/cloudnative_pg/values.schema.json 2 | 3 | replicaCount: 1 4 | 5 | resources: {} 6 | -------------------------------------------------------------------------------- /apps/envoy/gateway/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "envoy_gateway_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | envoy = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/external/dns/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "external_dns_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | external = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/o11y/seaweedfs/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "o11y_seaweedfs_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | o11y = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/public/adguard/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "public_adguard_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | public = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/starr/configarr/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "starr_configarr_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | starr = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/starr/prowlarr/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "starr_prowlarr_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | starr = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /konfig/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "konfig" 3 | edition = "v0.11.1" 4 | version = "0.0.1" 5 | 6 | [dependencies] 7 | charts = { path = "../charts" } 8 | k8s = "1.31.2" 9 | -------------------------------------------------------------------------------- /apps/argo/cd/mgmt/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/cilium/system/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "cilium_system_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | cilium_shared = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/cilium/tetragon/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "cilium_tetragon_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | cilium = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/external/certs/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "external_certs_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | external = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/external/secrets/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "external_secrets_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | external = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/kube/_tenant/shared/main.k: -------------------------------------------------------------------------------- 1 | import kube_tenant 2 | import konfig.models.frontend 3 | 4 | tenant = kube_tenant.tenantConfiguration 5 | 6 | shared = frontend.SharedApp {} 7 | -------------------------------------------------------------------------------- /apps/kube/csr-approver/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_csr_approver_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | kube = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/kube/descheduler/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_descheduler_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | kube = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/kube/dragonfly/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_dragonfly_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | dragonfly = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/public/homepage/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "public_homepage_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | public = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/public/opencloud/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "public_opencloud_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | public = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/starr/qbt-audio/main/main.k: -------------------------------------------------------------------------------- 1 | import cluster 2 | import starr_qbt_audio_base 3 | 4 | app = starr_qbt_audio_base.app | { 5 | domainName = cluster.DOMAIN_NAME 6 | } 7 | -------------------------------------------------------------------------------- /apps/starr/qbt-movies/main/main.k: -------------------------------------------------------------------------------- 1 | import cluster 2 | import starr_qbt_movies_base 3 | 4 | app = starr_qbt_movies_base.app | { 5 | domainName = cluster.DOMAIN_NAME 6 | } 7 | -------------------------------------------------------------------------------- /apps/truenas/command/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "truenas_command_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | truenas = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /.vscode/mcp.json: -------------------------------------------------------------------------------- 1 | { 2 | "servers": { 3 | "kat": { 4 | "url": "http://localhost:50165", 5 | "type": "http" 6 | } 7 | }, 8 | "inputs": [] 9 | } 10 | -------------------------------------------------------------------------------- /apps/cilium/system/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/cilium/system/mgmt/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/cnpg/system/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/cnpg/system/mgmt/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/envoy/_tenant/shared/main.k: -------------------------------------------------------------------------------- 1 | import envoy_tenant 2 | import konfig.models.frontend 3 | 4 | tenant = envoy_tenant.tenantConfiguration 5 | 6 | shared = frontend.SharedApp {} 7 | -------------------------------------------------------------------------------- /apps/envoy/gateway/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/envoy/gateway/mgmt/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/external/dns/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/external/dns/mgmt/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/kube/nack/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/kube/openebs/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/kube/openebs/mgmt/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/kube/reloader/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/kube/reloader/mgmt/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/kube/spegel/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/kube/spegel/mgmt/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/kube/volsync/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/o11y/grafana/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/o11y/k8s-monitoring/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "o11y_k8s_monitoring_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | o11y = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/o11y/loki/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/o11y/mimir/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/o11y/robusta/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/o11y/tempo/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/starr/qbt-tv/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/starr/radarr/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/starr/sonarr/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/starr/system/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /charts/adguard/values.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "additionalProperties": true, 4 | "required": [], 5 | "type": "object" 6 | } -------------------------------------------------------------------------------- /charts/mimir/values.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "additionalProperties": true, 4 | "required": [], 5 | "type": "object" 6 | } -------------------------------------------------------------------------------- /charts/opentofu/values.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "additionalProperties": true, 4 | "required": [], 5 | "type": "object" 6 | } -------------------------------------------------------------------------------- /terraform/hcloud-robot/extra-manifests/namespaces/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - argocd.yaml 6 | -------------------------------------------------------------------------------- /terraform/hcloud-robot/extra-manifests/secrets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: doppler-credentials 5 | namespace: kube-system 6 | type: Opaque 7 | -------------------------------------------------------------------------------- /terraform/home/modules/mikrotik/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | routeros = { 4 | source = "terraform-routeros/routeros" 5 | } 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /apps/argo/_tenant/base/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/argo/_tenant/shared/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/cilium/_tenant/base/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/cilium/_tenant/shared/main.k: -------------------------------------------------------------------------------- 1 | import cilium_tenant 2 | import konfig.models.frontend 3 | 4 | tenant = cilium_tenant.tenantConfiguration 5 | 6 | shared = frontend.SharedApp {} 7 | -------------------------------------------------------------------------------- /apps/cilium/tetragon/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/cilium/tetragon/mgmt/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/cnpg/_tenant/base/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/cnpg/_tenant/shared/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/crossplane/providers/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "crossplane_providers_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | crossplane = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/crossplane/system/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/crossplane/system/mgmt/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/envoy/_tenant/base/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/envoy/_tenant/shared/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/external/certs/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/external/certs/mgmt/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/external/secrets/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/external/secrets/mgmt/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/kube/_tenant/base/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/kube/_tenant/shared/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/kube/csr-approver/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/kube/csr-approver/mgmt/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/kube/descheduler/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/kube/descheduler/mgmt/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/kube/dragonfly/mgmt/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/o11y/_tenant/base/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/o11y/_tenant/shared/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/o11y/osrs-ge-exporter/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "o11y_osrs_ge_exporter_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | o11y = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/o11y/seaweedfs/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/o11y/wakatime-exporter/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "o11y_wakatime_exporter_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | o11y = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/public/_tenant/base/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/public/adguard/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/public/homepage/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/public/homepage/mgmt/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/public/opencloud/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/starr/_tenant/base/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/starr/_tenant/shared/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/starr/configarr/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/starr/prowlarr/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/starr/qbt-audio/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/starr/qbt-movies/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/truenas/_tenant/base/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/truenas/_tenant/shared/main.k: -------------------------------------------------------------------------------- 1 | import truenas_tenant 2 | import konfig.models.frontend 3 | 4 | tenant = truenas_tenant.tenantConfiguration 5 | 6 | shared = frontend.SharedApp {} 7 | -------------------------------------------------------------------------------- /apps/truenas/command/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/twitch/_tenant/base/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /terraform/home/modules/mikrotik-api/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | routeros = { 4 | source = "terraform-routeros/routeros" 5 | } 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /apps/cilium/_tenant/shared/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/crossplane/_tenant/base/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/crossplane/_tenant/shared/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/crossplane/providers/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/crossplane/system/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "crossplane_system_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | crossplane_shared = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/external/_tenant/base/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/external/_tenant/shared/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/kube/metrics-server/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/kube/metrics-server/mgmt/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/o11y/k8s-monitoring/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/o11y/osrs-ge-exporter/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/o11y/wakatime-exporter/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/public/_tenant/shared/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/securecodebox/scanners/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/securecodebox/seaweedfs/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/securecodebox/system/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/truenas/_tenant/shared/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/twitch/_tenant/shared/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /konfig/models/frontend/common/reference.k: -------------------------------------------------------------------------------- 1 | schema SecretKeyReference: 2 | """ 3 | SecretKeyReference is a reference to a secret key. 4 | """ 5 | name: str 6 | key: str 7 | -------------------------------------------------------------------------------- /apps/crossplane/_tenant/shared/main.k: -------------------------------------------------------------------------------- 1 | import crossplane_tenant 2 | import konfig.models.frontend 3 | 4 | tenant = crossplane_tenant.tenantConfiguration 5 | 6 | shared = frontend.SharedApp {} 7 | -------------------------------------------------------------------------------- /apps/o11y/wakatime-exporter/base/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/wakatime_exporter/values.schema.json 2 | 3 | serviceMonitor: 4 | main: 5 | enabled: true 6 | -------------------------------------------------------------------------------- /apps/securecodebox/_tenant/base/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/securecodebox/_tenant/shared/.tenant.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/securecodebox/scanners/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "securecodebox_scanners_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | securecodebox = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/securecodebox/seaweedfs/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "securecodebox_seaweedfs_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | securecodebox = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/securecodebox/system/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "securecodebox_system_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | securecodebox_shared = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/twitch/channel-points-miner/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "twitch_channel_points_miner_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | twitch = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/twitch/channel-points-miner/main/.app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /docs/truenas-scale/on-boot.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker network create -d macvlan \ 4 | --subnet=10.10.0.0/16 \ 5 | --subnet=fc42:0:0:a::/64 \ 6 | -o parent=bond0 \ 7 | shared_macvlan 8 | -------------------------------------------------------------------------------- /terraform/home/modules/truenas-k3s/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | remote = { 4 | source = "tenstad/remote" 5 | version = "0.2.1" 6 | } 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /terraform/modules/truenas/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | truenas = { 4 | source = "dariusbakunas/truenas" 5 | version = "0.11.1" 6 | } 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /apps/.template/templates/app/main/.app-disabled.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/.template/templates/app/mgmt/.app-disabled.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/cnpg/_tenant/base/kcl.mod.lock: -------------------------------------------------------------------------------- 1 | [dependencies] 2 | [dependencies.konfig] 3 | name = "konfig" 4 | full_name = "vPkg_a61c8e6c-74e3-4357-ad52-8d781ffc5ae3_0.0.1" 5 | version = "0.0.1" 6 | -------------------------------------------------------------------------------- /apps/starr/_tenant/base/kcl.mod.lock: -------------------------------------------------------------------------------- 1 | [dependencies] 2 | [dependencies.konfig] 3 | name = "konfig" 4 | full_name = "vPkg_a61c8e6c-74e3-4357-ad52-8d781ffc5ae3_0.0.1" 5 | version = "0.0.1" 6 | -------------------------------------------------------------------------------- /terraform/hcloud-robot/extra-manifests/argocd/get-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | curl -X GET https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml --output install.yaml 4 | -------------------------------------------------------------------------------- /apps/.template/templates/app/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "{{.TenantName}}_{{.AppName}}_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | {{.TenantName}} = { path = "../../_tenant/shared" } 7 | -------------------------------------------------------------------------------- /apps/crossplane/providers/base/main.k: -------------------------------------------------------------------------------- 1 | import konfig.models.frontend 2 | 3 | import crossplane 4 | 5 | app = frontend.App { 6 | name = "providers" 7 | tenantName = crossplane.tenant.name 8 | } 9 | -------------------------------------------------------------------------------- /apps/twitch/_tenant/base/kcl.mod.lock: -------------------------------------------------------------------------------- 1 | [dependencies] 2 | [dependencies.konfig] 3 | name = "konfig" 4 | full_name = "vPkg_a61c8e6c-74e3-4357-ad52-8d781ffc5ae3_0.0.1" 5 | version = "0.0.1" 6 | -------------------------------------------------------------------------------- /terraform/hcloud-robot/modules/k3s/data.tf: -------------------------------------------------------------------------------- 1 | // github_release for kured 2 | data "github_release" "kured" { 3 | repository = "kured" 4 | owner = "weaveworks" 5 | retrieve_by = "latest" 6 | } 7 | -------------------------------------------------------------------------------- /apps/.template/templates/_tenant/base/.tenant-disabled.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/.template/templates/_tenant/shared/.tenant-disabled.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json 2 | 3 | syncPolicy: 4 | automated: 5 | selfHeal: true 6 | -------------------------------------------------------------------------------- /apps/cnpg/system/base/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/cloudnative_pg/values.schema.json 2 | 3 | monitoring: 4 | # Note: Requires PodMonitor CRD 5 | podMonitorEnabled: false 6 | -------------------------------------------------------------------------------- /apps/securecodebox/_tenant/base/kcl.mod.lock: -------------------------------------------------------------------------------- 1 | [dependencies] 2 | [dependencies.konfig] 3 | name = "konfig" 4 | full_name = "vPkg_a61c8e6c-74e3-4357-ad52-8d781ffc5ae3_0.0.1" 5 | version = "0.0.1" 6 | -------------------------------------------------------------------------------- /apps/starr/qbt-tv/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "starr_qbt_tv_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | starr = { path = "../../_tenant/shared" } 7 | qbt_base = { path = "../../qbt/base" } 8 | -------------------------------------------------------------------------------- /konfig/models/frontend/gateway/gateway.k: -------------------------------------------------------------------------------- 1 | import models.frontend.common 2 | 3 | schema Gateway(common.Metadata): 4 | group: "gateway.networking.k8s.io" 5 | kind: "Gateway" 6 | sectionName?: str 7 | -------------------------------------------------------------------------------- /apps/.template/templates/_tenant/shared/main.k: -------------------------------------------------------------------------------- 1 | import {{.TenantName}}_tenant 2 | import konfig.models.frontend 3 | 4 | tenant = {{.TenantName}}_tenant.tenantConfiguration 5 | 6 | shared = frontend.SharedApp {} 7 | -------------------------------------------------------------------------------- /apps/starr/qbt-audio/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "starr_qbt_audio_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | starr = { path = "../../_tenant/shared" } 7 | qbt_base = { path = "../../qbt/base" } 8 | -------------------------------------------------------------------------------- /apps/starr/qbt-movies/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "starr_qbt_movies_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | starr = { path = "../../_tenant/shared" } 7 | qbt_base = { path = "../../qbt/base" } 8 | -------------------------------------------------------------------------------- /terraform/auth/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | cloud { 3 | organization = "MacroPower" 4 | hostname = "app.terraform.io" 5 | 6 | workspaces { 7 | name = "auth" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /bootstrap/core/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "bootstrap_core_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | charts = { path = "../../../charts" } 7 | k8s = "1.31.2" 8 | konfig = { path = "../../../konfig" } 9 | -------------------------------------------------------------------------------- /clusters/main/manifests/volume-zfs-pool.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1alpha1 2 | kind: RawVolumeConfig 3 | name: zfs-pool 4 | provisioning: 5 | diskSelector: 6 | match: system_disk 7 | minSize: 500GiB 8 | maxSize: 500GiB 9 | -------------------------------------------------------------------------------- /konfig/models/mixins/metadata_mixin.k: -------------------------------------------------------------------------------- 1 | mixin MetadataMixin: 2 | metadata?: {str:} = { 3 | name: name?.lower() 4 | annotations: annotations 5 | namespace: namespace 6 | labels: labels 7 | } -------------------------------------------------------------------------------- /terraform/remote-spr/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | cloud { 3 | organization = "MacroPower" 4 | hostname = "app.terraform.io" 5 | 6 | workspaces { 7 | name = "remote-spr" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /clusters/main/manifests/volume-mayastor-pool.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1alpha1 2 | kind: RawVolumeConfig 3 | name: mayastor-pool 4 | provisioning: 5 | diskSelector: 6 | match: system_disk 7 | minSize: 500GiB 8 | maxSize: 500GiB 9 | -------------------------------------------------------------------------------- /terraform/hcloud-wireguard/variables.tf: -------------------------------------------------------------------------------- 1 | variable "doppler_fsn_token" { 2 | type = string 3 | sensitive = true 4 | } 5 | 6 | variable "public_keys_openssh" { 7 | type = map(string) 8 | default = {} 9 | } 10 | -------------------------------------------------------------------------------- /terraform/home/get_kubeconfig.sh: -------------------------------------------------------------------------------- 1 | terraform output -raw kubeconfig > kubeconfig.yaml 2 | 3 | cp ~/.kube/config ~/.kube/config.bak 4 | KUBECONFIG=~/.kube/config.bak:kubeconfig.yaml kubectl config view --flatten > ~/.kube/config 5 | -------------------------------------------------------------------------------- /apps/kube/metrics-server/mgmt/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/metrics_server/values.schema.json 2 | 3 | resources: 4 | requests: 5 | cpu: 50m 6 | memory: 100Mi 7 | limits: 8 | memory: 100Mi 9 | -------------------------------------------------------------------------------- /apps/securecodebox/scanners/base/config/stdout.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | 4 | function notify() { 5 | echo "$ENTIRE_PAYLOAD" 6 | } 7 | 8 | function main() { 9 | notify 10 | } 11 | 12 | main "$@" 13 | -------------------------------------------------------------------------------- /apps/argo/_tenant/shared/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "argo" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | argo_tenant = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/cnpg/_tenant/shared/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "cnpg" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | cnpg_tenant = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/kube/_tenant/shared/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | kube_tenant = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/o11y/_tenant/shared/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "o11y" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | o11y_tenant = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /terraform/remote-spr/.auto.tfvars.tpl: -------------------------------------------------------------------------------- 1 | unifi_username = "${UNIFI_USERNAME}" 2 | unifi_password = "${UNIFI_PASSWORD}" 3 | unifi_api_url = "https://unifi.spr.macro.network" 4 | unifi_site = "default" 5 | 6 | domain_name = "spr.macro.network" 7 | -------------------------------------------------------------------------------- /apps/envoy/_tenant/shared/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "envoy" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | envoy_tenant = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/public/_tenant/shared/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "public" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | public_tenant = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/starr/_tenant/shared/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "starr" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | starr_tenant = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/twitch/_tenant/shared/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "twitch" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | twitch_tenant = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | # EditorConfig is awesome: https://EditorConfig.org 2 | 3 | # top-most EditorConfig file 4 | root = true 5 | 6 | [*] 7 | end_of_line = lf 8 | charset = utf-8 9 | insert_final_newline = true 10 | trim_trailing_whitespace = true 11 | -------------------------------------------------------------------------------- /apps/argo/_tenant/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "argo_tenant" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | konfig = { path = "../../../../konfig" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/cnpg/_tenant/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "cnpg_tenant" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | konfig = { path = "../../../../konfig" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/kube/_tenant/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_tenant" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | konfig = { path = "../../../../konfig" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/kube/nack/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_nack_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | kube_nack_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/o11y/_tenant/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "o11y_tenant" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | konfig = { path = "../../../../konfig" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/o11y/loki/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "o11y_loki_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | o11y_loki_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/o11y/tempo/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "o11y_tempo_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | o11y_tempo_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/truenas/_tenant/shared/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "truenas" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | truenas_tenant = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /bootstrap/core/nas01/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "bootstrap_core_nas01" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | bootstrap = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /charts/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "charts" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | filepath = { oci = "oci://ghcr.io/macropower/kclipper/filepath", tag = "0.16.1" } 7 | helm = { oci = "oci://ghcr.io/macropower/kclipper/helm", tag = "0.16.1" } 8 | -------------------------------------------------------------------------------- /docs/topology/cluster.md: -------------------------------------------------------------------------------- 1 | # Cluster 2 | 3 | - Nodes of the same type are numbered sequentially 4 | - IP Address assigned as 10.0.5.\ 5 | - A full AZ can be removed and all groups will still have enough nodes 6 | 7 | ![](img/cluster.png) 8 | -------------------------------------------------------------------------------- /konfig/objects/json_merge_patch.k: -------------------------------------------------------------------------------- 1 | import json_merge_patch as p 2 | 3 | json_merge_patch = lambda a: any, b: any -> any { 4 | """ 5 | `json_merge_patch` merges two JSON objects using a JSON Merge Patch. 6 | """ 7 | p.merge(a, b) 8 | } 9 | -------------------------------------------------------------------------------- /apps/cilium/_tenant/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "cilium_tenant" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | konfig = { path = "../../../../konfig" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/cilium/_tenant/shared/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "cilium_shared" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | cilium_tenant = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/cnpg/system/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "cnpg_system_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | cnpg_system_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/cnpg/system/mgmt/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "cnpg_system_mgmt" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | cnpg_system_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/envoy/_tenant/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "envoy_tenant" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | konfig = { path = "../../../../konfig" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/external/_tenant/shared/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "external" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | external_tenant = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/kube/spegel/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_spegel_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | kube_spegel_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/kube/spegel/mgmt/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_spegel_mgmt" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | kube_spegel_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/kube/volsync/main/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/volsync/values.schema.json 2 | 3 | resources: 4 | requests: 5 | cpu: "100m" 6 | memory: "64Mi" 7 | limits: 8 | cpu: "1000m" 9 | memory: "1Gi" 10 | -------------------------------------------------------------------------------- /apps/public/_tenant/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "public_tenant" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | konfig = { path = "../../../../konfig" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/securecodebox/scanners/base/config/hooks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | - id: stdout 3 | execute-command: /config/stdout.sh 4 | command-working-directory: /config 5 | pass-environment-to-command: 6 | - source: entire-payload 7 | envname: ENTIRE_PAYLOAD 8 | -------------------------------------------------------------------------------- /apps/starr/_tenant/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "starr_tenant" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | konfig = { path = "../../../../konfig" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/twitch/_tenant/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "twitch_tenant" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | konfig = { path = "../../../../konfig" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/crossplane/_tenant/shared/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "crossplane" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | crossplane_tenant = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/external/_tenant/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "external_tenant" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | konfig = { path = "../../../../konfig" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/external/dns/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "external_dns_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | external_dns_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/external/dns/mgmt/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "external_dns_mgmt" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | external_dns_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/kube/openebs/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_openebs_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | kube_openebs_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/kube/openebs/mgmt/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_openebs_mgmt" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | kube_openebs_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/kube/reloader/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_reloader_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | kube_reloader_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/kube/reloader/mgmt/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_reloader_mgmt" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | kube_reloader_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/kube/volsync/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_volsync_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | kube_volsync_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/o11y/grafana/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "o11y_grafana_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | o11y_grafana_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/starr/system/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "starr_system_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | starr_system_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/truenas/_tenant/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "truenas_tenant" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | konfig = { path = "../../../../konfig" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /terraform/hcloud-robot/modules/k3s/templates/traefik_config.yaml.tpl: -------------------------------------------------------------------------------- 1 | apiVersion: helm.cattle.io/v1 2 | kind: HelmChartConfig 3 | metadata: 4 | name: traefik 5 | namespace: kube-system 6 | spec: 7 | failurePolicy: abort 8 | valuesContent: |- 9 | ${values} -------------------------------------------------------------------------------- /apps/cilium/tetragon/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "cilium_tetragon_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | cilium_tetragon_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/cilium/tetragon/mgmt/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "cilium_tetragon_mgmt" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | cilium_tetragon_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/crossplane/_tenant/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "crossplane_tenant" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | konfig = { path = "../../../../konfig" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/kube/dragonfly/mgmt/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_dragonfly_mgmt" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | kube_dragonfly_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/o11y/seaweedfs/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "o11y_seaweedfs_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | o11y_seaweedfs_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/starr/configarr/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "starr_configarr_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | starr_configarr_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/truenas/command/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "truenas_command_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | truenas_command_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/external/secrets/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "external_secrets_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | external_secrets_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/external/secrets/mgmt/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "external_secrets_mgmt" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | external_secrets_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/kube/descheduler/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_descheduler_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | kube_descheduler_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/kube/descheduler/mgmt/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_descheduler_mgmt" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | kube_descheduler_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/kube/metrics-server/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_metrics_server_base" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | kube = { path = "../../_tenant/shared" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/securecodebox/_tenant/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "securecodebox_tenant" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | konfig = { path = "../../../../konfig" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/securecodebox/_tenant/shared/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "securecodebox" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | securecodebox_tenant = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/twitch/channel-points-miner/base/README.md: -------------------------------------------------------------------------------- 1 | # TCPM 2 | 3 | ## Cookie Generation 4 | 5 | ```sh 6 | docker run --name tcpm -v $(pwd)/apps/twitch/channel-points-miner/base/config/run.py:/usr/src/app/run.py:ro -p 5000:5000 rdavidoff/twitch-channel-points-miner-v2 7 | ``` 8 | -------------------------------------------------------------------------------- /konfig/models/utils/metadata_builder.k: -------------------------------------------------------------------------------- 1 | MetadataBuilder = lambda metadata -> {str:} { 2 | { 3 | name: metadata?.name 4 | namespace: metadata?.namespace 5 | labels: metadata?.labels 6 | annotations: metadata?.annotations 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /.taskfiles/renovate/Taskfile.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://taskfile.dev/schema.json 3 | version: "3" 4 | 5 | tasks: 6 | lint: 7 | desc: Lints Renovate configuration 8 | cmds: 9 | - renovate-config-validator .github/renovate.json5 10 | -------------------------------------------------------------------------------- /apps/crossplane/system/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "crossplane_system_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | crossplane_system_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/crossplane/system/mgmt/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "crossplane_system_mgmt" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | crossplane_system_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/kube/csr-approver/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_csr_approver_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | kube_csr_approver_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/kube/csr-approver/mgmt/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_csr_approver_mgmt" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | kube_csr_approver_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /konfig/models/protocol/app_protocol.k: -------------------------------------------------------------------------------- 1 | import models.frontend.app 2 | import models.resource 3 | 4 | protocol AppProtocol: 5 | """AppProtocol provides constraints on mixins required by the app backend.""" 6 | config: app.App 7 | kubernetes: resource.ResourceMapping 8 | -------------------------------------------------------------------------------- /apps/.template/templates/_tenant/base/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "{{.TenantName}}_tenant" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | konfig = { path = "../../../../konfig" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/.template/templates/_tenant/shared/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "{{.TenantName}}" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | {{.TenantName}}_tenant = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/crossplane/providers/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "crossplane_providers_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | crossplane_providers_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/kube/metrics-server/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_metrics_server_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | kube_metrics_server_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/kube/metrics-server/mgmt/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kube_metrics_server_mgmt" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | kube_metrics_server_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/securecodebox/system/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "securecodebox_system_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | securecodebox_system_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/o11y/osrs-ge-exporter/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "o11y_osrs_ge_exporter_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | o11y_osrs_ge_exporter_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /docs/truenas-scale/nas01/setup.md: -------------------------------------------------------------------------------- 1 | # Setup 2 | 3 | Create a shared macvlan network for docker containers: 4 | 5 | ``` 6 | docker network create -d macvlan \ 7 | --subnet=10.10.0.0/16 \ 8 | --subnet=fc42:0:0:a::/64 \ 9 | -o parent=bond0 \ 10 | shared_macvlan 11 | ``` 12 | -------------------------------------------------------------------------------- /apps/o11y/wakatime-exporter/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "o11y_wakatime_exporter_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | o11y_wakatime_exporter_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/securecodebox/scanners/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "securecodebox_scanners_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | securecodebox_scanners_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/securecodebox/seaweedfs/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "securecodebox_seaweedfs_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | securecodebox_seaweedfs_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/argo/cd/mgmt/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "argo_cd_mgmt" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | argo_cd_base = { path = "../base" } 7 | cluster = { path = "../../../../clusters/mgmt" } 8 | 9 | [profile] 10 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 11 | -------------------------------------------------------------------------------- /konfig/models/protocol/tenant_protocol.k: -------------------------------------------------------------------------------- 1 | import models.frontend.tenant 2 | import models.resource 3 | 4 | protocol TenantProtocol: 5 | """TenantProtocol provides constraints on mixins required by the tenant backend.""" 6 | config: tenant.Tenant 7 | kubernetes: resource.ResourceMapping 8 | -------------------------------------------------------------------------------- /apps/.template/templates/app/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "{{.TenantName}}_{{.AppName}}_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | {{.TenantName}}_{{.AppName}}_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/.template/templates/app/mgmt/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "{{.TenantName}}_{{.AppName}}_mgmt" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | {{.TenantName}}_{{.AppName}}_base = { path = "../base" } 7 | 8 | [profile] 9 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 10 | -------------------------------------------------------------------------------- /apps/crossplane/system/base/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/crossplane/values.schema.json 2 | 3 | replicas: 2 4 | 5 | rbacManager: 6 | replicas: 2 7 | 8 | customAnnotations: 9 | reloader.stakater.com/auto: "true" 10 | 11 | metrics: 12 | enabled: true 13 | -------------------------------------------------------------------------------- /charts/adguard/values.schema.k: -------------------------------------------------------------------------------- 1 | """ 2 | This file was generated by the KCL auto-gen tool. DO NOT EDIT. 3 | Editing this file might prove futile when you re-run the KCL auto-gen generate command. 4 | """ 5 | 6 | schema Values: 7 | r""" 8 | Values 9 | """ 10 | [...str]: any 11 | 12 | -------------------------------------------------------------------------------- /charts/mimir/values.schema.k: -------------------------------------------------------------------------------- 1 | """ 2 | This file was generated by the KCL auto-gen tool. DO NOT EDIT. 3 | Editing this file might prove futile when you re-run the KCL auto-gen generate command. 4 | """ 5 | 6 | schema Values: 7 | r""" 8 | Values 9 | """ 10 | [...str]: any 11 | 12 | -------------------------------------------------------------------------------- /konfig/models/frontend/grafana/dashboard.k: -------------------------------------------------------------------------------- 1 | import models.frontend.common 2 | 3 | schema GrafanaDashboard(common.Metadata): 4 | """ 5 | Grafana Dashboard 6 | """ 7 | resyncPeriod?: str = "1h" 8 | allowCrossNamespaceImport?: bool = True 9 | url?: str 10 | json?: str 11 | -------------------------------------------------------------------------------- /apps/o11y/mimir/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "o11y_mimir_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | o11y_mimir_base = { path = "../base" } 7 | cluster = { path = "../../../../clusters/main" } 8 | 9 | [profile] 10 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 11 | -------------------------------------------------------------------------------- /charts/opentofu/values.schema.k: -------------------------------------------------------------------------------- 1 | """ 2 | This file was generated by the KCL auto-gen tool. DO NOT EDIT. 3 | Editing this file might prove futile when you re-run the KCL auto-gen generate command. 4 | """ 5 | 6 | schema Values: 7 | r""" 8 | Values 9 | """ 10 | [...str]: any 11 | 12 | -------------------------------------------------------------------------------- /docs/storage/drive-cloning.md: -------------------------------------------------------------------------------- 1 | # Drive Cloning 2 | 3 | ## Healthy Disks 4 | 5 | ```sh 6 | dd status=progress conv=fsync if=/dev/sdX of=/mnt/archive/disks/.img 7 | ``` 8 | 9 | ## Unhealthy Disks 10 | 11 | ```sh 12 | ddrescue /dev/sdX /mnt/archive/disks/.img .log 13 | ``` 14 | -------------------------------------------------------------------------------- /apps/o11y/robusta/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "o11y_robusta_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | o11y_robusta_base = { path = "../base" } 7 | cluster = { path = "../../../../clusters/main" } 8 | 9 | [profile] 10 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 11 | -------------------------------------------------------------------------------- /apps/starr/qbt-tv/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "starr_qbt_tv_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | starr_qbt_tv_base = { path = "../base" } 7 | cluster = { path = "../../../../clusters/main" } 8 | 9 | [profile] 10 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 11 | -------------------------------------------------------------------------------- /apps/starr/radarr/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "starr_radarr_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | starr_radarr_base = { path = "../base" } 7 | cluster = { path = "../../../../clusters/main" } 8 | 9 | [profile] 10 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 11 | -------------------------------------------------------------------------------- /apps/starr/sonarr/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "starr_sonarr_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | starr_sonarr_base = { path = "../base" } 7 | cluster = { path = "../../../../clusters/main" } 8 | 9 | [profile] 10 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 11 | -------------------------------------------------------------------------------- /.envrc: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Automatically sets up your devbox environment whenever you cd into this 4 | # directory via our direnv integration: 5 | 6 | eval "$(devbox generate direnv --print-envrc)" 7 | 8 | # check out https://www.jetify.com/docs/devbox/ide_configuration/direnv/ 9 | # for more details 10 | -------------------------------------------------------------------------------- /apps/cilium/system/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "cilium_system_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | cilium_system_base = { path = "../base" } 7 | cluster = { path = "../../../../clusters/main" } 8 | 9 | [profile] 10 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 11 | -------------------------------------------------------------------------------- /apps/cilium/system/mgmt/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "cilium_system_mgmt" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | cilium_system_base = { path = "../base" } 7 | cluster = { path = "../../../../clusters/mgmt" } 8 | 9 | [profile] 10 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 11 | -------------------------------------------------------------------------------- /apps/envoy/gateway/base/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/envoy_gateway/values.schema.json 2 | 3 | deployment: 4 | replicas: 1 5 | envoyGateway: 6 | resources: 7 | requests: 8 | cpu: 100m 9 | memory: 256Mi 10 | limits: 11 | memory: 1Gi 12 | -------------------------------------------------------------------------------- /apps/envoy/gateway/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "envoy_gateway_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | envoy_gateway_base = { path = "../base" } 7 | cluster = { path = "../../../../clusters/main" } 8 | 9 | [profile] 10 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 11 | -------------------------------------------------------------------------------- /apps/envoy/gateway/mgmt/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "envoy_gateway_mgmt" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | envoy_gateway_base = { path = "../base" } 7 | cluster = { path = "../../../../clusters/mgmt" } 8 | 9 | [profile] 10 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 11 | -------------------------------------------------------------------------------- /apps/kube/dragonfly/mgmt/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/dragonfly_operator/values.schema.json 2 | 3 | replicaCount: 1 4 | 5 | manager: 6 | resources: 7 | requests: 8 | cpu: 10m 9 | memory: 150Mi 10 | limits: 11 | cpu: 500m 12 | memory: 150Mi 13 | -------------------------------------------------------------------------------- /apps/kube/metrics-server/base/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/metrics_server/values.schema.json 2 | 3 | replicas: 2 4 | 5 | args: 6 | - --kubelet-insecure-tls 7 | 8 | resources: 9 | requests: 10 | cpu: 50m 11 | memory: 200Mi 12 | limits: 13 | memory: 200Mi 14 | -------------------------------------------------------------------------------- /terraform/modules/unifi/outputs.tf: -------------------------------------------------------------------------------- 1 | output "port_profile" { 2 | value = { 3 | for k, v in merge(unifi_port_profile.lan, {disabled = unifi_port_profile.disabled}) : k => { 4 | id = v.id 5 | } 6 | } 7 | } 8 | 9 | output "default_network_id" { 10 | value = unifi_network.lan_default.id 11 | } 12 | -------------------------------------------------------------------------------- /apps/external/certs/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "external_certs_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | external_certs_base = { path = "../base" } 7 | cluster = { path = "../../../../clusters/main" } 8 | 9 | [profile] 10 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 11 | -------------------------------------------------------------------------------- /apps/external/certs/mgmt/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "external_certs_mgmt" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | external_certs_base = { path = "../base" } 7 | cluster = { path = "../../../../clusters/mgmt" } 8 | 9 | [profile] 10 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 11 | -------------------------------------------------------------------------------- /apps/public/adguard/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "public_adguard_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | public_adguard_base = { path = "../base" } 7 | cluster = { path = "../../../../clusters/main" } 8 | 9 | [profile] 10 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 11 | -------------------------------------------------------------------------------- /apps/public/homepage/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "public_homepage_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | public_homepage_base = { path = "../base" } 7 | cluster = { path = "../../../../clusters/main" } 8 | 9 | [profile] 10 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 11 | -------------------------------------------------------------------------------- /apps/public/homepage/mgmt/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "public_homepage_mgmt" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | public_homepage_base = { path = "../base" } 7 | cluster = { path = "../../../../clusters/mgmt" } 8 | 9 | [profile] 10 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 11 | -------------------------------------------------------------------------------- /apps/starr/prowlarr/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "starr_prowlarr_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | starr_prowlarr_base = { path = "../base" } 7 | cluster = { path = "../../../../clusters/main" } 8 | 9 | [profile] 10 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 11 | -------------------------------------------------------------------------------- /apps/starr/qbt-audio/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "starr_qbt_audio_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | starr_qbt_audio_base = { path = "../base" } 7 | cluster = { path = "../../../../clusters/main" } 8 | 9 | [profile] 10 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 11 | -------------------------------------------------------------------------------- /terraform/auth/variables.tf: -------------------------------------------------------------------------------- 1 | variable "doppler_auth_token" { 2 | type = string 3 | sensitive = true 4 | } 5 | 6 | variable "doppler_cin_token" { 7 | type = string 8 | sensitive = true 9 | } 10 | 11 | variable "doppler_cin_mgmt_token" { 12 | type = string 13 | sensitive = true 14 | } 15 | -------------------------------------------------------------------------------- /apps/public/opencloud/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "public_opencloud_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | public_opencloud_base = { path = "../base" } 7 | cluster = { path = "../../../../clusters/main" } 8 | 9 | [profile] 10 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 11 | -------------------------------------------------------------------------------- /apps/starr/qbt-movies/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "starr_qbt_movies_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | starr_qbt_movies_base = { path = "../base" } 7 | cluster = { path = "../../../../clusters/main" } 8 | 9 | [profile] 10 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 11 | -------------------------------------------------------------------------------- /terraform/home/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | cloud { 3 | organization = "MacroPower" 4 | hostname = "app.terraform.io" 5 | 6 | workspaces { 7 | name = "home" 8 | } 9 | } 10 | } 11 | 12 | data "doppler_secrets" "tf_main_home" { 13 | project = "terraform" 14 | config = "main_home" 15 | } 16 | -------------------------------------------------------------------------------- /apps/o11y/k8s-monitoring/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "o11y_k8s_monitoring_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | o11y_k8s_monitoring_base = { path = "../base" } 7 | cluster = { path = "../../../../clusters/main" } 8 | 9 | [profile] 10 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 11 | -------------------------------------------------------------------------------- /terraform/hcloud-robot/modules/k3s/templates/cilium.yaml.tpl: -------------------------------------------------------------------------------- 1 | apiVersion: helm.cattle.io/v1 2 | kind: HelmChart 3 | metadata: 4 | name: cilium 5 | namespace: kube-system 6 | spec: 7 | chart: cilium 8 | repo: https://helm.cilium.io/ 9 | targetNamespace: kube-system 10 | bootstrap: true 11 | valuesContent: |- 12 | ${values} -------------------------------------------------------------------------------- /apps/external/secrets/main/main.k: -------------------------------------------------------------------------------- 1 | import external_secrets_base 2 | import charts.external_secrets 3 | 4 | _baseValues = external_secrets_base.app.charts.external_secrets.values 5 | 6 | app = external_secrets_base.app | { 7 | charts.external_secrets.values = _baseValues | external_secrets.Values { 8 | replicaCount = 2 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /apps/external/secrets/mgmt/main.k: -------------------------------------------------------------------------------- 1 | import external_secrets_base 2 | import charts.external_secrets 3 | 4 | _baseValues = external_secrets_base.app.charts.external_secrets.values 5 | 6 | app = external_secrets_base.app | { 7 | charts.external_secrets.values = _baseValues | external_secrets.Values { 8 | replicaCount = 2 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /apps/truenas/command/main/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/truecommand/values.schema.json 2 | 3 | controllers: 4 | truecommand: 5 | containers: 6 | app: 7 | resources: 8 | requests: 9 | cpu: 100m 10 | memory: 2Gi 11 | limits: 12 | memory: 4Gi 13 | -------------------------------------------------------------------------------- /apps/twitch/channel-points-miner/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "twitch_channel_points_miner_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | twitch_channel_points_miner_base = { path = "../base" } 7 | cluster = { path = "../../../../clusters/main" } 8 | 9 | [profile] 10 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 11 | -------------------------------------------------------------------------------- /apps/o11y/loki/main/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/loki/values.schema.json 2 | 3 | loki: 4 | storage: 5 | s3: 6 | endpoint: seaweedfs-s3.o11y-seaweedfs.svc:8333 7 | accessKeyId: "${S3_ACCESS_KEY}" 8 | secretAccessKey: "${S3_SECRET_KEY}" 9 | insecure: true 10 | s3ForcePathStyle: true 11 | -------------------------------------------------------------------------------- /terraform/auth/connections.tf: -------------------------------------------------------------------------------- 1 | resource "auth0_connection" "github" { 2 | name = "GitHub" 3 | strategy = "github" 4 | 5 | options { 6 | scopes = ["email", "profile"] 7 | client_id = data.doppler_secrets.colvin.map.GITHUB_AUTH_CLIENT_ID 8 | client_secret = data.doppler_secrets.colvin.map.GITHUB_AUTH_CLIENT_SECRET 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /terraform/hcloud-robot/modules/k3s/templates/nginx_ingress.yaml.tpl: -------------------------------------------------------------------------------- 1 | apiVersion: helm.cattle.io/v1 2 | kind: HelmChart 3 | metadata: 4 | name: ngx 5 | namespace: kube-system 6 | spec: 7 | chart: ingress-nginx 8 | repo: https://kubernetes.github.io/ingress-nginx 9 | targetNamespace: kube-system 10 | bootstrap: true 11 | valuesContent: |- 12 | ${values} -------------------------------------------------------------------------------- /apps/public/_tenant/base/main.k: -------------------------------------------------------------------------------- 1 | import konfig.models.frontend 2 | import konfig.models.frontend.gateway 3 | 4 | tenantConfiguration = frontend.Tenant { 5 | name = "public" 6 | gateways.default = gateway.Gateway { 7 | name = "cluster-gateway" 8 | namespace = "envoy-gateway" 9 | } 10 | oidcIssuer = "https://auth.jacobcolvin.com" 11 | } 12 | -------------------------------------------------------------------------------- /apps/starr/_tenant/base/main.k: -------------------------------------------------------------------------------- 1 | import konfig.models.frontend 2 | import konfig.models.frontend.gateway 3 | 4 | tenantConfiguration = frontend.Tenant { 5 | name = "starr" 6 | gateways.default = gateway.Gateway { 7 | name = "cluster-gateway" 8 | namespace = "envoy-gateway" 9 | } 10 | oidcIssuer = "https://auth.jacobcolvin.com" 11 | } 12 | -------------------------------------------------------------------------------- /apps/twitch/_tenant/base/main.k: -------------------------------------------------------------------------------- 1 | import konfig.models.frontend 2 | import konfig.models.frontend.gateway 3 | 4 | tenantConfiguration = frontend.Tenant { 5 | name = "twitch" 6 | gateways.default = gateway.Gateway { 7 | name = "cluster-gateway" 8 | namespace = "envoy-gateway" 9 | } 10 | oidcIssuer = "https://auth.jacobcolvin.com" 11 | } 12 | -------------------------------------------------------------------------------- /konfig/models/frontend/rbac/role.k: -------------------------------------------------------------------------------- 1 | import k8s.api.rbac.v1 as rbacv1 2 | import models.frontend.common 3 | 4 | schema Role(common.Metadata): 5 | """ 6 | Attributes 7 | ---------- 8 | rules: [PolicyRule], default is Undefined, optional 9 | Rules holds all the PolicyRules for this ClusterRole 10 | """ 11 | rules?: [rbacv1.PolicyRule] 12 | -------------------------------------------------------------------------------- /konfig/models/utils/env_builder.k: -------------------------------------------------------------------------------- 1 | import models.frontend.container 2 | 3 | EnvBuilder = lambda env: container.EnvMap -> [any] { 4 | [ 5 | { 6 | name = k 7 | if typeof(v) == "EnvValueFrom": 8 | valueFrom = v 9 | else: 10 | value = v 11 | } 12 | for k, v in env 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /terraform/remote-spr/variables.tf: -------------------------------------------------------------------------------- 1 | variable "domain_name" { 2 | type = string 3 | } 4 | 5 | variable "unifi_username" { 6 | type = string 7 | } 8 | 9 | variable "unifi_password" { 10 | type = string 11 | sensitive = true 12 | } 13 | 14 | variable "unifi_api_url" { 15 | type = string 16 | } 17 | 18 | variable "unifi_site" { 19 | type = string 20 | } 21 | -------------------------------------------------------------------------------- /apps/crossplane/providers/main/main.k: -------------------------------------------------------------------------------- 1 | import crossplane_providers_base 2 | import charts.crossplane.api.v1 as crossplanev1 3 | 4 | app = crossplane_providers_base.app | { 5 | extraResources.terraformProvider = crossplanev1.Provider { 6 | metadata.name = "upbound-provider-opentofu" 7 | spec.package = "xpkg.upbound.io/upbound/provider-opentofu:v1" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /bootstrap/core/main/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "bootstrap_core_main" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | bootstrap = { path = "../base" } 7 | kube_csr_approver = { path = "../../../apps/kube/csr-approver/main" } 8 | cilium_system = { path = "../../../apps/cilium/system/main" } 9 | 10 | [profile] 11 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 12 | -------------------------------------------------------------------------------- /docs/turing-pi/talos.md: -------------------------------------------------------------------------------- 1 | # Talos 2 | 3 | To flash Talos, get an image here: 4 | 5 | https://factory.talos.dev/ 6 | 7 | Choose the `rpi_generic` overlay for CM4. 8 | 9 | Make sure to download the `arm64 metal disk image`. It should be a .raw.xz file. 10 | 11 | Extract the .raw and rename it to .img. 12 | 13 | You can use this .img to flash the node using the Turing Pi's web UI. 14 | -------------------------------------------------------------------------------- /bootstrap/core/robot/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "bootstrap_core_robot" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | bootstrap = { path = "../base" } 7 | kube_csr_approver = { path = "../../../apps/kube/csr-approver/robot" } 8 | cilium_system = { path = "../../../apps/cilium/system/robot" } 9 | 10 | [profile] 11 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 12 | -------------------------------------------------------------------------------- /apps/cilium/system/mgmt/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/cilium/values.schema.json 2 | 3 | cluster: 4 | name: mgmt 5 | id: 1 6 | 7 | k8sClientRateLimit: 8 | qps: 10 9 | burst: 20 10 | 11 | ingressController: 12 | enabled: true 13 | loadbalancerMode: shared 14 | defaultSecretNamespace: "external-certs" 15 | defaultSecretName: "cluster-ingress" 16 | -------------------------------------------------------------------------------- /apps/kube/csr-approver/mgmt/main.k: -------------------------------------------------------------------------------- 1 | import kube_csr_approver_base 2 | import charts.kubelet_csr_approver as kca 3 | 4 | _kcaValues = kca.Values { 5 | providerRegex = "^kmgmt\d\d$" 6 | providerIpPrefixes = [ 7 | "10.10.0.0/16", 8 | "fc42:0:0:a::/64", 9 | ] 10 | } 11 | 12 | app = kube_csr_approver_base.app | { 13 | charts.kubelet_csr_approver.values: _kcaValues 14 | } 15 | -------------------------------------------------------------------------------- /apps/o11y/mimir/main/values.yaml: -------------------------------------------------------------------------------- 1 | # https://github.com/grafana/mimir/tree/main/operations/helm/charts/mimir-distributed 2 | 3 | mimir: 4 | structuredConfig: 5 | common: 6 | storage: 7 | s3: 8 | endpoint: seaweedfs-s3.o11y-seaweedfs.svc:8333 9 | access_key_id: "${S3_ACCESS_KEY}" 10 | secret_access_key: "${S3_SECRET_KEY}" 11 | insecure: true 12 | -------------------------------------------------------------------------------- /apps/starr/qbt-tv/base/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/qbittorrent/values.schema.json 2 | 3 | controllers: 4 | qbittorrent: 5 | containers: 6 | app: 7 | env: 8 | QBT_TORRENTING_PORT: {value: &torrentPort 50480} 9 | 10 | service: 11 | torrent: 12 | # type: LoadBalancer 13 | ports: 14 | torrent-tcp: 15 | port: *torrentPort 16 | -------------------------------------------------------------------------------- /terraform/remote-spr/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | unifi = { 4 | source = "akerl/unifi" 5 | version = "1.0.4" 6 | } 7 | } 8 | } 9 | 10 | provider "unifi" { 11 | username = var.unifi_username 12 | password = var.unifi_password 13 | api_url = var.unifi_api_url 14 | site = var.unifi_site 15 | allow_insecure = true 16 | } 17 | -------------------------------------------------------------------------------- /apps/crossplane/system/main/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/crossplane/values.schema.json 2 | 3 | resourcesCrossplane: 4 | requests: 5 | cpu: 100m 6 | memory: 256Mi 7 | limits: 8 | cpu: 1000m 9 | memory: 1024Mi 10 | 11 | resourcesRBACManager: 12 | requests: 13 | cpu: 50m 14 | memory: 256Mi 15 | limits: 16 | cpu: 500m 17 | memory: 512Mi 18 | -------------------------------------------------------------------------------- /apps/crossplane/system/mgmt/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/crossplane/values.schema.json 2 | 3 | resourcesCrossplane: 4 | requests: 5 | cpu: 100m 6 | memory: 256Mi 7 | limits: 8 | cpu: 1000m 9 | memory: 1024Mi 10 | 11 | resourcesRBACManager: 12 | requests: 13 | cpu: 50m 14 | memory: 256Mi 15 | limits: 16 | cpu: 500m 17 | memory: 512Mi 18 | -------------------------------------------------------------------------------- /apps/kube/nack/base/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.models.frontend 4 | import konfig.files 5 | 6 | import kube 7 | import charts.nack 8 | 9 | _values = files.read_yaml(file.current(), "values.yaml") 10 | 11 | app = frontend.App { 12 | name = "nack" 13 | tenantName = kube.tenant.name 14 | 15 | charts.nack = nack.Chart { 16 | values: _values | nack.Values {} 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /apps/starr/qbt-audio/base/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/qbittorrent/values.schema.json 2 | 3 | controllers: 4 | qbittorrent: 5 | containers: 6 | app: 7 | env: 8 | QBT_TORRENTING_PORT: {value: &torrentPort 50482} 9 | 10 | service: 11 | torrent: 12 | # type: LoadBalancer 13 | ports: 14 | torrent-tcp: 15 | port: *torrentPort 16 | -------------------------------------------------------------------------------- /apps/starr/qbt-movies/base/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/qbittorrent/values.schema.json 2 | 3 | controllers: 4 | qbittorrent: 5 | containers: 6 | app: 7 | env: 8 | QBT_TORRENTING_PORT: {value: &torrentPort 50481} 9 | 10 | service: 11 | torrent: 12 | # type: LoadBalancer 13 | ports: 14 | torrent-tcp: 15 | port: *torrentPort 16 | -------------------------------------------------------------------------------- /.taskfiles/rook-ceph/scripts/wait-for-job.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | JOB=$1 4 | NAMESPACE="${2:-default}" 5 | 6 | [[ -z "${JOB}" ]] && echo "Job name not specified" && exit 1 7 | while true; do 8 | STATUS="$(kubectl -n "${NAMESPACE}" get pod -l job-name="${JOB}" -o jsonpath='{.items[*].status.phase}')" 9 | if [ "${STATUS}" == "Pending" ]; then 10 | break 11 | fi 12 | sleep 1 13 | done 14 | -------------------------------------------------------------------------------- /apps/external/dns/base/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/external_dns/values.schema.json 2 | 3 | # https://github.com/kubernetes-sigs/external-dns/blob/master/charts/external-dns/values.yaml 4 | 5 | logFormat: json 6 | logLevel: info 7 | 8 | sources: 9 | - service 10 | - ingress 11 | - gateway-httproute 12 | 13 | policy: upsert-only 14 | 15 | serviceMonitor: 16 | enabled: false 17 | -------------------------------------------------------------------------------- /apps/kube/spegel/base/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.models.frontend 4 | import konfig.files 5 | 6 | import kube 7 | import charts.spegel 8 | 9 | _values = files.read_yaml(file.current(), "values.yaml") 10 | 11 | app = frontend.App { 12 | name = "spegel" 13 | tenantName = kube.tenant.name 14 | 15 | charts.spegel = spegel.Chart { 16 | values: _values | spegel.Values {} 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /apps/kube/openebs/base/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.models.frontend 4 | import konfig.files 5 | 6 | import kube 7 | import charts.openebs 8 | 9 | _values = files.read_yaml(file.current(), "values.yaml") 10 | 11 | app = frontend.App { 12 | name = "openebs" 13 | tenantName = kube.tenant.name 14 | 15 | charts.openebs = openebs.Chart { 16 | values: _values | openebs.Values {} 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /terraform/home/.auto.tfvars.tpl: -------------------------------------------------------------------------------- 1 | nas01_fqdn = "nas01.cin.macro.network" 2 | nas01_ipv4 = "10.10.1.1" 3 | nas01_api_key = "${NAS01_API_KEY}" 4 | 5 | unifi_username = "${UNIFI_USERNAME}" 6 | unifi_password = "${UNIFI_PASSWORD}" 7 | unifi_api_url = "https://unifi.cin.macro.network" 8 | unifi_site = "default" 9 | 10 | domain_name = "cin.macro.network" 11 | 12 | doppler_token = "${TERRAFORM_DOPPLER_TOKEN}" 13 | -------------------------------------------------------------------------------- /bootstrap/core/mgmt/kcl.mod: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "bootstrap_core_mgmt" 3 | version = "0.1.0" 4 | 5 | [dependencies] 6 | bootstrap = { path = "../base" } 7 | kube_csr_approver = { path = "../../../apps/kube/csr-approver/mgmt" } 8 | cilium_system = { path = "../../../apps/cilium/system/mgmt" } 9 | argo_cd = { path = "../../../apps/argo/cd/base" } 10 | 11 | [profile] 12 | entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"] 13 | -------------------------------------------------------------------------------- /terraform/hcloud-robot/modules/k3s/templates/cert_manager.yaml.tpl: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: cert-manager 6 | --- 7 | apiVersion: helm.cattle.io/v1 8 | kind: HelmChart 9 | metadata: 10 | name: cert-manager 11 | namespace: kube-system 12 | spec: 13 | chart: cert-manager 14 | repo: https://charts.jetstack.io 15 | targetNamespace: cert-manager 16 | valuesContent: |- 17 | ${values} 18 | -------------------------------------------------------------------------------- /apps/kube/csr-approver/main/main.k: -------------------------------------------------------------------------------- 1 | import kube_csr_approver_base 2 | import charts.kubelet_csr_approver as kca 3 | 4 | _kcaValues = kca.Values { 5 | providerRegex = "^k(main|nas|robot)\d\d$" 6 | providerIpPrefixes = [ 7 | "10.10.0.0/16" 8 | "10.42.2.20/32" 9 | "fc42:0:0:a::/64" 10 | ] 11 | } 12 | 13 | app = kube_csr_approver_base.app | { 14 | charts.kubelet_csr_approver.values: _kcaValues 15 | } 16 | -------------------------------------------------------------------------------- /apps/kube/nack/main/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import kube_nack_base 7 | import charts.nack 8 | 9 | _baseValues = kube_nack_base.app.charts.nack.values 10 | _envValues = files.read_yaml(file.current(), "values.yaml") 11 | _values = objects.json_merge_patch(_baseValues, _envValues) 12 | 13 | app = kube_nack_base.app | { 14 | charts.nack.values = _values | nack.Values {} 15 | } 16 | -------------------------------------------------------------------------------- /apps/securecodebox/seaweedfs/base/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/seaweedfs/values.schema.json 2 | 3 | global: 4 | serviceAccountName: securecodebox-seaweedfs 5 | 6 | master: 7 | logs: &logs 8 | type: emptyDir 9 | 10 | filer: 11 | logs: *logs 12 | s3: 13 | enabled: true 14 | enableAuth: true 15 | createBuckets: 16 | - name: securecodebox 17 | 18 | volume: 19 | logs: *logs 20 | -------------------------------------------------------------------------------- /terraform/hcloud-robot/modules/k3s/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.3.3" 3 | required_providers { 4 | github = { 5 | source = "integrations/github" 6 | version = ">= 4.0.0" 7 | } 8 | local = { 9 | source = "hashicorp/local" 10 | version = ">= 2.0.0" 11 | } 12 | remote = { 13 | source = "tenstad/remote" 14 | version = ">= 0.0.23" 15 | } 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /apps/argo/_tenant/shared/main.k: -------------------------------------------------------------------------------- 1 | import argo_tenant 2 | import konfig.models.frontend 3 | 4 | tenant = argo_tenant.tenantConfiguration 5 | 6 | shared = frontend.SharedApp { 7 | secretStores.default = { 8 | name = "argo" 9 | provider.doppler.auth.secretRef.dopplerToken = { 10 | name = "doppler-credentials" 11 | key = "token" 12 | namespace = "kube-system" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /apps/cnpg/_tenant/shared/main.k: -------------------------------------------------------------------------------- 1 | import cnpg_tenant 2 | import konfig.models.frontend 3 | 4 | tenant = cnpg_tenant.tenantConfiguration 5 | 6 | shared = frontend.SharedApp { 7 | secretStores.default = { 8 | name = "cnpg" 9 | provider.doppler.auth.secretRef.dopplerToken = { 10 | name = "doppler-credentials" 11 | key = "token" 12 | namespace = "kube-system" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /apps/o11y/_tenant/shared/main.k: -------------------------------------------------------------------------------- 1 | import o11y_tenant 2 | import konfig.models.frontend 3 | 4 | tenant = o11y_tenant.tenantConfiguration 5 | 6 | shared = frontend.SharedApp { 7 | secretStores.default = { 8 | name = "o11y" 9 | provider.doppler.auth.secretRef.dopplerToken = { 10 | name = "doppler-credentials" 11 | key = "token" 12 | namespace = "kube-system" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /terraform/hcloud-robot/modules/k3s/modules/host/out.tf: -------------------------------------------------------------------------------- 1 | # Included for compatibility 2 | 3 | output "ipv4_address" { 4 | value = var.ipv4_address 5 | } 6 | 7 | output "private_ipv4_address" { 8 | value = var.ipv4_address 9 | } 10 | 11 | output "network_interface" { 12 | value = var.network_interface 13 | } 14 | 15 | output "name" { 16 | value = local.name 17 | } 18 | 19 | output "id" { 20 | value = random_string.server.id 21 | } 22 | -------------------------------------------------------------------------------- /apps/public/_tenant/shared/main.k: -------------------------------------------------------------------------------- 1 | import public_tenant 2 | import konfig.models.frontend 3 | 4 | tenant = public_tenant.tenantConfiguration 5 | 6 | shared = frontend.SharedApp { 7 | secretStores.default = { 8 | name = "public" 9 | provider.doppler.auth.secretRef.dopplerToken = { 10 | name = "doppler-credentials" 11 | key = "token" 12 | namespace = "kube-system" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /apps/starr/_tenant/shared/main.k: -------------------------------------------------------------------------------- 1 | import starr_tenant 2 | import konfig.models.frontend 3 | 4 | tenant = starr_tenant.tenantConfiguration 5 | 6 | shared = frontend.SharedApp { 7 | secretStores.default = { 8 | name = "starr" 9 | provider.doppler.auth.secretRef.dopplerToken = { 10 | name = "doppler-credentials" 11 | key = "token" 12 | namespace = "kube-system" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /apps/twitch/_tenant/shared/main.k: -------------------------------------------------------------------------------- 1 | import twitch_tenant 2 | import konfig.models.frontend 3 | 4 | tenant = twitch_tenant.tenantConfiguration 5 | 6 | shared = frontend.SharedApp { 7 | secretStores.default = { 8 | name = "twitch" 9 | provider.doppler.auth.secretRef.dopplerToken = { 10 | name = "doppler-credentials" 11 | key = "token" 12 | namespace = "kube-system" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /apps/cnpg/system/base/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.models.frontend 4 | import konfig.files 5 | 6 | import cnpg 7 | import charts.cloudnative_pg 8 | 9 | _values = files.read_yaml(file.current(), "values.yaml") 10 | 11 | app = frontend.App { 12 | name = "system" 13 | tenantName = cnpg.tenant.name 14 | 15 | charts.cloudnative_pg = cloudnative_pg.Chart { 16 | values: _values | cloudnative_pg.Values {} 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /apps/kube/spegel/main/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import kube_spegel_base 7 | import charts.spegel 8 | 9 | _baseValues = kube_spegel_base.app.charts.spegel.values 10 | _envValues = files.read_yaml(file.current(), "values.yaml") 11 | _values = objects.json_merge_patch(_baseValues, _envValues) 12 | 13 | app = kube_spegel_base.app | { 14 | charts.spegel.values = _values | spegel.Values {} 15 | } 16 | -------------------------------------------------------------------------------- /apps/kube/spegel/mgmt/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import kube_spegel_base 7 | import charts.spegel 8 | 9 | _baseValues = kube_spegel_base.app.charts.spegel.values 10 | _envValues = files.read_yaml(file.current(), "values.yaml") 11 | _values = objects.json_merge_patch(_baseValues, _envValues) 12 | 13 | app = kube_spegel_base.app | { 14 | charts.spegel.values = _values | spegel.Values {} 15 | } 16 | -------------------------------------------------------------------------------- /apps/external/_tenant/shared/main.k: -------------------------------------------------------------------------------- 1 | import external_tenant 2 | import konfig.models.frontend 3 | 4 | tenant = external_tenant.tenantConfiguration 5 | 6 | shared = frontend.SharedApp { 7 | secretStores.default = { 8 | name = "external" 9 | provider.doppler.auth.secretRef.dopplerToken = { 10 | name = "doppler-credentials" 11 | key = "token" 12 | namespace = "kube-system" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /apps/kube/openebs/mgmt/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import kube_openebs_base 7 | import charts.openebs 8 | 9 | _baseValues = kube_openebs_base.app.charts.openebs.values 10 | _envValues = files.read_yaml(file.current(), "values.yaml") 11 | _values = objects.json_merge_patch(_baseValues, _envValues) 12 | 13 | app = kube_openebs_base.app | { 14 | charts.openebs.values = _values | openebs.Values {} 15 | } 16 | -------------------------------------------------------------------------------- /apps/kube/volsync/main/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import kube_volsync_base 7 | import charts.volsync 8 | 9 | _baseValues = kube_volsync_base.app.charts.volsync.values 10 | _envValues = files.read_yaml(file.current(), "values.yaml") 11 | _values = objects.json_merge_patch(_baseValues, _envValues) 12 | 13 | app = kube_volsync_base.app | { 14 | charts.volsync.values = _values | volsync.Values {} 15 | } 16 | -------------------------------------------------------------------------------- /terraform/hcloud-robot/modules/k3s/templates/rancher.yaml.tpl: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: cattle-system 6 | --- 7 | apiVersion: helm.cattle.io/v1 8 | kind: HelmChart 9 | metadata: 10 | name: rancher 11 | namespace: kube-system 12 | spec: 13 | chart: rancher 14 | repo: https://releases.rancher.com/server-charts/${rancher_install_channel} 15 | targetNamespace: cattle-system 16 | valuesContent: |- 17 | ${values} -------------------------------------------------------------------------------- /.taskfiles/kube/templates/netshoot.tmpl.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "${POD_NAME}" 5 | spec: 6 | hostNetwork: true 7 | containers: 8 | - name: shell 9 | image: nicolaka/netshoot 10 | command: 11 | - /bin/sleep 12 | - "36400" 13 | securityContext: 14 | privileged: true 15 | capabilities: 16 | add: 17 | - NET_ADMIN 18 | tty: true 19 | resources: {} 20 | -------------------------------------------------------------------------------- /apps/crossplane/system/base/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.models.frontend 4 | import konfig.files 5 | 6 | import crossplane_shared 7 | import charts.crossplane 8 | 9 | _values = files.read_yaml(file.current(), "values.yaml") 10 | 11 | app = frontend.App { 12 | name = "system" 13 | tenantName = crossplane_shared.tenant.name 14 | 15 | charts.crossplane = crossplane.Chart { 16 | values: _values | crossplane.Values {} 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /apps/kube/reloader/main/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import kube_reloader_base 7 | import charts.reloader 8 | 9 | _baseValues = kube_reloader_base.app.charts.reloader.values 10 | _envValues = files.read_yaml(file.current(), "values.yaml") 11 | _values = objects.json_merge_patch(_baseValues, _envValues) 12 | 13 | app = kube_reloader_base.app | { 14 | charts.reloader.values = _values | reloader.Values {} 15 | } 16 | -------------------------------------------------------------------------------- /apps/kube/reloader/mgmt/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import kube_reloader_base 7 | import charts.reloader 8 | 9 | _baseValues = kube_reloader_base.app.charts.reloader.values 10 | _envValues = files.read_yaml(file.current(), "values.yaml") 11 | _values = objects.json_merge_patch(_baseValues, _envValues) 12 | 13 | app = kube_reloader_base.app | { 14 | charts.reloader.values = _values | reloader.Values {} 15 | } 16 | -------------------------------------------------------------------------------- /terraform/hcloud-robot/extra-manifests/kustomization.yaml.tpl: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - ./namespaces 6 | - ./argocd 7 | - secrets.yaml 8 | - apps.yaml 9 | 10 | patches: 11 | - target: 12 | version: v1 13 | kind: Secret 14 | name: doppler-credentials 15 | patch: |- 16 | - op: add 17 | path: /data 18 | value: 19 | token: ${doppler_token_b64} 20 | -------------------------------------------------------------------------------- /.taskfiles/repo/Taskfile.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://taskfile.dev/schema.json 3 | version: "3" 4 | 5 | tasks: 6 | rename-all: 7 | desc: Rename all files in the repo 8 | summary: | 9 | Args: 10 | FROM: The file to rename 11 | TO: The new name of the file 12 | requires: 13 | vars: [FROM, TO] 14 | cmds: 15 | - find . -type f -name "{{.FROM}}" -exec sh -c 'git mv "$0" "$(dirname "$0")/{{.TO}}"' {} \; 16 | -------------------------------------------------------------------------------- /apps/o11y/loki/base/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.models.frontend 4 | import konfig.files 5 | 6 | import o11y 7 | import charts.loki 8 | 9 | _values = files.read_yaml(file.current(), "values.yaml") 10 | 11 | app = frontend.App { 12 | name = "loki" 13 | tenantName = o11y.tenant.name 14 | 15 | secretStore = o11y.shared.secretStores.default.name 16 | 17 | charts.loki = loki.Chart { 18 | values: _values | loki.Values {} 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /apps/argo/cd/base/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.models.frontend 4 | import konfig.files 5 | 6 | import argo 7 | import charts.argo_cd 8 | 9 | _values = files.read_yaml(file.current(), "values.yaml") 10 | 11 | app = frontend.App { 12 | name = "cd" 13 | tenantName = argo.tenant.name 14 | secretStore = argo.shared.secretStores.default.name 15 | 16 | charts.argo_cd = argo_cd.Chart { 17 | values: _values | argo_cd.Values {} 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /apps/cilium/tetragon/main/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import cilium_tetragon_base 7 | import charts.tetragon 8 | 9 | _baseValues = cilium_tetragon_base.app.charts.tetragon.values 10 | _envValues = files.read_yaml(file.current(), "values.yaml") 11 | _values = objects.json_merge_patch(_baseValues, _envValues) 12 | 13 | app = cilium_tetragon_base.app | { 14 | charts.tetragon.values = _values | tetragon.Values {} 15 | } 16 | -------------------------------------------------------------------------------- /apps/cilium/tetragon/mgmt/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import cilium_tetragon_base 7 | import charts.tetragon 8 | 9 | _baseValues = cilium_tetragon_base.app.charts.tetragon.values 10 | _envValues = files.read_yaml(file.current(), "values.yaml") 11 | _values = objects.json_merge_patch(_baseValues, _envValues) 12 | 13 | app = cilium_tetragon_base.app | { 14 | charts.tetragon.values = _values | tetragon.Values {} 15 | } 16 | -------------------------------------------------------------------------------- /apps/kube/dragonfly/base/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import dragonfly 4 | import charts.dragonfly_operator 5 | import konfig.models.frontend 6 | import konfig.files 7 | 8 | _values = files.read_yaml(file.current(), "values.yaml") 9 | 10 | app = frontend.App { 11 | name = "dragonfly" 12 | tenantName = dragonfly.tenant.name 13 | 14 | charts.dragonfly_operator = dragonfly_operator.Chart { 15 | values: _values | dragonfly_operator.Values {} 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /apps/o11y/mimir/base/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.models.frontend 4 | import konfig.files 5 | 6 | import o11y 7 | import charts.mimir 8 | 9 | _values = files.read_yaml(file.current(), "values.yaml") 10 | 11 | app = frontend.App { 12 | name = "mimir" 13 | tenantName = o11y.tenant.name 14 | 15 | secretStore = o11y.shared.secretStores.default.name 16 | 17 | charts.mimir = mimir.Chart { 18 | values: _values | mimir.Values {} 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /apps/o11y/osrs-ge-exporter/base/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.models.frontend 4 | import konfig.files 5 | 6 | import o11y 7 | import charts.osrs_ge_exporter 8 | 9 | _values = files.read_yaml(file.current(), "values.yaml") 10 | 11 | app = frontend.App { 12 | name = "osrs-ge-exporter" 13 | tenantName = o11y.tenant.name 14 | 15 | charts.osrs_ge_exporter = osrs_ge_exporter.Chart { 16 | values: _values | osrs_ge_exporter.Values {} 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /apps/o11y/seaweedfs/main/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import o11y_seaweedfs_base 7 | import charts.seaweedfs 8 | 9 | _baseValues = o11y_seaweedfs_base.app.charts.seaweedfs.values 10 | _envValues = files.read_yaml(file.current(), "values.yaml") 11 | _values = objects.json_merge_patch(_baseValues, _envValues) 12 | 13 | app = o11y_seaweedfs_base.app | { 14 | charts.seaweedfs.values = _values | seaweedfs.Values {} 15 | } 16 | -------------------------------------------------------------------------------- /apps/o11y/tempo/base/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.models.frontend 4 | import konfig.files 5 | 6 | import o11y 7 | import charts.tempo 8 | 9 | _values = files.read_yaml(file.current(), "values.yaml") 10 | 11 | app = frontend.App { 12 | name = "tempo" 13 | tenantName = o11y.tenant.name 14 | 15 | secretStore = o11y.shared.secretStores.default.name 16 | 17 | charts.tempo = tempo.Chart { 18 | values: _values | tempo.Values {} 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /apps/securecodebox/_tenant/shared/main.k: -------------------------------------------------------------------------------- 1 | import securecodebox_tenant 2 | import konfig.models.frontend 3 | 4 | tenant = securecodebox_tenant.tenantConfiguration 5 | 6 | shared = frontend.SharedApp { 7 | secretStores.default = { 8 | name = "securecodebox" 9 | provider.doppler.auth.secretRef.dopplerToken = { 10 | name = "doppler-credentials" 11 | key = "token" 12 | namespace = "kube-system" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /apps/starr/configarr/main/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import starr_configarr_base 7 | import charts.configarr 8 | 9 | _baseValues = starr_configarr_base.app.charts.configarr.values 10 | _envValues = files.read_yaml(file.current(), "values.yaml") 11 | _values = objects.json_merge_patch(_baseValues, _envValues) 12 | 13 | app = starr_configarr_base.app | { 14 | charts.configarr.values = _values | configarr.Values {} 15 | } 16 | -------------------------------------------------------------------------------- /apps/.template/templates/app/base/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.models.frontend 4 | import konfig.files 5 | 6 | import {{.TenantName}} 7 | import charts.{{.AppName}} 8 | 9 | _values = files.read_yaml(file.current(), "values.yaml") 10 | 11 | app = frontend.App { 12 | name = "{{.AppName}}" 13 | tenantName = {{.TenantName}}.tenant.name 14 | 15 | charts.{{.AppName}} = {{.AppName}}.Chart { 16 | values: _values | {{.AppName}}.Values {} 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /apps/cnpg/system/main/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import cnpg_system_base 7 | import charts.cloudnative_pg 8 | 9 | _baseValues = cnpg_system_base.app.charts.cloudnative_pg.values 10 | _envValues = files.read_yaml(file.current(), "values.yaml") 11 | _values = objects.json_merge_patch(_baseValues, _envValues) 12 | 13 | app = cnpg_system_base.app | { 14 | charts.cloudnative_pg.values = _values | cloudnative_pg.Values {} 15 | } 16 | -------------------------------------------------------------------------------- /apps/cnpg/system/mgmt/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import cnpg_system_base 7 | import charts.cloudnative_pg 8 | 9 | _baseValues = cnpg_system_base.app.charts.cloudnative_pg.values 10 | _envValues = files.read_yaml(file.current(), "values.yaml") 11 | _values = objects.json_merge_patch(_baseValues, _envValues) 12 | 13 | app = cnpg_system_base.app | { 14 | charts.cloudnative_pg.values = _values | cloudnative_pg.Values {} 15 | } 16 | -------------------------------------------------------------------------------- /.taskfiles/terraform/Taskfile.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://taskfile.dev/schema.json 3 | version: "3" 4 | 5 | tasks: 6 | validate: 7 | desc: Validate Terraform 8 | dir: "{{.TERRAFORM_DIR}}/{{.MODULE}}" 9 | sources: 10 | - "{{.TERRAFORM_DIR}}/{{.MODULE}}/**/*" 11 | cmds: 12 | - cmd: echo "Validating {{.TERRAFORM_DIR}}/{{.MODULE}}" 13 | silent: true 14 | - terraform validate . 15 | requires: 16 | vars: [MODULE] 17 | -------------------------------------------------------------------------------- /apps/truenas/command/main/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import truenas_command_base 7 | import charts.truecommand 8 | 9 | _baseValues = truenas_command_base.app.charts.truecommand.values 10 | _envValues = files.read_yaml(file.current(), "values.yaml") 11 | _values = objects.json_merge_patch(_baseValues, _envValues) 12 | 13 | app = truenas_command_base.app | { 14 | charts.truecommand.values = _values | truecommand.Values {} 15 | } 16 | -------------------------------------------------------------------------------- /apps/crossplane/system/main/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import crossplane_system_base 7 | import charts.crossplane 8 | 9 | _baseValues = crossplane_system_base.app.charts.crossplane.values 10 | _envValues = files.read_yaml(file.current(), "values.yaml") 11 | _values = objects.json_merge_patch(_baseValues, _envValues) 12 | 13 | app = crossplane_system_base.app | { 14 | charts.crossplane.values = _values | crossplane.Values {} 15 | } 16 | -------------------------------------------------------------------------------- /apps/crossplane/system/mgmt/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import crossplane_system_base 7 | import charts.crossplane 8 | 9 | _baseValues = crossplane_system_base.app.charts.crossplane.values 10 | _envValues = files.read_yaml(file.current(), "values.yaml") 11 | _values = objects.json_merge_patch(_baseValues, _envValues) 12 | 13 | app = crossplane_system_base.app | { 14 | charts.crossplane.values = _values | crossplane.Values {} 15 | } 16 | -------------------------------------------------------------------------------- /apps/kube/descheduler/main/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import kube_descheduler_base 7 | import charts.descheduler 8 | 9 | _baseValues = kube_descheduler_base.app.charts.descheduler.values 10 | _envValues = files.read_yaml(file.current(), "values.yaml") 11 | _values = objects.json_merge_patch(_baseValues, _envValues) 12 | 13 | app = kube_descheduler_base.app | { 14 | charts.descheduler.values = _values | descheduler.Values {} 15 | } 16 | -------------------------------------------------------------------------------- /apps/kube/descheduler/mgmt/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import kube_descheduler_base 7 | import charts.descheduler 8 | 9 | _baseValues = kube_descheduler_base.app.charts.descheduler.values 10 | _envValues = files.read_yaml(file.current(), "values.yaml") 11 | _values = objects.json_merge_patch(_baseValues, _envValues) 12 | 13 | app = kube_descheduler_base.app | { 14 | charts.descheduler.values = _values | descheduler.Values {} 15 | } 16 | -------------------------------------------------------------------------------- /apps/starr/qbt/base/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.models.frontend.secret 4 | import konfig.files 5 | 6 | values = files.read_yaml(file.current(), "values.yaml") 7 | 8 | oidcClient = secret.ExternalSecret { 9 | name = "qbt-oidc-client" 10 | data: { 11 | "client-id" = { 12 | remoteRef.key = "STARR_AUTH0_CLIENT_ID" 13 | } 14 | "client-secret" = { 15 | remoteRef.key = "STARR_AUTH0_CLIENT_SECRET" 16 | } 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /apps/truenas/_tenant/base/main.k: -------------------------------------------------------------------------------- 1 | import konfig.models.frontend 2 | import konfig.models.frontend.gateway 3 | 4 | tenantConfiguration = frontend.Tenant { 5 | name = "truenas" 6 | gateways.default = gateway.Gateway { 7 | name = "cluster-gateway" 8 | namespace = "envoy-gateway" 9 | } 10 | gateways.public = gateway.Gateway { 11 | name = "public-gateway" 12 | namespace = "envoy-gateway" 13 | } 14 | oidcIssuer = "https://auth.jacobcolvin.com" 15 | } 16 | -------------------------------------------------------------------------------- /konfig/models/utils/dashboard_builder.k: -------------------------------------------------------------------------------- 1 | import file 2 | import models.frontend.grafana 3 | 4 | DashboardPathBuilder = lambda path: str -> {str:grafana.GrafanaDashboard} { 5 | _path = path.rstrip("/") 6 | _ext = ".json" 7 | _dashboards = file.glob("{}/*{}".format(_path, _ext)) 8 | { 9 | _f.removeprefix(_path).removesuffix(_ext).strip("/"): grafana.GrafanaDashboard { 10 | json = file.read(_f) 11 | } 12 | for _i, _f in _dashboards 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /docs/truenas-scale/robot01/setup.md: -------------------------------------------------------------------------------- 1 | # Setup 2 | 3 | Not IAC because the TF providers don't work really well. Maybe one day. 4 | 5 | Create a shared macvlan network for docker containers: 6 | 7 | ``` 8 | docker network create -d macvlan \ 9 | --subnet=10.42.2.0/24 \ 10 | -o parent=vlan4000 \ 11 | shared_macvlan 12 | ``` 13 | 14 | For some reason you can't set `fe80::1` as a default route. So, add a post-init command: 15 | 16 | ``` 17 | ip -6 route replace default via fe80::1 dev eno1 18 | ``` 19 | -------------------------------------------------------------------------------- /apps/starr/radarr/base/tofu/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "kubernetes" { 3 | secret_suffix = "providerconfig" 4 | namespace = "starr-radarr" 5 | in_cluster_config = true 6 | } 7 | required_providers { 8 | radarr = { 9 | source = "devopsarr/radarr" 10 | version = "2.3.4" 11 | } 12 | } 13 | } 14 | 15 | provider "radarr" { 16 | url = "http://radarr.starr-radarr.svc.cluster.local:7878" 17 | api_key = file("${path.module}/radarr-apikey") 18 | } 19 | -------------------------------------------------------------------------------- /apps/starr/sonarr/base/tofu/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "kubernetes" { 3 | secret_suffix = "providerconfig" 4 | namespace = "starr-sonarr" 5 | in_cluster_config = true 6 | } 7 | required_providers { 8 | sonarr = { 9 | source = "devopsarr/sonarr" 10 | version = "3.4.0" 11 | } 12 | } 13 | } 14 | 15 | provider "sonarr" { 16 | url = "http://sonarr.starr-sonarr.svc.cluster.local:8989" 17 | api_key = file("${path.module}/sonarr-apikey") 18 | } 19 | -------------------------------------------------------------------------------- /apps/kube/dragonfly/mgmt/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import kube_dragonfly_base 7 | import charts.dragonfly_operator 8 | 9 | _baseValues = kube_dragonfly_base.app.charts.dragonfly_operator.values 10 | _envValues = files.read_yaml(file.current(), "values.yaml") 11 | _values = objects.json_merge_patch(_baseValues, _envValues) 12 | 13 | app = kube_dragonfly_base.app | { 14 | charts.dragonfly_operator.values = _values | dragonfly_operator.Values {} 15 | } 16 | -------------------------------------------------------------------------------- /apps/securecodebox/seaweedfs/main/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import securecodebox_seaweedfs_base 7 | import charts.seaweedfs 8 | 9 | _baseValues = securecodebox_seaweedfs_base.app.charts.seaweedfs.values 10 | _envValues = files.read_yaml(file.current(), "values.yaml") 11 | _values = objects.json_merge_patch(_baseValues, _envValues) 12 | 13 | app = securecodebox_seaweedfs_base.app | { 14 | charts.seaweedfs.values = _values | seaweedfs.Values {} 15 | } 16 | -------------------------------------------------------------------------------- /apps/kube/metrics-server/base/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.models.frontend 4 | import konfig.models.templates.networkpolicy 5 | import konfig.files 6 | 7 | import kube 8 | import charts.metrics_server 9 | 10 | _values = files.read_yaml(file.current(), "values.yaml") 11 | 12 | app = frontend.App { 13 | name = "metrics-server" 14 | tenantName = kube.tenant.name 15 | 16 | charts.metrics_server = metrics_server.Chart { 17 | values = _values | metrics_server.Values {} 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /apps/kube/metrics-server/main/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import kube_metrics_server_base 7 | import charts.metrics_server 8 | 9 | _baseValues = kube_metrics_server_base.app.charts.metrics_server.values 10 | _envValues = files.read_yaml(file.current(), "values.yaml") 11 | _values = objects.json_merge_patch(_baseValues, _envValues) 12 | 13 | app = kube_metrics_server_base.app | { 14 | charts.metrics_server.values = _values | metrics_server.Values {} 15 | } 16 | -------------------------------------------------------------------------------- /apps/kube/metrics-server/mgmt/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import kube_metrics_server_base 7 | import charts.metrics_server 8 | 9 | _baseValues = kube_metrics_server_base.app.charts.metrics_server.values 10 | _envValues = files.read_yaml(file.current(), "values.yaml") 11 | _values = objects.json_merge_patch(_baseValues, _envValues) 12 | 13 | app = kube_metrics_server_base.app | { 14 | charts.metrics_server.values = _values | metrics_server.Values {} 15 | } 16 | -------------------------------------------------------------------------------- /apps/o11y/seaweedfs/base/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/seaweedfs/values.schema.json 2 | 3 | master: 4 | logs: &logs 5 | type: emptyDir 6 | 7 | filer: 8 | logs: *logs 9 | s3: 10 | enabled: true 11 | enableAuth: true 12 | createBuckets: 13 | - name: mimir-blocks 14 | - name: mimir-alertmanager 15 | - name: mimir-ruler 16 | - name: loki-chunks 17 | - name: loki-ruler 18 | - name: tempo-traces 19 | 20 | volume: 21 | logs: *logs 22 | -------------------------------------------------------------------------------- /apps/starr/radarr/main/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import cluster 7 | import starr_radarr_base 8 | import charts.radarr 9 | 10 | _baseValues = starr_radarr_base.app.charts.radarr.values 11 | _envValues = files.read_yaml(file.current(), "values.yaml") 12 | _values = objects.json_merge_patch(_baseValues, _envValues) 13 | 14 | app = starr_radarr_base.app | { 15 | domainName = cluster.DOMAIN_NAME 16 | charts.radarr.values = _values | radarr.Values {} 17 | } 18 | -------------------------------------------------------------------------------- /apps/starr/sonarr/main/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import starr_sonarr_base 7 | import cluster 8 | import charts.sonarr 9 | 10 | _baseValues = starr_sonarr_base.app.charts.sonarr.values 11 | _envValues = files.read_yaml(file.current(), "values.yaml") 12 | _values = objects.json_merge_patch(_baseValues, _envValues) 13 | 14 | app = starr_sonarr_base.app | { 15 | domainName = cluster.DOMAIN_NAME 16 | charts.sonarr.values = _values | sonarr.Values {} 17 | } 18 | -------------------------------------------------------------------------------- /apps/starr/prowlarr/base/tofu/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "kubernetes" { 3 | secret_suffix = "providerconfig" 4 | namespace = "starr-prowlarr" 5 | in_cluster_config = true 6 | } 7 | required_providers { 8 | prowlarr = { 9 | source = "devopsarr/prowlarr" 10 | version = "3.1.0" 11 | } 12 | } 13 | } 14 | 15 | provider "prowlarr" { 16 | url = "http://prowlarr.starr-prowlarr.svc.cluster.local:9696" 17 | api_key = file("${path.module}/prowlarr-apikey") 18 | } 19 | -------------------------------------------------------------------------------- /.katrc.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://jacobcolvin.com/kat/schemas/runtimeconfigs.v1beta1.json 2 | apiVersion: kat.jacobcolvin.com/v1beta1 3 | kind: RuntimeConfig 4 | rules: 5 | - match: files.exists(f, pathExt(f) == ".k") 6 | profile: kcl 7 | profiles: 8 | kcl: 9 | source: >- 10 | files.filter(f, pathExt(f) == ".k" || pathExt(f) == ".mod") 11 | command: kcl 12 | args: [run] 13 | extraArgs: [] 14 | hooks: 15 | init: 16 | - command: kcl 17 | args: [--version] 18 | -------------------------------------------------------------------------------- /konfig/models/mixins/configmap_mixin.k: -------------------------------------------------------------------------------- 1 | import k8s.api.core.v1 2 | import models.utils 3 | import models.resource 4 | import models.protocol 5 | 6 | mixin ConfigMapMixin for protocol.AppProtocol: 7 | if config.configMaps: 8 | kubernetes: resource.ResourceMapping { 9 | ConfigMap = [v1.ConfigMap { 10 | metadata: utils.MetadataBuilder(_c) 11 | data = _c?.data 12 | binaryData = _c?.binaryData 13 | } for _i, _c in config.configMaps] 14 | } 15 | -------------------------------------------------------------------------------- /terraform/home/nas01.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | MiB = 1024 * 1024 3 | GiB = 1024 * local.MiB 4 | TiB = 1024 * local.GiB 5 | } 6 | 7 | resource "random_password" "nas01_encryption_key" { 8 | length = 64 9 | min_lower = 1 10 | min_numeric = 1 11 | min_special = 1 12 | min_upper = 1 13 | } 14 | 15 | resource "doppler_secret" "nas01_encryption_key" { 16 | project = "terraform" 17 | config = "main_home" 18 | name = "NAS01_ENCRYPTION_KEY" 19 | value = random_password.nas01_encryption_key.result 20 | } 21 | -------------------------------------------------------------------------------- /apps/o11y/osrs-ge-exporter/main/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import o11y_osrs_ge_exporter_base 7 | import charts.osrs_ge_exporter 8 | 9 | _baseValues = o11y_osrs_ge_exporter_base.app.charts.osrs_ge_exporter.values 10 | _envValues = files.read_yaml(file.current(), "values.yaml") 11 | _values = objects.json_merge_patch(_baseValues, _envValues) 12 | 13 | app = o11y_osrs_ge_exporter_base.app | { 14 | charts.osrs_ge_exporter.values = _values | osrs_ge_exporter.Values {} 15 | } 16 | -------------------------------------------------------------------------------- /apps/starr/prowlarr/main/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import cluster 7 | import starr_prowlarr_base 8 | import charts.prowlarr 9 | 10 | _baseValues = starr_prowlarr_base.app.charts.prowlarr.values 11 | _envValues = files.read_yaml(file.current(), "values.yaml") 12 | _values = objects.json_merge_patch(_baseValues, _envValues) 13 | 14 | app = starr_prowlarr_base.app | { 15 | domainName = cluster.DOMAIN_NAME 16 | charts.prowlarr.values = _values | prowlarr.Values {} 17 | } 18 | -------------------------------------------------------------------------------- /apps/.template/templates/app/main/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import {{.TenantName}}_{{.AppName}}_base 7 | import charts.{{.AppName}} 8 | 9 | _baseValues = {{.TenantName}}_{{.AppName}}_base.app.charts.{{.AppName}}.values 10 | _envValues = files.read_yaml(file.current(), "values.yaml") 11 | _values = objects.json_merge_patch(_baseValues, _envValues) 12 | 13 | app = {{.TenantName}}_{{.AppName}}_base.app | { 14 | charts.{{.AppName}}.values = _values | {{.AppName}}.Values {} 15 | } 16 | -------------------------------------------------------------------------------- /apps/.template/templates/app/mgmt/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import {{.TenantName}}_{{.AppName}}_base 7 | import charts.{{.AppName}} 8 | 9 | _baseValues = {{.TenantName}}_{{.AppName}}_base.app.charts.{{.AppName}}.values 10 | _envValues = files.read_yaml(file.current(), "values.yaml") 11 | _values = objects.json_merge_patch(_baseValues, _envValues) 12 | 13 | app = {{.TenantName}}_{{.AppName}}_base.app | { 14 | charts.{{.AppName}}.values = _values | {{.AppName}}.Values {} 15 | } 16 | -------------------------------------------------------------------------------- /apps/o11y/wakatime-exporter/main/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import o11y_wakatime_exporter_base 7 | import charts.wakatime_exporter 8 | 9 | _baseValues = o11y_wakatime_exporter_base.app.charts.wakatime_exporter.values 10 | _envValues = files.read_yaml(file.current(), "values.yaml") 11 | _values = objects.json_merge_patch(_baseValues, _envValues) 12 | 13 | app = o11y_wakatime_exporter_base.app | { 14 | charts.wakatime_exporter.values = _values | wakatime_exporter.Values {} 15 | } 16 | -------------------------------------------------------------------------------- /terraform/home/modules/truenas-k3s/variables.tf: -------------------------------------------------------------------------------- 1 | variable "fqdn" { 2 | type = string 3 | } 4 | 5 | variable "ipv4" { 6 | type = string 7 | } 8 | 9 | variable "ssh_password" { 10 | type = string 11 | } 12 | 13 | variable "argocd_kustomization" { 14 | type = string 15 | } 16 | 17 | variable "argocd_apps_kustomization" { 18 | type = string 19 | } 20 | 21 | variable "doppler_kustomization" { 22 | type = string 23 | } 24 | 25 | variable "doppler_secrets_tpl_doppler_token" { 26 | type = string 27 | sensitive = true 28 | } 29 | -------------------------------------------------------------------------------- /apps/kube/openebs/base/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/openebs/values.schema.json 2 | 3 | engines: 4 | local: 5 | lvm: 6 | enabled: false 7 | zfs: 8 | enabled: false 9 | rawfile: 10 | enabled: false 11 | replicated: 12 | mayastor: 13 | enabled: false 14 | 15 | preUpgradeHook: 16 | image: 17 | registry: docker.io 18 | repo: bitnamilegacy/kubectl 19 | 20 | loki: 21 | enabled: false 22 | 23 | alloy: 24 | enabled: false 25 | 26 | minio: 27 | enabled: false 28 | -------------------------------------------------------------------------------- /apps/public/opencloud/main/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import public_opencloud_base 7 | import cluster 8 | import charts.opencloud 9 | 10 | _baseValues = public_opencloud_base.app.charts.opencloud.values 11 | _envValues = files.read_yaml(file.current(), "values.yaml") 12 | _values = objects.json_merge_patch(_baseValues, _envValues) 13 | 14 | app = public_opencloud_base.app | { 15 | domainName = cluster.DOMAIN_NAME 16 | charts.opencloud.values = _values | opencloud.Values {} 17 | } 18 | -------------------------------------------------------------------------------- /apps/kube/reloader/base/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/reloader/values.schema.json 2 | 3 | reloader: 4 | reloadStrategy: annotations 5 | logFormat: json 6 | enableHA: true 7 | readOnlyRootFileSystem: true 8 | deployment: 9 | replicas: 2 10 | resources: 11 | requests: 12 | cpu: 10m 13 | memory: 128Mi 14 | limits: 15 | cpu: 1000m 16 | memory: 256Mi 17 | podMonitor: 18 | enabled: true 19 | podDisruptionBudget: 20 | enabled: true 21 | minAvailable: 1 22 | -------------------------------------------------------------------------------- /apps/o11y/tempo/main/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/tempo/values.schema.json 2 | 3 | storage: 4 | trace: 5 | backend: s3 6 | s3: 7 | endpoint: seaweedfs-s3.o11y-seaweedfs.svc:8333 8 | access_key: "${S3_ACCESS_KEY}" 9 | secret_key: "${S3_SECRET_KEY}" 10 | bucket: tempo-traces 11 | insecure: true 12 | 13 | metricsGenerator: 14 | config: 15 | storage: 16 | remote_write: 17 | - url: http://mimir-distributed-nginx.o11y-mimir.svc/api/v1/push 18 | send_exemplars: true 19 | -------------------------------------------------------------------------------- /apps/twitch/channel-points-miner/main/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import twitch_channel_points_miner_base 7 | import cluster 8 | import charts.tcpm 9 | 10 | _baseValues = twitch_channel_points_miner_base.app.charts.tcpm.values 11 | _envValues = files.read_yaml(file.current(), "values.yaml") 12 | _values = objects.json_merge_patch(_baseValues, _envValues) 13 | 14 | app = twitch_channel_points_miner_base.app | { 15 | domainName = cluster.DOMAIN_NAME 16 | charts.tcpm.values = _values | tcpm.Values {} 17 | } 18 | -------------------------------------------------------------------------------- /terraform/modules/unifi/clients.tf: -------------------------------------------------------------------------------- 1 | resource "unifi_user" "clients" { 2 | for_each = var.clients 3 | 4 | mac = each.value.mac 5 | name = each.key 6 | note = "Managed by Terraform" 7 | 8 | fixed_ip = lookup(each.value, "ipv4", null) 9 | network_id = lookup(each.value, "vlan", null) 10 | local_dns_record = lookup(each.value, "dns_record", null) != null ? each.value.dns_record : (lookup(each.value, "ipv4", null) != null ? format("%s.%s", each.key, var.domain_name) : null) 11 | dev_id_override = lookup(each.value, "dev_id", null) 12 | } 13 | -------------------------------------------------------------------------------- /apps/o11y/robusta/main/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import o11y_robusta_base 7 | import cluster 8 | import charts.robusta 9 | 10 | _baseValues = o11y_robusta_base.app.charts.robusta.values 11 | _envValues = files.read_yaml(file.current(), "values.yaml") 12 | _values = objects.json_merge_patch(_baseValues, _envValues) 13 | 14 | app = o11y_robusta_base.app | { 15 | domainName = cluster.DOMAIN_NAME 16 | charts.robusta.values = _values | robusta.Values { 17 | clusterName = cluster.NAME 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /apps/twitch/channel-points-miner/base/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/tcpm/values.schema.json 2 | 3 | image: 4 | # https://hub.docker.com/r/rdavidoff/twitch-channel-points-miner-v2 5 | repository: rdavidoff/twitch-channel-points-miner-v2 6 | tag: "2.0.4" 7 | 8 | podAnnotations: 9 | reloader.stakater.com/auto: "true" 10 | 11 | configMaps: 12 | config: 13 | enabled: false 14 | 15 | persistence: 16 | config: 17 | enabled: true 18 | name: twitch-config 19 | cookie: 20 | enabled: true 21 | name: twitch-cookie 22 | -------------------------------------------------------------------------------- /terraform/hcloud-robot/modules/k3s/kustomize/kured.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: DaemonSet 3 | metadata: 4 | name: kured 5 | namespace: kube-system 6 | spec: 7 | selector: 8 | matchLabels: 9 | name: kured 10 | template: 11 | metadata: 12 | labels: 13 | name: kured 14 | spec: 15 | serviceAccountName: kured 16 | containers: 17 | - name: kured 18 | command: 19 | - /usr/bin/kured 20 | - --reboot-command=/usr/bin/systemctl reboot 21 | - --pre-reboot-node-labels=kured=rebooting 22 | -------------------------------------------------------------------------------- /terraform/home/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | unifi = { 4 | source = "akerl/unifi" 5 | version = "1.0.4" 6 | } 7 | doppler = { 8 | source = "dopplerhq/doppler" 9 | version = "1.21.0" 10 | } 11 | } 12 | } 13 | 14 | provider "unifi" { 15 | username = var.unifi_username 16 | password = var.unifi_password 17 | api_url = var.unifi_api_url 18 | site = var.unifi_site 19 | allow_insecure = true 20 | } 21 | 22 | provider "doppler" { 23 | doppler_token = var.doppler_token 24 | } 25 | -------------------------------------------------------------------------------- /apps/o11y/k8s-monitoring/main/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.files 4 | import konfig.objects 5 | 6 | import o11y_k8s_monitoring_base 7 | import charts.k8s_monitoring 8 | import cluster 9 | 10 | _baseValues = o11y_k8s_monitoring_base.app.charts.k8s_monitoring.values 11 | _envValues = files.read_yaml(file.current(), "values.yaml") 12 | _values = objects.json_merge_patch(_baseValues, _envValues) 13 | 14 | app = o11y_k8s_monitoring_base.app | { 15 | charts.k8s_monitoring.values = _values | k8s_monitoring.Values { 16 | cluster.name = cluster.NAME 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /apps/securecodebox/system/main/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/securecodebox/values.schema.json 2 | 3 | s3: 4 | enabled: true 5 | endpoint: "seaweedfs-s3.securecodebox-seaweedfs.svc" 6 | bucket: securecodebox 7 | port: 8333 8 | tls: 9 | enabled: false 10 | authType: access-secret-key 11 | keySecret: s3-config 12 | secretAttributeNames: 13 | accesskey: S3_ACCESS_KEY 14 | secretkey: S3_SECRET_KEY 15 | 16 | resources: 17 | requests: 18 | cpu: 10m 19 | memory: 100Mi 20 | limits: 21 | cpu: 100m 22 | memory: 100Mi 23 | -------------------------------------------------------------------------------- /terraform/hcloud-robot/modules/k3s/kustomize/system-upgrade-controller.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: system-upgrade-controller 5 | namespace: system-upgrade 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: system-upgrade-controller 11 | volumeMounts: 12 | - name: ca-certificates 13 | mountPath: /var/lib/ca-certificates 14 | volumes: 15 | - name: ca-certificates 16 | hostPath: 17 | path: /var/lib/ca-certificates 18 | type: Directory 19 | -------------------------------------------------------------------------------- /apps/cilium/system/main/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/cilium/values.schema.json 2 | 3 | cluster: 4 | name: main 5 | id: 2 6 | 7 | k8sClientRateLimit: 8 | qps: 10 9 | burst: 20 10 | 11 | ingressController: 12 | enabled: true 13 | loadbalancerMode: shared 14 | defaultSecretNamespace: "external-certs" 15 | defaultSecretName: "cluster-ingress" 16 | 17 | bpf: 18 | preallocateMaps: true 19 | distributedLRU: 20 | enabled: true 21 | # https://docs.cilium.io/en/stable/operations/performance/tuning/#ebpf-map-backend-memory 22 | mapDynamicSizeRatio: 0.02 23 | -------------------------------------------------------------------------------- /docs/storage/rclone-copy.md: -------------------------------------------------------------------------------- 1 | # Rclone Copy 2 | 3 | ## S3 Upload Large Files 4 | 5 | ```bash 6 | rclone copy -v \ ## -v = Prints Status 7 | --size-only \ ## Reduces S3 cost. 8 | --fast-list \ ## Reduces S3 cost. 9 | --transfers 1 \ ## Large files should be transferred one at a time. 10 | --retries 10 \ ## 11 | --retries-sleep 60s \ ## 12 | --bwlimit 2M:off \ ## Limits the upload speed to 2MB/s 13 | /userdata/Backups s3-bucket: 14 | ``` 15 | 16 | ## Download 17 | 18 | ```sh 19 | rclone copy -v remote:/ /userdata/folder 20 | ``` 21 | -------------------------------------------------------------------------------- /terraform/hcloud-robot/variables.tf: -------------------------------------------------------------------------------- 1 | variable "ipv4_address" { 2 | description = "IPv4 address" 3 | type = string 4 | } 5 | 6 | variable "ssh_public_key" { 7 | description = "SSH public Key" 8 | type = string 9 | } 10 | 11 | variable "ssh_private_key" { 12 | description = "SSH private Key" 13 | type = string 14 | sensitive = true 15 | } 16 | 17 | variable "ssh_additional_public_keys" { 18 | description = "Additional SSH public Keys. Use them to grant other team members root access to your cluster nodes" 19 | type = list(string) 20 | default = [] 21 | } 22 | -------------------------------------------------------------------------------- /apps/external/secrets/base/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/external_secrets/values.schema.json 2 | 3 | replicaCount: 2 4 | leaderElect: true 5 | concurrent: 4 6 | 7 | log: 8 | level: info 9 | timeEncoding: &timeEncoding rfc3339nano 10 | 11 | serviceMonitor: 12 | enabled: true 13 | 14 | webhook: 15 | replicaCount: 2 16 | log: 17 | level: info 18 | timeEncoding: *timeEncoding 19 | certManager: 20 | enabled: false 21 | 22 | certController: 23 | requeueInterval: "5m" 24 | replicaCount: 2 25 | log: 26 | level: info 27 | timeEncoding: *timeEncoding 28 | -------------------------------------------------------------------------------- /terraform/home/modules/mikrotik/main.tf: -------------------------------------------------------------------------------- 1 | resource "routeros_system_logging" "log_remote" { 2 | action = "remote" 3 | prefix = "${var.name}:" 4 | topics = ["bgp", "info", "error", "warning", "critical"] 5 | } 6 | 7 | resource "routeros_system_logging" "log_memory" { 8 | action = "memory" 9 | topics = ["bgp"] 10 | } 11 | 12 | resource "routeros_interface_bridge" "bridge" { 13 | name = "bridge" 14 | auto_mac = false 15 | vlan_filtering = false 16 | comment = "defconf" 17 | } 18 | 19 | resource "routeros_interface_bridge_settings" "settings" { 20 | use_ip_firewall = false 21 | } 22 | -------------------------------------------------------------------------------- /konfig/models/frontend/rbac/role_binding.k: -------------------------------------------------------------------------------- 1 | import k8s.api.rbac.v1 as rbacv1 2 | import models.frontend.common 3 | 4 | schema RoleBinding(common.Metadata): 5 | """ 6 | Attributes 7 | ---------- 8 | subjects: [Subject], default is Undefined, optional 9 | Subjects holds references to the objects the role applies to. 10 | roleRef: RoleRef, default is Undefined, required 11 | RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. 12 | """ 13 | subjects?: [rbacv1.Subject] 14 | roleRef: rbacv1.RoleRef 15 | -------------------------------------------------------------------------------- /konfig/models/frontend/gateway/security_policy.k: -------------------------------------------------------------------------------- 1 | import charts.envoy_gateway.api.v1 as gatewayv1 2 | import charts.envoy_gateway.api.v1alpha1 as gatewayv1alpha1 3 | import models.frontend.common 4 | 5 | schema SecurityPolicy(common.Metadata): 6 | """ 7 | Abstraction of SecurityPolicy configuration. 8 | 9 | Attributes 10 | ---------- 11 | oidcClientRef: 12 | Name of the Kubernetes Secret containing the OIDC Client credentials. 13 | Must have keys "client-id" and "client-secret". 14 | """ 15 | oidcClientRef: str 16 | oidcIssuer: str 17 | redirectURL?: str 18 | logoutPath?: str 19 | -------------------------------------------------------------------------------- /apps/public/homepage/base/config/settings.yaml: -------------------------------------------------------------------------------- 1 | # https://gethomepage.dev/configs/settings/ 2 | 3 | title: Unknown Home 4 | layout: 5 | Apps: 6 | icon: mdi-apps 7 | Observability: 8 | icon: mdi-chart-bell-curve-cumulative 9 | Cluster Management: 10 | icon: mdi-tools 11 | Media: 12 | icon: mdi-multimedia 13 | background: 14 | blur: sm # sm, "", md, xl... see https://tailwindcss.com/docs/backdrop-blur 15 | # saturate: 50 # 0, 50, 100... see https://tailwindcss.com/docs/backdrop-saturate 16 | brightness: 75 17 | theme: dark 18 | quicklaunch: 19 | searchDescriptions: true 20 | showSearchSuggestions: true 21 | -------------------------------------------------------------------------------- /konfig/models/mixins/serviceaccount_mixin.k: -------------------------------------------------------------------------------- 1 | import k8s.api.core.v1 2 | import models.utils 3 | import models.resource 4 | import models.protocol 5 | 6 | mixin ServiceAccountMixin for protocol.AppProtocol: 7 | if config.serviceAccounts: 8 | kubernetes: resource.ResourceMapping { 9 | ServiceAccount = [v1.ServiceAccount { 10 | metadata: utils.MetadataBuilder(_s) | { 11 | name = _s.name 12 | } 13 | imagePullSecrets = _s.imagePullSecrets 14 | secrets = _s.secrets 15 | } for _i, _s in config.serviceAccounts] 16 | } 17 | -------------------------------------------------------------------------------- /konfig/models/frontend/gateway/route.k: -------------------------------------------------------------------------------- 1 | import charts.envoy_gateway.api.v1 as gatewayv1 2 | import models.frontend.common 3 | 4 | schema Route(common.Metadata): 5 | names?: [str] = [] 6 | hostnames?: [str] = [] 7 | gatewayRef?: Gateway 8 | parentRefs?: [gatewayv1.GatewayNetworkingK8sIoV1HTTPRouteSpecParentRefsItems0] 9 | services?: {str:gatewayv1.GatewayNetworkingK8sIoV1HTTPRouteSpecRulesItems0BackendRefsItems0} = {} 10 | security?: SecurityPolicy 11 | homepage?: Homepage 12 | 13 | schema Homepage: 14 | name?: str 15 | description?: str 16 | group?: str 17 | icon?: str 18 | weight?: int = 0 19 | -------------------------------------------------------------------------------- /docs/storage/drive-erasure.md: -------------------------------------------------------------------------------- 1 | # Drive Erasure 2 | 3 | My "good enough" methods. 4 | 5 | ## HDD 6 | 7 | ```sh 8 | dd bs=1M status=progress oflag=direct conv=fsync if=/dev/zero of=/dev/sdX 9 | ``` 10 | 11 | ## SATA SSD 12 | 13 | ```sh 14 | dd bs=1M status=progress if=/dev/urandom of=/dev/sdX 15 | blkdiscard -v -f /dev/sdX 16 | ``` 17 | 18 | ## NVMe SSD 19 | 20 | ```sh 21 | apt-get install nvme-cli 22 | nvme list 23 | nvme format -s2 /dev/nvme0nX 24 | ``` 25 | 26 | ## Verification 27 | 28 | ```sh 29 | dd if=/dev/sdX bs=1M skip=500000 count=1 | hexdump -C 30 | ``` 31 | 32 | ```sh 33 | apt-get install testdisk 34 | sudo photorec 35 | ``` 36 | -------------------------------------------------------------------------------- /apps/external/dns/main/main.k: -------------------------------------------------------------------------------- 1 | import external_dns_base 2 | import charts.external_dns 3 | 4 | app = external_dns_base.app | { 5 | externalSecrets: { 6 | cloudflareCreds = external_dns_base.cloudflareCreds 7 | unifiCreds = external_dns_base.unifiCreds 8 | } 9 | charts: { 10 | external_dns_unifi = external_dns.Chart { 11 | values: external_dns_base.unifiValues | { 12 | extraArgs = [ 13 | "--crd-source-apiversion=externaldns.k8s.io/v1alpha1" 14 | "--crd-source-kind=DNSEndpoint" 15 | ] 16 | } 17 | } 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /apps/external/dns/mgmt/main.k: -------------------------------------------------------------------------------- 1 | import external_dns_base 2 | import charts.external_dns 3 | 4 | app = external_dns_base.app | { 5 | externalSecrets: { 6 | cloudflareCreds = external_dns_base.cloudflareCreds 7 | unifiCreds = external_dns_base.unifiCreds 8 | } 9 | charts: { 10 | external_dns_unifi = external_dns.Chart { 11 | values: external_dns_base.unifiValues | { 12 | extraArgs = [ 13 | "--crd-source-apiversion=externaldns.k8s.io/v1alpha1" 14 | "--crd-source-kind=DNSEndpoint" 15 | ] 16 | } 17 | } 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /terraform/hcloud-robot/modules/k3s/templates/calico.yaml.tpl: -------------------------------------------------------------------------------- 1 | kind: DaemonSet 2 | apiVersion: apps/v1 3 | metadata: 4 | name: calico-node 5 | namespace: kube-system 6 | labels: 7 | k8s-app: calico-node 8 | spec: 9 | template: 10 | spec: 11 | volumes: 12 | # Used to install Flex Volume Driver 13 | - name: flexvol-driver-host 14 | hostPath: 15 | type: DirectoryOrCreate 16 | path: /var/lib/kubelet/volumeplugins/nodeagent~uds 17 | containers: 18 | - name: calico-node 19 | env: 20 | - name: CALICO_IPV4POOL_CIDR 21 | value: "${cluster_cidr_ipv4}" 22 | -------------------------------------------------------------------------------- /konfig/models/mixins/chart_mixin.k: -------------------------------------------------------------------------------- 1 | import models.resource 2 | import models.protocol 3 | 4 | import helm 5 | 6 | mixin ChartMixin for protocol.AppProtocol: 7 | if config.charts: 8 | kubernetes: resource.ResourceMapping { 9 | Chart = [ 10 | _obj 11 | for _, _chart in config.charts 12 | for _, _obj in helm.template(_chartBuilder(config, _chart)) 13 | ] 14 | } 15 | 16 | _chartBuilder = lambda config: any, chart: helm.Chart -> helm.Chart { 17 | _chart = chart 18 | if isnullish(_chart?.namespace): 19 | _chart.namespace = config.namespace 20 | _chart 21 | } 22 | -------------------------------------------------------------------------------- /clusters/main/talsecret.yaml: -------------------------------------------------------------------------------- 1 | cluster: 2 | id: ${CLUSTER_ID} 3 | secret: ${CLUSTER_SECRET} 4 | secrets: 5 | bootstraptoken: ${SECRETS_BOOTSTRAPTOKEN} 6 | secretboxencryptionsecret: ${SECRETS_SECRETBOXENCRYPTIONKEY} 7 | trustdinfo: 8 | token: ${TRUSTDINFO_TOKEN} 9 | certs: 10 | etcd: 11 | crt: ${CERTS_ETCD_CRT} 12 | key: ${CERTS_ETCD_KEY} 13 | k8s: 14 | crt: ${CERTS_K8S_CRT} 15 | key: ${CERTS_K8S_KEY} 16 | k8saggregator: 17 | crt: ${CERTS_K8SAGGREGATOR_CRT} 18 | key: ${CERTS_K8SAGGREGATOR_KEY} 19 | k8sserviceaccount: 20 | key: ${CERTS_K8SSERVICEACCOUNT_KEY} 21 | os: 22 | crt: ${CERTS_OS_CRT} 23 | key: ${CERTS_OS_KEY} 24 | -------------------------------------------------------------------------------- /terraform/home/variables.tf: -------------------------------------------------------------------------------- 1 | variable "nas01_fqdn" { 2 | type = string 3 | } 4 | 5 | variable "nas01_ipv4" { 6 | type = string 7 | } 8 | 9 | variable "nas01_api_key" { 10 | type = string 11 | sensitive = true 12 | } 13 | 14 | variable "domain_name" { 15 | type = string 16 | } 17 | 18 | variable "unifi_username" { 19 | type = string 20 | } 21 | 22 | variable "unifi_password" { 23 | type = string 24 | sensitive = true 25 | } 26 | 27 | variable "unifi_api_url" { 28 | type = string 29 | } 30 | 31 | variable "unifi_site" { 32 | type = string 33 | } 34 | 35 | variable "doppler_token" { 36 | type = string 37 | sensitive = true 38 | } 39 | -------------------------------------------------------------------------------- /apps/cilium/tetragon/base/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/tetragon/values.schema.json 2 | 3 | tetragonOperator: 4 | replicas: 2 5 | failoverLease: 6 | enabled: true 7 | podInfo: 8 | enabled: true 9 | 10 | tetragon: 11 | enableProcessCred: true 12 | enableProcessNs: true 13 | 14 | prometheus: 15 | serviceMonitor: 16 | enabled: true 17 | 18 | exportAllowList: |- 19 | {"event_set":["PROCESS_EXEC", "PROCESS_EXIT", "PROCESS_KPROBE", "PROCESS_UPROBE", "PROCESS_TRACEPOINT", "PROCESS_LSM"]} 20 | 21 | exportDenyList: |- 22 | {"health_check":true} 23 | {"namespace":["cilium-system","cilium-tetragon",""]} 24 | -------------------------------------------------------------------------------- /clusters/mgmt/talsecret.yaml: -------------------------------------------------------------------------------- 1 | cluster: 2 | id: ${CLUSTER_ID} 3 | secret: ${CLUSTER_SECRET} 4 | secrets: 5 | bootstraptoken: ${SECRETS_BOOTSTRAPTOKEN} 6 | secretboxencryptionsecret: ${SECRETS_SECRETBOXENCRYPTIONSECRET} 7 | trustdinfo: 8 | token: ${TRUSTDINFO_TOKEN} 9 | certs: 10 | etcd: 11 | crt: ${CERTS_ETCD_CRT} 12 | key: ${CERTS_ETCD_KEY} 13 | k8s: 14 | crt: ${CERTS_K8S_CRT} 15 | key: ${CERTS_K8S_KEY} 16 | k8saggregator: 17 | crt: ${CERTS_K8SAGGREGATOR_CRT} 18 | key: ${CERTS_K8SAGGREGATOR_KEY} 19 | k8sserviceaccount: 20 | key: ${CERTS_K8SSERVICEACCOUNT_KEY} 21 | os: 22 | crt: ${CERTS_OS_CRT} 23 | key: ${CERTS_OS_KEY} 24 | -------------------------------------------------------------------------------- /bootstrap/core/main/main.k: -------------------------------------------------------------------------------- 1 | import bootstrap 2 | import cilium_system 3 | import kube_csr_approver 4 | 5 | _cluster_name = "main" 6 | 7 | app = bootstrap.app | { 8 | extraResources: { 9 | kube_csr_approver_ns = bootstrap.kube_csr_approver_ns 10 | cilium_system_ns = bootstrap.cilium_system_ns 11 | } 12 | 13 | charts.kubelet_csr_approver = kube_csr_approver.app.charts.kubelet_csr_approver | { 14 | namespace = bootstrap.kube_csr_approver_ns.metadata.name 15 | skipHooks = True 16 | } 17 | 18 | charts.cilium = cilium_system.app.charts.cilium | { 19 | namespace = bootstrap.cilium_system_ns.metadata.name 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /bootstrap/core/robot/main.k: -------------------------------------------------------------------------------- 1 | import bootstrap 2 | import cilium_system 3 | import kube_csr_approver 4 | 5 | _cluster_name = "robot" 6 | 7 | app = bootstrap.app | { 8 | extraResources: { 9 | kube_csr_approver_ns = bootstrap.kube_csr_approver_ns 10 | cilium_system_ns = bootstrap.cilium_system_ns 11 | } 12 | 13 | charts.kubelet_csr_approver = kube_csr_approver.app.charts.kubelet_csr_approver | { 14 | namespace = bootstrap.kube_csr_approver_ns.metadata.name 15 | skipHooks = True 16 | } 17 | 18 | charts.cilium = cilium_system.app.charts.cilium | { 19 | namespace = bootstrap.cilium_system_ns.metadata.name 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /terraform/hcloud-robot/extra-manifests/apps.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: apps 5 | namespace: argocd 6 | spec: 7 | project: default 8 | source: 9 | repoURL: 'https://github.com/MacroPower/homelab' 10 | path: applications/environments/seedbox 11 | directory: 12 | exclude: spec.json 13 | jsonnet: 14 | libs: 15 | - applications/vendor 16 | - applications/lib 17 | targetRevision: main 18 | destination: 19 | server: 'https://kubernetes.default.svc' 20 | namespace: argocd 21 | syncPolicy: 22 | automated: 23 | prune: false 24 | selfHeal: false 25 | -------------------------------------------------------------------------------- /apps/o11y/k8s-monitoring/base/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.models.frontend 4 | import konfig.files 5 | 6 | import o11y 7 | import charts.k8s_monitoring 8 | 9 | _values = files.read_yaml(file.current(), "values.yaml") 10 | 11 | _kubernetesMixin = files.read_yaml(file.current(), "rules/kubernetes-mixin.yaml") 12 | 13 | app = frontend.App { 14 | name = "k8s-monitoring" 15 | tenantName = o11y.tenant.name 16 | 17 | secretStore = o11y.shared.secretStores.default.name 18 | 19 | charts.k8s_monitoring = k8s_monitoring.Chart { 20 | values: _values | k8s_monitoring.Values {} 21 | } 22 | 23 | extraResources.kubernetesMixin = _kubernetesMixin 24 | } 25 | -------------------------------------------------------------------------------- /bootstrap/core/base/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import k8s.api.core.v1 as corev1 4 | 5 | import konfig.models.frontend 6 | import konfig.models.frontend.secret 7 | 8 | kube_csr_approver_ns = corev1.Namespace { 9 | metadata.name = "kube-csr-approver" 10 | } 11 | cilium_system_ns = corev1.Namespace { 12 | metadata.name = "cilium-system" 13 | } 14 | 15 | app = frontend.App { 16 | name = "bootstrap" 17 | tenantName = "default" 18 | 19 | secrets.doppler_credentials = secret.Secret { 20 | name = "doppler-credentials" 21 | namespace = "kube-system" 22 | stringData = { 23 | token = file.read_env("DOPPLER_TOKEN") 24 | } 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /konfig/models/mixins/networkpolicy_mixin.k: -------------------------------------------------------------------------------- 1 | import charts.cilium.api.v2 as ciliumv2 2 | import models.utils 3 | import models.resource 4 | import models.protocol 5 | 6 | mixin NetworkPolicyMixin for protocol.AppProtocol: 7 | if config.networkPolicies: 8 | kubernetes: resource.ResourceMapping { 9 | NetworkPolicy = [ciliumv2.CiliumNetworkPolicy { 10 | metadata: utils.MetadataBuilder(_n) 11 | spec: { 12 | endpointSelector: _n.endpointSelector 13 | ingress: _n.ingress 14 | egress: _n.egress 15 | } 16 | } for _i, _n in config.networkPolicies] 17 | } 18 | -------------------------------------------------------------------------------- /apps/o11y/k8s-monitoring/main/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/k8s_monitoring/values.schema.json 2 | 3 | destinationsMap: 4 | loki: 5 | url: "http://loki-gateway.o11y-loki.svc/loki/api/v1/push" 6 | tempo: 7 | url: "http://tempo-distributed-gateway.o11y-tempo.svc" 8 | mimir: 9 | url: "http://mimir-distributed-nginx.o11y-mimir.svc/api/v1/push" 10 | 11 | alloy-singleton: 12 | # https://grafana.com/docs/alloy/latest/reference/components/mimir/mimir.rules.kubernetes/ 13 | extraConfig: |- 14 | mimir.rules.kubernetes "default" { 15 | address = "http://mimir-distributed-ruler.o11y-mimir.svc:8080" 16 | tenant_id = "anonymous" 17 | } 18 | -------------------------------------------------------------------------------- /konfig/files/files.k: -------------------------------------------------------------------------------- 1 | import yaml 2 | import file 3 | 4 | import filepath 5 | 6 | current_dir = lambda current: str -> str { 7 | """Return an absolute path to the directory of current.""" 8 | filepath.dir(current) 9 | } 10 | 11 | abs_path = lambda current: str, path: str -> str { 12 | """Return an absolute path to the file.""" 13 | filepath.join([current_dir(current), path]) 14 | } 15 | 16 | read_file = lambda current: str, path: str -> str { 17 | """Read the contents of a file.""" 18 | file.read(abs_path(current, path)) 19 | } 20 | 21 | read_yaml = lambda current: str, path: str -> any { 22 | """Read YAML data from a file.""" 23 | yaml.decode(read_file(current, path)) 24 | } 25 | -------------------------------------------------------------------------------- /apps/kube/descheduler/base/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.models.frontend 4 | import konfig.models.templates.networkpolicy 5 | import konfig.files 6 | 7 | import kube 8 | import charts.descheduler 9 | 10 | _values = files.read_yaml(file.current(), "values.yaml") 11 | 12 | app = frontend.App { 13 | name = "descheduler" 14 | tenantName = kube.tenant.name 15 | 16 | networkPolicies = { 17 | denyDefault = networkpolicy.denyDefault 18 | kubeDNSEgress = networkpolicy.kubeDNSEgress 19 | kubeAPIServerEgress = networkpolicy.kubeAPIServerEgress 20 | } 21 | 22 | charts.descheduler = descheduler.Chart { 23 | values = _values | descheduler.Values {} 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /apps/public/homepage/base/config/widgets.yaml: -------------------------------------------------------------------------------- 1 | # https://gethomepage.dev/widgets/ 2 | 3 | - # https://gethomepage.dev/widgets/info/logo/ 4 | logo: 5 | icon: kubernetes 6 | - # https://gethomepage.dev/widgets/info/greeting/ 7 | greeting: 8 | text_size: xl 9 | text: 'Unknown' 10 | - # https://gethomepage.dev/widgets/info/search/ 11 | search: 12 | provider: custom 13 | url: https://kagi.com/search?q= 14 | focus: false 15 | showSearchSuggestions: true 16 | target: _self 17 | - # https://gethomepage.dev/widgets/info/kubernetes/ 18 | kubernetes: 19 | cluster: 20 | show: true 21 | cpu: true 22 | memory: true 23 | showLabel: false 24 | nodes: 25 | show: false 26 | -------------------------------------------------------------------------------- /docs/turing-pi/setup.md: -------------------------------------------------------------------------------- 1 | # Setup 2 | 3 | ## Static MAC 4 | 5 | By default the Turing Pi uses DHCP with a random MAC address, which changes on every reboot. 6 | 7 | To set a static MAC address, add the following to `/etc/network/interfaces`: 8 | 9 | ```diff 10 | # interface file auto-generated by buildroot 11 | 12 | auto lo 13 | iface lo inet loopback 14 | 15 | auto eth0 16 | iface eth0 inet dhcp 17 | + hwaddress ether 18 | pre-up /etc/network/nfs_check 19 | wait-delay 15 20 | hostname $(hostname) 21 | ``` 22 | 23 | ```sh 24 | ifdown eth0 && ifup eth0 25 | ``` 26 | 27 | Then I configured a static DHCP lease for that MAC address, since that's my personal preference for managing IP address and other network configuration. 28 | -------------------------------------------------------------------------------- /konfig/models/frontend/rbac/cluster_role_binding.k: -------------------------------------------------------------------------------- 1 | import k8s.api.rbac.v1 as rbacv1 2 | import models.frontend.common 3 | 4 | schema ClusterRoleBinding(common.Metadata): 5 | """ 6 | Attributes 7 | ---------- 8 | subjects: [Subject], default is Undefined, optional 9 | Subjects holds references to the objects the role applies to. 10 | roleRef: ClusterRole, default is Undefined, required 11 | RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. 12 | """ 13 | namespace = Undefined 14 | subjects?: [rbacv1.Subject] 15 | roleRef: rbacv1.RoleRef 16 | 17 | assert not namespace, "namespace is not allowed in ClusterRoleBinding" 18 | -------------------------------------------------------------------------------- /apps/public/opencloud/main/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/opencloud/values.schema.json 2 | 3 | global: 4 | domain: 5 | collabora: collabora.main.cin.macro.network 6 | companion: companion.main.cin.macro.network 7 | minio: minio.main.cin.macro.network 8 | onlyoffice: onlyoffice.main.cin.macro.network 9 | opencloud: opencloud.main.cin.macro.network 10 | wopi: wopi.main.cin.macro.network 11 | 12 | collabora: 13 | resources: 14 | requests: 15 | cpu: "100m" 16 | memory: "256Mi" 17 | limits: 18 | cpu: 1 19 | memory: "1Gi" 20 | 21 | tika: 22 | resources: 23 | requests: 24 | cpu: 100m 25 | memory: 1Gi 26 | limits: 27 | cpu: 1000m 28 | memory: 3Gi 29 | -------------------------------------------------------------------------------- /terraform/modules/unifi-common/outputs.tf: -------------------------------------------------------------------------------- 1 | output "device_types" { 2 | value = { 3 | truenas = { 4 | dev_id = 4995 5 | } 6 | rpi = { 7 | dev_id = 4134 8 | } 9 | wattbox = { 10 | dev_id = 2838 11 | } 12 | hue_bridge = { 13 | dev_id = 2014 14 | } 15 | nanoleaf = { 16 | dev_id = 3788 17 | } 18 | iphone_se = { 19 | dev_id = 4272 20 | } 21 | unraid = { 22 | dev_id = 5126 23 | } 24 | echo_spot = { 25 | dev_id = 2034 26 | } 27 | echo_3rd_gen = { 28 | dev_id = 3408 29 | } 30 | amazon_aqm = { 31 | dev_id = 5108 32 | } 33 | ps4 = { 34 | dev_id = 24 35 | } 36 | roku = { 37 | dev_id = 27 38 | } 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /apps/kube/volsync/base/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.models.frontend 4 | import konfig.models.templates.networkpolicy as npt 5 | import konfig.files 6 | 7 | import kube 8 | import charts.volsync 9 | 10 | _values = files.read_yaml(file.current(), "values.yaml") 11 | 12 | app = frontend.App { 13 | name = "volsync" 14 | tenantName = kube.tenant.name 15 | 16 | networkPolicies: { 17 | denyDefault = npt.denyDefault 18 | kubeDNSEgress = npt.kubeDNSEgress 19 | icmpV6Egress = npt.icmpV6Egress 20 | kubeAPIServerEgress = npt.kubeAPIServerEgress 21 | openMetricsIngress = npt.openMetricsIngress 22 | } 23 | 24 | charts.volsync = volsync.Chart { 25 | values: _values | volsync.Values {} 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /terraform/hcloud-robot/modules/k3s/kustomization_backup.tf: -------------------------------------------------------------------------------- 1 | data "remote_file" "kustomization_backup" { 2 | conn { 3 | host = module.control_planes[keys(module.control_planes)[0]].ipv4_address 4 | port = var.ssh_port 5 | user = "root" 6 | private_key = var.ssh_private_key 7 | agent = var.ssh_private_key == null 8 | } 9 | path = "/var/post_install/kustomization.yaml" 10 | 11 | depends_on = [null_resource.kustomization] 12 | } 13 | 14 | resource "local_file" "kustomization_backup" { 15 | count = var.create_kustomization ? 1 : 0 16 | content = data.remote_file.kustomization_backup.content 17 | filename = "${var.cluster_name}_kustomization_backup.yaml" 18 | file_permission = "600" 19 | } 20 | -------------------------------------------------------------------------------- /apps/kube/reloader/base/main.k: -------------------------------------------------------------------------------- 1 | import file 2 | 3 | import konfig.models.frontend 4 | import konfig.models.templates.networkpolicy as npt 5 | import konfig.files 6 | 7 | import kube 8 | import charts.reloader 9 | 10 | _values = files.read_yaml(file.current(), "values.yaml") 11 | 12 | app = frontend.App { 13 | name = "reloader" 14 | tenantName = kube.tenant.name 15 | 16 | networkPolicies: { 17 | denyDefault = npt.denyDefault 18 | kubeDNSEgress = npt.kubeDNSEgress 19 | icmpV6Egress = npt.icmpV6Egress 20 | kubeAPIServerEgress = npt.kubeAPIServerEgress 21 | openMetricsIngress = npt.openMetricsIngress 22 | } 23 | 24 | charts.reloader = reloader.Chart { 25 | values: _values | reloader.Values {} 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /apps/o11y/osrs-ge-exporter/base/values.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=../../../../charts/osrs_ge_exporter/values.schema.json 2 | 3 | serviceMonitor: 4 | main: 5 | enabled: true 6 | endpoints: 7 | - port: http 8 | scheme: http 9 | path: /metrics 10 | interval: 15s 11 | scrapeTimeout: 5s 12 | 13 | prometheusRule: 14 | main: 15 | enabled: true 16 | groups: 17 | - name: osrs-ge-exporter.rules 18 | rules: 19 | - record: :osrs_ge_ha_profit:sum 20 | expr: |- 21 | sum( 22 | (osrs_ge_item_limit * ((osrs_ge_item_high_alch - osrs_ge_item_low_latest) > 1000)) 23 | and 24 | (osrs_ge_item_low_volume_5m > 15) 25 | ) 26 | -------------------------------------------------------------------------------- /konfig/models/frontend/tenant.k: -------------------------------------------------------------------------------- 1 | import charts.argo_cd.api.v1alpha1 as argov1alpha1 2 | import models.frontend.common 3 | import models.frontend.secret 4 | import models.frontend.gateway 5 | 6 | schema Tenant(common.Metadata): 7 | """ 8 | Tenant is an abstraction of a logical group of Apps, and is responsible for 9 | management of higher-level resources, such as Capsule's Tenant or ArgoCD's 10 | AppProject. It also propagates useful metadata, which can in turn be used to 11 | more easily manage some resources, e.g. NetworkPolicy. 12 | """ 13 | secretStores?: {str:secret.ClusterSecretStore} 14 | gateways?: {str:gateway.Gateway} 15 | oidcIssuer?: str 16 | destinations?: {str:argov1alpha1.ArgoprojIoV1alpha1AppProjectSpecDestinationsItems0} 17 | -------------------------------------------------------------------------------- /charts/cilium/chart.k: -------------------------------------------------------------------------------- 1 | """ 2 | This file was generated by the KCL auto-gen tool. DO NOT EDIT. 3 | Editing this file might prove futile when you re-run the KCL auto-gen generate command. 4 | """ 5 | 6 | import helm 7 | 8 | schema Chart(helm.Chart): 9 | r""" 10 | All possible chart configuration, inheriting from `helm.Chart(helm.ChartBase)`. 11 | 12 | Attributes 13 | ---------- 14 | values : Values | any, optional 15 | chart : str, required, default is "cilium" 16 | repoURL : str, required, default is "https://helm.cilium.io" 17 | targetRevision : str, optional, default is "1.18.4" 18 | """ 19 | values?: Values | any 20 | chart: str = "cilium" 21 | repoURL: str = "https://helm.cilium.io" 22 | targetRevision?: str = "1.18.4" 23 | 24 | --------------------------------------------------------------------------------