├── ansible ├── .gitignore ├── roles │ ├── mrlesmithjr.mariadb-galera-cluster │ │ ├── tests │ │ │ ├── inventory │ │ │ └── test.yml │ │ ├── Vagrant │ │ │ ├── playbook.yml │ │ │ ├── requirements.yml │ │ │ ├── roles │ │ │ │ ├── ansible-mariadb-galera-cluster │ │ │ │ └── ansible-etc-hosts │ │ │ │ │ ├── tests │ │ │ │ │ ├── inventory │ │ │ │ │ └── test.yml │ │ │ │ │ ├── vars │ │ │ │ │ └── main.yml │ │ │ │ │ ├── handlers │ │ │ │ │ └── main.yml │ │ │ │ │ ├── meta │ │ │ │ │ └── .galaxy_install_info │ │ │ │ │ ├── defaults │ │ │ │ │ └── main.yml │ │ │ │ │ ├── .travis.yml │ │ │ │ │ └── tasks │ │ │ │ │ └── main.yml │ │ │ ├── ansible.cfg │ │ │ ├── cleanup.sh │ │ │ └── bootstrap.sh │ │ ├── vars │ │ │ ├── main.yml │ │ │ ├── RedHat.yml │ │ │ ├── Debian.yml │ │ │ └── Ubuntu-20.yml │ │ ├── requirements.yml │ │ ├── meta │ │ │ ├── .galaxy_install_info │ │ │ └── main.yml │ │ ├── templates │ │ │ ├── etc │ │ │ │ ├── mysql │ │ │ │ │ ├── conf.d │ │ │ │ │ │ ├── client.cnf.j2 │ │ │ │ │ │ └── temp.galera.cnf.j2 │ │ │ │ │ └── debian.cnf.j2 │ │ │ │ ├── systemd │ │ │ │ │ └── system │ │ │ │ │ │ └── mariadb.service.d │ │ │ │ │ │ ├── max-open-files.conf.j2 │ │ │ │ │ │ └── oom-score-adjust.conf.j2 │ │ │ │ ├── yum.repos.d │ │ │ │ │ └── MariaDB.repo.j2 │ │ │ │ └── mariadb_overrides.cnf.j2 │ │ │ ├── root │ │ │ │ └── my.cnf.j2 │ │ │ └── mariadb_repo.j2 │ │ ├── handlers │ │ │ └── main.yml │ │ ├── tasks │ │ │ ├── mysql_root_pw.yml │ │ │ ├── mysql_users.yml │ │ │ ├── max-open-files.yml │ │ │ ├── oom-score-adjust.yml │ │ │ ├── unconfigure_cluster.yml │ │ │ └── cacti.yml │ │ ├── .travis.yml │ │ └── playbook.yml │ ├── xanmanning.k3s │ │ ├── requirements.txt │ │ ├── .github │ │ │ ├── ISSUE_TEMPLATE │ │ │ │ ├── config.yml │ │ │ │ └── feature_request.md │ │ │ ├── PULL_REQUEST_TEMPLATE.md │ │ │ └── workflows │ │ │ │ └── release.yml │ │ ├── .ansible-lint │ │ ├── meta │ │ │ └── .galaxy_install_info │ │ ├── molecule │ │ │ ├── requirements.txt │ │ │ ├── autodeploy │ │ │ │ ├── templates │ │ │ │ │ └── 00-ns-monitoring.yml.j2 │ │ │ │ ├── verify.yml │ │ │ │ ├── prepare.yml │ │ │ │ └── converge.yml │ │ │ ├── default │ │ │ │ ├── tests │ │ │ │ │ ├── test_default.pyc │ │ │ │ │ └── test_default.py │ │ │ │ ├── playbook-download.yml │ │ │ │ ├── playbook-stop-cluster.yml │ │ │ │ ├── playbook-restart-cluster.yml │ │ │ │ ├── playbook-standalone.yml │ │ │ │ ├── playbook-start-cluster.yml │ │ │ │ ├── playbook-uninstall-cluster.yml │ │ │ │ ├── prepare.yml │ │ │ │ ├── converge.yml │ │ │ │ ├── playbook-rootless.yml │ │ │ │ ├── prepare-rootless.yml │ │ │ │ └── INSTALL.rst │ │ │ ├── highavailabilitydb │ │ │ │ ├── tests │ │ │ │ │ ├── test_default.pyc │ │ │ │ │ └── test_default.py │ │ │ │ ├── Dockerfile.j2 │ │ │ │ ├── haproxy-loadbalancer.conf.j2 │ │ │ │ ├── INSTALL.rst │ │ │ │ └── converge.yml │ │ │ ├── nodeploy │ │ │ │ ├── k3s_agent.yml │ │ │ │ ├── verify.yml │ │ │ │ ├── k3s_server.yml │ │ │ │ ├── converge.yml │ │ │ │ └── prepare.yml │ │ │ ├── debug │ │ │ │ ├── verify.yml │ │ │ │ ├── prepare.yml │ │ │ │ └── converge.yml │ │ │ └── highavailabilityetcd │ │ │ │ ├── haproxy-loadbalancer.conf.j2 │ │ │ │ └── converge.yml │ │ ├── templates │ │ │ ├── cluster-token.j2 │ │ │ └── config.yaml.j2 │ │ ├── .gitignore │ │ ├── tasks │ │ │ └── main.yml │ │ ├── documentation │ │ │ └── configuration │ │ │ │ └── systemd-config.md │ │ └── .yamllint │ └── common │ │ └── handlers │ │ └── main.yml ├── tailscale.txt ├── inventory │ ├── galera │ │ └── hosts.yml │ └── k3s │ │ └── hosts.yml ├── readme2.txt └── ansible.cfg ├── .github ├── linters │ ├── .tflint.hcl │ ├── .prettierignore │ ├── .ansible-lint │ ├── .prettierrc.yaml │ ├── .markdownlint.yaml │ └── .yamllint.yaml ├── renovate │ ├── commitMessage.json5 │ ├── autoMerge.json5 │ └── labels.json5 ├── dependabot.yml └── workflows │ └── lint.yaml ├── cluster ├── flux │ ├── repositories │ │ ├── oci │ │ │ └── .gitkeep │ │ ├── kustomization.yaml │ │ └── helm │ │ │ ├── dysnix-charts.yaml │ │ │ ├── gabe565.yaml │ │ │ ├── grafana.yaml │ │ │ ├── metallb-charts.yaml │ │ │ ├── pgadmin.yaml │ │ │ ├── oauth2-proxy.yaml │ │ │ ├── dex-charts.yaml │ │ │ ├── hajimari-charts.yaml │ │ │ ├── openfaas-charts.yaml │ │ │ ├── authelia-charts.yaml │ │ │ ├── bytebase.yaml │ │ │ ├── cetic-charts.yaml │ │ │ ├── jetstack-charts.yaml │ │ │ ├── longhorn-charts.yaml │ │ │ ├── authentik-charts.yaml │ │ │ ├── fission-charts.yaml │ │ │ ├── k8s-at-home-charts.yaml │ │ │ ├── postgrest-charts.yaml │ │ │ ├── tooljet-charts.yaml │ │ │ ├── vernemq-charts.yaml │ │ │ ├── prometheus-community-charts.yaml │ │ │ ├── stakater-charts.yaml │ │ │ ├── codecentric-charts.yaml │ │ │ ├── k8s-gateway-charts.yaml │ │ │ ├── kubernetes-stable-charts.yaml │ │ │ ├── mariadb-operator.yaml │ │ │ ├── nicholaswilde.yaml │ │ │ ├── hasura-extra-charts.yaml │ │ │ ├── ingress-nginx-charts.yaml │ │ │ ├── metrics-server-charts.yaml │ │ │ ├── bjw-s.yaml │ │ │ ├── node-feature-discovery-charts.yaml │ │ │ ├── intel.yaml │ │ │ ├── kedacore.yaml │ │ │ ├── emqx.yaml │ │ │ ├── groundhog2k.yaml │ │ │ └── crunchydata.yaml │ ├── config │ │ ├── kustomization.yaml │ │ └── cluster.yaml │ └── vars │ │ ├── kustomization.yaml │ │ └── cluster-settings.yaml ├── apps │ ├── home │ │ ├── hajimari │ │ │ ├── readme.txt │ │ │ ├── kustomization.yaml │ │ │ └── config-pvc.yaml │ │ ├── firefox │ │ │ └── kustomization.yaml │ │ ├── sshwifty │ │ │ └── kustomization.yaml │ │ ├── vernemq │ │ │ └── kustomization.yaml │ │ ├── forecastle │ │ │ └── kustomization.yaml │ │ ├── syncthing │ │ │ ├── readme.txt │ │ │ ├── kustomization.yaml │ │ │ └── config-syncthing-pvc.yaml │ │ ├── namespace.yaml │ │ ├── home-assistant │ │ │ ├── readme.txt │ │ │ ├── app │ │ │ │ ├── home-assistant-config-pvc.yaml │ │ │ │ ├── home-assistant-data-pvc.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── emqx │ │ │ ├── app │ │ │ │ ├── emqx-secret.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── frigate │ │ │ ├── app │ │ │ │ ├── frigate-config-pvc.yaml │ │ │ │ ├── frigate-secret.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── zigbee2mqtt │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── zigbee2mqtt-config-pvc.yaml │ │ │ └── ks.yaml │ │ └── kustomization.yaml │ ├── system │ │ ├── intel-gpu-plugin │ │ │ ├── readme.txt │ │ │ ├── kustomization.yaml │ │ │ └── helm-release.yaml │ │ ├── namespace.yaml │ │ ├── node-feature-discovery │ │ │ ├── kustomization.yaml │ │ │ ├── features │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── dvb.yaml │ │ │ │ ├── zigbee.yaml │ │ │ │ ├── coral-tpu.yaml │ │ │ │ └── intel-gpu.yaml │ │ │ └── readme.txt │ │ ├── kustomization.yaml │ │ ├── cloud-backup │ │ │ ├── kustomization.yaml │ │ │ ├── secret.yaml │ │ │ ├── nfs-backup-omv-pvc.yaml │ │ │ ├── nfs-backup-ro-omv-pvc.yaml │ │ │ ├── nfs-backup-omv-pv.yaml │ │ │ └── nfs-backup-ro-omv-pv.yaml │ │ └── intel-device-plugin │ │ │ ├── app │ │ │ ├── kustomization.yaml │ │ │ └── helmrelease.yaml │ │ │ └── gpu │ │ │ ├── kustomization.yaml │ │ │ └── helmrelease.yaml │ ├── networking │ │ ├── oauth2-proxy │ │ │ ├── readme.txt │ │ │ ├── kustomization.yaml │ │ │ └── oauth2-proxy-helm-values.yaml │ │ ├── dex │ │ │ ├── kustomization.yaml │ │ │ └── readme.txt │ │ ├── mail │ │ │ ├── kustomization.yaml │ │ │ └── readme.txt │ │ ├── pictshare │ │ │ └── kustomization.yaml │ │ ├── ingress-nginx │ │ │ └── kustomization.yaml │ │ ├── privatebin │ │ │ └── kustomization.yaml │ │ ├── wildcard-certificate │ │ │ ├── kustomization.yaml │ │ │ └── certificate.yaml │ │ ├── namespace.yaml │ │ ├── authelia │ │ │ ├── kustomization.yaml │ │ │ └── config-authelia-pvc.yaml │ │ ├── ddns-job │ │ │ ├── kustomization.yaml │ │ │ └── secret.yaml │ │ ├── k8s_gateway │ │ │ └── kustomization.yaml │ │ ├── authentik │ │ │ ├── kustomization.yaml │ │ │ ├── config-postgres-pvc.yaml │ │ │ └── redis.yaml.off │ │ ├── keda │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── helmrelease.yaml │ │ │ └── ks.yaml │ │ ├── capacitor │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ └── kustomization.yaml │ ├── pfire │ │ ├── pgdb │ │ │ └── kustomization.yaml │ │ ├── hasura │ │ │ └── kustomization.yaml │ │ ├── investbrain │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── redis │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ ├── namespace.yaml │ │ ├── grist │ │ │ └── kustomization.yaml │ │ ├── cafe │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── cafe-tickers.yaml │ │ │ └── ks.yaml │ │ ├── grafana │ │ │ ├── kustomization.yaml │ │ │ └── secret.yaml │ │ ├── redis │ │ │ ├── kustomization.yaml │ │ │ └── redis-pvc.yaml │ │ ├── captchasolver │ │ │ └── kustomization.yaml │ │ ├── graphql-mesh │ │ │ └── kustomization.yaml │ │ ├── tooljet │ │ │ ├── kustomization.yaml │ │ │ └── secret.yaml │ │ ├── stooq │ │ │ ├── kustomization.yaml │ │ │ └── cronjob.yaml │ │ ├── postgrest │ │ │ ├── kustomization.yaml │ │ │ ├── secret.yaml │ │ │ └── readme.txt │ │ ├── swaggerui │ │ │ └── kustomization.yaml │ │ ├── ghostfolio │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── regcred.yaml │ │ ├── stooq-importer │ │ │ ├── kustomization.yaml │ │ │ ├── nfs-pfire-stooq-pvc.yaml │ │ │ ├── nfs-pfire-stooq-pv.yaml │ │ │ └── stooq-importer-pgloader-config.yaml │ │ ├── crunchy-postgres-secret.yaml │ │ ├── pgadmin │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ ├── readme.txt │ │ │ └── ks.yaml │ │ ├── jobshot │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── config │ │ │ │ │ └── jobs.yaml │ │ │ └── ks.yaml │ │ ├── readme.txt │ │ ├── kustomization.yaml │ │ └── rbac.yaml │ ├── media │ │ ├── streammaster │ │ │ └── kustomization.yaml │ │ ├── threadfin │ │ │ └── kustomization.yaml │ │ ├── silverbullet │ │ │ └── kustomization.yaml │ │ ├── stirling-pdf │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── namespace.yaml │ │ ├── jackett │ │ │ ├── kustomization.yaml │ │ │ └── config-jackett-pvc.yaml │ │ ├── radarr │ │ │ ├── kustomization.yaml │ │ │ └── config-radarr-pvc.yaml │ │ ├── sonarr │ │ │ ├── kustomization.yaml │ │ │ └── config-sonarr-pvc.yaml │ │ ├── tvheadend │ │ │ ├── kustomization.yaml │ │ │ └── config-tvheadend-pvc.yaml │ │ ├── podsync │ │ │ ├── kustomization.yaml │ │ │ ├── config-podsync-pvc.yaml │ │ │ └── readme.txt │ │ ├── qbittorrent │ │ │ ├── kustomization.yaml │ │ │ ├── config-qb-pvc.yaml │ │ │ ├── readme.txt │ │ │ └── qbittorrent-helm-values-wg.yaml.off │ │ ├── drawio │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── m3u-proxy │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── jellyfin │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── config-jellyfin-pvc.yaml │ │ │ └── ks.yaml │ │ ├── pinchflat │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pinchflat-config-pvc.yaml │ │ │ └── ks.yaml │ │ ├── immich │ │ │ ├── kustomization.yaml │ │ │ ├── immich-secret.yaml │ │ │ ├── nfs-backup-ro-obrazki-pvc.yaml │ │ │ ├── nfs-backup-ro-obrazki-pv.yaml │ │ │ └── immich-configmap.yaml │ │ ├── calibre │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── morphos │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── bitmappery │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── calibre-web │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── tubearchivist │ │ │ ├── kustomization.yaml │ │ │ ├── tubearchivist-secret.yaml │ │ │ └── pvc.yaml │ │ ├── crunchy-postgres-secret.yaml │ │ ├── nfs-media-omv-pvc.yaml │ │ ├── nfs-media-ebook-pvc.yaml │ │ ├── nfs-media-text-pvc.yaml │ │ ├── nfs-media-images-pvc.yaml │ │ ├── nfs-podcasts-omv-pvc.yaml │ │ ├── nfs-recordings-omv-pvc.yaml │ │ ├── nfs-media-pinchflat-pvc.yaml │ │ ├── nfs-media-omv-pv.yaml │ │ ├── nfs-media-text-pv.yaml │ │ ├── nfs-podcasts-omv-pv.yaml │ │ ├── nfs-recordings-omv-pv.yaml │ │ ├── nfs-media-ebook-pv.yaml │ │ ├── nfs-media-images-pv.yaml │ │ ├── nfs-media-pinchflat-pv.yaml │ │ └── nfs-media-tubearchivist-pvc.yaml │ ├── kube-system │ │ ├── metallb │ │ │ ├── config │ │ │ │ └── kustomization.yaml │ │ │ ├── kustomization.yaml │ │ │ └── helm-release.yaml │ │ ├── reloader │ │ │ ├── kustomization.yaml │ │ │ └── helm-release.yaml │ │ ├── metrics-server │ │ │ ├── kustomization.yaml │ │ │ └── helm-release.yaml │ │ ├── namespace.yaml │ │ └── kustomization.yaml │ ├── monitoring │ │ ├── scrutiny │ │ │ ├── collector │ │ │ │ └── kustomization.yaml │ │ │ └── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── scrutiny-config-pvc.yaml │ │ ├── thanos │ │ │ └── kustomization.yaml │ │ ├── speedtest-exporter │ │ │ └── kustomization.yaml │ │ ├── loki │ │ │ ├── kustomization.yaml │ │ │ └── nfs-loki-pv.yaml │ │ ├── kube-prometheus-stack │ │ │ ├── kustomization.yaml │ │ │ └── nfs-prometheus-pv.yaml │ │ ├── namespace.yaml │ │ ├── uptime-kuma │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── uptime-kuma-config-pvc.yaml │ │ │ └── ks.yaml │ │ └── kustomization.yaml │ ├── longhorn │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── longhorn │ │ │ ├── configs │ │ │ ├── kustomization.yaml │ │ │ ├── backup-daily.yaml │ │ │ └── snapshot-6h.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── service-monitor.yaml │ │ │ └── readme.txt │ ├── woo │ │ ├── namespace.yaml │ │ ├── kustomization.yaml │ │ ├── oaw │ │ │ ├── kustomization.yaml │ │ │ ├── mariadb │ │ │ │ ├── oaw-secret.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── oaw-database.yaml │ │ │ │ ├── oaw-grant.yaml │ │ │ │ └── oaw-user.yaml │ │ │ └── config-oaw-pvc.yaml │ │ └── wordpress │ │ │ ├── kustomization.yaml │ │ │ ├── mariadb │ │ │ ├── woo-secret.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── woo-database.yaml │ │ │ ├── woo-user.yaml │ │ │ └── woo-grant.yaml │ │ │ └── config-woo-pvc.yaml │ ├── cert-manager │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── cert-manager │ │ │ ├── kustomization.yaml │ │ │ ├── readme.txt │ │ │ ├── letsencrypt-oaw.yaml │ │ │ ├── letsencrypt-production.yaml │ │ │ ├── letsencrypt-staging.yaml │ │ │ └── helm-release.yaml │ ├── database │ │ ├── mariadb-operator │ │ │ ├── operator │ │ │ │ ├── kustomization.yaml │ │ │ │ └── readme.txt │ │ │ └── database │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── mariadb-secret.yaml │ │ │ │ └── mariadb-backup.yaml │ │ ├── crunchy-postgres-operator │ │ │ ├── operator │ │ │ │ ├── kustomization.yaml │ │ │ │ └── helm-release.yaml │ │ │ └── ks.yaml │ │ ├── namespace.yaml │ │ ├── minio │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── minio-secret.yaml │ │ │ └── ks.yaml │ │ ├── phpmyadmin │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ └── influx │ │ │ ├── app │ │ │ ├── influx-pvc.yaml │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ ├── default │ │ ├── namespace.yaml │ │ ├── kustomization.yaml │ │ ├── cyberchef │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ └── it-tools │ │ │ ├── app │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ ├── flux-system │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── addons │ │ │ ├── app │ │ │ ├── kustomization.yaml │ │ │ └── monitoring │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ ├── system-upgrade │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── controller │ │ │ ├── plans │ │ │ ├── kustomization.yaml │ │ │ ├── k3s-agent.yaml │ │ │ └── k3s-server.yaml │ │ │ └── app │ │ │ ├── kustomization.yaml │ │ │ └── source.yaml │ └── kustomization.yaml └── bootstrap │ └── kustomization.yaml ├── .envrc ├── .secretlintignore ├── .aider.input.history ├── .gitattributes ├── tmpl ├── .sops.yaml ├── secret.enc.yaml ├── cluster-settings.yaml └── gotk-sync.yaml ├── readme.txt ├── .sops.yaml ├── .gitignore ├── .sourceignore ├── .taskfiles ├── PrecommitTasks.yml └── SopsTasks.yml ├── .aider.chat.history.md ├── router └── openwrt.txt ├── dns └── readme.txt └── .pre-commit-config.yaml /ansible/.gitignore: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.github/linters/.tflint.hcl: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cluster/flux/repositories/oci/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.envrc: -------------------------------------------------------------------------------- 1 | export KUBECONFIG=$HOME/.kube/prox -------------------------------------------------------------------------------- /.secretlintignore: -------------------------------------------------------------------------------- 1 | megalinter-reports 2 | tmpl 3 | README.md 4 | -------------------------------------------------------------------------------- /.aider.input.history: -------------------------------------------------------------------------------- 1 | 2 | # 2025-03-10 08:48:22.444598 3 | +N 4 | -------------------------------------------------------------------------------- /.github/linters/.prettierignore: -------------------------------------------------------------------------------- 1 | *.sops.* 2 | gotk-components.yaml 3 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost -------------------------------------------------------------------------------- /.github/linters/.ansible-lint: -------------------------------------------------------------------------------- 1 | # .ansible-lint 2 | warn_list: 3 | - unnamed-task 4 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/Vagrant/playbook.yml: -------------------------------------------------------------------------------- 1 | ../playbook.yml -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/requirements.txt: -------------------------------------------------------------------------------- 1 | ansible>=11.7.0 2 | netaddr>=1.3.0 3 | -------------------------------------------------------------------------------- /cluster/apps/home/hajimari/readme.txt: -------------------------------------------------------------------------------- 1 | icons here: https://pictogrammers.com/library/mdi/ -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | secret.enc.yaml diff=sopsdiffer 2 | cluster-secrets.yaml diff=sopsdiffer 3 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/Vagrant/requirements.yml: -------------------------------------------------------------------------------- 1 | ../requirements.yml -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/Vagrant/roles/ansible-mariadb-galera-cluster: -------------------------------------------------------------------------------- 1 | ../../ -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/Vagrant/roles/ansible-etc-hosts/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | blank_issues_enabled: true 4 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/Vagrant/ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | host_key_checking = False 3 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/.ansible-lint: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | skip_list: 4 | - role-name 5 | - name[template] 6 | -------------------------------------------------------------------------------- /ansible/tailscale.txt: -------------------------------------------------------------------------------- 1 | Tailscale installation on Debian: 2 | https://tailscale.com/kb/1038/install-debian-bullseye/ -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/meta/.galaxy_install_info: -------------------------------------------------------------------------------- 1 | install_date: czw. 4 gru 22:16:44 2025 2 | version: v3.6.2 3 | -------------------------------------------------------------------------------- /.github/linters/.prettierrc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | trailingComma: "es5" 3 | tabWidth: 2 4 | semi: false 5 | singleQuote: false 6 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for ansible-mariadb-galera-cluster 3 | -------------------------------------------------------------------------------- /cluster/apps/system/intel-gpu-plugin/readme.txt: -------------------------------------------------------------------------------- 1 | kubectl label nodes wezyr feature.node.kubernetes.io/custom-intel-gpu=true -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - src: https://github.com/mrlesmithjr/ansible-etc-hosts 3 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/vars/RedHat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | mariadb_login_unix_socket: /var/lib/mysql/mysql.sock 3 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/meta/.galaxy_install_info: -------------------------------------------------------------------------------- 1 | install_date: Mon Oct 26 20:04:58 2020 2 | version: v0.2.0 3 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/templates/etc/mysql/conf.d/client.cnf.j2: -------------------------------------------------------------------------------- 1 | [client] 2 | default-character-set = utf8 3 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/Vagrant/roles/ansible-etc-hosts/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for ansible-etc-hosts 3 | -------------------------------------------------------------------------------- /ansible/roles/common/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: update trusted ca debian 4 | shell: /usr/sbin/update-ca-certificates 5 | 6 | 7 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/Vagrant/roles/ansible-etc-hosts/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for ansible-etc-hosts 3 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/templates/root/my.cnf.j2: -------------------------------------------------------------------------------- 1 | [client] 2 | user=root 3 | password={{ mariadb_mysql_root_password }} 4 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/requirements.txt: -------------------------------------------------------------------------------- 1 | -r ../requirements.txt 2 | 3 | molecule-plugins[docker] 4 | docker>=7.1.0 5 | netaddr>=1.3.0 6 | -------------------------------------------------------------------------------- /cluster/apps/networking/oauth2-proxy/readme.txt: -------------------------------------------------------------------------------- 1 | Create a new secret with the following command: 2 | openssl rand -base64 32 | head -c 32 | base64 3 | -------------------------------------------------------------------------------- /cluster/apps/pfire/pgdb/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - pgdb.yaml -------------------------------------------------------------------------------- /tmpl/.sops.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | creation_rules: 3 | - encrypted_regex: '^(data|stringData)$' 4 | pgp: >- 5 | $FLUX_KEY_FP, 6 | $PERSONAL_KEY_FP 7 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/autodeploy/templates/00-ns-monitoring.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: monitoring 5 | -------------------------------------------------------------------------------- /cluster/apps/home/firefox/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - helm-release.yaml 5 | -------------------------------------------------------------------------------- /cluster/apps/home/sshwifty/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - helm-release.yaml 5 | -------------------------------------------------------------------------------- /cluster/apps/home/vernemq/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - helm-release.yaml 5 | -------------------------------------------------------------------------------- /cluster/apps/networking/dex/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - helm-release.yaml 5 | -------------------------------------------------------------------------------- /cluster/apps/networking/mail/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - helm-release.yaml 5 | -------------------------------------------------------------------------------- /cluster/apps/networking/mail/readme.txt: -------------------------------------------------------------------------------- 1 | based on: https://fabianlee.org/2022/01/16/kubernetes-running-a-mail-container-for-testing-email-during-development/ -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/templates/cluster-token.j2: -------------------------------------------------------------------------------- 1 | {{ k3s_control_token_content | default(k3s_control_token | default(k3s_control_delegate | to_uuid)) }} 2 | -------------------------------------------------------------------------------- /cluster/apps/media/streammaster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - helm-release.yaml 5 | -------------------------------------------------------------------------------- /cluster/apps/media/threadfin/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - helm-release.yaml 5 | -------------------------------------------------------------------------------- /cluster/apps/networking/pictshare/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - helm-release.yaml 5 | -------------------------------------------------------------------------------- /cluster/apps/pfire/hasura/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml -------------------------------------------------------------------------------- /cluster/apps/pfire/investbrain/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - helmrelease.yaml -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/Vagrant/roles/ansible-etc-hosts/meta/.galaxy_install_info: -------------------------------------------------------------------------------- 1 | {install_date: 'Wed Jul 5 19:28:13 2017', version: ''} 2 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/templates/mariadb_repo.j2: -------------------------------------------------------------------------------- 1 | Package: mariadb-* 2 | Pin: origin {{ mariadb_debian_repo_pin }} 3 | Pin-Priority: 600 4 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | roles: 5 | - ansible-mariadb-galera-cluster -------------------------------------------------------------------------------- /cluster/apps/home/forecastle/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/home/syncthing/readme.txt: -------------------------------------------------------------------------------- 1 | resetting database from command line: 2 | - ssh to pod 3 | - syncthing --reset-database 4 | - syncthing cli operations restart -------------------------------------------------------------------------------- /cluster/apps/kube-system/metallb/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - helm-release.yaml -------------------------------------------------------------------------------- /cluster/apps/kube-system/reloader/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml -------------------------------------------------------------------------------- /cluster/apps/media/silverbullet/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml -------------------------------------------------------------------------------- /cluster/apps/media/stirling-pdf/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - helm-release.yaml 5 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/scrutiny/collector/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - helmrelease.yaml -------------------------------------------------------------------------------- /cluster/apps/monitoring/thanos/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml -------------------------------------------------------------------------------- /cluster/apps/networking/ingress-nginx/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - helm-release.yaml 5 | -------------------------------------------------------------------------------- /cluster/apps/networking/privatebin/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - helm-release.yaml 5 | -------------------------------------------------------------------------------- /cluster/apps/networking/wildcard-certificate/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - certificate.yaml -------------------------------------------------------------------------------- /cluster/apps/system/intel-gpu-plugin/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - helm-release.yaml 5 | -------------------------------------------------------------------------------- /readme.txt: -------------------------------------------------------------------------------- 1 | python -m pip install PyKeePass 2 | to encode cluster secrets with SOPS run: 3 | encode.py 4 | 5 | 6 | naprawa etcd: https://github.com/k3s-io/k3s/issues/8217 -------------------------------------------------------------------------------- /cluster/apps/home/hajimari/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - config-pvc.yaml 5 | - helm-release.yaml -------------------------------------------------------------------------------- /cluster/apps/home/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: home 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /cluster/apps/longhorn/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - namespace.yaml 6 | - longhorn 7 | -------------------------------------------------------------------------------- /cluster/apps/media/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: media 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/speedtest-exporter/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - helm-release.yaml 5 | -------------------------------------------------------------------------------- /cluster/apps/pfire/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: pfire 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /cluster/apps/woo/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: woo 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /cluster/flux/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./flux.yaml 6 | - ./cluster.yaml 7 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/templates/etc/systemd/system/mariadb.service.d/max-open-files.conf.j2: -------------------------------------------------------------------------------- 1 | 2 | [Service] 3 | LimitNOFILE={{ mariadb_max_open_files }} 4 | -------------------------------------------------------------------------------- /cluster/apps/cert-manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - namespace.yaml 6 | - cert-manager 7 | -------------------------------------------------------------------------------- /cluster/apps/database/mariadb-operator/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ./helm-release.yaml 5 | -------------------------------------------------------------------------------- /cluster/apps/default/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: default 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /cluster/apps/kube-system/metallb/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | - config -------------------------------------------------------------------------------- /cluster/apps/kube-system/metrics-server/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/pfire/grist/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - grist-secret.yaml 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/pfire/investbrain/redis/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - pvc.yaml 5 | - helmrelease.yaml -------------------------------------------------------------------------------- /cluster/apps/system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: system 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /cluster/apps/woo/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - namespace.yaml 6 | - wordpress 7 | - oaw 8 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/Vagrant/roles/ansible-etc-hosts/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | roles: 5 | - ansible-etc-hosts -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/default/tests/test_default.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marx2/homelab/HEAD/ansible/roles/xanmanning.k3s/molecule/default/tests/test_default.pyc -------------------------------------------------------------------------------- /cluster/apps/database/crunchy-postgres-operator/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ./helm-release.yaml -------------------------------------------------------------------------------- /cluster/apps/database/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: database 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /cluster/apps/flux-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./namespace.yaml 6 | - ./addons/ks.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/longhorn/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: longhorn 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /cluster/apps/media/jackett/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - config-jackett-pvc.yaml 5 | #- helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/media/radarr/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - config-radarr-pvc.yaml 5 | #- helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/media/sonarr/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - config-sonarr-pvc.yaml 5 | #- helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/loki/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - nfs-loki-pv.yaml 6 | - helmrelease.yaml -------------------------------------------------------------------------------- /cluster/apps/networking/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: networking 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /cluster/apps/pfire/cafe/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - cafe-tickers.yaml 6 | - cafe-job.yaml -------------------------------------------------------------------------------- /cluster/apps/pfire/grafana/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./secret.yaml 6 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /cluster/apps/pfire/redis/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - redis-pvc.yaml 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/system/node-feature-discovery/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - helm-release.yaml 5 | - features 6 | -------------------------------------------------------------------------------- /cluster/flux/repositories/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # - ./git 6 | - ./helm 7 | # - ./oci 8 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/templates/etc/systemd/system/mariadb.service.d/oom-score-adjust.conf.j2: -------------------------------------------------------------------------------- 1 | 2 | [Service] 3 | OOMScoreAdjust={{ mariadb_oom_score_adjust }} 4 | -------------------------------------------------------------------------------- /cluster/apps/cert-manager/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: cert-manager 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /cluster/apps/database/minio/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - minio-service.yaml 5 | - minio-secret.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/flux-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: flux-system 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /cluster/apps/home/syncthing/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - config-syncthing-pvc.yaml 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/kube-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: kube-system 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /cluster/apps/media/tvheadend/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - config-tvheadend-pvc.yaml 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/pfire/captchasolver/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - captchasolver.yaml 6 | - service.yaml -------------------------------------------------------------------------------- /cluster/flux/vars/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ./cluster-settings.yaml 5 | - ./cluster-secrets.sops.yaml 6 | -------------------------------------------------------------------------------- /.sops.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | creation_rules: 3 | - encrypted_regex: '^(data|stringData)$' 4 | pgp: >- 5 | D6437C14DAD0D431CE89EB25B18AEF8F4416673F, 6 | A4AD6280AC1203CEDAF2F48F0501ABBD591E2007 7 | -------------------------------------------------------------------------------- /cluster/apps/longhorn/longhorn/configs/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - backup-daily.yaml 6 | - snapshot-6h.yaml -------------------------------------------------------------------------------- /cluster/apps/monitoring/scrutiny/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - scrutiny-config-pvc.yaml 5 | - helmrelease.yaml -------------------------------------------------------------------------------- /cluster/apps/networking/authelia/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - config-authelia-pvc.yaml 5 | #- helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/networking/ddns-job/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - secret.yaml 5 | - configmap.yaml 6 | - cronjob.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/networking/k8s_gateway/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | # - k8s_gateway_as_yaml.yaml 5 | - helm-release.yaml -------------------------------------------------------------------------------- /cluster/apps/pfire/graphql-mesh/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - graphql-mesh-meshrc.yaml 5 | - graphql-mesh.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/pfire/tooljet/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - secret.yaml 6 | - tooljet.yaml 7 | - service.yaml -------------------------------------------------------------------------------- /cluster/apps/woo/oaw/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - mariadb 5 | - config-oaw-pvc.yaml 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/networking/oauth2-proxy/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - oauth2-proxy-helm-values.yaml 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/pfire/stooq/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # - stooq.yaml 6 | # - service.yaml 7 | - cronjob.yaml -------------------------------------------------------------------------------- /cluster/apps/woo/oaw/mariadb/oaw-secret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: oaw-secret 6 | namespace: database 7 | stringData: 8 | password: "${WOO_DB_PASSWORD}" -------------------------------------------------------------------------------- /cluster/apps/woo/wordpress/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - mariadb 5 | - config-woo-pvc.yaml 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/highavailabilitydb/tests/test_default.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marx2/homelab/HEAD/ansible/roles/xanmanning.k3s/molecule/highavailabilitydb/tests/test_default.pyc -------------------------------------------------------------------------------- /cluster/apps/media/podsync/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - config-podsync-pvc.yaml 5 | - podsync-config.yaml 6 | - podsync.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/woo/wordpress/mariadb/woo-secret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: woo-secret 6 | namespace: database 7 | stringData: 8 | password: "${WOO_DB_PASSWORD}" -------------------------------------------------------------------------------- /cluster/apps/monitoring/kube-prometheus-stack/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - nfs-prometheus-pv.yaml 6 | - helmrelease.yaml -------------------------------------------------------------------------------- /cluster/apps/pfire/postgrest/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | - helmrelease-attr.yaml 7 | - secret.yaml -------------------------------------------------------------------------------- /cluster/apps/pfire/swaggerui/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | - helmrelease-attr.yaml 7 | - ingress.yaml -------------------------------------------------------------------------------- /cluster/apps/kube-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - namespace.yaml 6 | - metrics-server 7 | - reloader 8 | - metallb 9 | -------------------------------------------------------------------------------- /cluster/apps/longhorn/longhorn/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | - service-monitor.yaml 7 | - configs 8 | -------------------------------------------------------------------------------- /cluster/apps/system-upgrade/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./namespace.yaml 6 | # Flux-Kustomizations 7 | - ./controller/ks.yaml -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/templates/etc/yum.repos.d/MariaDB.repo.j2: -------------------------------------------------------------------------------- 1 | [mariadb] 2 | name = MariaDB 3 | baseurl = {{ mariadb_redhat_repo }} 4 | gpgkey={{ mariadb_redhat_repo_key }} 5 | gpgcheck=1 6 | -------------------------------------------------------------------------------- /cluster/apps/database/mariadb-operator/database/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - mariadb-backup.yaml 5 | - mariadb-secret.yaml 6 | - mariadb.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/database/mariadb-operator/database/mariadb-secret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: mariadb-secret 6 | namespace: database 7 | stringData: 8 | password: "${MARIA_DB_PASSWORD}" 9 | -------------------------------------------------------------------------------- /cluster/apps/default/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - namespace.yaml 6 | - cyberchef/ks.yaml 7 | - it-tools/ks.yaml 8 | # - toolbox.yaml 9 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: monitoring 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | kustomize.toolkit.fluxcd.io/prune: disabled -------------------------------------------------------------------------------- /cluster/apps/woo/oaw/mariadb/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - oaw-database.yaml 5 | - oaw-grant.yaml 6 | - oaw-secret.yaml 7 | - oaw-user.yaml 8 | -------------------------------------------------------------------------------- /cluster/apps/media/qbittorrent/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - config-qb-pvc.yaml 5 | #- qbittorrent-helm-values-openvpn.yaml 6 | #- helm-release-openvpn.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/networking/authentik/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - config-postgres-pvc.yaml 5 | #- postgress.yaml 6 | #- redis.yaml 7 | #- helm-release.yaml 8 | -------------------------------------------------------------------------------- /cluster/apps/woo/wordpress/mariadb/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - woo-database.yaml 5 | - woo-grant.yaml 6 | - woo-secret.yaml 7 | - woo-user.yaml 8 | -------------------------------------------------------------------------------- /tmpl/secret.enc.yaml: -------------------------------------------------------------------------------- 1 | # yamllint disable 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: cloudflare-token-secret 6 | namespace: cert-manager 7 | stringData: 8 | cloudflare-token: ${BOOTSTRAP_CLOUDFLARE_TOKEN} 9 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/highavailabilitydb/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | # Molecule managed 2 | 3 | {% if item.registry is defined %} 4 | FROM {{ item.registry.url }}/{{ item.image }} 5 | {% else %} 6 | FROM {{ item.image }} 7 | {% endif %} 8 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/nodeploy/k3s_agent.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | node-label: 4 | - "foo=bar" 5 | - "hello=world" 6 | kubelet-arg: 7 | - "cloud-provider=external" 8 | - "provider-id=azure" 9 | snapshotter: native 10 | -------------------------------------------------------------------------------- /cluster/apps/media/drawio/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml -------------------------------------------------------------------------------- /cluster/apps/system/node-feature-discovery/features/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - coral-tpu.yaml 6 | - dvb.yaml 7 | - intel-gpu.yaml 8 | - zigbee.yaml -------------------------------------------------------------------------------- /ansible/inventory/galera/hosts.yml: -------------------------------------------------------------------------------- 1 | galera_cluster: 2 | hosts: 3 | galera-silver: 4 | ansible_host: 192.168.1.130 5 | galera-wezyr: 6 | ansible_host: 192.168.1.131 7 | galera-wuwek: 8 | ansible_host: 192.168.1.132 9 | -------------------------------------------------------------------------------- /cluster/apps/media/m3u-proxy/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml -------------------------------------------------------------------------------- /cluster/apps/pfire/ghostfolio/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml -------------------------------------------------------------------------------- /cluster/apps/pfire/postgrest/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | auth: cG9zdGdyZXN0OiRhcHIxJG1MelFpVTRIJGNUcS5ncUdXbWovOGptdFdFNEg2MS8K 4 | kind: Secret 5 | metadata: 6 | name: postgrest-basic-auth 7 | namespace: pfire 8 | type: Opaque 9 | -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/dysnix-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: dysnix 6 | namespace: flux-system 7 | spec: 8 | interval: 4h 9 | url: https://dysnix.github.io/charts -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/gabe565.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: source.toolkit.fluxcd.io/v1 2 | kind: HelmRepository 3 | metadata: 4 | name: gabe565 5 | namespace: flux-system 6 | spec: 7 | interval: 4h 8 | type: oci 9 | url: oci://ghcr.io/gabe565/charts -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/grafana.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: grafana 6 | namespace: flux-system 7 | spec: 8 | interval: 4h 9 | url: https://grafana.github.io/helm-charts -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/metallb-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: metallb 6 | namespace: flux-system 7 | spec: 8 | interval: 4h 9 | url: https://metallb.github.io/metallb -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/pgadmin.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: pgadmin-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://helm.runix.net 10 | -------------------------------------------------------------------------------- /cluster/apps/pfire/regcred.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: regcred 6 | namespace: pfire 7 | type: kubernetes.io/dockerconfigjson 8 | data: 9 | .dockerconfigjson: ${GITHUB_API_TOKEN_IMAGE_REGISTRY_READ_ENCODED} 10 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/vars/Debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | mariadb_login_unix_socket: /var/run/mysqld/mysqld.sock 3 | mariadb_pre_req_packages: 4 | - "apt-transport-https" 5 | - "software-properties-common" 6 | - "python-mysqldb" 7 | - "rsync" 8 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/debug/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an example playbook to execute Ansible tests. 3 | 4 | - name: Verify 5 | hosts: all 6 | tasks: 7 | - name: Example assertion 8 | ansible.builtin.assert: 9 | that: true 10 | -------------------------------------------------------------------------------- /cluster/apps/system-upgrade/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: system-upgrade 6 | labels: 7 | pod-security.kubernetes.io/enforce: privileged # from SUC manifests 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/oauth2-proxy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: oauth2-proxy 6 | namespace: flux-system 7 | spec: 8 | interval: 4h 9 | url: https://oauth2-proxy.github.io/manifests -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/autodeploy/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an example playbook to execute Ansible tests. 3 | 4 | - name: Verify 5 | hosts: all 6 | tasks: 7 | - name: Example assertion 8 | ansible.builtin.assert: 9 | that: true 10 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/nodeploy/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an example playbook to execute Ansible tests. 3 | 4 | - name: Verify 5 | hosts: all 6 | tasks: 7 | - name: Example assertion 8 | ansible.builtin.assert: 9 | that: true 10 | -------------------------------------------------------------------------------- /cluster/apps/flux-system/addons/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: flux-system 6 | resources: 7 | - ./monitoring 8 | -------------------------------------------------------------------------------- /cluster/apps/pfire/grafana/secret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | type: Opaque 5 | metadata: 6 | name: grafana-secrets 7 | namespace: pfire 8 | stringData: 9 | admin-user: ${SECRET_GRAFANA_USER} 10 | admin-password: ${SECRET_GRAFANA_PASSWORD} -------------------------------------------------------------------------------- /cluster/apps/database/minio/app/minio-secret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: minio-secret 6 | namespace: database 7 | stringData: 8 | access-key-id: "${MINIO_S3_ACCESS_KEY}" 9 | secret-access-key: "${MINIO_S3_SECRET_KEY}" 10 | -------------------------------------------------------------------------------- /cluster/apps/media/jellyfin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - config-jellyfin-pvc.yaml 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /cluster/apps/media/pinchflat/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - pinchflat-config-pvc.yaml 7 | - helmrelease.yaml -------------------------------------------------------------------------------- /cluster/apps/system-upgrade/controller/plans/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./k3s-agent.yaml 7 | - ./k3s-server.yaml -------------------------------------------------------------------------------- /cluster/apps/system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - namespace.yaml 6 | # - intel-gpu-plugin 7 | - intel-device-plugin/ks.yaml 8 | - node-feature-discovery 9 | - cloud-backup 10 | -------------------------------------------------------------------------------- /cluster/apps/woo/oaw/mariadb/oaw-database.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.mariadb.com/v1alpha1 2 | kind: Database 3 | metadata: 4 | name: oaw 5 | namespace: database 6 | spec: 7 | mariaDbRef: 8 | name: mariadb-galera 9 | characterSet: utf8 10 | collate: utf8_general_ci -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/dex-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: dex-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 4h 9 | url: https://charts.dexidp.io 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /ansible/readme2.txt: -------------------------------------------------------------------------------- 1 | make sure certificate exists on new nodes 2 | ssh-copy-id root@192.168.1.41 3 | 4 | upgrade xamanning role: 5 | ansible-galaxy install xanmanning.k3s -p ./roles --force 6 | 7 | run playbook for k3s 8 | ansible-playbook -u root k3s_ha.yml -i inventory/k3s/hosts.yml -------------------------------------------------------------------------------- /cluster/apps/home/home-assistant/readme.txt: -------------------------------------------------------------------------------- 1 | Yi Camera 2 | https://github.com/TheCrypt0/yi-hack-v4 3 | 4 | After WiFi changes: 5 | - use Yi Home application to join Camera to WiFi network 6 | 7 | Purifier: 8 | https://smartme.pl/xiaomi-mi-air-purifier-3h-nareszcie-w-home-assistant/ 9 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/uptime-kuma/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - uptime-kuma-config-pvc.yaml 7 | - helmrelease.yaml -------------------------------------------------------------------------------- /cluster/apps/pfire/stooq-importer/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - nfs-pfire-stooq-pv.yaml 6 | - nfs-pfire-stooq-pvc.yaml 7 | - stooq-importer-pgloader-config.yaml 8 | - stooq-importer-job.yaml 9 | -------------------------------------------------------------------------------- /cluster/apps/woo/wordpress/mariadb/woo-database.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.mariadb.com/v1alpha1 2 | kind: Database 3 | metadata: 4 | name: woo 5 | namespace: database 6 | spec: 7 | mariaDbRef: 8 | name: mariadb-galera 9 | characterSet: utf8 10 | collate: utf8_general_ci -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/hajimari-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: hajimari-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 4h 9 | url: https://hajimari.io 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/openfaas-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: openfaas-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 4h 9 | url: https://openfaas.github.io/faas-netes/ 10 | -------------------------------------------------------------------------------- /tmpl/cluster-settings.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: cluster-settings 6 | namespace: flux-system 7 | data: 8 | METALLB_LB_RANGE: $BOOTSTRAP_METALLB_LB_RANGE 9 | INGRESS_NGINX_LB: $BOOTSTRAP_INGRESS_NGINX_LB 10 | TZ: Europe/Warsaw -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/.gitignore: -------------------------------------------------------------------------------- 1 | .ansible 2 | .vagrant 3 | *.retry 4 | VAULT_PASSWORD 5 | VAULT_PASS 6 | .vault_pass 7 | .vault_pass.asc 8 | vagramt/fetch 9 | vagrant/ubuntu-*.log 10 | __pycache__ 11 | ansible.cfg 12 | pyratlabs-issue-dump.txt 13 | .cache 14 | /.idea/ 15 | -------------------------------------------------------------------------------- /cluster/apps/database/mariadb-operator/operator/readme.txt: -------------------------------------------------------------------------------- 1 | when operator fails with: MARIADB_AUTO_UPGRADE 2 | do 3 | - scale deployment to 0 4 | - edit deployment and add env with AUtO_UPGRADE 5 | - scale deployment to 1 6 | 7 | env: 8 | - name: MARIADB_AUTO_UPGRADE 9 | value: "true" -------------------------------------------------------------------------------- /cluster/apps/system-upgrade/controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - source.yaml 7 | - helmrelease.yaml 8 | - rbac.yaml -------------------------------------------------------------------------------- /cluster/flux/vars/cluster-settings.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: cluster-settings 6 | namespace: flux-system 7 | data: 8 | METALLB_LB_RANGE: 192.168.1.210-192.168.1.254 9 | INGRESS_NGINX_LB: 192.168.1.210 10 | TZ: Europe/Warsaw 11 | -------------------------------------------------------------------------------- /cluster/apps/media/immich/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - nfs-backup-ro-obrazki-pv.yaml 6 | - nfs-backup-ro-obrazki-pvc.yaml 7 | - immich-configmap.yaml 8 | - immich-secret.yaml 9 | - helm-release.yaml -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/authelia-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: authelia-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 4h 9 | url: https://charts.authelia.com 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/bytebase.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: bytebase-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 4h 9 | url: https://bytebase.github.io/bytebase 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/cetic-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: cetic-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 4h 9 | url: https://cetic.github.io/helm-charts 10 | timeout: 2m 11 | -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/jetstack-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: jetstack-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 4h 9 | url: https://charts.jetstack.io/ 10 | timeout: 2m 11 | -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/longhorn-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: longhorn-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 4h 9 | url: https://charts.longhorn.io 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/templates/etc/mariadb_overrides.cnf.j2: -------------------------------------------------------------------------------- 1 | 2 | {% for group, settings in mariadb_config_overrides.items() %} 3 | 4 | [{{ group }}] 5 | {% for key, value in settings.items() %} 6 | {{ key }} = {{ value }} 7 | {% endfor %} 8 | 9 | {% endfor %} 10 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/default/playbook-download.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: true 5 | vars: 6 | molecule_is_test: true 7 | k3s_state: downloaded 8 | roles: 9 | - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" 10 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/default/playbook-stop-cluster.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: true 5 | vars: 6 | molecule_is_test: true 7 | k3s_state: stopped 8 | roles: 9 | - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" 10 | -------------------------------------------------------------------------------- /cluster/apps/media/calibre/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/media/morphos/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/pfire/redis/redis-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: redis-pvc 6 | namespace: pfire 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 2Gi 13 | storageClassName: longhorn -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/authentik-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: authentik-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 4h 9 | url: https://goauthentik.github.io/helm 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/fission-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: fission-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 4h 9 | url: https://fission.github.io/fission-charts/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/k8s-at-home-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: k8s-at-home-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 4h 9 | url: https://k8s-at-home.com/charts/ 10 | timeout: 2m 11 | -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/postgrest-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: postgrest-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 4h 9 | url: https://colearendt.github.io/helm 10 | timeout: 2m 11 | -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/tooljet-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: tooljet-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 4h 9 | url: https://ToolJet.github.io/helm-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/vernemq-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: vernemq-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 4h 9 | url: https://vernemq.github.io/docker-vernemq 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/default/playbook-restart-cluster.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: true 5 | vars: 6 | molecule_is_test: true 7 | k3s_state: restarted 8 | roles: 9 | - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" 10 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/default/playbook-standalone.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: true 5 | vars: 6 | molecule_is_test: true 7 | k3s_build_cluster: false 8 | roles: 9 | - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" 10 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/default/playbook-start-cluster.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: true 5 | vars: 6 | molecule_is_test: true 7 | k3s_state: started 8 | roles: 9 | - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" 10 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Run pre-checks 4 | ansible.builtin.import_tasks: pre_checks.yml 5 | 6 | - name: Ensure state {{ (k3s_state | lower) | default('installed') }} 7 | ansible.builtin.include_tasks: state_{{ (k3s_state | lower) | default('installed') }}.yml 8 | -------------------------------------------------------------------------------- /cluster/apps/cert-manager/cert-manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | - letsencrypt-production.yaml 7 | - letsencrypt-staging.yaml 8 | - secret.enc.yaml 9 | - letsencrypt-oaw.yaml 10 | -------------------------------------------------------------------------------- /cluster/apps/default/cyberchef/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/default/it-tools/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/longhorn/longhorn/configs/backup-daily.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: longhorn.io/v1beta2 3 | kind: RecurringJob 4 | metadata: 5 | name: backup-daily 6 | namespace: longhorn 7 | spec: 8 | name: backup-daily 9 | cron: "0 6 * * *" 10 | task: "backup" 11 | retain: 14 12 | concurrency: 1 -------------------------------------------------------------------------------- /cluster/apps/longhorn/longhorn/configs/snapshot-6h.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: longhorn.io/v1beta2 3 | kind: RecurringJob 4 | metadata: 5 | name: snapshot-6h 6 | namespace: longhorn 7 | spec: 8 | name: snapshot-6h 9 | cron: "0 */6 * * *" 10 | task: "snapshot" 11 | retain: 8 12 | concurrency: 2 -------------------------------------------------------------------------------- /cluster/apps/media/bitmappery/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/media/calibre-web/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/media/tubearchivist/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - tubearchivist-secret.yaml 6 | - pvc.yaml 7 | - helm-release-elasticsearch.yaml 8 | - helm-release-redis-stack.yaml 9 | - helm-release.yaml 10 | -------------------------------------------------------------------------------- /cluster/apps/networking/keda/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/prometheus-community-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: prometheus-community-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 4h 9 | url: https://prometheus-community.github.io/helm-charts -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/stakater-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: stakater-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 4h 9 | url: https://stakater.github.io/stakater-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/default/playbook-uninstall-cluster.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: true 5 | vars: 6 | molecule_is_test: true 7 | k3s_state: uninstalled 8 | roles: 9 | - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" 10 | -------------------------------------------------------------------------------- /cluster/apps/database/phpmyadmin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/flux-system/addons/app/monitoring/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: flux-system 6 | resources: 7 | - ./podmonitor.yaml 8 | - ./prometheusrule.yaml -------------------------------------------------------------------------------- /cluster/apps/home/emqx/app/emqx-secret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: emqx-secret 6 | namespace: home 7 | stringData: 8 | admin_password: "${EMQX_MQTT_ADMIN_PASSWORD}" 9 | user_1_username: "${EMQX_MQTT_USER}" 10 | user_1_password: "${EMQX_MQTT_PASSWORD}" 11 | -------------------------------------------------------------------------------- /cluster/apps/media/tubearchivist/tubearchivist-secret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: tubearchivist-secret 6 | namespace: media 7 | stringData: 8 | TA_USERNAME: ${TA_USERNAME} 9 | TA_PASSWORD: ${TA_PASSWORD} 10 | TA_ELASTIC_PASSWORD: ${TA_ELASTIC_PASSWORD} 11 | -------------------------------------------------------------------------------- /cluster/apps/pfire/investbrain/redis/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: ib-redis 6 | namespace: media 7 | spec: 8 | storageClassName: longhorn 9 | accessModes: 10 | - ReadWriteOnce 11 | resources: 12 | requests: 13 | storage: 256Mi -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/codecentric-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: codecentric-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 4h 9 | url: https://codecentric.github.io/helm-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/k8s-gateway-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: k8s-gateway-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 4h 9 | url: https://ori-edge.github.io/k8s_gateway/ 10 | timeout: 2m 11 | -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/kubernetes-stable-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: kubernetes-stable-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 4h 9 | url: https://charts.helm.sh/stable 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/mariadb-operator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: mariadb-operator 6 | namespace: flux-system 7 | spec: 8 | interval: 4h 9 | url: https://mariadb-operator.github.io/mariadb-operator 10 | timeout: 3m -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/nicholaswilde.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: nicholaswilde-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 4h 9 | url: https://nicholaswilde.github.io/helm-charts/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/apps/database/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./namespace.yaml 6 | - ./minio/ks.yaml 7 | - ./crunchy-postgres-operator/ks.yaml 8 | - ./mariadb-operator/ks.yaml 9 | - ./phpmyadmin/ks.yaml 10 | - ./influx/ks.yaml -------------------------------------------------------------------------------- /cluster/apps/home/hajimari/config-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: hajimari-config 6 | namespace: home 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | storageClassName: longhorn 11 | resources: 12 | requests: 13 | storage: 128Mi -------------------------------------------------------------------------------- /cluster/apps/media/crunchy-postgres-secret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: crunchy-postgres-secret 6 | namespace: media 7 | stringData: 8 | s3.conf: | 9 | [global] 10 | repo1-s3-key=${MINIO_S3_ACCESS_KEY} 11 | repo1-s3-key-secret=${MINIO_S3_SECRET_KEY} 12 | -------------------------------------------------------------------------------- /cluster/apps/pfire/crunchy-postgres-secret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: crunchy-postgres-secret 6 | namespace: pfire 7 | stringData: 8 | s3.conf: | 9 | [global] 10 | repo1-s3-key=${MINIO_S3_ACCESS_KEY} 11 | repo1-s3-key-secret=${MINIO_S3_SECRET_KEY} 12 | -------------------------------------------------------------------------------- /cluster/apps/woo/oaw/config-oaw-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: config-oaw-pvc 6 | namespace: woo 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | storageClassName: longhorn 11 | resources: 12 | requests: 13 | storage: 500Mi 14 | -------------------------------------------------------------------------------- /cluster/apps/woo/oaw/mariadb/oaw-grant.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.mariadb.com/v1alpha1 2 | kind: Grant 3 | metadata: 4 | name: oaw 5 | namespace: database 6 | spec: 7 | mariaDbRef: 8 | name: mariadb-galera 9 | privileges: 10 | - "ALL PRIVILEGES" 11 | database: "*" 12 | table: "*" 13 | username: oaw -------------------------------------------------------------------------------- /cluster/apps/woo/oaw/mariadb/oaw-user.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.mariadb.com/v1alpha1 2 | kind: User 3 | metadata: 4 | name: oaw 5 | namespace: database 6 | spec: 7 | mariaDbRef: 8 | name: mariadb-galera 9 | passwordSecretKeyRef: 10 | name: oaw-secret 11 | key: password 12 | maxUserConnections: 20 -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/hasura-extra-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: hasura-extra-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 4h 9 | url: https://hasura-extra.github.io/hasura-extra 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/ingress-nginx-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: ingress-nginx-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 4h 9 | url: https://kubernetes.github.io/ingress-nginx 10 | timeout: 2m 11 | -------------------------------------------------------------------------------- /cluster/apps/database/influx/app/influx-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: influx-pvc 6 | namespace: database 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | storageClassName: longhorn 11 | resources: 12 | requests: 13 | storage: 512Mi 14 | -------------------------------------------------------------------------------- /cluster/apps/media/nfs-media-omv-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: nfs-media-omv-pvc 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteMany 10 | storageClassName: media-omv 11 | resources: 12 | requests: 13 | storage: 1Mi 14 | -------------------------------------------------------------------------------- /cluster/apps/media/qbittorrent/config-qb-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: config-qb-pvc 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | storageClassName: longhorn 11 | resources: 12 | requests: 13 | storage: 10Mi 14 | -------------------------------------------------------------------------------- /cluster/apps/woo/wordpress/config-woo-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: config-woo-pvc 6 | namespace: woo 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | storageClassName: longhorn 11 | resources: 12 | requests: 13 | storage: 500Mi 14 | -------------------------------------------------------------------------------- /cluster/apps/woo/wordpress/mariadb/woo-user.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.mariadb.com/v1alpha1 2 | kind: User 3 | metadata: 4 | name: woo 5 | namespace: database 6 | spec: 7 | mariaDbRef: 8 | name: mariadb-galera 9 | passwordSecretKeyRef: 10 | name: woo-secret 11 | key: password 12 | maxUserConnections: 20 -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/Vagrant/cleanup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | vagrant destroy -f 3 | for file in *.retry; do 4 | if [[ -f $file ]]; then 5 | rm $file 6 | fi 7 | done 8 | if [ -d host_vars ]; then 9 | rm -rf host_vars 10 | fi 11 | if [ -d .vagrant ]; then 12 | rm -rf .vagrant 13 | fi 14 | -------------------------------------------------------------------------------- /cluster/apps/home/emqx/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./emqx-secret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /cluster/apps/media/nfs-media-ebook-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: nfs-media-ebook-pvc 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteMany 10 | storageClassName: media-ebook 11 | resources: 12 | requests: 13 | storage: 1Mi 14 | -------------------------------------------------------------------------------- /cluster/apps/media/nfs-media-text-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: nfs-media-text-pvc 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteMany 10 | storageClassName: media-text 11 | resources: 12 | requests: 13 | storage: 1Mi 14 | -------------------------------------------------------------------------------- /cluster/apps/media/podsync/config-podsync-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: config-podsync-pvc 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | storageClassName: longhorn 11 | resources: 12 | requests: 13 | storage: 1Gi 14 | -------------------------------------------------------------------------------- /cluster/apps/media/radarr/config-radarr-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: config-radarr-pvc 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | storageClassName: longhorn 11 | resources: 12 | requests: 13 | storage: 100Mi 14 | -------------------------------------------------------------------------------- /cluster/apps/media/sonarr/config-sonarr-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: config-sonarr-pvc 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | storageClassName: longhorn 11 | resources: 12 | requests: 13 | storage: 100Mi 14 | -------------------------------------------------------------------------------- /cluster/apps/system/cloud-backup/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - nfs-backup-omv-pv.yaml 6 | - nfs-backup-omv-pvc.yaml 7 | - nfs-backup-ro-omv-pv.yaml 8 | - nfs-backup-ro-omv-pvc.yaml 9 | - secret.yaml 10 | - cron-job.yaml 11 | -------------------------------------------------------------------------------- /cluster/apps/woo/wordpress/mariadb/woo-grant.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.mariadb.com/v1alpha1 2 | kind: Grant 3 | metadata: 4 | name: woo 5 | namespace: database 6 | spec: 7 | mariaDbRef: 8 | name: mariadb-galera 9 | privileges: 10 | - "ALL PRIVILEGES" 11 | database: "*" 12 | table: "*" 13 | username: woo -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/metrics-server-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: metrics-server-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 4h 9 | url: https://kubernetes-sigs.github.io/metrics-server 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/apps/database/influx/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./influx-pvc.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /cluster/apps/home/frigate/app/frigate-config-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: frigate-config-pvc 6 | namespace: home 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 1Gi 13 | storageClassName: longhorn 14 | -------------------------------------------------------------------------------- /cluster/apps/home/syncthing/config-syncthing-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: config-syncthing-pvc 6 | namespace: home 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | storageClassName: longhorn 11 | resources: 12 | requests: 13 | storage: 4Gi 14 | -------------------------------------------------------------------------------- /cluster/apps/media/jackett/config-jackett-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: config-jackett-pvc 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | storageClassName: longhorn 11 | resources: 12 | requests: 13 | storage: 100Mi 14 | -------------------------------------------------------------------------------- /cluster/apps/media/nfs-media-images-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: nfs-media-images-pvc 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteMany 10 | storageClassName: media-images 11 | resources: 12 | requests: 13 | storage: 1Mi 14 | -------------------------------------------------------------------------------- /cluster/apps/media/nfs-podcasts-omv-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: nfs-podcasts-omv-pvc 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteMany 10 | storageClassName: podcasts-omv 11 | resources: 12 | requests: 13 | storage: 1Mi 14 | -------------------------------------------------------------------------------- /cluster/apps/networking/capacitor/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./rbac.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /cluster/apps/pfire/tooljet/secret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: server 6 | namespace: pfire 7 | type: Opaque 8 | data: 9 | pg_password: ${SECRET_POSTGRESQL_PASS} 10 | secret_key_base: ${SECRET_TOOLJET_LOCKBOX_MASTER_KEY} 11 | lockbox_key: ${SECRET_TOOLJET_SECRET_KEY_BASE} 12 | -------------------------------------------------------------------------------- /cluster/apps/system/cloud-backup/secret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: rclone-config-secret 6 | namespace: system 7 | stringData: 8 | rclone.conf: |- 9 | [marxnas] 10 | type = b2 11 | account = ${SECRET_B2_ID} 12 | key = ${SECRET_B2_PASS} 13 | hard_delete = false -------------------------------------------------------------------------------- /cluster/apps/media/jellyfin/app/config-jellyfin-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: config-jellyfin-pvc 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | storageClassName: longhorn 11 | resources: 12 | requests: 13 | storage: 6Gi 14 | -------------------------------------------------------------------------------- /cluster/apps/media/nfs-recordings-omv-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: nfs-recordings-omv-pvc 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteMany 10 | storageClassName: recordings-omv 11 | resources: 12 | requests: 13 | storage: 100Gi 14 | -------------------------------------------------------------------------------- /cluster/apps/media/tvheadend/config-tvheadend-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: config-tvheadend-pvc 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | storageClassName: longhorn 11 | resources: 12 | requests: 13 | storage: 100Mi 14 | -------------------------------------------------------------------------------- /cluster/apps/system/cloud-backup/nfs-backup-omv-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: nfs-backup-omv-pvc 6 | namespace: home 7 | spec: 8 | accessModes: 9 | - ReadWriteMany 10 | storageClassName: backup-omv 11 | resources: 12 | requests: 13 | storage: 1Mi 14 | -------------------------------------------------------------------------------- /cluster/apps/system/intel-device-plugin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-system 6 | resources: 7 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /cluster/apps/system/intel-device-plugin/gpu/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-system 6 | resources: 7 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /cluster/apps/media/nfs-media-pinchflat-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: nfs-media-pinchflat-pvc 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteMany 10 | storageClassName: media-pinchflat 11 | resources: 12 | requests: 13 | storage: 1Mi 14 | -------------------------------------------------------------------------------- /cluster/apps/media/pinchflat/app/pinchflat-config-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: pinchflat-config-pvc 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 2Gi 13 | storageClassName: longhorn 14 | -------------------------------------------------------------------------------- /cluster/apps/networking/authelia/config-authelia-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: config-authelia-pvc 6 | namespace: networking 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | storageClassName: longhorn 11 | resources: 12 | requests: 13 | storage: 100Mi 14 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/debug/prepare.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Prepare 3 | hosts: all 4 | tasks: 5 | - name: Ensure apt cache is updated and iptables is installed 6 | ansible.builtin.apt: 7 | name: iptables 8 | state: present 9 | update_cache: true 10 | when: ansible_pkg_mgr == 'apt' 11 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/default/prepare.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Prepare 3 | hosts: all 4 | tasks: 5 | - name: Ensure apt cache is updated and iptables is installed 6 | ansible.builtin.apt: 7 | name: iptables 8 | state: present 9 | update_cache: true 10 | when: ansible_pkg_mgr == 'apt' 11 | -------------------------------------------------------------------------------- /cluster/apps/home/zigbee2mqtt/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./zigbee2mqtt-config-pvc.yaml 7 | - ./helm-release.yaml 8 | -------------------------------------------------------------------------------- /cluster/apps/home/zigbee2mqtt/app/zigbee2mqtt-config-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: zigbee2mqtt-config-pvc 6 | namespace: home 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 256Mi 13 | storageClassName: longhorn 14 | -------------------------------------------------------------------------------- /cluster/apps/media/immich/immich-secret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: immich-secret 6 | namespace: media 7 | stringData: 8 | # Immich 9 | OAUTH_CLIENT_SECRET: "${IMMICH_OAUTH_CLIENT_SECRET}" 10 | JWT_SECRET: "${IMMICH_JWT_SECRET}" 11 | TYPESENSE_API_KEY: "${IMMICH_TYPESENSE_API_KEY}" 12 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/scrutiny/app/scrutiny-config-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: scrutiny-config-pvc 6 | namespace: monitoring 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | storageClassName: longhorn 11 | resources: 12 | requests: 13 | storage: 50Mi 14 | -------------------------------------------------------------------------------- /cluster/apps/networking/authentik/config-postgres-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: config-postgres-pvc 6 | namespace: networking 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | storageClassName: longhorn 11 | resources: 12 | requests: 13 | storage: 100Mi 14 | -------------------------------------------------------------------------------- /cluster/apps/networking/dex/readme.txt: -------------------------------------------------------------------------------- 1 | Google: see: https://developers.google.com/identity/protocols/oauth2/openid-connect 2 | - set project 3 | - Add credentials: https://console.developers.google.com/apis/credentials 4 | 5 | See alsoo: https://elastisys.com/elastisys-engineering-how-to-use-dex-with-google-accounts-to-manage-access-in-kubernetes/ -------------------------------------------------------------------------------- /cluster/apps/pfire/stooq-importer/nfs-pfire-stooq-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: nfs-pfire-stooq-pvc 6 | namespace: pfire 7 | spec: 8 | accessModes: 9 | - ReadOnlyMany 10 | storageClassName: pfire-stooq-ro 11 | resources: 12 | requests: 13 | storage: 100Gi 14 | -------------------------------------------------------------------------------- /cluster/apps/system/cloud-backup/nfs-backup-ro-omv-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: nfs-backup-ro-omv-pvc 6 | namespace: system 7 | spec: 8 | accessModes: 9 | - ReadOnlyMany 10 | storageClassName: backup-ro-omv 11 | resources: 12 | requests: 13 | storage: 1Mi 14 | -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/bjw-s.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: bjw-s 6 | namespace: flux-system 7 | spec: 8 | # type: oci 9 | interval: 4h 10 | url: https://bjw-s-labs.github.io/helm-charts 11 | # url: oci://ghcr.io/bernd-schorgers/helm 12 | timeout: 3m -------------------------------------------------------------------------------- /cluster/apps/home/home-assistant/app/home-assistant-config-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: home-assistant-config-pvc 6 | namespace: home 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 512Mi 13 | storageClassName: longhorn 14 | -------------------------------------------------------------------------------- /cluster/apps/home/home-assistant/app/home-assistant-data-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: home-assistant-data-pvc 6 | namespace: home 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 1024Mi 13 | storageClassName: longhorn 14 | -------------------------------------------------------------------------------- /cluster/apps/media/immich/nfs-backup-ro-obrazki-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: nfs-backup-ro-obrazki-pvc 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadOnlyMany 10 | storageClassName: backup-ro-obrazki 11 | resources: 12 | requests: 13 | storage: 1Mi 14 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Trash 2 | .DS_Store 3 | Thumbs.db 4 | # k8s 5 | kubeconfig 6 | # vscode-sops 7 | .decrypted~*.yaml 8 | .config.env 9 | *.agekey 10 | *.pub 11 | *.key 12 | github-deploy-key* 13 | # Ansible 14 | xanmanning.k3s* 15 | # Terraform 16 | .terraform 17 | .terraform.tfstate* 18 | terraform.tfstate* 19 | megalinter-reports 20 | /homelab.iml 21 | -------------------------------------------------------------------------------- /cluster/apps/cert-manager/cert-manager/readme.txt: -------------------------------------------------------------------------------- 1 | How to prepare Issuer: https://cert-manager.io/docs/configuration/acme/dns01/cloudflare/ 2 | 3 | 4 | removing chart doesn't remove webhooks: 5 | kubectl delete MutatingWebhookConfiguration cert-manager-cert-manager-webhook 6 | kubectl delete ValidatingWebhookConfiguration cert-manager-cert-manager-webhook 7 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/uptime-kuma/app/uptime-kuma-config-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: uptime-kuma-config-pvc 6 | namespace: monitoring 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 1Gi 13 | storageClassName: longhorn 14 | -------------------------------------------------------------------------------- /cluster/apps/pfire/pgadmin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | configMapGenerator: 7 | - name: pgadmin-server-configmap 8 | files: 9 | - servers.json=./resources/servers.json 10 | generatorOptions: 11 | disableNameSuffixHash: true -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/node-feature-discovery-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: node-feature-discovery-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 4h 9 | url: https://kubernetes-sigs.github.io/node-feature-discovery/charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for ansible-mariadb-galera-cluster 3 | - name: "restart mysql" 4 | service: 5 | name: "mysql" 6 | state: "restarted" 7 | become: true 8 | 9 | - name: "reload mysql" 10 | service: 11 | name: "mysql" 12 | state: "reloaded" 13 | become: true 14 | -------------------------------------------------------------------------------- /.sourceignore: -------------------------------------------------------------------------------- 1 | # See https://toolkit.fluxcd.io/components/source/gitrepositories/#excluding-files 2 | .github/ 3 | .taskfiles/ 4 | .vscode/ 5 | provision/ 6 | tmpl/ 7 | .config.sample.env 8 | .envrc 9 | .gitattributes 10 | .gitignore 11 | .pre-commit-config.yaml 12 | .sops.yaml 13 | ansible.cfg 14 | configure 15 | LICENSE 16 | README.md 17 | Taskfile.yml 18 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/vars/Ubuntu-20.yml: -------------------------------------------------------------------------------- 1 | --- 2 | mariadb_login_unix_socket: /var/run/mysqld/mysqld.sock 3 | mariadb_pre_req_packages: 4 | - "apt-transport-https" 5 | - "software-properties-common" 6 | - "python3-pymysql" 7 | - "rsync" 8 | # Version of the mainline MariaDB package in Ubuntu 20.04 9 | mariadb_version: "10.3" 10 | -------------------------------------------------------------------------------- /cluster/apps/home/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - namespace.yaml 6 | - forecastle 7 | # - syncthing 8 | # - vernemq 9 | - hajimari 10 | - firefox 11 | - sshwifty 12 | - emqx/ks.yaml 13 | - frigate/ks.yaml 14 | - zigbee2mqtt/ks.yaml 15 | - home-assistant/ks.yaml 16 | -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/intel.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: intel 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://intel.github.io/helm-charts -------------------------------------------------------------------------------- /cluster/apps/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - flux-system 6 | - networking 7 | - kube-system 8 | - longhorn 9 | - system 10 | - cert-manager 11 | - system-upgrade 12 | - home 13 | - media 14 | - default 15 | - pfire 16 | - monitoring 17 | - database 18 | - woo 19 | -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/kedacore.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: kedacore 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://kedacore.github.io/charts -------------------------------------------------------------------------------- /cluster/apps/monitoring/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - namespace.yaml 7 | - kube-prometheus-stack 8 | # - thanos 9 | - loki 10 | - speedtest-exporter 11 | - scrutiny/ks.yaml 12 | - uptime-kuma/ks.yaml 13 | -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/emqx.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: emqx 7 | namespace: flux-system 8 | spec: 9 | interval: 4h 10 | url: https://repos.emqx.io/charts 11 | timeout: 3m -------------------------------------------------------------------------------- /cluster/apps/home/home-assistant/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./home-assistant-config-pvc.yaml 7 | - ./home-assistant-data-pvc.yaml 8 | - ./helm-release.yaml 9 | -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/groundhog2k.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: groundhog2k 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://groundhog2k.github.io/helm-charts/ -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/nodeploy/k3s_server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | flannel-backend: 'none' 4 | disable-scheduler: true 5 | disable-cloud-controller: true 6 | disable-network-policy: true 7 | disable: 8 | - coredns 9 | - traefik 10 | - servicelb 11 | - local-storage 12 | - metrics-server 13 | node-taint: 14 | - "k3s-controlplane=true:NoExecute" 15 | snapshotter: native 16 | -------------------------------------------------------------------------------- /cluster/apps/networking/ddns-job/secret.yaml: -------------------------------------------------------------------------------- 1 | # secret.yaml 2 | --- 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: do-token 7 | namespace: networking 8 | type: Opaque 9 | stringData: 10 | # You API token in base64 11 | # Get token from https://cloud.digitalocean.com/settings/applications 12 | TOKEN: ${SECRET_CLOUDFLARE_TOKEN} 13 | ZONE_ID: ${SECRET_CLOUDFLARE_ZONE_ID} 14 | -------------------------------------------------------------------------------- /.taskfiles/PrecommitTasks.yml: -------------------------------------------------------------------------------- 1 | --- 2 | version: "3" 3 | 4 | tasks: 5 | 6 | init: 7 | desc: Initialize pre-commit hooks 8 | cmds: 9 | - pre-commit install --install-hooks 10 | 11 | run: 12 | desc: Run pre-commit 13 | cmds: 14 | - pre-commit run --all-files 15 | 16 | update: 17 | desc: Update pre-commit hooks 18 | cmds: 19 | - pre-commit autoupdate 20 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/templates/config.yaml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | {% if k3s_etcd_datastore and (k3s_control_node is defined and k3s_control_node) and (k3s_primary_control_node is defined and k3s_primary_control_node) %} 4 | cluster-init: true 5 | {% endif %} 6 | {% if k3s_runtime_config is defined and k3s_runtime_config | length > 0 %} 7 | {{ k3s_runtime_config | to_nice_yaml(indent=2) }} 8 | {% endif %} 9 | -------------------------------------------------------------------------------- /cluster/apps/networking/oauth2-proxy/oauth2-proxy-helm-values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: oauth2-proxy-helm-values 6 | namespace: networking 7 | stringData: 8 | values.yaml: |- 9 | config: 10 | clientSecret: "${SECRET_OAUTH2_PROXY_SECRET}" 11 | cookieSecret: "${SECRET_OAUTH2_PROXY_COOKIE_SECRET}" 12 | clientID: "oauth2-proxy" 13 | 14 | -------------------------------------------------------------------------------- /cluster/apps/pfire/jobshot/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | configMapGenerator: 7 | - name: jobshot-jobs 8 | files: 9 | - jobs.yaml=./config/jobs.yaml 10 | generatorOptions: 11 | disableNameSuffixHash: true 12 | annotations: 13 | kustomize.toolkit.fluxcd.io/substitute: enabled -------------------------------------------------------------------------------- /cluster/flux/repositories/helm/crunchydata.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://lds-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: crunchydata 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 4h 11 | url: oci://registry.developers.crunchydata.com/crunchydata -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/default/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: true 5 | roles: 6 | - role: xanmanning.k3s 7 | vars: 8 | molecule_is_test: true 9 | k3s_install_hard_links: true 10 | k3s_release_version: stable 11 | k3s_server: 12 | snapshotter: native 13 | k3s_agent: 14 | snapshotter: native 15 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/nodeploy/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: true 5 | vars: 6 | molecule_is_test: true 7 | k3s_server: "{{ lookup('file', 'k3s_server.yml') | from_yaml }}" 8 | k3s_agent: "{{ lookup('file', 'k3s_agent.yml') | from_yaml }}" 9 | k3s_airgap: true 10 | k3s_release_version: latest 11 | roles: 12 | - role: xanmanning.k3s 13 | -------------------------------------------------------------------------------- /cluster/apps/media/qbittorrent/readme.txt: -------------------------------------------------------------------------------- 1 | wireguard on old kernel: 2 | https://nixvsevil.com/posts/wireguard-in-proxmox-lxc/ 3 | 4 | encrypting secret with SOPS: 5 | sops -e -i qbittorrent-helm-values-openvpn.yaml 6 | 7 | after deployment port-forward and set: 8 | Bypass authentication for clients in whitelisted IP subnets 9 | 10.43.0.0/16 10 | 11 | 12 | https://trash-guides.info/Radarr/V3/Tips/Radarr-rename-your-folders/ -------------------------------------------------------------------------------- /cluster/apps/networking/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - namespace.yaml 6 | - ingress-nginx 7 | - wildcard-certificate 8 | - ddns-job 9 | - k8s_gateway 10 | - oauth2-proxy 11 | - dex 12 | #- authelia 13 | #- authentik 14 | - mail 15 | - privatebin 16 | - pictshare 17 | - keda/ks.yaml 18 | # - capacitor/ks.yaml 19 | -------------------------------------------------------------------------------- /.aider.chat.history.md: -------------------------------------------------------------------------------- 1 | 2 | # aider chat started at 2025-03-10 08:48:15 3 | 4 | > Aider respects your privacy and never collects your code, chat messages, keys or personal info. 5 | > For more info: https://aider.chat/docs/more/analytics.html 6 | > Allow collection of anonymous analytics to help improve aider? (Y)es/(N)o [Yes]: n 7 | > Analytics have been permanently disabled. 8 | > You can skip this check with --no-gitignore 9 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/highavailabilitydb/haproxy-loadbalancer.conf.j2: -------------------------------------------------------------------------------- 1 | frontend loadbalancer 2 | bind *:6443 3 | mode tcp 4 | default_backend control_nodes 5 | timeout client 1m 6 | 7 | backend control_nodes 8 | mode tcp 9 | balance roundrobin 10 | server node2 node2:6443 11 | server node3 node3:6443 12 | timeout connect 30s 13 | timeout server 30m 14 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/highavailabilityetcd/haproxy-loadbalancer.conf.j2: -------------------------------------------------------------------------------- 1 | frontend loadbalancer 2 | bind *:6443 3 | mode tcp 4 | default_backend control_nodes 5 | timeout client 1m 6 | 7 | backend control_nodes 8 | mode tcp 9 | balance roundrobin 10 | server node2 node2:6443 11 | server node3 node3:6443 12 | timeout connect 30s 13 | timeout server 30m 14 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/default/tests/test_default.py: -------------------------------------------------------------------------------- 1 | import os 2 | 3 | import testinfra.utils.ansible_runner 4 | 5 | testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( 6 | os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') 7 | 8 | 9 | def test_hosts_file(host): 10 | f = host.file('/etc/hosts') 11 | 12 | assert f.exists 13 | assert f.user == 'root' 14 | assert f.group == 'root' 15 | -------------------------------------------------------------------------------- /cluster/apps/system/node-feature-discovery/features/dvb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: nfd.k8s-sigs.io/v1alpha1 3 | kind: NodeFeatureRule 4 | metadata: 5 | name: dvb 6 | spec: 7 | rules: 8 | - name: dvb 9 | labels: 10 | dvb.feature.node.kubernetes.io/dvb: "true" 11 | matchFeatures: 12 | - feature: pci.device 13 | matchExpressions: 14 | vendor: { op: In, value: ["0400", "14f1", "8880"] } -------------------------------------------------------------------------------- /ansible/inventory/k3s/hosts.yml: -------------------------------------------------------------------------------- 1 | k3s_cluster: 2 | hosts: 3 | # silver: 4 | # ansible_host: 192.168.1.178 5 | wezyr: 6 | ansible_host: 192.168.1.39 7 | wuwek: 8 | ansible_host: 192.168.1.13 9 | # cobra: 10 | # ansible_host: 192.168.1.40 11 | # enigma: 12 | # ansible_host: 192.168.1.41 13 | kaczka: 14 | ansible_host: 192.168.1.9 15 | kura: 16 | ansible_host: 192.168.1.18 17 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/debug/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | become: true 5 | vars: 6 | pyratlabs_issue_controller_dump: true 7 | k3s_server: 8 | snapshotter: native 9 | k3s_agent: 10 | snapshotter: native 11 | pre_tasks: 12 | - name: Ensure k3s_debug is set 13 | ansible.builtin.set_fact: 14 | k3s_debug: true 15 | roles: 16 | - xanmanning.k3s 17 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/highavailabilitydb/tests/test_default.py: -------------------------------------------------------------------------------- 1 | import os 2 | 3 | import testinfra.utils.ansible_runner 4 | 5 | testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( 6 | os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') 7 | 8 | 9 | def test_hosts_file(host): 10 | f = host.file('/etc/hosts') 11 | 12 | assert f.exists 13 | assert f.user == 'root' 14 | assert f.group == 'root' 15 | -------------------------------------------------------------------------------- /cluster/apps/system/node-feature-discovery/features/zigbee.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: nfd.k8s-sigs.io/v1alpha1 3 | kind: NodeFeatureRule 4 | metadata: 5 | name: zigbee 6 | spec: 7 | rules: 8 | - name: zigbee 9 | labels: 10 | conbee.feature.node.kubernetes.io/zigbee: "true" 11 | matchFeatures: 12 | - feature: usb.device 13 | matchExpressions: 14 | vendor: { op: In, value: ["02", "1cf1", "0030"] } -------------------------------------------------------------------------------- /cluster/apps/networking/wildcard-certificate/certificate.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: Certificate 4 | metadata: 5 | name: "${SECRET_DOMAIN/./-}" 6 | namespace: networking 7 | spec: 8 | secretName: "${SECRET_DOMAIN/./-}-tls" 9 | issuerRef: 10 | name: letsencrypt-production 11 | kind: ClusterIssuer 12 | commonName: "${SECRET_DOMAIN}" 13 | dnsNames: 14 | - "${SECRET_DOMAIN}" 15 | - "*.${SECRET_DOMAIN}" 16 | -------------------------------------------------------------------------------- /cluster/apps/system/node-feature-discovery/features/coral-tpu.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: nfd.k8s-sigs.io/v1alpha1 3 | kind: NodeFeatureRule 4 | metadata: 5 | name: coral-tpu 6 | spec: 7 | rules: 8 | - name: coral-tpu 9 | labels: 10 | google.feature.node.kubernetes.io/coral: "true" 11 | matchFeatures: 12 | - feature: usb.device 13 | matchExpressions: 14 | vendor: { op: In, value: ["1a6e", "18d1"] } -------------------------------------------------------------------------------- /cluster/apps/home/frigate/app/frigate-secret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: frigate-secret 6 | namespace: home 7 | stringData: 8 | # App 9 | # PLUS_API_KEY: "{{ .PLUS_API_KEY }}" 10 | FRIGATE_CAMERA_USER: "${FRIGATE_CAMERA_USER}" 11 | FRIGATE_CAMERA_PASSWORD: "${FRIGATE_CAMERA_PASSWORD}" 12 | # EMQX 13 | FRIGATE_MQTT_USERNAME: "${EMQX_MQTT_USER}" 14 | FRIGATE_MQTT_PASSWORD: "${EMQX_MQTT_PASSWORD}" 15 | -------------------------------------------------------------------------------- /cluster/apps/pfire/postgrest/readme.txt: -------------------------------------------------------------------------------- 1 | Based on: https://kubernetes.github.io/ingress-nginx/examples/auth/basic/ 2 | 3 | htpasswd -c auth postgrest 4 | 5 | kubectl create secret generic postgrest-basic-auth --from-file=auth -o yaml -n pfire > secret.yaml 6 | 7 | 8 | Base on: https://postgrest.org/en/stable/tutorials/tut0.html 9 | create role web_anon nologin; 10 | 11 | grant usage on schema attributes to web_anon; 12 | grant select on attributes to web_anon; -------------------------------------------------------------------------------- /.taskfiles/SopsTasks.yml: -------------------------------------------------------------------------------- 1 | --- 2 | version: "3" 3 | 4 | tasks: 5 | 6 | encrypt: 7 | desc: encrypt sops file 'to use must include -- before path to file.' eg "task sops:encrypt -- file.yml" 8 | cmds: 9 | - sops --encrypt --in-place {{.CLI_ARGS}} 10 | 11 | decrypt: 12 | desc: decrypt sops file 'to use must include -- before path to file.' eg "task sops:decrypt -- file.yml" 13 | cmds: 14 | - sops --decrypt --in-place {{.CLI_ARGS}} 15 | -------------------------------------------------------------------------------- /cluster/apps/longhorn/longhorn/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: longhorn-prometheus-servicemonitor 6 | namespace: monitoring 7 | labels: 8 | name: longhorn-prometheus-servicemonitor 9 | spec: 10 | selector: 11 | matchLabels: 12 | app: longhorn-manager 13 | namespaceSelector: 14 | matchNames: 15 | - longhorn 16 | endpoints: 17 | - port: manager 18 | -------------------------------------------------------------------------------- /cluster/apps/pfire/pgadmin/readme.txt: -------------------------------------------------------------------------------- 1 | to reset account logins, run python script: 2 | 3 | 4 | import sqlite3 5 | 6 | db_path = '/var/lib/pgadmin/pgadmin4.db' 7 | 8 | query = "update user set locked = false, login_attempts = 0 where username = '';" 9 | 10 | conn = sqlite3.connect(db_path) 11 | 12 | cursor = conn.cursor() 13 | 14 | cursor.execute(query) 15 | 16 | conn.commit() 17 | 18 | print('User should be unlocked now. Changes commited to the DB.') -------------------------------------------------------------------------------- /cluster/apps/system/node-feature-discovery/readme.txt: -------------------------------------------------------------------------------- 1 | General approach to devices: 2 | vendor:device 3 | 4 | PCI: 5 | lspci -nn 6 | 00:02.0 VGA compatible controller [0300]: Intel Corporation Device [8086:3185] (rev 03) 7 | class: 0300 8 | vendor: 8086 9 | device: 3185 10 | 11 | 12 | USB: 13 | lsusb 14 | Bus 001 Device 009: ID 1cf1:0030 Dresden Elektronik 15 | vendor: 1cf1 16 | device: 0030 17 | 18 | lsusb -v 19 | bDeviceClass 2 Communications 20 | class: 02 -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/default/playbook-rootless.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: node1 4 | become: true 5 | become_user: k3suser 6 | vars: 7 | molecule_is_test: true 8 | k3s_use_experimental: true 9 | k3s_server: 10 | rootless: true 11 | k3s_agent: 12 | rootless: true 13 | k3s_install_dir: "/home/{{ ansible_user_id }}/bin" 14 | roles: 15 | - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" 16 | -------------------------------------------------------------------------------- /.github/renovate/commitMessage.json5: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "commitMessageTopic": "{{depName}}", 4 | "commitMessageExtra": "to {{newVersion}}", 5 | "commitMessageSuffix": "", 6 | "packageRules": [ 7 | { 8 | "matchDatasources": ["helm"], 9 | "commitMessageTopic": "chart {{depName}}" 10 | }, 11 | { 12 | "matchDatasources": ["docker"], 13 | "commitMessageTopic": "image {{depName}}" 14 | } 15 | ] 16 | } 17 | -------------------------------------------------------------------------------- /cluster/apps/system/node-feature-discovery/features/intel-gpu.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: nfd.k8s-sigs.io/v1alpha1 3 | kind: NodeFeatureRule 4 | metadata: 5 | name: intel-gpu 6 | spec: 7 | rules: 8 | - name: intel-gpu 9 | labels: 10 | intel.feature.node.kubernetes.io/gpu: "true" 11 | matchFeatures: 12 | - feature: pci.device 13 | matchExpressions: 14 | vendor: { op: In, value: ["0300", "8086"] } 15 | # class: { op: In, value: ["0300", "0380"] } -------------------------------------------------------------------------------- /ansible/ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | nocows = True 3 | roles_path = ./roles 4 | inventory = ./hosts.ini 5 | 6 | remote_tmp = $HOME/.ansible/tmp 7 | local_tmp = $HOME/.ansible/tmp 8 | pipelining = True 9 | #become = True 10 | host_key_checking = False 11 | deprecation_warnings = False 12 | callback_whitelist = profile_tasks 13 | 14 | # MN 15 | #private_key_file = ~/ydc_id_rsa 16 | vault_password_file = ~/.vault_pass_prv.txt 17 | #ansible_python_interpreter=/usr/bin/python3 18 | ansible_python_interpreter=python3 -------------------------------------------------------------------------------- /cluster/apps/system-upgrade/controller/app/source.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: OCIRepository 5 | metadata: 6 | name: system-upgrade-controller 7 | spec: 8 | interval: 5m 9 | layerSelector: 10 | mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip 11 | operation: copy 12 | ref: 13 | tag: 4.5.0 14 | url: oci://ghcr.io/bjw-s-labs/helm/app-template -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/templates/etc/mysql/debian.cnf.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | # Automatically generated for Debian scripts. DO NOT TOUCH! (opps) 3 | [client] 4 | host = localhost 5 | user = debian-sys-maint 6 | password = {{ galera_deb_db_password }} 7 | socket = "{{ mariadb_login_unix_socket }} 8 | [mysql_upgrade] 9 | host = localhost 10 | user = debian-sys-maint 11 | password = {{ galera_deb_db_password }} 12 | socket = "{{ mariadb_login_unix_socket }} 13 | basedir = /usr 14 | -------------------------------------------------------------------------------- /cluster/apps/media/nfs-media-omv-pv.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolume 4 | metadata: 5 | name: nfs-media-omv-pv 6 | spec: 7 | storageClassName: media-omv 8 | capacity: 9 | storage: 1Mi 10 | accessModes: 11 | - ReadWriteMany 12 | persistentVolumeReclaimPolicy: Retain 13 | nfs: 14 | server: 192.168.1.49 15 | path: /volume1/media 16 | mountOptions: 17 | # - nfsvers=3 18 | - nfsvers=4.1 19 | - tcp 20 | - intr 21 | - hard 22 | - noatime 23 | - nodiratime 24 | -------------------------------------------------------------------------------- /cluster/apps/media/nfs-media-text-pv.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolume 4 | metadata: 5 | name: nfs-media-text-pv 6 | spec: 7 | storageClassName: media-text 8 | capacity: 9 | storage: 1Mi 10 | accessModes: 11 | - ReadWriteMany 12 | persistentVolumeReclaimPolicy: Retain 13 | nfs: 14 | server: 192.168.1.49 15 | path: "/volume1/media/text" 16 | mountOptions: 17 | # - nfsvers=3 18 | - nfsvers=4.1 19 | - tcp 20 | - intr 21 | - hard 22 | - noatime 23 | - nodiratime 24 | -------------------------------------------------------------------------------- /cluster/apps/media/nfs-podcasts-omv-pv.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolume 4 | metadata: 5 | name: nfs-podcasts-omv-pv 6 | spec: 7 | storageClassName: podcasts-omv 8 | capacity: 9 | storage: 1Mi 10 | accessModes: 11 | - ReadWriteMany 12 | persistentVolumeReclaimPolicy: Retain 13 | nfs: 14 | server: 192.168.1.49 15 | path: /volume1/podcasts 16 | mountOptions: 17 | # - nfsvers=3 18 | - nfsvers=4.1 19 | - tcp 20 | - intr 21 | - hard 22 | - noatime 23 | - nodiratime 24 | -------------------------------------------------------------------------------- /cluster/apps/flux-system/addons/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: cluster-apps-flux-addons 7 | namespace: flux-system 8 | spec: 9 | path: ./cluster/apps/flux-system/addons/app 10 | prune: true 11 | sourceRef: 12 | kind: GitRepository 13 | name: flux-system 14 | wait: true 15 | interval: 30m 16 | retryInterval: 1m 17 | timeout: 5m -------------------------------------------------------------------------------- /cluster/apps/media/nfs-recordings-omv-pv.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolume 4 | metadata: 5 | name: nfs-recordings-omv-pv 6 | spec: 7 | storageClassName: recordings-omv 8 | capacity: 9 | storage: 100Gi 10 | accessModes: 11 | - ReadWriteMany 12 | persistentVolumeReclaimPolicy: Retain 13 | nfs: 14 | server: 192.168.1.49 15 | path: /volume1/pvr 16 | mountOptions: 17 | # - nfsvers=3 18 | - nfsvers=4.1 19 | - tcp 20 | - intr 21 | - hard 22 | - noatime 23 | - nodiratime 24 | -------------------------------------------------------------------------------- /cluster/apps/system/cloud-backup/nfs-backup-omv-pv.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolume 4 | metadata: 5 | name: nfs-backup-omv-pv 6 | spec: 7 | storageClassName: backup-omv 8 | capacity: 9 | storage: 1Mi 10 | accessModes: 11 | - ReadWriteMany 12 | persistentVolumeReclaimPolicy: Retain 13 | nfs: 14 | server: 192.168.1.49 15 | path: /volume1/backup 16 | mountOptions: 17 | # - nfsvers=3 18 | - nfsvers=4.1 19 | - tcp 20 | - intr 21 | - hard 22 | - noatime 23 | - nodiratime 24 | -------------------------------------------------------------------------------- /cluster/apps/media/nfs-media-ebook-pv.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolume 4 | metadata: 5 | name: nfs-media-ebook-pv 6 | spec: 7 | storageClassName: media-ebook 8 | capacity: 9 | storage: 1Mi 10 | accessModes: 11 | - ReadWriteMany 12 | persistentVolumeReclaimPolicy: Retain 13 | nfs: 14 | server: 192.168.1.49 15 | path: "/volume1/media/ebook/calibre" 16 | mountOptions: 17 | # - nfsvers=3 18 | - nfsvers=4.1 19 | - tcp 20 | - intr 21 | - hard 22 | - noatime 23 | - nodiratime 24 | -------------------------------------------------------------------------------- /cluster/apps/media/nfs-media-images-pv.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolume 4 | metadata: 5 | name: nfs-images-ebook-pv 6 | spec: 7 | storageClassName: media-images 8 | capacity: 9 | storage: 1Mi 10 | accessModes: 11 | - ReadWriteMany 12 | persistentVolumeReclaimPolicy: Retain 13 | nfs: 14 | server: 192.168.1.49 15 | path: "/volume1/media/images" 16 | mountOptions: 17 | # - nfsvers=3 18 | - nfsvers=4.1 19 | - tcp 20 | - intr 21 | - hard 22 | - noatime 23 | - nodiratime 24 | -------------------------------------------------------------------------------- /cluster/apps/system/cloud-backup/nfs-backup-ro-omv-pv.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolume 4 | metadata: 5 | name: nfs-backup-ro-omv-pv 6 | spec: 7 | storageClassName: backup-ro-omv 8 | capacity: 9 | storage: 1Mi 10 | accessModes: 11 | - ReadOnlyMany 12 | persistentVolumeReclaimPolicy: Retain 13 | nfs: 14 | server: 192.168.1.49 15 | path: /volume1/backup 16 | mountOptions: 17 | # - nfsvers=3 18 | - nfsvers=4.1 19 | - tcp 20 | - intr 21 | - hard 22 | - noatime 23 | - nodiratime 24 | -------------------------------------------------------------------------------- /cluster/apps/media/nfs-media-pinchflat-pv.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolume 4 | metadata: 5 | name: nfs-media-pinchflat-pv 6 | spec: 7 | storageClassName: media-pinchflat 8 | capacity: 9 | storage: 1Mi 10 | accessModes: 11 | - ReadWriteMany 12 | persistentVolumeReclaimPolicy: Retain 13 | nfs: 14 | server: 192.168.1.49 15 | path: "/volume1/media/pinchflat" 16 | mountOptions: 17 | # - nfsvers=3 18 | - nfsvers=4.1 19 | - tcp 20 | - intr 21 | - hard 22 | - noatime 23 | - nodiratime 24 | -------------------------------------------------------------------------------- /cluster/apps/pfire/readme.txt: -------------------------------------------------------------------------------- 1 | https://dev.to/asizikov/using-github-container-registry-with-kubernetes-38fb 2 | https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ 3 | 4 | private image registry support: 5 | 6 | 1. Generate secret text 7 | kubectl create secret docker-registry regcred \ 8 | --docker-server=ghcr.io \ 9 | --docker-username=Marx2 \ 10 | --docker-password=xxxx \ 11 | --docker-email=no@spam.xx \ 12 | --dry-run=client \ 13 | -o yaml 14 | 15 | 2. Replace .dockerconfigjson value with variable 16 | 3. Encode -------------------------------------------------------------------------------- /cluster/apps/media/immich/nfs-backup-ro-obrazki-pv.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolume 4 | metadata: 5 | name: nfs-backup-ro-obrazki-pv 6 | spec: 7 | storageClassName: backup-ro-obrazki 8 | capacity: 9 | storage: 1Mi 10 | accessModes: 11 | - ReadOnlyMany 12 | persistentVolumeReclaimPolicy: Retain 13 | nfs: 14 | server: 192.168.1.49 15 | path: /volume1/backup/obrazki 16 | mountOptions: 17 | # - nfsvers=3 18 | - nfsvers=4.1 19 | - tcp 20 | - intr 21 | - hard 22 | - noatime 23 | - nodiratime 24 | -------------------------------------------------------------------------------- /cluster/apps/media/tubearchivist/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: ta-elasticsearch 6 | namespace: media 7 | spec: 8 | storageClassName: longhorn 9 | accessModes: 10 | - ReadWriteOnce 11 | resources: 12 | requests: 13 | storage: 1Gi 14 | --- 15 | apiVersion: v1 16 | kind: PersistentVolumeClaim 17 | metadata: 18 | name: ta-redis 19 | namespace: media 20 | spec: 21 | storageClassName: longhorn 22 | accessModes: 23 | - ReadWriteOnce 24 | resources: 25 | requests: 26 | storage: 256Mi -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | # To get started with Dependabot version updates, you'll need to specify which 2 | # package ecosystems to update and where the package manifests are located. 3 | # Please see the documentation for all configuration options: 4 | # https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file 5 | 6 | version: 2 7 | updates: 8 | - package-ecosystem: "github-actions" # See documentation for possible values 9 | directory: "/" # Location of package manifests 10 | schedule: 11 | interval: "weekly" 12 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/loki/nfs-loki-pv.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolume 4 | metadata: 5 | name: nfs-loki-pv 6 | labels: 7 | app.kubernetes.io/name: nfs-loki-pv 8 | spec: 9 | storageClassName: loki-omv 10 | capacity: 11 | storage: 50Gi 12 | accessModes: 13 | - ReadWriteOnce 14 | persistentVolumeReclaimPolicy: Retain 15 | nfs: 16 | server: 192.168.1.49 17 | path: /volume1/kubernetes/loki 18 | mountOptions: 19 | # - nfsvers=3 20 | - nfsvers=4.1 21 | - tcp 22 | - intr 23 | - hard 24 | - noatime 25 | - nodiratime 26 | -------------------------------------------------------------------------------- /.github/linters/.markdownlint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | default: true 3 | 4 | # MD013/line-length - Line length 5 | MD013: 6 | # Number of characters 7 | line_length: 240 8 | # Number of characters for headings 9 | heading_line_length: 80 10 | # Number of characters for code blocks 11 | code_block_line_length: 80 12 | # Include code blocks 13 | code_blocks: true 14 | # Include tables 15 | tables: true 16 | # Include headings 17 | headings: true 18 | # Include headings 19 | headers: true 20 | # Strict length checking 21 | strict: false 22 | # Stern length checking 23 | stern: false 24 | -------------------------------------------------------------------------------- /cluster/apps/home/frigate/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./frigate-config-pvc.yaml 7 | - ./frigate-secret.yaml 8 | - ./helmrelease.yaml 9 | configMapGenerator: 10 | - name: frigate-configmap 11 | files: 12 | - config.yml=./config/config.yml 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | annotations: 16 | kustomize.toolkit.fluxcd.io/substitute: enabled -------------------------------------------------------------------------------- /cluster/apps/cert-manager/cert-manager/letsencrypt-oaw.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: ClusterIssuer 4 | metadata: 5 | name: letsencrypt-production-oaw 6 | spec: 7 | acme: 8 | server: https://acme-v02.api.letsencrypt.org/directory 9 | email: "${SECRET_CLOUDFLARE_EMAIL}" 10 | privateKeySecretRef: 11 | name: letsencrypt-production 12 | solvers: 13 | - dns01: 14 | cloudflare: 15 | email: "${SECRET_CLOUDFLARE_EMAIL}" 16 | apiTokenSecretRef: 17 | name: cloudflare-token-secret 18 | key: cloudflare-token 19 | -------------------------------------------------------------------------------- /cluster/apps/pfire/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - namespace.yaml 6 | - rbac.yaml 7 | - regcred.yaml 8 | - crunchy-postgres-secret.yaml 9 | - postgrescluster-pfire.yaml 10 | - hasura 11 | # - grafana 12 | - tooljet 13 | - pgadmin/ks.yaml 14 | - graphql-mesh 15 | - stooq-importer 16 | - redis 17 | # - ghostfolio/ks.yaml 18 | - stooq 19 | - postgrest 20 | - captchasolver 21 | - swaggerui 22 | - pgdb 23 | - cafe/ks.yaml 24 | # - grist 25 | - investbrain/ks.yaml 26 | - jobshot/ks.yaml 27 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/tasks/mysql_root_pw.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: mysql_root_pw | setting 3 | debconf: 4 | name: "mariadb-server-{{ mariadb_version }}" 5 | question: "{{ item.question }}" 6 | value: "{{ item.value }}" 7 | vtype: "password" 8 | become: true 9 | changed_when: false 10 | no_log: true 11 | with_items: 12 | - question: "mysql-server/root_password" 13 | value: "{{ mariadb_mysql_root_password }}" 14 | - question: "mysql-server/root_password_again" 15 | value: "{{ mariadb_mysql_root_password }}" 16 | when: ansible_os_family == "Debian" 17 | -------------------------------------------------------------------------------- /cluster/apps/cert-manager/cert-manager/letsencrypt-production.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: ClusterIssuer 4 | metadata: 5 | name: letsencrypt-production 6 | spec: 7 | acme: 8 | server: https://acme-v02.api.letsencrypt.org/directory 9 | email: "${SECRET_CLOUDFLARE_EMAIL}" 10 | privateKeySecretRef: 11 | name: letsencrypt-production 12 | solvers: 13 | - dns01: 14 | cloudflare: 15 | email: "${SECRET_CLOUDFLARE_EMAIL}" 16 | apiTokenSecretRef: 17 | name: cloudflare-token-secret 18 | key: cloudflare-token 19 | -------------------------------------------------------------------------------- /cluster/apps/cert-manager/cert-manager/letsencrypt-staging.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: ClusterIssuer 4 | metadata: 5 | name: letsencrypt-staging 6 | spec: 7 | acme: 8 | server: https://acme-staging-v02.api.letsencrypt.org/directory 9 | email: "${SECRET_CLOUDFLARE_EMAIL}" 10 | privateKeySecretRef: 11 | name: letsencrypt-staging 12 | solvers: 13 | - dns01: 14 | cloudflare: 15 | email: "${SECRET_CLOUDFLARE_EMAIL}" 16 | apiTokenSecretRef: 17 | name: cloudflare-token-secret 18 | key: cloudflare-token 19 | -------------------------------------------------------------------------------- /.github/linters/.yamllint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | ignore: | 3 | *.sops.* 4 | gotk-components.yaml 5 | extends: default 6 | rules: 7 | truthy: 8 | allowed-values: ["true", "false", "on"] 9 | comments: 10 | min-spaces-from-content: 0 11 | line-length: 12 | max: 120 13 | level: warning 14 | braces: 15 | min-spaces-inside: 0 16 | max-spaces-inside: 1 17 | brackets: 18 | min-spaces-inside: 0 19 | max-spaces-inside: 0 20 | indentation: 21 | spaces: 2 22 | indent-sequences: consistent 23 | check-multi-line-strings: false 24 | document-start: 25 | present: true 26 | level: error -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/documentation/configuration/systemd-config.md: -------------------------------------------------------------------------------- 1 | # systemd config 2 | 3 | Below are examples to tweak how and when K3S starts up. 4 | 5 | ## Wanted service units 6 | 7 | In this example, we're going to start K3S after Wireguard. Our example server 8 | has a Wireguard connection `wg0`. We are using "wants" rather than "requires" 9 | as it's a weaker requirement that Wireguard must be running. We then want 10 | K3S to start after Wireguard has started. 11 | 12 | ```yaml 13 | --- 14 | 15 | k3s_service_wants: 16 | - wg-quick@wg0.service 17 | k3s_service_after: 18 | - wg-quick@wg0.service 19 | ``` 20 | -------------------------------------------------------------------------------- /cluster/apps/kube-system/reloader/helm-release.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: reloader 6 | namespace: kube-system 7 | spec: 8 | interval: 15m 9 | chart: 10 | spec: 11 | # renovate: registryUrl=https://stakater.github.io/stakater-charts 12 | chart: reloader 13 | version: 2.2.7 14 | sourceRef: 15 | kind: HelmRepository 16 | name: stakater-charts 17 | namespace: flux-system 18 | values: 19 | nameOverride: reloader 20 | fullnameOverride: reloader 21 | serviceMonitor: 22 | enabled: true 23 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/kube-prometheus-stack/nfs-prometheus-pv.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolume 4 | metadata: 5 | name: nfs-prometheus-pv 6 | labels: 7 | app.kubernetes.io/name: nfs-prometheus-pv 8 | spec: 9 | storageClassName: prometheus-omv 10 | capacity: 11 | storage: 50Gi 12 | accessModes: 13 | - ReadWriteOnce 14 | persistentVolumeReclaimPolicy: Retain 15 | nfs: 16 | server: 192.168.1.49 17 | path: /volume1/kubernetes/prometheus 18 | mountOptions: 19 | # - nfsvers=3 20 | - nfsvers=4.1 21 | - tcp 22 | - intr 23 | - hard 24 | - noatime 25 | - nodiratime 26 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/tasks/mysql_users.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create MySQL users 3 | mysql_user: 4 | append_privs: "{{ item.0.append_privs | default('no') }}" 5 | encrypted: "{{ item.0.encrypted | default('no') }}" 6 | host: "{{ item.1 }}" 7 | login_unix_socket: "{{ mariadb_login_unix_socket }}" 8 | name: "{{ item.0.name }}" 9 | password: "{{ item.0.password }}" 10 | priv: "{{ item.0.priv | default('*.*:USAGE') }}" 11 | state: "{{ item.0.state | default('present') }}" 12 | become: true 13 | with_subelements: 14 | - "{{ mariadb_mysql_users }}" 15 | - hosts 16 | no_log: true 17 | -------------------------------------------------------------------------------- /cluster/apps/media/nfs-media-tubearchivist-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: nfs-media-tubearchivist-pvc 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteMany 10 | storageClassName: media-tubearchivist 11 | resources: 12 | requests: 13 | storage: 1Mi 14 | --- 15 | apiVersion: v1 16 | kind: PersistentVolumeClaim 17 | metadata: 18 | name: nfs-media-tubearchivist-pvc-cache 19 | namespace: media 20 | spec: 21 | accessModes: 22 | - ReadWriteMany 23 | storageClassName: media-tubearchivist-cache 24 | resources: 25 | requests: 26 | storage: 1Mi 27 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/default/prepare-rootless.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Prepare 3 | hosts: node1 4 | become: true 5 | tasks: 6 | - name: Ensure a user group exists 7 | ansible.builtin.group: 8 | name: user 9 | state: present 10 | 11 | - name: Ensure a normal user exists 12 | ansible.builtin.user: 13 | name: k3suser 14 | group: user 15 | state: present 16 | 17 | - name: Ensure a normal user has bin directory 18 | ansible.builtin.file: 19 | path: /home/k3suser/bin 20 | state: directory 21 | owner: k3suser 22 | group: user 23 | mode: 0700 24 | -------------------------------------------------------------------------------- /cluster/apps/pfire/stooq-importer/nfs-pfire-stooq-pv.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolume 4 | metadata: 5 | name: nfs-pfire-stooq-pv 6 | labels: 7 | app: nfs-pfire-stooq-pv 8 | spec: 9 | storageClassName: pfire-stooq-ro 10 | capacity: 11 | storage: 100Gi 12 | accessModes: 13 | - ReadOnlyMany 14 | persistentVolumeReclaimPolicy: Retain 15 | nfs: 16 | server: 192.168.1.49 17 | # path: /volume1/kubernetes/pfire/data/daily/us 18 | path: /volume1/kubernetes/pfire 19 | mountOptions: 20 | # - nfsvers=3 21 | - nfsvers=4.1 22 | - tcp 23 | - intr 24 | - hard 25 | - noatime 26 | - nodiratime 27 | -------------------------------------------------------------------------------- /cluster/bootstrap/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # IMPORTANT: This file is not tracked by flux and should never be. Its 2 | # purpose is to only install the Flux components and CRDs into your cluster. 3 | --- 4 | apiVersion: kustomize.config.k8s.io/v1beta1 5 | kind: Kustomization 6 | resources: 7 | - github.com/fluxcd/flux2/manifests/install?ref=v2.7.5 8 | patches: 9 | # Remove the network policies that does not work with k3s 10 | - patch: |- 11 | $patch: delete 12 | apiVersion: networking.k8s.io/v1 13 | kind: NetworkPolicy 14 | metadata: 15 | name: not-used 16 | target: 17 | group: networking.k8s.io 18 | kind: NetworkPolicy 19 | -------------------------------------------------------------------------------- /cluster/apps/database/crunchy-postgres-operator/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &appname crunchy-postgres-operator 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: database 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *appname 13 | interval: 10m 14 | path: ./cluster/apps/database/crunchy-postgres-operator/operator 15 | prune: true 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | wait: true -------------------------------------------------------------------------------- /cluster/apps/networking/keda/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: keda 6 | namespace: networking 7 | spec: 8 | chart: 9 | spec: 10 | chart: keda 11 | sourceRef: 12 | kind: HelmRepository 13 | name: kedacore 14 | namespace: flux-system 15 | version: 2.18.2 16 | install: 17 | crds: Create 18 | timeout: 7m 19 | interval: 1m0s 20 | timeout: 7m 21 | releaseName: keda 22 | targetNamespace: networking 23 | upgrade: 24 | crds: CreateReplace 25 | cleanupOnFail: true 26 | remediation: 27 | strategy: rollback 28 | retries: 3 -------------------------------------------------------------------------------- /cluster/apps/home/emqx/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app emqx 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: home 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./cluster/apps/home/emqx/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 15m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: Larry Smith Jr. 4 | description: An [Ansible](https://www.ansible.com) role to install/configure a [MariaDB-Galera Cluster](https://mariadb.com/kb/en/mariadb/what-is-mariadb-galera-cluster/) 5 | 6 | license: MIT 7 | 8 | min_ansible_version: 1.2 9 | platforms: 10 | - name: EL 11 | versions: 12 | - 7 13 | - name: Ubuntu 14 | versions: 15 | - precise 16 | - trusty 17 | - xenial 18 | - name: Debian 19 | versions: 20 | - jessie 21 | 22 | categories: 23 | - database 24 | - database:sql 25 | dependencies: [] 26 | -------------------------------------------------------------------------------- /cluster/apps/home/frigate/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app frigate 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: home 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./cluster/apps/home/frigate/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 15m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /cluster/apps/media/drawio/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app drawio 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: media 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./cluster/apps/media/drawio/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 15m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /cluster/apps/media/calibre/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app calibre 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: media 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./cluster/apps/media/calibre/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 15m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /cluster/apps/media/morphos/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app morphos 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: media 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./cluster/apps/media/morphos/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 15m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/default/INSTALL.rst: -------------------------------------------------------------------------------- 1 | ******* 2 | Docker driver installation guide 3 | ******* 4 | 5 | Requirements 6 | ============ 7 | 8 | * Docker Engine 9 | 10 | Install 11 | ======= 12 | 13 | Please refer to the `Virtual environment`_ documentation for installation best 14 | practices. If not using a virtual environment, please consider passing the 15 | widely recommended `'--user' flag`_ when invoking ``pip``. 16 | 17 | .. _Virtual environment: https://virtualenv.pypa.io/en/latest/ 18 | .. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site 19 | 20 | .. code-block:: bash 21 | 22 | $ pip install 'molecule[docker]' 23 | -------------------------------------------------------------------------------- /cluster/apps/database/influx/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app influx 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: database 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./cluster/apps/database/influx/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 15m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /cluster/apps/database/minio/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app minio 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: database 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./cluster/apps/database/minio/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 15m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /cluster/apps/media/jellyfin/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app jellyfin 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: media 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./cluster/apps/media/jellyfin/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 15m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /cluster/apps/media/m3u-proxy/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app m3u-proxy 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: media 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./cluster/apps/media/m3u-proxy/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 15m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /cluster/apps/media/pinchflat/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app pinchflat 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: media 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./cluster/apps/media/pinchflat/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 15m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /cluster/apps/networking/keda/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app keda 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: networking 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./cluster/apps/networking/keda/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 15m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /cluster/apps/default/cyberchef/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app cyberchef 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: default 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./cluster/apps/default/cyberchef/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 15m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /cluster/apps/default/it-tools/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app it-tools 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: default 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./cluster/apps/default/it-tools/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 15m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /cluster/apps/home/home-assistant/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app hass 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: home 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./cluster/apps/home/home-assistant/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 15m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /cluster/apps/home/zigbee2mqtt/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app zigbee2mqtt 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: home 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./cluster/apps/home/zigbee2mqtt/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 15m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /cluster/apps/media/bitmappery/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app bitmappery 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: media 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./cluster/apps/media/bitmappery/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 15m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /cluster/apps/media/calibre-web/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app calibre-web 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: media 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./cluster/apps/media/calibre-web/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 15m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /cluster/apps/pfire/cafe/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app cafe 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: pfire 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./cluster/apps/pfire/cafe/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | 26 | -------------------------------------------------------------------------------- /tmpl/gotk-sync.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta1 3 | kind: GitRepository 4 | metadata: 5 | name: flux-system 6 | namespace: flux-system 7 | spec: 8 | interval: 1m0s 9 | ref: 10 | branch: main 11 | url: https://github.com/$BOOTSTRAP_GITHUB_REPOSITORY 12 | --- 13 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 14 | kind: Kustomization 15 | metadata: 16 | name: flux-system 17 | namespace: flux-system 18 | spec: 19 | interval: 10m0s 20 | path: ./cluster/base 21 | prune: true 22 | sourceRef: 23 | kind: GitRepository 24 | name: flux-system 25 | # validation: client 26 | decryption: 27 | provider: sops 28 | secretRef: 29 | name: sops-gpg -------------------------------------------------------------------------------- /cluster/apps/media/stirling-pdf/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app stirling-pdf 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: media 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./cluster/apps/media/stirling-pdf/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 15m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /cluster/apps/pfire/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: cluster-read-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - endpoints 11 | - pods 12 | - services 13 | - configmaps 14 | verbs: 15 | - get 16 | - list 17 | - watch 18 | 19 | --- 20 | apiVersion: rbac.authorization.k8s.io/v1 21 | kind: ClusterRoleBinding 22 | metadata: 23 | name: cluster-read-rolebinding 24 | subjects: 25 | - kind: ServiceAccount 26 | name: default 27 | namespace: pfire 28 | roleRef: 29 | kind: ClusterRole 30 | name: cluster-read-role 31 | apiGroup: rbac.authorization.k8s.io 32 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/highavailabilitydb/INSTALL.rst: -------------------------------------------------------------------------------- 1 | ******* 2 | Docker driver installation guide 3 | ******* 4 | 5 | Requirements 6 | ============ 7 | 8 | * Docker Engine 9 | 10 | Install 11 | ======= 12 | 13 | Please refer to the `Virtual environment`_ documentation for installation best 14 | practices. If not using a virtual environment, please consider passing the 15 | widely recommended `'--user' flag`_ when invoking ``pip``. 16 | 17 | .. _Virtual environment: https://virtualenv.pypa.io/en/latest/ 18 | .. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site 19 | 20 | .. code-block:: bash 21 | 22 | $ pip install 'molecule[docker]' 23 | -------------------------------------------------------------------------------- /cluster/apps/database/phpmyadmin/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app phpmyadmin 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: database 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./cluster/apps/database/phpmyadmin/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 15m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /cluster/apps/networking/capacitor/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app capacitor 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: flux-system 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./cluster/apps/networking/capacitor/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 15m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /cluster/apps/pfire/jobshot/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app jobshot 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: pfire 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./cluster/apps/pfire/jobshot/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | 26 | -------------------------------------------------------------------------------- /cluster/apps/pfire/pgadmin/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app pgadmin 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: pfire 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./cluster/apps/pfire/pgadmin/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | 26 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | language: python 3 | python: "2.7" 4 | 5 | # Use the new container infrastructure 6 | sudo: false 7 | 8 | # Install ansible 9 | addons: 10 | apt: 11 | packages: 12 | - python-pip 13 | 14 | install: 15 | # Install ansible 16 | - pip install ansible 17 | 18 | # Check ansible version 19 | - ansible --version 20 | 21 | # Create ansible.cfg with correct roles_path 22 | - printf '[defaults]\nroles_path=../' >ansible.cfg 23 | 24 | script: 25 | # Basic role syntax check 26 | - ansible-playbook tests/test.yml -i tests/inventory --syntax-check 27 | 28 | notifications: 29 | webhooks: https://galaxy.ansible.com/api/v1/notifications/ -------------------------------------------------------------------------------- /cluster/apps/media/qbittorrent/qbittorrent-helm-values-wg.yaml.off: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: qbittorrent-helm-values 6 | namespace: media 7 | stringData: 8 | values.yaml: |- 9 | addons: 10 | vpn: 11 | configFile: |- 12 | [Interface] 13 | PrivateKey = ${SECRET_WIREGUARD_PRIVATE_KEY} 14 | Address = ${SECRET_WIREGUARD_ADDRESS} 15 | DNS = ${SECRET_WIREGUARD_DNS} 16 | PostUp = /config/up.sh %i 17 | PreDown = /config/down.sh %i 18 | 19 | [Peer] 20 | PublicKey = ${SECRET_WIREGUARD_PUBLIC_KEY} 21 | AllowedIPs = 0.0.0.0/0 22 | Endpoint = ${SECRET_WIREGUARD_ENDPOINT} 23 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/uptime-kuma/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app uptime-kuma 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: monitoring 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./cluster/apps/monitoring/uptime-kuma/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 15m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /cluster/apps/pfire/ghostfolio/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app ghostfolio 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: pfire 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./cluster/apps/pfire/ghostfolio/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | 26 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/Vagrant/roles/ansible-etc-hosts/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for ansible-etc-hosts 3 | # Defines if all nodes in play should be added to each hosts /etc/hosts 4 | etc_hosts_add_all_hosts: false 5 | 6 | # Defines if ipv6 info is included in /etc/hosts 7 | etc_hosts_enable_ipv6: true 8 | 9 | # Defines your primary dns suffix 10 | etc_hosts_pri_dns_name: 'vagrant.local' 11 | 12 | # Defines if node has static IP. 13 | etc_hosts_static_ip: false 14 | 15 | # Defines if ansible_host is used for defining hosts 16 | etc_hosts_use_ansible_ssh_host: true 17 | 18 | # Defines if ansible_default_ipv4.address is used for defining hosts 19 | etc_hosts_use_default_ip_address: false 20 | -------------------------------------------------------------------------------- /cluster/apps/networking/authentik/redis.yaml.off: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: redis 6 | namespace: networking 7 | labels: 8 | app: redis 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | app: redis 14 | template: 15 | metadata: 16 | labels: 17 | app: redis 18 | spec: 19 | containers: 20 | - name: redis 21 | image: redis:6.2.4-alpine3.13 22 | ports: 23 | - containerPort: 6379 24 | 25 | --- 26 | apiVersion: v1 27 | kind: Service 28 | metadata: 29 | name: redis 30 | namespace: networking 31 | spec: 32 | selector: 33 | app: redis 34 | ports: 35 | - protocol: TCP 36 | port: 6379 37 | -------------------------------------------------------------------------------- /cluster/apps/pfire/cafe/app/cafe-tickers.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: cafe-tickers 5 | namespace: pfire 6 | data: 7 | TICKERS: "AAPL,GOOGL,MSFT,AMZN,GMAB,PCTY,DXCM,PAYC,RGEN,PLC.TO,TTD,INCY,BTO.TO,NBIX,SRT.DE,PDD,DT,EPAM,CRWD,EXLS,NVDA,CSGP,GFS,ADSK,APTV,YUMC,FTNT,TME,RYAAY,BABA,ALGN,AMD,UBER,DECK,NTES,ADYEN,PUODY,TER,SMCI,MPWR,ASML,TMO,MBLY,TIH.TO,MA,MNST,INTU,ADBE,ISRG,TSM,JHX,HUBS,VRC.WA,PTC,CDNS,002594.SZ,9888.HK,CSU.TO,EVO.ST,CPRT,SNPS,MELI,DHR,OKE,CIVI,FI,FVRR,ETSY,SHOP.TO,EXPO,CRH,ASRNL,CCOI,AMGN,GD,PLTR,NEE,PHP.L,NG.L,SVT.L,ADP,PATK,EWRK.ST,K2A-B.ST,INTRUM.ST,CIBUS.ST,RNW.TO,NEOG,4739.T,2914.T,KNEBV.HE,IRDM,IT,FDS,2382.TW,2726.T,NE,GQG.AX,2767.T,DIRR3.SA,AVGO,WDAY,CSCO,TEAM,NOW,PANW,TOI.V,MTD" 8 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/Vagrant/bootstrap.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if [ -f /etc/debian_version ]; then 3 | codename="$(lsb_release -c | awk {'print $2}')" 4 | if [[ $codename == "vivid" ]]; then 5 | sudo apt-get update && \ 6 | sudo apt-get -y install python-simplejson 7 | fi 8 | if [[ $codename == "wily" ]]; then 9 | sudo apt-get update && \ 10 | sudo apt-get -y install python-simplejson 11 | fi 12 | fi 13 | if [ -f /etc/redhat-release ]; then 14 | codename="$(gawk -F= '/^NAME/{print $2}' /etc/os-release)" 15 | if [[ $codename == "Fedora" ]]; then 16 | sudo dnf -y install python-devel python-dnf && \ 17 | sudo dnf -y group install "C Development Tools and Libraries" 18 | fi 19 | fi 20 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/Vagrant/roles/ansible-etc-hosts/.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | language: python 3 | python: "2.7" 4 | 5 | # Use the new container infrastructure 6 | sudo: false 7 | 8 | # Install ansible 9 | addons: 10 | apt: 11 | packages: 12 | - python-pip 13 | 14 | install: 15 | # Install ansible 16 | - pip install ansible 17 | 18 | # Check ansible version 19 | - ansible --version 20 | 21 | # Create ansible.cfg with correct roles_path 22 | - printf '[defaults]\nroles_path=../' >ansible.cfg 23 | 24 | script: 25 | # Basic role syntax check 26 | - ansible-playbook tests/test.yml -i tests/inventory --syntax-check 27 | 28 | notifications: 29 | webhooks: https://galaxy.ansible.com/api/v1/notifications/ -------------------------------------------------------------------------------- /cluster/apps/kube-system/metallb/helm-release.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: metallb 6 | namespace: kube-system 7 | spec: 8 | interval: 15m 9 | chart: 10 | spec: 11 | chart: metallb 12 | version: 0.15.3 13 | sourceRef: 14 | kind: HelmRepository 15 | name: metallb 16 | namespace: flux-system 17 | install: 18 | createNamespace: true 19 | remediation: 20 | retries: 5 21 | upgrade: 22 | remediation: 23 | retries: 5 24 | values: 25 | crds: 26 | enabled: true 27 | psp: 28 | create: false 29 | prometheus: 30 | enabled: true 31 | speaker: 32 | frr: 33 | enabled: false -------------------------------------------------------------------------------- /cluster/apps/kube-system/metrics-server/helm-release.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: metrics-server 6 | namespace: kube-system 7 | spec: 8 | interval: 15m 9 | chart: 10 | spec: 11 | # renovate: registryUrl=https://kubernetes-sigs.github.io/metrics-server 12 | chart: metrics-server 13 | version: 3.13.0 14 | sourceRef: 15 | kind: HelmRepository 16 | name: metrics-server-charts 17 | namespace: flux-system 18 | values: 19 | args: 20 | - --kubelet-insecure-tls 21 | - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname 22 | - --kubelet-use-node-status-port 23 | - --metric-resolution=15s 24 | -------------------------------------------------------------------------------- /cluster/apps/database/crunchy-postgres-operator/operator/helm-release.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: crunchy-postgres-operator 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: pgo 12 | version: 5.8.6 13 | sourceRef: 14 | kind: HelmRepository 15 | name: crunchydata 16 | namespace: flux-system 17 | interval: 5m 18 | install: 19 | crds: CreateReplace 20 | upgrade: 21 | crds: CreateReplace 22 | values: 23 | install: 24 | clusterLabels: 25 | app.kubernetes.io/name: pgo 26 | -------------------------------------------------------------------------------- /cluster/apps/pfire/stooq/cronjob.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: batch/v1 3 | kind: CronJob 4 | metadata: 5 | namespace: pfire 6 | name: stooq 7 | spec: 8 | # The cron expression to run a job twice a day, once at 6 PM and once at 10 PM 9 | schedule: "0 */2 * * *" 10 | failedJobsHistoryLimit: 1 11 | successfulJobsHistoryLimit: 3 12 | concurrencyPolicy: Forbid 13 | jobTemplate: 14 | metadata: 15 | labels: 16 | created-by: stooq 17 | spec: 18 | template: 19 | spec: 20 | imagePullSecrets: 21 | - name: regcred 22 | restartPolicy: Never 23 | containers: 24 | - name: stooq 25 | image: ghcr.io/marx2/stooq-daily:v.2.1.3 26 | imagePullPolicy: IfNotPresent 27 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/.yamllint: -------------------------------------------------------------------------------- 1 | --- 2 | # Based on ansible-lint config 3 | extends: default 4 | 5 | rules: 6 | braces: 7 | max-spaces-inside: 1 8 | level: error 9 | brackets: 10 | max-spaces-inside: 1 11 | level: error 12 | colons: 13 | max-spaces-after: -1 14 | level: error 15 | commas: 16 | max-spaces-after: -1 17 | level: error 18 | comments: disable 19 | comments-indentation: disable 20 | document-start: disable 21 | empty-lines: 22 | max: 3 23 | level: error 24 | hyphens: 25 | level: error 26 | indentation: disable 27 | key-duplicates: enable 28 | line-length: disable 29 | new-line-at-end-of-file: disable 30 | new-lines: 31 | type: unix 32 | trailing-spaces: disable 33 | truthy: disable 34 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/highavailabilitydb/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Converge 4 | hosts: node* 5 | become: true 6 | vars: 7 | molecule_is_test: true 8 | k3s_registration_address: loadbalancer 9 | k3s_control_token: 55ba04e5-e17d-4535-9170-3e4245453f4d 10 | k3s_server: 11 | datastore-endpoint: "postgres://postgres:verybadpass@database:5432/postgres?sslmode=disable" 12 | snapshotter: native 13 | k3s_agent: 14 | snapshotter: native 15 | k3s_service_env_file: /tmp/k3s.env 16 | pre_tasks: 17 | - name: Set each node to be a control node 18 | ansible.builtin.set_fact: 19 | k3s_control_node: true 20 | when: inventory_hostname in ['node2', 'node3'] 21 | roles: 22 | - role: xanmanning.k3s 23 | -------------------------------------------------------------------------------- /cluster/apps/media/podsync/readme.txt: -------------------------------------------------------------------------------- 1 | https://github.com/mxpv/podsync/issues/469#issuecomment-1365453472 2 | 3 | Actually my PR is not yet working, but please find a workaround below. 4 | 5 | Basically if you find a way to know/get the Channel name, you should be good. 6 | 7 | So the idea is to use CURL to query the page using the handle URL, and get the channel ID from the HTML code: 8 | 9 | curl -D- --silent https://www.youtube.com/@NASA | tr ',' '\n' | grep "externalId" 10 | "externalId":"UCLA_DiR1FfKNvjuUpBHmylQ" 11 | 12 | Then you can define your feed using the /channel/xxx URL : 13 | 14 | [feeds] 15 | [feeds.NASA] 16 | url = "https://www.youtube.com/@NASA" # not working 17 | url = "https://www.youtube.com/channel/UCLA_DiR1FfKNvjuUpBHmylQ" # should be working 18 | 19 | -------------------------------------------------------------------------------- /cluster/apps/cert-manager/cert-manager/helm-release.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: cert-manager 6 | namespace: cert-manager 7 | spec: 8 | interval: 15m 9 | chart: 10 | spec: 11 | # renovate: registryUrl=https://charts.jetstack.io/ 12 | chart: cert-manager 13 | version: v1.19.2 14 | sourceRef: 15 | kind: HelmRepository 16 | name: jetstack-charts 17 | namespace: flux-system 18 | values: 19 | crds: 20 | enabled: true 21 | dns01RecursiveNameservers: https://1.1.1.1:443/dns-query,https://1.0.0.1:443/dns-query 22 | dns01RecursiveNameserversOnly: true 23 | prometheus: 24 | enabled: true 25 | servicemonitor: 26 | enabled: true 27 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/autodeploy/prepare.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Prepare 3 | hosts: node* 4 | become: true 5 | tasks: 6 | - name: Ensure apt cache is updated and iptables is installed 7 | ansible.builtin.apt: 8 | name: iptables 9 | state: present 10 | update_cache: true 11 | when: ansible_pkg_mgr == 'apt' 12 | 13 | - name: Ensure install directory and configuration directory exists 14 | ansible.builtin.file: 15 | path: "/opt/k3s/{{ item }}" 16 | state: directory 17 | mode: 0755 18 | loop: 19 | - bin 20 | - etc 21 | 22 | - name: Ensure data directory exists 23 | ansible.builtin.file: 24 | path: "/var/lib/k3s-io" 25 | state: directory 26 | mode: 0755 27 | -------------------------------------------------------------------------------- /cluster/apps/system-upgrade/controller/plans/k3s-agent.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: upgrade.cattle.io/v1 3 | kind: Plan 4 | metadata: 5 | name: k3s-agent 6 | spec: 7 | # renovate: datasource=github-releases depName=k3s-io/k3s 8 | version: "v1.34.1+k3s1" 9 | serviceAccountName: system-upgrade 10 | concurrency: 1 11 | nodeSelector: 12 | matchExpressions: 13 | - { key: node-role.kubernetes.io/control-plane, operator: DoesNotExist } 14 | prepare: 15 | image: rancher/k3s-upgrade 16 | args: ["prepare", "k3s-server"] 17 | cordon: true 18 | # drain: 19 | # force: true 20 | # ignoreDaemonSets: true 21 | # skipWaitForDeleteTimeout: 60 # 1.18+ (honor pod disruption budgets up to 60 seconds per pod then moves on) 22 | upgrade: 23 | image: rancher/k3s-upgrade 24 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/tasks/max-open-files.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Supplementary configuration file 3 | - name: max-open-files | Create folder 4 | file: 5 | path: /etc/systemd/system/mariadb.service.d 6 | state: directory 7 | recurse: yes 8 | owner: root 9 | group: root 10 | mode: "u=rw,g=r,o=r" 11 | become: true 12 | 13 | - name: max-open-files | Add the overriding file 14 | template: 15 | src: "etc/systemd/system/mariadb.service.d/max-open-files.conf.j2" 16 | dest: "/etc/systemd/system/mariadb.service.d/max-open-files.conf" 17 | owner: root 18 | group: root 19 | mode: "u=rw,g=r,o=r" 20 | become: true 21 | 22 | - name: max-open-files | just force systemd to reread configs 23 | systemd: 24 | daemon_reload: yes 25 | become: true 26 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/tasks/oom-score-adjust.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Supplementary configuration file 3 | - name: oom_score_adjust | Create folder 4 | file: 5 | path: /etc/systemd/system/mariadb.service.d 6 | state: directory 7 | recurse: yes 8 | owner: root 9 | group: root 10 | mode: "u=rwx,g=rx,o=rx" 11 | become: true 12 | 13 | - name: oom_score_adjust | Add the overriding file 14 | template: 15 | src: "etc/systemd/system/mariadb.service.d/oom-score-adjust.conf.j2" 16 | dest: "/etc/systemd/system/mariadb.service.d/oom-score-adjust.conf" 17 | owner: root 18 | group: root 19 | mode: "u=rw,g=r,o=r" 20 | become: true 21 | 22 | - name: oom_score_adjust | just force systemd to reread configs 23 | systemd: 24 | daemon_reload: yes 25 | become: true 26 | -------------------------------------------------------------------------------- /cluster/apps/database/mariadb-operator/database/mariadb-backup.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.mariadb.com/v1alpha1 2 | kind: Backup 3 | metadata: 4 | name: backup 5 | spec: 6 | mariaDbRef: 7 | name: mariadb-galera 8 | schedule: 9 | cron: "0 4 * * *" # 4:00 AM every day 10 | suspend: false 11 | maxRetention: 720h # 30 days 12 | storage: 13 | s3: 14 | bucket: backups-mariadb 15 | prefix: mariadb 16 | endpoint: minio.database:9000 17 | region: us-east-1 18 | accessKeyIdSecretKeyRef: 19 | name: minio-secret 20 | key: access-key-id 21 | secretAccessKeySecretKeyRef: 22 | name: minio-secret 23 | key: secret-access-key 24 | tls: 25 | enabled: false 26 | # caSecretKeyRef: 27 | # name: k-marx.katowice.pl-tls 28 | # key: tls.crt 29 | -------------------------------------------------------------------------------- /router/openwrt.txt: -------------------------------------------------------------------------------- 1 | tailscale 2 | https://eko.one.pl/forum/viewtopic.php?pid=260170#p260170 3 | 4 | simple adblock 5 | https://docs.openwrt.melmac.net/simple-adblock/ 6 | 7 | prometheus exporter 8 | https://openwrt.org/packages/pkgdata/prometheus-node-exporter-lua 9 | 10 | 11 | System->System->Timezone 12 | 13 | Network->Interfaces->LAN->DHCP Server: 14 | - Start: 3 15 | - Limit: 125 16 | 17 | Network->DHCP and DNS->Static Leases 18 | 19 | 20 | Tailscale NOT USED 21 | https://eko.one.pl/forum/viewtopic.php?pid=260170#p260170 22 | https://openwrt.org/docs/guide-user/services/vpn/tailscale/start 23 | 24 | 1. Install tailscale and tailscaled 25 | 2. run with: 26 | tailscale up --netfilter-mode=off --advertise-routes=192.168.1.0/24 27 | (be router into internal network) 28 | 3. create a new managed interface and firewall zone for tailscale -------------------------------------------------------------------------------- /cluster/apps/pfire/jobshot/app/config/jobs.yaml: -------------------------------------------------------------------------------- 1 | jobs: 2 | - name: "Scan single ticker" 3 | description: "Run scan of single ticker." 4 | container: "ghcr.io/marx2/cafe:main" 5 | entrypoint: ["bash", "./run-tests.sh"] 6 | parameters: 7 | - "--tickers=MSFT" 8 | - "--metrics=./custom-metrics.yaml" 9 | namespace: "pfire" 10 | 11 | - name: "List testcafe browsers" 12 | description: "List available browsers in TestCafe container." 13 | container: "ghcr.io/marx2/cafe:2.0.4" 14 | entrypoint: ["npx", "testcafe", "--list-browsers"] 15 | parameters: [] 16 | namespace: "pfire" 17 | 18 | - name: "Test container" 19 | description: "Run an alpine echo." 20 | container: "alpine:latest" 21 | entrypoint: ["/bin/sh", "-c"] 22 | parameters: ["echo 'Job completed successfully!'"] 23 | namespace: "pfire" 24 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/Vagrant/roles/ansible-etc-hosts/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for ansible-etc-hosts 3 | - name: pre-reqs (RedHat) 4 | yum: 5 | name: "{{ item }}" 6 | state: "present" 7 | become: true 8 | with_items: 9 | - libselinux-python 10 | when: > 11 | ansible_os_family == "RedHat" and 12 | ansible_distribution != "Fedora" 13 | 14 | - name: pre-reqs (RedHat) 15 | dnf: 16 | name: "{{ item }}" 17 | state: "present" 18 | become: true 19 | with_items: 20 | - libselinux-python 21 | when: > 22 | ansible_os_family == "RedHat" and 23 | ansible_distribution == "Fedora" 24 | 25 | - name: main | updating /etc/hosts (localhost) 26 | template: 27 | src: "etc/hosts.j2" 28 | dest: "/etc/hosts" 29 | owner: root 30 | group: root 31 | mode: 0644 32 | become: true 33 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/tasks/unconfigure_cluster.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: unconfigure_cluster | unconfiguring galera cluster (Debian) 3 | file: 4 | path: "/etc/mysql/conf.d/galera.cnf" 5 | state: "absent" 6 | become: true 7 | when: ansible_os_family == "Debian" 8 | 9 | - name: unconfigure_cluster | unconfiguring galera cluster (RedHat) 10 | template: 11 | src: "etc/my.cnf.d/reset.server.cnf.j2" 12 | dest: "/etc/my.cnf.d/server.cnf" 13 | become: true 14 | when: ansible_os_family == "RedHat" 15 | 16 | - name: unconfigure_cluster | unconfiguring galera cluster 17 | file: 18 | path: "/etc/galera_cluster_configured" 19 | state: "absent" 20 | become: true 21 | 22 | - name: unconfigure_cluster | restarting mysql when reconfiguring galera cluster 23 | service: 24 | name: "mysql" 25 | state: "restarted" 26 | become: true 27 | -------------------------------------------------------------------------------- /dns/readme.txt: -------------------------------------------------------------------------------- 1 | https://dev.to/stjohnjohnson/internal-domains-with-dnsmasq-and-pi-hole-4cof 2 | 3 | dns forwarding in Pihole: 4 | /etc/dnsmasq.d/kmarx.conf: 5 | server=/k.marx.katowice.pl/192.168.1.214 6 | 7 | updating Pi-hole: 8 | pihole -up 9 | 10 | 11 | DNS switching: 12 | - cloudflare entries 13 | - Pihole: 14 | - dns records in UI 15 | - kmarx.conf 16 | - router: NOTHNIG 17 | - new domain in password manager (BOOTSTRAP_DOMAIN) 18 | - url for passwords in password manager 19 | - recreate sealed secrets 20 | - cafe upload address (?) 21 | - each cluster node: 22 | - /etc/hosts 23 | - /etc/postfix/main.cf 24 | - NAS: NOTHING 25 | - GitHub - Dex authentication 26 | - change Homepage URL:: https://k.marx.katowice.pl 27 | - change Authorization callback URL: https://dex.k.marx.katowice.pl/callback 28 | 29 | Apps: 30 | - Uptime Kuma 31 | - Google Sheets functions 32 | - AntennaPod -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/highavailabilityetcd/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Converge 4 | hosts: node* 5 | become: true 6 | vars: 7 | molecule_is_test: true 8 | k3s_release_version: "v1.33" 9 | k3s_use_experimental: true 10 | k3s_etcd_datastore: true 11 | k3s_server: 12 | secrets-encryption: true 13 | snapshotter: native 14 | k3s_agent: 15 | node-ip: "{{ ansible_default_ipv4.address }}" 16 | snapshotter: native 17 | selinux: "{{ ansible_os_family | lower == 'redhat' }}" 18 | k3s_skip_validation: "{{ k3s_service_handler[ansible_service_mgr] == 'service' }}" 19 | # k3s_skip_post_checks: "{{ ansible_os_family | lower == 'redhat' }}" 20 | pre_tasks: 21 | - name: Set each node to be a control node 22 | ansible.builtin.set_fact: 23 | k3s_control_node: true 24 | roles: 25 | - role: xanmanning.k3s 26 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/nodeploy/prepare.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Prepare 3 | hosts: all 4 | tasks: 5 | - name: Ensure apt cache is updated and iptables is installed 6 | ansible.builtin.apt: 7 | name: iptables 8 | state: present 9 | update_cache: true 10 | when: ansible_pkg_mgr == 'apt' 11 | 12 | - name: Prepare air-gapped installation 13 | delegate_to: localhost 14 | run_once: true 15 | block: 16 | 17 | - name: Ensure files directory exists 18 | ansible.builtin.file: 19 | path: ./files 20 | state: directory 21 | mode: 0750 22 | 23 | - name: Ensure k3s is downloaded for air-gap installation 24 | ansible.builtin.get_url: 25 | url: https://github.com/k3s-io/k3s/releases/download/v1.33.1%2Bk3s1/k3s 26 | dest: ./files/k3s 27 | mode: 0755 28 | -------------------------------------------------------------------------------- /cluster/apps/media/immich/immich-configmap.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: immich-configmap 6 | namespace: media 7 | data: 8 | # URLS 9 | IMMICH_WEB_URL: http://immich-web.media.svc.cluster.local:3000 10 | IMMICH_SERVER_URL: http://immich.media.svc.cluster.local:3001 11 | IMMICH_MACHINE_LEARNING_URL: http://immich-machine-learning.media.svc.cluster.local:3003 12 | PUBLIC_IMMICH_SERVER_URL: https://photos.${SECRET_DOMAIN} 13 | # REDIS 14 | REDIS_HOSTNAME: immich-redis.media.svc.cluster.local 15 | REDIS_PORT: "6379" 16 | REDIS_DBINDEX: "0" 17 | # DATABASE 18 | DB_DATABASE_NAME: immich 19 | DB_HOSTNAME: postgres-media-primary.media.svc 20 | DB_PORT: "5432" 21 | # General 22 | TZ: ${TZ} 23 | DISABLE_REVERSE_GEOCODING: "false" 24 | ENABLE_MAPBOX: "false" 25 | LOG_LEVEL: log 26 | NODE_ENV: production 27 | UPLOAD_LOCATION: /usr/src/app/upload -------------------------------------------------------------------------------- /.github/workflows/lint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Lint 3 | 4 | on: # yamllint disable-line rule:truthy 5 | workflow_dispatch: 6 | pull_request: 7 | branches: 8 | - main 9 | 10 | concurrency: 11 | group: ${{ github.ref }}-${{ github.workflow }} 12 | cancel-in-progress: true 13 | 14 | env: 15 | # Currently no way to detect automatically 16 | DEFAULT_BRANCH: main 17 | 18 | jobs: 19 | build: 20 | name: MegaLinter 21 | runs-on: ubuntu-latest 22 | steps: 23 | - name: Checkout 24 | uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 25 | with: 26 | fetch-depth: 0 27 | 28 | - name: MegaLinter 29 | uses: oxsecurity/megalinter@55a59b24a441e0e1943080d4a512d827710d4a9d # v9.2.0 30 | env: 31 | GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" 32 | VALIDATE_ALL_CODEBASE: ${{ github.event_name == 'workflow_dispatch' }} 33 | -------------------------------------------------------------------------------- /cluster/apps/system/intel-device-plugin/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: intel-device-plugin-operator 7 | namespace: kube-system 8 | spec: 9 | interval: 30m 10 | chart: 11 | spec: 12 | chart: intel-device-plugins-operator 13 | version: 0.34.1 14 | sourceRef: 15 | kind: HelmRepository 16 | name: intel 17 | namespace: flux-system 18 | maxHistory: 2 19 | install: 20 | crds: CreateReplace 21 | remediation: 22 | retries: 3 23 | upgrade: 24 | cleanupOnFail: true 25 | crds: CreateReplace 26 | remediation: 27 | retries: 3 28 | uninstall: 29 | keepHistory: false 30 | dependsOn: 31 | - name: node-feature-discovery 32 | namespace: kube-system -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/tasks/cacti.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: debian | adding cacti db user for monitoring 3 | mysql_user: 4 | host: "{{ cacti_server }}" 5 | login_unix_socket: "{{ mariadb_login_unix_socket }}" 6 | name: "{{ cacti_db_user }}" 7 | password: "{{ cacti_db_password }}" 8 | priv: "*.*:SUPER,PROCESS" 9 | state: "present" 10 | become: true 11 | tags: 12 | - cacti_monitoring 13 | run_once: true 14 | when: > 15 | cacti_server is defined 16 | 17 | - name: debian | adding cacti db user for monitoring 18 | mysql_user: 19 | host: "{{ cacti_server_fqdn }}" 20 | login_unix_socket: "{{ mariadb_login_unix_socket }}" 21 | name: "{{ cacti_db_user }}" 22 | password: "{{ cacti_db_password }}" 23 | priv: "*.*:SUPER,PROCESS" 24 | state: "present" 25 | become: true 26 | tags: 27 | - cacti_monitoring 28 | run_once: true 29 | when: > 30 | cacti_server_fqdn is defined 31 | -------------------------------------------------------------------------------- /cluster/apps/system/intel-device-plugin/gpu/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: intel-device-plugin-gpu 7 | namespace: kube-system 8 | spec: 9 | interval: 30m 10 | chart: 11 | spec: 12 | chart: intel-device-plugins-gpu 13 | version: 0.34.1 14 | sourceRef: 15 | kind: HelmRepository 16 | name: intel 17 | namespace: flux-system 18 | maxHistory: 2 19 | install: 20 | remediation: 21 | retries: 3 22 | upgrade: 23 | cleanupOnFail: true 24 | remediation: 25 | retries: 3 26 | uninstall: 27 | keepHistory: false 28 | dependsOn: 29 | - name: intel-device-plugin-operator 30 | namespace: kube-system 31 | values: 32 | name: intel-device-plugin-gpu 33 | sharedDevNum: 3 34 | nodeFeatureRule: false 35 | -------------------------------------------------------------------------------- /cluster/apps/longhorn/longhorn/readme.txt: -------------------------------------------------------------------------------- 1 | https://longhorn.io/docs/1.1.0/deploy/install/install-with-helm/ 2 | 3 | Longhorn does leverage iSCSI, so extra configuration of the node may be required. This may include the installation of open-iscsi or iscsiadm depending on the distribution. 4 | 5 | - label all nodes: 6 | kubectl label nodes wuwek node.longhorn.io/create-default-disk=true 7 | 8 | - removing label: 9 | kubectl label node cobra node.longhorn.io/create-default-disk- 10 | 11 | 12 | - Prepare disks: 13 | gdisk /dev/sdb 14 | - create new Linux partition 15 | mkfs /dev/sdb1 16 | - label it 17 | e2label /dev/sdb1 longhorn 18 | - find UUID 19 | blkid 20 | - make dir 21 | mkdir /longhorn 22 | - define in /etc/fstab 23 | UUID=xxx /longhorn ext4 defaults 0 0 24 | - mount 25 | mount /longhorn 26 | 27 | - make sure iscsi package is installed 28 | apt-get install open-iscsi 29 | 30 | 31 | good description about manual fixing 32 | https://infinytum.co/longhorn-metadata-restoration/ -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | ## TITLE 2 | 3 | ### Summary 4 | 5 | 6 | 7 | 8 | 9 | ### Issue type 10 | 11 | 12 | - Bugfix 13 | - Documentation 14 | - Feature 15 | 16 | ### Test instructions 17 | 18 | 19 | 20 | ### Acceptance Criteria 21 | 22 | 23 | 24 | 28 | 29 | ### Additional Information 30 | 31 | 32 | 33 | 34 | 35 | ```text 36 | 37 | ``` 38 | -------------------------------------------------------------------------------- /cluster/flux/config/cluster.yaml: -------------------------------------------------------------------------------- 1 | # migrated from gotk-sync.yaml 2 | --- 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: GitRepository 5 | metadata: 6 | name: flux-system 7 | namespace: flux-system 8 | spec: 9 | interval: 1m0s 10 | ref: 11 | branch: main 12 | url: https://github.com/Marx2/homelab 13 | ignore: | 14 | # exclude all 15 | /* 16 | # include kubernetes directory 17 | !/cluster 18 | --- 19 | apiVersion: kustomize.toolkit.fluxcd.io/v1 20 | kind: Kustomization 21 | metadata: 22 | name: flux-system 23 | namespace: flux-system 24 | spec: 25 | interval: 10m0s 26 | path: ./cluster/flux 27 | prune: true 28 | wait: false 29 | sourceRef: 30 | kind: GitRepository 31 | name: flux-system 32 | # validation: client 33 | decryption: 34 | provider: sops 35 | secretRef: 36 | name: sops-gpg 37 | postBuild: 38 | substituteFrom: 39 | - kind: ConfigMap 40 | name: cluster-settings 41 | - kind: Secret 42 | name: cluster-secrets 43 | -------------------------------------------------------------------------------- /.github/renovate/autoMerge.json5: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "packageRules": [ 4 | { 5 | "description": "Auto merge GitHub Actions", 6 | "matchManagers": ["github-actions"], 7 | "automerge": true, 8 | "automergeType": "branch", 9 | "ignoreTests": true, 10 | "matchUpdateTypes": ["minor", "patch", "digest"] 11 | }, 12 | { 13 | "description": "Auto merge container digests", 14 | "matchDatasources": ["docker"], 15 | "automerge": true, 16 | "automergeType": "branch", 17 | "ignoreTests": true, 18 | "matchUpdateTypes": ["digest"] 19 | }, 20 | { 21 | "description": "Auto merge container minor and patch versions", 22 | "matchDatasources": [ 23 | "docker" 24 | ], 25 | "automerge": true, 26 | "automergeType": "branch", 27 | "ignoreTests": true, 28 | "matchUpdateTypes": [ 29 | "minor", 30 | "patch" 31 | ] 32 | } 33 | ] 34 | } 35 | -------------------------------------------------------------------------------- /.github/renovate/labels.json5: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "packageRules": [ 4 | { 5 | "matchUpdateTypes": ["major"], 6 | "labels": ["type/major"] 7 | }, 8 | { 9 | "matchUpdateTypes": ["minor"], 10 | "labels": ["type/minor"] 11 | }, 12 | { 13 | "matchUpdateTypes": ["patch"], 14 | "labels": ["type/patch"] 15 | }, 16 | { 17 | "matchDatasources": ["docker"], 18 | "addLabels": ["renovate/container"] 19 | }, 20 | { 21 | "matchDatasources": ["helm"], 22 | "addLabels": ["renovate/helm"] 23 | }, 24 | { 25 | "matchDatasources": ["galaxy", "galaxy-collection"], 26 | "addLabels": ["renovate/ansible"] 27 | }, 28 | { 29 | "matchDatasources": ["github-releases", "github-tags"], 30 | "addLabels": ["renovate/github-release"] 31 | }, 32 | { 33 | "matchManagers": ["github-actions"], 34 | "addLabels": ["renovate/github-action"] 35 | } 36 | ] 37 | } 38 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fail_fast: false 3 | repos: 4 | - repo: https://github.com/adrienverge/yamllint 5 | rev: v1.37.1 6 | hooks: 7 | - args: 8 | - --config-file 9 | - .github/lint/.yamllint.yaml 10 | id: yamllint 11 | - repo: https://github.com/pre-commit/pre-commit-hooks 12 | rev: v6.0.0 13 | hooks: 14 | - id: trailing-whitespace 15 | args: [--markdown-linebreak-ext=md] 16 | - id: end-of-file-fixer 17 | - id: mixed-line-ending 18 | - repo: https://github.com/Lucas-C/pre-commit-hooks 19 | rev: v1.5.5 20 | hooks: 21 | - id: remove-crlf 22 | - id: remove-tabs 23 | - repo: https://github.com/sirosen/fix-smartquotes 24 | rev: 0.2.0 25 | hooks: 26 | - id: fix-smartquotes 27 | - repo: https://github.com/k8s-at-home/sops-pre-commit 28 | rev: v2.1.1 29 | hooks: 30 | - id: forbid-secrets 31 | - repo: https://github.com/zricethezav/gitleaks 32 | rev: v8.30.0 33 | hooks: 34 | - id: gitleaks 35 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | --- 5 | 6 | 7 | 8 | 9 | ### Summary 10 | 11 | 12 | 13 | ### Issue Type 14 | 15 | - Feature Request 16 | 17 | ### User Story 18 | 19 | 20 | 21 | 22 | _As a_ \ 23 | _I want to_ \ 24 | _So that_ 25 | 26 | ### Additional Information 27 | 28 | 29 | 30 | 31 | ```yaml 32 | 33 | ``` 34 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | name: Release 4 | 'on': 5 | push: 6 | tags: 7 | - '*' 8 | 9 | defaults: 10 | run: 11 | working-directory: "xanmanning.k3s" 12 | 13 | env: 14 | UV_SYSTEM_PYTHON: "1" 15 | 16 | jobs: 17 | release: 18 | name: Release 19 | runs-on: ubuntu-latest 20 | steps: 21 | - name: Checkout codebase 22 | uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 23 | with: 24 | path: "xanmanning.k3s" 25 | 26 | - name: Set up uv 27 | uses: astral-sh/setup-uv@v6 28 | 29 | - name: Set up Python 30 | uses: actions/setup-python@v5 31 | with: 32 | python-version: "3.x" 33 | 34 | - name: Install Ansible 35 | run: uv pip install -r requirements.txt 36 | 37 | - name: Trigger a new import on Galaxy 38 | run: ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2) 39 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/templates/etc/mysql/conf.d/temp.galera.cnf.j2: -------------------------------------------------------------------------------- 1 | [mysqld] 2 | #mysql settings 3 | binlog_format=ROW 4 | default-storage-engine=innodb 5 | innodb_autoinc_lock_mode=2 6 | query_cache_size=0 7 | query_cache_type=0 8 | bind-address={{ galera_cluster_bind_address }} 9 | 10 | [galera] 11 | wsrep_on=ON 12 | wsrep_node_name={{ ansible_hostname }} 13 | wsrep_provider=/usr/lib/galera/libgalera_smm.so 14 | wsrep_cluster_name="{{ galera_cluster_name }}" 15 | #wsrep_cluster_address="gcomm://{{ groups[galera_cluster_nodes_group] | map('extract', hostvars, 'ansible_' ~ galera_cluster_bind_interface) | map(attribute='ipv4.address') | list | join(',') }}" 16 | 17 | # To start failed cluster comment out above and uncomment below...Once cluster is started revert changes and restart mysql on main node where change was made 18 | wsrep_cluster_address="gcomm://" 19 | wsrep_sst_method=rsync 20 | {% if galera_enable_galera_monitoring_script %} 21 | wsrep_notify_cmd='{{ galera_monitor_script_path }}/{{ galera_monitor_script_name }}' 22 | {% endif %} 23 | -------------------------------------------------------------------------------- /ansible/roles/xanmanning.k3s/molecule/autodeploy/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: node* 4 | become: true 5 | vars: 6 | molecule_is_test: true 7 | k3s_release_version: v1.33 8 | k3s_build_cluster: false 9 | k3s_control_token: 55ba04e5-e17d-4535-9170-3e4245453f4d 10 | k3s_install_dir: /opt/k3s/bin 11 | k3s_config_file: /opt/k3s/etc/k3s_config.yaml 12 | k3s_server: 13 | data-dir: /var/lib/k3s-io 14 | default-local-storage-path: /var/lib/k3s-io/local-storage 15 | disable: 16 | - metrics-server 17 | - traefik 18 | snapshotter: native 19 | k3s_agent: 20 | snapshotter: native 21 | k3s_server_manifests_templates: 22 | - "molecule/autodeploy/templates/00-ns-monitoring.yml.j2" 23 | k3s_server_manifests_urls: 24 | - url: https://raw.githubusercontent.com/metallb/metallb/v0.9.6/manifests/namespace.yaml 25 | filename: 05-metallb-namespace.yml 26 | k3s_service_env_vars: 27 | K3S_TEST_VAR: "Hello world!" 28 | roles: 29 | - role: xanmanning.k3s 30 | -------------------------------------------------------------------------------- /ansible/roles/mrlesmithjr.mariadb-galera-cluster/playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | become: true 4 | vars: 5 | mariadb_pri_domain_name: "test.vagrant.local" 6 | roles: 7 | - role: ansible-etc-hosts 8 | tasks: 9 | - name: pre-reqs 10 | dnf: 11 | name: "{{ item }}" 12 | state: present 13 | with_items: 14 | - libselinux-python 15 | when: > 16 | (ansible_os_family == "RedHat" and 17 | ansible_distribution == "Fedora") 18 | 19 | - name: pre-reqs 20 | yum: 21 | name: "{{ item }}" 22 | state: present 23 | with_items: 24 | - libselinux-python 25 | when: > 26 | (ansible_os_family == "RedHat" and 27 | ansible_distribution != "Fedora") 28 | 29 | - hosts: galera-cluster-nodes 30 | become: true 31 | vars: 32 | galera_cluster_bind_address: "{{ ansible_eth1.ipv4.address }}" #'{{ ansible_enp0s8.ipv4.address }}' 33 | mariadb_pri_domain_name: "test.vagrant.local" 34 | roles: 35 | - role: ansible-mariadb-galera-cluster 36 | tasks: 37 | -------------------------------------------------------------------------------- /cluster/apps/system-upgrade/controller/plans/k3s-server.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: upgrade.cattle.io/v1 3 | kind: Plan 4 | metadata: 5 | name: k3s-server 6 | spec: 7 | # renovate: datasource=github-releases depName=k3s-io/k3s 8 | version: "v1.34.1+k3s1" 9 | serviceAccountName: system-upgrade 10 | concurrency: 1 11 | nodeSelector: 12 | matchExpressions: 13 | - { key: node-role.kubernetes.io/control-plane, operator: Exists } 14 | tolerations: 15 | - { effect: NoSchedule, operator: Exists } 16 | - { effect: NoExecute, operator: Exists } 17 | - { key: node-role.kubernetes.io/control-plane, operator: Exists } 18 | - { key: node-role.kubernetes.io/master, operator: Exists } 19 | - { key: node-role.kubernetes.io/etcd, operator: Exists } 20 | - { key: CriticalAddonsOnly, operator: Exists } 21 | cordon: true 22 | # drain: 23 | # force: true 24 | # ignoreDaemonSets: true 25 | # skipWaitForDeleteTimeout: 60 # 1.18+ (honor pod disruption budgets up to 60 seconds per pod then moves on) 26 | upgrade: 27 | image: rancher/k3s-upgrade -------------------------------------------------------------------------------- /cluster/apps/system/intel-gpu-plugin/helm-release.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: intel-gpu-plugin 6 | namespace: kube-system 7 | spec: 8 | interval: 15m 9 | chart: 10 | spec: 11 | # renovate: registryUrl=https://k8s-at-home.com/charts/ 12 | chart: intel-gpu-plugin 13 | version: 4.4.2 14 | sourceRef: 15 | kind: HelmRepository 16 | name: k8s-at-home-charts 17 | namespace: flux-system 18 | values: 19 | image: 20 | repository: intel/intel-gpu-plugin 21 | tag: 0.34.1 22 | pullPolicy: IfNotPresent 23 | args: 24 | - -shared-dev-num 25 | - "2" 26 | securityContext: 27 | readOnlyRootFilesystem: true 28 | affinity: 29 | nodeAffinity: 30 | requiredDuringSchedulingIgnoredDuringExecution: 31 | nodeSelectorTerms: 32 | - matchExpressions: 33 | - key: feature.node.kubernetes.io/custom-intel-gpu 34 | operator: In 35 | values: 36 | - "true" 37 | -------------------------------------------------------------------------------- /cluster/apps/pfire/stooq-importer/stooq-importer-pgloader-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: stooq-importer-pgloader-config 6 | namespace: pfire 7 | data: 8 | csv.load: | 9 | LOAD ARCHIVE 10 | FROM /home/stooq/d_us_txt.zip 11 | INTO postgres://postgres:${SECRET_POSTGRESQL_PASS}@postgres-pfire-primary.pfire.svc:5432/stooq 12 | 13 | LOAD CSV 14 | FROM ALL FILENAMES MATCHING ~/./ 15 | INTO postgres://postgres:${SECRET_POSTGRESQL_PASS}@postgres-pfire-primary.pfire.svc:5432/stooq 16 | TARGET TABLE daily 17 | TARGET COLUMNS 18 | ( 19 | ticker,period,date,time,open,high,low,close,volume,openint 20 | ) 21 | WITH truncate, 22 | skip header = 1, 23 | fields terminated by ',', 24 | fields not enclosed, 25 | batch concurrency = 1, 26 | workers = 2, 27 | concurrency = 1, 28 | disable triggers 29 | 30 | SET work_mem to '512 MB', 31 | maintenance_work_mem to '1024 MB'; 32 | --------------------------------------------------------------------------------