├── .github ├── lint │ ├── .tflint.hcl │ ├── .ansible-lint.yaml │ ├── .prettierrc.yaml │ └── .prettierignore ├── CODEOWNERS ├── ISSUE_TEMPLATE │ └── config.yml ├── renovate-bot.json5 ├── scripts │ └── cloudflareNetworks.mjs └── renovate │ └── disabledDatasources.json5 ├── provision ├── ansible │ ├── local │ │ ├── .envrc │ │ ├── ansible.cfg │ │ └── inventory │ │ │ └── hosts.yaml │ └── kubernetes │ │ ├── inventory │ │ ├── host_vars │ │ │ └── .gitkeep │ │ └── group_vars │ │ │ └── kubernetes │ │ │ └── kube-vip.yml │ │ ├── .envrc │ │ ├── roles │ │ ├── os.kubernetes │ │ │ ├── tasks │ │ │ │ ├── dist-upgrade.yml │ │ │ │ └── locale.yml │ │ │ └── handlers │ │ │ │ └── network.yml │ │ └── k3s.kubernetes │ │ │ ├── defaults │ │ │ └── main.yml │ │ │ └── templates │ │ │ └── k3s │ │ │ └── 11-arm-node-taint.yaml.j2 │ │ └── playbooks │ │ ├── os.yml │ │ └── k3s.yml └── terraform │ ├── authentik │ ├── main.tf │ ├── flows-stages │ │ ├── invitation_stage.tf │ │ └── prompts │ │ │ └── prompts.tf │ └── provider │ │ └── provider.tf │ └── flux │ └── terraform.tfvars ├── cluster ├── apps │ ├── media │ │ ├── recyclarr │ │ │ ├── config │ │ │ │ ├── recyclarr.yaml │ │ │ │ └── sonarr-uhd.yaml │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── README.md │ │ ├── books │ │ │ ├── openbooks │ │ │ │ └── kustomization.yaml │ │ │ ├── calibre │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── pvc-config.yaml │ │ │ │ └── http-route.yaml │ │ │ ├── kavita │ │ │ │ └── kustomization.yaml │ │ │ ├── mylar │ │ │ │ ├── kustomization.yaml │ │ │ │ └── config-pvc.yaml │ │ │ ├── lazylibrarian │ │ │ │ └── kustomization.yaml │ │ │ ├── calibre-web │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc-calibre-web-config.yaml │ │ │ ├── readarr │ │ │ │ └── kustomization.yaml │ │ │ ├── readarr-audio │ │ │ │ └── kustomization.yaml │ │ │ └── audiobookshelf │ │ │ │ └── app │ │ │ │ ├── pvc-config-v1.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc-metadata.yaml │ │ ├── plex-meta-manager │ │ │ ├── config │ │ │ │ └── kustomization.yaml │ │ │ ├── imagemaid │ │ │ │ └── kustomization.yaml │ │ │ └── app │ │ │ │ ├── pvc.yaml │ │ │ │ └── custom │ │ │ │ ├── TV Shows - Overlays - Statuses.yaml │ │ │ │ ├── Movies - Overlays - Stand-up.yaml │ │ │ │ └── README.md │ │ ├── tdarr │ │ │ ├── node │ │ │ │ ├── config-map.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── app │ │ │ │ └── kustomization.yaml │ │ ├── lidarr │ │ │ ├── kustomization.yaml │ │ │ ├── routers │ │ │ │ └── kustomization.yaml │ │ │ └── config-pvc.yaml │ │ ├── tautulli │ │ │ ├── kustomization.yaml │ │ │ └── routers │ │ │ │ └── kustomization.yaml │ │ ├── radarr │ │ │ ├── radarr-hd │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc-config.yaml │ │ │ ├── radarr-uhd │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc-config.yaml │ │ │ ├── routers │ │ │ │ └── kustomization.yaml │ │ │ └── kustomization.yaml │ │ ├── sonarr │ │ │ ├── sonarr-hd │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc-config.yaml │ │ │ ├── sonarr-uhd │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc-config.yaml │ │ │ ├── routers │ │ │ │ └── kustomization.yaml │ │ │ └── kustomization.yaml │ │ ├── media-pv │ │ │ └── kustomization.yaml │ │ ├── bazarr │ │ │ ├── kustomization.yaml │ │ │ └── config-pvc.yaml │ │ ├── plex │ │ │ ├── config │ │ │ │ └── README.md │ │ │ ├── pdb.yaml │ │ │ └── pvc-cache.yaml │ │ ├── prowlarr │ │ │ └── kustomization.yaml │ │ ├── overseer │ │ │ ├── pdb.yaml │ │ │ ├── kustomization.yaml │ │ │ └── config-pvc.yaml │ │ ├── maintainerr │ │ │ └── app │ │ │ │ └── pvc-data-v1.yaml │ │ ├── stash │ │ │ └── app │ │ │ │ ├── pvc-config-v1.yaml │ │ │ │ ├── pvc-metadata-v1.yaml │ │ │ │ ├── pvc-generated-v1.yaml │ │ │ │ └── kustomization.yaml │ │ ├── navidrome │ │ │ └── app │ │ │ │ └── pvc-config-v1.yaml │ │ ├── music-assistant │ │ │ └── app │ │ │ │ ├── pvc-data-v1.yaml │ │ │ │ └── kustomization.yaml │ │ ├── plex-trakt-sync │ │ │ └── pvc-config.yaml │ │ ├── priority-class.yaml │ │ ├── middlewares │ │ │ └── chain-no-auth.yaml │ │ └── ytdlp-sub │ │ │ └── app │ │ │ └── README.md │ ├── system │ │ ├── intel-device-plugins │ │ │ ├── exporter │ │ │ │ └── kustomization.yaml │ │ │ ├── operator │ │ │ │ ├── kustomization.yaml │ │ │ │ └── README.md │ │ │ └── device-plugin-gpu │ │ │ │ ├── kustomization.yaml │ │ │ │ └── README.md │ │ ├── namespace.yaml │ │ └── kustomization.yaml │ ├── monitoring │ │ ├── snmp-exporter │ │ │ ├── synology-nas │ │ │ │ └── prometheus-rule.yaml │ │ │ └── kustomization.yaml │ │ ├── gatus │ │ │ └── app │ │ │ │ ├── README.md │ │ │ │ └── pvc-data-v1.yaml │ │ ├── grafana │ │ │ ├── datasources │ │ │ │ └── patches.yaml │ │ │ ├── instance │ │ │ │ └── kustomization.yaml │ │ │ └── dashboards │ │ │ │ ├── home │ │ │ │ ├── patch-folder.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── folder.yaml │ │ │ │ └── emqx.yaml │ │ │ │ ├── media │ │ │ │ ├── patch-folder.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── folder.yaml │ │ │ │ ├── users │ │ │ │ ├── patch-folder.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── folder.yaml │ │ │ │ └── authentik.yaml │ │ │ │ ├── kyverno │ │ │ │ ├── patch-folder.yaml │ │ │ │ ├── folder.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ ├── storage │ │ │ │ ├── patch-folder.yaml │ │ │ │ ├── folder.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── redis.yaml │ │ │ │ ├── system │ │ │ │ ├── patch-folder.yaml │ │ │ │ ├── folder.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ ├── database │ │ │ │ ├── patch-folder.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── folder.yaml │ │ │ │ └── cnpg.yaml │ │ │ │ ├── monitoring │ │ │ │ ├── patch-folder.yaml │ │ │ │ ├── folder.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ ├── networking │ │ │ │ ├── patch-folder.yaml │ │ │ │ ├── cert-manager.yaml │ │ │ │ ├── folder.yaml │ │ │ │ └── metallb.yaml │ │ │ │ └── kustomization.yaml │ │ ├── goldilocks │ │ │ └── kustomization.yaml │ │ ├── unifi-poller │ │ │ └── kustomization.yaml │ │ ├── uptimerobot │ │ │ └── kustomization.yaml │ │ ├── vector │ │ │ ├── kustomization.yaml │ │ │ ├── agent │ │ │ │ └── patches │ │ │ │ │ └── kustomize-config.yaml │ │ │ └── aggregator │ │ │ │ └── patches │ │ │ │ └── kustomize-config.yaml │ │ ├── node-problem-detector │ │ │ └── kustomization.yaml │ │ ├── vertical-pod-autoscaler │ │ │ └── kustomization.yaml │ │ ├── thanos │ │ │ └── kustomization.yaml │ │ ├── loki │ │ │ └── app │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── obc-loki-v1.yaml │ │ │ │ └── alerting │ │ │ │ └── kustomization.yaml │ │ ├── README.md │ │ └── kustomization.yaml │ ├── blogs │ │ ├── kustomization.yaml │ │ └── ghost │ │ │ ├── routers │ │ │ └── redirect-tgr-lilj.yaml │ │ │ ├── pvc-config.yaml │ │ │ └── pvc-db-backup.yaml │ ├── cert-manager │ │ └── kustomization.yaml │ ├── auth │ │ ├── authentik │ │ │ ├── media │ │ │ │ ├── generated_3-min.png │ │ │ │ └── kustomization.yaml │ │ │ ├── redis │ │ │ │ └── kustomization.yaml │ │ │ ├── outposts │ │ │ │ └── kustomization.yaml │ │ │ ├── postgres │ │ │ │ └── pvc-backup.yaml │ │ │ └── kustomization.yaml │ │ ├── realms │ │ │ ├── kustomization.yaml │ │ │ └── bloopysphere │ │ │ │ ├── db │ │ │ │ ├── cluster │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── alerts │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── config │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── backup │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── backup-schedule.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── keycloak │ │ │ │ └── instance │ │ │ │ ├── kustomization.yaml │ │ │ │ └── routers │ │ │ │ └── README.md │ │ ├── ldap │ │ │ ├── db │ │ │ │ ├── alerts │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── cluster │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── canary-cfg.yaml │ │ │ │ ├── backup │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── backup-schedule.yaml │ │ │ │ └── config │ │ │ │ │ └── kustomization.yaml │ │ │ └── app │ │ │ │ └── kustomization.yaml │ │ └── kustomization.yaml │ ├── home │ │ ├── home-assistant │ │ │ ├── README.md │ │ │ ├── kustomization.yaml │ │ │ └── db │ │ │ │ └── backup-pvc.yaml │ │ ├── ser2sock │ │ │ ├── kustomization.yaml │ │ │ └── pdb.yaml │ │ ├── zwavejs2mqtt │ │ │ ├── kustomization.yaml │ │ │ ├── pdb.yaml │ │ │ └── config-pvc.yaml │ │ ├── network-ups-tools │ │ │ ├── kustomization.yaml │ │ │ └── README.md │ │ ├── emqx │ │ │ ├── pdb.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── db-emqx │ │ │ │ └── pvc-db-backup.yaml │ │ │ └── genSaltedPass.sh │ │ ├── priority-class.yaml │ │ ├── kustomization.yaml │ │ └── go2rtc │ │ │ └── app │ │ │ └── kustomization.yaml │ ├── velero │ │ ├── kustomization.yaml │ │ ├── configmap │ │ │ └── kustomization.yaml │ │ └── velero │ │ │ └── kustomization.yaml │ ├── default │ │ ├── jupyterhub │ │ │ └── kustomization.yaml │ │ ├── bloopyboi │ │ │ └── config │ │ │ │ └── kustomization.yaml │ │ ├── wiki │ │ │ ├── kustomization.yaml │ │ │ ├── db │ │ │ │ ├── cluster │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── alerts │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── config │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── backup │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── backup-schedule.yaml │ │ │ │ │ └── obc-backup-v1.yaml │ │ │ └── wikijs │ │ │ │ └── app │ │ │ │ └── kustomization.yaml │ │ ├── hajimari-xyz │ │ │ ├── kustomization.yaml │ │ │ └── config-pvc.yaml │ │ ├── hajimari-bloop │ │ │ ├── kustomization.yaml │ │ │ └── config-pvc.yaml │ │ ├── minecraft │ │ │ ├── kustomization.yaml │ │ │ ├── pvc-mcsv-backups-v1.yaml │ │ │ ├── pvc-minecraft-data-v1.yaml │ │ │ └── patches │ │ │ │ └── kustomization.yaml │ │ └── middlewares │ │ │ └── chain-no-auth.yaml │ ├── flux-system │ │ ├── notifications │ │ │ ├── receivers │ │ │ │ └── README.md │ │ │ ├── discord │ │ │ │ └── kustomization.yaml │ │ │ ├── kustomization.yaml │ │ │ └── grafana │ │ │ │ ├── kustomization.yaml │ │ │ │ └── scripts │ │ │ │ └── kustomization.yaml │ │ ├── monitoring │ │ │ └── kustomization.yaml │ │ └── kustomization.yaml │ ├── kube-system │ │ ├── reloader │ │ │ └── kustomization.yaml │ │ ├── descheduler │ │ │ └── kustomization.yaml │ │ ├── reflector │ │ │ └── kustomization.yaml │ │ ├── metrics-server │ │ │ └── kustomization.yaml │ │ ├── nfs-subdir-external-provisioner │ │ │ └── kustomization.yaml │ │ ├── node-feature-discovery │ │ │ ├── kustomization.yaml │ │ │ └── rules │ │ │ │ └── kustomization.yaml │ │ ├── local-path-provisioner │ │ │ └── app │ │ │ │ └── kustomization.yaml │ │ ├── kured │ │ │ └── kustomization.yaml │ │ └── kustomization.yaml │ ├── networking │ │ ├── error-pages │ │ │ └── kustomization.yaml │ │ ├── flaresolverr │ │ │ └── kustomization.yaml │ │ ├── gateway-api │ │ │ ├── README.md │ │ │ └── gateway-class.yaml │ │ ├── k8s-gateway │ │ │ └── kustomization.yaml │ │ ├── traefik │ │ │ ├── tls-store │ │ │ │ ├── kustomization.yaml │ │ │ │ └── default.yaml │ │ │ ├── middlewares │ │ │ │ ├── basic-auth.yaml │ │ │ │ ├── plex-add-web.yaml │ │ │ │ ├── rate-limit.yaml │ │ │ │ ├── ghost-admin-add-prefix.yaml │ │ │ │ ├── error-pages.yaml │ │ │ │ ├── external-auth.yaml │ │ │ │ ├── chain-ghost-admin.yaml │ │ │ │ ├── internal-only-auth.yaml │ │ │ │ ├── calibre-auth.yaml │ │ │ │ ├── keycloak-forward-auth.yaml │ │ │ │ ├── chain-no-auth.yaml │ │ │ │ └── chain-no-auth-tgr.yaml │ │ │ ├── external-services │ │ │ │ └── kustomization.yaml │ │ │ ├── kustomization.yaml │ │ │ └── cloudflare-networks.txt │ │ ├── blocky │ │ │ └── app │ │ │ │ ├── redis │ │ │ │ └── kustomization.yaml │ │ │ │ ├── pdb.yaml │ │ │ │ └── db-blocky-query │ │ │ │ └── pvc-db-backup.yaml │ │ ├── external-dns │ │ │ ├── repo │ │ │ │ ├── kustomization.yaml │ │ │ │ └── helm-repository.yaml │ │ │ └── app │ │ │ │ └── kustomization.yaml │ │ ├── wildcard-certificate │ │ │ └── kustomization.yaml │ │ ├── zero-trust │ │ │ └── kustomization.yaml │ │ └── priority-class.yaml │ ├── storage │ │ ├── volsync │ │ │ ├── config │ │ │ │ └── kustomization.yaml │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── README.md │ │ ├── minio │ │ │ ├── dashboard │ │ │ │ └── kustomization.yaml │ │ │ └── kustomization.yaml │ │ ├── secrets │ │ │ └── kustomization.yaml │ │ └── kustomization.yaml │ ├── database │ │ ├── cloudnative-pg │ │ │ ├── plugins │ │ │ │ ├── kustomization.yaml │ │ │ │ └── barman │ │ │ │ │ ├── config │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ └── manifests │ │ │ │ │ └── kustomization.yaml │ │ │ ├── db │ │ │ │ ├── cluster │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── alerts │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── backup │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── backup-schedule.yaml │ │ │ │ └── config │ │ │ │ │ └── kustomization.yaml │ │ │ └── operator │ │ │ │ └── kustomization.yaml │ │ ├── kustomization.yaml │ │ └── redis │ │ │ ├── kustomization.yaml │ │ │ └── config-pvc.yaml │ ├── downloads │ │ ├── downloads-pv │ │ │ └── kustomization.yaml │ │ ├── jackett │ │ │ └── kustomization.yaml │ │ ├── sabnzbd │ │ │ └── kustomization.yaml │ │ ├── whisparr │ │ │ └── kustomization.yaml │ │ ├── qbittorrent │ │ │ ├── kustomization.yaml │ │ │ ├── config-pvc-v2.yaml │ │ │ └── config-pvc.yaml │ │ └── kustomization.yaml │ ├── infra │ │ ├── tofu-controller │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── config │ │ │ │ ├── kustomization.yaml │ │ │ │ └── README.md │ │ ├── namespace.yaml │ │ ├── README.md │ │ ├── kustomization.yaml │ │ └── terraform │ │ │ └── kustomization.yaml │ ├── kyverno │ │ ├── app │ │ │ ├── kustomization.yaml │ │ │ └── rbac.yaml │ │ ├── policies │ │ │ └── certs │ │ │ │ └── kustomization.yaml │ │ └── namespace.yaml │ ├── calico-system │ │ ├── felix-metrics │ │ │ ├── kustomization.yaml │ │ │ ├── service.yaml │ │ │ └── service-monitor.yaml │ │ ├── typha-metrics │ │ │ ├── kustomization.yaml │ │ │ ├── service.yaml │ │ │ └── service-monitor.yaml │ │ ├── kube-controllers-metrics │ │ │ ├── kustomization.yaml │ │ │ └── service.yaml │ │ └── kustomization.yaml │ ├── system-upgrade │ │ ├── system-upgrade-controller │ │ │ ├── plans │ │ │ │ └── kustomization.yaml │ │ │ ├── system-upgrade-patches.yaml │ │ │ └── app │ │ │ │ └── kustomization.yaml │ │ ├── namespace.yaml │ │ └── kustomization.yaml │ ├── vpn-gateway │ │ └── kustomization.yaml │ ├── vault │ │ ├── namespace.yaml │ │ ├── kustomization.yaml │ │ └── jobs │ │ │ └── README.md │ └── iam │ │ └── keycloak │ │ └── operator │ │ └── kustomization.yaml ├── core │ ├── rook-ceph │ │ ├── rook-ceph │ │ │ ├── rbac │ │ │ │ └── kustomization.yaml │ │ │ ├── cluster │ │ │ │ └── kustomization.yaml │ │ │ ├── operator │ │ │ │ └── kustomization.yaml │ │ │ ├── tools │ │ │ │ └── kustomization.yaml │ │ │ └── snapshot-controller │ │ │ │ └── kustomization.yaml │ │ ├── README.md │ │ ├── kustomization.yaml │ │ └── namespace.yaml │ ├── kube-system │ │ ├── kustomization.yaml │ │ ├── multus │ │ │ └── kustomization.yaml │ │ └── kube-vip │ │ │ └── kustomization.yaml │ ├── namespaces │ │ ├── blogs.yaml │ │ ├── velero.yaml │ │ ├── storage.yaml │ │ ├── networking.yaml │ │ ├── vpn-gateway.yaml │ │ ├── cert-manager.yaml │ │ ├── tigera-operator.yaml │ │ ├── home.yaml │ │ ├── media.yaml │ │ ├── downloads.yaml │ │ ├── auth.yaml │ │ ├── emqx-operator-system.yaml │ │ └── metallb-system.yaml │ ├── cert-manager │ │ ├── controller │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── rules │ │ │ │ └── kustomization.yaml │ │ ├── trust-manager │ │ │ └── app │ │ │ │ └── kustomization.yaml │ │ ├── certs │ │ │ ├── bundles │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── public-bundle.yaml │ │ │ │ ├── csi-driver-spiffe.yaml │ │ │ │ ├── linkerd-ca.yaml │ │ │ │ └── snapshot-controller-webhook.yaml │ │ │ └── issuers │ │ │ │ └── kustomization.yaml │ │ ├── csi-driver-spiffe │ │ │ └── app │ │ │ │ └── kustomization.yaml │ │ └── kustomization.yaml │ ├── external-secrets │ │ ├── operator │ │ │ └── kustomization.yaml │ │ ├── cluster-stores │ │ │ └── kustomization.yaml │ │ └── kustomization.yaml │ ├── monitoring │ │ ├── grafana-operator │ │ │ └── app │ │ │ │ └── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── kube-prometheus-stack │ │ │ └── kustomize-config.yaml │ │ └── kustomization.yaml │ ├── tigera-operator │ │ └── bgp │ │ │ ├── filters │ │ │ └── kustomization.yaml │ │ │ └── bgp-peers-internal │ │ │ └── kustomization.yaml │ ├── kubegres │ │ ├── namespace.yaml │ │ └── kustomization.yaml │ ├── mysql │ │ ├── namespace.yaml │ │ ├── kustomization.yaml │ │ └── README.md │ ├── metallb-system │ │ ├── kustomization.yaml │ │ └── custom-resources │ │ │ ├── kustomization.yaml │ │ │ ├── bgp-advertisement.yaml │ │ │ └── bgp-peers.yaml │ └── kustomization.yaml ├── repositories │ ├── image-repos │ │ ├── gitlab │ │ │ └── kustomization.yaml │ │ ├── home-operations │ │ │ ├── kustomization.yaml │ │ │ └── plex.yaml │ │ ├── kustomization.yaml │ │ └── credentials │ │ │ └── kustomization.yaml │ ├── kustomization.yaml │ ├── git │ │ └── kustomization.yaml │ ├── helm │ │ ├── piraeus.yaml │ │ ├── bjw-s.yaml │ │ ├── jetstack.yaml │ │ ├── bjw-s-charts.yaml │ │ ├── cloudnative-pg.yaml │ │ ├── minio-charts.yaml │ │ ├── vector-charts.yaml │ │ ├── backube.yaml │ │ ├── emqx-charts.yaml │ │ ├── hajimari-charts.yaml │ │ ├── authentik-charts.yaml │ │ ├── bitnami-charts.yaml │ │ ├── kyverno-charts.yaml │ │ ├── metallb-charts.yaml │ │ ├── mysql-charts.yaml │ │ ├── rook-ceph-charts.yaml │ │ ├── angelnu-charts.yaml │ │ ├── external-secrets.yaml │ │ ├── fairwinds-charts.yaml │ │ ├── grafana-charts.yaml │ │ ├── hashicorp-charts.yaml │ │ ├── k8s-at-home-charts.yaml │ │ ├── calico-charts.yaml │ │ ├── cdr-charts.yaml │ │ ├── deliveryhero-charts.yaml │ │ ├── k8s-gateway-charts.yaml │ │ ├── kubereboot-charts.yaml │ │ ├── stakater-charts.yaml │ │ ├── tofu-controller.yaml │ │ ├── codecentric-charts.yaml │ │ ├── emberstack-charts.yaml │ │ ├── infracloudio-charts.yaml │ │ ├── jupyterhub-charts.yaml │ │ ├── oauth2-proxy-charts.yaml │ │ ├── ricoberger-charts.yaml │ │ ├── descheduler-charts.yaml │ │ ├── vmware-tanzu-charts.yaml │ │ ├── bloopy-charts.yaml │ │ ├── grafana-operator-chart.yaml │ │ ├── metrics-server-charts.yaml │ │ ├── minecraft-server-charts.yaml │ │ ├── prometheus-community-charts.yaml │ │ ├── node-feature-discovery-charts.yaml │ │ ├── nfs-subdir-external-provisioner-charts.yaml │ │ ├── intel.yaml │ │ └── coredns-charts.yaml │ └── oci │ │ ├── kustomization.yaml │ │ ├── terraform-cloudflare.yaml │ │ ├── cnpg.yaml │ │ ├── terraform-gcp.yaml │ │ ├── terraform-oci.yaml │ │ └── terraform-s3.yaml ├── config │ └── kustomization.yaml ├── base │ └── flux-system │ │ ├── keys │ │ └── kustomization.yaml │ │ ├── kustomization.yaml │ │ └── gotk-pvc.yaml ├── crds │ ├── mysql-crds │ │ └── README.md │ └── kustomization.yaml └── components │ ├── common │ ├── namespace.yaml │ ├── repos │ │ ├── kustomization.yaml │ │ └── app-template │ │ │ └── kustomization.yaml │ └── kustomization.yaml │ ├── network │ ├── bgp-peer-v4.yaml │ └── bgp-peer-v6.yaml │ ├── volsync │ ├── kustomization.yaml │ ├── remote │ │ └── kustomization.yaml │ └── local │ │ └── kustomization.yaml │ └── gatus │ └── guarded │ └── config.yaml ├── static ├── themes │ └── keycloak_bloopnet │ │ ├── admin │ │ └── css │ │ │ ├── fonts.css │ │ │ ├── login.css │ │ │ └── styles.css │ │ ├── email │ │ └── css │ │ │ ├── fonts.css │ │ │ ├── login.css │ │ │ └── styles.css │ │ ├── welcome │ │ └── theme.properties │ │ ├── account │ │ ├── theme.properties │ │ └── resources │ │ │ ├── css │ │ │ └── logo.css │ │ │ └── img │ │ │ └── bloopysphere_cat_0.jpeg │ │ └── login │ │ └── resources │ │ ├── css │ │ └── login.css │ │ └── img │ │ └── bloopysphere_cat_0.jpeg ├── assets │ ├── README.md │ ├── generated_1.png │ ├── generated_2.png │ ├── generated_3.png │ ├── hex_frog_favicon.png │ ├── bloop_frog_v2_1024.jpeg │ ├── bloopysphere_cat_0.jpeg │ ├── bloopnet_frog_muted.jpeg │ ├── muted_frog_transparent.png │ ├── whale_logo_transparent.png │ ├── bloop_frog_v2_1_upscaled.jpeg │ ├── hex_frog_logo_transparent.png │ ├── quarkynet_logo_transparent.png │ ├── tautulli_jbops_conditions.png │ ├── tautulli_jbops_parameters.png │ ├── bloopysphere_logo_transparent.png │ └── tautulli_jbops_configuration.png └── META-INF │ └── keycloak-themes.json ├── docs ├── _config.yaml ├── _config.yml └── index.md ├── charts └── kah-common │ ├── templates │ └── common.yaml │ ├── charts │ └── common-4.5.2.tgz │ └── Chart.lock ├── k8s ├── global │ ├── README.md │ ├── sources │ │ ├── kustomization.yaml │ │ └── git │ │ │ ├── kustomization.yaml │ │ │ ├── keys │ │ │ └── kustomization.yaml │ │ │ ├── README.md │ │ │ └── bloopysphere.yaml │ └── config │ │ ├── kustomization.yaml │ │ └── global-config.yaml ├── clusters │ ├── README.md │ ├── bloopysphere │ │ ├── config │ │ │ └── kustomization.yaml │ │ └── bootstrap │ │ │ └── gotk-pvc.yaml │ └── quark │ │ ├── infrastructure.yaml │ │ └── apps.yaml └── README.md ├── package.json ├── archive ├── README.md ├── apps │ ├── linkerd │ │ ├── kustomization.yaml │ │ └── viz │ │ │ └── kustomization.yaml │ ├── rook-ceph │ │ └── kustomization.yaml │ ├── default │ │ └── monica │ │ │ └── kustomization.yaml │ ├── downloads │ │ └── openbooks │ │ │ └── kustomization.yaml │ ├── monitoring │ │ ├── promtail │ │ │ └── kustomization.yaml │ │ ├── grafana │ │ │ └── hr │ │ │ │ └── kustomization.yaml │ │ ├── pushgateway │ │ │ └── kustomization.yaml │ │ └── botkube │ │ │ └── kustomize-config.yaml │ ├── kube-system │ │ └── kopia │ │ │ ├── web │ │ │ └── kustomization.yaml │ │ │ ├── sync │ │ │ └── kustomization.yaml │ │ │ ├── pvc-snapshots.yaml │ │ │ └── kustomization.yaml │ ├── auth │ │ └── keycloak-old │ │ │ └── kustomization.yaml │ ├── home │ │ ├── node-red │ │ │ ├── kustomization.yaml │ │ │ ├── pdb.yaml │ │ │ └── pvc-config.yaml │ │ └── n8n │ │ │ ├── kustomization.yaml │ │ │ ├── db-n8n │ │ │ └── pvc-db-backup.yaml │ │ │ └── pvc-config.yaml │ └── blogs │ │ └── strapi │ │ ├── kustomization.yaml │ │ ├── pvc-config.yaml │ │ └── pvc-db-backup.yaml ├── core │ └── linkerd │ │ ├── cni-plugin │ │ └── kustomization.yaml │ │ ├── control-plane │ │ └── kustomization.yaml │ │ ├── kustomization.yaml │ │ └── README.md └── crds │ ├── linkerd │ └── kustomization.yaml │ └── multus │ └── kustomization.yaml ├── .gitattributes ├── infrastructure └── terraform │ ├── s3 │ ├── modules │ │ ├── README.md │ │ └── minio_bucket │ │ │ ├── outputs.tf │ │ │ └── variables.tf │ ├── backend.tf │ ├── providers.tf │ └── README.md │ ├── gcp │ ├── main.tf │ ├── versions.tf │ ├── backend.tf │ ├── locals.tf │ ├── providers.tf │ └── vault_kms.tf │ ├── iam │ ├── modules │ │ └── keycloak │ │ │ ├── outputs.tf │ │ │ └── roles.tf │ ├── backend.tf │ ├── README.md │ ├── locals.tf │ ├── providers.tf │ └── versions.tf │ ├── cloudflare │ ├── get_ipv4.sh │ ├── providers.tf │ ├── get_ipv6.sh │ ├── modules │ │ ├── README.md │ │ ├── cf_domain │ │ │ └── outputs.tf │ │ └── zero_trust │ │ │ └── outputs.tf │ ├── account.tf │ ├── backend.tf │ └── versions.tf │ ├── oci │ ├── outputs.tf │ ├── backend.tf │ ├── provider.tf │ ├── versions.tf │ └── locals.tf │ └── azure │ ├── groups.tf │ ├── locals.tf │ ├── README.md │ └── versions.tf ├── Dockerfiles ├── keycloak-theme.Dockerfile └── pihole-keepalived.Dockerfile ├── .taskfiles ├── system.yml └── pre-commit.yml ├── find_containers_by_uid.sh └── .envrc /.github/lint/.tflint.hcl: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /provision/ansible/local/.envrc: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /provision/ansible/local/ansible.cfg: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /provision/terraform/authentik/main.tf: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /provision/ansible/local/inventory/hosts.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /cluster/apps/media/recyclarr/config/recyclarr.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /static/themes/keycloak_bloopnet/admin/css/fonts.css: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /static/themes/keycloak_bloopnet/admin/css/login.css: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /static/themes/keycloak_bloopnet/admin/css/styles.css: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /static/themes/keycloak_bloopnet/email/css/fonts.css: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /static/themes/keycloak_bloopnet/email/css/login.css: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /static/themes/keycloak_bloopnet/email/css/styles.css: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /docs/_config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | theme: jekyll-theme-midnight 3 | -------------------------------------------------------------------------------- /docs/_config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | theme: jekyll-theme-midnight 3 | -------------------------------------------------------------------------------- /provision/ansible/kubernetes/inventory/host_vars/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /static/assets/README.md: -------------------------------------------------------------------------------- 1 | Exclusively for static assets 2 | -------------------------------------------------------------------------------- /cluster/apps/system/intel-device-plugins/exporter/kustomization.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /charts/kah-common/templates/common.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | {{ include "common.all" . }} 3 | -------------------------------------------------------------------------------- /static/themes/keycloak_bloopnet/welcome/theme.properties: -------------------------------------------------------------------------------- 1 | parent=keycloak.v2 2 | -------------------------------------------------------------------------------- /k8s/global/README.md: -------------------------------------------------------------------------------- 1 | # Global 2 | 3 | Folder for global configuration and sources 4 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/snmp-exporter/synology-nas/prometheus-rule.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # TODO 3 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "devDependencies": { 3 | "markdownlint": "0.39.0" 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /archive/README.md: -------------------------------------------------------------------------------- 1 | # Archive 2 | 3 | Collection of manifests not in use in my cluster anymore 4 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | *.sops.* diff=sopsdiffer 2 | * text=auto eol=lf 3 | *.sops.toml linguist-language=JSON 4 | -------------------------------------------------------------------------------- /infrastructure/terraform/s3/modules/README.md: -------------------------------------------------------------------------------- 1 | # MinIO modules 2 | 3 | For simplifying repeat resources 4 | -------------------------------------------------------------------------------- /Dockerfiles/keycloak-theme.Dockerfile: -------------------------------------------------------------------------------- 1 | FROM busybox 2 | COPY static/themes/keycloak_bloopnet /bloopnet_theme 3 | -------------------------------------------------------------------------------- /static/assets/generated_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/h3mmy/bloopySphere/HEAD/static/assets/generated_1.png -------------------------------------------------------------------------------- /static/assets/generated_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/h3mmy/bloopySphere/HEAD/static/assets/generated_2.png -------------------------------------------------------------------------------- /static/assets/generated_3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/h3mmy/bloopySphere/HEAD/static/assets/generated_3.png -------------------------------------------------------------------------------- /cluster/apps/monitoring/gatus/app/README.md: -------------------------------------------------------------------------------- 1 | # Gatus 2 | 3 | ## Project Page 4 | 5 | [https://github.com/TwiN/gatus] 6 | -------------------------------------------------------------------------------- /infrastructure/terraform/gcp/main.tf: -------------------------------------------------------------------------------- 1 | data "sops_file" "gcp_secrets" { 2 | source_file = "secrets.sops.yaml" 3 | } 4 | -------------------------------------------------------------------------------- /static/assets/hex_frog_favicon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/h3mmy/bloopySphere/HEAD/static/assets/hex_frog_favicon.png -------------------------------------------------------------------------------- /infrastructure/terraform/iam/modules/keycloak/outputs.tf: -------------------------------------------------------------------------------- 1 | output "realm_id" { 2 | value = keycloak_realm.bloopnet.id 3 | } 4 | -------------------------------------------------------------------------------- /provision/ansible/kubernetes/.envrc: -------------------------------------------------------------------------------- 1 | #shellcheck disable=SC2148,SC2155 2 | export ANSIBLE_CONFIG=$(expand_path ./ansible.cfg) 3 | -------------------------------------------------------------------------------- /static/assets/bloop_frog_v2_1024.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/h3mmy/bloopySphere/HEAD/static/assets/bloop_frog_v2_1024.jpeg -------------------------------------------------------------------------------- /static/assets/bloopysphere_cat_0.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/h3mmy/bloopySphere/HEAD/static/assets/bloopysphere_cat_0.jpeg -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | # https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners 2 | * @h3mmy 3 | -------------------------------------------------------------------------------- /infrastructure/terraform/cloudflare/get_ipv4.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # dig +short txt ch whoami.cloudflare @1.1.1.1 | tr -d '"' 4 | -------------------------------------------------------------------------------- /static/assets/bloopnet_frog_muted.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/h3mmy/bloopySphere/HEAD/static/assets/bloopnet_frog_muted.jpeg -------------------------------------------------------------------------------- /charts/kah-common/charts/common-4.5.2.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/h3mmy/bloopySphere/HEAD/charts/kah-common/charts/common-4.5.2.tgz -------------------------------------------------------------------------------- /static/assets/muted_frog_transparent.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/h3mmy/bloopySphere/HEAD/static/assets/muted_frog_transparent.png -------------------------------------------------------------------------------- /static/assets/whale_logo_transparent.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/h3mmy/bloopySphere/HEAD/static/assets/whale_logo_transparent.png -------------------------------------------------------------------------------- /static/themes/keycloak_bloopnet/account/theme.properties: -------------------------------------------------------------------------------- 1 | parent=keycloak.v2 2 | import=common/keycloak.v2 3 | 4 | styles=css/logo.css 5 | -------------------------------------------------------------------------------- /infrastructure/terraform/oci/outputs.tf: -------------------------------------------------------------------------------- 1 | output "kubeconfig" { value = data.oci_containerengine_cluster_kube_config.kube_config.content } 2 | -------------------------------------------------------------------------------- /static/assets/bloop_frog_v2_1_upscaled.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/h3mmy/bloopySphere/HEAD/static/assets/bloop_frog_v2_1_upscaled.jpeg -------------------------------------------------------------------------------- /static/assets/hex_frog_logo_transparent.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/h3mmy/bloopySphere/HEAD/static/assets/hex_frog_logo_transparent.png -------------------------------------------------------------------------------- /static/assets/quarkynet_logo_transparent.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/h3mmy/bloopySphere/HEAD/static/assets/quarkynet_logo_transparent.png -------------------------------------------------------------------------------- /static/assets/tautulli_jbops_conditions.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/h3mmy/bloopySphere/HEAD/static/assets/tautulli_jbops_conditions.png -------------------------------------------------------------------------------- /static/assets/tautulli_jbops_parameters.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/h3mmy/bloopySphere/HEAD/static/assets/tautulli_jbops_parameters.png -------------------------------------------------------------------------------- /.github/lint/.ansible-lint.yaml: -------------------------------------------------------------------------------- 1 | # .ansible-lint 2 | warn_list: 3 | - unnamed-task 4 | mock_roles: 5 | - os.kubernetes 6 | - k3s.kubernetes 7 | -------------------------------------------------------------------------------- /archive/apps/linkerd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - viz 6 | -------------------------------------------------------------------------------- /cluster/apps/blogs/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ghost 6 | -------------------------------------------------------------------------------- /infrastructure/terraform/cloudflare/providers.tf: -------------------------------------------------------------------------------- 1 | provider "cloudflare" { 2 | api_token = local.cloudflare_secrets["cloudflare_apitoken"] 3 | } 4 | -------------------------------------------------------------------------------- /k8s/global/sources/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./git 6 | -------------------------------------------------------------------------------- /static/assets/bloopysphere_logo_transparent.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/h3mmy/bloopySphere/HEAD/static/assets/bloopysphere_logo_transparent.png -------------------------------------------------------------------------------- /static/assets/tautulli_jbops_configuration.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/h3mmy/bloopySphere/HEAD/static/assets/tautulli_jbops_configuration.png -------------------------------------------------------------------------------- /Dockerfiles/pihole-keepalived.Dockerfile: -------------------------------------------------------------------------------- 1 | FROM cbcrowe/pihole-unbound:2024.03.2 2 | RUN apt update && apt install -y keepalived sqlite3 sudo git rsync ssh 3 | -------------------------------------------------------------------------------- /archive/apps/rook-ceph/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - dashboard 6 | -------------------------------------------------------------------------------- /cluster/apps/cert-manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - dashboard 6 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/datasources/patches.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/instanceSelector 3 | value: {matchLabels: {dashboards: grafana}} 4 | -------------------------------------------------------------------------------- /infrastructure/terraform/azure/groups.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_resource_group" "edge_bloopy" { 2 | name = "edge-bloopy" 3 | location = "eastus" 4 | } 5 | -------------------------------------------------------------------------------- /.github/lint/.prettierrc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | trailingComma: "es5" 3 | tabWidth: 2 4 | semi: false 5 | singleQuote: false 6 | bracketSpacing: false 7 | useTabs: false 8 | -------------------------------------------------------------------------------- /cluster/apps/auth/authentik/media/generated_3-min.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/h3mmy/bloopySphere/HEAD/cluster/apps/auth/authentik/media/generated_3-min.png -------------------------------------------------------------------------------- /cluster/apps/auth/realms/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./bloopysphere 6 | -------------------------------------------------------------------------------- /infrastructure/terraform/cloudflare/get_ipv6.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # dig +short txt ch whoami.cloudflare @2606:4700:4700::1111 | cut -d ':' -f1-4 | tr -d '"' 4 | -------------------------------------------------------------------------------- /cluster/apps/home/home-assistant/README.md: -------------------------------------------------------------------------------- 1 | ~~Not actually using home-assistant here yet, but deploying a db for it as prep~~ 2 | 3 | Only deploying service-monitor 4 | -------------------------------------------------------------------------------- /cluster/apps/velero/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - velero 6 | # - configmap 7 | -------------------------------------------------------------------------------- /docs/index.md: -------------------------------------------------------------------------------- 1 | # Documentation 2 | 3 | ## Step 1 4 | 5 | - Create Documentation Pipeline 6 | - Automate as much as possible 7 | - Eventually add actual content 8 | -------------------------------------------------------------------------------- /provision/terraform/flux/terraform.tfvars: -------------------------------------------------------------------------------- 1 | github_owner = "h3mmy" 2 | branch = "main" 3 | target_path = "k8s/clusters/quark" 4 | repository_visibility = "public" 5 | -------------------------------------------------------------------------------- /static/META-INF/keycloak-themes.json: -------------------------------------------------------------------------------- 1 | { 2 | "themes": [{ 3 | "name" : "keycloak_bloopnet", 4 | "types": [ "login", "account" ] 5 | }] 6 | } 7 | -------------------------------------------------------------------------------- /.github/lint/.prettierignore: -------------------------------------------------------------------------------- 1 | *.sops.* 2 | gotk-components.yaml 3 | charts/ 4 | docs/ 5 | .terraform/ 6 | .vscode/ 7 | .private/ 8 | node_modules/ 9 | static/ 10 | -------------------------------------------------------------------------------- /archive/apps/default/monica/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # - helm-release.yaml 6 | -------------------------------------------------------------------------------- /archive/apps/downloads/openbooks/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /archive/apps/monitoring/promtail/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /archive/core/linkerd/cni-plugin/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/auth/authentik/redis/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/default/jupyterhub/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/flux-system/notifications/receivers/README.md: -------------------------------------------------------------------------------- 1 | # Notifications 2 | 3 | webhook-token generated using 4 | `head -c 12 /dev/urandom | shasum | cut -d ' ' -f1` 5 | -------------------------------------------------------------------------------- /cluster/apps/kube-system/reloader/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/core/rook-ceph/rook-ceph/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - rbac.yaml 6 | -------------------------------------------------------------------------------- /k8s/clusters/README.md: -------------------------------------------------------------------------------- 1 | The clusters/ dir contains configuration for each cluster definition and the infrastructure as code for each relevant cluster where applicable. 2 | -------------------------------------------------------------------------------- /static/themes/keycloak_bloopnet/account/resources/css/logo.css: -------------------------------------------------------------------------------- 1 | .navbar-title { 2 | background: url('../img/') no-repeat; 3 | height: 45px; 4 | width: 150px; 5 | } 6 | -------------------------------------------------------------------------------- /archive/apps/kube-system/kopia/web/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /archive/apps/monitoring/grafana/hr/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /archive/apps/monitoring/pushgateway/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /archive/core/linkerd/control-plane/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/auth/ldap/db/alerts/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./prometheus-rule.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/auth/ldap/db/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./ldap-cnpg-v15.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/kube-system/descheduler/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/kube-system/reflector/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/media/books/openbooks/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/media/recyclarr/config/sonarr-uhd.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/recyclarr/recyclarr/master/schemas/config-schema.json 2 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/goldilocks/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/snmp-exporter/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./synology-nas 6 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/unifi-poller/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/uptimerobot/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/networking/error-pages/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/networking/flaresolverr/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/networking/gateway-api/README.md: -------------------------------------------------------------------------------- 1 | # Gateway API 2 | 3 | This is a placeholder for future use. Please take note that it is not active and has no kustomize entry. 4 | -------------------------------------------------------------------------------- /cluster/apps/networking/k8s-gateway/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/networking/traefik/tls-store/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - default.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/storage/volsync/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./secrets.sops.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: system 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | -------------------------------------------------------------------------------- /cluster/core/kube-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./kube-vip 6 | # - multus 7 | -------------------------------------------------------------------------------- /cluster/core/namespaces/blogs.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: blogs 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | -------------------------------------------------------------------------------- /cluster/core/namespaces/velero.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: velero 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | -------------------------------------------------------------------------------- /cluster/repositories/image-repos/gitlab/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - bloopyboi.yaml 6 | -------------------------------------------------------------------------------- /archive/crds/linkerd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - namespace.yaml 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/database/cloudnative-pg/plugins/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./barman/ks.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/default/bloopyboi/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./secrets.sops.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/downloads/downloads-pv/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - nfs-downloads-pv.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/infra/tofu-controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/kube-system/metrics-server/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/vector/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./agent 6 | - ./aggregator 7 | -------------------------------------------------------------------------------- /cluster/apps/networking/blocky/app/redis/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/storage/minio/dashboard/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - prometheus-rule.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/velero/configmap/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - plex-restore-configmap.yaml 6 | -------------------------------------------------------------------------------- /cluster/core/cert-manager/controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/core/cert-manager/trust-manager/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/core/external-secrets/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/core/namespaces/storage.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: storage 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | -------------------------------------------------------------------------------- /cluster/core/rook-ceph/rook-ceph/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/core/rook-ceph/rook-ceph/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/core/rook-ceph/rook-ceph/tools/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./rook-direct-mount 6 | -------------------------------------------------------------------------------- /cluster/repositories/image-repos/home-operations/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - plex.yaml 6 | -------------------------------------------------------------------------------- /k8s/global/sources/git/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./keys 6 | - ./bloopysphere.yaml 7 | -------------------------------------------------------------------------------- /provision/ansible/kubernetes/roles/os.kubernetes/tasks/dist-upgrade.yml: -------------------------------------------------------------------------------- 1 | - name: Perform a dist-upgrade. 2 | ansible.builtin.apt: 3 | upgrade: dist 4 | update_cache: yes 5 | -------------------------------------------------------------------------------- /provision/terraform/authentik/flows-stages/invitation_stage.tf: -------------------------------------------------------------------------------- 1 | # Create invitation stage 2 | 3 | resource "authentik_stage_invitation" "name" { 4 | name = "invitation" 5 | } 6 | -------------------------------------------------------------------------------- /archive/crds/multus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: kube-system 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/auth/ldap/db/cluster/canary-cfg.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: canary-config 6 | namespace: auth 7 | data: 8 | test: "true" 9 | -------------------------------------------------------------------------------- /cluster/apps/default/wiki/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./db/ks.yaml 6 | - ./wikijs/ks.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/flux-system/notifications/discord/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - notification.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/home/ser2sock/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helm-release.yaml 6 | - ./pdb.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/infra/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: infrastructure 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | -------------------------------------------------------------------------------- /cluster/apps/kyverno/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helm-release.yaml 6 | - ./rbac.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/media/plex-meta-manager/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./pmm-secret.sops.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/node-problem-detector/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/vertical-pod-autoscaler/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/networking/external-dns/repo/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ../helm-repository.yaml 6 | -------------------------------------------------------------------------------- /cluster/core/cert-manager/controller/rules/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./prometheus-rule.yaml 6 | -------------------------------------------------------------------------------- /cluster/core/kube-system/multus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - network-attachment-definition.yaml 6 | -------------------------------------------------------------------------------- /cluster/core/monitoring/grafana-operator/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/core/monitoring/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: monitoring 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | -------------------------------------------------------------------------------- /cluster/core/namespaces/networking.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: networking 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | -------------------------------------------------------------------------------- /cluster/core/namespaces/vpn-gateway.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: vpn-gateway 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | -------------------------------------------------------------------------------- /cluster/core/tigera-operator/bgp/filters/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./drop-pod-network.yaml 6 | -------------------------------------------------------------------------------- /infrastructure/terraform/gcp/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | sops = { 4 | source = "carlpett/sops" 5 | version = "1.3.0" 6 | } 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /archive/apps/auth/keycloak-old/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: auth 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/auth/authentik/outposts/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: auth 5 | resources: 6 | - external-ldap 7 | -------------------------------------------------------------------------------- /cluster/apps/auth/realms/bloopysphere/db/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./kc-cnpg-v15.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/database/cloudnative-pg/db/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./bloopgres-cnpg.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/media/tdarr/node/config-map.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: tdarr-node-dummy 6 | namespace: media 7 | data: 8 | isDummy: "true" 9 | -------------------------------------------------------------------------------- /cluster/apps/storage/secrets/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./rbac.yaml 6 | - ./secret-store.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/system/intel-device-plugins/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/core/kube-system/kube-vip/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - rbac.yaml 6 | - daemon-set.yaml 7 | -------------------------------------------------------------------------------- /cluster/core/namespaces/cert-manager.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: cert-manager 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | -------------------------------------------------------------------------------- /infrastructure/terraform/cloudflare/modules/README.md: -------------------------------------------------------------------------------- 1 | # CF Domain 2 | 3 | Short for Cloudflare Domain. This module sets up sensible defaults that can be overridden on a per domain basis 4 | -------------------------------------------------------------------------------- /infrastructure/terraform/s3/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | cloud { 3 | organization = "bloopysphere" 4 | workspaces { 5 | name = "home-s3-provisioner" 6 | } 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /k8s/global/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./global-config.yaml 6 | - ./global-secrets.yaml 7 | -------------------------------------------------------------------------------- /archive/apps/kube-system/kopia/sync/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - cron-job.yaml 6 | # - secret.sops.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/default/hajimari-xyz/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - config-pvc.yaml 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/default/wiki/db/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: default 5 | resources: 6 | - ./wiki-cnpg.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/downloads/jackett/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - pvc-config.yaml 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/kube-system/nfs-subdir-external-provisioner/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/kyverno/policies/certs/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./verify-tls-contains-host-path.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/media/books/calibre/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | - pvc-config.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/media/books/kavita/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - pvc-config.yaml 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/media/books/mylar/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - config-pvc.yaml 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/media/recyclarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - pvc-config.yaml 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/media/tdarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # - helm-release.yaml 6 | - config-pvc.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/media/tdarr/node/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - config-map.yaml 6 | # - helm-release.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/storage/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./minio 6 | - ./volsync/ks.yaml 7 | - ./secrets 8 | -------------------------------------------------------------------------------- /cluster/apps/system/intel-device-plugins/device-plugin-gpu/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /cluster/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./cluster-settings.yaml 6 | - ./cluster-secrets.sops.yaml 7 | -------------------------------------------------------------------------------- /cluster/core/namespaces/tigera-operator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: tigera-operator 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | -------------------------------------------------------------------------------- /infrastructure/terraform/gcp/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | cloud { 3 | organization = "bloopysphere" 4 | workspaces { 5 | name = "bloopy-gcp-provisioner" 6 | } 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /infrastructure/terraform/iam/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | cloud { 3 | organization = "bloopysphere" 4 | workspaces { 5 | name = "bloopy-iam-provisioner" 6 | } 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /infrastructure/terraform/oci/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | cloud { 3 | organization = "bloopysphere" 4 | workspaces { 5 | name = "oracle-cloud-provisioner" 6 | } 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /provision/ansible/kubernetes/roles/os.kubernetes/tasks/locale.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set timezone 3 | community.general.timezone: 4 | name: "{{ os_timezone | default('America/Detroit') }}" 5 | -------------------------------------------------------------------------------- /cluster/apps/auth/realms/bloopysphere/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./db/ks.yaml 6 | - ./keycloak/ks.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/database/cloudnative-pg/plugins/barman/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./secrets.sops.yaml 6 | -------------------------------------------------------------------------------- /cluster/apps/default/hajimari-bloop/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - config-pvc.yaml 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/default/wiki/db/alerts/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./prometheus-rule.yaml 6 | - ./gatus.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/default/wiki/wikijs/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: default 5 | resources: 6 | - ./helm-release.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/flux-system/monitoring/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - pod-monitor.yaml 6 | - prometheus-rule.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/kube-system/node-feature-discovery/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | - rules 7 | -------------------------------------------------------------------------------- /cluster/apps/media/books/lazylibrarian/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - pvc-config.yaml 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /cluster/repositories/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helm 6 | - ./git 7 | - ./image-repos 8 | - ./oci 9 | -------------------------------------------------------------------------------- /infrastructure/terraform/cloudflare/modules/cf_domain/outputs.tf: -------------------------------------------------------------------------------- 1 | output "zone_id" { 2 | value = cloudflare_zone.zone.id 3 | } 4 | 5 | output "zone" { 6 | value = cloudflare_zone.zone.zone 7 | } 8 | -------------------------------------------------------------------------------- /infrastructure/terraform/iam/README.md: -------------------------------------------------------------------------------- 1 | # IAM Infrastruture 2 | 3 | This is still a work in progress and not yet fully utilized. Some configurations may be incorrect until implementation is complete 4 | -------------------------------------------------------------------------------- /archive/core/linkerd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./certificate.yaml 6 | - ./cni-plugin 7 | # - ./control-plane 8 | -------------------------------------------------------------------------------- /cluster/apps/auth/ldap/db/backup/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./obc-backup-v1.yaml 6 | - ./backup-schedule.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/calico-system/felix-metrics/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - service.yaml 6 | - service-monitor.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/calico-system/typha-metrics/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - service.yaml 6 | - service-monitor.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/media/lidarr/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - routers 6 | - config-pvc.yaml 7 | - helm-release.yaml 8 | -------------------------------------------------------------------------------- /cluster/apps/media/tautulli/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - routers 6 | - pvc-config.yaml 7 | - helm-release.yaml 8 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/instance/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - config-provisioning.yaml 6 | - grafana.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/networking/external-dns/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - secret.sops.yaml 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/networking/wildcard-certificate/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - certificate.yaml 6 | - push-cert.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/storage/volsync/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helm-release.yaml 6 | - ./prometheus-rule.yaml 7 | -------------------------------------------------------------------------------- /cluster/base/flux-system/keys/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - deploy-key.sops.yaml 6 | - pgp-public-keys.sops.yaml 7 | -------------------------------------------------------------------------------- /cluster/repositories/image-repos/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - credentials 6 | - home-operations 7 | # - gitlab 8 | -------------------------------------------------------------------------------- /infrastructure/terraform/cloudflare/account.tf: -------------------------------------------------------------------------------- 1 | resource "cloudflare_account" "zee" { 2 | name = "Zee's Account" 3 | type = "standard" 4 | enforce_twofactor = false 5 | } 6 | -------------------------------------------------------------------------------- /infrastructure/terraform/cloudflare/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | cloud { 3 | organization = "bloopysphere" 4 | workspaces { 5 | name = "home-cloudflare-provisioner" 6 | } 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /k8s/global/sources/git/keys/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - deploy-key.sops.yaml 6 | - pgp-public-keys.sops.yaml 7 | -------------------------------------------------------------------------------- /static/themes/keycloak_bloopnet/account/resources/img/bloopysphere_cat_0.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/h3mmy/bloopySphere/HEAD/static/themes/keycloak_bloopnet/account/resources/img/bloopysphere_cat_0.jpeg -------------------------------------------------------------------------------- /static/themes/keycloak_bloopnet/login/resources/css/login.css: -------------------------------------------------------------------------------- 1 | 2 | div.kc-logo-text { 3 | background: url(../img/bloopysphere_cat_0.jpeg) no-repeat center center; 4 | background-size: contain; 5 | } 6 | -------------------------------------------------------------------------------- /static/themes/keycloak_bloopnet/login/resources/img/bloopysphere_cat_0.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/h3mmy/bloopySphere/HEAD/static/themes/keycloak_bloopnet/login/resources/img/bloopysphere_cat_0.jpeg -------------------------------------------------------------------------------- /archive/apps/home/node-red/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helm-release.yaml 6 | - ./pvc-config.yaml 7 | - ./pdb.yaml 8 | -------------------------------------------------------------------------------- /archive/apps/monitoring/botkube/kustomize-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /cluster/apps/auth/realms/bloopysphere/db/alerts/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./prometheus-rule.yaml 6 | - ./gatus.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/database/cloudnative-pg/db/alerts/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./prometheus-rule.yaml 6 | - ./gatus.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/infra/README.md: -------------------------------------------------------------------------------- 1 | # Infra 2 | 3 | Work in Progress. See README in root infrastructure folder for more specifics. Some of these will run in terraform cloud and only be initialized/monitored here. 4 | -------------------------------------------------------------------------------- /cluster/apps/infra/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./namespace.yaml 6 | - ./tofu-controller/ks.yaml 7 | - ./terraform 8 | -------------------------------------------------------------------------------- /cluster/apps/media/books/calibre-web/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | - pvc-calibre-web-config.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/media/lidarr/routers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - media-lidarr-fix.yaml 6 | - media-lidarr-bypass.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/system-upgrade/system-upgrade-controller/plans/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - server.yaml 6 | - agent.yaml 7 | -------------------------------------------------------------------------------- /cluster/core/external-secrets/cluster-stores/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./aks-store.yaml 6 | - ./secrets.sops.yaml 7 | -------------------------------------------------------------------------------- /cluster/core/namespaces/home.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: home 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | linkerd.io/inject: enabled 9 | -------------------------------------------------------------------------------- /cluster/core/namespaces/media.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: media 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | linkerd.io/inject: enabled 9 | -------------------------------------------------------------------------------- /cluster/crds/mysql-crds/README.md: -------------------------------------------------------------------------------- 1 | # MySQL/InnoDB 2 | 3 | ~~Disregard crds file. Only Remote crd file is used in kustomization v1beta1~~ 4 | 5 | mysql-operator chart is now responsible for managing the CRDs 6 | -------------------------------------------------------------------------------- /k8s/README.md: -------------------------------------------------------------------------------- 1 | # Disregard these folders 2 | 3 | This is simply something I am trying out and will not be in use for a while if I plan to proceed with it. Reference the ../cluster folder for my active stuff. 4 | -------------------------------------------------------------------------------- /provision/ansible/kubernetes/playbooks/os.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: 3 | - master 4 | - worker 5 | become: true 6 | gather_facts: true 7 | strategy: free 8 | roles: 9 | - os.kubernetes 10 | -------------------------------------------------------------------------------- /provision/ansible/kubernetes/roles/k3s.kubernetes/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | k3s_etcd_s3: true 3 | k3s_etcd_s3_insecure: false 4 | k3s_etcd_snapshot_schedule_cron: 0 0 * * 0 5 | k3s_etcd_snapshot_retention: 5 6 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | blank_issues_enabled: false 3 | contact_links: 4 | - name: Discuss on Discord 5 | url: https://discord.com/invite/sTMX7Vh 6 | about: Join our Discord community 7 | -------------------------------------------------------------------------------- /cluster/apps/auth/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./realms 6 | - ./authentik 7 | - ./ldap/db/ks.yaml 8 | - ./ldap/ks.yaml 9 | -------------------------------------------------------------------------------- /cluster/apps/calico-system/kube-controllers-metrics/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - service.yaml 6 | - service-monitor.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/infra/terraform/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./tf-cloudflare.yaml 6 | - ./tf-gcp.yaml 7 | - ./tf-s3.yaml 8 | -------------------------------------------------------------------------------- /cluster/apps/kyverno/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: kyverno 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | # linkerd.io/inject: enabled 9 | -------------------------------------------------------------------------------- /cluster/apps/media/radarr/radarr-hd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | - pvc-config.yaml 7 | - dashboard 8 | -------------------------------------------------------------------------------- /cluster/apps/media/radarr/radarr-uhd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | - pvc-config.yaml 7 | - dashboard 8 | -------------------------------------------------------------------------------- /cluster/apps/media/sonarr/sonarr-hd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | - pvc-config.yaml 7 | - dashboard 8 | -------------------------------------------------------------------------------- /cluster/apps/media/sonarr/sonarr-uhd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | - pvc-config.yaml 7 | - dashboard 8 | -------------------------------------------------------------------------------- /cluster/apps/media/tautulli/routers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - media-tautulli-bypass.yaml 6 | - media-tautulli-fix.yaml 7 | -------------------------------------------------------------------------------- /cluster/core/kubegres/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: database 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | linkerd.io/inject: enabled 9 | -------------------------------------------------------------------------------- /cluster/core/namespaces/downloads.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: downloads 6 | labels: 7 | routed-gateway: "true" 8 | goldilocks.fairwinds.com/enabled: "true" 9 | -------------------------------------------------------------------------------- /.taskfiles/system.yml: -------------------------------------------------------------------------------- 1 | --- 2 | version: "3" 3 | 4 | tasks: 5 | update-flux: 6 | desc: Update Flux CLI 7 | cmds: 8 | - curl -s https://fluxcd.io/install.sh | sudo bash 9 | interactive: true 10 | -------------------------------------------------------------------------------- /cluster/apps/database/cloudnative-pg/db/backup/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./obc-backup-v2.yaml 6 | - ./backup-schedule.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/database/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./cloudnative-pg/ks.yaml 6 | - ./cloudnative-pg/db/ks.yaml 7 | - ./redis 8 | -------------------------------------------------------------------------------- /cluster/apps/downloads/sabnzbd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - secrets.sops.yaml 6 | - pvc-config.yaml 7 | - helm-release.yaml 8 | -------------------------------------------------------------------------------- /cluster/apps/kube-system/local-path-provisioner/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: kube-system 5 | resources: 6 | - ./helm-release.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/media/media-pv/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - nfs-media-pv.yaml 6 | - nfs-media-2-pv.yaml 7 | - nfs-misc-pv.yaml 8 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/home/patch-folder.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/folder 3 | value: home 4 | - op: add 5 | path: /spec/instanceSelector 6 | value: {matchLabels: {dashboards: grafana}} 7 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/media/patch-folder.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/folder 3 | value: media 4 | - op: add 5 | path: /spec/instanceSelector 6 | value: {matchLabels: {dashboards: grafana}} 7 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/users/patch-folder.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/folder 3 | value: users 4 | - op: add 5 | path: /spec/instanceSelector 6 | value: {matchLabels: {dashboards: grafana}} 7 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/thanos/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | # TODO: Replace with CRD 7 | # - dashboard 8 | -------------------------------------------------------------------------------- /cluster/apps/velero/velero/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | - prometheus-rule.yaml 7 | - secret.sops.yaml 8 | -------------------------------------------------------------------------------- /cluster/apps/vpn-gateway/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - mullvad.sops.yaml 6 | - helm-release.yaml 7 | - vpn-config.sops.yaml 8 | -------------------------------------------------------------------------------- /cluster/base/flux-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - flux-oci-ks.yaml 6 | - keys 7 | - gotk-pvc.yaml 8 | - gotk-sync.yaml 9 | -------------------------------------------------------------------------------- /cluster/repositories/git/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - kubegres.yaml 6 | - emqx-chart.yaml 7 | - local-path-provisioner.yaml 8 | -------------------------------------------------------------------------------- /archive/apps/home/n8n/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - db-n8n 6 | - secrets.sops.yaml 7 | - pvc-config.yaml 8 | - helm-release.yaml 9 | -------------------------------------------------------------------------------- /archive/apps/linkerd/viz/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | - service-monitor.yaml 7 | - ingress-dashboard.yaml 8 | -------------------------------------------------------------------------------- /cluster/apps/calico-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - dashboards 5 | - felix-metrics 6 | - kube-controllers-metrics 7 | - typha-metrics 8 | -------------------------------------------------------------------------------- /cluster/apps/database/redis/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # - prometheus-rule.yaml 6 | # - helm-release.yaml 7 | - config-pvc.yaml 8 | -------------------------------------------------------------------------------- /cluster/apps/downloads/whisparr/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - secret.sops.yaml 6 | - helm-release.yaml 7 | - api-passthrough.yaml 8 | -------------------------------------------------------------------------------- /cluster/apps/kube-system/kured/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - secrets.sops.yaml 6 | - helm-release.yaml 7 | - prometheus-rule.yaml 8 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/kyverno/patch-folder.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/folder 3 | value: kyverno 4 | - op: add 5 | path: /spec/instanceSelector 6 | value: {matchLabels: {dashboards: grafana}} 7 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/storage/patch-folder.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/folder 3 | value: storage 4 | - op: add 5 | path: /spec/instanceSelector 6 | value: {matchLabels: {dashboards: grafana}} 7 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/system/patch-folder.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/folder 3 | value: system 4 | - op: add 5 | path: /spec/instanceSelector 6 | value: {matchLabels: {dashboards: grafana}} 7 | -------------------------------------------------------------------------------- /cluster/apps/networking/gateway-api/gateway-class.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: gateway.networking.k8s.io/v1 3 | kind: GatewayClass 4 | metadata: 5 | name: traefik 6 | spec: 7 | controllerName: traefik.io/gateway-controller 8 | -------------------------------------------------------------------------------- /cluster/apps/system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ./namespace.yaml 5 | - ./intel-device-plugins/ks.yaml 6 | - ./snapshot-controller/ks.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/vault/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: vault 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | goldilocks.fairwinds.com/enabled: "true" 9 | -------------------------------------------------------------------------------- /cluster/core/external-secrets/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./ks.yaml 6 | commonLabels: 7 | component.bloopysphere-0/aspect: security 8 | -------------------------------------------------------------------------------- /cluster/core/monitoring/kube-prometheus-stack/kustomize-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /cluster/core/mysql/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | labels: 6 | control-plane: controller-manager 7 | goldilocks.fairwinds.com/enabled: "true" 8 | name: mysql-operator 9 | -------------------------------------------------------------------------------- /infrastructure/terraform/gcp/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | gcp_secrets = sensitive(yamldecode(nonsensitive(data.sops_file.gcp_secrets.raw))) 3 | key_ring_name = "bloopy-vault" 4 | crypto_key_name = "bloopy-vault-crypt" 5 | } 6 | -------------------------------------------------------------------------------- /cluster/apps/auth/ldap/db/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: auth 5 | resources: 6 | - ./cnpg-secret.sops.yaml 7 | - ./ldap-secret.sops.yaml 8 | -------------------------------------------------------------------------------- /cluster/apps/auth/realms/bloopysphere/keycloak/instance/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./keycloak.yaml 6 | - ./routers/kc-iam-ingress.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/database/patch-folder.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/folder 3 | value: database 4 | - op: add 5 | path: /spec/instanceSelector 6 | value: {matchLabels: {dashboards: grafana}} 7 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/monitoring/patch-folder.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/folder 3 | value: monitoring 4 | - op: add 5 | path: /spec/instanceSelector 6 | value: {matchLabels: {dashboards: grafana}} 7 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/networking/patch-folder.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/folder 3 | value: networking 4 | - op: add 5 | path: /spec/instanceSelector 6 | value: {matchLabels: {dashboards: grafana}} 7 | -------------------------------------------------------------------------------- /cluster/apps/vault/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - namespace.yaml 6 | - deployment/credentials.sops.yaml 7 | - deployment/helm-release.yaml 8 | -------------------------------------------------------------------------------- /cluster/core/monitoring/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./namespace.yaml 6 | - ./kube-prometheus-stack 7 | - ./grafana-operator/ks.yaml 8 | -------------------------------------------------------------------------------- /cluster/core/tigera-operator/bgp/bgp-peers-internal/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./slowpoke.yaml 6 | - ./k8s-2.yaml 7 | - ./k8s-3.yaml 8 | -------------------------------------------------------------------------------- /provision/terraform/authentik/provider/provider.tf: -------------------------------------------------------------------------------- 1 | provider "authentik" { 2 | url = "https://auth.${XYZ_DOMAIN}" 3 | token = "foo-bar" 4 | # Optionally set insecure to ignore TLS Certificates 5 | # insecure = true 6 | } 7 | -------------------------------------------------------------------------------- /cluster/apps/default/wiki/db/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: default 5 | resources: 6 | - ./cnpg-secret.sops.yaml 7 | - ./wiki-secret.sops.yaml 8 | -------------------------------------------------------------------------------- /cluster/apps/home/zwavejs2mqtt/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helm-release.yaml 6 | - ./config-pvc.yaml 7 | - ./pdb.yaml 8 | - ./gatus.yaml 9 | -------------------------------------------------------------------------------- /cluster/apps/media/bazarr/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | - config-pvc.yaml 7 | - api-passthrough.yaml 8 | - gatus.yaml 9 | -------------------------------------------------------------------------------- /k8s/clusters/bloopysphere/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - k8s/global/config 6 | - cluster-settings.yaml 7 | - cluster-secrets.sops.yaml 8 | -------------------------------------------------------------------------------- /cluster/apps/auth/realms/bloopysphere/db/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: auth 5 | resources: 6 | - ./cnpg-secret.sops.yaml 7 | - ./kc-secret.sops.yaml 8 | -------------------------------------------------------------------------------- /cluster/apps/database/cloudnative-pg/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: database 5 | resources: 6 | - ./helm-release.yaml 7 | - ./prometheus-rule.yaml 8 | -------------------------------------------------------------------------------- /cluster/apps/default/minecraft/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - pvc-minecraft-data-v1.yaml 6 | - pvc-mcsv-backups-v1.yaml 7 | #- helm-release.yaml 8 | -------------------------------------------------------------------------------- /cluster/apps/downloads/qbittorrent/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - config-pvc-v2.yaml 6 | - config-pvc.yaml 7 | - helm-release.yaml 8 | - dashboard 9 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/loki/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./alerting 6 | - ./obc-loki-v1.yaml 7 | - ./dashboard 8 | - ./helm-release.yaml 9 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/vector/agent/patches/kustomize-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/values/persistence/config/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /cluster/apps/storage/minio/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./pvc-data-v1.yaml 6 | - ./secrets.sops.yaml 7 | - ./helm-release.yaml 8 | - ./dashboard 9 | -------------------------------------------------------------------------------- /cluster/apps/storage/volsync/README.md: -------------------------------------------------------------------------------- 1 | # Volsync 2 | 3 | [Official Docs](https://volsync.readthedocs.io) 4 | 5 | My use case for volsync is using the [restic based backup](https://volsync.readthedocs.io/en/stable/usage/restic/index.html) 6 | -------------------------------------------------------------------------------- /cluster/components/common/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: not-used 6 | annotations: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | volsync.backube/privileged-movers: "true" 9 | -------------------------------------------------------------------------------- /cluster/core/namespaces/auth.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: auth 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | # annotations: 9 | # linkerd.io/inject: enabled 10 | -------------------------------------------------------------------------------- /cluster/core/rook-ceph/rook-ceph/snapshot-controller/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - rbac.yaml 6 | - deployment.yaml 7 | - volume-snapshot-class.yaml 8 | -------------------------------------------------------------------------------- /infrastructure/terraform/azure/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | azurerm_secrets = sensitive(yamldecode(nonsensitive(data.sops_file.azurerm_secrets.raw))) 3 | domains = yamldecode(nonsensitive(data.sops_external.domains.raw)) 4 | } 5 | -------------------------------------------------------------------------------- /infrastructure/terraform/gcp/providers.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | credentials = local.gcp_secrets["serviceaccount.json"] 3 | project = local.gcp_secrets["gcp_project_name"] 4 | region = local.gcp_secrets["gcp_region"] 5 | } 6 | -------------------------------------------------------------------------------- /archive/apps/blogs/strapi/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | - pvc-config.yaml 7 | - pvc-db-backup.yaml 8 | - strapi-postgres.yaml 9 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/vector/aggregator/patches/kustomize-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/values/persistence/config/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /cluster/components/common/repos/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./app-template 7 | -------------------------------------------------------------------------------- /cluster/core/namespaces/emqx-operator-system.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | labels: 6 | control-plane: controller-manager 7 | goldilocks.fairwinds.com/enabled: "true" 8 | name: emqx-operator-system 9 | -------------------------------------------------------------------------------- /k8s/global/config/global-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: global-config 6 | namespace: flux-system 7 | data: 8 | DEFAULT_HELM_REPO_INTERVAL: 45m 9 | DEFAULT_HELM_REPO_TIMEOUT: 3m 10 | -------------------------------------------------------------------------------- /k8s/global/sources/git/README.md: -------------------------------------------------------------------------------- 1 | # Git Sources 2 | 3 | This folder contains the common GitRepository definitions and any dependent keys required for flux to interact with them. 4 | 5 | ## Keys 6 | 7 | Folder containing SOPS encrypted keys 8 | -------------------------------------------------------------------------------- /cluster/apps/database/cloudnative-pg/db/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: database 5 | resources: 6 | - ./cnpg-secret.sops.yaml 7 | - ./bloopgres-secret.sops.yaml 8 | -------------------------------------------------------------------------------- /cluster/apps/flux-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - notifications 6 | - monitoring 7 | - image-update-automation.yaml 8 | - image-policies/plex.yaml 9 | -------------------------------------------------------------------------------- /cluster/apps/flux-system/notifications/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./discord 6 | - ./grafana 7 | - ./receivers 8 | - ./alert-manager/notification.yaml 9 | -------------------------------------------------------------------------------- /cluster/apps/home/network-ups-tools/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | - service-monitor.yaml 7 | - prometheus-rule.yaml 8 | - dashboard 9 | -------------------------------------------------------------------------------- /cluster/apps/kube-system/node-feature-discovery/rules/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - google-coral-device.yaml 6 | - ups-device.yaml 7 | - zwave-device.yaml 8 | -------------------------------------------------------------------------------- /cluster/apps/media/plex/config/README.md: -------------------------------------------------------------------------------- 1 | # Custom Resources 2 | 3 | ## Chromecast 4 | 5 | Modified Chromecast Profile to ensure proper configuration for the Chromecast Ultra. `Chromecast.xml.bak` is my original config in case something goes awry. 6 | -------------------------------------------------------------------------------- /cluster/apps/media/recyclarr/README.md: -------------------------------------------------------------------------------- 1 | # Recyclarr 2 | 3 | [Documentation](https://recyclarr.dev) 4 | 5 | Basically Keeps Release Profiles up-to-date 6 | 7 | *NOTE:* Will remain disabled until I get around to migrating my currently set profiles 8 | -------------------------------------------------------------------------------- /cluster/apps/networking/traefik/middlewares/basic-auth.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: traefik.io/v1alpha1 3 | kind: Middleware 4 | metadata: 5 | name: basic-auth 6 | namespace: networking 7 | spec: 8 | basicAuth: 9 | secret: basic-auth 10 | -------------------------------------------------------------------------------- /cluster/apps/networking/traefik/middlewares/plex-add-web.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: traefik.io/v1alpha1 3 | kind: Middleware 4 | metadata: 5 | name: plex-add-web 6 | namespace: networking 7 | spec: 8 | addPrefix: 9 | prefix: "/web" 10 | -------------------------------------------------------------------------------- /cluster/apps/networking/zero-trust/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: networking 5 | resources: 6 | - config-map.yaml 7 | - secrets.sops.yaml 8 | - helm-release.yaml 9 | -------------------------------------------------------------------------------- /cluster/core/kubegres/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./namespace.yaml 6 | - ./kubegres.yaml 7 | commonLabels: 8 | component.bloopysphere-0/aspect: database 9 | -------------------------------------------------------------------------------- /find_containers_by_uid.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | uid_file=$(cat container_list_backup) 4 | 5 | for uid in $uid_file; do 6 | kubectl get po -A -o custom-columns=PodName:.metadata.name,PodUID:.metadata.uid | grep $uid >> found_uuids.txt 7 | done 8 | -------------------------------------------------------------------------------- /infrastructure/terraform/iam/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | iam_secrets = sensitive(yamldecode(nonsensitive(data.sops_file.iam_secrets.raw))) 3 | domains = yamldecode(nonsensitive(data.sops_external.domains.raw)) 4 | realm_name = "bloopnet" 5 | } 6 | -------------------------------------------------------------------------------- /cluster/components/common/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1alpha1 4 | kind: Component 5 | resources: 6 | - ./namespace.yaml 7 | - ./repos 8 | -------------------------------------------------------------------------------- /cluster/core/cert-manager/certs/bundles/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./public-bundle.yaml 6 | - ./csi-driver-spiffe.yaml 7 | - ./snapshot-controller-webhook.yaml 8 | -------------------------------------------------------------------------------- /cluster/apps/default/wiki/db/backup/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./obc-backup-v1.yaml 6 | # Enable after initializing postgres cluster 7 | - ./backup-schedule.yaml 8 | -------------------------------------------------------------------------------- /cluster/apps/downloads/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - qbittorrent 6 | - downloads-pv 7 | - sabnzbd 8 | # - jackett 9 | - whisparr 10 | # - openbooks 11 | -------------------------------------------------------------------------------- /cluster/apps/home/home-assistant/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./db 6 | - ./gatus.yaml 7 | - ./service-monitor.yaml 8 | - ./home-assistant-prometheus-token.sops.yaml 9 | -------------------------------------------------------------------------------- /cluster/apps/infra/tofu-controller/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: flux-system 5 | resources: 6 | - ./secret-sops-key.sops.yaml 7 | - ./secret-tfe-cli-config.sops.yaml 8 | -------------------------------------------------------------------------------- /cluster/components/common/repos/app-template/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./oci-repo.yaml 7 | -------------------------------------------------------------------------------- /cluster/components/network/bgp-peer-v4.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: crd.projectcalico.org/v1 3 | kind: BGPPeer 4 | metadata: 5 | name: ipv4-${NODE_NAME} 6 | spec: 7 | peerIP: ${NODE_IPV4} 8 | asNumber: ${ASN:=65413} 9 | keepOriginalNextHop: true 10 | -------------------------------------------------------------------------------- /cluster/components/network/bgp-peer-v6.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: crd.projectcalico.org/v1 3 | kind: BGPPeer 4 | metadata: 5 | name: ipv6-${NODE_NAME} 6 | spec: 7 | peerIP: ${NODE_IPV6} 8 | asNumber: ${ASN:=65413} 9 | keepOriginalNextHop: true 10 | -------------------------------------------------------------------------------- /cluster/core/mysql/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./namespace.yaml 6 | - ./operator/helm-release.yaml 7 | commonLabels: 8 | component.bloopysphere-0/aspect: database 9 | -------------------------------------------------------------------------------- /cluster/repositories/helm/piraeus.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: piraeus 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://piraeus.io/helm-charts/ 10 | -------------------------------------------------------------------------------- /infrastructure/terraform/azure/README.md: -------------------------------------------------------------------------------- 1 | # Azure 2 | 3 | [Terraform Documentation - azurerm](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs) 4 | 5 | [Azure Free Services List](https://azure.microsoft.com/en-us/pricing/free-services) 6 | -------------------------------------------------------------------------------- /cluster/apps/home/network-ups-tools/README.md: -------------------------------------------------------------------------------- 1 | # Map 2 | ## CP1500 - UPS_SERIAL_0 3 | * Camelus 4 | * MewTwo 5 | * 1 AP 6 | * FlexDaddy 7 | * FlexBabby2 8 | ## CP900AVR - UPS_SERIAL_4 9 | * k8s-0 10 | * slowpoke 11 | * k8s-2 12 | * Snorlax 13 | * 1 AP 14 | -------------------------------------------------------------------------------- /cluster/apps/media/books/readarr/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - secret.sops.yaml 6 | - helm-release.yaml 7 | - pvc-config.yaml 8 | - ./routers/media-readarr-bypass.yaml 9 | -------------------------------------------------------------------------------- /cluster/apps/media/plex-meta-manager/imagemaid/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helm-release.yaml 7 | -------------------------------------------------------------------------------- /cluster/apps/media/prowlarr/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./secrets.sops.yaml 6 | - ./pvc-config.yaml 7 | - ./helm-release.yaml 8 | - ./routers/media-prowlarr-bypass.yaml 9 | -------------------------------------------------------------------------------- /cluster/apps/networking/traefik/external-services/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - classic-svc.yaml 6 | - home-assistant.yaml 7 | - nas-camelus.yaml 8 | # - pihole-svc.yaml 9 | -------------------------------------------------------------------------------- /cluster/apps/networking/traefik/middlewares/rate-limit.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: traefik.io/v1alpha1 3 | kind: Middleware 4 | metadata: 5 | name: rate-limit 6 | namespace: networking 7 | spec: 8 | rateLimit: 9 | average: 300 10 | burst: 110 11 | -------------------------------------------------------------------------------- /cluster/components/volsync/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1alpha1 4 | kind: Component 5 | resources: 6 | - ./local 7 | - ./remote 8 | - ./pvc.yaml 9 | -------------------------------------------------------------------------------- /cluster/core/cert-manager/csi-driver-spiffe/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helm-release.yaml 7 | -------------------------------------------------------------------------------- /cluster/core/metallb-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./custom-resources 6 | - ./helm-release.yaml 7 | commonLabels: 8 | component.bloopysphere-0/aspect: networking 9 | -------------------------------------------------------------------------------- /cluster/repositories/helm/bjw-s.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: bjw-s 6 | namespace: flux-system 7 | spec: 8 | type: oci 9 | interval: 1h 10 | url: oci://ghcr.io/bjw-s/helm 11 | -------------------------------------------------------------------------------- /provision/ansible/kubernetes/inventory/group_vars/kubernetes/kube-vip.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # (string) The interface on the host kube-vip should attach to 3 | # kubevip_interface: "enp89s0" 4 | # (string) The ARP address kube-vip broadcasts 5 | kubevip_address: "10.1.0.165" 6 | -------------------------------------------------------------------------------- /cluster/apps/auth/realms/bloopysphere/db/backup/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./obc-backup-v1.yaml 6 | # Enable after setting up postgres cluster 7 | - ./backup-schedule.yaml 8 | -------------------------------------------------------------------------------- /cluster/apps/home/emqx/pdb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: policy/v1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: emqx 6 | namespace: home 7 | spec: 8 | maxUnavailable: 2 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: emqx 12 | -------------------------------------------------------------------------------- /cluster/apps/media/plex/pdb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: policy/v1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: plex 6 | namespace: media 7 | spec: 8 | maxUnavailable: 1 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: plex 12 | -------------------------------------------------------------------------------- /cluster/apps/networking/traefik/tls-store/default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: traefik.io/v1alpha1 3 | kind: TLSStore 4 | metadata: 5 | name: default 6 | namespace: networking 7 | spec: 8 | defaultCertificate: 9 | secretName: "tls.${XYZ_DOMAIN/./-}" 10 | -------------------------------------------------------------------------------- /cluster/repositories/image-repos/credentials/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - hub-docker-io-creds.sops.yaml 6 | - ghcr-io-creds.sops.yaml 7 | - registry-gitlab-com-creds.sops.yaml 8 | -------------------------------------------------------------------------------- /.github/renovate-bot.json5: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "username": "bloopy-boi[bot]", 4 | "repositories": ["h3mmy/bloopysphere"], 5 | "gitAuthor": "bloopy-boi <166688+bloopy-boi[bot]@users.noreply.github.com>", 6 | } 7 | -------------------------------------------------------------------------------- /.taskfiles/pre-commit.yml: -------------------------------------------------------------------------------- 1 | --- 2 | version: "3" 3 | 4 | tasks: 5 | init: 6 | desc: Initialize pre-commit hooks 7 | cmds: 8 | - pre-commit install-hooks 9 | run: 10 | desc: Run pre-commit 11 | cmds: 12 | - pre-commit run --all-files 13 | -------------------------------------------------------------------------------- /charts/kah-common/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: common 3 | repository: https://library-charts.k8s-at-home.com 4 | version: 4.5.2 5 | digest: sha256:408d12aa9bbce6dfd4ced5c2586d92dfa518821e01823081fa9a141243b3160c 6 | generated: "2022-08-02T14:25:12.491802564Z" 7 | -------------------------------------------------------------------------------- /cluster/apps/media/books/readarr-audio/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - secret.sops.yaml 6 | - helm-release.yaml 7 | - pvc-config.yaml 8 | - ./routers/media-readarr-audio-bypass.yaml 9 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/loki/app/obc-loki-v1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: objectbucket.io/v1alpha1 3 | kind: ObjectBucketClaim 4 | metadata: 5 | name: loki-bucket-v2 6 | namespace: monitoring 7 | spec: 8 | bucketName: loki-v2 9 | storageClassName: ceph-bucket 10 | -------------------------------------------------------------------------------- /cluster/apps/networking/traefik/middlewares/ghost-admin-add-prefix.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: traefik.io/v1alpha1 3 | kind: Middleware 4 | metadata: 5 | name: ghost-admin-add-prefix 6 | namespace: networking 7 | spec: 8 | addPrefix: 9 | prefix: "/ghost" 10 | -------------------------------------------------------------------------------- /cluster/core/metallb-system/custom-resources/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ip-address-pools.yaml 6 | - layer2-advertisement.yaml 7 | # - bgp-peers.yaml 8 | # - bgp-advertisement.yaml 9 | -------------------------------------------------------------------------------- /cluster/repositories/helm/jetstack.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: jetstack 6 | namespace: flux-system 7 | spec: 8 | interval: 45m 9 | url: https://charts.jetstack.io/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /provision/ansible/kubernetes/roles/k3s.kubernetes/templates/k3s/11-arm-node-taint.yaml.j2: -------------------------------------------------------------------------------- 1 | # Experiment 2 | {% if k3s_arch_lookup[ansible_architecture].arch in ['arm64','aarch64'] %} 3 | k3s_agent: 4 | node-taint: "kubernetes.io/arch=arm64:NoSchedule" 5 | {% endif %} 6 | -------------------------------------------------------------------------------- /archive/apps/home/node-red/pdb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: policy/v1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: node-red 6 | namespace: home 7 | spec: 8 | maxUnavailable: 1 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: node-red 12 | -------------------------------------------------------------------------------- /cluster/apps/home/ser2sock/pdb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: policy/v1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: ser2sock 6 | namespace: home 7 | spec: 8 | maxUnavailable: 1 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: ser2sock 12 | -------------------------------------------------------------------------------- /cluster/apps/infra/tofu-controller/config/README.md: -------------------------------------------------------------------------------- 1 | # TF-Controller 2 | 3 | ## TFE CLI config 4 | 5 | This config file is for holding credentials and other settings. See [official documentation](https://developer.hashicorp.com/terraform/cli/config/config-file) for details. 6 | -------------------------------------------------------------------------------- /cluster/apps/media/radarr/routers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - media-radarr-fix.yaml 6 | - media-radarr-uhd-fix.yaml 7 | - media-radarr-bypass.yaml 8 | - media-radarr-uhd-bypass.yaml 9 | -------------------------------------------------------------------------------- /cluster/apps/media/sonarr/routers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - media-sonarr-fix.yaml 6 | - media-sonarr-uhd-fix.yaml 7 | - media-sonarr-bypass.yaml 8 | - media-sonarr-uhd-bypass.yaml 9 | -------------------------------------------------------------------------------- /cluster/apps/networking/traefik/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | - tls-store 7 | - dashboard 8 | - middlewares 9 | - routers 10 | - external-services 11 | -------------------------------------------------------------------------------- /cluster/repositories/helm/bjw-s-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: bjw-s-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://bjw-s-labs.github.io/helm-charts/ 10 | -------------------------------------------------------------------------------- /cluster/repositories/helm/cloudnative-pg.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: cloudnative-pg 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://cloudnative-pg.github.io/charts 10 | -------------------------------------------------------------------------------- /cluster/repositories/helm/minio-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: minio-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 45m 9 | url: https://operator.min.io 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/repositories/helm/vector-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: vector-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://helm.vector.dev 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/repositories/oci/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - grafana.yaml 6 | - terraform-cloudflare.yaml 7 | - terraform-gcp.yaml 8 | - terraform-oci.yaml 9 | - terraform-s3.yaml 10 | -------------------------------------------------------------------------------- /cluster/apps/media/overseer/pdb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: policy/v1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: overseerr 6 | namespace: media 7 | spec: 8 | maxUnavailable: 1 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: overseerr 12 | -------------------------------------------------------------------------------- /cluster/apps/media/plex/pvc-cache.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: plex-cache 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 50Gi 11 | storageClassName: ceph-block 12 | -------------------------------------------------------------------------------- /cluster/repositories/helm/backube.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: backube 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://backube.github.io/helm-charts/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/repositories/helm/emqx-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: emqx-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 35m 9 | url: https://repos.emqx.io/charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/repositories/helm/hajimari-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: hajimari-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 60m 9 | url: https://hajimari.io 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /infrastructure/terraform/iam/providers.tf: -------------------------------------------------------------------------------- 1 | provider "keycloak" { 2 | client_id = local.iam_secrets["kc_client_id"] 3 | client_secret = local.iam_secrets["kc_client_secret"] 4 | url = "https://iam.${local.domains["xyz"]}" 5 | realm = local.realm_name 6 | } 7 | -------------------------------------------------------------------------------- /archive/core/linkerd/README.md: -------------------------------------------------------------------------------- 1 | # Linkerd Control Plane 2 | 3 | The CRDs are installed in the /crds/linkerd-crds folder. The 'linkerd' namespace is also defined there rather than core/namespaces. 4 | 5 | Ref: [Github - Linkerd Charts](https://github.com/linkerd/linkerd2/tree/main/charts) 6 | -------------------------------------------------------------------------------- /cluster/apps/media/radarr/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - routers 6 | - radarr-hd 7 | - radarr-uhd 8 | - observability/radarr-hd-gatus.yaml 9 | - observability/radarr-uhd-gatus.yaml 10 | -------------------------------------------------------------------------------- /cluster/apps/media/sonarr/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - routers 6 | - sonarr-hd 7 | - sonarr-uhd 8 | - observability/sonarr-hd-gatus.yaml 9 | - observability/sonarr-uhd-gatus.yaml 10 | -------------------------------------------------------------------------------- /cluster/apps/networking/blocky/app/pdb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: policy/v1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: blocky 6 | namespace: networking 7 | spec: 8 | minAvailable: 1 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: blocky 12 | -------------------------------------------------------------------------------- /cluster/apps/networking/external-dns/repo/helm-repository.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: source.toolkit.fluxcd.io/v1beta1 2 | kind: HelmRepository 3 | metadata: 4 | name: external-dns 5 | namespace: networking 6 | spec: 7 | interval: 1h 8 | url: https://kubernetes-sigs.github.io/external-dns/ 9 | -------------------------------------------------------------------------------- /cluster/components/volsync/remote/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./external-secret-2.yaml 7 | - ./replication-source.yaml 8 | -------------------------------------------------------------------------------- /.github/scripts/cloudflareNetworks.mjs: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env zx 2 | $.verbose = false 3 | const response = await fetch('https://api.cloudflare.com/client/v4/ips') 4 | const body = await response.json() 5 | const ips = body.result.ipv4_cidrs.concat(body.result.ipv6_cidrs); 6 | echo(ips.join("\\,")) 7 | -------------------------------------------------------------------------------- /cluster/apps/home/zwavejs2mqtt/pdb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: policy/v1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: zwavejs2mqtt 6 | namespace: home 7 | spec: 8 | maxUnavailable: 1 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: zwavejs2mqtt 12 | -------------------------------------------------------------------------------- /cluster/core/metallb-system/custom-resources/bgp-advertisement.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: metallb.io/v1beta1 3 | kind: BGPAdvertisement 4 | metadata: 5 | name: bgp-lb 6 | namespace: metallb-system 7 | spec: 8 | ipAddressPools: 9 | - bgp-pool 10 | peers: 11 | - gateway 12 | -------------------------------------------------------------------------------- /cluster/repositories/helm/authentik-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: authentik-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 60m 9 | url: https://charts.goauthentik.io/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/repositories/helm/bitnami-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: bitnami-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 60m 9 | url: https://charts.bitnami.com/bitnami 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/repositories/helm/kyverno-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: kyverno-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 60m 9 | url: https://kyverno.github.io/kyverno/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/repositories/helm/metallb-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: metallb-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 35m 9 | url: https://metallb.github.io/metallb 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/repositories/helm/mysql-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: mysql-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 45m 9 | url: https://mysql.github.io/mysql-operator/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/repositories/helm/rook-ceph-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: rook-ceph-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 75m 9 | url: https://charts.rook.io/release 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /.github/renovate/disabledDatasources.json5: -------------------------------------------------------------------------------- 1 | { 2 | packageRules: [ 3 | { 4 | description: "Disable kubernetes-api", 5 | matchManagers: ["kubernetes"], 6 | matchDatasources: ["kubernetes-api"], 7 | enabled: false, 8 | }, 9 | ], 10 | } 11 | -------------------------------------------------------------------------------- /cluster/apps/auth/ldap/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./lldap-secret.sops.yaml 7 | - ./helm-release.yaml 8 | # - ./gatus.yaml 9 | -------------------------------------------------------------------------------- /cluster/apps/home/emqx/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./bootstrap_api_keys.sops.yaml 6 | - ./db-emqx 7 | - ./secrets.sops.yaml 8 | - ./dashboard 9 | - ./helm-release.yaml 10 | - ./pdb.yaml 11 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/kyverno/folder.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: grafana.integreatly.org/v1beta1 3 | kind: GrafanaFolder 4 | metadata: 5 | name: kyverno 6 | namespace: monitoring 7 | spec: 8 | instanceSelector: 9 | matchLabels: 10 | dashboards: "grafana" 11 | -------------------------------------------------------------------------------- /cluster/repositories/helm/angelnu-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: angelnu-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://angelnu.github.io/helm-charts 10 | timeout: 15m 11 | -------------------------------------------------------------------------------- /cluster/repositories/helm/external-secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: external-secrets 6 | namespace: flux-system 7 | spec: 8 | interval: 60m 9 | url: https://charts.external-secrets.io 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/repositories/helm/fairwinds-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: fairwinds-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://charts.fairwinds.com/stable 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/repositories/helm/grafana-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: grafana-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://grafana.github.io/helm-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/repositories/helm/hashicorp-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: hashicorp-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 90m 9 | url: https://helm.releases.hashicorp.com 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/repositories/helm/k8s-at-home-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: k8s-at-home-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 15m 9 | url: https://k8s-at-home.com/charts/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /provision/ansible/kubernetes/roles/os.kubernetes/handlers/network.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Reload Kubernetes network configuration 3 | ansible.builtin.shell: sysctl -p /etc/sysctl.d/99-kubernetes-cri.conf 4 | when: 5 | - sysctl_network.changed 6 | - bridge_nf_call_iptables_result.stat.exists 7 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/monitoring/folder.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: grafana.integreatly.org/v1beta1 3 | kind: GrafanaFolder 4 | metadata: 5 | name: monitoring 6 | namespace: monitoring 7 | spec: 8 | instanceSelector: 9 | matchLabels: 10 | dashboards: "grafana" 11 | -------------------------------------------------------------------------------- /cluster/apps/system-upgrade/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: system-upgrade 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | goldilocks.fairwinds.com/enabled: "true" 9 | volsync.backube/privileged-movers: "true" 10 | -------------------------------------------------------------------------------- /cluster/apps/system-upgrade/system-upgrade-controller/system-upgrade-patches.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Namespace should already exist 3 | # Delete the system-upgrade namespace 4 | # from the kustomization 5 | $patch: delete 6 | apiVersion: v1 7 | kind: Namespace 8 | metadata: 9 | name: system-upgrade 10 | -------------------------------------------------------------------------------- /cluster/core/cert-manager/certs/bundles/public-bundle.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: trust.cert-manager.io/v1alpha1 3 | kind: Bundle 4 | metadata: 5 | name: public-bundle 6 | spec: 7 | sources: 8 | - useDefaultCAs: true 9 | target: 10 | configMap: 11 | key: "ca-certificates.crt" 12 | -------------------------------------------------------------------------------- /cluster/crds/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./traefik/crds.yaml 6 | - ./grafana-agent-operator/crds.yaml 7 | - ./external-snapshotter/crds.yaml 8 | - ./external-dns/crds.yaml 9 | - ./velero/crds.yaml 10 | -------------------------------------------------------------------------------- /cluster/repositories/helm/calico-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: calico-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://projectcalico.docs.tigera.io/charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/repositories/helm/cdr-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: cdr-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 90m 9 | url: https://code-server-boilerplates.github.io/charts 10 | timeout: 2m 11 | -------------------------------------------------------------------------------- /cluster/repositories/helm/deliveryhero-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: deliveryhero-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 45m 9 | url: https://charts.deliveryhero.io/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/repositories/helm/k8s-gateway-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: k8s-gateway 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://k8s-gateway.github.io/k8s_gateway/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/repositories/helm/kubereboot-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: kubereboot-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 45m 9 | url: https://kubereboot.github.io/charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/repositories/helm/stakater-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: stakater-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 45m 9 | url: https://stakater.github.io/stakater-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/repositories/helm/tofu-controller.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: tofu-controller 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://flux-iac.github.io/tofu-controller/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/apps/flux-system/notifications/grafana/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - notification.yaml 6 | - grafana-auth.sops.yaml 7 | - grafana-alerting-auth.sops.yaml 8 | # - init-job.yaml 9 | # - scripts 10 | -------------------------------------------------------------------------------- /cluster/apps/media/maintainerr/app/pvc-data-v1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: maintainerr-v1 6 | spec: 7 | accessModes: 8 | - ReadWriteOnce 9 | resources: 10 | requests: 11 | storage: 5Gi 12 | storageClassName: ceph-block 13 | -------------------------------------------------------------------------------- /cluster/apps/vault/jobs/README.md: -------------------------------------------------------------------------------- 1 | # Jobs 2 | 3 | ## Init Vault 4 | 5 | Script for initializing vault and vault-secrets-operator. Inspired by [billimek's boostrap script](https://github.com/billimek/k8s-gitops/blob/1bcc29f6d0586d7c93a8f66e9eabd9e1fccea52e/setup/bootstrap-vault.sh), tweaked to work as a job. 6 | -------------------------------------------------------------------------------- /cluster/repositories/helm/codecentric-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: codecentric-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 90m 9 | url: https://codecentric.github.io/helm-charts 10 | timeout: 2m 11 | -------------------------------------------------------------------------------- /cluster/repositories/helm/emberstack-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: emberstack-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 65m 9 | url: https://emberstack.github.io/helm-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/repositories/helm/infracloudio-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: infracloudio-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 60m 9 | url: https://infracloudio.github.io/charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/repositories/helm/jupyterhub-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: jupyterhub-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 90m 9 | url: https://jupyterhub.github.io/helm-chart/ 10 | timeout: 2m 11 | -------------------------------------------------------------------------------- /cluster/repositories/helm/oauth2-proxy-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: oauth2-proxy-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 90m 9 | url: https://oauth2-proxy.github.io/manifests 10 | timeout: 2m 11 | -------------------------------------------------------------------------------- /cluster/repositories/helm/ricoberger-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: ricoberger-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 75m 9 | url: https://ricoberger.github.io/helm-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /infrastructure/terraform/s3/modules/minio_bucket/outputs.tf: -------------------------------------------------------------------------------- 1 | output "minio_access_key" { 2 | value = minio_iam_service_account.user_service_account.access_key 3 | } 4 | 5 | output "minio_secret_key" { 6 | value = minio_iam_service_account.user_service_account.secret_key 7 | sensitive = true 8 | } 9 | -------------------------------------------------------------------------------- /cluster/repositories/helm/descheduler-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: descheduler-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 35m 9 | url: https://kubernetes-sigs.github.io/descheduler 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/repositories/helm/vmware-tanzu-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: vmware-tanzu-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://vmware-tanzu.github.io/helm-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/apps/media/bazarr/config-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: bazarr-config 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 1Gi 13 | storageClassName: ceph-block 14 | -------------------------------------------------------------------------------- /cluster/apps/media/books/audiobookshelf/app/pvc-config-v1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: audiobookshelf 6 | spec: 7 | accessModes: 8 | - ReadWriteOnce 9 | resources: 10 | requests: 11 | storage: 1G 12 | storageClassName: ceph-block 13 | -------------------------------------------------------------------------------- /cluster/apps/system-upgrade/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: system-upgrade 6 | resources: 7 | - namespace.yaml 8 | - alerts.yaml 9 | - ks.yaml 10 | -------------------------------------------------------------------------------- /archive/apps/blogs/strapi/pvc-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: strapi-config-v1 6 | namespace: blogs 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 15Gi 13 | storageClassName: ceph-block 14 | -------------------------------------------------------------------------------- /archive/apps/home/node-red/pvc-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: node-red-config-v1 6 | namespace: home 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 1Gi 13 | storageClassName: ceph-block 14 | -------------------------------------------------------------------------------- /cluster/apps/media/lidarr/config-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: lidarr-config-v1 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 6Gi 13 | storageClassName: ceph-block 14 | -------------------------------------------------------------------------------- /cluster/apps/media/overseer/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | - config-pvc.yaml 8 | - pdb.yaml 9 | - api-passthrough.yaml 10 | -------------------------------------------------------------------------------- /cluster/repositories/helm/bloopy-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: bloopy-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 60m 9 | url: https://gitlab.com/api/v4/projects/33933962/packages/helm/stable 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/repositories/helm/grafana-operator-chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: grafana-operator-chart 6 | namespace: flux-system 7 | spec: 8 | type: oci 9 | interval: 15m 10 | url: oci://ghcr.io/grafana/helm-charts/grafana-operator 11 | -------------------------------------------------------------------------------- /cluster/repositories/helm/metrics-server-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: metrics-server-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 45m 9 | url: https://kubernetes-sigs.github.io/metrics-server 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/repositories/helm/minecraft-server-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: minecraft-server-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 95m 9 | url: https://itzg.github.io/minecraft-server-charts/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /cluster/repositories/oci/terraform-cloudflare.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: OCIRepository 4 | metadata: 5 | name: terraform-cloudflare 6 | namespace: flux-system 7 | spec: 8 | interval: 15m 9 | url: oci://ghcr.io/h3mmy/terraform-cloudflare 10 | ref: 11 | tag: main 12 | -------------------------------------------------------------------------------- /infrastructure/terraform/gcp/vault_kms.tf: -------------------------------------------------------------------------------- 1 | module "bloopysphere_vault_kms" { 2 | source = "./modules/gcp_kms" 3 | gcloud-project = local.gcp_secrets["gcp_project_name"] 4 | gcloud-region = local.gcp_secrets["gcp_region"] 5 | key_ring_name = local.key_ring_name 6 | crypto_key = local.crypto_key_name 7 | } 8 | -------------------------------------------------------------------------------- /provision/ansible/kubernetes/playbooks/k3s.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: 3 | - master 4 | - worker 5 | become: true 6 | gather_facts: true 7 | any_errors_fatal: true 8 | pre_tasks: 9 | - name: Pausing for 5 seconds... 10 | pause: 11 | seconds: 5 12 | roles: 13 | - k3s.kubernetes 14 | -------------------------------------------------------------------------------- /archive/apps/blogs/strapi/pvc-db-backup.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: strapi-db-backup 6 | namespace: blogs 7 | spec: 8 | storageClassName: "nfs-client" 9 | accessModes: 10 | - ReadWriteOnce 11 | resources: 12 | requests: 13 | storage: 10Gi 14 | -------------------------------------------------------------------------------- /archive/apps/home/n8n/db-n8n/pvc-db-backup.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: n8n-db-backup 6 | namespace: home 7 | spec: 8 | storageClassName: "nfs-client" 9 | accessModes: 10 | - ReadWriteOnce 11 | resources: 12 | requests: 13 | storage: 10Gi 14 | -------------------------------------------------------------------------------- /cluster/apps/media/overseer/config-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: overseerr-config-v1 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | storageClassName: nfs-client 11 | resources: 12 | requests: 13 | storage: 1Gi 14 | -------------------------------------------------------------------------------- /cluster/apps/media/plex-meta-manager/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: pmm-config-v1 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 5Gi 13 | storageClassName: ceph-block 14 | -------------------------------------------------------------------------------- /cluster/apps/media/stash/app/pvc-config-v1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: stash-config-v1 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | storageClassName: ceph-block 11 | resources: 12 | requests: 13 | storage: 10Gi 14 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./users 6 | - ./home 7 | - ./networking 8 | - ./storage 9 | - ./system 10 | - ./database 11 | - ./monitoring 12 | - ./kyverno 13 | - ./media 14 | -------------------------------------------------------------------------------- /cluster/components/volsync/local/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./external-secret.yaml 7 | - ./replication-source.yaml 8 | - ./replication-destination.yaml 9 | -------------------------------------------------------------------------------- /cluster/core/rook-ceph/README.md: -------------------------------------------------------------------------------- 1 | # rook-ceph 2 | 3 | ## Rook 4 | 5 | [Rook](https://rook.io/) turns distributed storage systems into self-managing, self-scaling, self-healing storage services. 6 | It automates the tasks of a storage administrator: deployment, bootstrapping, configuration, provisioning, scaling, upgrading, 7 | -------------------------------------------------------------------------------- /cluster/apps/home/emqx/db-emqx/pvc-db-backup.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: emqx-db-backup 6 | namespace: home 7 | spec: 8 | storageClassName: "nfs-client" 9 | accessModes: 10 | - ReadWriteOnce 11 | resources: 12 | requests: 13 | storage: 500Mi 14 | -------------------------------------------------------------------------------- /cluster/apps/home/home-assistant/db/backup-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: hass-db-backup 6 | namespace: home 7 | spec: 8 | storageClassName: "nfs-client" 9 | accessModes: 10 | - ReadWriteOnce 11 | resources: 12 | requests: 13 | storage: 5Gi 14 | -------------------------------------------------------------------------------- /cluster/apps/home/zwavejs2mqtt/config-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: zwavejs2mqtt-config-v1 6 | namespace: home 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 1Gi 13 | storageClassName: ceph-block 14 | -------------------------------------------------------------------------------- /cluster/apps/iam/keycloak/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/20.0.3/kubernetes/kubernetes.yml 7 | -------------------------------------------------------------------------------- /cluster/apps/media/books/calibre/pvc-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: calibre-config-v1 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 1Gi 13 | storageClassName: ceph-block 14 | -------------------------------------------------------------------------------- /cluster/apps/media/plex-meta-manager/app/custom/TV Shows - Overlays - Statuses.yaml: -------------------------------------------------------------------------------- 1 | overlays: 2 | 3 | ############################ 4 | # STATUSES # 5 | ############################ 6 | 7 | Cancelled: 8 | overlay: Cancelled 9 | plex_all: true 10 | filters: 11 | tmdb_status: canceled 12 | -------------------------------------------------------------------------------- /cluster/apps/media/radarr/radarr-hd/pvc-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: radarr-config-v1 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 5Gi 13 | storageClassName: ceph-block 14 | -------------------------------------------------------------------------------- /cluster/apps/media/sonarr/sonarr-hd/pvc-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: sonarr-config-v1 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 5Gi 13 | storageClassName: ceph-block 14 | -------------------------------------------------------------------------------- /cluster/apps/media/stash/app/pvc-metadata-v1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: stash-metadata-v1 6 | namespace: media 7 | spec: 8 | storageClassName: "nfs-client" 9 | accessModes: 10 | - ReadWriteOnce 11 | resources: 12 | requests: 13 | storage: 10Gi 14 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/gatus/app/pvc-data-v1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: gatus-data-v1 6 | namespace: monitoring 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 1Gi 13 | storageClassName: ceph-block 14 | -------------------------------------------------------------------------------- /cluster/apps/auth/authentik/postgres/pvc-backup.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: authentik-db-backup 6 | namespace: auth 7 | spec: 8 | storageClassName: "nfs-client" 9 | accessModes: 10 | - ReadWriteOnce 11 | resources: 12 | requests: 13 | storage: 10Gi 14 | -------------------------------------------------------------------------------- /cluster/apps/default/hajimari-bloop/config-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: hajimari-config 6 | namespace: default 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | storageClassName: ceph-block 11 | resources: 12 | requests: 13 | storage: 128Mi 14 | -------------------------------------------------------------------------------- /cluster/apps/default/hajimari-xyz/config-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: hajimari-xyz-config 6 | namespace: default 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | storageClassName: ceph-block 11 | resources: 12 | requests: 13 | storage: 128Mi 14 | -------------------------------------------------------------------------------- /cluster/apps/default/minecraft/pvc-mcsv-backups-v1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: mcsv-backups-v1 6 | namespace: default 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | storageClassName: nfs-client 11 | resources: 12 | requests: 13 | storage: 50Gi 14 | -------------------------------------------------------------------------------- /cluster/apps/media/navidrome/app/pvc-config-v1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: config-navidrome-v1 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 5Gi 13 | storageClassName: ceph-block 14 | -------------------------------------------------------------------------------- /cluster/apps/media/radarr/radarr-uhd/pvc-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: radarr-uhd-config-v1 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 5Gi 13 | storageClassName: ceph-block 14 | -------------------------------------------------------------------------------- /cluster/apps/media/sonarr/sonarr-uhd/pvc-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: sonarr-uhd-config-v1 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 5Gi 13 | storageClassName: ceph-block 14 | -------------------------------------------------------------------------------- /cluster/apps/media/stash/app/pvc-generated-v1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: stash-generated-v1 6 | namespace: media 7 | spec: 8 | storageClassName: "nfs-client" 9 | accessModes: 10 | - ReadWriteOnce 11 | resources: 12 | requests: 13 | storage: 10Gi 14 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/networking/cert-manager.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: grafana.integreatly.org/v1beta1 3 | kind: GrafanaDashboard 4 | metadata: 5 | name: cert-manager 6 | namespace: monitoring 7 | spec: 8 | configMapRef: 9 | name: cert-manager-dashboard 10 | key: cert-manager-dashboard.json 11 | -------------------------------------------------------------------------------- /cluster/apps/system/intel-device-plugins/operator/README.md: -------------------------------------------------------------------------------- 1 | # Intel Device Plugin Operator 2 | 3 | Depends on node-feature-discovery 4 | 5 | [https://github.com/intel/intel-device-plugins-for-kubernetes] 6 | 7 | [https://github.com/intel/helm-charts/blob/07016986b81664844cf6775e507b8f58f702b229/charts/device-plugin-operator/README.md] 8 | -------------------------------------------------------------------------------- /cluster/repositories/helm/prometheus-community-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: prometheus-community-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 95m 9 | url: https://prometheus-community.github.io/helm-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /infrastructure/terraform/oci/provider.tf: -------------------------------------------------------------------------------- 1 | provider "oci" { 2 | region = local.home_region 3 | # fingerprint = var.api_fingerprint 4 | private_key = local.oci_secrets["api_private_key"] 5 | tenancy_ocid = local.oci_secrets["tenancy_ocid"] 6 | user_ocid = local.oci_secrets["user_ocid"] 7 | alias = "home" 8 | } 9 | -------------------------------------------------------------------------------- /infrastructure/terraform/oci/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | oci = { 4 | source = "oracle/oci" 5 | configuration_aliases = [ oci.home ] 6 | version = "7.26.1" 7 | } 8 | 9 | sops = { 10 | source = "carlpett/sops" 11 | version = "1.3.0" 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /infrastructure/terraform/s3/providers.tf: -------------------------------------------------------------------------------- 1 | provider "minio" { 2 | alias = "bloop" 3 | minio_server = "s3.${data.sops_file.domains.data["xyz"]}" 4 | minio_user = data.sops_file.s3_secrets.data["minio_access_key"] 5 | minio_password = data.sops_file.s3_secrets.data["minio_secret_key"] 6 | minio_ssl = true 7 | } 8 | -------------------------------------------------------------------------------- /cluster/apps/blogs/ghost/routers/redirect-tgr-lilj.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: traefik.io/v1alpha1 3 | kind: Middleware 4 | metadata: 5 | name: redirect-tgr-lilj 6 | namespace: blogs 7 | spec: 8 | redirectRegex: 9 | regex: ^https://${TGR_DOMAIN}/(.*) 10 | replacement: https://${LILJ_DOMAIN}/${1} 11 | # permanent: true 12 | -------------------------------------------------------------------------------- /cluster/apps/media/music-assistant/app/pvc-data-v1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: music-assistant-data-v1 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 5Gi 13 | storageClassName: ceph-block 14 | -------------------------------------------------------------------------------- /cluster/apps/media/plex-meta-manager/app/custom/Movies - Overlays - Stand-up.yaml: -------------------------------------------------------------------------------- 1 | overlays: 2 | 3 | ############################ 4 | # STAND-UP COMEDY # 5 | ############################ 6 | 7 | Stand-up Comedy: 8 | overlay: Stand-up Comedy 9 | plex_search: 10 | all: 11 | collection: Stand-up Comedy 12 | -------------------------------------------------------------------------------- /cluster/apps/media/plex-trakt-sync/pvc-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: plex-trakt-sync-config-v1 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 256Mi 13 | storageClassName: ceph-block 14 | -------------------------------------------------------------------------------- /cluster/base/flux-system/gotk-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: gotk-pvc 6 | namespace: flux-system 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | - ReadWriteMany 11 | storageClassName: ceph-block 12 | resources: 13 | requests: 14 | storage: 2Gi 15 | -------------------------------------------------------------------------------- /cluster/core/cert-manager/certs/issuers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./letsencrypt-production.yaml 6 | - ./letsencrypt-staging.yaml 7 | - ./secret.sops.yaml 8 | - ./csi-driver-spiffe-ca.yaml 9 | - ./snapshot-validation-webhook-ca.yaml 10 | -------------------------------------------------------------------------------- /cluster/core/metallb-system/custom-resources/bgp-peers.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: metallb.io/v1beta2 3 | kind: BGPPeer 4 | metadata: 5 | name: gateway 6 | namespace: metallb-system 7 | spec: 8 | peerAddress: ${LOCAL_GATEWAY_BGP} 9 | peerASN: ${NETWORK_BGP_ROUTER_ASN} 10 | myASN: ${NETWORK_BGP_K8S_ASN} 11 | holdTime: 1m30s 12 | -------------------------------------------------------------------------------- /cluster/apps/auth/ldap/db/backup/backup-schedule.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: postgresql.cnpg.io/v1 3 | kind: ScheduledBackup 4 | metadata: 5 | name: backup-schedule-ldap-postgres-v1 6 | namespace: auth 7 | spec: 8 | schedule: "@daily" 9 | immediate: true 10 | backupOwnerReference: self 11 | cluster: 12 | name: ldap-postgres 13 | -------------------------------------------------------------------------------- /cluster/apps/blogs/ghost/pvc-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: ghost-config-v1 6 | namespace: blogs 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | # - ReadWriteMany 11 | resources: 12 | requests: 13 | storage: 10Gi 14 | storageClassName: ceph-block 15 | -------------------------------------------------------------------------------- /cluster/apps/media/books/audiobookshelf/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./pvc-config-v1.yaml 7 | - ./pvc-metadata.yaml 8 | - ./helm-release.yaml 9 | - ./gatus.yaml 10 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/README.md: -------------------------------------------------------------------------------- 1 | # Notes 2 | 3 | ## In Use 4 | 5 | * kube-prometheus-stack 6 | * uptimerobot 7 | * vector 8 | * vertical-pod-autoscaler (not doing any actual autoscaling - just monitoring for goldilocks) 9 | * unifi-poller 10 | * thanos 11 | * loki 12 | * node-problem-detector (No ARM) 13 | * grafana 14 | * goldilocks 15 | -------------------------------------------------------------------------------- /cluster/core/cert-manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./certs/ks.yaml 7 | - ./controller/ks.yaml 8 | - ./trust-manager/ks.yaml 9 | - ./csi-driver-spiffe/ks.yaml 10 | -------------------------------------------------------------------------------- /infrastructure/terraform/oci/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | oci_secrets = sensitive(yamldecode(nonsensitive(data.sops_file.oci_secrets.raw))) 3 | home_region = "us-ashburn-1" 4 | region = "us-ashburn-1" 5 | label_prefix = "quarky" 6 | vcn_dns_label = "quarkynet" 7 | vcn_name = "quarkynet" 8 | } 9 | -------------------------------------------------------------------------------- /infrastructure/terraform/s3/modules/minio_bucket/variables.tf: -------------------------------------------------------------------------------- 1 | variable "bucket_name" { 2 | type = string 3 | } 4 | 5 | variable "user_name" { 6 | type = string 7 | sensitive = false 8 | default = null 9 | } 10 | 11 | variable "user_secret" { 12 | type = string 13 | sensitive = true 14 | default = null 15 | } 16 | -------------------------------------------------------------------------------- /cluster/apps/blogs/ghost/pvc-db-backup.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: ghost-db-backup 6 | namespace: blogs 7 | spec: 8 | storageClassName: "nfs-client" 9 | accessModes: 10 | - ReadWriteOnce 11 | - ReadWriteMany 12 | resources: 13 | requests: 14 | storage: 10Gi 15 | -------------------------------------------------------------------------------- /cluster/apps/database/cloudnative-pg/plugins/barman/manifests/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: database 5 | # TODO: Update to use OCI repo when available 6 | resources: 7 | - https://raw.githubusercontent.com/cloudnative-pg/plugin-barman-cloud/refs/tags/v0.3.0/manifest.yaml 8 | -------------------------------------------------------------------------------- /cluster/apps/database/redis/config-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: PersistentVolumeClaim 3 | apiVersion: v1 4 | metadata: 5 | name: redis-config-v1 6 | namespace: database 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | - ReadWriteMany 11 | resources: 12 | requests: 13 | storage: 5Gi 14 | storageClassName: ceph-block 15 | -------------------------------------------------------------------------------- /cluster/apps/default/wiki/db/backup/backup-schedule.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: postgresql.cnpg.io/v1 3 | kind: ScheduledBackup 4 | metadata: 5 | name: backup-schedule-wiki-postgres-v1 6 | namespace: default 7 | spec: 8 | schedule: "@daily" 9 | immediate: true 10 | backupOwnerReference: self 11 | cluster: 12 | name: wiki-postgres 13 | -------------------------------------------------------------------------------- /cluster/apps/media/books/audiobookshelf/app/pvc-metadata.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: audiobookshelf-metadata 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 10Gi 13 | storageClassName: ceph-block 14 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/media/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./folder.yaml 6 | patches: 7 | - path: patch-folder.yaml 8 | target: 9 | kind: GrafanaDashboard 10 | group: grafana.integreatly.org 11 | version: v1beta1 12 | -------------------------------------------------------------------------------- /cluster/repositories/helm/node-feature-discovery-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: node-feature-discovery-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 35m 9 | url: https://kubernetes-sigs.github.io/node-feature-discovery/charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /k8s/clusters/bloopysphere/bootstrap/gotk-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: gotk-pvc 6 | namespace: flux-system 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | - ReadWriteMany 11 | storageClassName: ceph-block 12 | resources: 13 | requests: 14 | storage: 2Gi 15 | -------------------------------------------------------------------------------- /cluster/apps/auth/realms/bloopysphere/db/backup/backup-schedule.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: postgresql.cnpg.io/v1 3 | kind: ScheduledBackup 4 | metadata: 5 | name: backup-schedule-kc-postgres-v1 6 | namespace: auth 7 | spec: 8 | schedule: "@daily" 9 | immediate: true 10 | backupOwnerReference: self 11 | cluster: 12 | name: kc-postgres 13 | -------------------------------------------------------------------------------- /cluster/apps/database/cloudnative-pg/db/backup/backup-schedule.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: postgresql.cnpg.io/v1 3 | kind: ScheduledBackup 4 | metadata: 5 | name: backup-schedule-bloopgres-v1 6 | namespace: database 7 | spec: 8 | schedule: "@weekly" 9 | immediate: true 10 | backupOwnerReference: self 11 | cluster: 12 | name: bloopgres 13 | -------------------------------------------------------------------------------- /cluster/apps/kyverno/app/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: kyverno:admin 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: admin 10 | subjects: 11 | - kind: ServiceAccount 12 | name: kyverno 13 | namespace: kyverno 14 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/kyverno/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./folder.yaml 6 | patches: 7 | - path: patch-folder.yaml 8 | target: 9 | kind: GrafanaDashboard 10 | group: grafana.integreatly.org 11 | version: v1beta1 12 | -------------------------------------------------------------------------------- /cluster/apps/networking/blocky/app/db-blocky-query/pvc-db-backup.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: blocky-db-backup 6 | namespace: networking 7 | spec: 8 | storageClassName: "nfs-client" 9 | accessModes: 10 | - ReadWriteOnce 11 | resources: 12 | requests: 13 | storage: 10Gi 14 | -------------------------------------------------------------------------------- /cluster/apps/system-upgrade/system-upgrade-controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | components: 6 | - ../../../../components/common 7 | resources: 8 | - ./helm-release.yaml 9 | - ./rbac.yaml 10 | -------------------------------------------------------------------------------- /infrastructure/terraform/s3/README.md: -------------------------------------------------------------------------------- 1 | # S3 2 | 3 | Provisioning of S3 Resources. Currently it will provision minio buckets, attach a service_account to a user and output those credentials. Eventually these will be stored in k8s secrets or vault, etc. That part is not yet implemented. 4 | 5 | This line is to bump teh oci version to use the latest gh-action 6 | -------------------------------------------------------------------------------- /k8s/global/sources/git/bloopysphere.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: GitRepository 4 | metadata: 5 | name: bloopysphere 6 | namespace: flux-system 7 | spec: 8 | interval: 1m0s 9 | ref: 10 | branch: main 11 | url: ssh://git@github.com/h3mmy/bloopySphere.git 12 | secretRef: 13 | name: bloopysphere 14 | -------------------------------------------------------------------------------- /cluster/apps/auth/authentik/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: auth 5 | resources: 6 | - geoip-secrets.sops.yaml 7 | # - redis 8 | - postgres 9 | - media 10 | # Additional RBAC needed for spiffe 11 | - rbac.yaml 12 | # - sp-authentik.yaml 13 | - helm-release.yaml 14 | -------------------------------------------------------------------------------- /cluster/apps/home/priority-class.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: scheduling.k8s.io/v1 3 | description: 4 | Used for home critical pods that must run in the cluster for WAF, but can be 5 | moved to another node if necessary. 6 | kind: PriorityClass 7 | metadata: 8 | name: home-cluster-critical 9 | preemptionPolicy: PreemptLowerPriority 10 | value: 100001 11 | -------------------------------------------------------------------------------- /cluster/apps/networking/traefik/middlewares/error-pages.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: traefik.io/v1alpha1 3 | kind: Middleware 4 | metadata: 5 | name: error-pages 6 | namespace: networking 7 | spec: 8 | errors: 9 | status: 10 | - "400-599" 11 | query: /{status}.html 12 | service: 13 | name: error-pages 14 | port: 8080 15 | -------------------------------------------------------------------------------- /cluster/apps/networking/traefik/middlewares/external-auth.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: traefik.io/v1alpha1 3 | kind: Middleware 4 | metadata: 5 | name: external-auth 6 | namespace: networking 7 | spec: 8 | chain: 9 | middlewares: 10 | - name: auth-ak-outpost-traefik-default-xyz@kubernetescrd 11 | - name: chain-no-auth@kubernetescrd 12 | -------------------------------------------------------------------------------- /cluster/core/cert-manager/certs/bundles/csi-driver-spiffe.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: trust.cert-manager.io/v1alpha1 3 | kind: Bundle 4 | metadata: 5 | name: csi-driver-spiffe 6 | spec: 7 | sources: 8 | - secret: 9 | name: "csi-driver-spiffe-ca" 10 | key: "ca.crt" 11 | target: 12 | configMap: 13 | key: "ca-bundle.crt" 14 | -------------------------------------------------------------------------------- /cluster/core/mysql/README.md: -------------------------------------------------------------------------------- 1 | # MySQL/InnoDB 2 | 3 | Project Page: [mysql/mysql-operator](https://github.com/mysql/mysql-operator) 4 | 5 | Documentation is not great, and is kind of scattered across locations. 6 | 7 | The helm-chart for the operator now handles the CRD management. This was not reflected in the official documentation when the change occurred. 8 | -------------------------------------------------------------------------------- /cluster/core/namespaces/metallb-system.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: metallb-system 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | pod-security.kubernetes.io/enforce: privileged 9 | pod-security.kubernetes.io/audit: privileged 10 | pod-security.kubernetes.io/warn: privileged 11 | -------------------------------------------------------------------------------- /k8s/clusters/quark/infrastructure.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: infrastructure 6 | namespace: flux-system 7 | spec: 8 | interval: 10m0s 9 | sourceRef: 10 | kind: GitRepository 11 | name: quark 12 | path: ./k8s/clusters/quark/infrastructure 13 | prune: true 14 | -------------------------------------------------------------------------------- /archive/apps/kube-system/kopia/pvc-snapshots.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: PersistentVolumeClaim 3 | apiVersion: v1 4 | metadata: 5 | name: kopia-snapshots 6 | namespace: kube-system 7 | spec: 8 | volumeName: snapshots 9 | accessModes: 10 | - ReadWriteOnce 11 | resources: 12 | requests: 13 | storage: 80Gi 14 | storageClassName: nfs-client 15 | -------------------------------------------------------------------------------- /cluster/apps/calico-system/felix-metrics/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | namespace: calico-system 6 | name: felix-metrics 7 | labels: 8 | k8s-app: calico-node 9 | spec: 10 | selector: 11 | k8s-app: calico-node 12 | ports: 13 | - name: http-metrics 14 | port: 9091 15 | targetPort: 9091 16 | -------------------------------------------------------------------------------- /cluster/apps/default/minecraft/pvc-minecraft-data-v1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: minecraft-data-v1 6 | namespace: default 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | - ReadWriteMany 11 | resources: 12 | requests: 13 | storage: 35Gi 14 | storageClassName: ceph-block 15 | -------------------------------------------------------------------------------- /cluster/apps/default/wiki/db/backup/obc-backup-v1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: objectbucket.io/v1alpha1 3 | kind: ObjectBucketClaim 4 | metadata: 5 | name: cnpg-wiki-backup-v1 6 | namespace: default 7 | spec: 8 | bucketName: wiki-postgres-backup 9 | storageClassName: ceph-bucket 10 | additionalConfig: 11 | maxObjects: "2000" 12 | maxSize: "3G" 13 | -------------------------------------------------------------------------------- /cluster/apps/home/emqx/genSaltedPass.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | while IFS="," read -r user pass 3 | do 4 | salt=$(uuidgen) 5 | saltedpass=$(echo -n "${salt}${pass}" | openssl dgst -sha256 | sed 's/^.* //') 6 | echo "INSERT INTO mqtt_user(username, password_hash, salt, is_superuser) VALUES ('$user', '$saltedpass', '$salt', true);" 7 | done < emqx_user_list.txt 8 | -------------------------------------------------------------------------------- /cluster/apps/media/priority-class.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: scheduling.k8s.io/v1 3 | description: 4 | Used for home critical pods that must run in the cluster for WAF, but can be 5 | moved to another node if necessary. 6 | kind: PriorityClass 7 | metadata: 8 | name: media-cluster-critical 9 | preemptionPolicy: PreemptLowerPriority 10 | value: 100000 11 | -------------------------------------------------------------------------------- /cluster/apps/networking/traefik/middlewares/chain-ghost-admin.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: traefik.io/v1alpha1 3 | kind: Middleware 4 | metadata: 5 | name: ghost-admin 6 | namespace: networking 7 | spec: 8 | chain: 9 | middlewares: 10 | - name: ghost-admin-add-prefix@kubernetescrd 11 | - name: networking-bloopnet-xyz-auth@kubernetescrd 12 | -------------------------------------------------------------------------------- /cluster/apps/calico-system/typha-metrics/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | namespace: calico-system 6 | name: typha-metrics 7 | labels: 8 | k8s-app: calico-typha 9 | spec: 10 | selector: 11 | k8s-app: calico-typha 12 | ports: 13 | - name: http-metrics 14 | port: 9093 15 | targetPort: 9093 16 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/home/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./folder.yaml 6 | - ./emqx.yaml 7 | patches: 8 | - path: patch-folder.yaml 9 | target: 10 | kind: GrafanaDashboard 11 | group: grafana.integreatly.org 12 | version: v1beta1 13 | -------------------------------------------------------------------------------- /cluster/apps/networking/traefik/middlewares/internal-only-auth.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: traefik.io/v1alpha1 3 | kind: Middleware 4 | metadata: 5 | name: internal-only-auth 6 | namespace: networking 7 | spec: 8 | chain: 9 | middlewares: 10 | - name: networking-rfc1918-ips@kubernetescrd 11 | - name: networking-bloopnet-xyz-auth@kubernetescrd 12 | -------------------------------------------------------------------------------- /cluster/core/cert-manager/certs/bundles/linkerd-ca.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: trust.cert-manager.io/v1alpha1 3 | kind: Bundle 4 | metadata: 5 | name: linkerd-identity-trust-roots 6 | spec: 7 | sources: 8 | - secret: 9 | name: "linkerd-identity-trust-roots" 10 | key: "ca.crt" 11 | target: 12 | configMap: 13 | key: "ca-bundle.crt" 14 | -------------------------------------------------------------------------------- /cluster/repositories/helm/nfs-subdir-external-provisioner-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: nfs-subdir-external-provisioner-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 35m 9 | url: https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /provision/terraform/authentik/flows-stages/prompts/prompts.tf: -------------------------------------------------------------------------------- 1 | resource "authentik_stage_prompt_field" "field" { 2 | field_key = "username" 3 | label = "Username" 4 | type = "username" 5 | } 6 | resource "authentik_stage_prompt" "name" { 7 | name = "test" 8 | fields = [ 9 | resource.authentik_stage_prompt_field.field.id, 10 | ] 11 | } 12 | -------------------------------------------------------------------------------- /archive/apps/kube-system/kopia/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - web 6 | - pvc.yaml 7 | - sync 8 | namespace: kube-system 9 | configMapGenerator: 10 | - name: kopia 11 | files: 12 | - ./config/repository.config 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | -------------------------------------------------------------------------------- /cluster/apps/auth/realms/bloopysphere/keycloak/instance/routers/README.md: -------------------------------------------------------------------------------- 1 | # Routers 2 | 3 | I initially wanted to use an IngressRoute to leverage some extra perks. However, k8s_gateway does not pick up IngressRoutes and thus hairpins traffic. This is not desirable for an IAM service. Hence the addition of the Ingress. 4 | 5 | The IngressRoute is currently only for reference. 6 | -------------------------------------------------------------------------------- /cluster/apps/home/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: home 5 | components: 6 | - ../../components/common 7 | resources: 8 | - ./priority-class.yaml 9 | - ./home-assistant 10 | - ./zwavejs2mqtt 11 | - ./ser2sock 12 | # - ./network-ups-tools 13 | - ./emqx 14 | - ./go2rtc/ks.yaml 15 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/database/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./folder.yaml 6 | - ./cnpg.yaml 7 | patches: 8 | - path: patch-folder.yaml 9 | target: 10 | kind: GrafanaDashboard 11 | group: grafana.integreatly.org 12 | version: v1beta1 13 | -------------------------------------------------------------------------------- /cluster/apps/networking/priority-class.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: scheduling.k8s.io/v1 3 | description: 4 | Used for network critical pods that must run in the cluster for WAF, but can be 5 | moved to another node if necessary. 6 | kind: PriorityClass 7 | metadata: 8 | name: network-cluster-critical 9 | preemptionPolicy: PreemptLowerPriority 10 | value: 150000 11 | -------------------------------------------------------------------------------- /cluster/components/gatus/guarded/config.yaml: -------------------------------------------------------------------------------- 1 | endpoints: 2 | - name: "${APP}" 3 | group: guarded 4 | url: 1.1.1.1 5 | interval: 1m 6 | ui: 7 | hide-hostname: true 8 | hide-url: true 9 | dns: 10 | query-name: "${GATUS_SUBDOMAIN:=${APP}}.${XYZ_DOMAIN}" 11 | query-type: A 12 | conditions: 13 | - "len([BODY]) == 0" 14 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/users/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./folder.yaml 6 | - ./authentik.yaml 7 | patches: 8 | - path: patch-folder.yaml 9 | target: 10 | kind: GrafanaDashboard 11 | group: grafana.integreatly.org 12 | version: v1beta1 13 | -------------------------------------------------------------------------------- /cluster/apps/system/intel-device-plugins/device-plugin-gpu/README.md: -------------------------------------------------------------------------------- 1 | # Intel Device Plugin GPU 2 | 3 | This installs the CRD for GpuDevicePlugin. See [https://github.com/intel/helm-charts/tree/07016986b81664844cf6775e507b8f58f702b229/charts/gpu-device-plugin] for details. 4 | 5 | It also creates the node-feature-discovery NodeFeatureRule to label the node with gpu capabilities 6 | -------------------------------------------------------------------------------- /archive/apps/home/n8n/pvc-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: n8n-config 6 | namespace: home 7 | # labels: 8 | # snapshot.home.arpa/enabled: "true" 9 | spec: 10 | accessModes: 11 | - ReadWriteOnce 12 | 13 | resources: 14 | requests: 15 | storage: 1Gi 16 | 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /cluster/apps/media/books/mylar/config-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: mylar-config-v1 6 | namespace: media 7 | labels: 8 | kasten.io/backup-volume: "enabled" 9 | spec: 10 | accessModes: 11 | - ReadWriteOnce 12 | resources: 13 | requests: 14 | storage: 1Gi 15 | storageClassName: ceph-block 16 | -------------------------------------------------------------------------------- /cluster/apps/media/plex-meta-manager/app/custom/README.md: -------------------------------------------------------------------------------- 1 | # Plex Meta Manager - Custom 2 | 3 | Borrowed from [https://github.com/LilDrunkenSmurf/k3s-home-cluster/tree/v0.25.0/kubernetes/apps/media/plex-meta-manager/app/custom] 4 | 5 | Some adjustments made such as updating the years in Movies.yaml 6 | 7 | TODO: Update Actor and Director Collections to be more reflective of good taste 8 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/home/folder.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: grafana.integreatly.org/v1beta1 3 | kind: GrafanaFolder 4 | metadata: 5 | name: home 6 | namespace: monitoring 7 | spec: 8 | instanceSelector: 9 | matchLabels: 10 | dashboards: "grafana" 11 | # If title is not defined, the value will be taken from metadata.name 12 | title: home 13 | -------------------------------------------------------------------------------- /cluster/apps/networking/traefik/middlewares/calibre-auth.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: traefik.io/v1alpha1 3 | kind: Middleware 4 | metadata: 5 | name: calibre-auth 6 | namespace: networking 7 | spec: 8 | forwardAuth: 9 | address: https://auth.${XYZ_DOMAIN}:9000/outpost.goauthentik.io/auth/traefik 10 | trustForwardHeader: true 11 | authResponseHeadersRegex: ^.*$ 12 | -------------------------------------------------------------------------------- /cluster/repositories/helm/intel.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://github.com/fluxcd-community/flux2-schemas/raw/main/helmrepository-source-v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: intel 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://intel.github.io/helm-charts 11 | -------------------------------------------------------------------------------- /cluster/apps/auth/authentik/media/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: auth 5 | configMapGenerator: 6 | - name: background-image-1 7 | files: 8 | - sound_wave.svg 9 | generatorOptions: 10 | disableNameSuffixHash: true 11 | annotations: 12 | kustomize.toolkit.fluxcd.io/substitute: disabled 13 | -------------------------------------------------------------------------------- /cluster/apps/flux-system/notifications/grafana/scripts/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | configMapGenerator: 5 | - name: grafana-auth-script 6 | files: 7 | - grafana-auth.sh 8 | generatorOptions: 9 | disableNameSuffixHash: true 10 | annotations: 11 | kustomize.toolkit.fluxcd.io/substitute: disabled 12 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/media/folder.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: grafana.integreatly.org/v1beta1 3 | kind: GrafanaFolder 4 | metadata: 5 | name: media 6 | namespace: monitoring 7 | spec: 8 | instanceSelector: 9 | matchLabels: 10 | dashboards: "grafana" 11 | # If title is not defined, the value will be taken from metadata.name 12 | title: media 13 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/system/folder.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: grafana.integreatly.org/v1beta1 3 | kind: GrafanaFolder 4 | metadata: 5 | name: system 6 | namespace: monitoring 7 | spec: 8 | instanceSelector: 9 | matchLabels: 10 | dashboards: "grafana" 11 | # If title is not defined, the value will be taken from metadata.name 12 | title: system 13 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/users/folder.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: grafana.integreatly.org/v1beta1 3 | kind: GrafanaFolder 4 | metadata: 5 | name: users 6 | namespace: monitoring 7 | spec: 8 | instanceSelector: 9 | matchLabels: 10 | dashboards: "grafana" 11 | # If title is not defined, the value will be taken from metadata.name 12 | title: users 13 | -------------------------------------------------------------------------------- /cluster/core/cert-manager/certs/bundles/snapshot-controller-webhook.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: trust.cert-manager.io/v1alpha1 3 | kind: Bundle 4 | metadata: 5 | name: snapshot-controller-webhook 6 | spec: 7 | sources: 8 | - secret: 9 | name: "snapshot-controller-trust-roots" 10 | key: "ca.crt" 11 | target: 12 | configMap: 13 | key: "ca-bundle.crt" 14 | -------------------------------------------------------------------------------- /cluster/repositories/helm/coredns-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.trux.dev/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: coredns-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 15m 10 | url: https://coredns.github.io/helm 11 | timeout: 3m 12 | -------------------------------------------------------------------------------- /infrastructure/terraform/azure/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | azurerm = { 4 | source = "hashicorp/azurerm" 5 | version = "4.54.0" 6 | } 7 | sops = { 8 | source = "carlpett/sops" 9 | version = "1.3.0" 10 | } 11 | http = { 12 | source = "hashicorp/http" 13 | version = "3.5.0" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /infrastructure/terraform/iam/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | keycloak = { 4 | source = "mrparkers/keycloak" 5 | version = "4.4.0" 6 | } 7 | sops = { 8 | source = "carlpett/sops" 9 | version = "1.3.0" 10 | } 11 | http = { 12 | source = "hashicorp/http" 13 | version = "3.5.0" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /cluster/apps/media/middlewares/chain-no-auth.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: traefik.io/v1alpha1 3 | kind: Middleware 4 | metadata: 5 | name: chain-no-auth 6 | namespace: media 7 | spec: 8 | chain: 9 | middlewares: 10 | - name: networking-rate-limit@kubernetescrd 11 | - name: networking-secure-headers@kubernetescrd 12 | # - name: networking-error-pages@kubernetescrd 13 | -------------------------------------------------------------------------------- /cluster/apps/media/stash/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - pvc-config-v1.yaml 7 | - pvc-metadata-v1.yaml 8 | - pvc-cache-v1.yaml 9 | - pvc-generated-v1.yaml 10 | - helm-release.yaml 11 | - api-passthrough.yaml 12 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/storage/folder.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: grafana.integreatly.org/v1beta1 3 | kind: GrafanaFolder 4 | metadata: 5 | name: storage 6 | namespace: monitoring 7 | spec: 8 | instanceSelector: 9 | matchLabels: 10 | dashboards: "grafana" 11 | # If title is not defined, the value will be taken from metadata.name 12 | title: storage 13 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - thanos 6 | - ./loki/ks.yaml 7 | - ./grafana/ks.yaml 8 | - uptimerobot 9 | - unifi-poller 10 | - goldilocks 11 | - vertical-pod-autoscaler 12 | - vector 13 | - node-problem-detector 14 | - snmp-exporter 15 | - ./gatus/ks.yaml 16 | -------------------------------------------------------------------------------- /cluster/core/rook-ceph/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./rook-ceph/ks.yaml 10 | # Post Flux Kustomizations 11 | - ./rook-ceph/tools 12 | -------------------------------------------------------------------------------- /infrastructure/terraform/iam/modules/keycloak/roles.tf: -------------------------------------------------------------------------------- 1 | resource "keycloak_role" "realm_base_roles" { 2 | for_each = { 3 | for role in var.realm_roles: role.name => role 4 | if role.composites == null 5 | } 6 | 7 | realm_id = keycloak_realm.bloopnet.id 8 | name = each.value.name 9 | description = each.value.description 10 | attributes = each.value.attributes 11 | } 12 | -------------------------------------------------------------------------------- /cluster/apps/default/middlewares/chain-no-auth.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: traefik.io/v1alpha1 3 | kind: Middleware 4 | metadata: 5 | name: chain-no-auth 6 | namespace: default 7 | spec: 8 | chain: 9 | middlewares: 10 | - name: networking-rate-limit@kubernetescrd 11 | - name: networking-secure-headers@kubernetescrd 12 | # - name: networking-error-pages@kubernetescrd 13 | -------------------------------------------------------------------------------- /cluster/apps/kube-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./coredns/helm-release.yaml 6 | - ./metrics-server 7 | - ./reloader 8 | - ./nfs-subdir-external-provisioner 9 | - ./node-feature-discovery 10 | - ./kured 11 | - ./descheduler 12 | - ./reflector 13 | - ./local-path-provisioner/ks.yaml 14 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/database/folder.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: grafana.integreatly.org/v1beta1 3 | kind: GrafanaFolder 4 | metadata: 5 | name: database 6 | namespace: monitoring 7 | spec: 8 | instanceSelector: 9 | matchLabels: 10 | dashboards: "grafana" 11 | # If title is not defined, the value will be taken from metadata.name 12 | title: database 13 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./folder.yaml 6 | - ./kubernetes.yaml 7 | - ./flux.yaml 8 | patches: 9 | - path: patch-folder.yaml 10 | target: 11 | kind: GrafanaDashboard 12 | group: grafana.integreatly.org 13 | version: v1beta1 14 | -------------------------------------------------------------------------------- /cluster/apps/networking/traefik/middlewares/keycloak-forward-auth.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: traefik.io/v1alpha1 3 | kind: Middleware 4 | metadata: 5 | name: keycloak-auth 6 | namespace: networking 7 | spec: 8 | forwardAuth: 9 | address: https://id.${XYZ_DOMAIN}/auth/realms/Bloopnet/protocol/openid-connect/auth 10 | trustForwardHeader: true 11 | authResponseHeadersRegex: ^.*$ 12 | -------------------------------------------------------------------------------- /cluster/apps/default/minecraft/patches/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: default 5 | configMapGenerator: 6 | - name: mcsv-world-2-patches 7 | files: 8 | - patchset-paper.json 9 | generatorOptions: 10 | disableNameSuffixHash: true 11 | annotations: 12 | kustomize.toolkit.fluxcd.io/substitute: disabled 13 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/networking/folder.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: grafana.integreatly.org/v1beta1 3 | kind: GrafanaFolder 4 | metadata: 5 | name: networking 6 | namespace: monitoring 7 | spec: 8 | instanceSelector: 9 | matchLabels: 10 | dashboards: "grafana" 11 | # If title is not defined, the value will be taken from metadata.name 12 | title: networking 13 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/networking/metallb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: grafana.integreatly.org/v1beta1 3 | kind: GrafanaDashboard 4 | metadata: 5 | name: metallb 6 | namespace: monitoring 7 | spec: 8 | url: https://raw.githubusercontent.com/jr0dd/grafana-dashboards/main/metallb.json 9 | datasources: 10 | - datasourceName: Prometheus 11 | inputName: DS_PROMETHEUS 12 | -------------------------------------------------------------------------------- /cluster/repositories/image-repos/home-operations/plex.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: image.toolkit.fluxcd.io/v1 3 | kind: ImageRepository 4 | metadata: 5 | name: plex 6 | namespace: flux-system 7 | spec: 8 | interval: 10m 9 | image: ghcr.io/home-operations/plex 10 | # accessFrom: 11 | # namespaceSelectors: 12 | # - matchLabels: 13 | # kubernetes.io/metadata.name: media 14 | -------------------------------------------------------------------------------- /infrastructure/terraform/cloudflare/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | cloudflare = { 4 | source = "cloudflare/cloudflare" 5 | version = "4.52.5" 6 | } 7 | sops = { 8 | source = "carlpett/sops" 9 | version = "1.3.0" 10 | } 11 | http = { 12 | source = "hashicorp/http" 13 | version = "3.5.0" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /cluster/apps/media/ytdlp-sub/app/README.md: -------------------------------------------------------------------------------- 1 | # Youtube archiver 2 | 3 | Note that for cookies to work in a kubernetes secret, it has to: 4 | 5 | 1. Be in the correct netscape format 6 | 2. The spaces _must_ be tabs 7 | 3. You _must_ store it in stringData to preserve the newline characters. The base64 encode/decode will strip those 8 | 4. The column representing expiry may need to be stripped of any decimals 9 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/loki/app/alerting/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: monitoring 5 | resources: 6 | - ./prometheus-rule.yaml 7 | configMapGenerator: 8 | - name: loki-alerting-rules 9 | files: 10 | - loki-alerting-rules.yaml=loki-alerting-rules.yaml 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | -------------------------------------------------------------------------------- /cluster/apps/networking/traefik/cloudflare-networks.txt: -------------------------------------------------------------------------------- 1 | 173.245.48.0/20\,103.21.244.0/22\,103.22.200.0/22\,103.31.4.0/22\,141.101.64.0/18\,108.162.192.0/18\,190.93.240.0/20\,188.114.96.0/20\,197.234.240.0/22\,198.41.128.0/17\,162.158.0.0/15\,104.16.0.0/13\,104.24.0.0/14\,172.64.0.0/13\,131.0.72.0/22\,2400:cb00::/32\,2606:4700::/32\,2803:f800::/32\,2405:b500::/32\,2405:8100::/32\,2a06:98c0::/29\,2c0f:f248::/32 2 | -------------------------------------------------------------------------------- /cluster/core/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./namespaces 6 | - ./monitoring 7 | - ./cert-manager 8 | # disable kube-vip after editing svc/kubernetes 9 | # - ./kube-system 10 | - ./metallb-system 11 | - ./rook-ceph 12 | - ./kubegres 13 | - ./tigera-operator 14 | - ./mysql 15 | - ./external-secrets 16 | -------------------------------------------------------------------------------- /infrastructure/terraform/cloudflare/modules/zero_trust/outputs.tf: -------------------------------------------------------------------------------- 1 | output "tunnel_id" { 2 | value = cloudflare_argo_tunnel.k8s_zero_trust_tunnel.id 3 | description = "Tunnel ID for created tunnel. Needed for kubernetes config." 4 | } 5 | 6 | output "tunnel_cname" { 7 | value = cloudflare_argo_tunnel.k8s_zero_trust_tunnel.cname 8 | description = "CNAME for accessing the tunnel" 9 | } 10 | -------------------------------------------------------------------------------- /cluster/apps/calico-system/kube-controllers-metrics/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | namespace: calico-system 6 | name: kube-controllers-metrics 7 | labels: 8 | k8s-app: calico-kube-controllers 9 | spec: 10 | selector: 11 | k8s-app: calico-kube-controllers 12 | ports: 13 | - name: http-metrics 14 | port: 9094 15 | targetPort: 9094 16 | -------------------------------------------------------------------------------- /cluster/apps/downloads/qbittorrent/config-pvc-v2.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: qbittorrent-config-v2 6 | namespace: downloads 7 | annotations: 8 | pv.beta.kubernetes.io/gid: "65537" 9 | 10 | spec: 11 | accessModes: 12 | - ReadWriteOnce 13 | 14 | resources: 15 | requests: 16 | storage: 1Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /cluster/apps/downloads/qbittorrent/config-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: qbittorrent-config-v1 6 | namespace: downloads 7 | annotations: 8 | pv.beta.kubernetes.io/gid: "65537" 9 | 10 | spec: 11 | accessModes: 12 | - ReadWriteOnce 13 | 14 | resources: 15 | requests: 16 | storage: 1Gi 17 | storageClassName: nfs-client 18 | -------------------------------------------------------------------------------- /cluster/apps/networking/traefik/middlewares/chain-no-auth.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: traefik.io/v1alpha1 3 | kind: Middleware 4 | metadata: 5 | name: chain-no-auth 6 | namespace: networking 7 | spec: 8 | chain: 9 | middlewares: 10 | - name: networking-rate-limit@kubernetescrd 11 | - name: networking-secure-headers@kubernetescrd 12 | # - name: networking-error-pages@kubernetescrd 13 | -------------------------------------------------------------------------------- /cluster/core/rook-ceph/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: rook-ceph 6 | #kubectl get namespace "rook-ceph" -o json | tr -d "\n" | sed "s/\"finalizers\": \[[^]]\+\]/\"finalizers\": []/" | kubectl replace --raw /api/v1/namespaces/rook-ceph/finalize -f - 7 | labels: 8 | goldilocks.fairwinds.com/enabled: "true" 9 | linkerd.io/inject: disabled 10 | -------------------------------------------------------------------------------- /k8s/clusters/quark/apps.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 2 | kind: Kustomization 3 | metadata: 4 | name: apps 5 | namespace: flux-system 6 | spec: 7 | interval: 10m0s 8 | dependsOn: 9 | - name: infrastructure 10 | sourceRef: 11 | kind: GitRepository 12 | name: quark 13 | path: ./k8s/clusters/quark/apps 14 | prune: true 15 | wait: true 16 | timeout: 5m0s 17 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/storage/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./folder.yaml 6 | - ./minio.yaml 7 | - ./redis.yaml 8 | - ./ceph.yaml 9 | patches: 10 | - path: patch-folder.yaml 11 | target: 12 | kind: GrafanaDashboard 13 | group: grafana.integreatly.org 14 | version: v1beta1 15 | -------------------------------------------------------------------------------- /cluster/apps/media/books/calibre-web/pvc-calibre-web-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: calibre-web-config 6 | namespace: media 7 | annotations: 8 | pv.beta.kubernetes.io/gid: "65537" 9 | spec: 10 | accessModes: 11 | - ReadWriteOnce 12 | 13 | resources: 14 | requests: 15 | storage: 512Mi 16 | 17 | storageClassName: nfs-client 18 | -------------------------------------------------------------------------------- /cluster/apps/media/music-assistant/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: media 6 | commonLabels: 7 | app.kubernetes.io/name: music-assistant 8 | app.kubernetes.io/instance: music-assistant 9 | resources: 10 | - ./helm-release.yaml 11 | - ./pvc-data-v1.yaml 12 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/home/emqx.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: grafana.integreatly.org/v1beta1 3 | kind: GrafanaDashboard 4 | metadata: 5 | name: emqx 6 | namespace: monitoring 7 | spec: 8 | # Ref: https://grafana.com/grafana/dashboards/17446 9 | grafanaCom: 10 | id: 17446 11 | revision: 1 12 | datasources: 13 | - datasourceName: Prometheus 14 | inputName: DS_PROMETHEUS 15 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/storage/redis.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: grafana.integreatly.org/v1beta1 3 | kind: GrafanaDashboard 4 | metadata: 5 | name: redis 6 | namespace: monitoring 7 | spec: 8 | # Ref: https://grafana.com/grafana/dashboards/763 9 | grafanaCom: 10 | id: 763 11 | revision: 5 12 | datasources: 13 | - datasourceName: Prometheus 14 | inputName: DS_PROMETHEUS 15 | -------------------------------------------------------------------------------- /cluster/apps/networking/traefik/middlewares/chain-no-auth-tgr.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: traefik.io/v1alpha1 3 | kind: Middleware 4 | metadata: 5 | name: chain-no-auth-tgr 6 | namespace: networking 7 | spec: 8 | chain: 9 | middlewares: 10 | - name: networking-rate-limit@kubernetescrd 11 | - name: networking-secure-headers-tgr@kubernetescrd 12 | # - name: networking-error-pages@kubernetescrd 13 | -------------------------------------------------------------------------------- /.envrc: -------------------------------------------------------------------------------- 1 | #shellcheck disable=SC2148,SC2155 2 | export KUBECONFIG=$(expand_path ./provision/kubeconfig) 3 | export ANSIBLE_CONFIG=$(expand_path ./provision/ansible/kubernetes/ansible.cfg) 4 | export ANSIBLE_HOST_KEY_CHECKING="False" 5 | export SOPS_AGE_KEY_FILE=$(expand_path ~/.config/sops/age/keys.txt) 6 | export PATH=$PATH:$(expand_path ./node_modules/.bin) 7 | 8 | dotenv ./.config.api.env 9 | dotenv ./.config.tf.env 10 | -------------------------------------------------------------------------------- /cluster/apps/home/go2rtc/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helm-release.yaml 7 | configMapGenerator: 8 | - name: go2rtc-configmap 9 | files: 10 | - go2rtc.yaml=./resources/go2rtc.yaml 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/database/cnpg.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: grafana.integreatly.org/v1beta1 3 | kind: GrafanaDashboard 4 | metadata: 5 | name: cnpg 6 | namespace: monitoring 7 | spec: 8 | instanceSelector: 9 | matchLabels: 10 | dashboards: "grafana" 11 | url: "https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/main/docs/src/samples/monitoring/grafana-dashboard.json" 12 | -------------------------------------------------------------------------------- /cluster/repositories/oci/cnpg.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://crd.movishell.pl/source.toolkit.fluxcd.io/ocirepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: OCIRepository 5 | metadata: 6 | name: cnpg-plugin-barman-cloud 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | url: oci://ghcr.io/cloudnative-pg/plugin-barman-cloud 11 | ref: 12 | tag: 0.5.0 13 | -------------------------------------------------------------------------------- /cluster/repositories/oci/terraform-gcp.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/JJGadgets/flux2-schemas/main/ocirepository-source-v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: OCIRepository 5 | metadata: 6 | name: terraform-gcp 7 | namespace: flux-system 8 | spec: 9 | interval: 10m 10 | url: oci://ghcr.io/h3mmy/terraform-gcp 11 | ref: 12 | tag: main 13 | -------------------------------------------------------------------------------- /cluster/repositories/oci/terraform-oci.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/JJGadgets/flux2-schemas/main/ocirepository-source-v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: OCIRepository 5 | metadata: 6 | name: terraform-oci 7 | namespace: flux-system 8 | spec: 9 | interval: 10m 10 | url: oci://ghcr.io/h3mmy/terraform-oci 11 | ref: 12 | tag: main 13 | -------------------------------------------------------------------------------- /cluster/repositories/oci/terraform-s3.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/JJGadgets/flux2-schemas/main/ocirepository-source-v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: OCIRepository 5 | metadata: 6 | name: terraform-s3 7 | namespace: flux-system 8 | spec: 9 | interval: 10m 10 | url: oci://ghcr.io/h3mmy/terraform-s3 11 | ref: 12 | tag: main 13 | -------------------------------------------------------------------------------- /cluster/apps/calico-system/felix-metrics/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: felix-metrics 6 | namespace: calico-system 7 | labels: 8 | k8s-app: calico-node 9 | spec: 10 | selector: 11 | matchLabels: 12 | k8s-app: calico-node 13 | endpoints: 14 | - port: http-metrics 15 | path: /metrics 16 | interval: 15s 17 | -------------------------------------------------------------------------------- /cluster/apps/calico-system/typha-metrics/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: typha-metrics 6 | namespace: calico-system 7 | labels: 8 | k8s-app: calico-typha 9 | spec: 10 | selector: 11 | matchLabels: 12 | k8s-app: calico-typha 13 | endpoints: 14 | - port: http-metrics 15 | path: /metrics 16 | interval: 15s 17 | -------------------------------------------------------------------------------- /cluster/apps/media/books/calibre/http-route.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: gateway.networking.k8s.io/v1alpha2 3 | kind: HTTPRoute 4 | metadata: 5 | name: calibre 6 | namespace: media 7 | spec: 8 | hostnames: 9 | - calibre.${XYZ_DOMAIN} 10 | parentRefs: 11 | - name: traefik 12 | namespace: networking 13 | rules: 14 | - matches: 15 | backendRefs: 16 | - name: calibre 17 | port: 8080 18 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/monitoring/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./folder.yaml 6 | - ./gatus.yaml 7 | - ./uptimerobot.yaml 8 | - ./synology-nas.yaml 9 | patches: 10 | - path: patch-folder.yaml 11 | target: 12 | kind: GrafanaDashboard 13 | group: grafana.integreatly.org 14 | version: v1beta1 15 | -------------------------------------------------------------------------------- /cluster/apps/monitoring/grafana/dashboards/users/authentik.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: grafana.integreatly.org/v1beta1 3 | kind: GrafanaDashboard 4 | metadata: 5 | name: authentik 6 | namespace: monitoring 7 | spec: 8 | # Ref: https://grafana.com/grafana/dashboards/14837 9 | grafanaCom: 10 | id: 14837 11 | revision: 2 12 | datasources: 13 | - datasourceName: Prometheus 14 | inputName: DS_PROMETHEUS 15 | --------------------------------------------------------------------------------