├── .backstage ├── api │ ├── adguard-home │ │ └── catalog-info.yaml │ └── locking-service │ │ └── catalog-info.yaml ├── catalog-info.yaml ├── components │ ├── actions-runner-controller │ │ └── catalog-info.yaml │ ├── argo-workflows │ │ └── catalog-info.yaml │ ├── atlantis │ │ └── catalog-info.yaml │ ├── backstage │ │ └── catalog-info.yaml │ ├── cert-manager │ │ └── catalog-info.yaml │ ├── cloudflared │ │ └── catalog-info.yaml │ ├── cloudnative-pg │ │ └── catalog-info.yaml │ ├── dbman │ │ ├── catalog-info.yaml │ │ ├── docs │ │ │ └── index.md │ │ └── mkdocs.yml │ ├── discord-musicbot │ │ └── catalog-info.yaml │ ├── dragonfly │ │ └── catalog-info.yaml │ ├── echo-server │ │ └── catalog-info.yaml │ ├── esphome │ │ └── catalog-info.yaml │ ├── grafana │ │ └── catalog-info.yaml │ ├── hajimari │ │ └── catalog-info.yaml │ ├── hisense-aircon │ │ └── catalog-info.yaml │ ├── home-assistant │ │ └── catalog-info.yaml │ ├── kromgo │ │ └── catalog-info.yaml │ ├── kube-prometheus-stack │ │ └── catalog-info.yaml │ ├── locking-service │ │ └── catalog-info.yaml │ ├── loki │ │ └── catalog-info.yaml │ ├── minecraft-bedrock │ │ └── catalog-info.yaml │ ├── node-red │ │ ├── catalog-info.yaml │ │ ├── docs │ │ │ ├── flows │ │ │ │ ├── basement.md │ │ │ │ └── office.md │ │ │ └── index.md │ │ └── mkdocs.yml │ ├── rook-ceph │ │ ├── catalog-info.yaml │ │ ├── docs │ │ │ ├── index.md │ │ │ └── runbooks │ │ │ │ ├── ceph-health-error.md │ │ │ │ └── ceph-pgs-damaged.md │ │ └── mkdocs.yml │ ├── tekton │ │ └── catalog-info.yaml │ ├── traefik-forward-auth │ │ └── catalog-info.yaml │ ├── traefik │ │ └── catalog-info.yaml │ ├── unifi-controller │ │ └── catalog-info.yaml │ ├── zigbee2mqtt-basement │ │ └── catalog-info.yaml │ ├── zigbee2mqtt-downstairs │ │ └── catalog-info.yaml │ └── zigbee2mqtt-upstairs │ │ └── catalog-info.yaml ├── domains │ └── home │ │ └── catalog-info.yaml └── systems │ ├── kube-nas │ ├── catalog-info.yaml │ └── docs │ │ └── nfs-server.md │ ├── mqtt.home │ └── catalog-info.yaml │ ├── nas │ └── catalog-info.yaml │ ├── opnsense │ └── catalog-info.yaml │ ├── talos-flux │ ├── catalog-info.yaml │ ├── docs │ │ ├── index.md │ │ ├── installation.md │ │ ├── manual.md │ │ ├── runbooks │ │ │ └── etcd-database-fragmentation-troubleshooting.md │ │ ├── stylesheets │ │ │ └── extra.css │ │ └── upgrade.md │ └── mkdocs.yml │ └── zigbee-bridge │ └── catalog-info.yaml ├── .cursorignore ├── .editorconfig ├── .gitattributes ├── .github ├── actionlint.yaml ├── labeler.yaml ├── labels.yaml ├── renovate-bot.json5 ├── renovate.json5 └── workflows │ ├── dependency-review.yaml │ ├── flux-local.yaml │ ├── mega-linter.yaml │ ├── pr-labeler.yaml │ ├── run-trivy.yaml │ ├── schedule-renovate.yaml │ ├── scorecards.yaml │ └── update-flake-lock.yaml ├── .gitignore ├── .gitleaksignore ├── .markdownlint.yaml ├── .mega-linter.yaml ├── .mise.toml ├── .pre-commit-config.yaml ├── .prettierignore ├── .prettierrc.yaml ├── .sops.yaml ├── .taskfiles ├── backstage │ └── Taskfile.yaml ├── debug-tasks │ └── Taskfile.yaml ├── devenv │ ├── Taskfile.yaml │ ├── check.yaml │ ├── cluster.yaml │ └── flux.yaml ├── lint │ └── Taskfile.yaml ├── pre-commit │ └── Taskfile.yaml ├── rook-ceph │ └── Taskfile.yaml ├── talos │ └── Taskfile.yaml └── terraform │ └── Taskfile.yaml ├── .terraform-docs.yaml ├── .tflint.hcl ├── .trivyignore.yaml ├── .yamllint.yaml ├── LICENSE ├── README.md ├── Taskfile.yaml ├── devenv ├── README.md ├── infra │ └── kind │ │ ├── locals.tf │ │ ├── main.tf │ │ └── providers.tf └── oci │ ├── apps │ ├── cert-manager │ │ ├── cert-manager │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── flux-sync.yaml │ │ │ └── issuers │ │ │ │ ├── cluster-issuer-selfsigned.yaml │ │ │ │ └── kustomization.yaml │ │ ├── kustomization.yaml │ │ └── namespace.yaml │ ├── flux-system │ │ ├── flux-operator │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── oci-repository.yaml │ │ │ ├── flux-sync.yaml │ │ │ └── instance │ │ │ │ ├── flux-instance.yaml │ │ │ │ └── kustomization.yaml │ │ ├── kustomization.yaml │ │ └── namespace.yaml │ ├── ingress-nginx │ │ ├── ingress-nginx │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── flux-sync.yaml │ │ ├── kustomization.yaml │ │ └── namespace.yaml │ ├── kube-system │ │ ├── kustomization.yaml │ │ ├── metrics-server │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── flux-sync.yaml │ │ └── namespace.yaml │ └── kube-tools │ │ ├── i-see-dead-pods │ │ ├── app │ │ │ ├── helm-release.yaml │ │ │ ├── kustomization.yaml │ │ │ └── rbac.yaml │ │ └── flux-sync.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── reloader │ │ ├── app │ │ ├── helm-values.yaml │ │ └── kustomization.yaml │ │ └── flux-sync.yaml │ ├── flux │ ├── config │ │ └── cluster-settings.yaml │ ├── flux-sync.yaml │ └── kustomization.yaml │ └── registry-config.yaml ├── infra ├── README.md ├── nixos │ ├── flake.lock │ ├── flake.nix │ ├── fonts.nix │ ├── home-manager │ │ ├── cli │ │ │ └── tools.nix │ │ ├── desktop │ │ │ ├── discord.nix │ │ │ ├── file-explorer.nix │ │ │ ├── google-chrome.nix │ │ │ ├── kitty.nix │ │ │ ├── spotify.nix │ │ │ └── vscode.nix │ │ ├── devops │ │ │ ├── development.nix │ │ │ └── kubernetes.nix │ │ └── home.nix │ ├── hosts │ │ ├── dell │ │ │ ├── configuration.nix │ │ │ └── hardware-configuration.nix │ │ ├── desktop │ │ │ ├── configuration.nix │ │ │ └── hardware-configuration.nix │ │ ├── kube-nas │ │ │ ├── configuration.nix │ │ │ ├── hardware-configuration.nix │ │ │ └── nfs.nix │ │ └── micronix │ │ │ ├── configuration.nix │ │ │ └── hardware-configuration.nix │ ├── modules │ │ ├── ags.nix │ │ ├── docker.nix │ │ ├── gnome-keyring.nix │ │ ├── hyprland.nix │ │ ├── k3s.nix │ │ ├── lutris.nix │ │ ├── neovim.nix │ │ ├── nvidia.nix │ │ ├── openssh.nix │ │ ├── plasma.nix │ │ ├── syncthing.nix │ │ └── system-packages.nix │ ├── nfs-users.nix │ └── users.nix ├── talos │ ├── README.md │ ├── clusterconfig │ │ └── .gitignore │ ├── talconfig.yaml │ └── talsecret.sops.yaml └── terraform │ ├── README.md │ ├── cloudflare │ ├── jazzlyn_dev.tf │ ├── main.tf │ ├── providers.tf │ ├── secrets.sops.yaml │ └── tyriis_dev.tf │ └── main.tf ├── kubernetes ├── base │ ├── apps │ │ ├── atlantis │ │ │ ├── app │ │ │ │ └── helm-release.yaml │ │ │ ├── config │ │ │ │ └── repos.yaml │ │ │ └── scripts │ │ │ │ ├── allow_list.sh │ │ │ │ └── vault_config.sh │ │ └── minecraft │ │ │ └── paper-server │ │ │ └── helm-release.yaml │ └── flux │ │ └── repositories │ │ ├── git │ │ ├── dragonfly-operator.yaml │ │ └── home-ops.yaml │ │ ├── helm │ │ ├── actions-runner-controller-charts.yaml │ │ ├── argo-charts.yaml │ │ ├── backube-charts.yaml │ │ ├── bitnami-charts.yaml │ │ ├── bjw-s-charts.yaml │ │ ├── botkube-charts.yaml │ │ ├── bunkerweb-charts.yaml │ │ ├── cdfoundation-tekton-charts.yaml │ │ ├── cilium-charts.yaml │ │ ├── cloudnative-pg-charts.yaml │ │ ├── coredns-charts.yaml │ │ ├── csi-driver-nfs-charts.yaml │ │ ├── dbman-charts.yaml │ │ ├── democratic-csi-charts.yaml │ │ ├── emqx-charts.yaml │ │ ├── external-dns-charts.yaml │ │ ├── external-secrets-charts.yaml │ │ ├── fairwinds-charts.yaml │ │ ├── flux-iac-charts.yaml │ │ ├── flux-operator-charts.yaml │ │ ├── grafana-charts.yaml │ │ ├── hajimari-charts.yaml │ │ ├── harbor-charts.yaml │ │ ├── hashicorp-charts.yaml │ │ ├── ingress-nginx-charts.yaml │ │ ├── jetstack-charts.yaml │ │ ├── kyverno-charts.yaml │ │ ├── metallb-charts.yaml │ │ ├── metrics-server-charts.yaml │ │ ├── minecraft-server-charts.yaml │ │ ├── mirceanton-charts.yaml │ │ ├── nfs-subdir-external-provisioner-charts.yaml │ │ ├── node-feature-discovery-charts.yaml │ │ ├── openbao-charts.yaml │ │ ├── openebs-charts.yaml │ │ ├── piraeus-charts.yaml │ │ ├── postfinance-charts.yaml │ │ ├── prometheus-community-charts.yaml │ │ ├── rook-ceph-charts.yaml │ │ ├── runatlantis-charts.yaml │ │ ├── stakater-charts.yaml │ │ └── traefik-charts.yaml │ │ └── oci │ │ ├── flux-manifests.yaml │ │ └── podinfo.yaml ├── components │ ├── flux │ │ ├── alerts │ │ │ ├── alert.yaml │ │ │ ├── kustomization.yaml │ │ │ └── provider.yaml │ │ └── globals │ │ │ └── talos-flux │ │ │ └── kustomization.yaml │ ├── gatus │ │ ├── external │ │ │ ├── config.yaml │ │ │ └── kustomization.yaml │ │ ├── internal │ │ │ ├── config.yaml │ │ │ └── kustomization.yaml │ │ └── minecraft │ │ │ ├── config.yaml │ │ │ └── kustomization.yaml │ └── sops │ │ ├── kube-nas │ │ └── kustomization.yaml │ │ └── talos-flux │ │ └── kustomization.yaml ├── kube-nas │ ├── README.md │ ├── apps │ │ ├── auth-system │ │ │ ├── kustomization.yaml │ │ │ ├── namespace.yaml │ │ │ └── oauth2-proxy │ │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secrets.sops.yaml │ │ │ │ └── flux-sync.yaml │ │ ├── backup-system │ │ │ ├── kustomization.yaml │ │ │ ├── namespace.yaml │ │ │ ├── snapshot-controller │ │ │ │ ├── app │ │ │ │ │ ├── helm-release.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── flux-sync.yaml │ │ │ └── volsync │ │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── prometheus-rules.yaml │ │ │ │ └── flux-sync.yaml │ │ ├── bunkerweb-ingress │ │ │ ├── bunkerweb │ │ │ │ ├── app │ │ │ │ │ ├── database.yaml │ │ │ │ │ ├── helm-release.yaml │ │ │ │ │ ├── ingress-class.yaml │ │ │ │ │ ├── ingress.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── rbac.yaml │ │ │ │ │ └── secret.sops.yaml │ │ │ │ └── flux-sync.yaml │ │ │ ├── kustomization.yaml │ │ │ └── namespace.yaml │ │ ├── cert-manager │ │ │ ├── cert-manager │ │ │ │ ├── app │ │ │ │ │ ├── helm-release.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── flux-sync.yaml │ │ │ │ └── issuers │ │ │ │ │ ├── cluster-issuer-production.yaml │ │ │ │ │ ├── cluster-issuer-self-signed.yaml │ │ │ │ │ ├── cluster-issuer-staging.yaml │ │ │ │ │ ├── helm-release.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── kustomize-config.yaml │ │ │ │ │ └── secret.sops.yaml │ │ │ ├── kustomization.yaml │ │ │ └── namespace.yaml │ │ ├── database-system │ │ │ ├── cloudnative-pg │ │ │ │ ├── cluster │ │ │ │ │ ├── cluster17.yaml │ │ │ │ │ ├── database-server.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── postgres-minio-secret.sops.yaml │ │ │ │ │ ├── postgres-superuser-secret.sops.yaml │ │ │ │ │ └── scheduled-backup.yaml │ │ │ │ ├── flux-sync.yaml │ │ │ │ └── operator │ │ │ │ │ ├── helm-release.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ ├── dbman │ │ │ │ ├── flux-sync.yaml │ │ │ │ └── operator │ │ │ │ │ ├── helm-release.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ ├── dragonfly │ │ │ │ ├── cluster │ │ │ │ │ ├── crd │ │ │ │ │ │ └── cluster.yaml │ │ │ │ │ ├── helm-release.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── kustomize-config.yaml │ │ │ │ ├── flux-sync.yaml │ │ │ │ ├── observability │ │ │ │ │ ├── crd │ │ │ │ │ │ └── pod-monitor.yaml │ │ │ │ │ ├── helm-release.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── kustomize-config.yaml │ │ │ │ └── operator │ │ │ │ │ ├── helm-release.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── rbac.yaml │ │ │ ├── kustomization.yaml │ │ │ └── namespace.yaml │ │ ├── default │ │ │ ├── echo-server │ │ │ │ ├── app │ │ │ │ │ ├── helm-release.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── flux-sync.yaml │ │ │ ├── kustomization.yaml │ │ │ └── namespace.yaml │ │ ├── democratic-csi │ │ │ ├── kustomization.yaml │ │ │ ├── local-hostpath │ │ │ │ ├── app │ │ │ │ │ ├── helm-release.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── flux-sync.yaml │ │ │ └── namespace.yaml │ │ ├── flux-system │ │ │ ├── flux-operator │ │ │ │ ├── app │ │ │ │ │ ├── helm-release.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── oci-repository.yaml │ │ │ │ ├── flux-sync.yaml │ │ │ │ └── instance │ │ │ │ │ ├── flux-instance.yaml │ │ │ │ │ ├── helm-release.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── kustomize-config.yaml │ │ │ ├── flux │ │ │ │ ├── flux-sync.yaml │ │ │ │ └── webhook │ │ │ │ │ ├── helm-release.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── receiver.yaml │ │ │ │ │ └── secret.sops.yaml │ │ │ ├── kustomization.yaml │ │ │ └── namespace.yaml │ │ ├── ingress-nginx │ │ │ ├── ingress-nginx │ │ │ │ ├── app │ │ │ │ │ ├── helm-release.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── flux-sync.yaml │ │ │ ├── kustomization.yaml │ │ │ └── namespace.yaml │ │ ├── kube-system │ │ │ ├── cilium │ │ │ │ ├── app │ │ │ │ │ ├── cilium-l2-announcement-policy.yaml │ │ │ │ │ ├── cilium-load-balancer-ip-pool.yaml │ │ │ │ │ ├── helm-release.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── flux-sync.yaml │ │ │ ├── coredns │ │ │ │ ├── app │ │ │ │ │ ├── helm-release.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── flux-sync.yaml │ │ │ ├── kubelet-csr-approver │ │ │ │ ├── app │ │ │ │ │ ├── helm-release.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── flux-sync.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── metrics-server │ │ │ │ ├── app │ │ │ │ │ ├── helm-release.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── flux-sync.yaml │ │ │ └── namespace.yaml │ │ ├── kube-tools │ │ │ ├── k8tz │ │ │ │ ├── app │ │ │ │ │ ├── helm-release.yaml │ │ │ │ │ ├── helm-repository.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── pki.yaml │ │ │ │ └── flux-sync.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── namespace.yaml │ │ │ └── reloader │ │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ └── flux-sync.yaml │ │ ├── minio-system │ │ │ ├── README.md │ │ │ ├── kustomization.yaml │ │ │ ├── minio │ │ │ │ ├── app │ │ │ │ │ ├── helm-release.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── secrets.sops.yaml │ │ │ │ └── flux-sync.yaml │ │ │ └── namespace.yaml │ │ ├── networking │ │ │ ├── external-dns │ │ │ │ ├── cloudflare │ │ │ │ │ ├── external-secret.yaml │ │ │ │ │ ├── helm-release.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── flux-sync.yaml │ │ │ ├── kustomization.yaml │ │ │ └── namespace.yaml │ │ ├── observability │ │ │ ├── kube-prometheus-stack │ │ │ │ ├── app │ │ │ │ │ ├── README.md │ │ │ │ │ ├── alertmanager-values.yaml │ │ │ │ │ ├── helm-release.yaml │ │ │ │ │ ├── kube-state-metrics-values.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── kustomize-config.yaml │ │ │ │ │ ├── prometheus-values.yaml │ │ │ │ │ └── secret.sops.yaml │ │ │ │ ├── flux-sync.yaml │ │ │ │ └── rules │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── node-exporter │ │ │ │ │ └── prometheus-rule.yaml │ │ │ ├── kustomization.yaml │ │ │ └── namespace.yaml │ │ ├── oci-registry │ │ │ ├── harbor │ │ │ │ ├── app │ │ │ │ │ ├── database.yaml │ │ │ │ │ ├── helm-release.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ └── secrets.sops.yaml │ │ │ │ └── flux-sync.yaml │ │ │ ├── kustomization.yaml │ │ │ └── namespace.yaml │ │ └── secops │ │ │ ├── external-secrets │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── flux-sync.yaml │ │ │ └── stores │ │ │ │ ├── cluster-secret-store.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── namespace.yaml │ │ │ ├── openbao │ │ │ ├── app │ │ │ │ ├── README.md │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secrets.sops.yaml │ │ │ ├── flux-sync.yaml │ │ │ └── snapshots │ │ │ │ ├── external-secret.yaml │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── rbac.yaml │ ├── bootstrap │ │ ├── README.md │ │ ├── cilium │ │ │ ├── kustomization.yaml │ │ │ └── values.yaml │ │ ├── coredns │ │ │ ├── kustomization.yaml │ │ │ └── values.yaml │ │ ├── democratic-csi │ │ │ ├── kustomization.yaml │ │ │ └── values.yaml │ │ ├── flux-operator │ │ │ ├── kustomization.yaml │ │ │ └── values.yaml │ │ ├── kubelet-csr-approver │ │ │ ├── kustomization.yaml │ │ │ └── values.yaml │ │ └── metrics-server │ │ │ ├── kustomization.yaml │ │ │ └── values.yaml │ └── flux │ │ ├── config │ │ └── sops-age.sops.yaml │ │ ├── flux-sync.yaml │ │ └── kustomization.yaml └── talos-flux │ ├── apps │ ├── anubis-system │ │ ├── anubis-grafana │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── flux-sync.yaml │ │ ├── kustomization.yaml │ │ └── namespace.yaml │ ├── atlantis │ │ ├── README.md │ │ ├── default-config │ │ │ └── kustomization.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── techtales-io │ │ │ ├── flux-sync.yaml │ │ │ ├── terraform-discord │ │ │ │ ├── config │ │ │ │ │ ├── allowlist.txt │ │ │ │ │ └── repos.yaml │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ │ ├── terraform-gcloud │ │ │ │ ├── config │ │ │ │ │ ├── allowlist.txt │ │ │ │ │ └── repos.yaml │ │ │ │ ├── external-secret.yaml │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ │ ├── terraform-github │ │ │ │ ├── config │ │ │ │ │ ├── allowlist.txt │ │ │ │ │ └── repos.yaml │ │ │ │ ├── external-secret.yaml │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ │ ├── terraform-gworkspace │ │ │ │ ├── config │ │ │ │ │ ├── allowlist.txt │ │ │ │ │ └── repos.yaml │ │ │ │ ├── external-secret.yaml │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ │ ├── terraform-minio │ │ │ │ ├── config │ │ │ │ │ ├── allowlist.txt │ │ │ │ │ └── repos.yaml │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ │ ├── terraform-opnsense │ │ │ │ ├── config │ │ │ │ │ ├── allowlist.txt │ │ │ │ │ └── repos.yaml │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ │ └── terraform-vault │ │ │ │ ├── config │ │ │ │ ├── allowlist.txt │ │ │ │ └── repos.yaml │ │ │ │ ├── external-secret.yaml │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ └── tyriis │ │ │ ├── flux-sync.yaml │ │ │ └── terraform-github │ │ │ ├── config │ │ │ └── allowlist.txt │ │ │ ├── external-secret.yaml │ │ │ ├── helm-values.yaml │ │ │ ├── kustomization.yaml │ │ │ └── secret.sops.yaml │ ├── auth-system │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── oauth2-proxy │ │ │ ├── app │ │ │ ├── external-secret.yaml │ │ │ ├── helm-release.yaml │ │ │ └── kustomization.yaml │ │ │ └── flux-sync.yaml │ ├── backstage │ │ ├── backstage │ │ │ ├── app │ │ │ │ ├── app-config.production.yaml │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secrets.sops.yaml │ │ │ └── flux-sync.yaml │ │ ├── kustomization.yaml │ │ └── namespace.yaml │ ├── backup-system │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── snapshot-controller │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── flux-sync.yaml │ │ └── volsync │ │ │ ├── app │ │ │ ├── helm-release.yaml │ │ │ ├── kustomization.yaml │ │ │ └── prometheus-rules.yaml │ │ │ └── flux-sync.yaml │ ├── cert-manager │ │ ├── cert-manager │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── flux-sync.yaml │ │ │ └── issuers │ │ │ │ ├── cluster-issuer-production.yaml │ │ │ │ ├── cluster-issuer-selfsigned.yaml │ │ │ │ ├── cluster-issuer-staging.yaml │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── kustomize-config.yaml │ │ │ │ └── secret.sops.yaml │ │ ├── kustomization.yaml │ │ └── namespace.yaml │ ├── database │ │ ├── cloudnative-pg │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── barman-cloud │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── cluster │ │ │ │ ├── cluster17.yaml │ │ │ │ ├── database-server.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── objectstore.yaml │ │ │ │ ├── postgres-minio-secret.sops.yaml │ │ │ │ ├── postgres-superuser-secret.sops.yaml │ │ │ │ └── scheduled-backup.yaml │ │ │ ├── flux-sync.yaml │ │ │ ├── git-repository.yaml │ │ │ └── observability │ │ │ │ ├── kustomization.yaml │ │ │ │ └── prometheus-rule.yaml │ │ ├── dbman │ │ │ ├── flux-sync.yaml │ │ │ └── operator │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ ├── dragonfly │ │ │ ├── cluster │ │ │ │ ├── cluster.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pod-monitor.yaml │ │ │ ├── flux-sync.yaml │ │ │ └── operator │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── rbac.yaml │ │ ├── kustomization.yaml │ │ └── namespace.yaml │ ├── default │ │ ├── echo-server │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── flux-sync.yaml │ │ ├── homepage │ │ │ ├── app │ │ │ │ ├── config │ │ │ │ │ ├── bookmarks.yaml │ │ │ │ │ ├── custom.css │ │ │ │ │ ├── custom.js │ │ │ │ │ ├── docker.yaml │ │ │ │ │ ├── kubernetes.yaml │ │ │ │ │ ├── services.yaml │ │ │ │ │ ├── settings.yaml │ │ │ │ │ └── widgets.yaml │ │ │ │ ├── external-secret.yaml │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── rbac.yaml │ │ │ └── flux-sync.yaml │ │ ├── it-tools │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── flux-sync.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── openspeedtest │ │ │ ├── app │ │ │ ├── helm-release.yaml │ │ │ └── kustomization.yaml │ │ │ └── flux-sync.yaml │ ├── development │ │ ├── code-server │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── flux-sync.yaml │ │ ├── kustomization.yaml │ │ └── namespace.yaml │ ├── devops │ │ ├── argo-workflows │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── flux-sync.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── tekton │ │ │ ├── app │ │ │ ├── ingress.yaml │ │ │ └── kustomization.yaml │ │ │ ├── flux-sync.yaml │ │ │ ├── krr-cron │ │ │ ├── helm-release.yaml │ │ │ └── kustomization.yaml │ │ │ ├── pipelines │ │ │ ├── goodbye.yaml │ │ │ ├── krr.yaml │ │ │ └── kustomization.yaml │ │ │ ├── tasks │ │ │ ├── goodbye.yaml │ │ │ ├── hello-world.yaml │ │ │ ├── krr │ │ │ │ ├── rbac.yaml │ │ │ │ └── task.yaml │ │ │ └── kustomization.yaml │ │ │ └── triggers │ │ │ ├── kustomization.yaml │ │ │ └── templates │ │ │ ├── hello.yaml │ │ │ └── krr.yaml │ ├── discord │ │ ├── kustomization.yaml │ │ ├── musicbot │ │ │ ├── app │ │ │ │ ├── autoplaylist.txt │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── options.ini │ │ │ │ └── permissions.ini │ │ │ └── flux-sync.yaml │ │ └── namespace.yaml │ ├── flux-system │ │ ├── flux-operator │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── oci-repository.yaml │ │ │ ├── flux-sync.yaml │ │ │ └── instance │ │ │ │ ├── flux-instance.yaml │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── kustomize-config.yaml │ │ ├── flux │ │ │ ├── flux-sync.yaml │ │ │ ├── notifications │ │ │ │ └── discord │ │ │ │ │ ├── alert.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── provider.yaml │ │ │ │ │ └── secret.sops.yaml │ │ │ ├── observability │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── pod-monitor.yaml │ │ │ │ └── prometheus-rule.yaml │ │ │ └── webhook │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── tofu-controller │ │ │ ├── app │ │ │ ├── helm-release.yaml │ │ │ └── kustomization.yaml │ │ │ ├── flux-sync.yaml │ │ │ └── terraform │ │ │ └── techtales-io-terraform-discord.yaml │ ├── gaming-public │ │ ├── kustomization.yaml │ │ ├── minecraft-java │ │ │ ├── flux-sync.yaml │ │ │ ├── global-secrets │ │ │ │ ├── external-secrets │ │ │ │ │ ├── curseforge-api-key.yaml │ │ │ │ │ ├── minecraft-proxy-forwarding.yaml │ │ │ │ │ └── minecraft-rcon.yaml │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── kustomize-config.yaml │ │ │ ├── lobby-world │ │ │ │ ├── config-map.yaml │ │ │ │ ├── config │ │ │ │ │ ├── paper-global.yaml │ │ │ │ │ ├── plugins.txt │ │ │ │ │ └── spigot.yaml │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── persistent-volume-claim.yaml │ │ │ │ ├── replication-destination.yaml │ │ │ │ ├── replication-source.yaml │ │ │ │ └── secret.sops.yaml │ │ │ ├── playground-world │ │ │ │ ├── config-map.yaml │ │ │ │ ├── config │ │ │ │ │ ├── paper-global.yaml │ │ │ │ │ ├── plugins.txt │ │ │ │ │ └── spigot.yaml │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── persistent-volume-claim.yaml │ │ │ │ ├── replication-destination.yaml │ │ │ │ ├── replication-source.yaml │ │ │ │ └── secret.sops.yaml │ │ │ ├── pvp-world │ │ │ │ ├── config-map.yaml │ │ │ │ ├── config │ │ │ │ │ ├── paper-global.yaml │ │ │ │ │ ├── plugins.txt │ │ │ │ │ └── spigot.yaml │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── persistent-volume-claim.yaml │ │ │ │ ├── replication-destination.yaml │ │ │ │ ├── replication-source.yaml │ │ │ │ └── secret.sops.yaml │ │ │ ├── survival-world │ │ │ │ ├── config-map.yaml │ │ │ │ ├── config │ │ │ │ │ ├── paper-global.yaml │ │ │ │ │ ├── plugins.txt │ │ │ │ │ └── spigot.yaml │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── persistent-volume-claim.yaml │ │ │ │ ├── plugins │ │ │ │ │ └── AxGraves │ │ │ │ │ │ └── config.yml │ │ │ │ ├── replication-destination.yaml │ │ │ │ ├── replication-source.yaml │ │ │ │ └── secret.sops.yaml │ │ │ └── velocity-proxy │ │ │ │ ├── config │ │ │ │ ├── plugins.txt │ │ │ │ └── velocity.toml │ │ │ │ ├── external-secret.yaml │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── persistent-volume-claim.yaml │ │ │ │ └── plugins │ │ │ │ ├── minimotd-velocity │ │ │ │ └── main.conf │ │ │ │ └── viaversion │ │ │ │ └── config.yml │ │ └── namespace.yaml │ ├── gaming │ │ ├── kustomization.yaml │ │ ├── minecraft-java │ │ │ ├── README.md │ │ │ ├── creative-world │ │ │ │ ├── config-map.yaml │ │ │ │ ├── config │ │ │ │ │ ├── paper-global.yaml │ │ │ │ │ ├── plugins.txt │ │ │ │ │ └── spigot.yaml │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── persistent-volume-claim.yaml │ │ │ │ ├── replication-destination.yaml │ │ │ │ ├── replication-source.yaml │ │ │ │ └── secret.sops.yaml │ │ │ ├── flux-sync.yaml │ │ │ ├── global-secrets │ │ │ │ ├── external-secrets │ │ │ │ │ ├── curseforge-api-key.yaml │ │ │ │ │ ├── minecraft-proxy-forwarding.yaml │ │ │ │ │ └── minecraft-rcon.yaml │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── kustomize-config.yaml │ │ │ ├── lobby-world │ │ │ │ ├── config-map.yaml │ │ │ │ ├── config │ │ │ │ │ ├── paper-global.yaml │ │ │ │ │ ├── plugins.txt │ │ │ │ │ └── spigot.yaml │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── persistent-volume-claim.yaml │ │ │ │ ├── replication-destination.yaml │ │ │ │ ├── replication-source.yaml │ │ │ │ └── secret.sops.yaml │ │ │ ├── playground-world │ │ │ │ ├── config-map.yaml │ │ │ │ ├── config │ │ │ │ │ ├── paper-global.yaml │ │ │ │ │ ├── plugins.txt │ │ │ │ │ └── spigot.yaml │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── persistent-volume-claim.yaml │ │ │ │ ├── replication-destination.yaml │ │ │ │ ├── replication-source.yaml │ │ │ │ └── secret.sops.yaml │ │ │ ├── survival-world │ │ │ │ ├── config-map.yaml │ │ │ │ ├── config │ │ │ │ │ ├── paper-global.yaml │ │ │ │ │ ├── plugins.txt │ │ │ │ │ └── spigot.yaml │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── persistent-volume-claim.yaml │ │ │ │ ├── replication-destination.yaml │ │ │ │ ├── replication-source.yaml │ │ │ │ └── secret.sops.yaml │ │ │ └── velocity-proxy │ │ │ │ ├── config │ │ │ │ ├── plugins.txt │ │ │ │ └── velocity.toml │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── persistent-volume-claim.yaml │ │ └── namespace.yaml │ ├── github │ │ ├── actions-runner-controller │ │ │ ├── flux-sync.yaml │ │ │ ├── operator │ │ │ │ ├── arc-dashboard.json │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pod-monitor.yaml │ │ │ └── runners │ │ │ │ ├── jazzlyn │ │ │ │ ├── gh-actions-demo.yaml │ │ │ │ ├── kind-flux-demo.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secrets.sops.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── organization │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── secrets.sops.yaml │ │ │ │ └── techtales-io.yaml │ │ │ │ ├── regcreds-docker.sops.yaml │ │ │ │ └── tyriis │ │ │ │ ├── home-ops.yaml │ │ │ │ ├── homeassistant-config.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── secrets.sops.yaml │ │ │ │ ├── terraform-github.yaml │ │ │ │ └── terraform-github │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ ├── kustomization.yaml │ │ └── namespace.yaml │ ├── home-automation │ │ ├── emqx │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── persistent-volume-claim.yaml │ │ │ │ ├── replication-destination.yaml │ │ │ │ ├── replication-source.yaml │ │ │ │ └── secrets.sops.yaml │ │ │ └── flux-sync.yaml │ │ ├── esphome │ │ │ ├── app │ │ │ │ ├── config │ │ │ │ │ └── sensor-heating.yaml │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── persistent-volume-claim.yaml │ │ │ │ ├── secrets.sops.yaml │ │ │ │ ├── volsync-replication-destination.yaml │ │ │ │ ├── volsync-replication-source.yaml │ │ │ │ └── volsync-secrets.sops.yaml │ │ │ ├── flux-sync.yaml │ │ │ └── observability │ │ │ │ ├── kustomization.yaml │ │ │ │ └── prometheus-rule.yaml │ │ ├── govee2mqtt │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ │ └── flux-sync.yaml │ │ ├── hisense-aircon │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ │ └── flux-sync.yaml │ │ ├── home-assistant │ │ │ ├── app │ │ │ │ ├── database.yaml │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── persistent-volume-claim.yaml │ │ │ │ ├── replication-destination.yaml │ │ │ │ ├── replication-source.yaml │ │ │ │ └── secret.sops.yaml │ │ │ └── flux-sync.yaml │ │ ├── kustomization.yaml │ │ ├── locking-service │ │ │ ├── app │ │ │ │ ├── configuration.yaml │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── flux-sync.yaml │ │ ├── n8n │ │ │ ├── app │ │ │ │ ├── external-secret.yaml │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── persistent-volume-claim.yaml │ │ │ └── flux-sync.yaml │ │ ├── namespace.yaml │ │ ├── node-red │ │ │ ├── app │ │ │ │ ├── config │ │ │ │ │ └── .gitconfig │ │ │ │ ├── dashboards │ │ │ │ │ └── freshair.json │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── persistent-volume-claim.yaml │ │ │ │ ├── persistent-volume.yaml │ │ │ │ ├── service-monitor.yaml │ │ │ │ └── storage-class.yaml │ │ │ └── flux-sync.yaml │ │ ├── ring-mqtt │ │ │ ├── app │ │ │ │ ├── external-secret.yaml │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── persistent-volume-claim.yaml │ │ │ │ ├── replication-destination.yaml │ │ │ │ ├── replication-source.yaml │ │ │ │ └── secret.sops.yaml │ │ │ └── flux-sync.yaml │ │ └── zigbee2mqtt │ │ │ ├── app │ │ │ ├── external-secret.yaml │ │ │ ├── helm-release.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── persistent-volume-claim.yaml │ │ │ ├── prometheus-rule.yaml │ │ │ ├── replication-destination.yaml │ │ │ ├── replication-source.yaml │ │ │ └── secret.sops.yaml │ │ │ └── flux-sync.yaml │ ├── kube-system │ │ ├── cilium │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── config │ │ │ │ ├── cilium-l2-announcement-policy.yaml │ │ │ │ ├── cilium-load-balancer-ip-pool.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── flux-sync.yaml │ │ ├── coredns │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── flux-sync.yaml │ │ ├── csi-driver-nfs │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── storage-class.yaml │ │ │ └── flux-sync.yaml │ │ ├── kubelet-csr-approver │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── flux-sync.yaml │ │ ├── kustomization.yaml │ │ ├── metrics-server │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── flux-sync.yaml │ │ └── namespace.yaml │ ├── kube-tools │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── node-feature-discovery │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── crds │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── kustomize-config.yaml │ │ │ │ └── node-feature-rules │ │ │ │ │ ├── intel-gpu.yaml │ │ │ │ │ └── zigbee-stick.yaml │ │ │ └── flux-sync.yaml │ │ └── reloader │ │ │ ├── app │ │ │ ├── helm-release.yaml │ │ │ └── kustomization.yaml │ │ │ └── flux-sync.yaml │ ├── kyverno │ │ ├── kustomization.yaml │ │ ├── kyverno │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── flux-sync.yaml │ │ │ └── policies │ │ │ │ ├── ingress-prom-probes.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── remove-cpu-limits.yaml │ │ └── namespace.yaml │ ├── networking │ │ ├── adguard-home │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── persistent-volume-claim.yaml │ │ │ └── flux-sync.yaml │ │ ├── cloudflared │ │ │ ├── app │ │ │ │ ├── config.yaml │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ │ └── flux-sync.yaml │ │ ├── external-dns │ │ │ ├── cloudflare │ │ │ │ ├── external-secret.yaml │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── flux-sync.yaml │ │ │ └── opnsense │ │ │ │ ├── external-secret.yaml │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── kustomize-config.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── playit │ │ │ ├── app │ │ │ │ ├── external-secret.yaml │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── networkpolicy.yaml │ │ │ └── flux-sync.yaml │ │ ├── redirect-service │ │ │ ├── app │ │ │ │ ├── config │ │ │ │ │ ├── 01_real-ip.conf │ │ │ │ │ ├── 02_log-format.conf │ │ │ │ │ └── default.conf │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── flux-sync.yaml │ │ └── unifi-controller │ │ │ ├── app │ │ │ ├── README.md │ │ │ ├── helm-release.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── persistent-volume-claim.yaml │ │ │ ├── replication-destination.yaml │ │ │ ├── replication-source.yaml │ │ │ └── secret.sops.yaml │ │ │ └── flux-sync.yaml │ ├── nginx-ingress │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── nginx │ │ │ ├── app │ │ │ ├── helm-release.yaml │ │ │ └── kustomization.yaml │ │ │ └── flux-sync.yaml │ ├── observability │ │ ├── alertmanager-discord │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── flux-sync.yaml │ │ ├── blackbox-exporter │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── flux-sync.yaml │ │ ├── botkube │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ │ └── flux-sync.yaml │ │ ├── gatus │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── persistent-volume-claim.yaml │ │ │ │ ├── prometheus-rule.yaml │ │ │ │ └── resources │ │ │ │ │ └── config.yaml │ │ │ └── flux-sync.yaml │ │ ├── grafana │ │ │ ├── app │ │ │ │ ├── config │ │ │ │ │ ├── contactpoints.yaml │ │ │ │ │ ├── datasources.yaml │ │ │ │ │ └── policies.yaml │ │ │ │ ├── dashboards │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── resource-usage.json │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── secret.sops.yaml │ │ │ └── flux-sync.yaml │ │ ├── kromgo │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ │ └── config.yaml │ │ │ └── flux-sync.yaml │ │ ├── kube-prometheus-stack │ │ │ ├── app │ │ │ │ ├── README.md │ │ │ │ ├── alertmanager-values.yaml │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kube-state-metrics-values.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── kustomize-config.yaml │ │ │ │ ├── prometheus-values.yaml │ │ │ │ └── thanos-objstore-secret.sops.yaml │ │ │ ├── flux-sync.yaml │ │ │ └── rules │ │ │ │ ├── kustomization.yaml │ │ │ │ └── node-exporter │ │ │ │ └── prometheus-rule.yaml │ │ ├── kustomization.yaml │ │ ├── loki │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── ingress.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── loki-alerting-rules.yaml │ │ │ │ ├── prometheus-rule.yaml │ │ │ │ └── secret.sops.yaml │ │ │ └── flux-sync.yaml │ │ ├── namespace.yaml │ │ ├── opnsense-exporter │ │ │ ├── app │ │ │ │ ├── external-secret.yaml │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── flux-sync.yaml │ │ ├── promtail │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── flux-sync.yaml │ │ ├── smartctl-exporter │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── prometheus-rule.yaml │ │ │ └── flux-sync.yaml │ │ ├── speedtest-exporter │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── prometheus-rule.yaml │ │ │ │ └── service-monitor.yaml │ │ │ └── flux-sync.yaml │ │ └── unpoller │ │ │ ├── app │ │ │ ├── external-secret.yaml │ │ │ ├── helm-release.yaml │ │ │ └── kustomization.yaml │ │ │ └── flux-sync.yaml │ ├── openebs-system │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── openebs │ │ │ ├── app │ │ │ ├── helm-release.yaml │ │ │ └── kustomization.yaml │ │ │ └── flux-sync.yaml │ ├── productivity │ │ ├── kustomization.yaml │ │ ├── linkwarden │ │ │ ├── app │ │ │ │ ├── database.yaml │ │ │ │ ├── external-secret.yaml │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── persistent-volume-claim.yaml │ │ │ │ ├── replication-destination.yaml │ │ │ │ ├── replication-source.yaml │ │ │ │ └── secret.sops.yaml │ │ │ └── flux-sync.yaml │ │ ├── namespace.yaml │ │ ├── scanservjs │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── persistent-volume-claim.yaml │ │ │ │ ├── persistent-volume.yaml │ │ │ │ └── storage-class.yaml │ │ │ └── flux-sync.yaml │ │ └── syncthing │ │ │ ├── app │ │ │ ├── helm-release.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── persistent-volume-claim.yaml │ │ │ ├── persistent-volume.yaml │ │ │ ├── replication-destination.yaml │ │ │ ├── replication-source.yaml │ │ │ ├── secret.sops.yaml │ │ │ └── storage-class.yaml │ │ │ └── flux-sync.yaml │ ├── rook-ceph │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── rook-ceph │ │ │ ├── cluster │ │ │ ├── helm-release.yaml │ │ │ └── kustomization.yaml │ │ │ ├── flux-sync.yaml │ │ │ └── operator │ │ │ ├── helm-release.yaml │ │ │ └── kustomization.yaml │ ├── secops │ │ ├── external-secrets │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── flux-sync.yaml │ │ │ └── stores │ │ │ │ ├── cluster-secret-store.yaml │ │ │ │ └── kustomization.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── vault-auth.yaml │ ├── system-upgrade │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── system-upgrade-controller │ │ │ ├── app │ │ │ ├── helm-release.yaml │ │ │ ├── kustomization.yaml │ │ │ └── rbac.yaml │ │ │ ├── flux-sync.yaml │ │ │ └── plans │ │ │ ├── kubernetes.yaml │ │ │ ├── kustomization.yaml │ │ │ └── talos.yaml │ ├── traefik-ingress │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── traefik │ │ │ ├── app │ │ │ ├── helm-release.yaml │ │ │ ├── ingress.yaml │ │ │ └── kustomization.yaml │ │ │ ├── flux-sync.yaml │ │ │ └── forward-auth │ │ │ ├── helm-release.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── middleware.yaml │ │ │ └── secret.sops.yaml │ ├── voice-assistant │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── piper │ │ │ ├── app │ │ │ │ ├── helm-release.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── flux-sync.yaml │ │ └── whisper │ │ │ ├── app │ │ │ ├── helm-release.yaml │ │ │ └── kustomization.yaml │ │ │ └── flux-sync.yaml │ └── windmill │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── windmill │ │ ├── app │ │ ├── README.md │ │ ├── database.yaml │ │ ├── external-secret.yaml │ │ ├── helm-release.yaml │ │ ├── helm-repository.yaml │ │ └── kustomization.yaml │ │ └── flux-sync.yaml │ ├── bootstrap │ ├── README.md │ ├── cilium │ │ ├── kustomization.yaml │ │ └── values.yaml │ ├── coredns │ │ ├── kustomization.yaml │ │ └── values.yaml │ ├── flux-sync.yaml │ ├── kustomization.yaml │ └── metrics-server │ │ ├── kustomization.yaml │ │ └── values.yaml │ └── flux │ ├── README.md │ ├── config │ ├── cluster-secrets.sops.yaml │ ├── cluster-settings.yaml │ └── sops-age.sops.yaml │ ├── flux-sync.yaml │ └── kustomization.yaml └── scripts └── backstage-helper └── main.mjs /.backstage/components/dbman/docs/index.md: -------------------------------------------------------------------------------- 1 | # dbman 2 | 3 | ## import existing database 4 | 5 | connect with superuser to db. 6 | 7 | add a comment to role 8 | 9 | ```shell 10 | COMMENT ON ROLE hass IS '{"heritage":"dbman","resource":"hass","namespace":"home-automation"}'; 11 | ``` 12 | 13 | add a comment to database 14 | 15 | ```shell 16 | COMMENT ON DATABASE hass IS '{"heritage":"dbman","resource":"hass","namespace":"home-automation"}'; 17 | ``` 18 | 19 | check for existing comments 20 | 21 | ```shell 22 | \l+ 23 | \du+ 24 | ``` 25 | 26 | remove comment 27 | 28 | ```shell 29 | COMMENT ON DATABASE hass IS NULL; 30 | ``` 31 | -------------------------------------------------------------------------------- /.backstage/components/dbman/mkdocs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | site_name: dbman 3 | nav: 4 | - Home: index.md 5 | 6 | plugins: 7 | - techdocs-core 8 | -------------------------------------------------------------------------------- /.backstage/components/node-red/docs/index.md: -------------------------------------------------------------------------------- 1 | # node-red 2 | 3 | At this point we collect all general information about node red 4 | 5 | ## Usage 6 | 7 | We use node-red for event based automation workflows for home-automation. 8 | -------------------------------------------------------------------------------- /.backstage/components/node-red/mkdocs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | site_name: node-red 3 | site_description: all information about node-red based automations on the homelab 4 | 5 | nav: 6 | - Overview: index.md 7 | - Flows: 8 | - office: flows/office.md 9 | - basement: flows/basement.md 10 | 11 | plugins: 12 | - techdocs-core 13 | -------------------------------------------------------------------------------- /.backstage/components/rook-ceph/mkdocs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | site_name: rook-ceph 3 | nav: 4 | - Home: index.md 5 | - Runnbooks: 6 | - CephPGsDamaged: runbooks/ceph-pgs-damaged.md 7 | - CephHealthError: runbooks/ceph-health-error.md 8 | 9 | plugins: 10 | - techdocs-core 11 | -------------------------------------------------------------------------------- /.backstage/domains/home/catalog-info.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/catalog-info.json 3 | apiVersion: backstage.io/v1alpha1 4 | kind: Domain 5 | metadata: 6 | name: home 7 | description: my home 8 | spec: 9 | owner: home-ops 10 | -------------------------------------------------------------------------------- /.backstage/systems/mqtt.home/catalog-info.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/catalog-info.json 3 | apiVersion: backstage.io/v1alpha1 4 | kind: System 5 | metadata: 6 | name: mqtt.home 7 | description: raspberry pi mosquitto mqtt broker 8 | annotations: 9 | # backstage.io/techdocs-ref: dir:. 10 | github.com/project-slug: tyriis/home-ops 11 | tags: 12 | - raspberry-pi 13 | - messaging 14 | - iot 15 | - mqtt 16 | spec: 17 | owner: home-ops 18 | domain: home 19 | type: infrastructure 20 | lifecycle: production 21 | system: mqtt-broker 22 | -------------------------------------------------------------------------------- /.backstage/systems/talos-flux/catalog-info.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/catalog-info.json 3 | apiVersion: backstage.io/v1alpha1 4 | kind: System 5 | metadata: 6 | name: talos-flux 7 | description: kubernetes cluster hosted in my bassement 8 | annotations: 9 | backstage.io/techdocs-ref: dir:. 10 | github.com/project-slug: tyriis/home-ops 11 | links: 12 | - url: https://github.com/tyriis/home-ops 13 | title: home-ops 14 | icon: github 15 | type: github-repository 16 | tags: 17 | - k8s 18 | - talos 19 | - flux 20 | spec: 21 | owner: home-ops 22 | domain: home 23 | -------------------------------------------------------------------------------- /.backstage/systems/zigbee-bridge/catalog-info.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/catalog-info.json 3 | apiVersion: backstage.io/v1alpha1 4 | kind: System 5 | metadata: 6 | name: zigbee-bridge 7 | description: raspberry pi 2 zigbee-bridge 8 | annotations: 9 | # backstage.io/techdocs-ref: dir:. 10 | github.com/project-slug: tyriis/home-ops 11 | tags: 12 | - raspberry-pi 13 | - zigbee 14 | - bridge 15 | spec: 16 | owner: home-ops 17 | domain: home 18 | type: infrastructure 19 | lifecycle: production 20 | system: zigbee-bridge 21 | -------------------------------------------------------------------------------- /.cursorignore: -------------------------------------------------------------------------------- 1 | # vscode-sops 2 | .decrypted~*.yaml 3 | *.agekey 4 | 5 | # Env files 6 | *.envrc 7 | *.env 8 | 9 | # .tfstate files 10 | *.tfstate 11 | *.tfstate.* 12 | 13 | # Exclude all .tfvars files, which are likely to contain sentitive data, such as 14 | # password, private keys, and other secrets. These should not be part of version 15 | # control as they are data points which are potentially sensitive and subject 16 | # to change depending on the environment. 17 | # 18 | *.tfvars 19 | 20 | # exclude talhelper generated files as they contain secrets 21 | infra/talos/clusterconfig/*.yaml 22 | infra/talos/clusterconfig/talosconfig 23 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | # Editor configuration, see http://editorconfig.org 2 | root = true 3 | 4 | [*] 5 | charset = utf-8 6 | indent_style = space 7 | indent_size = 2 8 | insert_final_newline = true 9 | trim_trailing_whitespace = true 10 | 11 | [*.md] 12 | max_line_length = off 13 | trim_trailing_whitespace = false 14 | 15 | [Makefile] 16 | indent_style = tab 17 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | * text=auto eol=lf 2 | *.env linguist-detectable linguist-language=SHELL 3 | *.json linguist-detectable linguist-language=JSON 4 | *.json5 linguist-detectable linguist-language=JSON5 5 | *.md linguist-detectable linguist-language=MARKDOWN 6 | *.sh linguist-detectable linguist-language=SHELL 7 | *.toml linguist-detectable linguist-language=TOML 8 | *.yml linguist-detectable linguist-language=YAML 9 | *.yaml linguist-detectable linguist-language=YAML 10 | -------------------------------------------------------------------------------- /.github/actionlint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | self-hosted-runner: 3 | labels: 4 | - arc-runner-set-home-ops 5 | -------------------------------------------------------------------------------- /.github/renovate-bot.json5: -------------------------------------------------------------------------------- 1 | { 2 | $schema: "https://docs.renovatebot.com/renovate-schema.json", 3 | username: "tyriis-automation[bot]", 4 | gitAuthor: "tyriis-automation <133711747+tyriis-automation[bot]@users.noreply.github.com>", 5 | platform: "github", 6 | platformCommit: "enabled", 7 | repositories: ["tyriis/home-ops"], 8 | } 9 | -------------------------------------------------------------------------------- /.gitleaksignore: -------------------------------------------------------------------------------- 1 | d518055fb132ca94988fc1e117c804881cfabe0d:cluster/apps/secops/vault/configure-oidc.yaml:generic-api-key:4 2 | d518055fb132ca94988fc1e117c804881cfabe0d:cluster/apps/secops/vault/configure-oidc.yaml:generic-api-key:44 3 | bc59aa503eef55651de6262404967b126faa963e:cluster/apps/secops/vaultwarden/helm-release.yaml:hashicorp-tf-password:51 4 | 885eacca31b4c2f5c5e660cbc178083dac7bcc2b:kubernetes/talos-flux/apps/observability/loki/app/helm-release.yaml:generic-api-key:153 5 | -------------------------------------------------------------------------------- /.prettierignore: -------------------------------------------------------------------------------- 1 | *.sops.* 2 | gotk-components.yaml 3 | **/.terraform/** 4 | terraform.tfstate* 5 | -------------------------------------------------------------------------------- /.prettierrc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/prettierrc.json 3 | trailingComma: "es5" 4 | tabWidth: 2 5 | semi: false 6 | singleQuote: false 7 | -------------------------------------------------------------------------------- /.taskfiles/backstage/Taskfile.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/taskfile.json 3 | version: "3" 4 | 5 | tasks: 6 | build: 7 | desc: build backstage components 8 | cmds: 9 | - npx --yes zx --install scripts/backstage-helper/main.mjs 10 | -------------------------------------------------------------------------------- /.taskfiles/pre-commit/Taskfile.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/taskfile.json 3 | version: "3" 4 | 5 | tasks: 6 | init: 7 | desc: Initialize pre-commit hooks 8 | cmds: 9 | - pre-commit install --install-hooks 10 | run: 11 | desc: Run pre-commit 12 | cmds: 13 | - pre-commit run --all-files 14 | -------------------------------------------------------------------------------- /.taskfiles/rook-ceph/Taskfile.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/taskfile.json 3 | version: "3" 4 | 5 | tasks: 6 | get-password: 7 | desc: Get rook-ceph password 8 | cmds: 9 | - |- 10 | kubectl get secret rook-ceph-dashboard-password \ 11 | -n rook-ceph \ 12 | -o jsonpath="{['data']['password']}" | \ 13 | base64 --decode && \ 14 | echo 15 | -------------------------------------------------------------------------------- /.terraform-docs.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | formatter: markdown 3 | header-from: main.tf 4 | 5 | sections: 6 | hide-all: false 7 | hide: [] 8 | show-all: true 9 | show: [] 10 | 11 | output: 12 | file: "README.md" 13 | mode: inject 14 | template: |- 15 | 16 | {{ .Content }} 17 | 18 | check: false 19 | 20 | output-values: 21 | enabled: false 22 | from: "" 23 | 24 | sort: 25 | enabled: true 26 | by: required 27 | 28 | settings: 29 | anchor: true 30 | color: true 31 | default: true 32 | escape: true 33 | indent: 3 34 | required: true 35 | sensitive: true 36 | type: true 37 | -------------------------------------------------------------------------------- /.tflint.hcl: -------------------------------------------------------------------------------- 1 | config { 2 | force = false 3 | disabled_by_default = false 4 | } 5 | 6 | # terraform_module_pinned_source rule is enabled by default and can be configured with the following parameters: 7 | # - style: "flexible" (default) or "strict" 8 | # - default_branches: ["main", "master", "default", "develop"] (default) 9 | rule "terraform_module_pinned_source" { 10 | enabled = true 11 | style = "flexible" 12 | default_branches = ["main", "master", "default", "develop"] 13 | } 14 | -------------------------------------------------------------------------------- /.trivyignore.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | misconfigurations: 3 | [] 4 | # # https://avd.aquasec.com/misconfig/kubernetes/general/avd-ksv-0048/ 5 | # # check if this can be improved 6 | # - id: AVD-KSV-0048 # Deny Create Update Malicious Pod 7 | # paths: 8 | # - database/dragonfly/operator/rbac.yaml 9 | # # https://avd.aquasec.com/misconfig/kubernetes/general/avd-ksv-0056/ 10 | # # check if this can be improved 11 | # - id: AVD-KSV-0056 # No Manage Networking Resources 12 | # paths: 13 | # - database/dragonfly/operator/rbac.yaml 14 | -------------------------------------------------------------------------------- /devenv/README.md: -------------------------------------------------------------------------------- 1 | # Home Ops Devenv 2 | 3 | ## Getting started 4 | 5 | to start devenv, run 6 | 7 | ```shell 8 | task devenv:setup 9 | ``` 10 | 11 | ## Usage 12 | 13 | to test stuff simply copy the app to devenv/oci/apps, adjust flux-sync.yaml to oci devenv and sync. 14 | 15 | ```shell 16 | task devenv:sync 17 | ``` 18 | -------------------------------------------------------------------------------- /devenv/infra/kind/locals.tf: -------------------------------------------------------------------------------- 1 | # -------------------------------------------------------------------------------- 2 | # CONFIGURE LOCALS 3 | # -------------------------------------------------------------------------------- 4 | 5 | locals { 6 | kubeconfig_path = pathexpand("~/.kube/config") 7 | devenv_name = "homeops-devenv" 8 | registry_name = "homeops-kind-registry" 9 | registry_port = "5050" 10 | registry_internal_port = "5000" 11 | registry_docker_image = "registry:2.8.3" 12 | } 13 | -------------------------------------------------------------------------------- /devenv/infra/kind/providers.tf: -------------------------------------------------------------------------------- 1 | # -------------------------------------------------------------------------------- 2 | # CONFIGURE PROVIDERS 3 | # -------------------------------------------------------------------------------- 4 | 5 | provider "kind" {} 6 | 7 | provider "docker" { 8 | host = "unix:///var/run/docker.sock" 9 | } 10 | -------------------------------------------------------------------------------- /devenv/oci/apps/cert-manager/cert-manager/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /devenv/oci/apps/cert-manager/cert-manager/issuers/cluster-issuer-selfsigned.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: ClusterIssuer 4 | metadata: 5 | name: self-signed 6 | spec: 7 | selfSigned: {} 8 | -------------------------------------------------------------------------------- /devenv/oci/apps/cert-manager/cert-manager/issuers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - cluster-issuer-selfsigned.yaml 6 | -------------------------------------------------------------------------------- /devenv/oci/apps/cert-manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./namespace.yaml 6 | - ./cert-manager/flux-sync.yaml 7 | -------------------------------------------------------------------------------- /devenv/oci/apps/cert-manager/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: cert-manager 7 | -------------------------------------------------------------------------------- /devenv/oci/apps/flux-system/flux-operator/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - oci-repository.yaml 7 | - helm-release.yaml 8 | -------------------------------------------------------------------------------- /devenv/oci/apps/flux-system/flux-operator/app/oci-repository.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: OCIRepository 5 | metadata: 6 | name: flux-operator 7 | spec: 8 | interval: 15m 9 | layerSelector: 10 | mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip 11 | operation: copy 12 | url: oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator 13 | ref: 14 | tag: 0.22.0 15 | verify: 16 | provider: cosign 17 | -------------------------------------------------------------------------------- /devenv/oci/apps/flux-system/flux-operator/instance/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - flux-instance.yaml 7 | -------------------------------------------------------------------------------- /devenv/oci/apps/flux-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./flux-operator/flux-sync.yaml 8 | -------------------------------------------------------------------------------- /devenv/oci/apps/flux-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: flux-system 7 | -------------------------------------------------------------------------------- /devenv/oci/apps/ingress-nginx/ingress-nginx/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helm-release.yaml 6 | -------------------------------------------------------------------------------- /devenv/oci/apps/ingress-nginx/ingress-nginx/flux-sync.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: apps-ingress-nginx 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: ingress-nginx 10 | path: ./devenv/oci/apps/ingress-nginx/ingress-nginx/app 11 | prune: true 12 | sourceRef: 13 | kind: OCIRepository 14 | name: homeops-devenv 15 | wait: true 16 | interval: 15m 17 | retryInterval: 5s 18 | timeout: 5m 19 | -------------------------------------------------------------------------------- /devenv/oci/apps/ingress-nginx/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./namespace.yaml 6 | - ./ingress-nginx/flux-sync.yaml 7 | -------------------------------------------------------------------------------- /devenv/oci/apps/ingress-nginx/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: ingress-nginx 7 | -------------------------------------------------------------------------------- /devenv/oci/apps/kube-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./metrics-server/flux-sync.yaml 8 | -------------------------------------------------------------------------------- /devenv/oci/apps/kube-system/metrics-server/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /devenv/oci/apps/kube-system/metrics-server/flux-sync.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: apps-metrics-server 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: kube-system 10 | path: ./devenv/oci/apps/kube-system/metrics-server/app 11 | prune: true 12 | sourceRef: 13 | kind: OCIRepository 14 | name: homeops-devenv 15 | wait: true 16 | interval: 15m 17 | retryInterval: 5s 18 | timeout: 5m 19 | -------------------------------------------------------------------------------- /devenv/oci/apps/kube-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: kube-system 7 | -------------------------------------------------------------------------------- /devenv/oci/apps/kube-tools/i-see-dead-pods/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - rbac.yaml 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /devenv/oci/apps/kube-tools/i-see-dead-pods/app/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: system:i-see-dead-pods 6 | rules: 7 | - apiGroups: [""] 8 | resources: ["pods"] 9 | verbs: ["list", "get", "delete"] 10 | 11 | --- 12 | kind: ClusterRoleBinding 13 | apiVersion: rbac.authorization.k8s.io/v1 14 | metadata: 15 | name: system:i-see-dead-pods 16 | roleRef: 17 | apiGroup: rbac.authorization.k8s.io 18 | kind: ClusterRole 19 | name: system:i-see-dead-pods 20 | subjects: 21 | - kind: ServiceAccount 22 | name: i-see-dead-pods 23 | namespace: kube-tools 24 | -------------------------------------------------------------------------------- /devenv/oci/apps/kube-tools/i-see-dead-pods/flux-sync.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: apps-i-see-dead-pods 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: kube-tools 10 | path: ./devenv/oci/apps/kube-tools/i-see-dead-pods/app 11 | prune: true 12 | sourceRef: 13 | kind: OCIRepository 14 | name: homeops-devenv 15 | wait: true 16 | interval: 15m 17 | retryInterval: 5s 18 | timeout: 5m 19 | -------------------------------------------------------------------------------- /devenv/oci/apps/kube-tools/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./namespace.yaml 6 | - ./i-see-dead-pods/flux-sync.yaml 7 | - ./reloader/flux-sync.yaml 8 | -------------------------------------------------------------------------------- /devenv/oci/apps/kube-tools/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: kube-tools 7 | -------------------------------------------------------------------------------- /devenv/oci/apps/kube-tools/reloader/app/helm-values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: reloader 7 | spec: 8 | interval: 15m 9 | install: 10 | remediation: 11 | retries: 5 12 | uninstall: 13 | keepHistory: false 14 | # https://artifacthub.io/packages/helm/stakater/reloader?modal=values 15 | values: 16 | replicas: 1 17 | -------------------------------------------------------------------------------- /devenv/oci/apps/kube-tools/reloader/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ../../../../../../kubernetes/talos-flux/apps/kube-tools/reloader/app/helm-release.yaml 6 | patches: 7 | - path: helm-values.yaml 8 | -------------------------------------------------------------------------------- /devenv/oci/apps/kube-tools/reloader/flux-sync.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: apps-reloader 6 | namespace: flux-system 7 | spec: 8 | targetNamespace: kube-tools 9 | path: ./devenv/oci/apps/kube-tools/reloader/app 10 | prune: true 11 | sourceRef: 12 | kind: OCIRepository 13 | name: homeops-devenv 14 | wait: true 15 | interval: 15m 16 | retryInterval: 5s 17 | timeout: 5m 18 | -------------------------------------------------------------------------------- /devenv/oci/flux/config/cluster-settings.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: cluster-settings 6 | namespace: flux-system 7 | data: 8 | SETTING_CLUSTERNAME: homeops-devenv 9 | SETTING_TZ: Europe/Vienna 10 | -------------------------------------------------------------------------------- /devenv/oci/flux/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: flux-system 5 | resources: 6 | - config/cluster-settings.yaml 7 | - flux-sync.yaml 8 | -------------------------------------------------------------------------------- /devenv/oci/registry-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # only applied once during bootstrap 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: local-registry-hosting 7 | namespace: kube-public 8 | data: 9 | localRegistryHosting.v1: | 10 | host: "localhost:5050" 11 | hostFromContainerRuntime: "homeops-kind-registry:5000" 12 | hostFromClusterNetwork: "homeops-kind-registry:5000" 13 | help: "https://kind.sigs.k8s.io/docs/user/local-registry/" 14 | -------------------------------------------------------------------------------- /infra/nixos/home-manager/desktop/discord.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | { 3 | home.packages = with pkgs; [ 4 | # discord 5 | # screensharing not working on wayland, workaround 6 | vesktop 7 | ]; 8 | } 9 | -------------------------------------------------------------------------------- /infra/nixos/home-manager/desktop/file-explorer.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | { 3 | home.packages = with pkgs; [ 4 | xfce.thunar 5 | ]; 6 | } 7 | -------------------------------------------------------------------------------- /infra/nixos/home-manager/desktop/google-chrome.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | { 3 | home.packages = with pkgs; [ 4 | unstable.google-chrome 5 | ]; 6 | } 7 | -------------------------------------------------------------------------------- /infra/nixos/home-manager/desktop/kitty.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | { 3 | home.packages = with pkgs; [ 4 | # wayland terminal emulator 5 | kitty 6 | ]; 7 | } 8 | -------------------------------------------------------------------------------- /infra/nixos/home-manager/desktop/spotify.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | { 3 | home.packages = with pkgs; [ 4 | spotify 5 | ]; 6 | } 7 | -------------------------------------------------------------------------------- /infra/nixos/home-manager/desktop/vscode.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | { 3 | home.packages = with pkgs; [ 4 | unstable.vscode 5 | ]; 6 | } 7 | -------------------------------------------------------------------------------- /infra/nixos/home-manager/devops/development.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | { 3 | home.packages = with pkgs; [ 4 | # google zx scripting library for node 5 | nodePackages.zx 6 | # load .envrc files in folder tree 7 | direnv 8 | # mise a modern development environment manager 9 | mise 10 | ]; 11 | } 12 | -------------------------------------------------------------------------------- /infra/nixos/home-manager/devops/kubernetes.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | { 3 | home.packages = with pkgs; [ 4 | fluxcd 5 | kubectl 6 | kubectl-view-allocations 7 | kubectl-view-secret 8 | pkgs.unstable.kubecolor 9 | kubernetes-helm 10 | kustomize 11 | k9s 12 | ]; 13 | } 14 | -------------------------------------------------------------------------------- /infra/nixos/modules/ags.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: 2 | { 3 | environment.systemPackages = with pkgs; [ 4 | ags 5 | gnome.adwaita-icon-theme 6 | 7 | gtksourceview 8 | webkitgtk 9 | accountsservice 10 | ]; 11 | nixpkgs.overlays = [ 12 | (final: prev: { 13 | ags = prev.ags.overrideAttrs (old: { 14 | buildInputs = old.buildInputs ++ [ pkgs.libdbusmenu-gtk3 pkgs.gtk3 ]; 15 | }); 16 | }) 17 | ]; 18 | services.upower.enable = true; 19 | 20 | } 21 | -------------------------------------------------------------------------------- /infra/nixos/modules/docker.nix: -------------------------------------------------------------------------------- 1 | { 2 | # Enable docker 3 | virtualisation.docker.enable = true; 4 | } 5 | -------------------------------------------------------------------------------- /infra/nixos/modules/gnome-keyring.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: 2 | { 3 | # Enable gnome keyring. 4 | services.gnome.gnome-keyring.enable = true; 5 | # security.pam.services.lightdm.enableGnomeKeyring = true; 6 | # switch to wayland and greetd 7 | security.pam.services.greetd.enableGnomeKeyring = true; 8 | 9 | # Use Seahorse (GNOME Keyring GUI) 10 | environment.systemPackages = [ 11 | pkgs.gnome.seahorse 12 | pkgs.libsecret 13 | ]; 14 | } 15 | -------------------------------------------------------------------------------- /infra/nixos/modules/neovim.nix: -------------------------------------------------------------------------------- 1 | { 2 | # Enable neovim as default editor. 3 | programs.neovim.enable = true; 4 | programs.neovim.defaultEditor = true; 5 | programs.neovim.vimAlias = true; 6 | programs.neovim.viAlias = true; 7 | } 8 | -------------------------------------------------------------------------------- /infra/nixos/modules/openssh.nix: -------------------------------------------------------------------------------- 1 | { 2 | # Enable the OpenSSH daemon. 3 | services.openssh = { 4 | enable = true; 5 | settings = { 6 | X11Forwarding = true; 7 | PermitRootLogin = "no"; 8 | PasswordAuthentication = false; 9 | }; 10 | openFirewall = true; 11 | }; 12 | 13 | # Start the SSH Agent at login. 14 | programs.ssh.startAgent = true; 15 | } 16 | -------------------------------------------------------------------------------- /infra/nixos/modules/plasma.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: 2 | { 3 | # Enable KDE Plasma 4 | services.xserver = { 5 | enable = true; 6 | xkb.layout = "de"; 7 | }; 8 | 9 | services.desktopManager.plasma6.enable = true; 10 | 11 | # Enable Wayland for SDDM 12 | services.displayManager.sddm.wayland.enable = true; 13 | 14 | environment.systemPackages = with pkgs; [ 15 | libsForQt5.plasma-wayland-protocols 16 | # required for kwallet to generate gpg key with passphrase 17 | pinentry 18 | ]; 19 | 20 | # Optional: If you want to use the same layout in the console 21 | console.useXkbConfig = true; 22 | } 23 | -------------------------------------------------------------------------------- /infra/nixos/nfs-users.nix: -------------------------------------------------------------------------------- 1 | { pkgs, config, ... }: 2 | 3 | { 4 | users.users.alex = { 5 | uid = 1002; 6 | isNormalUser = true; 7 | createHome = false; 8 | }; 9 | 10 | users.users.dominik = { 11 | uid = 1003; 12 | isNormalUser = true; 13 | createHome = false; 14 | }; 15 | 16 | users.users.kube = { 17 | uid = 1004; 18 | isNormalUser = true; 19 | createHome = false; 20 | }; 21 | } 22 | -------------------------------------------------------------------------------- /infra/talos/clusterconfig/.gitignore: -------------------------------------------------------------------------------- 1 | talos-flux-talos01.yaml 2 | talosconfig 3 | talos-flux-talos06.yaml 4 | talos-flux-talos04.yaml 5 | talos-flux-talos05.yaml 6 | talos-flux-talos07.yaml 7 | talos-flux-talos02.yaml 8 | talos-flux-talos03.yaml 9 | -------------------------------------------------------------------------------- /infra/terraform/cloudflare/providers.tf: -------------------------------------------------------------------------------- 1 | provider "cloudflare" { 2 | email = data.sops_file.secrets.data["cloudflare_email"] 3 | api_key = data.sops_file.secrets.data["cloudflare_apikey"] 4 | } 5 | -------------------------------------------------------------------------------- /infra/terraform/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = "<= 1.11.4" 3 | required_providers { 4 | cloudflare = { 5 | source = "cloudflare/cloudflare" 6 | version = "4.52.0" 7 | } 8 | http = { 9 | source = "hashicorp/http" 10 | version = "3.5.0" 11 | } 12 | sops = { 13 | source = "carlpett/sops" 14 | version = "1.2.0" 15 | } 16 | } 17 | } 18 | 19 | module "cloudflare" { 20 | source = "./cloudflare" 21 | } 22 | -------------------------------------------------------------------------------- /kubernetes/base/apps/atlantis/scripts/allow_list.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ALLOWLIST_FILE="/etc/atlantis/allowlist.txt" 4 | 5 | if [ ! -f "$ALLOWLIST_FILE" ]; then 6 | echo "Nobody is allowed to run atlantis (missing allowlist)." 7 | exit 1 8 | fi 9 | 10 | if grep -Fxq "$USER_NAME" "$ALLOWLIST_FILE" 11 | then 12 | echo "$USER_NAME is allowed to run atlantis." 13 | exit 0 14 | else 15 | echo "$USER_NAME is not allowed to run atlantis." 16 | exit 1 17 | fi 18 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/git/dragonfly-operator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/gitrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: GitRepository 5 | metadata: 6 | name: dragonfly-operator 7 | namespace: flux-system 8 | spec: 9 | interval: 12h 10 | url: https://github.com/dragonflydb/dragonfly-operator.git 11 | ref: 12 | tag: v1.1.11 13 | ignore: | 14 | # exclude all 15 | /* 16 | # include deploy crd file only 17 | !/manifests/crd.yaml 18 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/git/home-ops.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/gitrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: GitRepository 5 | metadata: 6 | name: home-ops 7 | namespace: flux-system 8 | spec: 9 | # as we use webhooks, this does not need to be aggressive 10 | interval: 2h 11 | url: https://github.com/tyriis/home-ops.git 12 | ref: 13 | branch: main 14 | ignore: | 15 | # exclude all 16 | /* 17 | # include kubernetes directory only 18 | !/kubernetes 19 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/actions-runner-controller-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: actions-runner-controller-charts 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 1h 11 | timeout: 3m 12 | url: oci://ghcr.io/actions/actions-runner-controller-charts 13 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/argo-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: argo-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://argoproj.github.io/argo-helm 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/backube-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: backube-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://backube.github.io/helm-charts/ 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/bitnami-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: bitnami-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://charts.bitnami.com/bitnami 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/bjw-s-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: bjw-s-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://bjw-s-labs.github.io/helm-charts/ 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/botkube-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: botkube-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://charts.botkube.io/ 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/bunkerweb-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: bunkerweb-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://repo.bunkerweb.io/charts 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/cdfoundation-tekton-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: cdfoundation-tekton-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://cdfoundation.github.io/tekton-helm-chart/ 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/cilium-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: cilium-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://helm.cilium.io 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/cloudnative-pg-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: cloudnative-pg-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://cloudnative-pg.github.io/charts 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/coredns-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: coredns-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://coredns.github.io/helm 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/csi-driver-nfs-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: csi-driver-nfs-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/dbman-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: dbman-charts 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 1h 11 | timeout: 3m 12 | url: oci://ghcr.io/hef/charts 13 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/democratic-csi-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: democratic-csi-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://democratic-csi.github.io/charts/ 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/emqx-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: emqx-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://repos.emqx.io/charts 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/external-dns-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: external-dns-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://kubernetes-sigs.github.io/external-dns 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/external-secrets-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: external-secrets-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://charts.external-secrets.io 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/fairwinds-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: fairwinds-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://charts.fairwinds.com/stable 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/flux-iac-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: flux-iac-charts 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 1h 11 | timeout: 3m 12 | url: oci://ghcr.io/flux-iac/charts 13 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/flux-operator-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: flux-operator-charts 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 1h 11 | timeout: 3m 12 | url: oci://ghcr.io/controlplaneio-fluxcd/charts 13 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/grafana-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: grafana-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://grafana.github.io/helm-charts 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/hajimari-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: hajimari-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://hajimari.io 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/harbor-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: harbor-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://helm.goharbor.io 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/hashicorp-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: hashicorp-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://helm.releases.hashicorp.com 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/ingress-nginx-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: ingress-nginx-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://kubernetes.github.io/ingress-nginx 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/jetstack-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: jetstack-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://charts.jetstack.io/ 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/kyverno-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: kyverno-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://kyverno.github.io/kyverno/ 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/metallb-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: metallb-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://metallb.github.io/metallb 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/metrics-server-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: metrics-server-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://kubernetes-sigs.github.io/metrics-server 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/minecraft-server-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: minecraft-server-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://itzg.github.io/minecraft-server-charts/ 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/mirceanton-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: mirceanton-charts 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 1h 11 | timeout: 3m 12 | url: oci://ghcr.io/mirceanton/helm-charts 13 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/nfs-subdir-external-provisioner-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: nfs-subdir-external-provisioner-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/ 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/node-feature-discovery-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: node-feature-discovery-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://kubernetes-sigs.github.io/node-feature-discovery/charts 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/openbao-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: openbao-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://openbao.github.io/openbao-helm 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/openebs-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: openebs-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://openebs.github.io/openebs 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/piraeus-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: piraeus-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://piraeus.io/helm-charts/ 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/postfinance-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: postfinance-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://postfinance.github.io/kubelet-csr-approver 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/prometheus-community-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: prometheus-community-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://prometheus-community.github.io/helm-charts 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/rook-ceph-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: rook-ceph-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://charts.rook.io/release 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/runatlantis-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: runatlantis-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://runatlantis.github.io/helm-charts 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/stakater-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: stakater-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://stakater.github.io/stakater-charts 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/helm/traefik-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: traefik-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | timeout: 3m 11 | url: https://helm.traefik.io/traefik 12 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/oci/flux-manifests.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: OCIRepository 5 | metadata: 6 | name: flux-manifests 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | url: oci://ghcr.io/fluxcd/flux-manifests 11 | ref: 12 | # renovate: depName=fluxcd/flux2 datasource=github-releases 13 | tag: v2.6.1 14 | digest: sha256:3ad46381a9efb9e4ab491d76f3cc02389284ef38a7ecf3f5f3e3c186ded63255 15 | -------------------------------------------------------------------------------- /kubernetes/base/flux/repositories/oci/podinfo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: OCIRepository 5 | metadata: 6 | name: podinfo 7 | namespace: flux-system 8 | spec: 9 | interval: 1h 10 | url: oci://ghcr.io/stefanprodan/charts/podinfo 11 | ref: 12 | # renovate: depName=stefanprodan/podinfo datasource=github-releases 13 | tag: 6.8.0 14 | digest: sha256:2360bdf32ddc50c05f8e128118173343b0a012a338daf145b16e0da9c80081a4 15 | -------------------------------------------------------------------------------- /kubernetes/components/flux/alerts/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/component.json 3 | apiVersion: kustomize.config.k8s.io/v1alpha1 4 | kind: Component 5 | resources: 6 | - ./alert.yaml 7 | - ./provider.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/components/flux/alerts/provider.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/notification.toolkit.fluxcd.io/provider_v1beta3.json 3 | apiVersion: notification.toolkit.fluxcd.io/v1beta3 4 | kind: Provider 5 | metadata: 6 | name: alertmanager 7 | spec: 8 | type: alertmanager 9 | address: http://alertmanager.observability.svc.cluster.local:9093/api/v2/alerts/ #NOSONAR allow http 10 | -------------------------------------------------------------------------------- /kubernetes/components/flux/globals/talos-flux/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1alpha1 4 | kind: Component 5 | # This component is used to deploy the flux-config into the namespace 6 | resources: 7 | - ../../../../talos-flux/flux/config/cluster-secrets.sops.yaml 8 | - ../../../../talos-flux/flux/config/cluster-settings.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/components/gatus/external/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | endpoints: 3 | - name: ${APP} 4 | group: external 5 | url: https://${GATUS_SUBDOMAIN:=${APP}}.techtales.io${GATUS_PATH:=/} 6 | interval: 1m 7 | client: 8 | dns-resolver: tcp://1.1.1.1:53 9 | conditions: 10 | - "[STATUS] == ${GATUS_STATUS:=200}" 11 | -------------------------------------------------------------------------------- /kubernetes/components/gatus/external/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1alpha1 4 | kind: Component 5 | configMapGenerator: 6 | - name: ${APP}-gatus-config 7 | files: 8 | - config.yaml=./config.yaml 9 | options: 10 | labels: 11 | gatus.io/enabled: "true" 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/components/gatus/internal/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | endpoints: 3 | - name: ${APP} 4 | group: internal 5 | url: 1.1.1.1 6 | interval: 1m 7 | ui: 8 | hide-hostname: true 9 | hide-url: true 10 | dns: 11 | query-name: ${GATUS_SUBDOMAIN:=${APP}}.techtales.io 12 | query-type: A 13 | conditions: 14 | - "len([BODY]) == 0" 15 | -------------------------------------------------------------------------------- /kubernetes/components/gatus/internal/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1alpha1 4 | kind: Component 5 | configMapGenerator: 6 | - name: ${APP}-gatus-config 7 | files: 8 | - config.yaml=./config.yaml 9 | options: 10 | labels: 11 | gatus.io/enabled: "true" 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/components/gatus/minecraft/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | endpoints: 3 | - name: ${APP} 4 | group: minecraft 5 | url: tcp://${SERVICE}.${NAMESPACE}.svc.cluster.local:25565 6 | interval: 1m 7 | ui: 8 | hide-hostname: true 9 | hide-url: true 10 | conditions: 11 | - "[CONNECTED] == true" # Validates TCP connection success 12 | - "[RESPONSE_TIME] < 500" # Optional: Alert if latency exceeds 500ms 13 | -------------------------------------------------------------------------------- /kubernetes/components/gatus/minecraft/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1alpha1 4 | kind: Component 5 | configMapGenerator: 6 | - name: ${APP}-gatus-config 7 | files: 8 | - config.yaml=./config.yaml 9 | options: 10 | labels: 11 | gatus.io/enabled: "true" 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/components/sops/kube-nas/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1alpha1 4 | kind: Component 5 | # This component is used to deploy the flux-config into the namespace 6 | resources: 7 | - ../../../kube-nas/flux/config/sops-age.sops.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/components/sops/talos-flux/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1alpha1 4 | kind: Component 5 | # This component is used to deploy the flux-config into the namespace 6 | resources: 7 | - ../../../talos-flux/flux/config/sops-age.sops.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/README.md: -------------------------------------------------------------------------------- 1 | # TODO 2 | 3 | - [x] setup and test pvc backup and restore 4 | - [ ] assure minio bucket exists before cnpg cluster bootstrap 5 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/auth-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: auth-system 6 | components: 7 | - ../../../components/sops/kube-nas 8 | - ../../../components/flux/alerts 9 | resources: 10 | - ./namespace.yaml 11 | - ./oauth2-proxy/flux-sync.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/auth-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: auth-system 7 | annotations: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/auth-system/oauth2-proxy/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - secrets.sops.yaml 7 | - helm-release.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/backup-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: backup-system 6 | components: 7 | - ../../../components/sops/kube-nas 8 | - ../../../components/flux/alerts 9 | resources: 10 | - ./namespace.yaml 11 | - ./snapshot-controller/flux-sync.yaml 12 | - ./volsync/flux-sync.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/backup-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: backup-system 7 | annotations: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/backup-system/snapshot-controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/backup-system/volsync/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/bunkerweb-ingress/bunkerweb/app/database.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: dbman.hef.sh/v1alpha3 3 | kind: Database 4 | metadata: 5 | name: bunkerweb 6 | spec: 7 | credentials: 8 | usernameSecretRef: 9 | name: bunkerweb-database 10 | key: POSTGRES_USER 11 | passwordSecretRef: 12 | name: bunkerweb-database 13 | key: POSTGRES_PASS 14 | databaseName: bunkerweb 15 | databaseServerRef: 16 | namespace: database-system 17 | name: nas-postgres17 18 | prune: false 19 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/bunkerweb-ingress/bunkerweb/app/ingress-class.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.k8s.io/v1 3 | kind: IngressClass 4 | metadata: 5 | name: bunkerweb 6 | spec: 7 | controller: bunkerweb.io/ingress-controller 8 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/bunkerweb-ingress/bunkerweb/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - database.yaml 7 | - secret.sops.yaml 8 | - rbac.yaml 9 | - helm-release.yaml 10 | - ingress-class.yaml 11 | - ingress.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/bunkerweb-ingress/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: bunkerweb-ingress 6 | components: 7 | - ../../../components/sops/kube-nas 8 | - ../../../components/flux/alerts 9 | resources: 10 | - ./namespace.yaml 11 | - ./bunkerweb/flux-sync.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/bunkerweb-ingress/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: bunkerweb-ingress 7 | annotations: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/cert-manager/cert-manager/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/cert-manager/cert-manager/issuers/cluster-issuer-self-signed.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/cert-manager.io/clusterissuer_v1.json 3 | apiVersion: cert-manager.io/v1 4 | kind: ClusterIssuer 5 | metadata: 6 | name: self-signed 7 | spec: 8 | selfSigned: {} 9 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/cert-manager/cert-manager/issuers/kustomize-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/cert-manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: cert-manager 6 | components: 7 | - ../../../components/sops/kube-nas 8 | - ../../../components/flux/alerts 9 | resources: 10 | - ./namespace.yaml 11 | - ./cert-manager/flux-sync.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/cert-manager/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: cert-manager 7 | annotations: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/database-system/cloudnative-pg/cluster/database-server.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: dbman.hef.sh/v1alpha2 3 | kind: DatabaseServer 4 | metadata: 5 | name: nas-postgres17 6 | spec: 7 | connString: "host=nas-postgres17-rw.database-system.svc.cluster.local" 8 | credentials: 9 | basicAuthSecretRef: postgres-superuser 10 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/database-system/cloudnative-pg/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - postgres-superuser-secret.sops.yaml 7 | - postgres-minio-secret.sops.yaml 8 | - cluster17.yaml 9 | - database-server.yaml 10 | - scheduled-backup.yaml 11 | labels: 12 | - pairs: 13 | app.kubernetes.io/name: cloudnative-pg-cluster 14 | app.kubernetes.io/instance: cloudnative-pg-cluster 15 | app.kubernetes.io/part-of: cloudnative-pg 16 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/database-system/cloudnative-pg/cluster/scheduled-backup.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/postgresql.cnpg.io/scheduledbackup_v1.json 3 | apiVersion: postgresql.cnpg.io/v1 4 | kind: ScheduledBackup 5 | metadata: 6 | name: nas-postgres17 7 | spec: 8 | schedule: "0 0 0 * * *" 9 | immediate: true 10 | backupOwnerReference: self 11 | cluster: 12 | name: nas-postgres17 13 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/database-system/cloudnative-pg/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/database-system/dbman/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/database-system/dragonfly/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | configMapGenerator: 8 | - name: dragonfly-cluster-helm-values 9 | files: 10 | - values.yaml=./crd/cluster.yaml 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | configurations: 14 | - kustomize-config.yaml 15 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/database-system/dragonfly/cluster/kustomize-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/database-system/dragonfly/observability/crd/pod-monitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/podmonitor_v1.json 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: PodMonitor 5 | metadata: 6 | name: dragonfly 7 | labels: 8 | app.kubernetes.io/name: dragonfly 9 | app.kubernetes.io/component: dragonfly-observability 10 | spec: 11 | selector: 12 | matchLabels: 13 | app: dragonfly 14 | podTargetLabels: ["app"] 15 | podMetricsEndpoints: 16 | - port: admin 17 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/database-system/dragonfly/observability/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | configMapGenerator: 8 | - name: dragonfly-observability-helm-values 9 | files: 10 | - values.yaml=./crd/pod-monitor.yaml 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | configurations: 14 | - kustomize-config.yaml 15 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/database-system/dragonfly/observability/kustomize-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/database-system/dragonfly/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - rbac.yaml 7 | - helm-release.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/database-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: database-system 6 | components: 7 | - ../../../components/sops/kube-nas 8 | - ../../../components/flux/alerts 9 | resources: 10 | - ./namespace.yaml 11 | - ../../../base/flux/repositories/git/dragonfly-operator.yaml 12 | - ./cloudnative-pg/flux-sync.yaml 13 | - ./dbman/flux-sync.yaml 14 | - ./dragonfly/flux-sync.yaml 15 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/database-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: database-system 7 | annotations: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/default/echo-server/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/default/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: default 6 | components: 7 | - ../../../components/sops/kube-nas 8 | - ../../../components/flux/alerts 9 | resources: 10 | - ./namespace.yaml 11 | - ./echo-server/flux-sync.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/default/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: default 7 | annotations: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/democratic-csi/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: democratic-csi 6 | components: 7 | - ../../../components/sops/kube-nas 8 | - ../../../components/flux/alerts 9 | resources: 10 | - ./namespace.yaml 11 | - ./local-hostpath/flux-sync.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/democratic-csi/local-hostpath/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/democratic-csi/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: democratic-csi 7 | annotations: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/flux-system/flux-operator/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./oci-repository.yaml 7 | - ./helm-release.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/flux-system/flux-operator/app/oci-repository.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: OCIRepository 5 | metadata: 6 | name: flux-operator 7 | spec: 8 | interval: 10m 9 | layerSelector: 10 | mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip 11 | operation: copy 12 | url: oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator 13 | ref: 14 | tag: 0.22.0 15 | verify: 16 | provider: cosign 17 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/flux-system/flux-operator/instance/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helm-release.yaml 7 | configMapGenerator: 8 | - name: flux-instance-crd 9 | files: 10 | - values.yaml=./flux-instance.yaml 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | configurations: 14 | - kustomize-config.yaml 15 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/flux-system/flux-operator/instance/kustomize-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/flux-system/flux/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - secret.sops.yaml 7 | - receiver.yaml 8 | - helm-release.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/flux-system/flux/webhook/receiver.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://github.com/fluxcd-community/flux2-schemas/raw/main/receiver-notification-v1.json 3 | apiVersion: notification.toolkit.fluxcd.io/v1 4 | kind: Receiver 5 | metadata: 6 | name: home-ops 7 | spec: 8 | type: github 9 | events: 10 | - ping 11 | - push 12 | secretRef: 13 | name: webhook-token 14 | resources: 15 | - kind: GitRepository 16 | name: home-ops 17 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/flux-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: flux-system 6 | components: 7 | - ../../../components/sops/kube-nas 8 | - ../../../components/flux/alerts 9 | resources: 10 | - ./namespace.yaml 11 | - ./flux-operator/flux-sync.yaml 12 | - ./flux/flux-sync.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/flux-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: flux-system 7 | annotations: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/ingress-nginx/ingress-nginx/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/ingress-nginx/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: ingress-nginx 6 | components: 7 | - ../../../components/sops/kube-nas 8 | - ../../../components/flux/alerts 9 | resources: 10 | - ./namespace.yaml 11 | - ./ingress-nginx/flux-sync.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/ingress-nginx/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: ingress-nginx 7 | annotations: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/kube-system/cilium/app/cilium-l2-announcement-policy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/cilium.io/ciliuml2announcementpolicy_v2alpha1.json 3 | apiVersion: cilium.io/v2alpha1 4 | kind: CiliumL2AnnouncementPolicy 5 | metadata: 6 | name: l2-policy 7 | spec: 8 | loadBalancerIPs: true 9 | interfaces: 10 | - ^enp[0-9]+ 11 | nodeSelector: 12 | matchLabels: 13 | kubernetes.io/os: linux 14 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/kube-system/cilium/app/cilium-load-balancer-ip-pool.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/cilium.io/ciliumloadbalancerippool_v2alpha1.json 3 | apiVersion: cilium.io/v2alpha1 4 | kind: CiliumLoadBalancerIPPool 5 | metadata: 6 | name: l2-pool 7 | spec: 8 | allowFirstLastIPs: "Yes" 9 | blocks: 10 | - start: 192.168.1.90 11 | stop: 192.168.1.91 12 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/kube-system/cilium/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | # as we need to bootstrap cilium it is fine to use crd before install 8 | - cilium-l2-announcement-policy.yaml 9 | - cilium-load-balancer-ip-pool.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/kube-system/coredns/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/kube-system/kubelet-csr-approver/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/kube-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-system 6 | components: 7 | - ../../../components/sops/kube-nas 8 | - ../../../components/flux/alerts 9 | resources: 10 | - ./namespace.yaml 11 | - ./cilium/flux-sync.yaml 12 | - ./coredns/flux-sync.yaml 13 | - ./kubelet-csr-approver/flux-sync.yaml 14 | - ./metrics-server/flux-sync.yaml 15 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/kube-system/metrics-server/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/kube-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: kube-system 7 | annotations: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/kube-tools/k8tz/app/helm-repository.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: k8tz 7 | spec: 8 | interval: 30m 9 | url: https://k8tz.github.io/k8tz/ 10 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/kube-tools/k8tz/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helm-repository.yaml 7 | - ./pki.yaml 8 | - ./helm-release.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/kube-tools/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-tools 6 | components: 7 | - ../../../components/sops/kube-nas 8 | - ../../../components/flux/alerts 9 | resources: 10 | - ./namespace.yaml 11 | - ./reloader/flux-sync.yaml 12 | - ./k8tz/flux-sync.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/kube-tools/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: kube-tools 7 | annotations: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/kube-tools/reloader/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/minio-system/README.md: -------------------------------------------------------------------------------- 1 | # minio-system 2 | 3 | As part of the critical infrastructure it is crucial to keep dependencies low for minio, therefore external secrets from within the cluster is not used 4 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/minio-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: minio-system 6 | components: 7 | - ../../../components/sops/kube-nas 8 | - ../../../components/flux/alerts 9 | resources: 10 | - ./namespace.yaml 11 | - ./minio/flux-sync.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/minio-system/minio/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - secrets.sops.yaml 7 | - helm-release.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/minio-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: minio-system 7 | annotations: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/networking/external-dns/cloudflare/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: networking 6 | resources: 7 | - external-secret.yaml 8 | - helm-release.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/networking/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: external-dns 6 | components: 7 | - ../../../components/sops/kube-nas 8 | - ../../../components/flux/alerts 9 | resources: 10 | - ./namespace.yaml 11 | - ./external-dns/flux-sync.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/networking/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: networking 7 | annotations: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/observability/kube-prometheus-stack/app/kustomize-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/observability/kube-prometheus-stack/rules/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: observability 6 | resources: 7 | - node-exporter/prometheus-rule.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/observability/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: observability 6 | components: 7 | - ../../../components/sops/kube-nas 8 | - ../../../components/flux/alerts 9 | resources: 10 | - ./namespace.yaml 11 | - ./kube-prometheus-stack/flux-sync.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/observability/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: observability 7 | annotations: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/oci-registry/harbor/app/database.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: dbman.hef.sh/v1alpha3 3 | kind: Database 4 | metadata: 5 | name: harbor 6 | spec: 7 | credentials: 8 | usernameSecretRef: 9 | name: harbor-postgres 10 | key: INIT_POSTGRES_USER 11 | passwordSecretRef: 12 | name: harbor-postgres 13 | key: INIT_POSTGRES_PASS 14 | databaseName: registry 15 | databaseServerRef: 16 | namespace: database-system 17 | name: nas-postgres17 18 | prune: false 19 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/oci-registry/harbor/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - secrets.sops.yaml 7 | - pvc.yaml 8 | - database.yaml 9 | - helm-release.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/oci-registry/harbor/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/persistentvolumeclaim-v1.json 3 | apiVersion: v1 4 | kind: PersistentVolumeClaim 5 | metadata: 6 | name: harbor-registry-0 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 100Gi # need to be more in production 13 | storageClassName: local 14 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/oci-registry/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: oci-registry 6 | components: 7 | - ../../../components/sops/kube-nas 8 | - ../../../components/flux/alerts 9 | resources: 10 | - ./namespace.yaml 11 | - ./harbor/flux-sync.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/oci-registry/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: oci-registry 7 | annotations: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/secops/external-secrets/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/secops/external-secrets/stores/cluster-secret-store.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/clustersecretstore_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ClusterSecretStore 5 | metadata: 6 | name: openbao-backend 7 | spec: 8 | provider: 9 | vault: 10 | server: https://secrets.techtales.io 11 | path: infra 12 | version: v2 13 | auth: 14 | kubernetes: 15 | role: kube-nas 16 | mountPath: kube-nas 17 | serviceAccountRef: 18 | name: openbao-auth 19 | namespace: secops 20 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/secops/external-secrets/stores/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - cluster-secret-store.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/secops/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: secops 6 | components: 7 | - ../../../components/sops/kube-nas 8 | - ../../../components/flux/alerts 9 | resources: 10 | - ./namespace.yaml 11 | - ./rbac.yaml 12 | - ./external-secrets/flux-sync.yaml 13 | - ./openbao/flux-sync.yaml 14 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/secops/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: secops 7 | annotations: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/secops/openbao/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - secrets.sops.yaml 7 | - helm-release.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/apps/secops/openbao/snapshots/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - external-secret.yaml 7 | - helm-release.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/bootstrap/cilium/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | helmCharts: 6 | - name: cilium 7 | namespace: kube-system 8 | releaseName: cilium 9 | repo: https://helm.cilium.io/ 10 | valuesFile: values.yaml 11 | version: 1.17.4 12 | commonAnnotations: 13 | meta.helm.sh/release-name: cilium 14 | meta.helm.sh/release-namespace: kube-system 15 | labels: 16 | - includeSelectors: true 17 | pairs: 18 | app.kubernetes.io/managed-by: Helm 19 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/bootstrap/coredns/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | helmCharts: 6 | - name: coredns 7 | namespace: kube-system 8 | releaseName: coredns 9 | repo: https://coredns.github.io/helm 10 | valuesFile: values.yaml 11 | version: 1.42.2 12 | commonAnnotations: 13 | meta.helm.sh/release-name: coredns 14 | meta.helm.sh/release-namespace: kube-system 15 | labels: 16 | - includeSelectors: true 17 | pairs: 18 | app.kubernetes.io/managed-by: Helm 19 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/bootstrap/flux-operator/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | serviceMonitor: 3 | create: false 4 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/bootstrap/kubelet-csr-approver/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | providerRegex: | 3 | ^(kube-nas)$ 4 | replicas: 1 5 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/bootstrap/metrics-server/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | metrics: 3 | enabled: false 4 | serviceMonitor: 5 | enabled: false 6 | -------------------------------------------------------------------------------- /kubernetes/kube-nas/flux/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: flux-system 6 | resources: 7 | - flux-sync.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/anubis-system/anubis-grafana/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/anubis-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./anubis-grafana/flux-sync.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/anubis-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: anubis-system 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/atlantis/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - namespace.yaml 7 | - ./default-config 8 | - ./techtales-io/flux-sync.yaml 9 | - ./tyriis/flux-sync.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/atlantis/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: atlantis 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/atlantis/techtales-io/terraform-discord/config/allowlist.txt: -------------------------------------------------------------------------------- 1 | tyriis 2 | jazzlyn 3 | techtales-bot[bot] 4 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/atlantis/techtales-io/terraform-gcloud/config/allowlist.txt: -------------------------------------------------------------------------------- 1 | tyriis 2 | jazzlyn 3 | techtales-bot[bot] 4 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/atlantis/techtales-io/terraform-github/config/allowlist.txt: -------------------------------------------------------------------------------- 1 | tyriis 2 | jazzlyn 3 | techtales-bot[bot] 4 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/atlantis/techtales-io/terraform-gworkspace/config/allowlist.txt: -------------------------------------------------------------------------------- 1 | tyriis 2 | jazzlyn 3 | techtales-bot[bot] 4 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/atlantis/techtales-io/terraform-minio/config/allowlist.txt: -------------------------------------------------------------------------------- 1 | tyriis 2 | jazzlyn 3 | techtales-bot[bot] 4 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/atlantis/techtales-io/terraform-opnsense/config/allowlist.txt: -------------------------------------------------------------------------------- 1 | tyriis 2 | jazzlyn 3 | techtales-bot[bot] 4 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/atlantis/techtales-io/terraform-vault/config/allowlist.txt: -------------------------------------------------------------------------------- 1 | tyriis 2 | jazzlyn 3 | techtales-bot[bot] 4 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/atlantis/tyriis/terraform-github/config/allowlist.txt: -------------------------------------------------------------------------------- 1 | tyriis 2 | tyriis-automation[bot] 3 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/atlantis/tyriis/terraform-github/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./secret.sops.yaml 7 | - ../../../../../base/apps/atlantis/app/helm-release.yaml 8 | configMapGenerator: 9 | - name: atlantis-tyriis-allowlist 10 | files: 11 | - allowlist.txt=config/allowlist.txt 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | annotations: 15 | kustomize.toolkit.fluxcd.io/substitute: disabled 16 | patches: 17 | - path: helm-values.yaml 18 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/auth-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - namespace.yaml 7 | - ./oauth2-proxy/flux-sync.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/auth-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: auth-system 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/auth-system/oauth2-proxy/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - external-secret.yaml 7 | - helm-release.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/backstage/backstage/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - secrets.sops.yaml 7 | - helm-release.yaml 8 | configMapGenerator: 9 | - name: app-config 10 | files: 11 | - app-config.production.yaml 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | annotations: 15 | kustomize.toolkit.fluxcd.io/substitute: disabled 16 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/backstage/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./backstage/flux-sync.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/backstage/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: backstage 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/backup-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - namespace.yaml 7 | - ./snapshot-controller/flux-sync.yaml 8 | - ./volsync/flux-sync.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/backup-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: backup-system 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/backup-system/snapshot-controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/backup-system/volsync/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | - prometheus-rules.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/cert-manager/cert-manager/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/cert-manager/cert-manager/issuers/cluster-issuer-selfsigned.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/cert-manager.io/clusterissuer_v1.json 3 | apiVersion: cert-manager.io/v1 4 | kind: ClusterIssuer 5 | metadata: 6 | name: selfsigned 7 | spec: 8 | selfSigned: {} 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/cert-manager/cert-manager/issuers/kustomize-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/cert-manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - namespace.yaml 7 | - ./cert-manager/flux-sync.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/cert-manager/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: cert-manager 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/database/cloudnative-pg/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/database/cloudnative-pg/barman-cloud/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/database/cloudnative-pg/cluster/database-server.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: dbman.hef.sh/v1alpha2 3 | kind: DatabaseServer 4 | metadata: 5 | name: main-postgres17 6 | spec: 7 | connString: "host=main-postgres17-rw.database.svc.cluster.local" 8 | credentials: 9 | basicAuthSecretRef: postgres-superuser 10 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/database/cloudnative-pg/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - postgres-superuser-secret.sops.yaml 7 | - postgres-minio-secret.sops.yaml 8 | - objectstore.yaml 9 | - cluster17.yaml 10 | - database-server.yaml 11 | - scheduled-backup.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/database/cloudnative-pg/cluster/scheduled-backup.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/postgresql.cnpg.io/scheduledbackup_v1.json 3 | apiVersion: postgresql.cnpg.io/v1 4 | kind: ScheduledBackup 5 | metadata: 6 | name: main-postgres17 7 | namespace: database 8 | spec: 9 | schedule: "0 0 0 * * *" 10 | immediate: true 11 | backupOwnerReference: self 12 | cluster: 13 | name: main-postgres17 14 | method: plugin 15 | pluginConfiguration: 16 | name: barman-cloud.cloudnative-pg.io 17 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/database/cloudnative-pg/git-repository.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/gitrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: GitRepository 5 | metadata: 6 | name: cnpg-barman-cloud-crds 7 | namespace: database 8 | spec: 9 | interval: 30m 10 | url: https://github.com/cloudnative-pg/plugin-barman-cloud.git 11 | ref: 12 | tag: v0.5.0 13 | ignore: | 14 | # exclude 15 | /* 16 | # include 17 | !config/crd/bases/barmancloud.cnpg.io_objectstores.yaml 18 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/database/cloudnative-pg/observability/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: database 6 | resources: 7 | - prometheus-rule.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/database/dbman/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/database/dragonfly/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - cluster.yaml 7 | - pod-monitor.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/database/dragonfly/cluster/pod-monitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/podmonitor_v1.json 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: PodMonitor 5 | metadata: 6 | name: dragonfly 7 | spec: 8 | selector: 9 | matchLabels: 10 | app: dragonfly 11 | podTargetLabels: ["app"] 12 | podMetricsEndpoints: 13 | - port: admin 14 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/database/dragonfly/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # renovate: depName=dragonflydb/dragonfly-operator datasource=github-releases 7 | - https://raw.githubusercontent.com/dragonflydb/dragonfly-operator/v1.1.11/manifests/crd.yaml 8 | - helm-release.yaml 9 | - rbac.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/database/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - namespace.yaml 7 | - ./cloudnative-pg/git-repository.yaml 8 | - ./cloudnative-pg/flux-sync.yaml 9 | - ./dbman/flux-sync.yaml 10 | - ./dragonfly/flux-sync.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/database/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: database 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/default/echo-server/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/default/homepage/app/config/custom.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tyriis/home-ops/a349f4219758dd53ea2848d05905cf8a91af9adc/kubernetes/talos-flux/apps/default/homepage/app/config/custom.css -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/default/homepage/app/config/custom.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tyriis/home-ops/a349f4219758dd53ea2848d05905cf8a91af9adc/kubernetes/talos-flux/apps/default/homepage/app/config/custom.js -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/default/homepage/app/config/docker.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tyriis/home-ops/a349f4219758dd53ea2848d05905cf8a91af9adc/kubernetes/talos-flux/apps/default/homepage/app/config/docker.yaml -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/default/homepage/app/config/kubernetes.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | mode: cluster 3 | ingress: true 4 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/default/it-tools/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/default/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - namespace.yaml 7 | - ./echo-server/flux-sync.yaml 8 | - ./homepage/flux-sync.yaml 9 | - ./it-tools/flux-sync.yaml 10 | - ./openspeedtest/flux-sync.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/default/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: default 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/default/openspeedtest/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/development/code-server/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/development/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - namespace.yaml 7 | - ./code-server/flux-sync.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/development/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: development 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/devops/argo-workflows/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/devops/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - namespace.yaml 7 | - ./tekton/flux-sync.yaml 8 | - ./argo-workflows/flux-sync.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/devops/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: devops 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/devops/tekton/krr-cron/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/devops/tekton/pipelines/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - goodbye.yaml 7 | - krr.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/devops/tekton/tasks/goodbye.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/redhat-developer/vscode-tekton/main/scheme/tekton.dev/v1beta1_Task.json 3 | apiVersion: tekton.dev/v1beta1 4 | kind: Task 5 | metadata: 6 | name: goodbye 7 | spec: 8 | params: 9 | - name: username 10 | type: string 11 | steps: 12 | - name: goodbye 13 | image: ubuntu@sha256:b59d21599a2b151e23eea5f6602f4af4d7d31c4e236d22bf0b62b86d2e386b8f 14 | script: | 15 | #!/bin/bash 16 | echo "Goodbye $(params.username)!" 17 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/devops/tekton/tasks/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # - https://raw.githubusercontent.com/tektoncd/catalog/main/task/send-to-webhook-discord/0.1/send-to-webhook-discord.yaml 7 | - hello-world.yaml 8 | - goodbye.yaml 9 | - ./krr/rbac.yaml 10 | - ./krr/task.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/devops/tekton/triggers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./templates/hello.yaml 7 | - ./templates/krr.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/discord/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - namespace.yaml 7 | - ./musicbot/flux-sync.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/discord/musicbot/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helm-release.yaml 7 | configMapGenerator: 8 | - name: musicbot-config 9 | behavior: create 10 | files: 11 | - options.ini 12 | - permissions.ini 13 | - autoplaylist.txt 14 | generatorOptions: 15 | disableNameSuffixHash: true 16 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/discord/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: discord 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/flux-system/flux-operator/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./oci-repository.yaml 7 | - ./helm-release.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/flux-system/flux-operator/app/oci-repository.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: OCIRepository 5 | metadata: 6 | name: flux-operator 7 | spec: 8 | interval: 10m 9 | layerSelector: 10 | mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip 11 | operation: copy 12 | url: oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator 13 | ref: 14 | tag: 0.22.0 15 | verify: 16 | provider: cosign 17 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/flux-system/flux-operator/instance/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helm-release.yaml 7 | configMapGenerator: 8 | - name: flux-instance-crd 9 | files: 10 | - values.yaml=./flux-instance.yaml 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | configurations: 14 | - kustomize-config.yaml 15 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/flux-system/flux-operator/instance/kustomize-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/flux-system/flux/notifications/discord/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - secret.sops.yaml 7 | - alert.yaml 8 | - provider.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/flux-system/flux/notifications/discord/provider.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/notification.toolkit.fluxcd.io/provider_v1beta3.json 3 | apiVersion: notification.toolkit.fluxcd.io/v1beta3 4 | kind: Provider 5 | metadata: 6 | name: discord 7 | spec: 8 | type: discord 9 | channel: flux-system 10 | username: ${SETTING_CLUSTERNAME} flux-system 11 | secretRef: 12 | name: flux-notifications-webhook-url 13 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/flux-system/flux/observability/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - pod-monitor.yaml 7 | - prometheus-rule.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/flux-system/flux/observability/pod-monitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PodMonitor 4 | metadata: 5 | name: flux-controllers 6 | spec: 7 | namespaceSelector: 8 | matchNames: 9 | - flux-system 10 | selector: 11 | matchExpressions: 12 | - key: app 13 | operator: In 14 | values: 15 | - helm-controller 16 | - source-controller 17 | - kustomize-controller 18 | - notification-controller 19 | podMetricsEndpoints: 20 | - port: http-prom 21 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/flux-system/flux/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./secret.sops.yaml 7 | - ./helm-release.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/flux-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: flux-system 6 | components: 7 | - ../../../components/sops/talos-flux 8 | - ../../../components/flux/alerts 9 | - ../../../components/flux/globals/talos-flux 10 | resources: 11 | - ./namespace.yaml 12 | - ./flux-operator/flux-sync.yaml 13 | - ./flux/flux-sync.yaml 14 | # - ./tofu-controller/flux-sync.yaml # disable as it does not work properly currently 15 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/flux-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: flux-system 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | annotations: 10 | # https://fluxcd.io/flux/components/kustomize/kustomizations/#controlling-the-apply-behavior-of-resources 11 | kustomize.toolkit.fluxcd.io/ssa: IfNotPresent 12 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/flux-system/tofu-controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/gaming-public/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - namespace.yaml 7 | - ./minecraft-java/flux-sync.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/gaming-public/minecraft-java/global-secrets/kustomize-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/gaming-public/minecraft-java/lobby-world/config/plugins.txt: -------------------------------------------------------------------------------- 1 | # UnifiedMetrics https://modrinth.com/plugin/unifiedmetrics 2 | https://cdn.modrinth.com/data/p1ewR5kV/versions/Ypqt7eH1/unifiedmetrics-platform-bukkit-0.3.8.jar 3 | # FancyNpcs https://modrinth.com/plugin/fancynpcs 4 | https://cdn.modrinth.com/data/EeyAn23L/versions/Zhcyw48Q/FancyNpcs-2.5.0.jar 5 | # https://modrinth.com/plugin/viaversion 6 | # should not be enabled on the servers with velocity setup 7 | # https://cdn.modrinth.com/data/P1OZGk5p/versions/cdC9vQSF/ViaVersion-5.3.2.jar 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/gaming-public/minecraft-java/playground-world/config/plugins.txt: -------------------------------------------------------------------------------- 1 | # UnifiedMetrics https://modrinth.com/plugin/unifiedmetrics 2 | https://cdn.modrinth.com/data/p1ewR5kV/versions/Ypqt7eH1/unifiedmetrics-platform-bukkit-0.3.8.jar 3 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/gaming-public/minecraft-java/pvp-world/config/plugins.txt: -------------------------------------------------------------------------------- 1 | # UnifiedMetrics https://modrinth.com/plugin/unifiedmetrics 2 | https://cdn.modrinth.com/data/p1ewR5kV/versions/Ypqt7eH1/unifiedmetrics-platform-bukkit-0.3.8.jar 3 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/gaming-public/minecraft-java/pvp-world/persistent-volume-claim.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/persistentvolumeclaim-v1.json 3 | apiVersion: v1 4 | kind: PersistentVolumeClaim 5 | metadata: 6 | name: minecraft-public-pvp-world-data 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | dataSourceRef: 11 | kind: ReplicationDestination 12 | apiGroup: volsync.backube 13 | name: minecraft-public-pvp-world-data 14 | resources: 15 | requests: 16 | storage: 10Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/persistent-volume-claim.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/persistentvolumeclaim-v1.json 3 | apiVersion: v1 4 | kind: PersistentVolumeClaim 5 | metadata: 6 | name: minecraft-public-velocity-proxy-data 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 2Gi 13 | storageClassName: ceph-block 14 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/gaming-public/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: gaming-public 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/gaming/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - namespace.yaml 7 | - ./minecraft-java/flux-sync.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/gaming/minecraft-java/creative-world/config/plugins.txt: -------------------------------------------------------------------------------- 1 | # UnifiedMetrics https://modrinth.com/plugin/unifiedmetrics 2 | https://cdn.modrinth.com/data/p1ewR5kV/versions/Ypqt7eH1/unifiedmetrics-platform-bukkit-0.3.8.jar 3 | # Vane https://modrinth.com/plugin/vane, https://oddlama.github.io/vane/ 4 | https://cdn.modrinth.com/data/698NGGtb/versions/ohtoFZG2/all-plugins.zip 5 | # ProtocolLib https://ci.dmulloy2.net/job/ProtocolLib/ required by Vane 6 | https://ci.dmulloy2.net/job/ProtocolLib/lastSuccessfulBuild/artifact/build/libs/ProtocolLib.jar 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/gaming/minecraft-java/global-secrets/kustomize-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/gaming/minecraft-java/lobby-world/config/plugins.txt: -------------------------------------------------------------------------------- 1 | # UnifiedMetrics https://modrinth.com/plugin/unifiedmetrics 2 | https://cdn.modrinth.com/data/p1ewR5kV/versions/Ypqt7eH1/unifiedmetrics-platform-bukkit-0.3.8.jar 3 | # LuckPerms https://luckperms.net/download 4 | https://download.luckperms.net/1587/bukkit/loader/LuckPerms-Bukkit-5.5.2.jar 5 | # FancyNpcs https://modrinth.com/plugin/fancynpcs 6 | https://cdn.modrinth.com/data/EeyAn23L/versions/Zhcyw48Q/FancyNpcs-2.5.0.jar 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/gaming/minecraft-java/playground-world/config/plugins.txt: -------------------------------------------------------------------------------- 1 | # UnifiedMetrics https://modrinth.com/plugin/unifiedmetrics 2 | https://cdn.modrinth.com/data/p1ewR5kV/versions/Ypqt7eH1/unifiedmetrics-platform-bukkit-0.3.8.jar 3 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/gaming/minecraft-java/survival-world/config/plugins.txt: -------------------------------------------------------------------------------- 1 | # UnifiedMetrics https://modrinth.com/plugin/unifiedmetrics 2 | https://cdn.modrinth.com/data/p1ewR5kV/versions/Ypqt7eH1/unifiedmetrics-platform-bukkit-0.3.8.jar 3 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/gaming/minecraft-java/velocity-proxy/persistent-volume-claim.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/persistentvolumeclaim-v1.json 3 | apiVersion: v1 4 | kind: PersistentVolumeClaim 5 | metadata: 6 | name: minecraft-velocity-proxy-data 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | spec: 10 | accessModes: 11 | - ReadWriteOnce 12 | resources: 13 | requests: 14 | storage: 10Gi 15 | storageClassName: ceph-block 16 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/gaming/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: gaming 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | pod-security.kubernetes.io/enforce: privileged 10 | pod-security.kubernetes.io/enforce-version: latest 11 | annotations: 12 | volsync.backube/privileged-movers: "true" 13 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/github/actions-runner-controller/operator/pod-monitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PodMonitor 4 | metadata: 5 | name: actions-runner-controller 6 | spec: 7 | selector: 8 | matchLabels: 9 | app.kubernetes.io/part-of: gha-rs-controller 10 | podMetricsEndpoints: 11 | - port: metrics 12 | path: /metrics 13 | interval: 15s 14 | scrapeTimeout: 5s 15 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/github/actions-runner-controller/runners/jazzlyn/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - secrets.sops.yaml 7 | - gh-actions-demo.yaml 8 | - kind-flux-demo.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/github/actions-runner-controller/runners/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - regcreds-docker.sops.yaml 7 | - ./jazzlyn 8 | - ./organization 9 | - ./tyriis 10 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/github/actions-runner-controller/runners/organization/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - secrets.sops.yaml 7 | - techtales-io.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/github/actions-runner-controller/runners/tyriis/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - secrets.sops.yaml 7 | - home-ops.yaml 8 | - homeassistant-config.yaml 9 | - ./terraform-github 10 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/github/actions-runner-controller/runners/tyriis/terraform-github/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/github/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - namespace.yaml 7 | - ./actions-runner-controller/flux-sync.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/github/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: github 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | pod-security.kubernetes.io/enforce: privileged 10 | pod-security.kubernetes.io/audit: privileged 11 | pod-security.kubernetes.io/warn: privileged 12 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/home-automation/emqx/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - secrets.sops.yaml 7 | - replication-destination.yaml 8 | - persistent-volume-claim.yaml 9 | - helm-release.yaml 10 | - replication-sources.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/home-automation/esphome/app/persistent-volume-claim.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/persistentvolumeclaim-v1.json 3 | apiVersion: v1 4 | kind: PersistentVolumeClaim 5 | metadata: 6 | name: esphome-config 7 | labels: 8 | app.kubernetes.io/instance: esphome 9 | app.kubernetes.io/name: esphome 10 | spec: 11 | accessModes: 12 | - ReadWriteOnce 13 | resources: 14 | requests: 15 | storage: 10Gi 16 | storageClassName: ceph-block 17 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/home-automation/esphome/app/volsync-replication-destination.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: volsync.backube/v1alpha1 3 | kind: ReplicationDestination 4 | metadata: 5 | name: esphome-config 6 | spec: 7 | trigger: 8 | manual: restore 9 | restic: 10 | destinationPVC: esphome-config 11 | repository: volsync-esphome-config 12 | copyMethod: Direct 13 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/home-automation/esphome/app/volsync-replication-source.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: volsync.backube/v1alpha1 3 | kind: ReplicationSource 4 | metadata: 5 | name: esphome-config 6 | spec: 7 | sourcePVC: esphome-config 8 | trigger: 9 | schedule: "*/30 * * * *" 10 | restic: 11 | pruneIntervalDays: 15 12 | repository: volsync-esphome-config 13 | retain: 14 | hourly: 1 15 | daily: 1 16 | weekly: 1 17 | monthly: 1 18 | yearly: 1 19 | copyMethod: Clone 20 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/home-automation/esphome/observability/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: home-automation 6 | resources: 7 | - prometheus-rule.yaml 8 | labels: 9 | - pairs: 10 | app.kubernetes.io/name: esphome-observability 11 | app.kubernetes.io/instance: esphome-observability 12 | app.kubernetes.io/part-of: esphome 13 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/home-automation/govee2mqtt/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - secret.sops.yaml 7 | - helm-release.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/home-automation/hisense-aircon/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - secret.sops.yaml 7 | - helm-release.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/home-automation/home-assistant/app/database.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: dbman.hef.sh/v1alpha3 3 | kind: Database 4 | metadata: 5 | name: hass 6 | spec: 7 | credentials: 8 | usernameSecretRef: 9 | name: home-assistant-secrets 10 | key: INIT_POSTGRES_USER 11 | passwordSecretRef: 12 | name: home-assistant-secrets 13 | key: INIT_POSTGRES_PASS 14 | databaseName: hass 15 | databaseServerRef: 16 | namespace: database 17 | name: main-postgres17 18 | prune: false 19 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/home-automation/home-assistant/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: home-automation 6 | resources: 7 | - database.yaml 8 | - secret.sops.yaml 9 | - replication-destination.yaml 10 | - persistent-volume-claim.yaml 11 | - helm-release.yaml 12 | - replication-source.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/home-automation/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - namespace.yaml 7 | # - ./emqx/flux-sync.yaml 8 | # - ./esphome/flux-sync.yaml 9 | - ./govee2mqtt/flux-sync.yaml 10 | - ./hisense-aircon/flux-sync.yaml 11 | - ./home-assistant/flux-sync.yaml 12 | - ./locking-service/flux-sync.yaml 13 | - ./n8n/flux-sync.yaml 14 | - ./node-red/flux-sync.yaml 15 | - ./ring-mqtt/flux-sync.yaml 16 | - ./zigbee2mqtt/flux-sync.yaml 17 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/home-automation/locking-service/app/configuration.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | app: 3 | port: 3000 4 | host: 0.0.0.0 5 | 6 | redis: 7 | host: dragonfly.database.svc.cluster.local 8 | port: 6379 9 | keyPrefix: locking-service. 10 | # sentinels: 11 | # - host: redis.database.svc.cluster.local 12 | # port: 26379 13 | # name: redis-master 14 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/home-automation/n8n/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | - persistent-volume-claim.yaml 8 | - external-secret.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/home-automation/n8n/app/persistent-volume-claim.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/persistentvolumeclaim-v1.json 3 | apiVersion: v1 4 | kind: PersistentVolumeClaim 5 | metadata: 6 | name: n8n-data 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 5Gi 13 | storageClassName: ceph-block 14 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/home-automation/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: home-automation 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | pod-security.kubernetes.io/enforce: privileged 10 | pod-security.kubernetes.io/enforce-version: latest 11 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/home-automation/node-red/app/config/.gitconfig: -------------------------------------------------------------------------------- 1 | [safe] 2 | directory = /data/projects/home-automations 3 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/home-automation/node-red/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: home-automation 6 | resources: 7 | - storage-class.yaml 8 | - persistent-volume.yaml 9 | - persistent-volume-claim.yaml 10 | - helm-release.yaml 11 | - service-monitor.yaml 12 | configMapGenerator: 13 | - name: node-red-gitconfig 14 | files: 15 | - .gitconfig=./config/.gitconfig 16 | generatorOptions: 17 | disableNameSuffixHash: true 18 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/home-automation/node-red/app/persistent-volume-claim.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/persistentvolumeclaim-v1.json 3 | apiVersion: v1 4 | kind: PersistentVolumeClaim 5 | metadata: 6 | name: node-red-data 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 5Gi 13 | volumeName: node-red-data 14 | storageClassName: node-red 15 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/home-automation/node-red/app/persistent-volume.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolume 4 | metadata: 5 | name: node-red-data 6 | spec: 7 | capacity: 8 | storage: 5Gi 9 | nfs: 10 | server: nas.techtales.io 11 | path: /volume1/node-red.k8s.home 12 | accessModes: 13 | - ReadWriteOnce 14 | persistentVolumeReclaimPolicy: Retain 15 | storageClassName: node-red 16 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/home-automation/node-red/app/storage-class.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: storage.k8s.io/v1 3 | kind: StorageClass 4 | metadata: 5 | name: node-red 6 | provisioner: techtales.io/node-red-nfs 7 | reclaimPolicy: Retain 8 | allowVolumeExpansion: true 9 | volumeBindingMode: Immediate 10 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/home-automation/ring-mqtt/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - external-secret.yaml 7 | - secret.sops.yaml 8 | - persistent-volume-claim.yaml 9 | - replication-source.yaml 10 | - replication-destination.yaml 11 | - helm-release.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/home-automation/ring-mqtt/app/persistent-volume-claim.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/persistentvolumeclaim-v1.json 3 | apiVersion: v1 4 | kind: PersistentVolumeClaim 5 | metadata: 6 | name: ring-mqtt-data 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | dataSourceRef: 11 | kind: ReplicationDestination 12 | apiGroup: volsync.backube 13 | name: ring-mqtt-data 14 | resources: 15 | requests: 16 | storage: 10Mi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/home-automation/zigbee2mqtt/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: home-automation 6 | resources: 7 | - external-secret.yaml 8 | - secret.sops.yaml 9 | - helm-release.yaml 10 | - prometheus-rule.yaml 11 | - persistent-volume-claim.yaml 12 | - replication-source.yaml 13 | - replication-destination.yaml 14 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/home-automation/zigbee2mqtt/app/persistent-volume-claim.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/persistentvolumeclaim-v1.json 3 | apiVersion: v1 4 | kind: PersistentVolumeClaim 5 | metadata: 6 | name: zigbee2mqtt-data 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | dataSourceRef: 11 | kind: ReplicationDestination 12 | apiGroup: volsync.backube 13 | name: zigbee2mqtt-data 14 | resources: 15 | requests: 16 | storage: 5Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/kube-system/cilium/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/kube-system/cilium/config/cilium-l2-announcement-policy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/cilium.io/ciliuml2announcementpolicy_v2alpha1.json 3 | apiVersion: cilium.io/v2alpha1 4 | kind: CiliumL2AnnouncementPolicy 5 | metadata: 6 | name: l2-policy 7 | spec: 8 | loadBalancerIPs: true 9 | # interfaces: 10 | # - ^eth[0-9]+ 11 | nodeSelector: 12 | matchLabels: 13 | kubernetes.io/os: linux 14 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/kube-system/cilium/config/cilium-load-balancer-ip-pool.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/cilium.io/ciliumloadbalancerippool_v2alpha1.json 3 | apiVersion: cilium.io/v2alpha1 4 | kind: CiliumLoadBalancerIPPool 5 | metadata: 6 | name: l2-pool 7 | spec: 8 | allowFirstLastIPs: "Yes" 9 | blocks: 10 | - # Controller VIP: 192.168.1.50 11 | start: 192.168.1.80 12 | stop: 192.168.1.89 13 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/kube-system/cilium/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - cilium-l2-announcement-policy.yaml 7 | - cilium-load-balancer-ip-pool.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/kube-system/coredns/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/kube-system/csi-driver-nfs/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | - storage-class.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/kube-system/kubelet-csr-approver/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/kube-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - namespace.yaml 7 | - ./cilium/flux-sync.yaml 8 | - ./coredns/flux-sync.yaml 9 | - ./kubelet-csr-approver/flux-sync.yaml 10 | - ./csi-driver-nfs/flux-sync.yaml 11 | - ./metrics-server/flux-sync.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/kube-system/metrics-server/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/kube-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: kube-system 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/kube-tools/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - namespace.yaml 7 | - ./node-feature-discovery/flux-sync.yaml 8 | - ./reloader/flux-sync.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/kube-tools/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: kube-tools 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | pod-security.kubernetes.io/enforce: privileged 10 | pod-security.kubernetes.io/enforce-version: latest 11 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/kube-tools/node-feature-discovery/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/kube-tools/node-feature-discovery/crds/kustomize-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/kube-tools/node-feature-discovery/crds/node-feature-rules/intel-gpu.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/nfd.k8s-sigs.io/nodefeaturerule_v1alpha1.json 3 | apiVersion: nfd.k8s-sigs.io/v1alpha1 4 | kind: NodeFeatureRule 5 | metadata: 6 | name: intel-gpu 7 | spec: 8 | rules: 9 | - name: intel.gpu 10 | labels: 11 | intel.feature.node.kubernetes.io/gpu: "true" 12 | matchFeatures: 13 | - feature: pci.device 14 | matchExpressions: 15 | vendor: { op: In, value: ["8086"] } 16 | class: { op: In, value: ["0300", "0380"] } 17 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/kube-tools/node-feature-discovery/crds/node-feature-rules/zigbee-stick.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/nfd.k8s-sigs.io/nodefeaturerule_v1alpha1.json 3 | apiVersion: nfd.k8s-sigs.io/v1alpha1 4 | kind: NodeFeatureRule 5 | metadata: 6 | name: zigbee-stick 7 | spec: 8 | rules: 9 | - name: zigbee.usb 10 | labels: 11 | zigbee.feature.node.kubernetes.io/slae.sh: "true" 12 | matchFeatures: 13 | - feature: usb.device 14 | matchExpressions: 15 | vendor: { op: In, value: ["10c4"] } 16 | device: { op: In, value: ["ea60"] } 17 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/kube-tools/reloader/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-tools 6 | resources: 7 | - helm-release.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/kyverno/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - namespace.yaml 7 | - ./kyverno/flux-sync.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/kyverno/kyverno/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/kyverno/kyverno/policies/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # - ingress-prom-probes.yaml 7 | - remove-cpu-limits.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/kyverno/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: kyverno 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/networking/adguard-home/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - persistent-volume-claim.yaml 7 | - helm-release.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/networking/cloudflared/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - secret.sops.yaml 7 | - helm-release.yaml 8 | configMapGenerator: 9 | - name: cloudflare-tunnel 10 | files: 11 | - config.yaml 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | annotations: 15 | kustomize.toolkit.fluxcd.io/substitute: enabled 16 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/networking/external-dns/cloudflare/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: networking 6 | resources: 7 | - external-secret.yaml 8 | - helm-release.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/networking/external-dns/opnsense/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - external-secret.yaml 7 | - helm-release.yaml 8 | configMapGenerator: 9 | - name: external-dns-opnsense-helm-values 10 | files: 11 | - values.yaml=./helm-values.yaml 12 | configurations: 13 | - kustomize-config.yaml 14 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/networking/external-dns/opnsense/kustomize-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/networking/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - namespace.yaml 7 | - ./adguard-home/flux-sync.yaml 8 | - ./cloudflared/flux-sync.yaml 9 | - ./external-dns/flux-sync.yaml 10 | - ./playit/flux-sync.yaml 11 | - ./redirect-service/flux-sync.yaml 12 | - ./unifi-controller/flux-sync.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/networking/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: networking 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/networking/playit/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: home-automation 6 | resources: 7 | - external-secret.yaml 8 | # - networkpolicy.yaml 9 | - helm-release.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/networking/redirect-service/app/config/01_real-ip.conf: -------------------------------------------------------------------------------- 1 | real_ip_header X-Forwarded-For; 2 | real_ip_recursive on; 3 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/networking/redirect-service/app/config/02_log-format.conf: -------------------------------------------------------------------------------- 1 | log_format combined_realip '$http_x_forwarded_for - $remote_user [$time_local] ' 2 | '"$request" $status $body_bytes_sent ' 3 | '"$http_referer" "$http_user_agent"'; 4 | 5 | # For cloudflare argo tunnel, use $http_cf_connecting_ip to get `cf-connecting-ip` header 6 | log_format combined_realip_cf '$http_cf_connecting_ip $http_x_forwarded_for - $remote_user [$time_local] ' 7 | '"$request" $status $body_bytes_sent ' 8 | '"$http_referer" "$http_user_agent"'; 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/networking/redirect-service/app/config/default.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 8080; 3 | server_name _; 4 | 5 | access_log /var/log/nginx/access.log combined_realip; 6 | error_log /var/log/nginx/error.log error; 7 | 8 | location = /google { 9 | return 301 https://www.google.com; 10 | } 11 | 12 | location / { 13 | root /usr/share/nginx/html; 14 | index index.html index.htm; 15 | } 16 | 17 | error_page 404 /404.html; 18 | error_page 500 502 503 504 /50x.html; 19 | 20 | location = /50x.html { 21 | root /usr/share/nginx/html; 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/networking/redirect-service/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | configMapGenerator: 8 | - name: redirect-service-config 9 | files: 10 | - 01_real-ip.conf=./config/01_real-ip.conf 11 | - 02_log-format.conf=./config/02_log-format.conf 12 | - default.conf=./config/default.conf 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | annotations: 16 | kustomize.toolkit.fluxcd.io/substitute: disabled 17 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/networking/unifi-controller/app/README.md: -------------------------------------------------------------------------------- 1 | # unifi 2 | 3 | ## L2 Network discovery 4 | 5 | 6 | 7 | This just does not work. you need to ssh into the device and inform the controller manually. 8 | 9 | ## set-inform 10 | 11 | login into your unifi device default user password: ubnt/ubnt 12 | 13 | ```console 14 | set-inform http://${SETTING_CILIUM_UNIFI_ADDR}:8080/inform 15 | ``` 16 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/networking/unifi-controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: networking 6 | resources: 7 | - secret.sops.yaml 8 | - replication-source.yaml 9 | - persistent-volume-claim.yaml 10 | - replication-destination.yaml 11 | - helm-release.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/networking/unifi-controller/app/persistent-volume-claim.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/persistentvolumeclaim-v1.json 3 | apiVersion: v1 4 | kind: PersistentVolumeClaim 5 | metadata: 6 | name: unifi-data 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | dataSourceRef: 11 | kind: ReplicationDestination 12 | apiGroup: volsync.backube 13 | name: unifi-data 14 | resources: 15 | requests: 16 | storage: 10Gi 17 | storageClassName: ceph-block 18 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/nginx-ingress/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - namespace.yaml 7 | - ./nginx/flux-sync.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/nginx-ingress/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: nginx-ingress 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/nginx-ingress/nginx/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/observability/alertmanager-discord/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/observability/blackbox-exporter/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/observability/botkube/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - secret.sops.yaml 7 | - helm-release.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/observability/gatus/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./persistent-volume-claim.yaml 7 | - ./helm-release.yaml 8 | - ./prometheus-rule.yaml 9 | configMapGenerator: 10 | - name: gatus-config 11 | files: 12 | - config.yaml=./resources/config.yaml 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | annotations: 16 | kustomize.toolkit.fluxcd.io/substitute: disabled 17 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/observability/gatus/app/persistent-volume-claim.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/persistentvolumeclaim-v1.json 3 | apiVersion: v1 4 | kind: PersistentVolumeClaim 5 | metadata: 6 | name: gatus-data 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 5Gi 13 | storageClassName: ceph-block 14 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/observability/grafana/app/config/contactpoints.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # https://grafana.com/docs/grafana/latest/alerting/set-up/provision-alerting-resources/file-provisioning/#import-contact-points 3 | apiVersion: 1 4 | contactPoints: 5 | - orgId: 1 6 | name: alertmanager-notifications 7 | receivers: 8 | - uid: cp1 9 | type: prometheus-alertmanager 10 | disableResolveMessage: false 11 | settings: 12 | url: http://prometheus-alertmanager.observability.svc.cluster.local:9093 13 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/observability/grafana/app/config/policies.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # https://grafana.com/docs/grafana/latest/alerting/set-up/provision-alerting-resources/file-provisioning/#import-notification-policies 3 | apiVersion: 1 4 | policies: 5 | - orgId: 1 6 | receiver: alertmanager-notifications 7 | group_by: 8 | - grafana_folder 9 | - alertname 10 | group_wait: 30s 11 | group_interval: 5m 12 | repeat_interval: 12h 13 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/observability/grafana/app/dashboards/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | configMapGenerator: 6 | - name: dashboards 7 | files: 8 | - resource-usage.json=resource-usage.json 9 | generatorOptions: 10 | disableNameSuffixHash: true 11 | annotations: 12 | kustomize.toolkit.fluxcd.io/substitute: disabled 13 | grafana_folder: Kubernetes 14 | labels: 15 | grafana_dashboard: "true" 16 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/observability/kromgo/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | configMapGenerator: 8 | - name: kromgo-configmap 9 | files: 10 | - config.yaml=./resources/config.yaml 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | labels: 14 | app.kubernetes.io/name: kromgo 15 | app.kubernetes.io/managed-by: kustomize 16 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/observability/kube-prometheus-stack/app/kustomize-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/observability/kube-prometheus-stack/rules/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: observability 6 | resources: 7 | - node-exporter/prometheus-rule.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/observability/loki/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - secret.sops.yaml 7 | - helm-release.yaml 8 | - prometheus-rule.yaml 9 | - ingress.yaml 10 | configMapGenerator: 11 | - name: loki-alerting-rules 12 | files: 13 | - loki-alerting-rules.yaml 14 | generatorOptions: 15 | disableNameSuffixHash: true 16 | annotations: 17 | kustomize.toolkit.fluxcd.io/substitute: disabled 18 | labels: 19 | loki_rule: "true" 20 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/observability/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: observability 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | pod-security.kubernetes.io/enforce: privileged 10 | pod-security.kubernetes.io/audit: privileged 11 | pod-security.kubernetes.io/warn: privileged 12 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/observability/opnsense-exporter/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - external-secret.yaml 7 | - helm-release.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/observability/promtail/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/observability/smartctl-exporter/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: observability 6 | resources: 7 | - helm-release.yaml 8 | - prometheus-rule.yaml 9 | commonLabels: 10 | app.kubernetes.io/instance: smartctl-exporter 11 | app.kubernetes.io/name: smartctl-exporter 12 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/observability/speedtest-exporter/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: observability 6 | resources: 7 | - helm-release.yaml 8 | - prometheus-rule.yaml 9 | - service-monitor.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/observability/speedtest-exporter/app/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: speedtest-exporter 6 | spec: 7 | selector: 8 | matchLabels: 9 | app.kubernetes.io/instance: speedtest-exporter 10 | app.kubernetes.io/name: speedtest-exporter 11 | endpoints: 12 | - port: metrics 13 | interval: 60m 14 | scrapeTimeout: 1m 15 | path: /metrics 16 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/observability/unpoller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - external-secret.yaml 7 | - helm-release.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/openebs-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - namespace.yaml 7 | - ./openebs/flux-sync.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/openebs-system/openebs/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/productivity/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - namespace.yaml 7 | - ./linkwarden/flux-sync.yaml 8 | - ./scanservjs/flux-sync.yaml 9 | - ./syncthing/flux-sync.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/productivity/linkwarden/app/database.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: dbman.hef.sh/v1alpha3 3 | kind: Database 4 | metadata: 5 | name: &name linkwarden 6 | spec: 7 | credentials: 8 | usernameSecretRef: 9 | name: linkwarden-postgres 10 | key: INIT_POSTGRES_USER 11 | passwordSecretRef: 12 | name: linkwarden-postgres 13 | key: INIT_POSTGRES_PASS 14 | databaseName: *name 15 | databaseServerRef: 16 | namespace: database 17 | name: main-postgres17 18 | prune: false 19 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/productivity/linkwarden/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - external-secret.yaml 7 | - database.yaml 8 | - secret.sops.yaml 9 | - replication-destination.yaml 10 | - persistent-volume-claim.yaml 11 | - replication-source.yaml 12 | - helm-release.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/productivity/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: productivity 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | pod-security.kubernetes.io/enforce: privileged 10 | pod-security.kubernetes.io/audit: privileged 11 | pod-security.kubernetes.io/warn: privileged 12 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/productivity/scanservjs/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - storage-class.yaml 7 | - persistent-volume.yaml 8 | - persistent-volume-claim.yaml 9 | - helm-release.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/productivity/scanservjs/app/persistent-volume-claim.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/persistentvolumeclaim-v1.json 3 | apiVersion: v1 4 | kind: PersistentVolumeClaim 5 | metadata: 6 | name: scanservjs-scans 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 10Gi 13 | volumeName: scanservjs-scans 14 | storageClassName: scans 15 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/productivity/scanservjs/app/persistent-volume.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolume 4 | metadata: 5 | name: scanservjs-scans 6 | spec: 7 | capacity: 8 | storage: 10Gi 9 | nfs: 10 | server: nas.techtales.io 11 | path: /volume1/scans 12 | accessModes: 13 | - ReadWriteOnce 14 | persistentVolumeReclaimPolicy: Retain 15 | storageClassName: scans 16 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/productivity/scanservjs/app/storage-class.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: storage.k8s.io/v1 3 | kind: StorageClass 4 | metadata: 5 | name: scans-nfs 6 | provisioner: techtales.io/scans-nfs 7 | reclaimPolicy: Retain 8 | allowVolumeExpansion: true 9 | volumeBindingMode: Immediate 10 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/productivity/syncthing/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - secret.sops.yaml 7 | - storage-class.yaml 8 | - replication-source.yaml 9 | - replication-destination.yaml 10 | - persistent-volume.yaml 11 | - persistent-volume-claim.yaml 12 | - helm-release.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/productivity/syncthing/app/persistent-volume.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolume 4 | metadata: 5 | name: syncthing-data 6 | spec: 7 | capacity: 8 | storage: 10Gi 9 | nfs: 10 | server: nas.techtales.io 11 | path: /volume1/syncthing 12 | accessModes: 13 | - ReadWriteOnce 14 | persistentVolumeReclaimPolicy: Retain 15 | storageClassName: syncthing-nfs 16 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/productivity/syncthing/app/storage-class.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: storage.k8s.io/v1 3 | kind: StorageClass 4 | metadata: 5 | name: syncthing-nfs 6 | provisioner: techtales.io/syncthing-nfs 7 | reclaimPolicy: Retain 8 | allowVolumeExpansion: true 9 | volumeBindingMode: Immediate 10 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/rook-ceph/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - namespace.yaml 7 | - ./rook-ceph/flux-sync.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/rook-ceph/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: rook-ceph 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | pod-security.kubernetes.io/enforce: privileged 10 | pod-security.kubernetes.io/enforce-version: latest 11 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/rook-ceph/rook-ceph/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/rook-ceph/rook-ceph/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/secops/external-secrets/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/secops/external-secrets/stores/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - cluster-secret-store.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/secops/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - namespace.yaml 7 | - vault-auth.yaml 8 | - ./external-secrets/flux-sync.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/secops/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: secops 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/system-upgrade/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - namespace.yaml 7 | - ./system-upgrade-controller/flux-sync.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/system-upgrade/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: system-upgrade 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | pod-security.kubernetes.io/enforce: privileged 10 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/system-upgrade/system-upgrade-controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - rbac.yaml 7 | - helm-release.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/system-upgrade/system-upgrade-controller/plans/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - kubernetes.yaml 7 | - talos.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/traefik-ingress/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - namespace.yaml 7 | - traefik/flux-sync.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/traefik-ingress/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: traefik-ingress 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/traefik-ingress/traefik/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | - ingress.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/traefik-ingress/traefik/forward-auth/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - secret.sops.yaml 7 | - helm-release.yaml 8 | - middleware.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/traefik-ingress/traefik/forward-auth/middleware.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: traefik.io/v1alpha1 3 | kind: Middleware 4 | metadata: 5 | name: sso 6 | labels: 7 | app.kubernetes.io/name: traefik-forward-auth 8 | app.kubernetes.io/instance: traefik-forward-auth 9 | spec: 10 | forwardAuth: 11 | address: http://traefik-forward-auth:4181 12 | authResponseHeaders: 13 | - "X-Forwarded-User" 14 | trustForwardHeader: true 15 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/voice-assistant/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - namespace.yaml 7 | - ./piper/flux-sync.yaml 8 | - ./whisper/flux-sync.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/voice-assistant/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: voice-assistant 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | pod-security.kubernetes.io/enforce: privileged 10 | pod-security.kubernetes.io/enforce-version: latest 11 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/voice-assistant/piper/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/voice-assistant/whisper/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helm-release.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/windmill/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: windmill 6 | components: 7 | - ../../../components/flux/alerts 8 | resources: 9 | - ./namespace.yaml 10 | - ./windmill/flux-sync.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/windmill/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.2-standalone-strict/namespace-v1.json 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: windmill 7 | labels: 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/windmill/windmill/app/database.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: dbman.hef.sh/v1alpha3 3 | kind: Database 4 | metadata: 5 | name: &name windmill 6 | spec: 7 | credentials: 8 | usernameSecretRef: 9 | name: windmill-database 10 | key: DATABASE_USER 11 | passwordSecretRef: 12 | name: windmill-database 13 | key: DATABASE_PASSWORD 14 | databaseName: *name 15 | databaseServerRef: 16 | namespace: database 17 | name: main-postgres17 18 | prune: false 19 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/windmill/windmill/app/helm-repository.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: windmill 7 | spec: 8 | interval: 1h 9 | timeout: 3m 10 | url: https://windmill-labs.github.io/windmill-helm-charts 11 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/apps/windmill/windmill/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helm-repository.yaml 7 | - ./external-secret.yaml 8 | - ./database.yaml 9 | - ./helm-release.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/bootstrap/README.md: -------------------------------------------------------------------------------- 1 | # Bootstrap 2 | 3 | ## generate manifest 4 | 5 | ```console 6 | kustomize build kubernetes/bootstrap > kubernetes/talos-flux/flux/flux-manifests/gotk-components.yaml 7 | ``` 8 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/bootstrap/cilium/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | helmCharts: 6 | - name: cilium 7 | repo: https://helm.cilium.io/ 8 | version: 1.17.4 9 | releaseName: cilium 10 | namespace: kube-system 11 | valuesFile: values.yaml 12 | commonAnnotations: 13 | meta.helm.sh/release-name: cilium 14 | meta.helm.sh/release-namespace: kube-system 15 | commonLabels: 16 | app.kubernetes.io/managed-by: Helm 17 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/bootstrap/coredns/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | helmCharts: 6 | - name: coredns 7 | repo: https://coredns.github.io/helm 8 | version: 1.42.2 9 | releaseName: coredns 10 | namespace: kube-system 11 | valuesFile: values.yaml 12 | commonAnnotations: 13 | meta.helm.sh/release-name: coredns 14 | meta.helm.sh/release-namespace: kube-system 15 | commonLabels: 16 | app.kubernetes.io/managed-by: Helm 17 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/bootstrap/metrics-server/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | helmCharts: 6 | - name: metrics-server 7 | repo: https://kubernetes-sigs.github.io/metrics-server 8 | version: 3.12.2 9 | releaseName: metrics-server 10 | namespace: kube-system 11 | valuesFile: values.yaml 12 | commonAnnotations: 13 | meta.helm.sh/release-name: metrics-server 14 | meta.helm.sh/release-namespace: kube-system 15 | commonLabels: 16 | app.kubernetes.io/managed-by: Helm 17 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/bootstrap/metrics-server/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | metrics: 3 | enabled: false 4 | serviceMonitor: 5 | enabled: false 6 | -------------------------------------------------------------------------------- /kubernetes/talos-flux/flux/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - flux-sync.yaml 7 | --------------------------------------------------------------------------------