├── .github ├── CODEOWNERS ├── labeler.yaml ├── labels.yaml ├── linters │ ├── .flake8 │ ├── .markdownlint.yaml │ ├── .prettierignore │ ├── .prettierrc.yaml │ ├── .yamllint copy.yaml │ └── .yamllint.yaml ├── markdown-link-check_config.json ├── mkdocs │ ├── mkdocs.yml │ └── requirements.txt ├── release-drafter.yml ├── renovate.json5 ├── renovate │ ├── allowedVersions.json5 │ ├── autoMerge.json5 │ ├── disabledDatasources.json5 │ └── groups.json5 ├── scripts │ ├── cloudflare-proxied-networks.sh │ ├── container-parser.sh │ ├── create-helmrelease-annotations.sh │ ├── helm-release-differ.sh │ ├── helmReleaseDiff.mjs │ ├── kubeconform.sh │ ├── lib │ │ └── functions.sh │ └── validate-kustomize.sh └── workflows │ ├── build-docs.yaml │ ├── helm-release-diff.yaml │ ├── meta-labeler.yaml │ ├── meta-sync-labels.yaml │ ├── schedule-automerge-servers.yaml │ ├── schedule-cloudflare-proxied-networks-update.yaml │ ├── schedule-release.yml │ ├── schedule-renovate.yaml │ └── sehcdule-release-drafter.yml ├── .gitignore ├── .pre-commit-config.yaml ├── .sops.yaml ├── .taskfiles ├── Ansible │ └── Tasks.yml ├── ExternalSecrets │ └── Tasks.yml ├── Flux │ └── Tasks.yml ├── Git │ └── Tasks.yml ├── Kopia │ └── Tasks.yml ├── Kubernetes │ └── Tasks.yml ├── Postgres │ └── Tasks.yml ├── PreCommit │ └── Tasks.yml ├── Redis │ └── Tasks.yaml ├── Rook │ └── Tasks.yaml ├── Talos │ └── Tasks.yml ├── VolSync │ ├── ListJob.tmpl.yaml │ ├── ReplicationDestination.tmpl.yaml │ ├── Tasks.yml │ ├── UnlockJob.tmpl.yaml │ ├── WipeJob.tmpl.yaml │ └── wait-for-job.sh ├── _scripts │ └── wait-for-k8s-job.sh └── snapshot.yaml ├── .vscode ├── extensions.json ├── settings.json └── yaml.code-snippets ├── LICENSE.md ├── Taskfile.yml ├── archive ├── home-automation │ └── windmill │ │ ├── app │ │ ├── database.yaml │ │ ├── externalsecret.yaml │ │ ├── helmrelease.yaml │ │ ├── kustomization.yaml │ │ ├── pvc.yaml │ │ └── volsync.yaml │ │ └── ks.yaml ├── kube-system │ └── descheduler │ │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ │ └── ks.yaml ├── kyverno │ ├── kustomization.yaml │ ├── kyverno │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── rbac.yaml │ │ ├── ks.yaml │ │ └── policies │ │ │ └── remove-cpu-limit.yaml │ └── namespace.yaml ├── organizarrs │ ├── calibre-web │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── pvc.yaml │ │ │ └── volsync.yaml │ │ └── ks.yaml │ ├── flaresolverr │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ └── openbooks │ │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ │ └── ks.yaml └── services │ ├── cyberchef │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ └── ks.yaml │ └── nitter │ ├── app │ ├── config │ │ └── config.ini │ ├── deps │ ├── helmrelease.yaml │ └── kustomization.yaml │ └── ks.yaml ├── docs ├── .draft │ ├── boostrap.md │ ├── dns.md │ ├── folder_standard.md │ ├── increase pvc size │ ├── mail.md │ ├── mkdocs.md │ ├── monitoring.md │ ├── nextdns.md │ ├── repo_standards.md │ └── specifics │ │ ├── authentik.md │ │ ├── bitwarden.md │ │ ├── blackbox-exporter.md │ │ ├── email_domains.md │ │ ├── kasten-k10.md │ │ ├── plex.md │ │ ├── postgres.md │ │ ├── qbittorrent.md │ │ ├── renovatebot.md │ │ ├── rook-ceph.md │ │ ├── upptime.md │ │ ├── velero.md │ │ └── vpn.md ├── _includes │ └── abbreviations.md ├── _static │ └── custom.css └── src │ ├── CNAME │ ├── apps │ └── k10.md │ ├── cluster │ └── bootstrap-workflow.md │ ├── diagrams │ ├── cluster-map.md │ └── network-map.md │ ├── general │ └── hardware.md │ ├── helm │ └── creating-helm-chart.md │ ├── images │ ├── cluster-map.diagrams.py │ ├── cluster_map.png │ ├── flux-horizontal-color.png │ ├── k8s.png │ ├── mkdocs.png │ ├── mullvad_acct_1.png │ ├── mullvad_acct_2.png │ ├── nanobeam.png │ ├── network-map.diagrams.py │ ├── network_map.png │ └── unifi_ac.png │ ├── index.md │ ├── js │ └── sha.js │ ├── play.md │ ├── repository │ ├── folder-structure.md │ └── semantic-git-messages.md │ └── sidero │ ├── retrieve_talosconfig.md │ ├── sidero-install.md │ ├── sidero-intro.md │ ├── talos-dev-cluster.md │ └── talos-update.md ├── hack ├── pystructure │ ├── pystructure.py │ ├── requirements.txt │ └── templates │ │ ├── kustomization_tmpl.j2 │ │ └── volsync_tmpl.j2 ├── restore-all.sh └── restore-job.yaml ├── infrastructure ├── ansible │ ├── ansible.cfg │ ├── inventory │ │ ├── group_vars │ │ │ └── all │ │ │ │ ├── main.yml │ │ │ │ └── networks.yml │ │ ├── host_vars │ │ │ ├── helios │ │ │ │ ├── main.sops.yml │ │ │ │ └── main.yml │ │ │ ├── localhost.yml │ │ │ ├── prusa │ │ │ │ ├── main.sops.yml │ │ │ │ └── main.yml │ │ │ ├── sdb1 │ │ │ │ ├── main.sops.yml │ │ │ │ └── main.yml │ │ │ ├── sdb2 │ │ │ │ ├── main.sops.yml │ │ │ │ └── main.yml │ │ │ ├── synchrona │ │ │ │ ├── main.sops.yml │ │ │ │ └── main.yml │ │ │ └── technocore │ │ │ │ ├── main.sops.yml │ │ │ │ └── main.yml │ │ └── hosts.yml │ ├── playbooks │ │ ├── nas.yml │ │ ├── pikvm.yml │ │ ├── seedbox.yaml │ │ ├── site.yml │ │ └── synchrona.yml │ ├── requirements.yml │ └── roles │ │ ├── common.download_package │ │ ├── defaults │ │ │ └── main.yaml │ │ └── tasks │ │ │ └── main.yaml │ │ ├── linux.common.os │ │ └── tasks │ │ │ ├── main.yml │ │ │ └── packages.yml │ │ ├── linux.node_exporter │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── node-exporter.service.j2 │ │ ├── linux.vector │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── vector.service.j2 │ │ │ └── vector.yaml.j2 │ │ ├── nas.apps │ │ ├── tasks │ │ │ ├── certificates.yml │ │ │ ├── main.yml │ │ │ ├── minio.yml │ │ │ └── node-exporter.yml │ │ └── templates │ │ │ └── autoscan │ │ │ └── config.yml.j2 │ │ ├── pikvm.apps │ │ └── tasks │ │ │ └── main.yml │ │ ├── pikvm.os │ │ ├── handlers │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── kvmd_override.yaml.j2 │ │ │ └── tc358743-edid.hex.j2 │ │ ├── seedbox.apps │ │ └── tasks │ │ │ └── main.yml │ │ ├── seedbox.os │ │ ├── handlers │ │ │ └── main.yml │ │ ├── tasks │ │ │ ├── acme.yml │ │ │ ├── apps.yml │ │ │ ├── cross-seed.yml │ │ │ ├── main.yml │ │ │ ├── os.yml │ │ │ ├── qbittorrent.yml │ │ │ ├── sysctl.yml │ │ │ ├── tqm.yml │ │ │ ├── ufw.yml │ │ │ ├── user.yml │ │ │ └── vnstat.yml │ │ ├── templates │ │ │ ├── cross-seed.config.j2 │ │ │ ├── cross-seed.service.j2 │ │ │ ├── qBittorrent.service.j2 │ │ │ ├── sysctl.conf.j2 │ │ │ ├── tqm.config.yaml.j2 │ │ │ ├── vnstat.service.j2 │ │ │ └── xseed.sh.j2 │ │ └── vars │ │ │ └── main.yml │ │ └── synchrona.txtempus │ │ ├── README.md │ │ └── tasks │ │ └── main.yml ├── ansible_old │ ├── ansible.cfg │ ├── inventory │ │ └── hosts.yml │ ├── nas │ │ ├── .envrc │ │ ├── ansible.cfg │ │ ├── inventory │ │ │ ├── group_vars │ │ │ │ ├── all │ │ │ │ │ └── os.yml │ │ │ │ ├── master │ │ │ │ │ └── k3s.yml │ │ │ │ └── networks.yml │ │ │ ├── host_vars │ │ │ │ ├── helios.sops.yml │ │ │ │ └── helios.yml │ │ │ └── hosts.yml │ │ └── playbooks │ │ │ ├── cluster-installation.yml │ │ │ ├── cluster-nuke.yml │ │ │ ├── cluster-prepare.yml │ │ │ ├── install-zfs-exporter.yml │ │ │ └── templates │ │ │ ├── aliases.j2 │ │ │ ├── msmtprc.j2 │ │ │ ├── smartd.conf.j2 │ │ │ ├── zed.rc.j2 │ │ │ └── zfs_exporter.service.j2 │ ├── playbooks │ │ ├── octoprint │ │ │ ├── install.yml │ │ │ ├── nodes.md │ │ │ ├── roles │ │ │ │ ├── acme_sh.octoprint │ │ │ │ │ ├── defaults │ │ │ │ │ │ └── main.yml │ │ │ │ │ ├── tasks │ │ │ │ │ │ └── main.yml │ │ │ │ │ └── vars │ │ │ │ │ │ └── main.yml │ │ │ │ ├── node_exporter.octoprint │ │ │ │ │ ├── defaults │ │ │ │ │ │ └── main.yml │ │ │ │ │ ├── handlers │ │ │ │ │ │ └── main.yml │ │ │ │ │ ├── tasks │ │ │ │ │ │ └── main.yml │ │ │ │ │ ├── templates │ │ │ │ │ │ └── node-exporter.service.j2 │ │ │ │ │ └── vars │ │ │ │ │ │ └── main.yml │ │ │ │ ├── os.octoprint │ │ │ │ │ ├── defaults │ │ │ │ │ │ └── main.yml │ │ │ │ │ ├── tasks │ │ │ │ │ │ ├── locale.yml │ │ │ │ │ │ ├── main.yml │ │ │ │ │ │ ├── network.yml │ │ │ │ │ │ ├── packages.yml │ │ │ │ │ │ ├── tmpfs.yml │ │ │ │ │ │ └── user.yml │ │ │ │ │ └── vars │ │ │ │ │ │ └── main.yml │ │ │ │ ├── pip.octoprint │ │ │ │ │ ├── defaults │ │ │ │ │ │ └── main.yml │ │ │ │ │ ├── handlers │ │ │ │ │ │ └── main.yml │ │ │ │ │ ├── tasks │ │ │ │ │ │ └── main.yml │ │ │ │ │ ├── templates │ │ │ │ │ │ └── user.yaml.j2 │ │ │ │ │ └── vars │ │ │ │ │ │ └── main.yml │ │ │ │ ├── update.octoprint │ │ │ │ │ ├── defaults │ │ │ │ │ │ └── main.yml │ │ │ │ │ ├── tasks │ │ │ │ │ │ └── main.yml │ │ │ │ │ └── vars │ │ │ │ │ │ └── main.yml │ │ │ │ └── vector.octoprint │ │ │ │ │ ├── defaults │ │ │ │ │ └── main.yml │ │ │ │ │ ├── handlers │ │ │ │ │ └── main.yml │ │ │ │ │ ├── tasks │ │ │ │ │ └── main.yml │ │ │ │ │ ├── templates │ │ │ │ │ ├── vector.service.j2 │ │ │ │ │ └── vector.yaml.j2 │ │ │ │ │ └── vars │ │ │ │ │ └── main.yml │ │ │ └── update.yml │ │ ├── pikvm.yml │ │ ├── pikvm │ │ │ ├── install.yml │ │ │ ├── roles │ │ │ │ ├── acme │ │ │ │ │ ├── defaults │ │ │ │ │ │ └── main.yml │ │ │ │ │ ├── tasks │ │ │ │ │ │ └── main.yml │ │ │ │ │ └── vars │ │ │ │ │ │ └── main.yml │ │ │ │ ├── node-exporter │ │ │ │ │ ├── defaults │ │ │ │ │ │ └── main.yml │ │ │ │ │ ├── handlers │ │ │ │ │ │ └── main.yml │ │ │ │ │ ├── tasks │ │ │ │ │ │ └── main.yml │ │ │ │ │ ├── templates │ │ │ │ │ │ └── node-exporter.service.j2 │ │ │ │ │ └── vars │ │ │ │ │ │ └── main.yml │ │ │ │ ├── os │ │ │ │ │ ├── defaults │ │ │ │ │ │ └── main.yml │ │ │ │ │ ├── handlers │ │ │ │ │ │ └── main.yml │ │ │ │ │ ├── tasks │ │ │ │ │ │ ├── main.yml │ │ │ │ │ │ └── templates │ │ │ │ │ │ │ ├── override.yaml.j2 │ │ │ │ │ │ │ └── tc358743-edid.hex.j2 │ │ │ │ │ └── vars │ │ │ │ │ │ └── main.yml │ │ │ │ ├── update │ │ │ │ │ ├── defaults │ │ │ │ │ │ └── main.yml │ │ │ │ │ ├── handlers │ │ │ │ │ │ └── main.yml │ │ │ │ │ ├── tasks │ │ │ │ │ │ └── main.yml │ │ │ │ │ └── vars │ │ │ │ │ │ └── main.yml │ │ │ │ └── vector │ │ │ │ │ ├── defaults │ │ │ │ │ └── main.yml │ │ │ │ │ ├── handlers │ │ │ │ │ └── main.yml │ │ │ │ │ ├── tasks │ │ │ │ │ └── main.yml │ │ │ │ │ ├── templates │ │ │ │ │ ├── vector.service.j2 │ │ │ │ │ └── vector.yaml.j2 │ │ │ │ │ └── vars │ │ │ │ │ └── main.yml │ │ │ └── update.yml │ │ └── site.yml │ ├── requirements.yml │ └── roles │ │ ├── common.download_package │ │ ├── defaults │ │ │ └── main.yaml │ │ └── tasks │ │ │ └── main.yaml │ │ ├── linux.common.os │ │ └── tasks │ │ │ ├── main.yml │ │ │ └── packages.yml │ │ ├── linux.node_exporter │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── node-exporter.service.j2 │ │ ├── linux.vector │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── vector.service.j2 │ │ │ └── vector.yaml.j2 │ │ ├── nas.apps │ │ ├── tasks │ │ │ ├── certificates.yml │ │ │ ├── main.yml │ │ │ ├── minio.yml │ │ │ └── node-exporter.yml │ │ └── templates │ │ │ └── autoscan │ │ │ └── config.yml.j2 │ │ ├── pikvm.apps │ │ └── tasks │ │ │ └── main.yml │ │ └── pikvm.os │ │ ├── handlers │ │ └── main.yml │ │ ├── tasks │ │ └── main.yml │ │ └── templates │ │ ├── kvmd_override.yaml.j2 │ │ └── tc358743-edid.hex.j2 ├── flyio │ ├── uptime-kuma │ │ ├── fly.toml │ │ └── readme.md │ └── vaultwarden │ │ └── fly.toml ├── talos │ └── hegira │ │ ├── clusterconfig │ │ └── .gitignore │ │ ├── readme.md │ │ └── talconfig.yaml └── terraform │ ├── b2 │ ├── .terraform.lock.hcl │ ├── b2.tf │ ├── doppler.tf │ ├── main.tf │ ├── providers.tf │ └── readme.md │ └── s3 │ ├── .terraform.lock.hcl │ ├── doppler.tf │ ├── main.tf │ ├── minio.tf │ ├── modules │ └── minio_bucket │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── providers.tf │ └── readme.md ├── kubernetes ├── README.md ├── hegira │ ├── apps │ │ ├── cert-manager │ │ │ ├── cert-manager │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── prometheusrule.yaml │ │ │ │ ├── issuers │ │ │ │ │ ├── clusterissuer.yaml │ │ │ │ │ ├── deps │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ └── namespace.yaml │ │ ├── databases │ │ │ ├── crunchy-postgres-operator │ │ │ │ ├── database │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── postgrescluster.yaml │ │ │ │ ├── ks.yaml │ │ │ │ └── operator │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ ├── ext-postgres-operator │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── namespace.yaml │ │ │ ├── pgadmin │ │ │ │ ├── app │ │ │ │ │ ├── config │ │ │ │ │ │ └── servers.json │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── pvc.yaml │ │ │ │ └── ks.yaml │ │ │ ├── postgres-backup │ │ │ │ ├── app │ │ │ │ │ ├── cronjob.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── redis-sentinel │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── redis │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ └── zalando-postgres │ │ │ │ ├── cluster │ │ │ │ ├── cluster.yaml │ │ │ │ ├── deps │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── podmonitor.yaml │ │ │ │ └── service.yaml │ │ │ │ ├── ks.yaml │ │ │ │ └── operator │ │ │ │ ├── configmap.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── prometheusrule.yaml │ │ ├── downloads │ │ │ ├── autobrr │ │ │ │ ├── app │ │ │ │ │ ├── database.yaml │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── media-pvc.yaml │ │ │ └── namespace.yaml │ │ ├── flux-system │ │ │ ├── addons │ │ │ │ ├── ks.yaml │ │ │ │ ├── monitoring │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── podmonitor.yaml │ │ │ │ │ └── prometheusrule.yaml │ │ │ │ ├── notifications │ │ │ │ │ ├── alertmanager │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── notification.yaml │ │ │ │ │ ├── github │ │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── notification.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── webhooks │ │ │ │ │ ├── github │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── ingress.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── receiver.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ ├── external-secrets │ │ │ │ ├── ks.yaml │ │ │ │ └── operator │ │ │ │ │ ├── deps │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── namespace.yaml │ │ │ └── weave-gitops │ │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ ├── games │ │ │ ├── deployment-restart │ │ │ │ ├── app │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── role.yaml │ │ │ │ │ ├── rolebinding.yaml │ │ │ │ │ └── serviceaccount.yaml │ │ │ │ └── ks.yaml │ │ │ ├── factorio │ │ │ │ ├── deathworld │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ └── volsync.yaml │ │ │ │ ├── freight-forwarding │ │ │ │ │ ├── cronjob.yaml │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ └── volsync.yaml │ │ │ │ ├── k2 │ │ │ │ │ ├── README.md │ │ │ │ │ ├── cronjob.yaml │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ └── volsync.yaml │ │ │ │ ├── ks.yaml │ │ │ │ ├── ribbonworld │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ └── volsync.yaml │ │ │ │ ├── seablock │ │ │ │ │ ├── cronjob.yaml │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ └── volsync.yaml │ │ │ │ └── squareworld │ │ │ │ │ ├── cronjob.yaml │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ └── volsync.yaml │ │ │ ├── foundryvtt │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ └── volsync.yaml │ │ │ │ ├── ks.yaml │ │ │ │ └── wip │ │ │ ├── kustomization.yaml │ │ │ ├── namespace.yaml │ │ │ └── satisfactory │ │ │ │ ├── app │ │ │ │ ├── README.md │ │ │ │ ├── cronjob.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── pvc.yaml │ │ │ │ └── volsync.yaml │ │ │ │ └── ks.yaml │ │ ├── home-automation │ │ │ ├── ecowitt2mqtt │ │ │ │ ├── app │ │ │ │ │ ├── deps │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── emqx │ │ │ │ ├── app │ │ │ │ │ ├── deps │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── home-assistant │ │ │ │ ├── app │ │ │ │ │ ├── deps │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ └── volsync.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── namespace.yaml │ │ │ ├── node-red │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ └── volsync.yaml │ │ │ │ └── ks.yaml │ │ │ └── zigbee2mqtt │ │ │ │ ├── app │ │ │ │ ├── deps │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── pvc.yaml │ │ │ │ └── volsync.yaml │ │ │ │ └── ks.yaml │ │ ├── kube-system │ │ │ ├── cilium │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── democratic-csi │ │ │ │ ├── ks.yaml │ │ │ │ └── local-path │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ ├── intel-gpu-plugin │ │ │ │ ├── app │ │ │ │ │ ├── deps │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── metrics-server │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── ks.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── namespace.yaml │ │ │ ├── node-feature-discovery │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── ks.yaml │ │ │ │ └── rules │ │ │ │ │ └── nodefeaturerule.yaml │ │ │ └── reloader │ │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ ├── media │ │ │ ├── dizquetv │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ └── volsync.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── namespace.yaml │ │ │ ├── plex │ │ │ │ ├── app │ │ │ │ │ ├── deps │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ └── volsync.yaml │ │ │ │ ├── ks.yaml │ │ │ │ └── media-manager │ │ │ │ │ ├── configs │ │ │ │ │ ├── Pre-rolls.yml │ │ │ │ │ └── config.yml │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ ├── scripts │ │ │ │ │ └── run.sh │ │ │ │ │ └── volsync.yaml │ │ │ └── tautulli │ │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── pvc.yaml │ │ │ │ └── volsync.yaml │ │ │ │ └── ks.yaml │ │ ├── monitoring │ │ │ ├── blackbox-exporter │ │ │ │ └── app │ │ │ │ │ └── helmrelease.yaml │ │ │ ├── changedetection │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ └── volsync.yaml │ │ │ │ └── ks.yaml │ │ │ ├── exporters │ │ │ │ └── ks.yaml │ │ │ ├── grafana │ │ │ │ ├── app │ │ │ │ │ ├── deps │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── dashboards │ │ │ │ │ ├── dockershit.json │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── speedtest-exporter-dashboard.json │ │ │ │ │ └── vyos.json │ │ │ │ ├── ks.yaml │ │ │ │ └── rules │ │ │ │ │ ├── dockerhub.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ ├── hs110-exporter-kp115-1 │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── hs110-exporter-prusa │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── hs110-exporter-rack │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kube-cleanup-operator │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kube-prometheus-stack │ │ │ │ ├── app │ │ │ │ │ ├── config │ │ │ │ │ │ └── alertmanager.yaml │ │ │ │ │ ├── deps │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kube-state-metrics │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kubernetes-dashboard │ │ │ │ ├── app │ │ │ │ │ ├── helm-release.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── rbac.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── loki │ │ │ │ ├── app │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ ├── deps │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── prometheusrule.yaml │ │ │ │ │ └── servicemonitor.yaml │ │ │ │ └── ks.yaml │ │ │ ├── namespace.yaml │ │ │ ├── nextdns-exporter │ │ │ │ ├── kids │ │ │ │ │ ├── config │ │ │ │ │ │ └── nextdns-dashboard.json │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── readme.md │ │ │ │ ├── ks.yaml │ │ │ │ └── trusted │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── readme.md │ │ │ ├── node-exporter │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── prometheusrule.yaml │ │ │ │ └── ks.yaml │ │ │ ├── prometheus-rules │ │ │ │ ├── app │ │ │ │ │ ├── kube-system │ │ │ │ │ │ ├── coredns.yaml │ │ │ │ │ │ ├── etcd.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── networking │ │ │ │ │ │ ├── ingres-nginx.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ ├── services │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── miniflux.yaml │ │ │ │ │ └── system-monitoring │ │ │ │ │ │ ├── kubernetes.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── maddy.yaml │ │ │ │ │ │ ├── speedtest-exporter.yaml │ │ │ │ │ │ └── zfs-exporter.yaml │ │ │ │ └── ks.yaml │ │ │ ├── prometheus-smartctl │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── prometheusrule.yaml │ │ │ │ └── ks.yaml │ │ │ ├── snmp-exporter-vyos │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── prometheusrule.yaml │ │ │ │ └── ks.yaml │ │ │ ├── thanos │ │ │ │ ├── app │ │ │ │ │ ├── deps │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── objectbucketclaim.yaml │ │ │ │ │ └── readme.md │ │ │ │ └── ks.yaml │ │ │ ├── umami │ │ │ │ ├── app │ │ │ │ │ ├── database.yaml │ │ │ │ │ ├── deps │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── vector │ │ │ │ ├── agent │ │ │ │ │ ├── deps │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── aggregator │ │ │ │ │ ├── config │ │ │ │ │ │ └── vector.yaml │ │ │ │ │ ├── deps │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ └── victoriametrics │ │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── secret-alertmanagerconfig.yaml │ │ │ │ └── secret-extrascrapes.yaml │ │ │ │ ├── crd │ │ │ │ ├── gitrepository.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ ├── ks.yaml │ │ │ │ └── operator │ │ │ │ └── helmrelease.yaml │ │ ├── networking │ │ │ ├── cloudflared │ │ │ │ ├── app │ │ │ │ │ ├── config │ │ │ │ │ │ └── config.yaml │ │ │ │ │ ├── dnsendpoint.yaml │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── ingress.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── echo-server │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── external-dns │ │ │ │ ├── external │ │ │ │ │ ├── dnsendpoint-crd.yaml │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── internal │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── ingress-nginx │ │ │ │ ├── external │ │ │ │ │ ├── cloudflare-proxied-networks.txt │ │ │ │ │ ├── deps │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── internal │ │ │ │ │ ├── deps │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── ks.yaml │ │ │ │ └── shared │ │ │ │ │ ├── certificates.yaml │ │ │ │ │ ├── dashboard │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ ├── deps │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── prometheusrule.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── metallb │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── config │ │ │ │ │ ├── ip-address-pool.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── l2-advertisment.yaml │ │ │ │ └── ks.yaml │ │ │ ├── namespace.yaml │ │ │ └── static-routes │ │ │ │ ├── app │ │ │ │ ├── brewpiless │ │ │ │ │ ├── ingress.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── service.yaml │ │ │ │ ├── brother-printer │ │ │ │ │ ├── ingress.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── service.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ ├── organizarrs │ │ │ ├── calibre │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ └── volsync.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── namespace.yaml │ │ │ ├── overseerr │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ └── volsync.yaml │ │ │ │ └── ks.yaml │ │ │ ├── prowlarr │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ ├── secret.yaml │ │ │ │ │ └── volsync.yaml │ │ │ │ └── ks.yaml │ │ │ ├── readarr │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ └── volsync.yaml │ │ │ │ └── ks.yaml │ │ │ └── recyclarr │ │ │ │ ├── app │ │ │ │ ├── config │ │ │ │ │ └── recyclarr.yml │ │ │ │ ├── deps │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ ├── rook-ceph │ │ │ ├── kustomization.yaml │ │ │ ├── namespace.yaml │ │ │ └── rook-ceph │ │ │ │ ├── cluster │ │ │ │ ├── dashboards │ │ │ │ │ ├── ceph-cluster-dashboard.json │ │ │ │ │ ├── ceph-osd-dashboard.json │ │ │ │ │ ├── ceph-pools-dashboard.json │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── deps │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ ├── ks.yaml │ │ │ │ └── operator │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ ├── scripts │ │ │ ├── kustomization.yaml │ │ │ ├── mailbackup │ │ │ │ ├── app │ │ │ │ │ ├── cronjob.yaml │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── mailbackup.sh │ │ │ │ │ └── readme.md │ │ │ │ └── ks.yaml │ │ │ ├── namespace.yaml │ │ │ ├── volsync-to-b2 │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ └── yt-dlp-jon-ong │ │ │ │ ├── app │ │ │ │ ├── cronjob.yaml │ │ │ │ ├── job.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ ├── security │ │ │ ├── authelia │ │ │ │ ├── app │ │ │ │ │ ├── config │ │ │ │ │ │ └── configuration.yml │ │ │ │ │ ├── deps │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── patches │ │ │ │ │ │ └── env.yaml │ │ │ │ │ ├── prometheusrule.yaml │ │ │ │ │ └── servicemonitor.yaml │ │ │ │ └── ks.yaml │ │ │ ├── dmarc-report │ │ │ │ ├── app │ │ │ │ │ ├── database.yaml │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── pvc.yaml │ │ │ │ └── ks.yaml │ │ │ ├── glauth │ │ │ │ ├── app │ │ │ │ │ ├── README.md │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── lldap │ │ │ │ ├── app │ │ │ │ │ ├── database.yaml │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ └── namespace.yaml │ │ ├── services │ │ │ ├── afterlogic-webmail │ │ │ │ ├── app │ │ │ │ │ ├── config │ │ │ │ │ │ ├── afterlogic.php │ │ │ │ │ │ └── config.json │ │ │ │ │ ├── database.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── pvc.yaml │ │ │ │ └── ks.yaml │ │ │ ├── atuin │ │ │ │ ├── app │ │ │ │ │ ├── database.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── excalidraw │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── firefly-iii │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ └── volsync.yaml │ │ │ │ ├── importer │ │ │ │ │ ├── cronjob.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── hajimari │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── homepage │ │ │ │ ├── app │ │ │ │ │ ├── config │ │ │ │ │ │ ├── docker.yaml │ │ │ │ │ │ └── kubernetes.yaml │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── rbac.yaml │ │ │ │ └── ks.yaml │ │ │ ├── immich │ │ │ │ ├── app │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── machine-learning │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ ├── microservices │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ ├── nfs-pvc.yaml │ │ │ │ │ ├── server │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ └── typesense │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── inspircd │ │ │ │ ├── app │ │ │ │ │ ├── certificates.yaml │ │ │ │ │ ├── config │ │ │ │ │ │ ├── inspircd.conf │ │ │ │ │ │ ├── links.conf │ │ │ │ │ │ ├── motd.txt │ │ │ │ │ │ ├── opers.conf │ │ │ │ │ │ └── server.conf │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── invidious-server │ │ │ │ ├── app │ │ │ │ │ ├── config │ │ │ │ │ │ └── config.yml │ │ │ │ │ ├── deps │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kavita │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ └── volsync.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── language-tools │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── libreddit │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── maloja │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ └── volsync.yaml │ │ │ │ └── ks.yaml │ │ │ ├── miniflux │ │ │ │ ├── app │ │ │ │ │ ├── deps │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── servicemonitor.yaml │ │ │ │ ├── ks.yaml │ │ │ │ └── reminiflux │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ ├── multi-scrobbler │ │ │ │ ├── app │ │ │ │ │ ├── config │ │ │ │ │ │ └── config.json │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── pvc.yaml │ │ │ │ └── ks.yaml │ │ │ ├── namespace.yaml │ │ │ ├── paperless │ │ │ │ ├── app │ │ │ │ │ ├── deps │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── pleroma-rebased │ │ │ │ ├── app │ │ │ │ │ ├── config │ │ │ │ │ │ └── config.exs │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ └── volsync.yaml │ │ │ │ └── ks.yaml │ │ │ ├── radicale │ │ │ │ ├── app │ │ │ │ │ ├── config │ │ │ │ │ │ └── config.cfg │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ └── volsync.yaml │ │ │ │ └── ks.yaml │ │ │ ├── red-discord-bot │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ └── volsync.yaml │ │ │ │ └── ks.yaml │ │ │ ├── roundcube │ │ │ │ ├── app │ │ │ │ │ ├── database.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── scribe │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── searxng │ │ │ │ ├── app │ │ │ │ │ ├── config │ │ │ │ │ │ └── settings.yml │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── thelounge │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ └── volsync.yaml │ │ │ │ └── ks.yaml │ │ │ ├── theme-park │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── vikunja │ │ │ │ ├── app │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ ├── deps │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ └── volsync.yaml │ │ │ │ └── ks.yaml │ │ │ ├── webtrees │ │ │ │ ├── app │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ ├── secret.yaml │ │ │ │ │ └── volsync.yaml │ │ │ │ └── ks.yaml │ │ │ └── whoogle │ │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ ├── system-controllers │ │ │ ├── k8s-ycl │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── k8tz │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── pki.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kubelet-csr-approver │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kubernetes-replicator │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── namespace.yaml │ │ │ └── snapshot-controller │ │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ ├── volsync │ │ │ ├── kustomization.yaml │ │ │ ├── namespace.yaml │ │ │ └── volsync │ │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── prometheusrule.yaml │ │ │ │ └── ks.yaml │ │ └── vpn │ │ │ ├── downloads-gateway │ │ │ ├── app │ │ │ │ ├── deps │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── networkpolicy.yaml │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ └── namespace.yaml │ ├── bootstrap │ │ ├── crds │ │ │ ├── externalsecrets │ │ │ │ └── kustomization.yaml │ │ │ ├── kustomization.yaml │ │ │ └── prometheus │ │ │ │ └── kustomization.yaml │ │ ├── flux │ │ │ └── kustomization.yaml │ │ └── talos │ │ │ ├── cni │ │ │ ├── kustomization.yaml │ │ │ └── values.yaml │ │ │ └── kubelet-csr-approver │ │ │ ├── kustomization.yaml │ │ │ └── values.yaml │ └── flux │ │ ├── apps.yaml │ │ ├── config │ │ ├── crds │ │ │ └── .gitkeep │ │ ├── flux.yaml │ │ ├── home-cluster.yaml │ │ └── kustomization.yaml │ │ ├── repositories │ │ ├── git │ │ │ └── .gitkeep │ │ ├── helm │ │ │ ├── actions-runner-controller-charts.yaml │ │ │ ├── angelnu-charts.yaml │ │ │ ├── backube-charts.yaml │ │ │ ├── bitnami-charts.yaml │ │ │ ├── bjw-s-charts.yaml │ │ │ ├── cilium-charts.yaml │ │ │ ├── cloudnative-pg.yaml │ │ │ ├── crunchydata.yaml │ │ │ ├── democratic-csi.yaml │ │ │ ├── emqx-charts.yaml │ │ │ ├── enix-charts.yaml │ │ │ ├── ext-postgres-operator.yaml │ │ │ ├── external-dns-charts.yaml │ │ │ ├── external-secrets.yaml │ │ │ ├── fairwinds-charts.yaml │ │ │ ├── grafana-charts.yaml │ │ │ ├── hajimari-charts.yaml │ │ │ ├── infracloudio-charts.yaml │ │ │ ├── ingress-nginx-charts.yaml │ │ │ ├── jetstack-charts.yaml │ │ │ ├── k8s-at-home-charts.yaml │ │ │ ├── k8s-gateway.yaml │ │ │ ├── k8tz-charts.yaml │ │ │ ├── kubernetes-dashboard.yaml │ │ │ ├── kubernetes-sigs-descheduler-charts.yaml │ │ │ ├── kubernetes-sigs-metrics-server-charts.yaml │ │ │ ├── kubernetes-sigs-nfd-charts.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── kyverno-charts.yaml │ │ │ ├── lwolf-charts.yaml │ │ │ ├── metallb-charts.yaml │ │ │ ├── mittwald.yaml │ │ │ ├── piraeus.yaml │ │ │ ├── postfinance.yaml │ │ │ ├── prometheus-community-charts.yaml │ │ │ ├── rook-ceph-charts.yaml │ │ │ ├── stakater-charts.yaml │ │ │ ├── vector-charts.yaml │ │ │ ├── victoriametrics-charts.yaml │ │ │ ├── weave-gitops.yaml │ │ │ ├── windmill.yaml │ │ │ └── zalando-postgres-operator.yaml │ │ ├── kustomization.yaml │ │ └── oci │ │ │ └── .gitkeep │ │ └── vars │ │ ├── cluster-settings.yaml │ │ ├── externalsecret.yaml │ │ └── kustomization.yaml └── helios │ ├── apps │ ├── cert-manager │ │ ├── README.md │ │ ├── cert-manager │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── issuers │ │ │ │ ├── clusterissuer.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ └── namespace.yaml │ ├── databases │ │ ├── kustomization.yaml │ │ ├── mariadb │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ └── namespace.yaml │ ├── default │ │ ├── deemix │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── external-dns │ │ │ ├── internal │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── external-secrets │ │ │ ├── ks.yaml │ │ │ └── operator │ │ │ │ ├── deps │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ ├── filebrowser │ │ │ ├── app │ │ │ │ ├── config │ │ │ │ │ └── filebrowser.json │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kopia-photos-to-b2 │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── lidarr │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── qbittorrent-exporter │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── radarr │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── scripts │ │ │ │ │ └── pushover-notify.sh │ │ │ └── ks.yaml │ │ ├── sonarr │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── scripts │ │ │ │ │ └── pushover-notify.sh │ │ │ └── ks.yaml │ │ ├── syncthing │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── unpackerr │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ └── vector │ │ │ └── agent │ │ │ └── helmrelease.yaml │ ├── downloads │ │ ├── cross-seed │ │ │ ├── app │ │ │ │ ├── configs │ │ │ │ │ └── config.js │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── qbittorrent │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── scripts │ │ │ │ │ └── xseed.sh │ │ │ ├── ks.yaml │ │ │ ├── lidarr │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── readarr │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── tools │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── manage │ │ │ │ ├── config │ │ │ │ │ └── config.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── patches │ │ │ │ │ └── kustomizeconfig.yaml │ │ │ │ ├── orphaned │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ └── reannounce │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ └── sabnzbd │ │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ ├── monitoring │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── node-exporter │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── prometheus-operator-crds │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ └── smartctl-exporter │ │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ ├── networking │ │ ├── external-dns │ │ │ ├── internal │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── helmrelease.yaml │ │ ├── ingress-nginx │ │ │ ├── internal │ │ │ │ ├── certificates.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ └── namespace.yaml │ ├── storage │ │ ├── kustomization.yaml │ │ ├── minio │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ └── namespace.yaml │ └── system │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── reloader │ │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── bootstrap │ ├── flux │ │ └── kustomization.yaml │ └── secrets.sh │ └── flux │ ├── apps.yaml │ ├── config │ ├── flux.yaml │ ├── home-cluster.yaml │ └── kustomization.yaml │ └── repositories │ ├── git │ └── .gitkeep │ ├── helm │ ├── bjw-s-charts.yaml │ ├── external-dns-charts.yaml │ ├── external-secrets.yaml │ ├── ingress-nginx-charts.yaml │ ├── jetstack-charts.yaml │ ├── k8s-gateway.yaml │ ├── kustomization.yaml │ ├── prometheus-community-charts.yaml │ ├── stakater-charts.yaml │ └── vector-charts.yaml │ ├── kustomization.yaml │ └── oci │ └── .gitkeep ├── readme.md ├── templates ├── externalsecret.yaml ├── ks │ ├── hr-add.yaml │ └── ks.yaml ├── kustomize │ └── kustomization.yaml └── namespace │ ├── kustomization.yaml │ └── namespace.yaml └── tools ├── app-folder-gen.sh ├── app-kustomize-gen.sh ├── centos-priveleged.yaml ├── dnsutils.yaml ├── helm-install.sh ├── migrate-pvc-data.yaml ├── nfs-test.yaml ├── pvc-test.yaml ├── pyamd-hr.yaml ├── redis-test.yaml ├── smarttools.yaml ├── stress-test.yaml ├── testpod.yaml ├── toolbox.yaml ├── volview.yaml └── wipe-rook.yaml /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | # https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners 2 | * @Truxnell 3 | -------------------------------------------------------------------------------- /.github/labeler.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | area/ci: 3 | - ".github/**/*" 4 | area/cluster: 5 | - "k8s/global/**/*" 6 | - "k8s/clusters/**/*" 7 | - "k8s/manifests/**/*" 8 | area/docs: 9 | - "docs/**/*" 10 | area/os: 11 | - "k8s/talos/**/*" 12 | -------------------------------------------------------------------------------- /.github/linters/.flake8: -------------------------------------------------------------------------------- 1 | [flake8] 2 | max-line-length = 120 3 | -------------------------------------------------------------------------------- /.github/linters/.prettierignore: -------------------------------------------------------------------------------- 1 | .direnv 2 | .private 3 | .vscode 4 | *.sops.* 5 | ansible/roles/xanmanning.k3s/ 6 | gotk-components.yaml 7 | -------------------------------------------------------------------------------- /.github/linters/.prettierrc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | trailingComma: "es5" 3 | tabWidth: 2 4 | semi: false 5 | singleQuote: false 6 | -------------------------------------------------------------------------------- /.github/linters/.yamllint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | ignore: | 3 | .vscode/ 4 | 5 | extends: default 6 | 7 | rules: 8 | truthy: 9 | allowed-values: ["true", "false", "on"] 10 | 11 | comments: 12 | min-spaces-from-content: 1 13 | 14 | line-length: disable 15 | 16 | braces: 17 | min-spaces-inside: 0 18 | max-spaces-inside: 1 19 | 20 | brackets: 21 | min-spaces-inside: 0 22 | max-spaces-inside: 0 23 | 24 | indentation: enable 25 | -------------------------------------------------------------------------------- /.github/markdown-link-check_config.json: -------------------------------------------------------------------------------- 1 | { 2 | "ignorePatterns": [ 3 | { 4 | "pattern": "^(\\.\\.\\/)+.*", 5 | "reason": "Skip relative URL's" 6 | } 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /.github/mkdocs/requirements.txt: -------------------------------------------------------------------------------- 1 | mkdocs-git-revision-date-localized-plugin 2 | mkdocs-material 3 | mkdocs-autolinks-plugin 4 | mkdocs-diagrams 5 | -------------------------------------------------------------------------------- /.github/renovate/autoMerge.json5: -------------------------------------------------------------------------------- 1 | { 2 | packageRules: [ 3 | { 4 | matchDatasources: ['docker'], 5 | automerge: false, 6 | requiredStatusChecks: null, 7 | matchUpdateTypes: ['major', 'minor', 'patch', 'digest'], 8 | groupName: 'Game Servers', 9 | labels: ['automerge-servers'], 10 | matchPackageNames: [ 11 | 'factoriotools/factorio', 12 | 'wolveix/satisfactory-server', 13 | ], 14 | }, 15 | ], 16 | } 17 | -------------------------------------------------------------------------------- /.github/renovate/disabledDatasources.json5: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | packageRules: [ 4 | { 5 | description: "Disable kubernetes-api", 6 | matchManagers: ["kubernetes"], 7 | matchDatasources: ["kubernetes-api"], 8 | enabled: false, 9 | }, 10 | ], 11 | } 12 | -------------------------------------------------------------------------------- /.taskfiles/Ansible/Tasks.yml: -------------------------------------------------------------------------------- 1 | --- 2 | version: "3" 3 | 4 | tasks: 5 | 6 | deps: 7 | desc: Install/Upgrade Ansible deps 8 | dir: '{{.ANSIBLE_DIR}}' 9 | cmds: 10 | - ansible-galaxy install -r requirements.yml --roles-path ~/.ansible/roles --force 11 | - ansible-galaxy collection install -r requirements.yml --collections-path ~/.ansible/collections --force 12 | preconditions: 13 | - test -f "{{.ANSIBLE_DIR}}/requirements.yml" 14 | -------------------------------------------------------------------------------- /.taskfiles/PreCommit/Tasks.yml: -------------------------------------------------------------------------------- 1 | --- 2 | version: "3" 3 | 4 | tasks: 5 | init: 6 | desc: Initialize pre-commit hooks 7 | cmds: 8 | - pre-commit install --install-hooks 9 | 10 | update: 11 | desc: Update pre-commit dependencies 12 | cmds: 13 | - pre-commit autoupdate 14 | 15 | run: 16 | desc: Run pre-commit 17 | cmds: 18 | - pre-commit run --all-files 19 | -------------------------------------------------------------------------------- /.taskfiles/Redis/Tasks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | version: "3" 3 | 4 | tasks: 5 | shell: 6 | desc: Shell into the rw pod of redis-sentinel 7 | interactive: true 8 | cmds: 9 | - kubectl -n dbms exec -it $(redis-cli -h redis -p 26379 sentinel master redis-master | grep redis-node | sed -e "s/.redis-headless.*//") -- redis-cli 10 | -------------------------------------------------------------------------------- /.taskfiles/Talos/Tasks.yml: -------------------------------------------------------------------------------- 1 | --- 2 | version: '3' 3 | 4 | tasks: 5 | create-cluster: 6 | desc: Create a local cluster (IP=local ip addr) 7 | cmds: 8 | - | 9 | talosctl cluster create --kubernetes-version 1.25.0 -p 69:69/udp,8081:8081/tcp,51821:51821/udp --workers 0 --endpoint ${IP} 10 | kubectl taint node talos-default-controlplane-1 node-role.kubernetes.io/control-plane:NoSchedule- 11 | -------------------------------------------------------------------------------- /.taskfiles/VolSync/wait-for-job.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | JOB_NAME=$1 4 | NAMESPACE="${2:-default}" 5 | 6 | [[ -z "${JOB_NAME}" ]] && echo "Job name not specified" && exit 1 7 | 8 | while true; do 9 | STATUS="$(kubectl -n "${NAMESPACE}" get pod -l job-name="${JOB_NAME}" -o jsonpath='{.items[*].status.phase}')" 10 | if [ "${STATUS}" == "Pending" ]; then 11 | break 12 | fi 13 | sleep 1 14 | done 15 | -------------------------------------------------------------------------------- /.taskfiles/_scripts/wait-for-k8s-job.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | JOB_NAME=$1 4 | NAMESPACE="${2:-default}" 5 | 6 | [[ -z "${JOB_NAME}" ]] && echo "Job name not specified" && exit 1 7 | 8 | while true; do 9 | STATUS="$(kubectl -n "${NAMESPACE}" get pod -l job-name="${JOB_NAME}" -o jsonpath='{.items[*].status.phase}')" 10 | if [ "${STATUS}" == "Pending" ]; then 11 | break 12 | fi 13 | sleep 1 14 | done 15 | -------------------------------------------------------------------------------- /.vscode/extensions.json: -------------------------------------------------------------------------------- 1 | { 2 | "recommendations": [ 3 | "ms-kubernetes-tools.vscode-kubernetes-tools", 4 | "vscoss.vscode-ansible", 5 | ] 6 | } 7 | -------------------------------------------------------------------------------- /archive/home-automation/windmill/app/database.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: db.movetokube.com/v1alpha1 3 | kind: Postgres 4 | metadata: 5 | name: windmill-db 6 | namespace: home-automation 7 | spec: 8 | database: windmill 9 | -------------------------------------------------------------------------------- /archive/home-automation/windmill/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./pvc.yaml 6 | # - ./helmrelease.yaml 7 | - ./volsync.yaml 8 | - ./database.yaml 9 | - ./externalsecret.yaml 10 | -------------------------------------------------------------------------------- /archive/home-automation/windmill/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: windmill-config-v1 6 | namespace: home-automation 7 | labels: 8 | app.kubernetes.io/name: &name windmill 9 | app.kubernetes.io/instance: *name 10 | snapshot.home.arpa/enabled: "true" 11 | spec: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: 1Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /archive/kube-system/descheduler/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | metadata: 7 | namespace: kube-system 8 | -------------------------------------------------------------------------------- /archive/kyverno/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Pre Flux-Kustomizations 6 | - ./namespace.yaml 7 | # Flux-Kustomizations 8 | - ./kyverno/ks.yaml 9 | -------------------------------------------------------------------------------- /archive/kyverno/kyverno/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./rbac.yaml 7 | metadata: 8 | namespace: kyverno 9 | -------------------------------------------------------------------------------- /archive/kyverno/kyverno/app/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: kyverno:admin 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: admin 10 | subjects: 11 | - kind: ServiceAccount 12 | name: kyverno 13 | namespace: kyverno 14 | -------------------------------------------------------------------------------- /archive/kyverno/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: kyverno 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | annotations: 9 | volsync.backube/privileged-movers: "true" 10 | -------------------------------------------------------------------------------- /archive/organizarrs/calibre-web/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./pvc.yaml 6 | - ./helmrelease.yaml 7 | - ./volsync.yaml 8 | -------------------------------------------------------------------------------- /archive/organizarrs/calibre-web/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: calibre-web-config-v1 6 | namespace: organizarrs 7 | labels: 8 | app.kubernetes.io/name: &name calibre-web 9 | app.kubernetes.io/instance: *name 10 | snapshot.home.arpa/enabled: "true" 11 | spec: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: 10Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /archive/organizarrs/flaresolverr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /archive/organizarrs/openbooks/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /archive/organizarrs/openbooks/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: cluster-apps-openbooks 6 | namespace: flux-system 7 | labels: 8 | substitution.flux.home.arpa/enabled: 'true' 9 | spec: 10 | path: './kubernetes/apps/organizarrs/openbooks/app/' 11 | prune: true 12 | wait: false 13 | sourceRef: 14 | kind: GitRepository 15 | name: home-cluster-kubernetes 16 | interval: 30m 17 | retryInterval: 1m 18 | timeout: 3m 19 | -------------------------------------------------------------------------------- /archive/services/cyberchef/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: services 5 | resources: 6 | - ./helmrelease.yaml 7 | metadata: 8 | namespace: services 9 | -------------------------------------------------------------------------------- /archive/services/cyberchef/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: cluster-apps-cyberchef 6 | namespace: flux-system 7 | labels: 8 | substitution.flux.home.arpa/enabled: 'true' 9 | spec: 10 | path: './kubernetes/apps/services/cyberchef/app/' 11 | prune: true 12 | wait: false 13 | sourceRef: 14 | kind: GitRepository 15 | name: home-cluster-kubernetes 16 | interval: 30m 17 | retryInterval: 1m 18 | timeout: 3m 19 | -------------------------------------------------------------------------------- /archive/services/nitter/app/deps: -------------------------------------------------------------------------------- 1 | cluster-apps-redis 2 | -------------------------------------------------------------------------------- /archive/services/nitter/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: services 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: nitter 9 | files: 10 | - config/config.ini 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | -------------------------------------------------------------------------------- /docs/.draft/boostrap.md: -------------------------------------------------------------------------------- 1 | 2 | # 3 | 4 | 5 | # Update cilium quick-install 6 | 7 | taskfile has boostrap:quick-install 8 | 9 | update values.yaml/cluster config 10 | run taskfile 11 | It is installed in the server yaml as a replacement for flannel 12 | -------------------------------------------------------------------------------- /docs/.draft/folder_standard.md: -------------------------------------------------------------------------------- 1 | 2 | # PVC 3 | 4 | * version controlled to enable moving between easier 5 | * declared specifically to avoid surprise deletes 6 | * backed by rook-ceph 7 | 8 | name: *app-name*-config-v 9 | 10 | Can move using tools/pvc-move-whatever-yaml 11 | 12 | # Helm release 13 | 14 | # Kustomize 15 | -------------------------------------------------------------------------------- /docs/.draft/increase pvc size: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/truxnell/home-cluster/0f7b47a9fec9419a4c5d6b5c4a4ae219ad342c1c/docs/.draft/increase pvc size -------------------------------------------------------------------------------- /docs/.draft/mail.md: -------------------------------------------------------------------------------- 1 | Changed DMARC to reject 2 | 3 | # Sources 4 | 5 | > https://www.uriports.com/blog/spf-dkim-dmarc-best-practices/ > https://learndmarc.com/?ref=uriports.com 6 | -------------------------------------------------------------------------------- /docs/.draft/mkdocs.md: -------------------------------------------------------------------------------- 1 | # Install mkdocs 2 | 3 | In the mkdocs folder 4 | `pip install -r requirements.txt` 5 | 6 | Will install requirements 7 | 8 | # Serve locally 9 | In the mkdocs folder 10 | 11 | `mkdocs serve` 12 | 13 | # Abbreviations 14 | 15 | > https://squidfunk.github.io/mkdocs-material/reference/ 16 | 17 | Im using 18 | * Abbereviations 19 | * Admonitions 20 | -------------------------------------------------------------------------------- /docs/.draft/monitoring.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/truxnell/home-cluster/0f7b47a9fec9419a4c5d6b5c4a4ae219ad342c1c/docs/.draft/monitoring.md -------------------------------------------------------------------------------- /docs/.draft/repo_standards.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | # Secret vars 4 | 5 | Run with `SECRET_` variables in config files, and use flux var substitution, to aid in readability 6 | 7 | As `password: ${SECRET_PASSWORD}` is more leigable than 8 | 9 | ``` 10 | volumemount example 11 | ``` 12 | 13 | # Secrets 14 | 15 | `secret.sops.yaml` for sops secrets 16 | `secret.ymal` for non-sops 17 | 18 | Prefer open secrets with variable replacements over full encryption for ease of reading 19 | -------------------------------------------------------------------------------- /docs/.draft/specifics/bitwarden.md: -------------------------------------------------------------------------------- 1 | # Bitwarden 2 | 3 | # Remove duplicates from vault 4 | 5 | Info here on removing duplicates from vault 6 | 7 | https://www.reddit.com/r/Bitwarden/comments/aon967/bitwarden_duplicate_entries_remover/ 8 | -------------------------------------------------------------------------------- /docs/.draft/specifics/blackbox-exporter.md: -------------------------------------------------------------------------------- 1 | # Blackbox exporter 2 | 3 | I had intermittent failures for ICMP pings - fixed with payload size increase 4 | 5 | ```bash 6 | ts=2018-09-19T10:54:05.647899261Z caller=icmp.go:162 module=icmp target=probed-host.domain.zz level=warn msg="Timeout reading from socket" err="read ip 0.0.0.0: raw-read ip4 0.0.0.0: i/o timeout" 7 | ``` 8 | 9 | payload_size=64 to fix intermittent ICMP ping failures 10 | [https://github.com/prometheus/blackbox_exporter/issues/360] 11 | -------------------------------------------------------------------------------- /docs/.draft/specifics/email_domains.md: -------------------------------------------------------------------------------- 1 | # Domain forward email 2 | 3 | Ensure below setup: 4 | 5 | ## SPF Record 6 | 7 | Gmail now requires 8 | 9 | ## 10 | -------------------------------------------------------------------------------- /docs/.draft/specifics/kasten-k10.md: -------------------------------------------------------------------------------- 1 | # Kasten 2 | 3 | ## Login 4 | 5 | 6 | 7 | ## Yaml 8 | 9 | K10 creates crd yaml as part of its setup. It even shows you the kubectl command to export these. 10 | 11 | I have simply setup through the webui, and once done exported the details and added it to yaml in this repo. 12 | -------------------------------------------------------------------------------- /docs/.draft/specifics/postgres.md: -------------------------------------------------------------------------------- 1 | # Postgresql 2 | 3 | ## Backups 4 | 5 | Backups are created by the pg_dumpall cornjob 6 | 7 | ## Restoring backup 8 | 9 | Grab the latest (or desired) zip, extract and pipe the zip into psql. 10 | (needs postgresql package in your OS) 11 | 12 | `psql -h postgress.. -p 5432 -U postgres < kubegres-database-backup-` 13 | -------------------------------------------------------------------------------- /docs/.draft/specifics/qbittorrent.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | # add to config file manuall 4 | 5 | 6 | Add below to /config/qBittorrent/qBittorrent.conf 7 | `WebUI\AuthSubnetWhitelist=10.8.10.0/24, 10.8.20.0/24, 10.244.0.0/16, 10.96.0.0/16` 8 | -------------------------------------------------------------------------------- /docs/.draft/specifics/renovatebot.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/truxnell/home-cluster/0f7b47a9fec9419a4c5d6b5c4a4ae219ad342c1c/docs/.draft/specifics/renovatebot.md -------------------------------------------------------------------------------- /docs/.draft/specifics/upptime.md: -------------------------------------------------------------------------------- 1 | 2 | # Setup 3 | 4 | * Copied template 5 | * setup repository secrets for cluster URL's 6 | * left public sites available (private in env secrets URL_xxx) 7 | * added discord env notifications (also all in secrets) 8 | * setup status page (status.voltaicforge.com) 9 | * added sheilds badges to readme 10 | -------------------------------------------------------------------------------- /docs/src/CNAME: -------------------------------------------------------------------------------- 1 | k8s.voltaicforge.com 2 | -------------------------------------------------------------------------------- /docs/src/diagrams/cluster-map.md: -------------------------------------------------------------------------------- 1 | --- 2 | hide: 3 | - toc 4 | --- 5 | # Cluster Map 6 | 7 | A cluster map of my network, using [diagram.py](https://diagrams.mingrammer.com) plugin for mkdocs 8 | 9 | [![Network Map](../images/cluster_map.png)](../images/cluster_map.png) 10 | -------------------------------------------------------------------------------- /docs/src/diagrams/network-map.md: -------------------------------------------------------------------------------- 1 | --- 2 | hide: 3 | - toc 4 | --- 5 | # Network Map 6 | 7 | A diagram map of my network, using [diagram.py](https://diagrams.mingrammer.com) plugin for mkdocs 8 | 9 | [![Network Map](../images/network_map.png)](../images/network_map.png) 10 | -------------------------------------------------------------------------------- /docs/src/helm/creating-helm-chart.md: -------------------------------------------------------------------------------- 1 | # Creating a helm chart 2 | 3 | Read docs at k8s-at-home. 4 | 5 | # Template chart to stdin 6 | 7 | Outputs the rendered chart, useful to test it as you make changes 8 | 9 | ``` 10 | helm template nginx-php . --values ./values.yaml --debug 11 | ``` 12 | 13 | # Install from local folder 14 | 15 | For `nginx-php` chart for example. 16 | ``` 17 | helm install nginx-php nginx-php/ --values nginx-php/values.yaml 18 | ``` 19 | -------------------------------------------------------------------------------- /docs/src/images/cluster_map.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/truxnell/home-cluster/0f7b47a9fec9419a4c5d6b5c4a4ae219ad342c1c/docs/src/images/cluster_map.png -------------------------------------------------------------------------------- /docs/src/images/flux-horizontal-color.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/truxnell/home-cluster/0f7b47a9fec9419a4c5d6b5c4a4ae219ad342c1c/docs/src/images/flux-horizontal-color.png -------------------------------------------------------------------------------- /docs/src/images/k8s.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/truxnell/home-cluster/0f7b47a9fec9419a4c5d6b5c4a4ae219ad342c1c/docs/src/images/k8s.png -------------------------------------------------------------------------------- /docs/src/images/mkdocs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/truxnell/home-cluster/0f7b47a9fec9419a4c5d6b5c4a4ae219ad342c1c/docs/src/images/mkdocs.png -------------------------------------------------------------------------------- /docs/src/images/mullvad_acct_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/truxnell/home-cluster/0f7b47a9fec9419a4c5d6b5c4a4ae219ad342c1c/docs/src/images/mullvad_acct_1.png -------------------------------------------------------------------------------- /docs/src/images/mullvad_acct_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/truxnell/home-cluster/0f7b47a9fec9419a4c5d6b5c4a4ae219ad342c1c/docs/src/images/mullvad_acct_2.png -------------------------------------------------------------------------------- /docs/src/images/nanobeam.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/truxnell/home-cluster/0f7b47a9fec9419a4c5d6b5c4a4ae219ad342c1c/docs/src/images/nanobeam.png -------------------------------------------------------------------------------- /docs/src/images/network_map.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/truxnell/home-cluster/0f7b47a9fec9419a4c5d6b5c4a4ae219ad342c1c/docs/src/images/network_map.png -------------------------------------------------------------------------------- /docs/src/images/unifi_ac.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/truxnell/home-cluster/0f7b47a9fec9419a4c5d6b5c4a4ae219ad342c1c/docs/src/images/unifi_ac.png -------------------------------------------------------------------------------- /docs/src/js/sha.js: -------------------------------------------------------------------------------- 1 | // Create a script element 2 | var script = document.createElement("script"); 3 | script.async = true; 4 | script.src = "https://sha.voltaicforge.com/script.js"; 5 | script.setAttribute("data-website-id", "09fe0259-45b5-46b4-8b6f-fdd082e92b05"); 6 | 7 | // Append the script element to the document's head or body 8 | document.head.appendChild(script); 9 | -------------------------------------------------------------------------------- /docs/src/play.md: -------------------------------------------------------------------------------- 1 | 2 | k8s PV PVC 3 | --8<-- "abbreviations.md" 4 | 5 | ``` title=".browserslistrc" 6 | --8<--​ "index.md" 7 | ``` 8 | -------------------------------------------------------------------------------- /docs/src/sidero/talos-dev-cluster.md: -------------------------------------------------------------------------------- 1 | # Local talos cluster in docker 2 | -------------------------------------------------------------------------------- /hack/pystructure/requirements.txt: -------------------------------------------------------------------------------- 1 | ruamel.yaml 2 | argparse 3 | jinja2 4 | -------------------------------------------------------------------------------- /hack/pystructure/templates/kustomization_tmpl.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | -------------------------------------------------------------------------------- /hack/restore-all.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | APPS=$(kubectl get -A cronjobs.batch | grep snap | awk '{ print $2 }') 4 | cd .. 5 | 6 | for LINE in $APPS; do 7 | 8 | APP=${LINE%?????} 9 | 10 | task ko:restore APP=$APP 11 | 12 | done 13 | -------------------------------------------------------------------------------- /infrastructure/ansible/inventory/group_vars/all/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | timezone: "Australia/Melbourne" 3 | 4 | ssh_authorized_keys: 5 | - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZS9J1ydflZ4iJdJgO8+vnN8nNSlEwyn9tbWU9OcysW nat@nat-laptop-fedora" 6 | 7 | vector_aggregator_addr: "10.8.20.220" 8 | vector_aggregator_port: "6001" 9 | -------------------------------------------------------------------------------- /infrastructure/ansible/inventory/group_vars/all/networks.yml: -------------------------------------------------------------------------------- 1 | networks: 2 | - name: trusted 3 | cidr: 10.8.10.0/24 4 | - name: servers 5 | cidr: 10.8.20.0/24 6 | - name: iot 7 | cidr: 10.8.30.0/24 8 | - name: video 9 | cidr: 10.8.40.0/24 10 | -------------------------------------------------------------------------------- /infrastructure/ansible/inventory/host_vars/localhost.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ansible_python_interpreter: "{{ ansible_playbook_python }}" 3 | -------------------------------------------------------------------------------- /infrastructure/ansible/inventory/host_vars/sdb1/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ansible_python_interpreter: /usr/bin/python3 3 | -------------------------------------------------------------------------------- /infrastructure/ansible/inventory/host_vars/sdb2/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ansible_python_interpreter: /usr/bin/python3 3 | -------------------------------------------------------------------------------- /infrastructure/ansible/inventory/host_vars/synchrona/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ansible_host: "10.8.30.121" 3 | ansible_python_interpreter: /usr/bin/python3 4 | -------------------------------------------------------------------------------- /infrastructure/ansible/inventory/host_vars/technocore/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ansible_host: "10.8.20.60" 3 | ansible_python_interpreter: /usr/bin/python3 4 | -------------------------------------------------------------------------------- /infrastructure/ansible/inventory/hosts.yml: -------------------------------------------------------------------------------- 1 | --- 2 | all: 3 | children: 4 | linux: 5 | children: 6 | klipper: 7 | pikvm: 8 | roomassistant: 9 | synchrona: 10 | 11 | storage: 12 | hosts: 13 | helios: 14 | 15 | pikvm: 16 | hosts: 17 | technocore: 18 | 19 | synchrona: 20 | hosts: 21 | synchrona: 22 | 23 | seedbox: 24 | hosts: 25 | sdb1: 26 | sdb2: 27 | -------------------------------------------------------------------------------- /infrastructure/ansible/playbooks/nas.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: 3 | - storage 4 | gather_facts: false 5 | become: false 6 | any_errors_fatal: true 7 | 8 | environment: 9 | OP_CONNECT_HOST: "{{ lookup('env', 'OP_CONNECT_HOST') }}" 10 | OP_CONNECT_TOKEN: "{{ lookup('env', 'OP_CONNECT_TOKEN') }}" 11 | 12 | pre_tasks: 13 | - name: Gathering facts 14 | ansible.builtin.gather_facts: 15 | become: true 16 | tags: 17 | - always 18 | 19 | roles: 20 | - nas.apps 21 | -------------------------------------------------------------------------------- /infrastructure/ansible/playbooks/site.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - ansible.builtin.import_playbook: nas.yml 3 | - ansible.builtin.import_playbook: pikvm.yml 4 | - ansible.builtin.import_playbook: synchrona.yml 5 | -------------------------------------------------------------------------------- /infrastructure/ansible/roles/linux.node_exporter/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # renovate: datasource=github-releases depName=prometheus/node_exporter 3 | node_exporter_version: "v1.7.0" 4 | node_exporter_version_clean: "{{ node_exporter_version[1:] }}" 5 | -------------------------------------------------------------------------------- /infrastructure/ansible/roles/linux.node_exporter/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Restart node-exporter 3 | become: true 4 | ansible.builtin.systemd: 5 | name: node-exporter.service 6 | state: restarted 7 | enabled: true 8 | daemon_reload: true 9 | -------------------------------------------------------------------------------- /infrastructure/ansible/roles/linux.node_exporter/templates/node-exporter.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=NodeExporter 3 | 4 | [Service] 5 | TimeoutStartSec=0 6 | User=root 7 | ExecStart=/usr/local/bin/node-exporter 8 | 9 | [Install] 10 | WantedBy=multi-user.target 11 | -------------------------------------------------------------------------------- /infrastructure/ansible/roles/linux.vector/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Restart vector 3 | become: true 4 | ansible.builtin.systemd: 5 | name: vector.service 6 | state: restarted 7 | enabled: true 8 | daemon_reload: true 9 | when: 10 | - not ansible_check_mode 11 | -------------------------------------------------------------------------------- /infrastructure/ansible/roles/linux.vector/templates/vector.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Vector 3 | 4 | [Service] 5 | TimeoutStartSec=0 6 | User=root 7 | ExecStart=/usr/local/bin/vector --config /etc/vector/vector.yaml 8 | 9 | [Install] 10 | WantedBy=multi-user.target 11 | -------------------------------------------------------------------------------- /infrastructure/ansible/roles/linux.vector/templates/vector.yaml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | data_dir: /tmp 3 | sources: 4 | journal_logs: 5 | type: journald 6 | journal_directory: /run/log/journal 7 | sinks: 8 | vector_sink: 9 | type: vector 10 | address: "{{ vector_aggregator_addr }}:{{ vector_aggregator_port }}" 11 | compression: true 12 | version: "2" 13 | inputs: 14 | - journal_logs 15 | -------------------------------------------------------------------------------- /infrastructure/ansible/roles/pikvm.apps/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Manage applications 3 | - ansible.builtin.import_role: 4 | name: linux.node_exporter 5 | 6 | - ansible.builtin.import_role: 7 | name: linux.vector 8 | tags: 9 | - vector 10 | -------------------------------------------------------------------------------- /infrastructure/ansible/roles/pikvm.os/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Restart kvmd 3 | become: true 4 | ansible.builtin.systemd: 5 | name: kvmd.service 6 | state: restarted 7 | enabled: true 8 | daemon_reload: true 9 | -------------------------------------------------------------------------------- /infrastructure/ansible/roles/seedbox.apps/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Manage applications 3 | - ansible.builtin.import_role: 4 | name: linux.node_exporter 5 | -------------------------------------------------------------------------------- /infrastructure/ansible/roles/seedbox.os/tasks/apps.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install APT packages 3 | apt: 4 | name: 5 | - fish 6 | - htop 7 | - speedtest-cli 8 | state: present 9 | -------------------------------------------------------------------------------- /infrastructure/ansible/roles/seedbox.os/tasks/os.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Disable Swap 3 | ansible.builtin.command: swapoff -a 4 | -------------------------------------------------------------------------------- /infrastructure/ansible/roles/seedbox.os/tasks/sysctl.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create sysctl config 3 | become: true 4 | ansible.builtin.template: 5 | src: sysctl.conf.j2 6 | dest: /etc/sysctl.d/99-sysctl.conf 7 | mode: "0644" 8 | notify: 9 | - Restart procps service 10 | -------------------------------------------------------------------------------- /infrastructure/ansible/roles/seedbox.os/templates/cross-seed.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=cross-seed 3 | 4 | [Service] 5 | TimeoutStartSec=0 6 | User=qbit 7 | ExecStart=/usr/bin/cross-seed daemon 8 | 9 | [Install] 10 | WantedBy=multi-user.target 11 | 12 | [Service] 13 | Restart=on-failure 14 | RestartSec=5s 15 | -------------------------------------------------------------------------------- /infrastructure/ansible/roles/seedbox.os/templates/qBittorrent.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=qBittorrent 3 | 4 | [Service] 5 | TimeoutStartSec=0 6 | User=qbit 7 | ExecStart=/usr/bin/qbittorrent-nox --webui-port=32443 8 | 9 | [Install] 10 | WantedBy=multi-user.target 11 | 12 | [Service] 13 | Restart=on-failure 14 | RestartSec=5s 15 | -------------------------------------------------------------------------------- /infrastructure/ansible/roles/seedbox.os/templates/vnstat.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=vnstat 3 | 4 | [Service] 5 | TimeoutStartSec=0 6 | User=qbit 7 | ExecStart=/usr/bin/vnstat 8 | 9 | [Install] 10 | WantedBy=multi-user.target 11 | 12 | [Service] 13 | Restart=on-failure 14 | RestartSec=5s 15 | -------------------------------------------------------------------------------- /infrastructure/ansible/roles/seedbox.os/templates/xseed.sh.j2: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | /usr/bin/curl -X POST --data-urlencode "path=$1" http://localhost:2468/api/webhook 4 | -------------------------------------------------------------------------------- /infrastructure/ansible/roles/seedbox.os/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # renovate: datasource=github-releases depName=l3uddz/tqm 3 | tqm_version: "v1.5.0" 4 | tqm_repo: "l3uddz/tqm" 5 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/inventory/hosts.yml: -------------------------------------------------------------------------------- 1 | --- 2 | all: 3 | children: 4 | pikvm: 5 | hosts: 6 | technocore: 7 | octoprint: 8 | hosts: 9 | prusa: 10 | nas: 11 | hosts: 12 | helios: 13 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/nas/.envrc: -------------------------------------------------------------------------------- 1 | #shellcheck disable=SC2148,SC2155 2 | export ANSIBLE_CONFIG=$(expand_path ./ansible.cfg) 3 | export KUBECONFIG=$(expand_path ./kubeconfig) 4 | export K8S_AUTH_KUBECONFIG=$(expand_path ./kubeconfig) 5 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/nas/inventory/group_vars/networks.yml: -------------------------------------------------------------------------------- 1 | networks: 2 | - name: trusted 3 | cidr: 10.8.10.0/24 4 | - name: servers 5 | cidr: 10.8.20.0/24 6 | - name: iot 7 | cidr: 10.8.30.0/24 8 | - name: video 9 | cidr: 10.8.40.0/24 10 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/nas/inventory/hosts.yml: -------------------------------------------------------------------------------- 1 | --- 2 | storage: 3 | children: 4 | master: 5 | vars: 6 | ansible_user: nat 7 | ansible_ssh_port: 22 8 | ansible_ssh_common_args: "-o StrictHostKeyChecking=no" 9 | hosts: 10 | helios: 11 | ansible_host: "10.8.20.11" 12 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/nas/playbooks/templates/aliases.j2: -------------------------------------------------------------------------------- 1 | # /etc/aliases 2 | mailer-daemon: postmaster@ 3 | postmaster: root@ 4 | nobody: root@ 5 | hostmaster: root@ 6 | usenet: root@ 7 | news: root@ 8 | webmaster: root@ 9 | www: root@ 10 | ftp: root@ 11 | abuse: root@ 12 | noc: root@ 13 | security: root@ 14 | root: admin@natallan.com 15 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/nas/playbooks/templates/msmtprc.j2: -------------------------------------------------------------------------------- 1 | defaults 2 | auth off 3 | tls off 4 | tls_trust_file /etc/ssl/certs/ca-certificates.crt 5 | logfile /var/log/msmtp 6 | 7 | account postfix 8 | host smtp-relay.natallan.com 9 | port 2525 10 | from admin@natallan.com 11 | tls_starttls off 12 | 13 | account default: postfix 14 | 15 | aliases /etc/aliases 16 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/nas/playbooks/templates/smartd.conf.j2: -------------------------------------------------------------------------------- 1 | # /etc/smartd.conf 2 | DEVICESCAN -a -o on -S on -n standby,q -s (S/../.././02|L/../../6/03) -W 4,35,40 -m admin@natallan.com 3 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/nas/playbooks/templates/zed.rc.j2: -------------------------------------------------------------------------------- 1 | # /etc/zfs/zed.d/zed.rc 2 | ZED_DEBUG_LOG="/var/log/zed.debug.log" 3 | ZED_EMAIL_ADDR="admin@natallan.com" 4 | ZED_EMAIL_PROG="mail" 5 | ZED_EMAIL_OPTS="-s '@SUBJECT@' @ADDRESS@ -r admin@natallan.com" 6 | ZED_NOTIFY_VERBOSE=1 7 | ZED_NOTIFY_DATA=1 8 | ZED_USE_ENCLOSURE_LEDS=1 9 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/nas/playbooks/templates/zfs_exporter.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=ZFS Exporter 3 | After=network.target 4 | 5 | [Service] 6 | Type=simple 7 | ExecStart=/usr/local/bin/zfs_exporter 8 | Restart=always 9 | User=durandal 10 | Group=durandal 11 | 12 | [Install] 13 | WantedBy=multi-user.target 14 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/octoprint/nodes.md: -------------------------------------------------------------------------------- 1 | # Install 2 | 3 | 1. Use raspi installer, select other os -> raspi os lite 4 | 1. use settings cog to 5 | - enable ssh 6 | - setup wifi (IOT) 7 | - set hostname 8 | - set locale 9 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/octoprint/roles/acme_sh.octoprint/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/octoprint/roles/acme_sh.octoprint/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # SECRET* vars are encrypted with sops 4 | # 5 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/octoprint/roles/node_exporter.octoprint/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/octoprint/roles/node_exporter.octoprint/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Restart node-exporter 3 | ansible.builtin.systemd: 4 | name: node-exporter.service 5 | state: restarted 6 | enabled: true 7 | daemon_reload: true 8 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/octoprint/roles/node_exporter.octoprint/templates/node-exporter.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=NodeExporter 3 | 4 | [Service] 5 | TimeoutStartSec=0 6 | User=root 7 | ExecStart=/usr/local/bin/node-exporter 8 | 9 | [Install] 10 | WantedBy=multi-user.target 11 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/octoprint/roles/node_exporter.octoprint/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # SECRET* vars are encrypted with sops 4 | # 5 | 6 | # renovate: datasource=github-releases depName=prometheus/node_exporter 7 | node_exporter_version: "v1.7.0" 8 | node_exporter_arch: armv7 9 | node_exporter_download_url: https://github.com/prometheus/node_exporter/releases/download/{{ node_exporter_version }}/node_exporter-{{ node_exporter_version[1:] }}.linux-{{ node_exporter_arch }}.tar.gz 10 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/octoprint/roles/os.octoprint/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/octoprint/roles/os.octoprint/tasks/locale.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set timezone 3 | community.general.timezone: 4 | name: "{{ os_timezone | default('Australia/Melbourne') }}" 5 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/octoprint/roles/os.octoprint/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_tasks: locale.yml 3 | tags: 4 | - locale 5 | 6 | - import_tasks: packages.yml 7 | tags: 8 | - packages 9 | 10 | - import_tasks: tmpfs.yml 11 | tags: 12 | - tmpfs 13 | 14 | - import_tasks: network.yml 15 | tags: 16 | - network 17 | 18 | - import_tasks: user.yml 19 | tags: 20 | - user 21 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/octoprint/roles/os.octoprint/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # SECRET* vars are encrypted with sops 4 | # 5 | 6 | os_timezone: "Australia/Melbourne" 7 | os_ssh_authorized_keys: 8 | - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZS9J1ydflZ4iJdJgO8+vnN8nNSlEwyn9tbWU9OcysW nat@nat-laptop-fedora" 9 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/octoprint/roles/pip.octoprint/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/octoprint/roles/pip.octoprint/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Restart octoprint 3 | ansible.builtin.systemd: 4 | name: octoprint.service 5 | state: restarted 6 | enabled: true 7 | daemon_reload: true 8 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/octoprint/roles/pip.octoprint/templates/user.yaml.j2: -------------------------------------------------------------------------------- 1 | {{ octoprint_user }}: 2 | active: true 3 | apikey: null 4 | groups: 5 | - users 6 | - admins 7 | password: {{ octoprint_password_salted }} 8 | permissions: [] 9 | roles: 10 | - user 11 | - admin 12 | settings: {} 13 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/octoprint/roles/pip.octoprint/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # SECRET* vars are encrypted with sops 4 | # 5 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/octoprint/roles/update.octoprint/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/octoprint/roles/update.octoprint/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # SECRET* vars are encrypted with sops 4 | # 5 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/octoprint/roles/vector.octoprint/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/octoprint/roles/vector.octoprint/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Restart vector 3 | ansible.builtin.systemd: 4 | name: vector.service 5 | state: restarted 6 | enabled: true 7 | daemon_reload: true 8 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/octoprint/roles/vector.octoprint/templates/vector.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Vector 3 | Documentation=https://vector.dev 4 | After=network-online.target 5 | Wants=network-online.target 6 | 7 | [Service] 8 | User=root 9 | ExecStart=/usr/local/bin/vector --config /etc/vector/vector.yaml 10 | ExecReload=/bin/kill -HUP $MAINPID 11 | Restart=no 12 | AmbientCapabilities=CAP_NET_BIND_SERVICE 13 | 14 | [Install] 15 | WantedBy=multi-user.target 16 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/octoprint/roles/vector.octoprint/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # SECRET* vars are encrypted with sops 4 | # 5 | 6 | # renovate: datasource=github-releases depName=vectordotdev/vector 7 | vector_version: 'v0.26.0' 8 | vector_download_url: 'https://github.com/vectordotdev/vector/releases/download/{{ vector_version }}/vector-{{ vector_version[1:] }}-armv7-unknown-linux-gnueabihf.tar.gz' 9 | 10 | vector_aggregator_addr: 'vector.trux.dev' 11 | vector_aggregator_port: '6001' 12 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/octoprint/update.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: octoprint 3 | 4 | gather_facts: true 5 | any_errors_fatal: true 6 | 7 | tags: octoprint 8 | remote_user: truxnell 9 | become: yes 10 | 11 | tasks: 12 | - name: "role: update" 13 | ansible.builtin.import_role: 14 | name: update.octoprint 15 | tags: update 16 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/pikvm/roles/acme/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/pikvm/roles/acme/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # SECRET* vars are encrypted with sops 4 | # 5 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/pikvm/roles/node-exporter/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/pikvm/roles/node-exporter/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Restart node-exporter 3 | ansible.builtin.systemd: 4 | name: node-exporter.service 5 | state: restarted 6 | enabled: true 7 | daemon_reload: true 8 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/pikvm/roles/node-exporter/templates/node-exporter.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=NodeExporter 3 | 4 | [Service] 5 | TimeoutStartSec=0 6 | User=root 7 | ExecStart=/usr/local/bin/node-exporter 8 | 9 | [Install] 10 | WantedBy=multi-user.target 11 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/pikvm/roles/node-exporter/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # SECRET* vars are encrypted with sops 4 | # 5 | 6 | # renovate: datasource=github-releases depName=prometheus/node_exporter 7 | node_exporter_version: "v1.7.0" 8 | node_exporter_arch: armv7 9 | node_exporter_download_url: https://github.com/prometheus/node_exporter/releases/download/{{ node_exporter_version }}/node_exporter-{{ node_exporter_version[1:] }}.linux-{{ node_exporter_arch }}.tar.gz 10 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/pikvm/roles/os/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ansible_python_interpreter: /usr/bin/python3 3 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/pikvm/roles/os/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Restart kvmd 3 | ansible.builtin.systemd: 4 | name: "kvmd.service" 5 | state: restarted 6 | enabled: true 7 | daemon_reload: true 8 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/pikvm/roles/os/tasks/templates/override.yaml.j2: -------------------------------------------------------------------------------- 1 | kvmd: 2 | # this section disables mass storage emulation (required if connecting to aimos kvm) 3 | msd: 4 | type: disabled 5 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/pikvm/roles/os/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # SECRET* vars are encrypted with sops 4 | # 5 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/pikvm/roles/update/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ansible_python_interpreter: /usr/bin/python3 3 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/pikvm/roles/update/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Restart kvmd 3 | ansible.builtin.systemd: 4 | name: "kvmd.service" 5 | state: restarted 6 | enabled: true 7 | daemon_reload: true 8 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/pikvm/roles/update/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - block: 3 | - name: Upgrade system 4 | community.general.pacman: 5 | update_cache: true 6 | upgrade: true 7 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/pikvm/roles/update/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # SECRET* vars are encrypted with sops 4 | # 5 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/pikvm/roles/vector/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/pikvm/roles/vector/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Restart vector 3 | ansible.builtin.systemd: 4 | name: vector.service 5 | state: restarted 6 | enabled: true 7 | daemon_reload: true 8 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/pikvm/roles/vector/templates/vector.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Vector 3 | Documentation=https://vector.dev 4 | After=network-online.target 5 | Wants=network-online.target 6 | 7 | [Service] 8 | User=root 9 | ExecStart=/usr/local/bin/vector --config /etc/vector/vector.yaml 10 | ExecReload=/bin/kill -HUP $MAINPID 11 | Restart=no 12 | AmbientCapabilities=CAP_NET_BIND_SERVICE 13 | 14 | [Install] 15 | WantedBy=multi-user.target 16 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/pikvm/roles/vector/templates/vector.yaml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | data_dir: /tmp 3 | sources: 4 | journal_logs: 5 | type: journald 6 | journal_directory: /run/log/journal 7 | sinks: 8 | vector_sink: 9 | type: vector 10 | inputs: 11 | - journal_logs 12 | address: "{{ vector_aggregator_addr }}:{{ vector_aggregator_port }}" 13 | version: "2" 14 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/pikvm/roles/vector/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # SECRET* vars are encrypted with sops 4 | # 5 | 6 | # renovate: datasource=github-releases depName=vectordotdev/vector 7 | vector_version: "v0.35.0" 8 | vector_download_url: "https://github.com/vectordotdev/vector/releases/download/{{ vector_version }}/vector-{{ vector_version[1:] }}-armv7-unknown-linux-gnueabihf.tar.gz" 9 | 10 | vector_aggregator_addr: "10.8.20.220" 11 | vector_aggregator_port: "6001" 12 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/playbooks/site.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/truxnell/home-cluster/0f7b47a9fec9419a4c5d6b5c4a4ae219ad342c1c/infrastructure/ansible_old/playbooks/site.yml -------------------------------------------------------------------------------- /infrastructure/ansible_old/roles/linux.node_exporter/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # renovate: datasource=github-releases depName=prometheus/node_exporter 3 | node_exporter_version: "v1.7.0" 4 | node_exporter_version_clean: "{{ node_exporter_version[1:] }}" 5 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/roles/linux.node_exporter/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Restart node-exporter 3 | become: true 4 | ansible.builtin.systemd: 5 | name: node-exporter.service 6 | state: restarted 7 | enabled: true 8 | daemon_reload: true 9 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/roles/linux.node_exporter/templates/node-exporter.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=NodeExporter 3 | 4 | [Service] 5 | TimeoutStartSec=0 6 | User=root 7 | ExecStart=/usr/local/bin/node-exporter 8 | 9 | [Install] 10 | WantedBy=multi-user.target 11 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/roles/linux.vector/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Restart vector 3 | become: true 4 | ansible.builtin.systemd: 5 | name: vector.service 6 | state: restarted 7 | enabled: true 8 | daemon_reload: true 9 | when: 10 | - not ansible_check_mode 11 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/roles/linux.vector/templates/vector.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Vector 3 | 4 | [Service] 5 | TimeoutStartSec=0 6 | User=root 7 | ExecStart=/usr/local/bin/vector --config /etc/vector/vector.yaml 8 | 9 | [Install] 10 | WantedBy=multi-user.target 11 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/roles/linux.vector/templates/vector.yaml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | data_dir: /tmp 3 | sources: 4 | journal_logs: 5 | type: journald 6 | journal_directory: /run/log/journal 7 | sinks: 8 | vector_sink: 9 | type: vector 10 | address: "{{ vector_aggregator_addr }}:{{ vector_aggregator_port }}" 11 | compression: true 12 | version: "2" 13 | inputs: 14 | - journal_logs 15 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/roles/pikvm.apps/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Manage applications 3 | - ansible.builtin.import_role: 4 | name: linux.node_exporter 5 | 6 | - ansible.builtin.import_role: 7 | name: linux.vector 8 | tags: 9 | - vector 10 | -------------------------------------------------------------------------------- /infrastructure/ansible_old/roles/pikvm.os/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Restart kvmd 3 | become: true 4 | ansible.builtin.systemd: 5 | name: kvmd.service 6 | state: restarted 7 | enabled: true 8 | daemon_reload: true 9 | -------------------------------------------------------------------------------- /infrastructure/talos/hegira/clusterconfig/.gitignore: -------------------------------------------------------------------------------- 1 | hegira-xerxes.natallan.com.yaml 2 | hegira-shodan.natallan.com.yaml 3 | hegira-icarus.natallan.com.yaml 4 | talosconfig 5 | -------------------------------------------------------------------------------- /infrastructure/talos/hegira/readme.md: -------------------------------------------------------------------------------- 1 | # Running talhelper with doppler 2 | 3 | To generate config, I have put my env vars in a doppler config called 'talenv' 4 | Below command will inject these env vars into talhelper 5 | 6 | ``` 7 | doppler run -p talenv -c prd talhelper genconfg 8 | ``` 9 | -------------------------------------------------------------------------------- /infrastructure/terraform/b2/doppler.tf: -------------------------------------------------------------------------------- 1 | 2 | # Define a variable so we can pass in our token 3 | variable "doppler_token" { 4 | type = string 5 | description = "A token to authenticate with Doppler" 6 | } 7 | 8 | # Configure the Doppler provider with the token 9 | provider "doppler" { 10 | doppler_token = var.doppler_token 11 | } 12 | 13 | # Define our data source to fetch secrets 14 | data "doppler_secrets" "this" { 15 | project="tf-b2" 16 | config="prd" 17 | } 18 | -------------------------------------------------------------------------------- /infrastructure/terraform/b2/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | b2 = { 4 | source = "Backblaze/b2" 5 | version = "0.8.9" 6 | } 7 | 8 | doppler = { 9 | source = "DopplerHQ/doppler" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /infrastructure/terraform/b2/providers.tf: -------------------------------------------------------------------------------- 1 | 2 | provider "b2" { 3 | 4 | application_key = data.doppler_secrets.this.map.B2_MSTR_APPLICATION_KEY 5 | application_key_id = data.doppler_secrets.this.map.B2_MSTR_APPLICATION_KEY_ID 6 | 7 | } 8 | -------------------------------------------------------------------------------- /infrastructure/terraform/b2/readme.md: -------------------------------------------------------------------------------- 1 | # Notes 2 | 3 | ## Import existing buckets etc 4 | 5 | ```bash 6 | doppler run -p terraform -c prd --name-transformer tf-var -- terraform import module.minio_bucket[3].minio_s3_bucket.bucket zalando-postgres 7 | ``` 8 | -------------------------------------------------------------------------------- /infrastructure/terraform/s3/doppler.tf: -------------------------------------------------------------------------------- 1 | 2 | # Define a variable so we can pass in our token 3 | variable "doppler_token" { 4 | type = string 5 | description = "A token to authenticate with Doppler" 6 | } 7 | 8 | # Configure the Doppler provider with the token 9 | provider "doppler" { 10 | doppler_token = var.doppler_token 11 | } 12 | 13 | # Define our data source to fetch secrets 14 | data "doppler_secrets" "this" { 15 | project="tf-minio" 16 | config="prd" 17 | } 18 | -------------------------------------------------------------------------------- /infrastructure/terraform/s3/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | b2 = { 4 | source = "Backblaze/b2" 5 | version = "0.8.9" 6 | } 7 | 8 | minio = { 9 | source = "aminueza/minio" 10 | version = "2.0.1" 11 | } 12 | doppler = { 13 | source = "DopplerHQ/doppler" 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /infrastructure/terraform/s3/modules/minio_bucket/outputs.tf: -------------------------------------------------------------------------------- 1 | output "bucket_id" { 2 | value = minio_s3_bucket.bucket.id 3 | sensitive = false 4 | } 5 | -------------------------------------------------------------------------------- /infrastructure/terraform/s3/modules/minio_bucket/variables.tf: -------------------------------------------------------------------------------- 1 | variable "bucket_name" { 2 | type = string 3 | } 4 | 5 | variable "is_public" { 6 | type = bool 7 | default = false 8 | } 9 | 10 | variable "owner_access_key" { 11 | type = string 12 | sensitive = false 13 | default = null 14 | } 15 | 16 | variable "owner_secret_key" { 17 | type = string 18 | sensitive = true 19 | default = null 20 | } 21 | -------------------------------------------------------------------------------- /infrastructure/terraform/s3/providers.tf: -------------------------------------------------------------------------------- 1 | provider "minio" { 2 | alias = "nas" 3 | minio_server = "s3.trux.dev" 4 | minio_user = data.doppler_secrets.this.map.MINIO_USER 5 | minio_password = data.doppler_secrets.this.map.MINIO_PASSWORD 6 | minio_ssl = true 7 | } 8 | -------------------------------------------------------------------------------- /infrastructure/terraform/s3/readme.md: -------------------------------------------------------------------------------- 1 | # Notes 2 | 3 | ## Import existing buckets etc 4 | 5 | ```bash 6 | doppler run -p terraform -c prd --name-transformer tf-var -- terraform import module.minio_bucket[3].minio_s3_bucket.bucket zalando-postgres 7 | ``` 8 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/cert-manager/cert-manager/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./prometheusrule.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/cert-manager/cert-manager/issuers/deps: -------------------------------------------------------------------------------- 1 | cluster-apps-cert-manager 2 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/cert-manager/cert-manager/issuers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./clusterissuer.yaml 6 | - ./externalsecret.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/cert-manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Pre Flux-Kustomizations 6 | - ./namespace.yaml 7 | # Flux-Kustomizations 8 | - ./cert-manager/ks.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/cert-manager/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: cert-manager 6 | labels: 7 | pod-security.kubernetes.io/enforce: privileged 8 | pod-security.kubernetes.io/enforce-version: latest 9 | kustomize.toolkit.fluxcd.io/prune: disabled 10 | annotations: 11 | volsync.backube/privileged-movers: "true" 12 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/databases/crunchy-postgres-operator/database/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./postgrescluster.yaml 7 | - ./externalsecret.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/databases/crunchy-postgres-operator/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/databases/ext-postgres-operator/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./externalsecret.yaml 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/databases/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Pre Flux-Kustomizations 6 | - ./namespace.yaml 7 | # Flux-Kustomizations 8 | - ./ext-postgres-operator/ks.yaml 9 | - ./pgadmin/ks.yaml 10 | - ./postgres-backup/ks.yaml 11 | - ./redis/ks.yaml 12 | - ./redis-sentinel/ks.yaml 13 | - ./zalando-postgres/ks.yaml 14 | # - ./crunchy-postgres-operator/ks.yaml 15 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/databases/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: databases 6 | annotations: 7 | volsync.backube/privileged-movers: "true" 8 | labels: 9 | pod-security.kubernetes.io/enforce: privileged 10 | pod-security.kubernetes.io/enforce-version: latest 11 | kustomize.toolkit.fluxcd.io/prune: disabled 12 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/databases/pgadmin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: databases 5 | resources: 6 | - ./pvc.yaml 7 | - ./externalsecret.yaml 8 | - ./helmrelease.yaml 9 | configMapGenerator: 10 | - name: servers-json 11 | files: 12 | - config/servers.json 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | annotations: 16 | kustomize.toolkit.fluxcd.io/substitute: disabled 17 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/databases/pgadmin/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: pgadmin-config-v1 6 | namespace: databases 7 | labels: 8 | app.kubernetes.io/name: &name pgadmin 9 | app.kubernetes.io/instance: *name 10 | snapshot.home.arpa/enabled: 'true' 11 | spec: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: 1Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/databases/postgres-backup/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./cronjob.yaml 6 | commonLabels: 7 | app.kubernetes.io/name: postgres-backup 8 | app.kubernetes.io/instance: postgres-backup 9 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/databases/redis-sentinel/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: databases 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/databases/redis/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./externalsecret.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/databases/zalando-postgres/cluster/deps: -------------------------------------------------------------------------------- 1 | cluster-apps-zalando-postgres 2 | cluster-apps-rook-ceph-cluster 3 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/databases/zalando-postgres/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./cluster.yaml 6 | - ./service.yaml 7 | - ./externalsecret.yaml 8 | - ./podmonitor.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/databases/zalando-postgres/cluster/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: postgres-ext 6 | namespace: databases 7 | spec: 8 | type: LoadBalancer 9 | externalTrafficPolicy: Local 10 | loadBalancerIP: "${LB_POSTGRES}" 11 | ports: 12 | - name: postgres 13 | port: 5432 14 | protocol: TCP 15 | targetPort: 5432 16 | selector: 17 | application: spilo 18 | cluster-name: postgres 19 | spilo-role: master 20 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/databases/zalando-postgres/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./configmap.yaml 7 | - ./externalsecret.yaml 8 | - ./prometheusrule.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/downloads/autobrr/app/database.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: db.movetokube.com/v1alpha1 3 | kind: Postgres 4 | metadata: 5 | name: autobrr-db 6 | namespace: downloads 7 | spec: 8 | database: autobrr 9 | --- 10 | apiVersion: db.movetokube.com/v1alpha1 11 | kind: PostgresUser 12 | metadata: 13 | name: autobrr-user 14 | namespace: downloads 15 | spec: 16 | role: autobrr 17 | database: autobrr-db 18 | secretName: database 19 | privileges: OWNER 20 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/downloads/autobrr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: downloads 6 | resources: 7 | - ./helmrelease.yaml 8 | - ./database.yaml 9 | - ./externalsecret.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/downloads/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Pre Flux-Kustomizations 6 | - ./namespace.yaml 7 | # Flux-Kustomizations 8 | - ./media-pvc.yaml 9 | - ./autobrr/ks.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/downloads/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: downloads 6 | labels: 7 | pod-security.kubernetes.io/enforce: privileged 8 | pod-security.kubernetes.io/enforce-version: latest 9 | kustomize.toolkit.fluxcd.io/prune: disabled 10 | routed-gateway: "true" 11 | annotations: 12 | volsync.backube/privileged-movers: "true" 13 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/flux-system/addons/monitoring/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: flux-system 5 | resources: 6 | - ./podmonitor.yaml 7 | - ./prometheusrule.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/flux-system/addons/notifications/alertmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - notification.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/flux-system/addons/notifications/github/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./externalsecret.yaml 6 | - ./notification.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/flux-system/addons/notifications/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./alertmanager 6 | - ./github 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/flux-system/addons/webhooks/github/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1beta1 3 | kind: ExternalSecret 4 | metadata: 5 | name: github-webhook-token 6 | namespace: flux-system 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: &name flux 11 | target: 12 | name: github-webhook-token 13 | data: 14 | - secretKey: token 15 | remoteRef: 16 | key: WEBHOOK_TOKEN 17 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/flux-system/addons/webhooks/github/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./ingress.yaml 6 | - ./receiver.yaml 7 | - ./externalsecret.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/flux-system/addons/webhooks/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./github 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/flux-system/external-secrets/operator/deps: -------------------------------------------------------------------------------- 1 | cluster-apps-cert-manager 2 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/flux-system/external-secrets/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/flux-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Pre Flux-Kustomizations 6 | - ./namespace.yaml 7 | # Flux-Kustomizations 8 | - ./addons/ks.yaml 9 | - ./external-secrets/ks.yaml 10 | - ./weave-gitops/ks.yaml # TODO: Disabled by WIP file 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/flux-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: flux-system 6 | labels: 7 | pod-security.kubernetes.io/enforce: privileged 8 | pod-security.kubernetes.io/enforce-version: latest 9 | kustomize.toolkit.fluxcd.io/prune: disabled 10 | annotations: 11 | volsync.backube/privileged-movers: "true" 12 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/flux-system/weave-gitops/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./externalsecret.yaml 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/games/deployment-restart/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./role.yaml 6 | - ./rolebinding.yaml 7 | - ./serviceaccount.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/games/deployment-restart/app/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: deployment-restart 6 | namespace: games 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: Role 10 | name: deployment-restart 11 | subjects: 12 | - kind: ServiceAccount 13 | name: deployment-restart 14 | namespace: games 15 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/games/deployment-restart/app/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ServiceAccount 3 | apiVersion: v1 4 | metadata: 5 | name: deployment-restart 6 | namespace: games 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/games/factorio/deathworld/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./pvc.yaml 7 | - ./externalsecret.yaml 8 | - ./volsync.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/games/factorio/deathworld/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: factorio-deathworld-config-v1 6 | namespace: games 7 | labels: 8 | app.kubernetes.io/name: factorio-deathworld 9 | app.kubernetes.io/instance: factorio-deathworld 10 | snapshot.home.arpa/enabled: "true" 11 | spec: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: 5Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/games/factorio/freight-forwarding/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./pvc.yaml 7 | - ./externalsecret.yaml 8 | - ./volsync.yaml 9 | - ./cronjob.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/games/factorio/k2/README.md: -------------------------------------------------------------------------------- 1 | # restart cronjob. 2 | 3 | The cronjob in this folder is to restart the server/pod regulary, before gametime Friday night 4 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/games/factorio/k2/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./pvc.yaml 7 | - ./externalsecret.yaml 8 | - ./volsync.yaml 9 | - ./cronjob.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/games/factorio/k2/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: factorio-k2-config-v1 6 | namespace: games 7 | labels: 8 | app.kubernetes.io/name: factorio-k2 9 | app.kubernetes.io/instance: factorio-k2 10 | snapshot.home.arpa/enabled: "true" 11 | spec: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: 10Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/games/factorio/ribbonworld/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./pvc.yaml 7 | - ./externalsecret.yaml 8 | - ./volsync.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/games/factorio/ribbonworld/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: factorio-ribbonworld-config-v1 6 | namespace: games 7 | labels: 8 | app.kubernetes.io/name: factorio-ribbonworld 9 | app.kubernetes.io/instance: factorio-ribbonworld 10 | snapshot.home.arpa/enabled: "true" 11 | spec: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: 5Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/games/factorio/seablock/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # - ./helmrelease.yaml 6 | - ./pvc.yaml 7 | - ./externalsecret.yaml 8 | - ./volsync.yaml 9 | - ./cronjob.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/games/factorio/seablock/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: factorio-seablock-config-v1 6 | namespace: games 7 | labels: 8 | app.kubernetes.io/name: factorio-seablock 9 | app.kubernetes.io/instance: factorio-seablock 10 | snapshot.home.arpa/enabled: "true" 11 | spec: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: 10Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/games/factorio/squareworld/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./pvc.yaml 7 | - ./externalsecret.yaml 8 | - ./volsync.yaml 9 | - ./cronjob.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/games/factorio/squareworld/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: factorio-squareworld-config-v1 6 | namespace: games 7 | labels: 8 | app.kubernetes.io/name: factorio-squareworld 9 | app.kubernetes.io/instance: factorio-squareworld 10 | snapshot.home.arpa/enabled: "true" 11 | spec: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: 10Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/games/foundryvtt/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./pvc.yaml 7 | - ./volsync.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/games/foundryvtt/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: foundryvtt-config-v1 6 | namespace: games 7 | labels: 8 | app.kubernetes.io/name: &name foundryvtt 9 | app.kubernetes.io/instance: *name 10 | snapshot.home.arpa/enabled: "true" 11 | spec: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: 10Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/games/foundryvtt/wip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/truxnell/home-cluster/0f7b47a9fec9419a4c5d6b5c4a4ae219ad342c1c/kubernetes/hegira/apps/games/foundryvtt/wip -------------------------------------------------------------------------------- /kubernetes/hegira/apps/games/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Pre Flux-Kustomizations 6 | - ./namespace.yaml 7 | # Flux-Kustomizations 8 | - ./deployment-restart/ks.yaml 9 | # - ./factorio-deathworld/ks.yaml 10 | # - ./factorio-k2/ks.yaml 11 | # - ./factorio-ribbonworld/ks.yaml 12 | - ./factorio/ks.yaml 13 | # - ./foundryvtt/ks.yaml # TODO: Disabled by WIP file 14 | # - ./satisfactory/ks.yaml 15 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/games/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: games 6 | labels: 7 | pod-security.kubernetes.io/enforce: privileged 8 | pod-security.kubernetes.io/enforce-version: latest 9 | kustomize.toolkit.fluxcd.io/prune: disabled 10 | annotations: 11 | volsync.backube/privileged-movers: "true" 12 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/games/satisfactory/app/README.md: -------------------------------------------------------------------------------- 1 | # restart cronjob. 2 | 3 | The cronjob in this folder is to restart the server/pod regulary, before gametime Friday night 4 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/games/satisfactory/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./pvc.yaml 6 | - ./helmrelease.yaml 7 | - ./volsync.yaml 8 | - ./cronjob.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/home-automation/ecowitt2mqtt/app/deps: -------------------------------------------------------------------------------- 1 | cluster-apps-emqx 2 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/home-automation/ecowitt2mqtt/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./externalsecret.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/home-automation/emqx/app/deps: -------------------------------------------------------------------------------- 1 | cluster-apps-rook-ceph-cluster 2 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/home-automation/emqx/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./externalsecret.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/home-automation/home-assistant/app/deps: -------------------------------------------------------------------------------- 1 | cluster-apps-emqx 2 | cluster-apps-zalando-postgres 3 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/home-automation/home-assistant/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./pvc.yaml 7 | - ./externalsecret.yaml 8 | - ./volsync.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/home-automation/home-assistant/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: home-assistant-config-v1 6 | namespace: home-automation 7 | labels: 8 | app.kubernetes.io/name: &name home-assistant 9 | app.kubernetes.io/instance: *name 10 | snapshot.home.arpa/enabled: "true" 11 | spec: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: 10Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/home-automation/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Pre Flux-Kustomizations 6 | - ./namespace.yaml 7 | # Flux-Kustomizations 8 | - ./ecowitt2mqtt/ks.yaml 9 | - ./emqx/ks.yaml 10 | - ./home-assistant/ks.yaml 11 | - ./node-red/ks.yaml 12 | - ./zigbee2mqtt/ks.yaml 13 | # - ./windmill/ks.yaml 14 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/home-automation/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: home-automation 6 | labels: 7 | pod-security.kubernetes.io/enforce: privileged 8 | pod-security.kubernetes.io/enforce-version: latest 9 | kustomize.toolkit.fluxcd.io/prune: disabled 10 | annotations: 11 | volsync.backube/privileged-movers: "true" 12 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/home-automation/node-red/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./pvc.yaml 6 | - ./helmrelease.yaml 7 | - ./volsync.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/home-automation/node-red/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: node-red-config-v1 6 | namespace: home-automation 7 | labels: 8 | app.kubernetes.io/name: &name node-red 9 | app.kubernetes.io/instance: *name 10 | snapshot.home.arpa/enabled: "true" 11 | spec: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: 1Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/home-automation/zigbee2mqtt/app/deps: -------------------------------------------------------------------------------- 1 | cluster-apps-emqx 2 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/home-automation/zigbee2mqtt/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./pvc.yaml 6 | - ./helmrelease.yaml 7 | - ./volsync.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/home-automation/zigbee2mqtt/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: zigbee2mqtt-config-v1 6 | namespace: home-automation 7 | labels: 8 | app.kubernetes.io/name: &name zigbee2mqtt 9 | app.kubernetes.io/instance: *name 10 | snapshot.home.arpa/enabled: "true" 11 | spec: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: 1Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/kube-system/cilium/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/kube-system/democratic-csi/local-path/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/kube-system/intel-gpu-plugin/app/deps: -------------------------------------------------------------------------------- 1 | cluster-apps-node-feature-discovery 2 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/kube-system/intel-gpu-plugin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/kube-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Pre Flux-Kustomizations 6 | - ./namespace.yaml 7 | # Flux-Kustomizations 8 | # - ./cilium/ks.yaml 9 | - ./intel-gpu-plugin/ks.yaml 10 | # - ./metrics-server/ks.yaml 11 | # - ./node-feature-discovery/ks.yaml 12 | - ./reloader/ks.yaml 13 | - ./democratic-csi/ks.yaml 14 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/kube-system/metrics-server/app/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: cluster-apps-metrics-server 6 | namespace: kube-system 7 | labels: 8 | substitution.flux.home.arpa/enabled: "true" 9 | spec: 10 | interval: 10m 11 | path: ".../kubernetes/hegira/apps/kube-system/metrics-server//app" 12 | prune: true 13 | wait: false 14 | sourceRef: 15 | kind: GitRepository 16 | name: home-cluster-kubernetes 17 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/kube-system/metrics-server/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/kube-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: kube-system 6 | labels: 7 | pod-security.kubernetes.io/enforce: privileged 8 | pod-security.kubernetes.io/enforce-version: latest 9 | kustomize.toolkit.fluxcd.io/prune: disabled 10 | annotations: 11 | volsync.backube/privileged-movers: "true" 12 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/kube-system/node-feature-discovery/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/kube-system/reloader/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/media/dizquetv/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./pvc.yaml 6 | - ./helmrelease.yaml 7 | - ./volsync.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/media/dizquetv/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: dizquetv-config-v1 6 | namespace: media 7 | labels: 8 | app.kubernetes.io/name: &name dizquetv 9 | app.kubernetes.io/instance: *name 10 | snapshot.home.arpa/enabled: "true" 11 | spec: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: 1Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/media/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Pre Flux-Kustomizations 6 | - ./namespace.yaml 7 | # Flux-Kustomizations 8 | - ./dizquetv/ks.yaml 9 | - ./plex/ks.yaml 10 | - ./tautulli/ks.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/media/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: media 6 | labels: 7 | pod-security.kubernetes.io/enforce: privileged 8 | pod-security.kubernetes.io/enforce-version: latest 9 | kustomize.toolkit.fluxcd.io/prune: disabled 10 | annotations: 11 | volsync.backube/privileged-movers: "true" 12 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/media/plex/app/deps: -------------------------------------------------------------------------------- 1 | cluster-apps-intel-gpu-plugin 2 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/media/plex/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./pvc.yaml 6 | - ./helmrelease.yaml 7 | - ./volsync.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/media/plex/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: plex-config-v1 6 | namespace: media 7 | labels: 8 | app.kubernetes.io/name: &name plex 9 | app.kubernetes.io/instance: *name 10 | snapshot.home.arpa/enabled: "true" 11 | spec: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: 80Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/media/plex/media-manager/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: plex-meta-manager-config-v1 6 | namespace: meta 7 | labels: 8 | app.kubernetes.io/name: &name plex-meta-manager 9 | app.kubernetes.io/instance: *name 10 | snapshot.home.arpa/enabled: "true" 11 | spec: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: 80Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/media/plex/media-manager/scripts/run.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | pmm() { 4 | echo "*** pmm: $1 ***" 5 | 6 | python3 plex_meta_manager.py \ 7 | --run \ 8 | --read-only-config \ 9 | --run-libraries "$1" 10 | } 11 | 12 | pmm "Movies" 13 | pmm "TV Shows" 14 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/media/tautulli/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./pvc.yaml 6 | - ./helmrelease.yaml 7 | - ./volsync.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/media/tautulli/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: tautulli-config-v1 6 | namespace: media 7 | labels: 8 | app.kubernetes.io/name: &name tautulli 9 | app.kubernetes.io/instance: *name 10 | snapshot.home.arpa/enabled: "true" 11 | spec: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: 10Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/changedetection/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./pvc.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/changedetection/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: changedetection-config-v1 6 | namespace: monitoring 7 | labels: 8 | app.kubernetes.io/name: &name changedetection 9 | app.kubernetes.io/instance: *name 10 | snapshot.home.arpa/enabled: 'true' 11 | spec: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: 1Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/grafana/app/deps: -------------------------------------------------------------------------------- 1 | cluster-apps-zalando-postgres 2 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/grafana/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./externalsecret.yaml 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/grafana/rules/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./dockerhub.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/hs110-exporter-kp115-1/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/hs110-exporter-prusa/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/hs110-exporter-rack/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/kube-cleanup-operator/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/kube-prometheus-stack/app/deps: -------------------------------------------------------------------------------- 1 | cluster-apps-thanos 2 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/kube-prometheus-stack/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: monitoring 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | configMapGenerator: 9 | - name: alertmanager-config-tpl 10 | files: 11 | - alertmanager.yaml=./config/alertmanager.yaml 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/kube-state-metrics/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/kubernetes-dashboard/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helm-release.yaml 6 | - ./rbac.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/loki/app/deps: -------------------------------------------------------------------------------- 1 | cluster-apps-rook-ceph-cluster 2 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/loki/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./prometheusrule.yaml 6 | - ./configmap.yaml 7 | - ./helmrelease.yaml 8 | - ./servicemonitor.yaml 9 | - ./externalsecret.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: monitoring 6 | labels: 7 | pod-security.kubernetes.io/enforce: privileged 8 | pod-security.kubernetes.io/enforce-version: latest 9 | kustomize.toolkit.fluxcd.io/prune: disabled 10 | annotations: 11 | volsync.backube/privileged-movers: "true" 12 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/nextdns-exporter/kids/readme.md: -------------------------------------------------------------------------------- 1 | # ARGS 2 | 3 | Ensure that for NEXTDNS_PROFILE you use the hash of your profile (can see by hovering over a profile link/in url) not the english name. 4 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/nextdns-exporter/trusted/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./externalsecret.yaml 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/nextdns-exporter/trusted/readme.md: -------------------------------------------------------------------------------- 1 | # ARGS 2 | 3 | Ensure that for NEXTDNS_PROFILE you use the hash of your profile (can see by hovering over a profile link/in url) not the english name. 4 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/node-exporter/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./prometheusrule.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/prometheus-rules/app/kube-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./etcd.yaml 6 | - ./coredns.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/prometheus-rules/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./services 6 | - ./system-monitoring 7 | - ./networking 8 | - ./kube-system/ 9 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/prometheus-rules/app/networking/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./ingres-nginx.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/prometheus-rules/app/services/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./miniflux.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/prometheus-rules/app/system-monitoring/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # - ./thanos.yaml 6 | - ./zfs-exporter.yaml 7 | - ./kubernetes.yaml 8 | - ./speedtest-exporter.yaml 9 | - ./maddy.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/prometheus-smartctl/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./prometheusrule.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/snmp-exporter-vyos/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./prometheusrule.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/thanos/app/deps: -------------------------------------------------------------------------------- 1 | cluster-apps-rook-ceph-cluster 2 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/thanos/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./objectbucketclaim.yaml 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/thanos/app/objectbucketclaim.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: objectbucket.io/v1alpha1 3 | kind: ObjectBucketClaim 4 | metadata: 5 | name: thanos-bucket 6 | namespace: monitoring 7 | spec: 8 | bucketName: thanos 9 | storageClassName: ceph-bucket 10 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/umami/app/database.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: db.movetokube.com/v1alpha1 3 | kind: Postgres 4 | metadata: 5 | name: umami-db 6 | namespace: monitoring 7 | spec: 8 | database: umami 9 | --- 10 | apiVersion: db.movetokube.com/v1alpha1 11 | kind: PostgresUser 12 | metadata: 13 | name: umami-user 14 | namespace: monitoring 15 | spec: 16 | role: umami 17 | database: umami-db 18 | secretName: database 19 | privileges: OWNER 20 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/umami/app/deps: -------------------------------------------------------------------------------- 1 | cluster-apps-redis 2 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/umami/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./database.yaml 7 | - ./externalsecret.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/vector/agent/deps: -------------------------------------------------------------------------------- 1 | cluster-apps-vector-aggregator 2 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/vector/agent/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/vector/aggregator/deps: -------------------------------------------------------------------------------- 1 | cluster-apps-loki 2 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/vector/aggregator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: monitoring 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./externalsecret.yaml 8 | configMapGenerator: 9 | - name: vector-aggregator-configmap 10 | files: 11 | - vector.yaml=./config/vector.yaml 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/victoriametrics/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./externalsecret.yaml 7 | - ./secret-extrascrapes.yaml 8 | - ./secret-alertmanagerconfig.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/victoriametrics/crd/gitrepository.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta1 3 | kind: GitRepository 4 | metadata: 5 | name: victoria-crd-source 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | # renovate: datasource=github-releases 10 | url: https://github.com/VictoriaMetrics/operator.git 11 | ref: 12 | tag: v0.41.2 13 | ignore: | 14 | # exclude all 15 | /* 16 | # path to crds 17 | !/config/crd/ 18 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/monitoring/victoriametrics/crd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./gitrepository.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/networking/cloudflared/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: networking 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./externalsecret.yaml 8 | - ./dnsendpoint.yaml 9 | configMapGenerator: 10 | - name: cloudflared 11 | files: 12 | - ./config/config.yaml 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/networking/echo-server/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/networking/external-dns/external/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./externalsecret.yaml 7 | - ./dnsendpoint-crd.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/networking/external-dns/internal/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./externalsecret.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/networking/ingress-nginx/external/cloudflare-proxied-networks.txt: -------------------------------------------------------------------------------- 1 | 173.245.48.0/20\,103.21.244.0/22\,103.22.200.0/22\,103.31.4.0/22\,141.101.64.0/18\,108.162.192.0/18\,190.93.240.0/20\,188.114.96.0/20\,197.234.240.0/22\,198.41.128.0/17\,162.158.0.0/15\,104.16.0.0/13\,104.24.0.0/14\,172.64.0.0/13\,131.0.72.0/22\,2400:cb00::/32\,2606:4700::/32\,2803:f800::/32\,2405:b500::/32\,2405:8100::/32\,2a06:98c0::/29\,2c0f:f248::/32 2 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/networking/ingress-nginx/external/deps: -------------------------------------------------------------------------------- 1 | cluster-apps-ingress-nginx-certificates 2 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/networking/ingress-nginx/external/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: networking 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: cloudflare-proxied-networks 9 | files: 10 | - cloudflare-proxied-networks.txt 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/networking/ingress-nginx/internal/deps: -------------------------------------------------------------------------------- 1 | cluster-apps-ingress-nginx-certificates 2 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/networking/ingress-nginx/internal/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/networking/ingress-nginx/shared/dashboard/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: networking 5 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/networking/ingress-nginx/shared/deps: -------------------------------------------------------------------------------- 1 | cluster-apps-cert-manager-issuers 2 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/networking/ingress-nginx/shared/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./certificates.yaml 6 | - ./dashboard/ 7 | - ./prometheusrule.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/networking/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Pre Flux-Kustomizations 6 | - ./namespace.yaml 7 | # Flux-Kustomizations 8 | - ./external-dns/ks.yaml 9 | - ./ingress-nginx/ks.yaml 10 | - ./metallb/ks.yaml 11 | # - ./static-routes/ks.yaml 12 | - ./cloudflared/ks.yaml 13 | # - ./echo-server/ks.yaml 14 | - ./helmrelease.yaml 15 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/networking/metallb/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/networking/metallb/config/ip-address-pool.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: metallb.io/v1beta1 3 | kind: IPAddressPool 4 | metadata: 5 | name: bgp-pool 6 | namespace: networking 7 | spec: 8 | addresses: 9 | - ${LB_RANGE} 10 | autoAssign: true 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/networking/metallb/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./ip-address-pool.yaml 6 | - ./l2-advertisment.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/networking/metallb/config/l2-advertisment.yaml: -------------------------------------------------------------------------------- 1 | 2 | 3 | apiVersion: metallb.io/v1beta1 4 | kind: L2Advertisement 5 | metadata: 6 | name: l2 7 | namespace: networking 8 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/networking/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: networking 6 | labels: 7 | pod-security.kubernetes.io/enforce: privileged 8 | pod-security.kubernetes.io/enforce-version: latest 9 | kustomize.toolkit.fluxcd.io/prune: disabled 10 | annotations: 11 | volsync.backube/privileged-movers: "true" 12 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/networking/static-routes/app/brewpiless/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./ingress.yaml 6 | - ./service.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/networking/static-routes/app/brewpiless/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: &app brewpiless 6 | namespace: networking 7 | labels: 8 | app.kubernetes.io/name: *app 9 | app.kubernetes.io/instance: *app 10 | spec: 11 | type: ExternalName 12 | 13 | ports: 14 | - name: http 15 | port: 80 16 | 17 | externalName: 10.8.10.212 18 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/networking/static-routes/app/brother-printer/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./ingress.yaml 6 | - ./service.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/networking/static-routes/app/brother-printer/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: &app printer 6 | namespace: networking 7 | labels: 8 | app.kubernetes.io/name: *app 9 | app.kubernetes.io/instance: *app 10 | spec: 11 | type: ExternalName 12 | 13 | ports: 14 | - name: http 15 | port: 80 16 | externalName: printer.${INTERNAL_DOMAIN} 17 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/networking/static-routes/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # - brewpiless # FIXME 6 | # - ./brother-printer 7 | # - ./syncthing 8 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/organizarrs/calibre/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./pvc.yaml 6 | - ./helmrelease.yaml 7 | - ./volsync.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/organizarrs/calibre/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: calibre-config-v1 6 | namespace: organizarrs 7 | labels: 8 | app.kubernetes.io/name: &name calibre 9 | app.kubernetes.io/instance: *name 10 | snapshot.home.arpa/enabled: "true" 11 | spec: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: 10Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/organizarrs/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Pre Flux-Kustomizations 6 | - ./namespace.yaml 7 | # Flux-Kustomizations 8 | - ./calibre/ks.yaml 9 | - ./overseerr/ks.yaml 10 | - ./prowlarr/ks.yaml 11 | - ./recyclarr/ks.yaml 12 | - ./readarr/ks.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/organizarrs/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: organizarrs 6 | labels: 7 | pod-security.kubernetes.io/enforce: privileged 8 | pod-security.kubernetes.io/enforce-version: latest 9 | kustomize.toolkit.fluxcd.io/prune: disabled 10 | routed-gateway: "true" 11 | annotations: 12 | volsync.backube/privileged-movers: "true" 13 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/organizarrs/overseerr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./pvc.yaml 6 | - ./helmrelease.yaml 7 | - ./volsync.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/organizarrs/overseerr/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: overseerr-config-v1 6 | namespace: organizarrs 7 | labels: 8 | app.kubernetes.io/name: &name overseerr 9 | app.kubernetes.io/instance: *name 10 | snapshot.home.arpa/enabled: "true" 11 | spec: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: 1Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/organizarrs/prowlarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./pvc.yaml 6 | - ./helmrelease.yaml 7 | - ./externalsecret.yaml 8 | - ./volsync.yaml 9 | - ./secret.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/organizarrs/prowlarr/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: prowlarr-config-v1 6 | namespace: organizarrs 7 | labels: 8 | app.kubernetes.io/name: &name prowlarr 9 | app.kubernetes.io/instance: *name 10 | snapshot.home.arpa/enabled: "true" 11 | spec: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: 10Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/organizarrs/prowlarr/app/secret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: postgres-pguser-prowlarr 6 | namespace: organizarrs 7 | annotations: 8 | replicator.v1.mittwald.de/replicate-from: databases/postgres-pguser-prowlarr 9 | data: {} 10 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/organizarrs/readarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./pvc.yaml 7 | - ./volsync.yaml 8 | - ./externalsecret.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/organizarrs/readarr/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: readarr-config-v1 6 | namespace: organizarrs 7 | labels: 8 | app.kubernetes.io/name: &name readarr 9 | app.kubernetes.io/instance: *name 10 | snapshot.home.arpa/enabled: "true" 11 | spec: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: 10Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/organizarrs/recyclarr/app/deps: -------------------------------------------------------------------------------- 1 | cluster-apps-sonarr 2 | cluster-apps-radarr 3 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/organizarrs/recyclarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: organizarrs 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./externalsecret.yaml 8 | configMapGenerator: 9 | - name: recyclarr 10 | files: 11 | - ./config/recyclarr.yml 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | annotations: 15 | kustomize.toolkit.fluxcd.io/substitute: disabled 16 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/rook-ceph/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Pre Flux-Kustomizations 6 | - ./namespace.yaml 7 | # Flux-Kustomizations 8 | - ./rook-ceph/ks.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/rook-ceph/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: rook-ceph 6 | labels: 7 | pod-security.kubernetes.io/enforce: privileged 8 | pod-security.kubernetes.io/enforce-version: latest 9 | kustomize.toolkit.fluxcd.io/prune: disabled 10 | annotations: 11 | volsync.backube/privileged-movers: "true" 12 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/rook-ceph/rook-ceph/cluster/deps: -------------------------------------------------------------------------------- 1 | cluster-apps-rook-ceph-operator 2 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/rook-ceph/rook-ceph/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./dashboards 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/rook-ceph/rook-ceph/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/scripts/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Pre Flux-Kustomizations 6 | - ./namespace.yaml 7 | # Flux-Kustomizations 8 | - ./mailbackup/ks.yaml 9 | # - ./yt-dlp-jon-ong/ks.yaml 10 | # - ./volsync-to-b2/ks.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/scripts/mailbackup/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: scripts 5 | resources: 6 | - ./cronjob.yaml 7 | - ./externalsecret.yaml 8 | configMapGenerator: 9 | - name: mailbackup 10 | files: 11 | - mailbackup.sh 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | annotations: 15 | kustomize.toolkit.fluxcd.io/substitute: disabled 16 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/scripts/mailbackup/app/mailbackup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | RCFILES="/config/*" 4 | for rcfile in $RCFILES; do 5 | echo "Processing ${rcfile}..." 6 | 7 | filename=$(basename -- "${rcfile}") 8 | 9 | mkdir -p "/data/${filename}/new" 10 | mkdir -p "/data/${filename}/cur" 11 | mkdir -p "/data/${filename}/tmp" 12 | 13 | getmail --getmaildir "/data/${filename}/" --rcfile "/config/${filename}" 14 | done 15 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/scripts/mailbackup/app/readme.md: -------------------------------------------------------------------------------- 1 | # Redacted getmail6 config 2 | 3 | A redacted ini for getmail could be like the below. This is put in the `secrets.sops.yaml` file 4 | ```ini 5 | [retriever] 6 | type = SimpleIMAPSSLRetriever 7 | server = email.provider.com 8 | port: 993 9 | username = username 10 | password = password 11 | mailboxes = ALL 12 | 13 | [destination] 14 | type=Maildir 15 | path=/data/foldername/ 16 | 17 | [options] 18 | readall = false 19 | verbosity = 2 20 | ``` 21 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/scripts/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: scripts 6 | labels: 7 | pod-security.kubernetes.io/enforce: privileged 8 | pod-security.kubernetes.io/enforce-version: latest 9 | kustomize.toolkit.fluxcd.io/prune: disabled 10 | annotations: 11 | volsync.backube/privileged-movers: "true" 12 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/scripts/volsync-to-b2/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./externalsecret.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/scripts/yt-dlp-jon-ong/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - cronjob.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/security/authelia/app/deps: -------------------------------------------------------------------------------- 1 | cluster-apps-glauth 2 | cluster-apps-redis 3 | cluster-apps-zalando-postgres 4 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/security/authelia/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: security 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./servicemonitor.yaml 8 | - ./helmrelease.yaml 9 | - ./prometheusrule.yaml 10 | patchesStrategicMerge: 11 | - ./patches/env.yaml 12 | configMapGenerator: 13 | - name: authelia 14 | files: 15 | - config/configuration.yml 16 | generatorOptions: 17 | disableNameSuffixHash: true 18 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/security/dmarc-report/app/database.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: db.movetokube.com/v1alpha1 3 | kind: Postgres 4 | metadata: 5 | name: dmarc-report-db 6 | namespace: security 7 | spec: 8 | database: dmarc-report 9 | --- 10 | apiVersion: db.movetokube.com/v1alpha1 11 | kind: PostgresUser 12 | metadata: 13 | name: dmarc-report-user 14 | namespace: security 15 | spec: 16 | role: dmarc-report 17 | database: dmarc-report-db 18 | secretName: database 19 | privileges: OWNER 20 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/security/dmarc-report/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./externalsecret.yaml 7 | - ./database.yaml 8 | - ./pvc.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/security/dmarc-report/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: dmarc-config-v1 6 | namespace: security 7 | labels: 8 | app.kubernetes.io/name: &name dmarc 9 | app.kubernetes.io/instance: *name 10 | snapshot.home.arpa/enabled: "true" 11 | spec: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: 10Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/security/glauth/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./externalsecret.yaml 7 | generatorOptions: 8 | disableNameSuffixHash: true 9 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/security/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Pre Flux-Kustomizations 6 | - ./namespace.yaml 7 | # Flux-Kustomizations 8 | - ./authelia/ks.yaml 9 | - ./glauth/ks.yaml 10 | # - ./dmarc-report/ks.yaml 11 | # - ./lldap/ks.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/security/lldap/app/database.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: db.movetokube.com/v1alpha1 3 | kind: Postgres 4 | metadata: 5 | name: lldap-db 6 | namespace: security 7 | spec: 8 | database: lldap 9 | --- 10 | apiVersion: db.movetokube.com/v1alpha1 11 | kind: PostgresUser 12 | metadata: 13 | name: lldap-user 14 | namespace: security 15 | spec: 16 | role: lldap 17 | database: lldap-db 18 | secretName: database 19 | privileges: OWNER 20 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/security/lldap/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./externalsecret.yaml 7 | - ./database.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/security/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: security 6 | labels: 7 | pod-security.kubernetes.io/enforce: privileged 8 | pod-security.kubernetes.io/enforce-version: latest 9 | kustomize.toolkit.fluxcd.io/prune: disabled 10 | annotations: 11 | volsync.backube/privileged-movers: "true" 12 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/afterlogic-webmail/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: afterlogic-webmail-config-v1 6 | namespace: services 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 2Gi 13 | storageClassName: ceph-block 14 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/atuin/app/database.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: db.movetokube.com/v1alpha1 3 | kind: Postgres 4 | metadata: 5 | name: atuin-db 6 | namespace: services 7 | spec: 8 | database: atuin 9 | --- 10 | apiVersion: db.movetokube.com/v1alpha1 11 | kind: PostgresUser 12 | metadata: 13 | name: atuin-user 14 | namespace: services 15 | spec: 16 | role: atuin 17 | database: atuin-db 18 | secretName: database 19 | privileges: OWNER 20 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/atuin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./database.yaml 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/excalidraw/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/firefly-iii/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./pvc.yaml 7 | - ./volsync.yaml 8 | - ./externalsecret.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/firefly-iii/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: fireflyiii-config-v1 6 | namespace: services 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 1Gi 13 | storageClassName: ceph-block 14 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/firefly-iii/importer/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./cronjob.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/hajimari/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/homepage/app/config/docker.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/homepage/app/config/kubernetes.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | mode: cluster 3 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/immich/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./externalsecret.yaml 6 | - ./configmap.yaml 7 | - ./nfs-pvc.yaml 8 | - ./server 9 | - ./microservices 10 | - ./machine-learning 11 | - ./typesense 12 | labels: 13 | - pairs: 14 | app.kubernetes.io/name: immich 15 | app.kubernetes.io/instance: immich 16 | app.kubernetes.io/part-of: immich 17 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/immich/app/machine-learning/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | labels: 7 | - pairs: 8 | app.kubernetes.io/name: immich-machine-learning 9 | app.kubernetes.io/instance: immich-machine-learning 10 | app.kubernetes.io/part-of: immich 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/immich/app/microservices/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | labels: 7 | - pairs: 8 | app.kubernetes.io/name: immich-microservices 9 | app.kubernetes.io/instance: immich-microservices 10 | app.kubernetes.io/part-of: immich 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/immich/app/server/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | labels: 7 | - pairs: 8 | app.kubernetes.io/name: immich-server 9 | app.kubernetes.io/instance: immich-server 10 | app.kubernetes.io/part-of: immich 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/immich/app/typesense/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | labels: 7 | - pairs: 8 | app.kubernetes.io/name: immich-microservices 9 | app.kubernetes.io/instance: immich-microservices 10 | app.kubernetes.io/part-of: immich 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/inspircd/app/certificates.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: Certificate 4 | metadata: 5 | name: irc-voltaicforge-com-tls 6 | namespace: networking 7 | spec: 8 | secretName: irc-voltaicforge-com-tls 9 | issuerRef: 10 | name: letsencrypt-production 11 | kind: ClusterIssuer 12 | commonName: irc.voltaicforge.com 13 | dnsNames: 14 | - "irc.voltaicforge.com" 15 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/inspircd/app/config/motd.txt: -------------------------------------------------------------------------------- 1 | A Node on the Containerised Networked IRC provided by voltaicforge.com 2 | 3 | Status: status.voltaicforge.com 4 | 5 | Website: voltaicforge.com 6 | IRC: irc.voltaicforge.com 7 | Fediverse: @truxnell@voltaicforge.com 8 | email: admin@voltaicforge.com 9 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/inspircd/app/config/server.conf: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/invidious-server/app/deps: -------------------------------------------------------------------------------- 1 | cluster-apps-zalando-postgres-cluster 2 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/invidious-server/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: services 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./externalsecret.yaml 8 | configMapGenerator: 9 | - name: invidious-server 10 | files: 11 | - config/config.yml 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/kavita/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./pvc.yaml 7 | - ./volsync.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/kavita/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: kavita-config-v1 6 | namespace: services 7 | labels: 8 | app.kubernetes.io/name: &name kavita 9 | app.kubernetes.io/instance: *name 10 | snapshot.home.arpa/enabled: "true" 11 | spec: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: 10Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/language-tools/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/libreddit/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/maloja/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./pvc.yaml 7 | - ./externalsecret.yaml 8 | - ./volsync.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/maloja/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: maloja-config-v1 6 | namespace: services 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 2Gi 13 | storageClassName: ceph-block 14 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/miniflux/app/deps: -------------------------------------------------------------------------------- 1 | cluster-apps-zalando-postgres 2 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/miniflux/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./externalsecret.yaml 6 | - ./servicemonitor.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/miniflux/reminiflux/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/multi-scrobbler/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: services 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./externalsecret.yaml 8 | - ./pvc.yaml 9 | configMapGenerator: 10 | - name: multi-scrobbler-tpl 11 | files: 12 | - ./config/config.json 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | annotations: 16 | kustomize.toolkit.fluxcd.io/substitute: disabled 17 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/multi-scrobbler/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: multi-scrobbler-config-v1 6 | namespace: services 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 2Gi 13 | storageClassName: ceph-block 14 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: services 6 | labels: 7 | pod-security.kubernetes.io/enforce: privileged 8 | pod-security.kubernetes.io/enforce-version: latest 9 | kustomize.toolkit.fluxcd.io/prune: disabled 10 | routed-gateway: "true" 11 | annotations: 12 | volsync.backube/privileged-movers: "true" 13 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/paperless/app/deps: -------------------------------------------------------------------------------- 1 | cluster-apps-zalando-postgres 2 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/paperless/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./externalsecret.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/pleroma-rebased/app/config/config.exs: -------------------------------------------------------------------------------- 1 | import Config 2 | 3 | config :pleroma, configurable_from_database: true 4 | 5 | config :pleroma, Pleroma.Web.Endpoint, 6 | url: [host: "fedi.voltaicforge.com"] 7 | 8 | 9 | config :pleroma, Pleroma.Web.WebFinger, domain: "voltaicforge.com" 10 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/pleroma-rebased/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: pleroma-images-config-v1 6 | namespace: services 7 | labels: 8 | app.kubernetes.io/name: &name pleroma-rebased 9 | app.kubernetes.io/instance: *name 10 | snapshot.home.arpa/enabled: 'true' 11 | spec: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: 10Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/radicale/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: radicale-data 6 | namespace: services 7 | labels: 8 | app.kubernetes.io/name: &app radicale 9 | app.kubernetes.io/instance: *app 10 | snapshot.home.arpa/enabled: "true" 11 | spec: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: 1Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/red-discord-bot/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./pvc.yaml 7 | - ./externalsecret.yaml 8 | - ./volsync.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/red-discord-bot/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: red-discord-bot-config-v1 6 | namespace: services 7 | labels: 8 | app.kubernetes.io/name: &name red-discord-bot 9 | app.kubernetes.io/instance: *name 10 | snapshot.home.arpa/enabled: "true" 11 | spec: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: 10Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/roundcube/app/database.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: db.movetokube.com/v1alpha1 3 | kind: Postgres 4 | metadata: 5 | name: roundcube-db 6 | namespace: services 7 | spec: 8 | database: roundcube 9 | --- 10 | apiVersion: db.movetokube.com/v1alpha1 11 | kind: PostgresUser 12 | metadata: 13 | name: roundcube-user 14 | namespace: services 15 | spec: 16 | role: roundcube 17 | database: roundcube-db 18 | secretName: database 19 | privileges: OWNER 20 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/roundcube/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./database.yaml 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/scribe/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./externalsecret.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/thelounge/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./pvc.yaml 7 | - ./volsync.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/thelounge/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: thelounge-config-v1 6 | namespace: services 7 | labels: 8 | app.kubernetes.io/name: &name thelounge 9 | app.kubernetes.io/instance: *name 10 | snapshot.home.arpa/enabled: "true" 11 | spec: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: 1Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/theme-park/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/vikunja/app/deps: -------------------------------------------------------------------------------- 1 | cluster-apps-zalando-postgres 2 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/vikunja/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./configmap.yaml 6 | - ./helmrelease.yaml 7 | - ./pvc.yaml 8 | - ./externalsecret.yaml 9 | - ./volsync.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/vikunja/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: vikunja-config-v1 6 | namespace: services 7 | labels: 8 | app.kubernetes.io/name: &name vikunja 9 | app.kubernetes.io/instance: *name 10 | snapshot.home.arpa/enabled: "true" 11 | spec: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: 1Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/webtrees/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: services 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./pvc.yaml 8 | - ./externalsecret.yaml 9 | - ./secret.yaml 10 | - ./volsync.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/webtrees/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: webtrees-config-v1 6 | namespace: services 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 2Gi 13 | storageClassName: ceph-block 14 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/webtrees/app/secret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: postgres-pguser-webtrees 6 | namespace: services 7 | annotations: 8 | replicator.v1.mittwald.de/replicate-from: databases/postgres-pguser-webtrees 9 | data: {} 10 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/services/whoogle/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/system-controllers/k8s-ycl/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/system-controllers/k8tz/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./pki.yaml 7 | commonLabels: 8 | app.kubernetes.io/name: k8tz 9 | app.kubernetes.io/instance: k8tz 10 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/system-controllers/kubelet-csr-approver/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/system-controllers/kubernetes-replicator/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/system-controllers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Pre Flux-Kustomizations 6 | - ./namespace.yaml 7 | # Flux-Kustomizations 8 | # - ./k8s-ycl/ks.yaml 9 | # - ./k8tz/ks.yaml 10 | - ./kubelet-csr-approver/ks.yaml 11 | - ./snapshot-controller/ks.yaml 12 | # - ./kubernetes-replicator/ks.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/system-controllers/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: system-controllers 6 | labels: 7 | pod-security.kubernetes.io/enforce: privileged 8 | pod-security.kubernetes.io/enforce-version: latest 9 | kustomize.toolkit.fluxcd.io/prune: disabled 10 | k8tz.io/controller-namespace: "true" 11 | annotations: 12 | volsync.backube/privileged-movers: "true" 13 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/system-controllers/snapshot-controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/volsync/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Pre Flux-Kustomizations 6 | - ./namespace.yaml 7 | # Flux-Kustomizations 8 | - ./volsync/ks.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/volsync/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: volsync 6 | labels: 7 | pod-security.kubernetes.io/enforce: privileged 8 | pod-security.kubernetes.io/enforce-version: latest 9 | kustomize.toolkit.fluxcd.io/prune: disabled 10 | annotations: 11 | volsync.backube/privileged-movers: "true" 12 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/volsync/volsync/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./prometheusrule.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/vpn/downloads-gateway/app/deps: -------------------------------------------------------------------------------- 1 | cluster-apps-cert-manager 2 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/vpn/downloads-gateway/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./networkpolicy.yaml 7 | - ./externalsecret.yaml 8 | commonLabels: 9 | app.kubernetes.io/name: pod-gateway 10 | app.kubernetes.io/instance: downloads-gateway 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/vpn/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Pre Flux-Kustomizations 6 | - ./namespace.yaml 7 | # Flux-Kustomizations 8 | # - ./downloads-gateway/ks.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/hegira/apps/vpn/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: vpn 6 | labels: 7 | pod-security.kubernetes.io/enforce: privileged 8 | pod-security.kubernetes.io/enforce-version: latest 9 | kustomize.toolkit.fluxcd.io/prune: disabled 10 | annotations: 11 | volsync.backube/privileged-movers: "true" 12 | -------------------------------------------------------------------------------- /kubernetes/hegira/bootstrap/crds/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./prometheus 6 | - ./externalsecrets 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/bootstrap/talos/kubelet-csr-approver/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | providerRegex: ^(xerxes|shodan|icarus)$ 3 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/config/crds/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/truxnell/home-cluster/0f7b47a9fec9419a4c5d6b5c4a4ae219ad342c1c/kubernetes/hegira/flux/config/crds/.gitkeep -------------------------------------------------------------------------------- /kubernetes/hegira/flux/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./flux.yaml 6 | - ./home-cluster.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/git/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/truxnell/home-cluster/0f7b47a9fec9419a4c5d6b5c4a4ae219ad342c1c/kubernetes/hegira/flux/repositories/git/.gitkeep -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/actions-runner-controller-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: actions-runner-controller-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://actions-runner-controller.github.io/actions-runner-controller 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/angelnu-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: angelnu-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://angelnu.github.io/helm-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/backube-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: backube-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://backube.github.io/helm-charts/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/bitnami-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: bitnami-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://charts.bitnami.com/bitnami 10 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/bjw-s-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: bjw-s-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://bjw-s.github.io/helm-charts/ 10 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/cilium-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: cilium-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://helm.cilium.io 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/cloudnative-pg.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: cloudnative-pg-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://cloudnative-pg.github.io/charts 10 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/crunchydata.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: HelmRepository 5 | metadata: 6 | name: crunchydata 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 2m 11 | url: oci://registry.developers.crunchydata.com/crunchydata 12 | timeout: 3m 13 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/democratic-csi.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: democratic-csi 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://democratic-csi.github.io/charts/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/emqx-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: emqx-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://repos.emqx.io/charts 10 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/enix-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: enix 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://charts.enix.io/ 10 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/ext-postgres-operator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: ext-postgres-operator 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://movetokube.github.io/postgres-operator/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/external-dns-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: external-dns-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://kubernetes-sigs.github.io/external-dns 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/external-secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: external-secrets 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://charts.external-secrets.io 10 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/fairwinds-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: fairwinds-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://charts.fairwinds.com/stable 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/grafana-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: grafana-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://grafana.github.io/helm-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/hajimari-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: hajimari-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://hajimari.io 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/infracloudio-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: infracloudio-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://infracloudio.github.io/charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/ingress-nginx-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: ingress-nginx-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://kubernetes.github.io/ingress-nginx 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/jetstack-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: jetstack-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://charts.jetstack.io 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/k8s-at-home-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: k8s-at-home-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://k8s-at-home.com/charts/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/k8s-gateway.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: k8s-gateway 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://ori-edge.github.io/k8s_gateway/ 10 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/k8tz-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: k8tz 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://k8tz.github.io/k8tz/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/kubernetes-dashboard.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: kubernetes-dashboard 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://kubernetes.github.io/dashboard/ 10 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/kubernetes-sigs-descheduler-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: descheduler-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://kubernetes-sigs.github.io/descheduler 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/kubernetes-sigs-metrics-server-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: kubernetes-sigs-metrics-server-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://kubernetes-sigs.github.io/metrics-server/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/kubernetes-sigs-nfd-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: kubernetes-sigs-nfd-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://kubernetes-sigs.github.io/node-feature-discovery/charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/kyverno-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: kyverno-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://kyverno.github.io/kyverno/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/lwolf-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: lwolf-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://charts.lwolf.org 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/metallb-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: metallb 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://metallb.github.io/metallb 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/mittwald.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: mittwald 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://helm.mittwald.de 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/piraeus.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: piraeus 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://piraeus.io/helm-charts/ 10 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/postfinance.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: postfinance 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://postfinance.github.io/kubelet-csr-approver 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/prometheus-community-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: prometheus-community-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://prometheus-community.github.io/helm-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/rook-ceph-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: rook-ceph-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://charts.rook.io/release 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/stakater-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: stakater-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://stakater.github.io/stakater-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/vector-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: vector-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://helm.vector.dev 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/victoriametrics-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: victoriametrics-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://victoriametrics.github.io/helm-charts/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/weave-gitops.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: weave-gitops 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://helm.gitops.weave.works 10 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/windmill.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: windmill-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://windmill-labs.github.io/windmill-helm-charts/ 10 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/helm/zalando-postgres-operator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: zalando-postgres-operator 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://opensource.zalando.com/postgres-operator/charts/postgres-operator 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # - ./git 6 | - ./helm 7 | # - ./oci 8 | -------------------------------------------------------------------------------- /kubernetes/hegira/flux/repositories/oci/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/truxnell/home-cluster/0f7b47a9fec9419a4c5d6b5c4a4ae219ad342c1c/kubernetes/hegira/flux/repositories/oci/.gitkeep -------------------------------------------------------------------------------- /kubernetes/hegira/flux/vars/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./cluster-settings.yaml 6 | - ./externalsecret.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/cert-manager/README.md: -------------------------------------------------------------------------------- 1 | # Why cert-manager for a little cluster 2 | 3 | Because my domain is in the hsts preload lists for browsers, all modern browsers now force-forward my domain to HTTPS. 4 | 5 | So I sorta had to add this ~le sigh. 6 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/cert-manager/cert-manager/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/cert-manager/cert-manager/issuers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./clusterissuer.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/cert-manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Pre Flux-Kustomizations 6 | - ./namespace.yaml 7 | # Flux-Kustomizations 8 | - ./cert-manager/ks.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/cert-manager/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: cert-manager 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | annotations: 9 | volsync.backube/privileged-movers: "true" 10 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/databases/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Pre Flux-Kustomizations 6 | - ./namespace.yaml 7 | # Flux-Kustomizations 8 | - ./mariadb/ks.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/databases/mariadb/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/databases/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: databases 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | annotations: 9 | volsync.backube/privileged-movers: "true" 10 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/default/deemix/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/default/external-dns/internal/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./externalsecret.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/default/external-secrets/operator/deps: -------------------------------------------------------------------------------- 1 | cluster-apps-cert-manager 2 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/default/external-secrets/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/default/filebrowser/app/config/filebrowser.json: -------------------------------------------------------------------------------- 1 | { 2 | "port": 80, 3 | "baseURL": "", 4 | "address": "", 5 | "log": "stdout", 6 | "database": "/config/database.db", 7 | "root": "/media", 8 | "auth": { 9 | "method": "proxy", 10 | "header": "Remote-User" 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/default/filebrowser/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: default 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: filebrowser-config 9 | files: 10 | - ./config/filebrowser.json 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | annotations: 14 | kustomize.toolkit.fluxcd.io/substitute: disabled 15 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/default/kopia-photos-to-b2/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/default/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Flux-Kustomizations 6 | - ./syncthing/ks.yaml 7 | # - ./vector/ks.yaml 8 | - ./kopia-photos-to-b2/ks.yaml 9 | - ./filebrowser/ks.yaml 10 | - ./lidarr/ks.yaml 11 | - ./sonarr/ks.yaml 12 | - ./radarr/ks.yaml 13 | - ./external-secrets/ks.yaml 14 | - ./qbittorrent-exporter/ks.yaml 15 | - ./deemix/ks.yaml 16 | - ./unpackerr/ks.yaml 17 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/default/lidarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/default/qbittorrent-exporter/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/default/radarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: default 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: radarr-pushover 9 | files: 10 | - ./scripts/pushover-notify.sh 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | annotations: 14 | kustomize.toolkit.fluxcd.io/substitute: disabled 15 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/default/sonarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: default 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: sonarr-pushover 9 | files: 10 | - ./scripts/pushover-notify.sh 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | annotations: 14 | kustomize.toolkit.fluxcd.io/substitute: disabled 15 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/default/syncthing/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/default/unpackerr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./externalsecret.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/downloads/cross-seed/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: cross-seed-config-v1 6 | namespace: downloads 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 10Gi 13 | storageClassName: ceph-block 14 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/downloads/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Pre Flux-Kustomizations 6 | - ./namespace.yaml 7 | # Flux-Kustomizations 8 | - ./sabnzbd/ks.yaml 9 | - ./qbittorrent/ks.yaml 10 | - ./cross-seed/ks.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/downloads/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: downloads 6 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/downloads/qbittorrent/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | namespace: downloads 7 | configMapGenerator: 8 | - name: qbittorrent-scripts 9 | files: 10 | - ./scripts/xseed.sh 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | labels: 14 | - pairs: 15 | app.kubernetes.io/name: qbittorrent 16 | app.kubernetes.io/instance: qbittorrent 17 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/downloads/qbittorrent/app/scripts/xseed.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | /usr/bin/curl -X POST --data-urlencode "path=$1" http://cross-seed.default.svc.cluster.local:2468/api/webhook 4 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/downloads/qbittorrent/lidarr/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/downloads/qbittorrent/readarr/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/downloads/qbittorrent/tools/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./reannounce 6 | - ./orphaned 7 | - ./manage 8 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/downloads/qbittorrent/tools/manage/patches/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/values/persistence/config-file/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/downloads/qbittorrent/tools/orphaned/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/downloads/qbittorrent/tools/reannounce/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/downloads/sabnzbd/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/monitoring/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Pre Flux-Kustomizations 6 | - ./namespace.yaml 7 | # Flux-Kustomizations 8 | - ./node-exporter/ks.yaml 9 | - ./smartctl-exporter/ks.yaml 10 | - ./prometheus-operator-crds/ks.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/monitoring/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: monitoring 6 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/monitoring/node-exporter/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/monitoring/prometheus-operator-crds/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: monitoring 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/monitoring/smartctl-exporter/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/networking/external-dns/internal/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./externalsecret.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/networking/ingress-nginx/internal/certificates.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: Certificate 4 | metadata: 5 | name: "trux.dev" 6 | namespace: networking 7 | spec: 8 | secretName: "trux.dev-tls" 9 | issuerRef: 10 | name: letsencrypt-production 11 | kind: ClusterIssuer 12 | commonName: "trux.dev" 13 | dnsNames: 14 | - "trux.dev" 15 | - "*.trux.dev" 16 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/networking/ingress-nginx/internal/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./certificates.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/networking/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Pre Flux-Kustomizations 6 | - ./namespace.yaml 7 | # Flux-Kustomizations 8 | - ./external-dns/ks.yaml 9 | - ./ingress-nginx/ks.yaml 10 | - ./helmrelease.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/networking/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: networking 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | annotations: 9 | volsync.backube/privileged-movers: "true" 10 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/storage/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Pre Flux-Kustomizations 6 | - ./namespace.yaml 7 | # Flux-Kustomizations 8 | - ./minio/ks.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/storage/minio/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | - ./externalsecret.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/storage/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: storage 6 | annotations: 7 | volsync.backube/privileged-movers: "true" 8 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Pre Flux-Kustomizations 6 | - ./namespace.yaml 7 | # Flux-Kustomizations 8 | - ./reloader/ks.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: system 6 | -------------------------------------------------------------------------------- /kubernetes/helios/apps/system/reloader/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/helios/flux/apps.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: cluster-apps 6 | namespace: flux-system 7 | spec: 8 | interval: 10m 9 | path: ./kubernetes/helios/apps 10 | prune: true 11 | sourceRef: 12 | kind: GitRepository 13 | name: home-cluster-kubernetes 14 | -------------------------------------------------------------------------------- /kubernetes/helios/flux/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./flux.yaml 6 | - ./home-cluster.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/helios/flux/repositories/git/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/truxnell/home-cluster/0f7b47a9fec9419a4c5d6b5c4a4ae219ad342c1c/kubernetes/helios/flux/repositories/git/.gitkeep -------------------------------------------------------------------------------- /kubernetes/helios/flux/repositories/helm/bjw-s-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: bjw-s-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://bjw-s.github.io/helm-charts/ 10 | -------------------------------------------------------------------------------- /kubernetes/helios/flux/repositories/helm/external-dns-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: external-dns-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://kubernetes-sigs.github.io/external-dns 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/helios/flux/repositories/helm/external-secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: external-secrets 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://charts.external-secrets.io 10 | -------------------------------------------------------------------------------- /kubernetes/helios/flux/repositories/helm/ingress-nginx-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: ingress-nginx-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://kubernetes.github.io/ingress-nginx 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/helios/flux/repositories/helm/jetstack-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: jetstack-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://charts.jetstack.io 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/helios/flux/repositories/helm/k8s-gateway.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: k8s-gateway 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://ori-edge.github.io/k8s_gateway/ 10 | -------------------------------------------------------------------------------- /kubernetes/helios/flux/repositories/helm/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./bjw-s-charts.yaml 6 | - ./prometheus-community-charts.yaml 7 | - ./vector-charts.yaml 8 | - ./jetstack-charts.yaml 9 | - ./ingress-nginx-charts.yaml 10 | - ./external-secrets.yaml 11 | - ./stakater-charts.yaml 12 | - ./external-dns-charts.yaml 13 | - ./k8s-gateway.yaml 14 | -------------------------------------------------------------------------------- /kubernetes/helios/flux/repositories/helm/prometheus-community-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: prometheus-community-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://prometheus-community.github.io/helm-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/helios/flux/repositories/helm/stakater-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: stakater-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://stakater.github.io/stakater-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/helios/flux/repositories/helm/vector-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: vector-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://helm.vector.dev 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/helios/flux/repositories/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # - ./git 6 | - ./helm 7 | # - ./oci 8 | -------------------------------------------------------------------------------- /kubernetes/helios/flux/repositories/oci/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/truxnell/home-cluster/0f7b47a9fec9419a4c5d6b5c4a4ae219ad342c1c/kubernetes/helios/flux/repositories/oci/.gitkeep -------------------------------------------------------------------------------- /templates/ks/hr-add.yaml: -------------------------------------------------------------------------------- 1 | healthChecks: 2 | - apiVersion: helm.toolkit.fluxcd.io/v2beta1 3 | kind: HelmRelease 4 | name: $HELM_NAME 5 | namespace: $NAMESPACE 6 | -------------------------------------------------------------------------------- /templates/ks/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: cluster-apps-$HELM_NAME 6 | namespace: flux-system 7 | labels: 8 | substitution.flux.home.arpa/enabled: 'true' 9 | spec: 10 | path: '$RELDIR/' 11 | prune: true 12 | wait: false 13 | sourceRef: 14 | kind: GitRepository 15 | name: home-cluster-kubernetes 16 | interval: 30m 17 | retryInterval: 1m 18 | timeout: 3m 19 | -------------------------------------------------------------------------------- /templates/kustomize/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Pre Flux-Kustomizations 6 | - ./namespace.yaml 7 | # Flux-Kustomizations 8 | - ./addons/ks.yaml 9 | - ./weave-gitops/ks.yaml 10 | -------------------------------------------------------------------------------- /templates/namespace/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # Pre Flux-Kustomizations 6 | - ./namespace.yaml 7 | # Flux-Kustomizations 8 | -------------------------------------------------------------------------------- /templates/namespace/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: $NAMESPACE 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | annotations: 9 | volsync.backube/privileged-movers: "true" 10 | -------------------------------------------------------------------------------- /tools/centos-priveleged.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: test-pod-2 5 | namespace: default 6 | spec: 7 | nodeName: tycho 8 | containers: 9 | - name: centos 10 | image: centos 11 | command: ["sh", "-c", "sleep 999"] 12 | securityContext: 13 | privileged: true 14 | -------------------------------------------------------------------------------- /tools/dnsutils.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Pod 4 | metadata: 5 | name: dnsutils 6 | spec: 7 | containers: 8 | - name: dnsutils 9 | image: gcr.io/kubernetes-e2e-test-images/dnsutils:1.3 10 | command: 11 | - sleep 12 | - "3600" 13 | imagePullPolicy: IfNotPresent 14 | restartPolicy: Always 15 | -------------------------------------------------------------------------------- /tools/pvc-test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: pvc-test 6 | labels: 7 | velero.io/exclude-from-backup: "true" 8 | 9 | spec: 10 | accessModes: 11 | - ReadWriteOnce 12 | storageClassName: longhorn 13 | resources: 14 | requests: 15 | storage: 6Ti 16 | -------------------------------------------------------------------------------- /tools/redis-test.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kubedb.com/v1alpha2 3 | kind: Redis 4 | metadata: 5 | name: redis-quickstart 6 | spec: 7 | version: "6.0.6" 8 | storageType: Durable 9 | storage: 10 | accessModes: 11 | - ReadWriteOnce 12 | resources: 13 | requests: 14 | storage: 1Gi 15 | --------------------------------------------------------------------------------