├── .editorconfig ├── .gitattributes ├── .github ├── CODEOWNERS ├── FUNDING.yml ├── labeler.yaml ├── labels.yaml └── workflows │ ├── codeql.yaml │ ├── flux-local.yaml │ ├── image-pull.yaml │ ├── label-sync.yaml │ ├── labeler.yaml │ ├── nas-restart.yaml │ ├── schemas.yaml │ ├── tag.yaml │ ├── terraform-diff.yaml │ └── terraform-publish.yaml ├── .gitignore ├── .minijinja.toml ├── .mise.toml ├── .renovate ├── autoMerge.json5 ├── customManagers.json5 ├── grafanaDashboards.json5 ├── groups.json5 └── packageRules.json5 ├── .renovaterc.json5 ├── .sops.yaml ├── .taskfiles ├── bootstrap │ └── Taskfile.yaml ├── kubernetes │ ├── Taskfile.yaml │ └── resources │ │ └── privileged-pod.tmpl.yaml ├── onepassword │ └── Taskfile.yaml ├── sops │ └── Taskfile.yaml ├── talos │ └── Taskfile.yaml ├── volsync │ ├── Taskfile.yaml │ └── resources │ │ ├── list.yaml.j2 │ │ ├── replicationdestination.yaml.j2 │ │ └── unlock.yaml.j2 └── workstation │ ├── Taskfile.yaml │ └── resources │ └── Brewfile ├── .vscode ├── extensions.json └── settings.json ├── LICENSE ├── README.md ├── Taskfile.yaml ├── bootstrap ├── helmfile.yaml └── resources.yaml.j2 ├── docs └── src │ ├── SUMMARY.md │ ├── assets │ ├── 101518784_p0.jpg │ ├── bgp.conf │ ├── icons │ │ ├── bazarr.png │ │ ├── beyond.png │ │ ├── dashbrr.png │ │ ├── headscale.png │ │ ├── kah-logo.png │ │ ├── karma.ico │ │ ├── lds-transparent.png │ │ ├── lds.png │ │ ├── longhorn.png │ │ ├── maintainerr.png │ │ ├── nas.png │ │ ├── outlook.png │ │ ├── overseerr.png │ │ ├── portainer.png │ │ ├── prowlarr.png │ │ ├── qbittorrent.png │ │ ├── radarr.png │ │ ├── readarr.png │ │ ├── sabnzbd.png │ │ ├── sonarr.png │ │ ├── tautulli.png │ │ ├── tdarr.png │ │ ├── weave.png │ │ ├── wsc.png │ │ └── youtube-music.png │ ├── network-topology.png │ ├── pikvm.png │ ├── server-nut │ │ ├── nut.conf │ │ ├── ups.conf │ │ ├── ups_shutdown.sh │ │ ├── upsd.conf │ │ ├── upsd.users │ │ └── upsmon.conf │ └── utility-nut │ │ ├── nut.conf │ │ ├── ups.conf │ │ ├── upsd.conf │ │ ├── upsd.users │ │ └── upsmon.conf │ ├── introduction.md │ └── notes │ ├── certs.md │ ├── pikvm.md │ ├── rclone.md │ └── rpi-nut.md ├── hack ├── cert-extract.sh ├── delete-stuck-ns.sh ├── nas-restart.sh ├── node-labels.sh └── restart-all-pods.sh ├── kubernetes ├── apps │ ├── base │ │ ├── actions-runner-system │ │ │ └── actions-runner-controller │ │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ └── runners │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── rbac.yaml │ │ ├── cert-manager │ │ │ └── cert-manager │ │ │ │ ├── clusterissuer.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helm │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ └── values.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── prometheusrule.yaml │ │ ├── database │ │ │ ├── crunchy-postgres │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── dragonfly │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ ├── downloads │ │ │ ├── bazarr │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── resources │ │ │ │ │ │ └── subcleaner.sh │ │ │ │ └── whisper │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── pvc.yaml │ │ │ ├── dashbrr │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ │ └── config.toml │ │ │ ├── flaresolverr │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── kapowarr │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── metube │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── mylar │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── prowlarr │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── qbittorrent │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── tools │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ ├── radarr │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ ├── readarr │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ ├── recyclarr │ │ │ │ ├── config │ │ │ │ │ └── recyclarr.yml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── sabnzbd │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── sonarr │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ └── webhook │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ ├── hooks.yaml │ │ │ │ ├── sonarr-refresh-series.sh │ │ │ │ └── sonarr-tag-codecs.sh │ │ ├── external-secrets │ │ │ ├── README.md │ │ │ ├── clustersecretstore.yaml │ │ │ ├── helm │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ └── values.yaml │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ ├── flux-system │ │ │ ├── addons │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── httproute.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── receiver.yaml │ │ │ ├── flux-operator │ │ │ │ ├── helm │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ └── values.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── headlamp │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── httproute.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── pushsecret.yaml │ │ │ │ └── rbac.yaml │ │ │ └── tofu-controller │ │ │ │ ├── controller │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ └── terraform │ │ │ │ ├── authentik.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── minio.yaml │ │ │ │ └── ocirepository.yaml │ │ ├── games │ │ │ ├── core-keeper │ │ │ │ ├── dnsendpoint.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ ├── minecraft │ │ │ │ ├── create │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── mc-router │ │ │ │ │ ├── dnsendpoint.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── takocraft │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── vibecraft │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ ├── palworld │ │ │ │ ├── dnsendpoint.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ └── vrising │ │ │ │ ├── ServerHostSettings.json │ │ │ │ ├── dnsendpoint.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ ├── home-automation │ │ │ ├── home-assistant │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── mosquitto │ │ │ │ ├── gatus.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ ├── rtlamr2mqtt │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── zigbee │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── scaledobject.yaml │ │ ├── kube-system │ │ │ ├── cilium │ │ │ │ ├── README.md │ │ │ │ ├── app │ │ │ │ │ ├── helm │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── gateway │ │ │ │ │ ├── certificate.yaml │ │ │ │ │ ├── crds.yaml │ │ │ │ │ ├── external.yaml │ │ │ │ │ ├── internal.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pushsecret.yaml │ │ │ │ │ └── redirect.yaml │ │ │ ├── coredns │ │ │ │ ├── helm │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ └── values.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── irqbalance │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── metrics-server │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ ├── kube-tools │ │ │ ├── descheduler │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── fstrim │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── intel-device-plugins │ │ │ │ ├── gpu │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── nodefeaturerule.yaml │ │ │ │ └── operator │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ ├── reloader │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── spegel │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── system-upgrade-controller │ │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ ├── plans │ │ │ │ ├── kubernetes.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── talos.yaml │ │ │ │ └── versions.env │ │ ├── llm │ │ │ ├── ollama │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ ├── open-webui │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── searxng │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ ├── limiter.toml │ │ │ │ └── settings.yml │ │ ├── media │ │ │ ├── ersatztv │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── jellyseerr │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ ├── kavita │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── komga │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── kyoo │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── httproute.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── maintainerr │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── plex │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── pvc.yaml │ │ │ │ ├── kometa │ │ │ │ │ ├── configs │ │ │ │ │ │ ├── Pre-rolls.yml │ │ │ │ │ │ └── config.yml │ │ │ │ │ ├── custom │ │ │ │ │ │ ├── Anime - Overlays - Charts.yml │ │ │ │ │ │ ├── Anime.yml │ │ │ │ │ │ ├── Movies - Holidays by Drazzizzi.yml │ │ │ │ │ │ ├── Movies - Overlays - Charts.yml │ │ │ │ │ │ ├── Movies - Overlays - Oscars.yml │ │ │ │ │ │ ├── Movies - Overlays - Ratings.yml │ │ │ │ │ │ ├── Movies - Overlays - Stand-up.yml │ │ │ │ │ │ ├── Movies - Overlays - Streaming Services.yml │ │ │ │ │ │ ├── Movies - Overlays - Studios.yml │ │ │ │ │ │ ├── Movies - Trakt (Unplayed) by Magic815.yml │ │ │ │ │ │ ├── Movies.yml │ │ │ │ │ │ ├── TV Shows - Overlays - Charts.yml │ │ │ │ │ │ ├── TV Shows - Overlays - Networks.yml │ │ │ │ │ │ ├── TV Shows - Overlays - Ratings.yml │ │ │ │ │ │ ├── TV Shows - Overlays - Statuses.yml │ │ │ │ │ │ ├── TV Shows - Overlays - Streaming Services.yml │ │ │ │ │ │ ├── TV Shows - Overlays - Studios.yml │ │ │ │ │ │ ├── TV Shows - Overlays.yml │ │ │ │ │ │ └── TV Shows.yml │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── movie-roulette │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── plex-auto-languages │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── plex-image-cleanup │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── trakt-sync │ │ │ │ │ ├── config │ │ │ │ │ └── config.yml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ ├── tautulli │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ ├── wizarr │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── your-spotify │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ ├── network │ │ │ ├── cloudflare-dns │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── prometheusrule.yaml │ │ │ ├── cloudflare-tunnel │ │ │ │ ├── dnsendpoint.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ │ └── config.yaml │ │ │ ├── echo │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── unifi-dns │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ ├── observability │ │ │ ├── exporters │ │ │ │ ├── blackbox-exporter │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── nut-exporter │ │ │ │ │ ├── dashboard │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── nut-exporter.json │ │ │ │ │ │ └── ups-aggregate.json │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── prometheusrule.yaml │ │ │ │ │ └── servicemonitor.yaml │ │ │ │ ├── smartctl-exporter │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── prometheusrule.yaml │ │ │ │ ├── speedtest-exporter │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── prometheusrule.yaml │ │ │ │ │ └── servicemonitor.yaml │ │ │ │ └── unpoller │ │ │ │ │ ├── dashboard │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── pdu-insights.json │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ ├── gatus │ │ │ │ ├── grafana-dashboard.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── prometheusrule.yaml │ │ │ ├── grafana │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── karma │ │ │ │ ├── config │ │ │ │ │ └── config.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── keda │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── kromgo │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ │ └── config.yaml │ │ │ ├── kube-prometheus-stack │ │ │ │ ├── alertmanagerconfig.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── network-ups-tools │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── servicemonitor.yaml │ │ │ └── silence-operator │ │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ └── silences │ │ │ │ ├── kustomization.yaml │ │ │ │ └── silences.yaml │ │ ├── rook-ceph │ │ │ └── rook-ceph │ │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ └── cluster │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── httproute.yaml │ │ │ │ └── kustomization.yaml │ │ ├── security │ │ │ └── authentik │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── httproute.yaml │ │ │ │ └── kustomization.yaml │ │ ├── self-hosted │ │ │ ├── acars │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── actual │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── archiveteam │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ ├── atuin │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── free-game-notifier │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── it-tools │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── lubelogger │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── rbac.yaml │ │ │ │ └── secretstore.yaml │ │ │ ├── meshcentral │ │ │ │ ├── configmap.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── paperless │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── rss-forwarder │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── thelounge │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── wyze-bridge │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ └── storage │ │ │ ├── csi-driver-nfs │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ ├── democratic-csi │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ ├── openebs │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ ├── snapshot-controller │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ └── volsync │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── mutatingadmissionpolicy.yaml │ │ │ └── prometheusrule.yaml │ ├── main │ │ ├── actions-runner-system │ │ │ ├── actions-runner-controller │ │ │ │ └── ks.yaml │ │ │ └── kustomization.yaml │ │ ├── cert-manager │ │ │ ├── cert-manager │ │ │ │ └── ks.yaml │ │ │ └── kustomization.yaml │ │ ├── database │ │ │ ├── crunchy-postgres │ │ │ │ └── ks.yaml │ │ │ ├── dragonfly │ │ │ │ └── ks.yaml │ │ │ └── kustomization.yaml │ │ ├── default │ │ │ └── kustomization.yaml │ │ ├── downloads │ │ │ ├── bazarr │ │ │ │ └── ks.yaml │ │ │ ├── dashbrr │ │ │ │ └── ks.yaml │ │ │ ├── flaresolverr │ │ │ │ └── ks.yaml │ │ │ ├── kapowarr │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── metube │ │ │ │ └── ks.yaml │ │ │ ├── mylar │ │ │ │ └── ks.yaml │ │ │ ├── prowlarr │ │ │ │ └── ks.yaml │ │ │ ├── qbittorrent │ │ │ │ └── ks.yaml │ │ │ ├── radarr │ │ │ │ └── ks.yaml │ │ │ ├── readarr │ │ │ │ └── ks.yaml │ │ │ ├── recyclarr │ │ │ │ └── ks.yaml │ │ │ ├── sabnzbd │ │ │ │ └── ks.yaml │ │ │ ├── sonarr │ │ │ │ └── ks.yaml │ │ │ └── webhook │ │ │ │ └── ks.yaml │ │ ├── external-secrets │ │ │ ├── external-secrets │ │ │ │ └── ks.yaml │ │ │ └── kustomization.yaml │ │ ├── flux-system │ │ │ ├── addons │ │ │ │ └── ks.yaml │ │ │ ├── flux-operator │ │ │ │ └── ks.yaml │ │ │ ├── headlamp │ │ │ │ └── ks.yaml │ │ │ └── kustomization.yaml │ │ ├── games │ │ │ ├── core-keeper │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── minecraft │ │ │ │ └── ks.yaml │ │ │ ├── palworld │ │ │ │ └── ks.yaml │ │ │ └── vrising │ │ │ │ └── ks.yaml │ │ ├── kube-system │ │ │ ├── cilium │ │ │ │ ├── config │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── networks.yaml │ │ │ │ └── ks.yaml │ │ │ ├── coredns │ │ │ │ └── ks.yaml │ │ │ ├── irqbalance │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ └── metrics-server │ │ │ │ └── ks.yaml │ │ ├── kube-tools │ │ │ ├── descheduler │ │ │ │ └── ks.yaml │ │ │ ├── fstrim │ │ │ │ └── ks.yaml │ │ │ ├── intel-device-plugins │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── reloader │ │ │ │ └── ks.yaml │ │ │ ├── spegel │ │ │ │ └── ks.yaml │ │ │ └── system-upgrade-controller │ │ │ │ └── ks.yaml │ │ ├── llm │ │ │ ├── kustomization.yaml │ │ │ ├── ollama │ │ │ │ └── ks.yaml │ │ │ ├── open-webui │ │ │ │ └── ks.yaml │ │ │ └── searxng │ │ │ │ └── ks.yaml │ │ ├── media │ │ │ ├── ersatztv │ │ │ │ └── ks.yaml │ │ │ ├── jellyseerr │ │ │ │ └── ks.yaml │ │ │ ├── kavita │ │ │ │ └── ks.yaml │ │ │ ├── komga │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── kyoo │ │ │ │ └── ks.yaml │ │ │ ├── maintainerr │ │ │ │ └── ks.yaml │ │ │ ├── plex │ │ │ │ └── ks.yaml │ │ │ ├── tautulli │ │ │ │ └── ks.yaml │ │ │ ├── wizarr │ │ │ │ └── ks.yaml │ │ │ └── your-spotify │ │ │ │ └── ks.yaml │ │ ├── network │ │ │ ├── cloudflare-dns │ │ │ │ └── ks.yaml │ │ │ ├── cloudflare-tunnel │ │ │ │ └── ks.yaml │ │ │ ├── echo │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ └── unifi-dns │ │ │ │ └── ks.yaml │ │ ├── observability │ │ │ ├── exporters │ │ │ │ ├── blackbox-exporter │ │ │ │ │ ├── ks.yaml │ │ │ │ │ └── probes.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── nut-exporter │ │ │ │ │ └── ks.yaml │ │ │ │ ├── smartctl-exporter │ │ │ │ │ └── ks.yaml │ │ │ │ ├── speedtest-exporter │ │ │ │ │ └── ks.yaml │ │ │ │ └── unpoller │ │ │ │ │ └── ks.yaml │ │ │ ├── gatus │ │ │ │ ├── config.yaml │ │ │ │ └── ks.yaml │ │ │ ├── grafana │ │ │ │ └── ks.yaml │ │ │ ├── karma │ │ │ │ └── ks.yaml │ │ │ ├── keda │ │ │ │ └── ks.yaml │ │ │ ├── kromgo │ │ │ │ └── ks.yaml │ │ │ ├── kube-prometheus-stack │ │ │ │ ├── ks.yaml │ │ │ │ └── scrapeconfig.yaml │ │ │ ├── kustomization.yaml │ │ │ └── silence-operator │ │ │ │ └── ks.yaml │ │ ├── rook-ceph │ │ │ ├── kustomization.yaml │ │ │ └── rook-ceph │ │ │ │ └── ks.yaml │ │ ├── security │ │ │ ├── authentik │ │ │ │ └── ks.yaml │ │ │ └── kustomization.yaml │ │ ├── self-hosted │ │ │ ├── actual │ │ │ │ └── ks.yaml │ │ │ ├── archiveteam │ │ │ │ └── ks.yaml │ │ │ ├── atuin │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── lubelogger │ │ │ │ └── ks.yaml │ │ │ ├── paperless │ │ │ │ └── ks.yaml │ │ │ └── wyze-bridge │ │ │ │ └── ks.yaml │ │ └── storage │ │ │ ├── csi-driver-nfs │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── openebs │ │ │ └── ks.yaml │ │ │ ├── snapshot-controller │ │ │ └── ks.yaml │ │ │ └── volsync │ │ │ └── ks.yaml │ ├── test │ │ ├── actions-runner-system │ │ │ ├── actions-runner-controller │ │ │ │ └── ks.yaml │ │ │ └── kustomization.yaml │ │ ├── cert-manager │ │ │ ├── cert-manager │ │ │ │ └── ks.yaml │ │ │ └── kustomization.yaml │ │ ├── external-secrets │ │ │ ├── external-secrets │ │ │ │ └── ks.yaml │ │ │ └── kustomization.yaml │ │ ├── flux-system │ │ │ ├── addons │ │ │ │ └── ks.yaml │ │ │ ├── flux-operator │ │ │ │ └── ks.yaml │ │ │ ├── headlamp │ │ │ │ └── ks.yaml │ │ │ └── kustomization.yaml │ │ ├── kube-system │ │ │ ├── cilium │ │ │ │ ├── config │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── networks.yaml │ │ │ │ └── ks.yaml │ │ │ ├── coredns │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ └── metrics-server │ │ │ │ └── ks.yaml │ │ ├── kube-tools │ │ │ ├── kustomization.yaml │ │ │ ├── reloader │ │ │ │ └── ks.yaml │ │ │ └── system-upgrade-controller │ │ │ │ └── ks.yaml │ │ ├── network │ │ │ ├── cloudflare-dns │ │ │ │ └── ks.yaml │ │ │ ├── cloudflare-tunnel │ │ │ │ └── ks.yaml │ │ │ ├── echo │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ └── unifi-dns │ │ │ │ └── ks.yaml │ │ └── storage │ │ │ ├── csi-driver-nfs │ │ │ └── ks.yaml │ │ │ ├── democratic-csi │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── snapshot-controller │ │ │ └── ks.yaml │ │ │ └── volsync │ │ │ └── ks.yaml │ └── utility │ │ ├── actions-runner-system │ │ ├── actions-runner-controller │ │ │ └── ks.yaml │ │ └── kustomization.yaml │ │ ├── cert-manager │ │ ├── cert-manager │ │ │ └── ks.yaml │ │ └── kustomization.yaml │ │ ├── default │ │ └── kustomization.yaml │ │ ├── external-secrets │ │ ├── external-secrets │ │ │ └── ks.yaml │ │ └── kustomization.yaml │ │ ├── flux-system │ │ ├── addons │ │ │ └── ks.yaml │ │ ├── flux-operator │ │ │ └── ks.yaml │ │ ├── headlamp │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ └── tofu-controller │ │ │ └── ks.yaml │ │ ├── home-automation │ │ ├── home-assistant │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── mosquitto │ │ │ └── ks.yaml │ │ ├── rtlamr2mqtt │ │ │ └── ks.yaml │ │ └── zigbee │ │ │ └── ks.yaml │ │ ├── kube-system │ │ ├── cilium │ │ │ ├── config │ │ │ │ ├── kustomization.yaml │ │ │ │ └── networks.yaml │ │ │ └── ks.yaml │ │ ├── coredns │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ └── metrics-server │ │ │ └── ks.yaml │ │ ├── kube-tools │ │ ├── descheduler │ │ │ └── ks.yaml │ │ ├── fstrim │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── reloader │ │ │ └── ks.yaml │ │ └── system-upgrade-controller │ │ │ └── ks.yaml │ │ ├── network │ │ ├── cloudflare-dns │ │ │ └── ks.yaml │ │ ├── cloudflare-tunnel │ │ │ └── ks.yaml │ │ ├── echo │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ └── unifi-dns │ │ │ └── ks.yaml │ │ ├── observability │ │ ├── exporters │ │ │ ├── blackbox-exporter │ │ │ │ ├── ks.yaml │ │ │ │ └── probes.yaml │ │ │ ├── kustomization.yaml │ │ │ └── smartctl-exporter │ │ │ │ └── ks.yaml │ │ ├── gatus │ │ │ ├── config.yaml │ │ │ └── ks.yaml │ │ ├── grafana │ │ │ └── ks.yaml │ │ ├── keda │ │ │ └── ks.yaml │ │ ├── kube-prometheus-stack │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ └── silence-operator │ │ │ └── ks.yaml │ │ ├── self-hosted │ │ ├── acars │ │ │ ├── externalsecret.yaml │ │ │ └── ks.yaml │ │ ├── free-game-notifier │ │ │ └── ks.yaml │ │ ├── it-tools │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── meshcentral │ │ │ └── ks.yaml │ │ ├── rss-forwarder │ │ │ └── ks.yaml │ │ └── thelounge │ │ │ └── ks.yaml │ │ └── storage │ │ ├── csi-driver-nfs │ │ └── ks.yaml │ │ ├── democratic-csi │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── snapshot-controller │ │ └── ks.yaml │ │ └── volsync │ │ └── ks.yaml ├── clusters │ ├── main │ │ ├── apps.yaml │ │ ├── flux-instance.yaml │ │ └── flux-instance │ │ │ ├── helm │ │ │ ├── kustomizeconfig.yaml │ │ │ └── values.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── prometheusrule.yaml │ ├── test │ │ ├── apps.yaml │ │ ├── flux-instance.yaml │ │ └── flux-instance │ │ │ ├── helm │ │ │ ├── kustomizeconfig.yaml │ │ │ └── values.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── prometheusrule.yaml │ └── utility │ │ ├── apps.yaml │ │ ├── flux-instance.yaml │ │ └── flux-instance │ │ ├── helm │ │ ├── kustomizeconfig.yaml │ │ └── values.yaml │ │ ├── helmrelease.yaml │ │ ├── kustomization.yaml │ │ └── prometheusrule.yaml └── components │ ├── common │ ├── alerts │ │ ├── alertmanager │ │ │ ├── alert.yaml │ │ │ ├── kustomization.yaml │ │ │ └── provider.yaml │ │ ├── github-status │ │ │ ├── alert.yaml │ │ │ ├── externalsecret.yaml │ │ │ ├── kustomization.yaml │ │ │ └── provider.yaml │ │ └── kustomization.yaml │ ├── kustomization.yaml │ ├── namespace.yaml │ ├── repos │ │ ├── kustomization.yaml │ │ └── ocirepository.yaml │ └── sops │ │ ├── kustomization.yaml │ │ └── secret.sops.yaml │ ├── dragonfly │ ├── cluster.yaml │ ├── kustomization.yaml │ └── podmonitor.yaml │ ├── gatus │ ├── external │ │ ├── config.yaml │ │ └── kustomization.yaml │ └── guarded │ │ ├── config.yaml │ │ └── kustomization.yaml │ ├── keda │ └── nfs-scaler │ │ ├── kustomization.yaml │ │ └── scaledobject.yaml │ ├── kustomization.yaml │ ├── postgres │ ├── README.md │ ├── cluster.yaml │ ├── externalsecret.yaml │ ├── kustomization.yaml │ └── podmonitor.yaml │ └── volsync │ ├── externalsecret.yaml │ ├── kustomization.yaml │ ├── pvc.yaml │ ├── replicationdestination.yaml │ └── replicationsource.yaml ├── scripts ├── bootstrap-apps.sh └── lib │ └── common.sh ├── talos ├── main │ ├── controlplane │ │ ├── ayaka.yaml │ │ ├── eula.yaml │ │ └── ganyu.yaml │ ├── machineconfig.yaml.j2 │ └── schematic.yaml ├── test │ ├── controlplane │ │ └── citlali.yaml │ ├── machineconfig.yaml.j2 │ └── schematic.yaml └── utility │ ├── controlplane │ └── celestia.yaml │ ├── machineconfig.yaml.j2 │ └── schematic.yaml └── terraform ├── authentik ├── applications.tf ├── backend.tf ├── customization.tf ├── directory.tf ├── flows.tf ├── main.tf ├── mappings.tf ├── scopes.tf ├── stages-prompt_fields.tf ├── stages.tf ├── system.tf └── variables.tf └── minio ├── backend.tf ├── buckets.tf ├── main.tf ├── modules ├── create-secret │ ├── main.tf │ ├── output.tf │ ├── providers.tf │ └── variables.tf └── minio │ ├── main.tf │ └── variables.tf ├── outputs.tf ├── secrets.tf ├── usernames.tf └── variables.tf /.editorconfig: -------------------------------------------------------------------------------- 1 | ; https://editorconfig.org/ 2 | 3 | root = true 4 | 5 | [*] 6 | indent_style = space 7 | indent_size = 2 8 | end_of_line = lf 9 | charset = utf-8 10 | trim_trailing_whitespace = true 11 | insert_final_newline = true 12 | 13 | [{Makefile,go.mod,go.sum,*.go,.gitmodules}] 14 | indent_style = tab 15 | indent_size = 4 16 | 17 | [*.md] 18 | indent_size = 4 19 | trim_trailing_whitespace = false 20 | 21 | [{Dockerfile,*.bash,*.sh}] 22 | indent_style = space 23 | indent_size = 4 24 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | * text=auto eol=lf 2 | *.env linguist-detectable linguist-language=SHELL 3 | *.json linguist-detectable linguist-language=JSON 4 | *.json5 linguist-detectable linguist-language=JSON5 5 | *.md linguist-detectable linguist-language=MARKDOWN 6 | *.sh linguist-detectable linguist-language=SHELL 7 | *.toml linguist-detectable linguist-language=TOML 8 | *.yml linguist-detectable linguist-language=YAML 9 | *.yaml linguist-detectable linguist-language=YAML 10 | *.yaml.j2 linguist-detectable linguist-language=YAML 11 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | # Ref: https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners 2 | * @joryirving 3 | -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | github: joryirving 2 | ko_fi: joryirving 3 | custom: ["https://www.paypal.me/joryirving"] -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # 1Pass 2 | onepassword.env 3 | # Brew 4 | /.private/ 5 | /.task/ 6 | /.venv/ 7 | Brewfile.lock.json 8 | # Kubernetes 9 | kubeconfig 10 | .decrypted~* 11 | *.secret.env 12 | *.secret.yaml 13 | *.agekey 14 | *.pub 15 | *.key 16 | *.pem 17 | # Other 18 | *.psql 19 | # Private 20 | .private 21 | .bin 22 | #Talos 23 | talosconfig 24 | **/clusterconfig 25 | **/clusterconfig* 26 | # Terraform 27 | .terraform 28 | .terraform.tfstate* 29 | .terraform.lock.hcl 30 | terraform.tfstate* 31 | *.tfvars 32 | # Trash 33 | .DS_Store 34 | Thumbs.db 35 | -------------------------------------------------------------------------------- /.minijinja.toml: -------------------------------------------------------------------------------- 1 | autoescape = "none" 2 | newline = true 3 | trim-blocks = true 4 | lstrip-blocks = true 5 | env = true 6 | -------------------------------------------------------------------------------- /.renovate/packageRules.json5: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "packageRules": [ 4 | { 5 | "description": ["Custom versioning for mylar3"], 6 | "matchDatasources": ["docker"], 7 | "versioning": "regex:^version-v(?\\d+)\\.(?\\d+)\\.(?\\d+)$", 8 | "matchPackageNames": ["/mylar3/"] 9 | }, 10 | { 11 | "description": ["Process terraform files"], 12 | "matchManagers": ["terraform"], 13 | "matchDatasources": ["terraform-provider"], 14 | "versioning": "terraform", 15 | "matchPackagePatterns": [".*"] 16 | } 17 | ] 18 | } 19 | -------------------------------------------------------------------------------- /.sops.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | creation_rules: 3 | - # IMPORTANT: This rule MUST be above the others 4 | path_regex: talos/.*\.sops\.ya?ml 5 | key_groups: 6 | - age: 7 | - "age12v9uw8k6myrr49z9aq6jmcwa79aepu0p6p462nrv968qcae72pcspwldec" 8 | - path_regex: kubernetes/.*\.sops\.ya?ml 9 | encrypted_regex: "^(data|stringData)$" 10 | key_groups: 11 | - age: 12 | - "age12v9uw8k6myrr49z9aq6jmcwa79aepu0p6p462nrv968qcae72pcspwldec" 13 | - path_regex: ansible/.*\.sops\.ya?ml 14 | key_groups: 15 | - age: 16 | - "age12v9uw8k6myrr49z9aq6jmcwa79aepu0p6p462nrv968qcae72pcspwldec" 17 | stores: 18 | yaml: 19 | indent: 2 20 | -------------------------------------------------------------------------------- /.taskfiles/sops/Taskfile.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | version: "3" 3 | 4 | tasks: 5 | .encrypt-file: 6 | internal: true 7 | cmd: sops --encrypt --in-place {{.FILE}} 8 | requires: 9 | vars: [FILE] 10 | preconditions: 11 | - { msg: "Missing Sops config file", sh: "test -f {{.SOPS_CONFIG_FILE}}" } 12 | - { msg: "Missing Sops Age key file", sh: "test -f {{.AGE_FILE}}" } 13 | -------------------------------------------------------------------------------- /.taskfiles/volsync/resources/list.yaml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: batch/v1 3 | kind: Job 4 | metadata: 5 | name: list-{{ ENV.APP }} 6 | namespace: {{ ENV.NS }} 7 | spec: 8 | ttlSecondsAfterFinished: 3600 9 | template: 10 | spec: 11 | automountServiceAccountToken: false 12 | restartPolicy: OnFailure 13 | containers: 14 | - name: list 15 | image: docker.io/restic/restic:latest 16 | args: ["snapshots"] 17 | envFrom: 18 | - secretRef: 19 | name: {{ ENV.APP }}-{{ ENV.REPOSITORY }} 20 | -------------------------------------------------------------------------------- /.taskfiles/volsync/resources/replicationdestination.yaml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: volsync.backube/v1alpha1 3 | kind: ReplicationDestination 4 | metadata: 5 | name: {{ ENV.APP }}-manual 6 | namespace: {{ ENV.NS }} 7 | spec: 8 | trigger: 9 | manual: restore-once 10 | restic: 11 | repository: {{ ENV.APP }}-{{ ENV.REPOSITORY }} 12 | destinationPVC: {{ ENV.CLAIM }} 13 | copyMethod: Direct 14 | storageClassName: {{ ENV.STORAGE_CLASS_NAME }} 15 | accessModes: {{ ENV.ACCESS_MODES }} 16 | previous: {{ ENV.PREVIOUS }} 17 | moverSecurityContext: 18 | runAsUser: {{ ENV.PUID }} 19 | runAsGroup: {{ ENV.PGID }} 20 | fsGroup: {{ ENV.PGID }} 21 | enableFileDeletion: true 22 | cleanupCachePVC: true 23 | cleanupTempPVC: true 24 | -------------------------------------------------------------------------------- /.taskfiles/workstation/resources/Brewfile: -------------------------------------------------------------------------------- 1 | tap "fluxcd/tap" 2 | tap "go-task/tap" 3 | tap "siderolabs/tap" 4 | brew "age" 5 | brew "cloudflared" 6 | brew "fluxcd/tap/flux" 7 | brew "gh" 8 | brew "go-task/tap/go-task" 9 | brew "gum" 10 | brew "helm" 11 | brew "helmfile" 12 | brew "jq" 13 | brew "k9s" 14 | brew "krew" 15 | brew "kubecolor" 16 | brew "kubeconform" 17 | brew "kubernetes-cli" 18 | brew "kustomize" 19 | brew "minijinja-cli" 20 | brew "mise" 21 | brew "moreutils" 22 | brew "siderolabs/tap/talosctl" 23 | brew "sops" 24 | brew "stern" 25 | brew "talhelper" 26 | brew "viddy" 27 | brew "yq" 28 | cask "1password" 29 | cask "1password-cli" 30 | -------------------------------------------------------------------------------- /.vscode/extensions.json: -------------------------------------------------------------------------------- 1 | { 2 | "recommendations": [ 3 | "albert.TabOut", 4 | "britesnow.vscode-toggle-quotes", 5 | "fcrespo82.markdown-table-formatter", 6 | "mikestead.dotenv", 7 | "mitchdenny.ecdc", 8 | "redhat.ansible", 9 | "redhat.vscode-yaml", 10 | "signageos.signageos-vscode-sops", 11 | "will-stone.in-any-case", 12 | "BriteSnow.vscode-toggle-quotes", 13 | "HashiCorp.terraform", 14 | "PKief.material-icon-theme", 15 | ] 16 | } 17 | -------------------------------------------------------------------------------- /.vscode/settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "files.associations": { 3 | "**/*.json5": "jsonc", 4 | "**/terraform/**/*.tf": "terraform" 5 | }, 6 | "sops.defaults.ageKeyFile": "age.key", 7 | "yaml.schemas": { 8 | "Kubernetes": "./kubernetes/*.yaml" 9 | }, 10 | "vs-kubernetes": { 11 | "vs-kubernetes.kubeconfig": "./kubeconfig", 12 | "vs-kubernetes.knownKubeconfigs": [ 13 | "./kubeconfig" 14 | ] 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE 2 | Version 2, December 2004 3 | 4 | Copyright (C) 2025 Jory Irving 5 | 6 | Everyone is permitted to copy and distribute verbatim or modified 7 | copies of this license document, and changing it is allowed as long 8 | as the name is changed. 9 | 10 | DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE 11 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 12 | 13 | 0. You just DO WHAT THE FUCK YOU WANT TO. 14 | -------------------------------------------------------------------------------- /docs/src/SUMMARY.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | 3 | # Welcome 4 | 5 | --- 6 | 7 | - [Introduction](introduction.md) 8 | 9 | # Basement Notes 10 | 11 | --- 12 | 13 | - [PiKVM](./notes/pikvm.md) 14 | -------------------------------------------------------------------------------- /docs/src/assets/101518784_p0.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joryirving/home-ops/82e5d3384963e623700f1b4c1cde7d5c95cb968c/docs/src/assets/101518784_p0.jpg -------------------------------------------------------------------------------- /docs/src/assets/bgp.conf: -------------------------------------------------------------------------------- 1 | router bgp 64513 2 | bgp router-id 192.168.1.1 3 | no bgp ebgp-requires-policy 4 | 5 | neighbor k8s.main peer-group 6 | neighbor k8s.main remote-as 64514 7 | 8 | neighbor k8s.utility peer-group 9 | neighbor k8s.utility remote-as 64515 10 | 11 | neighbor 10.69.1.21 peer-group k8s.main 12 | neighbor 10.69.1.22 peer-group k8s.main 13 | neighbor 10.69.1.23 peer-group k8s.main 14 | neighbor 10.69.1.121 peer-group k8s.utility 15 | 16 | address-family ipv4 unicast 17 | neighbor k8s.main next-hop-self 18 | neighbor k8s.main soft-reconfiguration inbound 19 | neighbor k8s.utility next-hop-self 20 | neighbor k8s.utility soft-reconfiguration inbound 21 | exit-address-family 22 | exit 23 | -------------------------------------------------------------------------------- /docs/src/assets/icons/bazarr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joryirving/home-ops/82e5d3384963e623700f1b4c1cde7d5c95cb968c/docs/src/assets/icons/bazarr.png -------------------------------------------------------------------------------- /docs/src/assets/icons/beyond.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joryirving/home-ops/82e5d3384963e623700f1b4c1cde7d5c95cb968c/docs/src/assets/icons/beyond.png -------------------------------------------------------------------------------- /docs/src/assets/icons/dashbrr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joryirving/home-ops/82e5d3384963e623700f1b4c1cde7d5c95cb968c/docs/src/assets/icons/dashbrr.png -------------------------------------------------------------------------------- /docs/src/assets/icons/headscale.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joryirving/home-ops/82e5d3384963e623700f1b4c1cde7d5c95cb968c/docs/src/assets/icons/headscale.png -------------------------------------------------------------------------------- /docs/src/assets/icons/kah-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joryirving/home-ops/82e5d3384963e623700f1b4c1cde7d5c95cb968c/docs/src/assets/icons/kah-logo.png -------------------------------------------------------------------------------- /docs/src/assets/icons/karma.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joryirving/home-ops/82e5d3384963e623700f1b4c1cde7d5c95cb968c/docs/src/assets/icons/karma.ico -------------------------------------------------------------------------------- /docs/src/assets/icons/lds-transparent.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joryirving/home-ops/82e5d3384963e623700f1b4c1cde7d5c95cb968c/docs/src/assets/icons/lds-transparent.png -------------------------------------------------------------------------------- /docs/src/assets/icons/lds.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joryirving/home-ops/82e5d3384963e623700f1b4c1cde7d5c95cb968c/docs/src/assets/icons/lds.png -------------------------------------------------------------------------------- /docs/src/assets/icons/longhorn.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joryirving/home-ops/82e5d3384963e623700f1b4c1cde7d5c95cb968c/docs/src/assets/icons/longhorn.png -------------------------------------------------------------------------------- /docs/src/assets/icons/maintainerr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joryirving/home-ops/82e5d3384963e623700f1b4c1cde7d5c95cb968c/docs/src/assets/icons/maintainerr.png -------------------------------------------------------------------------------- /docs/src/assets/icons/nas.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joryirving/home-ops/82e5d3384963e623700f1b4c1cde7d5c95cb968c/docs/src/assets/icons/nas.png -------------------------------------------------------------------------------- /docs/src/assets/icons/outlook.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joryirving/home-ops/82e5d3384963e623700f1b4c1cde7d5c95cb968c/docs/src/assets/icons/outlook.png -------------------------------------------------------------------------------- /docs/src/assets/icons/overseerr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joryirving/home-ops/82e5d3384963e623700f1b4c1cde7d5c95cb968c/docs/src/assets/icons/overseerr.png -------------------------------------------------------------------------------- /docs/src/assets/icons/portainer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joryirving/home-ops/82e5d3384963e623700f1b4c1cde7d5c95cb968c/docs/src/assets/icons/portainer.png -------------------------------------------------------------------------------- /docs/src/assets/icons/prowlarr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joryirving/home-ops/82e5d3384963e623700f1b4c1cde7d5c95cb968c/docs/src/assets/icons/prowlarr.png -------------------------------------------------------------------------------- /docs/src/assets/icons/qbittorrent.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joryirving/home-ops/82e5d3384963e623700f1b4c1cde7d5c95cb968c/docs/src/assets/icons/qbittorrent.png -------------------------------------------------------------------------------- /docs/src/assets/icons/radarr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joryirving/home-ops/82e5d3384963e623700f1b4c1cde7d5c95cb968c/docs/src/assets/icons/radarr.png -------------------------------------------------------------------------------- /docs/src/assets/icons/readarr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joryirving/home-ops/82e5d3384963e623700f1b4c1cde7d5c95cb968c/docs/src/assets/icons/readarr.png -------------------------------------------------------------------------------- /docs/src/assets/icons/sabnzbd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joryirving/home-ops/82e5d3384963e623700f1b4c1cde7d5c95cb968c/docs/src/assets/icons/sabnzbd.png -------------------------------------------------------------------------------- /docs/src/assets/icons/sonarr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joryirving/home-ops/82e5d3384963e623700f1b4c1cde7d5c95cb968c/docs/src/assets/icons/sonarr.png -------------------------------------------------------------------------------- /docs/src/assets/icons/tautulli.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joryirving/home-ops/82e5d3384963e623700f1b4c1cde7d5c95cb968c/docs/src/assets/icons/tautulli.png -------------------------------------------------------------------------------- /docs/src/assets/icons/tdarr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joryirving/home-ops/82e5d3384963e623700f1b4c1cde7d5c95cb968c/docs/src/assets/icons/tdarr.png -------------------------------------------------------------------------------- /docs/src/assets/icons/weave.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joryirving/home-ops/82e5d3384963e623700f1b4c1cde7d5c95cb968c/docs/src/assets/icons/weave.png -------------------------------------------------------------------------------- /docs/src/assets/icons/wsc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joryirving/home-ops/82e5d3384963e623700f1b4c1cde7d5c95cb968c/docs/src/assets/icons/wsc.png -------------------------------------------------------------------------------- /docs/src/assets/icons/youtube-music.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joryirving/home-ops/82e5d3384963e623700f1b4c1cde7d5c95cb968c/docs/src/assets/icons/youtube-music.png -------------------------------------------------------------------------------- /docs/src/assets/network-topology.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joryirving/home-ops/82e5d3384963e623700f1b4c1cde7d5c95cb968c/docs/src/assets/network-topology.png -------------------------------------------------------------------------------- /docs/src/assets/pikvm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joryirving/home-ops/82e5d3384963e623700f1b4c1cde7d5c95cb968c/docs/src/assets/pikvm.png -------------------------------------------------------------------------------- /docs/src/assets/server-nut/nut.conf: -------------------------------------------------------------------------------- 1 | MODE=netserver 2 | -------------------------------------------------------------------------------- /docs/src/assets/server-nut/ups.conf: -------------------------------------------------------------------------------- 1 | [serverups] 2 | driver = "usbhid-ups" 3 | port = "auto" 4 | desc = "TrippLite SMART1500LCD" 5 | vendorid = "09AE" 6 | productid = "2012" 7 | -------------------------------------------------------------------------------- /docs/src/assets/server-nut/ups_shutdown.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Issue local Talos shutdown command 4 | talosctl shutdown --context main 5 | 6 | # Wait a few seconds to allow local shutdown to initiate (optional but recommended) 7 | sleep 5 8 | 9 | # Remotely shutdown the Linux server 10 | ssh root@voyager "sudo shutdown -h now" 11 | 12 | exit 0 -------------------------------------------------------------------------------- /docs/src/assets/server-nut/upsd.conf: -------------------------------------------------------------------------------- 1 | MAXAGE 20 2 | LISTEN 0.0.0.0 3 | -------------------------------------------------------------------------------- /docs/src/assets/server-nut/upsd.users: -------------------------------------------------------------------------------- 1 | [monuser] 2 | password = "bacon" 3 | actions = SET 4 | instcmds = ALL 5 | upsmon master 6 | -------------------------------------------------------------------------------- /docs/src/assets/server-nut/upsmon.conf: -------------------------------------------------------------------------------- 1 | MONITOR ups@localhost:3493 1 upsmon "bacon" master 2 | SHUTDOWNCMD "/sbin/shutdown -h +0" 3 | POWERDOWNFLAG /etc/killpower 4 | POLLFREQ 15 5 | POLLFREQALERT 5 6 | HOSTSYNC 15 7 | -------------------------------------------------------------------------------- /docs/src/assets/utility-nut/nut.conf: -------------------------------------------------------------------------------- 1 | MODE=netserver 2 | -------------------------------------------------------------------------------- /docs/src/assets/utility-nut/ups.conf: -------------------------------------------------------------------------------- 1 | [networkups] 2 | driver = "usbhid-ups" 3 | port = "auto" 4 | desc = "Back-UPS ES 600M1" 5 | vendorid = "051D" 6 | productid = "0002" 7 | serial = "4B2217P19326" 8 | -------------------------------------------------------------------------------- /docs/src/assets/utility-nut/upsd.conf: -------------------------------------------------------------------------------- 1 | MAXAGE 20 2 | LISTEN 0.0.0.0 3 | -------------------------------------------------------------------------------- /docs/src/assets/utility-nut/upsd.users: -------------------------------------------------------------------------------- 1 | [monuser] 2 | password = "bacon" 3 | actions = SET 4 | instcmds = ALL 5 | upsmon master 6 | -------------------------------------------------------------------------------- /docs/src/assets/utility-nut/upsmon.conf: -------------------------------------------------------------------------------- 1 | MONITOR ups@localhost:3493 1 upsmon "bacon" master 2 | SHUTDOWNCMD "talosctl shutdown --context utility" 3 | POWERDOWNFLAG /etc/killpower 4 | POLLFREQ 15 5 | POLLFREQALERT 5 6 | HOSTSYNC 15 7 | -------------------------------------------------------------------------------- /docs/src/introduction.md: -------------------------------------------------------------------------------- 1 | # Introduction 2 | 3 | ```admonish warning 4 | These docs contain information that relates to my setup. They may or may not work for you. This is heavily inspired by [onedr0p](https://github.com/onedr0p/home-ops/) 5 | ``` 6 | 7 | --- 8 |
9 | 10 | {{#include ../../README.md}} -------------------------------------------------------------------------------- /hack/delete-stuck-ns.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | NAMESPACE=$1 4 | CLUSTER=${2:-main} 5 | 6 | function delete_namespace () { 7 | echo "Deleting namespace $NAMESPACE" 8 | kubectl --context $CLUSTER get namespace $NAMESPACE -o json > tmp.json 9 | sed -i 's/"kubernetes"//g' tmp.json 10 | kubectl --context $CLUSTER replace --raw "/api/v1/namespaces/$NAMESPACE/finalize" -f ./tmp.json 11 | rm ./tmp.json 12 | } 13 | 14 | TERMINATING_NS=$(kubectl --context $CLUSTER get ns | awk '$2=="Terminating" {print $1}') 15 | 16 | for NAMESPACE in $TERMINATING_NS 17 | do 18 | delete_namespace $NAMESPACE 19 | done 20 | -------------------------------------------------------------------------------- /hack/nas-restart.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | CLUSTER=${1:-main} 3 | kubectl --context $CLUSTER get deployments --all-namespaces -l nfsMount=true -o custom-columns="NAMESPACE:.metadata.namespace,NAME:.metadata.name" --no-headers | awk '{print "kubectl --context $CLUSTER rollout restart deployment/"$2" -n "$1}' | sh 4 | -------------------------------------------------------------------------------- /hack/node-labels.sh: -------------------------------------------------------------------------------- 1 | # Label workers 2 | kubectl --context main label nodes hutao navia yelan node-role.kubernetes.io/worker=true 3 | -------------------------------------------------------------------------------- /hack/restart-all-pods.sh: -------------------------------------------------------------------------------- 1 | ### WARNING ### 2 | ## This will restart all pods in all namespaces! ## 3 | ## Use this carefully ## 4 | CLUSTER=${1:-main} 5 | for ns in $(kubectl get ns -o jsonpath='{.items[*].metadata.name}' --context $CLUSTER); do 6 | for kind in deploy daemonset statefulset; do 7 | kubectl get "${kind}" -n "${ns}" -o name --context $CLUSTER | xargs -I {} kubectl rollout restart {} -n "${ns}" --context $CLUSTER 8 | done 9 | done 10 | -------------------------------------------------------------------------------- /kubernetes/apps/base/actions-runner-system/actions-runner-controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/actions-runner-system/actions-runner-controller/runners/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name home-ops-runner-secret 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | github_app_id: '{{ .github_app_id }}' 16 | github_app_installation_id: '{{ .github_app_installation_id }}' 17 | github_app_private_key: '{{ .github_app_private_key }}' 18 | dataFrom: 19 | - extract: 20 | key: actions-runner-controller 21 | -------------------------------------------------------------------------------- /kubernetes/apps/base/actions-runner-system/actions-runner-controller/runners/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./rbac.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/actions-runner-system/actions-runner-controller/runners/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: home-ops-runner-${CLUSTER} 6 | --- 7 | apiVersion: rbac.authorization.k8s.io/v1 8 | kind: ClusterRoleBinding 9 | metadata: 10 | name: home-ops-runner-${CLUSTER} 11 | roleRef: 12 | apiGroup: rbac.authorization.k8s.io 13 | kind: ClusterRole 14 | name: cluster-admin 15 | subjects: 16 | - kind: ServiceAccount 17 | name: home-ops-runner-${CLUSTER} 18 | namespace: actions-runner-system 19 | --- 20 | apiVersion: talos.dev/v1alpha1 21 | kind: ServiceAccount 22 | metadata: 23 | name: home-ops-runner-${CLUSTER} 24 | spec: 25 | roles: ["os:admin"] 26 | -------------------------------------------------------------------------------- /kubernetes/apps/base/cert-manager/cert-manager/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name cloudflare 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | CLOUDFLARE_DNS_TOKEN: "{{ .CLOUDFLARE_DNS_TOKEN }}" 16 | dataFrom: 17 | - extract: 18 | key: cloudflare 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/cert-manager/cert-manager/helm/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/cert-manager/cert-manager/helm/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | crds: 3 | enabled: true 4 | replicaCount: 1 5 | dns01RecursiveNameservers: https://1.1.1.1:443/dns-query,https://1.0.0.1:443/dns-query 6 | dns01RecursiveNameserversOnly: true 7 | prometheus: 8 | enabled: true 9 | servicemonitor: 10 | enabled: true 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/cert-manager/cert-manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./clusterissuer.yaml 7 | - ./externalsecret.yaml 8 | - ./helmrelease.yaml 9 | - ./prometheusrule.yaml 10 | configMapGenerator: 11 | - name: cert-manager-values 12 | files: 13 | - values.yaml=./helm/values.yaml 14 | configurations: 15 | - ./helm/kustomizeconfig.yaml 16 | -------------------------------------------------------------------------------- /kubernetes/apps/base/database/crunchy-postgres/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/database/dragonfly/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/downloads/bazarr/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name bazarr-secret 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | BAZARR__API_KEY: '{{ .BAZARR_API_KEY }}' 16 | PLEX_TOKEN: "{{ .PLEX_API_KEY }}" 17 | dataFrom: 18 | - extract: 19 | key: bazarr 20 | - extract: 21 | key: plex 22 | -------------------------------------------------------------------------------- /kubernetes/apps/base/downloads/bazarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | configMapGenerator: 9 | - name: bazarr-scripts 10 | files: 11 | - subcleaner.sh=./resources/subcleaner.sh 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/apps/base/downloads/bazarr/app/resources/subcleaner.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | printf "Cleaning subtitles for '%s' ...\n" "$1" 4 | python3 /add-ons/subcleaner/subcleaner.py "$1" -s 5 | 6 | case $1 in 7 | *anime*) section="1";; 8 | *movies*) section="2";; 9 | *shows*) section="3";; 10 | esac 11 | 12 | if [[ -n "$section" ]]; then 13 | printf "Refreshing Plex section '%s' for '%s' ...\n" "$section" "$(dirname "$1")" 14 | /usr/bin/curl -I -X GET -G \ 15 | --data-urlencode "path=$(dirname "$1")" \ 16 | --data-urlencode "X-Plex-Token=$PLEX_TOKEN" \ 17 | --no-progress-meter \ 18 | "http://plex.media.svc.cluster.local:32400/library/sections/$section/refresh" 19 | fi 20 | -------------------------------------------------------------------------------- /kubernetes/apps/base/downloads/bazarr/whisper/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./pvc.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/downloads/bazarr/whisper/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: whisper 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 5Gi 11 | storageClassName: ceph-block 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/downloads/dashbrr/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | configMapGenerator: 9 | - name: dashbrr-config 10 | files: 11 | - ./resources/config.toml 12 | options: 13 | annotations: 14 | kustomize.toolkit.fluxcd.io/substitute: disabled 15 | generatorOptions: 16 | disableNameSuffixHash: true 17 | -------------------------------------------------------------------------------- /kubernetes/apps/base/downloads/dashbrr/resources/config.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/joryirving/home-ops/82e5d3384963e623700f1b4c1cde7d5c95cb968c/kubernetes/apps/base/downloads/dashbrr/resources/config.toml -------------------------------------------------------------------------------- /kubernetes/apps/base/downloads/flaresolverr/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/downloads/kapowarr/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/downloads/metube/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/downloads/mylar/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/downloads/prowlarr/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name prowlarr-secret 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | PROWLARR__AUTH__APIKEY: "{{ .PROWLARR_API_KEY }}" 16 | dataFrom: 17 | - extract: 18 | key: prowlarr 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/downloads/prowlarr/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/downloads/qbittorrent/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/downloads/qbittorrent/tools/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/downloads/radarr/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name radarr-secret 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | RADARR__AUTH__APIKEY: "{{ .RADARR_API_KEY }}" 16 | dataFrom: 17 | - extract: 18 | key: radarr 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/downloads/radarr/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./pvc.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/downloads/radarr/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: radarr 6 | spec: 7 | accessModes: ["ReadWriteMany"] 8 | resources: 9 | requests: 10 | storage: 5Gi 11 | storageClassName: ceph-filesystem 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/downloads/readarr/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name readarr-secret 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | READARR__API_KEY: "{{ .READARR_API_KEY }}" 16 | dataFrom: 17 | - extract: 18 | key: readarr 19 | 20 | -------------------------------------------------------------------------------- /kubernetes/apps/base/downloads/readarr/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./pvc.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/downloads/readarr/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: readarr 6 | spec: 7 | accessModes: ["ReadWriteMany"] 8 | resources: 9 | requests: 10 | storage: 5Gi 11 | storageClassName: ceph-filesystem 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/downloads/recyclarr/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 2 | apiVersion: external-secrets.io/v1 3 | kind: ExternalSecret 4 | metadata: 5 | name: &name recyclarr-secret 6 | spec: 7 | secretStoreRef: 8 | kind: ClusterSecretStore 9 | name: onepassword 10 | target: 11 | name: *name 12 | template: 13 | data: 14 | # App 15 | RADARR_API_KEY: "{{ .RADARR_API_KEY }}" 16 | SONARR_API_KEY: "{{ .SONARR_API_KEY }}" 17 | dataFrom: 18 | - extract: 19 | key: radarr 20 | - extract: 21 | key: sonarr 22 | -------------------------------------------------------------------------------- /kubernetes/apps/base/downloads/recyclarr/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | configMapGenerator: 9 | - name: recyclarr-configmap 10 | files: 11 | - recyclarr.yml=./config/recyclarr.yml 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | annotations: 15 | kustomize.toolkit.fluxcd.io/substitute: disabled 16 | -------------------------------------------------------------------------------- /kubernetes/apps/base/downloads/sabnzbd/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name sabnzbd-secret 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | # App 16 | SABNZBD__API_KEY: "{{ .SABNZBD_API_KEY }}" 17 | SABNZBD__NZB_KEY: "{{ .SABNZBD_NZB_KEY }}" 18 | dataFrom: 19 | - extract: 20 | key: sabnzbd 21 | 22 | -------------------------------------------------------------------------------- /kubernetes/apps/base/downloads/sabnzbd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/downloads/sonarr/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name sonarr-secret 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | SONARR__AUTH__APIKEY: "{{ .SONARR_API_KEY }}" 16 | dataFrom: 17 | - extract: 18 | key: sonarr 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/downloads/sonarr/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./pvc.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/downloads/sonarr/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: sonarr 6 | spec: 7 | accessModes: ["ReadWriteMany"] 8 | resources: 9 | requests: 10 | storage: 5Gi 11 | storageClassName: ceph-filesystem 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/downloads/webhook/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name webhook 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | SONARR_API_KEY: "{{ .SONARR_API_KEY }}" 16 | dataFrom: 17 | - extract: 18 | key: sonarr 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/downloads/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | configMapGenerator: 9 | - name: webhook-configmap 10 | files: 11 | - hooks.yaml=./resources/hooks.yaml 12 | - sonarr-refresh-series.sh=./resources/sonarr-refresh-series.sh 13 | - sonarr-tag-codecs.sh=./resources/sonarr-tag-codecs.sh 14 | generatorOptions: 15 | disableNameSuffixHash: true 16 | annotations: 17 | kustomize.toolkit.fluxcd.io/substitute: disabled 18 | -------------------------------------------------------------------------------- /kubernetes/apps/base/external-secrets/clustersecretstore.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/clustersecretstore_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ClusterSecretStore 5 | metadata: 6 | name: &app onepassword 7 | spec: 8 | provider: 9 | onepassword: 10 | connectHost: http://voyager.internal:7070 11 | vaults: 12 | Kubernetes: 1 13 | auth: 14 | secretRef: 15 | connectTokenSecretRef: 16 | name: *app 17 | key: token 18 | namespace: external-secrets 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/external-secrets/helm/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/external-secrets/helm/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | installCRDs: true 3 | crds: 4 | conversion: 5 | enabled: false 6 | replicaCount: 1 7 | leaderElect: true 8 | image: 9 | repository: ghcr.io/external-secrets/external-secrets 10 | webhook: 11 | image: 12 | repository: ghcr.io/external-secrets/external-secrets 13 | serviceMonitor: 14 | enabled: true 15 | interval: 1m 16 | certController: 17 | image: 18 | repository: ghcr.io/external-secrets/external-secrets 19 | serviceMonitor: 20 | enabled: true 21 | interval: 1m 22 | serviceMonitor: 23 | enabled: true 24 | interval: 1m 25 | grafanaDashboard: 26 | enabled: true 27 | annotations: 28 | grafana_folder: Data 29 | -------------------------------------------------------------------------------- /kubernetes/apps/base/external-secrets/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./clustersecretstore.yaml 7 | - ./helmrelease.yaml 8 | configMapGenerator: 9 | - name: external-secrets-values 10 | files: 11 | - values.yaml=./helm/values.yaml 12 | configurations: 13 | - ./helm/kustomizeconfig.yaml 14 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name github-webhook-token 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | token: "{{ .FLUX_${CLUSTER^^}_GITHUB_WEBHOOK_TOKEN }}" 16 | dataFrom: 17 | - extract: 18 | key: flux 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/httproute.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/gateway.networking.k8s.io/httproute_v1.json 3 | apiVersion: gateway.networking.k8s.io/v1 4 | kind: HTTPRoute 5 | metadata: 6 | name: github-webhook 7 | spec: 8 | hostnames: ["${SUBDOMAIN}.jory.dev"] 9 | parentRefs: 10 | - name: external 11 | namespace: kube-system 12 | sectionName: https 13 | rules: 14 | - backendRefs: 15 | - name: webhook-receiver 16 | namespace: flux-system 17 | port: 80 18 | matches: 19 | - path: 20 | type: PathPrefix 21 | value: /hook/ 22 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./httproute.yaml 8 | - ./receiver.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/receiver.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/notification.toolkit.fluxcd.io/receiver_v1.json 3 | apiVersion: notification.toolkit.fluxcd.io/v1 4 | kind: Receiver 5 | metadata: 6 | name: github-webhook 7 | spec: 8 | type: github 9 | events: ["ping", "push"] 10 | secretRef: 11 | name: github-webhook-token 12 | resources: 13 | - apiVersion: source.toolkit.fluxcd.io/v1 14 | kind: GitRepository 15 | name: flux-system 16 | - apiVersion: kustomize.toolkit.fluxcd.io/v1 17 | kind: Kustomization 18 | name: flux-system 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/flux-operator/helm/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/flux-operator/helm/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | serviceMonitor: 3 | create: true 4 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/flux-operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: flux-operator-values 9 | files: 10 | - values.yaml=./helm/values.yaml 11 | configurations: 12 | - ./helm/kustomizeconfig.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/headlamp/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name headlamp-secret 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | # OIDC 16 | OIDC_ISSUER_URL: "https://sso.jory.dev/application/o/headlamp/" 17 | OIDC_CLIENT_ID: "{{ .HEADLAMP_CLIENT_ID }}" 18 | OIDC_CLIENT_SECRET: "{{ .HEADLAMP_CLIENT_SECRET }}" 19 | OIDC_SCOPES: "openid email profile" 20 | dataFrom: 21 | - extract: 22 | key: headlamp 23 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/headlamp/httproute.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/gateway.networking.k8s.io/httproute_v1.json 3 | apiVersion: gateway.networking.k8s.io/v1 4 | kind: HTTPRoute 5 | metadata: 6 | name: headlamp 7 | spec: 8 | hostnames: ["${GATUS_SUBDOMAIN:=${APP}}.jory.dev"] 9 | parentRefs: 10 | - name: internal 11 | namespace: kube-system 12 | sectionName: https 13 | rules: 14 | - backendRefs: 15 | - name: headlamp 16 | namespace: flux-system 17 | port: 80 18 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/headlamp/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./httproute.yaml 9 | - ./pushsecret.yaml 10 | - ./rbac.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/headlamp/pushsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/pushsecret_v1alpha1.json 3 | apiVersion: external-secrets.io/v1alpha1 4 | kind: PushSecret 5 | metadata: 6 | name: &name ${CLUSTER}-headlamp-admin 7 | spec: 8 | secretStoreRefs: 9 | - name: onepassword 10 | kind: ClusterSecretStore 11 | selector: 12 | secret: 13 | name: headlamp-admin 14 | template: 15 | engineVersion: v2 16 | data: 17 | password: '{{.token}}' 18 | data: 19 | - match: 20 | secretKey: token 21 | remoteRef: 22 | remoteKey: *name 23 | property: password 24 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/headlamp/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | ### Token Auth 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: headlamp-admin 7 | namespace: flux-system 8 | automountServiceAccountToken: true 9 | --- 10 | apiVersion: v1 11 | kind: Secret 12 | metadata: 13 | name: &name headlamp-admin 14 | namespace: flux-system 15 | annotations: 16 | kubernetes.io/service-account.name: *name 17 | type: kubernetes.io/service-account-token 18 | --- 19 | apiVersion: rbac.authorization.k8s.io/v1 20 | kind: ClusterRoleBinding 21 | metadata: 22 | name: &name headlamp-admin 23 | roleRef: 24 | apiGroup: rbac.authorization.k8s.io 25 | kind: ClusterRole 26 | name: cluster-admin 27 | subjects: 28 | - kind: ServiceAccount 29 | name: *name 30 | namespace: flux-system 31 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/tofu-controller/controller/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/tofu-controller/terraform/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./authentik.yaml 6 | - ./minio.yaml 7 | - ./ocirepository.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/tofu-controller/terraform/ocirepository.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: OCIRepository 5 | metadata: 6 | name: terraform 7 | spec: 8 | interval: 1m 9 | url: oci://ghcr.io/joryirving/manifests/terraform 10 | ref: 11 | tag: main 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/games/core-keeper/dnsendpoint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/externaldns.k8s.io/dnsendpoint_v1alpha1.json 3 | apiVersion: externaldns.k8s.io/v1alpha1 4 | kind: DNSEndpoint 5 | metadata: 6 | name: core-keeper 7 | spec: 8 | endpoints: 9 | - dnsName: "core-keeper.jory.dev" 10 | recordType: CNAME 11 | targets: ["ipv4.jory.dev"] 12 | providerSpecific: 13 | - name: external-dns.alpha.kubernetes.io/cloudflare-proxied 14 | value: 'false' 15 | -------------------------------------------------------------------------------- /kubernetes/apps/base/games/core-keeper/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name core-keeper-secret 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | DISCORD_HOOK: "{{ .DISCORD_WEBHOOK }}" 16 | GAME_ID: "{{ .GAME_ID }}" # Game ID to use for the server. Need to be at least 23 characters and alphanumeric, excluding Y,y,x,0,O. Empty or not valid means a new ID will be generated at start. 17 | dataFrom: 18 | - extract: 19 | key: core-keeper 20 | -------------------------------------------------------------------------------- /kubernetes/apps/base/games/core-keeper/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./dnsendpoint.yaml 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./pvc.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/games/core-keeper/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: core-keeper-server-files 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 5Gi 11 | storageClassName: ceph-block 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/games/minecraft/create/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name minecraft-create 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | RCON_PASSWORD: "{{ .RCON_PASSWORD }}" 16 | dataFrom: 17 | - extract: 18 | key: minecraft 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/games/minecraft/create/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/games/minecraft/mc-router/dnsendpoint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/externaldns.k8s.io/dnsendpoint_v1alpha1.json 3 | apiVersion: externaldns.k8s.io/v1alpha1 4 | kind: DNSEndpoint 5 | metadata: 6 | name: mc-router 7 | spec: 8 | endpoints: 9 | - dnsName: "mc.jory.dev" 10 | recordType: CNAME 11 | targets: ["ipv4.jory.dev"] 12 | providerSpecific: 13 | - name: external-dns.alpha.kubernetes.io/cloudflare-proxied 14 | value: 'false' 15 | -------------------------------------------------------------------------------- /kubernetes/apps/base/games/minecraft/mc-router/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./dnsendpoint.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/games/minecraft/takocraft/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name minecraft-takocraft 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | RCON_PASSWORD: "{{ .RCON_PASSWORD }}" 16 | dataFrom: 17 | - extract: 18 | key: minecraft 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/games/minecraft/takocraft/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/games/minecraft/vibecraft/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name minecraft-vibecraft 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | RCON_PASSWORD: "{{ .RCON_PASSWORD }}" 16 | dataFrom: 17 | - extract: 18 | key: minecraft 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/games/minecraft/vibecraft/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/games/palworld/dnsendpoint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/externaldns.k8s.io/dnsendpoint_v1alpha1.json 3 | apiVersion: externaldns.k8s.io/v1alpha1 4 | kind: DNSEndpoint 5 | metadata: 6 | name: palworld 7 | spec: 8 | endpoints: 9 | - dnsName: "palworld.jory.dev" 10 | recordType: CNAME 11 | targets: ["ipv4.jory.dev"] 12 | providerSpecific: 13 | - name: external-dns.alpha.kubernetes.io/cloudflare-proxied 14 | value: 'false' 15 | -------------------------------------------------------------------------------- /kubernetes/apps/base/games/palworld/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name palworld-secret 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | SERVER_PASSWORD: "{{ .SERVER_PASSWORD }}" 16 | ADMIN_PASSWORD: &rcon-password "{{ .ADMIN_PASSWORD }}" 17 | RCON_PASSWORD: *rcon-password 18 | WEBHOOK_URL: "{{ .DISCORD_WEBHOOK }}" 19 | dataFrom: 20 | - extract: 21 | key: palworld 22 | -------------------------------------------------------------------------------- /kubernetes/apps/base/games/palworld/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./dnsendpoint.yaml 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./pvc.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/games/palworld/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: palworld-cache 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 15Gi 11 | storageClassName: ceph-block 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/games/vrising/ServerHostSettings.json: -------------------------------------------------------------------------------- 1 | { 2 | "Name": "V Rising Server", 3 | "Description": "", 4 | "Port": 9876, 5 | "QueryPort": 9877, 6 | "MaxConnectedUsers": 40, 7 | "MaxConnectedAdmins": 4, 8 | "ServerFps": 30, 9 | "SaveName": "world1", 10 | "Password": "", 11 | "Secure": true, 12 | "ListOnSteam": false, 13 | "ListOnEOS": false, 14 | "AutoSaveCount": 20, 15 | "AutoSaveInterval": 120, 16 | "CompressSaveFiles": true, 17 | "GameSettingsPreset": "", 18 | "GameDifficultyPreset": "", 19 | "AdminOnlyDebugEvents": true, 20 | "DisableDebugEvents": false, 21 | "API": { 22 | "Enabled": false 23 | }, 24 | "Rcon": { 25 | "Enabled": false, 26 | "Port": 25575, 27 | "Password": "" 28 | } 29 | -------------------------------------------------------------------------------- /kubernetes/apps/base/games/vrising/dnsendpoint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/externaldns.k8s.io/dnsendpoint_v1alpha1.json 3 | apiVersion: externaldns.k8s.io/v1alpha1 4 | kind: DNSEndpoint 5 | metadata: 6 | name: vrising 7 | spec: 8 | endpoints: 9 | - dnsName: "vrising.jory.dev" 10 | recordType: CNAME 11 | targets: ["ipv4.jory.dev"] 12 | providerSpecific: 13 | - name: external-dns.alpha.kubernetes.io/cloudflare-proxied 14 | value: 'false' 15 | -------------------------------------------------------------------------------- /kubernetes/apps/base/games/vrising/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./dnsendpoint.yaml 6 | # - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./pvc.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/games/vrising/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: vrising-server-files 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 5Gi 11 | storageClassName: ceph-block 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-automation/home-assistant/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-automation/mosquitto/gatus.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: mosquitto-gatus-ep 6 | labels: 7 | gatus.io/enabled: "true" 8 | data: 9 | config.yaml: | 10 | endpoints: 11 | - name: mosquitto 12 | group: ${CLUSTER}-infra 13 | url: tcp://mosquitto.home-automation.svc.cluster.local:1883 14 | interval: 1m 15 | ui: 16 | hide-url: true 17 | hide-hostname: true 18 | conditions: 19 | - "[CONNECTED] == true" 20 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-automation/mosquitto/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./gatus.yaml 7 | - ./helmrelease.yaml 8 | - ./pvc.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-automation/mosquitto/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: mosquitto 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 1Gi 11 | storageClassName: local-hostpath 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-automation/rtlamr2mqtt/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-automation/zigbee/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./scaledobject.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-automation/zigbee/scaledobject.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kuve-schemas.pages.dev/keda.sh/scaledobject_v1alpha1.json 3 | apiVersion: keda.sh/v1alpha1 4 | kind: ScaledObject 5 | metadata: 6 | name: zigbee-controller-scaler 7 | spec: 8 | advanced: 9 | restoreToOriginalReplicaCount: true 10 | cooldownPeriod: 0 11 | minReplicaCount: 0 12 | maxReplicaCount: 1 13 | scaleTargetRef: 14 | apiVersion: apps/v1 15 | kind: Deployment 16 | name: zigbee 17 | triggers: 18 | - type: prometheus 19 | metadata: 20 | serverAddress: http://prometheus-operated.observability.svc.cluster.local:9090 21 | query: probe_success{instance=~"zigbee-controller.+"} 22 | threshold: "1" 23 | ignoreNullValues: "0" 24 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-system/cilium/app/helm/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-system/cilium/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: cilium-values 9 | files: 10 | - values.yaml=./helm/values.yaml 11 | configurations: 12 | - ./helm/kustomizeconfig.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-system/cilium/gateway/certificate.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/cert-manager.io/certificate_v1.json 3 | apiVersion: cert-manager.io/v1 4 | kind: Certificate 5 | metadata: 6 | name: jory-dev 7 | spec: 8 | secretName: jory-dev-tls 9 | issuerRef: 10 | name: letsencrypt-production 11 | kind: ClusterIssuer 12 | commonName: jory.dev 13 | dnsNames: ["jory.dev", "*.jory.dev"] 14 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-system/cilium/gateway/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./certificate.yaml 7 | - ./crds.yaml 8 | - ./external.yaml 9 | - ./internal.yaml 10 | - ./redirect.yaml 11 | - ./pushsecret.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-system/cilium/gateway/redirect.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/gateway.networking.k8s.io/httproute_v1.json 3 | apiVersion: gateway.networking.k8s.io/v1 4 | kind: HTTPRoute 5 | metadata: 6 | name: httpsredirect 7 | annotations: 8 | external-dns.alpha.kubernetes.io/controller: none 9 | spec: 10 | parentRefs: 11 | - name: internal 12 | namespace: kube-system 13 | sectionName: http 14 | - name: external 15 | namespace: kube-system 16 | sectionName: http 17 | rules: 18 | - filters: 19 | - requestRedirect: 20 | scheme: https 21 | statusCode: 301 22 | type: RequestRedirect 23 | 24 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-system/coredns/helm/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-system/coredns/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: coredns-values 9 | files: 10 | - values.yaml=./helm/values.yaml 11 | configurations: 12 | - ./helm/kustomizeconfig.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-system/irqbalance/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-system/metrics-server/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-tools/descheduler/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-tools/fstrim/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-tools/intel-device-plugins/gpu/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./nodefeaturerule.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-tools/intel-device-plugins/gpu/nodefeaturerule.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/nfd.k8s-sigs.io/nodefeaturerule_v1alpha1.json 3 | apiVersion: nfd.k8s-sigs.io/v1alpha1 4 | kind: NodeFeatureRule 5 | metadata: 6 | name: intel-gpu-plugin 7 | spec: 8 | rules: 9 | - name: intel.gpu 10 | labels: 11 | intel.feature.node.kubernetes.io/gpu: "true" 12 | matchFeatures: 13 | - feature: pci.device 14 | matchExpressions: 15 | vendor: {op: In, value: ["8086"]} 16 | class: {op: In, value: ["0300", "0380"]} 17 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-tools/intel-device-plugins/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-tools/reloader/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-tools/spegel/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-tools/system-upgrade-controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-tools/system-upgrade-controller/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/postBuild/substituteFrom/name 7 | kind: Kustomization 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-tools/system-upgrade-controller/plans/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./kubernetes.yaml 7 | - ./talos.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-tools/system-upgrade-controller/versions.env: -------------------------------------------------------------------------------- 1 | # renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet 2 | KUBERNETES_VERSION=v1.33.1 3 | # renovate: datasource=docker depName=ghcr.io/siderolabs/installer 4 | TALOS_VERSION=v1.10.3 5 | -------------------------------------------------------------------------------- /kubernetes/apps/base/llm/ollama/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./pvc.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/llm/ollama/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: ollama 6 | spec: 7 | accessModes: ["ReadWriteMany"] 8 | resources: 9 | requests: 10 | storage: 100Gi 11 | storageClassName: ceph-filesystem 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/llm/open-webui/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/llm/searxng/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name searxng 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | SEARXNG_SECRET: "{{ .SEARXNG_SECRET_KEY }}" 16 | dataFrom: 17 | - extract: 18 | key: searxng 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/llm/searxng/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | configMapGenerator: 9 | - name: searxng-configmap 10 | files: 11 | - ./resources/limiter.toml 12 | - ./resources/settings.yml 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | -------------------------------------------------------------------------------- /kubernetes/apps/base/media/ersatztv/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/media/jellyseerr/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name jellyseerr-secret 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | API_KEY: "{{ .JELLYSEERR_API_KEY }}" 16 | dataFrom: 17 | - extract: 18 | key: jellyseerr 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/media/jellyseerr/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./pvc.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/media/jellyseerr/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: jellyseerr-cache 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 15Gi 11 | storageClassName: ceph-block 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/media/kavita/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/media/komga/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/media/kyoo/httproute.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/gateway.networking.k8s.io/httproute_v1.json 3 | apiVersion: gateway.networking.k8s.io/v1 4 | kind: HTTPRoute 5 | metadata: 6 | name: kyoo 7 | spec: 8 | hostnames: ["kyoo.jory.dev"] 9 | parentRefs: 10 | - name: external 11 | namespace: kube-system 12 | sectionName: https 13 | rules: 14 | - backendRefs: 15 | - name: kyoo-front 16 | namespace: media 17 | port: 8901 18 | -------------------------------------------------------------------------------- /kubernetes/apps/base/media/kyoo/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./httproute.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/media/maintainerr/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/media/plex/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name plex-secret 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | PLEX_TOKEN: "{{ .PLEX_API_KEY }}" 16 | dataFrom: 17 | - extract: 18 | key: plex 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/media/plex/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./pvc.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/media/plex/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: plex-cache 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 50Gi 11 | storageClassName: ceph-block 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/media/plex/kometa/custom/Movies - Overlays - Charts.yml: -------------------------------------------------------------------------------- 1 | overlays: 2 | 3 | ############################ 4 | # CHARTS # 5 | ############################ 6 | 7 | IMDb Top 250: 8 | overlay: IMDb Top 250 9 | plex_search: 10 | all: 11 | collection: IMDb Top 250 12 | TMDb Trending: 13 | overlay: TMDb Trending Alt 14 | plex_search: 15 | all: 16 | collection: TMDb Weekly Trending 17 | Trakt Trending: 18 | overlay: Trakt Trending 19 | trakt_chart: # For some reason it said the collection "Trakt Trending Now (Unplayed)" is not found, so I put this 20 | chart: trending 21 | limit: 100 -------------------------------------------------------------------------------- /kubernetes/apps/base/media/plex/kometa/custom/Movies - Overlays - Oscars.yml: -------------------------------------------------------------------------------- 1 | overlays: 2 | 3 | ############################ 4 | # OSCARS # 5 | ############################ 6 | 7 | Oscars: 8 | overlay: Oscars 9 | plex_search: 10 | any: 11 | collection: 12 | - Best Animated Feature Film 13 | - Best Cinematography 14 | - Best Film Editing 15 | - Best Picture 16 | - Best Sound 17 | - Best Visual Effects -------------------------------------------------------------------------------- /kubernetes/apps/base/media/plex/kometa/custom/Movies - Overlays - Stand-up.yml: -------------------------------------------------------------------------------- 1 | overlays: 2 | 3 | ############################ 4 | # STAND-UP COMEDY # 5 | ############################ 6 | 7 | Stand-up Comedy: 8 | overlay: Stand-up Comedy 9 | plex_search: 10 | all: 11 | collection: Stand-up Comedy -------------------------------------------------------------------------------- /kubernetes/apps/base/media/plex/kometa/custom/TV Shows - Overlays - Charts.yml: -------------------------------------------------------------------------------- 1 | overlays: 2 | 3 | ############################ 4 | # CHARTS # 5 | ############################ 6 | 7 | IMDb Top 250: 8 | overlay: IMDb Top 250 9 | plex_search: 10 | all: 11 | collection: IMDb Top 250 12 | TMDb Trending: 13 | overlay: TMDb Trending Alt 14 | plex_search: 15 | all: 16 | collection: TMDb Weekly Trending 17 | Trakt Trending: 18 | overlay: Trakt Trending 19 | plex_search: 20 | all: 21 | collection: Trakt Trending -------------------------------------------------------------------------------- /kubernetes/apps/base/media/plex/kometa/custom/TV Shows - Overlays - Statuses.yml: -------------------------------------------------------------------------------- 1 | overlays: 2 | 3 | ############################ 4 | # STATUSES # 5 | ############################ 6 | 7 | Cancelled: 8 | overlay: Cancelled 9 | plex_all: true 10 | filters: 11 | tmdb_status: canceled -------------------------------------------------------------------------------- /kubernetes/apps/base/media/plex/kometa/custom/TV Shows - Overlays - Studios.yml: -------------------------------------------------------------------------------- 1 | overlays: 2 | 3 | ############################ 4 | # STUDIOS # 5 | ############################ 6 | 7 | DC: 8 | overlay: DC 9 | plex_search: 10 | any: 11 | studio.is: 12 | - DC Comics 13 | - DC Entertainment 14 | Marvel: 15 | overlay: Marvel 16 | plex_search: 17 | all: 18 | studio.is: Marvel Television 19 | Marvel Studios: 20 | overlay: Marvel Studios 21 | plex_search: 22 | all: 23 | studio.is: Marvel Studios -------------------------------------------------------------------------------- /kubernetes/apps/base/media/plex/kometa/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | configMapGenerator: 9 | - name: kometa-configmap 10 | files: 11 | - ./configs/config.yml 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/apps/base/media/plex/movie-roulette/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name movie-roulette-secret 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | PLEX_TOKEN: "{{ .PLEX_API_KEY }" 16 | PLEX_POSTER_USERS: "{{ .PLEX_POSTER_USERS }}" 17 | dataFrom: 18 | - extract: 19 | key: plex 20 | -------------------------------------------------------------------------------- /kubernetes/apps/base/media/plex/movie-roulette/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/media/plex/plex-auto-languages/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/media/plex/plex-image-cleanup/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/media/plex/trakt-sync/config/config.yml: -------------------------------------------------------------------------------- 1 | cache: 2 | path: $PTS_CACHE_DIR/trakt_cache 3 | 4 | libraries: 5 | - Anime 6 | - Movies 7 | - TV Shows 8 | 9 | config: 10 | dotenv_override: true 11 | 12 | logging: 13 | append: false 14 | debug: false 15 | filename: plextraktsync.log 16 | 17 | sync: 18 | plex_to_trakt: 19 | collection: false 20 | ratings: false 21 | watched_status: true 22 | trakt_to_plex: 23 | liked_lists: false 24 | ratings: false 25 | watched_status: true 26 | watchlist: false 27 | 28 | watch: 29 | add_collection: false 30 | remove_collection: false 31 | scrobble_threshold: 90 32 | username_filter: true 33 | 34 | xbmc-providers: 35 | movies: imdb 36 | shows: tvdb 37 | -------------------------------------------------------------------------------- /kubernetes/apps/base/media/plex/trakt-sync/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: plex-trakt-sync 9 | files: 10 | - ./config/config.yml 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | annotations: 14 | kustomize.toolkit.fluxcd.io/substitute: disabled 15 | -------------------------------------------------------------------------------- /kubernetes/apps/base/media/tautulli/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./pvc.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/media/tautulli/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: tautulli-cache 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 15Gi 11 | storageClassName: ceph-block 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/media/wizarr/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/media/your-spotify/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name your-spotify-secret 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | SPOTIFY_PUBLIC: "{{ .SPOTIFY_CLIENT_ID }}" 16 | SPOTIFY_SECRET: "{{ .SPOTIFY_CLIENT_SECRET }}" 17 | dataFrom: 18 | - extract: 19 | key: spotify 20 | -------------------------------------------------------------------------------- /kubernetes/apps/base/media/your-spotify/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network/cloudflare-dns/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name cloudflare-dns 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | CF_API_TOKEN: "{{ .CLOUDFLARE_DNS_TOKEN }}" 16 | CF_ZONE_ID: "{{ .CLOUDFLARE_ZONE_ID }}" 17 | dataFrom: 18 | - extract: 19 | key: cloudflare 20 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network/cloudflare-dns/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./prometheusrule.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network/cloudflare-dns/prometheusrule.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/prometheusrule_v1.json 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: PrometheusRule 5 | metadata: 6 | name: external-dns-rules 7 | spec: 8 | groups: 9 | - name: external-dns.rules 10 | rules: 11 | - alert: ExternalDNSStale 12 | expr: | 13 | time() - external_dns_controller_last_sync_timestamp_seconds > 60 14 | for: 5m 15 | annotations: 16 | summary: >- 17 | ExternalDNS ({{ $labels.job }}) has not synced successfully in the last five minutes 18 | labels: 19 | severity: critical 20 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network/cloudflare-tunnel/dnsendpoint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/externaldns.k8s.io/dnsendpoint_v1alpha1.json 3 | apiVersion: externaldns.k8s.io/v1alpha1 4 | kind: DNSEndpoint 5 | metadata: 6 | name: cloudflare-tunnel 7 | spec: 8 | endpoints: 9 | - dnsName: "${EXTERNAL_DOMAIN}.jory.dev" 10 | recordType: CNAME 11 | targets: ["${CLOUDFLARED_TUNNEL_ID}.cfargotunnel.com"] 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network/cloudflare-tunnel/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name cloudflare-tunnel 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | TUNNEL_TOKEN: | 16 | {{ toJson (dict "a" .CLOUDFLARE_ACCOUNT_TAG "t" .${CLUSTER^^}_CLOUDFLARE_TUNNEL_ID "s" .${CLUSTER^^}_CLOUDFLARE_TUNNEL_SECRET) | b64enc }} 17 | dataFrom: 18 | - extract: 19 | key: cloudflare 20 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network/cloudflare-tunnel/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./dnsendpoint.yaml 7 | - ./externalsecret.yaml 8 | - ./helmrelease.yaml 9 | configMapGenerator: 10 | - name: cloudflare-tunnel-configmap 11 | files: 12 | - config.yaml=./resources/config.yaml 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network/cloudflare-tunnel/resources/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | originRequest: 3 | originServerName: ${EXTERNAL_DOMAIN}.jory.dev 4 | 5 | ingress: 6 | - hostname: jory.dev 7 | service: &service https://cilium-gateway-external.kube-system.svc.cluster.local 8 | - hostname: "*.jory.dev" 9 | service: *service 10 | - service: http_status:404 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network/echo/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network/unifi-dns/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name unifi-dns 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | EXTERNAL_DNS_UNIFI_API_KEY: "{{ .EXTERNAL_DNS_UNIFI_API_KEY }}" 16 | dataFrom: 17 | - extract: 18 | key: unifi 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network/unifi-dns/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/exporters/blackbox-exporter/httproute.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/gateway.networking.k8s.io/httproute_v1.json 3 | apiVersion: gateway.networking.k8s.io/v1 4 | kind: HTTPRoute 5 | metadata: 6 | name: blackbox-exporter 7 | spec: 8 | hostnames: ["blackbox.jory.dev"] 9 | parentRefs: 10 | - name: internal 11 | namespace: kube-system 12 | sectionName: https 13 | rules: 14 | - backendRefs: 15 | - name: blackbox-exporter 16 | namespace: observability 17 | port: 9115 18 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/exporters/blackbox-exporter/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./httproute.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/exporters/nut-exporter/dashboard/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | configMapGenerator: 6 | - name: nut-exporter-dashboard 7 | files: 8 | - nut-exporter.json 9 | - name: ups-aggregate-dashboard 10 | files: 11 | - ups-aggregate.json 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | annotations: 15 | kustomize.toolkit.fluxcd.io/substitute: disabled 16 | grafana_folder: "System" 17 | labels: 18 | grafana_dashboard: "true" 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/exporters/nut-exporter/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./prometheusrule.yaml 8 | - ./servicemonitor.yaml 9 | - ./dashboard 10 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/exporters/smartctl-exporter/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./prometheusrule.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/exporters/speedtest-exporter/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./prometheusrule.yaml 8 | - ./servicemonitor.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/exporters/speedtest-exporter/servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/monitoring.coreos.com/servicemonitor_v1.json 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | name: &app speedtest-exporter 7 | labels: &labels 8 | app.kubernetes.io/instance: *app 9 | app.kubernetes.io/name: *app 10 | spec: 11 | selector: 12 | matchLabels: 13 | <<: *labels 14 | endpoints: 15 | - port: metrics 16 | interval: 60m 17 | scrapeTimeout: 1m 18 | path: /metrics 19 | metricRelabelings: 20 | - action: labeldrop 21 | regex: (pod) 22 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/exporters/unpoller/dashboard/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | configMapGenerator: 6 | - name: unifi-pdu-dashboard 7 | files: 8 | - pdu-insights.json 9 | generatorOptions: 10 | disableNameSuffixHash: true 11 | annotations: 12 | kustomize.toolkit.fluxcd.io/substitute: disabled 13 | grafana_folder: "Network" 14 | labels: 15 | grafana_dashboard: "true" 16 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/exporters/unpoller/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name unpoller 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | UP_UNIFI_DEFAULT_API_KEY: "{{ .UNPOLLER_UNIFI_API_KEY }}" 16 | dataFrom: 17 | - extract: 18 | key: unifi 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/exporters/unpoller/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | # - ./dashboard 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/gatus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./grafana-dashboard.yaml 7 | - ./helmrelease.yaml 8 | - ./prometheusrule.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/grafana/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/karma/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: karma-configmap 9 | files: 10 | - ./config/config.yaml 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/keda/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/kromgo/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: kromgo-configmap 9 | files: 10 | - config.yaml=./resources/config.yaml 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | annotations: 14 | kustomize.toolkit.fluxcd.io/substitute: disabled 15 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/kube-prometheus-stack/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name alertmanager-secret 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | ALERTMANAGER_HEARTBEAT_URL: "{{ .ALERTMANAGER_${CLUSTER^^}_HEARTBEAT_URL }}" 16 | DISCORD_WEBHOOK_URL: "{{ .DISCORD_WEBHOOK_URL }}" 17 | dataFrom: 18 | - extract: 19 | key: alertmanager 20 | - extract: 21 | key: discord 22 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/kube-prometheus-stack/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./alertmanagerconfig.yaml 7 | - ./externalsecret.yaml 8 | - ./helmrelease.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/network-ups-tools/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/silence-operator/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/silence-operator/silences/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./silences.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/rook-ceph/rook-ceph/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name rook-ceph-dashboard-password 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | password: '{{ .password }}' 16 | dataFrom: 17 | - extract: 18 | key: rook 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/rook-ceph/rook-ceph/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/rook-ceph/rook-ceph/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./httproute.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/security/authentik/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name authentik-secret 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | AUTHENTIK_BOOTSTRAP_EMAIL: '{{ .AUTHENTIK_EMAIL }}' 16 | AUTHENTIK_BOOTSTRAP_PASSWORD: '{{ .AUTHENTIK_PASSWORD }}' 17 | AUTHENTIK_BOOTSTRAP_TOKEN: '{{ .AUTHENTIK_TOKEN }}' 18 | AUTHENTIK_SECRET_KEY: '{{ .AUTHENTIK_SECRET_KEY }}' 19 | dataFrom: 20 | - extract: 21 | key: authentik 22 | -------------------------------------------------------------------------------- /kubernetes/apps/base/security/authentik/httproute.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/gateway.networking.k8s.io/httproute_v1.json 3 | apiVersion: gateway.networking.k8s.io/v1 4 | kind: HTTPRoute 5 | metadata: 6 | name: authentik 7 | spec: 8 | hostnames: ["${GATUS_SUBDOMAIN:=${APP}}.jory.dev"] 9 | parentRefs: 10 | - name: external 11 | namespace: kube-system 12 | sectionName: https 13 | rules: 14 | - backendRefs: 15 | - name: authentik-server 16 | namespace: security 17 | port: 80 18 | -------------------------------------------------------------------------------- /kubernetes/apps/base/security/authentik/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./httproute.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/self-hosted/acars/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name acars-annotator 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | DISCORD_WEBHOOK_URL: "{{ .DISCORD_WEBHOOK }}" 16 | dataFrom: 17 | - extract: 18 | key: acars 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/self-hosted/acars/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/self-hosted/actual/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/self-hosted/archiveteam/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./pvc.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/self-hosted/archiveteam/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: archiveteam 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 20Gi 11 | storageClassName: ${STORAGECLASS} 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/self-hosted/atuin/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/self-hosted/free-game-notifier/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name free-game-notifier 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | DISCORD_WEBHOOK: '{{ .DISCORD_WEBHOOK }}' 16 | dataFrom: 17 | - extract: 18 | key: free-games 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/self-hosted/free-game-notifier/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/self-hosted/it-tools/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/self-hosted/lubelogger/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./rbac.yaml 9 | - ./secretstore.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/base/self-hosted/lubelogger/secretstore.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/clustersecretstore_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: SecretStore 5 | metadata: 6 | name: lubelogger-postgres 7 | spec: 8 | provider: 9 | kubernetes: 10 | remoteNamespace: &namespace self-hosted 11 | server: 12 | caProvider: 13 | type: "ConfigMap" 14 | name: "kube-root-ca.crt" 15 | key: "ca.crt" 16 | auth: 17 | serviceAccount: 18 | name: external-secrets-pg-lubelogger 19 | namespace: *namespace 20 | -------------------------------------------------------------------------------- /kubernetes/apps/base/self-hosted/meshcentral/configmap.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: meshcentral-config 6 | data: 7 | config.json: | 8 | { 9 | "settings": { 10 | "port": 8080, 11 | "redirPort": 0, 12 | "TlsOffload": true 13 | }, 14 | "domains": { 15 | "": { 16 | "userQuota": 1048576, 17 | "meshQuota": 248576, 18 | "newAccounts": 0 19 | } 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /kubernetes/apps/base/self-hosted/meshcentral/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./configmap.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/self-hosted/paperless/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/self-hosted/rss-forwarder/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/self-hosted/thelounge/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/self-hosted/wyze-bridge/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/storage/csi-driver-nfs/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/storage/democratic-csi/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/base/storage/openebs/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/storage/snapshot-controller/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/storage/volsync/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./mutatingadmissionpolicy.yaml 8 | - ./prometheusrule.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/main/actions-runner-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: actions-runner-system 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./actions-runner-controller/ks.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/main/cert-manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: cert-manager 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./cert-manager/ks.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/main/database/crunchy-postgres/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app crunchy-postgres-operator 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/database/crunchy-postgres 13 | prune: true 14 | retryInterval: 2m 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: database 20 | timeout: 5m 21 | wait: true 22 | -------------------------------------------------------------------------------- /kubernetes/apps/main/database/dragonfly/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app dragonfly-operator 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/database/dragonfly 13 | prune: true 14 | retryInterval: 2m 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: database 20 | timeout: 5m 21 | wait: true 22 | -------------------------------------------------------------------------------- /kubernetes/apps/main/database/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: database 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./crunchy-postgres/ks.yaml 10 | - ./dragonfly/ks.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/apps/main/default/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: default 6 | components: 7 | - ../../../components/common 8 | resources: [] 9 | -------------------------------------------------------------------------------- /kubernetes/apps/main/downloads/flaresolverr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app flaresolverr 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/downloads/flaresolverr 13 | prune: true 14 | retryInterval: 2m 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: downloads 20 | timeout: 5m 21 | wait: false 22 | -------------------------------------------------------------------------------- /kubernetes/apps/main/downloads/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: downloads 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./bazarr/ks.yaml 10 | - ./dashbrr/ks.yaml 11 | - ./flaresolverr/ks.yaml 12 | - ./kapowarr/ks.yaml 13 | - ./metube/ks.yaml 14 | - ./mylar/ks.yaml 15 | - ./prowlarr/ks.yaml 16 | - ./qbittorrent/ks.yaml 17 | - ./radarr/ks.yaml 18 | - ./readarr/ks.yaml 19 | - ./recyclarr/ks.yaml 20 | - ./sabnzbd/ks.yaml 21 | - ./sonarr/ks.yaml 22 | - ./webhook/ks.yaml 23 | -------------------------------------------------------------------------------- /kubernetes/apps/main/external-secrets/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: external-secrets 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./external-secrets/ks.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/main/flux-system/addons/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app flux-addons 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/flux-system/addons 13 | postBuild: 14 | substitute: 15 | CLUSTER: main 16 | SUBDOMAIN: flux-webhook 17 | prune: true 18 | retryInterval: 2m 19 | sourceRef: 20 | kind: GitRepository 21 | name: flux-system 22 | namespace: flux-system 23 | targetNamespace: flux-system 24 | timeout: 5m 25 | wait: false 26 | -------------------------------------------------------------------------------- /kubernetes/apps/main/flux-system/flux-operator/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app flux-operator 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | healthChecks: 12 | - apiVersion: helm.toolkit.fluxcd.io/v2 13 | kind: HelmRelease 14 | name: *app 15 | namespace: &namespace flux-system 16 | interval: 1h 17 | path: ./kubernetes/apps/base/flux-system/flux-operator 18 | prune: true 19 | sourceRef: 20 | kind: GitRepository 21 | name: flux-system 22 | namespace: flux-system 23 | targetNamespace: *namespace 24 | timeout: 5m 25 | -------------------------------------------------------------------------------- /kubernetes/apps/main/flux-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: flux-system 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./addons/ks.yaml 10 | - ./flux-operator/ks.yaml 11 | - ./headlamp/ks.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/apps/main/games/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: games 5 | components: 6 | - ../../../components/common 7 | resources: 8 | # - ./core-keeper/ks.yaml 9 | - ./minecraft/ks.yaml 10 | # - ./palworld/ks.yaml 11 | # - ./vrising/ks.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/apps/main/kube-system/cilium/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./networks.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/main/kube-system/coredns/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app coredns 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/kube-system/coredns 13 | postBuild: 14 | substitute: 15 | REPLICAS: "3" #Match control plane count 16 | prune: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | targetNamespace: kube-system 22 | timeout: 5m 23 | wait: false 24 | -------------------------------------------------------------------------------- /kubernetes/apps/main/kube-system/irqbalance/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app irqbalance 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/kube-system/irqbalance 13 | prune: true 14 | retryInterval: 2m 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: kube-system 20 | timeout: 5m 21 | wait: true 22 | -------------------------------------------------------------------------------- /kubernetes/apps/main/kube-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-system 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./cilium/ks.yaml 10 | - ./coredns/ks.yaml 11 | - ./irqbalance/ks.yaml 12 | - ./metrics-server/ks.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/main/kube-system/metrics-server/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app metrics-server 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/kube-system/metrics-server 13 | postBuild: 14 | substitute: 15 | REPLICAS: "2" 16 | prune: true 17 | retryInterval: 2m 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | targetNamespace: kube-system 23 | timeout: 5m 24 | wait: false 25 | -------------------------------------------------------------------------------- /kubernetes/apps/main/kube-tools/descheduler/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app descheduler 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/kube-tools/descheduler 13 | postBuild: 14 | substitute: 15 | REPLICAS: "2" 16 | prune: true 17 | retryInterval: 2m 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | targetNamespace: kube-tools 23 | timeout: 5m 24 | wait: false 25 | -------------------------------------------------------------------------------- /kubernetes/apps/main/kube-tools/fstrim/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app fstrim 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/kube-tools/fstrim 13 | postBuild: 14 | substitute: 15 | PARALLELISM: "3" #Match node count 16 | prune: true 17 | retryInterval: 2m 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | targetNamespace: kube-tools 23 | timeout: 5m 24 | wait: false 25 | -------------------------------------------------------------------------------- /kubernetes/apps/main/kube-tools/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-tools 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./descheduler/ks.yaml 10 | - ./fstrim/ks.yaml 11 | - ./intel-device-plugins/ks.yaml 12 | - ./reloader/ks.yaml 13 | - ./spegel/ks.yaml 14 | - ./system-upgrade-controller/ks.yaml 15 | configMapGenerator: 16 | - name: versions 17 | env: ../../base/kube-tools/system-upgrade-controller/versions.env 18 | configurations: 19 | - ../../base/kube-tools/system-upgrade-controller/kustomizeconfig.yaml 20 | -------------------------------------------------------------------------------- /kubernetes/apps/main/kube-tools/reloader/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app reloader 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/kube-tools/reloader 13 | prune: true 14 | retryInterval: 2m 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: kube-tools 20 | timeout: 5m 21 | wait: false 22 | -------------------------------------------------------------------------------- /kubernetes/apps/main/kube-tools/spegel/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app spegel 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/kube-tools/spegel 13 | prune: true 14 | retryInterval: 2m 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: kube-tools 20 | timeout: 5m 21 | wait: false 22 | -------------------------------------------------------------------------------- /kubernetes/apps/main/llm/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: llm 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./ollama/ks.yaml 10 | - ./open-webui/ks.yaml 11 | - ./searxng/ks.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/apps/main/llm/ollama/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app ollama 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | components: 12 | - ../../../../components/gatus/guarded 13 | interval: 1h 14 | path: ./kubernetes/apps/base/llm/ollama 15 | postBuild: 16 | substitute: 17 | APP: *app 18 | CLUSTER: main 19 | prune: true 20 | retryInterval: 2m 21 | sourceRef: 22 | kind: GitRepository 23 | name: flux-system 24 | namespace: flux-system 25 | targetNamespace: llm 26 | timeout: 5m 27 | wait: false 28 | -------------------------------------------------------------------------------- /kubernetes/apps/main/media/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: media 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./ersatztv/ks.yaml 10 | - ./jellyseerr/ks.yaml 11 | - ./kavita/ks.yaml 12 | - ./komga/ks.yaml 13 | - ./kyoo/ks.yaml 14 | - ./maintainerr/ks.yaml 15 | - ./plex/ks.yaml 16 | - ./tautulli/ks.yaml 17 | - ./wizarr/ks.yaml 18 | - ./your-spotify/ks.yaml 19 | -------------------------------------------------------------------------------- /kubernetes/apps/main/network/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: network 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./cloudflare-dns/ks.yaml 10 | - ./cloudflare-tunnel/ks.yaml 11 | - ./echo/ks.yaml 12 | - ./unifi-dns/ks.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/main/network/unifi-dns/ks.yaml: -------------------------------------------------------------------------------- 1 | 2 | --- 3 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 4 | apiVersion: kustomize.toolkit.fluxcd.io/v1 5 | kind: Kustomization 6 | metadata: 7 | name: &app unifi-dns 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | interval: 1h 13 | path: ./kubernetes/apps/base/network/unifi-dns 14 | postBuild: 15 | substitute: 16 | CLUSTER: main 17 | prune: true 18 | retryInterval: 2m 19 | sourceRef: 20 | kind: GitRepository 21 | name: flux-system 22 | namespace: flux-system 23 | targetNamespace: network 24 | timeout: 5m 25 | wait: true 26 | -------------------------------------------------------------------------------- /kubernetes/apps/main/observability/exporters/blackbox-exporter/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app blackbox-exporter 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/observability/exporters/blackbox-exporter 13 | prune: true 14 | retryInterval: 2m 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: observability 20 | timeout: 5m 21 | wait: false 22 | -------------------------------------------------------------------------------- /kubernetes/apps/main/observability/exporters/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./blackbox-exporter/ks.yaml 7 | - ./blackbox-exporter/probes.yaml 8 | - ./nut-exporter/ks.yaml 9 | - ./smartctl-exporter/ks.yaml 10 | - ./speedtest-exporter/ks.yaml 11 | - ./unpoller/ks.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/apps/main/observability/exporters/nut-exporter/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app nut-exporter 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/observability/exporters/nut-exporter 13 | prune: true 14 | retryInterval: 2m 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: observability 20 | timeout: 5m 21 | wait: false 22 | -------------------------------------------------------------------------------- /kubernetes/apps/main/observability/exporters/smartctl-exporter/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app smartctl-exporter 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/observability/exporters/smartctl-exporter 13 | prune: true 14 | retryInterval: 2m 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: observability 20 | timeout: 5m 21 | wait: false 22 | -------------------------------------------------------------------------------- /kubernetes/apps/main/observability/exporters/speedtest-exporter/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app speedtest-exporter 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/observability/exporters/speedtest-exporter 13 | prune: true 14 | retryInterval: 2m 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: observability 20 | timeout: 5m 21 | wait: false 22 | -------------------------------------------------------------------------------- /kubernetes/apps/main/observability/exporters/unpoller/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app unpoller 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/observability/exporters/unpoller 13 | prune: true 14 | retryInterval: 2m 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: observability 20 | timeout: 5m 21 | wait: false 22 | -------------------------------------------------------------------------------- /kubernetes/apps/main/observability/keda/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app keda 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/observability/keda 13 | postBuild: 14 | substitute: 15 | APP: *app 16 | CLUSTER: main 17 | prune: true 18 | retryInterval: 2m 19 | sourceRef: 20 | kind: GitRepository 21 | name: flux-system 22 | namespace: flux-system 23 | targetNamespace: observability 24 | timeout: 5m 25 | wait: false 26 | -------------------------------------------------------------------------------- /kubernetes/apps/main/observability/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: observability 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./gatus/ks.yaml 10 | - ./grafana/ks.yaml 11 | - ./karma/ks.yaml 12 | - ./keda/ks.yaml 13 | - ./kromgo/ks.yaml 14 | - ./kube-prometheus-stack/ks.yaml 15 | - ./kube-prometheus-stack/scrapeconfig.yaml 16 | - ./silence-operator/ks.yaml 17 | # Exporters 18 | - ./exporters 19 | configMapGenerator: 20 | - name: gatus-configmap 21 | files: 22 | - ./gatus/config.yaml 23 | generatorOptions: 24 | disableNameSuffixHash: true 25 | -------------------------------------------------------------------------------- /kubernetes/apps/main/rook-ceph/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: rook-ceph 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./rook-ceph/ks.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/main/security/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: security 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./authentik/ks.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/main/self-hosted/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: self-hosted 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./actual/ks.yaml 10 | - ./archiveteam/ks.yaml 11 | - ./atuin/ks.yaml 12 | - ./lubelogger/ks.yaml 13 | - ./paperless/ks.yaml 14 | - ./wyze-bridge/ks.yaml 15 | -------------------------------------------------------------------------------- /kubernetes/apps/main/storage/csi-driver-nfs/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app csi-driver-nfs 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/storage/csi-driver-nfs 13 | postBuild: 14 | substitute: 15 | REPLICAS: "2" 16 | prune: true 17 | retryInterval: 2m 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | targetNamespace: storage 23 | timeout: 5m 24 | wait: false 25 | -------------------------------------------------------------------------------- /kubernetes/apps/main/storage/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: storage 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./csi-driver-nfs/ks.yaml 10 | - ./openebs/ks.yaml 11 | - ./snapshot-controller/ks.yaml 12 | - ./volsync/ks.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/main/storage/openebs/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app openebs 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/storage/openebs 13 | prune: true 14 | retryInterval: 2m 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: storage 20 | timeout: 5m 21 | wait: false 22 | -------------------------------------------------------------------------------- /kubernetes/apps/main/storage/snapshot-controller/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app snapshot-controller 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/storage/snapshot-controller 13 | postBuild: 14 | substitute: 15 | REPLICAS: "2" 16 | prune: true 17 | retryInterval: 2m 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | targetNamespace: storage 23 | timeout: 5m 24 | wait: false 25 | -------------------------------------------------------------------------------- /kubernetes/apps/main/storage/volsync/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app volsync 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/storage/volsync 13 | postBuild: 14 | substitute: 15 | REPLICAS: "2" 16 | prune: true 17 | retryInterval: 2m 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | targetNamespace: storage 23 | timeout: 5m 24 | wait: false 25 | -------------------------------------------------------------------------------- /kubernetes/apps/test/actions-runner-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: actions-runner-system 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./actions-runner-controller/ks.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/test/cert-manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: cert-manager 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./cert-manager/ks.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/test/external-secrets/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: external-secrets 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./external-secrets/ks.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/test/flux-system/addons/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app flux-addons 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/flux-system/addons 13 | postBuild: 14 | substitute: 15 | CLUSTER: test 16 | SUBDOMAIN: flux-webhook-test 17 | prune: true 18 | retryInterval: 2m 19 | sourceRef: 20 | kind: GitRepository 21 | name: flux-system 22 | namespace: flux-system 23 | targetNamespace: flux-system 24 | timeout: 5m 25 | wait: false 26 | -------------------------------------------------------------------------------- /kubernetes/apps/test/flux-system/flux-operator/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app flux-operator 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | healthChecks: 12 | - apiVersion: helm.toolkit.fluxcd.io/v2 13 | kind: HelmRelease 14 | name: *app 15 | namespace: &namespace flux-system 16 | interval: 1h 17 | path: ./kubernetes/apps/base/flux-system/flux-operator 18 | prune: true 19 | sourceRef: 20 | kind: GitRepository 21 | name: flux-system 22 | namespace: flux-system 23 | targetNamespace: *namespace 24 | timeout: 5m 25 | -------------------------------------------------------------------------------- /kubernetes/apps/test/flux-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: flux-system 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./addons/ks.yaml 10 | - ./flux-operator/ks.yaml 11 | - ./headlamp/ks.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/apps/test/kube-system/cilium/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./networks.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/test/kube-system/coredns/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app coredns 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/kube-system/coredns 13 | postBuild: 14 | substitute: 15 | REPLICAS: "1" #Match control plane count 16 | prune: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | targetNamespace: kube-system 22 | timeout: 5m 23 | wait: false 24 | -------------------------------------------------------------------------------- /kubernetes/apps/test/kube-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-system 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./cilium/ks.yaml 10 | - ./coredns/ks.yaml 11 | - ./metrics-server/ks.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/apps/test/kube-system/metrics-server/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app metrics-server 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/kube-system/metrics-server 13 | postBuild: 14 | substitute: 15 | REPLICAS: "1" 16 | prune: true 17 | retryInterval: 2m 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | targetNamespace: kube-system 23 | timeout: 5m 24 | wait: false 25 | -------------------------------------------------------------------------------- /kubernetes/apps/test/kube-tools/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-tools 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./reloader/ks.yaml 10 | - ./system-upgrade-controller/ks.yaml 11 | configMapGenerator: 12 | - name: versions 13 | env: ../../base/kube-tools/system-upgrade-controller/versions.env 14 | configurations: 15 | - ../../base/kube-tools/system-upgrade-controller/kustomizeconfig.yaml 16 | -------------------------------------------------------------------------------- /kubernetes/apps/test/kube-tools/reloader/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app reloader 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/kube-tools/reloader 13 | prune: true 14 | retryInterval: 2m 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: kube-tools 20 | timeout: 5m 21 | wait: false 22 | -------------------------------------------------------------------------------- /kubernetes/apps/test/network/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: network 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./cloudflare-dns/ks.yaml 10 | - ./cloudflare-tunnel/ks.yaml 11 | - ./echo/ks.yaml 12 | - ./unifi-dns/ks.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/test/network/unifi-dns/ks.yaml: -------------------------------------------------------------------------------- 1 | 2 | --- 3 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 4 | apiVersion: kustomize.toolkit.fluxcd.io/v1 5 | kind: Kustomization 6 | metadata: 7 | name: &app unifi-dns 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | interval: 1h 13 | path: ./kubernetes/apps/base/network/unifi-dns 14 | postBuild: 15 | substitute: 16 | CLUSTER: test 17 | prune: true 18 | retryInterval: 2m 19 | sourceRef: 20 | kind: GitRepository 21 | name: flux-system 22 | namespace: flux-system 23 | targetNamespace: network 24 | timeout: 5m 25 | wait: true 26 | -------------------------------------------------------------------------------- /kubernetes/apps/test/storage/csi-driver-nfs/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app csi-driver-nfs 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/storage/csi-driver-nfs 13 | postBuild: 14 | substitute: 15 | REPLICAS: "1" 16 | prune: true 17 | retryInterval: 2m 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | targetNamespace: storage 23 | timeout: 5m 24 | wait: false 25 | -------------------------------------------------------------------------------- /kubernetes/apps/test/storage/democratic-csi/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app democratic-csi 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/storage/democratic-csi 13 | prune: true 14 | retryInterval: 2m 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: storage 20 | timeout: 5m 21 | wait: false 22 | -------------------------------------------------------------------------------- /kubernetes/apps/test/storage/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: storage 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./csi-driver-nfs/ks.yaml 10 | - ./democratic-csi/ks.yaml 11 | - ./snapshot-controller/ks.yaml 12 | - ./volsync/ks.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/test/storage/volsync/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app volsync 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/storage/volsync 13 | postBuild: 14 | substitute: 15 | REPLICAS: "1" 16 | prune: true 17 | retryInterval: 2m 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | targetNamespace: storage 23 | timeout: 5m 24 | wait: false 25 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/actions-runner-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: actions-runner-system 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./actions-runner-controller/ks.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/cert-manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: cert-manager 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./cert-manager/ks.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/default/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: default 6 | components: 7 | - ../../../components/common 8 | resources: [] 9 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/external-secrets/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: external-secrets 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./external-secrets/ks.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/flux-system/addons/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app flux-addons 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/flux-system/addons 13 | postBuild: 14 | substitute: 15 | CLUSTER: utility 16 | SUBDOMAIN: flux-webhook-utility 17 | prune: true 18 | retryInterval: 2m 19 | sourceRef: 20 | kind: GitRepository 21 | name: flux-system 22 | namespace: flux-system 23 | targetNamespace: flux-system 24 | timeout: 5m 25 | wait: false 26 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/flux-system/flux-operator/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app flux-operator 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | healthChecks: 12 | - apiVersion: helm.toolkit.fluxcd.io/v2 13 | kind: HelmRelease 14 | name: *app 15 | namespace: &namespace flux-system 16 | interval: 1h 17 | path: ./kubernetes/apps/base/flux-system/flux-operator 18 | prune: true 19 | sourceRef: 20 | kind: GitRepository 21 | name: flux-system 22 | namespace: flux-system 23 | targetNamespace: *namespace 24 | timeout: 5m 25 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/flux-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: flux-system 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./addons/ks.yaml 10 | - ./flux-operator/ks.yaml 11 | - ./headlamp/ks.yaml 12 | - ./tofu-controller/ks.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/home-automation/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: home-automation 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./home-assistant/ks.yaml 10 | - ./mosquitto/ks.yaml 11 | # - ./rtlamr2mqtt/ks.yaml ##RTL in use for ACARS 12 | - ./zigbee/ks.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/home-automation/rtlamr2mqtt/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app rtlamr2mqtt 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/home-automation/rtlamr2mqtt 13 | prune: true 14 | retryInterval: 2m 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: home-automation 20 | timeout: 5m 21 | wait: false 22 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/kube-system/cilium/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./networks.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/kube-system/coredns/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app coredns 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/kube-system/coredns 13 | postBuild: 14 | substitute: 15 | REPLICAS: "1" #Match control plane count 16 | prune: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | targetNamespace: kube-system 22 | timeout: 5m 23 | wait: false 24 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/kube-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-system 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./cilium/ks.yaml 10 | - ./coredns/ks.yaml 11 | - ./metrics-server/ks.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/kube-system/metrics-server/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app metrics-server 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/kube-system/metrics-server 13 | postBuild: 14 | substitute: 15 | REPLICAS: "1" 16 | prune: true 17 | retryInterval: 2m 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | targetNamespace: kube-system 23 | timeout: 5m 24 | wait: false 25 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/kube-tools/descheduler/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app descheduler 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/kube-tools/descheduler 13 | prune: true 14 | retryInterval: 2m 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: kube-tools 20 | timeout: 5m 21 | wait: false 22 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/kube-tools/fstrim/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app fstrim 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/kube-tools/fstrim 13 | postBuild: 14 | substitute: 15 | PARALLELISM: "1" #Match node count 16 | prune: true 17 | retryInterval: 2m 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | targetNamespace: kube-tools 23 | timeout: 5m 24 | wait: false 25 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/kube-tools/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-tools 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./descheduler/ks.yaml 10 | - ./fstrim/ks.yaml 11 | - ./reloader/ks.yaml 12 | - ./system-upgrade-controller/ks.yaml 13 | configMapGenerator: 14 | - name: versions 15 | env: ../../base/kube-tools/system-upgrade-controller/versions.env 16 | configurations: 17 | - ../../base/kube-tools/system-upgrade-controller/kustomizeconfig.yaml 18 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/kube-tools/reloader/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app reloader 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/kube-tools/reloader 13 | prune: true 14 | retryInterval: 2m 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: kube-tools 20 | timeout: 5m 21 | wait: false 22 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/network/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: network 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./cloudflare-dns/ks.yaml 10 | - ./cloudflare-tunnel/ks.yaml 11 | - ./echo/ks.yaml 12 | - ./unifi-dns/ks.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/network/unifi-dns/ks.yaml: -------------------------------------------------------------------------------- 1 | 2 | --- 3 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 4 | apiVersion: kustomize.toolkit.fluxcd.io/v1 5 | kind: Kustomization 6 | metadata: 7 | name: &app unifi-dns 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | interval: 1h 13 | path: ./kubernetes/apps/base/network/unifi-dns 14 | postBuild: 15 | substitute: 16 | CLUSTER: utility 17 | prune: true 18 | retryInterval: 2m 19 | sourceRef: 20 | kind: GitRepository 21 | name: flux-system 22 | namespace: flux-system 23 | targetNamespace: network 24 | timeout: 5m 25 | wait: true 26 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/observability/exporters/blackbox-exporter/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app blackbox-exporter 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/observability/exporters/blackbox-exporter 13 | prune: true 14 | retryInterval: 2m 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: observability 20 | timeout: 5m 21 | wait: false 22 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/observability/exporters/blackbox-exporter/probes.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/monitoring.coreos.com/probe_v1.json 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: Probe 5 | metadata: 6 | name: devices 7 | spec: 8 | module: icmp 9 | prober: 10 | url: blackbox-exporter.observability.svc.cluster.local:9115 11 | targets: 12 | staticConfig: 13 | static: 14 | ## Main Rack 15 | - kvm.internal 16 | - pikvm.internal 17 | - voyager.internal 18 | - ayaka.internal 19 | - eula.internal 20 | - ganyu.internal 21 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/observability/exporters/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./blackbox-exporter/ks.yaml 7 | - ./blackbox-exporter/probes.yaml 8 | - ./smartctl-exporter/ks.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/observability/exporters/smartctl-exporter/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app smartctl-exporter 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/observability/exporters/smartctl-exporter 13 | prune: true 14 | retryInterval: 2m 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: observability 20 | timeout: 5m 21 | wait: false 22 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/observability/gatus/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app gatus 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/observability/gatus 13 | postBuild: 14 | substitute: 15 | APP: *app 16 | CLUSTER: utility 17 | GATUS_SUBDOMAIN: status-utility 18 | prune: true 19 | retryInterval: 2m 20 | sourceRef: 21 | kind: GitRepository 22 | name: flux-system 23 | namespace: flux-system 24 | targetNamespace: observability 25 | timeout: 5m 26 | wait: false 27 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/observability/keda/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app keda 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/observability/keda 13 | postBuild: 14 | substitute: 15 | APP: *app 16 | CLUSTER: utility 17 | prune: true 18 | retryInterval: 2m 19 | sourceRef: 20 | kind: GitRepository 21 | name: flux-system 22 | namespace: flux-system 23 | targetNamespace: observability 24 | timeout: 5m 25 | wait: false 26 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/observability/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: observability 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./gatus/ks.yaml 10 | - ./grafana/ks.yaml 11 | - ./keda/ks.yaml 12 | - ./kube-prometheus-stack/ks.yaml 13 | - ./silence-operator/ks.yaml ##TODO move these to per-cluster silences 14 | # Exporters 15 | - ./exporters 16 | configMapGenerator: 17 | - name: gatus-configmap 18 | files: 19 | - ./gatus/config.yaml 20 | generatorOptions: 21 | disableNameSuffixHash: true 22 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/self-hosted/acars/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name acarsdrama 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | ACARSDRAMA_ACARS: "{{ .ACARSDRAMA_ACARS }}" 16 | ACARSDRAMA_VDLM2: "{{ .ACARSDRAMA_VDLM2 }}" 17 | dataFrom: 18 | - extract: 19 | key: acars 20 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/self-hosted/free-game-notifier/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app free-game-notifier 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/self-hosted/free-game-notifier 13 | prune: true 14 | retryInterval: 2m 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: self-hosted 20 | timeout: 5m 21 | wait: false 22 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/self-hosted/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: self-hosted 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./acars/externalsecret.yaml 10 | - ./acars/ks.yaml 11 | - ./free-game-notifier/ks.yaml 12 | - ./it-tools/ks.yaml 13 | - ./meshcentral/ks.yaml 14 | - ./rss-forwarder/ks.yaml 15 | - ./thelounge/ks.yaml 16 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/self-hosted/rss-forwarder/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app rss-forwarder 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/self-hosted/rss-forwarder 13 | prune: true 14 | retryInterval: 2m 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: self-hosted 20 | timeout: 5m 21 | wait: false 22 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/storage/csi-driver-nfs/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app csi-driver-nfs 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/storage/csi-driver-nfs 13 | postBuild: 14 | substitute: 15 | REPLICAS: "1" 16 | prune: true 17 | retryInterval: 2m 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | targetNamespace: storage 23 | timeout: 5m 24 | wait: false 25 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/storage/democratic-csi/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app democratic-csi 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/storage/democratic-csi 13 | prune: true 14 | retryInterval: 2m 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: storage 20 | timeout: 5m 21 | wait: false 22 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/storage/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: storage 6 | components: 7 | - ../../../components/common 8 | resources: 9 | - ./csi-driver-nfs/ks.yaml 10 | - ./democratic-csi/ks.yaml 11 | - ./snapshot-controller/ks.yaml 12 | - ./volsync/ks.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/utility/storage/volsync/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app volsync 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 1h 12 | path: ./kubernetes/apps/base/storage/volsync 13 | postBuild: 14 | substitute: 15 | REPLICAS: "1" 16 | prune: true 17 | retryInterval: 2m 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | targetNamespace: storage 23 | timeout: 5m 24 | wait: false 25 | -------------------------------------------------------------------------------- /kubernetes/clusters/main/flux-instance.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app flux-instance 7 | namespace: &namespace flux-system 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: flux-operator 14 | namespace: *namespace 15 | interval: 1h 16 | path: ./kubernetes/clusters/main/flux-instance 17 | prune: true 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | targetNamespace: *namespace 23 | timeout: 5m 24 | wait: false 25 | -------------------------------------------------------------------------------- /kubernetes/clusters/main/flux-instance/helm/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/clusters/main/flux-instance/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: flux-system 6 | resources: 7 | - ./helmrelease.yaml 8 | - ./prometheusrule.yaml 9 | configMapGenerator: 10 | - name: flux-instance-values 11 | files: 12 | - values.yaml=./helm/values.yaml 13 | configurations: 14 | - ./helm/kustomizeconfig.yaml 15 | -------------------------------------------------------------------------------- /kubernetes/clusters/test/flux-instance.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app flux-instance 7 | namespace: &namespace flux-system 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: flux-operator 14 | namespace: *namespace 15 | interval: 1h 16 | path: ./kubernetes/clusters/test/flux-instance 17 | prune: true 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | targetNamespace: *namespace 23 | timeout: 5m 24 | wait: false 25 | -------------------------------------------------------------------------------- /kubernetes/clusters/test/flux-instance/helm/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/clusters/test/flux-instance/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: flux-system 6 | resources: 7 | - ./helmrelease.yaml 8 | - ./prometheusrule.yaml 9 | configMapGenerator: 10 | - name: flux-instance-values 11 | files: 12 | - values.yaml=./helm/values.yaml 13 | configurations: 14 | - ./helm/kustomizeconfig.yaml 15 | -------------------------------------------------------------------------------- /kubernetes/clusters/utility/flux-instance.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app flux-instance 7 | namespace: &namespace flux-system 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: flux-operator 14 | namespace: *namespace 15 | interval: 1h 16 | path: ./kubernetes/clusters/utility/flux-instance 17 | prune: true 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | targetNamespace: *namespace 23 | timeout: 5m 24 | wait: false 25 | -------------------------------------------------------------------------------- /kubernetes/clusters/utility/flux-instance/helm/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/clusters/utility/flux-instance/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: flux-system 6 | resources: 7 | - ./helmrelease.yaml 8 | - ./prometheusrule.yaml 9 | configMapGenerator: 10 | - name: flux-instance-values 11 | files: 12 | - values.yaml=./helm/values.yaml 13 | configurations: 14 | - ./helm/kustomizeconfig.yaml 15 | -------------------------------------------------------------------------------- /kubernetes/components/common/alerts/alertmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./alert.yaml 7 | - ./provider.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/components/common/alerts/alertmanager/provider.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/notification.toolkit.fluxcd.io/provider_v1beta3.json 3 | apiVersion: notification.toolkit.fluxcd.io/v1beta3 4 | kind: Provider 5 | metadata: 6 | name: alertmanager 7 | spec: 8 | type: alertmanager 9 | address: http://alertmanager-operated.observability.svc.cluster.local:9093/api/v2/alerts/ 10 | -------------------------------------------------------------------------------- /kubernetes/components/common/alerts/github-status/alert.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/notification.toolkit.fluxcd.io/alert_v1beta3.json 3 | apiVersion: notification.toolkit.fluxcd.io/v1beta3 4 | kind: Alert 5 | metadata: 6 | name: github-status 7 | spec: 8 | providerRef: 9 | name: github-status 10 | eventSources: 11 | - kind: Kustomization 12 | name: "*" 13 | -------------------------------------------------------------------------------- /kubernetes/components/common/alerts/github-status/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name github-status-token 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: *name 13 | template: 14 | data: 15 | token: "{{ .FLUX_${CLUSTER^^}_GITHUB_TOKEN }}" 16 | dataFrom: 17 | - extract: 18 | key: flux 19 | -------------------------------------------------------------------------------- /kubernetes/components/common/alerts/github-status/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./alert.yaml 7 | - ./externalsecret.yaml 8 | - ./provider.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/components/common/alerts/github-status/provider.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/notification.toolkit.fluxcd.io/provider_v1beta3.json 3 | apiVersion: notification.toolkit.fluxcd.io/v1beta3 4 | kind: Provider 5 | metadata: 6 | name: github-status 7 | spec: 8 | type: github 9 | address: https://github.com/joryirving/home-ops 10 | secretRef: 11 | name: github-status-token 12 | -------------------------------------------------------------------------------- /kubernetes/components/common/alerts/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./alertmanager 7 | - ./github-status 8 | -------------------------------------------------------------------------------- /kubernetes/components/common/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1alpha1 4 | kind: Component 5 | resources: 6 | - ./namespace.yaml 7 | - ./alerts 8 | - ./repos 9 | - ./sops 10 | -------------------------------------------------------------------------------- /kubernetes/components/common/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: not-used 6 | annotations: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /kubernetes/components/common/repos/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./ocirepository.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/components/common/repos/ocirepository.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: OCIRepository 5 | metadata: 6 | name: app-template 7 | spec: 8 | interval: 5m 9 | layerSelector: 10 | mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip 11 | operation: copy 12 | ref: 13 | tag: 4.0.1 14 | url: oci://ghcr.io/bjw-s-labs/helm/app-template 15 | -------------------------------------------------------------------------------- /kubernetes/components/common/sops/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./secret.sops.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/components/dragonfly/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1alpha1 4 | kind: Component 5 | resources: 6 | - ./cluster.yaml 7 | - ./podmonitor.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/components/dragonfly/podmonitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/monitoring.coreos.com/podmonitor_v1.json 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: PodMonitor 5 | metadata: 6 | name: ${APP}-dragonfly 7 | spec: 8 | selector: 9 | matchLabels: 10 | app: ${APP}-dragonfly 11 | podTargetLabels: ["app"] 12 | podMetricsEndpoints: 13 | - port: admin 14 | fallbackScrapeProtocol: PrometheusText0.0.4 15 | -------------------------------------------------------------------------------- /kubernetes/components/gatus/external/config.yaml: -------------------------------------------------------------------------------- 1 | endpoints: 2 | - name: "${APP}" 3 | group: ${CLUSTER}-external 4 | url: "https://${GATUS_SUBDOMAIN:=${APP}}.jory.dev${GATUS_PATH:=/}" 5 | interval: 1m 6 | client: 7 | dns-resolver: tcp://1.1.1.1:53 8 | conditions: 9 | - "[STATUS] == ${GATUS_STATUS:=200}" 10 | -------------------------------------------------------------------------------- /kubernetes/components/gatus/external/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1alpha1 4 | kind: Component 5 | configMapGenerator: 6 | - name: ${APP}-gatus-ep 7 | files: 8 | - config.yaml=./config.yaml 9 | options: 10 | labels: 11 | gatus.io/enabled: "true" 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/components/gatus/guarded/config.yaml: -------------------------------------------------------------------------------- 1 | endpoints: 2 | - name: "${APP}" 3 | group: ${CLUSTER}-guarded 4 | url: 1.1.1.1 5 | interval: 1m 6 | ui: 7 | hide-hostname: true 8 | hide-url: true 9 | dns: 10 | query-name: "${GATUS_SUBDOMAIN:=${APP}}.jory.dev" 11 | query-type: A 12 | conditions: 13 | - "len([BODY]) == 0" 14 | -------------------------------------------------------------------------------- /kubernetes/components/gatus/guarded/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1alpha1 4 | kind: Component 5 | configMapGenerator: 6 | - name: ${APP}-gatus-ep 7 | files: 8 | - config.yaml=./config.yaml 9 | options: 10 | labels: 11 | gatus.io/enabled: "true" 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/components/keda/nfs-scaler/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1alpha1 4 | kind: Component 5 | resources: 6 | - ./scaledobject.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/components/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: flux-system 6 | resources: [] 7 | -------------------------------------------------------------------------------- /kubernetes/components/postgres/README.md: -------------------------------------------------------------------------------- 1 | # crunchy-postgres 2 | 3 | ## Postgres Clusters 4 | 5 | ### Disabling successfulJobsHistoryLimit 6 | 7 | ```sh 8 | kubectl get cronjob --all-namespaces -o custom-columns="NAMESPACE:.metadata.namespace,NAME:.metadata.name" --no-headers | \ 9 | grep -E 'repo[0-9]+-(diff|full|incr)$' | \ 10 | xargs -n2 sh -c 'kubectl patch cronjob $1 -n $0 --type=merge -p "{\"spec\": {\"successfulJobsHistoryLimit\": 0}}"' 11 | ``` 12 | 13 | ### Boostraping new cluster 14 | 15 | ```yaml 16 | patches: 17 | - patch: |- 18 | - op: remove 19 | path: /spec/dataSource 20 | target: 21 | kind: PostgresCluster 22 | ``` 23 | -------------------------------------------------------------------------------- /kubernetes/components/postgres/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1alpha1 4 | kind: Component 5 | resources: 6 | - ./cluster.yaml 7 | - ./externalsecret.yaml 8 | - ./podmonitor.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/components/volsync/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1alpha1 4 | kind: Component 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./pvc.yaml 8 | - ./replicationdestination.yaml 9 | - ./replicationsource.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/components/volsync/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: "${CLAIM:=${APP}}" 6 | labels: 7 | app.kubernetes.io/name: "${APP}" 8 | spec: 9 | accessModes: ["${VOLSYNC_ACCESSMODES:=ReadWriteOnce}"] 10 | dataSourceRef: 11 | kind: ReplicationDestination 12 | apiGroup: volsync.backube 13 | name: "${APP}-dst" 14 | resources: 15 | requests: 16 | storage: "${VOLSYNC_CAPACITY:=2Gi}" 17 | storageClassName: "${PVC_VOLSYNC_STORAGECLASS:=ceph-block}" 18 | -------------------------------------------------------------------------------- /talos/test/controlplane/citlali.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | machine: 3 | disks: 4 | - device: /dev/nvme0n1 5 | partitions: [{ mountpoint: var/lib/csi-local-hostpath }] 6 | install: 7 | disk: /dev/sda 8 | network: 9 | hostname: celestia 10 | interfaces: 11 | - # 1G 12 | - deviceSelector: 13 | hardwareAddr: 7c:83:34:b6:6a:2a 14 | mtu: 1500 15 | dhcp: true 16 | nodeLabels: 17 | topology.kubernetes.io/zone: m 18 | -------------------------------------------------------------------------------- /talos/utility/controlplane/celestia.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | machine: 3 | disks: 4 | - device: /dev/disk/by-id/nvme-WD_BLACK_SN770_1TB_230314800616 5 | partitions: [{ mountpoint: /var/mnt/extra }] 6 | install: 7 | disk: /dev/sda 8 | network: 9 | hostname: celestia 10 | nodeLabels: 11 | topology.kubernetes.io/zone: m 12 | -------------------------------------------------------------------------------- /talos/utility/schematic.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | customization: 3 | extraKernelArgs: 4 | - -init_on_alloc # Less security, faster puter 5 | - -selinux # Less security, faster puter 6 | - apparmor=0 # Less security, faster puter 7 | - init_on_alloc=0 # Less security, faster puter 8 | - init_on_free=0 # Less security, faster puter 9 | - mitigations=off # Less security, faster puter 10 | - security=none # Less security, faster puter 11 | - talos.auditd.disabled=1 # Less security, faster puter 12 | 13 | systemExtensions: 14 | officialExtensions: 15 | - siderolabs/amd-ucode 16 | -------------------------------------------------------------------------------- /terraform/authentik/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "terraform-state" 4 | key = "authentik/authentik.tfstate" 5 | region = "main" # Region validation will be skipped 6 | 7 | endpoints = { 8 | s3 = "https://s3.jory.dev" # Minio endpoint 9 | } 10 | 11 | skip_credentials_validation = true 12 | skip_requesting_account_id = true 13 | skip_metadata_api_check = true 14 | skip_region_validation = true 15 | use_path_style = true 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /terraform/authentik/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | authentik = { 4 | source = "goauthentik/authentik" 5 | version = "2025.4.0" 6 | } 7 | 8 | onepassword = { 9 | source = "1Password/onepassword" 10 | version = "2.1.2" 11 | } 12 | } 13 | } 14 | 15 | provider "onepassword" { 16 | url = var.OP_CONNECT_HOST 17 | token = var.OP_CONNECT_TOKEN 18 | } 19 | 20 | module "onepassword_authentik" { 21 | source = "github.com/joryirving/terraform-1password-item" 22 | vault = "Kubernetes" 23 | item = "authentik" 24 | } 25 | 26 | provider "authentik" { 27 | url = "https://sso.${var.CLUSTER_DOMAIN}" 28 | token = module.onepassword_authentik.fields["AUTHENTIK_TOKEN"] 29 | } 30 | -------------------------------------------------------------------------------- /terraform/authentik/scopes.tf: -------------------------------------------------------------------------------- 1 | ## OAuth scopes 2 | data "authentik_property_mapping_provider_scope" "oauth2" { 3 | managed_list = [ 4 | "goauthentik.io/providers/oauth2/scope-openid", 5 | "goauthentik.io/providers/oauth2/scope-email", 6 | "goauthentik.io/providers/oauth2/scope-profile" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /terraform/authentik/variables.tf: -------------------------------------------------------------------------------- 1 | variable "OP_CONNECT_HOST" { 2 | type = string 3 | description = "Oneopass Connect URL" 4 | } 5 | 6 | variable "OP_CONNECT_TOKEN" { 7 | type = string 8 | description = "The path to the service account JSON for OnePassword." 9 | sensitive = true 10 | default = null 11 | } 12 | 13 | variable "CLUSTER_DOMAIN" { 14 | type = string 15 | description = "Domain for Authentik" 16 | default = "jory.dev" 17 | } 18 | -------------------------------------------------------------------------------- /terraform/minio/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "terraform-state" 4 | key = "minio/minio.tfstate" 5 | region = "main" # Region validation will be skipped 6 | 7 | endpoints = { 8 | s3 = "https://s3.jory.dev" # Minio endpoint 9 | } 10 | 11 | skip_credentials_validation = true 12 | skip_requesting_account_id = true 13 | skip_metadata_api_check = true 14 | skip_region_validation = true 15 | use_path_style = true 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /terraform/minio/buckets.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | buckets = [ 3 | "postgresql", 4 | "volsync" 5 | ] 6 | } 7 | 8 | module "buckets" { 9 | for_each = toset(local.buckets) 10 | source = "./modules/minio" 11 | bucket_name = each.key 12 | user_name = random_password.user_name[each.key].result 13 | user_secret = random_password.user_secret[each.key].result 14 | 15 | providers = { 16 | minio = minio 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /terraform/minio/modules/create-secret/main.tf: -------------------------------------------------------------------------------- 1 | resource "onepassword_item" "item" { 2 | vault = var.onepassword_vault 3 | title = var.name 4 | category = "login" 5 | username = var.username 6 | password = var.password 7 | 8 | section { 9 | label = "Token for ${var.name}" 10 | field { 11 | label = "AWS_ACCESS_KEY_ID" 12 | type = "STRING" 13 | value = var.username 14 | } 15 | field { 16 | label = "AWS_SECRET_ACCESS_KEY" 17 | type = "CONCEALED" 18 | value = var.password 19 | } 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /terraform/minio/modules/create-secret/output.tf: -------------------------------------------------------------------------------- 1 | output "id" { 2 | value = onepassword_item.item.uuid 3 | } 4 | -------------------------------------------------------------------------------- /terraform/minio/modules/create-secret/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | onepassword = { 4 | source = "1Password/onepassword" 5 | version = "2.1.2" 6 | } 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /terraform/minio/modules/create-secret/variables.tf: -------------------------------------------------------------------------------- 1 | variable "name" { 2 | type = string 3 | description = "Secret name" 4 | } 5 | 6 | variable "username" { 7 | type = string 8 | description = "Secret username" 9 | } 10 | 11 | variable "password" { 12 | type = string 13 | description = "Secret password" 14 | } 15 | 16 | variable "onepassword_vault" { 17 | type = string 18 | description = "Name of the 1password vault" 19 | } 20 | -------------------------------------------------------------------------------- /terraform/minio/modules/minio/variables.tf: -------------------------------------------------------------------------------- 1 | variable "bucket_name" { 2 | type = string 3 | } 4 | 5 | variable "user_name" { 6 | type = string 7 | sensitive = true 8 | } 9 | 10 | variable "user_secret" { 11 | type = string 12 | sensitive = true 13 | } 14 | -------------------------------------------------------------------------------- /terraform/minio/outputs.tf: -------------------------------------------------------------------------------- 1 | output "secrets" { 2 | value = module.secrets 3 | } 4 | -------------------------------------------------------------------------------- /terraform/minio/secrets.tf: -------------------------------------------------------------------------------- 1 | module "secrets" { 2 | for_each = toset(local.buckets) 3 | source = "./modules/create-secret" 4 | name = "${each.key}-bucket" 5 | username = random_password.user_name[each.key].result 6 | password = random_password.user_secret[each.key].result 7 | onepassword_vault = data.onepassword_vault.kubernetes.uuid 8 | } 9 | -------------------------------------------------------------------------------- /terraform/minio/usernames.tf: -------------------------------------------------------------------------------- 1 | resource "random_password" "user_name" { 2 | for_each = toset(local.buckets) 3 | length = 32 4 | special = false 5 | } 6 | 7 | resource "random_password" "user_secret" { 8 | for_each = toset(local.buckets) 9 | length = 32 10 | } 11 | -------------------------------------------------------------------------------- /terraform/minio/variables.tf: -------------------------------------------------------------------------------- 1 | variable "OP_CONNECT_HOST" { 2 | type = string 3 | description = "Oneopass Connect URL" 4 | } 5 | 6 | variable "OP_CONNECT_TOKEN" { 7 | type = string 8 | description = "The path to the service account JSON for OnePassword." 9 | sensitive = true 10 | default = null 11 | } 12 | 13 | variable "MINIO_URL" { 14 | type = string 15 | description = "Minio Server URL" 16 | default = "s3.jory.dev" 17 | } 18 | --------------------------------------------------------------------------------