├── .archive
├── base
│ ├── kyverno
│ │ └── policies
│ │ │ ├── add-ndots.yaml
│ │ │ ├── apply-ingress-auth-annotations.yaml
│ │ │ ├── apply-ingress-external-dns-annotations.yaml
│ │ │ └── apply-ingress-whitelist-annotations.yaml
│ ├── system-upgrade
│ │ ├── kustomization.yaml
│ │ ├── namespace.yaml
│ │ └── system-upgrade-controller
│ │ │ ├── app
│ │ │ └── kustomization.yaml
│ │ │ └── plans
│ │ │ ├── agent-plan.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── server-plan.yaml
│ └── vpn
│ │ ├── downloads-gateway
│ │ ├── helm-release.yaml
│ │ ├── kustomization.yaml
│ │ └── secret.sops.yaml
│ │ ├── kustomization.yaml
│ │ ├── ns.yaml
│ │ └── vpn-gateway
│ │ ├── helm-release.yaml
│ │ └── secret.sops.yaml
├── crypto
│ ├── bisq
│ │ ├── app
│ │ │ ├── hr.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ └── kustomization.yaml
├── downloads
│ ├── kustomization.yaml
│ ├── netpol.yaml
│ ├── ns.yaml
│ ├── porla
│ │ ├── configs
│ │ │ └── config.toml
│ │ ├── externalsecret-store.yaml
│ │ ├── externalsecret.yaml
│ │ ├── helm-release.yaml
│ │ ├── kustomization.yaml
│ │ ├── pvc.yaml
│ │ └── workflows
│ │ │ ├── move-completed.lua
│ │ │ └── seeding-checker.lua
│ └── qbit
│ │ ├── helmrelease.yaml
│ │ ├── kustomization.yaml
│ │ └── pvc.yaml
├── matrix-synapse
│ ├── app
│ │ ├── externalsecret.yaml
│ │ ├── helm-release.yaml
│ │ ├── internal-ingress.yaml
│ │ ├── kustomization.yaml
│ │ ├── matrix-signing-key.sops.yaml
│ │ └── pvc.yaml
│ └── ks.yaml
├── media
│ ├── external-dns
│ │ ├── internal
│ │ │ ├── externalsecret-store.yaml
│ │ │ ├── externalsecret.yaml
│ │ │ ├── helm-release.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── longhorn
│ │ ├── app
│ │ │ ├── helm-release.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── minio-secret.sops.yaml
│ │ └── ks.yaml
│ ├── plex
│ │ ├── app
│ │ │ ├── hr.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── pvc.yaml
│ │ └── ks.yaml
│ └── talos
│ │ ├── .sops.yaml
│ │ ├── clusterconfig
│ │ └── .gitignore
│ │ ├── patches
│ │ ├── README.md
│ │ ├── controller
│ │ │ ├── api-access.yaml
│ │ │ ├── cluster.yaml
│ │ │ ├── disable-admission-controller.yaml
│ │ │ └── kube-prism.yaml
│ │ └── global
│ │ │ ├── cluster-discovery.yaml
│ │ │ ├── containerd.yaml
│ │ │ ├── disable-search-domain.yaml
│ │ │ ├── kubelet.yaml
│ │ │ ├── nfs.yaml
│ │ │ ├── sysctl.yaml
│ │ │ └── udev.yaml
│ │ ├── talconfig.yaml
│ │ └── talsecret.sops.yaml
├── mergerfs
│ ├── app
│ │ └── hr.yaml
│ └── ks.yaml
├── nebula
│ ├── baikal
│ │ ├── app
│ │ │ ├── hr.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── ci
│ │ └── woodpecker
│ │ │ ├── agent
│ │ │ ├── hr.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── secret.sops.yaml
│ │ │ └── ks-agent.yaml
│ ├── coder
│ │ ├── app
│ │ │ ├── externalsecret.yaml
│ │ │ ├── hr.yaml
│ │ │ ├── internal-ingress.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── finance
│ │ ├── firefly
│ │ │ ├── app
│ │ │ │ ├── externalsecret.yaml
│ │ │ │ ├── helm-release.yaml
│ │ │ │ └── kustomization.yaml
│ │ │ ├── importer
│ │ │ │ ├── cronjob.yaml
│ │ │ │ ├── externalsecret.yaml
│ │ │ │ ├── helm-release.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ └── pvc.yaml
│ │ │ ├── ks-importer.yaml
│ │ │ └── ks.yaml
│ │ └── paisa
│ │ │ ├── app
│ │ │ ├── hr.yaml
│ │ │ └── kustomization.yaml
│ │ │ └── ks.yaml
│ ├── games
│ │ ├── factorio
│ │ │ ├── app
│ │ │ │ ├── es.yaml
│ │ │ │ ├── hr.yaml
│ │ │ │ └── kustomization.yaml
│ │ │ └── ks.yaml
│ │ ├── minecraft
│ │ │ ├── app
│ │ │ │ ├── externalsecret-store.yaml
│ │ │ │ ├── externalsecret.yaml
│ │ │ │ ├── hr.yaml
│ │ │ │ └── kustomization.yaml
│ │ │ └── ks.yaml
│ │ └── satisfactory
│ │ │ ├── app
│ │ │ ├── hr.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── pvc.yaml
│ │ │ └── ks.yaml
│ ├── i2pd
│ │ ├── app
│ │ │ ├── config
│ │ │ │ └── i2pd-docker.conf
│ │ │ ├── helm-release.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── longhorn
│ │ ├── app
│ │ │ ├── helm-release.yaml
│ │ │ ├── kustomization.yaml
│ │ │ ├── minio-secret.sops.yaml
│ │ │ └── snapshotclass.yaml
│ │ ├── ks-recurring-jobs.yaml
│ │ ├── ks.yaml
│ │ └── recurring-jobs
│ │ │ ├── hr.yaml
│ │ │ └── kustomization.yaml
│ ├── mariadb
│ │ ├── crds
│ │ │ ├── hr.yaml
│ │ │ └── kustomization.yaml
│ │ ├── ks-crds.yaml
│ │ ├── ks-phpmyadmin.yaml
│ │ ├── ks-resources.yaml
│ │ ├── ks.yaml
│ │ ├── operator
│ │ │ ├── hr.yaml
│ │ │ └── kustomization.yaml
│ │ ├── phpmyadmin
│ │ │ └── app
│ │ │ │ ├── hr.yaml
│ │ │ │ └── kustomization.yaml
│ │ └── resources
│ │ │ ├── backup-daily.yaml
│ │ │ ├── backup.yaml
│ │ │ ├── externalsecret-backups.yaml
│ │ │ ├── externalsecret.yaml
│ │ │ ├── kustomization.yaml
│ │ │ ├── mariadb.yaml
│ │ │ └── provisions
│ │ │ ├── kustomization.yaml
│ │ │ ├── observium
│ │ │ ├── db.yaml
│ │ │ ├── externalsecret.yaml
│ │ │ ├── grant.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── user.yaml
│ │ │ └── protu-staging-wordpress
│ │ │ ├── db.yaml
│ │ │ ├── externalsecret.yaml
│ │ │ ├── grant.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── user.yaml
│ ├── media
│ │ ├── lidarr
│ │ │ └── app
│ │ │ │ ├── externalsecret-store.yaml
│ │ │ │ ├── externalsecret.yaml
│ │ │ │ ├── helm-release.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ └── pvc.yaml
│ │ ├── plex
│ │ │ ├── externalsecret-plex.yaml
│ │ │ ├── externalsecret-store.yaml
│ │ │ ├── externalsecret.yaml
│ │ │ ├── helm-release.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── pvc.yaml
│ │ ├── radarr
│ │ │ ├── externalsecret-store.yaml
│ │ │ ├── externalsecret.yaml
│ │ │ ├── helm-release.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── pvc.yaml
│ │ ├── recyclarr
│ │ │ ├── app
│ │ │ │ ├── config
│ │ │ │ │ └── recyclarr.yml
│ │ │ │ ├── externalsecret-store.yaml
│ │ │ │ ├── externalsecret.yaml
│ │ │ │ ├── helm-release.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ └── pvc.yaml
│ │ │ └── ks.yaml
│ │ ├── sonarr
│ │ │ ├── externalsecret-store.yaml
│ │ │ ├── externalsecret.yaml
│ │ │ ├── helm-release.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── pvc.yaml
│ │ └── unpackerr
│ │ │ ├── helm-release.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── secret.sops.yaml
│ ├── networking
│ │ ├── consul
│ │ │ ├── app
│ │ │ │ ├── helmrelease.yaml
│ │ │ │ ├── ingress.yaml
│ │ │ │ └── kustomization.yaml
│ │ │ ├── custom-resources
│ │ │ │ ├── kustomization.yaml
│ │ │ │ └── proxy-defaults.yaml
│ │ │ └── ks.yaml
│ │ └── observium
│ │ │ ├── app
│ │ │ ├── es.yaml
│ │ │ ├── hr.yaml
│ │ │ └── kustomization.yaml
│ │ │ └── ks.yaml
│ ├── radicale
│ │ ├── app
│ │ │ ├── config
│ │ │ │ └── config.cfg
│ │ │ ├── hr.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── redis
│ │ ├── app
│ │ │ ├── helm-release.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── redlib
│ │ ├── app
│ │ │ ├── hr.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── shiori
│ │ ├── app
│ │ │ ├── hr.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── storage
│ │ └── longhorn
│ │ │ ├── app
│ │ │ ├── helm-release.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── minio-secret.sops.yaml
│ │ │ └── ks.yaml
│ └── ytdl-material
│ │ ├── app
│ │ ├── hr.yaml
│ │ └── kustomization.yaml
│ │ └── ks.yaml
└── vm
│ ├── _cdi
│ ├── ks.yaml
│ ├── kustomization.yaml
│ ├── ns.yaml
│ ├── repo.yaml
│ ├── upload-datavolume.yaml
│ └── upload-proxy-lb.yaml
│ ├── _kubevirt
│ ├── ks.yaml
│ ├── kustomization.yaml
│ ├── ns.yaml
│ └── repo.yaml
│ ├── kustomization.yaml
│ └── pbx
│ ├── _deps
│ ├── multus.yaml
│ ├── preference.yaml
│ └── type.yaml
│ ├── ks.yaml
│ └── template
│ ├── svc-ssh.yaml
│ ├── svc-ui.yaml
│ ├── svc-voip.yaml
│ └── vm.yaml
├── .github
├── labeler.yaml
├── lint
│ ├── .markdownlint.yaml
│ ├── .prettierignore
│ └── .yamllint.yaml
├── renovate.json5
├── renovate
│ ├── autoMerge.json5
│ ├── clusters.json5
│ ├── commitMessage.json5
│ ├── customVersionSchemes.json5
│ ├── disabledDatasources.json5
│ ├── groups.json5
│ ├── labels.json5
│ ├── looseVersioning.json5
│ └── pinnedVersions.json5
├── scripts
│ ├── container-parser.sh
│ ├── helm-release-differ.sh
│ ├── helmReleaseDiff.mjs
│ └── lib
│ │ └── functions.sh
└── workflows
│ ├── flux-diff.yaml
│ ├── flux-image-test.yaml
│ ├── meta-label-size.yaml
│ ├── meta-labeler.yaml
│ ├── publish-schemas.yaml
│ ├── scan-containers.yaml
│ └── schedule-renovate.yaml
├── .gitignore
├── .idea
├── .gitignore
├── dataSources.xml
├── deployment.xml
├── discord.xml
├── inspectionProfiles
│ └── Project_Default.xml
├── jsonCatalog.xml
├── k8s-cluster.iml
├── markdown.xml
├── material_theme_project_new.xml
├── misc.xml
├── modules.xml
└── vcs.xml
├── .pre-commit-config.yaml
├── .sops.yaml
├── .taskfiles
├── Ansible
│ └── Taskfile.yaml
├── ExternalSecrets
│ └── Taskfile.yaml
├── Flux
│ └── Taskfile.yaml
├── Kubernetes
│ └── Taskfile.yaml
├── Repository
│ └── Taskfile.yaml
├── Sops
│ └── Taskfile.yaml
├── Talos
│ └── Taskfile.yaml
├── VolSync
│ ├── Taskfile.yaml
│ ├── scripts
│ │ ├── wait-for-job.sh
│ │ └── which-controller.sh
│ └── templates
│ │ ├── list.tmpl.yaml
│ │ ├── replicationdestination.tmpl.yaml
│ │ ├── unlock.tmpl.yaml
│ │ └── wipe.tmpl.yaml
└── Workstation
│ ├── Archfile
│ ├── Brewfile
│ └── Taskfile.yaml
├── .vscode
├── extensions.json
└── settings.json
├── README.md
├── Taskfile.yaml
├── create-external-cluster-resources.py
├── hack
├── k8s-cilium-exec.sh
├── pvc-relocator.sh
└── remove_ns_finalizer.sh
├── k8s
├── base
│ ├── cert-manager
│ │ ├── app
│ │ │ ├── helm-release.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── promrule.yaml
│ │ ├── issuers
│ │ │ ├── kapsi-bind-secret.sops.yaml
│ │ │ ├── kustomization.yaml
│ │ │ ├── letsencrypt-production.yaml
│ │ │ ├── letsencrypt-staging.yaml
│ │ │ ├── secret.enc.yaml
│ │ │ ├── zerossl-production.yaml
│ │ │ └── zerossl-secret.enc.yaml
│ │ ├── kustomization.yaml
│ │ ├── ns.yaml
│ │ └── overlays
│ │ │ ├── media
│ │ │ └── certificates
│ │ │ │ ├── dh-cert.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ └── wildcards
│ │ │ │ ├── certificate.yaml
│ │ │ │ └── kustomization.yaml
│ │ │ └── nebula
│ │ │ └── certificates
│ │ │ ├── kustomization.yaml
│ │ │ └── wildcards
│ │ │ ├── certificate.yaml
│ │ │ ├── iki-domain-wild.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── root-domain-certificate.yaml
│ ├── default
│ │ └── .gitkeep
│ ├── flux-system
│ │ ├── cluster-config
│ │ │ ├── base
│ │ │ │ ├── base-secrets.sops.yaml
│ │ │ │ └── config.yaml
│ │ │ └── overlays
│ │ │ │ ├── media
│ │ │ │ ├── cluster-config.yaml
│ │ │ │ ├── cluster-secrets.sops.yaml
│ │ │ │ └── kustomization.yaml
│ │ │ │ └── nebula
│ │ │ │ ├── cluster-config.yaml
│ │ │ │ ├── cluster-secrets.sops.yaml
│ │ │ │ └── kustomization.yaml
│ │ ├── helm-chart-repos
│ │ │ ├── actions-runner-controller.yaml
│ │ │ ├── agones-charts.yaml
│ │ │ ├── ananace-charts.yaml
│ │ │ ├── angelnu-charts.yaml
│ │ │ ├── app-template.yaml
│ │ │ ├── backube.yaml
│ │ │ ├── bitnami.yaml
│ │ │ ├── bjw-s.yaml
│ │ │ ├── bugfest-charts.yaml
│ │ │ ├── cilium-charts.yaml
│ │ │ ├── cloudnative-pg.yaml
│ │ │ ├── coder-charts.yaml
│ │ │ ├── coredns-charts.yaml
│ │ │ ├── deliveryhero-charts.yaml
│ │ │ ├── democratic-csi.yaml
│ │ │ ├── elastic.yaml
│ │ │ ├── emberstack-charts.yaml
│ │ │ ├── envoy-proxy.yaml
│ │ │ ├── external-dns-charts.yaml
│ │ │ ├── external-secrets.yaml
│ │ │ ├── factorio.yaml
│ │ │ ├── goauthentik-charts.yaml
│ │ │ ├── grafana-charts.yaml
│ │ │ ├── hashicorp.yaml
│ │ │ ├── ingress-nginx.yaml
│ │ │ ├── intel.yaml
│ │ │ ├── jenkins-charts.yaml
│ │ │ ├── jenkins-operator-charts.yaml
│ │ │ ├── jetstack.yaml
│ │ │ ├── k8s-gateway.yaml
│ │ │ ├── kubernetes-sigs-descheduler-charts.yaml
│ │ │ ├── kubernetes-sigs-metrics-server-charts.yaml
│ │ │ ├── kyverno.yaml
│ │ │ ├── longhorn.yaml
│ │ │ ├── mariadb-operator.yaml
│ │ │ ├── metrics-server-charts.yaml
│ │ │ ├── minecraft-charts.yaml
│ │ │ ├── moco.yaml
│ │ │ ├── nfs-subdir-charts.yaml
│ │ │ ├── node-feature-discovery-charts.yaml
│ │ │ ├── nvdp.yaml
│ │ │ ├── nvidia.yaml
│ │ │ ├── piraeus-charts.yaml
│ │ │ ├── postfinance.yaml
│ │ │ ├── prometheus-community.yaml
│ │ │ ├── renovate.yaml
│ │ │ ├── rook-ceph.yaml
│ │ │ ├── samipsolutions-charts.yaml
│ │ │ ├── spegel.yaml
│ │ │ ├── stakater-charts.yaml
│ │ │ ├── tailscale.yaml
│ │ │ ├── tyzbit.yaml
│ │ │ ├── weave-gitops.yaml
│ │ │ ├── woodpecker.yaml
│ │ │ └── wrenix.yaml
│ │ ├── monitoring
│ │ │ ├── pod-monitor.yaml
│ │ │ └── prom-rule.yaml
│ │ ├── notifications
│ │ │ ├── github
│ │ │ │ ├── notify.yaml
│ │ │ │ └── secret.sops.yaml
│ │ │ └── kustomization.yaml
│ │ └── webhook
│ │ │ ├── github
│ │ │ ├── receiver.yaml
│ │ │ └── secret.sops.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── overlays
│ │ │ ├── media
│ │ │ ├── github
│ │ │ │ ├── httproute.yaml
│ │ │ │ └── ingress.yaml
│ │ │ └── kustomization.yaml
│ │ │ └── nebula
│ │ │ ├── github
│ │ │ ├── httproute.yaml
│ │ │ └── ingress.yaml
│ │ │ └── kustomization.yaml
│ ├── infra
│ │ ├── external-secrets
│ │ │ └── operator
│ │ │ │ └── helm-release.yaml
│ │ ├── kustomization.yaml
│ │ └── ns.yaml
│ ├── kube-system
│ │ ├── coredns
│ │ │ ├── helm-release.yaml
│ │ │ ├── kubedns-svc.yaml
│ │ │ ├── kustomization.yaml
│ │ │ ├── values-media.yaml
│ │ │ └── values.yaml
│ │ ├── metrics-server
│ │ │ └── helm-release.yaml
│ │ ├── node-feature-discovery
│ │ │ └── hr.yaml
│ │ ├── reflector
│ │ │ ├── helm-release.yaml
│ │ │ └── ns.yaml
│ │ └── reloader
│ │ │ └── hr.yaml
│ ├── monitoring
│ │ ├── arrs
│ │ │ ├── radarr
│ │ │ │ ├── helmrelease.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ └── radarr-secret.sops.yaml
│ │ │ └── sonarr
│ │ │ │ ├── helmrelease.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ └── sonarr-secret.sops.yaml
│ │ ├── kustomization.yaml
│ │ ├── ns.yaml
│ │ ├── prom-stack
│ │ │ └── crds
│ │ │ │ ├── hr.yaml
│ │ │ │ └── kustomization.yaml
│ │ └── speedtest-exporter
│ │ │ └── helm-release.yaml
│ ├── networking
│ │ ├── envoy
│ │ │ └── app
│ │ │ │ ├── hr.yaml
│ │ │ │ └── kustomization.yaml
│ │ ├── gateway-api
│ │ │ ├── flux-ks.yaml
│ │ │ ├── gitrepo.yaml
│ │ │ └── kustomization.yaml
│ │ ├── kustomization.yaml
│ │ ├── nginx
│ │ │ └── custom-headers.yaml
│ │ ├── ns.yaml
│ │ └── prefer-dual-stack
│ │ │ ├── README.md
│ │ │ ├── deploy.yaml
│ │ │ └── kustomization.yaml
│ ├── services
│ │ ├── echoip
│ │ │ ├── externalsecret-store.yaml
│ │ │ ├── externalsecret.yaml
│ │ │ ├── geoip-updater.yaml
│ │ │ ├── helmrelease.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── pvc.yaml
│ │ ├── kustomization.yaml
│ │ └── ns.yaml
│ ├── storage
│ │ ├── kustomization.yaml
│ │ ├── ns.yaml
│ │ └── storage-classes
│ │ │ ├── csi-driver-nfs
│ │ │ ├── helm-release.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── storage-class.yaml
│ │ │ ├── local-storage
│ │ │ ├── kustomization.yaml
│ │ │ ├── rancher-manifest.yaml
│ │ │ └── storage.yaml
│ │ │ ├── longhorn-custom
│ │ │ ├── crypto-longhorn.yaml
│ │ │ └── kustomization.yaml
│ │ │ └── nfs-client-provisioner
│ │ │ ├── kustomization.yaml
│ │ │ └── nfs-client-provisioner.yaml
│ └── system
│ │ ├── descheduler
│ │ ├── helm-release.yaml
│ │ └── kustomization.yaml
│ │ ├── intel-device-plugins
│ │ ├── gpu
│ │ │ ├── helm-release.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── nodefeaturerule.yaml
│ │ └── operator
│ │ │ ├── helm-release.yaml
│ │ │ └── kustomization.yaml
│ │ ├── kustomization.yaml
│ │ ├── node-feature-discovery
│ │ ├── helm-release.yaml
│ │ └── kustomization.yaml
│ │ ├── ns.yaml
│ │ └── reloader
│ │ ├── helm-release.yaml
│ │ └── kustomization.yaml
├── media
│ ├── .envrc
│ ├── .gitignore
│ ├── README.md
│ ├── apps
│ │ ├── databases
│ │ │ ├── cloudnative-pg
│ │ │ │ ├── cluster
│ │ │ │ │ ├── cluster16.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ ├── prom-rule.yaml
│ │ │ │ │ └── scheduledbackup.yaml
│ │ │ │ ├── ks-cluster.yaml
│ │ │ │ ├── ks.yaml
│ │ │ │ └── operator
│ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── secret.sops.yaml
│ │ │ └── kustomization.yaml
│ │ ├── flux-system
│ │ │ ├── doppler
│ │ │ │ ├── app
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── secret.sops.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── external-secrets
│ │ │ │ ├── ks.yaml
│ │ │ │ └── stores
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── onepassword
│ │ │ │ │ ├── clustersecretstore.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── secret.sops.yaml
│ │ │ └── kustomization.yaml
│ │ ├── gpu
│ │ │ ├── kustomization.yaml
│ │ │ └── operator
│ │ │ │ ├── app
│ │ │ │ ├── hr.yaml
│ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ ├── kube-system
│ │ │ ├── cilium
│ │ │ │ ├── app
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ └── values.yaml
│ │ │ │ ├── config
│ │ │ │ │ ├── BGP.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── loadbalancer-ips.yaml
│ │ │ │ ├── gateway
│ │ │ │ │ ├── internal.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ ├── ks-config.yaml
│ │ │ │ ├── ks-gateway.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── generic-device-plugin
│ │ │ │ ├── app
│ │ │ │ │ └── hr.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── nvidia
│ │ │ │ └── device-plugin
│ │ │ │ ├── app
│ │ │ │ ├── hr.yaml
│ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ ├── kustomization.yaml
│ │ ├── kyverno
│ │ │ └── ns.yaml
│ │ ├── media
│ │ │ ├── bazarr
│ │ │ │ ├── app
│ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ ├── patches
│ │ │ │ │ │ └── kustomizeconfig.yaml
│ │ │ │ │ ├── pvc.yaml
│ │ │ │ │ ├── scripts
│ │ │ │ │ │ └── post-process.sh
│ │ │ │ │ └── secret.sops.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── cross-seed
│ │ │ │ ├── app
│ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── emby
│ │ │ │ ├── app
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── pvc.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── jellyfin
│ │ │ │ ├── app
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ ├── pvc.yaml
│ │ │ │ │ └── replicationsource.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── kustomization.yaml
│ │ │ ├── media-index
│ │ │ │ ├── app
│ │ │ │ │ ├── configmap.yaml
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── ns.yaml
│ │ │ ├── qbit
│ │ │ │ ├── app
│ │ │ │ │ ├── config
│ │ │ │ │ │ └── post-rules-gluetun.txt
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ ├── pvc.yaml
│ │ │ │ │ └── secret.sops.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── qbittorrent
│ │ │ │ ├── app
│ │ │ │ │ ├── config
│ │ │ │ │ │ └── completed.sh
│ │ │ │ │ ├── es.yaml
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ ├── pvc-non-volsync.yaml
│ │ │ │ │ ├── pvc.yaml
│ │ │ │ │ ├── replicationdestination.yaml
│ │ │ │ │ └── replicationsource.yaml
│ │ │ │ ├── ks.yaml
│ │ │ │ └── tools
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── qbtools.secret.sops.yaml
│ │ │ ├── radarr
│ │ │ │ ├── app
│ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ ├── pvc.yaml
│ │ │ │ │ └── secret.sops.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── recyclarr
│ │ │ │ ├── app
│ │ │ │ │ ├── config
│ │ │ │ │ │ └── recyclarr.yml
│ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ ├── pvc.yaml
│ │ │ │ │ └── secret.sops.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── runtimeclassNvidia.yaml
│ │ │ ├── sabnzbd
│ │ │ │ ├── app
│ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ ├── pvc-volsync.yaml
│ │ │ │ │ ├── pvc.yaml
│ │ │ │ │ ├── replicationdestination.yaml
│ │ │ │ │ ├── replicationsource.yaml
│ │ │ │ │ └── resources
│ │ │ │ │ │ └── post-process.sh
│ │ │ │ └── ks.yaml
│ │ │ ├── sonarr
│ │ │ │ ├── app
│ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ ├── pvc.yaml
│ │ │ │ │ └── secret.sops.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── tautulli
│ │ │ │ ├── app
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── pvc.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── tdarr
│ │ │ │ ├── app
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── pvc.yaml
│ │ │ │ └── ks.yaml
│ │ │ └── unpackerr
│ │ │ │ ├── app
│ │ │ │ ├── externalsecret.yaml
│ │ │ │ ├── helm-release.yaml
│ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ ├── monitoring
│ │ │ ├── kustomization.yaml
│ │ │ └── scrutiny-collector
│ │ │ │ ├── app
│ │ │ │ └── hr.yaml
│ │ │ │ └── ks.yaml
│ │ ├── networking
│ │ │ ├── envoy
│ │ │ │ ├── ks.yaml
│ │ │ │ └── manifests
│ │ │ │ │ ├── client-policy.yaml
│ │ │ │ │ ├── configuration.yaml
│ │ │ │ │ ├── gateway.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── redirect.yaml
│ │ │ ├── k8s-gateway
│ │ │ │ ├── app
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── ocirepo.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── kustomization.yaml
│ │ │ ├── nginx
│ │ │ │ ├── app
│ │ │ │ │ └── hr.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── tailscale
│ │ │ │ ├── app
│ │ │ │ │ ├── es.yaml
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ ├── extras
│ │ │ │ │ └── proxyclass.yaml
│ │ │ │ └── ks.yaml
│ │ │ └── whoami
│ │ │ │ ├── app
│ │ │ │ ├── hr.yaml
│ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ ├── security
│ │ │ ├── authentik-remote-cluster
│ │ │ │ ├── app
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── ns.yaml
│ │ ├── storage
│ │ │ ├── kustomization.yaml
│ │ │ ├── local-path
│ │ │ │ ├── app
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── ns.yaml
│ │ │ ├── rook-ceph
│ │ │ │ ├── kustomization.yaml
│ │ │ │ ├── ns.yaml
│ │ │ │ └── rook
│ │ │ │ │ ├── cluster
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ │ ├── ks-cluster.yaml
│ │ │ │ │ ├── ks-operator.yaml
│ │ │ │ │ └── operator
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ └── snapshot-controller
│ │ │ │ ├── app
│ │ │ │ ├── helm-release.yaml
│ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ └── volsync
│ │ │ ├── kustomization.yaml
│ │ │ ├── ns.yaml
│ │ │ └── volsync
│ │ │ ├── app
│ │ │ ├── external-secret.yaml
│ │ │ ├── hr.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── prom-rule.yaml
│ │ │ └── ks.yaml
│ ├── ceph-import-ext.sh
│ ├── flux
│ │ ├── flux.yaml
│ │ └── gotk-sync.yaml
│ └── shared
│ │ ├── flux-system.yaml
│ │ ├── infra.yaml
│ │ ├── kube-system.yaml
│ │ ├── monitoring.yaml
│ │ └── networking.yaml
├── nebula
│ ├── .envrc
│ ├── .gitignore
│ ├── README.md
│ ├── apps
│ │ ├── ai
│ │ │ ├── kustomization.yaml
│ │ │ ├── ns.yaml
│ │ │ └── open-webui
│ │ │ │ ├── app
│ │ │ │ ├── es.yaml
│ │ │ │ ├── hr.yaml
│ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ ├── ci
│ │ │ ├── forgejo-actions
│ │ │ │ ├── app
│ │ │ │ │ ├── es.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── runner-amd64
│ │ │ │ │ │ ├── hr.yaml
│ │ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── github-actions
│ │ │ │ ├── app
│ │ │ │ │ ├── ks-runners.yaml
│ │ │ │ │ ├── ks.yaml
│ │ │ │ │ ├── operator
│ │ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ │ └── kustomization.yaml
│ │ │ │ │ └── runners
│ │ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── ns.yaml
│ │ │ │ │ │ ├── samip5-k8s-cluster-arm64.yaml
│ │ │ │ │ │ ├── samip5-k8s-cluster.yaml
│ │ │ │ │ │ ├── skysolutions-runners-arm64.yaml
│ │ │ │ │ │ └── skysolutions-runners.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ └── ns.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── ns.yaml
│ │ ├── collab
│ │ │ ├── kustomization.yaml
│ │ │ ├── littlelink
│ │ │ │ ├── app
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ └── ns.yaml
│ │ ├── comms
│ │ │ ├── conduwuit
│ │ │ │ ├── app
│ │ │ │ │ ├── README.md
│ │ │ │ │ ├── es.yaml
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── ns.yaml
│ │ ├── databases
│ │ │ ├── cloudnative-pg
│ │ │ │ ├── cluster-vectors
│ │ │ │ │ ├── cluster16-vector.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── scheduledbackup.yaml
│ │ │ │ ├── cluster
│ │ │ │ │ ├── cluster16.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ ├── lb.yaml
│ │ │ │ │ ├── prom-rule.yaml
│ │ │ │ │ └── scheduledbackup.yaml
│ │ │ │ ├── ks-cluster-vector.yaml
│ │ │ │ ├── ks-cluster.yaml
│ │ │ │ ├── ks.yaml
│ │ │ │ └── operator
│ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ ├── dragonfly
│ │ │ │ ├── app
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── rbac.yaml
│ │ │ │ ├── cluster
│ │ │ │ │ ├── cluster.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── podmonitor.yaml
│ │ │ │ ├── ks-cluster.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── influx
│ │ │ │ ├── app
│ │ │ │ │ ├── es.yaml
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── kustomization.yaml
│ │ │ ├── moco
│ │ │ │ ├── README.md
│ │ │ │ ├── cluster
│ │ │ │ │ ├── backups
│ │ │ │ │ │ ├── daily.yaml
│ │ │ │ │ │ ├── es.yaml
│ │ │ │ │ │ └── kustomization.yaml
│ │ │ │ │ ├── configmap.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── mysql-cluster.yaml
│ │ │ │ ├── ks-cluster.yaml
│ │ │ │ ├── ks.yaml
│ │ │ │ └── operator
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ ├── ns.yaml
│ │ │ └── pgadmin
│ │ │ │ ├── app
│ │ │ │ ├── config_local.py
│ │ │ │ ├── helm-release.yaml
│ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ ├── default
│ │ │ ├── immich
│ │ │ │ ├── app
│ │ │ │ │ ├── backendtrafficpolicy.yaml
│ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── pvc.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── kustomization.yaml
│ │ │ ├── linkwarden
│ │ │ │ ├── app
│ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── paperless
│ │ │ │ ├── app
│ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── smtp-relay
│ │ │ │ ├── app
│ │ │ │ │ ├── es.yaml
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── pvc.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── your_spotify
│ │ │ │ ├── app
│ │ │ │ │ ├── es.yaml
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ └── zipline
│ │ │ │ ├── app
│ │ │ │ ├── externalsecret.yaml
│ │ │ │ ├── helm-release.yaml
│ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ ├── finance
│ │ │ ├── actual
│ │ │ │ ├── app
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── ns.yaml
│ │ ├── games
│ │ │ ├── kustomization.yaml
│ │ │ └── ns.yaml
│ │ ├── home
│ │ │ ├── assistant
│ │ │ │ ├── app
│ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── pdb.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── esphome
│ │ │ │ ├── app
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── kustomization.yaml
│ │ │ ├── mosquitto
│ │ │ │ ├── app
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ ├── pdb.yaml
│ │ │ │ │ └── secret.sops.yaml
│ │ │ │ ├── exporter
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ ├── ks-exporter.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── ns.yaml
│ │ │ ├── priority-class.yaml
│ │ │ ├── wyoming-piper
│ │ │ │ ├── app
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── wyoming-whisper
│ │ │ │ ├── app
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ └── zigbee2mqtt
│ │ │ │ ├── app
│ │ │ │ ├── externalsecret.yaml
│ │ │ │ ├── helm-release.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ └── pdb.yaml
│ │ │ │ ├── exporter
│ │ │ │ ├── hr.yaml
│ │ │ │ └── kustomization.yaml
│ │ │ │ ├── ks-exporter.yaml
│ │ │ │ └── ks.yaml
│ │ ├── kube-system
│ │ │ ├── cilium
│ │ │ │ ├── app
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ └── values.yaml
│ │ │ │ ├── config
│ │ │ │ │ ├── BGP.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── loadbalancer-ips.yaml
│ │ │ │ ├── gateway
│ │ │ │ │ ├── external.yaml
│ │ │ │ │ ├── internal.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ ├── ks-config.yaml
│ │ │ │ ├── ks-gateway.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── descheduler
│ │ │ │ ├── app
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── generic-device-plugin
│ │ │ │ ├── app
│ │ │ │ │ └── hr.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── kubelet-csr-approver
│ │ │ │ ├── app
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── values.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── kustomization.yaml
│ │ │ ├── metrics-server
│ │ │ │ ├── app
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── multus
│ │ │ │ ├── app
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── rbac.yaml
│ │ │ │ ├── config
│ │ │ │ │ ├── crd.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ ├── net-attach-iot.yaml
│ │ │ │ │ └── net-attach-mgt.yaml
│ │ │ │ ├── ks-config.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── node-feature-discovery
│ │ │ │ ├── ks.yaml
│ │ │ │ └── rules
│ │ │ │ │ ├── hauppauge-pcie-tuner.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ ├── snapshot-controller
│ │ │ │ ├── app
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ └── spegel
│ │ │ │ ├── app
│ │ │ │ ├── hr.yaml
│ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ ├── kustomization.yaml
│ │ ├── media
│ │ │ ├── autobrr
│ │ │ │ ├── app
│ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── flaresolverr
│ │ │ │ ├── app
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── jellyseer
│ │ │ │ ├── app
│ │ │ │ │ ├── config-pvc.yaml
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── kustomization.yaml
│ │ │ ├── ns.yaml
│ │ │ ├── prowlarr
│ │ │ │ ├── app
│ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── recyclarr
│ │ │ │ ├── app
│ │ │ │ │ ├── config
│ │ │ │ │ │ └── recyclarr.yml
│ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── pvc.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── tvheadend
│ │ │ │ ├── app
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ └── wizarr
│ │ │ │ ├── app
│ │ │ │ ├── hr.yaml
│ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ ├── monitoring
│ │ │ ├── grafana
│ │ │ │ ├── app
│ │ │ │ │ ├── dashboards
│ │ │ │ │ │ ├── electricity_dash.json
│ │ │ │ │ │ ├── speedtest_exporter.json
│ │ │ │ │ │ └── zigbee_dash.json
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ ├── int-ingress.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── ocirepo.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── jellystat
│ │ │ │ ├── app
│ │ │ │ │ ├── es.yaml
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── kromgo
│ │ │ │ ├── app
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── resources
│ │ │ │ │ │ └── config.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── kustomization.yaml
│ │ │ ├── prom-stack
│ │ │ │ ├── app
│ │ │ │ │ ├── alertmanagerconfig.yaml
│ │ │ │ │ ├── es.yaml
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ └── scrutiny
│ │ │ │ ├── ks.yaml
│ │ │ │ └── scrutiny
│ │ │ │ ├── hr.yaml
│ │ │ │ └── kustomization.yaml
│ │ ├── networking
│ │ │ ├── cloudflared
│ │ │ │ ├── app
│ │ │ │ │ ├── DNSEndpoint.yaml
│ │ │ │ │ ├── configs
│ │ │ │ │ │ └── config.yaml
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── secret.sops.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── envoy
│ │ │ │ ├── app
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ ├── ks.yaml
│ │ │ │ └── manifests
│ │ │ │ │ ├── client-policy.yaml
│ │ │ │ │ ├── configuration.yaml
│ │ │ │ │ ├── gateway.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── redirect.yaml
│ │ │ ├── external-dns
│ │ │ │ ├── external
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── secret.sops.yaml
│ │ │ │ ├── internal-kapsi
│ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ ├── internal
│ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ ├── ks-external.yaml
│ │ │ │ ├── ks-internal.yaml
│ │ │ │ ├── ks-kapsi.yaml
│ │ │ │ ├── ks-shared.yaml
│ │ │ │ └── shared
│ │ │ │ │ ├── dnsendpoint-crd.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── ocirepo.yaml
│ │ │ ├── k8s-gateway
│ │ │ │ ├── app
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── ocirepo.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── ks-misc.yaml
│ │ │ ├── kustomization.yaml
│ │ │ ├── misc-ingresses
│ │ │ │ ├── dh-cert.yaml
│ │ │ │ ├── dh-endpoints.yaml
│ │ │ │ ├── dh-service.yaml
│ │ │ │ ├── httproute
│ │ │ │ │ ├── dh.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ ├── ingress
│ │ │ │ │ ├── dh-ingress.yaml
│ │ │ │ │ ├── genpi-minio-endpoints.yaml
│ │ │ │ │ ├── genpi-minio-ingress.yaml
│ │ │ │ │ ├── genpi-minio-svc.yaml
│ │ │ │ │ └── nas-ingress-and-service.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ └── sso-skylab.yaml
│ │ │ ├── nginx
│ │ │ │ ├── external
│ │ │ │ │ ├── custom-headers.yaml
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── test-headers.yaml
│ │ │ │ ├── internal
│ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ ├── ks-external.yaml
│ │ │ │ ├── ks-internal.yaml
│ │ │ │ ├── ks-shared.yaml
│ │ │ │ └── shared
│ │ │ │ │ ├── dashboard
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ ├── ns.yaml
│ │ │ ├── tailscale
│ │ │ │ ├── app
│ │ │ │ │ ├── es.yaml
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ ├── extras
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ ├── proxyclass.yaml
│ │ │ │ │ └── subnet-router.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── unimus
│ │ │ │ ├── app
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ └── whoami
│ │ │ │ ├── app
│ │ │ │ ├── hr.yaml
│ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ ├── school
│ │ │ ├── blog
│ │ │ │ ├── app
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── ns.yaml
│ │ ├── search
│ │ │ ├── elk
│ │ │ │ ├── ks-resources.yaml
│ │ │ │ ├── ks.yaml
│ │ │ │ ├── operator
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── resources
│ │ │ │ │ ├── es.yaml
│ │ │ │ │ ├── httproute-elk.yaml
│ │ │ │ │ ├── ingress-elk.yaml
│ │ │ │ │ ├── kibana.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── ns.yaml
│ │ ├── security
│ │ │ ├── authentik
│ │ │ │ ├── app
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ ├── internal-httproute.yaml
│ │ │ │ │ ├── internal-ingress.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ ├── webfinger-httproute.yaml
│ │ │ │ │ └── webfinger-ingress.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── external-secrets
│ │ │ │ ├── ks.yaml
│ │ │ │ └── stores
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── onepassword
│ │ │ │ │ ├── clustersecretstore.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── secret.sops.yaml
│ │ │ ├── kustomization.yaml
│ │ │ ├── ns.yaml
│ │ │ └── onepassword-connect
│ │ │ │ ├── app
│ │ │ │ ├── hr.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ └── onepassword-connect.secret.sops.yaml
│ │ │ │ └── ks.yaml
│ │ ├── services
│ │ │ ├── kustomization.yaml
│ │ │ ├── ns.yaml
│ │ │ └── searxng
│ │ │ │ ├── app
│ │ │ │ ├── es.yaml
│ │ │ │ ├── hr.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ └── resources
│ │ │ │ │ ├── limiter.toml
│ │ │ │ │ └── settings.yml
│ │ │ │ └── ks.yaml
│ │ ├── storage
│ │ │ ├── democractc-csi-local-path
│ │ │ │ ├── app
│ │ │ │ │ ├── helm-release.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── rook-ceph
│ │ │ │ ├── kustomization.yaml
│ │ │ │ ├── ns.yaml
│ │ │ │ └── rook
│ │ │ │ ├── cluster
│ │ │ │ ├── hr.yaml
│ │ │ │ └── kustomization.yaml
│ │ │ │ ├── ks-cluster.yaml
│ │ │ │ ├── ks-operator.yaml
│ │ │ │ └── operator
│ │ │ │ ├── hr.yaml
│ │ │ │ └── kustomization.yaml
│ │ ├── tor
│ │ │ ├── controller
│ │ │ │ ├── app
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── envoy-gw
│ │ │ │ ├── app
│ │ │ │ │ ├── gw.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── kustomization.yaml
│ │ │ ├── nginx
│ │ │ │ ├── app
│ │ │ │ │ ├── hr.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ └── ns.yaml
│ │ ├── volsync
│ │ │ ├── kustomization.yaml
│ │ │ ├── ns.yaml
│ │ │ └── volsync
│ │ │ │ ├── app
│ │ │ │ ├── external-secret.yaml
│ │ │ │ ├── hr.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ └── prom-rule.yaml
│ │ │ │ └── ks.yaml
│ │ └── vpn
│ │ │ ├── kustomization.yaml
│ │ │ ├── ns.yaml
│ │ │ └── vpn-gateway
│ │ │ ├── app
│ │ │ ├── helm-release.yaml
│ │ │ ├── kustomization.yaml
│ │ │ ├── netpol.yaml
│ │ │ └── secret.sops.yaml
│ │ │ ├── ks-webhook.yaml
│ │ │ ├── ks.yaml
│ │ │ └── webhook
│ │ │ ├── cert.yaml
│ │ │ ├── hr.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── webhook.yaml
│ ├── flux
│ │ └── config
│ │ │ ├── cluster.yaml
│ │ │ ├── flux.yaml
│ │ │ ├── kustomization.yaml
│ │ │ ├── private-flux-system.yaml
│ │ │ ├── shared.yaml
│ │ │ └── vm.yaml
│ ├── private-flux
│ │ ├── private-apps.yaml
│ │ ├── private-git-repo.yaml
│ │ └── private-ssh.sops.yaml
│ ├── shared
│ │ ├── flux-system.yaml
│ │ ├── infra.yaml
│ │ ├── kube-system.yaml
│ │ ├── monitoring.yaml
│ │ ├── networking.yaml
│ │ ├── storage.yaml
│ │ └── system.yaml
│ ├── talos
│ │ ├── .sops.yaml
│ │ ├── authentik.sh
│ │ ├── clusterconfig
│ │ │ └── .gitignore
│ │ ├── patches
│ │ │ ├── README.md
│ │ │ ├── controller
│ │ │ │ ├── api-access.yaml
│ │ │ │ ├── cluster.yaml
│ │ │ │ ├── disable-admission-controller.yaml
│ │ │ │ └── kube-prism.yaml
│ │ │ └── global
│ │ │ │ ├── cluster-discovery.yaml
│ │ │ │ ├── containerd.yaml
│ │ │ │ ├── disable-kexec.yaml
│ │ │ │ ├── disable-search-domain.yaml
│ │ │ │ ├── hostDNS.yaml
│ │ │ │ ├── kubelet.yaml
│ │ │ │ ├── nfs.yaml
│ │ │ │ ├── sysctl.yaml
│ │ │ │ ├── time.yaml
│ │ │ │ └── udev.yaml
│ │ ├── talconfig.yaml
│ │ └── talsecret.sops.yaml
│ └── wipe-rook.yaml
└── templates
│ ├── volsync-minio
│ ├── README.md
│ ├── kustomization.yaml
│ ├── minio
│ │ ├── externalsecret.yaml
│ │ ├── kustomization.yaml
│ │ ├── replicationdestination.yaml
│ │ └── replicationsource.yaml
│ └── pvc.yaml
│ └── volsync
│ ├── README.md
│ ├── kustomization.yaml
│ ├── minio
│ ├── externalsecret.yaml
│ ├── kustomization.yaml
│ ├── replicationdestination.yaml
│ └── replicationsource.yaml
│ ├── pvc.yaml
│ └── r2
│ ├── external-secret.yaml
│ ├── kustomization.yaml
│ └── replicationsource.yaml
├── provision
└── ansible
│ ├── ansible.cfg
│ ├── files
│ └── containerd-config.toml.j2
│ ├── media
│ ├── inventory
│ │ ├── group_vars
│ │ │ ├── kubernetes
│ │ │ │ └── k3s.yml
│ │ │ ├── master
│ │ │ │ └── k3s.yml
│ │ │ └── worker
│ │ │ │ └── k3s.yml
│ │ └── hosts.yaml
│ └── playbooks
│ ├── playbooks
│ ├── cilium-fix-addresses.yaml
│ ├── cluster-ceph-reset.yaml
│ ├── cluster-reboot.yaml
│ ├── files
│ ├── k3s-configure-containerd.yaml
│ ├── k3s-install.yaml
│ ├── k3s-nuke.yaml
│ ├── ubuntu-prepare.yaml
│ └── ubuntu-upgrade.yaml
│ ├── requirements.txt
│ ├── requirements.yaml
│ └── roles
│ └── ubuntu
│ ├── files
│ ├── cgroup-kill-on-shutdown.service
│ ├── nut
│ │ ├── nut.conf
│ │ ├── secrets.sops.yaml
│ │ ├── upssched-cmd
│ │ └── upssched.conf
│ └── sysctl.d
│ │ ├── 99-hugepages.conf.yaml
│ │ └── fs-sysctl-k3s.yaml
│ ├── handlers
│ └── main.yml
│ ├── tasks
│ ├── cgroup-killer.yml
│ ├── filesystem.yml
│ ├── kernel.yml
│ ├── locale.yml
│ ├── main.yml
│ ├── network.yml
│ ├── nut-config.yaml
│ ├── packages.yml
│ ├── unattended-upgrades.yml
│ └── user.yml
│ └── templates
│ ├── lldpd.conf
│ └── upsmon.conf
├── scripts
├── app-template-convert.pl
└── get-egctl.sh
├── templates
└── external-secrets
│ ├── externalsecret-store.yaml.tmpl
│ └── externalsecret.yaml.tmpl
└── terraform
└── mikrotik
├── main.tf
├── modules
└── rb5009
│ ├── _provider.tf
│ ├── _variables.tf
│ ├── bgp
│ ├── dev-cluster.tf
│ ├── main.tf
│ └── prod-cluster.tf
│ ├── bridge.tf
│ ├── containers.tf
│ ├── dhcp-client.tf
│ ├── dhcp6-client.tf
│ ├── dns-server.tf
│ ├── interface-lists.tf
│ ├── interfaces.tf
│ ├── ip-services.tf
│ ├── ntp.tf
│ ├── routing-bgp.tf
│ ├── snmp.tf
│ ├── system.tf
│ ├── vlan-iot.tf
│ ├── vlan-kube-dev.tf
│ ├── vlan-kube-prod.tf
│ ├── vlan-lan.tf
│ ├── vlan-mgmnt.tf
│ └── wireguard-vpn.tf
├── provider.tf
└── variables.tf
/.archive/base/system-upgrade/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./namespace.yaml
--------------------------------------------------------------------------------
/.archive/base/system-upgrade/namespace.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: system-upgrade
6 | labels:
7 | goldilocks.fairwinds.com/enabled: "true"
8 | kustomize.toolkit.fluxcd.io/prune: disabled
--------------------------------------------------------------------------------
/.archive/base/system-upgrade/system-upgrade-controller/plans/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - server-plan.yaml
6 | - agent-plan.yaml
7 |
--------------------------------------------------------------------------------
/.archive/base/vpn/downloads-gateway/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - secret.sops.yaml
6 | - helm-release.yaml
7 |
8 |
--------------------------------------------------------------------------------
/.archive/base/vpn/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ns.yaml
5 |
--------------------------------------------------------------------------------
/.archive/base/vpn/ns.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: vpn
6 | labels:
7 | goldilocks.fairwinds.com/enabled: 'true'
8 | kustomize.toolkit.fluxcd.io/prune: disabled
--------------------------------------------------------------------------------
/.archive/crypto/bisq/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | namespace: finance
4 | resources:
5 | - ./hr.yaml
6 | - ../../../../../templates/volsync-minio
7 |
--------------------------------------------------------------------------------
/.archive/crypto/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ./bisq/ks.yaml
5 |
--------------------------------------------------------------------------------
/.archive/downloads/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ns.yaml
5 | - netpol.yaml
6 |
--------------------------------------------------------------------------------
/.archive/downloads/ns.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: downloads
6 | labels:
7 | kustomize.toolkit.fluxcd.io/prune: disabled
8 | goldilocks.fairwinds.com/enabled: "true"
9 | vpn-routed-gateway: "true"
--------------------------------------------------------------------------------
/.archive/downloads/porla/externalsecret-store.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: external-secrets.io/v1beta1
3 | kind: ClusterSecretStore
4 | metadata:
5 | name: &name porla
6 | namespace: downloads
7 | spec:
8 | provider:
9 | doppler:
10 | project: *name
11 | config: prd
12 | auth:
13 | secretRef:
14 | dopplerToken:
15 | name: doppler-token-auth-api
16 | key: dopplerToken
17 | namespace: flux-system
--------------------------------------------------------------------------------
/.archive/downloads/porla/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | namespace: downloads
4 | resources:
5 | - ./externalsecret-store.yaml
6 | - ./externalsecret.yaml
7 | - ./pvc.yaml
8 | - ./helm-release.yaml
9 | configMapGenerator:
10 | - name: porla-configmap
11 | files:
12 | - config.toml=./configs/config.toml
13 | generatorOptions:
14 | disableNameSuffixHash: true
--------------------------------------------------------------------------------
/.archive/downloads/porla/pvc.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: PersistentVolumeClaim
4 | metadata:
5 | name: porla-config-v1
6 | namespace: downloads
7 | labels:
8 | app.kubernetes.io/name: &name porla
9 | app.kubernetes.io/instance: *name
10 | spec:
11 | accessModes:
12 | - ReadWriteOnce
13 | resources:
14 | requests:
15 | storage: 1Gi
16 | storageClassName: nfs-client
--------------------------------------------------------------------------------
/.archive/downloads/qbit/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - pvc.yaml
5 | - helmrelease.yaml
6 |
--------------------------------------------------------------------------------
/.archive/downloads/qbit/pvc.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: PersistentVolumeClaim
4 | metadata:
5 | name: qbittorrent-config-v1
6 | namespace: downloads
7 | labels:
8 | app.kubernetes.io/name: &name qbittorrent
9 | app.kubernetes.io/instance: *name
10 | spec:
11 | accessModes:
12 | - ReadWriteOnce
13 | resources:
14 | requests:
15 | storage: 1Gi
16 | storageClassName: fast-ceph-filesystem
17 |
--------------------------------------------------------------------------------
/.archive/matrix-synapse/app/externalsecret.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: external-secrets.io/v1beta1
3 | kind: ExternalSecret
4 | metadata:
5 | name: &name matrix-synapse-pg-creds
6 | namespace: comms
7 | spec:
8 | secretStoreRef:
9 | kind: ClusterSecretStore
10 | name: onepassword-connect
11 | target:
12 | name: *name
13 | dataFrom:
14 | - extract:
15 | key: matrix-synapse-pg-creds
16 |
--------------------------------------------------------------------------------
/.archive/matrix-synapse/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - pvc.yaml
5 | - externalsecret.yaml
6 | - helm-release.yaml
7 | - matrix-signing-key.sops.yaml
8 | - internal-ingress.yaml
9 |
--------------------------------------------------------------------------------
/.archive/matrix-synapse/app/pvc.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolumeClaim
3 | metadata:
4 | name: synapse-data
5 | namespace: comms
6 | spec:
7 | accessModes:
8 | - ReadWriteOnce
9 | resources:
10 | requests:
11 | storage: 50Gi
12 | storageClassName: ceph-block
--------------------------------------------------------------------------------
/.archive/media/external-dns/internal/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | namespace: networking
4 | resources:
5 | - ./externalsecret-store.yaml
6 | - ./externalsecret.yaml
7 | - ./helm-release.yaml
8 |
--------------------------------------------------------------------------------
/.archive/media/longhorn/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - helm-release.yaml
5 | - minio-secret.sops.yaml
6 |
--------------------------------------------------------------------------------
/.archive/media/plex/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./hr.yaml
6 | - ./pvc.yaml
7 |
--------------------------------------------------------------------------------
/.archive/media/plex/app/pvc.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: PersistentVolumeClaim
4 | metadata:
5 | name: plex-config-v1
6 | namespace: media
7 | spec:
8 | storageClassName: cephfs
9 | accessModes:
10 | - ReadWriteOnce
11 | resources:
12 | requests:
13 | storage: 5Gi
14 |
--------------------------------------------------------------------------------
/.archive/media/plex/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: plex
5 | namespace: flux-system
6 | spec:
7 | path: ./k8s/media/apps/media/plex/app
8 | prune: true
9 | sourceRef:
10 | kind: GitRepository
11 | name: flux-system
12 | interval: 30m
13 | retryInterval: 1m
14 | timeout: 5m
15 |
--------------------------------------------------------------------------------
/.archive/media/talos/.sops.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | creation_rules:
3 | - age: >-
4 | age13xy8slkuaz408wh5s0jgd40a8kqtj6gfnr657xxqku6vm0r0qpjqymtkmz
5 |
--------------------------------------------------------------------------------
/.archive/media/talos/clusterconfig/.gitignore:
--------------------------------------------------------------------------------
1 | media-plex-srv.yaml
2 | talosconfig
3 |
--------------------------------------------------------------------------------
/.archive/media/talos/patches/controller/api-access.yaml:
--------------------------------------------------------------------------------
1 | # Enable K8s Talos API Access
2 | machine:
3 | features:
4 | kubernetesTalosAPIAccess:
5 | enabled: true
6 | allowedRoles:
7 | - os:admin
8 | allowedKubernetesNamespaces:
9 | - system-upgrade
10 |
--------------------------------------------------------------------------------
/.archive/media/talos/patches/controller/cluster.yaml:
--------------------------------------------------------------------------------
1 | cluster:
2 | allowSchedulingOnMasters: true
3 | controllerManager:
4 | extraArgs:
5 | bind-address: 0.0.0.0
6 | coreDNS:
7 | disabled: true
8 | proxy:
9 | disabled: true
10 | scheduler:
11 | extraArgs:
12 | bind-address: 0.0.0.0
13 |
--------------------------------------------------------------------------------
/.archive/media/talos/patches/controller/disable-admission-controller.yaml:
--------------------------------------------------------------------------------
1 | # Disable default API server admission plugins.
2 | - op: remove
3 | path: /cluster/apiServer/admissionControl
4 |
--------------------------------------------------------------------------------
/.archive/media/talos/patches/controller/kube-prism.yaml:
--------------------------------------------------------------------------------
1 | machine:
2 | features:
3 | kubePrism:
4 | enabled: true
5 | port: 7445
6 |
--------------------------------------------------------------------------------
/.archive/media/talos/patches/global/cluster-discovery.yaml:
--------------------------------------------------------------------------------
1 | cluster:
2 | discovery:
3 | registries:
4 | kubernetes:
5 | disabled: false
6 | service:
7 | disabled: false
8 |
--------------------------------------------------------------------------------
/.archive/media/talos/patches/global/disable-search-domain.yaml:
--------------------------------------------------------------------------------
1 | machine:
2 | network:
3 | disableSearchDomain: true
4 |
--------------------------------------------------------------------------------
/.archive/media/talos/patches/global/kubelet.yaml:
--------------------------------------------------------------------------------
1 | machine:
2 | kubelet:
3 | extraArgs:
4 | rotate-server-certificates: "true"
5 | extraConfig:
6 | maxPods: 150
7 | nodeIP:
8 | validSubnets:
9 | - 192.168.2.0/24
10 |
--------------------------------------------------------------------------------
/.archive/media/talos/patches/global/nfs.yaml:
--------------------------------------------------------------------------------
1 | machine:
2 | files:
3 | - op: overwrite
4 | path: /etc/nfsmount.conf
5 | permissions: 0o644
6 | content: |
7 | [ NFSMount_Global_Options ]
8 | nfsvers=4.1
9 | hard=True
10 | noatime=True
11 | nodiratime=True
12 | rsize=131072
13 | wsize=131072
14 | nconnect=8
15 |
--------------------------------------------------------------------------------
/.archive/media/talos/patches/global/sysctl.yaml:
--------------------------------------------------------------------------------
1 | machine:
2 | sysctls:
3 | fs.inotify.max_queued_events: "65536"
4 | fs.inotify.max_user_instances: "8192"
5 | fs.inotify.max_user_watches: "524288"
6 | net.core.rmem_max: "2500000"
7 | net.core.wmem_max: "2500000"
8 |
--------------------------------------------------------------------------------
/.archive/media/talos/patches/global/udev.yaml:
--------------------------------------------------------------------------------
1 | machine:
2 | udev:
3 | rules:
4 | # Intel GPU
5 | - SUBSYSTEM=="drm", KERNEL=="renderD*", GROUP="44", MODE="0660"
6 |
--------------------------------------------------------------------------------
/.archive/mergerfs/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: cluster-storage-mergerfs
5 | namespace: flux-system
6 | spec:
7 | path: ./k8s/media/apps/storage/mergerfs/app
8 | prune: true
9 | sourceRef:
10 | kind: GitRepository
11 | name: flux-system
12 | wait: true
13 | interval: 30m
14 | timeout: 5m
15 |
--------------------------------------------------------------------------------
/.archive/nebula/baikal/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - hr.yaml
5 | - ../../../../../templates/volsync
6 |
--------------------------------------------------------------------------------
/.archive/nebula/ci/woodpecker/agent/hr.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/samip5/k8s-cluster/80274bcc8b736876772fd4efaf109a3c40734604/.archive/nebula/ci/woodpecker/agent/hr.yaml
--------------------------------------------------------------------------------
/.archive/nebula/ci/woodpecker/agent/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - secret.sops.yaml
6 | - hr.yaml
7 |
--------------------------------------------------------------------------------
/.archive/nebula/ci/woodpecker/agent/secret.sops.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/samip5/k8s-cluster/80274bcc8b736876772fd4efaf109a3c40734604/.archive/nebula/ci/woodpecker/agent/secret.sops.yaml
--------------------------------------------------------------------------------
/.archive/nebula/ci/woodpecker/ks-agent.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: cluster-apps-ci-wp-agent
5 | namespace: flux-system
6 | spec:
7 | path: ./k8s/nebula/apps/ci/woodpecker/agent
8 | prune: true
9 | sourceRef:
10 | kind: GitRepository
11 | name: flux-system
12 | interval: 30m
13 | retryInterval: 1m
14 | timeout: 5m
--------------------------------------------------------------------------------
/.archive/nebula/coder/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | namespace: dev
5 | resources:
6 | - ./externalsecret.yaml
7 | - ./internal-ingress.yaml
8 | - ./hr.yaml
9 |
--------------------------------------------------------------------------------
/.archive/nebula/coder/ks.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.toolkit.fluxcd.io/v1
3 | kind: Kustomization
4 | metadata:
5 | name: cluster-apps-coder
6 | namespace: flux-system
7 | spec:
8 | dependsOn:
9 | - name: cnpg-cluster
10 | path: ./k8s/nebula/apps/dev/coder/app
11 | prune: true
12 | sourceRef:
13 | kind: GitRepository
14 | name: flux-system
15 | wait: false # no flux ks dependents
16 | interval: 30m
17 | retryInterval: 1m
18 | timeout: 5m
--------------------------------------------------------------------------------
/.archive/nebula/finance/firefly/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | namespace: finance
4 | resources:
5 | - ./externalsecret.yaml
6 | - ./helm-release.yaml
7 | - ../../../../../templates/volsync
8 |
--------------------------------------------------------------------------------
/.archive/nebula/finance/firefly/importer/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ./externalsecret.yaml
5 | - ./helm-release.yaml
--------------------------------------------------------------------------------
/.archive/nebula/finance/firefly/importer/pvc.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolumeClaim
3 | metadata:
4 | name: firefly-importer-imports-v1
5 | namespace: finance
6 | spec:
7 | accessModes:
8 | - ReadWriteOnce
9 | resources:
10 | requests:
11 | storage: 1Gi
12 | storageClassName: nfs-client
--------------------------------------------------------------------------------
/.archive/nebula/finance/firefly/ks-importer.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: firefly-importer
5 | namespace: flux-system
6 | labels:
7 | component.skylab.fi/part-of: definitions
8 | spec:
9 | path: ./k8s/nebula/apps/finance/firefly/importer
10 | prune: true
11 | sourceRef:
12 | kind: GitRepository
13 | name: flux-system
14 | interval: 30m
15 | timeout: 5m
--------------------------------------------------------------------------------
/.archive/nebula/finance/paisa/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ./hr.yaml
5 | - ../../../../../templates/volsync-minio
6 |
--------------------------------------------------------------------------------
/.archive/nebula/games/factorio/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./es.yaml
7 | - ./hr.yaml
8 | - ../../../../../templates/volsync
9 |
--------------------------------------------------------------------------------
/.archive/nebula/games/minecraft/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./externalsecret.yaml
7 | - ./externalsecret-store.yaml
8 | - ./hr.yaml
9 | - ../../../../../templates/volsync
10 |
--------------------------------------------------------------------------------
/.archive/nebula/games/satisfactory/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - pvc.yaml
6 | - hr.yaml
7 | - ../../../../../templates/volsync
8 |
--------------------------------------------------------------------------------
/.archive/nebula/games/satisfactory/app/pvc.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: PersistentVolumeClaim
4 | metadata:
5 | name: sf-gamedata
6 | namespace: default
7 | spec:
8 | accessModes:
9 | - ReadWriteOnce
10 | resources:
11 | requests:
12 | storage: 30Gi
13 | storageClassName: ceph-block
--------------------------------------------------------------------------------
/.archive/nebula/i2pd/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./helm-release.yaml
6 | - ../../../../../templates/volsync
7 | configMapGenerator:
8 | - name: i2pd
9 | files:
10 | - config/i2pd-docker.conf
11 | generatorOptions:
12 | disableNameSuffixHash: true
13 | annotations:
14 | kustomize.toolkit.fluxcd.io/substitute: disabled
15 |
--------------------------------------------------------------------------------
/.archive/nebula/longhorn/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - helm-release.yaml
5 | - snapshotclass.yaml
6 |
--------------------------------------------------------------------------------
/.archive/nebula/longhorn/app/snapshotclass.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: snapshot.storage.k8s.io/v1
3 | kind: VolumeSnapshotClass
4 | deletionPolicy: Delete
5 | driver: driver.longhorn.io
6 | parameters:
7 | # needed for successful VolumeSnapshots
8 | # see: https://github.com/longhorn/longhorn/issues/2534#issuecomment-1010508714
9 | type: snap
10 | metadata:
11 | annotations:
12 | snapshot.storage.kubernetes.io/is-default-class: "true"
13 | name: longhorn-snapclass
--------------------------------------------------------------------------------
/.archive/nebula/longhorn/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: cluster-storage-longhorn
5 | namespace: flux-system
6 | spec:
7 | path: ./k8s/nebula/apps/storage/longhorn/app
8 | prune: true
9 | sourceRef:
10 | kind: GitRepository
11 | name: flux-system
12 | interval: 30m
13 | retryInterval: 1m
14 | timeout: 5m
--------------------------------------------------------------------------------
/.archive/nebula/longhorn/recurring-jobs/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - hr.yaml
5 |
--------------------------------------------------------------------------------
/.archive/nebula/mariadb/crds/hr.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: helm.toolkit.fluxcd.io/v2
2 | kind: HelmRelease
3 | metadata:
4 | name: mariadb-operator-crds
5 | namespace: databases
6 | spec:
7 | chart:
8 | spec:
9 | chart: mariadb-operator-crds
10 | sourceRef:
11 | kind: HelmRepository
12 | name: mariadb-operator
13 | namespace: flux-system
14 | version: "0.38.1"
15 | interval: 1h0m0s
16 |
--------------------------------------------------------------------------------
/.archive/nebula/mariadb/crds/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - hr.yaml
6 |
--------------------------------------------------------------------------------
/.archive/nebula/mariadb/ks-crds.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: mariadb-operator-crds
5 | namespace: flux-system
6 | spec:
7 | targetNamespace: databases
8 | path: ./k8s/nebula/apps/databases/mariadb/crds
9 | prune: true
10 | wait: true
11 | sourceRef:
12 | kind: GitRepository
13 | name: flux-system
14 | interval: 30m
15 | timeout: 5m
16 |
--------------------------------------------------------------------------------
/.archive/nebula/mariadb/ks-phpmyadmin.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: mariadb-phpmyadmin
5 | namespace: flux-system
6 | spec:
7 | path: ./k8s/nebula/apps/databases/mariadb/phpmyadmin/app
8 | prune: true
9 | sourceRef:
10 | kind: GitRepository
11 | name: flux-system
12 | interval: 30m
13 | timeout: 5m
14 |
--------------------------------------------------------------------------------
/.archive/nebula/mariadb/ks-resources.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: mariadb
5 | namespace: flux-system
6 | spec:
7 | dependsOn:
8 | - name: mariadb-operator
9 | targetNamespace: databases
10 | path: ./k8s/nebula/apps/databases/mariadb/resources
11 | prune: true
12 | sourceRef:
13 | kind: GitRepository
14 | name: flux-system
15 | interval: 30m
16 | timeout: 5m
17 |
--------------------------------------------------------------------------------
/.archive/nebula/mariadb/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: mariadb-operator
5 | namespace: flux-system
6 | spec:
7 | dependsOn:
8 | - name: mariadb-operator-crds
9 | path: ./k8s/nebula/apps/databases/mariadb/operator
10 | prune: true
11 | sourceRef:
12 | kind: GitRepository
13 | name: flux-system
14 | interval: 30m
15 | timeout: 5m
16 |
--------------------------------------------------------------------------------
/.archive/nebula/mariadb/operator/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - hr.yaml
6 |
--------------------------------------------------------------------------------
/.archive/nebula/mariadb/phpmyadmin/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | namespace: databases
4 | resources:
5 | - hr.yaml
6 |
--------------------------------------------------------------------------------
/.archive/nebula/mariadb/resources/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | namespace: databases
5 | resources:
6 | - ./externalsecret.yaml
7 | - ./externalsecret-backups.yaml
8 | - ./backup.yaml
9 | - ./backup-daily.yaml
10 | - ./mariadb.yaml
11 | - ./provisions
12 | labels:
13 | - pairs:
14 | app.kubernetes.io/name: mariadb
15 | app.kubernetes.io/part-of: mariadb
16 |
--------------------------------------------------------------------------------
/.archive/nebula/mariadb/resources/provisions/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - observium
6 | # - protu-staging-wordpress
7 |
--------------------------------------------------------------------------------
/.archive/nebula/mariadb/resources/provisions/observium/db.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: k8s.mariadb.com/v1alpha1
3 | kind: Database
4 | metadata:
5 | name: observium
6 | spec:
7 | mariaDbRef:
8 | name: mariadb-galera
9 | characterSet: utf8
10 | collate: utf8_general_ci
11 |
--------------------------------------------------------------------------------
/.archive/nebula/mariadb/resources/provisions/observium/grant.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: k8s.mariadb.com/v1alpha1
3 | kind: Grant
4 | metadata:
5 | name: observium
6 | spec:
7 | mariaDbRef:
8 | name: mariadb-galera
9 | privileges:
10 | - 'ALL'
11 | database: 'observium'
12 | table: '*'
13 | username: observium
14 |
--------------------------------------------------------------------------------
/.archive/nebula/mariadb/resources/provisions/observium/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - externalsecret.yaml
6 | - db.yaml
7 | - grant.yaml
8 | - user.yaml
9 |
--------------------------------------------------------------------------------
/.archive/nebula/mariadb/resources/provisions/observium/user.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: k8s.mariadb.com/v1alpha1
3 | kind: User
4 | metadata:
5 | name: observium
6 | spec:
7 | mariaDbRef:
8 | name: mariadb-galera
9 | passwordSecretKeyRef:
10 | name: observium-db-credentials
11 | key: password
12 | maxUserConnections: 20
13 |
--------------------------------------------------------------------------------
/.archive/nebula/mariadb/resources/provisions/protu-staging-wordpress/db.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: k8s.mariadb.com/v1alpha1
3 | kind: Database
4 | metadata:
5 | name: protu
6 | spec:
7 | mariaDbRef:
8 | name: mariadb-galera
9 | characterSet: utf8
10 | collate: utf8_general_ci
11 |
--------------------------------------------------------------------------------
/.archive/nebula/mariadb/resources/provisions/protu-staging-wordpress/grant.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: k8s.mariadb.com/v1alpha1
3 | kind: Grant
4 | metadata:
5 | name: protu
6 | spec:
7 | mariaDbRef:
8 | name: mariadb-galera
9 | privileges:
10 | - 'ALL'
11 | database: 'protu'
12 | table: '*'
13 | username: protu
14 |
--------------------------------------------------------------------------------
/.archive/nebula/mariadb/resources/provisions/protu-staging-wordpress/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - externalsecret.yaml
6 | - db.yaml
7 | - grant.yaml
8 | - user.yaml
9 |
--------------------------------------------------------------------------------
/.archive/nebula/mariadb/resources/provisions/protu-staging-wordpress/user.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: k8s.mariadb.com/v1alpha1
3 | kind: User
4 | metadata:
5 | name: protu
6 | spec:
7 | mariaDbRef:
8 | name: mariadb-galera
9 | passwordSecretKeyRef:
10 | name: protu-staging-db-credentials
11 | key: password
12 | maxUserConnections: 20
13 |
--------------------------------------------------------------------------------
/.archive/nebula/media/lidarr/app/externalsecret-store.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: external-secrets.io/v1beta1
3 | kind: ClusterSecretStore
4 | metadata:
5 | name: &name lidarr
6 | namespace: media
7 | spec:
8 | provider:
9 | doppler:
10 | project: *name
11 | config: prd
12 | auth:
13 | secretRef:
14 | dopplerToken:
15 | name: doppler-token-auth-api
16 | key: dopplerToken
17 | namespace: flux-system
--------------------------------------------------------------------------------
/.archive/nebula/media/lidarr/app/externalsecret.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: external-secrets.io/v1beta1
3 | kind: ExternalSecret
4 | metadata:
5 | name: &name lidarr
6 | namespace: media
7 | spec:
8 | secretStoreRef:
9 | kind: ClusterSecretStore
10 | name: *name
11 | target:
12 | name: *name
13 | dataFrom:
14 | - find:
15 | name:
16 | regexp: .*
--------------------------------------------------------------------------------
/.archive/nebula/media/lidarr/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | namespace: media
5 | resources:
6 | - pvc.yaml
7 | - helm-release.yaml
8 | # - ./externalsecret-store.yaml
9 | # - ./externalsecret.yaml
10 |
--------------------------------------------------------------------------------
/.archive/nebula/media/plex/externalsecret-plex.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: external-secrets.io/v1beta1
3 | kind: ExternalSecret
4 | metadata:
5 | name: plex
6 | namespace: media
7 | spec:
8 | secretStoreRef:
9 | kind: ClusterSecretStore
10 | name: plex
11 | target:
12 | name: plex-secret
13 | data:
14 | - secretKey: PLEX_CLAIM
15 | remoteRef:
16 | key: CLAIM_TOKEN
--------------------------------------------------------------------------------
/.archive/nebula/media/plex/externalsecret-store.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: external-secrets.io/v1beta1
3 | kind: ClusterSecretStore
4 | metadata:
5 | name: &name plex
6 | namespace: media
7 | spec:
8 | provider:
9 | doppler:
10 | project: *name
11 | config: prd
12 | auth:
13 | secretRef:
14 | dopplerToken:
15 | name: doppler-token-auth-api
16 | key: dopplerToken
17 | namespace: flux-system
--------------------------------------------------------------------------------
/.archive/nebula/media/plex/externalsecret.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: external-secrets.io/v1beta1
3 | kind: ExternalSecret
4 | metadata:
5 | name: plex-auto-language
6 | namespace: media
7 | spec:
8 | secretStoreRef:
9 | kind: ClusterSecretStore
10 | name: plex
11 | target:
12 | name: plex-auto-languages-secret
13 | data:
14 | - secretKey: PLEX_TOKEN
15 | remoteRef:
16 | key: PLEX_TOKEN
--------------------------------------------------------------------------------
/.archive/nebula/media/plex/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | namespace: media
5 | resources:
6 | - externalsecret-store.yaml
7 | - externalsecret.yaml
8 | - externalsecret-plex.yaml
9 | - helm-release.yaml
10 | - pvc.yaml
11 | commonLabels:
12 | app.kubernetes.io/name: plex
13 | app.kubernetes.io/instance: plex
14 |
--------------------------------------------------------------------------------
/.archive/nebula/media/plex/pvc.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | kind: PersistentVolumeClaim
3 | apiVersion: v1
4 | metadata:
5 | name: plex-config
6 | namespace: media
7 | labels:
8 | app.kubernetes.io/instance: plex
9 | app.kubernetes.io/name: plex
10 | spec:
11 | accessModes:
12 | - ReadWriteOnce
13 | resources:
14 | requests:
15 | storage: 30Gi
16 | storageClassName: local-path
--------------------------------------------------------------------------------
/.archive/nebula/media/radarr/externalsecret-store.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: external-secrets.io/v1beta1
3 | kind: ClusterSecretStore
4 | metadata:
5 | name: &name radarr
6 | namespace: media
7 | spec:
8 | provider:
9 | doppler:
10 | project: *name
11 | config: prd
12 | auth:
13 | secretRef:
14 | dopplerToken:
15 | name: doppler-token-auth-api
16 | key: dopplerToken
17 | namespace: flux-system
--------------------------------------------------------------------------------
/.archive/nebula/media/radarr/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | namespace: media
4 | resources:
5 | - externalsecret-store.yaml
6 | - externalsecret.yaml
7 | - pvc.yaml
8 | - helm-release.yaml
9 | generatorOptions:
10 | disableNameSuffixHash: true
11 | annotations:
12 | kustomize.toolkit.fluxcd.io/substitute: disabled
13 |
--------------------------------------------------------------------------------
/.archive/nebula/media/radarr/pvc.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolumeClaim
3 | metadata:
4 | name: radarr-config-v1
5 | namespace: media
6 | spec:
7 | storageClassName: longhorn
8 | accessModes:
9 | - ReadWriteOnce
10 | resources:
11 | requests:
12 | storage: 2Gi
13 | ---
--------------------------------------------------------------------------------
/.archive/nebula/media/recyclarr/app/externalsecret.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: external-secrets.io/v1beta1
3 | kind: ExternalSecret
4 | metadata:
5 | name: &name recyclarr
6 | namespace: media
7 | spec:
8 | secretStoreRef:
9 | kind: ClusterSecretStore
10 | name: *name
11 | target:
12 | name: *name
13 | dataFrom:
14 | - find:
15 | name:
16 | regexp: .*
--------------------------------------------------------------------------------
/.archive/nebula/media/recyclarr/app/pvc.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolumeClaim
3 | metadata:
4 | name: recyclarr-config-v2
5 | namespace: media
6 | spec:
7 | storageClassName: nfs-client
8 | accessModes:
9 | - ReadWriteOnce
10 | resources:
11 | requests:
12 | storage: 1Gi
13 | ---
--------------------------------------------------------------------------------
/.archive/nebula/media/recyclarr/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: cluster-apps-recyclarr
5 | namespace: flux-system
6 | labels:
7 | component.skylab.fi/part-of: definitions
8 | spec:
9 | path: ./k8s/nebula/apps/media/recyclarr/app
10 | prune: true
11 | sourceRef:
12 | kind: GitRepository
13 | name: flux-system
14 | interval: 30m
15 | retryInterval: 1m
16 | timeout: 5m
--------------------------------------------------------------------------------
/.archive/nebula/media/sonarr/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | namespace: media
5 | resources:
6 | - helm-release.yaml
7 | - pvc.yaml
8 | - externalsecret-store.yaml
9 | - externalsecret.yaml
10 | generatorOptions:
11 | disableNameSuffixHash: true
12 | annotations:
13 | kustomize.toolkit.fluxcd.io/substitute: disabled
14 |
--------------------------------------------------------------------------------
/.archive/nebula/media/sonarr/pvc.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: PersistentVolumeClaim
4 | metadata:
5 | name: sonarr-config-v1
6 | namespace: media
7 | spec:
8 | storageClassName: longhorn
9 | accessModes:
10 | - ReadWriteOnce
11 | resources:
12 | requests:
13 | storage: 5Gi
--------------------------------------------------------------------------------
/.archive/nebula/media/unpackerr/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | namespace: media
5 | resources:
6 | - helm-release.yaml
7 | - secret.sops.yaml
8 | generatorOptions:
9 | disableNameSuffixHash: true
10 |
--------------------------------------------------------------------------------
/.archive/nebula/networking/consul/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - helmrelease.yaml
6 | - ingress.yaml
--------------------------------------------------------------------------------
/.archive/nebula/networking/consul/custom-resources/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./proxy-defaults.yaml
6 |
--------------------------------------------------------------------------------
/.archive/nebula/networking/consul/custom-resources/proxy-defaults.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: consul.hashicorp.com/v1alpha1
2 | kind: ProxyDefaults
3 | metadata:
4 | name: global
5 | namespace: hashicorp
6 | spec:
7 | meshGateway:
8 | mode: local
9 |
--------------------------------------------------------------------------------
/.archive/nebula/networking/consul/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: cluster-apps-consul
5 | namespace: flux-system
6 | labels:
7 | component.skylab.fi/part-of: definitions
8 | spec:
9 | path: ./k8s/nebula/apps/networking/consul/app
10 | prune: true
11 | sourceRef:
12 | kind: GitRepository
13 | name: flux-system
14 | interval: 30m
15 | retryInterval: 1m
16 | timeout: 5m
--------------------------------------------------------------------------------
/.archive/nebula/networking/observium/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - hr.yaml
5 | - es.yaml
6 | - ../../../../../templates/volsync-minio
7 |
--------------------------------------------------------------------------------
/.archive/nebula/radicale/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - hr.yaml
5 | - ../../../../../templates/volsync
6 | configMapGenerator:
7 | - name: radicale-configmap
8 | files:
9 | - config/config.cfg
10 | generatorOptions:
11 | disableNameSuffixHash: true
12 | annotations:
13 | kustomize.toolkit.fluxcd.io/substitute: disabled
14 |
--------------------------------------------------------------------------------
/.archive/nebula/redis/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | namespace: databases
5 | resources:
6 | - helm-release.yaml
7 |
--------------------------------------------------------------------------------
/.archive/nebula/redis/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: redis
5 | namespace: flux-system
6 | spec:
7 | path: ./k8s/nebula/apps/databases/redis/app
8 | prune: true
9 | sourceRef:
10 | kind: GitRepository
11 | name: flux-system
12 | interval: 30m
13 | timeout: 5m
14 |
--------------------------------------------------------------------------------
/.archive/nebula/redlib/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./hr.yaml
6 |
--------------------------------------------------------------------------------
/.archive/nebula/shiori/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ./hr.yaml
5 | - ../../../../../templates/volsync
6 |
--------------------------------------------------------------------------------
/.archive/nebula/storage/longhorn/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - helm-release.yaml
5 | - minio-secret.sops.yaml
6 |
--------------------------------------------------------------------------------
/.archive/nebula/ytdl-material/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - hr.yaml
6 | - ../../../../../templates/volsync
7 |
--------------------------------------------------------------------------------
/.archive/vm/_cdi/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ./ns.yaml
5 | - ./repo.yaml
6 | - ./ks.yaml
7 | - ./upload-proxy-lb.yaml
8 |
--------------------------------------------------------------------------------
/.archive/vm/_cdi/ns.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | labels:
5 | cdi.kubevirt.io: ""
6 | name: cdi
7 |
--------------------------------------------------------------------------------
/.archive/vm/_cdi/repo.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: source.toolkit.fluxcd.io/v1
2 | kind: GitRepository
3 | metadata:
4 | name: kubevirt-flux-cdi
5 | namespace: flux-system
6 | spec:
7 | interval: 10m0s
8 | url: https://github.com/JJGadgets/kubevirt-flux.git
9 | ref:
10 | branch: cdi-v1.58.3
11 | ignore: |
12 | # exclude all to whitelist
13 | /*
14 | # include operator (with CRDs) and CR to deploy cdi
15 | !/deploy
16 |
--------------------------------------------------------------------------------
/.archive/vm/_cdi/upload-datavolume.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: cdi.kubevirt.io/v1beta1
2 | kind: DataVolume
3 | metadata:
4 | name: upload-datavolume
5 | spec:
6 | source:
7 | upload: {}
8 | pvc:
9 | accessModes:
10 | - ReadWriteOnce
11 | resources:
12 | requests:
13 | storage: 50Gi
14 | storageClassName: ceph-block
--------------------------------------------------------------------------------
/.archive/vm/_cdi/upload-proxy-lb.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: cdi-uploadproxy-lb
5 | namespace: cdi
6 | labels:
7 | cdi.kubevirt.io: "cdi-uploadproxy"
8 | spec:
9 | type: LoadBalancer
10 | ports:
11 | - port: 443
12 | targetPort: 8443
13 | protocol: TCP
14 | selector:
15 | cdi.kubevirt.io: cdi-uploadproxy
--------------------------------------------------------------------------------
/.archive/vm/_kubevirt/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ./ns.yaml
5 | - ./repo.yaml
6 | - ./ks.yaml
7 |
--------------------------------------------------------------------------------
/.archive/vm/_kubevirt/ns.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: kubevirt
5 | labels:
6 | pod-security.kubernetes.io/enforce: "privileged"
7 | kubevirt.io: ""
8 |
--------------------------------------------------------------------------------
/.archive/vm/_kubevirt/repo.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: source.toolkit.fluxcd.io/v1
2 | kind: GitRepository
3 | metadata:
4 | name: kubevirt-flux
5 | namespace: flux-system
6 | spec:
7 | interval: 10m0s
8 | url: https://github.com/JJGadgets/kubevirt-flux.git
9 | ref:
10 | branch: v1.2.0
11 | ignore: |
12 | # exclude all to whitelist
13 | /*
14 | # include operator (with CRDs) and CR to deploy KubeVirt
15 | !/deploy
16 |
--------------------------------------------------------------------------------
/.archive/vm/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ./_kubevirt
5 | - ./_cdi
6 | # - ./pbx/ks.yaml
7 |
--------------------------------------------------------------------------------
/.archive/vm/pbx/_deps/type.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: instancetype.kubevirt.io/v1beta1
3 | kind: VirtualMachineInstancetype
4 | metadata:
5 | name: "freepbx"
6 | spec:
7 | cpu:
8 | guest: 4
9 | memory:
10 | guest: 4096Mi
11 |
--------------------------------------------------------------------------------
/.archive/vm/pbx/template/svc-ssh.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: freepbx-ssh
5 | namespace: kubevirt
6 | spec:
7 | type: LoadBalancer
8 | selector:
9 | freepbx: "true"
10 | vm.home.arpa/os: freepbx
11 | ports:
12 | - name: ssh
13 | port: 22
14 | protocol: TCP
15 | targetPort: 22
16 |
17 |
--------------------------------------------------------------------------------
/.archive/vm/pbx/template/svc-ui.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: freepbx-ui
5 | namespace: kubevirt
6 | spec:
7 | type: LoadBalancer
8 | selector:
9 | freepbx: "true"
10 | vm.home.arpa/os: freepbx
11 | ports:
12 | - name: https
13 | port: 443
14 | protocol: TCP
15 | targetPort: 443
16 |
--------------------------------------------------------------------------------
/.github/labeler.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | area/ci:
3 | - changed-files:
4 | - any-glob-to-any-file: ".github/**/*"
5 | area/kubernetes:
6 | - changed-files:
7 | - any-glob-to-any-file: "k8s/**/*"
8 | cluster/nebula:
9 | - changed-files:
10 | - any-glob-to-any-file: k8s/nebula/**/*
11 | cluster/media:
12 | - changed-files:
13 | - any-glob-to-any-file: k8s/media/**/*
14 |
--------------------------------------------------------------------------------
/.github/lint/.prettierignore:
--------------------------------------------------------------------------------
1 | *.enc.*
2 | *.sops.*
3 | gotk-components.yaml
4 |
--------------------------------------------------------------------------------
/.github/lint/.yamllint.yaml:
--------------------------------------------------------------------------------
1 | ignore: |
2 | *.enc.*
3 | *.sops.*
4 | gotk-components.yaml
5 | extends: default
6 | rules:
7 | truthy:
8 | allowed-values: ["true", "false", "on"]
9 | comments:
10 | min-spaces-from-content: 1
11 | line-length: disable
12 | braces:
13 | min-spaces-inside: 0
14 | max-spaces-inside: 1
15 | brackets:
16 | min-spaces-inside: 0
17 | max-spaces-inside: 0
18 | indentation: enable
19 |
--------------------------------------------------------------------------------
/.github/renovate/disabledDatasources.json5:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json",
3 | "packageRules": [
4 | {
5 | "description": "Disable kubernetes-api",
6 | "matchManagers": ["kubernetes"],
7 | "matchDatasources": ["kubernetes-api"],
8 | "enabled": false
9 | }
10 | ]
11 | }
12 |
--------------------------------------------------------------------------------
/.github/renovate/looseVersioning.json5:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json",
3 | "packageRules": [
4 | {
5 | "description": "Loose versioning for non-semver packages",
6 | "matchDatasources": ["docker"],
7 | "versioning": "loose",
8 | "matchPackagePatterns": ["changedetection", "plex", "qbittorrent"]
9 | }]
10 | }
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | provision/kubeconfig
2 | provision/kubeconfig-k3s
3 | .venv
4 | .dea
5 | .vscode
6 | .task
7 |
--------------------------------------------------------------------------------
/.idea/.gitignore:
--------------------------------------------------------------------------------
1 | # Default ignored files
2 | /shelf/
3 | /workspace.xml
4 | # Editor-based HTTP Client requests
5 | /httpRequests/
6 | # Datasource local storage ignored files
7 | /dataSources/
8 | /dataSources.local.xml
9 |
--------------------------------------------------------------------------------
/.idea/discord.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
--------------------------------------------------------------------------------
/.idea/jsonCatalog.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | false
5 |
6 |
--------------------------------------------------------------------------------
/.idea/k8s-cluster.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/.idea/markdown.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/.idea/modules.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/.idea/vcs.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/.taskfiles/VolSync/scripts/wait-for-job.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | JOB=$1
4 | NAMESPACE="${2:-default}"
5 | CLUSTER="${3:-main}"
6 |
7 | [[ -z "${JOB}" ]] && echo "Job name not specified" && exit 1
8 | while true; do
9 | STATUS="$(kubectl --context "${CLUSTER}" -n "${NAMESPACE}" get pod -l job-name="${JOB}" -o jsonpath='{.items[*].status.phase}')"
10 | if [ "${STATUS}" == "Pending" ]; then
11 | break
12 | fi
13 | sleep 1
14 | done
15 |
--------------------------------------------------------------------------------
/.taskfiles/Workstation/Archfile:
--------------------------------------------------------------------------------
1 | age
2 | cloudflared-bin
3 | direnv
4 | flux-bin
5 | go-task
6 | go-yq
7 | helm
8 | helmfile
9 | jq
10 | kubeconform
11 | kubectl-bin
12 | kustomize
13 | moreutils
14 | sops
15 | stern-bin
16 | talhelper-bin
17 | talosctl
18 |
--------------------------------------------------------------------------------
/.taskfiles/Workstation/Brewfile:
--------------------------------------------------------------------------------
1 | tap "fluxcd/tap"
2 | tap "go-task/tap"
3 | tap "siderolabs/tap"
4 | brew "age"
5 | brew "cloudflared"
6 | brew "direnv"
7 | brew "fluxcd/tap/flux"
8 | brew "go-task/tap/go-task"
9 | brew "helm"
10 | brew "helmfile"
11 | brew "jq"
12 | brew "kubeconform"
13 | brew "kubernetes-cli"
14 | brew "kustomize"
15 | brew "moreutils"
16 | brew "sops"
17 | brew "stern"
18 | brew "talhelper"
19 | brew "talosctl"
20 | brew "yq"
21 |
--------------------------------------------------------------------------------
/k8s/base/cert-manager/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | namespace: cert-manager
6 | resources:
7 | - ./helm-release.yaml
8 |
9 |
--------------------------------------------------------------------------------
/k8s/base/cert-manager/issuers/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - secret.enc.yaml
7 | - kapsi-bind-secret.sops.yaml
8 | - zerossl-secret.enc.yaml
9 | - zerossl-production.yaml
10 | - letsencrypt-production.yaml
11 | - letsencrypt-staging.yaml
12 |
--------------------------------------------------------------------------------
/k8s/base/cert-manager/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ns.yaml
--------------------------------------------------------------------------------
/k8s/base/cert-manager/ns.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: cert-manager
--------------------------------------------------------------------------------
/k8s/base/cert-manager/overlays/media/certificates/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - wildcards
5 | - dh-cert.yaml
6 |
--------------------------------------------------------------------------------
/k8s/base/cert-manager/overlays/media/certificates/wildcards/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - certificate.yaml
5 |
--------------------------------------------------------------------------------
/k8s/base/cert-manager/overlays/nebula/certificates/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - wildcards
5 |
--------------------------------------------------------------------------------
/k8s/base/cert-manager/overlays/nebula/certificates/wildcards/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - certificate.yaml
5 | # - iki-domain-wild.yaml
6 | - root-domain-certificate.yaml
7 |
--------------------------------------------------------------------------------
/k8s/base/default/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/samip5/k8s-cluster/80274bcc8b736876772fd4efaf109a3c40734604/k8s/base/default/.gitkeep
--------------------------------------------------------------------------------
/k8s/base/flux-system/cluster-config/base/config.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: ConfigMap
4 | metadata:
5 | namespace: flux-system
6 | name: global-cluster-config
7 | data:
8 | TZ: "Europe/Helsinki"
--------------------------------------------------------------------------------
/k8s/base/flux-system/cluster-config/overlays/media/cluster-config.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: ConfigMap
4 | metadata:
5 | name: cluster-config
6 | namespace: flux-system
7 | data:
8 | CLUSTER_NAME: "media"
9 | CLUSTER_ID: "2"
10 | CLUSTER_POD_CIDR: "10.40.0.0/16"
11 | CLUSTER_SERVICE_CIDR: "10.40.0.0/16"
12 | NATIVE_CIDR: "192.168.2.0/24"
13 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/cluster-config/overlays/media/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ../../base/config.yaml
6 | - ../../base/base-secrets.sops.yaml
7 | - cluster-secrets.sops.yaml
8 | - cluster-config.yaml
--------------------------------------------------------------------------------
/k8s/base/flux-system/cluster-config/overlays/nebula/cluster-config.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: ConfigMap
4 | metadata:
5 | name: cluster-config
6 | namespace: flux-system
7 | data:
8 | CLUSTER_NAME: "nebula-0"
9 | CLUSTER_ID: "1"
10 | CLUSTER_POD_CIDR: "10.244.0.0/16"
11 | CLUSTER_SERVICE_CIDR: "10.96.0.0/16"
12 | NATIVE_CIDR: "10.0.105.0/24"
--------------------------------------------------------------------------------
/k8s/base/flux-system/cluster-config/overlays/nebula/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ../../base/config.yaml
6 | - ../../base/base-secrets.sops.yaml
7 | - cluster-secrets.sops.yaml
8 | - cluster-config.yaml
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/actions-runner-controller.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: source.toolkit.fluxcd.io/v1
2 | kind: HelmRepository
3 | metadata:
4 | name: actions-runner-controller
5 | namespace: flux-system
6 | spec:
7 | type: oci
8 | interval: 30m
9 | url: oci://ghcr.io/actions/actions-runner-controller-charts
10 | timeout: 3m
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/agones-charts.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: source.toolkit.fluxcd.io/v1
2 | kind: HelmRepository
3 | metadata:
4 | name: agones
5 | namespace: flux-system
6 | spec:
7 | interval: 30m
8 | url: https://agones.dev/chart/stable
9 | timeout: 3m
10 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/ananace-charts.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: ananace-charts
6 | namespace: flux-system
7 | spec:
8 | interval: 1h
9 | url: https://ananace.gitlab.io/charts
10 | timeout: 3m
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/angelnu-charts.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: angelnu-charts
6 | namespace: flux-system
7 | spec:
8 | interval: 10m
9 | url: https://angelnu.github.io/helm-charts/
10 | timeout: 3m
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/app-template.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1beta2
3 | kind: OCIRepository
4 | metadata:
5 | name: app-template
6 | namespace: flux-system
7 | spec:
8 | interval: 1h
9 | layerSelector:
10 | mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip
11 | operation: copy
12 | ref:
13 | tag: 4.0.1
14 | url: oci://ghcr.io/bjw-s-labs/helm/app-template
15 | verify:
16 | provider: cosign
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/backube.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: source.toolkit.fluxcd.io/v1
2 | kind: HelmRepository
3 | metadata:
4 | name: backube
5 | namespace: flux-system
6 | spec:
7 | interval: 2h
8 | url: https://backube.github.io/helm-charts/
9 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/bitnami.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: bitnami
6 | namespace: flux-system
7 | spec:
8 | type: oci
9 | interval: 10m
10 | url: oci://registry-1.docker.io/bitnamicharts/
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/bjw-s.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: bjw-s
6 | namespace: flux-system
7 | spec:
8 | interval: 30m
9 | url: https://bjw-s-labs.github.io/helm-charts/
10 | timeout: 3m
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/bugfest-charts.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: bugfest-charts
6 | namespace: flux-system
7 | spec:
8 | interval: 2h
9 | url: https://bugfest.github.io/tor-controller
10 | timeout: 3m
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/cilium-charts.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: cilium-charts
6 | namespace: flux-system
7 | spec:
8 | interval: 10m
9 | url: https://helm.cilium.io
10 | timeout: 3m
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/cloudnative-pg.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: cloudnative-pg
6 | namespace: flux-system
7 | spec:
8 | interval: 30m
9 | url: https://cloudnative-pg.github.io/charts
10 | timeout: 3m
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/coder-charts.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: coder-charts
6 | namespace: flux-system
7 | spec:
8 | interval: 15m
9 | url: https://helm.coder.com/v2/
10 | timeout: 3m
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/coredns-charts.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: coredns-charts
6 | namespace: flux-system
7 | spec:
8 | interval: 15m
9 | url: https://coredns.github.io/helm
10 | timeout: 3m
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/deliveryhero-charts.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: deliveryhero-charts
6 | namespace: flux-system
7 | spec:
8 | interval: 10m
9 | url: https://charts.deliveryhero.io/
10 | timeout: 3m
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/democratic-csi.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: democratic-csi
6 | namespace: flux-system
7 | spec:
8 | interval: 30m
9 | url: https://democratic-csi.github.io/charts/
10 | timeout: 3m
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/elastic.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: elastic
6 | namespace: flux-system
7 | spec:
8 | interval: 15m
9 | url: https://helm.elastic.co
10 | timeout: 3m
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/emberstack-charts.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: emberstack-charts
6 | namespace: flux-system
7 | spec:
8 | interval: 10m
9 | url: https://emberstack.github.io/helm-charts/
10 | timeout: 3m
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/envoy-proxy.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: envoy-proxy
6 | namespace: flux-system
7 | spec:
8 | type: oci
9 | interval: 5m
10 | url: oci://docker.io/envoyproxy
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/external-dns-charts.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: external-dns-charts
6 | namespace: flux-system
7 | spec:
8 | interval: 15m
9 | url: https://kubernetes-sigs.github.io/external-dns
10 | timeout: 3m
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/external-secrets.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: external-secrets
6 | namespace: flux-system
7 | spec:
8 | interval: 30m
9 | url: https://charts.external-secrets.io
10 | timeout: 3m
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/factorio.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: source.toolkit.fluxcd.io/v1
2 | kind: HelmRepository
3 | metadata:
4 | name: factorio
5 | namespace: flux-system
6 | spec:
7 | interval: 1h0m0s
8 | url: https://sqljames.github.io/factorio-server-charts/
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/goauthentik-charts.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: authentik-charts
6 | namespace: flux-system
7 | spec:
8 | interval: 15m
9 | url: https://charts.goauthentik.io/
10 | timeout: 3m
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/grafana-charts.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: grafana-charts
6 | namespace: flux-system
7 | spec:
8 | interval: 1h
9 | url: https://grafana.github.io/helm-charts
10 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/hashicorp.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: hashicorp-charts
6 | namespace: flux-system
7 | spec:
8 | interval: 15m
9 | url: https://helm.releases.hashicorp.com
10 | timeout: 3m
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/ingress-nginx.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: ingress-nginx-charts
6 | namespace: flux-system
7 | spec:
8 | interval: 15m
9 | url: https://kubernetes.github.io/ingress-nginx
10 | timeout: 3m
11 |
12 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/intel.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1beta2.json
3 | apiVersion: source.toolkit.fluxcd.io/v1
4 | kind: HelmRepository
5 | metadata:
6 | name: intel
7 | namespace: flux-system
8 | spec:
9 | interval: 30m
10 | url: https://intel.github.io/helm-charts
11 | timeout: 3m
12 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/jenkins-charts.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: jenkins-charts
6 | namespace: flux-system
7 | spec:
8 | interval: 10m
9 | url: https://charts.jenkins.io/
10 | timeout: 3m
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/jenkins-operator-charts.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: jenkins-operator-charts
6 | namespace: flux-system
7 | spec:
8 | interval: 10m
9 | url: https://raw.githubusercontent.com/jenkinsci/kubernetes-operator/master/chart
10 | timeout: 3m
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/jetstack.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: jetstack-charts
6 | namespace: flux-system
7 | spec:
8 | interval: 15m
9 | url: https://charts.jetstack.io/
10 | timeout: 3m
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/k8s-gateway.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: k8s-gateway
6 | namespace: flux-system
7 | spec:
8 | interval: 15m
9 | url: https://k8s-gateway.github.io/k8s_gateway/
10 | timeout: 3m
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/kubernetes-sigs-descheduler-charts.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://kubernetes-schemas.trux.dev/helmrepository_v1beta2.json
3 | apiVersion: source.toolkit.fluxcd.io/v1
4 | kind: HelmRepository
5 | metadata:
6 | name: kubernetes-sigs-descheduler-charts
7 | namespace: flux-system
8 | spec:
9 | interval: 15m
10 | url: https://kubernetes-sigs.github.io/descheduler
11 | timeout: 3m
12 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/kubernetes-sigs-metrics-server-charts.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://kubernetes-schemas.trux.dev/helmrepository_v1beta2.json
3 | apiVersion: source.toolkit.fluxcd.io/v1
4 | kind: HelmRepository
5 | metadata:
6 | name: kubernetes-sigs-metrics-server-charts
7 | namespace: flux-system
8 | spec:
9 | interval: 15m
10 | url: https://kubernetes-sigs.github.io/metrics-server
11 | timeout: 3m
12 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/kyverno.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://kubernetes-schemas.trux.dev/helmrepository_v1beta2.json
3 | apiVersion: source.toolkit.fluxcd.io/v1
4 | kind: HelmRepository
5 | metadata:
6 | name: kyverno
7 | namespace: flux-system
8 | spec:
9 | interval: 30m
10 | url: https://kyverno.github.io/kyverno/
11 | timeout: 3m
12 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/longhorn.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: longhorn
6 | namespace: flux-system
7 | spec:
8 | interval: 30m
9 | url: https://charts.longhorn.io
10 | timeout: 3m
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/mariadb-operator.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: source.toolkit.fluxcd.io/v1
2 | kind: HelmRepository
3 | metadata:
4 | name: mariadb-operator
5 | namespace: flux-system
6 | spec:
7 | interval: 1h
8 | url: https://mariadb-operator.github.io/mariadb-operator
9 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/metrics-server-charts.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: metrics-server-charts
6 | namespace: flux-system
7 | spec:
8 | interval: 1h
9 | url: https://kubernetes-sigs.github.io/metrics-server
10 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/minecraft-charts.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: minecraft-server
6 | namespace: flux-system
7 | spec:
8 | interval: 15m
9 | url: https://itzg.github.io/minecraft-server-charts/
10 | timeout: 3m
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/moco.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: source.toolkit.fluxcd.io/v1
2 | kind: HelmRepository
3 | metadata:
4 | name: moco
5 | namespace: flux-system
6 | spec:
7 | interval: 1h
8 | url: https://cybozu-go.github.io/moco/
9 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/nfs-subdir-charts.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: nfs-subdir-external-provisioner-charts
6 | namespace: flux-system
7 | spec:
8 | interval: 10m
9 | url: https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/
10 | timeout: 3m
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/node-feature-discovery-charts.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: source.toolkit.fluxcd.io/v1
2 | kind: HelmRepository
3 | metadata:
4 | name: node-feature-discovery
5 | namespace: flux-system
6 | spec:
7 | interval: 2h
8 | url: https://kubernetes-sigs.github.io/node-feature-discovery/charts
9 | timeout: 3m
10 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/nvdp.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: nvdp
6 | namespace: flux-system
7 | spec:
8 | interval: 1h
9 | url: https://nvidia.github.io/k8s-device-plugin
10 | timeout: 3m
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/nvidia.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: nvidia
6 | namespace: flux-system
7 | spec:
8 | interval: 1h
9 | url: https://helm.ngc.nvidia.com/nvidia
10 | timeout: 3m
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/piraeus-charts.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: piraeus-charts
6 | namespace: flux-system
7 | spec:
8 | interval: 1h
9 | url: https://piraeus.io/helm-charts/
10 | timeout: 3m
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/postfinance.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1beta2.json
3 | apiVersion: source.toolkit.fluxcd.io/v1
4 | kind: HelmRepository
5 | metadata:
6 | name: postfinance
7 | namespace: flux-system
8 | spec:
9 | interval: 12h
10 | url: https://postfinance.github.io/kubelet-csr-approver/
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/prometheus-community.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://kubernetes-schemas.trux.dev/helmrepository_v1beta2.json
3 | apiVersion: source.toolkit.fluxcd.io/v1
4 | kind: HelmRepository
5 | metadata:
6 | name: prometheus-community
7 | namespace: flux-system
8 | spec:
9 | interval: 15m
10 | url: https://prometheus-community.github.io/helm-charts
11 | timeout: 3m
12 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/renovate.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: renovate
6 | namespace: flux-system
7 | spec:
8 | interval: 30m
9 | url: https://docs.renovatebot.com/helm-charts/
10 | timeout: 3m
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/rook-ceph.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helmrepository_v1beta2.json
3 | apiVersion: source.toolkit.fluxcd.io/v1
4 | kind: HelmRepository
5 | metadata:
6 | name: rook-ceph
7 | namespace: flux-system
8 | spec:
9 | interval: 2h
10 | url: https://charts.rook.io/release
11 | timeout: 3m
12 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/samipsolutions-charts.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://kubernetes-schemas.trux.dev/helmrepository_v1beta2.json
3 | apiVersion: source.toolkit.fluxcd.io/v1
4 | kind: HelmRepository
5 | metadata:
6 | name: samipsolutions-charts
7 | namespace: flux-system
8 | spec:
9 | interval: 15m
10 | url: https://helm.skysolutions.fi/
11 | timeout: 3m
12 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/spegel.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json
3 | apiVersion: source.toolkit.fluxcd.io/v1
4 | kind: HelmRepository
5 | metadata:
6 | name: spegel
7 | namespace: flux-system
8 | spec:
9 | interval: 12h
10 | url: oci://ghcr.io/spegel-org/helm-charts/
11 | type: oci
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/stakater-charts.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: stakater-charts
6 | namespace: flux-system
7 | spec:
8 | interval: 1h
9 | url: https://stakater.github.io/stakater-charts
10 | timeout: 3m
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/tailscale.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: tailscale
6 | namespace: flux-system
7 | spec:
8 | interval: 1h
9 | url: https://pkgs.tailscale.com/helmcharts/
10 | timeout: 3m
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/tyzbit.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: source.toolkit.fluxcd.io/v1
2 | kind: HelmRepository
3 | metadata:
4 | name: tyzbit
5 | namespace: flux-system
6 | spec:
7 | interval: 10m
8 | timeout: 1m0s
9 | url: https://tyzbit.github.io/helm-charts/
10 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/weave-gitops.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: weave-gitops
6 | namespace: flux-system
7 | spec:
8 | type: oci
9 | interval: 5m
10 | url: oci://ghcr.io/weaveworks/charts
11 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/woodpecker.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: source.toolkit.fluxcd.io/v1
3 | kind: HelmRepository
4 | metadata:
5 | name: woodpecker
6 | namespace: flux-system
7 | spec:
8 | interval: 2h
9 | url: https://woodpecker-ci.org/
10 |
--------------------------------------------------------------------------------
/k8s/base/flux-system/helm-chart-repos/wrenix.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json
3 | apiVersion: source.toolkit.fluxcd.io/v1
4 | kind: HelmRepository
5 | metadata:
6 | name: wrenix
7 | namespace: flux-system
8 | spec:
9 | interval: 12h
10 | url: oci://codeberg.org/wrenix/helm-charts/
11 | type: oci
--------------------------------------------------------------------------------
/k8s/base/flux-system/notifications/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - github/notify.yaml
6 | - github/secret.sops.yaml
--------------------------------------------------------------------------------
/k8s/base/flux-system/webhook/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - github/receiver.yaml
6 | - github/secret.sops.yaml
--------------------------------------------------------------------------------
/k8s/base/flux-system/webhook/overlays/media/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - github/httproute.yaml
--------------------------------------------------------------------------------
/k8s/base/flux-system/webhook/overlays/nebula/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - github/httproute.yaml
--------------------------------------------------------------------------------
/k8s/base/infra/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ns.yaml
--------------------------------------------------------------------------------
/k8s/base/infra/ns.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: infra
5 | labels:
6 | goldilocks.fairwinds.com/enabled: "true"
--------------------------------------------------------------------------------
/k8s/base/kube-system/coredns/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - helm-release.yaml
6 |
--------------------------------------------------------------------------------
/k8s/base/kube-system/reflector/ns.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: system
--------------------------------------------------------------------------------
/k8s/base/monitoring/arrs/radarr/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ./radarr-secret.sops.yaml
5 | - ./helmrelease.yaml
--------------------------------------------------------------------------------
/k8s/base/monitoring/arrs/sonarr/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ./helmrelease.yaml
5 | - ./sonarr-secret.sops.yaml
6 |
--------------------------------------------------------------------------------
/k8s/base/monitoring/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ns.yaml
--------------------------------------------------------------------------------
/k8s/base/monitoring/ns.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: monitoring
6 | labels:
7 | goldilocks.fairwinds.com/enabled: "true"
--------------------------------------------------------------------------------
/k8s/base/monitoring/prom-stack/crds/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - hr.yaml
6 |
--------------------------------------------------------------------------------
/k8s/base/networking/envoy/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./hr.yaml
--------------------------------------------------------------------------------
/k8s/base/networking/gateway-api/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - gitrepo.yaml
6 | - flux-ks.yaml
--------------------------------------------------------------------------------
/k8s/base/networking/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ns.yaml
--------------------------------------------------------------------------------
/k8s/base/networking/nginx/custom-headers.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | data:
3 | X-Proxied-By: "ingress-nginx"
4 | kind: ConfigMap
5 | metadata:
6 | name: nginx-custom
7 | namespace: networking
--------------------------------------------------------------------------------
/k8s/base/networking/ns.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: networking
6 | labels:
7 | goldilocks.fairwinds.com/enabled: "true"
--------------------------------------------------------------------------------
/k8s/base/networking/prefer-dual-stack/README.md:
--------------------------------------------------------------------------------
1 | ## prefer-dual-stack mutating webhook
2 |
3 | This is deployed so that all services have PreferDualStack added to them, because kubernetes defaults to SingleStack.
--------------------------------------------------------------------------------
/k8s/base/networking/prefer-dual-stack/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - deploy.yaml
5 |
--------------------------------------------------------------------------------
/k8s/base/services/echoip/externalsecret-store.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: external-secrets.io/v1beta1
3 | kind: ClusterSecretStore
4 | metadata:
5 | name: &name geoip
6 | namespace: services
7 | spec:
8 | provider:
9 | doppler:
10 | project: *name
11 | config: prd
12 | auth:
13 | secretRef:
14 | dopplerToken:
15 | name: doppler-token-auth-api
16 | key: dopplerToken
17 | namespace: flux-system
--------------------------------------------------------------------------------
/k8s/base/services/echoip/externalsecret.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/samip5/k8s-cluster/80274bcc8b736876772fd4efaf109a3c40734604/k8s/base/services/echoip/externalsecret.yaml
--------------------------------------------------------------------------------
/k8s/base/services/echoip/kustomization.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/samip5/k8s-cluster/80274bcc8b736876772fd4efaf109a3c40734604/k8s/base/services/echoip/kustomization.yaml
--------------------------------------------------------------------------------
/k8s/base/services/echoip/pvc.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/samip5/k8s-cluster/80274bcc8b736876772fd4efaf109a3c40734604/k8s/base/services/echoip/pvc.yaml
--------------------------------------------------------------------------------
/k8s/base/services/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ns.yaml
6 |
--------------------------------------------------------------------------------
/k8s/base/services/ns.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: services
6 | labels:
7 | goldilocks.fairwinds.com/enabled: "true"
--------------------------------------------------------------------------------
/k8s/base/storage/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ns.yaml
5 |
--------------------------------------------------------------------------------
/k8s/base/storage/ns.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: storage
--------------------------------------------------------------------------------
/k8s/base/storage/storage-classes/csi-driver-nfs/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - helm-release.yaml
5 | - storage-class.yaml
6 |
--------------------------------------------------------------------------------
/k8s/base/storage/storage-classes/csi-driver-nfs/storage-class.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: storage.k8s.io/v1
3 | kind: StorageClass
4 | metadata:
5 | name: nfs-client
6 | provisioner: nfs.csi.k8s.io
7 | parameters:
8 | server: 192.168.2.2
9 | share: /volume2/SSD_NFS/k8s/
10 | reclaimPolicy: Retain
11 | volumeBindingMode: Immediate
12 | allowVolumeExpansion: true
13 | mountOptions:
14 | - nfsvers=3
15 | - nconnect=8
16 | - hard
17 | - noatime
--------------------------------------------------------------------------------
/k8s/base/storage/storage-classes/local-storage/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | namespace: storage
4 | resources:
5 | - rancher-manifest.yaml
6 |
--------------------------------------------------------------------------------
/k8s/base/storage/storage-classes/local-storage/storage.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: storage.k8s.io/v1
2 | kind: StorageClass
3 | metadata:
4 | name: local-storage
5 | provisioner: kubernetes.io/no-provisioner
6 | volumeBindingMode: WaitForFirstConsumer
7 |
--------------------------------------------------------------------------------
/k8s/base/storage/storage-classes/longhorn-custom/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - crypto-longhorn.yaml
5 |
--------------------------------------------------------------------------------
/k8s/base/storage/storage-classes/nfs-client-provisioner/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - nfs-client-provisioner.yaml
5 |
--------------------------------------------------------------------------------
/k8s/base/system/descheduler/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - helm-release.yaml
5 |
--------------------------------------------------------------------------------
/k8s/base/system/intel-device-plugins/gpu/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | namespace: system
5 | resources:
6 | - ./helm-release.yaml
7 | - ./nodefeaturerule.yaml
--------------------------------------------------------------------------------
/k8s/base/system/intel-device-plugins/operator/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | namespace: system
5 | resources:
6 | - ./helm-release.yaml
--------------------------------------------------------------------------------
/k8s/base/system/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ns.yaml
5 |
--------------------------------------------------------------------------------
/k8s/base/system/node-feature-discovery/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - helm-release.yaml
5 |
--------------------------------------------------------------------------------
/k8s/base/system/ns.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: system
6 | labels:
7 | goldilocks.fairwinds.com/enabled: "true"
--------------------------------------------------------------------------------
/k8s/base/system/reloader/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - helm-release.yaml
5 |
--------------------------------------------------------------------------------
/k8s/media/.envrc:
--------------------------------------------------------------------------------
1 | export KUBECONFIG="$(expand_path ./kubeconfig-k3s)"
2 | export SOPS_AGE_KEY_FILE=$(expand_path ~/.config/sops/age/keys.txt)
3 |
--------------------------------------------------------------------------------
/k8s/media/.gitignore:
--------------------------------------------------------------------------------
1 | kubeconfig
2 | kubeconfig-k3s
3 |
--------------------------------------------------------------------------------
/k8s/media/README.md:
--------------------------------------------------------------------------------
1 | ## cluster-3
2 |
3 | This is running on my Media server.
--------------------------------------------------------------------------------
/k8s/media/apps/databases/cloudnative-pg/cluster/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | namespace: databases
5 | resources:
6 | - cluster16.yaml
7 | - scheduledbackup.yaml
8 | labels:
9 | - pairs:
10 | app.kubernetes.io/name: cloudnative-pg-cluster
11 | app.kubernetes.io/instance: cloudnative-pg-cluster
12 | app.kubernetes.io/part-of: cloudnative-pg
13 |
--------------------------------------------------------------------------------
/k8s/media/apps/databases/cloudnative-pg/cluster/scheduledbackup.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/postgresql.cnpg.io/scheduledbackup_v1.json
3 | apiVersion: postgresql.cnpg.io/v1
4 | kind: ScheduledBackup
5 | metadata:
6 | name: daily-backup
7 | namespace: databases
8 | spec:
9 | backupOwnerReference: self
10 | schedule: "@daily"
11 | cluster:
12 | name: postgres16
13 |
--------------------------------------------------------------------------------
/k8s/media/apps/databases/cloudnative-pg/ks-cluster.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: cnpg-cluster
5 | namespace: flux-system
6 | spec:
7 | dependsOn:
8 | - name: cnpg-operator
9 | path: ./k8s/media/apps/databases/cloudnative-pg/cluster
10 | prune: true
11 | sourceRef:
12 | kind: GitRepository
13 | name: flux-system
14 | interval: 30m
15 | timeout: 5m
--------------------------------------------------------------------------------
/k8s/media/apps/databases/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - cloudnative-pg/ks.yaml
5 | - cloudnative-pg/ks-cluster.yaml
6 |
--------------------------------------------------------------------------------
/k8s/media/apps/flux-system/doppler/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ./secret.sops.yaml
5 |
--------------------------------------------------------------------------------
/k8s/media/apps/flux-system/external-secrets/stores/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./onepassword
7 |
--------------------------------------------------------------------------------
/k8s/media/apps/flux-system/external-secrets/stores/onepassword/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./secret.sops.yaml
7 | - ./clustersecretstore.yaml
8 |
--------------------------------------------------------------------------------
/k8s/media/apps/flux-system/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | # - doppler/ks.yaml
5 | - external-secrets/ks.yaml
6 |
--------------------------------------------------------------------------------
/k8s/media/apps/gpu/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - operator/ks.yaml
5 |
--------------------------------------------------------------------------------
/k8s/media/apps/gpu/operator/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - hr.yaml
5 |
--------------------------------------------------------------------------------
/k8s/media/apps/gpu/operator/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: nvidia-gpu-operator
5 | namespace: flux-system
6 | spec:
7 | targetNamespace: gpu-operator
8 | path: ./k8s/media/apps/gpu/operator/app
9 | prune: true
10 | sourceRef:
11 | kind: GitRepository
12 | name: flux-system
13 | interval: 30m
14 | timeout: 5m
15 |
--------------------------------------------------------------------------------
/k8s/media/apps/kube-system/cilium/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./helm-release.yaml
6 | #configMapGenerator:
7 | # - name: cilium-values
8 | # files:
9 | # - values.yaml=./values.yaml
10 | #configurations:
11 | # - kustomizeconfig.yaml
12 | #generatorOptions:
13 | # disableNameSuffixHash: true
14 |
--------------------------------------------------------------------------------
/k8s/media/apps/kube-system/cilium/app/kustomizeconfig.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | nameReference:
3 | - kind: ConfigMap
4 | version: v1
5 | fieldSpecs:
6 | - path: spec/valuesFrom/name
7 | kind: HelmRelease
8 |
--------------------------------------------------------------------------------
/k8s/media/apps/kube-system/cilium/config/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - loadbalancer-ips.yaml
5 | - BGP.yaml
6 |
--------------------------------------------------------------------------------
/k8s/media/apps/kube-system/cilium/gateway/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./internal.yaml
--------------------------------------------------------------------------------
/k8s/media/apps/kube-system/cilium/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: cluster-apps-cilium
5 | namespace: flux-system
6 | spec:
7 | targetNamespace: kube-system
8 | path: ./k8s/media/apps/kube-system/cilium/app
9 | prune: false # never should be deleted
10 | sourceRef:
11 | kind: GitRepository
12 | name: flux-system
13 | wait: false
14 | interval: 30m
15 | timeout: 5m
--------------------------------------------------------------------------------
/k8s/media/apps/kube-system/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - cilium/ks.yaml
5 | - cilium/ks-config.yaml
6 | # - cilium/ks-gateway.yaml
7 | - generic-device-plugin/ks.yaml
8 | # - ./nvidia/device-plugin/ks.yaml
9 |
--------------------------------------------------------------------------------
/k8s/media/apps/kube-system/nvidia/device-plugin/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./hr.yaml
6 |
--------------------------------------------------------------------------------
/k8s/media/apps/kube-system/nvidia/device-plugin/ks.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.toolkit.fluxcd.io/v1
3 | kind: Kustomization
4 | metadata:
5 | name: nvidia-device-plugin
6 | namespace: flux-system
7 | spec:
8 | path: ./k8s/media/apps/kube-system/nvidia/device-plugin/app
9 | prune: true
10 | sourceRef:
11 | kind: GitRepository
12 | name: flux-system
13 | interval: 30m
14 | timeout: 3m
15 |
--------------------------------------------------------------------------------
/k8s/media/apps/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - flux-system
5 | - kube-system
6 | - networking
7 | - storage
8 | - security
9 | - media
10 | - gpu
11 | - volsync
12 | - monitoring
13 | - databases
14 |
--------------------------------------------------------------------------------
/k8s/media/apps/kyverno/ns.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: kyverno
--------------------------------------------------------------------------------
/k8s/media/apps/media/bazarr/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | namespace: media
4 | resources:
5 | - ./secret.sops.yaml
6 | - ./helm-release.yaml
7 | - ./pvc.yaml
8 | configMapGenerator:
9 | - name: bazarr-scripts
10 | files:
11 | - post-process.sh=./scripts/post-process.sh
12 | configurations:
13 | - ./patches/kustomizeconfig.yaml
14 |
--------------------------------------------------------------------------------
/k8s/media/apps/media/bazarr/app/patches/kustomizeconfig.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | nameReference:
3 | - kind: ConfigMap
4 | version: v1
5 | fieldSpecs:
6 | - path: spec/values/persistence/scripts/name
7 | kind: HelmRelease
--------------------------------------------------------------------------------
/k8s/media/apps/media/bazarr/app/pvc.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolumeClaim
3 | metadata:
4 | name: bazarr-config-v1
5 | namespace: media
6 | spec:
7 | accessModes:
8 | - ReadWriteOnce
9 | resources:
10 | requests:
11 | storage: 1Gi
12 | storageClassName: local-hostpath
13 |
--------------------------------------------------------------------------------
/k8s/media/apps/media/bazarr/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: bazarr
5 | namespace: flux-system
6 | labels:
7 | component.skylab.fi/part-of: definitions
8 | spec:
9 | targetNamespace: media
10 | path: ./k8s/media/apps/media/bazarr/app
11 | prune: true
12 | sourceRef:
13 | kind: GitRepository
14 | name: flux-system
15 | interval: 30m
16 | timeout: 5m
17 |
--------------------------------------------------------------------------------
/k8s/media/apps/media/cross-seed/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | namespace: media
4 | resources:
5 | - ./externalsecret.yaml
6 | - ./helm-release.yaml
7 | generatorOptions:
8 | disableNameSuffixHash: true
--------------------------------------------------------------------------------
/k8s/media/apps/media/emby/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./hr.yaml
6 | - ./pvc.yaml
--------------------------------------------------------------------------------
/k8s/media/apps/media/emby/app/pvc.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: PersistentVolumeClaim
4 | metadata:
5 | name: emby-config-v1
6 | namespace: media
7 | spec:
8 | storageClassName: local-hostpath
9 | accessModes:
10 | - ReadWriteOnce
11 | resources:
12 | requests:
13 | storage: 5Gi
--------------------------------------------------------------------------------
/k8s/media/apps/media/emby/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: emby
5 | namespace: flux-system
6 | spec:
7 | path: ./k8s/media/apps/media/emby/app
8 | prune: true
9 | sourceRef:
10 | kind: GitRepository
11 | name: flux-system
12 | interval: 30m
13 | timeout: 5m
14 |
--------------------------------------------------------------------------------
/k8s/media/apps/media/jellyfin/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./hr.yaml
6 | - ./pvc.yaml
7 |
--------------------------------------------------------------------------------
/k8s/media/apps/media/jellyfin/app/pvc.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: PersistentVolumeClaim
4 | metadata:
5 | name: jellyfin-config-v1
6 | namespace: media
7 | spec:
8 | storageClassName: local-hostpath
9 | accessModes:
10 | - ReadWriteOnce
11 | resources:
12 | requests:
13 | storage: 5Gi
14 |
--------------------------------------------------------------------------------
/k8s/media/apps/media/jellyfin/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: cluster-apps-media-jellyfin
5 | namespace: flux-system
6 | spec:
7 | path: ./k8s/media/apps/media/jellyfin/app
8 | prune: true
9 | sourceRef:
10 | kind: GitRepository
11 | name: flux-system
12 | interval: 30m
13 | timeout: 5m
14 |
--------------------------------------------------------------------------------
/k8s/media/apps/media/media-index/app/configmap.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ConfigMap
3 | metadata:
4 | name: index-config
5 | data:
6 | Caddyfile: |
7 | http://dh.media.skylab.fi {
8 | root * /share
9 |
10 | file_server browse
11 | }
12 |
13 | http://dh.skylab.fi {
14 | root * /share
15 | file_server browse
16 | }
--------------------------------------------------------------------------------
/k8s/media/apps/media/media-index/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | namespace: media
5 | resources:
6 | - ./configmap.yaml
7 | - ./helm-release.yaml
8 |
--------------------------------------------------------------------------------
/k8s/media/apps/media/media-index/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: cluster-apps-media-index
5 | namespace: flux-system
6 | spec:
7 | path: ./k8s/media/apps/media/media-index/app
8 | prune: true
9 | sourceRef:
10 | kind: GitRepository
11 | name: flux-system
12 | interval: 30m
13 | timeout: 5m
--------------------------------------------------------------------------------
/k8s/media/apps/media/ns.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: media
--------------------------------------------------------------------------------
/k8s/media/apps/media/qbit/app/config/post-rules-gluetun.txt:
--------------------------------------------------------------------------------
1 | iptables -A OUTPUT -d 10.41.0.0/16 -j ACCEPT
2 |
--------------------------------------------------------------------------------
/k8s/media/apps/media/qbit/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | namespace: media
5 | resources:
6 | - ./pvc.yaml
7 | - ./secret.sops.yaml
8 | - ./helm-release.yaml
9 | configMapGenerator:
10 | - name: gluetun-iptables-post
11 | files:
12 | - ./config/post-rules-gluetun.txt
13 | generatorOptions:
14 | disableNameSuffixHash: true
15 |
--------------------------------------------------------------------------------
/k8s/media/apps/media/qbit/app/pvc.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: PersistentVolumeClaim
4 | metadata:
5 | name: qbit-config
6 | spec:
7 | accessModes: ["ReadWriteOnce"]
8 | resources:
9 | requests:
10 | storage: 2Gi
11 | storageClassName: local-hostpath
12 |
--------------------------------------------------------------------------------
/k8s/media/apps/media/qbit/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: cluster-apps-qbit
5 | namespace: flux-system
6 | labels:
7 | component.skylab.fi/part-of: definitions
8 | spec:
9 | path: ./k8s/media/apps/media/qbit/app
10 | prune: true
11 | sourceRef:
12 | kind: GitRepository
13 | name: flux-system
14 | wait: true
15 | interval: 30m
16 | timeout: 5m
17 |
--------------------------------------------------------------------------------
/k8s/media/apps/media/qbittorrent/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | namespace: media
5 | resources:
6 | - ./es.yaml
7 | - ./pvc.yaml
8 | - ./helm-release.yaml
9 | - ./replicationsource.yaml
10 | - ./replicationdestination.yaml
11 | configMapGenerator:
12 | - name: qbittorrent-scripts
13 | files:
14 | - ./config/completed.sh
15 | generatorOptions:
16 | disableNameSuffixHash: true
--------------------------------------------------------------------------------
/k8s/media/apps/media/qbittorrent/app/pvc-non-volsync.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: PersistentVolumeClaim
4 | metadata:
5 | name: qbittorrent-config
6 | namespace: media
7 | spec:
8 | accessModes:
9 | - ReadWriteMany
10 | resources:
11 | requests:
12 | storage: 2Gi
13 | storageClassName: cephfs
14 |
--------------------------------------------------------------------------------
/k8s/media/apps/media/qbittorrent/tools/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./qbtools.secret.sops.yaml
7 | - ./hr.yaml
8 |
--------------------------------------------------------------------------------
/k8s/media/apps/media/radarr/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | namespace: media
4 | resources:
5 | - ./pvc.yaml
6 | - ./helm-release.yaml
7 | - ./secret.sops.yaml
8 | # - ./externalsecret.yaml
9 | generatorOptions:
10 | disableNameSuffixHash: true
11 | annotations:
12 | kustomize.toolkit.fluxcd.io/substitute: disabled
--------------------------------------------------------------------------------
/k8s/media/apps/media/radarr/app/pvc.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolumeClaim
3 | metadata:
4 | name: radarr-config-v1
5 | namespace: media
6 | spec:
7 | storageClassName: local-hostpath
8 | accessModes:
9 | - ReadWriteOnce
10 | resources:
11 | requests:
12 | storage: 4Gi
13 | ---
14 |
--------------------------------------------------------------------------------
/k8s/media/apps/media/radarr/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: radarr
5 | namespace: flux-system
6 | labels:
7 | component.skylab.fi/part-of: definitions
8 | spec:
9 | path: ./k8s/media/apps/media/radarr/app
10 | prune: true
11 | sourceRef:
12 | kind: GitRepository
13 | name: flux-system
14 | interval: 30m
15 | timeout: 5m
16 |
--------------------------------------------------------------------------------
/k8s/media/apps/media/recyclarr/app/externalsecret.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: external-secrets.io/v1beta1
3 | kind: ExternalSecret
4 | metadata:
5 | name: &name recyclarr
6 | namespace: media
7 | spec:
8 | secretStoreRef:
9 | kind: ClusterSecretStore
10 | name: onepassword-connect
11 | target:
12 | name: *name
13 | dataFrom:
14 | - extract:
15 | key: recyclarr
16 |
--------------------------------------------------------------------------------
/k8s/media/apps/media/recyclarr/app/pvc.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolumeClaim
3 | metadata:
4 | name: recyclarr-config-v2
5 | namespace: media
6 | spec:
7 | storageClassName: local-hostpath
8 | accessModes:
9 | - ReadWriteOnce
10 | resources:
11 | requests:
12 | storage: 1Gi
13 | ---
--------------------------------------------------------------------------------
/k8s/media/apps/media/recyclarr/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: recyclarr
5 | namespace: flux-system
6 | labels:
7 | component.skylab.fi/part-of: definitions
8 | spec:
9 | path: ./k8s/media/apps/media/recyclarr/app
10 | prune: true
11 | sourceRef:
12 | kind: GitRepository
13 | name: flux-system
14 | interval: 30m
15 | timeout: 5m
16 |
--------------------------------------------------------------------------------
/k8s/media/apps/media/runtimeclassNvidia.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: node.k8s.io/v1
2 | kind: RuntimeClass
3 | metadata:
4 | name: nvidia
5 | handler: nvidia
6 |
--------------------------------------------------------------------------------
/k8s/media/apps/media/sabnzbd/app/pvc.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolumeClaim
3 | metadata:
4 | name: sabnzbd
5 | namespace: media
6 | spec:
7 | storageClassName: local-hostpath
8 | accessModes:
9 | - ReadWriteOnce
10 | resources:
11 | requests:
12 | storage: 1Gi
--------------------------------------------------------------------------------
/k8s/media/apps/media/sonarr/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | namespace: media
5 | resources:
6 | # - ./externalsecret.yaml
7 | - ./secret.sops.yaml
8 | - ./helm-release.yaml
9 | - ./pvc.yaml
10 | generatorOptions:
11 | disableNameSuffixHash: true
12 | annotations:
13 | kustomize.toolkit.fluxcd.io/substitute: disabled
14 |
--------------------------------------------------------------------------------
/k8s/media/apps/media/sonarr/app/pvc.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: PersistentVolumeClaim
4 | metadata:
5 | name: sonarr-config-v1
6 | namespace: media
7 | spec:
8 | storageClassName: local-hostpath
9 | accessModes:
10 | - ReadWriteOnce
11 | resources:
12 | requests:
13 | storage: 5Gi
14 |
--------------------------------------------------------------------------------
/k8s/media/apps/media/sonarr/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: sonarr
5 | namespace: flux-system
6 | labels:
7 | component.skylab.fi/part-of: definitions
8 | spec:
9 | path: ./k8s/media/apps/media/sonarr/app
10 | prune: true
11 | sourceRef:
12 | kind: GitRepository
13 | name: flux-system
14 | interval: 30m
15 | timeout: 5m
16 |
--------------------------------------------------------------------------------
/k8s/media/apps/media/tautulli/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | namespace: media
5 | resources:
6 | - ./helm-release.yaml
7 | generatorOptions:
8 | disableNameSuffixHash: true
9 | annotations:
10 | kustomize.toolkit.fluxcd.io/substitute: disabled
11 |
--------------------------------------------------------------------------------
/k8s/media/apps/media/tautulli/app/pvc.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolumeClaim
3 | metadata:
4 | name: tautulli-backup-v2
5 | namespace: media
6 | spec:
7 | accessModes:
8 | - ReadWriteMany
9 | resources:
10 | requests:
11 | storage: 10Gi
12 | storageClassName: longhorn
--------------------------------------------------------------------------------
/k8s/media/apps/media/tautulli/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: cluster-apps-tautulli
5 | namespace: flux-system
6 | spec:
7 | path: ./k8s/media/apps/media/tautulli/app
8 | prune: true
9 | sourceRef:
10 | kind: GitRepository
11 | name: flux-system
12 | interval: 30m
13 | timeout: 5m
14 |
--------------------------------------------------------------------------------
/k8s/media/apps/media/tdarr/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./hr.yaml
7 | - ./pvc.yaml
8 |
--------------------------------------------------------------------------------
/k8s/media/apps/media/tdarr/app/pvc.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: PersistentVolumeClaim
4 | metadata:
5 | name: tdarr
6 | namespace: media
7 | spec:
8 | storageClassName: local-hostpath
9 | accessModes:
10 | - ReadWriteOnce
11 | resources:
12 | requests:
13 | storage: 20Gi
14 |
--------------------------------------------------------------------------------
/k8s/media/apps/media/unpackerr/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | namespace: media
5 | resources:
6 | - externalsecret.yaml
7 | - helm-release.yaml
8 | generatorOptions:
9 | disableNameSuffixHash: true
10 |
--------------------------------------------------------------------------------
/k8s/media/apps/media/unpackerr/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: unpackerr
5 | namespace: flux-system
6 | spec:
7 | path: ./k8s/media/apps/media/unpackerr/app
8 | prune: true
9 | sourceRef:
10 | kind: GitRepository
11 | name: flux-system
12 | interval: 30m
13 | timeout: 5m
14 |
--------------------------------------------------------------------------------
/k8s/media/apps/monitoring/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources: []
4 | # - ./scrutiny-collector/ks.yaml
5 |
--------------------------------------------------------------------------------
/k8s/media/apps/networking/envoy/manifests/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./configuration.yaml
7 | - ./client-policy.yaml
8 | - ./gateway.yaml
9 | - ./redirect.yaml
--------------------------------------------------------------------------------
/k8s/media/apps/networking/k8s-gateway/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | namespace: networking
5 | resources:
6 | - ./ocirepo.yaml
7 | - ./helm-release.yaml
8 |
--------------------------------------------------------------------------------
/k8s/media/apps/networking/k8s-gateway/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: cluster-apps-k8s-gateway
5 | namespace: flux-system
6 | spec:
7 | path: ./k8s/media/apps/networking/k8s-gateway/app
8 | prune: true
9 | sourceRef:
10 | kind: GitRepository
11 | name: flux-system
12 | wait: false
13 | interval: 30m
14 | timeout: 5m
--------------------------------------------------------------------------------
/k8s/media/apps/networking/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | # - nginx/ks.yaml
5 | # - k8s-gateway/ks.yaml
6 | # - tailscale/ks.yaml
7 | - envoy/ks.yaml
8 | # - whoami/ks.yaml
9 |
10 |
--------------------------------------------------------------------------------
/k8s/media/apps/networking/nginx/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: cluster-apps-nginx
5 | namespace: flux-system
6 | spec:
7 | path: ./k8s/media/apps/networking/nginx/app
8 | prune: true
9 | sourceRef:
10 | kind: GitRepository
11 | name: flux-system
12 | wait: false
13 | interval: 30m
14 | timeout: 5m
--------------------------------------------------------------------------------
/k8s/media/apps/networking/tailscale/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./es.yaml
7 | - ./hr.yaml
--------------------------------------------------------------------------------
/k8s/media/apps/networking/whoami/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ./hr.yaml
5 |
--------------------------------------------------------------------------------
/k8s/media/apps/security/authentik-remote-cluster/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ./hr.yaml
--------------------------------------------------------------------------------
/k8s/media/apps/security/authentik-remote-cluster/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: authentik-remote-cluster
5 | namespace: flux-system
6 | spec:
7 | targetNamespace: security
8 | path: ./k8s/media/apps/security/authentik-remote-cluster/app
9 | prune: true
10 | sourceRef:
11 | kind: GitRepository
12 | name: flux-system
13 | interval: 30m
14 | timeout: 5m
--------------------------------------------------------------------------------
/k8s/media/apps/security/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ns.yaml
6 | - authentik-remote-cluster/ks.yaml
--------------------------------------------------------------------------------
/k8s/media/apps/security/ns.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: security
--------------------------------------------------------------------------------
/k8s/media/apps/storage/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ns.yaml
5 | - local-path/ks.yaml
6 | - snapshot-controller/ks.yaml
7 | - rook-ceph
8 |
--------------------------------------------------------------------------------
/k8s/media/apps/storage/local-path/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://kubernetes-schemas.trux.dev/kustomize.config.k8s.io/kustomization_v1beta1.json
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./helm-release.yaml
7 | metadata:
8 | namespace: storage
--------------------------------------------------------------------------------
/k8s/media/apps/storage/local-path/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: cluster-storage-local-path
5 | namespace: flux-system
6 | spec:
7 | dependsOn:
8 | - name: cluster-storage-snapshot-controller
9 | path: ./k8s/media/apps/storage/local-path/app
10 | prune: true
11 | sourceRef:
12 | kind: GitRepository
13 | name: flux-system
14 | wait: true
15 | interval: 30m
16 | timeout: 5m
--------------------------------------------------------------------------------
/k8s/media/apps/storage/ns.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: storage
5 |
--------------------------------------------------------------------------------
/k8s/media/apps/storage/rook-ceph/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./ns.yaml
7 | # - ./rook/ks-operator.yaml
8 | # - ./rook/ks-cluster.yaml
9 |
--------------------------------------------------------------------------------
/k8s/media/apps/storage/rook-ceph/ns.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: rook-ceph
--------------------------------------------------------------------------------
/k8s/media/apps/storage/rook-ceph/rook/cluster/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./hr.yaml
--------------------------------------------------------------------------------
/k8s/media/apps/storage/rook-ceph/rook/operator/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./hr.yaml
--------------------------------------------------------------------------------
/k8s/media/apps/storage/snapshot-controller/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - helm-release.yaml
5 |
--------------------------------------------------------------------------------
/k8s/media/apps/volsync/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | # Pre Flux-Kustomizations
7 | - ./ns.yaml
8 | # Flux-Kustomizations
9 | - ./volsync/ks.yaml
--------------------------------------------------------------------------------
/k8s/media/apps/volsync/ns.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: volsync
6 | labels:
7 | kustomize.toolkit.fluxcd.io/prune: disabled
--------------------------------------------------------------------------------
/k8s/media/apps/volsync/volsync/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | namespace: volsync
4 | resources:
5 | - ./hr.yaml
6 | - ./prom-rule.yaml
7 | - ./external-secret.yaml
8 |
--------------------------------------------------------------------------------
/k8s/media/apps/volsync/volsync/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: cluster-apps-volsync
5 | namespace: flux-system
6 | spec:
7 | path: ./k8s/media/apps/volsync/volsync/app
8 | prune: true
9 | sourceRef:
10 | kind: GitRepository
11 | name: flux-system
12 | wait: false
13 | interval: 30m
14 | timeout: 5m
--------------------------------------------------------------------------------
/k8s/nebula/.envrc:
--------------------------------------------------------------------------------
1 | export TALOSCONFIG="$(expand_path ./talos/clusterconfig/talosconfig)"
2 | export SOPS_AGE_KEY_FILE=$(expand_path ~/.config/sops/age/keys.txt)
3 | export KUBECONFIG="$(expand_path ../../kubeconfig)"
4 |
--------------------------------------------------------------------------------
/k8s/nebula/.gitignore:
--------------------------------------------------------------------------------
1 | key.asc
--------------------------------------------------------------------------------
/k8s/nebula/README.md:
--------------------------------------------------------------------------------
1 | ## Nebula cluster
2 |
3 | ~~This is my home prod.~~
4 |
5 | EDIT: This cluster has been turned off to see what difference it makes to my electricity bill.
6 | Important services were moved to NAS.
--------------------------------------------------------------------------------
/k8s/nebula/apps/ai/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ./ns.yaml
5 | # - ./open-webui/ks.yaml
--------------------------------------------------------------------------------
/k8s/nebula/apps/ai/ns.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: ai
--------------------------------------------------------------------------------
/k8s/nebula/apps/ai/open-webui/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./es.yaml
7 | - ./hr.yaml
8 | - ../../../../../templates/volsync
--------------------------------------------------------------------------------
/k8s/nebula/apps/ci/forgejo-actions/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./es.yaml
6 | - ./runner-amd64
--------------------------------------------------------------------------------
/k8s/nebula/apps/ci/forgejo-actions/app/runner-amd64/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./hr.yaml
--------------------------------------------------------------------------------
/k8s/nebula/apps/ci/forgejo-actions/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: forgejo-action-runners
5 | namespace: flux-system
6 | spec:
7 | targetNamespace: ci
8 | path: ./k8s/nebula/apps/ci/forgejo-actions/app/
9 | prune: true
10 | sourceRef:
11 | kind: GitRepository
12 | name: flux-system
13 | interval: 30m
14 | timeout: 5m
15 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/ci/github-actions/app/operator/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - helm-release.yaml
6 | - externalsecret.yaml
7 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/ci/github-actions/app/runners/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./ns.yaml
6 | - ./skysolutions-runners.yaml
7 | - ./skysolutions-runners-arm64.yaml
8 | - ./externalsecret.yaml
9 | # - ./samip5-k8s-cluster.yaml
10 | # - ./samip5-k8s-cluster-arm64.yaml
11 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/ci/github-actions/app/runners/ns.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: gh-runners
--------------------------------------------------------------------------------
/k8s/nebula/apps/ci/github-actions/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ns.yaml
6 | - app/ks.yaml
7 | - app/ks-runners.yaml
8 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/ci/github-actions/ns.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: gh-actions
6 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/ci/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ns.yaml
6 | - github-actions
7 | # - forgejo-actions/ks.yaml
8 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/ci/ns.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: ci
6 | labels:
7 | goldilocks.fairwinds.com/enabled: "true"
--------------------------------------------------------------------------------
/k8s/nebula/apps/collab/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ns.yaml
6 | - littlelink/ks.yaml
7 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/collab/littlelink/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - helm-release.yaml
6 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/collab/littlelink/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: cluster-apps-littlelink
5 | namespace: flux-system
6 | spec:
7 | path: ./k8s/nebula/apps/collab/littlelink/app
8 | prune: true
9 | sourceRef:
10 | kind: GitRepository
11 | name: flux-system
12 | interval: 30m
13 | timeout: 5m
--------------------------------------------------------------------------------
/k8s/nebula/apps/collab/ns.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: collab
6 | labels:
7 | goldilocks.fairwinds.com/enabled: "true"
--------------------------------------------------------------------------------
/k8s/nebula/apps/comms/conduwuit/app/README.md:
--------------------------------------------------------------------------------
1 | ## conduwuit
2 |
3 | This was moved to my NAS
--------------------------------------------------------------------------------
/k8s/nebula/apps/comms/conduwuit/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ./es.yaml
5 | - ./hr.yaml
6 | - ../../../../../templates/volsync-minio
7 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/comms/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ns.yaml
5 | # - conduwuit/ks.yaml
6 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/comms/ns.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: comms
--------------------------------------------------------------------------------
/k8s/nebula/apps/databases/cloudnative-pg/cluster-vectors/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | namespace: databases
5 | resources:
6 | - ./cluster16-vector.yaml
7 | - ./scheduledbackup.yaml
8 | labels:
9 | - pairs:
10 | app.kubernetes.io/name: cloudnative-pg-cluster-vector
11 | app.kubernetes.io/instance: cloudnative-pg-cluster-vector
12 | app.kubernetes.io/part-of: cloudnative-pg
13 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/databases/cloudnative-pg/cluster-vectors/scheduledbackup.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/postgresql.cnpg.io/scheduledbackup_v1.json
3 | apiVersion: postgresql.cnpg.io/v1
4 | kind: ScheduledBackup
5 | metadata:
6 | name: daily-backup
7 | namespace: databases
8 | spec:
9 | backupOwnerReference: self
10 | schedule: "@daily"
11 | cluster:
12 | name: cluster16-vector
13 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/databases/cloudnative-pg/cluster/scheduledbackup.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/postgresql.cnpg.io/scheduledbackup_v1.json
3 | apiVersion: postgresql.cnpg.io/v1
4 | kind: ScheduledBackup
5 | metadata:
6 | name: daily-backup
7 | namespace: databases
8 | spec:
9 | backupOwnerReference: self
10 | schedule: "@daily"
11 | cluster:
12 | name: postgres16
13 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/databases/cloudnative-pg/ks-cluster-vector.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: postgres16-vector
5 | namespace: flux-system
6 | spec:
7 | dependsOn:
8 | - name: cnpg-operator
9 | path: ./k8s/nebula/apps/databases/cloudnative-pg/cluster-vectors
10 | prune: true
11 | sourceRef:
12 | kind: GitRepository
13 | name: flux-system
14 | interval: 30m
15 | timeout: 5m
--------------------------------------------------------------------------------
/k8s/nebula/apps/databases/cloudnative-pg/ks-cluster.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: cnpg-cluster
5 | namespace: flux-system
6 | spec:
7 | dependsOn:
8 | - name: cnpg-operator
9 | path: ./k8s/nebula/apps/databases/cloudnative-pg/cluster
10 | prune: true
11 | sourceRef:
12 | kind: GitRepository
13 | name: flux-system
14 | interval: 30m
15 | timeout: 5m
--------------------------------------------------------------------------------
/k8s/nebula/apps/databases/dragonfly/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | # renovate: datasource=github-releases depName=dragonflydb/dragonfly-operator
7 | - https://raw.githubusercontent.com/dragonflydb/dragonfly-operator/refs/tags/v1.1.11/manifests/crd.yaml
8 | - ./hr.yaml
9 | - ./rbac.yaml
--------------------------------------------------------------------------------
/k8s/nebula/apps/databases/dragonfly/cluster/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./cluster.yaml
7 | - ./podmonitor.yaml
--------------------------------------------------------------------------------
/k8s/nebula/apps/databases/dragonfly/cluster/podmonitor.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/podmonitor_v1.json
3 | apiVersion: monitoring.coreos.com/v1
4 | kind: PodMonitor
5 | metadata:
6 | name: dragonfly
7 | spec:
8 | selector:
9 | matchLabels:
10 | app: dragonfly
11 | podTargetLabels: [app]
12 | podMetricsEndpoints:
13 | - port: admin
--------------------------------------------------------------------------------
/k8s/nebula/apps/databases/influx/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - hr.yaml
5 | - es.yaml
6 | - ../../../../../templates/volsync-minio
7 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/databases/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ns.yaml
5 | # - moco/ks.yaml
6 | # - moco/ks-cluster.yaml
7 | # - cloudnative-pg/ks.yaml
8 | # - cloudnative-pg/ks-cluster.yaml
9 | # - cloudnative-pg/ks-cluster-vector.yaml
10 | # - dragonfly/ks.yaml
11 | # - dragonfly/ks-cluster.yaml
12 | # - pgadmin/ks.yaml
13 | # - influx/ks.yaml
14 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/databases/moco/README.md:
--------------------------------------------------------------------------------
1 | ## MOCO
2 |
3 | Actually MariaDB
--------------------------------------------------------------------------------
/k8s/nebula/apps/databases/moco/cluster/backups/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./es.yaml
7 | # - ./daily.yaml
--------------------------------------------------------------------------------
/k8s/nebula/apps/databases/moco/cluster/configmap.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ConfigMap
3 | metadata:
4 | name: mysql-mycnf
5 | data:
6 | default_storage_engine: "InnoDB"
7 | binlog_format: "row"
8 | innodb_autoinc_lock_mode: "2"
9 | max_allowed_packet: "256M"
--------------------------------------------------------------------------------
/k8s/nebula/apps/databases/moco/cluster/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./configmap.yaml
7 | - ./mysql-cluster.yaml
8 | - ./backups
--------------------------------------------------------------------------------
/k8s/nebula/apps/databases/moco/ks-cluster.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: moco-cluster
5 | namespace: flux-system
6 | spec:
7 | dependsOn:
8 | - name: moco
9 | targetNamespace: databases
10 | path: ./k8s/nebula/apps/databases/moco/cluster
11 | prune: true
12 | sourceRef:
13 | kind: GitRepository
14 | name: flux-system
15 | interval: 30m
16 | timeout: 5m
17 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/databases/moco/operator/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./hr.yaml
--------------------------------------------------------------------------------
/k8s/nebula/apps/databases/ns.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: databases
6 | labels:
7 | goldilocks.fairwinds.com/enabled: "true"
--------------------------------------------------------------------------------
/k8s/nebula/apps/databases/pgadmin/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | namespace: databases
4 | resources:
5 | - helm-release.yaml
6 | configMapGenerator:
7 | - name: pgadmin-local-config-configmap
8 | files:
9 | - config_local.py
10 | generatorOptions:
11 | disableNameSuffixHash: true
12 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/default/immich/app/backendtrafficpolicy.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: gateway.envoyproxy.io/v1alpha1
2 | kind: BackendTrafficPolicy
3 | metadata:
4 | name: immich-client-ip-affinity
5 | namespace: default
6 | spec:
7 | targetRef:
8 | group: "gateway.networking.k8s.io"
9 | kind: HTTPRoute
10 | name: immich
11 | loadBalancer:
12 | type: ConsistentHash
13 | consistentHash:
14 | type: SourceIP
--------------------------------------------------------------------------------
/k8s/nebula/apps/default/immich/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./externalsecret.yaml
6 | # - ./backendtrafficpolicy.yaml
7 | - ./hr.yaml
8 | - ./pvc.yaml
9 | - ../../../../../templates/volsync-minio
10 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/default/immich/app/pvc.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: PersistentVolumeClaim
4 | metadata:
5 | name: "immich-misc"
6 | namespace: default
7 | spec:
8 | storageClassName: fast-ceph-filesystem
9 | accessModes: [ "ReadWriteMany" ]
10 | resources:
11 | requests:
12 | storage: "100Gi"
13 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/default/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources: []
4 | # - zipline/ks.yaml
5 | # - paperless/ks.yaml
6 | # - smtp-relay/ks.yaml
7 | # - your_spotify/ks.yaml
8 | # - linkwarden/ks.yaml
9 | # - immich/ks.yaml
10 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/default/linkwarden/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - hr.yaml
5 | - externalsecret.yaml
6 | - ../../../../../templates/volsync
7 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/default/paperless/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ./helm-release.yaml
5 | - ./externalsecret.yaml
6 | - ../../../../../templates/volsync
7 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/default/smtp-relay/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ./es.yaml
5 | - ./helm-release.yaml
--------------------------------------------------------------------------------
/k8s/nebula/apps/default/smtp-relay/app/pvc.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: PersistentVolumeClaim
4 | metadata:
5 | name: smtp-relay-postfix-spool
6 | namespace: default
7 | spec:
8 | accessModes:
9 | - ReadWriteOnce
10 | resources:
11 | requests:
12 | storage: 1Gi
13 | storageClassName: local-path
14 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/default/your_spotify/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - hr.yaml
6 | - es.yaml
7 | - ../../../../../templates/volsync-minio
--------------------------------------------------------------------------------
/k8s/nebula/apps/default/zipline/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ./externalsecret.yaml
5 | - ./helm-release.yaml
6 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/finance/actual/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./hr.yaml
7 | - ../../../../../templates/volsync-minio
8 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/finance/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ./ns.yaml
5 | # - ./actual/ks.yaml
6 | # - ./paisa/ks.yaml
7 | # - ./firefly/ks.yaml
8 | # - ./firefly/ks-importer.yaml
9 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/finance/ns.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: finance
5 | labels:
6 | volsync.backube/privileged-movers: "true"
--------------------------------------------------------------------------------
/k8s/nebula/apps/games/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ./ns.yaml
5 | # - ./factorio/ks.yaml
6 | # - ./satisfactory/ks.yaml
7 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/games/ns.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: games
6 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/home/assistant/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./externalsecret.yaml
6 | - ./helm-release.yaml
7 | - ./pdb.yaml
8 | - ../../../../../templates/volsync
9 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/home/assistant/app/pdb.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: policy/v1
3 | kind: PodDisruptionBudget
4 | metadata:
5 | name: home-assistant
6 | namespace: home
7 | spec:
8 | maxUnavailable: 1
9 | selector:
10 | matchLabels:
11 | app.kubernetes.io/name: home-assistant
--------------------------------------------------------------------------------
/k8s/nebula/apps/home/esphome/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - helm-release.yaml
6 | - ../../../../../templates/volsync
7 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/home/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ./ns.yaml
5 | - ./priority-class.yaml
6 | # - ./mosquitto/ks.yaml
7 | # - ./mosquitto/ks-exporter.yaml
8 | # - ./esphome/ks.yaml
9 | # - ./zigbee2mqtt/ks.yaml
10 | # - ./zigbee2mqtt/ks-exporter.yaml
11 | # - ./assistant/ks.yaml
12 | # - ./wyoming-whisper/ks.yaml
13 | # - ./wyoming-piper/ks.yaml
14 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/home/mosquitto/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | namespace: home
4 | resources:
5 | - ./helm-release.yaml
6 | - ../../../../../templates/volsync
7 | - ./secret.sops.yaml
8 | labels:
9 | - pairs:
10 | app.kubernetes.io/name: mosquitto
11 | app.kubernetes.io/instance: mosquitto
--------------------------------------------------------------------------------
/k8s/nebula/apps/home/mosquitto/app/pdb.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: policy/v1
3 | kind: PodDisruptionBudget
4 | metadata:
5 | name: mosquitto
6 | namespace: home
7 | spec:
8 | maxUnavailable: 1
9 | selector:
10 | matchLabels:
11 | app.kubernetes.io/name: mosquitto
--------------------------------------------------------------------------------
/k8s/nebula/apps/home/mosquitto/exporter/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | namespace: home
4 | resources:
5 | - ./hr.yaml
6 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/home/ns.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: home
6 | labels:
7 | goldilocks.fairwinds.com/enabled: "true"
8 | volsync.backube/privileged-movers: "true"
--------------------------------------------------------------------------------
/k8s/nebula/apps/home/priority-class.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: scheduling.k8s.io/v1
3 | description: Used for home critical pods that must run in the cluster for WAF, but can be
4 | moved to another node if necessary.
5 | kind: PriorityClass
6 | metadata:
7 | name: home-cluster-critical
8 | preemptionPolicy: PreemptLowerPriority
9 | value: 100001
--------------------------------------------------------------------------------
/k8s/nebula/apps/home/wyoming-piper/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./hr.yaml
7 | - ../../../../../templates/volsync
--------------------------------------------------------------------------------
/k8s/nebula/apps/home/wyoming-whisper/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./hr.yaml
7 | - ../../../../../templates/volsync
--------------------------------------------------------------------------------
/k8s/nebula/apps/home/zigbee2mqtt/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | namespace: home
4 | resources:
5 | - ./externalsecret.yaml
6 | - ./helm-release.yaml
7 | - ./pdb.yaml
8 | - ../../../../../templates/volsync
9 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/home/zigbee2mqtt/app/pdb.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: policy/v1
3 | kind: PodDisruptionBudget
4 | metadata:
5 | name: zigbee2mqtt
6 | namespace: home
7 | spec:
8 | maxUnavailable: 1
9 | selector:
10 | matchLabels:
11 | app.kubernetes.io/name: zigbee2mqtt
--------------------------------------------------------------------------------
/k8s/nebula/apps/home/zigbee2mqtt/exporter/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | namespace: home
4 | resources:
5 | - ./hr.yaml
6 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/kube-system/cilium/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./helm-release.yaml
6 | configMapGenerator:
7 | - name: cilium-values
8 | files:
9 | - values.yaml=./values.yaml
10 | configurations:
11 | - kustomizeconfig.yaml
12 | generatorOptions:
13 | disableNameSuffixHash: true
14 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/kube-system/cilium/app/kustomizeconfig.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | nameReference:
3 | - kind: ConfigMap
4 | version: v1
5 | fieldSpecs:
6 | - path: spec/valuesFrom/name
7 | kind: HelmRelease
8 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/kube-system/cilium/config/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - loadbalancer-ips.yaml
5 | - BGP.yaml
6 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/kube-system/cilium/gateway/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources: []
4 | # - external.yaml
5 | # - internal.yaml
6 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/kube-system/cilium/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: cluster-apps-cilium
5 | namespace: flux-system
6 | spec:
7 | targetNamespace: kube-system
8 | path: ./k8s/nebula/apps/kube-system/cilium/app
9 | prune: true # never should be deleted
10 | sourceRef:
11 | kind: GitRepository
12 | name: flux-system
13 | wait: false
14 | interval: 30m
15 | timeout: 5m
16 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/kube-system/descheduler/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./hr.yaml
6 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/kube-system/kubelet-csr-approver/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | namespace: kube-system
6 | resources:
7 | - ./hr.yaml
8 | configMapGenerator:
9 | - name: kubelet-csr-approver-values
10 | files:
11 | - values.yaml=./values.yaml
12 | generatorOptions:
13 | disableNameSuffixHash: true
--------------------------------------------------------------------------------
/k8s/nebula/apps/kube-system/kubelet-csr-approver/app/values.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | providerRegex: |
3 | ^(m\d+|w(\d|amd\-\d+))$
4 |
5 | bypassDnsResolution: true
--------------------------------------------------------------------------------
/k8s/nebula/apps/kube-system/metrics-server/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./hr.yaml
7 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/kube-system/multus/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./helm-release.yaml
6 | - ./rbac.yaml
7 | generatorOptions:
8 | disableNameSuffixHash: true
--------------------------------------------------------------------------------
/k8s/nebula/apps/kube-system/multus/config/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./crd.yaml
6 | - ./net-attach-iot.yaml
7 | - ./net-attach-mgt.yaml
8 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/kube-system/node-feature-discovery/rules/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./hauppauge-pcie-tuner.yaml
6 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/kube-system/snapshot-controller/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - helm-release.yaml
5 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/kube-system/snapshot-controller/ks.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.toolkit.fluxcd.io/v1
3 | kind: Kustomization
4 | metadata:
5 | name: cluster-apps-system-snapshot-controller
6 | namespace: flux-system
7 | spec:
8 | interval: 10m
9 | path: ./k8s/nebula/apps/kube-system/snapshot-controller/app
10 | prune: true
11 | wait: false
12 | sourceRef:
13 | kind: GitRepository
14 | name: flux-system
15 | timeout: 2m
--------------------------------------------------------------------------------
/k8s/nebula/apps/kube-system/spegel/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./hr.yaml
--------------------------------------------------------------------------------
/k8s/nebula/apps/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | # - ai
5 | # - ci
6 | # - collab
7 | - comms
8 | - security
9 | # - services
10 | # - monitoring
11 | - networking
12 | # - search
13 | - storage
14 | # - school
15 | - home
16 | - databases
17 | - kube-system
18 | - media
19 | # - vpn
20 | - default
21 | - volsync
22 | # - finance
23 | # - tor
24 | # - games
25 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/media/autobrr/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./externalsecret.yaml
6 | - ./helm-release.yaml
7 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/media/flaresolverr/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - helm-release.yaml
6 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/media/flaresolverr/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: flaresolverr
5 | namespace: flux-system
6 | spec:
7 | path: ./k8s/nebula/apps/media/flaresolverr/app
8 | prune: true
9 | sourceRef:
10 | kind: GitRepository
11 | name: flux-system
12 | interval: 30m
13 | timeout: 5m
--------------------------------------------------------------------------------
/k8s/nebula/apps/media/jellyseer/app/config-pvc.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: PersistentVolumeClaim
4 | metadata:
5 | name: jellyseerr-config-v1
6 | namespace: media
7 | spec:
8 | accessModes:
9 | - ReadWriteOnce
10 | resources:
11 | requests:
12 | storage: 1Gi
13 | storageClassName: ceph-block
14 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/media/jellyseer/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - config-pvc.yaml
6 | - helm-release.yaml
7 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/media/jellyseer/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: cluster-apps-jellyseer
5 | namespace: flux-system
6 | labels:
7 | component.skylab.fi/part-of: definitions
8 | spec:
9 | path: ./k8s/nebula/apps/media/jellyseer/app
10 | prune: true
11 | sourceRef:
12 | kind: GitRepository
13 | name: flux-system
14 | interval: 30m
15 | timeout: 5m
--------------------------------------------------------------------------------
/k8s/nebula/apps/media/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ns.yaml
6 | # - ./autobrr/ks.yaml
7 | # - ./prowlarr/ks.yaml
8 | # - ./flaresolverr/ks.yaml
9 | # - ./jellyseer/ks.yaml
10 | # - ./wizarr/ks.yaml
11 | # - ./recyclarr/ks.yaml
12 | # - ./tvheadend/ks.yaml
13 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/media/ns.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: media
6 | labels:
7 | vpn-routed-gateway: "true"
8 | goldilocks.fairwinds.com/enabled: "true"
--------------------------------------------------------------------------------
/k8s/nebula/apps/media/prowlarr/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - helm-release.yaml
5 | - externalsecret.yaml
6 | labels:
7 | - pairs:
8 | app.kubernetes.io/name: prowlarr
9 | app.kubernetes.io/instance: prowlarr
10 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/media/recyclarr/app/externalsecret.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: external-secrets.io/v1beta1
3 | kind: ExternalSecret
4 | metadata:
5 | name: &name recyclarr
6 | namespace: media
7 | spec:
8 | secretStoreRef:
9 | kind: ClusterSecretStore
10 | name: onepassword-connect
11 | target:
12 | name: *name
13 | dataFrom:
14 | - extract:
15 | key: recyclarr
16 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/media/recyclarr/app/pvc.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolumeClaim
3 | metadata:
4 | name: recyclarr-config-v2
5 | namespace: media
6 | spec:
7 | storageClassName: nfs-client
8 | accessModes:
9 | - ReadWriteOnce
10 | resources:
11 | requests:
12 | storage: 1Gi
13 | ---
--------------------------------------------------------------------------------
/k8s/nebula/apps/media/recyclarr/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: recyclarr
5 | namespace: flux-system
6 | labels:
7 | component.skylab.fi/part-of: definitions
8 | spec:
9 | path: ./k8s/nebula/apps/media/recyclarr/app
10 | prune: true
11 | sourceRef:
12 | kind: GitRepository
13 | name: flux-system
14 | interval: 30m
15 | timeout: 5m
16 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/media/tvheadend/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./hr.yaml
6 | - ../../../../../templates/volsync
--------------------------------------------------------------------------------
/k8s/nebula/apps/media/wizarr/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./hr.yaml
6 | - ../../../../../templates/volsync
--------------------------------------------------------------------------------
/k8s/nebula/apps/monitoring/grafana/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ./ocirepo.yaml
5 | - ./helm-release.yaml
6 | - ./httproute.yaml
7 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/monitoring/grafana/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: monitoring-grafana
5 | namespace: flux-system
6 | labels:
7 | component.skylab.fi/part-of: definitions
8 | spec:
9 | path: ./k8s/nebula/apps/monitoring/grafana/app
10 | prune: true
11 | sourceRef:
12 | kind: GitRepository
13 | name: flux-system
14 | interval: 30m
15 | timeout: 5m
--------------------------------------------------------------------------------
/k8s/nebula/apps/monitoring/jellystat/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | namespace: monitoring
6 | resources:
7 | - ./hr.yaml
8 | - ./es.yaml
9 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/monitoring/kromgo/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: kromgo
5 | namespace: flux-system
6 | spec:
7 | path: ./k8s/nebula/apps/monitoring/kromgo/app
8 | prune: true
9 | sourceRef:
10 | kind: GitRepository
11 | name: flux-system
12 | interval: 30m
13 | timeout: 5m
--------------------------------------------------------------------------------
/k8s/nebula/apps/monitoring/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources: []
4 | # - ./grafana/ks.yaml
5 | # - ./kromgo/ks.yaml
6 | # - ./jellystat/ks.yaml
7 | # - ./scrutiny/ks.yaml
8 | # - prom-stack/ks.yaml
9 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/monitoring/prom-stack/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./alertmanagerconfig.yaml
7 | - ./es.yaml
8 | - ./hr.yaml
9 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/monitoring/scrutiny/scrutiny/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - hr.yaml
5 | - ../../../../../templates/volsync-minio
6 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/networking/cloudflared/app/DNSEndpoint.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: externaldns.k8s.io/v1alpha1
3 | kind: DNSEndpoint
4 | metadata:
5 | name: cloudflared
6 | namespace: networking
7 | annotations:
8 | external-dns.alpha.kubernetes.io/target: ingress-cf.skylab.fi
9 | spec:
10 | endpoints:
11 | - dnsName: "ingress-cf.skylab.fi"
12 | recordType: CNAME
13 | targets: ["${SECRET_CLOUDFLARE_TUNNEL_ID}.cfargotunnel.com"]
14 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/networking/cloudflared/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | namespace: networking
4 | resources:
5 | - ./DNSEndpoint.yaml
6 | - ./secret.sops.yaml
7 | - ./helm-release.yaml
8 | configMapGenerator:
9 | - name: cloudflared-configmap
10 | files:
11 | - ./configs/config.yaml
12 | generatorOptions:
13 | disableNameSuffixHash: true
--------------------------------------------------------------------------------
/k8s/nebula/apps/networking/cloudflared/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: cluster-apps-cloudflared
5 | namespace: flux-system
6 | labels:
7 | component.skylab.fi/part-of: definitions
8 | spec:
9 | path: ./k8s/nebula/apps/networking/cloudflared/app
10 | prune: true
11 | sourceRef:
12 | kind: GitRepository
13 | name: flux-system
14 | interval: 30m
15 | timeout: 5m
--------------------------------------------------------------------------------
/k8s/nebula/apps/networking/envoy/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./hr.yaml
--------------------------------------------------------------------------------
/k8s/nebula/apps/networking/envoy/manifests/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./configuration.yaml
7 | - ./client-policy.yaml
8 | - ./gateway.yaml
9 | - ./redirect.yaml
--------------------------------------------------------------------------------
/k8s/nebula/apps/networking/external-dns/external/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | namespace: networking
4 | resources:
5 | - ./secret.sops.yaml
6 | - ./helm-release.yaml
7 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/networking/external-dns/internal-kapsi/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | namespace: networking
4 | resources:
5 | - ./externalsecret.yaml
6 | - ./helm-release.yaml
--------------------------------------------------------------------------------
/k8s/nebula/apps/networking/external-dns/internal/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | namespace: networking
4 | resources:
5 | - ./externalsecret.yaml
6 | - ./helm-release.yaml
--------------------------------------------------------------------------------
/k8s/nebula/apps/networking/external-dns/shared/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ./dnsendpoint-crd.yaml
5 | - ./ocirepo.yaml
--------------------------------------------------------------------------------
/k8s/nebula/apps/networking/k8s-gateway/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | namespace: networking
5 | resources:
6 | - ./ocirepo.yaml
7 | - ./helm-release.yaml
8 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/networking/k8s-gateway/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: k8s-gateway
5 | namespace: flux-system
6 | spec:
7 | path: ./k8s/nebula/apps/networking/k8s-gateway/app
8 | prune: true
9 | sourceRef:
10 | kind: GitRepository
11 | name: flux-system
12 | interval: 30m
13 | timeout: 5m
--------------------------------------------------------------------------------
/k8s/nebula/apps/networking/ks-misc.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: cluster-apps-misc-ingresses
5 | namespace: flux-system
6 | labels:
7 | component.skylab.fi/part-of: definitions
8 | spec:
9 | path: ./k8s/nebula/apps/networking/misc-ingresses
10 | prune: true
11 | sourceRef:
12 | kind: GitRepository
13 | name: flux-system
14 | interval: 30m
15 | timeout: 5m
--------------------------------------------------------------------------------
/k8s/nebula/apps/networking/misc-ingresses/dh-endpoints.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Endpoints
3 | metadata:
4 | name: dh
5 | namespace: networking
6 | subsets:
7 | - addresses:
8 | - ip: 192.168.12.20
9 | ports:
10 | - name: http
11 | port: 80
12 | protocol: TCP
13 | - name: https
14 | port: 443
15 | protocol: TCP
16 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/networking/misc-ingresses/httproute/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - dh.yaml
--------------------------------------------------------------------------------
/k8s/nebula/apps/networking/misc-ingresses/ingress/genpi-minio-endpoints.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Endpoints
3 | metadata:
4 | name: genpi-minio
5 | namespace: networking
6 | subsets:
7 | - addresses:
8 | - ip: 10.0.0.8
9 | ports:
10 | - name: http
11 | port: 62759
12 | protocol: TCP
13 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/networking/misc-ingresses/ingress/genpi-minio-svc.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: genpi-minio
6 | namespace: networking
7 | spec:
8 | ports:
9 | - name: http
10 | port: 62759
11 | type: ClusterIP
12 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/networking/misc-ingresses/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ./sso-skylab.yaml
5 | - dh-cert.yaml
6 | - dh-service.yaml
7 | - dh-endpoints.yaml
8 | - httproute
9 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/networking/misc-ingresses/sso-skylab.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: externaldns.k8s.io/v1alpha1
3 | kind: DNSEndpoint
4 | metadata:
5 | name: sso-skylab
6 | namespace: networking
7 | spec:
8 | endpoints:
9 | - dnsName: "sso.skylab.fi"
10 | recordType: CNAME
11 | targets: ["web-ha.kapsi.fi"]
12 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/networking/nginx/external/custom-headers.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | data:
3 | X-Proxied-By: "nebula"
4 | kind: ConfigMap
5 | metadata:
6 | name: nginx-custom
7 | namespace: networking
8 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/networking/nginx/external/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - custom-headers.yaml
5 | - test-headers.yaml
6 | - helm-release.yaml
7 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/networking/nginx/external/test-headers.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | data:
3 | X-Different-Name: "true"
4 | X-Request-Start: t=${msec}
5 | X-Using-Nginx-Controller: "true"
6 | kind: ConfigMap
7 | metadata:
8 | name: custom-headers
9 | namespace: networking
10 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/networking/nginx/internal/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ./helmrelease.yaml
5 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/networking/nginx/ks-shared.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: cluster-apps-nginx-shared
5 | namespace: flux-system
6 | spec:
7 | path: ./k8s/nebula/apps/networking/nginx/shared
8 | prune: true
9 | wait: true
10 | sourceRef:
11 | kind: GitRepository
12 | name: flux-system
13 | interval: 30m
14 | timeout: 5m
--------------------------------------------------------------------------------
/k8s/nebula/apps/networking/nginx/shared/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | namespace: networking
5 | resources:
6 | - ./dashboard/
--------------------------------------------------------------------------------
/k8s/nebula/apps/networking/ns.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: networking
6 | labels:
7 | goldilocks.fairwinds.com/enabled: "true"
--------------------------------------------------------------------------------
/k8s/nebula/apps/networking/tailscale/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./es.yaml
7 | - ./hr.yaml
--------------------------------------------------------------------------------
/k8s/nebula/apps/networking/tailscale/extras/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - proxyclass.yaml
5 | - subnet-router.yaml
6 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/networking/unimus/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - hr.yaml
5 | - ../../../../../templates/volsync
6 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/networking/whoami/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ./hr.yaml
5 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/school/blog/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | namespace: school
4 | resources:
5 | - hr.yaml
6 | - ../../../../../templates/volsync-minio
7 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/school/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ns.yaml
5 | - blog/ks.yaml
6 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/school/ns.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: school
--------------------------------------------------------------------------------
/k8s/nebula/apps/search/elk/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: eck-operator
5 | namespace: flux-system
6 | spec:
7 | path: ./k8s/nebula/apps/search/elk/operator
8 | prune: true
9 | sourceRef:
10 | kind: GitRepository
11 | name: flux-system
12 | interval: 30m
13 | retryInterval: 1m
14 | timeout: 5m
15 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/search/elk/operator/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./hr.yaml
6 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/search/elk/resources/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - es.yaml
5 | - kibana.yaml
6 | # - ingress-elk.yaml
7 | - httproute-elk.yaml
--------------------------------------------------------------------------------
/k8s/nebula/apps/search/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ns.yaml
6 | # - elk/ks.yaml
7 | # - elk/ks-resources.yaml
8 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/search/ns.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: search
6 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/security/authentik/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ./helm-release.yaml
5 | # - ./internal-httproute.yaml
6 | # - ./internal-ingress.yaml
7 | # - ./webfinger-ingress.yaml
8 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/security/external-secrets/stores/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./onepassword
7 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/security/external-secrets/stores/onepassword/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | # - ./secret.sops.yaml
7 | - ./clustersecretstore.yaml
8 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/security/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ns.yaml
6 | # - authentik/ks.yaml
7 | - onepassword-connect/ks.yaml
8 | - external-secrets/ks.yaml
9 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/security/ns.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: security
6 | labels:
7 | goldilocks.fairwinds.com/enabled: "true"
--------------------------------------------------------------------------------
/k8s/nebula/apps/security/onepassword-connect/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./hr.yaml
6 | - ./onepassword-connect.secret.sops.yaml
--------------------------------------------------------------------------------
/k8s/nebula/apps/services/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ./ns.yaml
5 | - ./searxng/ks.yaml
--------------------------------------------------------------------------------
/k8s/nebula/apps/services/ns.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: services
--------------------------------------------------------------------------------
/k8s/nebula/apps/services/searxng/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./es.yaml
7 | - ./hr.yaml
8 | configMapGenerator:
9 | - name: searxng-configmap
10 | files:
11 | - ./resources/limiter.toml
12 | - ./resources/settings.yml
13 | generatorOptions:
14 | disableNameSuffixHash: true
--------------------------------------------------------------------------------
/k8s/nebula/apps/storage/democractc-csi-local-path/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://kubernetes-schemas.trux.dev/kustomize.config.k8s.io/kustomization_v1beta1.json
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./helm-release.yaml
7 | metadata:
8 | namespace: storage
--------------------------------------------------------------------------------
/k8s/nebula/apps/storage/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./rook-ceph
6 | - ./democractc-csi-local-path/ks.yaml
7 | # - ./longhorn/ks.yaml
8 | # - ./longhorn/ks-recurring-jobs.yaml
9 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/storage/rook-ceph/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources: []
6 | # - ./ns.yaml
7 | # - ./rook/ks-operator.yaml
8 | # - ./rook/ks-cluster.yaml
9 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/storage/rook-ceph/ns.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: rook-ceph
--------------------------------------------------------------------------------
/k8s/nebula/apps/storage/rook-ceph/rook/cluster/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./hr.yaml
--------------------------------------------------------------------------------
/k8s/nebula/apps/storage/rook-ceph/rook/operator/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | - ./hr.yaml
--------------------------------------------------------------------------------
/k8s/nebula/apps/tor/controller/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./hr.yaml
--------------------------------------------------------------------------------
/k8s/nebula/apps/tor/controller/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: tor-controller
5 | namespace: flux-system
6 | spec:
7 | targetNamespace: tor
8 | path: ./k8s/nebula/apps/tor/controller/app
9 | prune: true
10 | sourceRef:
11 | kind: GitRepository
12 | name: flux-system
13 | interval: 30m
14 | timeout: 5m
--------------------------------------------------------------------------------
/k8s/nebula/apps/tor/envoy-gw/app/gw.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: gateway.networking.k8s.io/v1
2 | kind: Gateway
3 | metadata:
4 | name: envoy-tor
5 | namespace: tor
6 | labels:
7 | type: tor
8 | spec:
9 | gatewayClassName: envoy
10 | listeners:
11 | - name: http
12 | protocol: HTTP
13 | port: 80
14 | hostname: "*.onion"
15 | allowedRoutes:
16 | namespaces:
17 | from: All
--------------------------------------------------------------------------------
/k8s/nebula/apps/tor/envoy-gw/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./gw.yaml
--------------------------------------------------------------------------------
/k8s/nebula/apps/tor/envoy-gw/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: tor-envoy
5 | namespace: flux-system
6 | spec:
7 | targetNamespace: tor
8 | path: ./k8s/nebula/apps/tor/envoy-gw/app
9 | prune: true
10 | sourceRef:
11 | kind: GitRepository
12 | name: flux-system
13 | interval: 30m
14 | timeout: 5m
--------------------------------------------------------------------------------
/k8s/nebula/apps/tor/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ns.yaml
6 | # - controller/ks.yaml
7 | # - nginx/ks.yaml
8 | # - envoy-gw/ks.yaml
9 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/tor/nginx/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ./hr.yaml
5 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/tor/ns.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: tor
6 | labels:
7 | goldilocks.fairwinds.com/enabled: "true"
--------------------------------------------------------------------------------
/k8s/nebula/apps/volsync/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization
3 | apiVersion: kustomize.config.k8s.io/v1beta1
4 | kind: Kustomization
5 | resources:
6 | # Pre Flux-Kustomizations
7 | - ./ns.yaml
8 | # Flux-Kustomizations
9 | - ./volsync/ks.yaml
--------------------------------------------------------------------------------
/k8s/nebula/apps/volsync/ns.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: volsync
6 | labels:
7 | kustomize.toolkit.fluxcd.io/prune: disabled
--------------------------------------------------------------------------------
/k8s/nebula/apps/volsync/volsync/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | namespace: volsync
4 | resources:
5 | - ./hr.yaml
6 | - ./prom-rule.yaml
7 | - ./external-secret.yaml
8 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/volsync/volsync/ks.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: cluster-apps-volsync
5 | namespace: flux-system
6 | spec:
7 | path: ./k8s/nebula/apps/volsync/volsync/app
8 | prune: true
9 | sourceRef:
10 | kind: GitRepository
11 | name: flux-system
12 | wait: false
13 | interval: 30m
14 | timeout: 5m
--------------------------------------------------------------------------------
/k8s/nebula/apps/vpn/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ns.yaml
5 | - vpn-gateway/ks.yaml
6 | - vpn-gateway/ks-webhook.yaml
7 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/vpn/ns.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: vpn
6 | labels:
7 | goldilocks.fairwinds.com/enabled: 'true'
8 | kustomize.toolkit.fluxcd.io/prune: disabled
--------------------------------------------------------------------------------
/k8s/nebula/apps/vpn/vpn-gateway/app/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./helm-release.yaml
6 | - ./secret.sops.yaml
7 | - ./netpol.yaml
--------------------------------------------------------------------------------
/k8s/nebula/apps/vpn/vpn-gateway/ks-webhook.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: vpn-gateway-webhook
5 | namespace: flux-system
6 | spec:
7 | targetNamespace: vpn
8 | path: ./k8s/nebula/apps/vpn/vpn-gateway/webhook
9 | prune: true
10 | sourceRef:
11 | kind: GitRepository
12 | name: flux-system
13 | namespace: flux-system
14 | interval: 30m
15 | timeout: 5m
16 |
--------------------------------------------------------------------------------
/k8s/nebula/apps/vpn/vpn-gateway/webhook/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./cert.yaml
6 | - ./hr.yaml
7 | - ./webhook.yaml
--------------------------------------------------------------------------------
/k8s/nebula/flux/config/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 | - ./flux.yaml
5 | - ./cluster.yaml
6 | - ./shared.yaml
7 | # - ./vm.yaml
8 | # - ./private-flux-system.yaml
9 |
--------------------------------------------------------------------------------
/k8s/nebula/flux/config/vm.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.toolkit.fluxcd.io/v1
2 | kind: Kustomization
3 | metadata:
4 | name: vm
5 | namespace: flux-system
6 | spec:
7 | interval: 10m0s
8 | retryInterval: 2m0s
9 | timeout: 5m
10 | path: ./k8s/nebula/vm
11 | prune: true
12 | wait: false
13 | sourceRef:
14 | kind: GitRepository
15 | name: flux-system
16 |
--------------------------------------------------------------------------------
/k8s/nebula/talos/.sops.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | creation_rules:
3 | - key_groups:
4 | - age:
5 | - age13xy8slkuaz408wh5s0jgd40a8kqtj6gfnr657xxqku6vm0r0qpjqymtkmz
6 | - age17u92e7hgqxt8eftks9knn5w54nh7hqpsssqt62duf7wa8q0ve52smm9erh
7 |
--------------------------------------------------------------------------------
/k8s/nebula/talos/clusterconfig/.gitignore:
--------------------------------------------------------------------------------
1 | nebula-m1.yaml
2 | talosconfig
3 | nebula-w-amd-1.yaml
4 | nebula-w-amd-2.yaml
5 | nebula-w-amd-3.yaml
6 | nebula-w-amd-4.yaml
7 | nebula-w7.yaml
8 | nebula-m2.yaml
9 | nebula-cm4-1.yaml
10 | nebula-w-amd-5.yaml
11 |
--------------------------------------------------------------------------------
/k8s/nebula/talos/patches/controller/api-access.yaml:
--------------------------------------------------------------------------------
1 | # Enable K8s Talos API Access
2 | machine:
3 | features:
4 | kubernetesTalosAPIAccess:
5 | enabled: true
6 | allowedRoles:
7 | - os:admin
8 | allowedKubernetesNamespaces:
9 | - system-upgrade
10 |
--------------------------------------------------------------------------------
/k8s/nebula/talos/patches/controller/cluster.yaml:
--------------------------------------------------------------------------------
1 | cluster:
2 | allowSchedulingOnMasters: false
3 | controllerManager:
4 | extraArgs:
5 | bind-address: 0.0.0.0
6 | coreDNS:
7 | disabled: true
8 | proxy:
9 | disabled: true
10 | scheduler:
11 | extraArgs:
12 | bind-address: 0.0.0.0
13 |
--------------------------------------------------------------------------------
/k8s/nebula/talos/patches/controller/disable-admission-controller.yaml:
--------------------------------------------------------------------------------
1 | # Disable default API server admission plugins.
2 | - op: remove
3 | path: /cluster/apiServer/admissionControl
4 |
--------------------------------------------------------------------------------
/k8s/nebula/talos/patches/controller/kube-prism.yaml:
--------------------------------------------------------------------------------
1 | machine:
2 | features:
3 | kubePrism:
4 | enabled: true
5 | port: 7445
6 |
--------------------------------------------------------------------------------
/k8s/nebula/talos/patches/global/cluster-discovery.yaml:
--------------------------------------------------------------------------------
1 | cluster:
2 | discovery:
3 | registries:
4 | kubernetes:
5 | disabled: true
6 | service:
7 | disabled: true
8 |
--------------------------------------------------------------------------------
/k8s/nebula/talos/patches/global/disable-kexec.yaml:
--------------------------------------------------------------------------------
1 | machine:
2 | sysctls:
3 | kernel.kexec_load_disabled: "1"
4 |
--------------------------------------------------------------------------------
/k8s/nebula/talos/patches/global/disable-search-domain.yaml:
--------------------------------------------------------------------------------
1 | machine:
2 | network:
3 | disableSearchDomain: true
4 |
--------------------------------------------------------------------------------
/k8s/nebula/talos/patches/global/hostDNS.yaml:
--------------------------------------------------------------------------------
1 | machine:
2 | features:
3 | hostDNS:
4 | enabled: true
5 | resolveMemberNames: true
6 | forwardKubeDNSToHost: true
7 |
--------------------------------------------------------------------------------
/k8s/nebula/talos/patches/global/nfs.yaml:
--------------------------------------------------------------------------------
1 | machine:
2 | files:
3 | - op: overwrite
4 | path: /etc/nfsmount.conf
5 | permissions: 0o644
6 | content: |
7 | [ NFSMount_Global_Options ]
8 | nfsvers=4.1
9 | hard=True
10 | noatime=True
11 | nodiratime=True
12 | rsize=131072
13 | wsize=131072
14 | nconnect=8
15 |
--------------------------------------------------------------------------------
/k8s/nebula/talos/patches/global/sysctl.yaml:
--------------------------------------------------------------------------------
1 | machine:
2 | sysctls:
3 | fs.inotify.max_queued_events: "65536"
4 | fs.inotify.max_user_instances: "8192"
5 | fs.inotify.max_user_watches: "524288"
6 | net.core.rmem_max: "2500000"
7 | net.core.wmem_max: "2500000"
8 | # Painful: https://github.com/siderolabs/talos/issues/5632
9 | net.ipv6.conf.bond0.accept_ra: '2'
10 |
--------------------------------------------------------------------------------
/k8s/nebula/talos/patches/global/time.yaml:
--------------------------------------------------------------------------------
1 | machine:
2 | time:
3 | disabled: false # Indicates if the time service is disabled for the machine.
4 | servers:
5 | - 10.0.105.1
6 |
--------------------------------------------------------------------------------
/k8s/nebula/talos/patches/global/udev.yaml:
--------------------------------------------------------------------------------
1 | machine:
2 | udev:
3 | rules:
4 | # Intel GPU
5 | - SUBSYSTEM=="drm", KERNEL=="renderD*", GROUP="44", MODE="0660"
6 |
--------------------------------------------------------------------------------
/k8s/templates/volsync-minio/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./minio
6 | - ./pvc.yaml
7 |
--------------------------------------------------------------------------------
/k8s/templates/volsync-minio/minio/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./externalsecret.yaml
6 | - ./replicationdestination.yaml
7 | - ./replicationsource.yaml
8 |
--------------------------------------------------------------------------------
/k8s/templates/volsync/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./minio
6 | - ./r2
7 | - ./pvc.yaml
8 |
--------------------------------------------------------------------------------
/k8s/templates/volsync/minio/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./externalsecret.yaml
6 | - ./replicationdestination.yaml
7 | - ./replicationsource.yaml
8 |
--------------------------------------------------------------------------------
/k8s/templates/volsync/r2/kustomization.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 | resources:
5 | - ./external-secret.yaml
6 | - ./replicationsource.yaml
7 |
--------------------------------------------------------------------------------
/provision/ansible/media/inventory/hosts.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | kubernetes:
3 | children:
4 | master:
5 | hosts:
6 | plex-server:
7 | ansible_host: 192.168.2.129
8 | ansible_port: 22
9 | vars:
10 | ansible_user: sky
11 | k3s_become: true
12 |
--------------------------------------------------------------------------------
/provision/ansible/media/playbooks:
--------------------------------------------------------------------------------
1 | ../playbooks/
--------------------------------------------------------------------------------
/provision/ansible/playbooks/cluster-reboot.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts:
3 | - master
4 | - worker
5 | become: true
6 | gather_facts: true
7 | any_errors_fatal: true
8 | pre_tasks:
9 | - name: Pausing for 5 seconds...
10 | ansible.builtin.pause:
11 | seconds: 5
12 | tasks:
13 | - name: Reboot
14 | ansible.builtin.reboot:
15 | msg: Rebooting nodes
16 | reboot_timeout: 3600
--------------------------------------------------------------------------------
/provision/ansible/playbooks/files:
--------------------------------------------------------------------------------
1 | ../files/
--------------------------------------------------------------------------------
/provision/ansible/playbooks/ubuntu-prepare.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts:
3 | - master
4 | - worker
5 | become: true
6 | gather_facts: true
7 | any_errors_fatal: true
8 | pre_tasks:
9 | - name: Pausing for 5 seconds...
10 | pause:
11 | seconds: 5
12 | roles:
13 | - ubuntu
14 |
--------------------------------------------------------------------------------
/provision/ansible/requirements.txt:
--------------------------------------------------------------------------------
1 | docker==7.1.0
2 |
--------------------------------------------------------------------------------
/provision/ansible/requirements.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | roles:
3 | - src: xanmanning.k3s
4 | version: v3.4.4
5 | collections:
6 | - name: community.docker
7 | version: 4.6.0
8 | - name: community.general
9 | version: 10.7.0
10 | - name: community.kubernetes
11 | version: 2.0.1
12 | - name: community.sops
13 | version: 2.0.5
14 |
--------------------------------------------------------------------------------
/provision/ansible/roles/ubuntu/files/nut/nut.conf:
--------------------------------------------------------------------------------
1 | MODE=netclient
2 |
--------------------------------------------------------------------------------
/provision/ansible/roles/ubuntu/files/sysctl.d/99-hugepages.conf.yaml:
--------------------------------------------------------------------------------
1 | # Longhorn v2 data engine needs this as a min req
2 | vm.nr_hugepages = 512
--------------------------------------------------------------------------------
/provision/ansible/roles/ubuntu/files/sysctl.d/fs-sysctl-k3s.yaml:
--------------------------------------------------------------------------------
1 | fs.inotify.max_user_watches=100000
2 | fs.inotify.max_user_instances=100000
3 |
--------------------------------------------------------------------------------
/provision/ansible/roles/ubuntu/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Restart node
3 | ansible.builtin.reboot:
4 | msg: Restart node due to system changes
5 |
6 | - name: Restart unattended-upgrades
7 | ansible.builtin.service:
8 | name: unattended-upgrades.service
9 | daemon_reload: true
10 | enabled: true
11 | state: restarted
12 |
--------------------------------------------------------------------------------
/provision/ansible/roles/ubuntu/tasks/cgroup-killer.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Copy systemd service
3 | copy:
4 | src: "{{ role_path }}/files/cgroup-kill-on-shutdown.service"
5 | dest: /etc/systemd/system/cgroup-kill-on-shutdown@.service
6 | owner: root
7 |
8 | - name: Reload systemd
9 | systemd:
10 | daemon_reload: true
11 |
--------------------------------------------------------------------------------
/provision/ansible/roles/ubuntu/tasks/locale.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Set timezone
3 | community.general.timezone:
4 | name: "{{ timezone }}"
5 | when:
6 | - timezone is defined
7 |
--------------------------------------------------------------------------------
/provision/ansible/roles/ubuntu/templates/lldpd.conf:
--------------------------------------------------------------------------------
1 | DAEMON_ARGS="-I {{ ansible_default_ipv4.interface }}"
2 |
--------------------------------------------------------------------------------
/templates/external-secrets/externalsecret-store.yaml.tmpl:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: external-secrets.io/v1beta1
3 | kind: ClusterSecretStore
4 | metadata:
5 | name: &name
6 | namespace:
7 | spec:
8 | provider:
9 | doppler:
10 | project: *name
11 | config: prd
12 | auth:
13 | secretRef:
14 | dopplerToken:
15 | name: doppler-token-auth-api
16 | key: dopplerToken
17 | namespace: flux-system
--------------------------------------------------------------------------------
/templates/external-secrets/externalsecret.yaml.tmpl:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: external-secrets.io/v1beta1
3 | kind: ExternalSecret
4 | metadata:
5 | name:
6 | namespace:
7 | spec:
8 | refreshInterval: 5m
9 | secretStoreRef:
10 | kind: ClusterSecretStore
11 | name:
12 | target:
13 | name:
14 | creationPolicy: Owner
15 | data:
16 | - secretKey: username
17 | remoteRef:
18 | key: POSTGRES_SUPER_USER
--------------------------------------------------------------------------------
/terraform/mikrotik/main.tf:
--------------------------------------------------------------------------------
1 | module "rb5009" {
2 | source = "./modules/rb5009"
3 | mikrotik_host_url = "https://192.168.2.1"
4 | mikrotik_username = var.mikrotik_username
5 | mikrotik_password = var.mikrotik_password
6 | mikrotik_insecure = true
7 | doh_server_url = "https://dns.nextdns.io/f5ec55"
8 | }
--------------------------------------------------------------------------------
/terraform/mikrotik/modules/rb5009/dhcp-client.tf:
--------------------------------------------------------------------------------
1 | resource "routeros_ip_dhcp_client" "WAN" {
2 | interface = routeros_interface_ethernet.wan.name
3 | add_default_route = "yes"
4 | default_route_distance = 25
5 | use_peer_dns = true
6 | use_peer_ntp = true
7 | }
8 |
9 | resource "routeros_ip_dhcp_client" "WAN2" {
10 | interface = routeros_interface_ethernet.wan2.name
11 | add_default_route = "yes"
12 | default_route_distance = 254
13 | }
--------------------------------------------------------------------------------
/terraform/mikrotik/modules/rb5009/dhcp6-client.tf:
--------------------------------------------------------------------------------
1 | resource "routeros_ipv6_dhcp_client" "WANv6" {
2 | interface = routeros_interface_ethernet.wan.name
3 | pool_name = "delegated-wan"
4 | add_default_route = false # We get it from SLAAC
5 | use_interface_duid = true
6 | pool_prefix_length = 60
7 | rapid_commit = false
8 | use_peer_dns = false
9 | request = ["prefix", "address"]
10 | }
--------------------------------------------------------------------------------
/terraform/mikrotik/modules/rb5009/routing-bgp.tf:
--------------------------------------------------------------------------------
1 | module "bgp" {
2 | source = "./bgp"
3 | }
--------------------------------------------------------------------------------
/terraform/mikrotik/modules/rb5009/snmp.tf:
--------------------------------------------------------------------------------
1 | resource "routeros_snmp" "snmp" {
2 | enabled = false
3 | src_address = "192.168.99.1"
4 | }
--------------------------------------------------------------------------------