├── .github ├── FUNDING.yml ├── labeler.yaml ├── labels.yaml ├── linters │ ├── .prettierrc.yaml │ ├── .yamllint.yaml │ └── prettierignore ├── renovate.json5 ├── renovate │ ├── autoMerge.json5 │ ├── commitMessage.json5 │ ├── customManagers.json5 │ ├── grafanaDashboards.json5 │ ├── groups.json5 │ ├── labels.json5 │ ├── packageRules.json5 │ └── semanticCommits.json5 ├── workflows │ ├── label-sync.yaml │ └── labeler.yaml └── yamllint.config.yaml ├── .gitignore ├── .sops.yaml ├── .taskfiles ├── AnsibleTasks.yml ├── Bootstrap │ └── Taskfile.yaml ├── ClusterTasks.yml ├── Flux │ └── Taskfile.yaml ├── Kubernetes │ └── Taskfile.yaml ├── SnapshotTasks.yml ├── Talos │ └── Taskfile.yaml └── volsync │ └── unlock.tmpl.yaml ├── LICENSE ├── README.md ├── Taskfile.yaml ├── github-deploy.key.pub └── kubernetes ├── apps ├── cert-manager │ ├── cert-manager │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── prometheusrule.yaml │ │ ├── issuers │ │ │ ├── issuers.yaml │ │ │ ├── kustomization.yaml │ │ │ └── secrets.sops.yaml │ │ └── ks.yaml │ ├── kustomization.yaml │ └── namespace.yaml ├── database │ ├── cloudnative-pg │ │ ├── app │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ ├── cluster │ │ │ ├── cluster-immich.yaml │ │ │ ├── cluster-mastodon.yaml │ │ │ ├── cluster-postgis.yaml │ │ │ ├── cluster17.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── prometheusrule.yaml │ │ │ ├── scheduledbackup.yaml │ │ │ └── service.yaml │ │ └── ks.yaml │ ├── dragonfly │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── rbac.yaml │ │ ├── cluster │ │ │ ├── cluster.yaml │ │ │ ├── kustomization.yaml │ │ │ └── podmonitor.yaml │ │ └── ks.yaml │ ├── emqx │ │ ├── app │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ ├── cluster │ │ │ ├── cluster.yaml │ │ │ ├── ingress.yaml │ │ │ ├── kustomization.yaml │ │ │ └── podmonitor.yaml │ │ └── ks.yaml │ ├── kustomization.yaml │ └── namespace.yaml ├── default │ ├── adventurelog │ │ ├── app │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── evcc │ │ ├── app │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── resources │ │ │ │ └── evcc.yaml │ │ └── ks.yaml │ ├── freshrss │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── homepage │ │ ├── app │ │ │ ├── configmap.yaml │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── rbac.yaml │ │ └── ks.yaml │ ├── immich │ │ ├── app │ │ │ ├── configmap.yaml │ │ │ ├── externalsecret.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── machine-learning │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── server │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── kustomization.yaml │ ├── mealie │ │ ├── app │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── namespace.yaml │ ├── nextcloud │ │ ├── app │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── ollama │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── openwebui │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── paperless-ngx │ │ ├── app │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── searxng │ │ ├── app │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── resources │ │ │ │ ├── limiter.toml │ │ │ │ └── settings.yml │ │ └── ks.yaml │ ├── shlink │ │ ├── app │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── stirling-pdf │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── strava-statistics │ │ ├── app │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── resources │ │ │ │ └── config.yaml │ │ └── ks.yaml │ ├── wanderer │ │ ├── app │ │ │ ├── db │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── externalsecret.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── pvc.yaml │ │ │ ├── search │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── web │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ └── zwave-js-ui │ │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ │ └── ks.yaml ├── flux-system │ ├── flux-operator │ │ ├── app │ │ │ ├── helm-values.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── kustomizeconfig.yaml │ │ ├── instance │ │ │ ├── github │ │ │ │ ├── kustomization.yaml │ │ │ │ └── webhooks │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── ingress.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── receiver.yaml │ │ │ ├── helm-values.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── kustomizeconfig.yaml │ │ └── ks.yaml │ ├── kustomization.yaml │ └── namespace.yaml ├── home-automation │ ├── kustomization.yaml │ ├── namespace.yaml │ └── zigbee2mqtt │ │ ├── app │ │ ├── externalsecret.yaml │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ │ └── ks.yaml ├── kube-system │ ├── cilium │ │ ├── app │ │ │ ├── helm-values.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── kustomizeconfig.yaml │ │ ├── config │ │ │ ├── bgp.conf │ │ │ ├── kustomization.yaml │ │ │ ├── l2.yaml │ │ │ ├── l3.yaml │ │ │ └── pool.yaml │ │ └── ks.yaml │ ├── coredns │ │ ├── app │ │ │ ├── helm-values.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── kustomizeconfig.yaml │ │ └── ks.yaml │ ├── external-secrets │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ ├── ks.yaml │ │ └── store │ │ │ ├── kustomization.yaml │ │ │ └── onepassword │ │ │ ├── clustersecretstore.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── secret.sops.yaml │ ├── intel-device-plugin │ │ ├── gpu │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ ├── kustomization.yaml │ │ └── operator │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ ├── kustomization.yaml │ ├── metrics-server │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── namespace.yaml │ ├── reloader │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ └── spegel │ │ ├── app │ │ ├── helm-values.yaml │ │ ├── helmrelease.yaml │ │ ├── kustomization.yaml │ │ └── kustomizeconfig.yaml │ │ └── ks.yaml ├── kube-tools │ ├── kustomization.yaml │ ├── namespace.yaml │ ├── node-feature-discovery │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ ├── config │ │ │ ├── kustomization.yaml │ │ │ └── nodefeaturerule.yaml │ │ └── ks.yaml │ └── reflector │ │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ │ └── ks.yaml ├── media │ ├── huntarr │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── jellyfin │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── jellyseerr │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── kustomization.yaml │ ├── lidarr │ │ ├── app │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── namespace.yaml │ ├── prowlarr │ │ ├── app │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── radarr │ │ ├── app │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── recyclarr │ │ ├── app │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── resources │ │ │ │ └── recyclarr.yml │ │ └── ks.yaml │ ├── sabnzbd │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ └── sonarr │ │ ├── app │ │ ├── externalsecret.yaml │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ │ └── ks.yaml ├── network │ ├── blocky │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── resources │ │ │ │ ├── blacklist.txt │ │ │ │ ├── config.yml │ │ │ │ └── whitelist.txt │ │ └── ks.yaml │ ├── cloudflared │ │ ├── app │ │ │ ├── configs │ │ │ │ └── config.yaml │ │ │ ├── dnsendpoint.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── secret.sops.yaml │ │ └── ks.yaml │ ├── external-dns │ │ ├── cloudflare │ │ │ └── app │ │ │ │ ├── dnsendpoint-crd.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ ├── ks.yaml │ │ └── unifi │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ ├── ingress-nginx │ │ ├── certificates │ │ │ ├── kustomization.yaml │ │ │ ├── production.yaml │ │ │ └── staging.yaml │ │ ├── external │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ ├── internal │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── kustomization.yaml │ └── namespace.yaml ├── observability │ ├── gatus │ │ ├── app │ │ │ ├── config │ │ │ │ └── config.yaml │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── rbac.yaml │ │ └── ks.yaml │ ├── grafana │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── secret.sops.yaml │ │ └── ks.yaml │ ├── kromgo │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── resources │ │ │ │ └── config.yaml │ │ └── ks.yaml │ ├── kube-prometheus-stack │ │ ├── app │ │ │ ├── alertmanagerconfig.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── scrapeconfig.yaml │ │ │ └── secret.sops.yaml │ │ └── ks.yaml │ ├── kustomization.yaml │ ├── loki │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── namespace.yaml │ ├── prometheus-operator-crds │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── promtail │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── silence-operator │ │ ├── crds │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── oci-repository.yaml │ │ ├── ks.yaml │ │ ├── resources │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── oci-repository.yaml │ │ └── silences │ │ │ ├── ceph.yaml │ │ │ ├── kustomization.yaml │ │ │ └── nodememoryhighutilization.yaml │ └── smartctl-exporter │ │ ├── app │ │ ├── helmrelease.yaml │ │ ├── kustomization.yaml │ │ └── prometheusrule.yaml │ │ └── ks.yaml ├── rook-ceph │ ├── kustomization.yaml │ ├── namespace.yaml │ └── rook-ceph │ │ ├── app │ │ ├── helmrelease.yaml │ │ ├── kustomization.yaml │ │ └── secret.sops.yaml │ │ ├── cluster │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ │ └── ks.yaml ├── social │ ├── kustomization.yaml │ ├── mastodon │ │ ├── app │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ ├── elasticsearch │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ └── namespace.yaml └── storage │ ├── kustomization.yaml │ ├── minio │ ├── app │ │ ├── externalsecret.yaml │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ └── ks.yaml │ ├── namespace.yaml │ ├── openebs │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ └── ks.yaml │ ├── snapshot-controller │ ├── app │ │ ├── helmrelease.yaml │ │ ├── kustomization.yaml │ │ └── pki.yaml │ └── ks.yaml │ └── volsync │ ├── app │ ├── helmrelease.yaml │ ├── kustomization.yaml │ └── prometheusrule.yaml │ └── ks.yaml ├── bootstrap ├── flux │ ├── age-key.secret.sops.yaml │ └── kustomization.yaml ├── helmfile.yaml └── talos │ ├── talconfig.yaml │ └── talsecret.sops.yaml ├── flux ├── cluster │ └── ks.yaml └── meta │ ├── repositories │ ├── git │ │ ├── kustomization.yaml │ │ └── local-path-provisioner.yaml │ ├── helm │ │ ├── backube.yaml │ │ ├── bitnami.yaml │ │ ├── bjw-s.yaml │ │ ├── cilium.yaml │ │ ├── cloudnative-pg.yaml │ │ ├── controlplaneio.yaml │ │ ├── coredns.yaml │ │ ├── democratic-csi.yaml │ │ ├── emberstack.yaml │ │ ├── emqx.yaml │ │ ├── external-dns.yaml │ │ ├── external-secrets.yaml │ │ ├── grafana.yaml │ │ ├── ingress-nginx.yaml │ │ ├── intel.yaml │ │ ├── jetstack.yaml │ │ ├── k8s-gateway.yaml │ │ ├── kustomization.yaml │ │ ├── metrics-server.yaml │ │ ├── nextcloud.yaml │ │ ├── node-feature-discovery-charts.yaml │ │ ├── openebs.yaml │ │ ├── piraeus.yaml │ │ ├── postfinance.yaml │ │ ├── prometheus-community.yaml │ │ ├── rook-ceph.yaml │ │ ├── spegel.yaml │ │ ├── stakater.yaml │ │ └── weave-gitops.yaml │ ├── kustomization.yaml │ └── oci │ │ └── .gitkeep │ └── settings │ ├── cluster-secrets.sops.yaml │ ├── cluster-settings.yaml │ └── kustomization.yml └── templates ├── gatus ├── external │ ├── configmap.yaml │ └── kustomization.yaml └── guarded │ ├── configmap.yaml │ └── kustomization.yaml └── volsync ├── claim.yaml ├── kustomization.yaml └── minio.yaml /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # These are supported funding model platforms 3 | github: cbirkenbeul 4 | custom: ['https://www.paypal.me/teqqyde', 'https://buymeacoff.ee/teqqyde'] 5 | -------------------------------------------------------------------------------- /.github/labeler.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | area/ansible: 3 | - changed-files: 4 | - any-glob-to-any-file: ansible/**/* 5 | area/docs: 6 | - changed-files: 7 | - any-glob-to-any-file: 8 | - "docs/**/*" 9 | - "README.md" 10 | area/github: 11 | - changed-files: 12 | - any-glob-to-any-file: .github/**/* 13 | area/kubernetes: 14 | - changed-files: 15 | - any-glob-to-any-file: kubernetes/**/* 16 | area/taskfile: 17 | - changed-files: 18 | - any-glob-to-any-file: .taskfiles/**/* 19 | - any-glob-to-any-file: Taskfile* -------------------------------------------------------------------------------- /.github/labels.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Areas 3 | - name: area/ansible 4 | color: "0e8a16" 5 | - name: area/docs 6 | color: "0e8a16" 7 | - name: area/github 8 | color: "0e8a16" 9 | - name: area/kubernetes 10 | color: "0e8a16" 11 | - name: area/terraform 12 | color: "0e8a16" 13 | # Clusters 14 | - name: cluster/main 15 | color: "ffc300" 16 | - name: cluster/storage 17 | color: "ffc300" 18 | # Renovate Types 19 | - name: renovate/ansible 20 | color: "027fa0" 21 | - name: renovate/container 22 | color: "027fa0" 23 | - name: renovate/github-action 24 | color: "027fa0" 25 | - name: renovate/grafana-dashboard 26 | color: "027fa0" 27 | - name: renovate/github-release 28 | color: "027fa0" 29 | - name: renovate/helm 30 | color: "027fa0" 31 | - name: renovate/terraform 32 | color: "027fa0" 33 | # Semantic Types 34 | - name: type/digest 35 | color: "ffeC19" 36 | - name: type/patch 37 | color: "ffeC19" 38 | - name: type/minor 39 | color: "ff9800" 40 | - name: type/major 41 | color: "f6412d" 42 | # Uncategorized 43 | - name: hold 44 | color: "ee0701" -------------------------------------------------------------------------------- /.github/linters/.prettierrc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | trailingComma: "es5" 3 | tabWidth: 2 4 | semi: false 5 | singleQuote: false 6 | bracketSpacing: false 7 | useTabs: false 8 | -------------------------------------------------------------------------------- /.github/linters/.yamllint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | ignore: | 3 | charts/ 4 | docs/ 5 | .private/ 6 | .terraform/ 7 | .vscode/ 8 | *.sops.* 9 | gotk-components.yaml 10 | extends: default 11 | rules: 12 | truthy: 13 | allowed-values: ["true", "false", "on"] 14 | comments: 15 | min-spaces-from-content: 1 16 | line-length: disable 17 | braces: 18 | min-spaces-inside: 0 19 | max-spaces-inside: 1 20 | brackets: 21 | min-spaces-inside: 0 22 | max-spaces-inside: 0 23 | indentation: enable 24 | -------------------------------------------------------------------------------- /.github/linters/prettierignore: -------------------------------------------------------------------------------- 1 | charts/ 2 | docs/ 3 | .private/ 4 | .terraform/ 5 | .vscode/ 6 | *.sops.* 7 | gotk-components.yaml 8 | -------------------------------------------------------------------------------- /.github/renovate/commitMessage.json5: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "commitMessageTopic": "{{depName}}", 4 | "commitMessageExtra": "to {{newVersion}}", 5 | "commitMessageSuffix": "", 6 | "packageRules": [ 7 | { 8 | "matchDatasources": ["helm"], 9 | "commitMessageTopic": "chart {{depName}}" 10 | }, 11 | { 12 | "matchDatasources": ["docker"], 13 | "commitMessageTopic": "image {{depName}}" 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /.github/renovate/labels.json5: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "packageRules": [ 4 | { 5 | "matchUpdateTypes": ["major"], 6 | "labels": ["type/major"] 7 | }, 8 | { 9 | "matchUpdateTypes": ["minor"], 10 | "labels": ["type/minor"] 11 | }, 12 | { 13 | "matchUpdateTypes": ["patch"], 14 | "labels": ["type/patch"] 15 | }, 16 | { 17 | "matchUpdateTypes": ["digest"], 18 | "labels": ["type/digest"] 19 | }, 20 | { 21 | "matchDatasources": ["docker"], 22 | "addLabels": ["renovate/container"] 23 | }, 24 | { 25 | "matchDatasources": ["helm"], 26 | "addLabels": ["renovate/helm"] 27 | }, 28 | { 29 | "matchDatasources": ["galaxy", "galaxy-collection"], 30 | "addLabels": ["renovate/ansible"] 31 | }, 32 | { 33 | "matchDatasources": ["github-releases", "github-tags"], 34 | "addLabels": ["renovate/github-release"] 35 | }, 36 | { 37 | "matchManagers": ["github-actions"], 38 | "addLabels": ["renovate/github-action"] 39 | }, 40 | { 41 | "matchDatasources": ["pypi"], 42 | "addLabels": ["renovate/pip"] 43 | } 44 | ] 45 | } -------------------------------------------------------------------------------- /.github/renovate/packageRules.json5: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "packageRules": [ 4 | { 5 | "description": ["Loose versioning for non-semver packages"], 6 | "matchDatasources": ["docker"], 7 | "versioning": "loose", 8 | "matchPackagePatterns": ["plex", "positz", "postiz-app"] 9 | }, 10 | { 11 | "description": ["Special config for postiz container"], 12 | "matchDatasources": ["docker"], 13 | "matchPackageNames": ["postiz-app"], 14 | "versioning": "regex:^(?[0-9]+)-amd64$" 15 | }, 16 | { 17 | "description": ["Custom versioning for k3s"], 18 | "matchDatasources": ["github-releases"], 19 | "versioning": "regex:^v(?\\d+)\\.(?\\d+)\\.(?\\d+)(?\\+k3s)(?\\d+)$", 20 | "matchPackagePatterns": ["k3s"] 21 | } 22 | ] 23 | } -------------------------------------------------------------------------------- /.github/workflows/label-sync.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json 3 | name: "Label Sync" 4 | 5 | on: 6 | workflow_dispatch: 7 | push: 8 | branches: ["main"] 9 | paths: [".github/labels.yaml"] 10 | 11 | jobs: 12 | label-sync: 13 | name: Label Sync 14 | runs-on: ubuntu-latest 15 | steps: 16 | - name: Checkout 17 | uses: actions/checkout@v4 18 | with: 19 | sparse-checkout: .github/labels.yaml 20 | 21 | - name: Sync Labels 22 | uses: EndBug/label-sync@v2 23 | with: 24 | config-file: .github/labels.yaml 25 | delete-other-labels: true -------------------------------------------------------------------------------- /.github/workflows/labeler.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: "Labeler" 3 | 4 | on: # yamllint disable-line rule:truthy 5 | workflow_dispatch: 6 | pull_request: 7 | branches: ["main"] 8 | 9 | jobs: 10 | labeler: 11 | name: Labeler 12 | runs-on: ubuntu-latest 13 | permissions: 14 | contents: read 15 | pull-requests: write 16 | steps: 17 | - name: Generate Token 18 | uses: actions/create-github-app-token@v2 19 | id: app-token 20 | with: 21 | app-id: "${{ secrets.BOT_APP_ID }}" 22 | private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" 23 | 24 | - name: Labeler 25 | uses: actions/labeler@v5 26 | with: 27 | repo-token: "${{ steps.app-token.outputs.token }}" 28 | configuration-path: .github/labeler.yaml -------------------------------------------------------------------------------- /.github/yamllint.config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | ignore: | 3 | .github/ 4 | crds.yaml 5 | extends: default 6 | rules: 7 | truthy: 8 | allowed-values: ['true', 'false', 'on', 'yes'] 9 | comments: 10 | min-spaces-from-content: 1 11 | line-length: disable 12 | braces: 13 | min-spaces-inside: 0 14 | max-spaces-inside: 1 15 | brackets: 16 | min-spaces-inside: 0 17 | max-spaces-inside: 0 18 | indentation: 19 | spaces: 2 20 | indent-sequences: consistent 21 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Trash 2 | .DS_Store 3 | Thumbs.db 4 | 5 | # Direnv 6 | .direnv 7 | .venv 8 | 9 | # Sops 10 | .decrypted~* 11 | *.key 12 | *.agekey 13 | 14 | # Kubernetes 15 | kubeconfig 16 | .decrypted~* 17 | *.secret.env 18 | *.secret.yaml 19 | *.agekey 20 | *.pub 21 | *.key 22 | *.pem 23 | 24 | #Talos 25 | talosconfig 26 | **/clusterconfig/ -------------------------------------------------------------------------------- /.sops.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | creation_rules: 3 | - path_regex: ansible/.*\.sops\.ya?ml 4 | unencrypted_regex: "^(kind)$" 5 | # Personal 6 | age: >- 7 | age1kmnhp30e40u4q54znn8ysz3atvee5k4q9r585y8mzxz9xuuxm37spk5w4w 8 | 9 | - path_regex: kubernetes/.*\.sops\.ya?ml 10 | encrypted_regex: "^(data|stringData)$" 11 | age: >- 12 | age1kmnhp30e40u4q54znn8ysz3atvee5k4q9r585y8mzxz9xuuxm37spk5w4w 13 | 14 | - path_regex: kk3s-cluster/.*\.sops\.ya?ml 15 | encrypted_regex: "^(data|stringData)$" 16 | age: >- 17 | age1kmnhp30e40u4q54znn8ysz3atvee5k4q9r585y8mzxz9xuuxm37spk5w4w 18 | 19 | - path_regex: talos/.*\.sops\.ya?ml 20 | encrypted_regex: "^(data|stringData)$" 21 | age: >- 22 | age1kmnhp30e40u4q54znn8ysz3atvee5k4q9r585y8mzxz9xuuxm37spk5w4w 23 | -------------------------------------------------------------------------------- /.taskfiles/Kubernetes/Taskfile.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://taskfile.dev/schema.json 3 | version: '3' 4 | 5 | tasks: 6 | 7 | reconcile: 8 | desc: Force Flux to pull in changes from your Git repository 9 | cmd: flux --namespace flux-system reconcile kustomization flux-system --with-source 10 | preconditions: 11 | - test -f {{.KUBECONFIG}} 12 | - which flux 13 | 14 | resources: 15 | desc: Gather common resources in your cluster, useful when asking for support 16 | cmds: 17 | - for: { var: RESOURCE } 18 | cmd: kubectl get {{.ITEM}} {{.CLI_ARGS | default "-A"}} 19 | vars: 20 | RESOURCE: >- 21 | nodes 22 | gitrepositories 23 | kustomizations 24 | helmrepositories 25 | helmreleases 26 | certificates 27 | certificaterequests 28 | ingresses 29 | pods 30 | preconditions: 31 | - test -f {{.KUBECONFIG}} 32 | - which kubectl -------------------------------------------------------------------------------- /.taskfiles/volsync/unlock.tmpl.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: batch/v1 3 | kind: Job 4 | metadata: 5 | name: unlock-volsync-src-paperless 6 | namespace: default 7 | spec: 8 | ttlSecondsAfterFinished: 3600 9 | template: 10 | spec: 11 | automountServiceAccountToken: false 12 | restartPolicy: OnFailure 13 | containers: 14 | - name: minio 15 | image: docker.io/restic/restic:latest 16 | args: ["unlock", "--remove-all"] 17 | envFrom: 18 | - secretRef: 19 | name: paperless-ngx-volsync-secret 20 | resources: {} 21 | -------------------------------------------------------------------------------- /github-deploy.key.pub: -------------------------------------------------------------------------------- 1 | ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAEw0KfOoouVEC1kaPFzt+ueje7E7WE0vkb2P4a6m1AiG+lAKx554NlCAZ/0vHN/7hXBArRo3KPi8lFCg1J7205TvwFtdkI85/cZsjq/4MaQvkJyxyMpEoxlbfCBIicsNgb2rYbpiariUkRIAwIbJSw8MVZLHKSxnrAimS1KLjYw+ibhlg== github-deploy-key 2 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: cert-manager 6 | namespace: cert-manager 7 | spec: 8 | interval: 15m 9 | chart: 10 | spec: 11 | chart: cert-manager 12 | version: v1.18.0 13 | sourceRef: 14 | kind: HelmRepository 15 | name: jetstack 16 | namespace: flux-system 17 | maxHistory: 2 18 | install: 19 | createNamespace: true 20 | remediation: 21 | retries: 3 22 | upgrade: 23 | cleanupOnFail: true 24 | remediation: 25 | retries: 3 26 | uninstall: 27 | keepHistory: false 28 | values: 29 | installCRDs: true 30 | dns01RecursiveNameservers: https://1.1.1.1:443/dns-query,https://1.0.0.1:443/dns-query 31 | dns01RecursiveNameserversOnly: true 32 | prometheus: 33 | enabled: true 34 | servicemonitor: 35 | enabled: true 36 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: cert-manager 5 | resources: 6 | - ./helmrelease.yaml 7 | # - ./prometheusrule.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/issuers/issuers.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: ClusterIssuer 3 | metadata: 4 | name: letsencrypt-production 5 | spec: 6 | acme: 7 | server: https://acme-v02.api.letsencrypt.org/directory 8 | email: "${SECRET_ACME_EMAIL}" 9 | privateKeySecretRef: 10 | name: letsencrypt-production 11 | solvers: 12 | - dns01: 13 | cloudflare: 14 | apiTokenSecretRef: 15 | name: cert-manager-secret 16 | key: api-token 17 | selector: 18 | dnsZones: 19 | - "${SECRET_DOMAIN}" 20 | - "${SECRET_SOCIAL_DOMAIN}" 21 | 22 | --- 23 | apiVersion: cert-manager.io/v1 24 | kind: ClusterIssuer 25 | metadata: 26 | name: letsencrypt-staging 27 | spec: 28 | acme: 29 | server: https://acme-staging-v02.api.letsencrypt.org/directory 30 | email: "${SECRET_ACME_EMAIL}" 31 | privateKeySecretRef: 32 | name: letsencrypt-staging 33 | solvers: 34 | - dns01: 35 | cloudflare: 36 | apiTokenSecretRef: 37 | name: cert-manager-secret 38 | key: api-token 39 | selector: 40 | dnsZones: 41 | - "${SECRET_DOMAIN}" 42 | - "${SECRET_SOCIAL_DOMAIN}" 43 | 44 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/issuers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./secrets.sops.yaml 6 | - ./issuers.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/issuers/secrets.sops.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: cert-manager-secret 5 | namespace: cert-manager 6 | stringData: 7 | api-token: ENC[AES256_GCM,data:G0GEn1YxZehaW+2KlIaAEpp0eS13OqK6l1bTGn5TdA4zrBtWfClzug==,iv:dH0c9S+7plXnoWu3iCQrlSVdko5cdOIPIJYkG8Vn9jw=,tag:KQXqu9VXDlpxSI7iT/YiWQ==,type:str] 8 | sops: 9 | kms: [] 10 | gcp_kms: [] 11 | azure_kv: [] 12 | hc_vault: [] 13 | age: 14 | - recipient: age1kmnhp30e40u4q54znn8ysz3atvee5k4q9r585y8mzxz9xuuxm37spk5w4w 15 | enc: | 16 | -----BEGIN AGE ENCRYPTED FILE----- 17 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtcWNFV3RUdVlNOTY3dWJz 18 | aVkrR2xkVk9JS01ZVlpwQmNSMkJLZURnVkg4CkVmN214dlZSL2hZaE55eHBtc0Nw 19 | UHFXaDlzUjJMZHlvVnh1bGw3NE1DTEEKLS0tIFBqUWJleWtJcFFyVXJNZ0NYVHV2 20 | aUVzc3R5SDAwdTk5ZTlHTkNTWWdBVnMKgmmduRsm40CQpZhqCm/XjXg3qjlUYPTp 21 | 3XICoISwpwJqI8e/4Nei8ACJaIaZs23PRMSDAVn26GwGHEKQohDF+g== 22 | -----END AGE ENCRYPTED FILE----- 23 | lastmodified: "2023-07-01T19:03:57Z" 24 | mac: ENC[AES256_GCM,data:E8rzsp4nhfyp5RSyuEp0prSLjNaXqQ7rwRtO9GYwmbqiNdW9Qp64mplWJ1LZkswNUoSB/pnUugLN5VtEcp8bsQ1M/I+F42ZUsG/pABI2vWOnpouXdQiOyT8+l4xu1FUQjiLy8u5v3I2iNAgO99yms/zObmFLZoxoOH6SKJivzXw=,iv:KQ4DNQiYwgdRwCVPThC7U2kvQvo64L/lo16CChGNVBY=,tag:rWzDbea/BQpkbopLTNNufQ==,type:str] 25 | pgp: [] 26 | encrypted_regex: ^(data|stringData)$ 27 | version: 3.7.3 28 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: cert-manager 6 | namespace: flux-system 7 | spec: 8 | path: ./kubernetes/apps/cert-manager/cert-manager/app 9 | prune: true 10 | sourceRef: 11 | kind: GitRepository 12 | name: flux-system 13 | wait: true 14 | interval: 30m 15 | retryInterval: 1m 16 | timeout: 5m 17 | --- 18 | apiVersion: kustomize.toolkit.fluxcd.io/v1 19 | kind: Kustomization 20 | metadata: 21 | name: cert-manager-issuers 22 | namespace: flux-system 23 | spec: 24 | dependsOn: 25 | - name: cert-manager 26 | path: ./kubernetes/apps/cert-manager/cert-manager/issuers 27 | prune: true 28 | sourceRef: 29 | kind: GitRepository 30 | name: flux-system 31 | wait: true 32 | interval: 30m 33 | retryInterval: 1m 34 | timeout: 5m 35 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./namespace.yaml 6 | - ./cert-manager/ks.yaml -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: cert-manager 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled -------------------------------------------------------------------------------- /kubernetes/apps/database/cloudnative-pg/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: cloudnative-pg 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword-connect 11 | target: 12 | name: cloudnative-pg-secret 13 | creationPolicy: Owner 14 | template: 15 | engineVersion: v2 16 | metadata: 17 | labels: 18 | cnpg.io/reload: "true" 19 | data: 20 | - secretKey: username 21 | remoteRef: 22 | key: cloudnative-pg 23 | property: POSTGRES_SUPER_USER 24 | - secretKey: password 25 | remoteRef: 26 | key: cloudnative-pg 27 | property: POSTGRES_SUPER_PASS 28 | - secretKey: aws-access-key-id 29 | remoteRef: 30 | key: cloudnative-pg 31 | property: AWS_ACCESS_KEY_ID 32 | - secretKey: aws-secret-access-key 33 | remoteRef: 34 | key: cloudnative-pg 35 | property: AWS_SECRET_ACCESS_KEY 36 | - secretKey: minio-access-key-id 37 | remoteRef: 38 | key: cloudnative-pg 39 | property: MINIO_ACCESS_KEY_ID 40 | - secretKey: minio-secret-access-key 41 | remoteRef: 42 | key: cloudnative-pg 43 | property: MINIO_SECRET_ACCESS_KEY -------------------------------------------------------------------------------- /kubernetes/apps/database/cloudnative-pg/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: cloudnative-pg 7 | namespace: database 8 | spec: 9 | interval: 30m 10 | chart: 11 | spec: 12 | chart: cloudnative-pg 13 | version: 0.24.0 14 | sourceRef: 15 | kind: HelmRepository 16 | name: cloudnative-pg 17 | namespace: flux-system 18 | maxHistory: 2 19 | install: 20 | remediation: 21 | retries: 3 22 | upgrade: 23 | cleanupOnFail: true 24 | remediation: 25 | retries: 3 26 | uninstall: 27 | keepHistory: false 28 | values: 29 | crds: 30 | create: true 31 | monitoring: 32 | podMonitorEnabled: true 33 | grafanaDashboard: 34 | create: true -------------------------------------------------------------------------------- /kubernetes/apps/database/cloudnative-pg/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: database 6 | resources: 7 | - ./externalsecret.yaml 8 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/database/cloudnative-pg/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: database 6 | resources: 7 | - ./cluster17.yaml 8 | - ./cluster-immich.yaml 9 | - ./cluster-mastodon.yaml 10 | - ./cluster-postgis.yaml 11 | - ./scheduledbackup.yaml 12 | - ./prometheusrule.yaml 13 | - ./service.yaml 14 | labels: 15 | - pairs: 16 | app.kubernetes.io/name: cloudnative-pg-cluster 17 | app.kubernetes.io/instance: cloudnative-pg-cluster 18 | app.kubernetes.io/part-of: cloudnative-pg -------------------------------------------------------------------------------- /kubernetes/apps/database/cloudnative-pg/cluster/scheduledbackup.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/postgresql.cnpg.io/scheduledbackup_v1.json 3 | apiVersion: postgresql.cnpg.io/v1 4 | kind: ScheduledBackup 5 | metadata: 6 | name: postgres17 7 | spec: 8 | schedule: "@daily" 9 | immediate: true 10 | backupOwnerReference: self 11 | cluster: 12 | name: postgres17 13 | 14 | --- 15 | apiVersion: postgresql.cnpg.io/v1 16 | kind: ScheduledBackup 17 | metadata: 18 | name: postgres16-immich 19 | spec: 20 | schedule: "@daily" 21 | immediate: true 22 | backupOwnerReference: self 23 | cluster: 24 | name: postgres16-immich 25 | 26 | --- 27 | apiVersion: postgresql.cnpg.io/v1 28 | kind: ScheduledBackup 29 | metadata: 30 | name: postgres17-mastodon 31 | spec: 32 | schedule: "@daily" 33 | immediate: true 34 | backupOwnerReference: self 35 | cluster: 36 | name: postgres17-mastodon -------------------------------------------------------------------------------- /kubernetes/apps/database/cloudnative-pg/cluster/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: postgres17-lb 6 | annotations: 7 | external-dns.alpha.kubernetes.io/hostname: psql.casalani.de 8 | io.cilium/lb-ipam-ips: 192.168.10.99 9 | spec: 10 | type: LoadBalancer 11 | ports: 12 | - name: postgres 13 | port: 5432 14 | protocol: TCP 15 | targetPort: 5432 16 | selector: 17 | cnpg.io/cluster: postgres17 18 | cnpg.io/instanceRole: primary 19 | 20 | --- 21 | apiVersion: v1 22 | kind: Service 23 | metadata: 24 | name: postgres16-immich-lb 25 | annotations: 26 | external-dns.alpha.kubernetes.io/hostname: psql-immich.casalani.de 27 | io.cilium/lb-ipam-ips: 192.168.10.100 28 | spec: 29 | type: LoadBalancer 30 | ports: 31 | - name: postgres 32 | port: 5432 33 | protocol: TCP 34 | targetPort: 5432 35 | selector: 36 | cnpg.io/cluster: postgres16-immich 37 | cnpg.io/instanceRole: primary -------------------------------------------------------------------------------- /kubernetes/apps/database/cloudnative-pg/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: cloudnative-pg 7 | namespace: flux-system 8 | spec: 9 | path: ./kubernetes/apps/database/cloudnative-pg/app 10 | prune: true 11 | sourceRef: 12 | kind: GitRepository 13 | name: flux-system 14 | healthChecks: 15 | - apiVersion: helm.toolkit.fluxcd.io/v2beta2 16 | kind: HelmRelease 17 | name: cloudnative-pg 18 | namespace: database 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 3m 22 | --- 23 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json 24 | apiVersion: kustomize.toolkit.fluxcd.io/v1 25 | kind: Kustomization 26 | metadata: 27 | name: cloudnative-pg-cluster 28 | namespace: flux-system 29 | spec: 30 | dependsOn: 31 | - name: cloudnative-pg 32 | - name: openebs 33 | path: ./kubernetes/apps/database/cloudnative-pg/cluster 34 | prune: true 35 | sourceRef: 36 | kind: GitRepository 37 | name: flux-system 38 | wait: true 39 | interval: 30m 40 | retryInterval: 1m 41 | timeout: 3m -------------------------------------------------------------------------------- /kubernetes/apps/database/dragonfly/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # renovate: datasource=github-releases depName=dragonflydb/dragonfly-operator 7 | - https://raw.githubusercontent.com/dragonflydb/dragonfly-operator/v1.1.11/manifests/crd.yaml 8 | - ./helmrelease.yaml 9 | - ./rbac.yaml -------------------------------------------------------------------------------- /kubernetes/apps/database/dragonfly/app/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: dragonfly-operator 6 | rules: 7 | - apiGroups: ["coordination.k8s.io"] 8 | resources: ["leases"] 9 | verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] 10 | - apiGroups: [""] 11 | resources: ["events"] 12 | verbs: ["create", "patch"] 13 | - apiGroups: [""] 14 | resources: ["pods", "services"] 15 | verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] 16 | - apiGroups: ["apps"] 17 | resources: ["statefulsets"] 18 | verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] 19 | - apiGroups: ["dragonflydb.io"] 20 | resources: ["dragonflies"] 21 | verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] 22 | - apiGroups: ["dragonflydb.io"] 23 | resources: ["dragonflies/finalizers"] 24 | verbs: ["update"] 25 | - apiGroups: ["dragonflydb.io"] 26 | resources: ["dragonflies/status"] 27 | verbs: ["get", "patch", "update"] 28 | --- 29 | apiVersion: rbac.authorization.k8s.io/v1 30 | kind: ClusterRoleBinding 31 | metadata: 32 | name: dragonfly-operator 33 | roleRef: 34 | apiGroup: rbac.authorization.k8s.io 35 | kind: ClusterRole 36 | name: dragonfly-operator 37 | subjects: 38 | - kind: ServiceAccount 39 | name: dragonfly-operator 40 | namespace: database -------------------------------------------------------------------------------- /kubernetes/apps/database/dragonfly/cluster/cluster.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.ok8.sh/dragonflydb.io/dragonfly_v1alpha1.json 3 | apiVersion: dragonflydb.io/v1alpha1 4 | kind: Dragonfly 5 | metadata: 6 | name: dragonfly 7 | spec: 8 | image: ghcr.io/dragonflydb/dragonfly:v1.30.3 9 | replicas: 3 # set to the number of nodes in the cluster 10 | env: 11 | - name: MAX_MEMORY 12 | valueFrom: 13 | resourceFieldRef: 14 | resource: limits.memory 15 | divisor: 1Mi 16 | args: 17 | - --maxmemory=$(MAX_MEMORY)Mi 18 | - --proactor_threads=2 19 | - --cluster_mode=emulated 20 | - --default_lua_flags=allow-undeclared-keys 21 | resources: 22 | requests: 23 | cpu: 100m 24 | limits: 25 | memory: 512Mi -------------------------------------------------------------------------------- /kubernetes/apps/database/dragonfly/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./cluster.yaml 7 | - ./podmonitor.yaml -------------------------------------------------------------------------------- /kubernetes/apps/database/dragonfly/cluster/podmonitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.ok8.sh/monitoring.coreos.com/podmonitor_v1.json 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: PodMonitor 5 | metadata: 6 | name: dragonfly 7 | spec: 8 | selector: 9 | matchLabels: 10 | app: dragonfly 11 | podTargetLabels: ["app"] 12 | podMetricsEndpoints: 13 | - port: admin -------------------------------------------------------------------------------- /kubernetes/apps/database/dragonfly/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.ok8.sh/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app dragonfly 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: database 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | dependsOn: 14 | - name: external-secrets-stores 15 | path: ./kubernetes/apps/database/dragonfly/app 16 | prune: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | wait: true 21 | interval: 30m 22 | retryInterval: 1m 23 | timeout: 5m 24 | --- 25 | # yaml-language-server: $schema=https://kubernetes-schemas.ok8.sh/kustomize.toolkit.fluxcd.io/kustomization_v1.json 26 | apiVersion: kustomize.toolkit.fluxcd.io/v1 27 | kind: Kustomization 28 | metadata: 29 | name: &app dragonfly-cluster 30 | namespace: flux-system 31 | spec: 32 | targetNamespace: database 33 | commonMetadata: 34 | labels: 35 | app.kubernetes.io/name: *app 36 | dependsOn: 37 | - name: dragonfly 38 | path: ./kubernetes/apps/database/dragonfly/cluster 39 | prune: true 40 | sourceRef: 41 | kind: GitRepository 42 | name: flux-system 43 | wait: true 44 | interval: 30m 45 | retryInterval: 1m 46 | timeout: 5m -------------------------------------------------------------------------------- /kubernetes/apps/database/emqx/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1 3 | kind: ExternalSecret 4 | metadata: 5 | name: emqx 6 | spec: 7 | secretStoreRef: 8 | kind: ClusterSecretStore 9 | name: onepassword-connect 10 | target: 11 | name: emqx-secret 12 | creationPolicy: Owner 13 | template: 14 | engineVersion: v2 15 | data: 16 | EMQX_DASHBOARD__DEFAULT_USERNAME: "{{ .EMQX_DASHBOARD__DEFAULT_USERNAME }}" 17 | EMQX_DASHBOARD__DEFAULT_PASSWORD: "{{ .EMQX_DASHBOARD__DEFAULT_PASSWORD }}" 18 | dataFrom: 19 | - extract: 20 | key: emqx 21 | --- 22 | apiVersion: external-secrets.io/v1 23 | kind: ExternalSecret 24 | metadata: 25 | name: emqx-init-user 26 | spec: 27 | refreshInterval: 5m 28 | secretStoreRef: 29 | kind: ClusterSecretStore 30 | name: onepassword-connect 31 | target: 32 | name: emqx-init-user-secret 33 | template: 34 | engineVersion: v2 35 | data: 36 | init-user.json: | 37 | [ 38 | {"user_id": "{{ .X_EMQX_MQTT_USERNAME }}", "password": "{{ .X_EMQX_MQTT_PASSWORD }}", "is_superuser": false} 39 | ] 40 | init-acl: | 41 | {allow, {user, "{{ .X_EMQX_MQTT_USERNAME }}"}, all, ["#"]}. 42 | dataFrom: 43 | - extract: 44 | key: emqx -------------------------------------------------------------------------------- /kubernetes/apps/database/emqx/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: emqx 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: emqx-operator 12 | version: 2.2.29 13 | sourceRef: 14 | kind: HelmRepository 15 | name: emqx 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | strategy: rollback 24 | retries: 3 25 | dependsOn: 26 | - name: cert-manager 27 | namespace: cert-manager 28 | values: 29 | fullnameOverride: emqx-operator -------------------------------------------------------------------------------- /kubernetes/apps/database/emqx/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./externalsecret.yaml -------------------------------------------------------------------------------- /kubernetes/apps/database/emqx/cluster/ingress.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: emqx-dashboard 6 | spec: 7 | ingressClassName: internal 8 | rules: 9 | - host: emqx.${SECRET_DOMAIN} 10 | http: 11 | paths: 12 | - path: / 13 | pathType: Prefix 14 | backend: 15 | service: 16 | name: emqx-dashboard 17 | port: 18 | number: 18083 -------------------------------------------------------------------------------- /kubernetes/apps/database/emqx/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - cluster.yaml 6 | - ingress.yaml 7 | - podmonitor.yaml 8 | # - ../../../../templates/gatus/internal -------------------------------------------------------------------------------- /kubernetes/apps/database/emqx/cluster/podmonitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PodMonitor 4 | metadata: 5 | name: emqx 6 | spec: 7 | selector: 8 | matchLabels: 9 | apps.emqx.io/instance: emqx 10 | apps.emqx.io/managed-by: emqx-operator 11 | podMetricsEndpoints: 12 | - port: dashboard 13 | path: /api/v5/prometheus/stats 14 | relabelings: 15 | - action: replace 16 | # user-defined cluster name, requires unique 17 | replacement: emqx5 18 | targetLabel: cluster 19 | - action: replace 20 | # fix value, don't modify 21 | replacement: emqx 22 | targetLabel: from 23 | - action: replace 24 | # fix value, don't modify 25 | sourceLabels: ['pod'] 26 | targetLabel: "instance" -------------------------------------------------------------------------------- /kubernetes/apps/database/emqx/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app emqx 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: database 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/database/emqx/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: flux-system 17 | prune: true 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | --- 23 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 24 | apiVersion: kustomize.toolkit.fluxcd.io/v1 25 | kind: Kustomization 26 | metadata: 27 | name: &app emqx-cluster 28 | namespace: flux-system 29 | spec: 30 | targetNamespace: database 31 | commonMetadata: 32 | labels: 33 | app.kubernetes.io/name: *app 34 | path: ./kubernetes/apps/database/emqx/cluster 35 | sourceRef: 36 | kind: GitRepository 37 | name: flux-system 38 | dependsOn: 39 | - name: emqx 40 | prune: true 41 | wait: false 42 | interval: 30m 43 | retryInterval: 1m 44 | timeout: 5m -------------------------------------------------------------------------------- /kubernetes/apps/database/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./namespace.yaml 6 | - ./cloudnative-pg/ks.yaml 7 | - ./dragonfly/ks.yaml 8 | - ./emqx/ks.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/database/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: database 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /kubernetes/apps/default/adventurelog/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: adventurelog 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword-connect 11 | target: 12 | name: adventurelog-secret 13 | template: 14 | engineVersion: v2 15 | data: 16 | DJANGO_ADMIN_PASSWORD: "{{ .DJANGO_ADMIN_PASSWORD }}" 17 | DJANGO_ADMIN_EMAIL: "{{ .DJANGO_ADMIN_EMAIL }}" 18 | SECRET_KEY: "{{ .SECRET_KEY }}" 19 | GOOGLE_MAPS_API_KEY: "{{ .GOOGLE_MAPS_API_KEY }}" 20 | PGHOST: postgres17-postgis-rw.database.svc.cluster.local 21 | PGDATABASE: &dbname "adventurelog" 22 | PGUSER: &dbuser "{{ .POSTGRES_SUPER_USER }}" 23 | PGPASSWORD: &dbpass "{{ .POSTGRES_SUPER_PASS }}" 24 | 25 | INIT_POSTGRES_DBNAME: *dbname 26 | INIT_POSTGRES_HOST: postgres17-postgis-rw.database.svc.cluster.local 27 | INIT_POSTGRES_USER: *dbuser 28 | INIT_POSTGRES_PASS: *dbpass 29 | INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}" 30 | dataFrom: 31 | - extract: 32 | key: adventurelog 33 | - extract: 34 | key: cloudnative-pg -------------------------------------------------------------------------------- /kubernetes/apps/default/adventurelog/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: default 6 | resources: 7 | - ./helmrelease.yaml 8 | - ./externalsecret.yaml 9 | - ../../../../templates/volsync 10 | - ../../../../templates/gatus/guarded 11 | 12 | -------------------------------------------------------------------------------- /kubernetes/apps/default/adventurelog/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app adventurelog 7 | namespace: flux-system 8 | labels: 9 | substitution.flux.home.arpa/enabled: "true" 10 | spec: 11 | dependsOn: 12 | - name: rook-ceph-cluster 13 | - name: cloudnative-pg-cluster 14 | - name: ingress-nginx-external 15 | path: ./kubernetes/apps/default/adventurelog/app 16 | prune: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | interval: 30m 21 | retryInterval: 1m 22 | timeout: 3m 23 | postBuild: 24 | substitute: 25 | APP: *app 26 | VOLSYNC_CAPACITY: 10Gi -------------------------------------------------------------------------------- /kubernetes/apps/default/evcc/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: evcc 7 | namespace: default 8 | spec: 9 | secretStoreRef: 10 | kind: ClusterSecretStore 11 | name: onepassword-connect 12 | target: 13 | name: evcc-secret 14 | template: 15 | templateFrom: 16 | - configMap: 17 | name: evcc-configmap 18 | items: 19 | - key: evcc.yaml 20 | 21 | engineVersion: v2 22 | data: 23 | ZIGBEE2MQTT_CONFIG_MQTT_USER: "{{ .X_EMQX_MQTT_USERNAME }}" 24 | ZIGBEE2MQTT_CONFIG_MQTT_PASSWORD: "{{ .X_EMQX_MQTT_PASSWORD }}" 25 | dataFrom: 26 | - extract: 27 | key: evcc 28 | - extract: 29 | key: emqx 30 | -------------------------------------------------------------------------------- /kubernetes/apps/default/evcc/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: default 6 | resources: 7 | - ./externalsecret.yaml 8 | - ./helmrelease.yaml 9 | - ../../../../templates/volsync 10 | - ../../../../templates/gatus/guarded 11 | configMapGenerator: 12 | - name: evcc-configmap 13 | files: 14 | - evcc.yaml=./resources/evcc.yaml 15 | generatorOptions: 16 | disableNameSuffixHash: true 17 | annotations: 18 | kustomize.toolkit.fluxcd.io/substitute: disabled -------------------------------------------------------------------------------- /kubernetes/apps/default/evcc/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app evcc 7 | namespace: flux-system 8 | labels: 9 | substitution.flux.home.arpa/enabled: "true" 10 | spec: 11 | path: ./kubernetes/apps/default/evcc/app 12 | dependsOn: 13 | - name: rook-ceph-cluster 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 3m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | VOLSYNC_CAPACITY: 1Gi -------------------------------------------------------------------------------- /kubernetes/apps/default/freshrss/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: default 6 | resources: 7 | - ./helmrelease.yaml 8 | - ../../../../templates/volsync 9 | - ../../../../templates/gatus/external 10 | 11 | -------------------------------------------------------------------------------- /kubernetes/apps/default/freshrss/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app freshrss 7 | namespace: flux-system 8 | labels: 9 | substitution.flux.home.arpa/enabled: "true" 10 | spec: 11 | dependsOn: 12 | - name: rook-ceph-cluster 13 | - name: cloudnative-pg-cluster 14 | - name: ingress-nginx-external 15 | path: ./kubernetes/apps/default/freshrss/app 16 | prune: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | interval: 30m 21 | retryInterval: 1m 22 | timeout: 3m 23 | postBuild: 24 | substitute: 25 | APP: *app 26 | VOLSYNC_CAPACITY: 2Gi -------------------------------------------------------------------------------- /kubernetes/apps/default/homepage/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: homepage 7 | namespace: default 8 | spec: 9 | secretStoreRef: 10 | kind: ClusterSecretStore 11 | name: onepassword-connect 12 | target: 13 | name: homepage-secret 14 | creationPolicy: Owner 15 | template: 16 | engineVersion: v2 17 | data: 18 | # Media 19 | HOMEPAGE_VAR_RADARR_API_KEY: "{{ .RADARR_API_KEY }}" 20 | HOMEPAGE_VAR_SONARR_API_KEY: "{{ .SONARR_API_KEY }}" 21 | HOMEPAGE_VAR_JELLYFIN_API_KEY: "{{ .JELLYFIN_API_KEY }}" 22 | HOMEPAGE_VAR_SABNZBD_API_KEY: "{{ .SABNZBD_API_KEY }}" 23 | HOMEPAGE_VAR_LIDARR_API_KEY: "{{ .LIDARR_API_KEY }}" 24 | 25 | # Stuff 26 | HOMEPAGE_VAR_HOMEPAGE_KEY: "{{ .HOMEPAGE_API_KEY }}" 27 | 28 | dataFrom: 29 | - extract: 30 | key: homepage 31 | 32 | -------------------------------------------------------------------------------- /kubernetes/apps/default/homepage/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: default 6 | resources: 7 | - ./externalsecret.yaml 8 | - ./helmrelease.yaml 9 | - ./rbac.yaml 10 | - ./configmap.yaml 11 | - ../../../../templates/gatus/guarded 12 | 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | annotations: 16 | kustomize.toolkit.fluxcd.io/substitute: disabled -------------------------------------------------------------------------------- /kubernetes/apps/default/homepage/app/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: &app homepage 6 | labels: 7 | app.kubernetes.io/instance: *app 8 | app.kubernetes.io/name: *app 9 | rules: 10 | - apiGroups: 11 | - "" 12 | resources: 13 | - namespaces 14 | - pods 15 | - nodes 16 | verbs: 17 | - get 18 | - list 19 | - apiGroups: 20 | - extensions 21 | - networking.k8s.io 22 | resources: 23 | - ingresses 24 | verbs: 25 | - get 26 | - list 27 | - apiGroups: 28 | - traefik.containo.us 29 | resources: 30 | - ingressroutes 31 | verbs: 32 | - get 33 | - list 34 | - apiGroups: 35 | - metrics.k8s.io 36 | resources: 37 | - nodes 38 | - pods 39 | verbs: 40 | - get 41 | - list 42 | - apiGroups: 43 | - apiextensions.k8s.io 44 | resources: 45 | - customresourcedefinitions/status 46 | verbs: 47 | - get 48 | --- 49 | apiVersion: rbac.authorization.k8s.io/v1 50 | kind: ClusterRoleBinding 51 | metadata: 52 | name: &app homepage 53 | labels: 54 | app.kubernetes.io/instance: *app 55 | app.kubernetes.io/name: *app 56 | roleRef: 57 | apiGroup: rbac.authorization.k8s.io 58 | kind: ClusterRole 59 | name: homepage 60 | subjects: 61 | - kind: ServiceAccount 62 | name: *app 63 | namespace: default # keep -------------------------------------------------------------------------------- /kubernetes/apps/default/homepage/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app homepage 7 | namespace: flux-system 8 | labels: 9 | substitution.flux.home.arpa/enabled: "true" 10 | spec: 11 | path: ./kubernetes/apps/default/homepage/app 12 | prune: true 13 | dependsOn: 14 | - name: ingress-nginx-external 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 3m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /kubernetes/apps/default/immich/app/configmap.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: immich-configmap 6 | namespace: default 7 | data: 8 | DB_PORT: "5432" 9 | DISABLE_REVERSE_GEOCODING: "true" 10 | ENABLE_MAPBOX: "false" 11 | LOG_LEVEL: verbose 12 | REDIS_HOSTNAME: dragonfly.database.svc.cluster.local 13 | REDIS_PORT: "6379" 14 | IMMICH_SERVER_URL: http://immich-server.default.svc.cluster.local:3001 15 | IMMICH_MACHINE_LEARNING_URL: http://immich-machine-learning.default.svc.cluster.local:3003 16 | IMMICH_TRUSTED_PROXIES: 10.42.0.0/16 -------------------------------------------------------------------------------- /kubernetes/apps/default/immich/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: default 6 | resources: 7 | - ./externalsecret.yaml 8 | - ./configmap.yaml 9 | - ./server 10 | - ./machine-learning 11 | - ../../../../templates/gatus/external 12 | labels: 13 | - pairs: 14 | app.kubernetes.io/name: immich 15 | app.kubernetes.io/instance: immich 16 | app.kubernetes.io/part-of: immich -------------------------------------------------------------------------------- /kubernetes/apps/default/immich/app/machine-learning/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | labels: 8 | - pairs: 9 | app.kubernetes.io/name: immich-machine-learning 10 | app.kubernetes.io/instance: immich-machine-learning 11 | app.kubernetes.io/part-of: immich -------------------------------------------------------------------------------- /kubernetes/apps/default/immich/app/server/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | labels: 8 | - pairs: 9 | app.kubernetes.io/name: immich-machine-learning 10 | app.kubernetes.io/instance: immich-machine-learning 11 | app.kubernetes.io/part-of: immich -------------------------------------------------------------------------------- /kubernetes/apps/default/immich/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app immich 7 | namespace: flux-system 8 | spec: 9 | path: ./kubernetes/apps/default/immich/app 10 | prune: true 11 | dependsOn: 12 | - name: rook-ceph-cluster 13 | - name: cloudnative-pg-cluster 14 | - name: ingress-nginx-external 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 15m 22 | postBuild: 23 | substitute: 24 | APP: photos 25 | -------------------------------------------------------------------------------- /kubernetes/apps/default/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./namespace.yaml 6 | - ./adventurelog/ks.yaml 7 | - ./evcc/ks.yaml 8 | - ./freshrss/ks.yaml 9 | - ./homepage/ks.yaml 10 | - ./immich/ks.yaml 11 | - ./mealie/ks.yaml 12 | - ./nextcloud/ks.yaml 13 | - ./ollama/ks.yaml 14 | - ./openwebui/ks.yaml 15 | - ./paperless-ngx/ks.yaml 16 | - ./searxng/ks.yaml 17 | - ./stirling-pdf/ks.yaml 18 | - ./strava-statistics/ks.yaml 19 | - ./wanderer/ks.yaml 20 | - ./zwave-js-ui/ks.yaml 21 | -------------------------------------------------------------------------------- /kubernetes/apps/default/mealie/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: mealie 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword-connect 11 | target: 12 | name: mealie-secret 13 | template: 14 | engineVersion: v2 15 | data: 16 | POSTGRES_USER: "{{ .POSTGRES_USER }}" 17 | POSTGRES_PASSWORD: "{{ .POSTGRES_PASS }}" 18 | POSTGRES_SERVER: postgres17-rw.database.svc.cluster.local 19 | POSTGRES_DB: mealie 20 | 21 | INIT_POSTGRES_DBNAME: mealie 22 | INIT_POSTGRES_HOST: postgres17-rw.database.svc.cluster.local 23 | INIT_POSTGRES_USER: "{{ .POSTGRES_USER }}" 24 | INIT_POSTGRES_PASS: "{{ .POSTGRES_PASS }}" 25 | INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}" 26 | dataFrom: 27 | - extract: 28 | key: mealie 29 | - extract: 30 | key: cloudnative-pg -------------------------------------------------------------------------------- /kubernetes/apps/default/mealie/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: default 6 | resources: 7 | - ./helmrelease.yaml 8 | - ./externalsecret.yaml 9 | - ../../../../templates/volsync 10 | - ../../../../templates/gatus/guarded 11 | 12 | -------------------------------------------------------------------------------- /kubernetes/apps/default/mealie/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app mealie 7 | namespace: flux-system 8 | labels: 9 | substitution.flux.home.arpa/enabled: "true" 10 | spec: 11 | dependsOn: 12 | - name: rook-ceph-cluster 13 | - name: cloudnative-pg-cluster 14 | - name: ingress-nginx-external 15 | path: ./kubernetes/apps/default/mealie/app 16 | prune: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | interval: 30m 21 | retryInterval: 1m 22 | timeout: 3m 23 | postBuild: 24 | substitute: 25 | APP: *app 26 | VOLSYNC_CAPACITY: 10Gi -------------------------------------------------------------------------------- /kubernetes/apps/default/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: default 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | annotations: 9 | volsync.backube/privileged-movers: "true" -------------------------------------------------------------------------------- /kubernetes/apps/default/nextcloud/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kochhaus-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: nextcloud 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword-connect 11 | target: 12 | name: nextcloud-secret 13 | template: 14 | data: 15 | # App 16 | nextcloud-username: "{{ .nextcloud_username }}" 17 | nextcloud-password: "{{ .nextcloud_password }}" 18 | smtp_username: "{{ .smtp_username }}" 19 | smtp_password: "{{ .smtp_password }}" 20 | smtp_host: "{{ .smtp_host }}" 21 | smtp_port: "587" 22 | smtp_timeout: "30" 23 | # Postgres Init 24 | INIT_POSTGRES_DBNAME: nextcloud 25 | INIT_POSTGRES_HOST: postgres17-rw.database.svc.cluster.local. 26 | INIT_POSTGRES_USER: "{{ .POSTGRES_USER }}" 27 | INIT_POSTGRES_PASS: "{{ .POSTGRES_PASS }}" 28 | INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}" 29 | dataFrom: 30 | - extract: 31 | key: nextcloud 32 | - extract: 33 | key: cloudnative-pg -------------------------------------------------------------------------------- /kubernetes/apps/default/nextcloud/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ../../../../templates/volsync 9 | - ../../../../templates/gatus/external 10 | -------------------------------------------------------------------------------- /kubernetes/apps/default/nextcloud/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://github.com/fluxcd-community/flux2-schemas/raw/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app nextcloud 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: default 10 | path: ./kubernetes/apps/default/nextcloud/app 11 | prune: true 12 | sourceRef: 13 | kind: GitRepository 14 | name: flux-system 15 | wait: true 16 | interval: 30m 17 | retryInterval: 1m 18 | timeout: 3m 19 | postBuild: 20 | substitute: 21 | APP: *app 22 | GATUS_SUBDOMAIN: cloud 23 | VOLSYNC_CAPACITY: 100Gi 24 | VOLSYNC_UID: "1022" 25 | VOLSYNC_GID: "1022" -------------------------------------------------------------------------------- /kubernetes/apps/default/ollama/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: default 6 | resources: 7 | - ./helmrelease.yaml 8 | - ../../../../templates/volsync 9 | 10 | generatorOptions: 11 | disableNameSuffixHash: true 12 | annotations: 13 | kustomize.toolkit.fluxcd.io/substitute: disabled -------------------------------------------------------------------------------- /kubernetes/apps/default/ollama/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app ollama 7 | namespace: flux-system 8 | labels: 9 | substitution.flux.home.arpa/enabled: "true" 10 | spec: 11 | path: ./kubernetes/apps/default/ollama/app 12 | prune: true 13 | dependsOn: 14 | - name: rook-ceph-cluster 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 3m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | VOLSYNC_CAPACITY: 5Gi -------------------------------------------------------------------------------- /kubernetes/apps/default/openwebui/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: default 6 | resources: 7 | - ./helmrelease.yaml 8 | generatorOptions: 9 | disableNameSuffixHash: true 10 | annotations: 11 | kustomize.toolkit.fluxcd.io/substitute: disabled -------------------------------------------------------------------------------- /kubernetes/apps/default/openwebui/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app openwebui 7 | namespace: flux-system 8 | labels: 9 | substitution.flux.home.arpa/enabled: "true" 10 | spec: 11 | path: ./kubernetes/apps/default/openwebui/app 12 | prune: true 13 | dependsOn: 14 | - name: ingress-nginx-internal 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 3m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /kubernetes/apps/default/paperless-ngx/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: default 6 | resources: 7 | - ./helmrelease.yaml 8 | - ./externalsecret.yaml 9 | - ../../../../templates/volsync 10 | - ../../../../templates/gatus/guarded -------------------------------------------------------------------------------- /kubernetes/apps/default/paperless-ngx/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app paperless-ngx 7 | namespace: flux-system 8 | labels: 9 | substitution.flux.home.arpa/enabled: "true" 10 | spec: 11 | path: ./kubernetes/apps/default/paperless-ngx/app 12 | prune: true 13 | dependsOn: 14 | - name: rook-ceph-cluster 15 | - name: cloudnative-pg-cluster 16 | - name: ingress-nginx-internal 17 | - name: dragonfly-cluster 18 | - name: external-secrets-stores 19 | sourceRef: 20 | kind: GitRepository 21 | name: flux-system 22 | interval: 30m 23 | retryInterval: 1m 24 | timeout: 3m 25 | postBuild: 26 | substitute: 27 | APP: *app 28 | GATUS_SUBDOMAIN: paperless 29 | VOLSYNC_CAPACITY: 10Gi -------------------------------------------------------------------------------- /kubernetes/apps/default/searxng/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: searxng 7 | namespace: default 8 | spec: 9 | secretStoreRef: 10 | kind: ClusterSecretStore 11 | name: onepassword-connect 12 | target: 13 | name: searxng 14 | creationPolicy: Owner 15 | template: 16 | engineVersion: v2 17 | data: 18 | # SearxNG 19 | SEARXNG_SECRET: "{{ .SEARXNG_SECRET_KEY }}" 20 | dataFrom: 21 | - extract: 22 | key: searxng 23 | 24 | -------------------------------------------------------------------------------- /kubernetes/apps/default/searxng/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: default 6 | resources: 7 | - ./externalsecret.yaml 8 | - ./helmrelease.yaml 9 | - ../../../../templates/gatus/external 10 | configMapGenerator: 11 | - name: searxng 12 | files: 13 | - ./resources/limiter.toml 14 | - ./resources/settings.yml 15 | -------------------------------------------------------------------------------- /kubernetes/apps/default/searxng/app/resources/limiter.toml: -------------------------------------------------------------------------------- 1 | [real_ip] 2 | 3 | # Number of values to trust for X-Forwarded-For. 4 | 5 | x_for = 1 6 | 7 | # The prefix defines the number of leading bits in an address that are compared 8 | # to determine whether or not an address is part of a (client) network. 9 | 10 | ipv4_prefix = 32 11 | ipv6_prefix = 48 12 | 13 | [botdetection.ip_limit] 14 | 15 | # To get unlimited access in a local network, by default link-lokal addresses 16 | # (networks) are not monitored by the ip_limit 17 | filter_link_local = true 18 | 19 | # activate link_token method in the ip_limit method 20 | link_token = false 21 | 22 | [botdetection.ip_lists] 23 | 24 | # In the limiter, the ip_lists method has priority over all other methods -> if 25 | # an IP is in the pass_ip list, it has unrestricted access and it is also not 26 | # checked if e.g. the "user agent" suggests a bot (e.g. curl). 27 | 28 | block_ip = [ 29 | ] 30 | 31 | pass_ip = [ 32 | '192.168.0.0/16', # IPv4 private network 33 | '10.0.0.0/8', # IPv4 private network 34 | ] 35 | 36 | # Activate passlist of (hardcoded) IPs from the SearXNG organization, 37 | # e.g. `check.searx.space`. 38 | pass_searxng_org = false -------------------------------------------------------------------------------- /kubernetes/apps/default/searxng/app/resources/settings.yml: -------------------------------------------------------------------------------- 1 | --- 2 | use_default_settings: true 3 | 4 | server: 5 | limiter: true 6 | image_proxy: true 7 | method: GET # https://github.com/searxng/searxng/pull/3619 8 | public_instance: false 9 | 10 | search: 11 | autocomplete: duckduckgo 12 | favicon_resolver: duckduckgo 13 | languages: 14 | - all 15 | - en 16 | - en-US 17 | - de 18 | 19 | general: 20 | instance_name: CASA LANI Search 21 | 22 | ui: 23 | default_theme: simple 24 | infinite_scroll: true 25 | query_in_title: true 26 | results_on_new_tab: true 27 | static_use_hash: true 28 | theme_args: 29 | simple_style: auto 30 | 31 | categories_as_tabs: 32 | general: 33 | images: 34 | videos: 35 | map: 36 | 37 | enabled_plugins: 38 | - Basic Calculator 39 | - Hash plugin 40 | - Hostnames plugin 41 | - Open Access DOI rewrite 42 | - Self Informations 43 | - Tracker URL remover 44 | - Unit converter plugin 45 | 46 | hostnames: 47 | high_priority: 48 | - (.*)\/blog\/(.*) 49 | - (.*\.)?wikipedia.org$ 50 | - (.*\.)?github.com$ 51 | - (.*\.)?reddit.com$ 52 | - (.*\.)?docker.com$ 53 | - (.*\.)?archlinux.org$ 54 | - (.*\.)?stackoverflow.com$ 55 | - (.*\.)?askubuntu.com$ 56 | - (.*\.)?superuser.com$ -------------------------------------------------------------------------------- /kubernetes/apps/default/searxng/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app searxng 7 | namespace: flux-system 8 | labels: 9 | substitution.flux.home.arpa/enabled: "true" 10 | spec: 11 | path: ./kubernetes/apps/default/searxng/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | wait: true 17 | interval: 30m 18 | retryInterval: 1m 19 | timeout: 3m 20 | postBuild: 21 | substitute: 22 | APP: *app 23 | VOLSYNC_CAPACITY: 1Gi 24 | GATUS_SUBDOMAIN: search -------------------------------------------------------------------------------- /kubernetes/apps/default/shlink/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: shlink 7 | namespace: default 8 | spec: 9 | secretStoreRef: 10 | kind: ClusterSecretStore 11 | name: onepassword-connect 12 | target: 13 | name: shlink-secret 14 | creationPolicy: Owner 15 | template: 16 | engineVersion: v2 17 | data: 18 | # Freshrss 19 | SHLINK_SERVER_URL: "{{ .SHLINK_SERVER_URL }}" 20 | SHLINK_SERVER_API_KEY: "{{ .SHLINK_SERVER_API_KEY }}" 21 | dataFrom: 22 | - extract: 23 | key: shlink 24 | 25 | -------------------------------------------------------------------------------- /kubernetes/apps/default/shlink/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: default 6 | resources: 7 | - ./externalsecret.yaml 8 | - ./helmrelease.yaml 9 | generatorOptions: 10 | disableNameSuffixHash: true 11 | annotations: 12 | kustomize.toolkit.fluxcd.io/substitute: disabled -------------------------------------------------------------------------------- /kubernetes/apps/default/shlink/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app shlink 7 | namespace: flux-system 8 | labels: 9 | substitution.flux.home.arpa/enabled: "true" 10 | spec: 11 | path: ./k3s-cluster/apps/default/shlink/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: home-kubernetes 16 | wait: true 17 | interval: 30m 18 | retryInterval: 1m 19 | timeout: 3m 20 | postBuild: 21 | substitute: 22 | APP: *app 23 | VOLSYNC_CAPACITY: 1Gi -------------------------------------------------------------------------------- /kubernetes/apps/default/stirling-pdf/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: default 6 | resources: 7 | - ./helmrelease.yaml 8 | - ../../../../templates/gatus/external 9 | -------------------------------------------------------------------------------- /kubernetes/apps/default/stirling-pdf/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app stirling-pdf 7 | namespace: flux-system 8 | labels: 9 | substitution.flux.home.arpa/enabled: "true" 10 | spec: 11 | path: ./kubernetes/apps/default/stirling-pdf/app 12 | dependsOn: 13 | - name: rook-ceph-cluster 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 3m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | GATUS_SUBDOMAIN: pdf 26 | -------------------------------------------------------------------------------- /kubernetes/apps/default/strava-statistics/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1 3 | kind: ExternalSecret 4 | metadata: 5 | name: &name strava-statistics-secret 6 | namespace: default 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword-connect 11 | target: 12 | name: *name 13 | creationPolicy: Owner 14 | template: 15 | engineVersion: v2 16 | data: 17 | # App 18 | STRAVA_CLIENT_ID: "{{ .STRAVA_CLIENT_ID }}" 19 | STRAVA_CLIENT_SECRET: "{{ .STRAVA_CLIENT_SECRET }}" 20 | STRAVA_REFRESH_TOKEN: "{{ .STRAVA_REFRESH_TOKEN }}" 21 | dataFrom: 22 | - extract: 23 | key: strava-statistics 24 | -------------------------------------------------------------------------------- /kubernetes/apps/default/strava-statistics/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: default 6 | resources: 7 | - ./externalsecret.yaml 8 | - ./helmrelease.yaml 9 | - ../../../../templates/volsync 10 | - ../../../../templates/gatus/guarded 11 | configMapGenerator: 12 | - name: strava-stistics-configmap 13 | files: 14 | - config.yaml=./resources/config.yaml 15 | generatorOptions: 16 | disableNameSuffixHash: true 17 | -------------------------------------------------------------------------------- /kubernetes/apps/default/strava-statistics/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app strava-statistics 7 | namespace: flux-system 8 | labels: 9 | substitution.flux.home.arpa/enabled: "true" 10 | spec: 11 | dependsOn: 12 | - name: rook-ceph-cluster 13 | - name: ingress-nginx-internal 14 | path: ./kubernetes/apps/default/strava-statistics/app 15 | prune: true 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 3m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | VOLSYNC_CAPACITY: 5Gi -------------------------------------------------------------------------------- /kubernetes/apps/default/wanderer/app/db/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: &app wanderer-db 7 | namespace: default 8 | spec: 9 | interval: 15m 10 | chart: 11 | spec: 12 | chart: app-template 13 | version: 4.0.1 14 | sourceRef: 15 | kind: HelmRepository 16 | name: bjw-s 17 | namespace: flux-system 18 | maxHistory: 3 19 | install: 20 | createNamespace: true 21 | remediation: 22 | retries: 3 23 | upgrade: 24 | cleanupOnFail: true 25 | remediation: 26 | strategy: uninstall 27 | retries: 3 28 | uninstall: 29 | keepHistory: false 30 | values: 31 | controllers: 32 | 33 | db: 34 | annotations: 35 | reloader.stakater.com/auto: "true" 36 | containers: 37 | db: 38 | image: 39 | repository: flomp/wanderer-db 40 | tag: v0.16.5 41 | envFrom: 42 | - secretRef: 43 | name: wanderer-secret 44 | 45 | service: 46 | db: 47 | controller: db 48 | ports: 49 | http: 50 | port: 8090 51 | 52 | persistence: 53 | db: 54 | existingClaim: wanderer-db 55 | globalMounts: 56 | - path: /pb_data 57 | -------------------------------------------------------------------------------- /kubernetes/apps/default/wanderer/app/db/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: default 6 | resources: 7 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/default/wanderer/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1 3 | kind: ExternalSecret 4 | metadata: 5 | name: &app wanderer 6 | namespace: default 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword-connect 11 | target: 12 | name: wanderer-secret 13 | creationPolicy: Owner 14 | template: 15 | engineVersion: v2 16 | data: 17 | # Global 18 | MEILI_URL: "http://wanderer-search:7700" 19 | MEILI_MASTER_KEY: "{{ .MEILI_MASTER_KEY }}" 20 | # Search 21 | POCKETBASE_ENCRYPTION_KEY: "{{ .POCKETBASE_ENCRYPTION_KEY }}" 22 | # Web 23 | ORIGIN: "https://wanderer.casalani.de" 24 | BODY_SIZE_LIMIT: "Infinity" 25 | PUBLIC_POCKETBASE_URL: "http://wanderer-db:8090" 26 | PUBLIC_DISABLE_SIGNUP: "false" 27 | UPLOAD_FOLDER: "/app/uploads" 28 | PUBLIC_VALHALLA_URL: "https://valhalla1.openstreetmap.de" 29 | PUBLIC_NOMINATIM_URL: "https://nominatim.openstreetmap.org" 30 | dataFrom: 31 | - extract: 32 | key: wanderer 33 | -------------------------------------------------------------------------------- /kubernetes/apps/default/wanderer/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: default 6 | resources: 7 | - ./externalsecret.yaml 8 | - ./pvc.yaml 9 | - ./db 10 | - ./search 11 | - ./web 12 | -------------------------------------------------------------------------------- /kubernetes/apps/default/wanderer/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: wanderer-db 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 5Gi 11 | storageClassName: ceph-block 12 | 13 | --- 14 | apiVersion: v1 15 | kind: PersistentVolumeClaim 16 | metadata: 17 | name: wanderer-web 18 | spec: 19 | accessModes: ["ReadWriteOnce"] 20 | resources: 21 | requests: 22 | storage: 20Gi 23 | storageClassName: ceph-block -------------------------------------------------------------------------------- /kubernetes/apps/default/wanderer/app/search/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: &app wanderer-search 7 | namespace: default 8 | spec: 9 | interval: 15m 10 | chart: 11 | spec: 12 | chart: app-template 13 | version: 4.0.1 14 | sourceRef: 15 | kind: HelmRepository 16 | name: bjw-s 17 | namespace: flux-system 18 | maxHistory: 3 19 | install: 20 | createNamespace: true 21 | remediation: 22 | retries: 3 23 | upgrade: 24 | cleanupOnFail: true 25 | remediation: 26 | strategy: uninstall 27 | retries: 3 28 | uninstall: 29 | keepHistory: false 30 | values: 31 | controllers: 32 | 33 | search: 34 | annotations: 35 | reloader.stakater.com/auto: "true" 36 | containers: 37 | search: 38 | image: 39 | repository: getmeili/meilisearch 40 | tag: v1.15.0 41 | envFrom: 42 | - secretRef: 43 | name: wanderer-secret 44 | 45 | service: 46 | search: 47 | controller: search 48 | ports: 49 | http: 50 | port: 7700 -------------------------------------------------------------------------------- /kubernetes/apps/default/wanderer/app/search/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: default 6 | resources: 7 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/default/wanderer/app/web/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: default 6 | resources: 7 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/default/wanderer/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app wanderer 7 | namespace: flux-system 8 | labels: 9 | substitution.flux.home.arpa/enabled: "true" 10 | spec: 11 | dependsOn: 12 | - name: rook-ceph-cluster 13 | - name: ingress-nginx-internal 14 | path: ./kubernetes/apps/default/wanderer/app 15 | prune: true 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 3m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/default/zwave-js-ui/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: default 6 | resources: 7 | - ./helmrelease.yaml 8 | - ../../../../templates/volsync 9 | -------------------------------------------------------------------------------- /kubernetes/apps/default/zwave-js-ui/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: zwave-js-ui 7 | namespace: flux-system 8 | labels: 9 | substitution.flux.home.arpa/enabled: "true" 10 | spec: 11 | dependsOn: 12 | - name: rook-ceph-cluster 13 | path: ./kubernetes/apps/default/zwave-js-ui/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | healthChecks: 19 | - apiVersion: helm.toolkit.fluxcd.io/v2beta2 20 | kind: HelmRelease 21 | name: zwave-js-ui 22 | namespace: default 23 | interval: 30m 24 | retryInterval: 1m 25 | timeout: 3m 26 | postBuild: 27 | substitute: 28 | APP: zwave-js-ui 29 | VOLSYNC_CAPACITY: 2Gi -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/app/helm-values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | serviceMonitor: 3 | create: true 4 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: flux-operator 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: flux-operator 12 | version: 0.22.0 13 | sourceRef: 14 | kind: HelmRepository 15 | name: controlplaneio 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | strategy: rollback 24 | retries: 3 25 | valuesFrom: 26 | - kind: ConfigMap 27 | name: flux-operator-helm-values 28 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: flux-operator-helm-values 9 | files: 10 | - values.yaml=./helm-values.yaml 11 | configurations: 12 | - kustomizeconfig.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/instance/github/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./webhooks 7 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/instance/github/webhooks/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1 3 | kind: ExternalSecret 4 | metadata: 5 | name: &app github-webhook-token 6 | spec: 7 | secretStoreRef: 8 | kind: ClusterSecretStore 9 | name: onepassword-connect 10 | target: 11 | name: *app 12 | creationPolicy: Owner 13 | template: 14 | engineVersion: v2 15 | data: 16 | token: "{{ .GITHUB_WEBHOOK_TOKEN }}" 17 | dataFrom: 18 | - extract: 19 | key: github -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/instance/github/webhooks/ingress.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: flux-webhook 6 | annotations: 7 | external-dns.alpha.kubernetes.io/target: "external.${SECRET_DOMAIN}" 8 | spec: 9 | ingressClassName: external 10 | rules: 11 | - host: "flux-webhook.${SECRET_DOMAIN}" 12 | http: 13 | paths: 14 | - path: /hook/ 15 | pathType: Prefix 16 | backend: 17 | service: 18 | name: webhook-receiver 19 | port: 20 | number: 80 21 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/instance/github/webhooks/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./ingress.yaml 8 | - ./receiver.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/instance/github/webhooks/receiver.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/receiver-notification-v1.json 3 | apiVersion: notification.toolkit.fluxcd.io/v1 4 | kind: Receiver 5 | metadata: 6 | name: github-receiver 7 | spec: 8 | type: github 9 | events: 10 | - ping 11 | - push 12 | secretRef: 13 | name: github-webhook-token-secret 14 | resources: 15 | - apiVersion: source.toolkit.fluxcd.io/v1 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | - apiVersion: kustomize.toolkit.fluxcd.io/v1 20 | kind: Kustomization 21 | name: flux-system 22 | namespace: flux-system 23 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/instance/helm-values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | instance: 3 | cluster: 4 | networkPolicy: false 5 | components: 6 | - source-controller 7 | - kustomize-controller 8 | - helm-controller 9 | - notification-controller 10 | sync: 11 | kind: GitRepository 12 | url: "https://github.com/cbirkenbeul/homelab" 13 | ref: "refs/heads/main" 14 | path: kubernetes/flux/cluster 15 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/instance/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: flux-instance 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: flux-instance 12 | version: 0.22.0 13 | sourceRef: 14 | kind: HelmRepository 15 | name: controlplaneio 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | strategy: rollback 24 | retries: 3 25 | dependsOn: 26 | - name: flux-operator 27 | namespace: flux-system 28 | valuesFrom: 29 | - kind: ConfigMap 30 | name: flux-instance-helm-values 31 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/instance/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./github 7 | - ./helmrelease.yaml 8 | configMapGenerator: 9 | - name: flux-instance-helm-values 10 | files: 11 | - values.yaml=./helm-values.yaml 12 | configurations: 13 | - kustomizeconfig.yaml 14 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/instance/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app flux-operator 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: flux-system 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/flux-system/flux-operator/app 14 | prune: false # never should be deleted 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: false 19 | interval: 30m 20 | timeout: 5m 21 | --- 22 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 23 | apiVersion: kustomize.toolkit.fluxcd.io/v1 24 | kind: Kustomization 25 | metadata: 26 | name: &app flux-instance 27 | namespace: flux-system 28 | spec: 29 | targetNamespace: flux-system 30 | commonMetadata: 31 | labels: 32 | app.kubernetes.io/name: *app 33 | path: ./kubernetes/apps/flux-system/flux-operator/instance 34 | prune: false # never should be deleted 35 | sourceRef: 36 | kind: GitRepository 37 | name: flux-system 38 | wait: false 39 | interval: 30m 40 | timeout: 5m 41 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./flux-operator/ks.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetesjsonschema.dev/v1.18.1-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: flux-system 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/apps/home-automation/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./zigbee2mqtt/ks.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/home-automation/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: home-automation 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | annotations: 9 | volsync.backube/privileged-movers: "true" -------------------------------------------------------------------------------- /kubernetes/apps/home-automation/zigbee2mqtt/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: zigbee2mqtt 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword-connect 11 | target: 12 | name: zigbee2mqtt-secret 13 | template: 14 | engineVersion: v2 15 | data: 16 | ZIGBEE2MQTT_CONFIG_ADVANCED_EXT_PAN_ID: "{{ .ZIGBEE2MQTT_CONFIG_ADVANCED_EXT_PAN_ID }}" 17 | ZIGBEE2MQTT_CONFIG_ADVANCED_PAN_ID: "{{ .ZIGBEE2MQTT_CONFIG_ADVANCED_PAN_ID }}" 18 | ZIGBEE2MQTT_CONFIG_ADVANCED_NETWORK_KEY: "{{ .ZIGBEE2MQTT_CONFIG_ADVANCED_NETWORK_KEY }}" 19 | ZIGBEE2MQTT_CONFIG_MQTT_USER: "{{ .X_EMQX_MQTT_USERNAME }}" 20 | ZIGBEE2MQTT_CONFIG_MQTT_PASSWORD: "{{ .X_EMQX_MQTT_PASSWORD }}" 21 | dataFrom: 22 | - extract: 23 | key: zigbee2mqtt 24 | - extract: 25 | key: emqx -------------------------------------------------------------------------------- /kubernetes/apps/home-automation/zigbee2mqtt/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ../../../../templates/volsync -------------------------------------------------------------------------------- /kubernetes/apps/home-automation/zigbee2mqtt/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app zigbee2mqtt 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: home-automation 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | dependsOn: 14 | - name: external-secrets-stores 15 | path: ./kubernetes/apps/home-automation/zigbee2mqtt/app 16 | prune: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | wait: false 21 | interval: 30m 22 | timeout: 5m 23 | postBuild: 24 | substitute: 25 | APP: *app 26 | VOLSYNC_CAPACITY: 1Gi -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/app/helm-values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | autoDirectNodeRoutes: true 3 | bandwidthManager: 4 | enabled: true 5 | bbr: true 6 | bgpControlPlane: 7 | enabled: true 8 | bpf: 9 | masquerade: false 10 | tproxy: true 11 | cgroup: 12 | automount: 13 | enabled: false 14 | hostRoot: /sys/fs/cgroup 15 | cluster: 16 | name: main 17 | id: 1 18 | enableRuntimeDeviceDetection: true 19 | endpointRoutes: 20 | enabled: true 21 | envoy: 22 | enabled: false 23 | hubble: 24 | enabled: false 25 | ipam: 26 | mode: kubernetes 27 | ipv4NativeRoutingCIDR: 10.42.0.0/16 28 | k8sServiceHost: 127.0.0.1 29 | k8sServicePort: 7445 30 | kubeProxyReplacement: true 31 | kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256 32 | l2announcements: 33 | enabled: true 34 | loadBalancer: 35 | algorithm: maglev 36 | mode: dsr 37 | localRedirectPolicy: true 38 | operator: 39 | rollOutPods: true 40 | replicas: 1 41 | rollOutCiliumPods: true 42 | routingMode: native 43 | securityContext: 44 | capabilities: 45 | ciliumAgent: 46 | - CHOWN 47 | - KILL 48 | - NET_ADMIN 49 | - NET_RAW 50 | - IPC_LOCK 51 | - SYS_ADMIN 52 | - SYS_RESOURCE 53 | - DAC_OVERRIDE 54 | - FOWNER 55 | - SETGID 56 | - SETUID 57 | cleanCiliumState: 58 | - NET_ADMIN 59 | - SYS_ADMIN 60 | - SYS_RESOURCE -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: cilium-helm-values 9 | files: 10 | - values.yaml=./helm-values.yaml 11 | configurations: 12 | - kustomizeconfig.yaml -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/config/bgp.conf: -------------------------------------------------------------------------------- 1 | router bgp 64513 2 | bgp router-id 192.168.10.1 3 | no bgp ebgp-requires-policy 4 | 5 | neighbor k8s-main peer-group 6 | neighbor k8s-main remote-as 64514 7 | 8 | neighbor 192.168.10.70 peer-group k8s-main 9 | neighbor 192.168.10.71 peer-group k8s-main 10 | neighbor 192.168.10.72 peer-group k8s-main 11 | 12 | address-family ipv4 unicast 13 | neighbor k8s-main next-hop-self 14 | neighbor k8s-main soft-reconfiguration inbound 15 | exit-address-family 16 | exit -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./l2.yaml 7 | - ./l3.yaml -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/config/l2.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # https://docs.cilium.io/en/latest/network/l2-announcements 3 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/cilium.io/ciliuml2announcementpolicy_v2alpha1.json 4 | apiVersion: cilium.io/v2alpha1 5 | kind: CiliumL2AnnouncementPolicy 6 | metadata: 7 | name: policy 8 | spec: 9 | loadBalancerIPs: true 10 | nodeSelector: 11 | matchLabels: 12 | kubernetes.io/os: linux 13 | --- 14 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/cilium.io/ciliumloadbalancerippool_v2alpha1.json 15 | apiVersion: cilium.io/v2alpha1 16 | kind: CiliumLoadBalancerIPPool 17 | metadata: 18 | name: pool 19 | spec: 20 | blocks: 21 | - cidr: "192.168.10.0/24" -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/config/l3.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://datreeio.github.io/CRDs-catalog/cilium.io/ciliumbgppeeringpolicy_v2alpha1.json 3 | apiVersion: cilium.io/v2alpha1 4 | kind: CiliumBGPPeeringPolicy 5 | metadata: 6 | name: l3-policy 7 | spec: 8 | nodeSelector: 9 | matchLabels: 10 | kubernetes.io/os: linux 11 | virtualRouters: 12 | - localASN: 64514 13 | exportPodCIDR: false 14 | serviceSelector: 15 | matchExpressions: 16 | - key: thisFakeSelector 17 | operator: NotIn 18 | values: 19 | - will-match-and-announce-all-services 20 | neighbors: 21 | - peerAddress: "192.168.10.1/32" 22 | peerASN: 64513 23 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/config/pool.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/cilium.io/ciliumloadbalancerippool_v2alpha1.json 3 | apiVersion: cilium.io/v2alpha1 4 | kind: CiliumLoadBalancerIPPool 5 | metadata: 6 | name: main-pool 7 | spec: 8 | allowFirstLastIPs: "No" 9 | blocks: 10 | - start: 192.168.10.80 11 | stop: 192.168.10.100 -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app cilium 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: kube-system 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/kube-system/cilium/app 14 | prune: false # never should be deleted 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | --- 23 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 24 | apiVersion: kustomize.toolkit.fluxcd.io/v1 25 | kind: Kustomization 26 | metadata: 27 | name: &app cilium-config 28 | namespace: flux-system 29 | spec: 30 | targetNamespace: kube-system 31 | commonMetadata: 32 | labels: 33 | app.kubernetes.io/name: *app 34 | dependsOn: 35 | - name: cilium 36 | path: ./kubernetes/apps/kube-system/cilium/config 37 | prune: false # never should be deleted 38 | sourceRef: 39 | kind: GitRepository 40 | name: flux-system 41 | wait: false # no flux ks dependents 42 | interval: 30m 43 | retryInterval: 1m 44 | timeout: 5m -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/coredns/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: coredns 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: coredns 12 | version: 1.42.3 13 | sourceRef: 14 | kind: HelmRepository 15 | name: coredns 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | strategy: rollback 24 | retries: 3 25 | uninstall: 26 | keepHistory: false 27 | valuesFrom: 28 | - kind: ConfigMap 29 | name: coredns-helm-values -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/coredns/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: coredns-helm-values 9 | files: 10 | - values.yaml=./helm-values.yaml 11 | configurations: 12 | - kustomizeconfig.yaml -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/coredns/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/coredns/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app coredns 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: kube-system 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/kube-system/coredns/app 14 | prune: false # never should be deleted 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: false # no flux ks dependents 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/external-secrets/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: external-secrets 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: external-secrets 12 | version: 0.17.0 13 | sourceRef: 14 | kind: HelmRepository 15 | name: external-secrets 16 | namespace: flux-system 17 | maxHistory: 2 18 | install: 19 | remediation: 20 | retries: 3 21 | upgrade: 22 | cleanupOnFail: true 23 | remediation: 24 | retries: 3 25 | uninstall: 26 | keepHistory: false 27 | values: 28 | installCRDs: true 29 | replicaCount: 1 30 | serviceMonitor: 31 | enabled: true 32 | interval: 1m 33 | webhook: 34 | serviceMonitor: 35 | enabled: true 36 | interval: 1m 37 | certController: 38 | serviceMonitor: 39 | enabled: true 40 | interval: 1m -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/external-secrets/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/external-secrets/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app external-secrets 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: kube-system 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/kube-system/external-secrets/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | --- 23 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomize.toolkit.fluxcd.io/kustomization_v1.json 24 | apiVersion: kustomize.toolkit.fluxcd.io/v1 25 | kind: Kustomization 26 | metadata: 27 | name: &app external-secrets-stores 28 | namespace: flux-system 29 | spec: 30 | targetNamespace: kube-system 31 | commonMetadata: 32 | labels: 33 | app.kubernetes.io/name: *app 34 | dependsOn: 35 | - name: external-secrets 36 | path: ./kubernetes/apps/kube-system/external-secrets/store 37 | prune: true 38 | sourceRef: 39 | kind: GitRepository 40 | name: flux-system 41 | wait: true 42 | interval: 30m 43 | retryInterval: 1m 44 | timeout: 5m -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/external-secrets/store/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./onepassword -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/external-secrets/store/onepassword/clustersecretstore.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/clustersecretstore_v1beta1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ClusterSecretStore 5 | metadata: 6 | name: onepassword-connect 7 | spec: 8 | provider: 9 | onepassword: 10 | connectHost: http://onepassword-connect.kube-system.svc.cluster.local 11 | vaults: 12 | k3s-cluster: 1 13 | auth: 14 | secretRef: 15 | connectTokenSecretRef: 16 | name: onepassword-connect-secret 17 | key: token 18 | namespace: kube-system -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/external-secrets/store/onepassword/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./secret.sops.yaml 7 | - ./helmrelease.yaml 8 | - ./clustersecretstore.yaml -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/intel-device-plugin/gpu/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: intel-device-plugin-gpu 6 | namespace: kube-system 7 | spec: 8 | interval: 10m 9 | chart: 10 | spec: 11 | chart: intel-device-plugins-gpu 12 | version: 0.32.1 13 | sourceRef: 14 | kind: HelmRepository 15 | name: intel 16 | namespace: flux-system 17 | dependsOn: 18 | - name: intel-device-plugin-operator 19 | namespace: kube-system 20 | maxHistory: 3 21 | install: 22 | remediation: 23 | retries: 3 24 | upgrade: 25 | cleanupOnFail: true 26 | remediation: 27 | retries: 3 28 | uninstall: 29 | keepHistory: false 30 | values: 31 | name: intel-gpu-plugin-gpu 32 | sharedDevNum: 3 33 | nodeFeatureRule: true -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/intel-device-plugin/gpu/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/intel-device-plugin/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - gpu 6 | - operator 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/intel-device-plugin/operator/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: intel-device-plugin-operator 6 | namespace: kube-system 7 | spec: 8 | interval: 10m 9 | chart: 10 | spec: 11 | chart: intel-device-plugins-operator 12 | version: 0.32.1 13 | sourceRef: 14 | kind: HelmRepository 15 | name: intel 16 | namespace: flux-system 17 | dependsOn: 18 | - name: node-feature-discovery 19 | namespace: kube-system 20 | maxHistory: 3 21 | install: 22 | remediation: 23 | retries: 3 24 | upgrade: 25 | cleanupOnFail: true 26 | remediation: 27 | retries: 3 28 | uninstall: 29 | keepHistory: false -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/intel-device-plugin/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./namespace.yaml 6 | - ./cilium/ks.yaml 7 | - ./coredns/ks.yaml 8 | - intel-device-plugin 9 | - ./external-secrets/ks.yaml 10 | - ./metrics-server/ks.yaml 11 | - ./reloader/ks.yaml 12 | - ./spegel/ks.yaml -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/metrics-server/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: metrics-server 6 | namespace: kube-system 7 | spec: 8 | interval: 15m 9 | chart: 10 | spec: 11 | chart: metrics-server 12 | version: 3.12.2 13 | sourceRef: 14 | kind: HelmRepository 15 | name: metrics-server 16 | namespace: flux-system 17 | maxHistory: 2 18 | install: 19 | createNamespace: true 20 | remediation: 21 | retries: 3 22 | upgrade: 23 | cleanupOnFail: true 24 | remediation: 25 | retries: 3 26 | uninstall: 27 | keepHistory: false 28 | values: 29 | args: 30 | - --kubelet-insecure-tls 31 | - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname 32 | - --kubelet-use-node-status-port 33 | - --metric-resolution=10s 34 | - --kubelet-request-timeout=2s 35 | metrics: 36 | enabled: true 37 | serviceMonitor: 38 | enabled: true 39 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/metrics-server/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: kube-system 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/metrics-server/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: &app metrics-server 6 | namespace: flux-system 7 | spec: 8 | path: ./kubernetes/apps/kube-system/metrics-server/app 9 | prune: true 10 | sourceRef: 11 | kind: GitRepository 12 | name: flux-system 13 | wait: false # no flux ks dependents 14 | interval: 30m 15 | retryInterval: 1m 16 | timeout: 5m 17 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: kube-system 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/reloader/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: reloader 6 | namespace: &namespace kube-system 7 | spec: 8 | interval: 15m 9 | chart: 10 | spec: 11 | chart: reloader 12 | version: 2.1.3 13 | sourceRef: 14 | kind: HelmRepository 15 | name: stakater 16 | namespace: flux-system 17 | maxHistory: 2 18 | install: 19 | createNamespace: true 20 | remediation: 21 | retries: 3 22 | upgrade: 23 | cleanupOnFail: true 24 | remediation: 25 | retries: 3 26 | uninstall: 27 | keepHistory: false 28 | values: 29 | fullnameOverride: reloader 30 | reloader: 31 | reloadStrategy: annotations 32 | podMonitor: 33 | enabled: true 34 | namespace: *namespace 35 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/reloader/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: kube-system 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/reloader/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: &app reloader 6 | namespace: flux-system 7 | spec: 8 | targetNamespace: kube-system 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | path: ./kubernetes/apps/kube-system/reloader/app 13 | prune: true 14 | sourceRef: 15 | kind: GitRepository 16 | name: flux-system 17 | wait: false 18 | interval: 30m 19 | retryInterval: 1m 20 | timeout: 5m 21 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/spegel/app/helm-values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | spegel: 3 | appendMirrors: true 4 | containerdSock: /run/containerd/containerd.sock 5 | containerdRegistryConfigPath: /etc/cri/conf.d/hosts 6 | service: 7 | registry: 8 | hostPort: 29999 -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/spegel/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: spegel 6 | spec: 7 | interval: 30m 8 | chart: 9 | spec: 10 | chart: spegel 11 | version: 0.3.0 12 | sourceRef: 13 | kind: HelmRepository 14 | name: spegel 15 | namespace: flux-system 16 | install: 17 | remediation: 18 | retries: 3 19 | upgrade: 20 | cleanupOnFail: true 21 | remediation: 22 | retries: 3 23 | valuesFrom: 24 | - kind: ConfigMap 25 | name: spegel-helm-values 26 | values: 27 | grafanaDashboard: 28 | enabled: true 29 | serviceMonitor: 30 | enabled: true -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/spegel/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | configMapGenerator: 7 | - name: spegel-helm-values 8 | files: 9 | - values.yaml=./helm-values.yaml 10 | configurations: 11 | - kustomizeconfig.yaml -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/spegel/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/spegel/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: &app spegel 6 | namespace: flux-system 7 | spec: 8 | targetNamespace: kube-system 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | path: ./kubernetes/apps/kube-system/spegel/app 13 | prune: true 14 | sourceRef: 15 | kind: GitRepository 16 | name: flux-system 17 | wait: false 18 | interval: 30m 19 | retryInterval: 1m 20 | timeout: 5m -------------------------------------------------------------------------------- /kubernetes/apps/kube-tools/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./node-feature-discovery/ks.yaml 10 | - ./reflector/ks.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-tools/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: kube-tools 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled -------------------------------------------------------------------------------- /kubernetes/apps/kube-tools/node-feature-discovery/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: node-feature-discovery 6 | namespace: kube-tools 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: node-feature-discovery 12 | version: 0.17.3 13 | sourceRef: 14 | kind: HelmRepository 15 | name: node-feature-discovery-charts 16 | namespace: flux-system 17 | interval: 30m 18 | install: 19 | crds: CreateReplace 20 | upgrade: 21 | crds: CreateReplace 22 | values: 23 | master: 24 | resources: 25 | requests: 26 | cpu: 21m 27 | memory: 51Mi 28 | limits: 29 | memory: 51Mi 30 | 31 | worker: 32 | config: 33 | core: 34 | sources: ["custom", "pci", "usb"] 35 | sources: 36 | usb: 37 | deviceClassWhitelist: ["02", "03", "0e", "ef", "fe", "ff"] 38 | deviceLabelFields: ["class", "vendor", "device"] 39 | 40 | resources: 41 | requests: 42 | cpu: 5m 43 | memory: 48Mi 44 | limits: 45 | memory: 48Mi 46 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-tools/node-feature-discovery/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: kube-system 5 | resources: 6 | - helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/kube-tools/node-feature-discovery/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: kube-tools 5 | resources: 6 | - nodefeaturerule.yaml -------------------------------------------------------------------------------- /kubernetes/apps/kube-tools/node-feature-discovery/config/nodefeaturerule.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: nfd.k8s-sigs.io/v1alpha1 3 | kind: NodeFeatureRule 4 | metadata: 5 | name: aeotec-zwave-stick 6 | namespace: kube-tools 7 | spec: 8 | rules: 9 | - # zWave Device 10 | name: zwave 11 | labels: 12 | feature.node.kubernetes.io/zwave: "true" 13 | matchFeatures: 14 | - feature: usb.device 15 | matchExpressions: 16 | class: { op: In, value: ["02"] } 17 | vendor: { op: In, value: ["10c4"] } 18 | device: { op: In, value: ["ea60"] } -------------------------------------------------------------------------------- /kubernetes/apps/kube-tools/node-feature-discovery/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: &app node-feature-discovery 6 | namespace: flux-system 7 | spec: 8 | path: ./kubernetes/apps/kube-tools/node-feature-discovery/app 9 | prune: true 10 | sourceRef: 11 | kind: GitRepository 12 | name: flux-system 13 | interval: 30m 14 | retryInterval: 1m 15 | timeout: 3m 16 | --- 17 | apiVersion: kustomize.toolkit.fluxcd.io/v1 18 | kind: Kustomization 19 | metadata: 20 | name: node-feature-discovery-config 21 | namespace: flux-system 22 | spec: 23 | path: ./kubernetes/apps/kube-tools/node-feature-discovery/config 24 | prune: true 25 | dependsOn: 26 | - name: node-feature-discovery 27 | sourceRef: 28 | kind: GitRepository 29 | name: flux-system 30 | interval: 30m 31 | retryInterval: 1m 32 | timeout: 3m -------------------------------------------------------------------------------- /kubernetes/apps/kube-tools/reflector/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: reflector 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: reflector 12 | version: 9.1.11 13 | sourceRef: 14 | kind: HelmRepository 15 | name: emberstack 16 | namespace: flux-system 17 | driftDetection: 18 | mode: enabled 19 | install: 20 | remediation: 21 | retries: 3 22 | upgrade: 23 | cleanupOnFail: true 24 | remediation: 25 | retries: 3 -------------------------------------------------------------------------------- /kubernetes/apps/kube-tools/reflector/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/kube-tools/reflector/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app reflector 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: kube-tools 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/kube-tools/reflector/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: false 19 | interval: 30m -------------------------------------------------------------------------------- /kubernetes/apps/media/huntarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: media 6 | resources: 7 | - ./helmrelease.yaml 8 | - ../../../../templates/volsync 9 | - ../../../../templates/gatus/guarded 10 | -------------------------------------------------------------------------------- /kubernetes/apps/media/huntarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app huntarr 7 | namespace: flux-system 8 | labels: 9 | substitution.flux.home.arpa/enabled: "true" 10 | spec: 11 | dependsOn: 12 | - name: rook-ceph-cluster 13 | - name: ingress-nginx-internal 14 | path: ./kubernetes/apps/media/huntarr/app 15 | prune: true 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | healthChecks: 20 | - apiVersion: helm.toolkit.fluxcd.io/v2beta2 21 | kind: HelmRelease 22 | name: huntarr 23 | namespace: media 24 | interval: 30m 25 | retryInterval: 1m 26 | timeout: 3m 27 | postBuild: 28 | substitute: 29 | APP: *app 30 | VOLSYNC_CAPACITY: 2Gi -------------------------------------------------------------------------------- /kubernetes/apps/media/jellyfin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: media 6 | resources: 7 | - ./helmrelease.yaml 8 | - ../../../../templates/volsync 9 | - ../../../../templates/gatus/external 10 | -------------------------------------------------------------------------------- /kubernetes/apps/media/jellyfin/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app jellyfin 7 | namespace: flux-system 8 | labels: 9 | substitution.flux.home.arpa/enabled: "true" 10 | spec: 11 | dependsOn: 12 | - name: rook-ceph-cluster 13 | - name: ingress-nginx-external 14 | path: ./kubernetes/apps/media/jellyfin/app 15 | prune: true 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 3m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | GATUS_SUBDOMAIN: jellyfin 26 | VOLSYNC_CAPACITY: 15Gi -------------------------------------------------------------------------------- /kubernetes/apps/media/jellyseerr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: media 6 | resources: 7 | - ./helmrelease.yaml 8 | - ../../../../templates/volsync 9 | -------------------------------------------------------------------------------- /kubernetes/apps/media/jellyseerr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app jellyseerr 7 | namespace: flux-system 8 | labels: 9 | substitution.flux.home.arpa/enabled: "true" 10 | spec: 11 | dependsOn: 12 | - name: rook-ceph-cluster 13 | - name: ingress-nginx-internal 14 | path: ./kubernetes/apps/media/jellyseerr/app 15 | prune: true 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | healthChecks: 20 | - apiVersion: helm.toolkit.fluxcd.io/v2beta2 21 | kind: HelmRelease 22 | name: jellyseerr 23 | namespace: media 24 | interval: 30m 25 | retryInterval: 1m 26 | timeout: 3m 27 | postBuild: 28 | substitute: 29 | APP: *app 30 | GATUS_SUBDOMAIN: jellyseerr 31 | VOLSYNC_CAPACITY: 2Gi -------------------------------------------------------------------------------- /kubernetes/apps/media/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./namespace.yaml 6 | - ./huntarr/ks.yaml 7 | - ./jellyfin/ks.yaml 8 | - ./jellyseerr/ks.yaml 9 | - ./lidarr/ks.yaml 10 | - ./prowlarr/ks.yaml 11 | - ./radarr/ks.yaml 12 | - ./recyclarr/ks.yaml 13 | - ./sabnzbd/ks.yaml 14 | - ./sonarr/ks.yaml 15 | -------------------------------------------------------------------------------- /kubernetes/apps/media/lidarr/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1 3 | kind: ExternalSecret 4 | metadata: 5 | name: &app lidarr 6 | namespace: media 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword-connect 11 | target: 12 | name: lidarr-secret 13 | creationPolicy: Owner 14 | template: 15 | engineVersion: v2 16 | data: 17 | LIDARR__API_KEY: "{{ .LIDARR_API_KEY }}" 18 | dataFrom: 19 | - extract: 20 | key: lidarr 21 | -------------------------------------------------------------------------------- /kubernetes/apps/media/lidarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: media 6 | resources: 7 | - ./helmrelease.yaml 8 | - ./externalsecret.yaml 9 | - ../../../../templates/volsync 10 | - ../../../../templates/gatus/guarded 11 | -------------------------------------------------------------------------------- /kubernetes/apps/media/lidarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app lidarr 7 | namespace: flux-system 8 | labels: 9 | substitution.flux.home.arpa/enabled: "true" 10 | spec: 11 | dependsOn: 12 | - name: rook-ceph-cluster 13 | - name: ingress-nginx-internal 14 | path: ./kubernetes/apps/media/lidarr/app 15 | prune: true 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | healthChecks: 20 | - apiVersion: helm.toolkit.fluxcd.io/v2beta2 21 | kind: HelmRelease 22 | name: lidarr 23 | namespace: media 24 | interval: 30m 25 | retryInterval: 1m 26 | timeout: 3m 27 | postBuild: 28 | substitute: 29 | APP: *app 30 | VOLSYNC_CAPACITY: 2Gi -------------------------------------------------------------------------------- /kubernetes/apps/media/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: media 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | annotations: 9 | volsync.backube/privileged-movers: "true" -------------------------------------------------------------------------------- /kubernetes/apps/media/prowlarr/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1 3 | kind: ExternalSecret 4 | metadata: 5 | name: &app prowlarr 6 | namespace: media 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword-connect 11 | target: 12 | name: prowlarr-secret 13 | creationPolicy: Owner 14 | template: 15 | engineVersion: v2 16 | data: 17 | PROWLARR__API_KEY: "{{ .PROWLARR_API_KEY }}" 18 | dataFrom: 19 | - extract: 20 | key: cloudnative-pg 21 | - extract: 22 | key: prowlarr 23 | -------------------------------------------------------------------------------- /kubernetes/apps/media/prowlarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: media 6 | resources: 7 | - ./helmrelease.yaml 8 | - ./externalsecret.yaml 9 | - ../../../../templates/volsync 10 | - ../../../../templates/gatus/guarded 11 | -------------------------------------------------------------------------------- /kubernetes/apps/media/prowlarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app prowlarr 7 | namespace: flux-system 8 | labels: 9 | substitution.flux.home.arpa/enabled: "true" 10 | spec: 11 | path: ./kubernetes/apps/media/prowlarr/app 12 | prune: true 13 | dependsOn: 14 | - name: rook-ceph-cluster 15 | - name: ingress-nginx-internal 16 | - name: radarr 17 | - name: sonarr 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | healthChecks: 22 | - apiVersion: helm.toolkit.fluxcd.io/v2beta2 23 | kind: HelmRelease 24 | name: prowlarr 25 | namespace: media 26 | interval: 30m 27 | retryInterval: 1m 28 | timeout: 3m 29 | postBuild: 30 | substitute: 31 | APP: *app 32 | VOLSYNC_CAPACITY: 2Gi -------------------------------------------------------------------------------- /kubernetes/apps/media/radarr/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1 3 | kind: ExternalSecret 4 | metadata: 5 | name: &app radarr 6 | namespace: media 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword-connect 11 | target: 12 | name: radarr-secret 13 | creationPolicy: Owner 14 | template: 15 | engineVersion: v2 16 | data: 17 | RADARR__API_KEY: "{{ .RADARR_API_KEY }}" 18 | dataFrom: 19 | - extract: 20 | key: radarr 21 | -------------------------------------------------------------------------------- /kubernetes/apps/media/radarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: media 6 | resources: 7 | - ./helmrelease.yaml 8 | - ./externalsecret.yaml 9 | - ../../../../templates/volsync 10 | - ../../../../templates/gatus/guarded 11 | -------------------------------------------------------------------------------- /kubernetes/apps/media/radarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app radarr 7 | namespace: flux-system 8 | labels: 9 | substitution.flux.home.arpa/enabled: "true" 10 | spec: 11 | dependsOn: 12 | - name: rook-ceph-cluster 13 | - name: ingress-nginx-internal 14 | path: ./kubernetes/apps/media/radarr/app 15 | prune: true 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | healthChecks: 20 | - apiVersion: helm.toolkit.fluxcd.io/v2beta2 21 | kind: HelmRelease 22 | name: radarr 23 | namespace: media 24 | interval: 30m 25 | retryInterval: 1m 26 | timeout: 3m 27 | postBuild: 28 | substitute: 29 | APP: *app 30 | VOLSYNC_CAPACITY: 2Gi -------------------------------------------------------------------------------- /kubernetes/apps/media/recyclarr/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: recyclarr 7 | namespace: media 8 | spec: 9 | secretStoreRef: 10 | kind: ClusterSecretStore 11 | name: onepassword-connect 12 | target: 13 | name: recyclarr-secret 14 | template: 15 | engineVersion: v2 16 | data: 17 | RADARR_API_KEY: "{{ .RADARR_API_KEY }}" 18 | SONARR_API_KEY: "{{ .SONARR_API_KEY }}" 19 | dataFrom: 20 | - extract: 21 | key: radarr 22 | - extract: 23 | key: sonarr -------------------------------------------------------------------------------- /kubernetes/apps/media/recyclarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: media 6 | resources: 7 | - ./externalsecret.yaml 8 | - ./helmrelease.yaml 9 | - ../../../../templates/volsync 10 | configMapGenerator: 11 | - name: recyclarr-configmap 12 | files: 13 | - recyclarr.yml=./resources/recyclarr.yml 14 | generatorOptions: 15 | disableNameSuffixHash: true 16 | annotations: 17 | kustomize.toolkit.fluxcd.io/substitute: disabled -------------------------------------------------------------------------------- /kubernetes/apps/media/recyclarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app recyclarr 7 | namespace: flux-system 8 | labels: 9 | substitution.flux.home.arpa/enabled: "true" 10 | spec: 11 | path: ./kubernetes/apps/media/recyclarr/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | wait: true 17 | interval: 30m 18 | retryInterval: 1m 19 | timeout: 3m 20 | postBuild: 21 | substitute: 22 | APP: *app 23 | VOLSYNC_CAPACITY: 1Gi -------------------------------------------------------------------------------- /kubernetes/apps/media/sabnzbd/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: media 6 | resources: 7 | - ./helmrelease.yaml 8 | - ../../../../templates/volsync 9 | - ../../../../templates/gatus/guarded 10 | -------------------------------------------------------------------------------- /kubernetes/apps/media/sabnzbd/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app sabnzbd 7 | namespace: flux-system 8 | labels: 9 | substitution.flux.home.arpa/enabled: "true" 10 | spec: 11 | dependsOn: 12 | - name: rook-ceph-cluster 13 | - name: ingress-nginx-internal 14 | - name: radarr 15 | - name: sonarr 16 | path: ./kubernetes/apps/media/sabnzbd/app 17 | prune: true 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | wait: true 22 | interval: 30m 23 | retryInterval: 1m 24 | timeout: 3m 25 | postBuild: 26 | substitute: 27 | APP: *app 28 | VOLSYNC_CAPACITY: 5Gi -------------------------------------------------------------------------------- /kubernetes/apps/media/sonarr/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1 3 | kind: ExternalSecret 4 | metadata: 5 | name: &app sonarr 6 | namespace: media 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword-connect 11 | target: 12 | name: sonarr-secret 13 | creationPolicy: Owner 14 | template: 15 | engineVersion: v2 16 | data: 17 | SONARR__API_KEY: "{{ .SONARR_API_KEY }}" 18 | dataFrom: 19 | - extract: 20 | key: sonarr 21 | -------------------------------------------------------------------------------- /kubernetes/apps/media/sonarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: media 6 | resources: 7 | - ./helmrelease.yaml 8 | - ./externalsecret.yaml 9 | - ../../../../templates/volsync 10 | - ../../../../templates/gatus/guarded 11 | -------------------------------------------------------------------------------- /kubernetes/apps/media/sonarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app sonarr 7 | namespace: flux-system 8 | labels: 9 | substitution.flux.home.arpa/enabled: "true" 10 | spec: 11 | path: ./kubernetes/apps/media/sonarr/app 12 | prune: true 13 | dependsOn: 14 | - name: rook-ceph-cluster 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | healthChecks: 19 | - apiVersion: helm.toolkit.fluxcd.io/v2beta2 20 | kind: HelmRelease 21 | name: sonarr 22 | namespace: media 23 | interval: 30m 24 | retryInterval: 1m 25 | timeout: 3m 26 | postBuild: 27 | substitute: 28 | APP: *app 29 | VOLSYNC_CAPACITY: 2Gi -------------------------------------------------------------------------------- /kubernetes/apps/network/blocky/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: blocky-configmap 9 | files: 10 | - config.yml=./resources/config.yml 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | -------------------------------------------------------------------------------- /kubernetes/apps/network/blocky/app/resources/blacklist.txt: -------------------------------------------------------------------------------- 1 | mobile-api.rewe.de. -------------------------------------------------------------------------------- /kubernetes/apps/network/blocky/app/resources/config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ports: 3 | dns: 0.0.0.0:53 4 | http: 0.0.0.0:4000 5 | 6 | bootstrapDns: 7 | - tcp-tls:1.1.1.1:853 8 | - tcp-tls:1.0.0.1:853 9 | 10 | upstreams: 11 | groups: 12 | default: 13 | - tcp-tls:1.1.1.1:853 14 | - tcp-tls:1.0.0.1:853 15 | 16 | clientLookup: 17 | upstream: tcp+udp:192.168.10.1 18 | 19 | conditional: 20 | mapping: 21 | 168.192.in-addr.arpa: tcp+udp:192.168.10.1 22 | casalani.de: tcp+udp:192.168.10.1 23 | 24 | caching: 25 | minTime: 15m 26 | prefetching: true 27 | cacheTimeNegative: -1 28 | 29 | prometheus: 30 | enable: true 31 | path: /metrics 32 | 33 | blocking: 34 | loading: 35 | downloads: 36 | timeout: 60s 37 | blackLists: 38 | ads: 39 | - https://big.oisd.nl/domainswild 40 | - | 41 | *.androidtvchannels-pa.googleapis.com 42 | *.androidtvwatsonfe-pa.googleapis.com 43 | - https://raw.githubusercontent.com/cbirkenbeul/homelab/refs/heads/main/kubernetes/apps/network/blocky/app/resources/blacklist.txt 44 | - https://raw.githubusercontent.com/autinerd/anti-axelspringer-hosts/master/axelspringer-hosts 45 | whiteLists: 46 | ads: 47 | - | 48 | *.amazonaws.com 49 | - https://raw.githubusercontent.com/cbirkenbeul/homelab/refs/heads/main/kubernetes/apps/network/blocky/app/resources/whitelist.txt 50 | clientGroupsBlock: 51 | default: 52 | - ads -------------------------------------------------------------------------------- /kubernetes/apps/network/blocky/app/resources/whitelist.txt: -------------------------------------------------------------------------------- 1 | *.adswizz.com -------------------------------------------------------------------------------- /kubernetes/apps/network/blocky/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app blocky 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: network 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | # dependsOn: 14 | # - name: external-dns-cloudflare 15 | path: ./kubernetes/apps/network/blocky/app 16 | prune: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | wait: false # no flux ks dependents 21 | interval: 30m 22 | retryInterval: 1m 23 | timeout: 5m 24 | postBuild: 25 | substitute: 26 | APP: *app -------------------------------------------------------------------------------- /kubernetes/apps/network/cloudflared/app/configs/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # The `ingress` block tells cloudflared which local service to route incoming 3 | # requests to. For more about ingress rules, see 4 | # https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/ingress 5 | # 6 | # Remember, these rules route traffic from cloudflared to a local service. To route traffic 7 | # from the internet to cloudflared, run `cloudflared tunnel route dns `. 8 | # E.g. `cloudflared tunnel route dns example-tunnel tunnel.example.com`. 9 | ingress: 10 | - hostname: "${SECRET_DOMAIN}" 11 | service: https://ingress-nginx-external-controller.network.svc.cluster.local:443 12 | originRequest: 13 | originServerName: "external.${SECRET_DOMAIN}" 14 | - hostname: "*.${SECRET_DOMAIN}" 15 | service: https://ingress-nginx-external-controller.network.svc.cluster.local:443 16 | originRequest: 17 | originServerName: "external.${SECRET_DOMAIN}" 18 | 19 | - hostname: "${SECRET_SOCIAL_DOMAIN}" 20 | service: https://ingress-nginx-external-controller.network.svc.cluster.local:443 21 | originRequest: 22 | originServerName: "external.${SECRET_SOCIAL_DOMAIN}" 23 | - hostname: "*.${SECRET_SOCIAL_DOMAIN}" 24 | service: https://ingress-nginx-external-controller.network.svc.cluster.local:443 25 | originRequest: 26 | originServerName: "external.${SECRET_SOCIAL_DOMAIN}" 27 | 28 | - service: http_status:404 29 | -------------------------------------------------------------------------------- /kubernetes/apps/network/cloudflared/app/dnsendpoint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: externaldns.k8s.io/v1alpha1 3 | kind: DNSEndpoint 4 | metadata: 5 | name: cloudflared 6 | spec: 7 | endpoints: 8 | - dnsName: "external.${SECRET_DOMAIN}" 9 | recordType: CNAME 10 | targets: ["${SECRET_CLOUDFLARE_TUNNEL_ID}.cfargotunnel.com"] -------------------------------------------------------------------------------- /kubernetes/apps/network/cloudflared/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: network 5 | resources: 6 | - ./dnsendpoint.yaml 7 | - ./secret.sops.yaml 8 | - ./helmrelease.yaml 9 | configMapGenerator: 10 | - name: cloudflared-configmap 11 | files: 12 | - ./configs/config.yaml 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | -------------------------------------------------------------------------------- /kubernetes/apps/network/cloudflared/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: cloudflared 6 | namespace: flux-system 7 | spec: 8 | dependsOn: 9 | - name: external-dns-cloudflare 10 | path: ./kubernetes/apps/network/cloudflared/app 11 | prune: true 12 | sourceRef: 13 | kind: GitRepository 14 | name: flux-system 15 | wait: false # no flux ks dependents 16 | interval: 30m 17 | retryInterval: 1m 18 | timeout: 5m 19 | -------------------------------------------------------------------------------- /kubernetes/apps/network/external-dns/cloudflare/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: &app external-dns 6 | namespace: network 7 | spec: 8 | interval: 15m 9 | chart: 10 | spec: 11 | chart: external-dns 12 | version: 1.16.1 13 | sourceRef: 14 | kind: HelmRepository 15 | name: external-dns 16 | namespace: flux-system 17 | maxHistory: 2 18 | install: 19 | createNamespace: true 20 | remediation: 21 | retries: 3 22 | upgrade: 23 | cleanupOnFail: true 24 | remediation: 25 | retries: 3 26 | uninstall: 27 | keepHistory: false 28 | values: 29 | provider: 30 | name: cloudflare 31 | env: 32 | - name: CF_API_TOKEN 33 | valueFrom: 34 | secretKeyRef: 35 | name: external-dns-secret 36 | key: api-token 37 | extraArgs: 38 | - --ingress-class=external 39 | - --cloudflare-proxied 40 | - --crd-source-apiversion=externaldns.k8s.io/v1alpha1 41 | - --crd-source-kind=DNSEndpoint 42 | policy: sync 43 | sources: ["crd", "ingress"] 44 | txtPrefix: k8s. 45 | txtOwnerId: default 46 | domainFilters: ["${SECRET_DOMAIN}","${SECRET_SOCIAL_DOMAIN}"] 47 | serviceMonitor: 48 | enabled: true 49 | podAnnotations: 50 | secret.reloader.stakater.com/reload: external-dns-secret 51 | -------------------------------------------------------------------------------- /kubernetes/apps/network/external-dns/cloudflare/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: network 5 | resources: 6 | - ./dnsendpoint-crd.yaml 7 | - ./secret.sops.yaml 8 | - ./helmrelease.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/network/external-dns/cloudflare/app/secret.sops.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: external-dns-secret 5 | namespace: network 6 | stringData: 7 | api-token: ENC[AES256_GCM,data:Xy8XD3LUJF+TkxSHB9eMdEsSNlI7x1UE5X2MJr5W8cxMY3ibfra/9A==,iv:lKAQ1xO1vbymKG6T4fJqvffez0xxNC3lrlBFAJScWHE=,tag:9o6+tfJqRSWGQVrnLuZLjw==,type:str] 8 | sops: 9 | kms: [] 10 | gcp_kms: [] 11 | azure_kv: [] 12 | hc_vault: [] 13 | age: 14 | - recipient: age1kmnhp30e40u4q54znn8ysz3atvee5k4q9r585y8mzxz9xuuxm37spk5w4w 15 | enc: | 16 | -----BEGIN AGE ENCRYPTED FILE----- 17 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAySndsanV4SUtod0YvSGxk 18 | QkI5OWI0NVlhQWdnVkxCbTVJbWhDem55eFRFCko4bmNCV2RNM0lnNnV4UUszTk5J 19 | WUY1SXppTTRDVHFEU0pFQ1JXWVlDTlkKLS0tIGl6WVdqNENBTTlYYVVWcUN3YmVB 20 | WTJ0MkJJbGppakJXcmZPcHhnNzNUem8KZ4D/R2FefiUWKVZHNhJq0SeHy5dfuhJn 21 | oqV8Rf0rWv0GE1eQEG7iC3MendBjPpKyXpvT291+TY9z58hWEkmq2A== 22 | -----END AGE ENCRYPTED FILE----- 23 | lastmodified: "2025-01-29T17:45:04Z" 24 | mac: ENC[AES256_GCM,data:F6YGyXDEUxMbTrIVqR3yz9cknvPQbdZZxTyb+oSzajC/cbZFzkT79aKTUoKrY3Sy6olm4dnDqF50qDYw6y8Ew+tr08cLX5Kq14H9ilqY/NH5xVjtf2ON+aAlfUxxqT3OWVI0Sa5lI/TQkRZUGHlbef9y4utSt3bK103DV0EhN3Y=,iv:OiSJVIfgZS90XqrSEku2Emyc1P1h+ckISLwPcnjLSc0=,tag:+m0e6kkVV/fWD2d/1n8IRA==,type:str] 25 | pgp: [] 26 | encrypted_regex: ^(data|stringData)$ 27 | version: 3.9.3 28 | -------------------------------------------------------------------------------- /kubernetes/apps/network/external-dns/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app external-dns-cloudflare 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: network 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/network/external-dns/cloudflare 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | interval: 30m 20 | --- 21 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 22 | apiVersion: kustomize.toolkit.fluxcd.io/v1 23 | kind: Kustomization 24 | metadata: 25 | name: &app external-dns-unifi 26 | namespace: flux-system 27 | spec: 28 | targetNamespace: network 29 | commonMetadata: 30 | labels: 31 | app.kubernetes.io/name: *app 32 | path: ./kubernetes/apps/network/external-dns/unifi 33 | prune: true 34 | sourceRef: 35 | kind: GitRepository 36 | name: flux-system 37 | wait: true 38 | interval: 30m -------------------------------------------------------------------------------- /kubernetes/apps/network/external-dns/unifi/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: external-dns-unifi 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword-connect 11 | target: 12 | name: external-dns-unifi 13 | creationPolicy: Owner 14 | template: 15 | engineVersion: v2 16 | data: 17 | UNIFI_API_KEY: "{{ .UNIFI_API_KEY }}" 18 | dataFrom: 19 | - extract: 20 | key: unifi -------------------------------------------------------------------------------- /kubernetes/apps/network/external-dns/unifi/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/network/ingress-nginx/certificates/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # - ./staging.yaml 6 | - ./production.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/network/ingress-nginx/certificates/production.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: Certificate 4 | metadata: 5 | name: "${SECRET_DOMAIN/./-}-production" 6 | spec: 7 | secretName: "${SECRET_DOMAIN/./-}-production-tls" 8 | issuerRef: 9 | name: letsencrypt-production 10 | kind: ClusterIssuer 11 | commonName: "${SECRET_DOMAIN}" 12 | dnsNames: 13 | - "${SECRET_DOMAIN}" 14 | - "*.${SECRET_DOMAIN}" 15 | --- 16 | apiVersion: cert-manager.io/v1 17 | kind: Certificate 18 | metadata: 19 | name: "${SECRET_SOCIAL_DOMAIN/./-}-production" 20 | spec: 21 | secretName: "${SECRET_SOCIAL_DOMAIN/./-}-production-tls" 22 | issuerRef: 23 | name: letsencrypt-production 24 | kind: ClusterIssuer 25 | commonName: "${SECRET_SOCIAL_DOMAIN}" 26 | dnsNames: 27 | - "${SECRET_SOCIAL_DOMAIN}" 28 | - "*.${SECRET_SOCIAL_DOMAIN}" 29 | secretTemplate: 30 | annotations: 31 | reflector.v1.k8s.emberstack.com/reflection-allowed: "true" 32 | reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "default,storage,flux-system,kube-system,network,social" # Control destination namespaces 33 | reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true" # Auto create reflection for matching namespaces 34 | reflector.v1.k8s.emberstack.com/reflection-auto-namespaces: "default,storage,flux-system,kube-system,network,social" # Control auto-reflection namespaces 35 | -------------------------------------------------------------------------------- /kubernetes/apps/network/ingress-nginx/certificates/staging.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: Certificate 4 | metadata: 5 | name: "${SECRET_DOMAIN/./-}-staging" 6 | spec: 7 | secretName: "${SECRET_DOMAIN/./-}-staging-tls" 8 | issuerRef: 9 | name: letsencrypt-staging 10 | kind: ClusterIssuer 11 | commonName: "${SECRET_DOMAIN}" 12 | dnsNames: 13 | - "${SECRET_DOMAIN}" 14 | - "*.${SECRET_DOMAIN}" 15 | 16 | --- 17 | apiVersion: cert-manager.io/v1 18 | kind: Certificate 19 | metadata: 20 | name: "${SECRET_SOCIAL_DOMAIN/./-}-production" 21 | spec: 22 | secretName: "${SECRET_SOCIAL_DOMAIN/./-}-production-tls" 23 | issuerRef: 24 | name: letsencrypt-production 25 | kind: ClusterIssuer 26 | commonName: "${SECRET_SOCIAL_DOMAIN}" 27 | dnsNames: 28 | - "${SECRET_SOCIAL_DOMAIN}" 29 | - "*.${SECRET_SOCIAL_DOMAIN}" 30 | secretTemplate: 31 | annotations: 32 | reflector.v1.k8s.emberstack.com/reflection-allowed: "true" 33 | reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "default,storage,flux-system,kube-system,network" # Control destination namespaces 34 | reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true" # Auto create reflection for matching namespaces 35 | reflector.v1.k8s.emberstack.com/reflection-auto-namespaces: "default,storage,flux-system,kube-system,network" # Control auto-reflection namespaces 36 | -------------------------------------------------------------------------------- /kubernetes/apps/network/ingress-nginx/external/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/network/ingress-nginx/internal/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/network/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./blocky/ks.yaml 10 | - ./cloudflared/ks.yaml 11 | - ./external-dns/ks.yaml 12 | - ./ingress-nginx/ks.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/network/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: network 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled -------------------------------------------------------------------------------- /kubernetes/apps/observability/gatus/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: gatus 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword-connect 11 | target: 12 | name: gatus-secret 13 | creationPolicy: Owner 14 | template: 15 | engineVersion: v2 16 | data: 17 | CUSTOM_PUSHOVER_TOKEN: "{{ .GATUS_PUSHOVER_TOKEN }}" 18 | CUSTOM_PUSHOVER_USER_KEY: "{{ .PUSHOVER_USER_KEY }}" 19 | INIT_POSTGRES_DBNAME: gatus 20 | INIT_POSTGRES_HOST: postgres17-rw.database.svc.cluster.local 21 | INIT_POSTGRES_USER: "{{ .GATUS_POSTGRES_USER }}" 22 | INIT_POSTGRES_PASS: "{{ .GATUS_POSTGRES_PASS }}" 23 | INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}" 24 | dataFrom: 25 | - extract: 26 | key: cloudnative-pg 27 | - extract: 28 | key: gatus 29 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/gatus/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: observability 6 | resources: 7 | - ./externalsecret.yaml 8 | - ./rbac.yaml 9 | - ./helmrelease.yaml 10 | configMapGenerator: 11 | - name: gatus-configmap 12 | files: 13 | - ./config/config.yaml 14 | generatorOptions: 15 | disableNameSuffixHash: true 16 | annotations: 17 | kustomize.toolkit.fluxcd.io/substitute: disabled -------------------------------------------------------------------------------- /kubernetes/apps/observability/gatus/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app gatus 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: observability 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | dependsOn: 14 | - name: cloudnative-pg-cluster 15 | - name: external-secrets-stores 16 | path: ./kubernetes/apps/observability/gatus/app 17 | prune: true 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | wait: false 22 | interval: 30m 23 | retryInterval: 1m 24 | timeout: 5m -------------------------------------------------------------------------------- /kubernetes/apps/observability/grafana/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: observability 5 | resources: 6 | - ./secret.sops.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/grafana/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: grafana 6 | namespace: flux-system 7 | spec: 8 | path: ./kubernetes/apps/observability/grafana/app 9 | prune: true 10 | dependsOn: 11 | - name: external-secrets-stores 12 | - name: kube-prometheus-stack 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | wait: false # no flux ks dependents 17 | interval: 30m 18 | retryInterval: 1m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/kromgo/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ../../../../templates/gatus/external 8 | configMapGenerator: 9 | - name: kromgo-configmap 10 | files: 11 | - config.yaml=./resources/config.yaml 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | annotations: 15 | kustomize.toolkit.fluxcd.io/substitute: disabled -------------------------------------------------------------------------------- /kubernetes/apps/observability/kromgo/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app kromgo 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: observability 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | dependsOn: 14 | - name: kube-prometheus-stack 15 | path: ./kubernetes/apps/observability/kromgo/app 16 | prune: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | wait: false 21 | interval: 30m 22 | retryInterval: 1m 23 | timeout: 5m 24 | postBuild: 25 | substitute: 26 | APP: *app 27 | GATUS_PATH: /-/ready 28 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/kube-prometheus-stack/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: observability 5 | resources: 6 | - ./alertmanagerconfig.yaml 7 | - ./helmrelease.yaml 8 | - ./secret.sops.yaml 9 | - ./scrapeconfig.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/kube-prometheus-stack/app/scrapeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/scrapeconfig_v1alpha1.json 3 | apiVersion: monitoring.coreos.com/v1alpha1 4 | kind: ScrapeConfig 5 | metadata: 6 | name: blocky 7 | spec: 8 | staticConfigs: 9 | - targets: 10 | - blocky.casalani.de 11 | metricsPath: /metrics -------------------------------------------------------------------------------- /kubernetes/apps/observability/kube-prometheus-stack/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: kube-prometheus-stack 6 | namespace: flux-system 7 | spec: 8 | path: ./kubernetes/apps/observability/kube-prometheus-stack/app 9 | prune: true 10 | dependsOn: 11 | - name: rook-ceph-cluster 12 | sourceRef: 13 | kind: GitRepository 14 | name: flux-system 15 | wait: false # no flux ks dependents 16 | interval: 30m 17 | retryInterval: 1m 18 | timeout: 5m 19 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./namespace.yaml 6 | - ./gatus/ks.yaml 7 | - ./grafana/ks.yaml 8 | - ./kromgo/ks.yaml 9 | - ./kube-prometheus-stack/ks.yaml 10 | - ./loki/ks.yaml 11 | - ./prometheus-operator-crds/ks.yaml 12 | - ./promtail/ks.yaml 13 | - ./silence-operator/ks.yaml 14 | - ./smartctl-exporter/ks.yaml -------------------------------------------------------------------------------- /kubernetes/apps/observability/loki/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/observability/loki/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app loki 7 | namespace: flux-system 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: rook-ceph-cluster 14 | interval: 1h 15 | path: ./kubernetes/apps/observability/loki/app 16 | prune: true 17 | retryInterval: 2m 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | targetNamespace: observability 23 | timeout: 5m 24 | wait: false -------------------------------------------------------------------------------- /kubernetes/apps/observability/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: observability 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled -------------------------------------------------------------------------------- /kubernetes/apps/observability/prometheus-operator-crds/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: prometheus-operator-crds 6 | spec: 7 | interval: 30m 8 | chart: 9 | spec: 10 | chart: prometheus-operator-crds 11 | version: 20.0.1 12 | sourceRef: 13 | kind: HelmRepository 14 | name: prometheus-community 15 | namespace: flux-system 16 | install: 17 | remediation: 18 | retries: 3 19 | upgrade: 20 | cleanupOnFail: true 21 | remediation: 22 | retries: 3 -------------------------------------------------------------------------------- /kubernetes/apps/observability/prometheus-operator-crds/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/observability/prometheus-operator-crds/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: &app prometheus-operator-crds 6 | namespace: flux-system 7 | spec: 8 | targetNamespace: observability 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | path: ./kubernetes/apps/observability/prometheus-operator-crds/app 13 | prune: false # never should be deleted 14 | sourceRef: 15 | kind: GitRepository 16 | name: flux-system 17 | wait: false 18 | interval: 30m 19 | retryInterval: 1m 20 | timeout: 5m -------------------------------------------------------------------------------- /kubernetes/apps/observability/promtail/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: OCIRepository 5 | metadata: 6 | name: promtail 7 | spec: 8 | interval: 5m 9 | layerSelector: 10 | mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip 11 | operation: copy 12 | ref: 13 | tag: 6.17.0 14 | url: oci://ghcr.io/grafana/helm-charts/promtail 15 | --- 16 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 17 | apiVersion: helm.toolkit.fluxcd.io/v2 18 | kind: HelmRelease 19 | metadata: 20 | name: promtail 21 | spec: 22 | interval: 1h 23 | chartRef: 24 | kind: OCIRepository 25 | name: promtail 26 | install: 27 | remediation: 28 | retries: -1 29 | upgrade: 30 | cleanupOnFail: true 31 | remediation: 32 | retries: 3 33 | values: 34 | fullnameOverride: promtail 35 | config: 36 | clients: 37 | - url: http://loki-headless.observability.svc.cluster.local:3100/loki/api/v1/push 38 | serviceMonitor: 39 | enabled: true -------------------------------------------------------------------------------- /kubernetes/apps/observability/promtail/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/observability/promtail/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app promtail 7 | namespace: flux-system 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | interval: 1h 13 | path: ./kubernetes/apps/observability/promtail/app 14 | prune: true 15 | retryInterval: 2m 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | namespace: flux-system 20 | targetNamespace: observability 21 | timeout: 5m 22 | wait: false -------------------------------------------------------------------------------- /kubernetes/apps/observability/silence-operator/crds/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.mcf.io/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: silence-operator-crds 7 | spec: 8 | interval: 12h 9 | chartRef: 10 | kind: OCIRepository 11 | name: silence-operator-crds 12 | install: 13 | remediation: 14 | retries: -1 15 | upgrade: 16 | cleanupOnFail: true 17 | remediation: 18 | retries: 3 -------------------------------------------------------------------------------- /kubernetes/apps/observability/silence-operator/crds/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./oci-repository.yaml 7 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/observability/silence-operator/crds/oci-repository.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.mcf.io/source.toolkit.fluxcd.io/ocirepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: OCIRepository 5 | metadata: 6 | name: silence-operator-crds 7 | spec: 8 | interval: 5m 9 | layerSelector: 10 | mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip 11 | operation: copy 12 | ref: 13 | tag: 0.0.3 14 | url: oci://ghcr.io/wiremind/wiremind-helm-charts/silence-operator-crds -------------------------------------------------------------------------------- /kubernetes/apps/observability/silence-operator/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app silence-operator-crds 7 | namespace: flux-system 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | interval: 1h 13 | path: ./kubernetes/apps/observability/silence-operator/crds 14 | prune: true 15 | retryInterval: 2m 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | namespace: flux-system 20 | targetNamespace: observability 21 | timeout: 5m 22 | wait: false 23 | --- 24 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 25 | apiVersion: kustomize.toolkit.fluxcd.io/v1 26 | kind: Kustomization 27 | metadata: 28 | name: &app silence-operator 29 | namespace: flux-system 30 | spec: 31 | commonMetadata: 32 | labels: 33 | app.kubernetes.io/name: *app 34 | interval: 1h 35 | path: ./kubernetes/apps/observability/silence-operator/resources 36 | prune: true 37 | retryInterval: 2m 38 | sourceRef: 39 | kind: GitRepository 40 | name: flux-system 41 | namespace: flux-system 42 | targetNamespace: observability 43 | timeout: 5m 44 | wait: false -------------------------------------------------------------------------------- /kubernetes/apps/observability/silence-operator/resources/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.mcf.io/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: silence-operator 7 | spec: 8 | interval: 12h 9 | maxHistory: 3 10 | chartRef: 11 | kind: OCIRepository 12 | name: silence-operator 13 | install: 14 | remediation: 15 | retries: -1 16 | upgrade: 17 | cleanupOnFail: true 18 | remediation: 19 | retries: 3 20 | values: 21 | image: 22 | name: quay.io/giantswarm/silence-operator 23 | operator: 24 | config: 25 | alertmanager: 26 | service: 27 | address: http://kube-prometheus-stack-alertmanager:9093 28 | rbac: 29 | create: true 30 | extraDeploy: 31 | - apiVersion: monitoring.giantswarm.io/v1alpha1 32 | kind: Silence 33 | metadata: 34 | name: cephnodenetworkpacketerrors 35 | spec: 36 | matchers: 37 | - name: alertname 38 | value: CephNodeNetworkPacketErrors 39 | isRegex: false 40 | - apiVersion: monitoring.giantswarm.io/v1alpha1 41 | kind: Silence 42 | metadata: 43 | name: cephnodenetworkpacketdrops 44 | spec: 45 | matchers: 46 | - name: alertname 47 | value: CephNodeNetworkPacketDrops 48 | isRegex: false -------------------------------------------------------------------------------- /kubernetes/apps/observability/silence-operator/resources/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./oci-repository.yaml 7 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/observability/silence-operator/resources/oci-repository.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.mcf.io/source.toolkit.fluxcd.io/ocirepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: OCIRepository 5 | metadata: 6 | name: silence-operator 7 | spec: 8 | interval: 5m 9 | layerSelector: 10 | mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip 11 | operation: copy 12 | ref: 13 | tag: 0.0.8 14 | url: oci://ghcr.io/wiremind/wiremind-helm-charts/silence-operator -------------------------------------------------------------------------------- /kubernetes/apps/observability/silence-operator/silences/ceph.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.giantswarm.io/v1alpha1 3 | kind: Silence 4 | metadata: 5 | name: cephmonclockskew 6 | spec: 7 | matchers: 8 | - name: alertname 9 | value: CephMonClockSkew 10 | isRegex: false 11 | --- 12 | apiVersion: monitoring.giantswarm.io/v1alpha1 13 | kind: Silence 14 | metadata: 15 | name: cephnodeinconsistentmtu 16 | spec: 17 | matchers: 18 | - name: alertname 19 | value: CephNodeInconsistentMTU 20 | isRegex: false 21 | --- 22 | apiVersion: monitoring.giantswarm.io/v1alpha1 23 | kind: Silence 24 | metadata: 25 | name: cephnodenetworkpacketdrops 26 | spec: 27 | matchers: 28 | - name: alertname 29 | value: CephNodeNetworkPacketDrops 30 | isRegex: false 31 | --- 32 | apiVersion: monitoring.giantswarm.io/v1alpha1 33 | kind: Silence 34 | metadata: 35 | name: cephnodenetworkpacketerrors 36 | spec: 37 | matchers: 38 | - name: alertname 39 | value: CephNodeNetworkPacketErrors 40 | isRegex: false -------------------------------------------------------------------------------- /kubernetes/apps/observability/silence-operator/silences/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./ceph.yaml 7 | - ./nodememoryhighutilization.yaml -------------------------------------------------------------------------------- /kubernetes/apps/observability/silence-operator/silences/nodememoryhighutilization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.giantswarm.io/v1alpha1 3 | kind: Silence 4 | metadata: 5 | name: nodememoryhighutilization 6 | spec: 7 | matchers: 8 | - name: alertname 9 | value: NodeMemoryHighUtilization 10 | isRegex: false 11 | - name: instance 12 | value: mnemosyne.* 13 | isRegex: true -------------------------------------------------------------------------------- /kubernetes/apps/observability/smartctl-exporter/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.ok8.sh/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: &app smartctl-exporter 7 | namespace: observability 8 | spec: 9 | interval: 30m 10 | chart: 11 | spec: 12 | chart: prometheus-smartctl-exporter 13 | version: 0.15.1 14 | sourceRef: 15 | kind: HelmRepository 16 | name: prometheus-community 17 | namespace: flux-system 18 | install: 19 | createNamespace: true 20 | remediation: 21 | retries: 3 22 | upgrade: 23 | cleanupOnFail: true 24 | remediation: 25 | retries: 3 26 | uninstall: 27 | keepHistory: false 28 | values: 29 | fullnameOverride: *app 30 | image: 31 | repository: ghcr.io/joryirving/smartctl_exporter 32 | tag: 0.14.0@sha256:b949a82e665df554a19d1b788fed50bec6a8e93f1c3e8b63b56c39541d81d718 33 | config: 34 | devices: 35 | - /dev/sda 36 | - /dev/nvme0n1 37 | serviceMonitor: 38 | enabled: true 39 | prometheusRules: 40 | enabled: false -------------------------------------------------------------------------------- /kubernetes/apps/observability/smartctl-exporter/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: observability 6 | resources: 7 | - ./helmrelease.yaml 8 | - ./prometheusrule.yaml -------------------------------------------------------------------------------- /kubernetes/apps/observability/smartctl-exporter/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.ok8.sh/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app smartctl-exporter 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: observability 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/observability/smartctl-exporter/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m -------------------------------------------------------------------------------- /kubernetes/apps/rook-ceph/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./rook-ceph/ks.yaml -------------------------------------------------------------------------------- /kubernetes/apps/rook-ceph/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: rook-ceph 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled -------------------------------------------------------------------------------- /kubernetes/apps/rook-ceph/rook-ceph/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: rook-ceph-operator 7 | spec: 8 | interval: 30m 9 | timeout: 15m 10 | chart: 11 | spec: 12 | chart: rook-ceph 13 | version: v1.17.4 14 | sourceRef: 15 | kind: HelmRepository 16 | name: rook-ceph 17 | namespace: flux-system 18 | install: 19 | remediation: 20 | retries: 3 21 | upgrade: 22 | cleanupOnFail: true 23 | remediation: 24 | retries: 3 25 | uninstall: 26 | keepHistory: false 27 | dependsOn: 28 | - name: snapshot-controller 29 | namespace: storage 30 | values: 31 | csi: 32 | cephFSKernelMountOptions: ms_mode=prefer-crc 33 | enableLiveness: true 34 | serviceMonitor: 35 | enabled: true 36 | monitoring: 37 | enabled: true 38 | resources: 39 | requests: 40 | cpu: 100m # unchangable 41 | memory: 128Mi # unchangable 42 | limits: {} -------------------------------------------------------------------------------- /kubernetes/apps/rook-ceph/rook-ceph/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./secret.sops.yaml 7 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/rook-ceph/rook-ceph/app/secret.sops.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: rook-ceph-dashboard-password 5 | namespace: rook-ceph 6 | stringData: 7 | password: ENC[AES256_GCM,data:6DmXpiDHr01g,iv:/IVGhpDLALrW2B4DbbR4wigmzNoFuW8VQRsbjfBSqxw=,tag:MvEc569MSD5YULiz0ACFpw==,type:str] 8 | sops: 9 | kms: [] 10 | gcp_kms: [] 11 | azure_kv: [] 12 | hc_vault: [] 13 | age: 14 | - recipient: age1kmnhp30e40u4q54znn8ysz3atvee5k4q9r585y8mzxz9xuuxm37spk5w4w 15 | enc: | 16 | -----BEGIN AGE ENCRYPTED FILE----- 17 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxdHdUeFhjVUV1NjRlcXQ3 18 | Y2k1RTI1RUxJY2VBcEtpWGhZVEd0NEZ2VGxRClZTNlV0RXRkY2ZLTlpUV2Fra3Nw 19 | d2w0ZTMwZnYyV2ZjclF3WmkzaC9oUm8KLS0tIFVOd3NhQnpVS3ZGb2dZaHpmZHl2 20 | blpGdHRxRThHdDRId3BkY3RlODA5encKJKwnjqmnLe4tlx9lAJ+RWjK1gB3vxlrI 21 | Yrx/H8Sy+HCbk19wHooWyrfZvWH52kk7Mo+GNgZUtGtlSAmct3zdRg== 22 | -----END AGE ENCRYPTED FILE----- 23 | lastmodified: "2023-12-27T16:14:42Z" 24 | mac: ENC[AES256_GCM,data:/5p56sTQnfI5OIHwh/kTtxvsI2Kk0UCJv17DERNUWx4DHwjdUEHG7mKome6D615trPBFP/W4zhvaXnQNH+9IGJ3ZAown3nqALNRvXQG5HeKjERIyDO24WSMsHBG3mspxTIiG1NAm8sDf8+2N6OoJ+MoIYIf6ngpSGSKVJ32+U4I=,iv:tDaJ6AQ3ipwKIDvegliBe0xFm1NoZD411PHt57OZScI=,tag:p7t7EcXmIIBUNpwMgfDkMQ==,type:str] 25 | pgp: [] 26 | encrypted_regex: ^(data|stringData)$ 27 | version: 3.8.1 28 | -------------------------------------------------------------------------------- /kubernetes/apps/rook-ceph/rook-ceph/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/rook-ceph/rook-ceph/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app rook-ceph 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: rook-ceph 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/rook-ceph/rook-ceph/app 14 | prune: false # never should be deleted 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | --- 23 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 24 | apiVersion: kustomize.toolkit.fluxcd.io/v1 25 | kind: Kustomization 26 | metadata: 27 | name: &app rook-ceph-cluster 28 | namespace: flux-system 29 | spec: 30 | targetNamespace: rook-ceph 31 | commonMetadata: 32 | labels: 33 | app.kubernetes.io/name: *app 34 | path: ./kubernetes/apps/rook-ceph/rook-ceph/cluster 35 | prune: false # never should be deleted 36 | sourceRef: 37 | kind: GitRepository 38 | name: flux-system 39 | wait: false 40 | interval: 30m 41 | retryInterval: 1m 42 | timeout: 15m -------------------------------------------------------------------------------- /kubernetes/apps/social/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./namespace.yaml 6 | - ./mastodon/ks.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/social/mastodon/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./externalsecret.yaml 6 | - ./helmrelease.yaml 7 | - ../../../../templates/volsync 8 | -------------------------------------------------------------------------------- /kubernetes/apps/social/mastodon/elasticsearch/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema: https://kochhaus-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &app mastodon-elasticsearch 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword-connect 11 | target: 12 | name: *app 13 | template: 14 | data: 15 | # Elasticsearch 16 | ELASTIC_PASSWORD: "{{ .ELASTIC_PASSWORD }}" 17 | dataFrom: 18 | - extract: 19 | key: mastodon -------------------------------------------------------------------------------- /kubernetes/apps/social/mastodon/elasticsearch/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ../../../../templates/volsync 9 | -------------------------------------------------------------------------------- /kubernetes/apps/social/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: social 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | annotations: 9 | volsync.backube/privileged-movers: "true" -------------------------------------------------------------------------------- /kubernetes/apps/storage/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./namespace.yaml 6 | - ./minio/ks.yaml 7 | - ./openebs/ks.yaml 8 | - ./snapshot-controller/ks.yaml 9 | - ./volsync/ks.yaml -------------------------------------------------------------------------------- /kubernetes/apps/storage/minio/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: minio 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword-connect 11 | target: 12 | name: minio-secret 13 | template: 14 | engineVersion: v2 15 | data: 16 | MINIO_ROOT_USER: "{{ .MINIO_ROOT_USER }}" 17 | MINIO_ROOT_PASSWORD: "{{ .MINIO_ROOT_PASSWORD }}" 18 | dataFrom: 19 | - extract: 20 | key: minio -------------------------------------------------------------------------------- /kubernetes/apps/storage/minio/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ../../../../templates/volsync 9 | # - ../../../../templates/gatus/guarded -------------------------------------------------------------------------------- /kubernetes/apps/storage/minio/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app minio 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: storage 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | interval: 10m 14 | path: "./kubernetes/apps/storage/minio/app" 15 | dependsOn: 16 | - name: external-secrets-stores 17 | prune: true 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | wait: false 22 | timeout: 2m 23 | postBuild: 24 | substitute: 25 | APP: *app 26 | VOLSYNC_CAPACITY: 100Gi -------------------------------------------------------------------------------- /kubernetes/apps/storage/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: storage 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled -------------------------------------------------------------------------------- /kubernetes/apps/storage/openebs/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: openebs 6 | spec: 7 | interval: 30m 8 | chart: 9 | spec: 10 | chart: openebs 11 | version: 4.2.0 12 | sourceRef: 13 | kind: HelmRepository 14 | name: openebs 15 | namespace: flux-system 16 | install: 17 | remediation: 18 | retries: 3 19 | upgrade: 20 | cleanupOnFail: true 21 | remediation: 22 | retries: 3 23 | values: 24 | engines: 25 | local: 26 | lvm: 27 | enabled: false 28 | zfs: 29 | enabled: false 30 | replicated: 31 | mayastor: 32 | enabled: false 33 | openebs-crds: 34 | csi: 35 | volumeSnapshots: 36 | enabled: false 37 | localpv-provisioner: 38 | localpv: 39 | image: 40 | registry: quay.io/ 41 | helperPod: 42 | image: 43 | registry: quay.io/ 44 | hostpathClass: 45 | enabled: true 46 | name: openebs-hostpath 47 | isDefaultClass: false 48 | basePath: /var/openebs/local -------------------------------------------------------------------------------- /kubernetes/apps/storage/openebs/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/storage/openebs/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: &app openebs 6 | namespace: flux-system 7 | spec: 8 | targetNamespace: storage 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | path: ./kubernetes/apps/storage/openebs/app 13 | prune: true 14 | sourceRef: 15 | kind: GitRepository 16 | name: flux-system 17 | wait: false 18 | interval: 30m 19 | retryInterval: 1m 20 | timeout: 5m -------------------------------------------------------------------------------- /kubernetes/apps/storage/snapshot-controller/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: snapshot-controller 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: snapshot-controller 12 | version: 4.0.2 13 | sourceRef: 14 | kind: HelmRepository 15 | name: piraeus 16 | namespace: flux-system 17 | interval: 30m 18 | install: 19 | crds: CreateReplace 20 | upgrade: 21 | crds: CreateReplace 22 | values: 23 | controller: 24 | serviceMonitor: 25 | create: true 26 | webhook: 27 | enabled: true 28 | tls: 29 | certManagerIssuerRef: 30 | name: snapshot-controller-webhook-ca 31 | kind: Issuer -------------------------------------------------------------------------------- /kubernetes/apps/storage/snapshot-controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./pki.yaml 6 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/storage/snapshot-controller/app/pki.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: Issuer 4 | metadata: 5 | name: snapshot-controller-webhook-selfsign 6 | spec: 7 | selfSigned: {} 8 | --- 9 | apiVersion: cert-manager.io/v1 10 | kind: Certificate 11 | metadata: 12 | name: snapshot-controller-webhook-ca 13 | spec: 14 | secretName: snapshot-controller-webhook-ca 15 | duration: 43800h # 5y 16 | issuerRef: 17 | name: snapshot-controller-webhook-selfsign 18 | kind: Issuer 19 | commonName: "ca.k8s-ycl.cert-manager" 20 | isCA: true 21 | --- 22 | apiVersion: cert-manager.io/v1 23 | kind: Issuer 24 | metadata: 25 | name: snapshot-controller-webhook-ca 26 | spec: 27 | ca: 28 | secretName: snapshot-controller-webhook-ca -------------------------------------------------------------------------------- /kubernetes/apps/storage/snapshot-controller/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &appname snapshot-controller 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: storage 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *appname 13 | interval: 10m 14 | path: "./kubernetes/apps/storage/snapshot-controller/app" 15 | prune: true 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | wait: true 20 | timeout: 2m 21 | dependsOn: 22 | - name: cert-manager -------------------------------------------------------------------------------- /kubernetes/apps/storage/volsync/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: volsync 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: volsync 12 | version: 0.12.1 13 | sourceRef: 14 | kind: HelmRepository 15 | name: backube 16 | namespace: flux-system 17 | interval: 30m 18 | values: 19 | manageCRDs: true 20 | metrics: 21 | disableAuth: true -------------------------------------------------------------------------------- /kubernetes/apps/storage/volsync/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./prometheusrule.yaml -------------------------------------------------------------------------------- /kubernetes/apps/storage/volsync/app/prometheusrule.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/monitoring.coreos.com/prometheusrule_v1.json 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: PrometheusRule 5 | metadata: 6 | name: volsync 7 | spec: 8 | groups: 9 | - name: volsync.rules 10 | rules: 11 | - alert: VolSyncComponentAbsent 12 | annotations: 13 | summary: VolSync component has disappeared from Prometheus target discovery. 14 | expr: | 15 | absent(up{job="volsync-metrics"}) 16 | for: 15m 17 | labels: 18 | severity: critical 19 | - alert: VolSyncVolumeOutOfSync 20 | annotations: 21 | summary: >- 22 | {{ $labels.obj_namespace }}/{{ $labels.obj_name }} volume 23 | is out of sync. 24 | expr: | 25 | volsync_volume_out_of_sync == 1 26 | for: 15m 27 | labels: 28 | severity: critical -------------------------------------------------------------------------------- /kubernetes/apps/storage/volsync/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &appname volsync 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: storage 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *appname 13 | interval: 10m 14 | path: "./kubernetes/apps/storage/volsync/app" 15 | dependsOn: 16 | - name: external-secrets-stores 17 | - name: snapshot-controller 18 | prune: true 19 | sourceRef: 20 | kind: GitRepository 21 | name: flux-system 22 | wait: false 23 | timeout: 2m -------------------------------------------------------------------------------- /kubernetes/bootstrap/flux/age-key.secret.sops.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: sops-age 5 | namespace: flux-system 6 | stringData: 7 | age.agekey: ENC[AES256_GCM,data:DY+ytUtBM/ZoTX9VQ0RVdQ6nsT2cs1pMF41K9aracOvSUWh6t5BhyZAtP3mhhiFeBAE1BnYoxnRf0MiI1NN52LN9NAFqbKaHThY=,iv:E6zc3mPHBP26U5+8zFbKIVct8++Gzv9zZKC9zx79v2w=,tag:tFNLpMqWThXGAFjyii5H+g==,type:str] 8 | sops: 9 | kms: [] 10 | gcp_kms: [] 11 | azure_kv: [] 12 | hc_vault: [] 13 | age: 14 | - recipient: age1kmnhp30e40u4q54znn8ysz3atvee5k4q9r585y8mzxz9xuuxm37spk5w4w 15 | enc: | 16 | -----BEGIN AGE ENCRYPTED FILE----- 17 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXR2J0djI3bEt2MVdTSGtW 18 | cEF0SkNVUE0rMmFtVjU4Y1FVNHV5eGE5ZlR3CjRlZkV4bndZaExmUGNaRTVobG10 19 | aUNhcnRGT3k0R2haNklPYnczbGRnc1UKLS0tIC9mNFN1QjlOSmJiaDVRQnVQY3JJ 20 | cWtaTkx0djIwaElOUVBHY3NBOE1KOGsKH3aH245mntjMrLJLVtTBKYJEzrwSOf4j 21 | FrCARasU1ifCxDCSKpG7LMx4iw5YeZGKYFDLdeWWDDVv18cFDIM84A== 22 | -----END AGE ENCRYPTED FILE----- 23 | lastmodified: "2024-09-25T10:15:41Z" 24 | mac: ENC[AES256_GCM,data:1aiKMK1Ce9SnbmIdhnRwLTQ95SMDLs4i7OoIZgqC/RLpfGNtZ1C7r8RcrU8zyWDmXVIlUrMia8JytIHXPGBYfb5C1deRUHUbeooo0DUlFgJyH/wx+r8tk2L7KBE8hoRmNxSuJmhXTuwwYhCJwwT3EDewbdIjkCh9x4AszV+QpMw=,iv:9co/f3+4LiKxIC6WwdjXlmWaEDCN+mk+4o3Q0aPb/z8=,tag:uDfVQ6gFVNTCH4faiQWtiQ==,type:str] 25 | pgp: [] 26 | encrypted_regex: ^(data|stringData)$ 27 | version: 3.9.0 28 | -------------------------------------------------------------------------------- /kubernetes/bootstrap/flux/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # IMPORTANT: This file is not tracked by flux and should never be. Its 2 | # purpose is to only install the Flux components and CRDs into your cluster. 3 | --- 4 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 5 | apiVersion: kustomize.config.k8s.io/v1beta1 6 | kind: Kustomization 7 | resources: 8 | - github.com/fluxcd/flux2/manifests/install?ref=v2.6.1 9 | patches: 10 | # Remove the default network policies 11 | - patch: |- 12 | $patch: delete 13 | apiVersion: networking.k8s.io/v1 14 | kind: NetworkPolicy 15 | metadata: 16 | name: not-used 17 | target: 18 | group: networking.k8s.io 19 | kind: NetworkPolicy -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/git/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./local-path-provisioner.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/git/local-path-provisioner.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: GitRepository 4 | metadata: 5 | name: local-path-provisioner 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://github.com/rancher/local-path-provisioner 10 | ref: 11 | tag: v0.0.31 12 | ignore: | 13 | # exclude all 14 | /* 15 | # include kubernetes directory 16 | !/deploy/chart/local-path-provisioner 17 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/backube.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: backube 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://backube.github.io/helm-charts/ -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/bitnami.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: bitnami 6 | namespace: flux-system 7 | spec: 8 | type: oci 9 | interval: 5m 10 | url: oci://registry-1.docker.io/bitnamicharts 11 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/bjw-s.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: bjw-s 6 | namespace: flux-system 7 | spec: 8 | type: oci 9 | interval: 5m 10 | url: oci://ghcr.io/bjw-s-labs/helm 11 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/cilium.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: cilium 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://helm.cilium.io 10 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/cloudnative-pg.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: cloudnative-pg 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://cloudnative-pg.github.io/charts -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/controlplaneio.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: controlplaneio 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 5m 11 | url: oci://ghcr.io/controlplaneio-fluxcd/charts -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/coredns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: coredns 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://coredns.github.io/helm -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/democratic-csi.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: democratic-csi 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://democratic-csi.github.io/charts/ 10 | timeout: 3m -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/emberstack.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: emberstack 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://emberstack.github.io/helm-charts -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/emqx.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: emqx 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://repos.emqx.io/charts -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/external-dns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: external-dns 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://kubernetes-sigs.github.io/external-dns 10 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/external-secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: external-secrets 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://charts.external-secrets.io -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/grafana.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: grafana 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://grafana.github.io/helm-charts 10 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/ingress-nginx.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: ingress-nginx 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://kubernetes.github.io/ingress-nginx 10 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/intel.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: intel 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://intel.github.io/helm-charts -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/jetstack.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: jetstack 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://charts.jetstack.io/ 10 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/k8s-gateway.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: k8s-gateway 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://ori-edge.github.io/k8s_gateway/ 10 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./backube.yaml 6 | - ./bitnami.yaml 7 | - ./bjw-s.yaml 8 | - ./cilium.yaml 9 | - ./cloudnative-pg.yaml 10 | - ./controlplaneio.yaml 11 | - ./coredns.yaml 12 | - ./democratic-csi.yaml 13 | - ./emberstack.yaml 14 | - ./emqx.yaml 15 | - ./external-dns.yaml 16 | - ./external-secrets.yaml 17 | - ./grafana.yaml 18 | - ./ingress-nginx.yaml 19 | - ./intel.yaml 20 | - ./jetstack.yaml 21 | - ./metrics-server.yaml 22 | - ./nextcloud.yaml 23 | - ./node-feature-discovery-charts.yaml 24 | - ./openebs.yaml 25 | - ./piraeus.yaml 26 | - ./postfinance.yaml 27 | - ./prometheus-community.yaml 28 | - ./rook-ceph.yaml 29 | - ./spegel.yaml 30 | - ./stakater.yaml 31 | - ./weave-gitops.yaml 32 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/metrics-server.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: metrics-server 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://kubernetes-sigs.github.io/metrics-server 10 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/nextcloud.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: nextcloud 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://nextcloud.github.io/helm/ -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/node-feature-discovery-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: node-feature-discovery-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 10m 9 | url: https://kubernetes-sigs.github.io/node-feature-discovery/charts 10 | timeout: 3m -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/openebs.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: openebs 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://openebs.github.io/openebs -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/piraeus.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: piraeus 7 | namespace: flux-system 8 | spec: 9 | interval: 30m 10 | url: https://piraeus.io/helm-charts/ 11 | timeout: 3m -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/postfinance.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: postfinance 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://postfinance.github.io/kubelet-csr-approver -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/prometheus-community.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: prometheus-community 6 | namespace: flux-system 7 | spec: 8 | type: oci 9 | interval: 5m 10 | url: oci://ghcr.io/prometheus-community/charts 11 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/rook-ceph.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: rook-ceph 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://charts.rook.io/release -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/spegel.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: spegel 6 | namespace: flux-system 7 | spec: 8 | type: oci 9 | interval: 5m 10 | url: oci://ghcr.io/spegel-org/helm-charts -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/stakater.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: stakater 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://stakater.github.io/stakater-charts 10 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/weave-gitops.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: weave-gitops 6 | namespace: flux-system 7 | spec: 8 | type: oci 9 | interval: 5m 10 | url: oci://ghcr.io/weaveworks/charts 11 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./git 6 | - ./helm 7 | # - ./oci 8 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/oci/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cbirkenbeul/homelab/17e79c9700a4f671bce9c3832a59ecf20a9f10d7/kubernetes/flux/meta/repositories/oci/.gitkeep -------------------------------------------------------------------------------- /kubernetes/flux/meta/settings/cluster-settings.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: cluster-settings 6 | namespace: flux-system 7 | data: 8 | TIMEZONE: Europe/Berlin 9 | TZ: Europe/Berlin 10 | ROUTER_IP: 192.168.10.1 11 | SERVICE_CIDR: 10.43.0.0/16 12 | CLUSTER_CIDR: 10.42.0.0/16 13 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/settings/kustomization.yml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ./cluster-settings.yaml 5 | - ./cluster-secrets.sops.yaml -------------------------------------------------------------------------------- /kubernetes/templates/gatus/external/configmap.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: "${APP}-gatus-ep" 6 | labels: 7 | gatus.io/enabled: "true" 8 | data: 9 | config.yaml: | 10 | endpoints: 11 | - name: "${APP}" 12 | group: external 13 | url: "https://${GATUS_SUBDOMAIN:-${APP}}.casalani.de${GATUS_PATH:-/}" 14 | interval: 1m 15 | client: 16 | dns-resolver: tcp://1.1.1.1:53 17 | conditions: 18 | - "[STATUS] == 200" 19 | alerts: 20 | - type: pushover -------------------------------------------------------------------------------- /kubernetes/templates/gatus/external/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./configmap.yaml -------------------------------------------------------------------------------- /kubernetes/templates/gatus/guarded/configmap.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: "${APP}-gatus-ep" 6 | labels: 7 | gatus.io/enabled: "true" 8 | data: 9 | config.yaml: | 10 | endpoints: 11 | - name: "${APP}" 12 | group: guarded 13 | url: 1.1.1.1 14 | interval: 1m 15 | ui: 16 | hide-hostname: true 17 | hide-url: true 18 | dns: 19 | query-name: "${GATUS_SUBDOMAIN:-${APP}}.casalani.de${GATUS_PATH:-/}" 20 | query-type: A 21 | conditions: 22 | - "len([BODY]) == 0" 23 | alerts: 24 | - type: pushover -------------------------------------------------------------------------------- /kubernetes/templates/gatus/guarded/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./configmap.yaml -------------------------------------------------------------------------------- /kubernetes/templates/volsync/claim.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: "${APP}" 6 | spec: 7 | accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"] 8 | # dataSourceRef: 9 | # kind: ReplicationDestination 10 | # apiGroup: volsync.backube 11 | # name: "${APP}-dst" 12 | resources: 13 | requests: 14 | storage: "${VOLSYNC_CAPACITY:=5Gi}" 15 | storageClassName: "${VOLSYNC_STORAGECLASS:=ceph-block}" -------------------------------------------------------------------------------- /kubernetes/templates/volsync/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./claim.yaml 7 | - ./minio.yaml 8 | --------------------------------------------------------------------------------