├── .github ├── lint │ ├── .prettierignore │ ├── .prettierrc.yaml │ ├── .markdownlint.yaml │ └── .yamllint.yaml ├── CODEOWNERS ├── labeler.yaml ├── renovate │ ├── commitMessage.json │ ├── allowedVersions.json │ ├── labels.json │ └── autoMerge.json ├── workflows │ └── meta-labeler.yaml └── labels.yaml ├── kubernetes ├── apps │ ├── flux-system │ │ ├── flux-operator │ │ │ ├── app │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── helmrelease.yaml │ │ │ └── instance │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ ├── github │ │ │ │ ├── kustomization.yaml │ │ │ │ └── webhooks │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── ingress.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── externalsecret.yaml │ │ └── kustomization.yaml │ ├── media │ │ ├── jellyfin │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── plex │ │ │ ├── trakt-sync │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── config │ │ │ │ │ └── config.yml │ │ │ ├── plex-image-cleanup │ │ │ │ └── kustomization.yaml │ │ │ └── app │ │ │ │ ├── pvc.yaml │ │ │ │ ├── lokirule.yaml │ │ │ │ └── kustomization.yaml │ │ ├── qbittorrent │ │ │ ├── app │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── config │ │ │ │ │ └── Corefile │ │ │ └── ks.yaml │ │ ├── tautulli │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ └── ks.yaml │ │ ├── audiobookshelf │ │ │ └── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ ├── radarr │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── sonarr │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── tqm │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── prowlarr │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── readarr │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── unpackerr │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── qui │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── pvc.yaml │ │ │ │ └── externalsecret.yaml │ │ │ └── ks.yaml │ │ ├── jellyseerr │ │ │ └── app │ │ │ │ ├── pvc.yaml │ │ │ │ └── kustomization.yaml │ │ ├── autobrr │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ └── ks.yaml │ │ ├── bazarr │ │ │ ├── app │ │ │ │ ├── pvc.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ │ └── subcleaner.sh │ │ │ └── ks.yaml │ │ ├── cross-seed │ │ │ └── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ └── lokirule.yaml │ │ ├── recyclarr │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── externalsecret.yaml │ │ │ └── ks.yaml │ │ ├── sabnzbd │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kometa │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── externalsecret.yaml │ │ │ └── ks.yaml │ │ └── kustomization.yaml │ ├── observability │ │ ├── thanos │ │ │ ├── app │ │ │ │ ├── config │ │ │ │ │ └── cache.yaml │ │ │ │ ├── object-bucket-claim.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── promtail │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── helmrelease.yaml │ │ │ └── ks.yaml │ │ ├── blackbox-exporter │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── speedtest-exporter │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── smartctl-exporter │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── unpoller │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── nextdns-exporter │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── dashboard │ │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── grafana │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── dashboards │ │ │ │ └── kustomization.yaml │ │ ├── kube-prometheus-stack │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── alertmanager │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── config │ │ │ │ │ └── alertmanager.yml │ │ │ └── ks.yaml │ │ ├── kromgo │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── loki │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ └── snmp-exporter │ │ │ ├── apc-ups │ │ │ └── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── prometheus-rule.yaml │ │ │ └── ks.yaml │ ├── home │ │ ├── esphome │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── zigbee2mqtt │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── frigate │ │ │ ├── app │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ ├── dashboard │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── externalsecret.yaml │ │ │ └── ks.yaml │ │ ├── node-red │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── govee2mqtt │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── home-assistant │ │ │ └── app │ │ │ │ └── kustomization.yaml │ │ └── kustomization.yaml │ ├── network │ │ ├── multus │ │ │ ├── networks │ │ │ │ ├── kustomization.yaml │ │ │ │ └── iot.yaml │ │ │ └── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── rbac.yaml │ │ ├── external │ │ │ ├── ingress-nginx │ │ │ │ └── kustomization.yaml │ │ │ ├── external-dns │ │ │ │ ├── kustomization.yaml │ │ │ │ └── externalsecret.yaml │ │ │ └── cloudflared │ │ │ │ ├── default │ │ │ │ ├── dnsendpoint.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── configs │ │ │ │ │ └── config.yaml │ │ │ │ └── cookjam │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── dnsendpoint.yaml │ │ │ │ └── configs │ │ │ │ └── config.yaml │ │ ├── internal │ │ │ ├── ingress-nginx │ │ │ │ └── kustomization.yaml │ │ │ └── external-dns │ │ │ │ └── kustomization.yaml │ │ └── kustomization.yaml │ ├── kube-system │ │ ├── cilium │ │ │ ├── app │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── helmrelease.yaml │ │ │ └── config │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── pool.yaml │ │ │ │ ├── l2.yaml │ │ │ │ └── bgp.conf │ │ ├── coredns │ │ │ ├── app │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── helmrelease.yaml │ │ │ └── ks.yaml │ │ ├── generic-device-plugin │ │ │ ├── app │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ ├── config │ │ │ │ │ └── config.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── spegel │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── helmrelease.yaml │ │ │ └── ks.yaml │ │ ├── descheduler │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── reloader │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── helmrelease.yaml │ │ │ └── ks.yaml │ │ ├── metrics-server │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── intel-device-plugin │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── helmrelease.yaml │ │ │ └── gpu │ │ │ │ ├── kustomization.yaml │ │ │ │ └── helmrelease.yaml │ │ ├── node-feature-discovery │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── helmrelease.yaml │ │ │ └── rules │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── google-coral-device.yaml │ │ │ │ └── intel-gpu-device.yaml │ │ └── kustomization.yaml │ ├── cert-manager │ │ ├── cert-manager │ │ │ ├── app │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── helmrelease.yaml │ │ │ ├── tls │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── staging.yaml │ │ │ │ └── production.yaml │ │ │ └── issuers │ │ │ │ └── kustomization.yaml │ │ └── kustomization.yaml │ ├── selfhosted │ │ ├── ntfy │ │ │ ├── app │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── config │ │ │ │ │ └── server.yml │ │ │ └── ks.yaml │ │ ├── monica │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── database │ │ │ │ └── kustomization.yaml │ │ ├── thelounge │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── hajimari │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ └── ks.yaml │ │ ├── joplin │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── paperless │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── authentik │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── cookjam │ │ │ ├── config │ │ │ │ └── kustomization.yaml │ │ │ └── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ ├── radicale │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── externalsecret.yaml │ │ │ └── ks.yaml │ │ ├── n8n │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ └── ks.yaml │ │ ├── immich │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ └── ks.yaml │ │ ├── palmr │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── pvc.yaml │ │ │ │ └── cors.json │ │ │ └── ks.yaml │ │ └── kustomization.yaml │ ├── external-secrets │ │ ├── external-secrets │ │ │ ├── app │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── helm-values.yaml │ │ │ │ └── helmrelease.yaml │ │ │ └── ks.yaml │ │ ├── onepassword │ │ │ ├── store │ │ │ │ ├── kustomization.yaml │ │ │ │ └── clustersecretstore.yaml │ │ │ └── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── externalsecret.yaml │ │ └── kustomization.yaml │ ├── rook-ceph │ │ ├── rook-ceph │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── cluster │ │ │ │ └── kustomization.yaml │ │ └── kustomization.yaml │ ├── default │ │ ├── echo-server │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ └── kustomization.yaml │ ├── openebs-system │ │ ├── openebs │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ └── kustomization.yaml │ ├── ai │ │ ├── ollama │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ └── ks.yaml │ │ ├── langfuse │ │ │ ├── app │ │ │ │ ├── object-bucket-claim.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ └── ks.yaml │ │ ├── open-webui │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ └── searxng │ │ │ ├── app │ │ │ ├── kustomization.yaml │ │ │ └── externalsecret.yaml │ │ │ └── ks.yaml │ ├── volsync-system │ │ ├── snapshot-controller │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── helmrelease.yaml │ │ │ └── ks.yaml │ │ ├── volsync │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── helmrelease.yaml │ │ │ └── ks.yaml │ │ └── kustomization.yaml │ ├── database │ │ ├── dragonfly │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── cluster │ │ │ │ ├── podmonitor.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── cluster.yaml │ │ ├── emqx │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── helmrelease.yaml │ │ │ └── cluster │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── ingress.yaml │ │ │ │ └── podmonitor.yaml │ │ ├── postgres-backup │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── clickhouse-operator │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── cluster │ │ │ │ ├── kustomization.yaml │ │ │ │ └── externalsecret.yaml │ │ ├── cloudnative-pg │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── cluster │ │ │ │ ├── kustomization.yaml │ │ │ │ └── scheduledbackup.yaml │ │ └── kustomization.yaml │ └── system-upgrade │ │ ├── system-upgrade-controller │ │ ├── app │ │ │ ├── kustomization.yaml │ │ │ └── rbac.yaml │ │ └── plans │ │ │ ├── kustomization.yaml │ │ │ ├── talos.yaml │ │ │ └── kubernetes.yaml │ │ └── kustomization.yaml ├── bootstrap │ └── talos │ │ ├── patches │ │ ├── controller │ │ │ ├── admission-controller-patch.yaml │ │ │ └── cluster.yaml │ │ ├── global │ │ │ ├── machine-network.yaml │ │ │ ├── machine-time.yaml │ │ │ ├── machine-kernel.yaml │ │ │ ├── machine-udev.yaml │ │ │ ├── machine-kubelet.yaml │ │ │ ├── machine-features.yaml │ │ │ ├── machine-files.yaml │ │ │ ├── machine-install.yaml │ │ │ └── machine-sysctls.yaml │ │ └── README.md │ │ └── clusterconfig │ │ └── .gitignore └── flux │ ├── components │ ├── common │ │ ├── namespace.yaml │ │ ├── cluster-settings.yaml │ │ └── kustomization.yaml │ └── volsync │ │ ├── kustomization.yaml │ │ ├── r2 │ │ └── kustomization.yaml │ │ └── pvc.yaml │ └── meta │ ├── repositories │ ├── git │ │ └── kustomization.yaml │ ├── oci │ │ ├── kustomization.yaml │ │ └── app-template.yaml │ ├── app-template │ │ ├── kustomization.yaml │ │ └── ocirepository.yaml │ ├── kustomization.yaml │ └── helm │ │ ├── hajimari.yaml │ │ ├── emqx.yaml │ │ ├── openebs.yaml │ │ ├── piraeus.yaml │ │ ├── rook-ceph.yaml │ │ ├── authentik.yaml │ │ ├── intel.yaml │ │ ├── backube.yaml │ │ ├── cilium.yaml │ │ ├── grafana.yaml │ │ ├── jetstack.yaml │ │ ├── altinity.yaml │ │ ├── democratic-csi.yaml │ │ ├── bitnami.yaml │ │ ├── bjw-s.yaml │ │ ├── cloudnative-pg.yaml │ │ ├── descheduler.yaml │ │ ├── coredns.yaml │ │ ├── stakater.yaml │ │ ├── stevehipwell.yaml │ │ ├── spegel.yaml │ │ ├── external-dns.yaml │ │ ├── external-secrets.yaml │ │ ├── ingress-nginx.yaml │ │ ├── metrics-server.yaml │ │ ├── controlplaneio.yaml │ │ ├── prometheus-community.yaml │ │ ├── node-feature-discovery.yaml │ │ └── kustomization.yaml │ └── kustomization.yaml ├── .mise.toml ├── .gitignore ├── .taskfiles └── volsync │ ├── wait-for-job.sh │ ├── ListJob.tmpl.yaml │ ├── UnlockJob.tmpl.yaml │ ├── WipeJob.tmpl.yaml │ └── ReplicationDestination.tmpl.yaml ├── .gitattributes ├── LICENSE ├── .sops.yaml ├── .yamllint.yml └── Taskfile.yaml /.github/lint/.prettierignore: -------------------------------------------------------------------------------- 1 | .private 2 | .vscode 3 | gotk-components.yaml 4 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/app/helm-values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | serviceMonitor: 3 | create: true 4 | -------------------------------------------------------------------------------- /.github/lint/.prettierrc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | trailingComma: "es5" 3 | tabWidth: 2 4 | semi: false 5 | singleQuote: false 6 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | # https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners 2 | * @rust84 3 | -------------------------------------------------------------------------------- /kubernetes/bootstrap/talos/patches/controller/admission-controller-patch.yaml: -------------------------------------------------------------------------------- 1 | - op: remove 2 | path: /cluster/apiServer/admissionControl 3 | -------------------------------------------------------------------------------- /kubernetes/bootstrap/talos/clusterconfig/.gitignore: -------------------------------------------------------------------------------- 1 | kubernetes-k8s-0.yaml 2 | kubernetes-k8s-1.yaml 3 | kubernetes-k8s-2.yaml 4 | talosconfig 5 | -------------------------------------------------------------------------------- /kubernetes/apps/media/jellyfin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/observability/thanos/app/config/cache.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | type: REDIS 3 | config: 4 | addr: dragonfly.database.svc.cluster.local:6379 5 | db: 2 6 | -------------------------------------------------------------------------------- /kubernetes/apps/home/esphome/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/network/multus/networks/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./iot.yaml -------------------------------------------------------------------------------- /kubernetes/bootstrap/talos/patches/global/machine-network.yaml: -------------------------------------------------------------------------------- 1 | machine: 2 | network: 3 | disableSearchDomain: true 4 | nameservers: 5 | - 10.20.0.1 6 | -------------------------------------------------------------------------------- /kubernetes/bootstrap/talos/patches/global/machine-time.yaml: -------------------------------------------------------------------------------- 1 | machine: 2 | time: 3 | disabled: false 4 | servers: 5 | - 162.159.200.1 6 | - 162.159.200.123 7 | -------------------------------------------------------------------------------- /kubernetes/bootstrap/talos/patches/global/machine-kernel.yaml: -------------------------------------------------------------------------------- 1 | machine: 2 | kernel: 3 | modules: 4 | - name: nbd 5 | - name: thunderbolt 6 | - name: thunderbolt_net -------------------------------------------------------------------------------- /kubernetes/apps/home/zigbee2mqtt/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - externalsecret.yaml 6 | - helmrelease.yaml -------------------------------------------------------------------------------- /.mise.toml: -------------------------------------------------------------------------------- 1 | [env] 2 | KUBERNETES_DIR = '{{config_root}}/kubernetes' 3 | KUBECONFIG = "{{config_root}}/kubeconfig" 4 | TALOSCONFIG = "{{config_root}}/kubernetes/bootstrap/talos/clusterconfig/talosconfig" -------------------------------------------------------------------------------- /kubernetes/flux/components/common/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: not-used 6 | annotations: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/coredns/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/home/frigate/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/values/persistence/config-file/name 7 | kind: HelmRelease -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/ntfy/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/values/persistence/config/name 7 | kind: HelmRelease -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/instance/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/media/plex/trakt-sync/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/values/persistence/config-yaml/name 7 | kind: HelmRelease -------------------------------------------------------------------------------- /kubernetes/apps/media/qbittorrent/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/values/persistence/coredns/name 7 | kind: HelmRelease -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/git/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: [] 6 | -------------------------------------------------------------------------------- /kubernetes/apps/external-secrets/external-secrets/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./repositories 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/generic-device-plugin/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/values/persistence/config/name 7 | kind: HelmRelease -------------------------------------------------------------------------------- /kubernetes/apps/home/node-red/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/monica/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/flux/components/volsync/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1alpha1 4 | kind: Component 5 | resources: 6 | - ./pvc.yaml 7 | - ./r2 -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/oci/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./app-template.yaml -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/spegel/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/thanos/app/object-bucket-claim.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: objectbucket.io/v1alpha1 3 | kind: ObjectBucketClaim 4 | metadata: 5 | name: thanos-ceph-bucket 6 | spec: 7 | bucketName: thanos 8 | storageClassName: ceph-bucket 9 | -------------------------------------------------------------------------------- /kubernetes/apps/rook-ceph/rook-ceph/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/rook-ceph/rook-ceph/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/thelounge/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/default/echo-server/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/descheduler/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/reloader/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/promtail/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/openebs-system/openebs/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/app-template/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./ocirepository.yaml -------------------------------------------------------------------------------- /kubernetes/apps/ai/ollama/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./pvc.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/tls/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./production.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/metrics-server/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/network/external/ingress-nginx/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/network/internal/ingress-nginx/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/blackbox-exporter/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/observability/speedtest-exporter/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/instance/github/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./webhooks 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/intel-device-plugin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/intel-device-plugin/gpu/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/media/tautulli/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./pvc.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/smartctl-exporter/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/hajimari/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | - pvc.yaml -------------------------------------------------------------------------------- /kubernetes/apps/volsync-system/snapshot-controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./git 7 | - ./helm 8 | - ./oci 9 | -------------------------------------------------------------------------------- /kubernetes/apps/database/dragonfly/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./rbac.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/external-secrets/onepassword/store/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./clustersecretstore.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/home/govee2mqtt/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/node-feature-discovery/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/media/audiobookshelf/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./pvc.yaml -------------------------------------------------------------------------------- /kubernetes/apps/media/radarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/media/sonarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/media/tqm/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./secret.sops.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/ai/langfuse/app/object-bucket-claim.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: objectbucket.io/v1alpha1 3 | kind: ObjectBucketClaim 4 | metadata: 5 | name: langfuse-ceph-bucket 6 | namespace: ai 7 | spec: 8 | bucketName: langfuse 9 | storageClassName: ceph-bucket 10 | -------------------------------------------------------------------------------- /kubernetes/apps/database/emqx/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/database/postgres-backup/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: database 6 | resources: 7 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/media/prowlarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/media/readarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helm-release.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/media/unpackerr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/joplin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/monica/database/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./l2.yaml 7 | - ./l3.yaml 8 | - ./pool.yaml -------------------------------------------------------------------------------- /kubernetes/apps/observability/unpoller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/paperless/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/database/clickhouse-operator/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: database 6 | resources: 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/database/cloudnative-pg/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/home/home-assistant/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/media/plex/plex-image-cleanup/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./externalsecret.yaml -------------------------------------------------------------------------------- /kubernetes/apps/media/qui/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./pvc.yaml -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/authentik/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/cookjam/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./automation.yaml 7 | - ./external-secret.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/radicale/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./externalsecret.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/system-upgrade/system-upgrade-controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | - rbac.yaml -------------------------------------------------------------------------------- /kubernetes/apps/external-secrets/onepassword/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/media/tautulli/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: tautulli-cache 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 15Gi 11 | storageClassName: ceph-block 12 | -------------------------------------------------------------------------------- /kubernetes/apps/network/external/external-dns/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/n8n/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | - pvc.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/volsync-system/volsync/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./prometheusrule.yaml 8 | 9 | -------------------------------------------------------------------------------- /kubernetes/flux/components/common/cluster-settings.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetesjsonschema.dev/v1.18.1-standalone-strict/configmap-v1.json 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: cluster-settings 7 | data: 8 | TZ: "Europe/London" 9 | -------------------------------------------------------------------------------- /kubernetes/apps/ai/open-webui/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./pvc.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/issuers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./secret.sops.yaml 7 | - ./clusterissuers.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/database/emqx/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./cluster.yaml 7 | - ./ingress.yaml 8 | - ./podmonitor.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/media/jellyseerr/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: jellyseerr-cache 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 15Gi 11 | storageClassName: ceph-block 12 | -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/immich/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | - pvc.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/system-upgrade/system-upgrade-controller/plans/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./kubernetes.yaml 7 | - ./talos.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/generic-device-plugin/app/config/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | devices: 3 | - name: tun 4 | groups: 5 | - count: 1000 6 | paths: 7 | - path: /dev/net/tun 8 | 9 | - name: coral 10 | groups: 11 | - paths: 12 | - path: /dev/apex_0 -------------------------------------------------------------------------------- /kubernetes/apps/media/autobrr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./pvc.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/media/jellyseerr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./pvc.yaml 8 | - ./helmrelease.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/palmr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./pvc.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/node-feature-discovery/rules/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./google-coral-device.yaml 7 | - ./intel-gpu-device.yaml -------------------------------------------------------------------------------- /kubernetes/apps/observability/nextdns-exporter/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./dashboard 7 | - ./externalsecret.yaml 8 | - ./helmrelease.yaml -------------------------------------------------------------------------------- /kubernetes/bootstrap/talos/patches/global/machine-udev.yaml: -------------------------------------------------------------------------------- 1 | machine: 2 | udev: 3 | rules: 4 | - # Intel GPU 5 | SUBSYSTEM=="drm", KERNEL=="renderD*", GROUP="44", MODE="0660" 6 | - # Thunderbolt 7 | ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1" -------------------------------------------------------------------------------- /kubernetes/apps/observability/grafana/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./ingress-external.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/rook-ceph/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: rook-ceph 6 | components: 7 | - ../../flux/components/common 8 | resources: 9 | - ./rook-ceph/ks.yaml -------------------------------------------------------------------------------- /kubernetes/flux/components/volsync/r2/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./replicationsource.yaml 8 | - ./replicationdestination.yaml -------------------------------------------------------------------------------- /kubernetes/apps/default/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: default 6 | components: 7 | - ../../flux/components/common 8 | resources: 9 | - ./echo-server/ks.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/instance/github/webhooks/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./secret.sops.yaml 7 | - ./ingress.yaml 8 | - ./receiver.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/database/clickhouse-operator/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: database 6 | resources: 7 | - ./externalsecret.yaml 8 | - ./clickhouse-installation.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/bootstrap/talos/patches/global/machine-kubelet.yaml: -------------------------------------------------------------------------------- 1 | machine: 2 | kubelet: 3 | nodeIP: 4 | validSubnets: 5 | - 10.20.0.0/24 6 | extraMounts: 7 | - destination: /var/openebs/local 8 | type: bind 9 | source: /var/openebs/local 10 | options: ["bind", "rshared", "rw"] -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/app/helm-values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | crds: 3 | enabled: true 4 | replicaCount: 1 5 | dns01RecursiveNameservers: https://1.1.1.1:443/dns-query,https://1.0.0.1:443/dns-query 6 | dns01RecursiveNameserversOnly: true 7 | prometheus: 8 | enabled: true 9 | servicemonitor: 10 | enabled: true 11 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: cert-manager 6 | components: 7 | - ../../flux/components/common 8 | resources: 9 | - ./cert-manager/ks.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: flux-system 6 | components: 7 | - ../../flux/components/common 8 | resources: 9 | - ./flux-operator/ks.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/network/internal/external-dns/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | metadata: 9 | namespace: network 10 | -------------------------------------------------------------------------------- /kubernetes/apps/openebs-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: openebs-system 6 | components: 7 | - ../../flux/components/common 8 | resources: 9 | - ./openebs/ks.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/ai/langfuse/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./object-bucket-claim.yaml 9 | - ./pvc.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/system-upgrade/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: system-upgrade 6 | components: 7 | - ../../flux/components/common 8 | resources: 9 | - ./system-upgrade-controller/ks.yaml -------------------------------------------------------------------------------- /kubernetes/apps/observability/kube-prometheus-stack/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | - prometheusrule.yaml 9 | - scrapeconfig.yaml -------------------------------------------------------------------------------- /.github/labeler.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | area/github: 3 | - changed-files: 4 | - any-glob-to-any-file: .github/**/* 5 | area/kubernetes: 6 | - changed-files: 7 | - any-glob-to-any-file: kubernetes/**/* 8 | area/taskfile: 9 | - changed-files: 10 | - any-glob-to-any-file: .taskfiles/**/* 11 | - any-glob-to-any-file: Taskfile* 12 | -------------------------------------------------------------------------------- /kubernetes/flux/components/common/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1alpha1 4 | kind: Component 5 | resources: 6 | - ./cluster-settings.yaml 7 | - ./cluster-secrets.sops.yaml 8 | - ./namespace.yaml 9 | - ./sops-age.sops.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/cookjam/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./cron.yaml 7 | - ./helmrelease-dev.yaml 8 | - ./helmrelease-prd.yaml 9 | - ./pvc.yaml 10 | - ./servicemonitor.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/config/pool.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://datreeio.github.io/CRDs-catalog/cilium.io/ciliumloadbalancerippool_v2alpha1.json 3 | apiVersion: cilium.io/v2alpha1 4 | kind: CiliumLoadBalancerIPPool 5 | metadata: 6 | name: pool 7 | spec: 8 | allowFirstLastIPs: "No" 9 | blocks: 10 | - cidr: "10.20.0.0/24" -------------------------------------------------------------------------------- /kubernetes/apps/volsync-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: volsync-system 6 | components: 7 | - ../../flux/components/common 8 | resources: 9 | - ./snapshot-controller/ks.yaml 10 | - ./volsync/ks.yaml -------------------------------------------------------------------------------- /kubernetes/apps/network/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: network 6 | components: 7 | - ../../flux/components/common 8 | resources: 9 | - ./external/ks.yaml 10 | - ./internal/ks.yaml 11 | - ./multus/ks.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/hajimari.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: hajimari 7 | namespace: flux-system 8 | spec: 9 | interval: 12h 10 | url: https://hajimari.io -------------------------------------------------------------------------------- /kubernetes/apps/external-secrets/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: external-secrets 6 | components: 7 | - ../../flux/components/common 8 | resources: 9 | - ./external-secrets/ks.yaml 10 | - ./onepassword/ks.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/emqx.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: emqx 7 | namespace: flux-system 8 | spec: 9 | interval: 12h 10 | url: https://repos.emqx.io/charts 11 | -------------------------------------------------------------------------------- /kubernetes/apps/database/cloudnative-pg/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: database 6 | resources: 7 | - ./cluster.yaml 8 | - ./cluster-immich.yaml 9 | - ./prometheusrule.yaml 10 | - ./scheduledbackup.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/openebs.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: openebs 7 | namespace: flux-system 8 | spec: 9 | interval: 12h 10 | url: https://openebs.github.io/openebs -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/piraeus.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: piraeus 7 | namespace: flux-system 8 | spec: 9 | interval: 12h 10 | url: https://piraeus.io/helm-charts/ -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/rook-ceph.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: rook-ceph 7 | namespace: flux-system 8 | spec: 9 | interval: 12h 10 | url: https://charts.rook.io/release -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/authentik.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://github.com/fluxcd-community/flux2-schemas/raw/main/helmrepository-source-v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: authentik 7 | namespace: flux-system 8 | spec: 9 | interval: 30m 10 | url: https://charts.goauthentik.io -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/intel.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: intel 7 | namespace: flux-system 8 | spec: 9 | interval: 12h 10 | url: https://intel.github.io/helm-charts 11 | -------------------------------------------------------------------------------- /kubernetes/apps/ai/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: ai 6 | components: 7 | - ../../flux/components/common 8 | resources: 9 | - ./langfuse/ks.yaml 10 | - ./ollama/ks.yaml 11 | - ./open-webui/ks.yaml 12 | - ./searxng/ks.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/backube.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://github.com/fluxcd-community/flux2-schemas/raw/main/helmrepository-source-v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: backube 7 | namespace: flux-system 8 | spec: 9 | interval: 12h 10 | url: https://backube.github.io/helm-charts/ -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/cilium.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: cilium 7 | namespace: flux-system 8 | spec: 9 | interval: 12h 10 | url: https://helm.cilium.io 11 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/grafana.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: grafana 7 | namespace: flux-system 8 | spec: 9 | interval: 12h 10 | url: https://grafana.github.io/helm-charts 11 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Trash 2 | .DS_Store 3 | Thumbs.db 4 | # k8s 5 | kubeconfig 6 | talosconfig 7 | .decrypted~*.yaml 8 | *.agekey 9 | *.pub 10 | *.key 11 | # Private 12 | .private 13 | .bin 14 | # Ansible 15 | .venv* 16 | # Taskfile 17 | .task 18 | # Brew 19 | Brewfile.lock.json 20 | # intellij 21 | .idea 22 | # Bootstrap 23 | /config.yaml 24 | cloudflared.json 25 | # Claude 26 | .mcp.json 27 | .claude -------------------------------------------------------------------------------- /kubernetes/apps/media/qui/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: qui 6 | namespace: media 7 | labels: 8 | app.kubernetes.io/name: &name qui 9 | app.kubernetes.io/instance: *name 10 | spec: 11 | accessModes: 12 | - ReadWriteOnce 13 | resources: 14 | requests: 15 | storage: 1Gi 16 | storageClassName: ceph-block -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/jetstack.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: jetstack 7 | namespace: flux-system 8 | spec: 9 | interval: 12h 10 | url: https://charts.jetstack.io 11 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/altinity.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: altinity 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | url: https://docs.altinity.com/clickhouse-operator 11 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/democratic-csi.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: democratic-csi 7 | namespace: flux-system 8 | spec: 9 | interval: 12h 10 | url: https://democratic-csi.github.io/charts/ -------------------------------------------------------------------------------- /kubernetes/apps/ai/ollama/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: ollama 6 | namespace: ai 7 | labels: 8 | app.kubernetes.io/name: &name ollama 9 | app.kubernetes.io/instance: *name 10 | spec: 11 | accessModes: 12 | - ReadWriteOnce 13 | resources: 14 | requests: 15 | storage: 50Gi 16 | storageClassName: ceph-block 17 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/bitnami.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: bitnami 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 12h 11 | url: oci://registry-1.docker.io/bitnamicharts -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/bjw-s.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: bjw-s 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 30m 11 | url: oci://ghcr.io/bjw-s/helm 12 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/cloudnative-pg.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://github.com/fluxcd-community/flux2-schemas/raw/main/helmrepository-source-v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: cloudnative-pg 7 | namespace: flux-system 8 | spec: 9 | interval: 12h 10 | url: https://cloudnative-pg.github.io/charts -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/descheduler.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: descheduler 7 | namespace: flux-system 8 | spec: 9 | interval: 12h 10 | url: https://kubernetes-sigs.github.io/descheduler 11 | -------------------------------------------------------------------------------- /kubernetes/apps/ai/langfuse/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: langfuse 6 | namespace: ai 7 | labels: 8 | app.kubernetes.io/name: &name langfuse 9 | app.kubernetes.io/instance: *name 10 | spec: 11 | accessModes: 12 | - ReadWriteOnce 13 | resources: 14 | requests: 15 | storage: 5Gi 16 | storageClassName: ceph-block 17 | -------------------------------------------------------------------------------- /kubernetes/apps/media/autobrr/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: autobrr 6 | namespace: media 7 | labels: 8 | app.kubernetes.io/name: &name autobrr 9 | app.kubernetes.io/instance: *name 10 | spec: 11 | accessModes: 12 | - ReadWriteOnce 13 | resources: 14 | requests: 15 | storage: 1Gi 16 | storageClassName: ceph-block 17 | -------------------------------------------------------------------------------- /kubernetes/apps/media/plex/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: plex-cache 6 | namespace: media 7 | labels: 8 | app.kubernetes.io/name: &name plex 9 | app.kubernetes.io/instance: *name 10 | spec: 11 | accessModes: 12 | - ReadWriteOnce 13 | resources: 14 | requests: 15 | storage: 50Gi 16 | storageClassName: ceph-block 17 | -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/n8n/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: n8n 6 | namespace: selfhosted 7 | labels: 8 | app.kubernetes.io/name: &name n8n 9 | app.kubernetes.io/instance: *name 10 | spec: 11 | accessModes: 12 | - ReadWriteOnce 13 | resources: 14 | requests: 15 | storage: 1Gi 16 | storageClassName: ceph-block 17 | -------------------------------------------------------------------------------- /kubernetes/apps/ai/open-webui/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: open-webui 6 | namespace: ai 7 | labels: 8 | app.kubernetes.io/name: &name open-webui 9 | app.kubernetes.io/instance: *name 10 | spec: 11 | accessModes: 12 | - ReadWriteOnce 13 | resources: 14 | requests: 15 | storage: 5Gi 16 | storageClassName: ceph-block 17 | -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/palmr/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: palmr 6 | namespace: selfhosted 7 | labels: 8 | app.kubernetes.io/name: &name palmr 9 | app.kubernetes.io/instance: *name 10 | spec: 11 | accessModes: 12 | - ReadWriteOnce 13 | resources: 14 | requests: 15 | storage: 1Gi 16 | storageClassName: ceph-block 17 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/coredns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: coredns 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 30m 11 | url: oci://ghcr.io/coredns/charts 12 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/stakater.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: stakater 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 30m 11 | url: oci://ghcr.io/stakater/charts 12 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/stevehipwell.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: stevehipwell 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 30m 11 | url: oci://ghcr.io/stevehipwell/helm-charts -------------------------------------------------------------------------------- /kubernetes/bootstrap/talos/patches/global/machine-features.yaml: -------------------------------------------------------------------------------- 1 | machine: 2 | features: 3 | kubernetesTalosAPIAccess: 4 | enabled: true 5 | allowedRoles: ["os:admin"] 6 | allowedKubernetesNamespaces: ["system-upgrade"] 7 | kubePrism: 8 | enabled: true 9 | port: 7445 10 | hostDNS: 11 | enabled: true 12 | resolveMemberNames: true 13 | forwardKubeDNSToHost: false -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/spegel.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: spegel 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 30m 11 | url: oci://ghcr.io/spegel-org/helm-charts 12 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: cilium-helm-values 9 | files: 10 | - values.yaml=./helm-values.yaml 11 | configurations: 12 | - kustomizeconfig.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/coredns/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: coredns-helm-values 9 | files: 10 | - values.yaml=./helm-values.yaml 11 | configurations: 12 | - kustomizeconfig.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/media/bazarr/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: bazarr-whisper-cache 6 | namespace: media 7 | labels: 8 | app.kubernetes.io/name: &name bazarr 9 | app.kubernetes.io/instance: *name 10 | spec: 11 | accessModes: 12 | - ReadWriteOnce 13 | resources: 14 | requests: 15 | storage: 1Gi 16 | storageClassName: ceph-block 17 | -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/hajimari/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: hajimari-config 6 | namespace: selfhosted 7 | labels: 8 | app.kubernetes.io/name: &name hajimari 9 | app.kubernetes.io/instance: *name 10 | spec: 11 | accessModes: 12 | - ReadWriteOnce 13 | resources: 14 | requests: 15 | storage: 1Gi 16 | storageClassName: ceph-block -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/external-dns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: external-dns 7 | namespace: flux-system 8 | spec: 9 | interval: 12h 10 | url: https://kubernetes-sigs.github.io/external-dns 11 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/external-secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: external-secrets 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 30m 11 | url: oci://ghcr.io/external-secrets/charts 12 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/ingress-nginx.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: ingress-nginx 7 | namespace: flux-system 8 | spec: 9 | interval: 12h 10 | url: https://kubernetes.github.io/ingress-nginx 11 | -------------------------------------------------------------------------------- /.taskfiles/volsync/wait-for-job.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | JOB_NAME=$1 4 | NAMESPACE="${2:-default}" 5 | 6 | [[ -z "${JOB_NAME}" ]] && echo "Job name not specified" && exit 1 7 | 8 | while true; do 9 | STATUS="$(kubectl -n "${NAMESPACE}" get pod -l job-name="${JOB_NAME}" -o jsonpath='{.items[*].status.phase}')" 10 | if [ "${STATUS}" == "Pending" ]; then 11 | break 12 | fi 13 | sleep 1 14 | done 15 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/metrics-server.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: metrics-server 7 | namespace: flux-system 8 | spec: 9 | interval: 12h 10 | url: https://kubernetes-sigs.github.io/metrics-server 11 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: cert-manager-helm-values 9 | files: 10 | - values.yaml=./helm-values.yaml 11 | configurations: 12 | - kustomizeconfig.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/database/dragonfly/cluster/podmonitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/podmonitor_v1.json 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: PodMonitor 5 | metadata: 6 | name: dragonfly 7 | spec: 8 | selector: 9 | matchLabels: 10 | app: dragonfly 11 | podTargetLabels: ["app"] 12 | podMetricsEndpoints: 13 | - port: admin 14 | -------------------------------------------------------------------------------- /kubernetes/apps/media/plex/app/lokirule.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | groups: 3 | - name: plex 4 | rules: 5 | - alert: PlexDatabaseIsBusy 6 | expr: | 7 | sum by (app) (count_over_time({app="plex"} |~ "(?i)retry busy DB"[5m])) > 0 8 | for: 5m 9 | annotations: 10 | summary: >- 11 | {{ $labels.app }} is experiencing database issues 12 | labels: 13 | severity: critical -------------------------------------------------------------------------------- /kubernetes/apps/network/multus/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # renovate: datasource=github-releases depName=k8snetworkplumbingwg/network-attachment-definition-client 6 | - https://raw.githubusercontent.com/k8snetworkplumbingwg/network-attachment-definition-client/refs/tags/v1.7.5/artifacts/networks-crd.yaml 7 | - ./helmrelease.yaml 8 | - ./rbac.yaml -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: flux-operator-helm-values 9 | files: 10 | - values.yaml=./helm-values.yaml 11 | configurations: 12 | - kustomizeconfig.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/config/l2.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://datreeio.github.io/CRDs-catalog/cilium.io/ciliuml2announcementpolicy_v2alpha1.json 3 | apiVersion: cilium.io/v2alpha1 4 | kind: CiliumL2AnnouncementPolicy 5 | metadata: 6 | name: l2-policy 7 | spec: 8 | loadBalancerIPs: true 9 | interfaces: 10 | - bond0 11 | nodeSelector: 12 | matchLabels: 13 | kubernetes.io/os: linux 14 | -------------------------------------------------------------------------------- /kubernetes/apps/media/audiobookshelf/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: audiobookshelf-config 6 | namespace: media 7 | labels: 8 | app.kubernetes.io/name: &name audiobookshelf 9 | app.kubernetes.io/instance: *name 10 | spec: 11 | accessModes: 12 | - ReadWriteOnce 13 | resources: 14 | requests: 15 | storage: 1Gi 16 | storageClassName: ceph-block 17 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/controlplaneio.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: controlplaneio 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 30m 11 | url: oci://ghcr.io/controlplaneio-fluxcd/charts 12 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/prometheus-community.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: prometheus-community 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 30m 11 | url: oci://ghcr.io/prometheus-community/charts 12 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/node-feature-discovery.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: node-feature-discovery 7 | namespace: flux-system 8 | spec: 9 | interval: 12h 10 | url: https://kubernetes-sigs.github.io/node-feature-discovery/charts 11 | -------------------------------------------------------------------------------- /kubernetes/apps/external-secrets/external-secrets/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: external-secrets-helm-values 9 | files: 10 | - values.yaml=./helm-values.yaml 11 | configurations: 12 | - kustomizeconfig.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/database/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: database 6 | components: 7 | - ../../flux/components/common 8 | resources: 9 | - ./clickhouse-operator/ks.yaml 10 | - ./dragonfly/ks.yaml 11 | - ./emqx/ks.yaml 12 | - ./cloudnative-pg/ks.yaml 13 | - ./postgres-backup/ks.yaml 14 | -------------------------------------------------------------------------------- /kubernetes/apps/home/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: home 6 | components: 7 | - ../../flux/components/common 8 | resources: 9 | - ./esphome/ks.yaml 10 | - ./frigate/ks.yaml 11 | - ./govee2mqtt/ks.yaml 12 | - ./home-assistant/ks.yaml 13 | - ./node-red/ks.yaml 14 | - ./zigbee2mqtt/ks.yaml -------------------------------------------------------------------------------- /kubernetes/apps/observability/alertmanager/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: monitoring 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: alertmanager-configmap 9 | files: 10 | - config/alertmanager.yml 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | annotations: 14 | kustomize.toolkit.fluxcd.io/substitute: disabled -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/ntfy/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: ntfy-server-config 9 | files: 10 | - ./config/server.yml 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | configurations: 14 | - kustomizeconfig.yaml -------------------------------------------------------------------------------- /kubernetes/apps/database/dragonfly/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # renovate: datasource=github-releases depName=dragonflydb/dragonfly-operator 7 | - https://raw.githubusercontent.com/dragonflydb/dragonfly-operator/v1.1.6/manifests/crd.yaml 8 | - ./cluster.yaml 9 | - ./podmonitor.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/ntfy/app/config/server.yml: -------------------------------------------------------------------------------- 1 | base-url: https://ntfy.${SECRET_DOMAIN} 2 | listen-http: ":8080" 3 | behind-proxy: true 4 | cache-file: "/var/cache/ntfy/cache.db" 5 | attachment-cache-dir: "/var/cache/ntfy/attachments" 6 | attachment-total-size-limit: "5G" 7 | attachment-file-size-limit: "50M" 8 | attachment-expiry-duration: "6h" 9 | auth-file: "/authfile/user.db" 10 | auth-default-access: "deny-all" 11 | upstream-base-url: "https://ntfy.sh" -------------------------------------------------------------------------------- /kubernetes/flux/components/volsync/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: "${APP}" 6 | spec: 7 | accessModes: ["${VOLSYNC_ACCESSMODES:=ReadWriteOnce}"] 8 | dataSourceRef: 9 | kind: ReplicationDestination 10 | apiGroup: volsync.backube 11 | name: "${APP}" 12 | resources: 13 | requests: 14 | storage: "${VOLSYNC_CAPACITY:=5Gi}" 15 | storageClassName: "${VOLSYNC_STORAGECLASS:=ceph-block}" -------------------------------------------------------------------------------- /kubernetes/apps/media/plex/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - helmrelease.yaml 5 | - pvc.yaml 6 | configMapGenerator: 7 | - name: plex-loki-rules 8 | files: 9 | - plex.yaml=./lokirule.yaml 10 | options: 11 | labels: 12 | loki_rule: "true" 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | annotations: 16 | kustomize.toolkit.fluxcd.io/substitute: disabled -------------------------------------------------------------------------------- /kubernetes/apps/observability/thanos/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - dashboard 7 | - helmrelease.yaml 8 | - object-bucket-claim.yaml 9 | configMapGenerator: 10 | - name: thanos-cache-configmap 11 | files: 12 | - cache.yaml=./config/cache.yaml 13 | generatorOptions: 14 | disableNameSuffixHash: true -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/generic-device-plugin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: generic-device-plugin 9 | files: 10 | - ./config/config.yaml 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | configurations: 14 | - kustomizeconfig.yaml -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/instance/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./github 8 | - ./helmrelease.yaml 9 | configMapGenerator: 10 | - name: flux-instance-helm-values 11 | files: 12 | - values.yaml=./helm-values.yaml 13 | configurations: 14 | - kustomizeconfig.yaml 15 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/config/bgp.conf: -------------------------------------------------------------------------------- 1 | router bgp 64513 2 | bgp router-id 192.168.1.1 3 | no bgp ebgp-requires-policy 4 | 5 | neighbor k8s peer-group 6 | neighbor k8s remote-as 64514 7 | 8 | neighbor 10.20.0.230 peer-group k8s 9 | neighbor 10.20.0.229 peer-group k8s 10 | neighbor 10.20.0.244 peer-group k8s 11 | 12 | address-family ipv4 unicast 13 | neighbor k8s next-hop-self 14 | neighbor k8s soft-reconfiguration inbound 15 | exit-address-family 16 | exit -------------------------------------------------------------------------------- /kubernetes/apps/network/external/cloudflared/default/dnsendpoint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/externaldns.k8s.io/dnsendpoint_v1alpha1.json 3 | apiVersion: externaldns.k8s.io/v1alpha1 4 | kind: DNSEndpoint 5 | metadata: 6 | name: cloudflared 7 | spec: 8 | endpoints: 9 | - dnsName: "external.${SECRET_DOMAIN}" 10 | recordType: CNAME 11 | targets: ["${SECRET_CLOUDFLARE_TUNNEL_ID}.cfargotunnel.com"] 12 | -------------------------------------------------------------------------------- /kubernetes/apps/network/external/cloudflared/default/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./dnsendpoint.yaml 7 | - ./secret.sops.yaml 8 | - ./helmrelease.yaml 9 | configMapGenerator: 10 | - name: cloudflared-configmap 11 | files: 12 | - ./configs/config.yaml 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | -------------------------------------------------------------------------------- /.github/renovate/commitMessage.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "commitMessageTopic": "{{depName}}", 4 | "commitMessageExtra": "to {{newVersion}}", 5 | "commitMessageSuffix": "", 6 | "packageRules": [ 7 | { 8 | "matchDatasources": ["helm"], 9 | "commitMessageTopic": "chart {{depName}}" 10 | }, 11 | { 12 | "matchDatasources": ["docker"], 13 | "commitMessageTopic": "image {{depName}}" 14 | } 15 | ] 16 | } 17 | -------------------------------------------------------------------------------- /kubernetes/apps/database/emqx/cluster/ingress.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: emqx-dashboard 6 | spec: 7 | ingressClassName: internal 8 | rules: 9 | - host: "emqx.${SECRET_DOMAIN}" 10 | http: 11 | paths: 12 | - path: / 13 | pathType: Prefix 14 | backend: 15 | service: 16 | name: emqx-dashboard 17 | port: 18 | number: 18083 19 | -------------------------------------------------------------------------------- /kubernetes/apps/media/plex/trakt-sync/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: plex-tract-sync 9 | files: 10 | - ./config/config.yml 11 | generatorOptions: 12 | annotations: 13 | kustomize.toolkit.fluxcd.io/substitute: disabled 14 | configurations: 15 | - kustomizeconfig.yaml -------------------------------------------------------------------------------- /kubernetes/apps/network/external/cloudflared/cookjam/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./dnsendpoint.yaml 7 | - ./secret.sops.yaml 8 | - ./helmrelease.yaml 9 | configMapGenerator: 10 | - name: cloudflared-cookjam-configmap 11 | files: 12 | - ./configs/config.yaml 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | -------------------------------------------------------------------------------- /kubernetes/apps/home/frigate/app/dashboard/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | configMapGenerator: 6 | - name: frigate-dashboard 7 | files: 8 | - frigate-dashboard.json 9 | generatorOptions: 10 | disableNameSuffixHash: true 11 | annotations: 12 | kustomize.toolkit.fluxcd.io/substitute: disabled 13 | labels: 14 | grafana_dashboard: "true" 15 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/kromgo/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: kromgo-configmap 9 | files: 10 | - config.yaml=./resources/config.yaml 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | annotations: 14 | kustomize.toolkit.fluxcd.io/substitute: disabled 15 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | * text=auto eol=lf 2 | *.env linguist-detectable linguist-language=SHELL 3 | *.json linguist-detectable linguist-language=JSON 4 | *.json5 linguist-detectable linguist-language=JSON5 5 | *.md linguist-detectable linguist-language=MARKDOWN 6 | *.sh linguist-detectable linguist-language=SHELL 7 | *.toml linguist-detectable linguist-language=TOML 8 | *.yml linguist-detectable linguist-language=YAML 9 | *.yaml linguist-detectable linguist-language=YAML 10 | *.yaml.j2 linguist-detectable linguist-language=YAML -------------------------------------------------------------------------------- /kubernetes/apps/media/cross-seed/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./externalsecret.yaml 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: cross-seed-loki-rules 9 | files: 10 | - ./resources/lokirule.yaml 11 | options: 12 | labels: 13 | loki_rule: "true" 14 | generatorOptions: 15 | disableNameSuffixHash: true 16 | annotations: 17 | kustomize.toolkit.fluxcd.io/substitute: disabled -------------------------------------------------------------------------------- /kubernetes/apps/media/recyclarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - cron-job.yaml 7 | - externalsecret.yaml 8 | namespace: media 9 | configMapGenerator: 10 | - name: recyclarr 11 | files: 12 | - recyclarr.yml 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | annotations: 16 | kustomize.toolkit.fluxcd.io/substitute: disabled 17 | -------------------------------------------------------------------------------- /kubernetes/bootstrap/talos/patches/global/machine-files.yaml: -------------------------------------------------------------------------------- 1 | machine: 2 | files: 3 | - op: create 4 | path: /etc/cri/conf.d/20-customization.part 5 | content: |- 6 | [plugins."io.containerd.cri.v1.images"] 7 | discard_unpacked_layers = false 8 | - op: overwrite 9 | path: /etc/nfsmount.conf 10 | permissions: 420 11 | content: | 12 | [ NFSMount_Global_Options ] 13 | nfsvers=4.2 14 | hard=True 15 | nconnect=16 16 | noatime=True -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE 2 | Version 2, December 2004 3 | 4 | Copyright (C) 2023 Russell Hall 5 | 6 | Everyone is permitted to copy and distribute verbatim or modified 7 | copies of this license document, and changing it is allowed as long 8 | as the name is changed. 9 | 10 | DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE 11 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 12 | 13 | 0. You just DO WHAT THE FUCK YOU WANT TO. 14 | -------------------------------------------------------------------------------- /kubernetes/apps/media/sabnzbd/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | configMapGenerator: 9 | - name: sabnzbd-scripts 10 | files: 11 | - cross-seed.sh=./resources/cross-seed.sh 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | annotations: 15 | kustomize.toolkit.fluxcd.io/substitute: disabled -------------------------------------------------------------------------------- /kubernetes/apps/media/qbittorrent/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | 9 | configMapGenerator: 10 | - name: qbittorrent-coredns 11 | files: 12 | - ./config/Corefile 13 | generatorOptions: 14 | annotations: 15 | kustomize.toolkit.fluxcd.io/substitute: disabled 16 | configurations: 17 | - kustomizeconfig.yaml -------------------------------------------------------------------------------- /kubernetes/apps/external-secrets/onepassword/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1 3 | kind: ExternalSecret 4 | metadata: 5 | name: onepassword 6 | spec: 7 | refreshInterval: 12h 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: onepassword-secret 13 | template: 14 | data: 15 | 1password-credentials.json: "{{ .credentials }}" 16 | token: "{{ .token }}" 17 | dataFrom: 18 | - extract: 19 | key: 1password connect 20 | -------------------------------------------------------------------------------- /.taskfiles/volsync/ListJob.tmpl.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: batch/v1 3 | kind: Job 4 | metadata: 5 | name: "list-${rsrc}-${ts}" 6 | namespace: "${namespace}" 7 | spec: 8 | ttlSecondsAfterFinished: 3600 9 | template: 10 | spec: 11 | automountServiceAccountToken: false 12 | restartPolicy: OnFailure 13 | containers: 14 | - name: list 15 | image: docker.io/restic/restic:0.16.0 16 | args: ["snapshots"] 17 | envFrom: 18 | - secretRef: 19 | name: "${rsrc}-restic" 20 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/alertmanager/app/config/alertmanager.yml: -------------------------------------------------------------------------------- 1 | receivers: 2 | - name: "null" 3 | 4 | route: 5 | group_by: ["alertname", "job"] 6 | group_wait: 30s 7 | group_interval: 5m 8 | repeat_interval: 6h 9 | receiver: "null" 10 | routes: 11 | - receiver: "null" 12 | matchers: 13 | - alertname =~ "InfoInhibitor|Watchdog" 14 | 15 | inhibit_rules: 16 | - source_matchers: 17 | - severity = "critical" 18 | target_matchers: 19 | - severity = "warning" 20 | equal: ["alertname", "namespace"] -------------------------------------------------------------------------------- /kubernetes/apps/media/bazarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./pvc.yaml 9 | configMapGenerator: 10 | - name: bazarr-scripts 11 | files: 12 | - subcleaner.sh=./resources/subcleaner.sh 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | annotations: 16 | kustomize.toolkit.fluxcd.io/substitute: disabled 17 | -------------------------------------------------------------------------------- /kubernetes/apps/media/kometa/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./externalsecret.yaml 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: pmm-config-tpl 9 | files: 10 | - ./configs/config.yml 11 | - name: pmm-prerolls 12 | files: 13 | - ./configs/Pre-rolls.yml 14 | generatorOptions: 15 | disableNameSuffixHash: true 16 | labels: 17 | - pairs: 18 | app.kubernetes.io/name: kometa 19 | app.kubernetes.io/instance: kometa 20 | -------------------------------------------------------------------------------- /kubernetes/apps/network/external/cloudflared/default/configs/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | originRequest: 3 | originServerName: "external.${SECRET_DOMAIN}" 4 | 5 | ingress: 6 | - hostname: "${SECRET_DOMAIN}" 7 | service: https://external-ingress-nginx-controller.network.svc.cluster.local:443 8 | originRequest: 9 | noTLSVerify: true 10 | - hostname: "*.${SECRET_DOMAIN}" 11 | service: https://external-ingress-nginx-controller.network.svc.cluster.local:443 12 | originRequest: 13 | noTLSVerify: true 14 | - service: http_status:404 15 | -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/palmr/app/cors.json: -------------------------------------------------------------------------------- 1 | { 2 | "CORSRules": [ 3 | { 4 | "AllowedOrigins": [ 5 | "https://share.REDACTED.com", 6 | "https://palmr.roswellian.dev", 7 | "https://send.roswellian.dev" 8 | ], 9 | "AllowedMethods": [ 10 | "GET", 11 | "PUT", 12 | "POST", 13 | "DELETE" 14 | ], 15 | "AllowedHeaders": [ 16 | "*" 17 | ], 18 | "ExposeHeaders": [ 19 | "ETag" 20 | ], 21 | "MaxAgeSeconds": 3600 22 | } 23 | ] 24 | } 25 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/loki/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | namespace: monitoring 8 | configMapGenerator: 9 | - name: loki-alerting-rules 10 | files: 11 | - ./rules/loki-alerting-rules.yaml 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | labels: 15 | - pairs: 16 | app.kubernetes.io/name: loki 17 | app.kubernetes.io/instance: loki 18 | -------------------------------------------------------------------------------- /.taskfiles/volsync/UnlockJob.tmpl.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: batch/v1 3 | kind: Job 4 | metadata: 5 | name: "unlock-${rsrc}-${ts}" 6 | namespace: "${namespace}" 7 | spec: 8 | ttlSecondsAfterFinished: 3600 9 | template: 10 | spec: 11 | automountServiceAccountToken: false 12 | restartPolicy: OnFailure 13 | containers: 14 | - name: unlock 15 | image: docker.io/restic/restic:0.16.0 16 | args: ["unlock", "--remove-all"] 17 | envFrom: 18 | - secretRef: 19 | name: "${rsrc}-restic" 20 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/tls/staging.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/cert-manager.io/certificate_v1.json 3 | apiVersion: cert-manager.io/v1 4 | kind: Certificate 5 | metadata: 6 | name: "${SECRET_DOMAIN/./-}-staging" 7 | spec: 8 | secretName: "${SECRET_DOMAIN/./-}-staging-tls" 9 | issuerRef: 10 | name: letsencrypt-staging 11 | kind: ClusterIssuer 12 | commonName: "${SECRET_DOMAIN}" 13 | dnsNames: 14 | - "${SECRET_DOMAIN}" 15 | - "*.${SECRET_DOMAIN}" 16 | -------------------------------------------------------------------------------- /.sops.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | creation_rules: 3 | - # IMPORTANT: This rule MUST be above the others 4 | path_regex: talos/.*\.sops\.ya?ml 5 | mac_only_encrypted: true 6 | key_groups: 7 | - age: 8 | - "age1wv9mlcm5q92z8q26m85ry3yhgfmzh4cptqeveudxh3nj5jm2dfcqfelgux" 9 | - path_regex: kubernetes/.*\.sops\.ya?ml 10 | encrypted_regex: "^(data|stringData)$" 11 | mac_only_encrypted: true 12 | key_groups: 13 | - age: 14 | - "age1wv9mlcm5q92z8q26m85ry3yhgfmzh4cptqeveudxh3nj5jm2dfcqfelgux" 15 | stores: 16 | yaml: 17 | indent: 2 18 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/instance/helm-values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | instance: 3 | cluster: 4 | networkPolicy: false 5 | components: 6 | - image-reflector-controller 7 | - image-automation-controller 8 | - source-controller 9 | - kustomize-controller 10 | - helm-controller 11 | - notification-controller 12 | sync: 13 | kind: GitRepository 14 | url: "https://github.com/rust84/k8s-gitops.git" 15 | ref: "refs/heads/main" 16 | path: kubernetes/flux/cluster 17 | provider: github 18 | pullSecret: flux-gitops-secret 19 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/tls/production.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/cert-manager.io/certificate_v1.json 3 | apiVersion: cert-manager.io/v1 4 | kind: Certificate 5 | metadata: 6 | name: "${SECRET_DOMAIN/./-}-production" 7 | spec: 8 | secretName: "${SECRET_DOMAIN/./-}-production-tls" 9 | issuerRef: 10 | name: letsencrypt-production 11 | kind: ClusterIssuer 12 | commonName: "${SECRET_DOMAIN}" 13 | dnsNames: 14 | - "${SECRET_DOMAIN}" 15 | - "*.${SECRET_DOMAIN}" 16 | -------------------------------------------------------------------------------- /kubernetes/apps/home/frigate/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - dashboard 7 | - externalsecret.yaml 8 | - helmrelease.yaml 9 | namespace: home 10 | configMapGenerator: 11 | - name: frigate-config 12 | files: 13 | - config.yaml 14 | generatorOptions: 15 | disableNameSuffixHash: true 16 | annotations: 17 | kustomize.toolkit.fluxcd.io/substitute: disabled 18 | configurations: 19 | - kustomizeconfig.yaml -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-system 6 | components: 7 | - ../../flux/components/common 8 | resources: 9 | - ./cilium/ks.yaml 10 | - ./coredns/ks.yaml 11 | - ./descheduler/ks.yaml 12 | - ./generic-device-plugin/ks.yaml 13 | - ./intel-device-plugin/ks.yaml 14 | - ./metrics-server/ks.yaml 15 | - ./node-feature-discovery/ks.yaml 16 | - ./reloader/ks.yaml 17 | - ./spegel/ks.yaml 18 | -------------------------------------------------------------------------------- /kubernetes/apps/external-secrets/external-secrets/app/helm-values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | installCRDs: true 3 | replicaCount: 1 4 | leaderElect: true 5 | image: 6 | repository: ghcr.io/external-secrets/external-secrets 7 | webhook: 8 | image: 9 | repository: ghcr.io/external-secrets/external-secrets 10 | serviceMonitor: 11 | enabled: true 12 | interval: 1m 13 | certController: 14 | image: 15 | repository: ghcr.io/external-secrets/external-secrets 16 | serviceMonitor: 17 | enabled: true 18 | interval: 1m 19 | serviceMonitor: 20 | enabled: true 21 | interval: 1m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/nextdns-exporter/app/dashboard/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | configMapGenerator: 6 | - name: nextdns-dashboard 7 | files: 8 | - https://raw.githubusercontent.com/raylas/nextdns-exporter/0.6.0/grafana/dashboards/nextdns.json 9 | generatorOptions: 10 | disableNameSuffixHash: true 11 | annotations: 12 | kustomize.toolkit.fluxcd.io/substitute: disabled 13 | labels: 14 | grafana_dashboard: "true" -------------------------------------------------------------------------------- /kubernetes/apps/system-upgrade/system-upgrade-controller/app/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: system-upgrade-controller 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: cluster-admin 10 | subjects: 11 | - kind: ServiceAccount 12 | name: system-upgrade-controller 13 | namespace: system-upgrade 14 | --- 15 | apiVersion: talos.dev/v1alpha1 16 | kind: ServiceAccount 17 | metadata: 18 | name: system-upgrade-controller 19 | spec: 20 | roles: 21 | - os:admin -------------------------------------------------------------------------------- /kubernetes/apps/media/qui/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1 3 | kind: ExternalSecret 4 | metadata: 5 | name: qui 6 | spec: 7 | refreshInterval: 5m 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: qui-secret 13 | creationPolicy: Owner 14 | template: 15 | data: 16 | QUI__SESSION_SECRET: "{{ .qui_session_secret }}" 17 | dataFrom: 18 | - extract: 19 | key: qui 20 | rewrite: 21 | - regexp: 22 | source: "(.*)" 23 | target: "qui_$1" -------------------------------------------------------------------------------- /.github/lint/.markdownlint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | default: true 3 | 4 | # MD013/line-length - Line length 5 | MD013: 6 | # Number of characters 7 | line_length: 240 8 | # Number of characters for headings 9 | heading_line_length: 80 10 | # Number of characters for code blocks 11 | code_block_line_length: 80 12 | # Include code blocks 13 | code_blocks: true 14 | # Include tables 15 | tables: true 16 | # Include headings 17 | headings: true 18 | # Include headings 19 | headers: true 20 | # Strict length checking 21 | strict: false 22 | # Stern length checking 23 | stern: false 24 | -------------------------------------------------------------------------------- /.yamllint.yml: -------------------------------------------------------------------------------- 1 | ignore: | 2 | .yamllint.yml 3 | .github/ 4 | ignore/ 5 | *-crds.yaml 6 | *.enc.* 7 | *.sops.* 8 | extends: default 9 | rules: 10 | truthy: 11 | allowed-values: ["true", "false", "on", "yes"] 12 | comments: 13 | min-spaces-from-content: 1 14 | line-length: disable 15 | braces: 16 | min-spaces-inside: 0 17 | max-spaces-inside: 1 18 | brackets: 19 | min-spaces-inside: 0 20 | max-spaces-inside: 0 21 | indentation: 22 | spaces: 2 23 | indent-sequences: consistent 24 | hyphens: 25 | max-spaces-after: 1 26 | document-start: disable 27 | -------------------------------------------------------------------------------- /.github/renovate/allowedVersions.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "packageRules": [ 4 | { 5 | "matchDatasources": ["docker"], 6 | "matchPackageNames": ["ghcr.io/linuxserver/calibre-web"], 7 | "allowedVersions": "<1" 8 | }, 9 | { 10 | "matchDatasources": ["docker"], 11 | "matchPackagePatterns": ["postgresql"], 12 | "allowedVersions": "<17" 13 | }, 14 | { 15 | "matchDatasources": ["docker"], 16 | "matchPackagePatterns": ["node"], 17 | "allowedVersions": "<20" 18 | } 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: selfhosted 6 | components: 7 | - ../../flux/components/common 8 | resources: 9 | # - ./authentik/ks.yaml 10 | - ./cookjam/ks.yaml 11 | - ./hajimari/ks.yaml 12 | - ./immich/ks.yaml 13 | - ./n8n/ks.yaml 14 | - ./ntfy/ks.yaml 15 | - ./palmr/ks.yaml 16 | - ./paperless/ks.yaml 17 | - ./joplin/ks.yaml 18 | - ./monica/ks.yaml 19 | - ./radicale/ks.yaml 20 | - ./thelounge/ks.yaml -------------------------------------------------------------------------------- /kubernetes/apps/ai/searxng/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | configMapGenerator: 9 | - name: searxng-configmap 10 | files: 11 | - ./resources/limiter.toml 12 | - ./resources/settings.yml 13 | - ./resources/hostnames-remove.yml 14 | - ./resources/hostnames-high.yml 15 | - ./resources/hostnames-low.yml 16 | generatorOptions: 17 | disableNameSuffixHash: true 18 | -------------------------------------------------------------------------------- /kubernetes/apps/media/qbittorrent/app/config/Corefile: -------------------------------------------------------------------------------- 1 | .:53 { 2 | bind 127.0.0.2 3 | rewrite stop type AAAA A 4 | errors 5 | health :8081 { 6 | lameduck 5s 7 | } 8 | log { 9 | class error 10 | } 11 | forward . tls://1.1.1.1 tls://1.0.0.1 { 12 | tls_servername tls.cloudflare-dns.com 13 | policy sequential 14 | health_check 5s 15 | } 16 | reload 17 | } 18 | 19 | cluster.local:53 { 20 | bind 127.0.0.2 21 | rewrite stop type AAAA A 22 | errors 23 | log { 24 | class error 25 | } 26 | forward . 10.43.0.10 27 | } -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/instance/github/webhooks/ingress.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: flux-webhook 6 | annotations: 7 | external-dns.alpha.kubernetes.io/target: "external.${SECRET_DOMAIN}" 8 | spec: 9 | ingressClassName: external 10 | rules: 11 | - host: "flux-webhook.${SECRET_DOMAIN}" 12 | http: 13 | paths: 14 | - path: /hook/ 15 | pathType: Prefix 16 | backend: 17 | service: 18 | name: webhook-receiver 19 | port: 20 | number: 80 21 | -------------------------------------------------------------------------------- /kubernetes/apps/network/multus/networks/iot.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: "k8s.cni.cncf.io/v1" 3 | kind: NetworkAttachmentDefinition 4 | metadata: 5 | name: multus-iot 6 | namespace: network 7 | spec: 8 | config: |- 9 | { 10 | "cniVersion": "0.3.1", 11 | "name": "multus-iot", 12 | "plugins": [ 13 | { 14 | "type": "macvlan", 15 | "master": "bond0.30", 16 | "mode": "bridge", 17 | "ipam": { 18 | "type": "static", 19 | "routes": [ 20 | { "dst": "10.30.0.0/24" } 21 | ] 22 | } 23 | } 24 | ] 25 | } -------------------------------------------------------------------------------- /.github/lint/.yamllint.yaml: -------------------------------------------------------------------------------- 1 | ignore: | 2 | .yamllint.yml 3 | .github/ 4 | integrations/ 5 | ignore/ 6 | *-crds.yaml 7 | *.enc.* 8 | *.sops.* 9 | gotk-components.yaml 10 | extends: default 11 | rules: 12 | truthy: 13 | allowed-values: ["true", "false", "on", "yes"] 14 | comments: 15 | min-spaces-from-content: 1 16 | line-length: disable 17 | braces: 18 | min-spaces-inside: 0 19 | max-spaces-inside: 1 20 | brackets: 21 | min-spaces-inside: 0 22 | max-spaces-inside: 0 23 | indentation: 24 | spaces: 2 25 | indent-sequences: consistent 26 | hyphens: 27 | max-spaces-after: 1 28 | -------------------------------------------------------------------------------- /kubernetes/bootstrap/talos/patches/controller/cluster.yaml: -------------------------------------------------------------------------------- 1 | cluster: 2 | allowSchedulingOnControlPlanes: true 3 | apiServer: 4 | extraArgs: 5 | # https://kubernetes.io/docs/tasks/extend-kubernetes/configure-aggregation-layer/ 6 | enable-aggregator-routing: true 7 | controllerManager: 8 | extraArgs: 9 | bind-address: 0.0.0.0 10 | coreDNS: 11 | disabled: true 12 | etcd: 13 | extraArgs: 14 | listen-metrics-urls: http://0.0.0.0:2381 15 | advertisedSubnets: 16 | - 10.20.0.0/24 17 | proxy: 18 | disabled: true 19 | scheduler: 20 | extraArgs: 21 | bind-address: 0.0.0.0 22 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/node-feature-discovery/rules/google-coral-device.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/nfd.k8s-sigs.io/nodefeaturerule_v1alpha1.json 3 | apiVersion: nfd.k8s-sigs.io/v1alpha1 4 | kind: NodeFeatureRule 5 | metadata: 6 | name: google-coral-device 7 | spec: 8 | rules: 9 | - # Google Coral USB Accelerator 10 | name: google.coral 11 | labels: 12 | google.feature.node.kubernetes.io/coral: "true" 13 | matchFeatures: 14 | - feature: usb.device 15 | matchExpressions: 16 | vendor: { op: In, value: ["1a6e", "18d1"] } 17 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/grafana/dashboards/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | configMapGenerator: 6 | - name: supabase-dashboard 7 | files: 8 | - supabase-dashboard.json=https://raw.githubusercontent.com/supabase/supabase-grafana/refs/heads/main/grafana/dashboard.json 9 | generatorOptions: 10 | disableNameSuffixHash: true 11 | annotations: 12 | kustomize.toolkit.fluxcd.io/substitute: disabled 13 | grafana_folder: Supabase 14 | labels: 15 | grafana_dashboard: "true" 16 | -------------------------------------------------------------------------------- /Taskfile.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | version: "3" 3 | 4 | vars: 5 | PROJECT_DIR: 6 | sh: "git rev-parse --show-toplevel" 7 | KUBERNETES_DIR: "{{.ROOT_DIR}}/kubernetes" 8 | TALHELPER_DIR: "{{.ROOT_DIR}}/kubernetes/bootstrap/talos" 9 | TALOSCONFIG_FILE: "{{.ROOT_DIR}}/kubernetes/bootstrap/talos/clusterconfig/talosconfig" 10 | 11 | env: 12 | TALOSCONFIG: "{{.TALOSCONFIG_FILE}}" 13 | 14 | includes: 15 | bootstrap: .taskfiles/bootstrap 16 | flux: .taskfiles/flux 17 | k8s: .taskfiles/k8s 18 | talos: .taskfiles/talos 19 | volsync: .taskfiles/volsync 20 | 21 | tasks: 22 | default: 23 | silent: true 24 | cmds: 25 | - task -l 26 | -------------------------------------------------------------------------------- /.github/renovate/labels.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "packageRules": [ 4 | { 5 | "matchUpdateTypes": ["major"], 6 | "labels": ["type/major"] 7 | }, 8 | { 9 | "matchUpdateTypes": ["minor"], 10 | "labels": ["type/minor"] 11 | }, 12 | { 13 | "matchUpdateTypes": ["patch"], 14 | "labels": ["type/patch"] 15 | }, 16 | { 17 | "matchDatasources": ["helm"], 18 | "addLabels": ["renovate/helm"] 19 | }, 20 | { 21 | "matchDatasources": ["docker"], 22 | "addLabels": ["renovate/container"] 23 | } 24 | ] 25 | } 26 | -------------------------------------------------------------------------------- /kubernetes/apps/external-secrets/onepassword/store/clustersecretstore.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/clustersecretstore_v1beta1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ClusterSecretStore 5 | metadata: 6 | name: onepassword 7 | spec: 8 | provider: 9 | onepassword: 10 | connectHost: http://onepassword.external-secrets.svc.cluster.local 11 | vaults: 12 | Kubernetes: 1 13 | auth: 14 | secretRef: 15 | connectTokenSecretRef: 16 | name: onepassword-secret 17 | key: token 18 | namespace: external-secrets 19 | -------------------------------------------------------------------------------- /kubernetes/apps/network/external/cloudflared/cookjam/dnsendpoint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/externaldns.k8s.io/dnsendpoint_v1alpha1.json 3 | apiVersion: externaldns.k8s.io/v1alpha1 4 | kind: DNSEndpoint 5 | metadata: 6 | name: cloudflared-cookjam 7 | spec: 8 | endpoints: 9 | - dnsName: "external.${SECRET_APP_DOMAIN}" 10 | recordType: CNAME 11 | targets: ["${SECRET_CLOUDFLARE_APP_TUNNEL_ID}.cfargotunnel.com"] 12 | # - dnsName: "external.${SECRET_APP_PRD_DOMAIN}" 13 | # recordType: CNAME 14 | # targets: ["${SECRET_CLOUDFLARE_APP_TUNNEL_ID}.cfargotunnel.com"] 15 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/node-feature-discovery/rules/intel-gpu-device.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/nfd.k8s-sigs.io/nodefeaturerule_v1alpha1.json 3 | apiVersion: nfd.k8s-sigs.io/v1alpha1 4 | kind: NodeFeatureRule 5 | metadata: 6 | name: intel-gpu-device 7 | spec: 8 | rules: 9 | - # Intel UHD Graphics 630 10 | name: intel.gpu 11 | labels: 12 | intel.feature.node.kubernetes.io/gpu: "true" 13 | matchFeatures: 14 | - feature: pci.device 15 | matchExpressions: 16 | class: { op: In, value: ["0300", "0380"] } 17 | vendor: { op: In, value: ["8086"] } 18 | -------------------------------------------------------------------------------- /kubernetes/apps/openebs-system/openebs/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app openebs 7 | namespace: &namespace openebs-system 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | interval: 30m 13 | path: ./kubernetes/apps/openebs-system/openebs/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: *namespace 20 | timeout: 5m 21 | wait: false 22 | -------------------------------------------------------------------------------- /kubernetes/apps/volsync-system/volsync/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app volsync 7 | namespace: &namespace volsync-system 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | interval: 30m 13 | path: ./kubernetes/apps/volsync-system/volsync/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: *namespace 20 | timeout: 5m 21 | wait: false 22 | -------------------------------------------------------------------------------- /kubernetes/apps/default/echo-server/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app echo-server 7 | namespace: &namespace default 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | interval: 30m 13 | path: ./kubernetes/apps/default/echo-server/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: *namespace 20 | timeout: 5m 21 | wait: false 22 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/descheduler/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app descheduler 7 | namespace: &namespace kube-system 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | interval: 30m 13 | path: ./kubernetes/apps/kube-system/descheduler/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: *namespace 20 | timeout: 5m 21 | wait: false 22 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/spegel/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app spegel 7 | namespace: &namespace kube-system 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | interval: 30m 13 | path: ./kubernetes/apps/kube-system/spegel/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: *namespace 20 | timeout: 5m 21 | wait: false 22 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/reloader/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app reloader 7 | namespace: &namespace kube-system 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | interval: 30m 13 | path: ./kubernetes/apps/kube-system/reloader/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: *namespace 20 | timeout: 5m 21 | wait: false 22 | -------------------------------------------------------------------------------- /kubernetes/apps/media/bazarr/app/resources/subcleaner.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | printf "Cleaning subtitles for '%s' ...\n" "$1" 4 | python3 /subcleaner/subcleaner/subcleaner.py "$1" -s 5 | 6 | case $1 in 7 | *movies*) section="1";; 8 | *shows*) section="2";; 9 | esac 10 | 11 | if [[ -n "$section" ]]; then 12 | printf "Refreshing Plex section '%s' for '%s' ...\n" "$section" "$(dirname "$1")" 13 | /usr/bin/curl -I -X GET -G \ 14 | --data-urlencode "path=$(dirname "$1")" \ 15 | --data-urlencode "X-Plex-Token=${PLEX_TOKEN}" \ 16 | --no-progress-meter \ 17 | "http://plex.media.svc.cluster.local:32400/library/sections/${section}/refresh" 18 | fi 19 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: observability 6 | components: 7 | - ../../flux/components/common 8 | resources: 9 | - ./alertmanager/ks.yaml 10 | - ./blackbox-exporter/ks.yaml 11 | - ./grafana/ks.yaml 12 | - ./kromgo/ks.yaml 13 | - ./kube-prometheus-stack/ks.yaml 14 | - ./loki/ks.yaml 15 | - ./nextdns-exporter/ks.yaml 16 | - ./promtail/ks.yaml 17 | - ./smartctl-exporter/ks.yaml 18 | - ./snmp-exporter/ks.yaml 19 | - ./speedtest-exporter/ks.yaml 20 | - ./thanos/ks.yaml 21 | - ./unpoller/ks.yaml -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/metrics-server/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app metrics-server 7 | namespace: &namespace kube-system 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | interval: 30m 13 | path: ./kubernetes/apps/kube-system/metrics-server/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: *namespace 20 | timeout: 5m 21 | wait: false 22 | -------------------------------------------------------------------------------- /kubernetes/apps/volsync-system/snapshot-controller/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app snapshot-controller 7 | namespace: &namespace volsync-system 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | interval: 30m 13 | path: ./kubernetes/apps/volsync-system/snapshot-controller/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: *namespace 20 | timeout: 5m 21 | wait: false -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/app-template/ocirepository.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: OCIRepository 5 | metadata: 6 | name: app-template 7 | spec: 8 | interval: 5m 9 | layerSelector: 10 | mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip 11 | operation: copy 12 | ref: 13 | tag: 3.7.3 14 | url: oci://ghcr.io/bjw-s/helm/app-template 15 | verify: 16 | provider: cosign 17 | matchOIDCIdentity: 18 | - issuer: ^https://token.actions.githubusercontent.com$ 19 | subject: ^https://github.com/bjw-s/helm-charts.*$ -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/oci/app-template.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: OCIRepository 5 | metadata: 6 | name: app-template 7 | spec: 8 | interval: 1h 9 | layerSelector: 10 | mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip 11 | operation: copy 12 | ref: 13 | tag: 3.7.3 14 | url: oci://ghcr.io/bjw-s-labs/helm/app-template 15 | verify: 16 | provider: cosign 17 | matchOIDCIdentity: 18 | - issuer: ^https://token.actions.githubusercontent.com$ 19 | subject: ^https://github.com/bjw-s-labs/helm-charts.*$ -------------------------------------------------------------------------------- /kubernetes/apps/external-secrets/external-secrets/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app external-secrets 7 | namespace: &namespace external-secrets 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | interval: 30m 13 | path: ./kubernetes/apps/external-secrets/external-secrets/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: *namespace 20 | timeout: 5m 21 | wait: false 22 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/coredns/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app coredns 7 | namespace: &namespace kube-system 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | interval: 30m 13 | path: ./kubernetes/apps/kube-system/coredns/app 14 | prune: false # never should be deleted 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: *namespace 20 | timeout: 5m 21 | wait: false 22 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/generic-device-plugin/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app generic-device-plugin 7 | namespace: &namespace kube-system 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | interval: 30m 13 | path: ./kubernetes/apps/kube-system/generic-device-plugin/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: *namespace 20 | timeout: 5m 21 | wait: false -------------------------------------------------------------------------------- /kubernetes/apps/ai/ollama/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app ollama 7 | namespace: &namespace ai 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: rook-ceph-cluster 14 | namespace: rook-ceph 15 | interval: 30m 16 | path: ./kubernetes/apps/ai/ollama/app 17 | prune: true 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | targetNamespace: *namespace 23 | timeout: 5m 24 | wait: false 25 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/unpoller/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app unpoller 7 | namespace: &namespace observability 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: kube-prometheus-stack 14 | interval: 30m 15 | path: ./kubernetes/apps/observability/unpoller/app 16 | prune: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | targetNamespace: *namespace 22 | timeout: 5m 23 | wait: false -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: cilium 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: cilium 12 | version: 1.18.4 13 | sourceRef: 14 | kind: HelmRepository 15 | name: cilium 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | retries: 3 24 | valuesFrom: 25 | - kind: ConfigMap 26 | name: cilium-helm-values 27 | -------------------------------------------------------------------------------- /kubernetes/apps/media/plex/trakt-sync/config/config.yml: -------------------------------------------------------------------------------- 1 | cache: 2 | path: $PTS_CACHE_DIR/trakt_cache 3 | 4 | excluded-libraries: 5 | - Other Videos 6 | 7 | config: 8 | dotenv_override: true 9 | 10 | logging: 11 | append: false 12 | debug: false 13 | filename: plextraktsync.log 14 | 15 | sync: 16 | plex_to_trakt: 17 | collection: false 18 | ratings: false 19 | watched_status: true 20 | trakt_to_plex: 21 | liked_lists: false 22 | ratings: false 23 | watched_status: true 24 | watchlist: false 25 | 26 | watch: 27 | add_collection: false 28 | remove_collection: false 29 | scrobble_threshold: 90 30 | username_filter: true 31 | 32 | xbmc-providers: 33 | movies: imdb 34 | shows: tvdb 35 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/snmp-exporter/apc-ups/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | - prometheus-rule.yaml 8 | configMapGenerator: 9 | - name: apc-ups-dashboard 10 | files: 11 | - apc-ups-dashboard.json=./resources/dashboard.json 12 | options: 13 | labels: 14 | grafana_dashboard: "true" 15 | - name: apc-ups-snmp-configmap 16 | files: 17 | - snmp.yaml=./resources/config-map.yaml 18 | generatorOptions: 19 | disableNameSuffixHash: true 20 | annotations: 21 | kustomize.toolkit.fluxcd.io/substitute: disabled 22 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/thanos/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app thanos 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: observability 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | dependsOn: 14 | - name: dragonfly 15 | namespace: database 16 | path: ./kubernetes/apps/observability/thanos/app 17 | prune: true 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | interval: 30m 23 | retryInterval: 1m 24 | timeout: 15m -------------------------------------------------------------------------------- /kubernetes/apps/system-upgrade/system-upgrade-controller/plans/talos.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: upgrade.cattle.io/v1 3 | kind: Plan 4 | metadata: 5 | name: talos 6 | spec: 7 | version: ${TALOS_VERSION} 8 | concurrency: 1 9 | postCompleteDelay: 2m 10 | exclusive: true 11 | nodeSelector: 12 | matchExpressions: 13 | - key: kubernetes.io/hostname 14 | operator: Exists 15 | secrets: 16 | - name: system-upgrade-controller 17 | path: /var/run/secrets/talos.dev 18 | ignoreUpdates: true 19 | serviceAccountName: system-upgrade-controller 20 | upgrade: 21 | image: ghcr.io/jfroy/tnu:0.4.4 22 | args: 23 | - --node=$(SYSTEM_UPGRADE_NODE_NAME) 24 | - --tag=$(SYSTEM_UPGRADE_PLAN_LATEST_VERSION) -------------------------------------------------------------------------------- /kubernetes/apps/home/govee2mqtt/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app govee2mqtt 7 | namespace: &namespace home 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: external-secrets 14 | namespace: external-secrets 15 | interval: 30m 16 | path: ./kubernetes/apps/home/govee2mqtt/app 17 | prune: true 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | targetNamespace: *namespace 23 | timeout: 5m 24 | wait: false -------------------------------------------------------------------------------- /kubernetes/apps/observability/loki/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app loki 7 | namespace: &namespace observability 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: rook-ceph-cluster 14 | namespace: rook-ceph 15 | interval: 30m 16 | path: ./kubernetes/apps/observability/loki/app 17 | prune: true 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | targetNamespace: *namespace 23 | timeout: 5m 24 | wait: true -------------------------------------------------------------------------------- /kubernetes/apps/observability/promtail/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app promtail 7 | namespace: &namespace observability 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: loki 14 | namespace: *namespace 15 | interval: 30m 16 | path: ./kubernetes/apps/observability/promtail/app 17 | prune: true 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | targetNamespace: *namespace 23 | timeout: 5m 24 | wait: false -------------------------------------------------------------------------------- /kubernetes/apps/observability/snmp-exporter/apc-ups/app/prometheus-rule.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PrometheusRule 4 | metadata: 5 | name: snmp-exporter-apc-ups 6 | spec: 7 | groups: 8 | - name: snmp-exporter-apc-ups.rules 9 | rules: 10 | - alert: UPSOnBattery 11 | annotations: 12 | summary: ZPM {{$labels.instance}} is running on batteries 13 | and has less than 20 minutes of battery left 14 | expr: | 15 | ( 16 | upsAdvBatteryRunTimeRemaining/60/100 <= 20 17 | and 18 | upsBasicBatteryTimeOnBattery > 0 19 | ) 20 | for: 1m 21 | labels: 22 | severity: critical 23 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/promtail/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: promtail 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: promtail 12 | version: 6.17.1 13 | sourceRef: 14 | kind: HelmRepository 15 | name: grafana 16 | namespace: flux-system 17 | values: 18 | fullnameOverride: promtail 19 | 20 | config: 21 | clients: 22 | - url: http://loki-headless.observability.svc.cluster.local:3100/loki/api/v1/push 23 | 24 | serviceMonitor: 25 | enabled: true -------------------------------------------------------------------------------- /kubernetes/apps/observability/nextdns-exporter/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app nextdns-exporter 7 | namespace: &namespace observability 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: kube-prometheus-stack 14 | interval: 30m 15 | path: ./kubernetes/apps/observability/nextdns-exporter/app 16 | prune: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | targetNamespace: *namespace 22 | timeout: 5m 23 | wait: false -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: cert-manager 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: cert-manager 12 | version: v1.19.1 13 | sourceRef: 14 | kind: HelmRepository 15 | name: jetstack 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | retries: 3 24 | valuesFrom: 25 | - kind: ConfigMap 26 | name: cert-manager-helm-values 27 | -------------------------------------------------------------------------------- /kubernetes/apps/media/recyclarr/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1 3 | kind: ClusterSecretStore 4 | metadata: 5 | name: &name recyclarr 6 | spec: 7 | provider: 8 | doppler: 9 | project: *name 10 | config: prd 11 | auth: 12 | secretRef: 13 | dopplerToken: 14 | name: doppler-token-auth-api 15 | key: dopplerToken 16 | namespace: flux-system 17 | --- 18 | apiVersion: external-secrets.io/v1 19 | kind: ExternalSecret 20 | metadata: 21 | name: &name recyclarr 22 | spec: 23 | secretStoreRef: 24 | kind: ClusterSecretStore 25 | name: *name 26 | target: 27 | name: *name 28 | dataFrom: 29 | - find: 30 | name: 31 | regexp: .* 32 | -------------------------------------------------------------------------------- /kubernetes/apps/database/postgres-backup/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app postgres-backup 7 | namespace: &namespace database 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: cloudnative-pg-cluster 14 | namespace: database 15 | interval: 30m 16 | path: ./kubernetes/apps/database/postgres-backup/app 17 | prune: true 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | targetNamespace: *namespace 23 | timeout: 5m 24 | wait: false -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/coredns/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: coredns 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: coredns 12 | version: 1.45.0 13 | sourceRef: 14 | kind: HelmRepository 15 | name: coredns 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | strategy: rollback 24 | retries: 3 25 | valuesFrom: 26 | - kind: ConfigMap 27 | name: coredns-helm-values 28 | -------------------------------------------------------------------------------- /kubernetes/apps/database/cloudnative-pg/cluster/scheduledbackup.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/postgresql.cnpg.io/scheduledbackup_v1.json 3 | apiVersion: postgresql.cnpg.io/v1 4 | kind: ScheduledBackup 5 | metadata: 6 | name: daily-backup 7 | spec: 8 | schedule: "@daily" 9 | immediate: true 10 | backupOwnerReference: self 11 | cluster: 12 | name: postgres 13 | --- 14 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/postgresql.cnpg.io/scheduledbackup_v1.json 15 | apiVersion: postgresql.cnpg.io/v1 16 | kind: ScheduledBackup 17 | metadata: 18 | name: vector-daily-backup 19 | spec: 20 | schedule: "@daily" 21 | immediate: true 22 | backupOwnerReference: self 23 | cluster: 24 | name: postgres-vector -------------------------------------------------------------------------------- /kubernetes/apps/media/qui/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app qui 7 | namespace: &namespace media 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: external-secrets 14 | namespace: external-secrets 15 | - name: rook-ceph-cluster 16 | namespace: rook-ceph 17 | interval: 30m 18 | path: ./kubernetes/apps/media/qui/app 19 | prune: true 20 | sourceRef: 21 | kind: GitRepository 22 | name: flux-system 23 | namespace: flux-system 24 | targetNamespace: *namespace 25 | timeout: 5m 26 | wait: true -------------------------------------------------------------------------------- /kubernetes/apps/observability/kromgo/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app kromgo 7 | namespace: &namespace observability 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: kube-prometheus-stack 14 | interval: 30m 15 | path: ./kubernetes/apps/observability/kromgo/app 16 | postBuild: 17 | substitute: 18 | APP: *app 19 | prune: true 20 | sourceRef: 21 | kind: GitRepository 22 | name: flux-system 23 | namespace: flux-system 24 | targetNamespace: *namespace 25 | timeout: 5m 26 | wait: false 27 | -------------------------------------------------------------------------------- /.taskfiles/volsync/WipeJob.tmpl.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: batch/v1 3 | kind: Job 4 | metadata: 5 | name: "wipe-${rsrc}-${claim}-${ts}" 6 | namespace: "${namespace}" 7 | spec: 8 | ttlSecondsAfterFinished: 3600 9 | template: 10 | spec: 11 | automountServiceAccountToken: false 12 | restartPolicy: OnFailure 13 | containers: 14 | - name: wipe 15 | image: public.ecr.aws/docker/library/busybox:latest 16 | command: ["/bin/sh", "-c", "cd /config; find . -delete"] 17 | volumeMounts: 18 | - name: config 19 | mountPath: /config 20 | securityContext: 21 | privileged: true 22 | volumes: 23 | - name: config 24 | persistentVolumeClaim: 25 | claimName: "${claim}" 26 | -------------------------------------------------------------------------------- /kubernetes/apps/media/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: media 6 | components: 7 | - ../../flux/components/common 8 | resources: 9 | - ./audiobookshelf/ks.yaml 10 | - ./autobrr/ks.yaml 11 | - ./bazarr/ks.yaml 12 | - ./cross-seed/ks.yaml 13 | - ./jellyfin/ks.yaml 14 | - ./jellyseerr/ks.yaml 15 | - ./kometa/ks.yaml 16 | - ./plex/ks.yaml 17 | - ./prowlarr/ks.yaml 18 | - ./qbittorrent/ks.yaml 19 | - ./qui/ks.yaml 20 | - ./radarr/ks.yaml 21 | - ./readarr/ks.yaml 22 | - ./recyclarr/ks.yaml 23 | - ./sabnzbd/ks.yaml 24 | - ./sonarr/ks.yaml 25 | - ./tautulli/ks.yaml 26 | - ./tqm/ks.yaml 27 | - ./unpackerr/ks.yaml 28 | -------------------------------------------------------------------------------- /kubernetes/apps/ai/searxng/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app searxng 7 | namespace: &namespace ai 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: external-secrets 14 | namespace: external-secrets 15 | - name: rook-ceph-cluster 16 | namespace: rook-ceph 17 | interval: 30m 18 | path: ./kubernetes/apps/ai/searxng/app 19 | prune: true 20 | sourceRef: 21 | kind: GitRepository 22 | name: flux-system 23 | namespace: flux-system 24 | targetNamespace: *namespace 25 | timeout: 5m 26 | wait: false 27 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: flux-operator 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: flux-operator 12 | version: 0.33.0 13 | sourceRef: 14 | kind: HelmRepository 15 | name: controlplaneio 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | strategy: rollback 24 | retries: 3 25 | valuesFrom: 26 | - kind: ConfigMap 27 | name: flux-operator-helm-values 28 | -------------------------------------------------------------------------------- /kubernetes/apps/external-secrets/external-secrets/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: external-secrets 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: external-secrets 12 | version: 1.1.1 13 | sourceRef: 14 | kind: HelmRepository 15 | name: external-secrets 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | strategy: rollback 24 | retries: 3 25 | valuesFrom: 26 | - kind: ConfigMap 27 | name: external-secrets-helm-values 28 | -------------------------------------------------------------------------------- /kubernetes/apps/media/cross-seed/app/resources/lokirule.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | groups: 3 | - name: cross-seed 4 | rules: 5 | - alert: CrossSeedDatabaseMalformed 6 | expr: | 7 | count_over_time({app="cross-seed"} |~ "(?i)database disk image is malformed"[5m]) > 0 8 | for: 5m 9 | annotations: 10 | summary: >- 11 | {{ $labels.app }} is experiencing database issues 12 | labels: 13 | severity: critical 14 | 15 | - alert: CrossSeedFailedToInject 16 | expr: | 17 | count_over_time({app="cross-seed"} |~ "(?i)failed to inject"[5m]) > 0 18 | for: 5m 19 | annotations: 20 | summary: >- 21 | {{ $labels.app }} failed to inject a torrent 22 | labels: 23 | severity: critical -------------------------------------------------------------------------------- /kubernetes/apps/ai/open-webui/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app open-webui 7 | namespace: &namespace ai 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: external-secrets 14 | namespace: external-secrets 15 | - name: rook-ceph-cluster 16 | namespace: rook-ceph 17 | interval: 30m 18 | path: ./kubernetes/apps/ai/open-webui/app 19 | prune: true 20 | sourceRef: 21 | kind: GitRepository 22 | name: flux-system 23 | namespace: flux-system 24 | targetNamespace: *namespace 25 | timeout: 5m 26 | wait: false 27 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/alertmanager/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app alertmanager 7 | namespace: &namespace observability 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: kube-prometheus-stack 14 | interval: 30m 15 | path: ./kubernetes/apps/observability/alertmanager/app 16 | postBuild: 17 | substitute: 18 | APP: *app 19 | prune: true 20 | sourceRef: 21 | kind: GitRepository 22 | name: flux-system 23 | namespace: flux-system 24 | targetNamespace: *namespace 25 | timeout: 5m 26 | wait: false 27 | -------------------------------------------------------------------------------- /kubernetes/apps/media/unpackerr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &appname unpackerr 7 | namespace: &namespace media 8 | spec: 9 | targetNamespace: *namespace 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *appname 13 | interval: 30m 14 | timeout: 5m 15 | path: "./kubernetes/apps/media/unpackerr" 16 | prune: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | wait: false 22 | dependsOn: 23 | - name: external-secrets 24 | namespace: external-secrets 25 | postBuild: 26 | substitute: 27 | APP: *appname -------------------------------------------------------------------------------- /kubernetes/apps/media/tqm/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app tqm 7 | namespace: &namespace media 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | decryption: 13 | provider: sops 14 | secretRef: 15 | name: sops-age 16 | dependsOn: 17 | - name: qbittorrent 18 | namespace: *namespace 19 | interval: 30m 20 | path: "./kubernetes/apps/media/tqm" 21 | prune: true 22 | sourceRef: 23 | kind: GitRepository 24 | name: flux-system 25 | namespace: flux-system 26 | targetNamespace: *namespace 27 | timeout: 5m 28 | wait: true 29 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/snmp-exporter/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app snmp-exporter 7 | namespace: &namespace observability 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: kube-prometheus-stack 14 | interval: 30m 15 | path: ./kubernetes/apps/observability/snmp-exporter/apc-ups/app 16 | postBuild: 17 | substitute: 18 | APP: *app 19 | prune: true 20 | sourceRef: 21 | kind: GitRepository 22 | name: flux-system 23 | namespace: flux-system 24 | targetNamespace: *namespace 25 | timeout: 5m 26 | wait: false 27 | -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/palmr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app palmr 7 | namespace: &namespace selfhosted 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: external-secrets 14 | namespace: external-secrets 15 | - name: rook-ceph-cluster 16 | namespace: rook-ceph 17 | interval: 30m 18 | path: ./kubernetes/apps/selfhosted/palmr/app 19 | prune: true 20 | sourceRef: 21 | kind: GitRepository 22 | name: flux-system 23 | namespace: flux-system 24 | targetNamespace: *namespace 25 | timeout: 5m 26 | wait: false 27 | -------------------------------------------------------------------------------- /kubernetes/apps/system-upgrade/system-upgrade-controller/plans/kubernetes.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: upgrade.cattle.io/v1 3 | kind: Plan 4 | metadata: 5 | name: kubernetes 6 | spec: 7 | version: ${KUBERNETES_VERSION} 8 | concurrency: 1 9 | postCompleteDelay: 30s 10 | exclusive: true 11 | nodeSelector: 12 | matchExpressions: 13 | - key: node-role.kubernetes.io/control-plane 14 | operator: Exists 15 | secrets: 16 | - name: system-upgrade-controller 17 | path: /var/run/secrets/talos.dev 18 | ignoreUpdates: true 19 | serviceAccountName: system-upgrade-controller 20 | upgrade: 21 | image: ghcr.io/siderolabs/talosctl:${TALOS_VERSION} 22 | args: 23 | - --nodes=$(SYSTEM_UPGRADE_NODE_NAME) 24 | - upgrade-k8s 25 | - --to=$(SYSTEM_UPGRADE_PLAN_LATEST_VERSION) 26 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/blackbox-exporter/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app blackbox-exporter 7 | namespace: &namespace observability 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: kube-prometheus-stack 14 | interval: 30m 15 | path: ./kubernetes/apps/observability/blackbox-exporter/app 16 | postBuild: 17 | substitute: 18 | APP: *app 19 | prune: true 20 | sourceRef: 21 | kind: GitRepository 22 | name: flux-system 23 | namespace: flux-system 24 | targetNamespace: *namespace 25 | timeout: 5m 26 | wait: false 27 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/smartctl-exporter/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app smartctl-exporter 7 | namespace: &namespace observability 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: kube-prometheus-stack 14 | interval: 30m 15 | path: ./kubernetes/apps/observability/smartctl-exporter/app 16 | postBuild: 17 | substitute: 18 | APP: *app 19 | prune: true 20 | sourceRef: 21 | kind: GitRepository 22 | name: flux-system 23 | namespace: flux-system 24 | targetNamespace: *namespace 25 | timeout: 5m 26 | wait: false 27 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/speedtest-exporter/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app speedtest-exporter 7 | namespace: &namespace observability 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: kube-prometheus-stack 14 | interval: 30m 15 | path: ./kubernetes/apps/observability/speedtest-exporter/app 16 | postBuild: 17 | substitute: 18 | APP: *app 19 | prune: true 20 | sourceRef: 21 | kind: GitRepository 22 | name: flux-system 23 | namespace: flux-system 24 | targetNamespace: *namespace 25 | timeout: 5m 26 | wait: false 27 | -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/immich/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolume 4 | metadata: 5 | name: immich-nfs 6 | spec: 7 | storageClassName: immich-nfs 8 | capacity: 9 | storage: 1Mi 10 | accessModes: 11 | - ReadWriteMany 12 | persistentVolumeReclaimPolicy: Retain 13 | nfs: 14 | server: duriel.internal 15 | path: /tank/Apps/immich 16 | # Note: The first two options are strictly for NFSv4.2 17 | mountOptions: 18 | - nfsvers=4.2 19 | - nconnect=8 20 | - hard 21 | - noatime 22 | - nodiratime 23 | - nolock 24 | --- 25 | apiVersion: v1 26 | kind: PersistentVolumeClaim 27 | metadata: 28 | name: immich-nfs 29 | spec: 30 | accessModes: 31 | - ReadWriteMany 32 | storageClassName: immich-nfs 33 | resources: 34 | requests: 35 | storage: 1Mi 36 | -------------------------------------------------------------------------------- /kubernetes/bootstrap/talos/patches/README.md: -------------------------------------------------------------------------------- 1 | # Talos Patching 2 | 3 | This directory contains Kustomization patches that are added to the talhelper configuration file. 4 | 5 | 6 | 7 | ## Patch Directories 8 | 9 | Under this `patches` directory, there are several sub-directories that can contain patches that are added to the talhelper configuration file. 10 | Each directory is optional and therefore might not created by default. 11 | 12 | - `global/`: patches that are applied to both the controller and worker configurations 13 | - `controller/`: patches that are applied to the controller configurations 14 | - `worker/`: patches that are applied to the worker configurations 15 | - `${node-hostname}/`: patches that are applied to the node with the specified name 16 | -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/cookjam/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolume 4 | metadata: 5 | name: cookjam-nfs 6 | spec: 7 | storageClassName: cookjam-nfs 8 | capacity: 9 | storage: 1Mi 10 | accessModes: 11 | - ReadWriteMany 12 | persistentVolumeReclaimPolicy: Retain 13 | nfs: 14 | server: duriel.internal 15 | path: /tank/Apps/cookjam 16 | # Note: The first two options are strictly for NFSv4.2 17 | mountOptions: 18 | - nfsvers=4.2 19 | - nconnect=8 20 | - hard 21 | - noatime 22 | - nodiratime 23 | - nolock 24 | --- 25 | apiVersion: v1 26 | kind: PersistentVolumeClaim 27 | metadata: 28 | name: cookjam-nfs 29 | spec: 30 | accessModes: 31 | - ReadWriteMany 32 | storageClassName: cookjam-nfs 33 | resources: 34 | requests: 35 | storage: 1Mi 36 | -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/radicale/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1 3 | kind: ClusterSecretStore 4 | metadata: 5 | name: &name radicale 6 | spec: 7 | provider: 8 | doppler: 9 | project: *name 10 | config: prd 11 | auth: 12 | secretRef: 13 | dopplerToken: 14 | name: doppler-token-auth-api 15 | key: dopplerToken 16 | namespace: flux-system 17 | --- 18 | apiVersion: external-secrets.io/v1 19 | kind: ExternalSecret 20 | metadata: 21 | name: &name radicale 22 | spec: 23 | secretStoreRef: 24 | kind: ClusterSecretStore 25 | name: *name 26 | target: 27 | name: *name 28 | creationPolicy: Owner 29 | template: 30 | engineVersion: v2 31 | data: 32 | - secretKey: users 33 | remoteRef: 34 | key: USERS -------------------------------------------------------------------------------- /kubernetes/apps/network/multus/app/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: multus 6 | --- 7 | apiVersion: rbac.authorization.k8s.io/v1 8 | kind: ClusterRole 9 | metadata: 10 | name: multus 11 | rules: 12 | - apiGroups: ["k8s.cni.cncf.io"] 13 | resources: ["*"] 14 | verbs: ["*"] 15 | - apiGroups: [""] 16 | resources: ["pods", "pods/status"] 17 | verbs: ["get", "update"] 18 | - apiGroups: ["", "events.k8s.io"] 19 | resources: ["events"] 20 | verbs: ["create", "patch", "update"] 21 | --- 22 | apiVersion: rbac.authorization.k8s.io/v1 23 | kind: ClusterRoleBinding 24 | metadata: 25 | name: multus 26 | roleRef: 27 | kind: ClusterRole 28 | name: multus 29 | apiGroup: rbac.authorization.k8s.io 30 | subjects: 31 | - kind: ServiceAccount 32 | name: multus 33 | namespace: network -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/reloader/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: reloader 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: reloader 12 | version: 2.2.6 13 | sourceRef: 14 | kind: HelmRepository 15 | name: stakater 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | retries: 3 24 | values: 25 | fullnameOverride: reloader 26 | reloader: 27 | readOnlyRootFileSystem: true 28 | podMonitor: 29 | enabled: true 30 | namespace: "{{ .Release.Namespace }}" 31 | -------------------------------------------------------------------------------- /.github/workflows/meta-labeler.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json 3 | name: "Labeler" 4 | 5 | on: 6 | workflow_dispatch: 7 | pull_request_target: 8 | branches: ["main"] 9 | 10 | jobs: 11 | labeler: 12 | name: Labeler 13 | runs-on: ubuntu-latest 14 | permissions: 15 | contents: read 16 | pull-requests: write 17 | steps: 18 | - name: Generate Token 19 | uses: actions/create-github-app-token@v2 20 | id: app-token 21 | with: 22 | app-id: "${{ secrets.RUST84_APP_ID }}" 23 | private-key: "${{ secrets.RUST84_APP_PRIVATE_KEY }}" 24 | 25 | - name: Labeler 26 | uses: actions/labeler@v6 27 | with: 28 | repo-token: "${{ steps.app-token.outputs.token }}" 29 | configuration-path: .github/labeler.yaml 30 | -------------------------------------------------------------------------------- /kubernetes/apps/ai/searxng/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1 3 | kind: ClusterSecretStore 4 | metadata: 5 | name: &name searxng 6 | spec: 7 | provider: 8 | doppler: 9 | project: *name 10 | config: prd 11 | auth: 12 | secretRef: 13 | dopplerToken: 14 | name: doppler-token-auth-api 15 | key: dopplerToken 16 | namespace: flux-system 17 | --- 18 | apiVersion: external-secrets.io/v1 19 | kind: ExternalSecret 20 | metadata: 21 | name: &name searxng 22 | spec: 23 | secretStoreRef: 24 | kind: ClusterSecretStore 25 | name: *name 26 | target: 27 | name: *name 28 | template: 29 | engineVersion: v2 30 | data: 31 | SEARXNG_SECRET: "{{ .SEARXNG_SECRET_KEY }}" 32 | dataFrom: 33 | - find: 34 | name: 35 | regexp: .* 36 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/kube-prometheus-stack/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app kube-prometheus-stack 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: observability 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: ./kubernetes/apps/observability/kube-prometheus-stack/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | wait: false 20 | interval: 30m 21 | retryInterval: 1m 22 | timeout: 15m 23 | postBuild: 24 | substitute: 25 | # renovate: datasource=docker depName=quay.io/thanos/thanos 26 | THANOS_VERSION: v0.37.2 -------------------------------------------------------------------------------- /kubernetes/apps/volsync-system/snapshot-controller/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: snapshot-controller 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: snapshot-controller 12 | version: 4.2.0 13 | sourceRef: 14 | kind: HelmRepository 15 | name: piraeus 16 | namespace: flux-system 17 | install: 18 | crds: CreateReplace 19 | remediation: 20 | retries: 3 21 | upgrade: 22 | cleanupOnFail: true 23 | crds: CreateReplace 24 | remediation: 25 | strategy: rollback 26 | retries: 3 27 | values: 28 | controller: 29 | replicaCount: 1 30 | serviceMonitor: 31 | create: true -------------------------------------------------------------------------------- /kubernetes/bootstrap/talos/patches/global/machine-install.yaml: -------------------------------------------------------------------------------- 1 | machine: 2 | install: 3 | extraKernelArgs: 4 | - -selinux # Less security, faster puter 5 | - apparmor=0 # Less security, faster puter 6 | - init_on_alloc=0 # Less security, faster puter 7 | - init_on_free=0 # Less security, faster puter 8 | - intel_iommu=on # PCI Passthrough 9 | - iommu=pt # PCI Passthrough 10 | - mitigations=off # Less security, faster puter 11 | - security=none # Less security, faster puter 12 | - sysctl.kernel.kexec_load_disabled=1 # Meteor Lake CPU / iGPU 13 | - talos.auditd.disabled=1 # Less security, faster puter 14 | wipe: false 15 | -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/joplin/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app joplin 7 | namespace: &namespace selfhosted 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: external-secrets 14 | namespace: external-secrets 15 | - name: rook-ceph-cluster 16 | namespace: rook-ceph 17 | - name: volsync 18 | namespace: volsync-system 19 | interval: 30m 20 | path: ./kubernetes/apps/selfhosted/joplin/app 21 | prune: true 22 | sourceRef: 23 | kind: GitRepository 24 | name: flux-system 25 | namespace: flux-system 26 | targetNamespace: *namespace 27 | timeout: 5m 28 | wait: false -------------------------------------------------------------------------------- /kubernetes/apps/volsync-system/volsync/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: volsync 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: volsync 12 | version: 0.14.0 13 | sourceRef: 14 | kind: HelmRepository 15 | name: backube 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | strategy: rollback 24 | retries: 3 25 | dependsOn: 26 | - name: snapshot-controller 27 | namespace: volsync-system 28 | values: 29 | manageCRDs: true 30 | replicaCount: 1 31 | metrics: 32 | disableAuth: true 33 | -------------------------------------------------------------------------------- /kubernetes/apps/database/emqx/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: emqx 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: emqx-operator 12 | version: 2.2.29 13 | sourceRef: 14 | kind: HelmRepository 15 | name: emqx 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | strategy: rollback 24 | retries: 3 25 | dependsOn: 26 | - name: cert-manager 27 | namespace: cert-manager 28 | values: 29 | fullnameOverride: emqx 30 | replicaCount: 1 31 | image: 32 | repository: ghcr.io/emqx/emqx-operator 33 | -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/hajimari/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app hajimari 7 | namespace: &namespace selfhosted 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: external-secrets 14 | namespace: external-secrets 15 | - name: rook-ceph-cluster 16 | namespace: rook-ceph 17 | - name: volsync 18 | namespace: volsync-system 19 | interval: 30m 20 | path: ./kubernetes/apps/selfhosted/hajimari/app 21 | prune: true 22 | sourceRef: 23 | kind: GitRepository 24 | name: flux-system 25 | namespace: flux-system 26 | targetNamespace: *namespace 27 | timeout: 5m 28 | wait: false -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/immich/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app immich 7 | namespace: &namespace selfhosted 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: cloudnative-pg-cluster 14 | namespace: database 15 | - name: dragonfly-cluster 16 | namespace: database 17 | - name: external-secrets 18 | namespace: external-secrets 19 | interval: 30m 20 | path: ./kubernetes/apps/selfhosted/immich/app 21 | prune: true 22 | sourceRef: 23 | kind: GitRepository 24 | name: flux-system 25 | namespace: flux-system 26 | targetNamespace: *namespace 27 | timeout: 5m 28 | wait: false -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/instance/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: flux-instance 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: flux-instance 12 | version: 0.33.0 13 | sourceRef: 14 | kind: HelmRepository 15 | name: controlplaneio 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | strategy: rollback 24 | retries: 3 25 | dependsOn: 26 | - name: flux-operator 27 | namespace: flux-system 28 | valuesFrom: 29 | - kind: ConfigMap 30 | name: flux-instance-helm-values 31 | -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/paperless/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app paperless 7 | namespace: &namespace selfhosted 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: external-secrets 14 | namespace: external-secrets 15 | - name: rook-ceph-cluster 16 | namespace: rook-ceph 17 | - name: volsync 18 | namespace: volsync-system 19 | interval: 30m 20 | path: ./kubernetes/apps/selfhosted/paperless/app 21 | prune: true 22 | sourceRef: 23 | kind: GitRepository 24 | name: flux-system 25 | namespace: flux-system 26 | targetNamespace: *namespace 27 | timeout: 5m 28 | wait: false 29 | -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/authentik/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app authentik 7 | namespace: &namespace selfhosted 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: external-secrets 14 | namespace: external-secrets 15 | - name: cloudnative-pg-cluster 16 | namespace: database 17 | - name: dragonfly-cluster 18 | namespace: database 19 | interval: 30m 20 | path: ./kubernetes/apps/selfhosted/authentik/app 21 | prune: true 22 | sourceRef: 23 | kind: GitRepository 24 | name: flux-system 25 | namespace: flux-system 26 | targetNamespace: *namespace 27 | timeout: 5m 28 | wait: false 29 | -------------------------------------------------------------------------------- /.github/labels.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Area 3 | - name: area/github 4 | color: "0e8a16" 5 | - name: area/kubernetes 6 | color: "0e8a16" 7 | - name: area/taskfile 8 | color: "0e8a16" 9 | # Renovate Types 10 | - name: renovate/ansible 11 | color: "027fa0" 12 | - name: renovate/container 13 | color: "027fa0" 14 | - name: renovate/github-action 15 | color: "027fa0" 16 | - name: renovate/grafana-dashboard 17 | color: "027fa0" 18 | - name: renovate/github-release 19 | color: "027fa0" 20 | - name: renovate/helm 21 | color: "027fa0" 22 | - name: renovate/terraform 23 | color: "027fa0" 24 | # Semantic Types 25 | - name: type/digest 26 | color: "ffeC19" 27 | - name: type/patch 28 | color: "ffeC19" 29 | - name: type/minor 30 | color: "ff9800" 31 | - name: type/major 32 | color: "f6412d" 33 | # Uncategorized 34 | - name: hold/upstream 35 | color: "ee0701" 36 | - name: lint/lychee 37 | color: "201e39" 38 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/intel-device-plugin/gpu/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: intel-device-plugin-gpu 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: intel-device-plugins-gpu 12 | version: 0.34.0 13 | sourceRef: 14 | kind: HelmRepository 15 | name: intel 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | strategy: rollback 24 | retries: 3 25 | dependsOn: 26 | - name: intel-device-plugin-operator 27 | namespace: kube-system 28 | values: 29 | name: intel-gpu-plugin 30 | sharedDevNum: 3 31 | nodeFeatureRule: false 32 | -------------------------------------------------------------------------------- /kubernetes/apps/database/clickhouse-operator/cluster/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1 3 | kind: ClusterSecretStore 4 | metadata: 5 | name: &name clickhouse 6 | spec: 7 | provider: 8 | doppler: 9 | project: *name 10 | config: prd 11 | auth: 12 | secretRef: 13 | dopplerToken: 14 | name: doppler-token-auth-api 15 | key: dopplerToken 16 | namespace: flux-system 17 | --- 18 | apiVersion: external-secrets.io/v1 19 | kind: ExternalSecret 20 | metadata: 21 | name: &name clickhouse 22 | spec: 23 | secretStoreRef: 24 | kind: ClusterSecretStore 25 | name: *name 26 | target: 27 | name: clickhouse-secret 28 | template: 29 | engineVersion: v2 30 | data: 31 | CLICKHOUSE_PASSWORD: "{{ .CLICKHOUSE_PASSWORD }}" 32 | dataFrom: 33 | - find: 34 | name: 35 | regexp: .* 36 | -------------------------------------------------------------------------------- /kubernetes/bootstrap/talos/patches/global/machine-sysctls.yaml: -------------------------------------------------------------------------------- 1 | machine: 2 | sysctls: 3 | fs.inotify.max_user_watches: 1048576 # Watchdog 4 | fs.inotify.max_user_instances: 8192 # Watchdog 5 | net.core.default_qdisc: fq # 10Gb/s 6 | net.core.rmem_max: 67108864 # 10Gb/s | Cloudflared / QUIC 7 | net.core.wmem_max: 67108864 # 10Gb/s | Cloudflared / QUIC 8 | net.ipv4.tcp_congestion_control: bbr # 10Gb/s 9 | net.ipv4.tcp_fastopen: 3 # Send and accept data in the opening SYN packet 10 | net.ipv4.tcp_mtu_probing: 1 # 10Gb/s | Jumbo frames 11 | net.ipv4.tcp_rmem: 4096 87380 33554432 # 10Gb/s 12 | net.ipv4.tcp_wmem: 4096 65536 33554432 # 10Gb/s 13 | net.ipv4.tcp_window_scaling: 1 # 10Gb/s 14 | vm.nr_hugepages: 1024 # PostgreSQL 15 | user.max_user_namespaces: 11255 # Enable User Namespaces -------------------------------------------------------------------------------- /kubernetes/apps/media/kometa/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app kometa 7 | namespace: &namespace media 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | components: 13 | - ../../../../flux/components/volsync 14 | dependsOn: 15 | - name: plex 16 | - name: radarr 17 | - name: sonarr 18 | interval: 30m 19 | path: ./kubernetes/apps/media/kometa/app 20 | postBuild: 21 | substitute: 22 | APP: *app 23 | VOLSYNC_CACHE_CAPACITY: 5Gi 24 | VOLSYNC_CAPACITY: 10Gi 25 | prune: true 26 | sourceRef: 27 | kind: GitRepository 28 | name: flux-system 29 | namespace: flux-system 30 | targetNamespace: *namespace 31 | timeout: 5m 32 | wait: false -------------------------------------------------------------------------------- /kubernetes/apps/network/external/cloudflared/cookjam/configs/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | originRequest: 3 | originServerName: "external.${SECRET_APP_DOMAIN}" 4 | 5 | ingress: 6 | - hostname: "${SECRET_APP_DOMAIN}" 7 | service: https://external-ingress-nginx-controller.network.svc.cluster.local:443 8 | originRequest: 9 | noTLSVerify: true 10 | - hostname: "*.${SECRET_APP_DOMAIN}" 11 | service: https://external-ingress-nginx-controller.network.svc.cluster.local:443 12 | originRequest: 13 | noTLSVerify: true 14 | - hostname: "${SECRET_APP_PRD_DOMAIN}" 15 | service: https://external-ingress-nginx-controller.network.svc.cluster.local:443 16 | originRequest: 17 | noTLSVerify: true 18 | - hostname: "*.${SECRET_APP_PRD_DOMAIN}" 19 | service: https://external-ingress-nginx-controller.network.svc.cluster.local:443 20 | originRequest: 21 | noTLSVerify: true 22 | - service: http_status:404 23 | -------------------------------------------------------------------------------- /kubernetes/apps/network/external/external-dns/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1 3 | kind: ClusterSecretStore 4 | metadata: 5 | name: &name external-external-dns 6 | spec: 7 | provider: 8 | doppler: 9 | project: *name 10 | config: prd 11 | auth: 12 | secretRef: 13 | dopplerToken: 14 | name: doppler-token-auth-api 15 | key: dopplerToken 16 | namespace: flux-system 17 | --- 18 | apiVersion: external-secrets.io/v1 19 | kind: ExternalSecret 20 | metadata: 21 | name: &name external-external-dns 22 | spec: 23 | secretStoreRef: 24 | kind: ClusterSecretStore 25 | name: *name 26 | target: 27 | name: external-external-dns-secret 28 | template: 29 | engineVersion: v2 30 | data: 31 | CF_API_TOKEN: "{{ .CLOUDFLARE_DNS_TOKEN }}" 32 | dataFrom: 33 | - find: 34 | name: 35 | regexp: .* 36 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/intel-device-plugin/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: intel-device-plugin-operator 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: intel-device-plugins-operator 12 | version: 0.34.0 13 | sourceRef: 14 | kind: HelmRepository 15 | name: intel 16 | namespace: flux-system 17 | install: 18 | crds: CreateReplace 19 | remediation: 20 | retries: 3 21 | upgrade: 22 | cleanupOnFail: true 23 | crds: CreateReplace 24 | remediation: 25 | strategy: rollback 26 | retries: 3 27 | dependsOn: 28 | - name: node-feature-discovery 29 | namespace: kube-system 30 | values: 31 | controllerExtraArgs: | 32 | - --devices=gpu 33 | -------------------------------------------------------------------------------- /kubernetes/apps/database/emqx/cluster/podmonitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/podmonitor_v1.json 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: PodMonitor 5 | metadata: 6 | name: emqx 7 | spec: 8 | selector: 9 | matchLabels: 10 | apps.emqx.io/instance: emqx 11 | apps.emqx.io/managed-by: emqx-operator 12 | podMetricsEndpoints: 13 | - port: dashboard 14 | path: /api/v5/prometheus/stats 15 | relabelings: 16 | - action: replace 17 | # user-defined cluster name, requires unique 18 | replacement: emqx5 19 | targetLabel: cluster 20 | - action: replace 21 | # fix value, don't modify 22 | replacement: emqx 23 | targetLabel: from 24 | - action: replace 25 | # fix value, don't modify 26 | sourceLabels: ['pod'] 27 | targetLabel: "instance" 28 | -------------------------------------------------------------------------------- /kubernetes/apps/media/recyclarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app recyclarr 7 | namespace: &namespace media 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | components: 13 | - ../../../../flux/components/volsync 14 | dependsOn: 15 | - name: external-secrets 16 | namespace: external-secrets 17 | - name: radarr 18 | - name: sonarr 19 | interval: 30m 20 | path: ./kubernetes/apps/media/recyclarr/app 21 | postBuild: 22 | substitute: 23 | APP: *app 24 | VOLSYNC_CAPACITY: 1Gi 25 | prune: true 26 | sourceRef: 27 | kind: GitRepository 28 | name: flux-system 29 | namespace: flux-system 30 | targetNamespace: *namespace 31 | timeout: 5m 32 | wait: false 33 | -------------------------------------------------------------------------------- /kubernetes/apps/home/frigate/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1 3 | kind: ClusterSecretStore 4 | metadata: 5 | name: &name frigate 6 | spec: 7 | provider: 8 | doppler: 9 | project: *name 10 | config: prd 11 | auth: 12 | secretRef: 13 | dopplerToken: 14 | name: doppler-token-auth-api 15 | key: dopplerToken 16 | namespace: flux-system 17 | --- 18 | apiVersion: external-secrets.io/v1 19 | kind: ExternalSecret 20 | metadata: 21 | name: &name frigate 22 | spec: 23 | secretStoreRef: 24 | kind: ClusterSecretStore 25 | name: *name 26 | target: 27 | name: frigate-secret 28 | creationPolicy: Owner 29 | template: 30 | data: 31 | FRIGATE_MQTT_PASSWORD: "{{ .FRIGATE_MQTT_PASSWORD }}" 32 | FRIGATE_RTSP_PASSWORD: "{{ .FRIGATE_RTSP_PASSWORD }}" 33 | dataFrom: 34 | - find: 35 | name: 36 | regexp: .* -------------------------------------------------------------------------------- /kubernetes/apps/media/kometa/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1 3 | kind: ClusterSecretStore 4 | metadata: 5 | name: &name kometa 6 | spec: 7 | provider: 8 | doppler: 9 | project: *name 10 | config: prd 11 | auth: 12 | secretRef: 13 | dopplerToken: 14 | name: doppler-token-auth-api 15 | key: dopplerToken 16 | namespace: flux-system 17 | --- 18 | apiVersion: external-secrets.io/v1 19 | kind: ExternalSecret 20 | metadata: 21 | name: &name kometa 22 | spec: 23 | secretStoreRef: 24 | kind: ClusterSecretStore 25 | name: *name 26 | target: 27 | name: pmm-config 28 | creationPolicy: Owner 29 | template: 30 | templateFrom: 31 | - configMap: 32 | name: pmm-config-tpl 33 | items: 34 | - key: config.yml 35 | dataFrom: 36 | - find: 37 | name: 38 | regexp: .* 39 | -------------------------------------------------------------------------------- /kubernetes/apps/media/tautulli/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app tautulli 7 | namespace: &namespace media 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | components: 13 | - ../../../../flux/components/volsync 14 | dependsOn: 15 | - name: rook-ceph-cluster 16 | namespace: rook-ceph 17 | - name: volsync 18 | namespace: volsync-system 19 | interval: 30m 20 | path: ./kubernetes/apps/media/tautulli/app 21 | postBuild: 22 | substitute: 23 | APP: *app 24 | VOLSYNC_CAPACITY: 5Gi 25 | prune: true 26 | sourceRef: 27 | kind: GitRepository 28 | name: flux-system 29 | namespace: flux-system 30 | targetNamespace: *namespace 31 | timeout: 5m 32 | wait: false 33 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./altinity.yaml 7 | - ./authentik.yaml 8 | - ./backube.yaml 9 | - ./bitnami.yaml 10 | - ./bjw-s.yaml 11 | - ./cloudnative-pg.yaml 12 | - ./cilium.yaml 13 | - ./controlplaneio.yaml 14 | - ./coredns.yaml 15 | - ./democratic-csi.yaml 16 | - ./descheduler.yaml 17 | - ./emqx.yaml 18 | - ./external-dns.yaml 19 | - ./external-secrets.yaml 20 | - ./grafana.yaml 21 | - ./hajimari.yaml 22 | - ./ingress-nginx.yaml 23 | - ./intel.yaml 24 | - ./jetstack.yaml 25 | - ./metrics-server.yaml 26 | - ./node-feature-discovery.yaml 27 | - ./openebs.yaml 28 | - ./piraeus.yaml 29 | - ./prometheus-community.yaml 30 | - ./rook-ceph.yaml 31 | - ./spegel.yaml 32 | - ./stakater.yaml 33 | - ./stevehipwell.yaml -------------------------------------------------------------------------------- /kubernetes/apps/media/jellyfin/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app jellyfin 7 | namespace: &namespace media 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | components: 13 | - ../../../../flux/components/volsync 14 | dependsOn: 15 | - name: rook-ceph-cluster 16 | namespace: rook-ceph 17 | - name: volsync 18 | namespace: volsync-system 19 | interval: 30m 20 | path: ./kubernetes/apps/media/jellyfin/app 21 | postBuild: 22 | substitute: 23 | APP: *app 24 | VOLSYNC_CAPACITY: 20Gi 25 | prune: true 26 | sourceRef: 27 | kind: GitRepository 28 | name: flux-system 29 | namespace: flux-system 30 | targetNamespace: *namespace 31 | timeout: 5m 32 | wait: false 33 | -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/n8n/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app n8n 7 | namespace: &namespace selfhosted 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | # components: 13 | # - ../../../../flux/components/volsync 14 | dependsOn: 15 | - name: rook-ceph-cluster 16 | namespace: rook-ceph 17 | - name: volsync 18 | namespace: volsync-system 19 | interval: 30m 20 | path: ./kubernetes/apps/selfhosted/n8n/app 21 | postBuild: 22 | substitute: 23 | APP: *app 24 | VOLSYNC_CAPACITY: 1Gi 25 | prune: true 26 | sourceRef: 27 | kind: GitRepository 28 | name: flux-system 29 | namespace: flux-system 30 | targetNamespace: *namespace 31 | timeout: 5m 32 | wait: false 33 | -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/ntfy/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app ntfy 7 | namespace: &namespace selfhosted 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | components: 13 | - ../../../../flux/components/volsync 14 | dependsOn: 15 | - name: rook-ceph-cluster 16 | namespace: rook-ceph 17 | - name: volsync 18 | namespace: volsync-system 19 | interval: 30m 20 | path: ./kubernetes/apps/selfhosted/ntfy/app 21 | postBuild: 22 | substitute: 23 | APP: *app 24 | VOLSYNC_CAPACITY: 1Gi 25 | prune: true 26 | sourceRef: 27 | kind: GitRepository 28 | name: flux-system 29 | namespace: flux-system 30 | targetNamespace: *namespace 31 | timeout: 5m 32 | wait: false 33 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/spegel/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: spegel 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: spegel 12 | version: 0.5.1 13 | sourceRef: 14 | kind: HelmRepository 15 | name: spegel 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | retries: 3 24 | values: 25 | grafanaDashboard: 26 | enabled: true 27 | service: 28 | registry: 29 | hostPort: 29999 30 | serviceMonitor: 31 | enabled: true 32 | spegel: 33 | containerdSock: /run/containerd/containerd.sock 34 | containerdRegistryConfigPath: /etc/cri/conf.d/hosts 35 | -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/radicale/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app radicale 7 | namespace: &namespace selfhosted 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | components: 13 | - ../../../../flux/components/volsync 14 | dependsOn: 15 | - name: rook-ceph-cluster 16 | namespace: rook-ceph 17 | - name: volsync 18 | namespace: volsync-system 19 | interval: 30m 20 | path: ./kubernetes/apps/selfhosted/radicale/app 21 | postBuild: 22 | substitute: 23 | APP: *app 24 | VOLSYNC_CAPACITY: 1Gi 25 | prune: true 26 | sourceRef: 27 | kind: GitRepository 28 | name: flux-system 29 | namespace: flux-system 30 | targetNamespace: *namespace 31 | timeout: 5m 32 | wait: false 33 | -------------------------------------------------------------------------------- /kubernetes/apps/selfhosted/thelounge/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app thelounge 7 | namespace: &namespace selfhosted 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | components: 13 | - ../../../../flux/components/volsync 14 | dependsOn: 15 | - name: rook-ceph-cluster 16 | namespace: rook-ceph 17 | - name: volsync 18 | namespace: volsync-system 19 | interval: 30m 20 | path: ./kubernetes/apps/selfhosted/thelounge/app 21 | postBuild: 22 | substitute: 23 | APP: *app 24 | VOLSYNC_CAPACITY: 1Gi 25 | prune: true 26 | sourceRef: 27 | kind: GitRepository 28 | name: flux-system 29 | namespace: flux-system 30 | targetNamespace: *namespace 31 | timeout: 5m 32 | wait: false -------------------------------------------------------------------------------- /.taskfiles/volsync/ReplicationDestination.tmpl.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: volsync.backube/v1alpha1 3 | kind: ReplicationDestination 4 | metadata: 5 | name: "${rsrc}-${claim}-${ts}" 6 | namespace: "${namespace}" 7 | spec: 8 | trigger: 9 | manual: restore-once 10 | restic: 11 | repository: "${rsrc}-restic" 12 | destinationPVC: "${claim}" 13 | copyMethod: Direct 14 | storageClassName: ceph-block 15 | # IMPORTANT NOTE: 16 | # Set to the last X number of snapshots to restore from 17 | previous: ${previous} 18 | # OR; 19 | # IMPORTANT NOTE: 20 | # On bootstrap set `restoreAsOf` to the time the old cluster was destroyed. 21 | # This will essentially prevent volsync from trying to restore a backup 22 | # from a application that started with default data in the PVC. 23 | # Do not restore snapshots made after the following RFC3339 Timestamp. 24 | # date --rfc-3339=seconds (--utc) 25 | # restoreAsOf: "2022-12-10T16:00:00-05:00" 26 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/node-feature-discovery/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: node-feature-discovery 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: node-feature-discovery 12 | version: 0.18.3 13 | sourceRef: 14 | kind: HelmRepository 15 | name: node-feature-discovery 16 | namespace: flux-system 17 | install: 18 | crds: CreateReplace 19 | remediation: 20 | retries: 3 21 | upgrade: 22 | cleanupOnFail: true 23 | crds: CreateReplace 24 | remediation: 25 | strategy: rollback 26 | retries: 3 27 | values: 28 | master: 29 | replicaCount: 1 30 | worker: 31 | config: 32 | core: 33 | labelSources: ["pci", "system", "usb"] 34 | prometheus: 35 | enable: true 36 | -------------------------------------------------------------------------------- /.github/renovate/autoMerge.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "packageRules": [ 4 | { 5 | "description": "Auto merge container digests", 6 | "matchDatasources": ["docker"], 7 | "automerge": true, 8 | "automergeType": "branch", 9 | "matchUpdateTypes": ["digest"], 10 | "matchPackageNames": ["ghcr.io/home-operations"] 11 | }, 12 | { 13 | "description": "Auto merge GitHub Actions", 14 | "matchManagers": ["github-actions"], 15 | "matchDatasources": ["github-tags"], 16 | "automerge": true, 17 | "automergeType": "branch", 18 | "matchUpdateTypes": ["minor", "patch"] 19 | }, 20 | { 21 | "description": "Auto merge Helm charts", 22 | "matchDatasources": ["helm"], 23 | "automerge": true, 24 | "automergeType": "branch", 25 | "matchUpdateTypes": ["minor", "patch"], 26 | "matchPackageNames": ["kube-prometheus-stack"] 27 | } 28 | ] 29 | } 30 | -------------------------------------------------------------------------------- /kubernetes/apps/ai/langfuse/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app langfuse 7 | namespace: &namespace ai 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: external-secrets 14 | namespace: external-secrets 15 | - name: rook-ceph-cluster 16 | namespace: rook-ceph 17 | - name: cloudnative-pg-cluster 18 | namespace: database 19 | - name: dragonfly-cluster 20 | namespace: database 21 | - name: clickhouse-cluster 22 | namespace: database 23 | interval: 30m 24 | path: ./kubernetes/apps/ai/langfuse/app 25 | prune: true 26 | sourceRef: 27 | kind: GitRepository 28 | name: flux-system 29 | namespace: flux-system 30 | targetNamespace: *namespace 31 | timeout: 5m 32 | wait: false 33 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/instance/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1 3 | kind: ClusterSecretStore 4 | metadata: 5 | name: &name flux-gitops 6 | spec: 7 | provider: 8 | doppler: 9 | project: *name 10 | config: prd 11 | auth: 12 | secretRef: 13 | dopplerToken: 14 | name: doppler-token-auth-api 15 | key: dopplerToken 16 | namespace: flux-system 17 | --- 18 | apiVersion: external-secrets.io/v1 19 | kind: ExternalSecret 20 | metadata: 21 | name: &name flux-gitops 22 | spec: 23 | secretStoreRef: 24 | kind: ClusterSecretStore 25 | name: *name 26 | target: 27 | name: flux-gitops-secret 28 | template: 29 | data: 30 | githubAppID: "{{ .GITHUB_APP_ID }}" 31 | githubAppInstallationID: "{{ .GITHUB_APP_INSTALLATION_ID }}" 32 | githubAppPrivateKey: "{{ .GITHUB_APP_PRIVATE_KEY }}" 33 | dataFrom: 34 | - find: 35 | name: 36 | regexp: .* 37 | -------------------------------------------------------------------------------- /kubernetes/apps/home/esphome/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app esphome 7 | namespace: &namespace home 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | components: 13 | - ../../../../flux/components/volsync 14 | dependsOn: 15 | - name: external-secrets 16 | namespace: external-secrets 17 | - name: rook-ceph-cluster 18 | namespace: rook-ceph 19 | - name: volsync 20 | namespace: volsync-system 21 | interval: 30m 22 | path: ./kubernetes/apps/home/esphome/app 23 | postBuild: 24 | substitute: 25 | APP: *app 26 | VOLSYNC_CAPACITY: 15Gi 27 | prune: true 28 | sourceRef: 29 | kind: GitRepository 30 | name: flux-system 31 | namespace: flux-system 32 | targetNamespace: *namespace 33 | timeout: 5m 34 | wait: false -------------------------------------------------------------------------------- /kubernetes/apps/home/frigate/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app frigate 7 | namespace: &namespace home 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | components: 13 | - ../../../../flux/components/volsync 14 | dependsOn: 15 | - name: external-secrets 16 | namespace: external-secrets 17 | - name: rook-ceph-cluster 18 | namespace: rook-ceph 19 | - name: volsync 20 | namespace: volsync-system 21 | interval: 30m 22 | path: ./kubernetes/apps/home/frigate/app 23 | postBuild: 24 | substitute: 25 | APP: *app 26 | VOLSYNC_CAPACITY: 5Gi 27 | prune: true 28 | sourceRef: 29 | kind: GitRepository 30 | name: flux-system 31 | namespace: flux-system 32 | targetNamespace: *namespace 33 | timeout: 5m 34 | wait: false -------------------------------------------------------------------------------- /kubernetes/apps/home/node-red/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app node-red 7 | namespace: &namespace home 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | components: 13 | - ../../../../flux/components/volsync 14 | dependsOn: 15 | - name: external-secrets 16 | namespace: external-secrets 17 | - name: rook-ceph-cluster 18 | namespace: rook-ceph 19 | - name: volsync 20 | namespace: volsync-system 21 | interval: 30m 22 | path: ./kubernetes/apps/home/node-red/app 23 | postBuild: 24 | substitute: 25 | APP: *app 26 | VOLSYNC_CAPACITY: 2Gi 27 | prune: true 28 | sourceRef: 29 | kind: GitRepository 30 | name: flux-system 31 | namespace: flux-system 32 | targetNamespace: *namespace 33 | timeout: 5m 34 | wait: false -------------------------------------------------------------------------------- /kubernetes/apps/media/readarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app readarr 7 | namespace: &namespace media 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | components: 13 | - ../../../../flux/components/volsync 14 | dependsOn: 15 | - name: external-secrets 16 | namespace: external-secrets 17 | - name: rook-ceph-cluster 18 | namespace: rook-ceph 19 | - name: volsync 20 | namespace: volsync-system 21 | interval: 30m 22 | path: ./kubernetes/apps/media/readarr/app 23 | postBuild: 24 | substitute: 25 | APP: *app 26 | VOLSYNC_CAPACITY: 1Gi 27 | prune: true 28 | sourceRef: 29 | kind: GitRepository 30 | name: flux-system 31 | namespace: flux-system 32 | targetNamespace: *namespace 33 | timeout: 5m 34 | wait: false -------------------------------------------------------------------------------- /kubernetes/apps/media/bazarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app bazarr 7 | namespace: &namespace media 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | components: 13 | - ../../../../flux/components/volsync 14 | dependsOn: 15 | - name: external-secrets 16 | namespace: external-secrets 17 | - name: rook-ceph-cluster 18 | namespace: rook-ceph 19 | - name: volsync 20 | namespace: volsync-system 21 | interval: 30m 22 | path: ./kubernetes/apps/media/bazarr/app 23 | postBuild: 24 | substitute: 25 | APP: *app 26 | VOLSYNC_CAPACITY: 1Gi 27 | prune: true 28 | sourceRef: 29 | kind: GitRepository 30 | name: flux-system 31 | namespace: flux-system 32 | targetNamespace: *namespace 33 | timeout: 5m 34 | wait: false 35 | -------------------------------------------------------------------------------- /kubernetes/apps/media/radarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app radarr 7 | namespace: &namespace media 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | components: 13 | - ../../../../flux/components/volsync 14 | dependsOn: 15 | - name: external-secrets 16 | namespace: external-secrets 17 | - name: rook-ceph-cluster 18 | namespace: rook-ceph 19 | - name: volsync 20 | namespace: volsync-system 21 | interval: 30m 22 | path: ./kubernetes/apps/media/radarr/app 23 | postBuild: 24 | substitute: 25 | APP: *app 26 | VOLSYNC_CAPACITY: 5Gi 27 | prune: true 28 | sourceRef: 29 | kind: GitRepository 30 | name: flux-system 31 | namespace: flux-system 32 | targetNamespace: *namespace 33 | timeout: 5m 34 | wait: false 35 | -------------------------------------------------------------------------------- /kubernetes/apps/media/sabnzbd/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app sabnzbd 7 | namespace: &namespace media 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | components: 13 | - ../../../../flux/components/volsync 14 | dependsOn: 15 | - name: external-secrets 16 | namespace: external-secrets 17 | - name: rook-ceph-cluster 18 | namespace: rook-ceph 19 | - name: volsync 20 | namespace: volsync-system 21 | interval: 30m 22 | path: ./kubernetes/apps/media/sabnzbd/app 23 | postBuild: 24 | substitute: 25 | APP: *app 26 | VOLSYNC_CAPACITY: 1Gi 27 | prune: true 28 | sourceRef: 29 | kind: GitRepository 30 | name: flux-system 31 | namespace: flux-system 32 | targetNamespace: *namespace 33 | timeout: 5m 34 | wait: false 35 | -------------------------------------------------------------------------------- /kubernetes/apps/media/sonarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app sonarr 7 | namespace: &namespace media 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | components: 13 | - ../../../../flux/components/volsync 14 | dependsOn: 15 | - name: external-secrets 16 | namespace: external-secrets 17 | - name: rook-ceph-cluster 18 | namespace: rook-ceph 19 | - name: volsync 20 | namespace: volsync-system 21 | interval: 30m 22 | path: ./kubernetes/apps/media/sonarr/app 23 | postBuild: 24 | substitute: 25 | APP: *app 26 | VOLSYNC_CAPACITY: 1Gi 27 | prune: true 28 | sourceRef: 29 | kind: GitRepository 30 | name: flux-system 31 | namespace: flux-system 32 | targetNamespace: *namespace 33 | timeout: 5m 34 | wait: false 35 | -------------------------------------------------------------------------------- /kubernetes/apps/home/zigbee2mqtt/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app zigbee2mqtt 7 | namespace: &namespace home 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | components: 13 | - ../../../../flux/components/volsync 14 | dependsOn: 15 | - name: external-secrets 16 | namespace: external-secrets 17 | - name: rook-ceph-cluster 18 | namespace: rook-ceph 19 | - name: volsync 20 | namespace: volsync-system 21 | interval: 30m 22 | path: ./kubernetes/apps/home/zigbee2mqtt/app 23 | postBuild: 24 | substitute: 25 | APP: *app 26 | VOLSYNC_CAPACITY: 1Gi 27 | prune: true 28 | sourceRef: 29 | kind: GitRepository 30 | name: flux-system 31 | namespace: flux-system 32 | targetNamespace: *namespace 33 | timeout: 5m 34 | wait: false -------------------------------------------------------------------------------- /kubernetes/apps/media/autobrr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app autobrr 7 | namespace: &namespace media 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | components: 13 | # - ../../../../flux/components/volsync 14 | dependsOn: 15 | - name: external-secrets 16 | namespace: external-secrets 17 | - name: rook-ceph-cluster 18 | namespace: rook-ceph 19 | - name: volsync 20 | namespace: volsync-system 21 | interval: 30m 22 | path: ./kubernetes/apps/media/autobrr/app 23 | postBuild: 24 | substitute: 25 | APP: *app 26 | VOLSYNC_CAPACITY: 1Gi 27 | prune: true 28 | sourceRef: 29 | kind: GitRepository 30 | name: flux-system 31 | namespace: flux-system 32 | targetNamespace: *namespace 33 | timeout: 5m 34 | wait: false 35 | -------------------------------------------------------------------------------- /kubernetes/apps/media/prowlarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app prowlarr 7 | namespace: &namespace media 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | components: 13 | - ../../../../flux/components/volsync 14 | dependsOn: 15 | - name: external-secrets 16 | namespace: external-secrets 17 | - name: rook-ceph-cluster 18 | namespace: rook-ceph 19 | - name: volsync 20 | namespace: volsync-system 21 | interval: 30m 22 | path: ./kubernetes/apps/media/prowlarr/app 23 | postBuild: 24 | substitute: 25 | APP: *app 26 | VOLSYNC_CAPACITY: 1Gi 27 | prune: true 28 | sourceRef: 29 | kind: GitRepository 30 | name: flux-system 31 | namespace: flux-system 32 | targetNamespace: *namespace 33 | timeout: 5m 34 | wait: false 35 | -------------------------------------------------------------------------------- /kubernetes/apps/media/qbittorrent/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app qbittorrent 7 | namespace: &namespace media 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | components: 13 | - ../../../../flux/components/volsync 14 | dependsOn: 15 | - name: external-secrets 16 | namespace: external-secrets 17 | - name: rook-ceph-cluster 18 | namespace: rook-ceph 19 | - name: volsync 20 | namespace: volsync-system 21 | interval: 30m 22 | path: ./kubernetes/apps/media/qbittorrent/app 23 | postBuild: 24 | substitute: 25 | APP: *app 26 | VOLSYNC_CAPACITY: 2Gi 27 | prune: true 28 | sourceRef: 29 | kind: GitRepository 30 | name: flux-system 31 | namespace: flux-system 32 | targetNamespace: *namespace 33 | timeout: 5m 34 | wait: true -------------------------------------------------------------------------------- /kubernetes/apps/database/dragonfly/cluster/cluster.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://lds-schemas.pages.dev/dragonflydb.io/dragonfly_v1alpha1.json 3 | apiVersion: dragonflydb.io/v1alpha1 4 | kind: Dragonfly 5 | metadata: 6 | name: dragonfly 7 | spec: 8 | image: ghcr.io/dragonflydb/dragonfly:v1.35.1 9 | replicas: 3 10 | env: 11 | - name: MAX_MEMORY 12 | valueFrom: 13 | resourceFieldRef: 14 | resource: limits.memory 15 | divisor: 1Mi 16 | args: 17 | - --maxmemory=$(MAX_MEMORY)Mi 18 | - --proactor_threads=2 19 | - --cluster_mode=emulated 20 | - --lock_on_hashtags 21 | - --default_lua_flags=allow-undeclared-keys 22 | topologySpreadConstraints: 23 | - maxSkew: 1 24 | topologyKey: kubernetes.io/hostname 25 | whenUnsatisfiable: DoNotSchedule 26 | labelSelector: 27 | matchLabels: 28 | app.kubernetes.io/part-of: dragonfly 29 | resources: 30 | requests: 31 | cpu: 100m 32 | limits: 33 | memory: 512Mi 34 | --------------------------------------------------------------------------------