├── .editorconfig ├── .gitattributes ├── .github ├── CODEOWNERS ├── labeler.yaml ├── labels.yaml ├── linters │ ├── .flake8 │ ├── .markdownlint.yaml │ ├── .prettierignore │ ├── .prettierrc.yaml │ ├── .yamlfmt │ ├── .yamllint.yaml │ └── kubelinter.yaml ├── markdown-link-check_config.json ├── mkdocs │ ├── mkdocs.yml │ └── requirements.txt ├── release.yaml ├── renovate.json5 ├── renovate │ ├── allowedVersions.json5 │ ├── autoMerge.json5 │ ├── clusters.json5 │ ├── commitMessage.json5 │ ├── customManagers.json5 │ ├── grafanaDashboards.json5 │ ├── groups.json5 │ ├── labels.json5 │ ├── packageRules.json5 │ └── semanticCommits.json5 ├── scripts │ ├── .gitignore │ ├── cleanup.yaml │ ├── force-delete-k8s-namespace.py │ ├── rook │ │ ├── kustomization.yaml │ │ ├── local-storage.yaml │ │ ├── wipe-disks.yaml │ │ └── wipe-single.yaml │ └── unlocks.sh └── workflows │ ├── .archive │ └── terraform-oci.yaml │ ├── bulk-merge-prs.yaml │ ├── codeql.yaml │ ├── docs.yaml │ ├── flux-ks-sync.yaml │ ├── flux-local.yaml │ ├── helm-repository-sync.yaml │ ├── image-pull.yaml │ ├── label-sync.yaml │ ├── lychee.yaml │ ├── release.yml │ ├── renovate.yaml │ └── schemas.yaml ├── .gitignore ├── .pre-commit-config.yaml ├── .sops.yaml ├── .taskfiles ├── Ansible │ └── Taskfile.yaml ├── Bootstrap │ └── Taskfile.yaml ├── ExternalSecrets │ └── Taskfile.yaml ├── Flux │ └── Taskfile.yaml ├── Kubernetes │ └── Taskfile.yaml ├── Rook │ ├── Taskfile.yaml │ ├── scripts │ │ └── wait-for-job.sh │ └── templates │ │ ├── WipeDataJob.tmpl.yaml │ │ └── WipeDiskJob.tmpl.yaml └── VolSync │ ├── Taskfile.yaml │ ├── scripts │ ├── wait-for-job.sh │ └── which-controller.sh │ └── templates │ ├── list.tmpl.yaml │ ├── replicationdestination.tmpl.yaml │ ├── unlock.tmpl.yaml │ └── wipe.tmpl.yaml ├── .vscode ├── extension.json ├── launch.json └── settings.json ├── LICENSE ├── Taskfile.yml ├── docs ├── _includes │ └── abbreviations.md ├── diagrams │ ├── ansible.drawio │ ├── cluster-networking.drawio │ └── network_diagram.drawio └── src │ ├── SUMMARY.md │ ├── general │ ├── hardware.md │ ├── proxmox.md │ └── virtualmachines.md │ ├── images │ ├── 20230311_192241.jpg │ ├── 20230311_192246.jpg │ ├── 20230311_192255.jpg │ ├── ansible-diagram.png │ ├── cilium.png │ ├── crossplane-stacked-color.png │ ├── flux-horizontal-color.png │ ├── homelab.jpg │ ├── k3s.png │ ├── karma.ico │ ├── kasten-logo-stacked.svg │ ├── logo-horizontal-rke.svg │ ├── logo.png │ ├── mkdocs.png │ ├── proxmox_logo.svg │ ├── proxmox_overview.png │ ├── truenas-garage.jpg │ ├── truenas-logo.svg │ └── ubuntu-logo.png │ ├── index.md │ └── infrastructure │ ├── ansible.md │ ├── sidero.md │ └── terraform.md ├── infrastructure └── terraform │ ├── authentik │ ├── .terraform.lock.hcl │ ├── data.tf │ ├── groups.tf │ ├── locals.tf │ ├── main.tf │ ├── modules │ │ ├── oidc │ │ │ ├── application.tf │ │ │ ├── data.tf │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── provider.tf │ │ │ ├── secret.tf │ │ │ └── variables.tf │ │ └── proxy │ │ │ ├── .terraform.lock.hcl │ │ │ ├── application.tf │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── provider.tf │ │ │ └── variables.tf │ ├── oidc.tf │ ├── outputs.tf │ ├── provider.tf │ ├── proxy.tf │ ├── readme.md │ └── variables.tf │ ├── cloudflare │ ├── .env │ ├── .terraform.lock.hcl │ ├── dns_records_com.tf │ ├── main.tf │ ├── page_rules_com.tf │ ├── providers.tf │ ├── readme.md │ ├── tunnel.tf │ ├── variables.tf │ └── zone_settings_com.tf │ ├── proxmox │ ├── .terraform.lock.hcl │ ├── iso.tf │ ├── kubernetes.tf │ ├── locals.tf │ ├── main.tf │ ├── nodes.tf │ ├── output.tf │ ├── providers.tf │ ├── time.tf │ ├── virtualmachines │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── vm.tf │ └── vm.tf │ ├── readme.md │ ├── servarr │ ├── .terraform.lock.hcl │ ├── backend.tf │ ├── indexers.tf │ ├── providers.tf │ ├── prowlarr.tf │ ├── radarr.tf │ ├── sonarr.tf │ └── vars.tf │ ├── talos │ ├── .terraform.lock.hcl │ ├── data.tf │ ├── machine.tf │ ├── main.tf │ ├── output.tf │ ├── providers.tf │ └── variables.tf │ └── terraform.sops.yaml ├── kubernetes ├── main │ ├── apps │ │ ├── actions-runner-system │ │ │ ├── actions-runner-controller │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── podmonitor.yaml │ │ │ │ ├── ks.yaml │ │ │ │ └── runners │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── podmonitor.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ └── rbac.yaml │ │ │ ├── kustomization.yaml │ │ │ └── namespace.yaml │ │ ├── ai │ │ │ ├── kustomization.yaml │ │ │ ├── namespace.yaml │ │ │ ├── ollama │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── pvc.yaml │ │ │ │ ├── dns-router │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── open-webui │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ └── paperless-ai │ │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ ├── cert-manager │ │ │ ├── cert-manager │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── prometheus-rule.yaml │ │ │ │ ├── issuers │ │ │ │ │ ├── cloudflare-token.yaml │ │ │ │ │ ├── externalsecrets.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── letsencrypt-production.yaml │ │ │ │ │ └── letsencrypt-staging.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ └── namespace.yaml │ │ ├── downloads │ │ │ ├── autobrr │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── bazarr │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── resources │ │ │ │ │ │ └── subcleaner.sh │ │ │ │ ├── ks.yaml │ │ │ │ └── whisper │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── pvc.yaml │ │ │ ├── common │ │ │ │ ├── ks.yaml │ │ │ │ └── pvc │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── pvc.yaml │ │ │ ├── cross-seed │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── dashbrr │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── resources │ │ │ │ │ │ └── config.toml │ │ │ │ └── ks.yaml │ │ │ ├── flaresolverr │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kapowarr │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── lidarr │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── metube │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── namespace.yaml │ │ │ ├── omegabrr │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── resources │ │ │ │ │ │ └── config.yaml │ │ │ │ └── ks.yaml │ │ │ ├── prowlarr │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── qbittorrent │ │ │ │ ├── app │ │ │ │ │ ├── config │ │ │ │ │ │ └── dnsdist.conf │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── resources │ │ │ │ │ │ └── lokirule.yaml │ │ │ │ │ └── scripts │ │ │ │ │ │ └── xseed.sh │ │ │ │ ├── ks.yaml │ │ │ │ ├── private │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── resources │ │ │ │ │ │ └── lokirule.yaml │ │ │ │ └── tools │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── secret.yaml │ │ │ ├── radarr │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── readarr │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── recyclarr │ │ │ │ ├── app │ │ │ │ │ ├── config │ │ │ │ │ │ └── recyclarr.yml │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── sabnzbd │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── resources │ │ │ │ │ │ └── post-process.sh │ │ │ │ └── ks.yaml │ │ │ └── sonarr │ │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ ├── external-secrets │ │ │ ├── external-secrets │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── ks.yaml │ │ │ │ └── stores │ │ │ │ │ ├── clustersecretstore.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── secret.sops.yaml │ │ │ ├── kustomization.yaml │ │ │ └── namespace.yaml │ │ ├── flux-system │ │ │ ├── addons │ │ │ │ ├── app │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── monitoring │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── podmonitor.yaml │ │ │ │ │ │ └── prometheusrule.yaml │ │ │ │ │ ├── notifications │ │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── notification.yaml │ │ │ │ │ └── webhooks │ │ │ │ │ │ ├── github │ │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ │ ├── ingress.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── receiver.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ └── namespace.yaml │ │ ├── home │ │ │ ├── go2rtc │ │ │ │ ├── app │ │ │ │ │ ├── config │ │ │ │ │ │ └── go2rtc.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── home-assistant │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── keys.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── podmonitor.yaml │ │ │ │ │ └── pvc.yaml │ │ │ │ └── ks.yaml │ │ │ ├── immich │ │ │ │ ├── database │ │ │ │ │ ├── cluster.yaml │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── scheduledbackup.yaml │ │ │ │ ├── ks.yaml │ │ │ │ ├── machine-learning │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── microservices │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── server │ │ │ │ │ ├── config │ │ │ │ │ │ └── immich-config.json │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── shared │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── namespace.yaml │ │ │ └── node-red │ │ │ │ ├── app │ │ │ │ ├── config │ │ │ │ │ └── settings.js │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ ├── kube-system │ │ │ ├── cilium │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ └── values.yaml │ │ │ │ ├── config │ │ │ │ │ ├── bgp.yaml │ │ │ │ │ ├── cronjob.yaml │ │ │ │ │ ├── ip-pools.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── l2-policy.yaml │ │ │ │ ├── gateway │ │ │ │ │ ├── certificate.yaml │ │ │ │ │ ├── crds.yaml │ │ │ │ │ ├── external.yaml │ │ │ │ │ ├── internal.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pushsecret.yaml │ │ │ │ │ └── redirect.yaml │ │ │ │ └── ks.yaml │ │ │ ├── coredns │ │ │ │ ├── app │ │ │ │ │ ├── helm-values.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── kustomizeconfig.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kubelet-csr-approver │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ └── values.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── metrics-server │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── namespace.yaml │ │ │ └── spegel │ │ │ │ ├── app │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── kustomizeconfig.yaml │ │ │ │ └── ks.yaml │ │ ├── media │ │ │ ├── audiobookshelf │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── calibre-web │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── common │ │ │ │ ├── ks.yaml │ │ │ │ └── pvc │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pv.yaml │ │ │ │ │ └── pvc.yaml │ │ │ ├── jellyfin │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── jellyseerr │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── pvc.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kavita │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── komga │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── maintainerr │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── media-browser │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── namespace.yaml │ │ │ ├── navidrome │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── overseerr │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── pvc.yaml │ │ │ │ └── ks.yaml │ │ │ ├── plex │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── pvc.yaml │ │ │ │ ├── kometa │ │ │ │ │ ├── configs │ │ │ │ │ │ ├── Pre-rolls.yml │ │ │ │ │ │ └── config.yml │ │ │ │ │ ├── custom │ │ │ │ │ │ ├── Anime - Overlays - Charts.yml │ │ │ │ │ │ ├── Anime.yml │ │ │ │ │ │ ├── Movies - Holidays by Drazzizzi.yml │ │ │ │ │ │ ├── Movies - Overlays - Charts.yml │ │ │ │ │ │ ├── Movies - Overlays - Oscars.yml │ │ │ │ │ │ ├── Movies - Overlays - Ratings.yml │ │ │ │ │ │ ├── Movies - Overlays - Stand-up.yml │ │ │ │ │ │ ├── Movies - Overlays - Streaming Services.yml │ │ │ │ │ │ ├── Movies - Overlays - Studios.yml │ │ │ │ │ │ ├── Movies - Trakt (Unplayed) by Magic815.yml │ │ │ │ │ │ ├── Movies.yml │ │ │ │ │ │ ├── TV Shows - Overlays - Charts.yml │ │ │ │ │ │ ├── TV Shows - Overlays - Networks.yml │ │ │ │ │ │ ├── TV Shows - Overlays - Ratings.yml │ │ │ │ │ │ ├── TV Shows - Overlays - Statuses.yml │ │ │ │ │ │ ├── TV Shows - Overlays - Streaming Services.yml │ │ │ │ │ │ ├── TV Shows - Overlays - Studios.yml │ │ │ │ │ │ ├── TV Shows - Overlays.yml │ │ │ │ │ │ └── TV Shows.yml │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── ks.yaml │ │ │ │ ├── movie-roulette │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── plex-auto-languages │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── plex-image-cleanup │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ ├── tautulli │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── pvc.yaml │ │ │ │ └── ks.yaml │ │ │ ├── wizarr │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ └── your-spotify │ │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ ├── network │ │ │ ├── cloudflared │ │ │ │ ├── app │ │ │ │ │ ├── dnsendpoint.yaml │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── resources │ │ │ │ │ │ └── config.yaml │ │ │ │ └── ks.yaml │ │ │ ├── external-dns │ │ │ │ ├── bind │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── cloudflare │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── ks.yaml │ │ │ │ ├── opnsense │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── pihole │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ ├── ingress-nginx │ │ │ │ ├── certificates │ │ │ │ │ ├── certificate.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── pushsecret.yaml │ │ │ │ ├── config │ │ │ │ │ ├── cloudflare-proxied-networks.txt │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── dashboards │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── external │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── scripts │ │ │ │ │ │ └── geolite.sh │ │ │ │ ├── internal │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── namespace.yaml │ │ │ └── tailscale │ │ │ │ ├── ks.yaml │ │ │ │ └── operator │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ ├── observability │ │ │ ├── alertmanager │ │ │ │ ├── app │ │ │ │ │ ├── config │ │ │ │ │ │ └── alertmanager.yml │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── exporters │ │ │ │ ├── ks.yaml │ │ │ │ ├── pihole │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── smartctl │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── speedtest │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── x509-certificate │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ ├── gatus │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── prometheusrule.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ └── resources │ │ │ │ │ │ └── config.yaml │ │ │ │ └── ks.yaml │ │ │ ├── grafana │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── karma │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── resources │ │ │ │ │ │ └── config.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kepler │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kromgo │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── resources │ │ │ │ │ │ └── config.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kube-prometheus-stack │ │ │ │ ├── app │ │ │ │ │ ├── alertmanagerconfig.yaml │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── scrapeconfig.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kube-state-metrics │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── loki │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── objectbucketclaim.yaml │ │ │ │ │ └── rules │ │ │ │ │ │ └── loki-alerting-rules.yaml │ │ │ │ └── ks.yaml │ │ │ ├── namespace.yaml │ │ │ ├── node-exporter │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── opentelemetry │ │ │ │ ├── collector │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── logs.yaml │ │ │ │ │ ├── rbac.yaml │ │ │ │ │ └── servicemonitor.yaml │ │ │ │ ├── ks.yaml │ │ │ │ └── operator │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ ├── prometheus-operator │ │ │ │ ├── crds │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── promtail │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── redisinsight │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── silence-operator │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── ocirepository.yaml │ │ │ │ ├── crds │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── ks.yaml │ │ │ │ └── silences │ │ │ │ │ ├── disks.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── qbtools-jobs.yaml │ │ │ │ │ └── truenas-memory-usage.yaml │ │ │ └── unpoller │ │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ ├── openebs-system │ │ │ ├── kustomization.yaml │ │ │ ├── namespace.yaml │ │ │ └── openebs │ │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ ├── rook-ceph │ │ │ ├── kustomization.yaml │ │ │ ├── namespace.yaml │ │ │ └── rook-ceph │ │ │ │ ├── cluster │ │ │ │ ├── cephfs-node.yaml │ │ │ │ ├── cephobjectstoreuser.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ ├── ks.yaml │ │ │ │ └── operator │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ ├── security │ │ │ ├── authentik │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── glauth │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── namespace.yaml │ │ │ ├── tetragon │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ └── trivy-operator │ │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ ├── services │ │ │ ├── actual │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── atuin │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── bytestash │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── cyberchef │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── docmost │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── fileflows │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── pvc.yaml │ │ │ │ └── ks.yaml │ │ │ ├── hajimari │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── hoarder │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── homepage │ │ │ │ ├── app │ │ │ │ │ ├── configuration.yaml │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── rbac.yaml │ │ │ │ └── ks.yaml │ │ │ ├── it-tools │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kitchenowl │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kubernetes-schemas │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── linkding │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── littlelink │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── lubelog │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── mealie │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── miniflux │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── n8n │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── namespace.yaml │ │ │ ├── netboot │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── paperless │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── pdfding │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── pinchflat │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── postiz │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── radicale │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── resources │ │ │ │ │ │ └── config.cfg │ │ │ │ └── ks.yaml │ │ │ ├── searxng │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── resources │ │ │ │ │ │ ├── limiter.toml │ │ │ │ │ │ └── settings.yml │ │ │ │ └── ks.yaml │ │ │ ├── silverbullet │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── smtp-relay │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── resources │ │ │ │ │ │ └── maddy.conf │ │ │ │ ├── ks.yaml │ │ │ │ └── noreply │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── resources │ │ │ │ │ └── maddy.conf │ │ │ ├── stirling-pdf │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── tandoor │ │ │ │ ├── app │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── thelounge │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ └── vikunja │ │ │ │ ├── app │ │ │ │ ├── config │ │ │ │ │ └── Caddyfile │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ ├── social │ │ │ ├── gotosocial │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── objectbucketclaim.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── mastodon │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── elasticsearch │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ └── namespace.yaml │ │ ├── storage │ │ │ ├── cloudnative-pg │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── cluster │ │ │ │ │ ├── cluster.yaml │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── externalservice.yaml │ │ │ │ │ ├── gatus.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── objectbucketclaim.yaml │ │ │ │ │ ├── prometheusrule.yaml │ │ │ │ │ ├── scheduledbackup.yaml │ │ │ │ │ └── service.yaml │ │ │ │ ├── dashboards │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── ks.yaml │ │ │ │ ├── pgadmin │ │ │ │ │ ├── config │ │ │ │ │ │ └── servers.json │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── pgdump │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease-pg14.yaml │ │ │ │ │ ├── helmrelease-pg17.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── scripts │ │ │ │ │ └── list_dbs.sh │ │ │ ├── dragonfly │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── rbac.yaml │ │ │ │ ├── cluster │ │ │ │ │ ├── cluster.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── podmonitor.yaml │ │ │ │ └── ks.yaml │ │ │ ├── emqx │ │ │ │ ├── cluster │ │ │ │ │ ├── cluster.yaml │ │ │ │ │ ├── ingress.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── podmonitor.yaml │ │ │ │ ├── ks.yaml │ │ │ │ └── operator │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── minio │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── namespace.yaml │ │ │ ├── snapshot-controller │ │ │ │ ├── app │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── snapshot-controller │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── pki.yaml │ │ │ │ └── ks.yaml │ │ │ ├── syncthing │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── volsync │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── mutations │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── volsync-mover-jitter.yaml │ │ │ │ │ │ └── volsync-mover-nfs.yaml │ │ │ │ │ └── prometheusrule.yaml │ │ │ │ └── ks.yaml │ │ │ └── whodb │ │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ └── system │ │ │ ├── descheduler │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ │ ├── fstrim │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ │ ├── generic-device-plugin │ │ │ ├── app │ │ │ │ ├── config │ │ │ │ │ └── config.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ │ ├── intel-device-plugin │ │ │ ├── gpu │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── nodefeaturerule.yaml │ │ │ ├── ks.yaml │ │ │ └── operator │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── namespace.yaml │ │ │ ├── node-feature-discovery │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── ks.yaml │ │ │ └── rules │ │ │ │ ├── aeotec-zwave-device.yaml │ │ │ │ ├── google-coral-device.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── nvidia │ │ │ ├── device-plugin │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ │ ├── reflector │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ │ └── reloader │ │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ ├── bootstrap │ │ ├── bootstrap-entire-cluster.sh │ │ ├── crds │ │ │ ├── externalsecrets │ │ │ │ └── kustomization.yaml │ │ │ └── kustomization.yaml │ │ ├── flux │ │ │ ├── age-key.sops.yaml │ │ │ ├── commands.sh │ │ │ ├── github-deploy-key.sops.yaml │ │ │ └── kustomization.yaml │ │ └── talos │ │ │ ├── clusterconfig │ │ │ ├── .gitignore │ │ │ └── .gitkeep │ │ │ ├── integrations │ │ │ └── helmfile.yaml │ │ │ ├── talconfig.yaml │ │ │ ├── talenv.sops.yaml │ │ │ ├── talos-apply-config.sh │ │ │ ├── talos-upgrade-rk1.sh │ │ │ └── talsecret.sops.yaml │ └── flux │ │ ├── README.md │ │ ├── apps.yaml │ │ ├── config │ │ ├── crds │ │ │ └── .gitkeep │ │ ├── flux.yaml │ │ ├── home-ops.yaml │ │ └── kustomization.yaml │ │ ├── repos │ │ └── kustomization.yaml │ │ └── settings │ │ └── kustomization.yaml ├── shared │ ├── components │ │ ├── common │ │ │ ├── alerts │ │ │ │ ├── alertmanager │ │ │ │ │ ├── alert.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── provider.yaml │ │ │ │ ├── github-status │ │ │ │ │ ├── alert.yaml │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── provider.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── namespace.yaml │ │ │ └── repos │ │ │ │ ├── app-template │ │ │ │ ├── kustomization.yaml │ │ │ │ └── ocirepository.yaml │ │ │ │ └── kustomization.yaml │ │ ├── gatus │ │ │ ├── external │ │ │ │ ├── config.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── guarded │ │ │ │ ├── config.yaml │ │ │ │ └── kustomization.yaml │ │ ├── kustomization.yaml │ │ ├── repos │ │ ├── volsync-external │ │ │ ├── claim.yaml │ │ │ ├── kustomization.yaml │ │ │ └── minio.yaml │ │ └── volsync │ │ │ ├── kustomization.yaml │ │ │ ├── minio │ │ │ ├── externalsecret.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── replicationdestination.yaml │ │ │ └── replicationsource.yaml │ │ │ ├── nfs │ │ │ ├── externalsecret.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── replicationdestination.yaml │ │ │ └── replicationsource.yaml │ │ │ └── pvc.yaml │ ├── repos │ │ ├── git │ │ │ ├── .gitkeep │ │ │ ├── cloudflare-operator.yaml │ │ │ ├── gateway-api.yaml │ │ │ ├── kustomization.yaml │ │ │ └── local-path-provisioner.yaml │ │ ├── helm │ │ │ ├── actions-runner-controller.yaml │ │ │ ├── aqua.yaml │ │ │ ├── authentik.yaml │ │ │ ├── backube.yaml │ │ │ ├── bitnami.yaml │ │ │ ├── bjw-s.yaml │ │ │ ├── cilium.yaml │ │ │ ├── cloudflare.yaml │ │ │ ├── cloudnative-pg.yaml │ │ │ ├── coredns.yaml │ │ │ ├── csi-driver-nfs.yaml │ │ │ ├── democratic-csi.yaml │ │ │ ├── descheduler.yaml │ │ │ ├── dysnix.yaml │ │ │ ├── emberstack.yaml │ │ │ ├── emqx.yaml │ │ │ ├── enix.yaml │ │ │ ├── external-dns.yaml │ │ │ ├── external-secrets.yaml │ │ │ ├── fairwinds.yaml │ │ │ ├── falco.yaml │ │ │ ├── grafana.yaml │ │ │ ├── hajimari.yaml │ │ │ ├── headlamp.yaml │ │ │ ├── infracloudio.yaml │ │ │ ├── ingress-nginx.yaml │ │ │ ├── intel.yaml │ │ │ ├── jetstack.yaml │ │ │ ├── k8s-at-home.yaml │ │ │ ├── k8s-gateway.yaml │ │ │ ├── k8stz.yaml │ │ │ ├── kepler.yaml │ │ │ ├── kubernetes-dashboard.yaml │ │ │ ├── kubernetes-sigs-metrics-server.yaml │ │ │ ├── kubernetes-sigs-nfd.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── kyverno.yaml │ │ │ ├── longhorn.yaml │ │ │ ├── lwolf.yaml │ │ │ ├── mariadb-operator.yaml │ │ │ ├── mayastor-chart.yaml │ │ │ ├── metallb.yaml │ │ │ ├── mojo2600.yaml │ │ │ ├── nfs-provisioner.yaml │ │ │ ├── nginx-gateway-fabric.yaml │ │ │ ├── node-feature-discovery.yaml │ │ │ ├── nvidia.yaml │ │ │ ├── openebs.yaml │ │ │ ├── opentelemetry.yaml │ │ │ ├── pascaliske.yaml │ │ │ ├── percona.yaml │ │ │ ├── piraeus.yaml │ │ │ ├── postfinance.yaml │ │ │ ├── prometheus-community.yaml │ │ │ ├── rook-ceph.yaml │ │ │ ├── spegel.yaml │ │ │ ├── stakater.yaml │ │ │ ├── stevehipwell.yaml │ │ │ ├── tailscale.yaml │ │ │ ├── vector.yaml │ │ │ ├── victoria.yaml │ │ │ ├── windmill.yaml │ │ │ └── xenitab.yaml │ │ ├── kustomization.yaml │ │ └── oci │ │ │ ├── .gitkeep │ │ │ ├── app-template.yaml │ │ │ ├── kustomization.yaml │ │ │ └── terraform-cloudflare-oci.yaml │ ├── settings │ │ ├── cluster-secrets.yaml │ │ ├── cluster-settings.yaml │ │ └── kustomization.yaml │ └── templates │ │ ├── gatus │ │ ├── external │ │ │ ├── configmap.yaml │ │ │ └── kustomization.yaml │ │ └── guarded │ │ │ ├── configmap.yaml │ │ │ └── kustomization.yaml │ │ ├── kustomization.yaml │ │ ├── volsync-external │ │ ├── claim.yaml │ │ ├── kustomization.yaml │ │ └── minio.yaml │ │ └── volsync │ │ ├── claim.yaml │ │ ├── kustomization.yaml │ │ ├── minio.yaml │ │ └── nfs.yaml └── utility │ ├── apps │ ├── external-secrets │ │ ├── external-secrets │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── ks.yaml │ │ │ └── stores │ │ │ │ ├── clustersecretstore.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ ├── kustomization.yaml │ │ └── namespace.yaml │ ├── flux-system │ │ ├── addons │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── notifications │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── notification.yaml │ │ │ │ └── webhooks │ │ │ │ │ ├── github │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── ingress.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── receiver.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── capacitor │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── rbac.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ └── namespace.yaml │ ├── kube-system │ │ ├── cilium │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ └── values.yaml │ │ │ ├── config │ │ │ │ ├── bgp.yaml │ │ │ │ ├── ip-pools.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── l2-policy.yaml │ │ │ └── ks.yaml │ │ ├── coredns │ │ │ ├── app │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── kustomizeconfig.yaml │ │ │ └── ks.yaml │ │ ├── kubelet-csr-approver │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ └── values.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── metrics-server │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ └── namespace.yaml │ ├── network │ │ ├── blocky │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ │ └── config.yml │ │ │ └── ks.yaml │ │ ├── cloudflared │ │ │ ├── app │ │ │ │ ├── dnsendpoint.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ │ └── config.yaml │ │ │ └── ks.yaml │ │ ├── external-dns │ │ │ ├── cloudflare │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── ks.yaml │ │ │ ├── opnsense │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── pihole │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ ├── ingress-nginx │ │ │ ├── certificates │ │ │ │ ├── externalsecret.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── external │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── scripts │ │ │ │ │ └── geolite.sh │ │ │ ├── internal │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── tailscale │ │ │ ├── ks.yaml │ │ │ └── operator │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ ├── registry │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── zot │ │ │ ├── app │ │ │ ├── config │ │ │ │ └── config.json │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ ├── storage │ │ ├── kustomization.yaml │ │ ├── local-path-provisioner │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── namespace.yaml │ │ ├── snapshot-controller │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── snapshot-controller │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ └── volsync │ │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── prometheusrule.yaml │ │ │ └── ks.yaml │ └── system │ │ ├── fstrim │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── reflector │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ │ └── reloader │ │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── bootstrap │ ├── bootstrap-entire-cluster.sh │ ├── crds │ │ ├── externalsecrets │ │ │ └── kustomization.yaml │ │ └── kustomization.yaml │ ├── flux │ │ ├── age-key.sops.yaml │ │ ├── commands.sh │ │ ├── github-deploy-key.sops.yaml │ │ └── kustomization.yaml │ └── talos │ │ ├── clusterconfig │ │ ├── .gitignore │ │ └── .gitkeep │ │ ├── integrations │ │ └── helmfile.yaml │ │ ├── talconfig.yaml │ │ ├── talenv.sops.yaml │ │ ├── talos-apply-config.sh │ │ └── talsecret.sops.yaml │ └── flux │ ├── README.md │ ├── apps.yaml │ ├── config │ ├── flux.yaml │ ├── home-ops.yaml │ └── kustomization.yaml │ ├── repos │ └── kustomization.yaml │ └── settings │ ├── cluster-settings-utility.yaml │ └── kustomization.yaml └── readme.md /.editorconfig: -------------------------------------------------------------------------------- 1 | ; https://editorconfig.org/ 2 | 3 | root = true 4 | 5 | [*] 6 | indent_style = space 7 | indent_size = 2 8 | end_of_line = lf 9 | charset = utf-8 10 | trim_trailing_whitespace = true 11 | insert_final_newline = true 12 | 13 | [{Makefile,go.mod,go.sum,*.go,.gitmodules}] 14 | indent_style = tab 15 | indent_size = 4 16 | 17 | [*.md] 18 | indent_size = 4 19 | trim_trailing_whitespace = false 20 | 21 | [{Dockerfile,*.bash,*.sh}] 22 | indent_style = space 23 | indent_size = 4 24 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | * text=auto eol=lf 2 | *.sops.* diff=sopsdiffer 3 | *.sops.toml linguist-language=JSON 4 | *.yaml.j2 linguist-language=YAML 5 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | # https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners 2 | * @rafaribe 3 | -------------------------------------------------------------------------------- /.github/linters/.flake8: -------------------------------------------------------------------------------- 1 | [flake8] 2 | max-line-length = 120 3 | -------------------------------------------------------------------------------- /.github/linters/.prettierignore: -------------------------------------------------------------------------------- 1 | .direnv 2 | .private 3 | .vscode/ 4 | *.sops.* 5 | ansible/roles/xanmanning.k3s/ 6 | gotk-components.yaml 7 | docs/ 8 | kubernetes/charts/ 9 | -------------------------------------------------------------------------------- /.github/linters/.prettierrc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | trailingComma: "es5" 3 | tabWidth: 2 4 | semi: false 5 | singleQuote: false 6 | bracketSpacing: false 7 | useTabs: false 8 | -------------------------------------------------------------------------------- /.github/linters/.yamlfmt: -------------------------------------------------------------------------------- 1 | --- 2 | exclude: 3 | - .github/linters/ 4 | -------------------------------------------------------------------------------- /.github/linters/.yamllint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | ignore: | 3 | .vscode/ 4 | **/gotk-components.yaml 5 | ansible/ 6 | *.sops.* 7 | gotk-components.yaml 8 | .github/scripts/.deprecated/ 9 | extends: default 10 | 11 | rules: 12 | truthy: 13 | allowed-values: ["true", "false", "on"] 14 | 15 | comments: 16 | min-spaces-from-content: 1 17 | 18 | line-length: disable 19 | 20 | braces: 21 | min-spaces-inside: 0 22 | max-spaces-inside: 1 23 | 24 | brackets: 25 | min-spaces-inside: 0 26 | max-spaces-inside: 0 27 | 28 | indentation: enable 29 | -------------------------------------------------------------------------------- /.github/linters/kubelinter.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Please refer to the Kubelinter docs for more information: 3 | # https://docs.kubelinter.io/#/generated/templates 4 | checks: 5 | addAllBuiltIn: true 6 | -------------------------------------------------------------------------------- /.github/markdown-link-check_config.json: -------------------------------------------------------------------------------- 1 | { 2 | "ignorePatterns": [ 3 | { 4 | "pattern": "^(\\.\\.\\/)+.*", 5 | "reason": "Skip relative URL's" 6 | } 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /.github/mkdocs/requirements.txt: -------------------------------------------------------------------------------- 1 | mkdocs-git-revision-date-localized-plugin==1.4.7 2 | mkdocs-material==9.6.14 3 | mkdocs-autolinks-plugin==0.7.1 4 | mkdocs-diagrams==1.0.0 5 | mkdocs-glightbox 6 | -------------------------------------------------------------------------------- /.github/release.yaml: -------------------------------------------------------------------------------- 1 | changelog: 2 | exclude: 3 | authors: 4 | - naoki-bot 5 | - naoki-bot[bot] 6 | -------------------------------------------------------------------------------- /.github/renovate/allowedVersions.json5: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "packageRules": [ 4 | { 5 | "matchDatasources": ["docker"], 6 | "matchPackagePatterns": ["kopia"], 7 | "allowedVersions": "<999" 8 | }, 9 | { 10 | "matchDatasources": ["docker"], 11 | "matchPackagePatterns": ["postgresql"], 12 | "allowedVersions": "<=17" 13 | } 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /.github/renovate/clusters.json5: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "packageRules": [ 4 | { 5 | "description": ["Separate PRs for main cluster"], 6 | "matchFileNames": ["**/kubernetes/main/**"], 7 | "additionalBranchPrefix": "main-" 8 | }, 9 | { 10 | "description": "Separate PRs for utility cluster", 11 | "matchFileNames": ["**/kubernetes/utility/**"], 12 | "additionalBranchPrefix": "utility-" 13 | } 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /.github/renovate/commitMessage.json5: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "commitMessageTopic": "{{depName}}", 4 | "commitMessageExtra": "to {{newVersion}}", 5 | "commitMessageSuffix": "", 6 | "packageRules": [ 7 | { 8 | "matchDatasources": ["helm"], 9 | "commitMessageTopic": "chart {{depName}}" 10 | }, 11 | { 12 | "matchDatasources": ["docker"], 13 | "commitMessageTopic": "image {{depName}}" 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /.github/scripts/.gitignore: -------------------------------------------------------------------------------- 1 | venv/ 2 | restic/ 3 | -------------------------------------------------------------------------------- /.github/scripts/rook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: [] 5 | -------------------------------------------------------------------------------- /.sops.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | creation_rules: 3 | - path_regex: .*sops.ya?ml 4 | age: >- 5 | age13c3lp878r5pt8lagcmewv6djmqac576gussyhwgv2h3a0nw9k5dq4p8erj 6 | 7 | - path_regex: kubernetes/.*\.ya?ml 8 | encrypted_regex: ^(data|stringData)$ 9 | age: >- 10 | age13c3lp878r5pt8lagcmewv6djmqac576gussyhwgv2h3a0nw9k5dq4p8erj 11 | - path_regex: terraform/.*\.env 12 | age: >- 13 | age13c3lp878r5pt8lagcmewv6djmqac576gussyhwgv2h3a0nw9k5dq4p8erj 14 | -------------------------------------------------------------------------------- /.taskfiles/Rook/scripts/wait-for-job.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | JOB=$1 4 | NAMESPACE="${2:-default}" 5 | CLUSTER="${3:-main}" 6 | 7 | [[ -z "${JOB}" ]] && echo "Job name not specified" && exit 1 8 | while true; do 9 | STATUS="$(kubectl --context "${CLUSTER}" -n "${NAMESPACE}" get pod -l job-name="${JOB}" -o jsonpath='{.items[*].status.phase}')" 10 | if [ "${STATUS}" == "Pending" ]; then 11 | break 12 | fi 13 | sleep 1 14 | done 15 | -------------------------------------------------------------------------------- /.taskfiles/VolSync/scripts/wait-for-job.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | JOB=$1 4 | NAMESPACE="${2:-default}" 5 | CLUSTER="${3:-main}" 6 | 7 | [[ -z "${JOB}" ]] && echo "Job name not specified" && exit 1 8 | while true; do 9 | STATUS="$(kubectl --context "${CLUSTER}" -n "${NAMESPACE}" get pod -l job-name="${JOB}" -o jsonpath='{.items[*].status.phase}')" 10 | if [ "${STATUS}" == "Pending" ]; then 11 | break 12 | fi 13 | sleep 1 14 | done 15 | -------------------------------------------------------------------------------- /.taskfiles/VolSync/templates/list.tmpl.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: batch/v1 3 | kind: Job 4 | metadata: 5 | name: ${job} 6 | namespace: ${ns} 7 | spec: 8 | ttlSecondsAfterFinished: 3600 9 | template: 10 | spec: 11 | automountServiceAccountToken: false 12 | restartPolicy: OnFailure 13 | containers: 14 | - name: main 15 | image: docker.io/restic/restic:0.18.0 16 | args: ["snapshots"] 17 | envFrom: 18 | - secretRef: 19 | name: ${app}-volsync 20 | resources: {} 21 | -------------------------------------------------------------------------------- /.vscode/extension.json: -------------------------------------------------------------------------------- 1 | { 2 | "recommendations": [ 3 | "HashiCorp.terraform", 4 | "britesnow.vscode-toggle-quotes", 5 | "mitchdenny.ecdc", 6 | "ms-kubernetes-tools.vscode-kubernetes-tools", 7 | "oderwat.indent-rainbow", 8 | "redhat.ansible", 9 | "signageos.signageos-vscode-sops", 10 | "usernamehw.errorlens", 11 | "fcrespo82.markdown-table-formatter", 12 | "mrmlnc.vscode-json5", 13 | "tamasfe.even-better-toml" 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /docs/src/SUMMARY.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | 3 | # Welcome 4 | 5 | --- 6 | 7 | - [Introduction](index.md) 8 | 9 | # Basement Notes 10 | -------------------------------------------------------------------------------- /docs/src/general/virtualmachines.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rafaribe/home-ops/4f65d9a86f89ebca6e6b53ae87654b09f43dc738/docs/src/general/virtualmachines.md -------------------------------------------------------------------------------- /docs/src/images/20230311_192241.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rafaribe/home-ops/4f65d9a86f89ebca6e6b53ae87654b09f43dc738/docs/src/images/20230311_192241.jpg -------------------------------------------------------------------------------- /docs/src/images/20230311_192246.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rafaribe/home-ops/4f65d9a86f89ebca6e6b53ae87654b09f43dc738/docs/src/images/20230311_192246.jpg -------------------------------------------------------------------------------- /docs/src/images/20230311_192255.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rafaribe/home-ops/4f65d9a86f89ebca6e6b53ae87654b09f43dc738/docs/src/images/20230311_192255.jpg -------------------------------------------------------------------------------- /docs/src/images/ansible-diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rafaribe/home-ops/4f65d9a86f89ebca6e6b53ae87654b09f43dc738/docs/src/images/ansible-diagram.png -------------------------------------------------------------------------------- /docs/src/images/cilium.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rafaribe/home-ops/4f65d9a86f89ebca6e6b53ae87654b09f43dc738/docs/src/images/cilium.png -------------------------------------------------------------------------------- /docs/src/images/crossplane-stacked-color.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rafaribe/home-ops/4f65d9a86f89ebca6e6b53ae87654b09f43dc738/docs/src/images/crossplane-stacked-color.png -------------------------------------------------------------------------------- /docs/src/images/flux-horizontal-color.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rafaribe/home-ops/4f65d9a86f89ebca6e6b53ae87654b09f43dc738/docs/src/images/flux-horizontal-color.png -------------------------------------------------------------------------------- /docs/src/images/homelab.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rafaribe/home-ops/4f65d9a86f89ebca6e6b53ae87654b09f43dc738/docs/src/images/homelab.jpg -------------------------------------------------------------------------------- /docs/src/images/k3s.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rafaribe/home-ops/4f65d9a86f89ebca6e6b53ae87654b09f43dc738/docs/src/images/k3s.png -------------------------------------------------------------------------------- /docs/src/images/karma.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rafaribe/home-ops/4f65d9a86f89ebca6e6b53ae87654b09f43dc738/docs/src/images/karma.ico -------------------------------------------------------------------------------- /docs/src/images/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rafaribe/home-ops/4f65d9a86f89ebca6e6b53ae87654b09f43dc738/docs/src/images/logo.png -------------------------------------------------------------------------------- /docs/src/images/mkdocs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rafaribe/home-ops/4f65d9a86f89ebca6e6b53ae87654b09f43dc738/docs/src/images/mkdocs.png -------------------------------------------------------------------------------- /docs/src/images/proxmox_overview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rafaribe/home-ops/4f65d9a86f89ebca6e6b53ae87654b09f43dc738/docs/src/images/proxmox_overview.png -------------------------------------------------------------------------------- /docs/src/images/truenas-garage.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rafaribe/home-ops/4f65d9a86f89ebca6e6b53ae87654b09f43dc738/docs/src/images/truenas-garage.jpg -------------------------------------------------------------------------------- /docs/src/images/truenas-logo.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /docs/src/images/ubuntu-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rafaribe/home-ops/4f65d9a86f89ebca6e6b53ae87654b09f43dc738/docs/src/images/ubuntu-logo.png -------------------------------------------------------------------------------- /docs/src/infrastructure/sidero.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rafaribe/home-ops/4f65d9a86f89ebca6e6b53ae87654b09f43dc738/docs/src/infrastructure/sidero.md -------------------------------------------------------------------------------- /docs/src/infrastructure/terraform.md: -------------------------------------------------------------------------------- 1 | --- 2 | hide: 3 | - toc 4 | --- 5 | # Terraform 6 | -------------------------------------------------------------------------------- /infrastructure/terraform/authentik/data.tf: -------------------------------------------------------------------------------- 1 | data "sops_file" "authentik-secrets" { 2 | source_file = "../terraform.sops.yaml" 3 | } -------------------------------------------------------------------------------- /infrastructure/terraform/authentik/groups.tf: -------------------------------------------------------------------------------- 1 | resource "authentik_group" "grafana_admin" { 2 | name = "grafana_admin" 3 | } 4 | -------------------------------------------------------------------------------- /infrastructure/terraform/authentik/locals.tf: -------------------------------------------------------------------------------- 1 | 2 | locals { 3 | external_host = data.sops_file.authentik-secrets.data["authentik_external_host"] 4 | } -------------------------------------------------------------------------------- /infrastructure/terraform/authentik/modules/oidc/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | 3 | required_providers { 4 | authentik = { 5 | source = "goauthentik/authentik" 6 | version = "2025.4.0" 7 | configuration_aliases = [authentik] 8 | } 9 | 10 | random = { 11 | source = "hashicorp/random" 12 | version = "3.7.2" 13 | } 14 | akeyless = { 15 | version = ">= 1.0.0" 16 | source = "akeyless-community/akeyless" 17 | } 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /infrastructure/terraform/authentik/modules/oidc/outputs.tf: -------------------------------------------------------------------------------- 1 | output "client_id" { 2 | sensitive = true 3 | value = random_id.this.dec 4 | } 5 | 6 | output "client_secret" { 7 | sensitive = true 8 | value = random_password.this.result 9 | } 10 | -------------------------------------------------------------------------------- /infrastructure/terraform/authentik/modules/oidc/secret.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | akeyless_secret_path = "/${var.authentik_oidc_application_name}/oidc" 3 | } 4 | 5 | resource "akeyless_static_secret" "oidc_secret" { 6 | count = var.create_akeyless_secret ? 1 : 0 7 | path = local.akeyless_secret_path 8 | format = "json" 9 | value = jsonencode({ 10 | OIDC_CLIENT_ID = random_id.this.dec 11 | OIDC_CLIENT_SECRET = random_password.this.result 12 | }) 13 | } 14 | -------------------------------------------------------------------------------- /infrastructure/terraform/authentik/modules/proxy/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | 3 | required_providers { 4 | authentik = { 5 | source = "goauthentik/authentik" 6 | version = "2025.4.0" 7 | configuration_aliases = [authentik] 8 | } 9 | random = { 10 | source = "hashicorp/random" 11 | version = "3.7.2" 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /infrastructure/terraform/authentik/modules/proxy/outputs.tf: -------------------------------------------------------------------------------- 1 | output "proxy_provider_id" { 2 | value = authentik_provider_proxy.this.id 3 | } 4 | -------------------------------------------------------------------------------- /infrastructure/terraform/authentik/outputs.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | oidc_applications = { 3 | for k, v in module.oidc : k => { 4 | client_id = v.client_id 5 | client_secret = v.client_secret 6 | } 7 | } 8 | } 9 | 10 | output "all_oidc_applications" { 11 | value = local.oidc_applications 12 | sensitive = true 13 | } 14 | -------------------------------------------------------------------------------- /infrastructure/terraform/authentik/provider.tf: -------------------------------------------------------------------------------- 1 | provider "authentik" { 2 | url = data.sops_file.authentik-secrets.data["authentik_api_url"] 3 | token = data.sops_file.authentik-secrets.data["authentik_api_token"] 4 | } 5 | provider "akeyless" { 6 | api_gateway_address = "https://api.akeyless.io" 7 | 8 | api_key_login { 9 | access_id = data.sops_file.authentik-secrets.data["akeyless_access_id"] 10 | access_key = data.sops_file.authentik-secrets.data["akeyless_access_secret"] 11 | } 12 | } -------------------------------------------------------------------------------- /infrastructure/terraform/authentik/proxy.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | proxy = [ 3 | ] 4 | } 5 | 6 | module "proxy" { 7 | 8 | for_each = { for proxy in local.proxy : proxy.authentik_proxy_application_name => proxy } 9 | 10 | source = "./modules/proxy" 11 | 12 | providers = { 13 | authentik = authentik 14 | } 15 | 16 | authentik_proxy_application_name = each.value.authentik_proxy_application_name 17 | authentik_proxy_application_icon_url = each.value.authentik_proxy_application_icon_url 18 | authentik_proxy_external_host = each.value.authentik_proxy_external_host 19 | } 20 | -------------------------------------------------------------------------------- /infrastructure/terraform/authentik/readme.md: -------------------------------------------------------------------------------- 1 | # Set -------------------------------------------------------------------------------- /infrastructure/terraform/authentik/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rafaribe/home-ops/4f65d9a86f89ebca6e6b53ae87654b09f43dc738/infrastructure/terraform/authentik/variables.tf -------------------------------------------------------------------------------- /infrastructure/terraform/cloudflare/providers.tf: -------------------------------------------------------------------------------- 1 | provider "cloudflare" { 2 | api_token = var.cloudflare_api_token 3 | } 4 | -------------------------------------------------------------------------------- /infrastructure/terraform/cloudflare/readme.md: -------------------------------------------------------------------------------- 1 | # Terraform - Cloudflare 2 | 3 | ```sh 4 | export $(sops -d .env) && tf plan 5 | ``` 6 | -------------------------------------------------------------------------------- /infrastructure/terraform/cloudflare/tunnel.tf: -------------------------------------------------------------------------------- 1 | resource "random_bytes" "tunnel_secret" { 2 | length = 32 3 | } 4 | 5 | resource "cloudflare_tunnel" "tunnel" { 6 | account_id = var.cloudflare_account_id 7 | name = "home-ops" 8 | secret = random_bytes.tunnel_secret.base64 9 | } 10 | 11 | output "tunnel_secret" { 12 | value = random_bytes.tunnel_secret.base64 13 | } 14 | -------------------------------------------------------------------------------- /infrastructure/terraform/cloudflare/variables.tf: -------------------------------------------------------------------------------- 1 | variable "cloudflare_account_id" { 2 | type = string 3 | description = "Cloudflare Account ID" 4 | } 5 | variable "cloudflare_email" { 6 | type = string 7 | description = "Cloudflare Email Address" 8 | } 9 | variable "cloudflare_api_token" { 10 | type = string 11 | description = "Cloudflare Account API Token" 12 | } 13 | variable "cloudflare_domain_com" { 14 | type = string 15 | description = "My .com domain" 16 | } 17 | -------------------------------------------------------------------------------- /infrastructure/terraform/proxmox/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | nix_nodes = { 3 | "nix" = { 4 | cpu = 2 5 | sockets = 1 6 | memory = 2048 7 | } 8 | 9 | } 10 | 11 | talos_nodes = { 12 | "utils-1" = { 13 | cpu = 2 14 | sockets = 1 15 | memory = 8192 16 | } 17 | } 18 | proxmox_node_name = "router" 19 | 20 | password = data.sops_file.secrets.data["proxmox_password"] 21 | } 22 | -------------------------------------------------------------------------------- /infrastructure/terraform/proxmox/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "terraform-state" 4 | key = "proxmox/terraform.tfstate" 5 | region = "us-east-1" 6 | 7 | skip_credentials_validation = true 8 | skip_metadata_api_check = true 9 | skip_region_validation = true 10 | skip_requesting_account_id = true 11 | use_path_style = true 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /infrastructure/terraform/proxmox/nodes.tf: -------------------------------------------------------------------------------- 1 | # Retrieve all nodes 2 | data "proxmox_virtual_environment_nodes" "available_nodes" {} 3 | -------------------------------------------------------------------------------- /infrastructure/terraform/proxmox/output.tf: -------------------------------------------------------------------------------- 1 | output "all_nodes" { 2 | value = data.proxmox_virtual_environment_nodes.available_nodes.names 3 | } 4 | -------------------------------------------------------------------------------- /infrastructure/terraform/proxmox/time.tf: -------------------------------------------------------------------------------- 1 | resource "proxmox_virtual_environment_time" "first_node_time" { 2 | for_each = toset(data.proxmox_virtual_environment_nodes.available_nodes.names) 3 | node_name = each.key 4 | time_zone = "GMT" 5 | } 6 | -------------------------------------------------------------------------------- /infrastructure/terraform/proxmox/virtualmachines/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | boot_order = var.network_boot ? ["net0", "scsi0"] : ["scsi0", "ide3", "net0"] 3 | cdrom_config = var.network_boot ? { enabled = false } : { 4 | enabled = true 5 | file_id = var.iso_id 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /infrastructure/terraform/proxmox/virtualmachines/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | 3 | required_providers { 4 | proxmox = { 5 | source = "bpg/proxmox" 6 | version = "0.78.0" 7 | } 8 | tls = { 9 | source = "hashicorp/tls" 10 | version = "4.1.0" 11 | } 12 | random = { 13 | source = "hashicorp/random" 14 | version = "3.7.2" 15 | } 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /infrastructure/terraform/proxmox/virtualmachines/outputs.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rafaribe/home-ops/4f65d9a86f89ebca6e6b53ae87654b09f43dc738/infrastructure/terraform/proxmox/virtualmachines/outputs.tf -------------------------------------------------------------------------------- /infrastructure/terraform/servarr/backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "terraform-state" 4 | key = "servarr/terraform.tfstate" 5 | region = "us-east-1" 6 | 7 | skip_credentials_validation = true 8 | skip_metadata_api_check = true 9 | skip_region_validation = true 10 | skip_requesting_account_id = true 11 | use_path_style = true 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /infrastructure/terraform/talos/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "terraform-state" 4 | key = "talos/terraform.tfstate" 5 | region = "us-east-1" 6 | 7 | skip_credentials_validation = true 8 | skip_metadata_api_check = true 9 | skip_region_validation = true 10 | skip_requesting_account_id = true 11 | use_path_style = true 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /infrastructure/terraform/talos/output.tf: -------------------------------------------------------------------------------- 1 | 2 | output "talosconfig" { 3 | value = data.talos_client_configuration.talosconfig.talos_config 4 | sensitive = true 5 | } 6 | output "kubeconfig" { 7 | value = talos_cluster_kubeconfig.kubeconfig.kubeconfig_raw 8 | sensitive = true 9 | } 10 | -------------------------------------------------------------------------------- /infrastructure/terraform/talos/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | sops = { 4 | source = "carlpett/sops" 5 | version = "1.2.0" 6 | } 7 | talos = { 8 | source = "siderolabs/talos" 9 | version = "0.8.1" 10 | } 11 | } 12 | } 13 | data "sops_file" "secrets" { 14 | source_file = "../terraform.sops.yaml" 15 | } 16 | -------------------------------------------------------------------------------- /infrastructure/terraform/talos/variables.tf: -------------------------------------------------------------------------------- 1 | variable "cluster_name" { 2 | type = string 3 | default = "home-tools" 4 | } 5 | 6 | variable "default_gateway" { 7 | type = string 8 | default = "10.0.0.1" 9 | } 10 | 11 | variable "talos_cp_01_ip_addr" { 12 | type = string 13 | default = "10.0.0.13" 14 | } 15 | -------------------------------------------------------------------------------- /kubernetes/main/apps/actions-runner-system/actions-runner-controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ./helmrelease.yaml 5 | - ./externalsecret.yaml 6 | - ./podmonitor.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/actions-runner-system/actions-runner-controller/app/podmonitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PodMonitor 4 | metadata: 5 | name: github-runner-controller 6 | namespace: actions-runner-system 7 | spec: 8 | podMetricsEndpoints: 9 | - interval: 15s 10 | path: /metrics 11 | targetPort: 8080 12 | selector: 13 | matchLabels: 14 | app.kubernetes.io/name: gha-rs-controller 15 | namespaceSelector: 16 | matchNames: 17 | - actions-runner-system 18 | -------------------------------------------------------------------------------- /kubernetes/main/apps/actions-runner-system/actions-runner-controller/runners/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: actions-runner-system 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./pvc.yaml 7 | - ./podmonitor.yaml 8 | - ./rbac.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/main/apps/actions-runner-system/actions-runner-controller/runners/podmonitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PodMonitor 4 | metadata: 5 | name: github-runner-listeners 6 | namespace: actions-runner-system 7 | spec: 8 | podMetricsEndpoints: 9 | - interval: 15s 10 | path: /metrics 11 | targetPort: 8080 12 | selector: 13 | matchLabels: 14 | app.kubernetes.io/component: runner-scale-set-listener 15 | namespaceSelector: 16 | matchNames: 17 | - actions-runner-system 18 | -------------------------------------------------------------------------------- /kubernetes/main/apps/actions-runner-system/actions-runner-controller/runners/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: actions-runner-controller-cache 6 | labels: 7 | excluded_from_alerts: "true" 8 | spec: 9 | accessModes: 10 | - ReadWriteOnce 11 | resources: 12 | requests: 13 | storage: 20Gi 14 | storageClassName: ceph-block 15 | -------------------------------------------------------------------------------- /kubernetes/main/apps/actions-runner-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ./namespace.yaml 5 | - ./actions-runner-controller/ks.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/main/apps/ai/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./open-webui/ks.yaml 10 | - ./ollama/ks.yaml 11 | - ./paperless-ai/ks.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/main/apps/ai/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: ai 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | volsync.backube/privileged-movers: "true" -------------------------------------------------------------------------------- /kubernetes/main/apps/ai/ollama/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./pvc.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/ai/ollama/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: ollama-models 6 | spec: 7 | accessModes: 8 | - ReadWriteOnce 9 | resources: 10 | requests: 11 | storage: 100Gi 12 | storageClassName: ceph-block 13 | -------------------------------------------------------------------------------- /kubernetes/main/apps/ai/ollama/dns-router/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kochhaus-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &app ollama-dns-router 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: akeyless-secret-store 11 | target: 12 | name: *app 13 | template: 14 | data: 15 | PIHOLE_API_KEY: "{{ .PIHOLE_API_KEY }}" 16 | 17 | dataFrom: 18 | - extract: 19 | key: /pihole 20 | -------------------------------------------------------------------------------- /kubernetes/main/apps/ai/ollama/dns-router/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/main/apps/ai/open-webui/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/ai/paperless-ai/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema: https://kochhaus-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &app paperless-ai 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: akeyless-secret-store 11 | target: 12 | name: *app 13 | template: 14 | data: 15 | PAPERLESS_API_TOKEN: "{{ .PAPERLESS_API_KEY }}" 16 | dataFrom: 17 | - extract: 18 | key: /paperless 19 | -------------------------------------------------------------------------------- /kubernetes/main/apps/ai/paperless-ai/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/cert-manager/cert-manager/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - helmrelease.yaml 5 | - prometheus-rule.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/main/apps/cert-manager/cert-manager/issuers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - letsencrypt-production.yaml 5 | - letsencrypt-staging.yaml 6 | #- cloudflare-token.yaml 7 | - externalsecrets.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/cert-manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./namespace.yaml 6 | - ./cert-manager/ks.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/cert-manager/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: automation 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/downloads/autobrr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/downloads/bazarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./externalsecret.yaml 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: bazarr-scripts 9 | files: 10 | - subcleaner.sh=./resources/subcleaner.sh 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | -------------------------------------------------------------------------------- /kubernetes/main/apps/downloads/bazarr/whisper/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./pvc.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/downloads/bazarr/whisper/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: whisper 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 5Gi 11 | storageClassName: ceph-block 12 | -------------------------------------------------------------------------------- /kubernetes/main/apps/downloads/common/pvc/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./pvc.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/main/apps/downloads/common/pvc/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: ceph-media 6 | spec: 7 | accessModes: ["ReadWriteMany"] 8 | resources: 9 | requests: 10 | storage: 1024Gi 11 | storageClassName: ceph-filesystem 12 | -------------------------------------------------------------------------------- /kubernetes/main/apps/downloads/cross-seed/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./externalsecret.yaml -------------------------------------------------------------------------------- /kubernetes/main/apps/downloads/dashbrr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | configMapGenerator: 9 | - name: dashbrr-config 10 | files: 11 | - ./resources/config.toml 12 | options: 13 | annotations: 14 | kustomize.toolkit.fluxcd.io/substitute: disabled 15 | generatorOptions: 16 | disableNameSuffixHash: true 17 | -------------------------------------------------------------------------------- /kubernetes/main/apps/downloads/dashbrr/app/resources/config.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rafaribe/home-ops/4f65d9a86f89ebca6e6b53ae87654b09f43dc738/kubernetes/main/apps/downloads/dashbrr/app/resources/config.toml -------------------------------------------------------------------------------- /kubernetes/main/apps/downloads/flaresolverr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/main/apps/downloads/kapowarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/downloads/lidarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/main/apps/downloads/metube/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/downloads/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: downloads 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/main/apps/downloads/omegabrr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | configMapGenerator: 9 | - name: omegabrr-configmap 10 | files: 11 | - ./resources/config.yaml 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/main/apps/downloads/prowlarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/downloads/qbittorrent/app/resources/lokirule.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | groups: 3 | - name: qbittorrent 4 | rules: 5 | - alert: QbittorrentFastResumeRejected 6 | expr: | 7 | sum by (app) (count_over_time({app="qbittorrent"} |~ "(?i)fast resume rejected"[1h])) > 0 8 | for: 2m 9 | labels: 10 | severity: critical 11 | category: logs 12 | annotations: 13 | app: "{{ $labels.container }}" 14 | summary: "{{ $labels.container }} has a torrent with fast resume rejected" 15 | -------------------------------------------------------------------------------- /kubernetes/main/apps/downloads/qbittorrent/private/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: qbittorrent-loki-rules 9 | files: 10 | - qbittorrent.yaml=./resources/lokirule.yaml 11 | options: 12 | labels: 13 | loki_rule: "true" 14 | 15 | generatorOptions: 16 | disableNameSuffixHash: true 17 | -------------------------------------------------------------------------------- /kubernetes/main/apps/downloads/qbittorrent/private/resources/lokirule.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | groups: 3 | - name: qbittorrent 4 | rules: 5 | - alert: QbittorrentFastResumeRejected 6 | expr: | 7 | sum by (app) (count_over_time({app="qbittorrent"} |~ "(?i)fast resume rejected"[1h])) > 0 8 | for: 2m 9 | labels: 10 | severity: critical 11 | category: logs 12 | annotations: 13 | app: "{{ $labels.container }}" 14 | summary: "{{ $labels.container }} has a torrent with fast resume rejected" 15 | -------------------------------------------------------------------------------- /kubernetes/main/apps/downloads/qbittorrent/tools/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: downloads 6 | resources: 7 | - ./helmrelease.yaml 8 | - ./secret.yaml 9 | generatorOptions: 10 | disableNameSuffixHash: true 11 | -------------------------------------------------------------------------------- /kubernetes/main/apps/downloads/radarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/downloads/readarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./externalsecret.yaml 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/downloads/recyclarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | configMapGenerator: 9 | - name: recyclarr-configmap 10 | files: 11 | - config/recyclarr.yml 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | annotations: 15 | kustomize.toolkit.fluxcd.io/substitute: disabled 16 | -------------------------------------------------------------------------------- /kubernetes/main/apps/downloads/sabnzbd/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | configMapGenerator: 9 | - name: sabnzbd-scripts 10 | files: 11 | - post-process.sh=./resources/post-process.sh 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | annotations: 15 | kustomize.toolkit.fluxcd.io/substitute: disabled 16 | -------------------------------------------------------------------------------- /kubernetes/main/apps/downloads/sonarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: media 6 | resources: 7 | - ./externalsecret.yaml 8 | - ./helmrelease.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/main/apps/external-secrets/external-secrets/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | metadata: 8 | namespace: external-secrets 9 | -------------------------------------------------------------------------------- /kubernetes/main/apps/external-secrets/external-secrets/stores/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | #- ./secret.sops.yaml # apply manually 6 | - ./clustersecretstore.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/external-secrets/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./external-secrets/ks.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/main/apps/flux-system/addons/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./monitoring 7 | - ./notifications 8 | - ./webhooks 9 | -------------------------------------------------------------------------------- /kubernetes/main/apps/flux-system/addons/app/monitoring/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: flux-system 6 | resources: 7 | - ./podmonitor.yaml 8 | - ./prometheusrule.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/main/apps/flux-system/addons/app/notifications/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./notification.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/flux-system/addons/app/webhooks/github/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./ingress.yaml 7 | - ./receiver.yaml 8 | - ./externalsecret.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/main/apps/flux-system/addons/app/webhooks/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./github 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/flux-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./addons/ks.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/main/apps/home/go2rtc/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: go2rtc-configmap 9 | files: 10 | - go2rtc.yaml=./config/go2rtc.yaml 11 | generatorOptions: 12 | disableNameSuffixHash: true -------------------------------------------------------------------------------- /kubernetes/main/apps/home/home-assistant/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1 3 | kind: ExternalSecret 4 | metadata: 5 | name: &name home-assistant 6 | spec: 7 | secretStoreRef: 8 | kind: ClusterSecretStore 9 | name: akeyless-secret-store 10 | target: 11 | name: *name 12 | dataFrom: 13 | - extract: 14 | key: /hass 15 | -------------------------------------------------------------------------------- /kubernetes/main/apps/home/home-assistant/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./keys.yaml 8 | - ./externalsecret.yaml 9 | - ./podmonitor.yaml 10 | - ./pvc.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/main/apps/home/home-assistant/app/podmonitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PodMonitor 4 | metadata: 5 | name: home-assistant 6 | namespace: home 7 | spec: 8 | podMetricsEndpoints: 9 | - interval: 1m 10 | path: /api/prometheus 11 | port: http 12 | scrapeTimeout: 30s 13 | bearerTokenSecret: 14 | name: home-assistant 15 | key: PROMETHEUS_TOKEN 16 | selector: 17 | matchLabels: 18 | app.kubernetes.io/instance: home-assistant 19 | app.kubernetes.io/name: home-assistant 20 | -------------------------------------------------------------------------------- /kubernetes/main/apps/home/home-assistant/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: hass-cache 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 1Gi 11 | storageClassName: ceph-block 12 | -------------------------------------------------------------------------------- /kubernetes/main/apps/home/immich/database/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./cluster.yaml 6 | - ./externalsecret.yaml 7 | - ./scheduledbackup.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/home/immich/database/scheduledbackup.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/postgresql.cnpg.io/scheduledbackup_v1.json 3 | apiVersion: postgresql.cnpg.io/v1 4 | kind: ScheduledBackup 5 | metadata: 6 | name: immich-daily-backup 7 | spec: 8 | schedule: "@daily" 9 | immediate: true 10 | backupOwnerReference: self 11 | cluster: 12 | name: immich-db 13 | -------------------------------------------------------------------------------- /kubernetes/main/apps/home/immich/machine-learning/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/main/apps/home/immich/microservices/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/main/apps/home/immich/server/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/main/apps/home/immich/shared/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./configmap.yaml 6 | - ./externalsecret.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/home/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./home-assistant/ks.yaml 10 | - ./immich/ks.yaml 11 | - ./node-red/ks.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/main/apps/home/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: home 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/main/apps/home/node-red/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | configMapGenerator: 9 | - name: node-red-configmap 10 | files: 11 | - config/settings.js 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | annotations: 15 | kustomize.toolkit.fluxcd.io/substitute: disabled 16 | -------------------------------------------------------------------------------- /kubernetes/main/apps/kube-system/cilium/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: kube-system 5 | resources: 6 | - helmrelease.yaml 7 | 8 | configMapGenerator: 9 | - name: cilium-values 10 | files: 11 | - values.yaml=./values.yaml 12 | 13 | configurations: 14 | - kustomizeconfig.yaml 15 | -------------------------------------------------------------------------------- /kubernetes/main/apps/kube-system/cilium/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | nameReference: 2 | - kind: ConfigMap 3 | version: v1 4 | fieldSpecs: 5 | - path: spec/valuesFrom/name 6 | kind: HelmRelease 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/kube-system/cilium/config/ip-pools.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "cilium.io/v2alpha1" 2 | kind: CiliumLoadBalancerIPPool 3 | metadata: 4 | name: "load-balancer-ip-pool" 5 | spec: 6 | blocks: 7 | - start: "10.0.1.100" 8 | stop: "10.0.1.120" 9 | -------------------------------------------------------------------------------- /kubernetes/main/apps/kube-system/cilium/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # - bgp.yaml 6 | - ip-pools.yaml 7 | - l2-policy.yaml 8 | - cronjob.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/main/apps/kube-system/cilium/config/l2-policy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/cilium.io/ciliuml2announcementpolicy_v2alpha1.json 3 | apiVersion: cilium.io/v2alpha1 4 | kind: CiliumL2AnnouncementPolicy 5 | metadata: 6 | name: l2-policy 7 | spec: 8 | loadBalancerIPs: true 9 | # interfaces: 10 | # - ^eth[0-9]+ 11 | nodeSelector: 12 | matchLabels: 13 | kubernetes.io/os: linux 14 | -------------------------------------------------------------------------------- /kubernetes/main/apps/kube-system/cilium/gateway/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./certificate.yaml 7 | - ./crds.yaml 8 | - ./external.yaml 9 | - ./internal.yaml 10 | - ./redirect.yaml 11 | - ./pushsecret.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/main/apps/kube-system/coredns/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: coredns-values 9 | files: 10 | - values.yaml=./helm-values.yaml 11 | configurations: 12 | - kustomizeconfig.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/main/apps/kube-system/coredns/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/kube-system/kubelet-csr-approver/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | 8 | configMapGenerator: 9 | - name: kubelet-csr-approver-values 10 | files: 11 | - values.yaml=./values.yaml 12 | 13 | configurations: 14 | - kustomizeconfig.yaml 15 | -------------------------------------------------------------------------------- /kubernetes/main/apps/kube-system/kubelet-csr-approver/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/kube-system/kubelet-csr-approver/app/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | providerRegex: | 3 | ^.*$ 4 | 5 | bypassDnsResolution: true -------------------------------------------------------------------------------- /kubernetes/main/apps/kube-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Pre Flux-Kustomizations 6 | - ./namespace.yaml 7 | # Flux-Kustomizations 8 | - ./cilium/ks.yaml 9 | - ./coredns/ks.yaml 10 | - ./kubelet-csr-approver/ks.yaml 11 | - ./metrics-server/ks.yaml 12 | - ./spegel/ks.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/main/apps/kube-system/metrics-server/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-system 6 | resources: 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/kube-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: kube-system 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/main/apps/kube-system/spegel/app/helm-values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | spegel: 3 | containerdSock: /run/containerd/containerd.sock 4 | containerdRegistryConfigPath: /etc/cri/conf.d/hosts 5 | service: 6 | registry: 7 | hostPort: 29999 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/kube-system/spegel/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: spegel-values 9 | files: 10 | - values.yaml=./helm-values.yaml 11 | configurations: 12 | - kustomizeconfig.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/main/apps/kube-system/spegel/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/kube-system/spegel/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: kube-system-spegel 6 | namespace: flux-system 7 | spec: 8 | targetNamespace: kube-system 9 | path: ./kubernetes/main/apps/kube-system/spegel/app 10 | prune: true 11 | sourceRef: 12 | kind: GitRepository 13 | name: home-ops 14 | wait: true 15 | interval: 30m 16 | retryInterval: 1m 17 | timeout: 5m 18 | -------------------------------------------------------------------------------- /kubernetes/main/apps/media/audiobookshelf/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: media 6 | resources: 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/media/calibre-web/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/main/apps/media/common/pvc/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./pv.yaml 6 | - ./pvc.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/media/jellyfin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: media 6 | resources: 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/media/jellyseerr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./pvc.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/main/apps/media/jellyseerr/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: jellyseerr-cache 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 15Gi 11 | storageClassName: ceph-block -------------------------------------------------------------------------------- /kubernetes/main/apps/media/kavita/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/media/komga/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/media/maintainerr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/media/media-browser/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: media 6 | resources: 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/media/navidrome/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/main/apps/media/overseerr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./pvc.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/media/overseerr/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: overseerr-cache 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 15Gi 11 | storageClassName: ceph-block 12 | -------------------------------------------------------------------------------- /kubernetes/main/apps/media/plex/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: &name plex 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: akeyless-secret-store 11 | target: 12 | name: *name 13 | dataFrom: 14 | - extract: 15 | key: /plex 16 | -------------------------------------------------------------------------------- /kubernetes/main/apps/media/plex/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./pvc.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/main/apps/media/plex/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: plex-cache 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 60Gi 11 | storageClassName: ceph-block 12 | -------------------------------------------------------------------------------- /kubernetes/main/apps/media/plex/kometa/custom/Movies - Overlays - Oscars.yml: -------------------------------------------------------------------------------- 1 | overlays: 2 | 3 | ############################ 4 | # OSCARS # 5 | ############################ 6 | 7 | Oscars: 8 | overlay: Oscars 9 | plex_search: 10 | any: 11 | collection: 12 | - Best Animated Feature Film 13 | - Best Cinematography 14 | - Best Film Editing 15 | - Best Picture 16 | - Best Sound 17 | - Best Visual Effects -------------------------------------------------------------------------------- /kubernetes/main/apps/media/plex/kometa/custom/Movies - Overlays - Stand-up.yml: -------------------------------------------------------------------------------- 1 | overlays: 2 | 3 | ############################ 4 | # STAND-UP COMEDY # 5 | ############################ 6 | 7 | Stand-up Comedy: 8 | overlay: Stand-up Comedy 9 | plex_search: 10 | all: 11 | collection: Stand-up Comedy -------------------------------------------------------------------------------- /kubernetes/main/apps/media/plex/kometa/custom/TV Shows - Overlays - Charts.yml: -------------------------------------------------------------------------------- 1 | overlays: 2 | 3 | ############################ 4 | # CHARTS # 5 | ############################ 6 | 7 | IMDb Top 250: 8 | overlay: IMDb Top 250 9 | plex_search: 10 | all: 11 | collection: IMDb Top 250 12 | TMDb Trending: 13 | overlay: TMDb Trending Alt 14 | plex_search: 15 | all: 16 | collection: TMDb Weekly Trending 17 | Trakt Trending: 18 | overlay: Trakt Trending 19 | plex_search: 20 | all: 21 | collection: Trakt Trending -------------------------------------------------------------------------------- /kubernetes/main/apps/media/plex/kometa/custom/TV Shows - Overlays - Statuses.yml: -------------------------------------------------------------------------------- 1 | overlays: 2 | 3 | ############################ 4 | # STATUSES # 5 | ############################ 6 | 7 | Cancelled: 8 | overlay: Cancelled 9 | plex_all: true 10 | filters: 11 | tmdb_status: canceled -------------------------------------------------------------------------------- /kubernetes/main/apps/media/plex/kometa/custom/TV Shows - Overlays - Studios.yml: -------------------------------------------------------------------------------- 1 | overlays: 2 | 3 | ############################ 4 | # STUDIOS # 5 | ############################ 6 | 7 | DC: 8 | overlay: DC 9 | plex_search: 10 | any: 11 | studio.is: 12 | - DC Comics 13 | - DC Entertainment 14 | Marvel: 15 | overlay: Marvel 16 | plex_search: 17 | all: 18 | studio.is: Marvel Television 19 | Marvel Studios: 20 | overlay: Marvel Studios 21 | plex_search: 22 | all: 23 | studio.is: Marvel Studios -------------------------------------------------------------------------------- /kubernetes/main/apps/media/plex/kometa/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | configMapGenerator: 9 | - name: kometa-configmap 10 | files: 11 | - ./configs/config.yml 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/main/apps/media/plex/movie-roulette/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/media/plex/plex-auto-languages/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/media/plex/plex-image-cleanup/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/media/tautulli/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./pvc.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/media/tautulli/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: tautulli-cache 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 15Gi 11 | storageClassName: ceph-block 12 | -------------------------------------------------------------------------------- /kubernetes/main/apps/media/wizarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/media/your-spotify/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/network/cloudflared/app/dnsendpoint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/externaldns.k8s.io/dnsendpoint_v1alpha1.json 3 | apiVersion: externaldns.k8s.io/v1alpha1 4 | kind: DNSEndpoint 5 | metadata: 6 | name: cloudflared 7 | spec: 8 | endpoints: 9 | - dnsName: external.rafaribe.com 10 | recordType: CNAME 11 | targets: ["${CLUSTER_CLOUDFLARE_TUNNEL_ID}.cfargotunnel.com"] 12 | -------------------------------------------------------------------------------- /kubernetes/main/apps/network/cloudflared/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./dnsendpoint.yaml 8 | - ./helmrelease.yaml 9 | configMapGenerator: 10 | - name: cloudflared-configmap 11 | files: 12 | - config.yaml=./resources/config.yaml 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | -------------------------------------------------------------------------------- /kubernetes/main/apps/network/cloudflared/app/resources/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | originRequest: 3 | originServerName: external.rafaribe.com 4 | 5 | ingress: 6 | - hostname: "rafaribe.com" 7 | service: https://external-controller.network.svc.cluster.local:443 8 | - hostname: "*.rafaribe.com" 9 | service: https://external-controller.network.svc.cluster.local:443 10 | - service: http_status:404 11 | -------------------------------------------------------------------------------- /kubernetes/main/apps/network/external-dns/bind/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/network/external-dns/cloudflare/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/network/external-dns/opnsense/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/network/external-dns/pihole/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/network/ingress-nginx/certificates/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | 5 | resources: 6 | - ./certificate.yaml 7 | - ./pushsecret.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/network/ingress-nginx/config/cloudflare-proxied-networks.txt: -------------------------------------------------------------------------------- 1 | 173.245.48.0/20\,103.21.244.0/22\,103.22.200.0/22\,103.31.4.0/22\,141.101.64.0/18\,108.162.192.0/18\,190.93.240.0/20\,188.114.96.0/20\,197.234.240.0/22\,198.41.128.0/17\,162.158.0.0/15\,104.16.0.0/13\,104.24.0.0/14\,172.64.0.0/13\,131.0.72.0/22\,2400:cb00::/32\,2606:4700::/32\,2803:f800::/32\,2405:b500::/32\,2405:8100::/32\,2a06:98c0::/29\,2c0f:f248::/32 2 | -------------------------------------------------------------------------------- /kubernetes/main/apps/network/ingress-nginx/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | 5 | configMapGenerator: 6 | - name: cloudflare-proxied-networks 7 | files: 8 | - cloudflare-proxied-networks.txt 9 | generatorOptions: 10 | disableNameSuffixHash: true 11 | -------------------------------------------------------------------------------- /kubernetes/main/apps/network/ingress-nginx/dashboards/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | 5 | configMapGenerator: 6 | - name: nginx-dashboard 7 | files: 8 | - nginx-dashboard.json=https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/grafana/dashboards/nginx.json 9 | generatorOptions: 10 | disableNameSuffixHash: true 11 | annotations: 12 | kustomize.toolkit.fluxcd.io/substitute: disabled 13 | labels: 14 | grafana_dashboard: "true" 15 | -------------------------------------------------------------------------------- /kubernetes/main/apps/network/ingress-nginx/external/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | configMapGenerator: 7 | - name: download-geolite-script 8 | files: 9 | - scripts/geolite.sh 10 | generatorOptions: 11 | disableNameSuffixHash: true 12 | annotations: 13 | kustomize.toolkit.fluxcd.io/substitute: disabled 14 | -------------------------------------------------------------------------------- /kubernetes/main/apps/network/ingress-nginx/internal/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/network/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./cloudflared/ks.yaml 10 | - ./external-dns/ks.yaml 11 | - ./ingress-nginx/ks.yaml 12 | - ./tailscale/ks.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/main/apps/network/tailscale/operator/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1 3 | kind: ExternalSecret 4 | metadata: 5 | name: &name tailscale-operator 6 | spec: 7 | secretStoreRef: 8 | kind: ClusterSecretStore 9 | name: akeyless-secret-store 10 | target: 11 | name: *name 12 | template: 13 | engineVersion: v2 14 | data: 15 | client_id: "{{ .TS_CLIENT_ID }}" 16 | client_secret: "{{ .TS_CLIENT_SECRET }}" 17 | dataFrom: 18 | - extract: 19 | key: /tailscale 20 | -------------------------------------------------------------------------------- /kubernetes/main/apps/network/tailscale/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./externalsecret.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/observability/alertmanager/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: monitoring 6 | resources: 7 | - ./externalsecret.yaml 8 | - ./helmrelease.yaml 9 | configMapGenerator: 10 | - name: alertmanager-configmap 11 | files: 12 | - ./config/alertmanager.yml 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | annotations: 16 | kustomize.toolkit.fluxcd.io/substitute: disabled 17 | -------------------------------------------------------------------------------- /kubernetes/main/apps/observability/exporters/pihole/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./externalsecret.yaml 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/observability/exporters/smartctl/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/main/apps/observability/exporters/speedtest/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/main/apps/observability/exporters/x509-certificate/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/main/apps/observability/gatus/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./prometheusrule.yaml 9 | - ./pvc.yaml 10 | configMapGenerator: 11 | - name: gatus-configmap 12 | files: 13 | - config.yaml=./resources/config.yaml 14 | generatorOptions: 15 | disableNameSuffixHash: true 16 | annotations: 17 | kustomize.toolkit.fluxcd.io/substitute: disabled 18 | -------------------------------------------------------------------------------- /kubernetes/main/apps/observability/gatus/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: gatus 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 5Gi 11 | storageClassName: ceph-block 12 | -------------------------------------------------------------------------------- /kubernetes/main/apps/observability/grafana/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./externalsecret.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/observability/karma/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: karma-configmap 9 | files: 10 | - ./resources/config.yaml 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | annotations: 14 | kustomize.toolkit.fluxcd.io/substitute: disabled 15 | -------------------------------------------------------------------------------- /kubernetes/main/apps/observability/karma/app/resources/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | alertmanager: 3 | interval: 60s 4 | servers: 5 | - name: home 6 | uri: http://alertmanager-operated.observability.svc.cluster.local:9093 7 | #uri: http://vmalertmanager-victoria-metrics.observability.svc.cluster.local:9093 8 | timeout: 15s 9 | healthcheck: 10 | visible: false 11 | filters: 12 | alertmanager: 13 | - alertname=Watchdog 14 | filters: 15 | default: 16 | - "@state!=suppressed" 17 | -------------------------------------------------------------------------------- /kubernetes/main/apps/observability/kepler/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/observability/kromgo/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: kromgo-configmap 9 | files: 10 | - ./resources/config.yaml 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | annotations: 14 | kustomize.toolkit.fluxcd.io/substitute: disabled 15 | -------------------------------------------------------------------------------- /kubernetes/main/apps/observability/kube-prometheus-stack/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./alertmanagerconfig.yaml 7 | - ./externalsecret.yaml 8 | - ./helmrelease.yaml 9 | - ./scrapeconfig.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/main/apps/observability/kube-state-metrics/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: observability 6 | resources: 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/observability/loki/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: observability 5 | resources: 6 | - ./helmrelease.yaml 7 | # - ./objectbucketclaim.yaml 8 | configMapGenerator: 9 | - name: loki-alerting-rules 10 | files: 11 | - loki-alerting-rules.yaml=./rules/loki-alerting-rules.yaml 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/main/apps/observability/loki/app/objectbucketclaim.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/objectbucket.io/objectbucketclaim_v1alpha1.json 3 | apiVersion: objectbucket.io/v1alpha1 4 | kind: ObjectBucketClaim 5 | metadata: 6 | name: loki-bucket 7 | spec: 8 | bucketName: loki 9 | storageClassName: ceph-bucket 10 | -------------------------------------------------------------------------------- /kubernetes/main/apps/observability/node-exporter/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/observability/opentelemetry/collector/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./logs.yaml 6 | - ./servicemonitor.yaml 7 | - ./rbac.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/observability/opentelemetry/collector/servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | name: open-telemetry-prometheus 5 | spec: 6 | endpoints: 7 | - honorLabels: true 8 | interval: 10s 9 | path: /metrics 10 | port: prometheus 11 | namespaceSelector: 12 | matchNames: 13 | - observability 14 | selector: 15 | matchLabels: 16 | app.kubernetes.io/component: opentelemetry-collector 17 | app.kubernetes.io/name: otel-collector 18 | -------------------------------------------------------------------------------- /kubernetes/main/apps/observability/opentelemetry/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/main/apps/observability/prometheus-operator/crds/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/observability/promtail/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/main/apps/observability/promtail/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: &app promtail 6 | namespace: flux-system 7 | spec: 8 | targetNamespace: observability 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | path: ./kubernetes/main/apps/observability/promtail/app 13 | prune: true 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-ops 17 | wait: true 18 | interval: 30m 19 | retryInterval: 1m 20 | timeout: 5m -------------------------------------------------------------------------------- /kubernetes/main/apps/observability/redisinsight/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/observability/silence-operator/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/observability/silence-operator/crds/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/observability/silence-operator/silences/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./disks.yaml 7 | - ./truenas-memory-usage.yaml 8 | - ./qbtools-jobs.yaml -------------------------------------------------------------------------------- /kubernetes/main/apps/observability/silence-operator/silences/qbtools-jobs.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.giantswarm.io/v1alpha1 3 | kind: Silence 4 | metadata: 5 | name: qbittols-jobs 6 | spec: 7 | matchers: 8 | - name: alertname 9 | value: KubeJobFailed 10 | isRegex: false 11 | - name: job_name 12 | value: qbtools.* 13 | isRegex: true 14 | -------------------------------------------------------------------------------- /kubernetes/main/apps/observability/silence-operator/silences/truenas-memory-usage.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.giantswarm.io/v1alpha1 3 | kind: Silence 4 | metadata: 5 | name: truenas-memory-usage 6 | spec: 7 | matchers: 8 | - name: alertname 9 | value: NodeMemoryHighUtilization 10 | isRegex: false 11 | - name: instance 12 | value: truenas.rafaribe.com:9100 13 | isRegex: false -------------------------------------------------------------------------------- /kubernetes/main/apps/observability/unpoller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./externalsecret.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/openebs-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./openebs/ks.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/main/apps/openebs-system/openebs/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/rook-ceph/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./rook-ceph/ks.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/main/apps/rook-ceph/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: rook-ceph 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | pod-security.kubernetes.io/enforce: privileged 10 | pod-security.kubernetes.io/audit: privileged 11 | pod-security.kubernetes.io/warn: privileged 12 | -------------------------------------------------------------------------------- /kubernetes/main/apps/rook-ceph/rook-ceph/cluster/cephobjectstoreuser.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://lds-schemas.pages.dev/ceph.rook.io/cephobjectstoreuser_v1.json 3 | apiVersion: ceph.rook.io/v1 4 | kind: CephObjectStoreUser 5 | metadata: 6 | name: cluster-admin 7 | spec: 8 | # Ref: https://rook.io/docs/rook/v1.13/Storage-Configuration/Object-Storage-RGW/object-storage/ 9 | store: ceph-objectstore 10 | displayName: Cluster Admin 11 | -------------------------------------------------------------------------------- /kubernetes/main/apps/rook-ceph/rook-ceph/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | #- ./dashboards 8 | - ./externalsecret.yaml 9 | - ./cephobjectstoreuser.yaml 10 | # https://rook.io/docs/rook/latest-release/Storage-Configuration/Shared-Filesystem-CephFS/filesystem-storage/#shared-volume-creation 11 | - ./cephfs-node.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/main/apps/rook-ceph/rook-ceph/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/main/apps/security/authentik/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/security/glauth/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/security/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./authentik/ks.yaml 10 | - ./glauth/ks.yaml -------------------------------------------------------------------------------- /kubernetes/main/apps/security/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: security 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | pod-security.kubernetes.io/enforce: privileged 10 | -------------------------------------------------------------------------------- /kubernetes/main/apps/security/tetragon/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/security/trivy-operator/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/actual/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/atuin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/bytestash/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/cyberchef/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/docmost/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/fileflows/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ./helmrelease.yaml 5 | - ./pvc.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/fileflows/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: fileflows-logs 6 | spec: 7 | accessModes: 8 | - ReadWriteOnce 9 | resources: 10 | requests: 11 | storage: 2Gi 12 | storageClassName: ceph-block -------------------------------------------------------------------------------- /kubernetes/main/apps/services/hajimari/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ./helmrelease.yaml 5 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/hoarder/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/homepage/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: default 6 | resources: 7 | - ./externalsecret.yaml 8 | - ./helmrelease.yaml 9 | - ./rbac.yaml 10 | - ./configuration.yaml 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/it-tools/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: services 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/kitchenowl/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: services 6 | resources: 7 | - ./externalsecret.yaml 8 | - ./helmrelease.yaml 9 | generatorOptions: 10 | disableNameSuffixHash: true 11 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/kubernetes-schemas/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/linkding/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./externalsecret.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/littlelink/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/lubelog/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/mealie/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ./helmrelease.yaml 5 | - ./externalsecret.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/miniflux/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./externalsecret.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/n8n/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ./helmrelease.yaml 5 | - ./externalsecret.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/netboot/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: services 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/paperless/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1 3 | kind: ExternalSecret 4 | metadata: 5 | name: &name paperless 6 | namespace: services 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: akeyless-secret-store 11 | target: 12 | name: *name 13 | dataFrom: 14 | - extract: 15 | key: /paperless 16 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/paperless/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ./helmrelease.yaml 5 | - ./externalsecret.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/pdfding/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./externalsecret.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/pinchflat/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/postiz/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/radicale/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./externalsecret.yaml 8 | configMapGenerator: 9 | - name: radicale-configmap 10 | files: 11 | - resources/config.cfg 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | annotations: 15 | kustomize.toolkit.fluxcd.io/substitute: disabled 16 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/searxng/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | configMapGenerator: 9 | - name: searxng-configmap 10 | files: 11 | - ./resources/limiter.toml 12 | - ./resources/settings.yml 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/silverbullet/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./externalsecret.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/smtp-relay/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | configMapGenerator: 9 | - name: smtp-relay-configmap 10 | files: 11 | - maddy.conf=./resources/maddy.conf 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/smtp-relay/noreply/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | configMapGenerator: 9 | - name: smtp-relay-noreply-configmap 10 | files: 11 | - maddy.conf=./resources/maddy.conf 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/stirling-pdf/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/tandoor/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./configmap.yaml 7 | - ./helmrelease.yaml 8 | - ./externalsecret.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/thelounge/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/services/vikunja/app/config/Caddyfile: -------------------------------------------------------------------------------- 1 | { 2 | admin off 3 | auto_https off 4 | } 5 | 6 | :8080 { 7 | log { 8 | output stdout 9 | } 10 | 11 | @api { 12 | path /api/* 13 | path /.well-known/* 14 | path /dav/* 15 | } 16 | 17 | header { 18 | # Remove Server header 19 | -Server 20 | } 21 | 22 | # API 23 | handle @api { 24 | reverse_proxy localhost:3456 25 | } 26 | 27 | # Filtron 28 | handle { 29 | reverse_proxy localhost:80 30 | } 31 | } -------------------------------------------------------------------------------- /kubernetes/main/apps/services/vikunja/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./externalsecret.yaml 8 | configMapGenerator: 9 | - name: vikunja-configmap 10 | files: 11 | - ./config/Caddyfile 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/main/apps/social/gotosocial/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./objectbucketclaim.yaml 8 | - ./helmrelease.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/main/apps/social/gotosocial/app/objectbucketclaim.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: objectbucket.io/v1alpha1 3 | kind: ObjectBucketClaim 4 | metadata: 5 | name: gotosocial-media-s3 6 | namespace: gotosocial 7 | spec: 8 | bucketName: "gotosocial-media" 9 | storageClassName: ceph-bucket -------------------------------------------------------------------------------- /kubernetes/main/apps/social/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./mastodon/ks.yaml 10 | - ./gotosocial/ks.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/main/apps/social/mastodon/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/social/mastodon/elasticsearch/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/social/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: social 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | volsync.backube/privileged-movers: "true" -------------------------------------------------------------------------------- /kubernetes/main/apps/storage/cloudnative-pg/cluster/gatus.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: postgres-gatus-ep 6 | labels: 7 | gatus.io/enabled: "true" 8 | data: 9 | config.yaml: | 10 | endpoints: 11 | - name: postgres 12 | group: guarded 13 | url: tcp://home-ops-storage-rw.storage.svc.cluster.local:5432 14 | interval: 1m 15 | ui: 16 | hide-url: true 17 | hide-hostname: true 18 | conditions: 19 | - "[CONNECTED] == true" 20 | alerts: 21 | - type: pushover 22 | -------------------------------------------------------------------------------- /kubernetes/main/apps/storage/cloudnative-pg/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./cluster.yaml 7 | - ./scheduledbackup.yaml 8 | - ./prometheusrule.yaml 9 | - ./service.yaml 10 | - ./externalsecret.yaml 11 | - ./gatus.yaml 12 | - ./objectbucketclaim.yaml 13 | - ./externalservice.yaml 14 | -------------------------------------------------------------------------------- /kubernetes/main/apps/storage/cloudnative-pg/cluster/objectbucketclaim.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/objectbucket.io/objectbucketclaim_v1alpha1.json 3 | apiVersion: objectbucket.io/v1alpha1 4 | kind: ObjectBucketClaim 5 | metadata: 6 | name: cloudnative-pg-bucket 7 | spec: 8 | bucketName: cloudnative-pg 9 | storageClassName: ceph-bucket 10 | -------------------------------------------------------------------------------- /kubernetes/main/apps/storage/cloudnative-pg/cluster/scheduledbackup.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/postgresql.cnpg.io/scheduledbackup_v1.json 3 | apiVersion: postgresql.cnpg.io/v1 4 | kind: ScheduledBackup 5 | metadata: 6 | name: home-ops-daily-backup 7 | spec: 8 | schedule: "@daily" 9 | immediate: true 10 | backupOwnerReference: self 11 | cluster: 12 | name: home-ops-storage 13 | -------------------------------------------------------------------------------- /kubernetes/main/apps/storage/cloudnative-pg/cluster/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: postgres-lb 6 | annotations: 7 | external-dns.alpha.kubernetes.io/hostname: postgres.rafaribe.com 8 | io.cilium/lb-ipam-ips: ${LB_POSTGRES} 9 | spec: 10 | type: LoadBalancer 11 | ports: 12 | - name: postgres 13 | port: 5432 14 | protocol: TCP 15 | targetPort: 5432 16 | selector: 17 | cnpg.io/cluster: home-ops-storage 18 | role: primary 19 | -------------------------------------------------------------------------------- /kubernetes/main/apps/storage/cloudnative-pg/dashboards/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/storage/cloudnative-pg/pgadmin/config/servers.json: -------------------------------------------------------------------------------- 1 | { 2 | "Servers": { 3 | "1": { 4 | "Name": "home-ops", 5 | "Group": "Servers", 6 | "Host": "home-ops-storage-rw.storage.svc.cluster.local", 7 | "Port": 5432, 8 | "MaintenanceDB": "postgres", 9 | "Username": "postgres", 10 | "PassFile": "/pgadmin4/pgpass", 11 | "SSLMode": "prefer", 12 | "SSLCompression": 0, 13 | "Timeout": 10, 14 | "UseSSHTunnel": 0, 15 | "TunnelPort": "22", 16 | "TunnelAuthentication": 0 17 | } 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /kubernetes/main/apps/storage/cloudnative-pg/pgadmin/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # App 6 | - ./helmrelease.yaml 7 | - ./externalsecret.yaml 8 | configMapGenerator: 9 | - name: servers-json 10 | files: 11 | - config/servers.json 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | annotations: 15 | kustomize.toolkit.fluxcd.io/substitute: disabled 16 | -------------------------------------------------------------------------------- /kubernetes/main/apps/storage/dragonfly/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # renovate: datasource=github-releases depName=dragonflydb/dragonfly-operator 7 | - https://raw.githubusercontent.com/dragonflydb/dragonfly-operator/v1.1.11/manifests/crd.yaml 8 | - ./helmrelease.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/main/apps/storage/dragonfly/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./cluster.yaml 7 | - ./podmonitor.yaml -------------------------------------------------------------------------------- /kubernetes/main/apps/storage/dragonfly/cluster/podmonitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/podmonitor_v1.json 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: PodMonitor 5 | metadata: 6 | name: dragonfly 7 | spec: 8 | selector: 9 | matchLabels: 10 | app: dragonfly 11 | podTargetLabels: ["app"] 12 | podMetricsEndpoints: 13 | - port: admin 14 | -------------------------------------------------------------------------------- /kubernetes/main/apps/storage/emqx/cluster/ingress.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: emqx-dashboard 6 | annotations: 7 | external-dns.alpha.kubernetes.io/target: internal.rafaribe.com 8 | 9 | spec: 10 | ingressClassName: internal 11 | rules: 12 | - host: mqtt.rafaribe.com 13 | http: 14 | paths: 15 | - path: / 16 | pathType: Prefix 17 | backend: 18 | service: 19 | name: emqx-dashboard 20 | port: 21 | number: 18083 22 | -------------------------------------------------------------------------------- /kubernetes/main/apps/storage/emqx/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./cluster.yaml 7 | - ./ingress.yaml 8 | - ./podmonitor.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/main/apps/storage/emqx/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./externalsecret.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/storage/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./cloudnative-pg/ks.yaml 10 | - ./dragonfly/ks.yaml 11 | - ./emqx/ks.yaml 12 | - ./minio/ks.yaml 13 | - ./snapshot-controller/ks.yaml 14 | - ./syncthing/ks.yaml 15 | - ./volsync/ks.yaml 16 | - ./whodb/ks.yaml -------------------------------------------------------------------------------- /kubernetes/main/apps/storage/minio/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./externalsecret.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/storage/minio/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: &app minio 5 | namespace: flux-system 6 | spec: 7 | path: ./kubernetes/main/apps/storage/minio/app 8 | prune: false 9 | sourceRef: 10 | kind: GitRepository 11 | name: home-ops 12 | interval: 30m 13 | retryInterval: 1m 14 | timeout: 3m 15 | targetNamespace: storage 16 | commonMetadata: 17 | labels: 18 | app.kubernetes.io/name: *app 19 | -------------------------------------------------------------------------------- /kubernetes/main/apps/storage/snapshot-controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-system 6 | resources: 7 | - ./snapshot-controller 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/storage/snapshot-controller/app/snapshot-controller/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./pki.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/storage/syncthing/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/main/apps/storage/volsync/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: volsync 6 | resources: 7 | - ./helmrelease.yaml 8 | - ./prometheusrule.yaml 9 | - ./mutations 10 | -------------------------------------------------------------------------------- /kubernetes/main/apps/storage/volsync/app/mutations/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./volsync-mover-jitter.yaml 7 | - ./volsync-mover-nfs.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/storage/whodb/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/main/apps/system/descheduler/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/main/apps/system/descheduler/ks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: descheduler 5 | namespace: flux-system 6 | spec: 7 | path: ./kubernetes/main/apps/system/descheduler/app 8 | prune: true 9 | targetNamespace: system 10 | sourceRef: 11 | kind: GitRepository 12 | name: home-ops 13 | interval: 30m 14 | retryInterval: 1m 15 | timeout: 3m 16 | -------------------------------------------------------------------------------- /kubernetes/main/apps/system/fstrim/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/system/generic-device-plugin/app/config/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | devices: 3 | - name: tun 4 | groups: 5 | - count: 1000 6 | paths: 7 | - path: /dev/net/tun 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/system/generic-device-plugin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: generic-device-plugin-configmap 9 | files: 10 | - ./config/config.yaml 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | -------------------------------------------------------------------------------- /kubernetes/main/apps/system/intel-device-plugin/gpu/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./nodefeaturerule.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/system/intel-device-plugin/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-system 6 | resources: 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./descheduler/ks.yaml 10 | - ./fstrim/ks.yaml 11 | - ./generic-device-plugin/ks.yaml 12 | - ./intel-device-plugin/ks.yaml 13 | - ./node-feature-discovery/ks.yaml 14 | - ./nvidia/ks.yaml 15 | - ./reflector/ks.yaml 16 | - ./reloader/ks.yaml -------------------------------------------------------------------------------- /kubernetes/main/apps/system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: system 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/system/node-feature-discovery/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-system 6 | resources: 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/apps/system/node-feature-discovery/rules/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: [] 6 | -------------------------------------------------------------------------------- /kubernetes/main/apps/system/nvidia/device-plugin/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/system/nvidia/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: &app nvidia-device-plugin 6 | namespace: flux-system 7 | spec: 8 | path: ./kubernetes/main/apps/system/nvidia/device-plugin 9 | prune: true 10 | sourceRef: 11 | kind: GitRepository 12 | name: home-ops 13 | interval: 30m 14 | timeout: 3m 15 | targetNamespace: system 16 | commonMetadata: 17 | labels: 18 | app.kubernetes.io/name: *app 19 | -------------------------------------------------------------------------------- /kubernetes/main/apps/system/reflector/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/main/apps/system/reflector/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: refector 6 | namespace: flux-system 7 | spec: 8 | path: ./kubernetes/main/apps/system/reflector/app 9 | prune: true 10 | sourceRef: 11 | kind: GitRepository 12 | name: home-ops 13 | interval: 30m 14 | retryInterval: 1m 15 | timeout: 3m 16 | targetNamespace: system 17 | -------------------------------------------------------------------------------- /kubernetes/main/apps/system/reloader/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: kube-system 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/main/apps/system/reloader/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: reloader 6 | namespace: flux-system 7 | spec: 8 | path: ./kubernetes/main/apps/system/reloader/app 9 | prune: true 10 | sourceRef: 11 | kind: GitRepository 12 | name: home-ops 13 | interval: 30m 14 | retryInterval: 1m 15 | timeout: 3m 16 | targetNamespace: system 17 | -------------------------------------------------------------------------------- /kubernetes/main/bootstrap/crds/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecrets 7 | -------------------------------------------------------------------------------- /kubernetes/main/bootstrap/flux/commands.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | kubectl create namespace flux-system 4 | sops -d age-key.sops.yaml | kubectl apply -f - 5 | sops -d github-deploy-key.sops.yaml | kubectl apply -f - 6 | kubectl apply -k . 7 | -------------------------------------------------------------------------------- /kubernetes/main/bootstrap/flux/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - github.com/fluxcd/flux2/manifests/install?ref=v2.6.0 6 | patches: 7 | - patch: |- 8 | $patch: delete 9 | apiVersion: networking.k8s.io/v1 10 | kind: NetworkPolicy 11 | metadata: 12 | name: not-used 13 | target: 14 | group: networking.k8s.io 15 | version: v1 16 | kind: NetworkPolicy 17 | -------------------------------------------------------------------------------- /kubernetes/main/bootstrap/talos/clusterconfig/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rafaribe/home-ops/4f65d9a86f89ebca6e6b53ae87654b09f43dc738/kubernetes/main/bootstrap/talos/clusterconfig/.gitkeep -------------------------------------------------------------------------------- /kubernetes/main/bootstrap/talos/talenv.sops.yaml: -------------------------------------------------------------------------------- 1 | clusterName: main 2 | clusterDNSSuffix: home.arpa 3 | clusterEndpointIP: 10.0.1.6 4 | -------------------------------------------------------------------------------- /kubernetes/main/flux/config/crds/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rafaribe/home-ops/4f65d9a86f89ebca6e6b53ae87654b09f43dc738/kubernetes/main/flux/config/crds/.gitkeep -------------------------------------------------------------------------------- /kubernetes/main/flux/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./flux.yaml 7 | - ./home-ops.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/main/flux/repos/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: flux-system 6 | resources: [] 7 | -------------------------------------------------------------------------------- /kubernetes/main/flux/settings/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: flux-system 6 | resources: [] 7 | -------------------------------------------------------------------------------- /kubernetes/shared/components/common/alerts/alertmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./alert.yaml 7 | - ./provider.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/shared/components/common/alerts/alertmanager/provider.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/notification.toolkit.fluxcd.io/provider_v1beta3.json 3 | apiVersion: notification.toolkit.fluxcd.io/v1beta3 4 | kind: Provider 5 | metadata: 6 | name: alertmanager 7 | spec: 8 | type: alertmanager 9 | address: http://alertmanager-operated.observability.svc.cluster.local:9093/api/v2/alerts/ 10 | -------------------------------------------------------------------------------- /kubernetes/shared/components/common/alerts/github-status/alert.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/notification.toolkit.fluxcd.io/alert_v1beta3.json 3 | apiVersion: notification.toolkit.fluxcd.io/v1beta3 4 | kind: Alert 5 | metadata: 6 | name: github-status 7 | spec: 8 | providerRef: 9 | name: github-status 10 | eventSources: 11 | - kind: Kustomization 12 | name: "*" 13 | -------------------------------------------------------------------------------- /kubernetes/shared/components/common/alerts/github-status/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./alert.yaml 7 | - ./externalsecret.yaml 8 | - ./provider.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/shared/components/common/alerts/github-status/provider.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/notification.toolkit.fluxcd.io/provider_v1beta3.json 3 | apiVersion: notification.toolkit.fluxcd.io/v1beta3 4 | kind: Provider 5 | metadata: 6 | name: github-status 7 | spec: 8 | type: github 9 | address: https://github.com/rafaribe/home-ops 10 | secretRef: 11 | name: github-status-token-secret 12 | -------------------------------------------------------------------------------- /kubernetes/shared/components/common/alerts/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./alertmanager 7 | - ./github-status 8 | -------------------------------------------------------------------------------- /kubernetes/shared/components/common/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1alpha1 4 | kind: Component 5 | resources: 6 | - ./namespace.yaml 7 | - ./alerts 8 | - ./repos 9 | -------------------------------------------------------------------------------- /kubernetes/shared/components/common/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: not-used 6 | annotations: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | volsync.backube/privileged-movers: "true" 9 | -------------------------------------------------------------------------------- /kubernetes/shared/components/common/repos/app-template/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./ocirepository.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/shared/components/common/repos/app-template/ocirepository.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: OCIRepository 5 | metadata: 6 | name: app-template 7 | annotations: 8 | api.fluxcd.io/upgrade: "v2.6.0" 9 | spec: 10 | interval: 5m 11 | layerSelector: 12 | mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip 13 | operation: copy 14 | ref: 15 | tag: 4.0.1 16 | url: oci://ghcr.io/bjw-s-labs/helm/app-template 17 | -------------------------------------------------------------------------------- /kubernetes/shared/components/common/repos/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./app-template 7 | -------------------------------------------------------------------------------- /kubernetes/shared/components/gatus/external/config.yaml: -------------------------------------------------------------------------------- 1 | endpoints: 2 | - name: "${APP}" 3 | group: external 4 | url: "https://${GATUS_SUBDOMAIN:=${APP}}.rafaribe.com${GATUS_PATH:=/}" 5 | interval: 1m 6 | client: 7 | dns-resolver: tcp://1.1.1.1:53 8 | conditions: 9 | - "[STATUS] == ${GATUS_STATUS:=200}" 10 | alerts: 11 | - type: pushover 12 | -------------------------------------------------------------------------------- /kubernetes/shared/components/gatus/external/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1alpha1 4 | kind: Component 5 | configMapGenerator: 6 | - name: ${APP}-gatus-ep 7 | files: 8 | - config.yaml=./config.yaml 9 | options: 10 | labels: 11 | gatus.io/enabled: "true" 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/shared/components/gatus/guarded/config.yaml: -------------------------------------------------------------------------------- 1 | endpoints: 2 | - name: "${APP}" 3 | group: guarded 4 | url: 1.1.1.1 5 | interval: 1m 6 | ui: 7 | hide-hostname: true 8 | hide-url: true 9 | dns: 10 | query-name: "${GATUS_SUBDOMAIN:=${APP}}.rafaribe.com" 11 | query-type: A 12 | conditions: 13 | - "len([BODY]) == 0" 14 | alerts: 15 | - type: pushover 16 | -------------------------------------------------------------------------------- /kubernetes/shared/components/gatus/guarded/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1alpha1 4 | kind: Component 5 | configMapGenerator: 6 | - name: ${APP}-gatus-ep 7 | files: 8 | - config.yaml=./config.yaml 9 | options: 10 | labels: 11 | gatus.io/enabled: "true" 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/shared/components/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: flux-system 6 | resources: [] 7 | -------------------------------------------------------------------------------- /kubernetes/shared/components/repos: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rafaribe/home-ops/4f65d9a86f89ebca6e6b53ae87654b09f43dc738/kubernetes/shared/components/repos -------------------------------------------------------------------------------- /kubernetes/shared/components/volsync-external/claim.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: "${VOLSYNC_CLAIM:-${APP}}" 6 | labels: 7 | app.kubernetes.io/name: "${APP}" 8 | spec: 9 | accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"] 10 | dataSourceRef: 11 | kind: ReplicationDestination 12 | apiGroup: volsync.backube 13 | name: "${APP}-bootstrap" 14 | resources: 15 | requests: 16 | storage: "${VOLSYNC_CAPACITY:-2Gi}" 17 | storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}" 18 | -------------------------------------------------------------------------------- /kubernetes/shared/components/volsync-external/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/component.json 3 | apiVersion: kustomize.config.k8s.io/v1alpha1 4 | kind: Component 5 | resources: 6 | - ./claim.yaml 7 | - ./minio.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/shared/components/volsync/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/component.json 3 | apiVersion: kustomize.config.k8s.io/v1alpha1 4 | kind: Component 5 | resources: 6 | - ./nfs 7 | # - ./minio 8 | - ./pvc.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/shared/components/volsync/minio/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./replicationsource.yaml 8 | - ./replicationdestination.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/shared/components/volsync/nfs/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./replicationsource.yaml 8 | - ./replicationdestination.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/shared/components/volsync/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: "${VOLSYNC_CLAIM:-${APP}}" 6 | labels: 7 | app.kubernetes.io/name: "${APP}" 8 | spec: 9 | accessModes: ["${VOLSYNC_ACCESSMODES:=ReadWriteOnce}"] 10 | dataSourceRef: 11 | kind: ReplicationDestination 12 | apiGroup: volsync.backube 13 | name: "${APP}-dst" 14 | resources: 15 | requests: 16 | storage: "${VOLSYNC_CAPACITY:=5Gi}" 17 | storageClassName: "${VOLSYNC_STORAGECLASS:=ceph-block}" 18 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/git/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rafaribe/home-ops/4f65d9a86f89ebca6e6b53ae87654b09f43dc738/kubernetes/shared/repos/git/.gitkeep -------------------------------------------------------------------------------- /kubernetes/shared/repos/git/cloudflare-operator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: GitRepository 4 | metadata: 5 | name: cloudflare-operator 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://github.com/adyanth/cloudflare-operator 10 | ref: 11 | branch: main 12 | ignore: | 13 | # exclude all 14 | /* 15 | # include kubernetes directory 16 | !/config 17 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/git/gateway-api.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/source.toolkit.fluxcd.io/gitrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: GitRepository 5 | metadata: 6 | name: gateway-api 7 | namespace: flux-system 8 | spec: 9 | interval: 30m 10 | url: https://github.com/kubernetes-sigs/gateway-api 11 | ref: 12 | tag: v1.3.0 13 | ignore: | 14 | # exclude all 15 | /* 16 | # include kubernetes directory 17 | !/config/crd 18 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/git/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: flux-system 6 | resources: 7 | - ./cloudflare-operator.yaml 8 | - ./local-path-provisioner.yaml 9 | - ./gateway-api.yaml -------------------------------------------------------------------------------- /kubernetes/shared/repos/git/local-path-provisioner.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/source.toolkit.fluxcd.io/gitrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: GitRepository 5 | metadata: 6 | name: local-path-provisioner 7 | namespace: flux-system 8 | spec: 9 | interval: 30m 10 | url: https://github.com/rancher/local-path-provisioner 11 | ref: 12 | tag: v0.0.31 13 | ignore: | 14 | # exclude all 15 | /* 16 | # include kubernetes directory 17 | !/deploy/chart/local-path-provisioner 18 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/actions-runner-controller.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: actions-runner-controller 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 5m 11 | url: oci://ghcr.io/actions/actions-runner-controller-charts 12 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/aqua.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: aqua 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://aquasecurity.github.io/helm-charts 10 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/authentik.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: authentik 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://charts.goauthentik.io/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/backube.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.trux.dev/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: backube 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://backube.github.io/helm-charts 11 | timeout: 3m 12 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/bitnami.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.trux.dev/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: bitnami 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://charts.bitnami.com/bitnami 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/bjw-s.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: bjw-s 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://bjw-s-labs.github.io/helm-charts/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/cilium.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: cilium 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://helm.cilium.io 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/cloudflare.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1beta1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: cloudflare 7 | namespace: flux-system 8 | spec: 9 | interval: 30m 10 | url: https://cloudflare.github.io/helm-charts 11 | timeout: 3m 12 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/coredns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: coredns 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://coredns.github.io/helm 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/csi-driver-nfs.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: csi-driver-nfs 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts 10 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/democratic-csi.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: democratic-csi 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://democratic-csi.github.io/charts/ 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/descheduler.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: descheduler 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://kubernetes-sigs.github.io/descheduler 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/dysnix.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: dysnix 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://dysnix.github.io/charts 10 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/emberstack.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: emberstack 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://emberstack.github.io/helm-charts/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/emqx.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: emqx 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://repos.emqx.io/charts 10 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/enix.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: enix 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://charts.enix.io/ 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/external-dns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: external-dns 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://kubernetes-sigs.github.io/external-dns 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/external-secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: external-secrets 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://charts.external-secrets.io 10 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/fairwinds.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: fairwinds 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://charts.fairwinds.com/stable 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/falco.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: falco 7 | namespace: flux-system 8 | spec: 9 | interval: 120m0s 10 | url: https://falcosecurity.github.io/charts 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/grafana.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: grafana 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://grafana.github.io/helm-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/hajimari.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: hajimari 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://hajimari.io 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/headlamp.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: headlamp 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://headlamp-k8s.github.io/headlamp/ 10 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/infracloudio.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: infracloudio 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://infracloudio.github.io/charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/ingress-nginx.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: ingress-nginx 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://kubernetes.github.io/ingress-nginx 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/intel.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: intel 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://intel.github.io/helm-charts 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/jetstack.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: jetstack 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://charts.jetstack.io 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/k8s-at-home.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: k8s-at-home 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://k8s-at-home.com/charts/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/k8s-gateway.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: k8s-gateway 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://ori-edge.github.io/k8s_gateway/ 10 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/k8stz.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: k8tz 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://k8tz.github.io/k8tz/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/kepler.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: kepler 7 | namespace: flux-system 8 | spec: 9 | interval: 5m 10 | url: https://sustainable-computing-io.github.io/kepler-helm-chart 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/kubernetes-dashboard.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: kubernetes-dashboard 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://kubernetes.github.io/dashboard/ 10 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/kubernetes-sigs-metrics-server.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: kubernetes-sigs-metrics-server 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://kubernetes-sigs.github.io/metrics-server/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/kubernetes-sigs-nfd.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: kubernetes-sigs-nfd 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://kubernetes-sigs.github.io/node-feature-discovery/charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/kyverno.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: kyverno 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://kyverno.github.io/kyverno/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/longhorn.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: longhorn 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://charts.longhorn.io 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/lwolf.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: lwolf 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://charts.lwolf.org 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/mariadb-operator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.thesteamedcrab.com/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: mariadb-operator 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | url: https://mariadb-operator.github.io/mariadb-operator -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/mayastor-chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: mayastor-chart 7 | namespace: flux-system 8 | spec: 9 | interval: 120m0s 10 | url: https://openebs.github.io/mayastor-extensions/ 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/metallb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: metallb 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://metallb.github.io/metallb 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/mojo2600.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: mojo2600 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://mojo2600.github.io/pihole-kubernetes/ 10 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/nfs-provisioner.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: nfs-provisioner 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/nginx-gateway-fabric.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: nginx-gateway-fabric 6 | namespace: flux-system 7 | spec: 8 | type: "oci" 9 | interval: 1m 10 | url: oci://ghcr.io/nginxinc/charts/nginx-gateway-fabric 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/node-feature-discovery.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: node-feature-discovery 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://kubernetes-sigs.github.io/node-feature-discovery/charts 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/nvidia.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: nvidia 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://nvidia.github.io/k8s-device-plugin 10 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/openebs.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: openebs 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://openebs.github.io/openebs 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/opentelemetry.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: open-telemetry 6 | namespace: flux-system 7 | spec: 8 | interval: 15m 9 | url: https://open-telemetry.github.io/opentelemetry-helm-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/pascaliske.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: pascaliske 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://charts.pascaliske.dev 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/percona.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: percona 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://percona.github.io/percona-helm-charts/ 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/piraeus.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: piraeus 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://piraeus.io/helm-charts/ 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/postfinance.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: postfinance 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://postfinance.github.io/kubelet-csr-approver 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/prometheus-community.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: prometheus-community 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://prometheus-community.github.io/helm-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/rook-ceph.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: rook-ceph 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://charts.rook.io/release 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/spegel.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: spegel 6 | namespace: flux-system 7 | spec: 8 | type: oci 9 | interval: 5m 10 | url: oci://ghcr.io/spegel-org/helm-charts 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/stakater.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: stakater 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://stakater.github.io/stakater-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/stevehipwell.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: stevehipwell 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 5m 11 | url: oci://ghcr.io/stevehipwell/helm-charts 12 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/tailscale.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: tailscale 7 | namespace: flux-system 8 | spec: 9 | interval: 30m 10 | url: https://pkgs.tailscale.com/helmcharts 11 | timeout: 3m 12 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/vector.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: vector 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://helm.vector.dev 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/victoria.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: victoria 7 | namespace: flux-system 8 | spec: 9 | interval: 30m 10 | url: https://victoriametrics.github.io/helm-charts/ 11 | timeout: 3m 12 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/windmill.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: windmill 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://windmill-labs.github.io/windmill-helm-charts/ -------------------------------------------------------------------------------- /kubernetes/shared/repos/helm/xenitab.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: xenitab 6 | namespace: flux-system 7 | spec: 8 | type: oci 9 | interval: 5m 10 | url: oci://ghcr.io/xenitab/helm-charts 11 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./git 7 | - ./helm 8 | - ./oci 9 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/oci/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rafaribe/home-ops/4f65d9a86f89ebca6e6b53ae87654b09f43dc738/kubernetes/shared/repos/oci/.gitkeep -------------------------------------------------------------------------------- /kubernetes/shared/repos/oci/app-template.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: OCIRepository 4 | metadata: 5 | name: app-template 6 | namespace: flux-system 7 | annotations: 8 | api.fluxcd.io/upgrade: "v2.6.0" 9 | spec: 10 | interval: 1h 11 | layerSelector: 12 | mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip 13 | operation: copy 14 | ref: 15 | tag: 4.0.1 16 | url: oci://ghcr.io/bjw-s-labs/helm/app-template 17 | verify: 18 | provider: cosign 19 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/oci/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./terraform-cloudflare-oci.yaml 6 | - ./app-template.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/shared/repos/oci/terraform-cloudflare-oci.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: OCIRepository 4 | metadata: 5 | name: terraform-cloudflare-oci 6 | namespace: flux-system 7 | annotations: 8 | api.fluxcd.io/upgrade: "v2.6.0" 9 | spec: 10 | interval: 1m 11 | url: oci://ghcr.io/rafaribe/terraform-cloudflare-oci 12 | ref: 13 | tag: main 14 | -------------------------------------------------------------------------------- /kubernetes/shared/settings/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./cluster-settings.yaml 7 | # - ./externalsecret.yaml 8 | - ./cluster-secrets.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/shared/templates/gatus/external/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./configmap.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/shared/templates/gatus/guarded/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./configmap.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/shared/templates/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: flux-system 6 | resources: [] 7 | -------------------------------------------------------------------------------- /kubernetes/shared/templates/volsync-external/claim.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: "${VOLSYNC_CLAIM:-${APP}}" 6 | labels: 7 | app.kubernetes.io/name: "${APP}" 8 | spec: 9 | accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"] 10 | dataSourceRef: 11 | kind: ReplicationDestination 12 | apiGroup: volsync.backube 13 | name: "${APP}-bootstrap" 14 | resources: 15 | requests: 16 | storage: "${VOLSYNC_CAPACITY:-2Gi}" 17 | storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}" 18 | -------------------------------------------------------------------------------- /kubernetes/shared/templates/volsync-external/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./claim.yaml 7 | - ./minio.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/shared/templates/volsync/claim.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: "${VOLSYNC_CLAIM:-${APP}}" 6 | labels: 7 | app.kubernetes.io/name: "${APP}" 8 | spec: 9 | accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"] 10 | dataSourceRef: 11 | kind: ReplicationDestination 12 | apiGroup: volsync.backube 13 | name: "${APP}-bootstrap" 14 | resources: 15 | requests: 16 | storage: "${VOLSYNC_CAPACITY:-2Gi}" 17 | storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}" 18 | -------------------------------------------------------------------------------- /kubernetes/shared/templates/volsync/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./claim.yaml 7 | # - ./minio.yaml 8 | - ./nfs.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/external-secrets/external-secrets/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | metadata: 8 | namespace: external-secrets 9 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/external-secrets/external-secrets/stores/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | #- ./secret.sops.yaml # apply manually 6 | - ./clustersecretstore.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/external-secrets/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./external-secrets/ks.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/flux-system/addons/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./notifications 7 | - ./webhooks 8 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/flux-system/addons/app/notifications/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./notification.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/flux-system/addons/app/webhooks/github/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./ingress.yaml 7 | - ./receiver.yaml 8 | - ./externalsecret.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/flux-system/addons/app/webhooks/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./github 7 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/flux-system/capacitor/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./rbac.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/flux-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./addons/ks.yaml 10 | - ./capacitor/ks.yaml -------------------------------------------------------------------------------- /kubernetes/utility/apps/kube-system/cilium/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: kube-system 5 | resources: 6 | - helmrelease.yaml 7 | 8 | configMapGenerator: 9 | - name: cilium-values 10 | files: 11 | - values.yaml=./values.yaml 12 | 13 | configurations: 14 | - kustomizeconfig.yaml 15 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/kube-system/cilium/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | nameReference: 2 | - kind: ConfigMap 3 | version: v1 4 | fieldSpecs: 5 | - path: spec/valuesFrom/name 6 | kind: HelmRelease 7 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/kube-system/cilium/config/ip-pools.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "cilium.io/v2alpha1" 2 | kind: CiliumLoadBalancerIPPool 3 | metadata: 4 | name: "load-balancer-ip-pool" 5 | spec: 6 | blocks: 7 | - start: "10.0.1.121" 8 | stop: "10.0.1.130" 9 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/kube-system/cilium/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # - bgp.yaml 6 | - ip-pools.yaml 7 | - l2-policy.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/kube-system/cilium/config/l2-policy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/cilium.io/ciliuml2announcementpolicy_v2alpha1.json 3 | apiVersion: cilium.io/v2alpha1 4 | kind: CiliumL2AnnouncementPolicy 5 | metadata: 6 | name: l2-policy 7 | spec: 8 | loadBalancerIPs: true 9 | # interfaces: 10 | # - ^eth[0-9]+ 11 | nodeSelector: 12 | matchLabels: 13 | kubernetes.io/os: linux 14 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/kube-system/coredns/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: coredns-helm-values 9 | files: 10 | - values.yaml=./helm-values.yaml 11 | configurations: 12 | - kustomizeconfig.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/kube-system/coredns/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/kube-system/kubelet-csr-approver/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | 8 | configMapGenerator: 9 | - name: kubelet-csr-approver-values 10 | files: 11 | - values.yaml=./values.yaml 12 | 13 | configurations: 14 | - kustomizeconfig.yaml 15 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/kube-system/kubelet-csr-approver/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/kube-system/kubelet-csr-approver/app/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | providerRegex: | 3 | ^.*$ 4 | 5 | bypassDnsResolution: true 6 | replicas: 1 7 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/kube-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Pre Flux-Kustomizations 6 | - ./namespace.yaml 7 | # Flux-Kustomizations 8 | - ./cilium/ks.yaml 9 | - ./coredns/ks.yaml 10 | - ./kubelet-csr-approver/ks.yaml 11 | - ./metrics-server/ks.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/kube-system/metrics-server/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-system 6 | resources: 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/kube-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: kube-system 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/network/blocky/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: blocky-configmap 9 | files: 10 | - config.yml=./resources/config.yml 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | annotations: 14 | kustomize.toolkit.fluxcd.io/substitute: disabled 15 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/network/cloudflared/app/dnsendpoint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/externaldns.k8s.io/dnsendpoint_v1alpha1.json 3 | apiVersion: externaldns.k8s.io/v1alpha1 4 | kind: DNSEndpoint 5 | metadata: 6 | name: cloudflared 7 | spec: 8 | endpoints: 9 | - dnsName: external-utility.rafaribe.com 10 | recordType: CNAME 11 | targets: ["${CLUSTER_CLOUDFLARE_TUNNEL_ID}.cfargotunnel.com"] 12 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/network/cloudflared/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./dnsendpoint.yaml 8 | - ./helmrelease.yaml 9 | configMapGenerator: 10 | - name: cloudflared-configmap 11 | files: 12 | - config.yaml=./resources/config.yaml 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/network/cloudflared/app/resources/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | originRequest: 3 | originServerName: external-utility.rafaribe.com 4 | 5 | ingress: 6 | - hostname: "rafaribe.com" 7 | service: https://external-controller.network.svc.cluster.local:443 8 | - hostname: "*.rafaribe.com" 9 | service: https://external-controller.network.svc.cluster.local:443 10 | - service: http_status:404 -------------------------------------------------------------------------------- /kubernetes/utility/apps/network/external-dns/cloudflare/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/network/external-dns/opnsense/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/network/external-dns/pihole/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/network/ingress-nginx/certificates/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | 5 | resources: 6 | - ./externalsecret.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/network/ingress-nginx/external/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | configMapGenerator: 7 | - name: download-geolite-script 8 | files: 9 | - scripts/geolite.sh 10 | generatorOptions: 11 | disableNameSuffixHash: true 12 | annotations: 13 | kustomize.toolkit.fluxcd.io/substitute: disabled 14 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/network/ingress-nginx/internal/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/network/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./blocky/ks.yaml 10 | - ./cloudflared/ks.yaml 11 | - ./external-dns/ks.yaml 12 | - ./ingress-nginx/ks.yaml 13 | - ./tailscale/ks.yaml 14 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/network/tailscale/operator/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1 3 | kind: ExternalSecret 4 | metadata: 5 | name: &name tailscale-operator 6 | spec: 7 | secretStoreRef: 8 | kind: ClusterSecretStore 9 | name: akeyless-secret-store 10 | target: 11 | name: *name 12 | template: 13 | engineVersion: v2 14 | data: 15 | client_id: "{{ .TS_CLIENT_ID }}" 16 | client_secret: "{{ .TS_CLIENT_SECRET }}" 17 | dataFrom: 18 | - extract: 19 | key: /tailscale 20 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/network/tailscale/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./externalsecret.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/registry/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./zot/ks.yaml -------------------------------------------------------------------------------- /kubernetes/utility/apps/registry/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: registry 6 | annotations: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | volsync.backube/privileged-movers: "true" 9 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/registry/zot/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ../../../../../shared/templates/volsync-external 8 | configMapGenerator: 9 | - name: zot 10 | files: 11 | - ./config/config.json 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/storage/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./local-path-provisioner/ks.yaml 10 | #- ./openebs/ks.yaml 11 | - ./snapshot-controller/ks.yaml 12 | - ./volsync/ks.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/storage/local-path-provisioner/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/storage/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: storage 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/storage/snapshot-controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-system 6 | resources: 7 | - ./snapshot-controller 8 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/storage/snapshot-controller/app/snapshot-controller/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/storage/volsync/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: volsync 6 | resources: 7 | - ./helmrelease.yaml 8 | - ./prometheusrule.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/system/fstrim/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./fstrim/ks.yaml 10 | - ./reflector/ks.yaml 11 | - ./reloader/ks.yaml -------------------------------------------------------------------------------- /kubernetes/utility/apps/system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: system 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/system/reflector/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/system/reflector/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: reflector 6 | namespace: flux-system 7 | spec: 8 | path: ./kubernetes/utility/apps/system/reflector/app 9 | prune: true 10 | sourceRef: 11 | kind: GitRepository 12 | name: home-ops 13 | interval: 30m 14 | retryInterval: 1m 15 | timeout: 3m 16 | targetNamespace: system 17 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/system/reloader/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: kube-system 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/utility/apps/system/reloader/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: reloader 6 | namespace: flux-system 7 | spec: 8 | path: ./kubernetes/utility/apps/system/reloader/app 9 | prune: true 10 | sourceRef: 11 | kind: GitRepository 12 | name: home-ops 13 | interval: 30m 14 | retryInterval: 1m 15 | timeout: 3m 16 | targetNamespace: system 17 | -------------------------------------------------------------------------------- /kubernetes/utility/bootstrap/crds/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecrets 7 | -------------------------------------------------------------------------------- /kubernetes/utility/bootstrap/flux/commands.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | kubectl create namespace flux-system 4 | sops -d age-key.sops.yaml | kubectl apply -f - 5 | sops -d github-deploy-key.sops.yaml | kubectl apply -f - 6 | kubectl apply -k . 7 | -------------------------------------------------------------------------------- /kubernetes/utility/bootstrap/flux/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - github.com/fluxcd/flux2/manifests/install?ref=v2.6.0 6 | patches: 7 | - patch: |- 8 | $patch: delete 9 | apiVersion: networking.k8s.io/v1 10 | kind: NetworkPolicy 11 | metadata: 12 | name: not-used 13 | target: 14 | group: networking.k8s.io 15 | version: v1 16 | kind: NetworkPolicy 17 | -------------------------------------------------------------------------------- /kubernetes/utility/bootstrap/talos/clusterconfig/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rafaribe/home-ops/4f65d9a86f89ebca6e6b53ae87654b09f43dc738/kubernetes/utility/bootstrap/talos/clusterconfig/.gitkeep -------------------------------------------------------------------------------- /kubernetes/utility/bootstrap/talos/talenv.sops.yaml: -------------------------------------------------------------------------------- 1 | clusterName: utility 2 | clusterDNSSuffix: home.arpa 3 | clusterEndpointIP: 10.0.0.3 4 | -------------------------------------------------------------------------------- /kubernetes/utility/bootstrap/talos/talos-apply-config.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | echo "Special script to apply apply config" 3 | 4 | -------------------------------------------------------------------------------- /kubernetes/utility/flux/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./flux.yaml 7 | - ./home-ops.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/utility/flux/repos/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: flux-system 6 | resources: [] 7 | -------------------------------------------------------------------------------- /kubernetes/utility/flux/settings/cluster-settings-utility.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: cluster-settings-utility 6 | namespace: flux-system 7 | data: 8 | ## Utility cluster settings 9 | CLUSTER: utility 10 | VOLSYNC_SNAPSHOTCLASS: csi-local-hostpath 11 | VOLSYNC_CACHE_SNAPSHOTCLASS: local-hostpath 12 | VOLSYNC_STORAGECLASS: local-hostpath 13 | VOLSYNC_MINIO_SCHEDULE: "30" 14 | -------------------------------------------------------------------------------- /kubernetes/utility/flux/settings/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: flux-system 6 | resources: 7 | - ./cluster-settings-utility.yaml 8 | --------------------------------------------------------------------------------