├── .gitmodules ├── .gitignore ├── kubernetes ├── apps │ ├── home-assistant │ │ ├── app │ │ │ ├── init │ │ │ │ ├── scenes.yaml │ │ │ │ ├── scripts.yaml │ │ │ │ ├── secrets.yaml │ │ │ │ ├── automations.yaml │ │ │ │ └── configuration.yaml │ │ │ └── kustomization.yaml │ │ ├── README.md │ │ └── ks.yaml │ ├── README.md │ ├── wiki │ │ ├── README.md │ │ ├── app │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── scrutiny │ │ ├── README.md │ │ ├── app │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── it-tools │ │ ├── README.md │ │ ├── app │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── excalidraw │ │ ├── README.md │ │ ├── app │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── manyfold │ │ ├── README.md │ │ ├── app │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── kubetail │ │ ├── README.md │ │ ├── app │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── cyberchef │ │ ├── README.md │ │ ├── app │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── gitea │ │ ├── README.md │ │ ├── app │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── syncify │ │ ├── README.md │ │ ├── app │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── image-puller │ │ ├── README.md │ │ ├── app │ │ │ ├── kustomization.yaml │ │ │ └── app.yaml │ │ └── ks.yaml │ ├── lubelogger │ │ ├── README.md │ │ ├── app │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── miniflux │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── README.md │ │ └── ks.yaml │ ├── ncps │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── ks.yaml │ │ └── README.md │ ├── telegraf │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── README.md │ │ └── ks.yaml │ ├── watcharr │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── README.md │ │ └── ks.yaml │ ├── esp-dashboard │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── ks.yaml │ │ └── README.md │ ├── gitea-runner │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── README.md │ │ └── ks.yaml │ ├── netboot-xyz │ │ ├── app │ │ │ ├── kustomization.yaml │ │ │ └── app.yaml │ │ ├── ks.yaml │ │ └── README.md │ ├── omni-tools │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── README.md │ │ └── ks.yaml │ ├── qbittorrent │ │ ├── README.md │ │ ├── app │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── searxng │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── README.md │ │ └── ks.yaml │ ├── solaredge │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── README.md │ │ └── ks.yaml │ ├── immich │ │ ├── README.md │ │ ├── app │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── influxdb2 │ │ ├── extensions │ │ │ ├── kustomization.yaml │ │ │ └── app.yaml │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── README.md │ │ └── ks.yaml │ ├── monerod │ │ ├── README.md │ │ ├── app │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── vikunja │ │ ├── README.md │ │ ├── app │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── network-share │ │ ├── services │ │ │ └── kustomization.yaml │ │ ├── storage │ │ │ ├── kustomization.yaml │ │ │ └── storage-class.yaml │ │ ├── README.md │ │ └── ks.yaml │ ├── tailscale │ │ ├── operator │ │ │ ├── kustomization.yaml │ │ │ └── operator.yaml │ │ ├── cleanup │ │ │ ├── kustomization.yaml │ │ │ └── tailscale-cleanup.yaml │ │ ├── README.md │ │ └── ks.yaml │ ├── vault │ │ ├── autounseal │ │ │ ├── kustomization.yaml │ │ │ └── app.yaml │ │ ├── app │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── stirling-pdf │ │ ├── README.md │ │ ├── app │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── vpn-diagnose │ │ ├── app │ │ │ ├── kustomization.yaml │ │ │ ├── diagnose-vpn.yaml │ │ │ └── diagnose-network-policy.yaml │ │ ├── README.md │ │ └── ks.yaml │ ├── pgadmin │ │ ├── README.md │ │ ├── app │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── readeck │ │ ├── README.md │ │ ├── app │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── linkwarden │ │ ├── README.md │ │ ├── app │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── syncthing │ │ ├── README.md │ │ ├── app │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── bitcoind │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── README.md │ │ └── ks.yaml │ ├── jellyfin │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── README.md │ │ └── ks.yaml │ ├── nodered │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── ks.yaml │ │ └── README.md │ ├── open-webui │ │ ├── README.md │ │ ├── app │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── paperless │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── README.md │ │ └── ks.yaml │ ├── wg-easy │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── README.md │ │ └── ks.yaml │ ├── jdownloader │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── README.md │ │ └── ks.yaml │ ├── jellyseerr │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── ks.yaml │ │ └── README.md │ ├── mail-archiver │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── README.md │ │ └── ks.yaml │ ├── mealie │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── README.md │ │ └── ks.yaml │ ├── paperless-ai │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── README.md │ │ └── ks.yaml │ ├── uptime-kuma │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── ks.yaml │ │ └── README.md │ ├── vaultwarden │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── ks.yaml │ │ └── README.md │ ├── zigbee2mqtt │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── ks.yaml │ │ └── README.md │ ├── email2signal │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── ks.yaml │ │ └── README.md │ ├── vpn-gateway │ │ ├── operator │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── mosquitto │ │ ├── README.md │ │ ├── app │ │ │ ├── config │ │ │ │ └── mosquitto.conf │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── grafana │ │ ├── README.md │ │ ├── ks.yaml │ │ └── app │ │ │ └── kustomization.yaml │ ├── unifi │ │ ├── ks.yaml │ │ ├── app │ │ │ ├── kustomization.yaml │ │ │ └── unifi-udp-discovery.yaml │ │ └── README.md │ └── nzbget │ │ ├── app │ │ ├── kustomization.yaml │ │ └── scripts │ │ │ └── GetPw.py │ │ ├── ks.yaml │ │ └── README.md ├── flux │ ├── README.md │ ├── sources.yaml │ ├── namespaces.yaml │ └── config.yaml ├── sources │ ├── README.md │ ├── kustomization.yaml │ └── helm │ │ └── charts │ │ ├── cilium-charts.yaml │ │ ├── drone-charts.yaml │ │ ├── harbor-charts.yaml │ │ ├── k8tz-charts.yaml │ │ ├── runix-charts.yaml │ │ ├── gitea-charts.yaml │ │ ├── rke2-charts.yaml │ │ ├── authelia-charts.yaml │ │ ├── coredns-charts.yaml │ │ ├── jetstack-charts.yaml │ │ ├── piraeus-charts.yaml │ │ ├── traefik-charts.yaml │ │ ├── angelnu-charts.yaml │ │ ├── authentik-charts.yaml │ │ ├── bjw-s-charts.yaml │ │ ├── cnpg-charts.yaml │ │ ├── grafana-charts.yaml │ │ ├── influxdata-charts.yaml │ │ ├── kyverno-charts.yaml │ │ ├── open-webui-charts.yaml │ │ ├── backube-charts.yaml │ │ ├── fairwinds-charts.yaml │ │ ├── hashicorp-charts.yaml │ │ ├── kube-vip-charts.yaml │ │ ├── minio-operator-charts.yaml │ │ ├── nvidia-charts.yaml │ │ ├── tailscale-charts.yaml │ │ ├── kubetail-charts.yaml │ │ ├── stakater-charts.yaml │ │ ├── zfs-localpv-charts.yaml │ │ ├── xenitab-charts.yaml │ │ ├── democratic-csi-charts.yaml │ │ ├── external-dns-charts.yaml │ │ ├── metrics-server-charts.yaml │ │ ├── vault-autounseal-charts.yaml │ │ ├── prometheus-community-charts.yaml │ │ ├── controlplaneio-fluxcd-charts.yaml │ │ ├── harbor-container-webhook-charts.yaml │ │ └── csi-driver-nfs-charts.yaml ├── templates │ ├── README.md │ ├── volsync-pvc │ │ ├── kustomization.yaml │ │ ├── pvc.yaml │ │ ├── replication-destination.yaml │ │ └── restric-credentials.yaml │ └── postgres │ │ ├── postgresql-cluster-superuser.yaml │ │ ├── postgresql-backup.yaml │ │ ├── kustomization.yaml │ │ ├── postgresql-backup-credentials.yaml │ │ ├── postgresql-cluster-credentials.yaml │ │ └── postgresql-app-credentials.yaml ├── core │ ├── networking │ │ ├── coredns │ │ │ ├── README.md │ │ │ ├── app │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── helm-release.yaml │ │ │ └── ks.yaml │ │ ├── multus │ │ │ ├── networks │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── README.md │ │ │ │ └── networks.yaml │ │ │ ├── operator │ │ │ │ ├── kustomization.yaml │ │ │ │ └── helm-release.yaml │ │ │ ├── README.md │ │ │ └── ks.yaml │ │ ├── cert-manager │ │ │ ├── issuer │ │ │ │ ├── kustomization.yaml │ │ │ │ └── cluster-issuer.yaml │ │ │ ├── operator │ │ │ │ ├── kustomization.yaml │ │ │ │ └── helm-release.yaml │ │ │ ├── README.md │ │ │ └── ks.yaml │ │ ├── traefik │ │ │ ├── crds │ │ │ │ ├── kustomization.yaml │ │ │ │ └── crds.yaml │ │ │ ├── operator │ │ │ │ └── kustomization.yaml │ │ │ ├── settings │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── dashboard.yaml │ │ │ │ ├── midleware-rfc1918.yaml │ │ │ │ └── default-tls-store.yaml │ │ │ ├── README.md │ │ │ └── ks.yaml │ │ ├── kube-vip │ │ │ ├── operator │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── cilium │ │ │ ├── operator │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── helm-values.yaml │ │ │ ├── ks.yaml │ │ │ └── README.md │ │ ├── external-dns │ │ │ ├── operator │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ └── kustomization.yaml │ ├── gitops │ │ ├── flux-instance │ │ │ ├── README.md │ │ │ ├── app │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── helm-release.yaml │ │ │ └── ks.yaml │ │ ├── flux-operator │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── helm-release.yaml │ │ │ ├── ks.yaml │ │ │ └── README.md │ │ └── kustomization.yaml │ ├── README.md │ ├── database │ │ ├── kustomization.yaml │ │ └── postgres │ │ │ ├── config │ │ │ ├── kustomization.yaml │ │ │ └── image-catalog.yaml │ │ │ ├── operator │ │ │ ├── kustomization.yaml │ │ │ └── helm-release.yaml │ │ │ ├── README.md │ │ │ └── ks.yaml │ ├── backup │ │ ├── kustomization.yaml │ │ └── volsync │ │ │ ├── operator │ │ │ ├── kustomization.yaml │ │ │ ├── prometheus-rule.yaml │ │ │ └── helm-release.yaml │ │ │ ├── ks.yaml │ │ │ └── README.md │ ├── system │ │ ├── kustomization.yaml │ │ └── reloader │ │ │ ├── app │ │ │ ├── kustomization.yaml │ │ │ └── helm-release.yaml │ │ │ ├── README.md │ │ │ └── ks.yaml │ ├── storage │ │ ├── minio │ │ │ ├── external │ │ │ │ ├── kustomization.yaml │ │ │ │ └── external-minio.yaml │ │ │ ├── ks.yaml │ │ │ └── README.md │ │ ├── csi-driver-nfs │ │ │ ├── operator │ │ │ │ ├── kustomization.yaml │ │ │ │ └── helm-release.yaml │ │ │ ├── README.md │ │ │ └── ks.yaml │ │ ├── zfs-localpv │ │ │ ├── volume │ │ │ │ └── kustomization.yaml │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── helmrelease.yaml │ │ │ ├── README.md │ │ │ └── ks.yaml │ │ ├── local-hostpath │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ ├── ks.yaml │ │ │ └── README.md │ │ └── kustomization.yaml │ ├── monitoring │ │ ├── prometheus-stack │ │ │ ├── crds │ │ │ │ └── kustomization.yaml │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ ├── README.md │ │ │ └── ks.yaml │ │ ├── metrics-server │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── helm-release.yaml │ │ │ ├── README.md │ │ │ └── ks.yaml │ │ └── kustomization.yaml │ ├── authentication │ │ ├── kustomization.yaml │ │ ├── pocket-id │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ ├── README.md │ │ │ └── ks.yaml │ │ └── tinyauth │ │ │ ├── app │ │ │ ├── kustomization.yaml │ │ │ └── midleware-tinyauth.yaml │ │ │ ├── README.md │ │ │ └── ks.yaml │ └── kustomization.yaml ├── suspended │ ├── maybe │ │ ├── README.md │ │ ├── app │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── navidrome │ │ ├── README.md │ │ ├── app │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── actual │ │ ├── README.md │ │ ├── app │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── bisq │ │ ├── README.md │ │ ├── app │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── rw-markable │ │ ├── README.md │ │ ├── app │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── harbor │ │ ├── webhook │ │ │ ├── kustomization.yaml │ │ │ └── app.yaml │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── ks.yaml │ │ └── README.md │ ├── jellyplist │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── README.md │ │ └── ks.yaml │ ├── kestra │ │ ├── README.md │ │ ├── app │ │ │ ├── kustomization.yaml │ │ │ └── helm-release.yaml │ │ └── ks.yaml │ ├── mqttx-web │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── README.md │ │ └── ks.yaml │ ├── perplexica │ │ ├── README.md │ │ ├── app │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── bisq2 │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── README.md │ │ └── ks.yaml │ ├── fresh-rss │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── README.md │ │ └── ks.yaml │ ├── watch-your-lan │ │ ├── README.md │ │ ├── app │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── donetick │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── README.md │ │ └── ks.yaml │ ├── vpn-browser │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── README.md │ │ └── ks.yaml │ ├── changedetection │ │ ├── app │ │ │ └── kustomization.yaml │ │ ├── ks.yaml │ │ └── README.md │ ├── README.md │ └── attic │ │ ├── app │ │ └── kustomization.yaml │ │ ├── ks.yaml │ │ └── README.md ├── namespaces │ ├── README.md │ ├── resources │ │ ├── system.yaml │ │ ├── database.yaml │ │ ├── storage.yaml │ │ ├── vpn-apps.yaml │ │ ├── apps.yaml │ │ ├── flux-system.yaml │ │ ├── networking.yaml │ │ ├── backup.yaml │ │ ├── media.yaml │ │ ├── policy.yaml │ │ ├── dashboard.yaml │ │ ├── kubevirt.yaml │ │ ├── monitoring.yaml │ │ ├── vpn-gateway.yaml │ │ ├── authentication.yaml │ │ ├── minio-operator.yaml │ │ ├── notification.yaml │ │ └── home-automation.yaml │ └── kustomization.yaml └── config │ ├── settings │ └── flux.yaml │ ├── kustomization.yaml │ └── certs │ └── ks.yaml ├── docs ├── images │ ├── logo.png │ └── split.png ├── Notes.md ├── Maintenance.md └── Hardware.md ├── .sops.yaml ├── .gitea └── workflows │ ├── nix-cache.yaml │ └── pull-images.py ├── systems └── x86_64-linux │ └── supermicro-k3s │ └── home.nix └── LICENSE /.gitmodules: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | keys/ 2 | result 3 | -------------------------------------------------------------------------------- /kubernetes/apps/home-assistant/app/init/scenes.yaml: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /kubernetes/apps/home-assistant/app/init/scripts.yaml: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /kubernetes/apps/home-assistant/app/init/secrets.yaml: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /kubernetes/apps/home-assistant/app/init/automations.yaml: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /kubernetes/apps/README.md: -------------------------------------------------------------------------------- 1 | # Apps 2 | 3 | My selfhosted applications. 4 | -------------------------------------------------------------------------------- /kubernetes/flux/README.md: -------------------------------------------------------------------------------- 1 | # Flux 2 | 3 | The entry point for flux. 4 | -------------------------------------------------------------------------------- /kubernetes/sources/README.md: -------------------------------------------------------------------------------- 1 | # Sources 2 | 3 | Helm Chart Sources. 4 | -------------------------------------------------------------------------------- /docs/images/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niki-on-github/nixos-k3s/HEAD/docs/images/logo.png -------------------------------------------------------------------------------- /docs/images/split.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/niki-on-github/nixos-k3s/HEAD/docs/images/split.png -------------------------------------------------------------------------------- /kubernetes/templates/README.md: -------------------------------------------------------------------------------- 1 | # Templates 2 | 3 | My resource templates to simplify application deployment. 4 | -------------------------------------------------------------------------------- /kubernetes/core/networking/coredns/README.md: -------------------------------------------------------------------------------- 1 | # [coredns](https://coredns.io/) 2 | 3 | CoreDNS is a fast and flexible DNS server. 4 | -------------------------------------------------------------------------------- /kubernetes/apps/wiki/README.md: -------------------------------------------------------------------------------- 1 | # Wiki with [Hugo](https://gohugo.io/) 2 | 3 | Hugo is a popular open source static site generator. 4 | -------------------------------------------------------------------------------- /kubernetes/core/gitops/flux-instance/README.md: -------------------------------------------------------------------------------- 1 | # Flux Instance 2 | 3 | This defines the gitops repo to sync. Requires flux-operator. 4 | -------------------------------------------------------------------------------- /kubernetes/sources/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - helm 5 | -------------------------------------------------------------------------------- /kubernetes/suspended/maybe/README.md: -------------------------------------------------------------------------------- 1 | # [maybe](https://github.com/maybe-finance/maybe) 2 | 3 | The OS for your personal finances. 4 | -------------------------------------------------------------------------------- /kubernetes/suspended/navidrome/README.md: -------------------------------------------------------------------------------- 1 | # Navidrome 2 | 3 | Navidrome is an open source web-based music collection server and streamer. -------------------------------------------------------------------------------- /kubernetes/apps/scrutiny/README.md: -------------------------------------------------------------------------------- 1 | # [scrutiny](https://github.com/AnalogJ/scrutiny) 2 | 3 | WebUI for smartd S.M.A.R.T monitoring. 4 | 5 | -------------------------------------------------------------------------------- /kubernetes/apps/it-tools/README.md: -------------------------------------------------------------------------------- 1 | # [IT-Tools](https://github.com/CorentinTh/it-tools) 2 | 3 | Useful tools for developer in a single web ui. 4 | -------------------------------------------------------------------------------- /kubernetes/core/README.md: -------------------------------------------------------------------------------- 1 | # Core 2 | 3 | These are components that are essential for my applications. They form the base layer of the cluster. 4 | -------------------------------------------------------------------------------- /kubernetes/suspended/actual/README.md: -------------------------------------------------------------------------------- 1 | # [Actual](https://actualbudget.com/) 2 | 3 | Actual is a privacy-focused app for managing your finances. 4 | -------------------------------------------------------------------------------- /.sops.yaml: -------------------------------------------------------------------------------- 1 | creation_rules: 2 | - encrypted_regex: '^(data|stringData)$' 3 | age: age1gs9p9vc308c5kkd3n90mwevjqpzdt5pw4nz429t09cade6k3a54sfndtdv 4 | -------------------------------------------------------------------------------- /kubernetes/core/database/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - postgres/ks.yaml 5 | -------------------------------------------------------------------------------- /kubernetes/suspended/bisq/README.md: -------------------------------------------------------------------------------- 1 | # [Bisq](https://github.com/niki-on-github/bisq-container) 2 | 3 | A decentralized bitcoin exchange network. 4 | -------------------------------------------------------------------------------- /kubernetes/apps/excalidraw/README.md: -------------------------------------------------------------------------------- 1 | # [Excalidraw](https://github.com/excalidraw/excalidraw) 2 | 3 | An open source virtual hand-drawn style whiteboard. 4 | -------------------------------------------------------------------------------- /kubernetes/apps/manyfold/README.md: -------------------------------------------------------------------------------- 1 | # [Manyfold](https://github.com/manyfold3d/manyfold) 2 | 3 | A self-hosted digital asset manager for 3d print files. 4 | -------------------------------------------------------------------------------- /kubernetes/core/backup/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - volsync/ks.yaml 5 | 6 | -------------------------------------------------------------------------------- /kubernetes/apps/kubetail/README.md: -------------------------------------------------------------------------------- 1 | # [Kubetail](https://github.com/kubetail-org/kubetail) 2 | 3 | Kubetail is a real-time logging dashboard for Kubernetes. 4 | -------------------------------------------------------------------------------- /kubernetes/core/system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - reloader/ks.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/cyberchef/README.md: -------------------------------------------------------------------------------- 1 | # [CyberChef](https://github.com/gchq/CyberChef) 2 | 3 | A web app for encryption, encoding, compression and data analysis. 4 | -------------------------------------------------------------------------------- /kubernetes/apps/gitea/README.md: -------------------------------------------------------------------------------- 1 | # [Gitea](https://about.gitea.com/) 2 | 3 | Gitea is an open-source painless self-hosted git service with low resource consumption. 4 | -------------------------------------------------------------------------------- /kubernetes/apps/syncify/README.md: -------------------------------------------------------------------------------- 1 | # [Syncify](https://github.com/TheWicklowWolf/Syncify) 2 | 3 | Download Spotify or YouTube playlists on a schedule via yt-dlp. 4 | -------------------------------------------------------------------------------- /kubernetes/core/networking/multus/networks/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - networks.yaml 5 | -------------------------------------------------------------------------------- /kubernetes/suspended/rw-markable/README.md: -------------------------------------------------------------------------------- 1 | # [rwMarkable](https://github.com/fccview/rwMarkable) 2 | 3 | A simple, self-hosted app for your checklists and notes. 4 | -------------------------------------------------------------------------------- /kubernetes/core/gitops/flux-operator/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - helm-release.yaml 5 | -------------------------------------------------------------------------------- /kubernetes/core/networking/multus/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - helm-release.yaml 5 | -------------------------------------------------------------------------------- /kubernetes/core/storage/minio/external/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - external-minio.yaml 5 | -------------------------------------------------------------------------------- /kubernetes/apps/image-puller/README.md: -------------------------------------------------------------------------------- 1 | # [Container Image Puller](https://github.com/niki-on-github/container-image-puller) 2 | 3 | Simple API to pull container images. 4 | 5 | -------------------------------------------------------------------------------- /kubernetes/apps/lubelogger/README.md: -------------------------------------------------------------------------------- 1 | # [LubeLogger](https://github.com/hargata/lubelog) 2 | 3 | LubeLogger is a web-based vehicle maintenance and fuel mileage tracker. 4 | 5 | -------------------------------------------------------------------------------- /kubernetes/core/monitoring/prometheus-stack/crds/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ./crds.yaml 5 | -------------------------------------------------------------------------------- /kubernetes/core/networking/cert-manager/issuer/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - cluster-issuer.yaml 5 | -------------------------------------------------------------------------------- /kubernetes/core/networking/cert-manager/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - helm-release.yaml 5 | -------------------------------------------------------------------------------- /kubernetes/apps/it-tools/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - app.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/kubetail/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - app.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/miniflux/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - app.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/ncps/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - app.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/telegraf/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - app.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/watcharr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - app.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/wiki/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - app.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/core/monitoring/prometheus-stack/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - helm-release.yaml 5 | -------------------------------------------------------------------------------- /kubernetes/apps/cyberchef/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - app.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/esp-dashboard/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - app.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/excalidraw/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - app.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/gitea-runner/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - app.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/image-puller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - app.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/netboot-xyz/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - app.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/omni-tools/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - app.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/qbittorrent/README.md: -------------------------------------------------------------------------------- 1 | # [qBittorrent](https://www.qbittorrent.org/) 2 | 3 | Bittorrent is a free file sharing program written in C++ for the BitTorrent protocol. 4 | 5 | -------------------------------------------------------------------------------- /kubernetes/apps/searxng/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - app.yaml 6 | 7 | -------------------------------------------------------------------------------- /kubernetes/apps/solaredge/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - app.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/core/monitoring/metrics-server/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/core/storage/csi-driver-nfs/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/immich/README.md: -------------------------------------------------------------------------------- 1 | # [immich](https://immich.app/) 2 | 3 | Self-hosted photo and video management solution. 4 | 5 | ## Users 6 | 7 | - `admin@k8s.lan` 8 | - `phone@k8s.lan` 9 | -------------------------------------------------------------------------------- /kubernetes/apps/influxdb2/extensions/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - app.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/monerod/README.md: -------------------------------------------------------------------------------- 1 | # [Monerod](https://github.com/sethforprivacy/simple-monerod-docker) 2 | 3 | A simple and straightforward Dockerized monerod exposing standard rpc port. 4 | -------------------------------------------------------------------------------- /kubernetes/apps/vikunja/README.md: -------------------------------------------------------------------------------- 1 | # Vikunja 2 | 3 | Vikunja is a open source, self hosted to-do portal with a bunch of awesome features like email reminders, category tags, notes and more. -------------------------------------------------------------------------------- /kubernetes/core/gitops/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - flux-operator/ks.yaml 5 | - flux-instance/ks.yaml 6 | 7 | -------------------------------------------------------------------------------- /kubernetes/core/storage/zfs-localpv/volume/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: storage 4 | resources: 5 | - ./volume.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/suspended/harbor/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - app.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/suspended/jellyplist/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - app.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/network-share/services/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - services.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/tailscale/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - operator.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/vault/autounseal/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: ${APP_NAMESPACE} 5 | resources: 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/core/authentication/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - tinyauth/ks.yaml 6 | - pocket-id/ks.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/core/monitoring/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - metrics-server/ks.yaml 5 | - prometheus-stack/ks.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/core/storage/local-hostpath/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: storage 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/core/storage/zfs-localpv/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: storage 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/suspended/kestra/README.md: -------------------------------------------------------------------------------- 1 | # [kestra](https://kestra.io) 2 | 3 | Unify orchestration for all engineers. Build and govern all your workflows — Everything-as-Code, and from the UI. 4 | -------------------------------------------------------------------------------- /kubernetes/suspended/mqttx-web/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - app.yaml 6 | 7 | -------------------------------------------------------------------------------- /kubernetes/apps/network-share/storage/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - storage-class.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/tailscale/cleanup/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - tailscale-cleanup.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/core/networking/multus/README.md: -------------------------------------------------------------------------------- 1 | # [Multus-CNI](https://github.com/k8snetworkplumbingwg/multus-cni) 2 | 3 | Multus CNI enables attaching multiple network interfaces to pods in Kubernetes. 4 | -------------------------------------------------------------------------------- /kubernetes/core/networking/traefik/crds/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: networking 5 | resources: 6 | - crds.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/core/system/reloader/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: system 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/suspended/kestra/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: system 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/solaredge/README.md: -------------------------------------------------------------------------------- 1 | # [SolarEdge Modbus REST API](https://github.com/niki-on-github/solaredge-modbus-rest-api) 2 | 3 | SolarEdge Modbus data collection library for my home-automation. 4 | -------------------------------------------------------------------------------- /kubernetes/apps/stirling-pdf/README.md: -------------------------------------------------------------------------------- 1 | # [Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF) 2 | 3 | Locally hosted web application that allows you to perform various operations on PDF files. 4 | -------------------------------------------------------------------------------- /kubernetes/apps/vpn-diagnose/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - diagnose-network-policy.yaml 5 | - diagnose-vpn.yaml 6 | 7 | -------------------------------------------------------------------------------- /kubernetes/core/backup/volsync/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | - prometheus-rule.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/suspended/perplexica/README.md: -------------------------------------------------------------------------------- 1 | # [Perplexica](https://github.com/ItzCrazyKns/Perplexica) 2 | 3 | Perplexica is an AI-powered search engine. It is an Open source alternative to Perplexity AI. 4 | -------------------------------------------------------------------------------- /docs/Notes.md: -------------------------------------------------------------------------------- 1 | # Notes 2 | 3 | ## CPU Limits and Requests 4 | 5 | - When setting limit always set requests because Kubernetes automatically setss the requests to the limit if no requests value was specified! 6 | -------------------------------------------------------------------------------- /kubernetes/apps/pgadmin/README.md: -------------------------------------------------------------------------------- 1 | # [pgadmin4](https://github.com/pgadmin-org/pgadmin4) 2 | 3 | pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL. 4 | -------------------------------------------------------------------------------- /kubernetes/apps/readeck/README.md: -------------------------------------------------------------------------------- 1 | # [Readeck](https://readeck.org/) 2 | 3 | Readeck is a simple web application that lets you save the precious readable content of web pages you like and want to keep forever. 4 | -------------------------------------------------------------------------------- /kubernetes/core/database/postgres/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: database 5 | resources: 6 | - image-catalog.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/core/database/postgres/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: database 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/gitea-runner/README.md: -------------------------------------------------------------------------------- 1 | # [Gitea Act Runner](https://github.com/vegardit/docker-gitea-act-runner) 2 | 3 | Docker image based on `debian:stable-slim` with Gitea's act_runner as a Docker container. 4 | -------------------------------------------------------------------------------- /kubernetes/apps/linkwarden/README.md: -------------------------------------------------------------------------------- 1 | # [linkwarden](https://github.com/linkwarden/linkwarden) 2 | 3 | Self-hosted collaborative bookmark manager to collect, organize, and preserve webpages, articles, and more. 4 | -------------------------------------------------------------------------------- /kubernetes/apps/syncthing/README.md: -------------------------------------------------------------------------------- 1 | # Syncthing 2 | 3 | Syncthing is a continuous file synchronization program. It synchronizes files between two or more computers in real time, safely protected from prying eyes. 4 | -------------------------------------------------------------------------------- /kubernetes/core/networking/kube-vip/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: networking 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/core/networking/traefik/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: networking 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/bitcoind/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/gitea/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/immich/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/influxdb2/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/jellyfin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/manyfold/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/monerod/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/nodered/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/open-webui/README.md: -------------------------------------------------------------------------------- 1 | # [ollama](https://ollama.com/) 2 | 3 | Get up and running with large language models. 4 | 5 | ## Setup 6 | 7 | Settings : Interface : UI : Show "What's New" modal on login : Off 8 | -------------------------------------------------------------------------------- /kubernetes/apps/paperless/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/readeck/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/scrutiny/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/syncify/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/syncthing/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/vault/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/vikunja/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/watcharr/README.md: -------------------------------------------------------------------------------- 1 | # [Personal Watcharr](https://github.com/niki-on-github/serien-and-movie-planer) 2 | 3 | Personal self-hosted content watch list for recently released movies and TV Shows in germany. 4 | -------------------------------------------------------------------------------- /kubernetes/apps/wg-easy/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/core/gitops/flux-instance/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/core/networking/cilium/operator/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/core/networking/coredns/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/core/networking/external-dns/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: networking 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/suspended/bisq/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/jdownloader/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: vpn-apps 5 | resources: 6 | - ../../../templates/volsync-pvc 7 | - app.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/jellyseerr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/linkwarden/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/lubelogger/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/mail-archiver/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/mealie/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | 8 | -------------------------------------------------------------------------------- /kubernetes/apps/open-webui/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/paperless-ai/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/stirling-pdf/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/uptime-kuma/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/vaultwarden/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/zigbee2mqtt/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/namespaces/README.md: -------------------------------------------------------------------------------- 1 | # k8s namespaces 2 | 3 | All my kubernetes namespaces. I put them in a separate folder and deploy them first to allow the configuration of individual cluster resources before they exists. 4 | -------------------------------------------------------------------------------- /kubernetes/suspended/actual/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/suspended/bisq2/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/suspended/fresh-rss/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/suspended/harbor/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/suspended/maybe/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/suspended/navidrome/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/suspended/watch-your-lan/README.md: -------------------------------------------------------------------------------- 1 | # [WatchYourLAN](https://github.com/aceberg/WatchYourLAN) 2 | 3 | Lightweight network IP scanner. Can be used to notify about new hosts and monitor host online/offline history. 4 | -------------------------------------------------------------------------------- /kubernetes/core/storage/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - minio/ks.yaml 5 | - local-hostpath/ks.yaml 6 | - zfs-localpv/ks.yaml 7 | - csi-driver-nfs/ks.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/suspended/donetick/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | 8 | -------------------------------------------------------------------------------- /kubernetes/suspended/perplexica/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/suspended/vpn-browser/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: vpn-apps 5 | resources: 6 | - ../../../templates/volsync-pvc 7 | - app.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/suspended/watch-your-lan/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/pgadmin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: database 5 | resources: 6 | - ../../../templates/volsync-pvc 7 | - helm-release.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/suspended/rw-markable/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | 8 | -------------------------------------------------------------------------------- /kubernetes/apps/email2signal/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: notification 5 | resources: 6 | - ../../../templates/volsync-pvc 7 | - helm-release.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/core/authentication/pocket-id/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../../templates/volsync-pvc 6 | - app.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/core/networking/coredns/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: coredns 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/core/networking/coredns/app" 8 | -------------------------------------------------------------------------------- /kubernetes/suspended/changedetection/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | 8 | -------------------------------------------------------------------------------- /kubernetes/suspended/vpn-browser/README.md: -------------------------------------------------------------------------------- 1 | # [Firefox Container](https://github.com/jlesage/docker-firefox) 2 | 3 | The firefox GUI is accessed through your system web browser or via any VNC client. All trafic is routed through the vpn. 4 | -------------------------------------------------------------------------------- /kubernetes/apps/searxng/README.md: -------------------------------------------------------------------------------- 1 | # [SearXNG](https://github.com/searxng/searxng) 2 | 3 | SearXNG is a free internet metasearch engine which aggregates results from various search services and databases. Users are neither tracked nor profiled. 4 | -------------------------------------------------------------------------------- /kubernetes/apps/vpn-gateway/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - network-policy-vpn-apps.yaml 5 | - network-policy-vpn-gateway.yaml 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/namespaces/resources/system.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: system 5 | annotations: 6 | volsync.backube/privileged-movers: "true" 7 | labels: 8 | goldilocks.fairwinds.com/enabled: "true" 9 | -------------------------------------------------------------------------------- /kubernetes/suspended/donetick/README.md: -------------------------------------------------------------------------------- 1 | # [Donetick](https://github.com/donetick/donetick) 2 | 3 | Donetick an open-source, user-friendly app for managing tasks and chores, featuring customizable options to help you and others stay organized. 4 | -------------------------------------------------------------------------------- /kubernetes/core/gitops/flux-operator/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: flux-operator 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/core/gitops/flux-operator/app" 8 | -------------------------------------------------------------------------------- /kubernetes/core/networking/kube-vip/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: kube-vip 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/core/networking/kube-vip/operator" 8 | -------------------------------------------------------------------------------- /kubernetes/namespaces/resources/database.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: database 5 | annotations: 6 | volsync.backube/privileged-movers: "true" 7 | labels: 8 | goldilocks.fairwinds.com/enabled: "true" 9 | -------------------------------------------------------------------------------- /kubernetes/namespaces/resources/storage.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: storage 5 | annotations: 6 | volsync.backube/privileged-movers: "true" 7 | labels: 8 | goldilocks.fairwinds.com/enabled: "true" 9 | -------------------------------------------------------------------------------- /kubernetes/namespaces/resources/vpn-apps.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: vpn-apps 5 | annotations: 6 | volsync.backube/privileged-movers: "true" 7 | labels: 8 | goldilocks.fairwinds.com/enabled: "true" 9 | -------------------------------------------------------------------------------- /kubernetes/apps/paperless/README.md: -------------------------------------------------------------------------------- 1 | # [Paperless-ngx](https://docs.paperless-ngx.com/) 2 | 3 | Paperless-ngx is a document management system that transforms your physical documents into a searchable online archive so you can keep, well, less paper. 4 | 5 | -------------------------------------------------------------------------------- /kubernetes/core/storage/local-hostpath/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: local-hostpath 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/core/storage/local-hostpath/app" 8 | -------------------------------------------------------------------------------- /kubernetes/namespaces/resources/apps.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: apps 5 | annotations: 6 | volsync.backube/privileged-movers: "true" 7 | labels: 8 | goldilocks.fairwinds.com/enabled: "true" 9 | 10 | -------------------------------------------------------------------------------- /kubernetes/namespaces/resources/flux-system.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: flux-system 5 | annotations: 6 | volsync.backube/privileged-movers: "true" 7 | labels: 8 | goldilocks.fairwinds.com/enabled: "true" 9 | -------------------------------------------------------------------------------- /kubernetes/namespaces/resources/networking.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: networking 5 | annotations: 6 | volsync.backube/privileged-movers: "true" 7 | labels: 8 | goldilocks.fairwinds.com/enabled: "true" 9 | -------------------------------------------------------------------------------- /kubernetes/core/monitoring/metrics-server/README.md: -------------------------------------------------------------------------------- 1 | # [Kubernetes Metrics Server](https://github.com/kubernetes-sigs/metrics-server) 2 | 3 | Metrics Server collects resource metrics from Kubelets and exposes them in Kubernetes apiserver through Metrics API. 4 | -------------------------------------------------------------------------------- /kubernetes/core/storage/csi-driver-nfs/README.md: -------------------------------------------------------------------------------- 1 | # [NFS CSI driver](https://github.com/kubernetes-csi/csi-driver-nfs) 2 | 3 | Supports dynamic provisioning of Persistent Volumes via Persistent Volume Claims by creating a new sub directory under NFS server. 4 | -------------------------------------------------------------------------------- /kubernetes/namespaces/resources/backup.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: backup 5 | annotations: 6 | volsync.backube/privileged-movers: "true" 7 | labels: 8 | goldilocks.fairwinds.com/enabled: "true" 9 | 10 | -------------------------------------------------------------------------------- /kubernetes/namespaces/resources/media.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: media 5 | annotations: 6 | volsync.backube/privileged-movers: "true" 7 | labels: 8 | goldilocks.fairwinds.com/enabled: "true" 9 | 10 | -------------------------------------------------------------------------------- /kubernetes/namespaces/resources/policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: policy 5 | annotations: 6 | volsync.backube/privileged-movers: "true" 7 | labels: 8 | goldilocks.fairwinds.com/enabled: "true" 9 | 10 | -------------------------------------------------------------------------------- /kubernetes/apps/vpn-diagnose/README.md: -------------------------------------------------------------------------------- 1 | # VPN Diagnose 2 | 3 | A [Docker container image](https://github.com/jonlabelle/docker-network-tools) with various network tools pre-installed routed inside the vpn namespace to manually check network policies and routing. 4 | -------------------------------------------------------------------------------- /kubernetes/namespaces/resources/dashboard.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: dashboard 5 | annotations: 6 | volsync.backube/privileged-movers: "true" 7 | labels: 8 | goldilocks.fairwinds.com/enabled: "true" 9 | 10 | -------------------------------------------------------------------------------- /kubernetes/namespaces/resources/kubevirt.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: kubevirt 5 | annotations: 6 | volsync.backube/privileged-movers: "true" 7 | labels: 8 | goldilocks.fairwinds.com/enabled: "true" 9 | 10 | -------------------------------------------------------------------------------- /kubernetes/apps/wg-easy/README.md: -------------------------------------------------------------------------------- 1 | # [wg-easy](https://github.com/wg-easy/wg-easy) 2 | 3 | WireGuard VPN server with Web-based Admin UI. 4 | 5 | ## Notes 6 | 7 | I use this VPN server to bypass some of my firewall rules for temporary test setups in diffrent vlans. 8 | -------------------------------------------------------------------------------- /kubernetes/core/authentication/tinyauth/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../../templates/volsync-pvc 6 | - app.yaml 7 | - midleware-tinyauth.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/core/storage/zfs-localpv/README.md: -------------------------------------------------------------------------------- 1 | # [OpenEBS Local PV ZFS](https://github.com/openebs/zfs-localpv) 2 | 3 | Dynamically provision Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes that is integrated with a backend ZFS data storage stack. 4 | -------------------------------------------------------------------------------- /kubernetes/namespaces/resources/monitoring.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: monitoring 5 | annotations: 6 | volsync.backube/privileged-movers: "true" 7 | labels: 8 | goldilocks.fairwinds.com/enabled: "true" 9 | 10 | -------------------------------------------------------------------------------- /kubernetes/namespaces/resources/vpn-gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: vpn-gateway 5 | annotations: 6 | volsync.backube/privileged-movers: "true" 7 | labels: 8 | goldilocks.fairwinds.com/enabled: "true" 9 | 10 | -------------------------------------------------------------------------------- /kubernetes/core/networking/traefik/settings/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: networking 5 | resources: 6 | - default-tls-store.yaml 7 | - midleware-rfc1918.yaml 8 | - dashboard.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/namespaces/resources/authentication.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: authentication 5 | annotations: 6 | volsync.backube/privileged-movers: "true" 7 | labels: 8 | goldilocks.fairwinds.com/enabled: "true" 9 | 10 | -------------------------------------------------------------------------------- /kubernetes/namespaces/resources/minio-operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: minio-operator 5 | annotations: 6 | volsync.backube/privileged-movers: "true" 7 | labels: 8 | goldilocks.fairwinds.com/enabled: "true" 9 | 10 | -------------------------------------------------------------------------------- /kubernetes/namespaces/resources/notification.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: notification 5 | annotations: 6 | volsync.backube/privileged-movers: "true" 7 | labels: 8 | goldilocks.fairwinds.com/enabled: "true" 9 | 10 | -------------------------------------------------------------------------------- /kubernetes/apps/paperless-ai/README.md: -------------------------------------------------------------------------------- 1 | # [Paperless-ai](https://github.com/clusterzx/paperless-ai) 2 | 3 | An automated document analyzer for Paperless-ngx using OpenAI API, Ollama and all OpenAI API compatible Services to automatically analyze and tag your documents. 4 | 5 | -------------------------------------------------------------------------------- /kubernetes/core/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - authentication 6 | - backup 7 | - database 8 | - monitoring 9 | - networking 10 | - storage 11 | - system 12 | - gitops 13 | -------------------------------------------------------------------------------- /kubernetes/core/system/reloader/README.md: -------------------------------------------------------------------------------- 1 | # [Reloader](https://github.com/stakater/Reloader) 2 | 3 | A Kubernetes controller to watch changes in ConfigMap and Secrets and do rolling upgrades on Pods with their associated Deployment, StatefulSet, DaemonSet and DeploymentConfig. 4 | -------------------------------------------------------------------------------- /kubernetes/namespaces/resources/home-automation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: home-automation 5 | annotations: 6 | volsync.backube/privileged-movers: "true" 7 | labels: 8 | goldilocks.fairwinds.com/enabled: "true" 9 | 10 | -------------------------------------------------------------------------------- /kubernetes/core/authentication/tinyauth/README.md: -------------------------------------------------------------------------------- 1 | # [Tinyauth](https://github.com/steveiliop56/tinyauth) 2 | 3 | Tinyauth is a simple authentication middleware that adds simple username/password login or OAuth with Google, Github and any generic OAuth provider to all of your apps. 4 | -------------------------------------------------------------------------------- /kubernetes/suspended/bisq2/README.md: -------------------------------------------------------------------------------- 1 | # [Bisq2](https://github.com/niki-on-github/bisq2-container) 2 | 3 | A decentralized bitcoin exchange network. Bisq 2 will be the successor to Bisq v1 and will support multiple trade protocols, multiple privacy networks and multiple identities. 4 | -------------------------------------------------------------------------------- /kubernetes/apps/vpn-diagnose/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: vpn-diagnose 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/vpn-diagnose/app" 8 | dependsOn: 9 | - name: vpn-gateway 10 | -------------------------------------------------------------------------------- /kubernetes/templates/volsync-pvc/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - restric-credentials.yaml 6 | - replication-destination.yaml 7 | - pvc.yaml 8 | - replication-source.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/core/storage/minio/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: minio-external 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/core/storage/minio/external" 8 | dependsOn: 9 | - name: traefik 10 | -------------------------------------------------------------------------------- /kubernetes/core/database/postgres/README.md: -------------------------------------------------------------------------------- 1 | # [cloudnative-pg](https://cloudnative-pg.io/) 2 | 3 | CloudNativePG is the Kubernetes operator that covers the full lifecycle of a highly available PostgreSQL database cluster with a primary/standby architecture, using native streaming replication. 4 | -------------------------------------------------------------------------------- /kubernetes/core/networking/multus/networks/README.md: -------------------------------------------------------------------------------- 1 | # Multus Networks 2 | 3 | ## Wake On Lan 4 | 5 | To use the multus interface to send the wol package we need to add the interface for the dst `255.255.255.255/32`: 6 | 7 | ``` 8 | "routes": [{"dst": "255.255.255.255/32"}], 9 | ``` 10 | -------------------------------------------------------------------------------- /kubernetes/apps/jdownloader/README.md: -------------------------------------------------------------------------------- 1 | # [JDownloader2 Container](https://github.com/jlesage/docker-jdownloader-2) 2 | 3 | Container for JDownloader 2. The GUI of the application is accessed through a modern web browser (no installation or configuration needed on the client side) or via any VNC client. 4 | -------------------------------------------------------------------------------- /kubernetes/core/gitops/flux-instance/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: flux-instance 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/core/gitops/flux-instance/app" 8 | dependsOn: 9 | - name: flux-operator 10 | -------------------------------------------------------------------------------- /kubernetes/core/networking/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - coredns/ks.yaml 5 | - cilium/ks.yaml 6 | - kube-vip/ks.yaml 7 | - traefik/ks.yaml 8 | - cert-manager/ks.yaml 9 | - multus/ks.yaml 10 | - external-dns/ks.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/apps/mosquitto/README.md: -------------------------------------------------------------------------------- 1 | # [Eclipse Mosquitto](https://github.com/eclipse/mosquitto) 2 | 3 | Mosquitto is an open source implementation of a server for version 5.0, 3.1.1, and 3.1 of the MQTT protocol use as as a communication bridge between the individual modules of my home-automation stack. 4 | -------------------------------------------------------------------------------- /kubernetes/core/networking/external-dns/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: external-dns 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/core/networking/external-dns/operator" 8 | dependsOn: 9 | - name: kube-vip 10 | -------------------------------------------------------------------------------- /kubernetes/suspended/README.md: -------------------------------------------------------------------------------- 1 | # Suspended Applications 2 | 3 | This folder contains my suspended k8s applications. To improve the server performance i try to disable all applications which i not use frequently. To allow a easy resumtion i store the latest working aplication declarations in this directory. 4 | -------------------------------------------------------------------------------- /kubernetes/apps/grafana/README.md: -------------------------------------------------------------------------------- 1 | # [Grafana](https://github.com/grafana/grafana) 2 | 3 | Grafana is a open-source platform for monitoring and observability. It provides charts, graphs, and alerts for different data sources. 4 | 5 | ## Image Renderer 6 | 7 | see https://j3t.ch/tech/grafana-png-image-generation 8 | -------------------------------------------------------------------------------- /kubernetes/core/authentication/pocket-id/README.md: -------------------------------------------------------------------------------- 1 | # [Pocket ID](https://pocket-id.org) 2 | 3 | Pocket ID is a simple OIDC provider that allows users to authenticate with their passkeys to your services. 4 | 5 | ## Setup 6 | 7 | You can sign in with the admin account on `https://id.${SECRET_DOMAIN}/login/setup`. 8 | -------------------------------------------------------------------------------- /kubernetes/core/monitoring/metrics-server/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: metrics-server 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/core/monitoring/metrics-server/app" 8 | dependsOn: 9 | - name: prometheus-crds 10 | -------------------------------------------------------------------------------- /kubernetes/core/networking/traefik/README.md: -------------------------------------------------------------------------------- 1 | # [traefik](https://github.com/traefik/traefik) 2 | 3 | Traefik is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with your existing infrastructure components and configures itself automatically and dynamically. 4 | -------------------------------------------------------------------------------- /kubernetes/core/storage/csi-driver-nfs/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: csi-driver-nfs 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/core/storage/csi-driver-nfs/operator" 8 | dependsOn: 9 | - name: local-hostpath 10 | -------------------------------------------------------------------------------- /kubernetes/suspended/kestra/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: kestra 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/kestra/app" 8 | postBuild: 9 | substitute: 10 | APP_NAME: kestra 11 | APP_NAMESPACE: apps 12 | -------------------------------------------------------------------------------- /kubernetes/apps/it-tools/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: it-tools 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/it-tools/app" 8 | postBuild: 9 | substitute: 10 | APP_NAME: it-tools 11 | APP_NAMESPACE: apps 12 | -------------------------------------------------------------------------------- /kubernetes/apps/mealie/README.md: -------------------------------------------------------------------------------- 1 | # [Mealie](https://mealie.io/) 2 | 3 | Mealie is an intuitive and easy to use recipe management app. It's designed to make your life easier by being the best recipes management experience on the web and providing you with an easy to use interface to manage your growing collection of recipes. 4 | -------------------------------------------------------------------------------- /kubernetes/apps/omni-tools/README.md: -------------------------------------------------------------------------------- 1 | # [OmniTools](https://github.com/iib0011/omni-tools) 2 | 3 | Self-hosted collection of powerful web-based tools for everyday tasks: 4 | 5 | - Image/Video/Binary Tools 6 | - String/List Tools 7 | - Date and Time Tools 8 | - Math Tools 9 | - Miscellaneous Tools 10 | - And more... 11 | -------------------------------------------------------------------------------- /kubernetes/apps/searxng/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: searxng 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/searxng/app" 8 | postBuild: 9 | substitute: 10 | APP_NAME: searxng 11 | APP_NAMESPACE: apps 12 | 13 | -------------------------------------------------------------------------------- /kubernetes/apps/cyberchef/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: cyberchef 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/cyberchef/app" 8 | postBuild: 9 | substitute: 10 | APP_NAME: cyberchef 11 | APP_NAMESPACE: apps 12 | -------------------------------------------------------------------------------- /kubernetes/apps/excalidraw/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: excalidraw 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/excalidraw/app" 8 | postBuild: 9 | substitute: 10 | APP_NAME: excalidraw 11 | APP_NAMESPACE: apps 12 | -------------------------------------------------------------------------------- /kubernetes/apps/kubetail/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: kubetail 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/kubetail/app" 8 | postBuild: 9 | substitute: 10 | APP_NAME: kubetail 11 | APP_NAMESPACE: monitoring 12 | -------------------------------------------------------------------------------- /kubernetes/apps/omni-tools/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: omni-tools 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/omni-tools/app" 8 | postBuild: 9 | substitute: 10 | APP_NAME: omni-tools 11 | APP_NAMESPACE: apps 12 | -------------------------------------------------------------------------------- /kubernetes/templates/postgres/postgresql-cluster-superuser.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | type: kubernetes.io/basic-auth 3 | kind: Secret 4 | metadata: 5 | name: ${APP_NAME}-postgresql-superuser 6 | namespace: ${CONFIG_DATABASE_NAMESPACE} 7 | stringData: 8 | password: ${SECRET_DATABASE_PASSWORD} 9 | username: postgres 10 | -------------------------------------------------------------------------------- /kubernetes/apps/netboot-xyz/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: netboot-xyz 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/netboot-xyz/app" 8 | postBuild: 9 | substitute: 10 | APP_NAME: netboot-xyz 11 | APP_NAMESPACE: apps 12 | -------------------------------------------------------------------------------- /kubernetes/core/gitops/flux-operator/README.md: -------------------------------------------------------------------------------- 1 | # Flux Operator 2 | 3 | The Flux Operator is a Kubernetes CRD controller that manages the lifecycle of CNCF Flux CD and the ControlPlane enterprise distribution. The operator extends Flux with self-service capabilities and preview environments for GitLab and GitHub pull requests testing. 4 | -------------------------------------------------------------------------------- /kubernetes/apps/ncps/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: ncps 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/ncps/app" 8 | postBuild: 9 | substitute: 10 | APP_NAME: ncps 11 | APP_NAMESPACE: apps 12 | PVC_CAPACITY: "150Gi" 13 | -------------------------------------------------------------------------------- /kubernetes/core/monitoring/prometheus-stack/README.md: -------------------------------------------------------------------------------- 1 | # [Prometheus Stack](https://github.com/prometheus/prometheus) 2 | 3 | Prometheus, a service monitoring system. It collects metrics from configured targets at given intervals, evaluates rule expressions, displays the results, and can trigger alerts when specified conditions are observed. 4 | -------------------------------------------------------------------------------- /kubernetes/apps/unifi/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: unifi 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/unifi/app" 8 | postBuild: 9 | substitute: 10 | APP_NAME: unifi 11 | APP_NAMESPACE: apps 12 | PVC_CAPACITY: "16Gi" 13 | -------------------------------------------------------------------------------- /kubernetes/suspended/attic/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - app.yaml 6 | configMapGenerator: 7 | - name: attic-configmap 8 | files: 9 | - config/server.toml 10 | generatorOptions: 11 | disableNameSuffixHash: true 12 | -------------------------------------------------------------------------------- /kubernetes/suspended/bisq/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: bisq 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/bisq/app" 8 | postBuild: 9 | substitute: 10 | APP_NAME: bisq 11 | APP_NAMESPACE: apps 12 | PVC_CAPACITY: "16Gi" 13 | -------------------------------------------------------------------------------- /kubernetes/apps/image-puller/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: image-puller 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/image-puller/app" 8 | postBuild: 9 | substitute: 10 | APP_NAME: image-puller 11 | APP_NAMESPACE: system 12 | 13 | -------------------------------------------------------------------------------- /kubernetes/apps/readeck/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: readeck 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/readeck/app" 8 | postBuild: 9 | substitute: 10 | APP_NAME: readeck 11 | APP_NAMESPACE: apps 12 | PVC_CAPACITY: "8Gi" 13 | -------------------------------------------------------------------------------- /kubernetes/apps/wiki/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: wiki 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/wiki/app" 8 | dependsOn: 9 | - name: gitea 10 | postBuild: 11 | substitute: 12 | APP_NAME: wiki 13 | APP_NAMESPACE: apps 14 | -------------------------------------------------------------------------------- /kubernetes/suspended/actual/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: actual 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/actual/app" 8 | postBuild: 9 | substitute: 10 | APP_NAME: actual 11 | APP_NAMESPACE: apps 12 | PVC_CAPACITY: "8Gi" 13 | -------------------------------------------------------------------------------- /kubernetes/suspended/bisq2/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: bisq2 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/bisq2/app" 8 | postBuild: 9 | substitute: 10 | APP_NAME: bisq2 11 | APP_NAMESPACE: apps 12 | PVC_CAPACITY: "16Gi" 13 | -------------------------------------------------------------------------------- /kubernetes/apps/pgadmin/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: pgadmin 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/pgadmin/app" 8 | postBuild: 9 | substitute: 10 | APP_NAME: pgadmin 11 | APP_NAMESPACE: database 12 | PVC_CAPACITY: "1Gi" 13 | -------------------------------------------------------------------------------- /kubernetes/apps/wg-easy/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: wg-easy 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/wg-easy/app" 8 | postBuild: 9 | substitute: 10 | APP_NAME: wg-easy 11 | APP_NAMESPACE: networking 12 | PVC_CAPACITY: "2Gi" 13 | -------------------------------------------------------------------------------- /kubernetes/core/networking/cilium/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: cilium 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/core/networking/cilium/operator" 8 | dependsOn: 9 | - name: traefik-crds 10 | - name: prometheus-crds 11 | - name: cert-manager 12 | -------------------------------------------------------------------------------- /kubernetes/suspended/attic/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: attic 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/attic/app" 8 | postBuild: 9 | substitute: 10 | APP_NAME: attic 11 | APP_NAMESPACE: apps 12 | PVC_CAPACITY: "32Gi" 13 | 14 | -------------------------------------------------------------------------------- /kubernetes/apps/syncthing/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: syncthing 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/syncthing/app" 8 | postBuild: 9 | substitute: 10 | APP_NAME: syncthing 11 | APP_NAMESPACE: apps 12 | PVC_CAPACITY: "32Gi" 13 | -------------------------------------------------------------------------------- /kubernetes/apps/nodered/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: nodered 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/nodered/app" 8 | postBuild: 9 | substitute: 10 | APP_NAME: nodered 11 | APP_NAMESPACE: home-automation 12 | PVC_CAPACITY: "16Gi" 13 | -------------------------------------------------------------------------------- /kubernetes/apps/vpn-gateway/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: vpn-gateway 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/vpn-gateway/operator" 8 | wait: true 9 | dependsOn: 10 | - name: cert-manager 11 | - name: cert-manager-issuer 12 | - name: cilium 13 | -------------------------------------------------------------------------------- /kubernetes/apps/bitcoind/README.md: -------------------------------------------------------------------------------- 1 | # [Bitcoin](https://github.com/niki-on-github/bitcoind-container) 2 | 3 | Bitcoind Container image that runs the Bitcoin node in a container for easy deployment. 4 | 5 | ## Client 6 | 7 | Use [Sparrow Bitcoin Wallet](https://github.com/sparrowwallet/sparrow) to connect to this container. Available in nixpkgs: `nix-shell -p sparrow` 8 | -------------------------------------------------------------------------------- /kubernetes/apps/jellyseerr/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: jellyseerr 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/jellyseerr/app" 8 | postBuild: 9 | substitute: 10 | APP_NAME: jellyseerr 11 | APP_NAMESPACE: media 12 | PVC_CAPACITY: "1Gi" 13 | 14 | -------------------------------------------------------------------------------- /kubernetes/apps/mosquitto/app/config/mosquitto.conf: -------------------------------------------------------------------------------- 1 | per_listener_settings false 2 | listener 1883 3 | listener 9001 4 | protocol websockets 5 | allow_anonymous false 6 | persistence true 7 | persistence_location /data 8 | autosave_interval 1800 9 | connection_messages false 10 | autosave_interval 60 11 | password_file /mosquitto/external_config/mosquitto_pwd 12 | -------------------------------------------------------------------------------- /kubernetes/apps/stirling-pdf/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: stirling-pdf 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/stirling-pdf/app" 8 | postBuild: 9 | substitute: 10 | APP_NAME: stirling-pdf 11 | APP_NAMESPACE: apps 12 | PVC_CAPACITY: "1Gi" 13 | -------------------------------------------------------------------------------- /kubernetes/apps/unifi/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | # enable this to get deiscovery for new devices: 8 | # NOTE: is now obsolete we now use multus to fix this 9 | # - unifi-udp-discovery.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/core/backup/volsync/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: volsync 6 | namespace: flux-system 7 | spec: 8 | path: "./kubernetes/core/backup/volsync/operator" 9 | dependsOn: 10 | - name: zfs-localpv-volume 11 | - name: prometheus-crds 12 | - name: minio-external 13 | -------------------------------------------------------------------------------- /kubernetes/templates/postgres/postgresql-backup.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: postgresql.cnpg.io/v1 2 | kind: ScheduledBackup 3 | metadata: 4 | name: ${APP_NAME}-postgresql-backup 5 | namespace: ${CONFIG_DATABASE_NAMESPACE} 6 | spec: 7 | schedule: "0 0 0 * * *" 8 | backupOwnerReference: self 9 | immediate: true 10 | cluster: 11 | name: ${APP_NAME}-postgresql 12 | -------------------------------------------------------------------------------- /kubernetes/apps/miniflux/README.md: -------------------------------------------------------------------------------- 1 | # [Miniflux](https://miniflux.app/) 2 | 3 | Miniflux is a minimalist and opinionated feed reader. 4 | 5 | ## Newsboat 6 | 7 | add the following to `~/config/newsboat/config`: 8 | 9 | ``` 10 | urls-source "miniflux" 11 | miniflux-url "https://rss.${domain}/" 12 | miniflux-login "admin" 13 | miniflux-password "mypassword" 14 | ``` 15 | -------------------------------------------------------------------------------- /kubernetes/apps/mosquitto/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: mosquitto 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/mosquitto/app" 8 | postBuild: 9 | substitute: 10 | APP_NAME: mosquitto 11 | APP_NAMESPACE: home-automation 12 | PVC_CAPACITY: "16Gi" 13 | 14 | -------------------------------------------------------------------------------- /kubernetes/apps/network-share/README.md: -------------------------------------------------------------------------------- 1 | # Various Netork Share Protocols 2 | 3 | - K8S Internal NFS 4 | - Samba 5 | - FTP 6 | 7 | ## NFS 8 | 9 | To enable access logging on server side: 10 | 11 | ```sh 12 | rpcdebug -m nfsd -s all 13 | ``` 14 | 15 | less verbose: 16 | 17 | ```sh 18 | rpcdebug -m nfsd -s auth proc 19 | ``` 20 | 21 | use `dmesg` to show the logs 22 | -------------------------------------------------------------------------------- /kubernetes/apps/telegraf/README.md: -------------------------------------------------------------------------------- 1 | # [Telegraf](https://www.influxdata.com/time-series-platform/telegraf/) 2 | 3 | Telegraf is a server-based agent for collecting and sending all metrics and events from databases, systems, and IoT sensors. Telegraf is written in Go and compiles into a single binary with no external dependencies, and requires a very minimal memory footprint. 4 | -------------------------------------------------------------------------------- /kubernetes/apps/telegraf/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: telegraf 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/telegraf/app" 8 | dependsOn: 9 | - name: influxdb2 10 | postBuild: 11 | substitute: 12 | APP_NAME: telegraf 13 | APP_NAMESPACE: monitoring 14 | -------------------------------------------------------------------------------- /kubernetes/apps/uptime-kuma/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: uptime-kuma 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/uptime-kuma/app" 8 | postBuild: 9 | substitute: 10 | APP_NAME: uptime-kuma 11 | APP_NAMESPACE: apps 12 | PVC_CAPACITY: "8Gi" 13 | 14 | -------------------------------------------------------------------------------- /kubernetes/suspended/mqttx-web/README.md: -------------------------------------------------------------------------------- 1 | # [MQTTX Web](https://hub.docker.com/r/emqx/mqttx-web) 2 | 3 | MQTTX Web is an open source MQTT 5.0⁠ browser client and an online MQTT WebSocket client tool. Use WebSocket to connect to MQTT in your browser to help you develop and debug your MQTT services and applications faster without having to download and install MQTT X locally. 4 | -------------------------------------------------------------------------------- /kubernetes/apps/email2signal/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: email2signal 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/email2signal/app" 8 | postBuild: 9 | substitute: 10 | APP_NAME: email2signal 11 | APP_NAMESPACE: notification 12 | PVC_CAPACITY: "1Gi" 13 | -------------------------------------------------------------------------------- /kubernetes/apps/network-share/storage/storage-class.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: storage.k8s.io/v1 3 | kind: StorageClass 4 | metadata: 5 | name: ${CONFIG_NFS_STORAGE_CLASS_NAME} 6 | provisioner: nfs.csi.k8s.io 7 | parameters: 8 | server: "${NFS_SERVER_URI}" 9 | share: /pv 10 | subDir: /$${pvc.metadata.name} 11 | reclaimPolicy: Retain 12 | volumeBindingMode: Immediate 13 | -------------------------------------------------------------------------------- /kubernetes/suspended/mqttx-web/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: mqttx-web 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/mqttx-web/app" 8 | dependsOn: 9 | - name: mosquitto 10 | postBuild: 11 | substitute: 12 | APP_NAME: mqttx-web 13 | APP_NAMESPACE: apps 14 | -------------------------------------------------------------------------------- /kubernetes/templates/postgres/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - postgresql-cluster-superuser.yaml 6 | - postgresql-app-credentials.yaml 7 | - postgresql-cluster-credentials.yaml 8 | - postgresql-backup-credentials.yaml 9 | - postgresql-cluster.yaml 10 | - postgresql-backup.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/apps/nodered/README.md: -------------------------------------------------------------------------------- 1 | # [Node-RED](https://nodered.org/) 2 | 3 | Node-RED is a programming tool for wiring together hardware devices, APIs and online services in new and interesting ways. 4 | 5 | It provides a browser-based editor that makes it easy to wire together flows using the wide range of nodes in the palette that can be deployed to its runtime in a single-click. 6 | -------------------------------------------------------------------------------- /kubernetes/apps/solaredge/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: solaredge 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/solaredge/app" 8 | dependsOn: 9 | - name: influxdb2 10 | postBuild: 11 | substitute: 12 | APP_NAME: solaredge 13 | APP_NAMESPACE: home-automation 14 | -------------------------------------------------------------------------------- /kubernetes/suspended/watch-your-lan/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: watch-your-lan 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/watch-your-lan/app" 8 | postBuild: 9 | substitute: 10 | APP_NAME: watch-your-lan 11 | APP_NAMESPACE: apps 12 | PVC_CAPACITY: "2Gi" 13 | -------------------------------------------------------------------------------- /kubernetes/apps/qbittorrent/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: vpn-apps 5 | resources: 6 | - ../../../templates/volsync-pvc 7 | - app.yaml 8 | configMapGenerator: 9 | - name: qbittorrent-scripts 10 | files: 11 | - scripts/config.py 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/core/system/reloader/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: reloader 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/core/system/reloader/app" 8 | dependsOn: 9 | - name: prometheus-crds 10 | postBuild: 11 | substitute: 12 | APP_NAME: reloader 13 | APP_NAMESPACE: system 14 | -------------------------------------------------------------------------------- /docs/Maintenance.md: -------------------------------------------------------------------------------- 1 | # Maintenance 2 | 3 | Example scale down pod 4 | 5 | ```sh 6 | flux suspend ks bitcoind 7 | kubectl scale deploy -n apps bitcoind --replicas=0 8 | # maintenance time 9 | kubectl scale deploy -n apps bitcoind --replicas=1 10 | flux resume ks bitcoind 11 | ``` 12 | 13 | If you have changes that are not synced jet you can use `flux reconcile source git flux-system`. 14 | -------------------------------------------------------------------------------- /kubernetes/apps/mosquitto/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | configMapGenerator: 8 | - name: mosquitto-configmap 9 | files: 10 | - config/mosquitto.conf 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | -------------------------------------------------------------------------------- /kubernetes/apps/netboot-xyz/README.md: -------------------------------------------------------------------------------- 1 | # [NETBOOT.XYZ](https://netboot.xyz/) 2 | 3 | netboot.xyz enables you to PXE boot many Operating System installers and utilities from a simple to use menu powered by the iPXE project. 4 | 5 | ## Ports 6 | 7 | The following Ports must be open in host firewall: 8 | 9 | - UDP 67: DHCP Proxy 10 | - UDP 69: TFTP 11 | - UDP 4011: PXE Boot Listener 12 | -------------------------------------------------------------------------------- /kubernetes/suspended/changedetection/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: changedetection 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/changedetection/app" 8 | postBuild: 9 | substitute: 10 | APP_NAME: changedetection 11 | APP_NAMESPACE: apps 12 | PVC_CAPACITY: "8Gi" 13 | 14 | -------------------------------------------------------------------------------- /kubernetes/apps/esp-dashboard/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: esp-dashboard 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/esp-dashboard/app" 8 | dependsOn: 9 | - name: grafana 10 | postBuild: 11 | substitute: 12 | APP_NAME: esp-dashboard 13 | APP_NAMESPACE: home-automation 14 | -------------------------------------------------------------------------------- /kubernetes/apps/jellyfin/README.md: -------------------------------------------------------------------------------- 1 | # [Jellyfin](https://jellyfin.org/) 2 | 3 | Jellyfin is the media solution that puts you in control of your media. Stream to any device from your own server. Your media, your server, your way. 4 | 5 | ## Enable Hardware Transcoding (AMD iGPU) 6 | 7 | 1. Open Dashboard : Playback : Transcoding 8 | 2. Select Hardware acceleration: `Video Acceleration API (VAAPI)` 9 | -------------------------------------------------------------------------------- /kubernetes/apps/mealie/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: mealie 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/mealie/app" 8 | dependsOn: 9 | - name: tailscale 10 | postBuild: 11 | substitute: 12 | APP_NAME: mealie 13 | APP_NAMESPACE: apps 14 | PVC_CAPACITY: "32Gi" 15 | 16 | -------------------------------------------------------------------------------- /kubernetes/apps/syncify/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: syncify 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/syncify/app" 8 | dependsOn: 9 | - name: network-share 10 | postBuild: 11 | substitute: 12 | APP_NAME: syncify 13 | APP_NAMESPACE: media 14 | PVC_CAPACITY: "4Gi" 15 | -------------------------------------------------------------------------------- /kubernetes/apps/open-webui/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: open-webui 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/open-webui/app" 8 | dependsOn: 9 | - name: searxng 10 | postBuild: 11 | substitute: 12 | APP_NAME: open-webui 13 | APP_NAMESPACE: apps 14 | PVC_CAPACITY: "8Gi" 15 | -------------------------------------------------------------------------------- /kubernetes/apps/paperless/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: paperless 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/paperless/app" 8 | dependsOn: 9 | - name: tailscale 10 | postBuild: 11 | substitute: 12 | APP_NAME: paperless 13 | APP_NAMESPACE: apps 14 | PVC_CAPACITY: "32Gi" 15 | -------------------------------------------------------------------------------- /kubernetes/apps/scrutiny/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: scrutiny 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/scrutiny/app" 8 | dependsOn: 9 | - name: influxdb2 10 | postBuild: 11 | substitute: 12 | APP_NAME: scrutiny 13 | APP_NAMESPACE: monitoring 14 | PVC_CAPACITY: "1Gi" 15 | -------------------------------------------------------------------------------- /kubernetes/apps/lubelogger/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: lubelogger 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/lubelogger/app" 8 | dependsOn: 9 | - name: tailscale 10 | postBuild: 11 | substitute: 12 | APP_NAME: lubelogger 13 | APP_NAMESPACE: apps 14 | PVC_CAPACITY: "16Gi" 15 | -------------------------------------------------------------------------------- /kubernetes/apps/nzbget/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: vpn-apps 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | configMapGenerator: 8 | - name: nzbget-scripts 9 | files: 10 | - scripts/GetPw.py 11 | - scripts/DeleteSamples.py 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/apps/vaultwarden/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: vaultwarden 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/vaultwarden/app" 8 | dependsOn: 9 | - name: tailscale 10 | postBuild: 11 | substitute: 12 | APP_NAME: vaultwarden 13 | APP_NAMESPACE: apps 14 | PVC_CAPACITY: "2Gi" 15 | -------------------------------------------------------------------------------- /kubernetes/config/settings/flux.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | instance: 3 | distribution: 4 | # renovate: datasource=github-releases depName=controlplaneio-fluxcd/distribution 5 | version: 2.7.3 6 | sync: 7 | kind: GitRepository 8 | url: ssh://gitea@server02.lan/r/nixos-k3s.git 9 | ref: refs/heads/main 10 | path: kubernetes/flux 11 | interval: 2m 12 | pullSecret: "flux-git-auth" 13 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/cilium-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: cilium-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | timeout: 3m 10 | url: https://helm.cilium.io 11 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/drone-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: drone-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://charts.drone.io 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/harbor-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: harbor-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://helm.goharbor.io 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/k8tz-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: k8tz-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://k8tz.github.io/k8tz/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/runix-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: runix-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://helm.runix.net 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/suspended/donetick/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: donetick 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/donetick/app" 8 | dependsOn: 9 | - name: tailscale 10 | postBuild: 11 | substitute: 12 | APP_NAME: donetick 13 | APP_NAMESPACE: apps 14 | PVC_CAPACITY: "16Gi" 15 | 16 | -------------------------------------------------------------------------------- /kubernetes/suspended/perplexica/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: perplexica 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/perplexica/app" 8 | dependsOn: 9 | - name: ollama 10 | postBuild: 11 | substitute: 12 | APP_NAME: perplexica 13 | APP_NAMESPACE: apps 14 | PVC_CAPACITY: "8Gi" 15 | -------------------------------------------------------------------------------- /kubernetes/templates/postgres/postgresql-backup-credentials.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | type: Opaque 3 | kind: Secret 4 | metadata: 5 | name: ${APP_NAME}-postgresql-backup-credentials 6 | namespace: ${CONFIG_DATABASE_NAMESPACE} 7 | stringData: 8 | ACCESS_KEY_ID: ${SECRET_MINIO_BACKUP_ROOT_USER} 9 | ACCESS_SECRET_KEY: ${SECRET_MINIO_BACKUP_ROOT_PASSWORD} 10 | REGION: ${CONFIG_MINIO_BACKUP_REGION} 11 | -------------------------------------------------------------------------------- /kubernetes/apps/gitea-runner/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: gitea-runner 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/gitea-runner/app" 8 | dependsOn: 9 | - name: gitea 10 | postBuild: 11 | substitute: 12 | APP_NAME: gitea-runner 13 | APP_NAMESPACE: apps 14 | PVC_CAPACITY: "256Gi" 15 | -------------------------------------------------------------------------------- /kubernetes/apps/paperless-ai/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: paperless-ai 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/paperless-ai/app" 8 | dependsOn: 9 | - name: paperless 10 | postBuild: 11 | substitute: 12 | APP_NAME: paperless-ai 13 | APP_NAMESPACE: apps 14 | PVC_CAPACITY: "32Gi" 15 | -------------------------------------------------------------------------------- /kubernetes/core/networking/cert-manager/issuer/cluster-issuer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Issuer 3 | metadata: 4 | name: self-signed-issuer 5 | namespace: networking 6 | spec: 7 | selfSigned: {} 8 | --- 9 | apiVersion: cert-manager.io/v1 10 | kind: ClusterIssuer 11 | metadata: 12 | name: ca-issuer 13 | namespace: networking 14 | spec: 15 | ca: 16 | secretName: internal-ca 17 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/gitea-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: gitea-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://dl.gitea.io/charts/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/rke2-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: rke2-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://rke2-charts.rancher.io 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/suspended/navidrome/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: navidrome 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/navidrome/app" 8 | dependsOn: 9 | - name: network-share 10 | postBuild: 11 | substitute: 12 | APP_NAME: navidrome 13 | APP_NAMESPACE: media 14 | PVC_CAPACITY: "8Gi" 15 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/authelia-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: authelia-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://charts.authelia.com 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/coredns-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: coredns-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://coredns.github.io/helm 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/jetstack-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: jetstack-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://charts.jetstack.io/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/piraeus-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: piraeus-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://piraeus.io/helm-charts/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/traefik-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: traefik-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://helm.traefik.io/traefik 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/apps/zigbee2mqtt/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: zigbee2mqtt 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/zigbee2mqtt/app" 8 | dependsOn: 9 | - name: mosquitto 10 | postBuild: 11 | substitute: 12 | APP_NAME: zigbee2mqtt 13 | APP_NAMESPACE: home-automation 14 | PVC_CAPACITY: "2Gi" 15 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/angelnu-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: angelnu-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://angelnu.github.io/helm-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/authentik-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: authentik-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://charts.goauthentik.io 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/bjw-s-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: bjw-s-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://bjw-s-labs.github.io/helm-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/cnpg-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: cnpg-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://cloudnative-pg.github.io/charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/grafana-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: grafana-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://grafana.github.io/helm-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/influxdata-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: influxdata-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://helm.influxdata.com/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/kyverno-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: kyverno-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://kyverno.github.io/kyverno/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/open-webui-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: open-webui-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://helm.openwebui.com/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/suspended/rw-markable/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: rw-markable 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/rw-markable/app" 8 | dependsOn: 9 | - name: tailscale 10 | postBuild: 11 | substitute: 12 | APP_NAME: rw-markable 13 | APP_NAMESPACE: apps 14 | PVC_CAPACITY: "32Gi" 15 | 16 | -------------------------------------------------------------------------------- /.gitea/workflows/nix-cache.yaml: -------------------------------------------------------------------------------- 1 | name: Build and Push Nix Cache 2 | 3 | on: 4 | workflow_dispatch: 5 | push: 6 | branches: 7 | - main 8 | paths: 9 | # - 'systems/**' 10 | - 'flake.nix' 11 | - 'flake.lock' 12 | 13 | jobs: 14 | build-and-push: 15 | uses: actions/nix-cache/.gitea/workflows/system.yaml@v6 16 | secrets: inherit 17 | with: 18 | TARGET: "supermicro-k3s" 19 | -------------------------------------------------------------------------------- /kubernetes/apps/jellyfin/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: jellyfin 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/jellyfin/app" 8 | dependsOn: 9 | - name: network-share 10 | - name: tailscale 11 | postBuild: 12 | substitute: 13 | APP_NAME: jellyfin 14 | APP_NAMESPACE: media 15 | PVC_CAPACITY: "4Gi" 16 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/backube-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: backube-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | timeout: 3m 10 | url: https://backube.github.io/helm-charts/ 11 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/fairwinds-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: fairwinds-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://charts.fairwinds.com/stable 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/hashicorp-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: hashicorp-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://helm.releases.hashicorp.com 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/kube-vip-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: kube-vip-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://kube-vip.github.io/helm-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/minio-operator-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: minio-operator-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://operator.min.io/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/nvidia-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: nvidia-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://nvidia.github.io/k8s-device-plugin 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/tailscale-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: tailscale-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://pkgs.tailscale.com/helmcharts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/suspended/vpn-browser/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: vpn-browser 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/vpn-browser/app" 8 | dependsOn: 9 | - name: vpn-gateway 10 | postBuild: 11 | substitute: 12 | APP_NAME: vpn-browser 13 | APP_NAMESPACE: vpn-apps 14 | PVC_CAPACITY: "1Gi" 15 | 16 | -------------------------------------------------------------------------------- /kubernetes/apps/esp-dashboard/README.md: -------------------------------------------------------------------------------- 1 | # [ESP Dashboard](https://github.com/niki-on-github/eink-esp-display) 2 | 3 | Server part for my eink dashboard using waveshare esp32 and 7.5" epaper display. We use [Grafana Image Renderer](https://grafana.com/grafana/plugins/grafana-image-renderer/) to render a grafana dashboard for the esp eink display. 4 | 5 | ## Test 6 | 7 | Open `http://esp-dashboard.k8s.lan/dashboard-02.png` in browser. 8 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/kubetail-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: kubetail-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://kubetail-org.github.io/helm-charts/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/stakater-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: stakater-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://stakater.github.io/stakater-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/zfs-localpv-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: zfs-localpv-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://openebs.github.io/zfs-localpv 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/xenitab-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: xenitab-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | type: oci 10 | url: oci://ghcr.io/xenitab/helm-charts 11 | timeout: 3m 12 | -------------------------------------------------------------------------------- /kubernetes/apps/nzbget/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: nzbget 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/nzbget/app" 8 | dependsOn: 9 | - name: vpn-gateway 10 | - name: network-share-storage 11 | postBuild: 12 | substitute: 13 | APP_NAME: nzbget 14 | APP_NAMESPACE: vpn-apps 15 | PVC_CAPACITY: "1Gi" 16 | 17 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/democratic-csi-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: democratic-csi-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://democratic-csi.github.io/charts/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/external-dns-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: external-dns-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://kubernetes-sigs.github.io/external-dns 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/suspended/changedetection/README.md: -------------------------------------------------------------------------------- 1 | # [Web Site Change Detection](https://github.com/dgtlmoon/changedetection.io) 2 | 3 | Detect website content changes and perform meaningful actions - trigger notifications via Discord, Email, Slack, Telegram, API calls and many more. 4 | 5 | 6 | ## Notification 7 | 8 | ``` 9 | mailto://email2signal-mail.notification.svc:1025?from=change@detection.lan&to=self@signal.localdomain 10 | ``` 11 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/metrics-server-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: metrics-server-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | timeout: 3m 10 | url: https://kubernetes-sigs.github.io/metrics-server 11 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/vault-autounseal-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: vault-autounseal-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | timeout: 3m 10 | url: https://pytoshka.github.io/vault-autounseal 11 | -------------------------------------------------------------------------------- /kubernetes/apps/grafana/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: grafana 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/grafana/app" 8 | dependsOn: 9 | - name: traefik 10 | - name: prometheus-stack 11 | - name: influxdb2 12 | - name: tailscale 13 | postBuild: 14 | substitute: 15 | APP_NAME: grafana 16 | APP_NAMESPACE: monitoring 17 | -------------------------------------------------------------------------------- /kubernetes/apps/jellyseerr/README.md: -------------------------------------------------------------------------------- 1 | # [Jellyseerr](https://github.com/Fallenbagel/jellyseerr) 2 | 3 | Jellyseerr is a fork of Overseerr (Plex) with Jellyfin support. The application managing requests for your Jellyfin media library. You can browse new Movies and Series, Watch trailers and optional create request to Sonarr and Radarr with a preaty WebUI. 4 | 5 | ## Setup 6 | 7 | Use the jellyfin url: `http://jellyfin.media.svc.cluster.local:8096`. 8 | -------------------------------------------------------------------------------- /kubernetes/core/networking/cilium/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-system 6 | resources: 7 | - ./helm-release.yaml 8 | configMapGenerator: 9 | - name: cilium-helm-values 10 | files: 11 | - values.yaml=./helm-values.yaml 12 | configurations: 13 | - kustomizeconfig.yaml 14 | -------------------------------------------------------------------------------- /kubernetes/core/networking/coredns/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-system 6 | resources: 7 | - ./helm-release.yaml 8 | configMapGenerator: 9 | - name: coredns-helm-values 10 | files: 11 | - values.yaml=./helm-values.yaml 12 | configurations: 13 | - kustomizeconfig.yaml 14 | -------------------------------------------------------------------------------- /kubernetes/apps/jdownloader/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: jdownloader 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/jdownloader/app" 8 | dependsOn: 9 | - name: vpn-gateway 10 | - name: network-share-storage 11 | postBuild: 12 | substitute: 13 | APP_NAME: jdownloader 14 | APP_NAMESPACE: vpn-apps 15 | PVC_CAPACITY: "1Gi" 16 | 17 | -------------------------------------------------------------------------------- /kubernetes/apps/qbittorrent/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: qbittorrent 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/qbittorrent/app" 8 | dependsOn: 9 | - name: vpn-gateway 10 | - name: network-share-storage 11 | postBuild: 12 | substitute: 13 | APP_NAME: qbittorrent 14 | APP_NAMESPACE: vpn-apps 15 | PVC_CAPACITY: "1Gi" 16 | 17 | -------------------------------------------------------------------------------- /kubernetes/core/authentication/pocket-id/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: pocket-id 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/core/authentication/pocket-id/app" 8 | dependsOn: 9 | - name: traefik 10 | - name: volsync 11 | postBuild: 12 | substitute: 13 | APP_NAME: pocket-id 14 | APP_NAMESPACE: authentication 15 | PVC_CAPACITY: "2Gi" 16 | -------------------------------------------------------------------------------- /kubernetes/core/authentication/tinyauth/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: tinyauth 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/core/authentication/tinyauth/app" 8 | dependsOn: 9 | - name: traefik 10 | - name: volsync 11 | postBuild: 12 | substitute: 13 | APP_NAME: tinyauth 14 | APP_NAMESPACE: authentication 15 | PVC_CAPACITY: "1Gi" 16 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/prometheus-community-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: prometheus-community-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://prometheus-community.github.io/helm-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/apps/gitea/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: gitea 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/gitea/app" 8 | dependsOn: 9 | - name: tailscale 10 | postBuild: 11 | substitute: 12 | APP_NAME: gitea 13 | APP_NAMESPACE: apps 14 | PVC_CAPACITY: "32Gi" 15 | BACKUP_CACHE_CAPACITY: "4Gi" 16 | BACKUP_SCHEDULE: "0 */1 * * *" 17 | -------------------------------------------------------------------------------- /kubernetes/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - settings/cluster.yaml 5 | - certs/ks.yaml 6 | - secrets/cluster-secrets.sops.yaml 7 | - secrets/vpn-config.sops.yaml 8 | - secrets/vault-root-token.sops.yaml 9 | - secrets/vault-keys.sops.yaml 10 | - secrets/jellyplist-spotify-cookie.sops.yaml 11 | - secrets/external-dns.sops.yaml 12 | - secrets/storagebox.sops.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/uptime-kuma/README.md: -------------------------------------------------------------------------------- 1 | # [Uptime Kuma](https://github.com/louislam/uptime-kuma) 2 | 3 | Uptime Kuma is an easy-to-use self-hosted monitoring tool. 4 | 5 | ## Features 6 | 7 | - Monitoring uptime for HTTP(s) / TCP / HTTP(s) Keyword / HTTP(s) Json Query / Ping / DNS Record / Push / Steam Game Server / Docker Containers 8 | - Modern UI/UX 9 | - Notifications via Telegram, Discord, Gotify, Slack, Pushover, Email (SMTP) and 90+ notification services 10 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/controlplaneio-fluxcd-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: controlplaneio-fluxcd-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | timeout: 3m 10 | url: oci://ghcr.io/controlplaneio-fluxcd/charts 11 | type: oci 12 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/harbor-container-webhook-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: harbor-container-webhook-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | url: https://indeedeng.github.io/harbor-container-webhook/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/sources/helm/charts/csi-driver-nfs-charts.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: csi-driver-nfs-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 24h 9 | timeout: 3m 10 | url: https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts 11 | -------------------------------------------------------------------------------- /systems/x86_64-linux/supermicro-k3s/home.nix: -------------------------------------------------------------------------------- 1 | { inputs, ... }: { 2 | imports = [ 3 | inputs.self.homeManagerRoles.k3s 4 | ]; 5 | 6 | home.stateVersion = "24.11"; 7 | 8 | programs.ssh = { 9 | enable = true; 10 | matchBlocks = { 11 | "git.server02.lan" = { 12 | port = 222; 13 | hostname = "git.server02.lan"; 14 | user = "git"; 15 | identityFile = "~/.ssh/git.server02.lan"; 16 | }; 17 | }; 18 | }; 19 | } 20 | -------------------------------------------------------------------------------- /kubernetes/core/authentication/tinyauth/app/midleware-tinyauth.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: traefik.io/v1alpha1 2 | kind: Middleware 3 | metadata: 4 | name: auth 5 | namespace: authentication 6 | spec: 7 | forwardAuth: 8 | address: "http://tinyauth.authentication.svc:3000/api/auth/traefik" 9 | trustForwardHeader: true 10 | authResponseHeaders: 11 | - X-Forwarded-User 12 | - Remote-User 13 | - Remote-Groups 14 | - Remote-Name 15 | - Remote-Email 16 | 17 | -------------------------------------------------------------------------------- /kubernetes/flux/sources.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: sources 6 | namespace: flux-system 7 | spec: 8 | interval: 5m 9 | timeout: 1m 10 | retryInterval: 30s 11 | path: ./kubernetes/sources 12 | force: true 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | decryption: 19 | provider: sops 20 | secretRef: 21 | name: sops-age 22 | -------------------------------------------------------------------------------- /kubernetes/flux/namespaces.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: namespaces 6 | namespace: flux-system 7 | spec: 8 | interval: 5m 9 | timeout: 1m 10 | retryInterval: 30s 11 | path: ./kubernetes/namespaces 12 | force: true 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | decryption: 19 | provider: sops 20 | secretRef: 21 | name: sops-age 22 | -------------------------------------------------------------------------------- /kubernetes/core/networking/multus/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: multus 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/core/networking/multus/operator" 8 | --- 9 | apiVersion: kustomize.toolkit.fluxcd.io/v1 10 | kind: Kustomization 11 | metadata: 12 | name: multus-networks 13 | namespace: flux-system 14 | spec: 15 | path: "./kubernetes/core/networking/multus/networks" 16 | dependsOn: 17 | - name: multus 18 | -------------------------------------------------------------------------------- /kubernetes/core/networking/traefik/settings/dashboard.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: traefik.io/v1alpha1 3 | kind: IngressRoute 4 | metadata: 5 | name: dashboard 6 | namespace: networking 7 | spec: 8 | entryPoints: 9 | - websecure 10 | routes: 11 | - kind: Rule 12 | match: Host(`traefik.${SECRET_DOMAIN}`) 13 | priority: 10 14 | services: 15 | - name: api@internal 16 | kind: TraefikService 17 | middlewares: 18 | - name: rfc1918 19 | tls: {} 20 | -------------------------------------------------------------------------------- /kubernetes/core/storage/minio/README.md: -------------------------------------------------------------------------------- 1 | # [MinIO](https://github.com/minio/minio) 2 | 3 | MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. It is API compatible with Amazon S3 cloud storage service. Use MinIO to build high performance infrastructure for machine learning, analytics and application data workloads. 4 | 5 | ## Get JWT 6 | 7 | ```bash 8 | kubectl -n minio-operator get secret console-sa-secret -o jsonpath="{.data.token}" | base64 --decode 9 | ```` 10 | -------------------------------------------------------------------------------- /kubernetes/apps/tailscale/README.md: -------------------------------------------------------------------------------- 1 | # Tailscale Operator 2 | 3 | - Expose Services in your Kubernetes cluster to your Tailscale network (known as a tailnet) 4 | - Securely connect to the Kubernetes control plane (kube-apiserver) via an API server proxy, with or without authentication 5 | - Egress from a Kubernetes cluster to an external service on your tailnet 6 | 7 | ## Re-Register 8 | 9 | 1. Delete the tailscale secret for the ingress 10 | 2. Delete the staefulset for the ingress 11 | 3. kill/restart the operator 12 | -------------------------------------------------------------------------------- /kubernetes/suspended/jellyplist/README.md: -------------------------------------------------------------------------------- 1 | # [Jellyplist](https://github.com/kamilkosek/jellyplist) 2 | 3 | Jellyplist is a companion app for Jellyfin that provide the option to replicate/sync playlists from Spotify to your local Jellyfin account. Under the hood, it uses SpotDL for downloading the corresponding tracks from the available sources if a track isn´t found in your local library. 4 | 5 | ## TOOD 6 | 7 | - Cool app but it is broken since March 2025. Wait for https://github.com/kamilkosek/jellyplist/issues/80 to get fixed. 8 | -------------------------------------------------------------------------------- /kubernetes/core/networking/traefik/settings/midleware-rfc1918.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: traefik.io/v1alpha1 3 | kind: Middleware 4 | metadata: 5 | name: rfc1918-ips 6 | namespace: networking 7 | spec: 8 | ipAllowList: 9 | sourceRange: 10 | - 10.0.0.0/8 11 | - 172.16.0.0/12 12 | - 192.168.0.0/16 13 | --- 14 | apiVersion: traefik.io/v1alpha1 15 | kind: Middleware 16 | metadata: 17 | name: rfc1918 18 | namespace: networking 19 | spec: 20 | chain: 21 | middlewares: 22 | - name: rfc1918-ips 23 | -------------------------------------------------------------------------------- /kubernetes/flux/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: config 6 | namespace: flux-system 7 | spec: 8 | interval: 5m 9 | timeout: 1m 10 | retryInterval: 30s 11 | dependsOn: 12 | - name: namespaces 13 | path: ./kubernetes/config 14 | force: true 15 | prune: true 16 | wait: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | decryption: 21 | provider: sops 22 | secretRef: 23 | name: sops-age 24 | -------------------------------------------------------------------------------- /kubernetes/apps/home-assistant/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ${APP_NAMESPACE} 4 | resources: 5 | - ../../../templates/volsync-pvc 6 | - app.yaml 7 | - code.yaml 8 | configMapGenerator: 9 | - name: home-assistant-init 10 | files: 11 | - init/automations.yaml 12 | - init/configuration.yaml 13 | - init/scenes.yaml 14 | - init/secrets.yaml 15 | - init/scripts.yaml 16 | generatorOptions: 17 | disableNameSuffixHash: true 18 | -------------------------------------------------------------------------------- /kubernetes/core/storage/zfs-localpv/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: zfs-localpv 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/core/storage/zfs-localpv/app" 8 | wait: true 9 | --- 10 | apiVersion: kustomize.toolkit.fluxcd.io/v1 11 | kind: Kustomization 12 | metadata: 13 | name: zfs-localpv-volume 14 | namespace: flux-system 15 | spec: 16 | path: "./kubernetes/core/storage/zfs-localpv/volume" 17 | dependsOn: 18 | - name: zfs-localpv 19 | -------------------------------------------------------------------------------- /kubernetes/apps/mail-archiver/README.md: -------------------------------------------------------------------------------- 1 | # [Mail-Archiver](https://github.com/s1t5/mail-archiver) 2 | 3 | Mail-Archiver is a web application for archiving, searching, and exporting emails from multiple accounts. Featuring folder sync, attachment support, mailbox migration and a dashboard. 4 | 5 | ## Mail Accounts 6 | 7 | ### Gmail 8 | 9 | - Provider: IMAP 10 | - IMAP Server: `imap.gmail.com` 11 | - IMAP Port: 993 12 | - Username: Your E-Mail Address 13 | - Password: Create and use the app password from `https://myaccount.google.com/apppasswords`. 14 | -------------------------------------------------------------------------------- /kubernetes/templates/volsync-pvc/pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: "${APP_NAME}-pvc" 5 | namespace: ${APP_NAMESPACE} 6 | spec: 7 | accessModes: 8 | - "ReadWriteOnce" 9 | resources: 10 | requests: 11 | storage: "${PVC_CAPACITY:-1Gi}" 12 | storageClassName: "openebs-zfspv" 13 | # see https://github.com/backube/volsync/issues/627#issuecomment-1688603593 14 | dataSourceRef: 15 | kind: ReplicationDestination 16 | apiGroup: volsync.backube 17 | name: "${APP_NAME}-bootstrap" 18 | -------------------------------------------------------------------------------- /kubernetes/core/gitops/flux-instance/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: flux-system 6 | resources: 7 | - ./helm-release.yaml 8 | configMapGenerator: 9 | - name: flux-instance-core 10 | files: 11 | - values.yaml=./helm-values.yaml 12 | - name: flux-instance-config 13 | files: 14 | - values.yaml=./../../../../config/settings/flux.yaml 15 | configurations: 16 | - kustomizeconfig.yaml 17 | -------------------------------------------------------------------------------- /.gitea/workflows/pull-images.py: -------------------------------------------------------------------------------- 1 | import re 2 | import subprocess 3 | 4 | with open('flux-diff.md') as f: 5 | for line in f: 6 | m = re.match(r'^\+\s*image:\s*(\S+)', line) 7 | if m: 8 | image = m.group(1) 9 | print('pull image:', image) 10 | subprocess.run([ 11 | "curl", "-s", "-X", "POST", 12 | "http://image-puller.system.svc.cluster.local/pull-image", 13 | "-H", "Content-Type: application/json", 14 | "-d", f'{{"image": "{image}"}}' 15 | ]) 16 | -------------------------------------------------------------------------------- /kubernetes/core/database/postgres/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: postgres-operator 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/core/database/postgres/operator" 8 | dependsOn: 9 | - name: prometheus-crds 10 | --- 11 | apiVersion: kustomize.toolkit.fluxcd.io/v1 12 | kind: Kustomization 13 | metadata: 14 | name: postgres-config 15 | namespace: flux-system 16 | spec: 17 | path: "./kubernetes/core/database/postgres/config" 18 | dependsOn: 19 | - name: postgres-operator 20 | -------------------------------------------------------------------------------- /kubernetes/core/gitops/flux-operator/app/helm-release.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: flux-operator 6 | namespace: flux-system 7 | spec: 8 | interval: 10m 9 | chart: 10 | spec: 11 | chart: flux-operator 12 | version: 0.33.0 13 | sourceRef: 14 | kind: HelmRepository 15 | name: controlplaneio-fluxcd-charts 16 | namespace: flux-system 17 | -------------------------------------------------------------------------------- /kubernetes/apps/monerod/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: monerod 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/monerod/app" 8 | postBuild: 9 | substitute: 10 | APP_NAME: monerod 11 | APP_NAMESPACE: apps 12 | PVC_CAPACITY: "200Gi" 13 | BACKUP_VOLSYNC_BUCKET: "blockchain" 14 | BACKUP_RETAIN_DAILY: "0" 15 | BACKUP_RETAIN_WEEKLY: "1" 16 | BACKUP_RETAIN_MONTHLY: "0" 17 | BACKUP_SCHEDULE: "0 4 * * 5" 18 | BACKUP_CACHE_CAPACITY: "8Gi" 19 | -------------------------------------------------------------------------------- /kubernetes/apps/bitcoind/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: bitcoind 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/bitcoind/app" 8 | postBuild: 9 | substitute: 10 | APP_NAME: bitcoind 11 | APP_NAMESPACE: apps 12 | PVC_CAPACITY: "200Gi" 13 | BACKUP_VOLSYNC_BUCKET: "blockchain" 14 | BACKUP_RETAIN_DAILY: "0" 15 | BACKUP_RETAIN_WEEKLY: "1" 16 | BACKUP_RETAIN_MONTHLY: "0" 17 | BACKUP_SCHEDULE: "0 3 * * 5" 18 | BACKUP_CACHE_CAPACITY: "8Gi" 19 | -------------------------------------------------------------------------------- /kubernetes/apps/email2signal/README.md: -------------------------------------------------------------------------------- 1 | # email2signal 2 | 3 | Forward received emails to dockerized [signal-cli-rest-api](https://github.com/bbernhard/signal-cli-rest-api). 4 | 5 | ## Testing 6 | 7 | Open shell in mailpit container and run: 8 | 9 | ```sh 10 | echo -e "Subject: Test\n\nTest\n" | sendmail -S localhost:1025 self@signal.localdomain 11 | ``` 12 | 13 | ## Endpoint 14 | 15 | - host: `email2signal-mail.notification.svc` 16 | - port: `1025` 17 | - recipient: `self@signal.localdomain` 18 | 19 | 20 | ## Swagger UUI 21 | 22 | `https://signal-api.k8s.lan//swagger/index.html` 23 | -------------------------------------------------------------------------------- /kubernetes/suspended/fresh-rss/README.md: -------------------------------------------------------------------------------- 1 | # [FreshRSS](https://github.com/FreshRSS/FreshRSS) 2 | 3 | FreshRSS is a self-hosted RSS feed aggregator. 4 | 5 | ## Backup / Restore 6 | 7 | To backup your Abonnementverwaltung channels you can go to the Abonnementverwaltung Menu and use the `Importieren / Exportieren` Menu. 8 | 9 | ## Newsboat 10 | 11 | add the following to `~/config/newsboat/config`: 12 | 13 | ``` 14 | urls-source "freshrss" 15 | freshrss-url "https://rss.{{DOMAIN}}/api/greader.php" 16 | freshrss-login "admin" 17 | freshrss-password "mysupersecureexampleapipassword" 18 | ``` 19 | -------------------------------------------------------------------------------- /kubernetes/core/database/postgres/config/image-catalog.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: postgresql.cnpg.io/v1 2 | kind: ImageCatalog 3 | metadata: 4 | name: postgresql 5 | namespace: database 6 | spec: 7 | images: 8 | # TODO renovate? 9 | - major: 16 10 | image: ghcr.io/cloudnative-pg/postgresql:16.4-38 11 | --- 12 | apiVersion: postgresql.cnpg.io/v1 13 | kind: ImageCatalog 14 | metadata: 15 | name: postgresql-pgvertors 16 | namespace: database 17 | spec: 18 | images: 19 | # TODO renovate? 20 | - major: 16 21 | image: "ghcr.io/tensorchord/cloudnative-pgvecto.rs:16-v0.2.1" 22 | -------------------------------------------------------------------------------- /kubernetes/core/monitoring/prometheus-stack/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: prometheus-crds 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/core/monitoring/prometheus-stack/crds" 8 | --- 9 | apiVersion: kustomize.toolkit.fluxcd.io/v1 10 | kind: Kustomization 11 | metadata: 12 | name: prometheus-stack 13 | namespace: flux-system 14 | spec: 15 | path: "./kubernetes/core/monitoring/prometheus-stack/app" 16 | dependsOn: 17 | - name: zfs-localpv-volume 18 | - name: traefik 19 | - name: prometheus-crds 20 | -------------------------------------------------------------------------------- /kubernetes/core/networking/cert-manager/README.md: -------------------------------------------------------------------------------- 1 | # [cert-manager](https://github.com/cert-manager/cert-manager) 2 | 3 | cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. 4 | 5 | ## Issuer vs ClusterIssuer 6 | 7 | If you want to create a single Issuer that can be consumed in multiple namespaces, you should consider creating a ClusterIssuer resource. This is almost identical to the Issuer resource, however is non-namespaced so it can be used to issue Certificates across all namespaces. 8 | -------------------------------------------------------------------------------- /kubernetes/core/networking/cilium/README.md: -------------------------------------------------------------------------------- 1 | # [cilium](https://cilium.io/) 2 | 3 | Cilium is an open source, cloud native solution for providing, securing, and observing network connectivity between workloads, fueled by the revolutionary Kernel technology eBPF. 4 | 5 | ## Setup 6 | 7 | ### Native Routing 8 | 9 | ```yaml 10 | values: 11 | routingMode: native 12 | ipv4NativeRoutingCIDR: "${CONFIG_CLUSTER_PODS_NETWORK_IP_POOL}" 13 | autoDirectNodeRoutes: true 14 | ipam: 15 | mode: "kubernetes" 16 | operator: 17 | clusterPoolIPv4PodCIDRList: ["${CONFIG_CLUSTER_PODS_NETWORK_IP_POOL}"] 18 | 19 | ``` 20 | 21 | -------------------------------------------------------------------------------- /kubernetes/core/networking/cilium/operator/helm-values.yaml: -------------------------------------------------------------------------------- 1 | # seperate helm values to make them deployable without flux at cluster bootstrap 2 | # therefore we can not use flux variable substitution in this file 3 | --- 4 | # NOETE: Required settings for vpn-gateway 5 | # see: https://github.com/cilium/cilium/issues/27560 6 | # alternatively use https://github.com/angelnu/pod-gateway/pull/52 7 | routingMode: native 8 | ipv4NativeRoutingCIDR: "10.42.0.0/16" 9 | autoDirectNodeRoutes: true 10 | ipam: 11 | mode: "kubernetes" 12 | operator: 13 | clusterPoolIPv4PodCIDRList: ["10.42.0.0/16"] 14 | operator: 15 | replicas: 1 16 | -------------------------------------------------------------------------------- /kubernetes/core/networking/coredns/app/helm-release.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: coredns 6 | namespace: kube-system 7 | spec: 8 | interval: 10m 9 | chart: 10 | spec: 11 | chart: coredns 12 | version: 1.45.0 13 | sourceRef: 14 | kind: HelmRepository 15 | name: coredns-charts 16 | namespace: flux-system 17 | valuesFrom: 18 | - kind: ConfigMap 19 | name: coredns-helm-values 20 | -------------------------------------------------------------------------------- /kubernetes/templates/postgres/postgresql-cluster-credentials.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | type: kubernetes.io/basic-auth 3 | kind: Secret 4 | metadata: 5 | name: ${APP_NAME}-postgresql-credentials 6 | namespace: ${CONFIG_DATABASE_NAMESPACE} 7 | stringData: 8 | password: ${SECRET_DATABASE_PASSWORD} 9 | username: ${SECRET_DATABASE_USER} 10 | database: ${POSTGRES_DATABASE} 11 | uri: ${APP_NAME}-postgresql-rw.${CONFIG_DATABASE_NAMESPACE}.svc.cluster.local 12 | url: postgresql://${SECRET_DATABASE_USER}:${SECRET_DATABASE_PASSWORD}@${APP_NAME}-postgresql-rw.${CONFIG_DATABASE_NAMESPACE}.svc.cluster.local/${POSTGRES_DATABASE} 13 | -------------------------------------------------------------------------------- /kubernetes/core/networking/multus/operator/helm-release.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: multus 6 | namespace: networking 7 | annotations: 8 | meta.helm.sh/release-namespace: "networking" 9 | spec: 10 | interval: 10m 11 | chart: 12 | spec: 13 | chart: rke2-multus 14 | version: v4.2.208 15 | sourceRef: 16 | kind: HelmRepository 17 | name: rke2-charts 18 | namespace: flux-system 19 | 20 | 21 | -------------------------------------------------------------------------------- /kubernetes/core/networking/traefik/crds/crds.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: traefik-crds 6 | namespace: networking 7 | annotations: 8 | meta.helm.sh/release-namespace: "networking" 9 | spec: 10 | interval: 10m 11 | chart: 12 | spec: 13 | chart: traefik-crds 14 | version: 1.11.1 15 | sourceRef: 16 | kind: HelmRepository 17 | name: traefik-charts 18 | namespace: flux-system 19 | 20 | 21 | -------------------------------------------------------------------------------- /kubernetes/apps/grafana/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: monitoring 4 | resources: 5 | - ./helm-release.yaml 6 | configMapGenerator: 7 | - name: solaredge-dashboard 8 | files: 9 | - dashboards/solaredge.json 10 | - name: esp-dashboard 11 | files: 12 | - dashboards/esp1.json 13 | - name: esp-dashboard-2 14 | files: 15 | - dashboards/esp2.json 16 | generatorOptions: 17 | disableNameSuffixHash: true 18 | annotations: 19 | kustomize.toolkit.fluxcd.io/substitute: disabled 20 | labels: 21 | grafana_dashboard: "true" 22 | -------------------------------------------------------------------------------- /kubernetes/templates/postgres/postgresql-app-credentials.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | type: kubernetes.io/basic-auth 3 | kind: Secret 4 | metadata: 5 | name: ${APP_NAME}-postgresql-credentials 6 | namespace: ${APP_NAMESPACE} 7 | stringData: 8 | superuser: postgres 9 | password: ${SECRET_DATABASE_PASSWORD} 10 | username: ${SECRET_DATABASE_USER} 11 | database: ${POSTGRES_DATABASE} 12 | uri: ${APP_NAME}-postgresql-rw.${CONFIG_DATABASE_NAMESPACE}.svc.cluster.local 13 | url: postgresql://${SECRET_DATABASE_USER}:${SECRET_DATABASE_PASSWORD}@${APP_NAME}-postgresql-rw.${CONFIG_DATABASE_NAMESPACE}.svc.cluster.local/${POSTGRES_DATABASE} 14 | -------------------------------------------------------------------------------- /kubernetes/apps/home-assistant/README.md: -------------------------------------------------------------------------------- 1 | # [Home Assistant](https://github.com/home-assistant/core) 2 | 3 | Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server. 4 | 5 | 6 | ## Workarounds 7 | 8 | Homne Assistant does not provide a proper mechanism to handle custom integration well. To fix this we git clone custom integrations inot `/config/addons` and generate the required symlinks to be able to easy update these integrations via git pull. Files inside `/config/www` do not support this, hear we need to copy the files. 9 | -------------------------------------------------------------------------------- /kubernetes/apps/influxdb2/README.md: -------------------------------------------------------------------------------- 1 | # InfluxDB2 2 | 3 | InfluxDB is an open source time series database. 4 | 5 | ## Clone 6 | 7 | Inside the old instance: 8 | 9 | ```sh 10 | influx backup /tmp/backup -t 11 | ``` 12 | 13 | Then copy the files from host and uplaod to the new instance: 14 | 15 | ```sh 16 | mkldir backup 17 | cd backup 18 | kubectl cp monitoring/influxdb-55c74c9648-mf4wb:/tmp/backup . 19 | cd .. 20 | kubectl cp backup monitoring/influxdb2-0:/tmp 21 | ``` 22 | 23 | And finaly from new instance: 24 | 25 | ```sh 26 | influx bucket delete -n solaredge -o homelab 27 | influx restore /tmp/backup/ --bucket solaredge 28 | ``` 29 | -------------------------------------------------------------------------------- /kubernetes/core/storage/local-hostpath/README.md: -------------------------------------------------------------------------------- 1 | # [democratic-csi](https://github.com/democratic-csi/democratic-csi) 2 | 3 | democratic-csi implements the csi (container storage interface) spec providing storage for various container orchestration systems (ie: Kubernetes). 4 | 5 | The current drivers implement the depth and breadth of the csi spec, so you have access to resizing, snapshots, clones, etc functionality. 6 | 7 | ## local-hostpath 8 | 9 | This driver provisions node-local storage. I choose this implementation because it allows to reuse a volume on re-provisioning by using the `idTemplate`. Of course, this only makes sense on a single node cluster. 10 | -------------------------------------------------------------------------------- /kubernetes/apps/vault/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: vault 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/vault/app" 8 | wait: true 9 | postBuild: 10 | substitute: 11 | APP_NAME: vault 12 | APP_NAMESPACE: apps 13 | PVC_CAPACITY: "8Gi" 14 | --- 15 | apiVersion: kustomize.toolkit.fluxcd.io/v1 16 | kind: Kustomization 17 | metadata: 18 | name: vault-autounseal 19 | namespace: flux-system 20 | spec: 21 | path: "./kubernetes/apps/vault/autounseal" 22 | dependsOn: 23 | - name: vault 24 | postBuild: 25 | substitute: 26 | APP_NAMESPACE: apps 27 | -------------------------------------------------------------------------------- /kubernetes/apps/tailscale/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: tailscale-cleanup 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/tailscale/cleanup" 8 | wait: true 9 | postBuild: 10 | substitute: 11 | APP_NAMESPACE: networking 12 | --- 13 | apiVersion: kustomize.toolkit.fluxcd.io/v1 14 | kind: Kustomization 15 | metadata: 16 | name: tailscale 17 | namespace: flux-system 18 | spec: 19 | path: "./kubernetes/apps/tailscale/operator" 20 | dependsOn: 21 | - name: tailscale-cleanup 22 | postBuild: 23 | substitute: 24 | APP_NAME: tailscale 25 | APP_NAMESPACE: networking 26 | -------------------------------------------------------------------------------- /kubernetes/core/backup/volsync/README.md: -------------------------------------------------------------------------------- 1 | # [VolSync](https://github.com/backube/volsync) 2 | 3 | VolSync is a Kubernetes operator that performs asynchronous replication of persistent volumes within, or across, clusters. The replication provided by VolSync is independent of the storage system. This allows replication to and from storage types that don’t normally support remote replication. Additionally, it can replicate across different types (and vendors) of storage. 4 | 5 | ## Notes 6 | 7 | You may need to add the following to you namespace `annotations` to get access to all files for the backup process (root): 8 | 9 | ```yaml 10 | volsync.backube/privileged-movers: "true" 11 | ``` 12 | -------------------------------------------------------------------------------- /kubernetes/templates/volsync-pvc/replication-destination.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: volsync.backube/v1alpha1 2 | kind: ReplicationDestination 3 | metadata: 4 | name: "${APP_NAME}-bootstrap" 5 | namespace: "${APP_NAMESPACE}" 6 | spec: 7 | trigger: 8 | manual: restore-once 9 | restic: 10 | copyMethod: Snapshot 11 | repository: "${APP_NAME}-restic-src-credentials" 12 | cacheStorageClassName: "openebs-zfspv" 13 | storageClassName: "openebs-zfspv" 14 | volumeSnapshotClassName: "zfspv-snapclass" 15 | accessModes: 16 | - "ReadWriteOnce" 17 | capacity: "${PVC_CAPACITY:-1Gi}" 18 | enableFileDeletion: true 19 | cleanupTempPVC: true 20 | cleanupCachePVC: true 21 | -------------------------------------------------------------------------------- /kubernetes/apps/vaultwarden/README.md: -------------------------------------------------------------------------------- 1 | # Vaultwarden 2 | 3 | Vaultwarden is a alternative server backend for the **password manager** Bitwarden. Valutwarden can be used in combination with the official Bitwarden clients (browser addons) and provide more features for free. 4 | 5 | ## Admin Interface 6 | 7 | The admin interface can be accessed with `vaultwarden.{{ domain }}/admin`. 8 | 9 | In `Settings : General` Settings you can enable and disable `Allow new signups`. 10 | 11 | ## Users 12 | 13 | - root@k8s.lan 14 | - phone@k8s.lan 15 | - family@k8s.lan 16 | 17 | 18 | ## Admin Token 19 | 20 | See `config.json` in data dir. 21 | 22 | 23 | ## Create User 24 | 25 | USe the admin page at top select users. 26 | -------------------------------------------------------------------------------- /kubernetes/core/gitops/flux-instance/app/helm-release.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: flux-instance 6 | namespace: flux-system 7 | spec: 8 | interval: 10m 9 | chart: 10 | spec: 11 | chart: flux-instance 12 | version: 0.33.0 13 | sourceRef: 14 | kind: HelmRepository 15 | name: controlplaneio-fluxcd-charts 16 | namespace: flux-system 17 | valuesFrom: 18 | - kind: ConfigMap 19 | name: flux-instance-core 20 | - kind: ConfigMap 21 | name: flux-instance-config 22 | -------------------------------------------------------------------------------- /kubernetes/suspended/harbor/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: harbor 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/harbor/app" 8 | wait: true 9 | postBuild: 10 | substitute: 11 | APP_NAME: harbor 12 | APP_NAMESPACE: apps 13 | PVC_CAPACITY: "32Gi" 14 | --- 15 | apiVersion: kustomize.toolkit.fluxcd.io/v1 16 | kind: Kustomization 17 | metadata: 18 | name: harbor-webhook 19 | namespace: flux-system 20 | spec: 21 | path: "./kubernetes/apps/harbor/webhook" 22 | dependsOn: 23 | - name: harbor 24 | postBuild: 25 | substitute: 26 | APP_NAME: harbor-webhook 27 | APP_NAMESPACE: apps 28 | -------------------------------------------------------------------------------- /kubernetes/core/backup/volsync/operator/prometheus-rule.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/prometheusrule_v1.json 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: PrometheusRule 5 | metadata: 6 | name: volsync-rules 7 | namespace: backup 8 | spec: 9 | groups: 10 | - name: volsync.rules 11 | rules: 12 | - alert: VolSyncVolumeOutOfSync 13 | annotations: 14 | summary: >- 15 | {{ $labels.obj_namespace }}/{{ $labels.obj_name }} volume 16 | is out of sync. 17 | expr: | 18 | volsync_volume_out_of_sync == 1 19 | for: 15m 20 | labels: 21 | severity: critical 22 | -------------------------------------------------------------------------------- /kubernetes/namespaces/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - resources/apps.yaml 5 | - resources/authentication.yaml 6 | - resources/backup.yaml 7 | - resources/dashboard.yaml 8 | - resources/flux-system.yaml 9 | - resources/database.yaml 10 | - resources/home-automation.yaml 11 | - resources/kubevirt.yaml 12 | - resources/media.yaml 13 | - resources/minio-operator.yaml 14 | - resources/monitoring.yaml 15 | - resources/networking.yaml 16 | - resources/notification.yaml 17 | - resources/policy.yaml 18 | - resources/storage.yaml 19 | - resources/system.yaml 20 | - resources/vpn-apps.yaml 21 | - resources/vpn-gateway.yaml 22 | -------------------------------------------------------------------------------- /kubernetes/core/networking/multus/networks/networks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.cni.cncf.io/v1 2 | kind: NetworkAttachmentDefinition 3 | metadata: 4 | name: multus-br1 5 | namespace: networking 6 | spec: 7 | config: | 8 | { 9 | "cniVersion": "0.3.1", 10 | "type": "bridge", 11 | "bridge": "br1", 12 | "ipam": { 13 | "type": "host-local", 14 | "subnet": "${SECRET_MULTUS_BRIDGE_SUBNET}", 15 | "rangeStart": "${SECRET_MULTUS_BRIDGE_RANGE_START}", 16 | "rangeEnd": "${SECRET_MULTUS_BRIDGE_RANGE_END}", 17 | "routes": [{"dst": "${SECRET_MULTUS_BRIDGE_SUBNET}"}, {"dst": "255.255.255.255/32"}], 18 | "gateway": "${SECRET_MULTUS_BRIDGE_GATEWAY}" 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /kubernetes/core/system/reloader/app/helm-release.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: ${APP_NAME} 6 | namespace: ${APP_NAMESPACE} 7 | spec: 8 | interval: 10m 9 | chart: 10 | spec: 11 | chart: reloader 12 | version: 2.2.3 13 | sourceRef: 14 | kind: HelmRepository 15 | name: stakater-charts 16 | namespace: flux-system 17 | 18 | values: 19 | reloader: 20 | deployment: 21 | replicas: 1 22 | podMonitor: 23 | enabled: true 24 | 25 | reloadStrategy: annotations 26 | -------------------------------------------------------------------------------- /kubernetes/apps/tailscale/cleanup/tailscale-cleanup.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: tailscale-cleanup 5 | spec: 6 | backoffLimit: 1 7 | template: 8 | spec: 9 | restartPolicy: Never 10 | containers: 11 | - name: tailscale-cleanup 12 | image: ghcr.io/niki-on-github/tailscale-node-cleanup:v0.2.0 13 | env: 14 | - name: TAILNET_ID 15 | value: "${SECRET_TAILSCALE_TAILNET_ID}" 16 | - name: TS_CLIENT_ID 17 | value: "${SECRET_TAILSCALE_OAUTH_CLIENT_ID}" 18 | - name: TS_CLIENT_SECRET 19 | value: "${SECRET_TAILSCALE_OAUTH_CLIENT_SECRET}" 20 | - name: CLEANUP_TAG 21 | value: "k8s" 22 | 23 | -------------------------------------------------------------------------------- /kubernetes/suspended/harbor/README.md: -------------------------------------------------------------------------------- 1 | # [Harbor](https://goharbor.io/) 2 | 3 | Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Harbor extends the open source Docker Distribution by adding the functionalities usually required by users such as security, identity and management. Having a registry closer to the build and run environment can improve the image transfer efficiency. Harbor supports replication of images between registries, and also offers advanced security features such as user management, access control and activity auditing. 4 | 5 | ## Harbor Proxy Cache 6 | 7 | see: https://www.viktorious.nl/2023/11/21/setup-harbor-proxy-cache-and-harbor-container-webhook-to-overcome-docker-hub-pull-limits-in-kubernetes/ 8 | -------------------------------------------------------------------------------- /kubernetes/apps/watcharr/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: watcharr-db 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/templates/postgres" 8 | wait: true 9 | postBuild: 10 | substitute: 11 | APP_NAME: watcharr 12 | APP_NAMESPACE: apps 13 | POSTGRES_DATABASE: "watcharr" 14 | POSTGRES_MAJOR: "16" 15 | --- 16 | apiVersion: kustomize.toolkit.fluxcd.io/v1 17 | kind: Kustomization 18 | metadata: 19 | name: watcharr 20 | namespace: flux-system 21 | spec: 22 | path: "./kubernetes/apps/watcharr/app" 23 | dependsOn: 24 | - name: watcharr-db 25 | - name: tailscale 26 | postBuild: 27 | substitute: 28 | APP_NAME: watcharr 29 | APP_NAMESPACE: apps 30 | -------------------------------------------------------------------------------- /kubernetes/apps/manyfold/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: manyfold-db 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/templates/postgres" 8 | wait: true 9 | postBuild: 10 | substitute: 11 | APP_NAME: manyfold 12 | APP_NAMESPACE: apps 13 | POSTGRES_DATABASE: "manyfold" 14 | POSTGRES_MAJOR: "16" 15 | --- 16 | apiVersion: kustomize.toolkit.fluxcd.io/v1 17 | kind: Kustomization 18 | metadata: 19 | name: manyfold 20 | namespace: flux-system 21 | spec: 22 | path: "./kubernetes/apps/manyfold/app" 23 | dependsOn: 24 | - name: manyfold-db 25 | postBuild: 26 | substitute: 27 | APP_NAME: manyfold 28 | APP_NAMESPACE: apps 29 | PVC_CAPACITY: "32Gi" 30 | -------------------------------------------------------------------------------- /kubernetes/apps/network-share/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: network-share 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/network-share/services" 8 | wait: true 9 | postBuild: 10 | substitute: 11 | APP_NAME: network-share 12 | APP_NAMESPACE: media 13 | --- 14 | apiVersion: kustomize.toolkit.fluxcd.io/v1 15 | kind: Kustomization 16 | metadata: 17 | name: network-share-storage 18 | namespace: flux-system 19 | spec: 20 | path: "./kubernetes/apps/network-share/storage" 21 | wait: true 22 | dependsOn: 23 | - name: network-share 24 | postBuild: 25 | substitute: 26 | APP_NAMESPACE: media 27 | NFS_SERVER_URI: network-share-nfs.media.svc.cluster.local 28 | -------------------------------------------------------------------------------- /kubernetes/apps/nzbget/README.md: -------------------------------------------------------------------------------- 1 | # [NZBGet](https://github.com/nzbgetcom/nzbget) 2 | 3 | NZBGet is a binary downloader, which downloads files from Usenet based on information given in nzb-files. 4 | 5 | ## Setup 6 | 7 | Default login is `nzbget:tegbzn6789`. 8 | 9 | 1. Change the default login in Settings -> Security -> ControlUsername and ControlPassword. 10 | 2. Then change the umask setting in Settings -> Security -> UMask to `000` and save all changes 11 | 3. Apply all changes Reload the configuration with Settings -> System -> Reload 12 | 13 | ## Embedded Password Extension Script Setup 14 | 15 | 1. Change Script path in Settings -> Paths -> ScriptDir to `/scripts` and save + reload nzbget 16 | 2. Select Script in Settings -> Extension Scripts -> Extensions -> Choose -> `GetPw.py` 17 | -------------------------------------------------------------------------------- /kubernetes/apps/influxdb2/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: influxdb2 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/apps/influxdb2/app" 8 | wait: true 9 | dependsOn: 10 | - name: volsync 11 | postBuild: 12 | substitute: 13 | APP_NAME: influxdb2 14 | APP_NAMESPACE: monitoring 15 | PVC_CAPACITY: "32Gi" 16 | --- 17 | apiVersion: kustomize.toolkit.fluxcd.io/v1 18 | kind: Kustomization 19 | metadata: 20 | name: influxdb2-extensions 21 | namespace: flux-system 22 | spec: 23 | path: "./kubernetes/apps/influxdb2/extensions" 24 | dependsOn: 25 | - name: influxdb2 26 | postBuild: 27 | substitute: 28 | APP_NAME: influxdb2-extensions 29 | APP_NAMESPACE: monitoring 30 | -------------------------------------------------------------------------------- /kubernetes/apps/vault/autounseal/app.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: helm.toolkit.fluxcd.io/v2 2 | kind: HelmRelease 3 | metadata: 4 | name: &app vault-autounseal 5 | namespace: ${APP_NAMESPACE} 6 | spec: 7 | chart: 8 | spec: 9 | chart: vault-autounseal 10 | version: 0.5.3 11 | sourceRef: 12 | kind: HelmRepository 13 | name: vault-autounseal-charts 14 | namespace: flux-system 15 | 16 | values: 17 | image: 18 | repository: docker.io/kennyopennix/vault-autounseal 19 | tag: "main" 20 | 21 | settings: 22 | vault_url: "http://vault.${APP_NAMESPACE}.svc.cluster.local:8200" 23 | vault_secret_shares: 3 24 | vault_secret_threshold: 2 25 | vault_root_token_secret: vault-root-token 26 | vault_keys_secret: vault-keys 27 | -------------------------------------------------------------------------------- /kubernetes/suspended/maybe/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: maybe-db 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/templates/postgres" 8 | wait: true 9 | postBuild: 10 | substitute: 11 | APP_NAME: maybe 12 | APP_NAMESPACE: apps 13 | POSTGRES_DATABASE: "maybe" 14 | POSTGRES_MAJOR: "16" 15 | --- 16 | apiVersion: kustomize.toolkit.fluxcd.io/v1 17 | kind: Kustomization 18 | metadata: 19 | name: maybe 20 | namespace: flux-system 21 | spec: 22 | path: "./kubernetes/apps/maybe/app" 23 | dependsOn: 24 | - name: maybe-db 25 | postBuild: 26 | substitute: 27 | APP_NAME: maybe 28 | APP_NAMESPACE: apps 29 | POSTGRES_DATABASE: "maybe" 30 | PVC_CAPACITY: "8Gi" 31 | -------------------------------------------------------------------------------- /kubernetes/core/backup/volsync/operator/helm-release.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: volsync 7 | namespace: backup 8 | spec: 9 | interval: 10m 10 | chart: 11 | spec: 12 | chart: volsync 13 | version: 0.13.1 14 | sourceRef: 15 | kind: HelmRepository 16 | name: backube-charts 17 | namespace: flux-system 18 | 19 | values: 20 | image: 21 | repository: ghcr.io/niki-on-github/volsync 22 | # pullPolicy: Always 23 | pullPolicy: IfNotPresent 24 | tag: "personal-0.13.1" 25 | manageCRDs: true 26 | metrics: 27 | disableAuth: true 28 | -------------------------------------------------------------------------------- /kubernetes/apps/miniflux/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: miniflux-db 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/templates/postgres" 8 | wait: true 9 | postBuild: 10 | substitute: 11 | APP_NAME: miniflux 12 | APP_NAMESPACE: apps 13 | POSTGRES_DATABASE: "miniflux" 14 | POSTGRES_MAJOR: "16" 15 | --- 16 | apiVersion: kustomize.toolkit.fluxcd.io/v1 17 | kind: Kustomization 18 | metadata: 19 | name: miniflux 20 | namespace: flux-system 21 | spec: 22 | path: "./kubernetes/apps/miniflux/app" 23 | dependsOn: 24 | - name: miniflux-db 25 | - name: tailscale 26 | postBuild: 27 | substitute: 28 | APP_NAME: miniflux 29 | APP_NAMESPACE: apps 30 | POSTGRES_DATABASE: "miniflux" 31 | -------------------------------------------------------------------------------- /kubernetes/apps/vpn-diagnose/app/diagnose-vpn.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: diagnose-vpn 5 | namespace: vpn-apps 6 | labels: 7 | app: diagnose-vpn 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | app: diagnose-vpn 13 | template: 14 | metadata: 15 | labels: 16 | app: diagnose-vpn 17 | vpn: "enabled" 18 | spec: 19 | securityContext: 20 | runAsNonRoot: false 21 | runAsUser: 0 22 | containers: 23 | - name: network-tools 24 | image: jonlabelle/network-tools 25 | tty: true 26 | stdin: true 27 | command: 28 | - /bin/bash 29 | securityContext: 30 | capabilities: 31 | add: 32 | - NET_ADMIN 33 | - NET_RAW 34 | -------------------------------------------------------------------------------- /kubernetes/apps/vikunja/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: vikunja-db 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/templates/postgres" 8 | wait: true 9 | postBuild: 10 | substitute: 11 | APP_NAME: vikunja 12 | APP_NAMESPACE: apps 13 | POSTGRES_DATABASE: "entertainment_planer" 14 | POSTGRES_MAJOR: "16" 15 | --- 16 | apiVersion: kustomize.toolkit.fluxcd.io/v1 17 | kind: Kustomization 18 | metadata: 19 | name: vikunja 20 | namespace: flux-system 21 | spec: 22 | path: "./kubernetes/apps/vikunja/app" 23 | wait: true 24 | dependsOn: 25 | - name: vikunja-db 26 | - name: tailscale 27 | postBuild: 28 | substitute: 29 | APP_NAME: vikunja 30 | APP_NAMESPACE: apps 31 | PVC_CAPACITY: "4Gi" 32 | -------------------------------------------------------------------------------- /kubernetes/core/networking/traefik/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: traefik-crds 6 | namespace: flux-system 7 | spec: 8 | path: "./kubernetes/core/networking/traefik/crds" 9 | --- 10 | apiVersion: kustomize.toolkit.fluxcd.io/v1 11 | kind: Kustomization 12 | metadata: 13 | name: traefik 14 | namespace: flux-system 15 | spec: 16 | path: "./kubernetes/core/networking/traefik/operator" 17 | dependsOn: 18 | - name: kube-vip 19 | - name: traefik-crds 20 | --- 21 | apiVersion: kustomize.toolkit.fluxcd.io/v1 22 | kind: Kustomization 23 | metadata: 24 | name: traefik-settings 25 | namespace: flux-system 26 | spec: 27 | path: "./kubernetes/core/networking/traefik/settings" 28 | dependsOn: 29 | - name: traefik 30 | - name: cert-manager 31 | -------------------------------------------------------------------------------- /kubernetes/suspended/jellyplist/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: jellyplist-db 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/templates/postgres" 8 | wait: true 9 | postBuild: 10 | substitute: 11 | APP_NAME: jellyplist 12 | APP_NAMESPACE: media 13 | POSTGRES_DATABASE: "jellyplist" # app is hardcoded to this db 14 | POSTGRES_MAJOR: "16" 15 | --- 16 | apiVersion: kustomize.toolkit.fluxcd.io/v1 17 | kind: Kustomization 18 | metadata: 19 | name: jellyplist 20 | namespace: flux-system 21 | spec: 22 | path: "./kubernetes/apps/jellyplist/app" 23 | dependsOn: 24 | - name: jellyplist-db 25 | - name: network-share 26 | postBuild: 27 | substitute: 28 | APP_NAME: jellyplist 29 | APP_NAMESPACE: media 30 | -------------------------------------------------------------------------------- /kubernetes/apps/home-assistant/app/init/configuration.yaml: -------------------------------------------------------------------------------- 1 | # Loads default set of integrations. Do not remove. 2 | default_config: 3 | 4 | # Load frontend themes from the themes folder 5 | frontend: 6 | themes: !include_dir_merge_named themes 7 | 8 | automation: !include automations.yaml 9 | script: !include scripts.yaml 10 | scene: !include scenes.yaml 11 | 12 | recorder: 13 | db_url: !env_var HASS_RECORDER_DB_URL 14 | 15 | http: 16 | use_x_forwarded_for: true 17 | trusted_proxies: 18 | - !env_var HASS_TRUSTED_PROXIES 19 | 20 | python_script: 21 | 22 | notify: 23 | - name: email_notify 24 | platform: smtp 25 | server: email2signal-mail.notification.svc 26 | port: 1025 27 | sender: hass@k8s.lan 28 | encryption: none 29 | recipient: 30 | - self@signal.localdomain 31 | sender_name: 'Home Assistant' 32 | -------------------------------------------------------------------------------- /kubernetes/apps/zigbee2mqtt/README.md: -------------------------------------------------------------------------------- 1 | # [Zigbee2MQTT](https://www.zigbee2mqtt.io/) 2 | 3 | Zigbee to MQTT bridge, to get rid of proprietary Zigbee bridges. 4 | 5 | ## Mapping 6 | 7 | ```yaml 8 | devices: 9 | '0x00158d000ab73d89': 10 | friendly_name: Temperatur-Kühlschrank 11 | '0x00158d0008303f03': 12 | friendly_name: Kontakt-Fenster-Bad 13 | '0x00158d000a97e80f': 14 | friendly_name: Kontakt-Haustür 15 | '0x00158d000ab717e5': 16 | friendly_name: Temperatur-OG 17 | '0xa4c1381b18d2a542': 18 | friendly_name: Heizung-Warmwasser 19 | '0x00158d000ab5e3f0': 20 | friendly_name: Temperatur-Keller 21 | '0x00158d000a981ea4': 22 | friendly_name: Kontakt-Tür-UG 23 | '0x00158d000a981e85': 24 | friendly_name: Kontakt-Tür-Garage 25 | '0x00158d0007f7a210': 26 | friendly_name: Temperatur-Arbeitszimmer 27 | ``` 28 | -------------------------------------------------------------------------------- /kubernetes/core/networking/cert-manager/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: cert-manager 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/core/networking/cert-manager/operator" 8 | dependsOn: 9 | - name: prometheus-crds 10 | healthChecks: 11 | - apiVersion: apiextensions.k8s.io/v1 12 | kind: CustomResourceDefinition 13 | name: clusterissuers.cert-manager.io 14 | - apiVersion: apiextensions.k8s.io/v1 15 | kind: CustomResourceDefinition 16 | name: certificates.cert-manager.io 17 | --- 18 | apiVersion: kustomize.toolkit.fluxcd.io/v1 19 | kind: Kustomization 20 | metadata: 21 | name: cert-manager-issuer 22 | namespace: flux-system 23 | spec: 24 | path: "./kubernetes/core/networking/cert-manager/issuer" 25 | dependsOn: 26 | - name: cert-manager 27 | -------------------------------------------------------------------------------- /kubernetes/core/storage/minio/external/external-minio.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: external-minio 5 | namespace: storage 6 | spec: 7 | type: ExternalName 8 | ports: 9 | - name: http 10 | port: 9000 11 | targetPort: 9000 12 | externalName: ${CONFIG_MINIO_BACKUP_EXTERNAL_NAME} 13 | --- 14 | apiVersion: networking.k8s.io/v1 15 | kind: Ingress 16 | metadata: 17 | name: external-minio-ingress 18 | namespace: storage 19 | spec: 20 | ingressClassName: traefik 21 | rules: 22 | - host: &host external-minio.${SECRET_DOMAIN} 23 | http: 24 | paths: 25 | - backend: 26 | service: 27 | name: external-minio 28 | port: 29 | number: 9000 30 | path: / 31 | pathType: Prefix 32 | tls: 33 | - hosts: 34 | - *host 35 | 36 | -------------------------------------------------------------------------------- /kubernetes/suspended/fresh-rss/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: fresh-rss-db 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/templates/postgres" 8 | wait: true 9 | postBuild: 10 | substitute: 11 | APP_NAME: fresh-rss 12 | APP_NAMESPACE: apps 13 | POSTGRES_DATABASE: "freshrss" 14 | POSTGRES_MAJOR: "16" 15 | --- 16 | apiVersion: kustomize.toolkit.fluxcd.io/v1 17 | kind: Kustomization 18 | metadata: 19 | name: fresh-rss 20 | namespace: flux-system 21 | spec: 22 | path: "./kubernetes/apps/fresh-rss/app" 23 | dependsOn: 24 | - name: fresh-rss-db 25 | - name: tailscale 26 | postBuild: 27 | substitute: 28 | APP_NAME: fresh-rss 29 | APP_NAMESPACE: apps 30 | POSTGRES_DATABASE: "freshrss" 31 | PVC_CAPACITY: "8Gi" 32 | -------------------------------------------------------------------------------- /kubernetes/apps/linkwarden/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: linkwarden-db 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/templates/postgres" 8 | wait: true 9 | postBuild: 10 | substitute: 11 | APP_NAME: linkwarden 12 | APP_NAMESPACE: apps 13 | POSTGRES_DATABASE: "linkwarden" 14 | POSTGRES_MAJOR: "16" 15 | --- 16 | apiVersion: kustomize.toolkit.fluxcd.io/v1 17 | kind: Kustomization 18 | metadata: 19 | name: linkwarden 20 | namespace: flux-system 21 | spec: 22 | path: "./kubernetes/apps/linkwarden/app" 23 | dependsOn: 24 | - name: linkwarden-db 25 | - name: tailscale 26 | postBuild: 27 | substitute: 28 | APP_NAME: linkwarden 29 | APP_NAMESPACE: apps 30 | POSTGRES_DATABASE: "linkwarden" 31 | PVC_CAPACITY: "8Gi" 32 | -------------------------------------------------------------------------------- /kubernetes/apps/mail-archiver/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: mail-archiver-db 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/templates/postgres" 8 | wait: true 9 | postBuild: 10 | substitute: 11 | APP_NAME: mail-archiver 12 | APP_NAMESPACE: apps 13 | POSTGRES_DATABASE: "MailArchiver" 14 | POSTGRES_MAJOR: "16" 15 | --- 16 | apiVersion: kustomize.toolkit.fluxcd.io/v1 17 | kind: Kustomization 18 | metadata: 19 | name: mail-archiver 20 | namespace: flux-system 21 | spec: 22 | path: "./kubernetes/apps/mail-archiver/app" 23 | wait: true 24 | dependsOn: 25 | - name: mail-archiver-db 26 | postBuild: 27 | substitute: 28 | APP_NAME: mail-archiver 29 | APP_NAMESPACE: apps 30 | PVC_CAPACITY: "4Gi" 31 | POSTGRES_DATABASE: "MailArchiver" 32 | -------------------------------------------------------------------------------- /kubernetes/core/monitoring/metrics-server/app/helm-release.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: metrics-server 6 | namespace: monitoring 7 | spec: 8 | interval: 10m 9 | chart: 10 | spec: 11 | chart: metrics-server 12 | version: 3.13.0 13 | sourceRef: 14 | kind: HelmRepository 15 | name: metrics-server-charts 16 | namespace: flux-system 17 | values: 18 | args: 19 | - --kubelet-insecure-tls 20 | - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname 21 | - --kubelet-use-node-status-port 22 | - --metric-resolution=30s 23 | metrics: 24 | enabled: true 25 | serviceMonitor: 26 | enabled: true 27 | 28 | -------------------------------------------------------------------------------- /kubernetes/core/networking/cert-manager/operator/helm-release.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: cert-manager 6 | namespace: networking 7 | annotations: 8 | meta.helm.sh/release-namespace: "networking" 9 | spec: 10 | interval: 10m 11 | chart: 12 | spec: 13 | chart: cert-manager 14 | version: v1.19.1 15 | sourceRef: 16 | kind: HelmRepository 17 | name: jetstack-charts 18 | namespace: flux-system 19 | 20 | values: 21 | installCRDs: true 22 | 23 | cainjector: 24 | replicaCount: 1 25 | 26 | prometheus: 27 | enabled: true 28 | servicemonitor: 29 | enabled: true 30 | prometheusInstance: monitoring 31 | 32 | -------------------------------------------------------------------------------- /kubernetes/apps/vpn-diagnose/app/diagnose-network-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: diagnose-network-policy 5 | namespace: vpn-apps 6 | labels: 7 | app: diagnose-network-policy 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | app: diagnose-network-policy 13 | template: 14 | metadata: 15 | labels: 16 | app: diagnose-network-policy 17 | vpn: "test-network-policy" 18 | spec: 19 | securityContext: 20 | runAsNonRoot: false 21 | runAsUser: 0 22 | containers: 23 | - name: network-tools 24 | image: jonlabelle/network-tools 25 | tty: true 26 | stdin: true 27 | command: 28 | - /bin/bash 29 | securityContext: 30 | capabilities: 31 | add: 32 | - NET_ADMIN 33 | - NET_RAW 34 | -------------------------------------------------------------------------------- /kubernetes/apps/home-assistant/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: home-assistant-db 5 | namespace: flux-system 6 | spec: 7 | path: "./kubernetes/templates/postgres" 8 | wait: true 9 | postBuild: 10 | substitute: 11 | APP_NAME: home-assistant 12 | APP_NAMESPACE: home-automation 13 | POSTGRES_DATABASE: "home-assistant" 14 | POSTGRES_MAJOR: "16" 15 | --- 16 | apiVersion: kustomize.toolkit.fluxcd.io/v1 17 | kind: Kustomization 18 | metadata: 19 | name: home-assistant 20 | namespace: flux-system 21 | spec: 22 | path: "./kubernetes/apps/home-assistant/app" 23 | force: true 24 | dependsOn: 25 | - name: home-assistant-db 26 | - name: tailscale 27 | - name: mosquitto 28 | postBuild: 29 | substitute: 30 | APP_NAME: home-assistant 31 | APP_NAMESPACE: home-automation 32 | PVC_CAPACITY: "8Gi" 33 | -------------------------------------------------------------------------------- /kubernetes/apps/unifi/README.md: -------------------------------------------------------------------------------- 1 | # unifi-network-application 2 | 3 | The UniFi® Network Application is a wireless network management software solution from Ubiquiti Networks™. It allows you to manage multiple wireless networks using a web browser. 4 | 5 | ## Device Adoption 6 | 7 | For Unifi to adopt other devices, e.g. an Access Point, it is required to change the inform IP address. Because Unifi runs inside Docker by default it uses an IP address not accessible by other devices. To change this go to `Settings > System > Advanced` and set the Inform Host to a hostname or IP address accessible by your devices. Additionally the checkbox "Override" has to be checked, so that devices can connect to the controller during adoption (devices use the inform-endpoint during adoption). 8 | 9 | **Please note, Unifi change the location of this option every few releases so if it's not where it says, search for "Inform" or "Inform Host" in the settings.** -------------------------------------------------------------------------------- /kubernetes/core/networking/traefik/settings/default-tls-store.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Certificate 3 | metadata: 4 | name: domain-certificate 5 | namespace: networking 6 | spec: 7 | secretName: domain-tls-secret 8 | privateKey: 9 | rotationPolicy: Always 10 | algorithm: RSA 11 | encoding: PKCS1 12 | size: 4096 13 | duration: 8760h # 1 Year 14 | renewBefore: 2208h # 3 months 15 | subject: 16 | organizations: 17 | - Homelab 18 | commonName: "${SECRET_DOMAIN}" 19 | isCA: false 20 | usages: 21 | - server auth 22 | - client auth 23 | dnsNames: 24 | - "${SECRET_DOMAIN}" 25 | - "*.${SECRET_DOMAIN}" 26 | issuerRef: 27 | name: ca-issuer 28 | kind: ClusterIssuer 29 | --- 30 | apiVersion: traefik.io/v1alpha1 31 | kind: TLSStore 32 | metadata: 33 | name: default 34 | namespace: networking 35 | spec: 36 | defaultCertificate: 37 | secretName: domain-tls-secret 38 | -------------------------------------------------------------------------------- /kubernetes/apps/unifi/app/unifi-udp-discovery.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: DaemonSet 3 | metadata: 4 | name: unifi-udp-discovery 5 | namespace: ${APP_NAMESPACE} 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: unifi 10 | template: 11 | metadata: 12 | labels: 13 | app: unifi 14 | spec: 15 | hostNetwork: true 16 | hostPID: true 17 | hostIPC: true 18 | containers: 19 | - name: unifi-udp-discovery 20 | image: busybox:1.37.0 21 | securityContext: 22 | privileged: true 23 | volumeMounts: 24 | - mountPath: /host 25 | name: host 26 | command: [ "/bin/sh", "-c", "--" ] 27 | args: [ "chroot /host /nix/var/nix/profiles/system/sw/bin/kubectl-relay -n ${APP_NAMESPACE} --server.namespace networking --address 0.0.0.0 deploy/${APP_NAME} 10001:10001@udp" ] 28 | volumes: 29 | - name: host 30 | hostPath: 31 | path: / 32 | -------------------------------------------------------------------------------- /kubernetes/suspended/harbor/webhook/app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: ${APP_NAME} 6 | namespace: ${APP_NAMESPACE} 7 | spec: 8 | interval: 10m 9 | chart: 10 | spec: 11 | chart: harbor-container-webhook 12 | version: 0.7.0 13 | sourceRef: 14 | kind: HelmRepository 15 | name: harbor-container-webhook-charts 16 | namespace: flux-system 17 | 18 | values: 19 | rules: 20 | - name: 'docker.io rewrite rule' 21 | matches: 22 | - '^docker.io' 23 | excludes: 24 | # prevent a deadlock 25 | - '.*docker.io/.*coredns:.*$' 26 | - '.*docker.io/.*harbor:.*$' 27 | - '.*docker.io/harbor:.*$' 28 | replace: "harbor.${SECRET_DOMAIN}/docker_hub" 29 | checkUpstream: false 30 | -------------------------------------------------------------------------------- /kubernetes/templates/volsync-pvc/restric-credentials.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | type: Opaque 4 | metadata: 5 | name: ${APP_NAME}-restic-src-credentials 6 | namespace: ${APP_NAMESPACE} 7 | stringData: 8 | AWS_ACCESS_KEY_ID: ${SECRET_MINIO_BACKUP_ROOT_USER} 9 | AWS_SECRET_ACCESS_KEY: ${SECRET_MINIO_BACKUP_ROOT_PASSWORD} 10 | RESTIC_REPOSITORY: "s3:http://${CONFIG_MINIO_BACKUP_SRC_ENDPOINT}/${BACKUP_VOLSYNC_BUCKET:-volsync}/${APP_NAME}" 11 | RESTIC_PASSWORD: "${SECRET_VOLSYNC_RESTIC_PASSWORD}" 12 | --- 13 | apiVersion: v1 14 | kind: Secret 15 | type: Opaque 16 | metadata: 17 | name: ${APP_NAME}-restic-dest-credentials 18 | namespace: ${APP_NAMESPACE} 19 | stringData: 20 | AWS_ACCESS_KEY_ID: ${SECRET_MINIO_BACKUP_ROOT_USER} 21 | AWS_SECRET_ACCESS_KEY: ${SECRET_MINIO_BACKUP_ROOT_PASSWORD} 22 | RESTIC_REPOSITORY: "s3:http://${CONFIG_MINIO_BACKUP_DEST_ENDPOINT}/${BACKUP_VOLSYNC_BUCKET:-volsync}/${APP_NAME}" 23 | RESTIC_PASSWORD: "${SECRET_VOLSYNC_RESTIC_PASSWORD}" 24 | -------------------------------------------------------------------------------- /kubernetes/apps/tailscale/operator/operator.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: ${APP_NAME} 6 | namespace: ${APP_NAMESPACE} 7 | spec: 8 | interval: 10m 9 | chart: 10 | spec: 11 | chart: tailscale-operator 12 | version: 1.88.4 13 | sourceRef: 14 | kind: HelmRepository 15 | name: tailscale-charts 16 | namespace: flux-system 17 | 18 | # see https://artifacthub.io/packages/helm/tailscale/tailscale-operator?modal=values 19 | values: 20 | oauth: 21 | clientId: "${SECRET_TAILSCALE_OAUTH_CLIENT_ID}" 22 | clientSecret: "${SECRET_TAILSCALE_OAUTH_CLIENT_SECRET}" 23 | 24 | proxyConfig: 25 | # required setup on tailscale webui: https://tailscale.com/kb/1236/kubernetes-operator?q=operator#setting-up-the-kubernetes-operator 26 | defaultTags: "tag:k8s" 27 | 28 | 29 | -------------------------------------------------------------------------------- /kubernetes/apps/image-puller/app/app.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: DaemonSet 3 | metadata: 4 | name: ${APP_NAME} 5 | namespace: ${APP_NAMESPACE} 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: ${APP_NAME} 10 | template: 11 | metadata: 12 | labels: 13 | app: ${APP_NAME} 14 | spec: 15 | hostNetwork: false 16 | hostPID: true 17 | hostIPC: true 18 | containers: 19 | - name: ${APP_NAME} 20 | image: ghcr.io/niki-on-github/container-image-puller:v0.1.2 21 | securityContext: 22 | privileged: true 23 | volumeMounts: 24 | - mountPath: /host 25 | name: host 26 | ports: 27 | - containerPort: 8080 28 | volumes: 29 | - name: host 30 | hostPath: 31 | path: / 32 | --- 33 | apiVersion: v1 34 | kind: Service 35 | metadata: 36 | name: ${APP_NAME} 37 | namespace: ${APP_NAMESPACE} 38 | spec: 39 | selector: 40 | app: ${APP_NAME} 41 | ports: 42 | - protocol: TCP 43 | port: 80 44 | targetPort: 8080 45 | type: ClusterIP 46 | -------------------------------------------------------------------------------- /kubernetes/apps/ncps/README.md: -------------------------------------------------------------------------------- 1 | # [ncps](https://github.com/kalbasit/ncps) 2 | 3 | Nix binary cache proxy service -- with local caching and signing. 4 | 5 | ## Setup 6 | 7 | ```sh 8 | nix key generate-secret --key-name ncps.${SECRET_DOMAIN} > ncps.key # Add this to --cache-secret-key-path 9 | cat ncps.key | nix key convert-secret-to-public > ncps.pub # Add this to your config 10 | ``` 11 | 12 | Later you can alos access `ncps.${SECRET_DOMAIN}/pubkey` to observe the public key 13 | 14 | ```nix 15 | nix.settings.trusted-substituters = [ 16 | "https://ncps.${SECRET_DOMAIN}" 17 | ]; 18 | 19 | nix.settings.trusted-public-keys = [ 20 | "ncps.${SECRET_DOMAIN}:6NCHdD59X431o0AAApbMrAURkbJ16ZPMQFGspcDShjY=" # content of ncps.pub 21 | ]; 22 | ``` 23 | 24 | ## Usage 25 | 26 | ```sh 27 | nix --option extra-substituters https://ncps.${SECRET_DOMAIN}?priority=1&trusted=1 $ARGS 28 | ``` 29 | 30 | ## Upload Artifacts 31 | 32 | Upload Build artifacts from `./result` link. 33 | 34 | ```sh 35 | nixos-rebuild build --flake ".#${TARGET}" 36 | nix copy --to "https://ncps.${SECRET_DOMAIN}" $(readlink -f result) 37 | ``` 38 | -------------------------------------------------------------------------------- /kubernetes/core/storage/zfs-localpv/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: zfs-localpv 7 | namespace: storage 8 | spec: 9 | interval: 10m 10 | chart: 11 | spec: 12 | chart: zfs-localpv 13 | version: "2.8.0" 14 | sourceRef: 15 | name: zfs-localpv-charts 16 | kind: HelmRepository 17 | namespace: flux-system 18 | values: 19 | # see https://github.com/openebs/zfs-localpv/blob/develop/deploy/helm/charts/values.yaml 20 | zfs: 21 | bin: /run/current-system/sw/bin/zfs 22 | # We use a fork of csi-provisioner which allow to use templated names for provisioned PV's instead of UUIDs so we can reuse previously provisioned PV's 23 | # see https://github.com/anoxape/external-reprovisioner 24 | zfsController: 25 | provisioner: 26 | image: 27 | registry: ghcr.io/ 28 | repository: anoxape/csi-provisioner 29 | tag: v5.3.0-r1 30 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2025 nix 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /kubernetes/apps/nzbget/app/scripts/GetPw.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | ############################################################################## 3 | ### NZBGET SCAN SCRIPT ### 4 | # 5 | # Scans filename of incoming NZBs for embedded passwords. 6 | # 7 | ############################################################################## 8 | ### OPTIONS ### 9 | # The RegEx to match the password in the filename. 10 | #regex=(.*)\{\{(.*)\}\}.nzb 11 | 12 | ### NZBGET SCAN SCRIPT ### 13 | ############################################################################## 14 | 15 | import re 16 | import getopt 17 | import sys 18 | import os 19 | 20 | nzbfile = os.environ.get('NZBNP_NZBNAME') 21 | regex = os.environ.get('NZBPO_REGEX') 22 | 23 | if nzbfile: 24 | pattern = re.compile(regex) 25 | match = pattern.search(nzbfile) 26 | password = "" 27 | name = nzbfile 28 | if match: 29 | name = match.group(1) 30 | password = match.group(2) 31 | 32 | print("[NZB] NZBNAME=" + name) 33 | if password: 34 | print("[NZB] NZBPR_*Unpack:Password=" + password) 35 | -------------------------------------------------------------------------------- /kubernetes/config/certs/ks.yaml: -------------------------------------------------------------------------------- 1 | # NOTE We use flux to deploy the ca-certs to multiple namespaces 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: ca-cert-networking 6 | namespace: flux-system 7 | spec: 8 | interval: 5m 9 | timeout: 1m 10 | retryInterval: 30s 11 | dependsOn: 12 | - name: namespaces 13 | path: ./kubernetes/config/certs/ca 14 | targetNamespace: networking 15 | force: true 16 | prune: true 17 | wait: true 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | decryption: 22 | provider: sops 23 | secretRef: 24 | name: sops-age 25 | --- 26 | apiVersion: kustomize.toolkit.fluxcd.io/v1 27 | kind: Kustomization 28 | metadata: 29 | name: ca-cert-apps 30 | namespace: flux-system 31 | spec: 32 | interval: 5m 33 | timeout: 1m 34 | retryInterval: 30s 35 | dependsOn: 36 | - name: namespaces 37 | path: ./kubernetes/config/certs/ca 38 | targetNamespace: apps 39 | force: true 40 | prune: true 41 | wait: true 42 | sourceRef: 43 | kind: GitRepository 44 | name: flux-system 45 | decryption: 46 | provider: sops 47 | secretRef: 48 | name: sops-age 49 | -------------------------------------------------------------------------------- /kubernetes/core/database/postgres/operator/helm-release.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: postgres-operator 6 | namespace: database 7 | annotations: 8 | meta.helm.sh/release-namespace: "database" 9 | spec: 10 | interval: 10m 11 | chart: 12 | spec: 13 | chart: cloudnative-pg 14 | version: 0.26.1 15 | sourceRef: 16 | kind: HelmRepository 17 | name: cnpg-charts 18 | namespace: flux-system 19 | 20 | values: 21 | monitoring: 22 | podMonitoringEnabled: true 23 | 24 | postRenderers: 25 | - kustomize: 26 | patches: 27 | - target: 28 | kind: CustomResourceDefinition 29 | name: clusters.postgresql.cnpg.io 30 | patch: | 31 | - op: add 32 | path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/bootstrap/properties/initdb/properties/source 33 | value: 34 | description: unused 35 | type: string 36 | -------------------------------------------------------------------------------- /kubernetes/apps/netboot-xyz/app/app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: ${APP_NAME} 6 | namespace: ${APP_NAMESPACE} 7 | spec: 8 | interval: 10m 9 | chart: 10 | spec: 11 | chart: app-template 12 | version: 4.4.0 13 | sourceRef: 14 | kind: HelmRepository 15 | name: bjw-s-charts 16 | namespace: flux-system 17 | 18 | values: 19 | defaultPodOptions: 20 | hostNetwork: true 21 | dnsPolicy: ClusterFirstWithHostNet 22 | 23 | controllers: 24 | ${APP_NAME}: 25 | containers: 26 | app: 27 | image: 28 | repository: ghcr.io/niki-on-github/netboot-xyz 29 | tag: "v2.0.88" 30 | env: 31 | NETWORK_IP: "${CONFIG_NETBOOT_XYZ_HOST_NETWORK_IP}" 32 | INTERFACE: "${CONFIG_NETBOOT_XYZ_HOST_INTERFACE}" 33 | 34 | securityContext: 35 | capabilities: 36 | add: ["NET_ADMIN"] 37 | privileged: true 38 | 39 | -------------------------------------------------------------------------------- /kubernetes/suspended/attic/README.md: -------------------------------------------------------------------------------- 1 | # [Attic](https://github.com/zhaofengli/attic) 2 | 3 | Attic is a self-hostable Nix Binary Cache server backed by an S3-compatible storage provider. It has support for global deduplication and garbage collection. 4 | 5 | ## Setup 6 | 7 | Open shell in pod and run: 8 | 9 | ```sh 10 | atticadm -f /config/server.toml make-token \ 11 | --validity "10y" \ 12 | --sub "pkgs*" \ 13 | --pull "pkgs*" \ 14 | --push "pkgs*" \ 15 | --create-cache "pkgs*" \ 16 | --configure-cache "pkgs*" \ 17 | --configure-cache-retention "pkgs*" \ 18 | --destroy-cache "pkgs*" 19 | ``` 20 | 21 | On client pc run: 22 | 23 | ```sh 24 | attic login attic https://attic.$DOMAN $TOKEN --set-default 25 | attic cache create pkgs 26 | attic cache configure pkgs --public 27 | attic use pkgs 28 | ``` 29 | 30 | The `attic use` command add the cache server to `~/.config/nix/nix.conf`. 31 | 32 | ## Usage 33 | 34 | Add package to cache: 35 | 36 | ```sh 37 | attic push pkgs $(which $NAME) 38 | ``` 39 | 40 | or from a flake: 41 | 42 | ```sh 43 | nix build 44 | attic push pkgs ./result 45 | ``` 46 | 47 | to push the current-system use: 48 | 49 | ```sh 50 | attic push pkgs /run/current-system 51 | ``` 52 | -------------------------------------------------------------------------------- /kubernetes/suspended/kestra/app/helm-release.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: ${APP_NAME} 6 | namespace: ${APP_NAMESPACE} 7 | spec: 8 | interval: 10m 9 | chart: 10 | spec: 11 | chart: kestra 12 | version: 0.22.9 13 | sourceRef: 14 | kind: HelmRepository 15 | name: kestra-charts 16 | namespace: flux-system 17 | 18 | values: 19 | ingress: 20 | enabled: true 21 | className: traefik 22 | annotations: 23 | traefik.ingress.kubernetes.io/router.entrypoints: websecure 24 | hosts: 25 | - host: &host "kestra.${SECRET_DOMAIN}" 26 | paths: 27 | - path: / 28 | pathType: Prefix 29 | tls: 30 | - hosts: 31 | - *host 32 | 33 | minio: 34 | enabled: true 35 | persistence: 36 | enabled: true 37 | storageClass: "local-persistent" 38 | 39 | postgresql: 40 | enabled: true 41 | primary: 42 | persistence: 43 | enabled: true 44 | storageClass: "local-persistent" 45 | -------------------------------------------------------------------------------- /kubernetes/apps/influxdb2/extensions/app.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: ${APP_NAME}-weather-forecast 6 | namespace: ${APP_NAMESPACE} 7 | spec: 8 | interval: 10m 9 | chart: 10 | spec: 11 | chart: app-template 12 | version: 4.4.0 13 | sourceRef: 14 | kind: HelmRepository 15 | name: bjw-s-charts 16 | namespace: flux-system 17 | 18 | values: 19 | controllers: 20 | ${APP_NAME}: 21 | containers: 22 | rest: 23 | image: 24 | repository: ghcr.io/niki-on-github/influxdb-weather-forecast 25 | tag: "v0.0.2" 26 | 27 | env: 28 | LATITUDE: ${SECRET_HOME_LATITUDE} 29 | LONGITUDE: ${SECRET_HOME_LONGITUDE} 30 | INFLUXDB_TOKEN: "${SECRET_INFLUXDB_ADMIN_TOKEN}" 31 | INFLUXDB_URL: "influxdb2.${APP_NAMESPACE}.svc.cluster.local:8086" 32 | INFLUXDB_ORG: "${CONFIG_INFLUXDB_ORG}" 33 | INFLUXDB_BUCKET: "weather-forecast" 34 | UPDATE_INTERVAL_IN_SECONDS: 14400 35 | -------------------------------------------------------------------------------- /kubernetes/core/storage/csi-driver-nfs/operator/helm-release.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: &app csi-driver-nfs 6 | namespace: storage 7 | spec: 8 | interval: 10m 9 | chart: 10 | spec: 11 | chart: *app 12 | version: 4.12.1 13 | sourceRef: 14 | kind: HelmRepository 15 | name: csi-driver-nfs-charts 16 | namespace: flux-system 17 | 18 | values: 19 | controller: 20 | replicas: 1 21 | 22 | postRenderers: 23 | - kustomize: 24 | # see https://github.com/kubernetes-csi/csi-driver-nfs/blob/master/deploy/csi-nfs-controller.yaml 25 | patches: 26 | - target: 27 | kind: Deployment 28 | name: csi-nfs-controller 29 | patch: | 30 | - op: remove 31 | path: /spec/template/spec/hostNetwork 32 | - target: 33 | kind: Deployment 34 | name: csi-nfs-controller 35 | patch: | 36 | - op: remove 37 | path: /spec/template/spec/containers/4/livenessProbe 38 | 39 | 40 | -------------------------------------------------------------------------------- /docs/Hardware.md: -------------------------------------------------------------------------------- 1 | # Hardware 2 | 3 | At October 2024 i switched the Node Hardware from Supermicro Intel System to an AMD based System. 4 | 5 | The goal was to build a system that provides all necessary services with less than 50W power requirement and 10gb ethernet. In addition I wanted to have ecc ram as I have had corrupted files in the past due to unrecognized memory errors (Lesson Lerned: Never ever run a server without ECC RAM!). 6 | 7 | In order to meet the energy requirements I have made the following decisions: 8 | 9 | - Mainboard without a IPMI and BMC (-10W). 10 | - Use B550 instead of x570 chipset (-5W). 11 | - Use only 2 RAM DIMM (-4W). 12 | - Use SFP+ instead of RJ45 10GB Ethernet (-5W). 13 | 14 | ## Components 15 | 16 | - Mainboard: ASRock B550M Pro4 AMD 17 | - CPU: AMD Ryzen 7 Pro 5750GE (35W TDP) 18 | - RAM: 2 x 32GB Kingston KSM32ED8/32HC DDR4-3200 DIMM CL22 Single (ECC) 19 | - PSU: Supermicro PWS-203-1H 200W (Fan modded) 20 | - NVME: 4TB Lexar NM790 M.2 2280 21 | - NIC: Intel X710-DA2 10GbE 22 | - SSD1: 1TB WD Red SA500 23 | - SSD2: 1TB Samsung 870 Evo 24 | - Geekworm X650 PiKVM (seperate power) 25 | 26 | ## Power Consumption 27 | 28 | Measured with PiKVM off. 29 | 30 | - Idle (No Kubernetes Running): 26W 31 | - Normal Operation (Approx 12% Load): 40W 32 | - Max Load: 65W 33 | -------------------------------------------------------------------------------- /kubernetes/apps/immich/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: immich-db 5 | namespace: flux-system 6 | labels: 7 | kustomize.patches/append: true 8 | spec: 9 | path: "./kubernetes/templates/postgres" 10 | wait: true 11 | postBuild: 12 | substitute: 13 | APP_NAME: immich 14 | APP_NAMESPACE: media 15 | POSTGRES_DATABASE: "immich" 16 | POSTGRES_ENABLE_SUPERUSER: "true" 17 | POSTGRES_CATALOG: "postgresql-pgvertors" 18 | POSTGRES_MAJOR: "16" 19 | patches: 20 | - target: 21 | kind: Cluster 22 | # NOTE labelSelector and name does not work!? 23 | # labelSelector: kustomize.toolkit.fluxcd.io/name in (immich-db) 24 | patch: | 25 | - op: add 26 | path: /spec/postgresql 27 | value: 28 | shared_preload_libraries: 29 | - "vectors.so" 30 | --- 31 | apiVersion: kustomize.toolkit.fluxcd.io/v1 32 | kind: Kustomization 33 | metadata: 34 | name: immich 35 | namespace: flux-system 36 | spec: 37 | path: "./kubernetes/apps/immich/app" 38 | dependsOn: 39 | - name: immich-db 40 | - name: tailscale 41 | postBuild: 42 | substitute: 43 | APP_NAME: immich 44 | APP_NAMESPACE: media 45 | PVC_CAPACITY: "128Gi" 46 | --------------------------------------------------------------------------------