├── .ansible-lint ├── .editorconfig ├── .envrc ├── .gitattributes ├── .github ├── lint │ ├── .flake8 │ ├── .markdownlint.yaml │ ├── .prettierignore │ ├── .prettierrc.yaml │ ├── .yamllint.yaml │ └── gitleaks.toml ├── renovate.json5.disabled ├── renovate │ ├── allowedVersions.json5 │ ├── autoMerge.json5 │ ├── disabledDatasources.json5 │ ├── grafanaDashboards.json5 │ ├── groups.json5 │ └── labels.json5 ├── scripts │ ├── cloudflare-proxied-networks.sh │ ├── container-parser.sh │ ├── helm-release-differ.sh │ └── lib │ │ └── functions.sh ├── workflows │ └── megalinter.yaml └── yamllint.config.yaml ├── .gitignore ├── .pre-commit-config.yaml ├── .sops.yaml ├── .taskfiles ├── ClusterTasks.yml ├── ExternalSecrets │ └── Taskfile.yaml ├── Flux │ └── Taskfile.yaml ├── Kubernetes │ └── Taskfile.yaml ├── Postgres │ └── Taskfile.yaml ├── PrecommitTasks.yml └── VolSync │ ├── Taskfile.yaml │ └── resources │ ├── controller.sh │ ├── list.tmpl.yaml │ ├── replicationdestination.tmpl.yaml │ ├── unlock-local.sh │ ├── unlock.tmpl.yaml │ ├── wait.sh │ └── wipe.tmpl.yaml ├── LICENSE ├── README.md ├── Taskfile.yml ├── ansible ├── .gitignore ├── LICENSE ├── ansible.cfg ├── filter_plugins │ ├── __pycache__ │ │ └── duplicate_filter.cpython-311.pyc │ └── duplicate_filter.py ├── inventory │ ├── group_vars │ │ ├── all │ │ │ ├── all.yml │ │ │ └── secrets.sops.yml │ │ ├── bsd.yml │ │ ├── cloudflare.sops.yml │ │ ├── dns.yml │ │ ├── lxc.sops.yml │ │ ├── lxc.yml │ │ ├── rpi.yml │ │ ├── truenas.yml │ │ └── ubuntu.yml │ ├── host_vars │ │ ├── localhost │ │ │ ├── localhost.yml │ │ │ └── secrets.sops.yml │ │ ├── ludwig.int.socozy.casa │ │ │ ├── ludwig-secrets.sops.yml │ │ │ └── ludwig.yml │ │ ├── mic-sat-bedroom.iot.socozy.casa.yml │ │ ├── mic-sat-kitchen.iot.socozy.casa.yml │ │ ├── ovos-bedroom.int.socozy.casa.sops.yml │ │ ├── ovos-kitchen.int.socozy.casa.sops.yml │ │ ├── router0.int.socozy.casa.sops.yml │ │ └── tailscale0.int.socozy.casa.sops.yml │ └── inventory.yml ├── k3s-wipe.yml ├── requirements.yml ├── roles │ └── local │ │ ├── rmblr.baseline │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ ├── tasks │ │ │ ├── autoupdate.yml │ │ │ ├── debian.yml │ │ │ ├── freebsd.yml │ │ │ ├── main.yml │ │ │ ├── redhat.yml │ │ │ └── ssh.yml │ │ └── templates │ │ │ ├── 10periodic.j2 │ │ │ ├── 50unattended-upgrades.j2 │ │ │ └── dnf-automatic.conf.j2 │ │ ├── rmblr.cpu_microcode │ │ ├── README.md │ │ ├── defaults │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ │ ├── rmblr.debian_backports │ │ ├── defaults │ │ │ ├── Debian.yml │ │ │ ├── Ubuntu.yml │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── 001-ansible-role-debian-backports.j2 │ │ ├── rmblr.hivemind-sat │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ ├── pw.asc │ │ │ └── requirements.txt │ │ ├── handlers │ │ │ └── main.yml │ │ ├── tasks │ │ │ ├── hifiberry.yml │ │ │ └── main.yml │ │ └── templates │ │ │ ├── 100-user.conf.j2 │ │ │ ├── 101-roc-recv.conf.j2 │ │ │ ├── 50-endpoints-config.lua.j2 │ │ │ ├── 51-rename.lua.j2 │ │ │ └── hivemind-sat.service.j2 │ │ ├── rmblr.jail_postgres │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ │ ├── rmblr.k8s_conf │ │ ├── defaults │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── Makefile.j2 │ │ │ ├── cilium-values.yaml.j2 │ │ │ ├── global-auto-vars.yaml.j2 │ │ │ ├── inputs.tf.json.j2 │ │ │ └── talconfig.yaml.j2 │ │ ├── rmblr.ovos-common │ │ └── tasks │ │ │ └── main.yml │ │ ├── rmblr.ovos-mic-sat │ │ ├── defaults │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── vars │ │ │ └── main.yml │ │ ├── rmblr.proxmox_setup │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ └── prometheus-pve-exporter.service │ │ ├── handlers │ │ │ └── main.yml │ │ ├── tasks │ │ │ ├── acme-cert.yml │ │ │ ├── acme-plugin.yml │ │ │ ├── borg-setup.yml │ │ │ ├── ceph.yml │ │ │ ├── harden.yml │ │ │ ├── intel-igpu.yml │ │ │ ├── main.yml │ │ │ ├── network.yml │ │ │ ├── pve-exporter.yml │ │ │ ├── remove-nag.yml │ │ │ ├── wireguard.yml │ │ │ └── zfs-ssh-decrypt.yml │ │ └── templates │ │ │ ├── network.interfaces.j2 │ │ │ └── pve.yaml.j2 │ │ ├── rmblr.proxmox_vms │ │ ├── defaults │ │ │ └── main.yml │ │ ├── tasks │ │ │ ├── main.yml │ │ │ └── vm.yml │ │ └── templates │ │ │ └── user-data.yml.j2 │ │ ├── rmblr.roc │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ ├── templates │ │ │ └── usr │ │ │ │ └── local │ │ │ │ └── lib │ │ │ │ └── systemd │ │ │ │ └── system │ │ │ │ ├── roc-recv.service.j2 │ │ │ │ └── roc-send.service.j2 │ │ └── vars │ │ │ ├── aarch64.yml │ │ │ ├── armv6l.yml │ │ │ ├── armv7l.yml │ │ │ └── x86_64.yml │ │ ├── rmblr.rpi_coredns │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ │ ├── rmblr.rpi_coredns_build │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ │ ├── rmblr.truenas_setup │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ └── bin │ │ │ │ └── rclone-backup │ │ ├── handlers │ │ │ └── main.yml │ │ ├── tasks │ │ │ ├── main.yml │ │ │ └── rclone-job.yml │ │ └── templates │ │ │ ├── backup-config │ │ │ ├── backup-rootfs │ │ │ ├── rclone-job.j2 │ │ │ └── ups-poweroff.sh.j2 │ │ ├── rmblr.truenas_zrepl │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ └── rc.zrepl │ │ ├── handlers │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── start-zrepl.sh.j2 │ │ │ ├── zrepl-ludwig.yml.j2 │ │ │ ├── zrepl-mali.yml.j2 │ │ │ └── zrepl-pull.yml.j2 │ │ ├── rmblr.vyos_config_generate │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── system-generated-k8s.sh.j2 │ │ │ └── system-generated.sh.j2 │ │ ├── rmblr.vyos_setup │ │ ├── LICENSE.tailscale │ │ ├── README.md │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ │ └── role-skeleton │ │ ├── defaults │ │ └── main.yml │ │ ├── handlers │ │ └── main.yml │ │ └── tasks │ │ └── main.yml ├── run.yml ├── scripts │ └── lxc-centos-stream-template.sh ├── tasks │ ├── remove-known-hosts.yml │ ├── remove-old-node-exporter.yml │ └── wait-for-online-hosts.yml └── vars │ ├── borgbackup-host.yml │ ├── mariadb.yml │ └── pg-single.yml ├── archive ├── k8s │ ├── k8s-prod.old │ │ └── workloads │ │ │ └── downloads │ │ │ └── qbittorrent │ │ │ ├── app │ │ │ ├── config │ │ │ │ ├── categories.json │ │ │ │ ├── qBittorrent.conf │ │ │ │ └── watched_folders.json │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── qbittools-tagging │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── volsync.yaml │ │ │ └── ks.yaml │ └── k8s-prod │ │ ├── bootstrap │ │ ├── age-key.sops.yaml │ │ ├── github-deploy-key.sops.yaml │ │ ├── kustomization.yaml │ │ └── readme.md │ │ ├── crds │ │ ├── cert-manager │ │ │ ├── crds.yaml │ │ │ └── kustomization.yaml │ │ ├── external-snapshotter │ │ │ ├── crds.yaml │ │ │ └── kustomization.yaml │ │ ├── kustomization.yaml │ │ └── rook-ceph │ │ │ ├── crds.yaml │ │ │ └── kustomization.yaml │ │ ├── flux │ │ ├── config │ │ │ ├── cluster.yaml │ │ │ ├── flux.yaml │ │ │ └── kustomization.yaml │ │ ├── crds.yaml │ │ ├── repositories │ │ │ ├── helm │ │ │ │ ├── actions-runner-controller-charts.yaml │ │ │ │ ├── ananace.yaml │ │ │ │ ├── angelnu.yaml │ │ │ │ ├── backube.yaml │ │ │ │ ├── bitnami-charts.yaml │ │ │ │ ├── bjw-s.yaml │ │ │ │ ├── cilium-charts.yaml │ │ │ │ ├── coredns-charts.yaml │ │ │ │ ├── crunchydata.yaml │ │ │ │ ├── ext-postgres-operator.yaml │ │ │ │ ├── external-dns.yaml │ │ │ │ ├── external-secrets.yaml │ │ │ │ ├── grafana.yaml │ │ │ │ ├── hajimari.yaml │ │ │ │ ├── influxdata-charts.yaml │ │ │ │ ├── ingress-nginx.yaml │ │ │ │ ├── intel.yaml │ │ │ │ ├── invoiceninja.yaml │ │ │ │ ├── jacobcolvin.yaml │ │ │ │ ├── jetstack.yaml │ │ │ │ ├── kubernetes-replicator-charts.yaml │ │ │ │ ├── kubernetes-sigs-descheduler.yaml │ │ │ │ ├── kubernetes-sigs-nfd.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── metrics-server-charts.yaml │ │ │ │ ├── nextcloud-all-in-one.yaml │ │ │ │ ├── piraeus.yaml │ │ │ │ ├── postfinance.yaml │ │ │ │ ├── prometheus-community-charts.yaml │ │ │ │ ├── rook-ceph-charts.yaml │ │ │ │ ├── sentry-custom.yaml │ │ │ │ ├── sentry.yaml │ │ │ │ ├── stakater.yaml │ │ │ │ ├── teampiped.yaml │ │ │ │ ├── weave-gitops.yaml │ │ │ │ └── zalando-postgres-operator.yaml │ │ │ └── kustomization.yaml │ │ ├── vars │ │ │ ├── global-auto-vars.yaml │ │ │ ├── global-secrets.yaml │ │ │ ├── global-vars.yaml │ │ │ └── kustomization.yaml │ │ └── workloads.yaml │ │ └── workloads │ │ ├── actions-runner-system │ │ ├── actions-runner-controller │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── ks.yaml │ │ │ └── runners │ │ │ │ ├── home-ops.yaml │ │ │ │ └── kustomization.yaml │ │ ├── kustomization.yaml │ │ └── namespace.yaml │ │ ├── cert-manager │ │ ├── cert-manager │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── prometheusrule.yaml │ │ │ ├── issuers │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── issuers.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ └── namespace.yaml │ │ ├── comms │ │ ├── kustomization.yaml │ │ ├── matrix-synapse │ │ │ ├── README.md │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease-sliding-sync.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── pvc.yaml │ │ │ │ ├── servicemonitor.yaml │ │ │ │ └── volsync.yaml │ │ │ ├── db │ │ │ │ ├── configs │ │ │ │ │ └── postgres-ha.yaml │ │ │ │ ├── db.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ └── namespace.yaml │ │ ├── database │ │ ├── crunchy-postgres-operator │ │ │ ├── ks.yaml │ │ │ └── operator │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ ├── ext-postgres-operator │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── influxdb │ │ │ ├── app │ │ │ │ ├── cronjob.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── postgres-backup │ │ │ ├── app │ │ │ │ ├── cronjob.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ └── ks.yaml │ │ ├── redis │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ └── zalando-postgres │ │ │ ├── cluster │ │ │ ├── cluster.yaml │ │ │ ├── externalsecret.yaml │ │ │ ├── kustomization.yaml │ │ │ └── service.yaml │ │ │ ├── ks.yaml │ │ │ └── operator │ │ │ ├── configmap.yaml │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ ├── default │ │ ├── archiveteam-warrior │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ └── ks.yaml │ │ ├── authelia │ │ │ ├── app │ │ │ │ ├── config │ │ │ │ │ └── configuration.yml │ │ │ │ ├── database.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── calibre-web │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── pvc.yaml │ │ │ │ └── volsync.yaml │ │ │ └── ks.yaml │ │ ├── echo-server │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── external-home-assistant │ │ │ ├── app │ │ │ │ ├── external-home-assistant.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── hajimari │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── immich │ │ │ ├── app │ │ │ │ ├── configmap.yaml │ │ │ │ ├── database.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── machine-learning │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── microservices │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── pvc.yaml │ │ │ │ ├── server │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── typesense │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── web │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ ├── ks.yaml │ │ │ └── redis │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ ├── kustomization.yaml │ │ ├── lldap │ │ │ ├── app │ │ │ │ ├── database.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── namespace.yaml │ │ ├── nextcloud-sc │ │ │ ├── app │ │ │ │ ├── cronjob.yaml │ │ │ │ ├── database.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease-nextcloud.yaml │ │ │ │ ├── helmrelease-redis.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── nginx-config.yaml │ │ │ │ ├── pvc.yaml │ │ │ │ └── volsync.yaml │ │ │ └── ks.yaml │ │ ├── paperless │ │ │ ├── app │ │ │ │ ├── database.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ └── ks.yaml │ │ ├── photoprism │ │ │ ├── app │ │ │ │ ├── cronjob.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease-mariadb.yaml │ │ │ │ ├── helmrelease-photoprism.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ └── ks.yaml │ │ ├── piped │ │ │ ├── app │ │ │ │ ├── database.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── quickshare │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ └── ks.yaml │ │ ├── send │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease-redis.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ └── ks.yaml │ │ └── snowflake-proxy │ │ │ ├── app │ │ │ ├── deployment.yaml │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── downloads │ │ ├── autoscan │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── pvc.yaml │ │ │ │ └── volsync.yaml │ │ │ └── ks.yaml │ │ ├── downloads-pv │ │ │ ├── app │ │ │ │ ├── downloads-pv.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── music-pv.yaml │ │ │ │ └── pv.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── lidarr │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── pvc.yaml │ │ │ │ └── volsync.yaml │ │ │ └── ks.yaml │ │ ├── namespace.yaml │ │ ├── prowlarr │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── volsync.yaml │ │ │ └── ks.yaml │ │ ├── qbittorrent │ │ │ ├── app │ │ │ │ ├── config │ │ │ │ │ └── dnsdist.conf │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── pvc.yaml │ │ │ │ ├── scripts │ │ │ │ │ └── completed.sh │ │ │ │ └── volsync.yaml │ │ │ ├── ks.yaml │ │ │ └── tools │ │ │ │ ├── config │ │ │ │ └── config.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── prune │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ ├── reannounce │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ └── tags │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ ├── radarr │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── volsync.yaml │ │ │ └── ks.yaml │ │ ├── readarr-audiobooks │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── pvc.yaml │ │ │ │ └── volsync.yaml │ │ │ └── ks.yaml │ │ ├── readarr │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── pvc.yaml │ │ │ │ └── volsync.yaml │ │ │ └── ks.yaml │ │ ├── recyclarr │ │ │ ├── app │ │ │ │ ├── config │ │ │ │ │ └── recyclarr.yml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── volsync.yaml │ │ │ └── ks.yaml │ │ ├── sabnzbd │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── volsync.yaml │ │ │ └── ks.yaml │ │ ├── searxng │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease-redis.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ └── ks.yaml │ │ └── sonarr │ │ │ ├── app │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── volsync.yaml │ │ │ └── ks.yaml │ │ ├── flux-system │ │ ├── addons │ │ │ ├── ks.yaml │ │ │ ├── monitoring │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── podmonitor.yaml │ │ │ │ └── prometheusrule.yaml │ │ │ └── webhooks │ │ │ │ ├── github │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── ingress.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── receiver.yaml │ │ │ │ └── kustomization.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── weave-gitops │ │ │ ├── app │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kube-system │ │ ├── cilium │ │ │ ├── app │ │ │ │ ├── configmap.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── monitoring.yaml │ │ │ └── ks.yaml │ │ ├── descheduler │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── external-secrets │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── cluster-secrets │ │ │ │ ├── crunchy-postgres-s3-creds.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── ks.yaml │ │ │ └── stores │ │ │ │ ├── kustomization.yaml │ │ │ │ └── onepassword │ │ │ │ ├── clustersecretstore.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ ├── intel-device-plugins │ │ │ ├── gpu │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── nodefeaturerule.yaml │ │ │ ├── ks.yaml │ │ │ └── operator │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ ├── kubelet-csr-approver │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ └── values.yaml │ │ │ └── ks.yaml │ │ ├── kubernetes-replicator │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── metrics-server │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── namespace.yaml │ │ ├── node-feature-discovery │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── ks.yaml │ │ │ └── rules │ │ │ │ └── nodefeaturerule.yaml │ │ ├── reloader │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── snapshot-controller │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ └── talos-backup │ │ │ ├── app │ │ │ ├── cronjob.yaml │ │ │ ├── externalsecret.yaml │ │ │ ├── kustomization.yaml │ │ │ └── serviceaccount.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── media │ │ ├── calibre │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── pvc.yaml │ │ │ │ └── volsync.yaml │ │ │ └── ks.yaml │ │ ├── filebrowser │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── settings.config.yaml │ │ │ └── ks.yaml │ │ ├── jellyfin │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── volsync.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── media-pv │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pv.yaml │ │ │ └── ks.yaml │ │ ├── namespace.yaml │ │ ├── overseerr │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── pvc.yaml │ │ │ │ └── volsync.yaml │ │ │ └── ks.yaml │ │ ├── plex │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── volsync.yaml │ │ │ └── ks.yaml │ │ └── tautulli │ │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── pvc.yaml │ │ │ └── volsync.yaml │ │ │ └── ks.yaml │ │ ├── monitoring │ │ ├── grafana │ │ │ ├── app │ │ │ │ ├── database.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── dashboards │ │ │ │ ├── dockershit.json │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── speedtest-exporter-dashboard.json │ │ │ │ └── vyos.json │ │ │ └── ks.yaml │ │ ├── graphite-exporter │ │ │ ├── app │ │ │ │ ├── config │ │ │ │ │ └── graphite_mapping.yml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kube-prometheus-stack │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── loki │ │ │ ├── app │ │ │ │ ├── configmap.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── prometheus-rule.yaml │ │ │ └── ks.yaml │ │ ├── namespace.yaml │ │ ├── nextdns-exporter │ │ │ ├── app │ │ │ │ ├── dashboard │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── unpoller │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ └── vector │ │ │ ├── agent │ │ │ ├── config │ │ │ │ └── vector.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── rbac.yaml │ │ │ ├── aggregator │ │ │ ├── config │ │ │ │ └── vector.yaml │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── networking │ │ ├── cloudflared │ │ │ ├── ks.yaml │ │ │ ├── personal-domain │ │ │ │ ├── config │ │ │ │ │ └── config.yaml │ │ │ │ ├── dnsEndpoint.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── work-domain │ │ │ │ ├── config │ │ │ │ └── config.yaml │ │ │ │ ├── dnsEndpoint.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ ├── external-dns │ │ │ ├── ks.yaml │ │ │ ├── personal-domain │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── shared │ │ │ │ ├── dns_endpoint-crd.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── work-domain │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ ├── ingress-nginx-internal-voiceassistant │ │ │ ├── app │ │ │ │ ├── dashboard │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── ingress-nginx-internal-work │ │ │ ├── app │ │ │ │ ├── dashboard │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── ingress-nginx-internal │ │ │ ├── app │ │ │ │ ├── dashboard │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── k8s-gateway │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── rbac.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── tailscale │ │ │ ├── ks.yaml │ │ │ └── tailscale-operator │ │ │ │ ├── external-secret.yaml │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ └── wildcard-certificate │ │ │ ├── certificate.yaml │ │ │ └── kustomization.yaml │ │ ├── qemu-guest-agent │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── qemu-guest-agent │ │ │ ├── app │ │ │ ├── daemonset.yaml │ │ │ ├── kustomization.yaml │ │ │ └── test.yaml │ │ │ └── ks.yaml │ │ ├── rook-ceph │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── rook-ceph │ │ │ ├── README.md │ │ │ ├── app │ │ │ ├── helm-release.yaml │ │ │ ├── kustomization.yaml │ │ │ └── rbac.yaml │ │ │ ├── cluster │ │ │ ├── ceph-cluster.yaml │ │ │ ├── ceph-monitor.yaml │ │ │ ├── ceph-prometheus.yaml │ │ │ ├── create-secrets.sh │ │ │ ├── env.sops.sh │ │ │ ├── kustomization.yaml │ │ │ ├── secrets.sops.yaml │ │ │ ├── storage-class.yaml │ │ │ └── volume-snapshot-class.yaml │ │ │ ├── ks.yaml │ │ │ └── monitoring │ │ │ ├── ceph-cluster.json │ │ │ ├── ceph-osd.json │ │ │ ├── ceph-pools.json │ │ │ ├── kustomization.yaml │ │ │ └── rook-ceph-rules.yaml │ │ ├── voiceassistant │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── ovos-bedroom │ │ │ ├── core │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── ks.yaml │ │ │ └── skills │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── skill-roon.yaml │ │ │ │ └── skills-base.yaml │ │ ├── ovos-kitchen │ │ │ ├── core │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── ks.yaml │ │ │ └── skills │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── skill-roon.yaml │ │ │ │ └── skills-base.yaml │ │ ├── ovos-pv │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pv.yaml │ │ │ └── ks.yaml │ │ ├── stt-fasterwhisper │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── tts-mimic3 │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ └── tts-piper │ │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── volsync │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── volsync │ │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── prometheusrule.yaml │ │ │ ├── ks.yaml │ │ │ └── readme.md │ │ ├── vpn │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── pod-gateway │ │ │ ├── downloads │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── networkpolicy.yaml │ │ │ └── ks.yaml │ │ └── work │ │ ├── invoiceninja │ │ ├── app │ │ │ ├── backup-cronjob.yaml │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease-invoiceninja.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── pvc.yaml │ │ │ └── volsync.yaml │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── nextcloud-aio-ol │ │ ├── app │ │ │ ├── helmrelease-nextcloud-aio.yaml │ │ │ └── kustomization.yaml │ │ ├── ks.yaml │ │ └── secret │ │ │ ├── externalsecret.yaml │ │ │ └── kustomization.yaml │ │ ├── nextcloud-ol │ │ ├── app │ │ │ ├── cronjob.yaml │ │ │ ├── database.yaml │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease-nextcloud.yaml │ │ │ ├── helmrelease-redis.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── nginx-config.yaml │ │ │ ├── pvc.yaml │ │ │ └── volsync.yaml │ │ └── ks.yaml │ │ ├── projectsend │ │ ├── app │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease-mariadb.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── pvc.yaml │ │ └── ks.yaml │ │ └── sentry │ │ ├── app │ │ ├── database.yaml │ │ ├── externalsecret.yaml │ │ ├── helmrelease.yaml │ │ ├── kustomization.yaml │ │ └── pvc.yaml │ │ └── ks.yaml ├── talos │ ├── LICENSE │ └── k8s-prod │ │ ├── Makefile │ │ ├── README.md │ │ ├── clusterconfig │ │ └── .gitignore │ │ ├── cni │ │ ├── .gitignore │ │ ├── kustomization.yaml │ │ └── values.yaml │ │ ├── kubelet-csr-approver │ │ ├── .gitignore │ │ └── kustomization.yaml │ │ ├── talconfig.yaml │ │ ├── talenv.sops.yaml │ │ └── talsecret.sops.yaml └── terraform │ └── k8s-prod │ ├── main.tf │ ├── providers.tf │ ├── terraform.tfvars.json │ └── variables.tf ├── bin ├── kubeconform.sh ├── minio-migrate.py └── zfs-remove-holds.py ├── dns ├── Corefile ├── LICENSE ├── README.md ├── common.conf ├── secret.conf.sops └── zones │ ├── db.other.sops │ ├── db.personal.sops │ └── db.work.sops ├── icons ├── archivebox.png ├── bazarr.png ├── beyond.png ├── bg.jpg ├── calibre-web.png ├── calibre.png ├── filebrowser.png ├── grafana.png ├── icon_left_brand_sc.svg ├── karma.ico ├── lds-transparent.png ├── lds.png ├── linkding.png ├── logo.png ├── longhorn.png ├── nas.png ├── outlook.png ├── overseerr.png ├── owncloud.png ├── paperless-ngx.png ├── portainer.png ├── prowlarr.png ├── qbittorrent.png ├── radarr.png ├── readarr.png ├── sabnzbd.png ├── sc.svg ├── sonarr.png ├── tautulli.png ├── tdarr.png ├── weave.png ├── wsc.png └── youtube-music.png ├── iot ├── pi │ ├── .gitignore │ ├── README.md │ ├── firstboot.service │ ├── firstboot.sh │ ├── main.go │ └── password.py ├── shelly │ ├── .gitignore │ ├── coiot.py │ ├── fw │ │ ├── 1.9.2.SHSW-25.zip │ │ ├── 1.9.2.SHSW-25 │ │ │ └── switch25-1.0 │ │ │ │ ├── esp_init_data_default_v08.bin │ │ │ │ ├── fs.bin │ │ │ │ ├── manifest.json │ │ │ │ ├── rboot.bin │ │ │ │ └── switch25.bin │ │ ├── README │ │ ├── SHSW-25.zip │ │ ├── mg2tasmota-Shelly25.zip │ │ └── switch25-1.0 │ │ │ ├── esp_init_data_default_v08.bin │ │ │ ├── fs.bin │ │ │ ├── manifest.json │ │ │ ├── rboot.bin │ │ │ └── switch25.bin │ ├── import.py │ ├── pinouts │ │ ├── shelly_tasmota_04.jpg │ │ └── shelly_tasmota_17.jpg │ ├── reboot-all.py │ ├── shelly-inventory.ods │ ├── shellys.csv │ └── vyos.py └── zigbee2mqtt │ ├── cron │ ├── zigbee2mqtt.service │ └── zzh │ ├── CC2652R_coordinator_20210120.hex │ ├── CC2652R_coordinator_20210120.zip │ ├── cc2538-bsl-master │ ├── .gitignore │ ├── .travis.yml │ ├── README.md │ ├── cc2538-bsl.py │ ├── setup.py │ └── tests │ │ └── test_cc2538-bsl.py │ ├── cc2538-bsl.zip │ └── requirements.txt ├── k8s ├── LICENSE └── prod │ ├── apps │ ├── home-archivebox │ │ ├── archivebox │ │ │ ├── app │ │ │ │ ├── config │ │ │ │ │ └── sonic.cfg │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── notifications.yaml │ ├── home-automation │ │ ├── influxdb │ │ │ ├── app │ │ │ │ ├── cronjob.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── notifications.yaml │ ├── home-books │ │ ├── calibre-web │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── calibre │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── notifications.yaml │ ├── home-dav │ │ ├── davis │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── notifications.yaml │ ├── home-dl │ │ ├── app-db-root-cert │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── notifications.yaml │ │ ├── prowlarr │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── qbittorrent │ │ │ ├── app │ │ │ │ ├── config │ │ │ │ │ └── dnsdist.conf │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ │ └── completed.sh │ │ │ ├── ks.yaml │ │ │ └── tools │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ └── config.yaml │ │ ├── radarr │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── pvc.yaml │ │ │ │ └── resources │ │ │ │ │ └── pushover-notify.sh │ │ │ └── ks.yaml │ │ ├── sabnzbd │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ └── sonarr │ │ │ ├── app │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── pvc.yaml │ │ │ └── resources │ │ │ │ └── pushover-notify.sh │ │ │ └── ks.yaml │ ├── home-linkding │ │ ├── kustomization.yaml │ │ ├── linkding │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── namespace.yaml │ │ └── notifications.yaml │ ├── home-media │ │ ├── filebrowser │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── media-pv │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pv.yaml │ │ │ └── ks.yaml │ │ ├── namespace.yaml │ │ ├── notifications.yaml │ │ ├── overseerr │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ └── ks.yaml │ │ ├── plex │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ ├── ks.yaml │ │ │ └── plex-image-cleanup │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── networkpolicy.yaml │ │ └── tautulli │ │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ ├── home-ocis │ │ ├── home-ocis │ │ │ ├── app │ │ │ │ ├── configmap.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── notifications.yaml │ ├── home-paperless │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── notifications.yaml │ │ └── paperless │ │ │ ├── app │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ ├── misc │ │ ├── archiveteam-warrior │ │ │ └── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ ├── archiveteam-warrior0 │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── archiveteam-warrior1 │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── archiveteam-warrior2 │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── notifications.yaml │ │ └── snowflake-proxy │ │ │ ├── app │ │ │ ├── deployment.yaml │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ ├── ocis-test │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── notifications.yaml │ │ ├── ocis-test-simple │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ └── ocis-test │ │ │ ├── app │ │ │ ├── configmap.yaml │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── pvc.yaml │ │ │ └── ks.yaml │ ├── work-data │ │ ├── app-db-root-cert │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── notifications.yaml │ │ └── work-ocis │ │ │ ├── app │ │ │ ├── configmap.yaml │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ └── work-invoiceninja │ │ ├── invoiceninja-public-pvc │ │ ├── app │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ │ ├── invoiceninja-storage-pvc │ │ ├── app │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ │ ├── invoiceninja │ │ ├── app │ │ │ ├── backup-cronjob.yaml │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── pvc.yaml │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── notifications.yaml │ ├── bootstrap │ └── kustomization.yaml │ ├── core │ ├── auth │ │ ├── authentik │ │ │ ├── app │ │ │ │ ├── configmap.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── ingress-work.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── db │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── postgrescluster.yaml │ │ │ ├── ks.yaml │ │ │ └── redis │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── notifications.yaml │ ├── cert-manager │ │ ├── cert-manager │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── issuers │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── issuers.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ └── namespace.yaml │ ├── database │ │ ├── app-db │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease-userinit.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── postgrescluster.yaml │ │ │ └── ks.yaml │ │ ├── clustersecretstore │ │ │ ├── clustersecretstore │ │ │ │ ├── clustersecretstore.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── rbac.yaml │ │ │ └── ks.yaml │ │ ├── crunchy-postgres-operator │ │ │ ├── ks.yaml │ │ │ └── operator │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── networkpolicy.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── notifications.yaml │ │ ├── postgres-backup │ │ │ ├── app │ │ │ │ ├── cronjob.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ └── ks.yaml │ │ └── redis │ │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ ├── external-secrets │ │ ├── external-secrets │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── onepassword-connect.secret.sops.yaml │ │ │ ├── cluster-secrets │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pgo-s3-creds.yaml │ │ │ ├── ks.yaml │ │ │ └── stores │ │ │ │ ├── kustomization.yaml │ │ │ │ └── onepassword │ │ │ │ ├── clustersecretstore.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── notifications.yaml │ ├── flux-system │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── webhooks │ │ │ ├── app │ │ │ ├── github │ │ │ │ ├── ingress.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── receiver.yaml │ │ │ │ └── secret.sops.yaml │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ ├── kube-system │ │ ├── cilium │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── ks.yaml │ │ │ ├── loadbalancer │ │ │ │ ├── cilium-bgp.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── netpols │ │ │ │ ├── allow-egress-apiserver.yaml │ │ │ │ ├── allow-egress-internet.yaml │ │ │ │ ├── allow-egress-kubedns.yaml │ │ │ │ ├── allow-egress-lan.yaml │ │ │ │ ├── allow-egress-minio.yaml │ │ │ │ ├── allow-egress-world.yaml │ │ │ │ ├── allow-ingress-internet.yaml │ │ │ │ ├── allow-ingress-lan.yaml │ │ │ │ ├── allow-ingress-world.yaml │ │ │ │ ├── default-allow-kubedns.yaml │ │ │ │ ├── kube-system-allow-all.yaml │ │ │ │ └── kustomization.yaml │ │ ├── intel-device-plugin │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── gpu │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── metrics-server │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── namespace.yaml │ │ ├── node-feature-discovery │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── ks.yaml │ │ │ └── rules │ │ │ │ ├── google-coral-device.yaml │ │ │ │ ├── intel-gpu-device.yaml │ │ │ │ └── kustomization.yaml │ │ └── reloader │ │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ ├── network │ │ ├── cloudflared │ │ │ ├── ks.yaml │ │ │ ├── personal-domain │ │ │ │ ├── configs │ │ │ │ │ └── config.yaml │ │ │ │ ├── dnsendpoint.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── work-domain │ │ │ │ ├── configs │ │ │ │ └── config.yaml │ │ │ │ ├── dnsendpoint.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ ├── echo-server │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── external-dns │ │ │ ├── ks.yaml │ │ │ ├── personal-domain │ │ │ │ ├── dnsendpoint-crd.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ │ └── work-domain │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ ├── ingress-nginx │ │ │ ├── certificates │ │ │ │ ├── kustomization.yaml │ │ │ │ └── wildcard.yaml │ │ │ ├── external-homeassistant │ │ │ │ ├── external-home-assistant.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── external-work │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── external │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── internal │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── k8s-gateway │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── notifications.yaml │ ├── observability │ │ ├── alertmanager-silencer │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── gatus │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── rbac.yaml │ │ │ │ └── resources │ │ │ │ │ └── config.yaml │ │ │ └── ks.yaml │ │ ├── grafana │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kube-prometheus-stack │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── prometheusrules │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── prometheusrule.yaml │ │ │ │ ├── resources │ │ │ │ │ └── alertmanager.yaml │ │ │ │ └── scrapeconfigs │ │ │ │ │ ├── coredns.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── node-exporter.yaml │ │ │ │ │ ├── pikvm.yaml │ │ │ │ │ ├── snmp.yaml │ │ │ │ │ ├── speedtest.yaml │ │ │ │ │ ├── vyos.yaml │ │ │ │ │ ├── zfs.yaml │ │ │ │ │ ├── zigbee-controller.yaml │ │ │ │ │ └── zrepl.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── loki │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── objectbucketclaim.yaml │ │ │ │ └── rules │ │ │ │ │ └── loki-alerting-rules.yaml │ │ │ └── ks.yaml │ │ ├── namespace.yaml │ │ ├── notifications.yaml │ │ ├── smartctl-exporter │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── prometheusrule.yaml │ │ │ └── ks.yaml │ │ ├── snmp-exporter │ │ │ ├── app │ │ │ │ ├── apc-ups │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ ├── dashboard.json │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── prometheusrule.yaml │ │ │ │ ├── dell-idrac │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ ├── dashboard.json │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── thanos │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── objectbucketclaim.yaml │ │ │ │ └── pushsecret.yaml │ │ │ └── ks.yaml │ │ ├── unpoller │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ └── vector │ │ │ ├── app │ │ │ ├── agent │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── rbac.yaml │ │ │ │ └── resources │ │ │ │ │ └── vector.yaml │ │ │ ├── aggregator │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ │ └── vector.yaml │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ ├── openebs-system │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── notifications.yaml │ │ └── openebs │ │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ ├── rook-ceph │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── rook-ceph │ │ │ ├── README.md │ │ │ ├── app │ │ │ ├── configmap.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── rook-ceph-dashboard-password.secret.sops.yaml │ │ │ ├── cluster │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── rgw-external.yaml │ │ │ └── ks.yaml │ └── volsync-system │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── notifications.yaml │ │ ├── snapshot-controller │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ │ └── volsync │ │ ├── app │ │ ├── helmrelease.yaml │ │ ├── kustomization.yaml │ │ └── prometheusrule.yaml │ │ └── ks.yaml │ ├── flux │ ├── apps.yaml │ ├── config │ │ ├── cluster.yaml │ │ ├── flux.yaml │ │ └── kustomization.yaml │ ├── core.yaml │ ├── repositories │ │ ├── git │ │ │ └── kustomization.yaml │ │ ├── helm │ │ │ ├── actions-runner-controller.yaml │ │ │ ├── authentik.yaml │ │ │ ├── backube.yaml │ │ │ ├── bitnami.yaml │ │ │ ├── bjw-s.yaml │ │ │ ├── cilium.yaml │ │ │ ├── crunchy-userinit.yaml │ │ │ ├── crunchydata.yaml │ │ │ ├── descheduler.yaml │ │ │ ├── external-dns.yaml │ │ │ ├── external-secrets.yaml │ │ │ ├── grafana.yaml │ │ │ ├── influxdata-charts.yaml │ │ │ ├── ingress-nginx.yaml │ │ │ ├── intel.yaml │ │ │ ├── invoiceninja.yaml │ │ │ ├── jetstack.yaml │ │ │ ├── k8s-gateway.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── metrics-server.yaml │ │ │ ├── node-feature-discovery.yaml │ │ │ ├── openebs.yaml │ │ │ ├── owncloud-ocis.yaml │ │ │ ├── piraeus.yaml │ │ │ ├── prometheus-community.yaml │ │ │ ├── rook-ceph.yaml │ │ │ ├── stakater.yaml │ │ │ └── weaveworks.yaml │ │ ├── kustomization.yaml │ │ └── oci │ │ │ └── kustomization.yaml │ └── vars │ │ ├── cluster-secrets.sops.yaml │ │ ├── cluster-settings.yaml │ │ └── kustomization.yaml │ └── templates │ ├── app-db-root-cert │ ├── externalsecret.yaml │ └── kustomization.yaml │ ├── postgres-database │ ├── kustomization.yaml │ ├── networkpolicy.yaml │ └── postgresCluster.yaml │ └── volsync │ ├── kustomization.yaml │ ├── minio │ ├── externalsecret.yaml │ ├── kustomization.yaml │ ├── replicationdestination.yaml │ └── replicationsource.yaml │ ├── pvc.yaml │ └── r2 │ ├── externalsecret.yaml │ ├── kustomization.yaml │ └── replicationsource.yaml ├── terraform ├── .env ├── .envrc ├── LICENSE ├── authentik │ ├── applications.tf │ ├── backend.tf │ ├── customization.tf │ ├── directory.tf │ ├── flows.tf │ ├── main.tf │ ├── modules │ │ ├── forward-auth-application │ │ │ └── main.tf │ │ └── oidc-application │ │ │ └── main.tf │ ├── ocis.tf │ ├── providers.tf │ ├── scopes.tf │ ├── stages-prompt_fields.tf │ ├── stages.tf │ ├── variables.tf │ └── vars.auto.tfvars ├── cloud │ ├── main.tf │ ├── modules │ │ └── domain │ │ │ ├── main.tf │ │ │ └── providers.tf │ ├── providers.tf │ └── secrets.sops.yaml ├── s3 │ ├── backend.tf │ ├── main.tf │ ├── modules │ │ ├── crunchy-bucket │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ ├── providers.tf │ │ │ └── variables.tf │ │ ├── crunchy-secret │ │ │ └── main.tf │ │ ├── minio-bucket │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ └── variables.tf │ │ ├── r2-bucket │ │ │ ├── main.tf │ │ │ └── providers.tf │ │ ├── volsync-bucket │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ ├── providers.tf │ │ │ └── variables.tf │ │ └── volsync-secret │ │ │ └── main.tf │ └── providers.tf └── secrets.sops.yaml └── vyos ├── LICENSE ├── README.md └── router0 ├── .gitignore ├── apply-config.sh ├── config-parts ├── .gitignore ├── container.sh ├── firewall-name.sh ├── firewall-zone.sh ├── firewall.sh ├── interfaces.sh ├── nat.sh ├── protocols.sh ├── service-dhcp_server.sh ├── service.sh ├── system-generated.sh ├── system-static_host_mapping.sh └── system.sh ├── containers ├── .gitignore ├── dnsdist │ ├── .gitignore │ └── config │ │ └── dnsdist.conf └── smtp-relay │ └── config │ └── maddy.conf └── scripts ├── .gitignore ├── custom-config-backup.sh ├── vyos-postconfig-bootup.script └── vyos-preconfig-bootup.script /.ansible-lint: -------------------------------------------------------------------------------- 1 | --- 2 | skip_list: 3 | - yaml[line-length] 4 | - var-naming 5 | - yaml[indentation] 6 | - yaml[comments-indentation] 7 | - yaml[comments] 8 | warn_list: 9 | - command-instead-of-shell 10 | - deprecated-command-syntax 11 | - experimental 12 | - no-changed-when 13 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | # editorconfig.org 2 | root = true 3 | 4 | [*] 5 | indent_style = space 6 | indent_size = 2 7 | end_of_line = lf 8 | charset = utf-8 9 | trim_trailing_whitespace = true 10 | insert_final_newline = true 11 | 12 | [Makefile] 13 | indent_style = tab 14 | indent_size = 4 15 | 16 | [Makefile.j2] 17 | indent_style = tab 18 | indent_size = 4 19 | 20 | [*.{bash,sh}] 21 | indent_style = space 22 | indent_size = 4 23 | -------------------------------------------------------------------------------- /.envrc: -------------------------------------------------------------------------------- 1 | export KUBECONFIG=/home/ramblurr/src/home-ops/kubeconfig 2 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | * text=auto eol=lf 2 | *.sops.toml linguist-language=JSON 3 | -------------------------------------------------------------------------------- /.github/lint/.flake8: -------------------------------------------------------------------------------- 1 | [flake8] 2 | max-line-length = 120 3 | -------------------------------------------------------------------------------- /.github/lint/.prettierignore: -------------------------------------------------------------------------------- 1 | .private 2 | .vscode 3 | *.sops.* 4 | -------------------------------------------------------------------------------- /.github/lint/.prettierrc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | trailingComma: "es5" 3 | tabWidth: 2 4 | semi: false 5 | singleQuote: false 6 | -------------------------------------------------------------------------------- /.github/lint/gitleaks.toml: -------------------------------------------------------------------------------- 1 | title = "gitleaks config" 2 | 3 | [extend] 4 | useDefault = true 5 | 6 | [allowlist] 7 | description = "ignore sops encrypted secrets" 8 | paths = [ 9 | 'ansible_collections', 10 | 'terraform.tfstate.*', 11 | 'clusterconfig/.*yaml', 12 | 'ansible/roles/external', 13 | 'terraform/authentik/ocis.tf', 14 | 'readme.md' 15 | ] 16 | regexTarget = "line" 17 | regexes= [ 18 | '''ExAmPl3PA55W0rD''', 19 | '''.*ENC\[AES256_GCM,data:.*''' 20 | ] 21 | -------------------------------------------------------------------------------- /.github/renovate/allowedVersions.json5: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | packageRules: [ 4 | { 5 | matchDatasources: ["docker"], 6 | matchPackageNames: ["ghcr.io/linuxserver/calibre-web"], 7 | allowedVersions: "<1", 8 | }, 9 | { 10 | matchDatasources: ["docker"], 11 | matchPackageNames: ["tomsquest/docker-radicale"], 12 | allowedVersions: "/^[0-9]+\\.[0-9]+\\.[0-9]+(\\.[0-9]+)?$/", 13 | }, 14 | ], 15 | } 16 | -------------------------------------------------------------------------------- /.github/renovate/disabledDatasources.json5: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | packageRules: [ 4 | { 5 | description: "Disable kubernetes-api", 6 | matchManagers: ["kubernetes"], 7 | matchDatasources: ["kubernetes-api"], 8 | enabled: false, 9 | }, 10 | ], 11 | } 12 | -------------------------------------------------------------------------------- /.taskfiles/PrecommitTasks.yml: -------------------------------------------------------------------------------- 1 | --- 2 | version: "3" 3 | 4 | tasks: 5 | 6 | init: 7 | desc: Initialize pre-commit hooks 8 | cmds: 9 | - pre-commit install --install-hooks 10 | 11 | run: 12 | desc: Run pre-commit 13 | cmds: 14 | - pre-commit run --all-files 15 | 16 | update: 17 | desc: Update pre-commit hooks 18 | cmds: 19 | - pre-commit autoupdate 20 | -------------------------------------------------------------------------------- /.taskfiles/VolSync/resources/wait.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | JOB=$1 4 | NAMESPACE="${2:-default}" 5 | CLUSTER="${3:-main}" 6 | 7 | [[ -z "${JOB}" ]] && echo "Job name not specified" && exit 1 8 | while true; do 9 | STATUS="$(kubectl --context "${CLUSTER}" -n "${NAMESPACE}" get pod -l job-name="${JOB}" -o jsonpath='{.items[*].status.phase}')" 10 | if [ "${STATUS}" == "Pending" ]; then 11 | break 12 | fi 13 | sleep 1 14 | done 15 | -------------------------------------------------------------------------------- /ansible/.gitignore: -------------------------------------------------------------------------------- 1 | collections/ 2 | roles/external/ 3 | -------------------------------------------------------------------------------- /ansible/filter_plugins/__pycache__/duplicate_filter.cpython-311.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/ansible/filter_plugins/__pycache__/duplicate_filter.cpython-311.pyc -------------------------------------------------------------------------------- /ansible/inventory/group_vars/bsd.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ansible_python_interpreter: /usr/local/bin/python3 3 | -------------------------------------------------------------------------------- /ansible/inventory/group_vars/dns.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ansible_python_interpreter: /usr/bin/python3 3 | dns_local_dhcp_resolver: 192.168.1.1 4 | coredns_config_dir: "{{ playbook_dir }}/../dns" 5 | coredns_zone1_sops: db.personal.sops 6 | coredns_zone1_name: db.personal 7 | coredns_zone2_sops: db.work.sops 8 | coredns_zone2_name: db.work 9 | coredns_zone3_sops: db.other.sops 10 | coredns_zone3_name: db.other 11 | -------------------------------------------------------------------------------- /ansible/inventory/group_vars/lxc.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ansible_user: root 3 | ansible_python_interpreter: /usr/bin/python3 4 | security_ssh_permit_root_login: "yes" 5 | -------------------------------------------------------------------------------- /ansible/inventory/group_vars/rpi.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ansible_python_interpreter: /usr/bin/python3 3 | # ansible_ssh_common_args: "-o PubkeyAcceptedKeyTypes=ssh-rsa" 4 | -------------------------------------------------------------------------------- /ansible/inventory/group_vars/truenas.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ansible_user: root 3 | jails_auth_keys: "{{ ssh_public_keys }}" 4 | -------------------------------------------------------------------------------- /ansible/inventory/group_vars/ubuntu.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ansible_python_interpreter: /usr/bin/python3 3 | -------------------------------------------------------------------------------- /ansible/inventory/host_vars/ludwig.int.socozy.casa/ludwig.yml: -------------------------------------------------------------------------------- 1 | --- 2 | truenas_jails_path: /mnt/fast/iocage/jails 3 | truenas_rootfs_backup_dest: /mnt/tank/backups/ludwig-truenas/rootfs 4 | truenas_config_backup_dest: /mnt/tank/backups/ludwig-truenas/config 5 | "{{ truenas_zrepl_cert_ludwig }}" 6 | truenas_zrepl_my_config: ludwig 7 | truenas_zrepl_peers: 8 | - mali 9 | truenas_udr_ssh_host: root@192.168.8.1 10 | -------------------------------------------------------------------------------- /ansible/inventory/host_vars/mic-sat-bedroom.iot.socozy.casa.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ovos_user: ovos 3 | roc_send_hw_input: "alsa://hw:1,0" 4 | roc_send_source: rtp+rs8m://ovos-bedroom.int.socozy.casa:10001 5 | roc_send_repair: rs8m://ovos-bedroom.int.socozy.casa:10002 6 | roc_send_enabled: true 7 | -------------------------------------------------------------------------------- /ansible/inventory/host_vars/mic-sat-kitchen.iot.socozy.casa.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ovos_user: ovos 3 | roc_send_hw_input: "alsa://hw:2,0" # seeed voicecard 2-mic 4 | roc_send_source: rtp+rs8m://ovos-kitchen.int.socozy.casa:10001 5 | roc_send_repair: rs8m://ovos-kitchen.int.socozy.casa:10002 6 | roc_send_enabled: true 7 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.baseline/tasks/autoupdate.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install unattended upgrades package. 3 | package: 4 | name: unattended-upgrades 5 | state: present 6 | 7 | - name: Copy unattended-upgrades configuration files in place. 8 | template: 9 | src: "{{ item }}.j2" 10 | dest: "/etc/apt/apt.conf.d/{{ item }}" 11 | owner: root 12 | group: root 13 | mode: 0644 14 | with_items: 15 | - 10periodic 16 | - 50unattended-upgrades 17 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.baseline/tasks/freebsd.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - set_fact: 3 | freebsd_python_prefix: "py{{ ansible_python_version.split('.')[0:2]|join() }}" 4 | 5 | - include_tasks: ssh.yml 6 | 7 | - name: install deps and tools 8 | when: with_admin_tools 9 | pkgng: 10 | name: 11 | - jq 12 | - rsync 13 | state: present 14 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.baseline/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_tasks: debian.yml 3 | when: ansible_os_family == "Debian" 4 | 5 | - import_tasks: freebsd.yml 6 | when: ansible_os_family == "FreeBSD" 7 | 8 | - import_tasks: redhat.yml 9 | when: ansible_os_family == "RedHat" 10 | 11 | - name: flush baseline handlers 12 | meta: flush_handlers 13 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.baseline/templates/10periodic.j2: -------------------------------------------------------------------------------- 1 | APT::Periodic::Update-Package-Lists "1"; 2 | APT::Periodic::Download-Upgradeable-Packages "1"; 3 | APT::Periodic::AutocleanInterval "7"; 4 | APT::Periodic::Unattended-Upgrade "1"; 5 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.cpu_microcode/README.md: -------------------------------------------------------------------------------- 1 | # rmblr.cpu_microcode 2 | 3 | Installs the appropriate cpu microcode for your x86_64 CPU. 4 | 5 | Assumes that the package repos are already installed. On debian you should 6 | ensure the non-free repos are added before running this role. 7 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.cpu_microcode/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | cpu_microcode_amd_cpu_packages: 3 | - amd64-microcode 4 | cpu_microcode_intel_cpu_packages: 5 | - intel-microcode 6 | - iucode-tool 7 | ... 8 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.debian_backports/defaults/Debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | backports_uri: http://deb.debian.org/debian 3 | backports_components: "{{backports_distribution}}-backports main contrib non-free" 4 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.debian_backports/defaults/Ubuntu.yml: -------------------------------------------------------------------------------- 1 | --- 2 | backports_uri: http://archive.ubuntu.com/ubuntu 3 | backports_components: "{{backports_distribution}}-backports main restricted universe multiverse" 4 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.debian_backports/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | backports_distribution: "{{ansible_distribution_release}}" 3 | backports_priority_enabled: false 4 | backports_priority: 100 5 | backports_state: 'present' 6 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.debian_backports/templates/001-ansible-role-debian-backports.j2: -------------------------------------------------------------------------------- 1 | # 2 | # WARNING: this file is auto-generated by Ansible jnv.debian-backports role! 3 | # WARNING: all local changes will be overwritten! 4 | # 5 | Package: * 6 | Pin: release a={{ ansible_distribution_release }}-backports 7 | Pin-Priority: {{ backports_priority }} 8 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.hivemind-sat/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # hivemind_core_host: 3 | # hivemind_sat_key: 4 | # hivemind_sat_password: 5 | # hivemind_sat_crypto_key: 6 | # hivemind_core_port: 7 | hivemind_dir: /home/ovos/hivemind 8 | xdg_runtime_dir: /run/usr/1001 9 | hivemind_version: alpha 10 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.jail_postgres/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ... 3 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.jail_postgres/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ... 3 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.jail_postgres/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: prepare jail 3 | ansible.builtin.import_role: 4 | name: rmblr.freenas_jail_lifecycle 5 | ... 6 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.k8s_conf/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | cluster_talos_dir: "{{ playbook_dir }}/../talos/{{ cluster_name }}" 3 | cluster_k8s_dir: "{{ playbook_dir }}/../k8s/{{ cluster_name }}" 4 | cluster_terraform_dir: "{{ playbook_dir }}/../terraform/{{ cluster_name }}" 5 | ... 6 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.k8s_conf/templates/inputs.tf.json.j2: -------------------------------------------------------------------------------- 1 | {{ {"//": ansible_managed} | combine(terraform_inputs) | to_json(indent=2) }} 2 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.ovos-mic-sat/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | respeaker_git_repo: https://github.com/HinTak/seeed-voicecard-x.git 3 | respeaker_branch: master 4 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.ovos-mic-sat/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | _ovos_home: "/home/ovos" 3 | _respeaker_core_directory: "{{ _ovos_home }}/seeed-voicecard" 4 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.proxmox_setup/files/prometheus-pve-exporter.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Prometheus Proxmox VE Exporter 3 | Documentation=https://github.com/prometheus-pve/prometheus-pve-exporter 4 | 5 | [Service] 6 | Restart=always 7 | User=pve-exporter 8 | ExecStart=/opt/prometheus-pve-exporter/bin/pve_exporter /etc/prometheus/pve.yml 9 | 10 | [Install] 11 | WantedBy=multi-user.target 12 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.proxmox_setup/tasks/intel-igpu.yml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.proxmox_setup/templates/pve.yaml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | default: 3 | user: pve-exporter@pve 4 | password: {{ pve_exporter_password }} 5 | verify_ssl: false 6 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.proxmox_vms/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | prox_image_storage: local-zfs 3 | prox_snippets_dir: /mnt/pve/mali/snippets 4 | prox_snippets_storage: mali 5 | ... 6 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.proxmox_vms/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Show VMs we are working with 3 | ansible.builtin.debug: 4 | var: proxmox_vms 5 | 6 | - ansible.builtin.include_tasks: vm.yml 7 | loop_control: 8 | label: "{{ vm.name }}" 9 | loop_var: vm 10 | loop: "{{ proxmox_vms }}" 11 | ... 12 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.roc/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart roc-recv 3 | ansible.builtin.systemd: 4 | daemon-reload: true 5 | name: roc-recv.service 6 | state: restarted 7 | enabled: true 8 | 9 | - name: restart roc-send 10 | ansible.builtin.systemd: 11 | daemon-reload: true 12 | name: roc-send.service 13 | state: restarted 14 | enabled: true 15 | ... 16 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.roc/templates/usr/local/lib/systemd/system/roc-recv.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=roc-recv remote audio input 3 | Wants=network.target 4 | 5 | [Service] 6 | Type=simple 7 | ExecStart={{ roc_bin_dest }}/roc-recv --output pulse://default --source {{ roc_recv_source }} --repair {{ roc_recv_repair }} {{ roc_recv_extra_args | default("") }} 8 | User=ovos 9 | Group=ovos 10 | Environment="XDG_RUNTIME_DIR=/run/user/{{ user_info.1 }}" 11 | 12 | 13 | [Install] 14 | WantedBy=multi-user.target 15 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.roc/templates/usr/local/lib/systemd/system/roc-send.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=roc-send local audio input 3 | Wants=network.target 4 | 5 | [Service] 6 | Type=simple 7 | ExecStart={{ roc_bin_dest }}/roc-send --input {{ roc_send_hw_input }} --source {{ roc_send_source }} --repair {{ roc_send_repair }} {{ roc_send_extra_args | default("") }} 8 | Restart=always 9 | 10 | [Install] 11 | WantedBy=multi-user.target 12 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.roc/vars/aarch64.yml: -------------------------------------------------------------------------------- 1 | --- 2 | roc_arch: aarch64-linux-gnu 3 | ... 4 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.roc/vars/armv6l.yml: -------------------------------------------------------------------------------- 1 | --- 2 | roc_arch: arm-bcm2708hardfp-linux-gnueabi 3 | ... 4 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.roc/vars/armv7l.yml: -------------------------------------------------------------------------------- 1 | --- 2 | roc_arch: arm-linux-gnueabihf 3 | ... 4 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.roc/vars/x86_64.yml: -------------------------------------------------------------------------------- 1 | --- 2 | roc_arch: x86_64-pc-linux-gnu 3 | ... 4 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.rpi_coredns_build/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ... 3 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.truenas_setup/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ... 3 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.truenas_setup/files/bin/rclone-backup: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # {{ ansible_managed }} 3 | 4 | set -euo pipefail 5 | 6 | if [[ ! -z "$HC" ]]; then 7 | curl -sS -m 10 --retry 5 "https://hc-ping.com/$HC/start" 8 | fi 9 | 10 | /usr/local/bin/rclone sync \ 11 | --fast-list \ 12 | --quiet \ 13 | "$REMOTE:" "$LOCAL" 14 | 15 | if [[ ! -z "$HC" ]]; then 16 | curl -sS -m 10 --retry 5 "https://hc-ping.com/$HC" 17 | fi 18 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.truenas_setup/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ... 3 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.truenas_setup/templates/backup-config: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # {{ ansible_managed }} 3 | 4 | HC="{{ hc_check_config.uuid }}" 5 | if [[ ! -z "$HC" ]]; then 6 | curl -sS -m 10 --retry 5 "https://hc-ping.com/$HC/start" 7 | fi 8 | 9 | export configdir="{{ truenas_config_backup_dest }}" 10 | /bin/sh -c /root/FreeNAS-scripts/save_config_enc.sh 11 | 12 | if [[ ! -z "$HC" ]]; then 13 | curl -sS -m 10 --retry 5 "https://hc-ping.com/$HC" 14 | fi 15 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.truenas_setup/templates/rclone-job.j2: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # {{ ansible_managed }} 3 | REMOTE="{{ job.remote }}" 4 | LOCAL="{{ job.local_dir }}" 5 | HC="{{ hc_check.uuid }}" 6 | source /root/bin/rclone-backup 7 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.truenas_setup/templates/ups-poweroff.sh.j2: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | UDR="{{ truenas_udr_ssh_host }}" 4 | 5 | # Triggered when charge state of UPS is critical 6 | ssh -o StrictHostKeyChecking=accept-new $UDR ubnt-systool poweroff 7 | 8 | # power myself off 9 | /sbin/poweroff 10 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.truenas_zrepl/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | zrepl_force_install: false 3 | zrepl_jail_name: zrepl 4 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.truenas_zrepl/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart zrepl 3 | ansible.builtin.command: ls 4 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.truenas_zrepl/templates/start-zrepl.sh.j2: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -ex 3 | 4 | if tmux has-session -t zrepl > /dev/null 2>&1; then 5 | : 6 | else 7 | tmux new-session -d -s zrepl -n zrepl {{ zrepl_bin }} daemon --config {{ zrepl_config_dir }}/zrepl.yml 8 | fi 9 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.truenas_zrepl/templates/zrepl-pull.yml.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/ansible/roles/local/rmblr.truenas_zrepl/templates/zrepl-pull.yml.j2 -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.vyos_config_generate/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ... 3 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.vyos_config_generate/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ... 3 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.vyos_setup/README.md: -------------------------------------------------------------------------------- 1 | # configure vyos 2 | 3 | 4 | ## License 5 | 6 | This repo was based off of [bjy-w's vyos-config repo](https://github.com/bjw-s/vyos-config.git) 7 | 8 | The tailscale portions of this role are from: 9 | [artis3n/ansible-role-tailscale](https://github.com/artis3n/ansible-role-tailscale/tree/main) 10 | 11 | They are licensed under the MIT license and (C) Ari Kalfus (@artis3n) dev@artis3nal.com 12 | 13 | Refer to [`LICENSE.tailscale`](./LICENSE.tailscale) 14 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.vyos_setup/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | tailscale_state_folder: /config/tailscale 3 | ... 4 | -------------------------------------------------------------------------------- /ansible/roles/local/rmblr.vyos_setup/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ... 3 | -------------------------------------------------------------------------------- /ansible/roles/local/role-skeleton/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ... 3 | -------------------------------------------------------------------------------- /ansible/roles/local/role-skeleton/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ... 3 | -------------------------------------------------------------------------------- /ansible/roles/local/role-skeleton/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ... 3 | -------------------------------------------------------------------------------- /ansible/tasks/remove-old-node-exporter.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Remove binary 3 | ansible.builtin.file: 4 | path: /usr/local/bin/node_exporter 5 | state: absent 6 | ... 7 | -------------------------------------------------------------------------------- /ansible/vars/borgbackup-host.yml: -------------------------------------------------------------------------------- 1 | --- 2 | borg_provisioner_enabled: true 3 | borg_provisioner_client_pubkeys: "{{ ssh_public_keys }}" 4 | with_admin_tools: false 5 | ... 6 | -------------------------------------------------------------------------------- /ansible/vars/mariadb.yml: -------------------------------------------------------------------------------- 1 | --- 2 | mariadb_bind_addr: "{{ hostvars['mysql.' + subdomain_mgmt]['mysql_node_cidr'] | ansible.netcommon.ipaddr('address') }}" 3 | mariadb_tls_ca_file: "{{ pki_certs_dir }}/root-ca.pem" 4 | mariadb_tls_key_file: "{{ pki_certs_dir }}/mysql.{{ subdomain_mgmt }}-key.pem" 5 | mariadb_tls_cert_file: "{{ pki_certs_dir }}/mysql.{{ subdomain_mgmt }}.pem" 6 | login_unix_socket: /var/run/mysql/mysql.sock 7 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod.old/workloads/downloads/qbittorrent/app/qbittools-tagging/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: downloads 5 | resources: 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/crds/cert-manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - crds.yaml 6 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/crds/external-snapshotter/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - crds.yaml 6 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/crds/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - cert-manager 6 | - external-snapshotter 7 | - rook-ceph 8 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/crds/rook-ceph/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - crds.yaml 6 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./flux.yaml 7 | - ./cluster.yaml 8 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/crds.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 3 | kind: Kustomization 4 | metadata: 5 | name: crds 6 | namespace: flux-system 7 | spec: 8 | interval: 10m0s 9 | path: ./k8s/k8s-prod/crds 10 | prune: true 11 | sourceRef: 12 | kind: GitRepository 13 | name: flux-system 14 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/actions-runner-controller-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: HelmRepository 5 | metadata: 6 | name: actions-runner-controller 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 5m 11 | url: oci://ghcr.io/actions/actions-runner-controller-charts 12 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/ananace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: ananace 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://ananace.gitlab.io/charts 10 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/angelnu.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: angelnu 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://angelnu.github.io/helm-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/backube.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: HelmRepository 5 | metadata: 6 | name: backube 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://backube.github.io/helm-charts/ 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/bitnami-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: bitnami-charts 6 | namespace: flux-system 7 | spec: 8 | type: oci 9 | interval: 5m 10 | url: oci://registry-1.docker.io/bitnamicharts 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/bjw-s.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: bjw-s 6 | namespace: flux-system 7 | spec: 8 | type: oci 9 | interval: 5m 10 | url: oci://ghcr.io/bjw-s/helm 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/cilium-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: cilium-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 10m 9 | url: https://helm.cilium.io/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/coredns-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: coredns-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 10m 9 | url: https://coredns.github.io/helm 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/crunchydata.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: crunchydata 6 | namespace: flux-system 7 | spec: 8 | type: oci 9 | interval: 30m 10 | url: oci://registry.developers.crunchydata.com/crunchydata 11 | timeout: 3m 12 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/ext-postgres-operator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: ext-postgres-operator 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://movetokube.github.io/postgres-operator/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/external-dns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: HelmRepository 5 | metadata: 6 | name: external-dns 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://kubernetes-sigs.github.io/external-dns 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/external-secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: HelmRepository 5 | metadata: 6 | name: external-secrets 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://charts.external-secrets.io 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/grafana.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: HelmRepository 5 | metadata: 6 | name: grafana 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://grafana.github.io/helm-charts 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/hajimari.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: hajimari 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://hajimari.io 10 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/influxdata-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: influxdata-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://helm.influxdata.com/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/ingress-nginx.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: ingress-nginx 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://kubernetes.github.io/ingress-nginx 10 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/intel.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: intel 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://intel.github.io/helm-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/invoiceninja.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: invoiceninja 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://invoiceninja.github.io/dockerfiles 10 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/jacobcolvin.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: HelmRepository 5 | metadata: 6 | name: jacobcolvin 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://jacobcolvin.com/helm-charts 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/jetstack.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: jetstack 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://charts.jetstack.io/ 10 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/kubernetes-replicator-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: kubernetes-replicator-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 10m 9 | url: https://helm.mittwald.de 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/kubernetes-sigs-descheduler.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: kubernetes-sigs-descheduler 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://kubernetes-sigs.github.io/descheduler 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/kubernetes-sigs-nfd.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: kubernetes-sigs-nfd 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://kubernetes-sigs.github.io/node-feature-discovery/charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/metrics-server-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: metrics-server-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 15m 9 | url: https://kubernetes-sigs.github.io/metrics-server 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/nextcloud-all-in-one.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: HelmRepository 5 | metadata: 6 | name: nextcloud-all-in-one 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://nextcloud.github.io/all-in-one/ 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/piraeus.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: HelmRepository 5 | metadata: 6 | name: piraeus 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://piraeus.io/helm-charts/ 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/postfinance.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: postfinance 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://postfinance.github.io/kubelet-csr-approver 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/prometheus-community-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: prometheus-community-charts 6 | namespace: flux-system 7 | spec: 8 | type: oci 9 | interval: 5m 10 | url: oci://ghcr.io/prometheus-community/charts 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/rook-ceph-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: rook-ceph-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 15m 9 | url: https://charts.rook.io/release 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/sentry-custom.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: sentry-custom 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://ramblurr.github.io/sentry-helm 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/sentry.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: sentry 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://sentry-kubernetes.github.io/charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/stakater.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: stakater 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://stakater.github.io/stakater-charts 10 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/teampiped.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.kokoro.wtf/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: HelmRepository 5 | metadata: 6 | name: teampiped 7 | namespace: flux-system 8 | spec: 9 | interval: 15m 10 | url: https://helm.piped.video 11 | timeout: 3m 12 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/weave-gitops.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: HelmRepository 5 | metadata: 6 | name: weave-gitops 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 5m 11 | url: oci://ghcr.io/weaveworks/charts 12 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/helm/zalando-postgres-operator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: zalando-postgres-operator 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://raw.githubusercontent.com/zalando/postgres-operator/master/charts/postgres-operator/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/repositories/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helm 6 | # - ./oci 7 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/flux/vars/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - global-secrets.yaml 7 | - global-vars.yaml 8 | - global-auto-vars.yaml 9 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/actions-runner-system/actions-runner-controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: actions-runner-system 6 | resources: 7 | - ./externalsecret.yaml 8 | - ./helmrelease.yaml 9 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/actions-runner-system/actions-runner-controller/runners/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: actions-runner-system 6 | resources: 7 | - ./home-ops.yaml 8 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/actions-runner-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./actions-runner-controller/ks.yaml 10 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/actions-runner-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: actions-runner-system 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/cert-manager/cert-manager/issuers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./externalsecret.yaml 6 | - ./issuers.yaml 7 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/cert-manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./namespace.yaml 6 | - ./cert-manager/ks.yaml 7 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/cert-manager/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: cert-manager 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/comms/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - namespace.yaml 6 | - matrix-synapse/ks.yaml 7 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/comms/matrix-synapse/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - pvc.yaml 7 | - externalsecret.yaml 8 | - volsync.yaml 9 | - helmrelease.yaml 10 | - helmrelease-sliding-sync.yaml 11 | - servicemonitor.yaml 12 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/comms/matrix-synapse/db/configs/postgres-ha.yaml: -------------------------------------------------------------------------------- 1 | # NOTE: this isn't working in cruncy postgres > 5. See ../../../README.md 2 | --- 3 | bootstrap: 4 | initdb: 5 | - encoding: C 6 | - locale: C 7 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/comms/matrix-synapse/db/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: comms 5 | resources: 6 | - ./db.yaml 7 | configMapGenerator: 8 | - name: pg-cluster-matrix-synapse-pgha-config 9 | files: 10 | - postgres-ha.yaml=./configs/postgres-ha.yaml 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/comms/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: comms 6 | labels: 7 | pgo-enabled-bjw-s.dev: "true" 8 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/database/crunchy-postgres-operator/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: database 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/database/ext-postgres-operator/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: database 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/database/influxdb/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - pvc.yaml 6 | - externalsecret.yaml 7 | - cronjob.yaml 8 | - helm-release.yaml 9 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/database/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Pre Flux-Kustomizations 6 | - ./namespace.yaml 7 | # Flux-Kustomizations 8 | - ./ext-postgres-operator/ks.yaml 9 | - ./postgres-backup/ks.yaml 10 | - ./zalando-postgres/ks.yaml 11 | - ./redis/ks.yaml 12 | - ./crunchy-postgres-operator/ks.yaml 13 | - ./influxdb/ks.yaml 14 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/database/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: database 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/database/postgres-backup/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: database 5 | resources: 6 | - ./pvc.yaml 7 | - ./cronjob.yaml 8 | commonLabels: 9 | app.kubernetes.io/name: postgres-backup 10 | app.kubernetes.io/instance: postgres-backup 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/database/redis/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: database 6 | resources: 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/database/zalando-postgres/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: database 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./cluster.yaml 8 | - ./service.yaml 9 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/database/zalando-postgres/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: database 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./configmap.yaml 8 | - ./helmrelease.yaml 9 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/default/archiveteam-warrior/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - pvc.yaml 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/default/archiveteam-warrior/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: archiveteam-warrior 6 | namespace: default 7 | spec: 8 | storageClassName: "${DEFAULT_STORAGE_CLASS}" 9 | accessModes: 10 | - ReadWriteOnce 11 | resources: 12 | requests: 13 | storage: 20Gi 14 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/default/calibre-web/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: default 5 | resources: 6 | - pvc.yaml 7 | - helmrelease.yaml 8 | - volsync.yaml 9 | commonLabels: 10 | app.kubernetes.io/name: calibre-web 11 | app.kubernetes.io/instance: calibre-web 12 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/default/echo-server/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: default 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/default/external-home-assistant/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: default 5 | resources: 6 | - ./external-home-assistant.yaml 7 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/default/external-home-assistant/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 3 | kind: Kustomization 4 | metadata: 5 | name: cluster-workloads-external-home-assistant 6 | namespace: flux-system 7 | spec: 8 | path: ./k8s/k8s-prod/workloads/default/external-home-assistant/app 9 | prune: true 10 | sourceRef: 11 | kind: GitRepository 12 | name: flux-system 13 | interval: 30m 14 | retryInterval: 1m 15 | timeout: 3m 16 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/default/hajimari/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: default 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/default/immich/app/database.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: db.movetokube.com/v1alpha1 3 | kind: Postgres 4 | metadata: 5 | name: immich-db 6 | namespace: default 7 | spec: 8 | database: immich 9 | dropOnDelete: true 10 | --- 11 | apiVersion: db.movetokube.com/v1alpha1 12 | kind: PostgresUser 13 | metadata: 14 | name: immich-user 15 | namespace: default 16 | spec: 17 | role: immich 18 | database: immich-db 19 | secretName: database 20 | privileges: OWNER 21 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/default/immich/app/machine-learning/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | labels: 7 | - pairs: 8 | app.kubernetes.io/name: immich-microservices 9 | app.kubernetes.io/instance: immich-microservices 10 | app.kubernetes.io/part-of: immich 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/default/immich/app/microservices/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | labels: 7 | - pairs: 8 | app.kubernetes.io/name: immich-microservices 9 | app.kubernetes.io/instance: immich-microservices 10 | app.kubernetes.io/part-of: immich 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/default/immich/app/server/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | labels: 7 | - pairs: 8 | app.kubernetes.io/name: immich-server 9 | app.kubernetes.io/instance: immich-server 10 | app.kubernetes.io/part-of: immich 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/default/immich/app/typesense/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | labels: 7 | - pairs: 8 | app.kubernetes.io/name: immich-typesense 9 | app.kubernetes.io/instance: immich-typesense 10 | app.kubernetes.io/part-of: immich 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/default/immich/app/web/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | labels: 7 | - pairs: 8 | app.kubernetes.io/name: immich-web 9 | app.kubernetes.io/instance: immich-web 10 | app.kubernetes.io/part-of: immich 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/default/immich/redis/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: default 5 | resources: 6 | - ./helmrelease.yaml 7 | commonLabels: 8 | app.kubernetes.io/name: immich-redis 9 | app.kubernetes.io/instance: immich 10 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/default/lldap/app/database.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: db.movetokube.com/v1alpha1 3 | kind: Postgres 4 | metadata: 5 | name: lldap-db 6 | namespace: work 7 | spec: 8 | database: lldap 9 | dropOnDelete: false 10 | --- 11 | apiVersion: db.movetokube.com/v1alpha1 12 | kind: PostgresUser 13 | metadata: 14 | name: lldap-user 15 | namespace: work 16 | spec: 17 | role: lldap 18 | database: lldap-db 19 | secretName: database 20 | privileges: OWNER 21 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/default/lldap/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: default 6 | resources: 7 | - ./database.yaml 8 | - ./externalsecret.yaml 9 | - ./helmrelease.yaml 10 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/default/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: default 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/default/paperless/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: default 6 | resources: 7 | - ./database.yaml 8 | - ./externalsecret.yaml 9 | - ./pvc.yaml 10 | - ./helmrelease.yaml 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/default/photoprism/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: default 6 | resources: 7 | - externalsecret.yaml 8 | - pvc.yaml 9 | - helmrelease-mariadb.yaml 10 | - helmrelease-photoprism.yaml 11 | - cronjob.yaml 12 | commonLabels: 13 | app.kubernetes.io/name: photoprism 14 | app.kubernetes.io/instance: photoprism 15 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/default/piped/app/database.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: db.movetokube.com/v1alpha1 3 | kind: Postgres 4 | metadata: 5 | name: piped-db 6 | namespace: default 7 | spec: 8 | database: piped 9 | dropOnDelete: true 10 | --- 11 | apiVersion: db.movetokube.com/v1alpha1 12 | kind: PostgresUser 13 | metadata: 14 | name: piped-user 15 | namespace: default 16 | spec: 17 | role: piped 18 | database: piped-db 19 | secretName: database 20 | privileges: OWNER 21 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/default/piped/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./database.yaml 8 | metadata: 9 | namespace: default 10 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/default/quickshare/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: default 6 | resources: 7 | - pvc.yaml 8 | - helmrelease.yaml 9 | commonLabels: 10 | app.kubernetes.io/name: quickshare 11 | app.kubernetes.io/instance: quickshare 12 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/default/send/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: default 5 | resources: 6 | - helmrelease.yaml 7 | - helmrelease-redis.yaml 8 | - pvc.yaml 9 | - externalsecret.yaml 10 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/default/snowflake-proxy/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: default 5 | resources: 6 | - deployment.yaml 7 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/default/snowflake-proxy/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 3 | kind: Kustomization 4 | metadata: 5 | name: cluster-workloads-snowflake-proxy 6 | namespace: flux-system 7 | spec: 8 | path: ./k8s/k8s-prod/workloads/default/snowflake-proxy/app 9 | prune: true 10 | sourceRef: 11 | kind: GitRepository 12 | name: flux-system 13 | interval: 30m 14 | retryInterval: 1m 15 | timeout: 3m 16 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/downloads/autoscan/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: downloads 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./pvc.yaml 8 | - ./helmrelease.yaml 9 | - ./volsync.yaml 10 | commonLabels: 11 | app.kubernetes.io/name: autoscan 12 | app.kubernetes.io/instance: autoscan 13 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/downloads/downloads-pv/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: downloads 6 | resources: 7 | - ./pv.yaml 8 | - ./music-pv.yaml 9 | - ./downloads-pv.yaml 10 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/downloads/lidarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: downloads 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./volsync.yaml 8 | - ./pvc.yaml 9 | - ./helmrelease.yaml 10 | commonLabels: 11 | app.kubernetes.io/name: lidarr 12 | app.kubernetes.io/instance: lidarr 13 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/downloads/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: downloads 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | routed-gateway: "true" 9 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/downloads/prowlarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: downloads 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./externalsecret.yaml 8 | - ./volsync.yaml 9 | commonLabels: 10 | app.kubernetes.io/name: prowlarr 11 | app.kubernetes.io/instance: prowlarr 12 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/downloads/qbittorrent/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: qbittorrent-config 6 | namespace: downloads 7 | spec: 8 | accessModes: ["ReadWriteMany"] 9 | resources: 10 | requests: 11 | storage: 2Gi 12 | storageClassName: "${DEFAULT_CEPHFS_STORAGE_CLASS}" 13 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/downloads/qbittorrent/tools/prune/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: downloads 5 | resources: 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/downloads/qbittorrent/tools/reannounce/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: downloads 5 | resources: 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/downloads/qbittorrent/tools/tags/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: downloads 5 | resources: 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/downloads/radarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: downloads 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./externalsecret.yaml 8 | - ./volsync.yaml 9 | commonLabels: 10 | app.kubernetes.io/name: radarr 11 | app.kubernetes.io/instance: radarr 12 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/downloads/readarr-audiobooks/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - pvc.yaml 6 | - helmrelease.yaml 7 | - volsync.yaml 8 | labels: 9 | - pairs: 10 | app.kubernetes.io/name: readarr-audiobooks 11 | app.kubernetes.io/instance: readarr-audiobooks 12 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/downloads/readarr-audiobooks/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: readarr-audiobooks-config-0 6 | namespace: downloads 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 3Gi 13 | storageClassName: "${DEFAULT_STORAGE_CLASS}" 14 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/downloads/readarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - pvc.yaml 6 | - helmrelease.yaml 7 | - volsync.yaml 8 | labels: 9 | - pairs: 10 | app.kubernetes.io/name: readarr 11 | app.kubernetes.io/instance: readarr 12 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/downloads/readarr/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: readarr-config-0 6 | namespace: downloads 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 3Gi 13 | storageClassName: "${DEFAULT_STORAGE_CLASS}" 14 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/downloads/recyclarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: downloads 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./volsync.yaml 9 | configMapGenerator: 10 | - name: recyclarr-configmap 11 | files: 12 | - config/recyclarr.yml 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | annotations: 16 | kustomize.toolkit.fluxcd.io/substitute: disabled 17 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/downloads/sabnzbd/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: downloads 6 | resources: 7 | - ./externalsecret.yaml 8 | - ./helmrelease.yaml 9 | - ./volsync.yaml 10 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/downloads/searxng/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: downloads 5 | resources: 6 | - helmrelease.yaml 7 | - helmrelease-redis.yaml 8 | - pvc.yaml 9 | - externalsecret.yaml 10 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/downloads/sonarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: downloads 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./volsync.yaml 8 | - ./helmrelease.yaml 9 | commonLabels: 10 | app.kubernetes.io/name: sonarr 11 | app.kubernetes.io/instance: sonarr 12 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/flux-system/addons/monitoring/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: flux-system 6 | resources: 7 | - ./podmonitor.yaml 8 | - ./prometheusrule.yaml 9 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/flux-system/addons/webhooks/github/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./externalsecret.yaml 6 | - ./ingress.yaml 7 | - ./receiver.yaml 8 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/flux-system/addons/webhooks/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./github 6 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/flux-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./namespace.yaml 6 | - ./addons/ks.yaml 7 | - ./weave-gitops/ks.yaml 8 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/flux-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: flux-system 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/flux-system/weave-gitops/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: flux-system 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/kube-system/cilium/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - configmap.yaml 6 | - helmrelease.yaml 7 | # - monitoring.yaml 8 | labels: 9 | - pairs: 10 | app.kubernetes.io/name: cilium 11 | app.kubernetes.io/instance: cilium 12 | commonLabels: 13 | app.kubernetes.io/managed-by: Helm 14 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/kube-system/descheduler/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: kube-system 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/kube-system/descheduler/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: cluster-workloads-descheduler 6 | namespace: flux-system 7 | spec: 8 | interval: 10m 9 | path: "./k8s/k8s-prod/workloads/kube-system/descheduler/app" 10 | prune: true 11 | sourceRef: 12 | kind: GitRepository 13 | name: flux-system 14 | wait: true 15 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/kube-system/external-secrets/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-system 6 | resources: 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/kube-system/external-secrets/cluster-secrets/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./crunchy-postgres-s3-creds.yaml 6 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/kube-system/external-secrets/stores/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-system 6 | resources: 7 | - ./onepassword 8 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/kube-system/external-secrets/stores/onepassword/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-system 6 | resources: 7 | - ./secret.sops.yaml 8 | - ./helmrelease.yaml 9 | - ./clustersecretstore.yaml 10 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/kube-system/intel-device-plugins/gpu/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: kube-system 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./nodefeaturerule.yaml 8 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/kube-system/intel-device-plugins/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: kube-system 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/kube-system/kubelet-csr-approver/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: kube-system 5 | resources: 6 | - ./helmrelease.yaml 7 | 8 | configMapGenerator: 9 | - name: kubelet-csr-approver-values 10 | files: 11 | - values.yaml=./values.yaml 12 | 13 | configurations: 14 | - kustomizeconfig.yaml 15 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/kube-system/kubelet-csr-approver/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/kube-system/kubelet-csr-approver/app/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | providerRegex: ^(cp|wrk)\d\d?\.k8s-prod.*$ 3 | bypassDnsResolution: false 4 | tolerations: {} 5 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/kube-system/kubelet-csr-approver/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: cluster-workloads-kubelet-csr-approver 6 | namespace: flux-system 7 | spec: 8 | interval: 10m 9 | path: "./k8s/k8s-prod/workloads/kube-system/kubelet-csr-approver/app" 10 | prune: true 11 | sourceRef: 12 | kind: GitRepository 13 | name: flux-system 14 | wait: true 15 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/kube-system/kubernetes-replicator/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/kube-system/metrics-server/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: kube-system 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/kube-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: kube-system 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/kube-system/node-feature-discovery/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: kube-system 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/kube-system/reloader/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: kube-system 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/kube-system/snapshot-controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/kube-system/talos-backup/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 2 | --- 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-system 6 | resources: 7 | - ./cronjob.yaml 8 | - ./externalsecret.yaml 9 | - ./serviceaccount.yaml 10 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/kube-system/talos-backup/app/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: talos.dev/v1alpha1 3 | kind: ServiceAccount 4 | metadata: 5 | name: talos-s3-backup 6 | spec: 7 | roles: 8 | - os:etcd:backup 9 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - actions-runner-system 6 | - cert-manager 7 | - comms 8 | - database 9 | - default 10 | - downloads 11 | - flux-system 12 | - kube-system 13 | - media 14 | - monitoring 15 | - networking 16 | - qemu-guest-agent 17 | - rook-ceph 18 | - voiceassistant 19 | - volsync 20 | - vpn 21 | - work 22 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/media/calibre/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - pvc.yaml 6 | - helmrelease.yaml 7 | - volsync.yaml 8 | labels: 9 | - pairs: 10 | app.kubernetes.io/name: calibre 11 | app.kubernetes.io/instance: calibre 12 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/media/calibre/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: calibre-config-0 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | 11 | resources: 12 | requests: 13 | storage: 1Gi 14 | 15 | storageClassName: "${DEFAULT_STORAGE_CLASS}" 16 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/media/filebrowser/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | - settings.config.yaml 7 | commonLabels: 8 | app.kubernetes.io/name: filebrowser 9 | app.kubernetes.io/instance: filebrowser 10 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/media/filebrowser/app/settings.config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: filebrowser-settings 6 | namespace: media 7 | data: 8 | .filebrowser.json: | 9 | { 10 | "port": 8080, 11 | "baseURL": "", 12 | "address": "", 13 | "log": "stdout", 14 | "database": "/config/database.db", 15 | "root": "/data" 16 | } 17 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/media/jellyfin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: media 6 | resources: 7 | - ./helmrelease.yaml 8 | - ./volsync.yaml 9 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/media/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./namespace.yaml 6 | - ./calibre/ks.yaml 7 | - ./filebrowser/ks.yaml 8 | - ./jellyfin/ks.yaml 9 | - ./media-pv/ks.yaml 10 | - ./overseerr/ks.yaml 11 | - ./plex/ks.yaml 12 | - ./tautulli/ks.yaml 13 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/media/media-pv/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: media 6 | resources: 7 | - ./pv.yaml 8 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/media/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: media 6 | #labels: 7 | #kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/media/overseerr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - pvc.yaml 6 | - helmrelease.yaml 7 | - volsync.yaml 8 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/media/overseerr/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: overseerr-config-pvc 6 | namespace: media 7 | labels: 8 | snapshot.home.arpa/enabled: "true" 9 | spec: 10 | accessModes: 11 | - ReadWriteOnce 12 | resources: 13 | requests: 14 | storage: 10Gi 15 | storageClassName: "${DEFAULT_STORAGE_CLASS}" 16 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/media/plex/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: media 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./volsync.yaml 8 | commonLabels: 9 | app.kubernetes.io/name: plex 10 | app.kubernetes.io/instance: plex 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/media/tautulli/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: media 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./pvc.yaml 8 | - ./volsync.yaml 9 | commonLabels: 10 | app.kubernetes.io/name: tautulli 11 | app.kubernetes.io/instance: tautulli 12 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/media/tautulli/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: tautulli-config 6 | spec: 7 | accessModes: 8 | - ReadWriteOnce 9 | resources: 10 | requests: 11 | storage: 1Gi 12 | storageClassName: "${DEFAULT_STORAGE_CLASS}" 13 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/monitoring/grafana/app/database.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: db.movetokube.com/v1alpha1 3 | kind: Postgres 4 | metadata: 5 | name: grafana-db 6 | namespace: default 7 | spec: 8 | database: grafana 9 | dropOnDelete: false 10 | --- 11 | apiVersion: db.movetokube.com/v1alpha1 12 | kind: PostgresUser 13 | metadata: 14 | name: grafana-user 15 | namespace: default 16 | spec: 17 | role: grafana 18 | database: grafana-db 19 | secretName: database 20 | privileges: OWNER 21 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/monitoring/grafana/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: monitoring 6 | resources: 7 | - ./database.yaml 8 | - ./externalsecret.yaml 9 | - ./helmrelease.yaml 10 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/monitoring/graphite-exporter/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: monitoring 5 | resources: 6 | - helmrelease.yaml 7 | configMapGenerator: 8 | - name: graphite-exporter-configmap 9 | files: 10 | - ./config/graphite_mapping.yml 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | annotations: 14 | kustomize.toolkit.fluxcd.io/substitute: disabled 15 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/monitoring/kube-prometheus-stack/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | labels: 7 | - pairs: 8 | app.kubernetes.io/name: kube-prometheus-stack 9 | app.kubernetes.io/instance: kube-prometheus-stack 10 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/monitoring/loki/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: monitoring 5 | resources: 6 | - ./configmap.yaml 7 | - ./externalsecret.yaml 8 | - ./helmrelease.yaml 9 | - ./prometheus-rule.yaml 10 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/monitoring/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: monitoring 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/monitoring/nextdns-exporter/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - externalsecret.yaml 6 | - helmrelease.yaml 7 | - dashboard 8 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/monitoring/unpoller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: monitoring 6 | resources: 7 | - externalsecret.yaml 8 | - helmrelease.yaml 9 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/monitoring/vector/agent/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: monitoring 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./rbac.yaml 8 | configMapGenerator: 9 | - name: vector-agent-configmap 10 | files: 11 | - vector.yaml=./config/vector.yaml 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/monitoring/vector/aggregator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: monitoring 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | configMapGenerator: 9 | - name: vector-aggregator-configmap 10 | files: 11 | - vector.yaml=./config/vector.yaml 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/networking/external-dns/personal-domain/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: networking 6 | resources: 7 | - ./externalsecret.yaml 8 | - ./helmrelease.yaml 9 | labels: 10 | - pairs: 11 | app.kubernetes.io/name: external-dns 12 | app.kubernetes.io/instance: external-dns 13 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/networking/external-dns/shared/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: network 5 | resources: 6 | - ./dns_endpoint-crd.yaml 7 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/networking/external-dns/work-domain/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: networking 6 | resources: 7 | - ./externalsecret.yaml 8 | - ./helmrelease.yaml 9 | labels: 10 | - pairs: 11 | app.kubernetes.io/name: external-dns 12 | app.kubernetes.io/instance: external-dns 13 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/networking/ingress-nginx-internal-voiceassistant/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: networking 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./dashboard/ 8 | generatorOptions: 9 | disableNameSuffixHash: true 10 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/networking/ingress-nginx-internal-work/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: networking 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./dashboard/ 8 | generatorOptions: 9 | disableNameSuffixHash: true 10 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/networking/ingress-nginx-internal/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: networking 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./dashboard/ 8 | generatorOptions: 9 | disableNameSuffixHash: true 10 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/networking/k8s-gateway/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | - rbac.yaml 7 | labels: 8 | - pairs: 9 | app.kubernetes.io/name: k8s-gateway 10 | app.kubernetes.io/instance: k8s-gateway 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/networking/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: networking 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/networking/tailscale/tailscale-operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./external-secret.yaml 6 | - ./helm-release.yaml 7 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/networking/wildcard-certificate/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - certificate.yaml 6 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/qemu-guest-agent/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - namespace.yaml 6 | - ./qemu-guest-agent/ks.yaml 7 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/qemu-guest-agent/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: qemu-guest-agent 6 | labels: 7 | pod-security.kubernetes.io/enforce: privileged 8 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/qemu-guest-agent/qemu-guest-agent/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - daemonset.yaml 6 | labels: 7 | - pairs: 8 | app.kubernetes.io/name: qemu-guest-agent 9 | app.kubernetes.io/instance: qemu-guest-agent 10 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/rook-ceph/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./rook-ceph/ks.yaml 8 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/rook-ceph/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: rook-ceph 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/rook-ceph/rook-ceph/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | - rbac.yaml 7 | labels: 8 | - pairs: 9 | app.kubernetes.io/name: rook-ceph 10 | app.kubernetes.io/instance: rook-ceph 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/rook-ceph/rook-ceph/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - secrets.sops.yaml 6 | - ceph-cluster.yaml 7 | - storage-class.yaml 8 | - ceph-monitor.yaml 9 | - ceph-prometheus.yaml 10 | labels: 11 | - pairs: 12 | app.kubernetes.io/name: rook-ceph-cluster 13 | app.kubernetes.io/instance: rook-ceph-cluster 14 | app.kubernetes.io/part-of: rook-ceph 15 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/voiceassistant/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./namespace.yaml 6 | - ./ovos-pv/ks.yaml 7 | #- ./tts-mimic3/ks.yaml 8 | #- ./tts-piper/ks.yaml 9 | #- ./stt-fasterwhisper/ks.yaml 10 | #- ./ovos-kitchen/ks.yaml 11 | #- ./ovos-bedroom/ks.yaml 12 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/voiceassistant/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: voiceassistant 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/voiceassistant/ovos-bedroom/core/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | metadata: 8 | namespace: voiceassistant 9 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/voiceassistant/ovos-bedroom/skills/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./skills-base.yaml 7 | - ./skill-roon.yaml 8 | metadata: 9 | namespace: voiceassistant 10 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/voiceassistant/ovos-kitchen/core/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | metadata: 8 | namespace: voiceassistant 9 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/voiceassistant/ovos-kitchen/skills/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./skills-base.yaml 7 | - ./skill-roon.yaml 8 | metadata: 9 | namespace: voiceassistant 10 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/voiceassistant/ovos-pv/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: voiceassistant 6 | resources: 7 | - ./pv.yaml 8 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/voiceassistant/stt-fasterwhisper/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | metadata: 8 | namespace: voiceassistant 9 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/voiceassistant/tts-mimic3/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | metadata: 8 | namespace: voiceassistant 9 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/voiceassistant/tts-piper/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | metadata: 8 | namespace: voiceassistant 9 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/volsync/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./volsync/ks.yaml 10 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/volsync/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: volsync 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/volsync/volsync/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: volsync 6 | resources: 7 | - ./helmrelease.yaml 8 | - ./prometheusrule.yaml 9 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/volsync/volsync/readme.md: -------------------------------------------------------------------------------- 1 | # volsync 2 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/vpn/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Pre Flux-Kustomizations 6 | - ./namespace.yaml 7 | # Flux-Kustomizations 8 | - ./pod-gateway/ks.yaml 9 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/vpn/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: vpn 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/vpn/pod-gateway/downloads/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: vpn 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./externalsecret.yaml 8 | - ./networkpolicy.yaml 9 | commonLabels: 10 | app.kubernetes.io/name: pod-gateway 11 | app.kubernetes.io/instance: downloads-gateway 12 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/vpn/pod-gateway/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: cluster-workloads-pod-gateway-downloads 6 | namespace: flux-system 7 | spec: 8 | interval: 10m 9 | path: "./k8s/k8s-prod/workloads/vpn/pod-gateway/downloads" 10 | prune: true 11 | sourceRef: 12 | kind: GitRepository 13 | name: flux-system 14 | wait: true 15 | dependsOn: 16 | - name: cluster-workloads-external-secrets-stores 17 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/work/invoiceninja/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: work 6 | resources: 7 | - pvc.yaml 8 | - externalsecret.yaml 9 | - helmrelease-invoiceninja.yaml 10 | - volsync.yaml 11 | - backup-cronjob.yaml 12 | commonLabels: 13 | app.kubernetes.io/name: invoiceninja 14 | app.kubernetes.io/instance: invoiceninja 15 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/work/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - namespace.yaml 6 | - ./invoiceninja/ks.yaml 7 | #- ./nextcloud-aio-ol/ks.yaml 8 | - ./nextcloud-ol/ks.yaml 9 | - ./sentry/ks.yaml 10 | # - ./projectsend/ks.yaml 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/work/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: work 6 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/work/nextcloud-aio-ol/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: work 6 | resources: 7 | - helmrelease-nextcloud-aio.yaml 8 | commonLabels: 9 | app.kubernetes.io/name: nextcloud-ol 10 | app.kubernetes.io/instance: nextcloud-ol 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/work/nextcloud-aio-ol/secret/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: work 6 | resources: 7 | - externalsecret.yaml 8 | commonLabels: 9 | app.kubernetes.io/name: nextcloud-ol 10 | app.kubernetes.io/instance: nextcloud-ol 11 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/work/projectsend/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: work 5 | resources: 6 | - helmrelease.yaml 7 | - helmrelease-mariadb.yaml 8 | - pvc.yaml 9 | - externalsecret.yaml 10 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/work/sentry/app/database.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: db.movetokube.com/v1alpha1 3 | kind: Postgres 4 | metadata: 5 | name: sentry-db 6 | namespace: work 7 | spec: 8 | database: sentry 9 | dropOnDelete: true 10 | --- 11 | apiVersion: db.movetokube.com/v1alpha1 12 | kind: PostgresUser 13 | metadata: 14 | name: sentry-user 15 | namespace: work 16 | spec: 17 | role: sentry 18 | database: sentry-db 19 | secretName: database 20 | privileges: OWNER 21 | -------------------------------------------------------------------------------- /archive/k8s/k8s-prod/workloads/work/sentry/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: work 6 | resources: 7 | - pvc.yaml 8 | - database.yaml 9 | - externalsecret.yaml 10 | - helmrelease.yaml 11 | commonLabels: 12 | app.kubernetes.io/name: sentry 13 | app.kubernetes.io/instance: sentry 14 | -------------------------------------------------------------------------------- /archive/talos/k8s-prod/README.md: -------------------------------------------------------------------------------- 1 | # cluster talos ops 2 | 3 | Refer to makefile. 4 | 5 | Order of operations: 6 | 7 | - `gen` 8 | - `first-apply` 9 | - `bootstrap` 10 | - `apply-extras` 11 | - `bootstrap-flux` 12 | -------------------------------------------------------------------------------- /archive/talos/k8s-prod/cni/.gitignore: -------------------------------------------------------------------------------- 1 | charts 2 | -------------------------------------------------------------------------------- /archive/talos/k8s-prod/cni/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | helmCharts: 5 | - name: cilium 6 | repo: https://helm.cilium.io 7 | version: 1.15.0 8 | releaseName: cilium 9 | namespace: kube-system 10 | valuesFile: values.yaml 11 | commonAnnotations: 12 | meta.helm.sh/release-name: cilium 13 | meta.helm.sh/release-namespace: kube-system 14 | commonLabels: 15 | app.kubernetes.io/managed-by: Helm 16 | -------------------------------------------------------------------------------- /archive/talos/k8s-prod/kubelet-csr-approver/.gitignore: -------------------------------------------------------------------------------- 1 | charts/ 2 | -------------------------------------------------------------------------------- /archive/terraform/k8s-prod/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | proxmox = { 4 | source = "Telmate/proxmox" 5 | version = "2.9.14" 6 | } 7 | sops = { 8 | source = "carlpett/sops" 9 | version = "1.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /dns/README.md: -------------------------------------------------------------------------------- 1 | # dns 2 | 3 | I run multiple physical [coredns](https://github.com/coredns/coredns) nodes 4 | locally as an authoritative DNS server for my domain, and upstream everything 5 | else to NextNDS. 6 | 7 | -------------------------------------------------------------------------------- /dns/common.conf: -------------------------------------------------------------------------------- 1 | loop 2 | bind {$DNS_IP} 3 | health 4 | cache 600 { 5 | success 9984 600 60 6 | denial 9984 120 60 7 | prefetch 10 8 | } 9 | prometheus 0.0.0.0:9253 10 | errors { 11 | consolidate 5m ".* i/o timeout$" 12 | consolidate 30s "^Failed to .+" 13 | } 14 | reload 30s 15 | -------------------------------------------------------------------------------- /icons/archivebox.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/archivebox.png -------------------------------------------------------------------------------- /icons/bazarr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/bazarr.png -------------------------------------------------------------------------------- /icons/beyond.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/beyond.png -------------------------------------------------------------------------------- /icons/bg.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/bg.jpg -------------------------------------------------------------------------------- /icons/calibre-web.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/calibre-web.png -------------------------------------------------------------------------------- /icons/calibre.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/calibre.png -------------------------------------------------------------------------------- /icons/filebrowser.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/filebrowser.png -------------------------------------------------------------------------------- /icons/grafana.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/grafana.png -------------------------------------------------------------------------------- /icons/karma.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/karma.ico -------------------------------------------------------------------------------- /icons/lds-transparent.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/lds-transparent.png -------------------------------------------------------------------------------- /icons/lds.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/lds.png -------------------------------------------------------------------------------- /icons/linkding.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/linkding.png -------------------------------------------------------------------------------- /icons/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/logo.png -------------------------------------------------------------------------------- /icons/longhorn.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/longhorn.png -------------------------------------------------------------------------------- /icons/nas.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/nas.png -------------------------------------------------------------------------------- /icons/outlook.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/outlook.png -------------------------------------------------------------------------------- /icons/overseerr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/overseerr.png -------------------------------------------------------------------------------- /icons/owncloud.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/owncloud.png -------------------------------------------------------------------------------- /icons/paperless-ngx.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/paperless-ngx.png -------------------------------------------------------------------------------- /icons/portainer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/portainer.png -------------------------------------------------------------------------------- /icons/prowlarr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/prowlarr.png -------------------------------------------------------------------------------- /icons/qbittorrent.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/qbittorrent.png -------------------------------------------------------------------------------- /icons/radarr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/radarr.png -------------------------------------------------------------------------------- /icons/readarr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/readarr.png -------------------------------------------------------------------------------- /icons/sabnzbd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/sabnzbd.png -------------------------------------------------------------------------------- /icons/sonarr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/sonarr.png -------------------------------------------------------------------------------- /icons/tautulli.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/tautulli.png -------------------------------------------------------------------------------- /icons/tdarr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/tdarr.png -------------------------------------------------------------------------------- /icons/weave.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/weave.png -------------------------------------------------------------------------------- /icons/wsc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/wsc.png -------------------------------------------------------------------------------- /icons/youtube-music.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/icons/youtube-music.png -------------------------------------------------------------------------------- /iot/pi/.gitignore: -------------------------------------------------------------------------------- 1 | *.img 2 | *.iso 3 | *.xz* 4 | *.torrent 5 | -------------------------------------------------------------------------------- /iot/pi/firstboot.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=FirstBoot 3 | After=network.target apt-daily.service apt-daily-upgrade.service 4 | Before=rc-local.service 5 | ConditionFileNotEmpty=/boot/firstboot.sh 6 | 7 | [Service] 8 | ExecStart=/boot/firstboot.sh 9 | ExecStartPost=/bin/mv /boot/firstboot.sh /boot/firstboot.sh.done 10 | Type=oneshot 11 | RemainAfterExit=no 12 | 13 | [Install] 14 | WantedBy=multi-user.target 15 | -------------------------------------------------------------------------------- /iot/pi/firstboot.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | macadd=$( ip -brief add | awk '/UP/ {print $1}' | sort | head -1 ) 3 | if [ ! -z "${macadd}" ] 4 | then 5 | macadd=$( sed 's/://g' /sys/class/net/${macadd}/address ) 6 | sed "s/raspberrypi/rpi-${macadd}/g" -i /etc/hostname /etc/hosts 7 | fi 8 | /sbin/shutdown -r 5 "reboot in five minutes" 9 | -------------------------------------------------------------------------------- /iot/pi/password.py: -------------------------------------------------------------------------------- 1 | import crypt 2 | import getpass 3 | 4 | PASS = getpass.getpass() 5 | 6 | hashed = crypt.crypt(PASS, crypt.mksalt(crypt.METHOD_SHA512)) 7 | 8 | print(hashed) 9 | -------------------------------------------------------------------------------- /iot/shelly/.gitignore: -------------------------------------------------------------------------------- 1 | fw/shelly-firmware 2 | -------------------------------------------------------------------------------- /iot/shelly/fw/1.9.2.SHSW-25.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/iot/shelly/fw/1.9.2.SHSW-25.zip -------------------------------------------------------------------------------- /iot/shelly/fw/1.9.2.SHSW-25/switch25-1.0/esp_init_data_default_v08.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/iot/shelly/fw/1.9.2.SHSW-25/switch25-1.0/esp_init_data_default_v08.bin -------------------------------------------------------------------------------- /iot/shelly/fw/1.9.2.SHSW-25/switch25-1.0/fs.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/iot/shelly/fw/1.9.2.SHSW-25/switch25-1.0/fs.bin -------------------------------------------------------------------------------- /iot/shelly/fw/1.9.2.SHSW-25/switch25-1.0/rboot.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/iot/shelly/fw/1.9.2.SHSW-25/switch25-1.0/rboot.bin -------------------------------------------------------------------------------- /iot/shelly/fw/1.9.2.SHSW-25/switch25-1.0/switch25.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/iot/shelly/fw/1.9.2.SHSW-25/switch25-1.0/switch25.bin -------------------------------------------------------------------------------- /iot/shelly/fw/README: -------------------------------------------------------------------------------- 1 | shelly-firmware: https://github.com/ioprev/shelly-firmware.git 2 | -------------------------------------------------------------------------------- /iot/shelly/fw/SHSW-25.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/iot/shelly/fw/SHSW-25.zip -------------------------------------------------------------------------------- /iot/shelly/fw/mg2tasmota-Shelly25.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/iot/shelly/fw/mg2tasmota-Shelly25.zip -------------------------------------------------------------------------------- /iot/shelly/fw/switch25-1.0/esp_init_data_default_v08.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/iot/shelly/fw/switch25-1.0/esp_init_data_default_v08.bin -------------------------------------------------------------------------------- /iot/shelly/fw/switch25-1.0/fs.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/iot/shelly/fw/switch25-1.0/fs.bin -------------------------------------------------------------------------------- /iot/shelly/fw/switch25-1.0/rboot.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/iot/shelly/fw/switch25-1.0/rboot.bin -------------------------------------------------------------------------------- /iot/shelly/fw/switch25-1.0/switch25.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/iot/shelly/fw/switch25-1.0/switch25.bin -------------------------------------------------------------------------------- /iot/shelly/pinouts/shelly_tasmota_04.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/iot/shelly/pinouts/shelly_tasmota_04.jpg -------------------------------------------------------------------------------- /iot/shelly/pinouts/shelly_tasmota_17.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/iot/shelly/pinouts/shelly_tasmota_17.jpg -------------------------------------------------------------------------------- /iot/shelly/shelly-inventory.ods: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/iot/shelly/shelly-inventory.ods -------------------------------------------------------------------------------- /iot/zigbee2mqtt/cron: -------------------------------------------------------------------------------- 1 | 0 2 * * * rsync -ar --delete /opt/zigbee2mqtt/data zigbee2mqtt@mali.int.socozy.casa:zigbee2mqtt-data && curl -fsS -m 10 --retry 5 -o /dev/null https://hc-ping.com/757e66d5-0dd5-4f80-8571-14fda9baf66f 2 | -------------------------------------------------------------------------------- /iot/zigbee2mqtt/zigbee2mqtt.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=zigbee2mqtt 3 | After=network.target 4 | 5 | [Service] 6 | ExecStart=/usr/bin/npm start 7 | WorkingDirectory=/opt/zigbee2mqtt 8 | StandardOutput=inherit 9 | # Or use StandardOutput=null if you don't want Zigbee2MQTT messages filling syslog, for more options see systemd.exec(5) 10 | StandardError=inherit 11 | Restart=always 12 | RestartSec=10s 13 | User=pi 14 | 15 | [Install] 16 | WantedBy=multi-user.target 17 | -------------------------------------------------------------------------------- /iot/zigbee2mqtt/zzh/CC2652R_coordinator_20210120.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/iot/zigbee2mqtt/zzh/CC2652R_coordinator_20210120.zip -------------------------------------------------------------------------------- /iot/zigbee2mqtt/zzh/cc2538-bsl-master/.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Unit test / coverage reports 10 | test-output/ 11 | htmlcov/ 12 | .tox/ 13 | .coverage 14 | .coverage.* 15 | .cache 16 | nosetests.xml 17 | coverage.xml 18 | *,cover 19 | -------------------------------------------------------------------------------- /iot/zigbee2mqtt/zzh/cc2538-bsl-master/.travis.yml: -------------------------------------------------------------------------------- 1 | language: python 2 | 3 | python: 4 | - "3.4" 5 | - "3.5" 6 | - "3.6" 7 | - "3.7" 8 | 9 | # command to install dependencies 10 | install: 11 | - "pip install pyserial" 12 | - "pip install scripttest" 13 | 14 | # command to run tests 15 | script: nosetests -v ./tests/test_cc2538-bsl.py 16 | -------------------------------------------------------------------------------- /iot/zigbee2mqtt/zzh/cc2538-bsl.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ramblurr/home-ops/95fcaa6a622c33bbe36f1862fc5a9e3bb901aaaf/iot/zigbee2mqtt/zzh/cc2538-bsl.zip -------------------------------------------------------------------------------- /iot/zigbee2mqtt/zzh/requirements.txt: -------------------------------------------------------------------------------- 1 | pyserial 2 | intelhex 3 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-archivebox/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | - ./notifications.yaml 9 | # Flux-Kustomizations 10 | #- ./archivebox/ks.yaml 11 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-archivebox/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: home-archivebox 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-automation/influxdb/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - pvc.yaml 6 | - externalsecret.yaml 7 | #- cronjob.yaml 8 | - helmrelease.yaml 9 | - ../../../../templates/volsync 10 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-automation/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | - ./notifications.yaml 9 | # Flux-Kustomizations 10 | #- ./influxdb/ks.yaml 11 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-automation/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: home-automation 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-books/calibre-web/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | - ../../../../templates/volsync 7 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-books/calibre/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | - ../../../../templates/volsync 7 | labels: 8 | - pairs: 9 | app.kubernetes.io/name: calibre 10 | app.kubernetes.io/instance: calibre 11 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-books/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | - ./notifications.yaml 9 | # Flux-Kustomizations 10 | #- ./calibre/ks.yaml 11 | #- ./calibre-web/ks.yaml 12 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-books/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: home-books 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-dav/davis/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ../../../../templates/app-db-root-cert 9 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-dav/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | - ./notifications.yaml 9 | # Flux-Kustomizations 10 | #- ./davis/ks.yaml 11 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-dav/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: home-dav 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-dl/app-db-root-cert/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-dl/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: home-dl 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-dl/prowlarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | #- ../../../../templates/gatus/guarded 9 | - ../../../../templates/volsync 10 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-dl/qbittorrent/tools/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: qbtools-configmap 9 | files: 10 | - config.yaml=./resources/config.yaml 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-dl/radarr/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: radarr 6 | spec: 7 | accessModes: ["ReadWriteMany"] 8 | resources: 9 | requests: 10 | storage: 15Gi 11 | storageClassName: ceph-filesystem 12 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-dl/sabnzbd/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | #- ../../../../templates/gatus/guarded 9 | - ../../../../templates/volsync 10 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-dl/sonarr/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: sonarr 6 | spec: 7 | accessModes: ["ReadWriteMany"] 8 | resources: 9 | requests: 10 | storage: 15Gi 11 | storageClassName: ceph-filesystem 12 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-linkding/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | - ./notifications.yaml 9 | # Flux-Kustomizations 10 | #- ./linkding/ks.yaml 11 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-linkding/linkding/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ../../../../templates/app-db-root-cert 7 | - ./externalsecret.yaml 8 | - ./helmrelease.yaml 9 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-linkding/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: home-linkding 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-media/filebrowser/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-media/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | - ./notifications.yaml 9 | # Flux-Kustomizations 10 | #- ./media-pv/ks.yaml 11 | #- ./plex/ks.yaml 12 | #- ./overseerr/ks.yaml 13 | #- ./tautulli/ks.yaml 14 | #- ./filebrowser/ks.yaml 15 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-media/media-pv/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./pv.yaml 7 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-media/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: home-media 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-media/overseerr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./pvc.yaml 7 | - ./helmrelease.yaml 8 | - ../../../../templates/volsync 9 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-media/overseerr/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: overseerr-cache 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 15Gi 11 | storageClassName: ceph-block 12 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-media/plex/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./pvc.yaml 6 | - ./helmrelease.yaml 7 | - ../../../../templates/volsync 8 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-media/plex/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: plex-cache 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 5Gi 11 | storageClassName: ceph-block 12 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-media/plex/plex-image-cleanup/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./externalsecret.yaml 8 | #- ./networkpolicy.yaml 9 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-media/tautulli/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | #- ../../../../templates/gatus/guarded 8 | - ../../../../templates/volsync 9 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-ocis/home-ocis/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ../../../../templates/app-db-root-cert 7 | - configmap.yaml 8 | - helmrelease.yaml 9 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-ocis/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | - ./notifications.yaml 9 | # Flux-Kustomizations 10 | #- ./home-ocis/ks.yaml 11 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-ocis/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: home-ocis 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-paperless/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | - ./notifications.yaml 9 | # Flux-Kustomizations 10 | #- ./paperless/ks.yaml 11 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-paperless/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: home-paperless 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /k8s/prod/apps/home-paperless/paperless/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | #- ../../../../templates/volsync 9 | -------------------------------------------------------------------------------- /k8s/prod/apps/misc/archiveteam-warrior/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | -------------------------------------------------------------------------------- /k8s/prod/apps/misc/archiveteam-warrior0/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ../../archiveteam-warrior/app/ 6 | -------------------------------------------------------------------------------- /k8s/prod/apps/misc/archiveteam-warrior1/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ../../archiveteam-warrior/app/ 6 | -------------------------------------------------------------------------------- /k8s/prod/apps/misc/archiveteam-warrior2/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ../../archiveteam-warrior/app/ 6 | -------------------------------------------------------------------------------- /k8s/prod/apps/misc/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | - ./notifications.yaml 9 | # Flux-Kustomizations 10 | #- ./archiveteam-warrior0/ks.yaml 11 | #- ./archiveteam-warrior1/ks.yaml 12 | #- ./archiveteam-warrior2/ks.yaml 13 | #- ./snowflake-proxy/ks.yaml 14 | -------------------------------------------------------------------------------- /k8s/prod/apps/misc/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: misc 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /k8s/prod/apps/misc/snowflake-proxy/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - deployment.yaml 6 | -------------------------------------------------------------------------------- /k8s/prod/apps/ocis-test/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | - ./notifications.yaml 9 | # Flux-Kustomizations 10 | # - ./ocis-test/ks.yaml 11 | # - ./ocis-test-simple/ks.yaml 12 | -------------------------------------------------------------------------------- /k8s/prod/apps/ocis-test/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: ocis-test 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /k8s/prod/apps/ocis-test/ocis-test-simple/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | #- externalsecret.yaml 7 | #- pvc.yaml 8 | #- configmap.yaml 9 | - helmrelease.yaml 10 | commonLabels: 11 | app.kubernetes.io/name: ${APP} 12 | app.kubernetes.io/instance: ${APP} 13 | -------------------------------------------------------------------------------- /k8s/prod/apps/ocis-test/ocis-test/app/configmap.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: storage-users 6 | data: 7 | storage-uuid: 3bff9628-17d4-4428-9ce7-80f50d7b1b0f 8 | 9 | --- 10 | apiVersion: v1 11 | kind: ConfigMap 12 | metadata: 13 | name: graph 14 | data: 15 | application-id: a7f4089f-e359-491c-a902-5542156363c7 16 | -------------------------------------------------------------------------------- /k8s/prod/apps/ocis-test/ocis-test/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | #- externalsecret.yaml 7 | #- pvc.yaml 8 | #- configmap.yaml 9 | - helmrelease.yaml 10 | commonLabels: 11 | app.kubernetes.io/name: ${APP} 12 | app.kubernetes.io/instance: ${APP} 13 | -------------------------------------------------------------------------------- /k8s/prod/apps/work-data/app-db-root-cert/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | -------------------------------------------------------------------------------- /k8s/prod/apps/work-data/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | - ./notifications.yaml 9 | # Flux-Kustomizations 10 | #- ./app-db-root-cert/ks.yaml 11 | #- ./work-ocis/ks.yaml 12 | -------------------------------------------------------------------------------- /k8s/prod/apps/work-data/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: work-data 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /k8s/prod/apps/work-data/work-ocis/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - configmap.yaml 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /k8s/prod/apps/work-invoiceninja/invoiceninja-public-pvc/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ../../../../templates/volsync 7 | -------------------------------------------------------------------------------- /k8s/prod/apps/work-invoiceninja/invoiceninja-storage-pvc/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ../../../../templates/volsync 7 | -------------------------------------------------------------------------------- /k8s/prod/apps/work-invoiceninja/invoiceninja/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - pvc.yaml 7 | - externalsecret.yaml 8 | - helmrelease.yaml 9 | - backup-cronjob.yaml 10 | -------------------------------------------------------------------------------- /k8s/prod/apps/work-invoiceninja/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | - ./notifications.yaml 9 | # Flux-Kustomizations 10 | - ./invoiceninja-storage-pvc/ks.yaml 11 | - ./invoiceninja-public-pvc/ks.yaml 12 | #- ./invoiceninja/ks.yaml 13 | -------------------------------------------------------------------------------- /k8s/prod/apps/work-invoiceninja/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: work-invoiceninja 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /k8s/prod/core/auth/authentik/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./configmap.yaml 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./ingress-work.yaml 9 | -------------------------------------------------------------------------------- /k8s/prod/core/auth/authentik/db/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./postgrescluster.yaml 8 | -------------------------------------------------------------------------------- /k8s/prod/core/auth/authentik/redis/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./externalsecret.yaml 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /k8s/prod/core/auth/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | - ./notifications.yaml 9 | # Flux-Kustomizations 10 | - ./authentik/ks.yaml 11 | -------------------------------------------------------------------------------- /k8s/prod/core/auth/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: auth 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /k8s/prod/core/cert-manager/cert-manager/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /k8s/prod/core/cert-manager/cert-manager/issuers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./externalsecret.yaml 6 | - ./issuers.yaml 7 | -------------------------------------------------------------------------------- /k8s/prod/core/cert-manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./namespace.yaml 6 | - ./cert-manager/ks.yaml 7 | -------------------------------------------------------------------------------- /k8s/prod/core/cert-manager/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: cert-manager 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /k8s/prod/core/database/app-db/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./postgrescluster.yaml 8 | - ./helmrelease-userinit.yaml 9 | -------------------------------------------------------------------------------- /k8s/prod/core/database/clustersecretstore/clustersecretstore/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./rbac.yaml 7 | - ./clustersecretstore.yaml 8 | -------------------------------------------------------------------------------- /k8s/prod/core/database/crunchy-postgres-operator/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./networkpolicy.yaml 7 | -------------------------------------------------------------------------------- /k8s/prod/core/database/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | - ./notifications.yaml 9 | # Flux-Kustomizations 10 | - ./redis/ks.yaml 11 | - ./crunchy-postgres-operator/ks.yaml 12 | - ./app-db/ks.yaml 13 | - ./clustersecretstore/ks.yaml 14 | - ./postgres-backup/ks.yaml 15 | -------------------------------------------------------------------------------- /k8s/prod/core/database/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: database 6 | annotations: 7 | volsync.backube/privileged-movers: "true" 8 | labels: 9 | kustomize.toolkit.fluxcd.io/prune: disabled 10 | pgo-enabled-bjw-s.dev: "true" 11 | -------------------------------------------------------------------------------- /k8s/prod/core/database/postgres-backup/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./pvc.yaml 6 | - ./cronjob.yaml 7 | -------------------------------------------------------------------------------- /k8s/prod/core/database/redis/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /k8s/prod/core/external-secrets/external-secrets/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./onepassword-connect.secret.sops.yaml 8 | -------------------------------------------------------------------------------- /k8s/prod/core/external-secrets/external-secrets/cluster-secrets/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./pgo-s3-creds.yaml 6 | -------------------------------------------------------------------------------- /k8s/prod/core/external-secrets/external-secrets/stores/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./onepassword 7 | -------------------------------------------------------------------------------- /k8s/prod/core/external-secrets/external-secrets/stores/onepassword/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./clustersecretstore.yaml 8 | -------------------------------------------------------------------------------- /k8s/prod/core/external-secrets/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | - ./notifications.yaml 9 | # Flux-Kustomizations 10 | - ./external-secrets/ks.yaml 11 | -------------------------------------------------------------------------------- /k8s/prod/core/external-secrets/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: external-secrets 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /k8s/prod/core/flux-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./namespace.yaml 6 | - ./webhooks/ks.yaml 7 | -------------------------------------------------------------------------------- /k8s/prod/core/flux-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: flux-system 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /k8s/prod/core/flux-system/webhooks/app/github/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./secret.sops.yaml 6 | - ./ingress.yaml 7 | - ./receiver.yaml 8 | -------------------------------------------------------------------------------- /k8s/prod/core/flux-system/webhooks/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./github 6 | -------------------------------------------------------------------------------- /k8s/prod/core/kube-system/cilium/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /k8s/prod/core/kube-system/cilium/loadbalancer/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./cilium-bgp.yaml 6 | -------------------------------------------------------------------------------- /k8s/prod/core/kube-system/cilium/netpols/allow-egress-world.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/cilium.io/ciliumclusterwidenetworkpolicy_v2.json 3 | apiVersion: cilium.io/v2 4 | kind: CiliumClusterwideNetworkPolicy 5 | metadata: 6 | name: allow-egress-world 7 | spec: 8 | endpointSelector: 9 | matchLabels: 10 | egress.home.arpa/world: allow 11 | egress: 12 | - toEntities: 13 | - world 14 | -------------------------------------------------------------------------------- /k8s/prod/core/kube-system/cilium/netpols/allow-ingress-world.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/cilium.io/ciliumclusterwidenetworkpolicy_v2.json 3 | apiVersion: cilium.io/v2 4 | kind: CiliumClusterwideNetworkPolicy 5 | metadata: 6 | name: allow-ingress-world 7 | spec: 8 | endpointSelector: 9 | matchLabels: 10 | ingress.home.arpa/world: allow 11 | ingress: 12 | - fromEntities: 13 | - world 14 | -------------------------------------------------------------------------------- /k8s/prod/core/kube-system/intel-device-plugin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /k8s/prod/core/kube-system/intel-device-plugin/gpu/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /k8s/prod/core/kube-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./namespace.yaml 6 | - ./cilium/ks.yaml 7 | - ./metrics-server/ks.yaml 8 | - ./reloader/ks.yaml 9 | - ./node-feature-discovery/ks.yaml 10 | - ./intel-device-plugin/ks.yaml 11 | -------------------------------------------------------------------------------- /k8s/prod/core/kube-system/metrics-server/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /k8s/prod/core/kube-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: kube-system 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /k8s/prod/core/kube-system/node-feature-discovery/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /k8s/prod/core/kube-system/node-feature-discovery/rules/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | #- ./google-coral-device.yaml 7 | - ./intel-gpu-device.yaml 8 | -------------------------------------------------------------------------------- /k8s/prod/core/kube-system/reloader/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /k8s/prod/core/network/cloudflared/personal-domain/dnsendpoint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: externaldns.k8s.io/v1alpha1 3 | kind: DNSEndpoint 4 | metadata: 5 | name: cloudflared 6 | spec: 7 | endpoints: 8 | - dnsName: "external.${SECRET_DOMAIN}" 9 | recordType: CNAME 10 | targets: ["${SECRET_CLOUDFLARE_TUNNEL_ID}.cfargotunnel.com"] 11 | -------------------------------------------------------------------------------- /k8s/prod/core/network/cloudflared/personal-domain/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./dnsendpoint.yaml 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | configMapGenerator: 9 | - name: cloudflared-configmap 10 | files: 11 | - ./configs/config.yaml 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /k8s/prod/core/network/cloudflared/work-domain/dnsendpoint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: externaldns.k8s.io/v1alpha1 3 | kind: DNSEndpoint 4 | metadata: 5 | name: cloudflared 6 | spec: 7 | endpoints: 8 | - dnsName: "external.${SECRET_DOMAIN_WORK}" 9 | recordType: CNAME 10 | targets: ["${SECRET_CLOUDFLARE_TUNNEL_ID_WORK}.cfargotunnel.com"] 11 | -------------------------------------------------------------------------------- /k8s/prod/core/network/cloudflared/work-domain/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./dnsendpoint.yaml 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | configMapGenerator: 9 | - name: cloudflared-configmap-work-domain 10 | files: 11 | - ./configs/config.yaml 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /k8s/prod/core/network/echo-server/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /k8s/prod/core/network/external-dns/personal-domain/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./dnsendpoint-crd.yaml 6 | - ./secret.sops.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /k8s/prod/core/network/external-dns/work-domain/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /k8s/prod/core/network/ingress-nginx/certificates/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./wildcard.yaml 6 | -------------------------------------------------------------------------------- /k8s/prod/core/network/ingress-nginx/external-homeassistant/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./external-home-assistant.yaml 7 | -------------------------------------------------------------------------------- /k8s/prod/core/network/ingress-nginx/external-work/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /k8s/prod/core/network/ingress-nginx/external/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /k8s/prod/core/network/ingress-nginx/internal/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /k8s/prod/core/network/k8s-gateway/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /k8s/prod/core/network/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./namespace.yaml 6 | - ./notifications.yaml 7 | # Flux-Kustomizations 8 | #- ./cloudflared/ks.yaml 9 | - ./echo-server/ks.yaml 10 | #- ./external-dns/ks.yaml 11 | - ./ingress-nginx/ks.yaml 12 | - ./k8s-gateway/ks.yaml 13 | -------------------------------------------------------------------------------- /k8s/prod/core/network/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: network 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /k8s/prod/core/observability/alertmanager-silencer/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /k8s/prod/core/observability/gatus/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./rbac.yaml 8 | - ./helmrelease.yaml 9 | configMapGenerator: 10 | - name: gatus-configmap 11 | files: 12 | - config.yaml=./resources/config.yaml 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | -------------------------------------------------------------------------------- /k8s/prod/core/observability/grafana/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /k8s/prod/core/observability/kube-prometheus-stack/app/prometheusrules/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./prometheusrule.yaml 7 | -------------------------------------------------------------------------------- /k8s/prod/core/observability/kube-prometheus-stack/app/scrapeconfigs/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./node-exporter.yaml 7 | - ./coredns.yaml 8 | - ./speedtest.yaml 9 | - ./zrepl.yaml 10 | - ./snmp.yaml 11 | - ./zfs.yaml 12 | -------------------------------------------------------------------------------- /k8s/prod/core/observability/kube-prometheus-stack/app/scrapeconfigs/pikvm.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/scrapeconfig_v1alpha1.json 3 | apiVersion: monitoring.coreos.com/v1alpha1 4 | kind: ScrapeConfig 5 | metadata: 6 | name: pikvm 7 | spec: 8 | staticConfigs: 9 | - targets: ["pikvm.mgmt.${SECRET_DOMAIN}"] 10 | metricsPath: /api/export/prometheus/metrics 11 | -------------------------------------------------------------------------------- /k8s/prod/core/observability/kube-prometheus-stack/app/scrapeconfigs/speedtest.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/scrapeconfig_v1alpha1.json 3 | apiVersion: monitoring.coreos.com/v1alpha1 4 | kind: ScrapeConfig 5 | metadata: 6 | name: speedtest 7 | spec: 8 | staticConfigs: 9 | - targets: 10 | - speedtest.vyos.${SECRET_DOMAIN}:9798 11 | metricsPath: /metrics 12 | scrape_interval: 60m 13 | scrape_timeout: 60s 14 | -------------------------------------------------------------------------------- /k8s/prod/core/observability/kube-prometheus-stack/app/scrapeconfigs/zigbee-controller.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/scrapeconfig_v1alpha1.json 3 | apiVersion: monitoring.coreos.com/v1alpha1 4 | kind: ScrapeConfig 5 | metadata: 6 | name: zigbee-controller 7 | spec: 8 | staticConfigs: 9 | - targets: ["zigbee-controller.turbo.ac"] 10 | metricsPath: /metrics 11 | -------------------------------------------------------------------------------- /k8s/prod/core/observability/loki/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./objectbucketclaim.yaml 7 | - ./helmrelease.yaml 8 | configMapGenerator: 9 | - name: loki-alerting-rules 10 | files: 11 | - loki-alerting-rules.yaml=./rules/loki-alerting-rules.yaml 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /k8s/prod/core/observability/loki/app/objectbucketclaim.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/objectbucket.io/objectbucketclaim_v1alpha1.json 3 | apiVersion: objectbucket.io/v1alpha1 4 | kind: ObjectBucketClaim 5 | metadata: 6 | name: loki-bucket-v2 7 | spec: 8 | bucketName: loki-v2 9 | storageClassName: ceph-bucket-risky 10 | -------------------------------------------------------------------------------- /k8s/prod/core/observability/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: observability 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | pgo-enabled-bjw-s.dev: "true" 9 | -------------------------------------------------------------------------------- /k8s/prod/core/observability/smartctl-exporter/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./prometheusrule.yaml 8 | -------------------------------------------------------------------------------- /k8s/prod/core/observability/snmp-exporter/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./apc-ups 7 | - ./dell-idrac 8 | -------------------------------------------------------------------------------- /k8s/prod/core/observability/thanos/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./objectbucketclaim.yaml 7 | - ./helmrelease.yaml 8 | # - ./pushsecret.yaml 9 | -------------------------------------------------------------------------------- /k8s/prod/core/observability/thanos/app/objectbucketclaim.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/objectbucket.io/objectbucketclaim_v1alpha1.json 3 | apiVersion: objectbucket.io/v1alpha1 4 | kind: ObjectBucketClaim 5 | metadata: 6 | name: thanos-bucket-v2 7 | spec: 8 | bucketName: thanos-v2 9 | storageClassName: ceph-bucket-risky 10 | -------------------------------------------------------------------------------- /k8s/prod/core/observability/unpoller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /k8s/prod/core/observability/vector/app/agent/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./rbac.yaml 8 | configMapGenerator: 9 | - name: vector-agent-configmap 10 | files: 11 | - vector.yaml=./resources/vector.yaml 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /k8s/prod/core/observability/vector/app/aggregator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | configMapGenerator: 9 | - name: vector-aggregator-configmap 10 | files: 11 | - vector.yaml=./resources/vector.yaml 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /k8s/prod/core/observability/vector/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./agent 7 | - ./aggregator 8 | -------------------------------------------------------------------------------- /k8s/prod/core/openebs-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | - ./notifications.yaml 9 | # Flux-Kustomizations 10 | - ./openebs/ks.yaml 11 | -------------------------------------------------------------------------------- /k8s/prod/core/openebs-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: openebs-system 6 | annotations: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | volsync.backube/privileged-movers: "true" 9 | -------------------------------------------------------------------------------- /k8s/prod/core/openebs-system/openebs/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /k8s/prod/core/rook-ceph/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./rook-ceph/ks.yaml 10 | -------------------------------------------------------------------------------- /k8s/prod/core/rook-ceph/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: rook-ceph 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /k8s/prod/core/rook-ceph/rook-ceph/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./configmap.yaml 7 | - ./rook-ceph-dashboard-password.secret.sops.yaml 8 | - ./helmrelease.yaml 9 | -------------------------------------------------------------------------------- /k8s/prod/core/rook-ceph/rook-ceph/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./rgw-external.yaml 8 | -------------------------------------------------------------------------------- /k8s/prod/core/volsync-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | - ./notifications.yaml 9 | # Flux-Kustomizations 10 | - ./snapshot-controller/ks.yaml 11 | - ./volsync/ks.yaml 12 | -------------------------------------------------------------------------------- /k8s/prod/core/volsync-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: volsync-system 6 | annotations: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | volsync.backube/privileged-movers: "true" 9 | -------------------------------------------------------------------------------- /k8s/prod/core/volsync-system/snapshot-controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /k8s/prod/core/volsync-system/volsync/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./prometheusrule.yaml 8 | -------------------------------------------------------------------------------- /k8s/prod/flux/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./flux.yaml 6 | - ./cluster.yaml 7 | -------------------------------------------------------------------------------- /k8s/prod/flux/repositories/git/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: [] 5 | -------------------------------------------------------------------------------- /k8s/prod/flux/repositories/helm/actions-runner-controller.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: HelmRepository 5 | metadata: 6 | name: actions-runner-controller 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 5m 11 | url: oci://ghcr.io/actions/actions-runner-controller-charts 12 | -------------------------------------------------------------------------------- /k8s/prod/flux/repositories/helm/backube.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: HelmRepository 5 | metadata: 6 | name: backube 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://backube.github.io/helm-charts/ 11 | -------------------------------------------------------------------------------- /k8s/prod/flux/repositories/helm/bitnami.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: HelmRepository 5 | metadata: 6 | name: bitnami 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 5m 11 | url: oci://registry-1.docker.io/bitnamicharts 12 | -------------------------------------------------------------------------------- /k8s/prod/flux/repositories/helm/bjw-s.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: bjw-s 6 | namespace: flux-system 7 | spec: 8 | type: oci 9 | interval: 5m 10 | url: oci://ghcr.io/bjw-s/helm 11 | -------------------------------------------------------------------------------- /k8s/prod/flux/repositories/helm/cilium.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: cilium 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://helm.cilium.io 10 | -------------------------------------------------------------------------------- /k8s/prod/flux/repositories/helm/crunchy-userinit.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: HelmRepository 5 | metadata: 6 | name: crunchy-userinit 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://ramblurr.github.io/crunchy-userinit-controller 11 | -------------------------------------------------------------------------------- /k8s/prod/flux/repositories/helm/crunchydata.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: HelmRepository 5 | metadata: 6 | name: crunchydata 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 30m 11 | url: oci://registry.developers.crunchydata.com/crunchydata 12 | timeout: 3m 13 | -------------------------------------------------------------------------------- /k8s/prod/flux/repositories/helm/descheduler.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: HelmRepository 5 | metadata: 6 | name: descheduler 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://kubernetes-sigs.github.io/descheduler 11 | -------------------------------------------------------------------------------- /k8s/prod/flux/repositories/helm/external-dns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: external-dns 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://kubernetes-sigs.github.io/external-dns 10 | -------------------------------------------------------------------------------- /k8s/prod/flux/repositories/helm/external-secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: HelmRepository 5 | metadata: 6 | name: external-secrets 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://charts.external-secrets.io 11 | -------------------------------------------------------------------------------- /k8s/prod/flux/repositories/helm/grafana.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: HelmRepository 5 | metadata: 6 | name: grafana 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://grafana.github.io/helm-charts 11 | -------------------------------------------------------------------------------- /k8s/prod/flux/repositories/helm/influxdata-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: influxdata-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://helm.influxdata.com/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /k8s/prod/flux/repositories/helm/ingress-nginx.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: ingress-nginx 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://kubernetes.github.io/ingress-nginx 10 | -------------------------------------------------------------------------------- /k8s/prod/flux/repositories/helm/intel.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: HelmRepository 5 | metadata: 6 | name: intel 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://intel.github.io/helm-charts 11 | -------------------------------------------------------------------------------- /k8s/prod/flux/repositories/helm/invoiceninja.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: invoiceninja 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://invoiceninja.github.io/dockerfiles 10 | -------------------------------------------------------------------------------- /k8s/prod/flux/repositories/helm/jetstack.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: jetstack 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://charts.jetstack.io 10 | -------------------------------------------------------------------------------- /k8s/prod/flux/repositories/helm/k8s-gateway.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: k8s-gateway 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://ori-edge.github.io/k8s_gateway 10 | -------------------------------------------------------------------------------- /k8s/prod/flux/repositories/helm/metrics-server.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: metrics-server 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://kubernetes-sigs.github.io/metrics-server 10 | -------------------------------------------------------------------------------- /k8s/prod/flux/repositories/helm/node-feature-discovery.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: HelmRepository 5 | metadata: 6 | name: node-feature-discovery 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://kubernetes-sigs.github.io/node-feature-discovery/charts 11 | -------------------------------------------------------------------------------- /k8s/prod/flux/repositories/helm/openebs.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: openebs 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://openebs.github.io/charts 10 | -------------------------------------------------------------------------------- /k8s/prod/flux/repositories/helm/piraeus.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: HelmRepository 5 | metadata: 6 | name: piraeus 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://piraeus.io/helm-charts/ 11 | -------------------------------------------------------------------------------- /k8s/prod/flux/repositories/helm/prometheus-community.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: HelmRepository 5 | metadata: 6 | name: prometheus-community 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 5m 11 | url: oci://ghcr.io/prometheus-community/charts 12 | -------------------------------------------------------------------------------- /k8s/prod/flux/repositories/helm/rook-ceph.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: HelmRepository 5 | metadata: 6 | name: rook-ceph 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://charts.rook.io/release 11 | -------------------------------------------------------------------------------- /k8s/prod/flux/repositories/helm/stakater.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: stakater 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://stakater.github.io/stakater-charts 10 | -------------------------------------------------------------------------------- /k8s/prod/flux/repositories/helm/weaveworks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: HelmRepository 5 | metadata: 6 | name: weaveworks 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 5m 11 | url: oci://ghcr.io/weaveworks/charts 12 | -------------------------------------------------------------------------------- /k8s/prod/flux/repositories/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./git 6 | - ./helm 7 | - ./oci 8 | -------------------------------------------------------------------------------- /k8s/prod/flux/repositories/oci/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: [] 5 | -------------------------------------------------------------------------------- /k8s/prod/flux/vars/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ./cluster-settings.yaml 5 | - ./cluster-secrets.sops.yaml 6 | -------------------------------------------------------------------------------- /k8s/prod/templates/app-db-root-cert/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | -------------------------------------------------------------------------------- /k8s/prod/templates/postgres-database/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./postgresCluster.yaml 6 | - ./networkpolicy.yaml 7 | -------------------------------------------------------------------------------- /k8s/prod/templates/volsync/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./minio 6 | # - ./r2 7 | - ./pvc.yaml 8 | -------------------------------------------------------------------------------- /k8s/prod/templates/volsync/minio/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./externalsecret.yaml 6 | - ./replicationdestination.yaml 7 | - ./replicationsource.yaml 8 | -------------------------------------------------------------------------------- /k8s/prod/templates/volsync/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: "${VOLSYNC_CLAIM:-${APP}}" 6 | spec: 7 | accessModes: 8 | - "${VOLSYNC_ACCESSMODES:-ReadWriteOnce}" 9 | dataSourceRef: 10 | kind: ReplicationDestination 11 | apiGroup: volsync.backube 12 | name: "${APP}-bootstrap" 13 | resources: 14 | requests: 15 | storage: "${VOLSYNC_CAPACITY:-1Gi}" 16 | storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}" 17 | -------------------------------------------------------------------------------- /k8s/prod/templates/volsync/r2/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./externalsecret.yaml 6 | - ./replicationsource.yaml 7 | -------------------------------------------------------------------------------- /terraform/.env: -------------------------------------------------------------------------------- 1 | AWS_ACCESS_KEY_ID=${minio_username} 2 | AWS_SECRET_ACCESS_KEY=${minio_password} 3 | AWS_ENDPOINT_URL_S3=https://${minio_server} 4 | AWS_REGION=us-east-1 5 | _OP_SERVICE_ACCOUNT_TOKEN=${onepassword_service_account_token} 6 | _OP_ACCOUNT=${onepassword_account} 7 | OP_CONNECT_TOKEN=${onepassword_connect_token} 8 | AUTHENTIK_URL=${authentik_url} 9 | AUTHENTIK_TOKEN=${authentik_token} 10 | CLOUDFLARE_API_TOKEN=${cloudflare_api_token} 11 | -------------------------------------------------------------------------------- /terraform/.envrc: -------------------------------------------------------------------------------- 1 | use_sops() { 2 | local path=${1} 3 | eval "$(sops -d --output-type dotenv "$path" | direnv dotenv bash /dev/stdin)" 4 | watch_file "$path" 5 | } 6 | 7 | #if has nix; then 8 | # use flake 9 | #fi 10 | 11 | if has sops; then 12 | use sops ./secrets.sops.yaml 13 | fi 14 | 15 | dotenv 16 | -------------------------------------------------------------------------------- /terraform/authentik/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | key = "authentik.tfstate" 4 | # Do not change 5 | bucket = "home-ops-terraform" 6 | # note: endpoint, region access key and secret key are declared in ../.envrc 7 | skip_credentials_validation = true 8 | skip_requesting_account_id = true 9 | skip_metadata_api_check = true 10 | skip_region_validation = true 11 | use_path_style = true 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /terraform/authentik/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | authentik = { 4 | source = "goauthentik/authentik" 5 | version = "2024.12.0" 6 | } 7 | sops = { 8 | source = "carlpett/sops" 9 | version = "1.1.1" 10 | } 11 | onepassword = { 12 | source = "1Password/onepassword" 13 | version = "2.1.2" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /terraform/authentik/scopes.tf: -------------------------------------------------------------------------------- 1 | data "authentik_scope_mapping" "oauth2" { 2 | managed_list = [ 3 | "goauthentik.io/providers/oauth2/scope-openid", 4 | "goauthentik.io/providers/oauth2/scope-email", 5 | "goauthentik.io/providers/oauth2/scope-profile" 6 | ] 7 | } 8 | 9 | data "authentik_scope_mapping" "oauth2_offline" { 10 | managed_list = [ 11 | "goauthentik.io/providers/oauth2/scope-offline_access" 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /terraform/authentik/vars.auto.tfvars: -------------------------------------------------------------------------------- 1 | external_domain = "socozy.casa" 2 | external_domain_work = "outskirtslabs.com" 3 | internal_domain = "socozy.casa" 4 | kubernetes_namespace = "auth" 5 | authentik_domain = "auth.socozy.casa" 6 | authentik_domain_work = "auth.outskirtslabs.com" 7 | -------------------------------------------------------------------------------- /terraform/cloud/modules/domain/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | cloudflare = { 4 | source = "cloudflare/cloudflare" 5 | } 6 | http = { 7 | source = "hashicorp/http" 8 | } 9 | onepassword = { 10 | source = "1Password/onepassword" 11 | } 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /terraform/cloud/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | cloudflare = { 4 | source = "cloudflare/cloudflare" 5 | version = "4.50.0" 6 | } 7 | onepassword = { 8 | source = "1Password/onepassword" 9 | version = "2.1.2" 10 | } 11 | sops = { 12 | source = "carlpett/sops" 13 | version = "1.1.1" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /terraform/s3/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | key = "s3.tfstate" 4 | # Do not change 5 | bucket = "home-ops-terraform" 6 | # note: endpoint, region access key and secret key are declared in ../.envrc 7 | skip_credentials_validation = true 8 | skip_requesting_account_id = true 9 | skip_metadata_api_check = true 10 | skip_region_validation = true 11 | use_path_style = true 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /terraform/s3/modules/crunchy-bucket/README.md: -------------------------------------------------------------------------------- 1 | # volsync-bucket 2 | 3 | This terraform module is used to create: 4 | 5 | 1. a minio bucket + minio user + minio credentials 6 | 2. (optionally) an r2 bucket with an r2 api token 7 | 3. an item in 1password that contains the credentials and endpoints for minio and r2 8 | 9 | It is designed to be used with volsync such that every application that is 10 | backed up with volsync gets a local minio and remote r2 bucket. Credentials are 11 | scoped per application. 12 | -------------------------------------------------------------------------------- /terraform/s3/modules/crunchy-bucket/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | minio = { 4 | source = "aminueza/minio" 5 | } 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /terraform/s3/modules/minio-bucket/outputs.tf: -------------------------------------------------------------------------------- 1 | output "bucket_id" { 2 | value = minio_s3_bucket.bucket.id 3 | sensitive = false 4 | } 5 | output "user_access_key" { 6 | value = var.owner_access_key 7 | } 8 | output "user_secret_key" { 9 | value = var.owner_secret_key 10 | } 11 | -------------------------------------------------------------------------------- /terraform/s3/modules/minio-bucket/variables.tf: -------------------------------------------------------------------------------- 1 | variable "bucket_name" { 2 | type = string 3 | } 4 | 5 | variable "is_public" { 6 | type = bool 7 | default = false 8 | } 9 | 10 | variable "owner_access_key" { 11 | type = string 12 | sensitive = false 13 | default = null 14 | } 15 | 16 | variable "owner_secret_key" { 17 | type = string 18 | sensitive = true 19 | default = null 20 | } 21 | -------------------------------------------------------------------------------- /terraform/s3/modules/r2-bucket/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | cloudflare = { 4 | source = "cloudflare/cloudflare" 5 | } 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /terraform/s3/modules/volsync-bucket/README.md: -------------------------------------------------------------------------------- 1 | # volsync-bucket 2 | 3 | This terraform module is used to create: 4 | 5 | 1. a minio bucket + minio user + minio credentials 6 | 2. (optionally) an r2 bucket with an r2 api token 7 | 3. an item in 1password that contains the credentials and endpoints for minio and r2 8 | 9 | It is designed to be used with volsync such that every application that is 10 | backed up with volsync gets a local minio and remote r2 bucket. Credentials are 11 | scoped per application. 12 | -------------------------------------------------------------------------------- /terraform/s3/modules/volsync-bucket/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | minio = { 4 | source = "aminueza/minio" 5 | } 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /vyos/README.md: -------------------------------------------------------------------------------- 1 | # vyos-config 2 | 3 | My vyos configuration. 4 | 5 | Installed on vyos router by the ansible role [rmblr.vyos_setup](../ansible/roles/local/rmblr.vyos_setup/tasks/main.yml). 6 | 7 | My router is running custom vyos rolling build, see [ramblurr/vyos-custom](https://github.com/Ramblurr/vyos-custom) 8 | 9 | Thanks to [bjw-s](https://github.com/bjw-s/vyos-config) for figuring out this awesome technique 10 | for managing vyos. 11 | -------------------------------------------------------------------------------- /vyos/router0/.gitignore: -------------------------------------------------------------------------------- 1 | # Ignore everything 2 | /* 3 | 4 | # Track certain files and directories 5 | !.gitignore 6 | !apply-config.sh 7 | !secret.sops.env 8 | 9 | # VyOS config 10 | !scripts/ 11 | !config-parts/ 12 | !containers/ 13 | -------------------------------------------------------------------------------- /vyos/router0/config-parts/.gitignore: -------------------------------------------------------------------------------- 1 | # Ignore everything 2 | /* 3 | 4 | # Track certain files and directories 5 | !.gitignore 6 | !*.sh 7 | -------------------------------------------------------------------------------- /vyos/router0/containers/.gitignore: -------------------------------------------------------------------------------- 1 | # Ignore everything 2 | /* 3 | 4 | # Track certain files and directories 5 | !.gitignore 6 | 7 | !/coredns/ 8 | !/dnsdist/ 9 | !/haproxy/ 10 | !/unifi/ 11 | !/vector-agent/ 12 | !/smtp-relay 13 | -------------------------------------------------------------------------------- /vyos/router0/containers/dnsdist/.gitignore: -------------------------------------------------------------------------------- 1 | # Ignore everything 2 | /* 3 | 4 | # Track certain files and directories 5 | !.gitignore 6 | 7 | !/config/ 8 | /config/* 9 | !/config/dnsdist.conf 10 | -------------------------------------------------------------------------------- /vyos/router0/scripts/.gitignore: -------------------------------------------------------------------------------- 1 | # Ignore everything 2 | /* 3 | 4 | # Track certain files and directories 5 | !.gitignore 6 | !*.sh 7 | !*.script 8 | 9 | !/commit 10 | /commit/* 11 | !/commit/pre-hooks.d 12 | /commit/pre-hooks.d/* 13 | !/commit/pre-hooks.d/**.sh 14 | --------------------------------------------------------------------------------