├── .editorconfig ├── .gitattributes ├── .github ├── CODEOWNERS ├── labeler.yaml ├── labels.yaml ├── release.yaml ├── renovate.json5 ├── renovate │ ├── allowedVersions.json5 │ ├── autoMerge.json5 │ ├── customManagers.json5 │ ├── grafanaDashboards.json5 │ ├── groups.json5 │ ├── labels.json5 │ ├── packageRules.json5 │ └── semanticCommits.json5 └── workflows │ ├── flux-check.yaml │ ├── helm-repository-sync.yaml │ ├── label-sync.yaml │ ├── labeler.yaml │ ├── pre-pull-images.yaml │ ├── release.yaml │ ├── renovate.yaml │ └── schemas.yaml ├── .gitignore ├── .minijinja.toml ├── .mise.toml ├── .taskfiles ├── bootstrap │ └── Taskfile.yaml ├── kubernetes │ └── Taskfile.yaml ├── synology │ └── Taskfile.yaml ├── talos │ └── Taskfile.yaml └── volsync │ ├── Taskfile.yaml │ └── resources │ ├── replicationdestination.yaml.j2 │ └── unlock.yaml.j2 ├── .vscode ├── extensions.json └── settings.json ├── LICENSE ├── README.md ├── Taskfile.yaml ├── docs └── assets │ └── network-diagram.excalidraw.svg ├── kubernetes ├── apps │ ├── ai │ │ ├── kustomization.yaml │ │ └── local-ai │ │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ ├── cert-manager │ │ ├── cert-manager │ │ │ ├── app │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ └── prometheusrule.yaml │ │ │ ├── issuers │ │ │ │ ├── clusterissuer.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── ks.yaml │ │ │ └── tls │ │ │ │ ├── certificates.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pushsecret.yaml │ │ └── kustomization.yaml │ ├── database │ │ ├── cloudnative-pg │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── cluster │ │ │ │ ├── cluster.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── prometheusrule.yaml │ │ │ │ ├── scheduledbackup.yaml │ │ │ │ └── service.yaml │ │ │ └── ks.yaml │ │ ├── dragonfly │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── rbac.yaml │ │ │ ├── cluster │ │ │ │ ├── cluster.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── podmonitor.yaml │ │ │ └── ks.yaml │ │ └── kustomization.yaml │ ├── downloads │ │ ├── autobrr │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ │ ├── grafana-dashboard.json │ │ │ │ │ └── lokirule.yaml │ │ │ └── ks.yaml │ │ ├── bazarr │ │ │ ├── hd │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── ks.yaml │ │ │ ├── resources │ │ │ │ └── subcleaner.sh │ │ │ └── uhd │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ ├── cross-seed │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ │ ├── config.js │ │ │ │ │ └── lokirule.yaml │ │ │ └── ks.yaml │ │ ├── flaresolverr │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── lidarr │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── pvc.yaml │ │ │ │ └── scripts │ │ │ │ │ └── notify-pushover.sh │ │ │ └── ks.yaml │ │ ├── omegabrr │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── openbooks │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── prowlarr │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── qbittorrent │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ │ ├── lokirule.yaml │ │ │ │ │ └── post-process.sh │ │ │ ├── ks.yaml │ │ │ └── tools │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ └── config.yaml │ │ ├── radarr │ │ │ ├── app │ │ │ │ ├── hd │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── pvc.yaml │ │ │ │ ├── scripts │ │ │ │ │ └── notify-pushover.sh │ │ │ │ └── uhd │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── pvc.yaml │ │ │ └── ks.yaml │ │ ├── recyclarr │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ │ └── recyclarr.yml │ │ │ └── ks.yaml │ │ ├── sonarr │ │ │ ├── app │ │ │ │ ├── hd │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── pvc.yaml │ │ │ │ ├── scripts │ │ │ │ │ ├── notify-pushover.sh │ │ │ │ │ ├── refresh-tba.sh │ │ │ │ │ └── tag-codec.sh │ │ │ │ └── uhd │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── pvc.yaml │ │ │ └── ks.yaml │ │ ├── unpackerr │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ └── whisparr │ │ │ ├── app │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ ├── external-secrets │ │ ├── external-secrets │ │ │ ├── app │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── kustomizeconfig.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ └── onepassword │ │ │ ├── app │ │ │ ├── clustersecretstore.yaml │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ ├── flux-system │ │ ├── flux-operator │ │ │ ├── app │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── kustomizeconfig.yaml │ │ │ ├── instance │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ ├── prometheusrule.yaml │ │ │ │ └── webhook │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── gatus-config.yaml │ │ │ │ │ ├── ingress.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── receiver.yaml │ │ │ └── ks.yaml │ │ └── kustomization.yaml │ ├── kube-system │ │ ├── cilium │ │ │ ├── app │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── kustomizeconfig.yaml │ │ │ ├── config │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── l2.yaml │ │ │ │ ├── l3.yaml │ │ │ │ ├── node-europa.yaml │ │ │ │ ├── pool.yaml │ │ │ │ └── vip.yaml │ │ │ └── ks.yaml │ │ ├── coredns │ │ │ ├── app │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── kustomizeconfig.yaml │ │ │ └── ks.yaml │ │ ├── descheduler │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── generic-device-plugin │ │ │ ├── app │ │ │ │ ├── config │ │ │ │ │ └── config.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── intel-device-plugin │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── gpu │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── irqbalance │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kubelet-csr-approver │ │ │ ├── app │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── kustomizeconfig.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── metrics-server │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── nfs-subdir-external-provisioner │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── node-feature-discovery │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── features │ │ │ │ ├── google-coral.yaml │ │ │ │ ├── intel-gpu.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── node-problem-detector │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── nvidia-device-plugin │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── runtimeclass.yaml │ │ │ └── ks.yaml │ │ ├── reloader │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── snapshot-controller │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── spegel │ │ │ ├── app │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── kustomizeconfig.yaml │ │ │ └── ks.yaml │ │ └── synology-csi-driver │ │ │ ├── app │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ ├── media │ │ ├── calibre-web │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── maintainerr │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── overseerr │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── plex │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── pvc.yaml │ │ │ │ └── resources │ │ │ │ │ └── lokirule.yaml │ │ │ └── ks.yaml │ │ ├── stash │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ └── ks.yaml │ │ ├── steam │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ └── ks.yaml │ │ ├── tautulli │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ └── ks.yaml │ │ └── wizarr │ │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ ├── network │ │ ├── cloudflared │ │ │ ├── app │ │ │ │ ├── configs │ │ │ │ │ └── config.yaml │ │ │ │ ├── dnsendpoint.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── echo-server │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── external-dns │ │ │ ├── cloudflare │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── ks.yaml │ │ │ └── unifi │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ ├── ingress-nginx │ │ │ ├── external │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── internal │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ └── tailscale-operator │ │ │ ├── app │ │ │ ├── clusterrolebinding.yaml │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── proxyclass.yaml │ │ │ └── ks.yaml │ ├── observability │ │ ├── gatus │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── rbac.yaml │ │ │ │ └── resources │ │ │ │ │ └── config.yaml │ │ │ └── ks.yaml │ │ ├── grafana │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kromgo │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ │ └── config.yaml │ │ │ └── ks.yaml │ │ ├── kube-prometheus-stack │ │ │ ├── app │ │ │ │ ├── alertmanagerconfig.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── scrapeconfigs │ │ │ │ │ └── minio.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── loki │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── promtail │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── snmp-exporter │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── prometheusrule.yaml │ │ │ │ └── resources │ │ │ │ │ └── snmp.yml │ │ │ └── ks.yaml │ │ └── unpoller │ │ │ ├── app │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ ├── openebs-system │ │ ├── kustomization.yaml │ │ └── openebs │ │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ ├── rook-ceph │ │ ├── kustomization.yaml │ │ └── rook-ceph │ │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ ├── cluster │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ ├── self-hosted │ │ ├── atuin │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── hajimari │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── homebox │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── it-tools │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── mealie │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── nocodb │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── paperless │ │ │ ├── app │ │ │ │ ├── alertmanager.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ └── radicale │ │ │ ├── app │ │ │ ├── config │ │ │ │ └── config.cfg │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── kustomizeconfig.yaml │ │ │ └── ks.yaml │ ├── system-upgrade │ │ ├── kustomization.yaml │ │ ├── kustomizeconfig.yaml │ │ ├── system-upgrade-controller │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── rbac.yaml │ │ │ ├── ks.yaml │ │ │ └── plans │ │ │ │ ├── kubernetes.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── talos.yaml │ │ └── versions.env │ └── volsync-system │ │ ├── kustomization.yaml │ │ └── volsync │ │ ├── app │ │ ├── helmrelease.yaml │ │ ├── kustomization.yaml │ │ └── prometheusrule.yaml │ │ └── ks.yaml ├── bootstrap │ ├── .sourceignore │ ├── helmfile.yaml │ └── resources │ │ └── secrets.yaml.tpl ├── components │ ├── common │ │ ├── alerts │ │ │ ├── alertmanager │ │ │ │ ├── alert.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── provider.yaml │ │ │ ├── github │ │ │ │ ├── alert.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── provider.yaml │ │ │ └── kustomization.yaml │ │ ├── kustomization.yaml │ │ └── namespace.yaml │ ├── gatus │ │ ├── config.yaml │ │ └── kustomization.yaml │ └── volsync │ │ ├── b2.yaml │ │ ├── kustomization.yaml │ │ └── pvc.yaml └── flux │ ├── cluster │ └── ks.yaml │ └── meta │ ├── kustomization.yaml │ └── repositories │ ├── git │ └── kustomization.yaml │ ├── helm │ ├── backube.yaml │ ├── bjw-s.yaml │ ├── cilium.yaml │ ├── cloudnative-pg.yaml │ ├── controlplaneio.yaml │ ├── coredns.yaml │ ├── deliveryhero.yaml │ ├── descheduler.yaml │ ├── emqx.yaml │ ├── external-dns.yaml │ ├── external-secrets.yaml │ ├── go-skynet.yaml │ ├── grafana.yaml │ ├── hajimari-charts.yaml │ ├── ingress-nginx.yaml │ ├── intel.yaml │ ├── jetstack.yaml │ ├── k8s-gateway.yaml │ ├── kustomization.yaml │ ├── metrics-server.yaml │ ├── nfs-subdir-external-provisioner.yaml │ ├── node-feature-discovery.yaml │ ├── nvidia.yaml │ ├── openebs.yaml │ ├── piraeus.yaml │ ├── postfinance.yaml │ ├── prometheus-community.yaml │ ├── rook-ceph.yaml │ ├── spegel.yaml │ ├── stakater.yaml │ ├── synology-csi-talos.yaml │ └── tailscale.yaml │ ├── kustomization.yaml │ └── oci │ └── kustomization.yaml └── talos ├── controlplane ├── callisto.yaml ├── ganymede.yaml └── io.yaml ├── machineconfig.yaml.j2 └── worker └── europa.yaml /.editorconfig: -------------------------------------------------------------------------------- 1 | # editorconfig.org 2 | root = true 3 | 4 | [*] 5 | indent_style = space 6 | indent_size = 2 7 | end_of_line = lf 8 | charset = utf-8 9 | trim_trailing_whitespace = true 10 | insert_final_newline = true 11 | 12 | [Makefile] 13 | indent_style = space 14 | indent_size = 4 15 | 16 | [*.{bash,sh}] 17 | indent_style = space 18 | indent_size = 4 -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | * text=auto eol=lf 2 | *.yml linguist-detectable=true 3 | *.yml linguist-language=YAML 4 | *.yaml linguist-detectable=true 5 | *.yaml linguist-language=YAML 6 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @zebernst 2 | -------------------------------------------------------------------------------- /.github/labeler.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | area/docs: 3 | - changed-files: 4 | - any-glob-to-any-file: 5 | - "docs/**/*" 6 | - "README.md" 7 | area/github: 8 | - changed-files: 9 | - any-glob-to-any-file: ".github/**/*" 10 | area/kubernetes: 11 | - changed-files: 12 | - any-glob-to-any-file: "kubernetes/**/*" 13 | area/talos: 14 | - changed-files: 15 | - any-glob-to-any-file: "kubernetes/**/talos/*" 16 | area/taskfile: 17 | - changed-files: 18 | - any-glob-to-any-file: 19 | - ".taskfiles/**/*" 20 | - "Taskfile.yaml" 21 | -------------------------------------------------------------------------------- /.github/labels.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Area 3 | - { name: "area/docs", color: "0e8a16" } 4 | - { name: "area/github", color: "0e8a16" } 5 | - { name: "area/kubernetes", color: "0e8a16" } 6 | - { name: "area/taskfile", color: "0e8a16" } 7 | - { name: "area/talos", color: "0e8a16" } 8 | # Renovate 9 | - { name: "renovate/container", color: "027fa0" } 10 | - { name: "renovate/github-action", color: "027fa0" } 11 | - { name: "renovate/github-release", color: "027fa0" } 12 | - { name: "renovate/helm", color: "027fa0" } 13 | # Semantic Type 14 | - { name: "type/patch", color: "ffec19" } 15 | - { name: "type/minor", color: "ff9800" } 16 | - { name: "type/major", color: "f6412d" } 17 | - { name: "type/break", color: "f6412d" } 18 | # Uncategorized 19 | - { name: "hold", color: "ee0701" } 20 | -------------------------------------------------------------------------------- /.github/release.yaml: -------------------------------------------------------------------------------- 1 | changelog: 2 | exclude: 3 | authors: 4 | - renovate 5 | - botty-white 6 | -------------------------------------------------------------------------------- /.github/renovate/allowedVersions.json5: -------------------------------------------------------------------------------- 1 | { 2 | $schema: "https://docs.renovatebot.com/renovate-schema.json", 3 | packageRules: [ 4 | { 5 | matchDatasources: ["docker"], 6 | matchPackagePatterns: ["postgresql"], 7 | allowedVersions: "<=17", 8 | }, 9 | ], 10 | } 11 | -------------------------------------------------------------------------------- /.github/renovate/autoMerge.json5: -------------------------------------------------------------------------------- 1 | { 2 | $schema: "https://docs.renovatebot.com/renovate-schema.json", 3 | packageRules: [ 4 | { 5 | description: ["Auto-merge trusted container updates"], 6 | matchDatasources: ["docker"], 7 | automerge: true, 8 | automergeType: "branch", 9 | matchUpdateTypes: ["patch","digest"], 10 | matchPackagePatterns: [ 11 | "ghcr.io/zebernst", 12 | "ghcr.io/home-operations", 13 | ], 14 | }, 15 | { 16 | description: ["Auto-merge GitHub Actions"], 17 | matchManagers: ["github-actions"], 18 | matchDatasources: ["github-tags"], 19 | automerge: true, 20 | automergeType: "branch", 21 | matchUpdateTypes: ["minor", "patch", "digest"], 22 | }, 23 | { 24 | "description": "Auto-merge Helm Releases", 25 | "matchDatasources": ["helm", "docker"], 26 | "automerge": true, 27 | "automergeType": "pr", 28 | "matchUpdateTypes": ["minor", "patch"], 29 | "matchDepNames": ["kube-prometheus-stack"], 30 | "ignoreTests": false 31 | } 32 | ] 33 | } 34 | -------------------------------------------------------------------------------- /.github/renovate/customManagers.json5: -------------------------------------------------------------------------------- 1 | { 2 | $schema: "https://docs.renovatebot.com/renovate-schema.json", 3 | customManagers: [ 4 | { 5 | customType: "regex", 6 | description: ["Process annotated dependencies"], 7 | fileMatch: ["(^|/).+\\.ya?ml(?:\\.j2)?$"], 8 | matchStrings: [ 9 | // # renovate: datasource=github-releases depName=kubernetes/kubernetes 10 | // version: 1.29.1 11 | "datasource=(?\\S+) depName=(?\\S+)\\n.+ (?[v|\\d]\\S+)", 12 | // # renovate: datasource=github-releases depName=rancher/system-upgrade-controller 13 | // https://github.com/rancher/system-upgrade-controller/releases/download/v0.13.2/crd.yaml 14 | "datasource=(?\\S+) depName=(?\\S+)\\n.+/(?[v|\\d][^/]+)", 15 | ], 16 | datasourceTemplate: "{{#if datasource}}{{{datasource}}}{{else}}github-releases{{/if}}", 17 | }, 18 | ], 19 | } 20 | -------------------------------------------------------------------------------- /.github/renovate/labels.json5: -------------------------------------------------------------------------------- 1 | { 2 | $schema: "https://docs.renovatebot.com/renovate-schema.json", 3 | packageRules: [ 4 | { 5 | matchUpdateTypes: ["major"], 6 | labels: ["type/major"], 7 | }, 8 | { 9 | matchUpdateTypes: ["minor"], 10 | labels: ["type/minor"], 11 | }, 12 | { 13 | matchUpdateTypes: ["patch"], 14 | labels: ["type/patch"], 15 | }, 16 | { 17 | matchUpdateTypes: ["digest"], 18 | labels: ["type/digest"], 19 | }, 20 | { 21 | matchDatasources: ["docker"], 22 | addLabels: ["renovate/container"], 23 | }, 24 | { 25 | matchDatasources: ["helm"], 26 | addLabels: ["renovate/helm"], 27 | }, 28 | { 29 | matchDatasources: ["github-releases", "github-tags"], 30 | addLabels: ["renovate/github-release"], 31 | }, 32 | { 33 | matchManagers: ["github-actions"], 34 | addLabels: ["renovate/github-action"], 35 | }, 36 | ], 37 | } 38 | -------------------------------------------------------------------------------- /.github/renovate/packageRules.json5: -------------------------------------------------------------------------------- 1 | { 2 | $schema: "https://docs.renovatebot.com/renovate-schema.json", 3 | packageRules: [ 4 | { 5 | description: ["Loose versioning for non-semver packages"], 6 | matchDatasources: ["docker"], 7 | versioning: "loose", 8 | matchPackagePatterns: ["plex"], 9 | }, 10 | { 11 | description: ["Custom schedule for frequently updated container digests"], 12 | matchDatasources: ["docker"], 13 | matchPackagePatterns: ["postgresql"], 14 | matchUpdateTypes: ["digest"], 15 | schedule: ["every 3 months on the first day of the month"], 16 | }, 17 | ], 18 | } 19 | -------------------------------------------------------------------------------- /.github/workflows/label-sync.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Label Sync 3 | 4 | on: 5 | workflow_dispatch: 6 | schedule: 7 | - cron: "0 0 * * *" # Every day at midnight 8 | push: 9 | branches: ["main"] 10 | paths: [".github/labels.yaml"] 11 | 12 | jobs: 13 | labels: 14 | name: Sync Labels 15 | runs-on: ubuntu-latest 16 | steps: 17 | - name: Generate Token 18 | uses: actions/create-github-app-token@v2 19 | id: app-token 20 | with: 21 | app-id: "${{ secrets.BOT_APP_ID }}" 22 | private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" 23 | 24 | - name: Checkout 25 | uses: actions/checkout@v4 26 | with: 27 | sparse-checkout: .github/labels.yaml 28 | token: "${{ steps.app-token.outputs.token }}" 29 | 30 | - name: Sync Labels 31 | uses: EndBug/label-sync@v2 32 | with: 33 | config-file: .github/labels.yaml 34 | token: "${{ steps.app-token.outputs.token }}" 35 | delete-other-labels: true 36 | -------------------------------------------------------------------------------- /.github/workflows/labeler.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Labeler 3 | 4 | on: 5 | workflow_dispatch: 6 | pull_request_target: 7 | branches: ["main"] 8 | 9 | jobs: 10 | labeler: 11 | name: Labeler 12 | runs-on: ubuntu-latest 13 | permissions: 14 | contents: read 15 | pull-requests: write 16 | steps: 17 | - name: Generate Token 18 | uses: actions/create-github-app-token@v2 19 | id: app-token 20 | with: 21 | app-id: "${{ secrets.BOT_APP_ID }}" 22 | private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" 23 | 24 | - name: Labeler 25 | uses: actions/labeler@v5 26 | with: 27 | configuration-path: .github/labeler.yaml 28 | repo-token: "${{ steps.app-token.outputs.token }}" 29 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Trash 2 | .DS_Store 3 | Thumbs.db 4 | # k8s 5 | kubeconfig 6 | talosconfig 7 | .decrypted~*.yaml 8 | .config.env 9 | *.agekey 10 | *.pub 11 | *.key 12 | # Taskfile 13 | .task 14 | # Brew 15 | Brewfile.lock.json 16 | # intellij 17 | .idea 18 | # wiki 19 | wiki 20 | -------------------------------------------------------------------------------- /.minijinja.toml: -------------------------------------------------------------------------------- 1 | autoescape = "none" 2 | newline = true 3 | trim-blocks = true 4 | lstrip-blocks = true 5 | env = true 6 | -------------------------------------------------------------------------------- /.mise.toml: -------------------------------------------------------------------------------- 1 | [env] 2 | KUBECONFIG = "{{config_root}}/kubernetes/kubeconfig" 3 | MINIJINJA_CONFIG_FILE = "{{config_root}}/.minijinja.toml" 4 | TALOSCONFIG = "{{config_root}}/talos/talosconfig" 5 | 6 | # Included file paths 7 | _.file = [ 8 | "{{config_root}}/kubernetes/apps/system-upgrade/versions.env" 9 | ] 10 | 11 | [tools] 12 | 1password-cli = "latest" 13 | age = "latest" 14 | "aqua:cert-manager/cmctl" = "latest" 15 | "aqua:cloudnative-pg/cloudnative-pg/kubectl-cnpg" = "latest" 16 | "aqua:elsesiy/kubectl-view-secret" = "latest" 17 | "aqua:kvaps/kubectl-node-shell" = "latest" 18 | cilium-cli = "latest" 19 | cloudflared = "latest" 20 | flux2 = "latest" 21 | gh = "latest" 22 | helm = "latest" 23 | helm-diff = "latest" 24 | helmfile = "latest" 25 | jq = "latest" 26 | k9s = "latest" 27 | krew = "latest" 28 | kubecolor = "latest" 29 | kubectl = "latest" 30 | kustomize = "latest" 31 | "pipx:allenporter/flux-local" = "latest" 32 | talhelper = "latest" 33 | talosctl = "latest" 34 | task = "latest" 35 | "ubi:clbx/kubectl-browse-pvc" = "latest" 36 | "ubi:mitsuhiko/minijinja" = { version = "latest", exe = "minijinja-cli" } 37 | "ubi:rook/kubectl-rook-ceph" = "latest" 38 | yq = "latest" 39 | -------------------------------------------------------------------------------- /.taskfiles/volsync/resources/replicationdestination.yaml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: volsync.backube/v1alpha1 3 | kind: ReplicationDestination 4 | metadata: 5 | name: {{ ENV.APP }}-manual 6 | namespace: {{ ENV.NS }} 7 | spec: 8 | trigger: 9 | manual: restore-once 10 | restic: 11 | repository: {{ ENV.APP }}-restic-secret 12 | destinationPVC: {{ ENV.CLAIM }} 13 | copyMethod: Direct 14 | storageClassName: {{ ENV.STORAGE_CLASS_NAME }} 15 | accessModes: {{ ENV.ACCESS_MODES }} 16 | previous: {{ ENV.PREVIOUS }} 17 | moverSecurityContext: 18 | runAsUser: {{ ENV.PUID }} 19 | runAsGroup: {{ ENV.PGID }} 20 | fsGroup: {{ ENV.PGID }} 21 | enableFileDeletion: true 22 | cleanupCachePVC: true 23 | cleanupTempPVC: true 24 | -------------------------------------------------------------------------------- /.taskfiles/volsync/resources/unlock.yaml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: batch/v1 3 | kind: Job 4 | metadata: 5 | name: volsync-unlock-{{ ENV.APP }} 6 | namespace: {{ ENV.NS }} 7 | spec: 8 | ttlSecondsAfterFinished: 3600 9 | template: 10 | spec: 11 | automountServiceAccountToken: false 12 | restartPolicy: OnFailure 13 | containers: 14 | - name: restic 15 | image: docker.io/restic/restic:latest 16 | args: ["unlock", "--remove-all"] 17 | envFrom: 18 | - secretRef: 19 | name: {{ ENV.APP }}-restic-secret 20 | resources: {} 21 | -------------------------------------------------------------------------------- /.vscode/extensions.json: -------------------------------------------------------------------------------- 1 | { 2 | "recommendations": [ 3 | "albert.TabOut", 4 | "britesnow.vscode-toggle-quotes", 5 | "fcrespo82.markdown-table-formatter", 6 | "mikestead.dotenv", 7 | "mitchdenny.ecdc", 8 | "will-stone.in-any-case", 9 | "EditorConfig.editorconfig", 10 | "PKief.material-icon-theme", 11 | "Gruntfuggly.todo-tree" 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /.vscode/settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "files.associations": { 3 | "*.json5": "jsonc" 4 | }, 5 | "yaml.schemas": { 6 | "Kubernetes": "./kubernetes/*.yaml" 7 | }, 8 | "vs-kubernetes": { 9 | "vs-kubernetes.kubeconfig": "./kubernetes/kubeconfig", 10 | "vs-kubernetes.knownKubeconfigs": [ 11 | "./kubernetes/kubeconfig" 12 | ] 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2025 zebernst 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /Taskfile.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://taskfile.dev/schema.json 3 | version: '3' 4 | 5 | set: [pipefail] 6 | shopt: [globstar] 7 | 8 | vars: 9 | KUBERNETES_DIR: '{{.ROOT_DIR}}/kubernetes' 10 | TALOS_DIR: '{{.ROOT_DIR}}/talos' 11 | 12 | dotenv: 13 | - '{{.KUBERNETES_DIR}}/apps/system-upgrade/versions.env' 14 | 15 | env: 16 | KUBECONFIG: '{{.KUBERNETES_DIR}}/kubeconfig' 17 | MINIJINJA_CONFIG_FILE: '{{.ROOT_DIR}}/.minijinja.toml' 18 | TALOSCONFIG: '{{.TALOS_DIR}}/talosconfig' 19 | 20 | includes: 21 | bootstrap: .taskfiles/bootstrap 22 | kubernetes: .taskfiles/kubernetes 23 | synology: .taskfiles/synology 24 | talos: .taskfiles/talos 25 | volsync: .taskfiles/volsync 26 | 27 | tasks: 28 | 29 | default: 30 | cmd: task --list 31 | silent: true 32 | -------------------------------------------------------------------------------- /kubernetes/apps/ai/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: ai 6 | components: 7 | - ../../components/common 8 | resources: 9 | - local-ai/ks.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/ai/local-ai/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - helmrelease.yaml 5 | -------------------------------------------------------------------------------- /kubernetes/apps/ai/local-ai/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app local-ai 7 | namespace: &ns ai 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | dependsOn: [] 14 | path: kubernetes/apps/ai/local-ai/app 15 | prune: true 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | namespace: flux-system 20 | wait: false 21 | interval: 30m 22 | retryInterval: 1m 23 | timeout: 5m 24 | postBuild: 25 | substitute: 26 | APP: *app 27 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/app/helm-values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | crds: 3 | enabled: true 4 | replicaCount: 1 5 | dns01RecursiveNameservers: https://1.1.1.1:443/dns-query,https://1.0.0.1:443/dns-query 6 | dns01RecursiveNameserversOnly: true 7 | prometheus: 8 | enabled: true 9 | servicemonitor: 10 | enabled: true 11 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: cert-manager 6 | spec: 7 | interval: 30m 8 | chart: 9 | spec: 10 | chart: cert-manager 11 | version: v1.17.2 12 | sourceRef: 13 | kind: HelmRepository 14 | name: jetstack 15 | namespace: flux-system 16 | install: 17 | remediation: 18 | retries: 3 19 | upgrade: 20 | cleanupOnFail: true 21 | remediation: 22 | retries: 3 23 | valuesFrom: 24 | - kind: ConfigMap 25 | name: cert-manager-helm-values 26 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | - prometheusrule.yaml 7 | configMapGenerator: 8 | - name: cert-manager-helm-values 9 | files: 10 | - values.yaml=./helm-values.yaml 11 | configurations: 12 | - kustomizeconfig.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/issuers/clusterissuer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: ClusterIssuer 3 | metadata: 4 | name: letsencrypt-production 5 | spec: 6 | acme: 7 | server: https://acme-v02.api.letsencrypt.org/directory 8 | email: "admin@zebernst.dev" 9 | privateKeySecretRef: 10 | name: letsencrypt-production 11 | solvers: 12 | - dns01: 13 | cloudflare: 14 | apiTokenSecretRef: 15 | name: cloudflare-issuer-secret 16 | key: CLOUDFLARE_API_TOKEN 17 | selector: 18 | dnsZones: ["zebernst.dev"] 19 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/issuers/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1beta1 4 | kind: ExternalSecret 5 | metadata: 6 | name: cloudflare-issuer 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: cloudflare-issuer-secret 13 | template: 14 | data: 15 | CLOUDFLARE_API_TOKEN: "{{ .CLOUDFLARE_API_TOKEN }}" 16 | dataFrom: 17 | - extract: 18 | key: cloudflare 19 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/issuers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - externalsecret.yaml 6 | - clusterissuer.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/tls/certificates.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/cert-manager.io/certificate_v1.json 3 | apiVersion: cert-manager.io/v1 4 | kind: Certificate 5 | metadata: 6 | name: zebernst-dev 7 | spec: 8 | secretName: zebernst-dev-tls 9 | issuerRef: 10 | name: letsencrypt-production 11 | kind: ClusterIssuer 12 | commonName: zebernst.dev 13 | dnsNames: 14 | - zebernst.dev 15 | - "*.zebernst.dev" 16 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/tls/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - certificates.yaml 7 | - pushsecret.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/tls/pushsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/pushsecret_v1alpha1.json 3 | apiVersion: external-secrets.io/v1alpha1 4 | kind: PushSecret 5 | metadata: 6 | name: zebernst-dev-tls 7 | spec: 8 | refreshInterval: 5m 9 | secretStoreRefs: 10 | - name: onepassword 11 | kind: ClusterSecretStore 12 | selector: 13 | secret: 14 | name: zebernst-dev-tls 15 | template: 16 | engineVersion: v2 17 | data: 18 | tls.crt: '{{ index . "tls.crt" | b64enc }}' 19 | tls.key: '{{ index . "tls.key" | b64enc }}' 20 | data: 21 | - match: 22 | secretKey: &key tls.crt 23 | remoteRef: 24 | remoteKey: zebernst-dev-tls 25 | property: *key 26 | - match: 27 | secretKey: &key tls.key 28 | remoteRef: 29 | remoteKey: zebernst-dev-tls 30 | property: *key 31 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: cert-manager 5 | components: 6 | - ../../components/common 7 | resources: 8 | - cert-manager/ks.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/database/cloudnative-pg/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1beta1 4 | kind: ExternalSecret 5 | metadata: 6 | name: cloudnative-pg 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: cloudnative-pg-secret 13 | template: 14 | engineVersion: v2 15 | metadata: 16 | labels: 17 | cnpg.io/reload: "true" 18 | data: 19 | - secretKey: username 20 | remoteRef: 21 | key: cloudnative-pg 22 | property: POSTGRES_SUPER_USER 23 | - secretKey: password 24 | remoteRef: 25 | key: cloudnative-pg 26 | property: POSTGRES_SUPER_PASS 27 | - secretKey: aws-access-key-id 28 | remoteRef: 29 | key: barman-b2-credentials 30 | property: AWS_ACCESS_KEY_ID 31 | - secretKey: aws-secret-access-key 32 | remoteRef: 33 | key: barman-b2-credentials 34 | property: AWS_SECRET_ACCESS_KEY 35 | -------------------------------------------------------------------------------- /kubernetes/apps/database/cloudnative-pg/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: cloudnative-pg 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: cloudnative-pg 12 | version: 0.23.2 13 | sourceRef: 14 | kind: HelmRepository 15 | name: cloudnative-pg 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | strategy: rollback 24 | retries: 3 25 | values: 26 | crds: 27 | create: true 28 | monitoring: 29 | podMonitorEnabled: true 30 | -------------------------------------------------------------------------------- /kubernetes/apps/database/cloudnative-pg/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/database/cloudnative-pg/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - cluster.yaml 7 | - scheduledbackup.yaml 8 | - prometheusrule.yaml 9 | - service.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/database/cloudnative-pg/cluster/scheduledbackup.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/postgresql.cnpg.io/scheduledbackup_v1.json 3 | apiVersion: postgresql.cnpg.io/v1 4 | kind: ScheduledBackup 5 | metadata: 6 | name: redspot 7 | spec: 8 | schedule: "@daily" 9 | immediate: true 10 | backupOwnerReference: self 11 | cluster: 12 | name: redspot 13 | -------------------------------------------------------------------------------- /kubernetes/apps/database/cloudnative-pg/cluster/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: redspot-lb 6 | annotations: 7 | external-dns.alpha.kubernetes.io/hostname: redspot.internal 8 | spec: 9 | type: LoadBalancer 10 | ports: 11 | - name: postgres 12 | port: 5432 13 | protocol: TCP 14 | targetPort: 5432 15 | selector: 16 | cnpg.io/cluster: redspot 17 | cnpg.io/instanceRole: primary 18 | -------------------------------------------------------------------------------- /kubernetes/apps/database/dragonfly/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # renovate: datasource=github-releases depName=dragonflydb/dragonfly-operator 6 | - https://raw.githubusercontent.com/dragonflydb/dragonfly-operator/v1.1.11/manifests/crd.yaml 7 | - helmrelease.yaml 8 | - rbac.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/database/dragonfly/cluster/cluster.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: dragonflydb.io/v1alpha1 3 | kind: Dragonfly 4 | metadata: 5 | name: &cluster hindwing 6 | spec: 7 | image: ghcr.io/dragonflydb/dragonfly:v1.29.0 8 | replicas: 3 9 | args: 10 | - --maxmemory=$(MAX_MEMORY)Mi 11 | - --proactor_threads=2 12 | - --cluster_mode=emulated 13 | - --lock_on_hashtags 14 | env: 15 | - name: MAX_MEMORY 16 | valueFrom: 17 | resourceFieldRef: 18 | resource: limits.memory 19 | divisor: 1Mi 20 | resources: 21 | requests: 22 | cpu: 100m 23 | limits: 24 | memory: 512Mi 25 | # snapshot: 26 | # dir: s3:// 27 | serviceSpec: 28 | type: LoadBalancer 29 | annotations: 30 | external-dns.alpha.kubernetes.io/hostname: redis.internal 31 | topologySpreadConstraints: 32 | - maxSkew: 1 33 | topologyKey: kubernetes.io/hostname 34 | whenUnsatisfiable: DoNotSchedule 35 | labelSelector: 36 | matchLabels: 37 | app: *cluster 38 | -------------------------------------------------------------------------------- /kubernetes/apps/database/dragonfly/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - cluster.yaml 6 | - podmonitor.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/database/dragonfly/cluster/podmonitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PodMonitor 4 | metadata: 5 | name: hindwing 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: hindwing 10 | podTargetLabels: 11 | - app 12 | podMetricsEndpoints: 13 | - port: admin 14 | -------------------------------------------------------------------------------- /kubernetes/apps/database/dragonfly/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: &app dragonfly 6 | namespace: &ns database 7 | spec: 8 | targetNamespace: *ns 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | path: kubernetes/apps/database/dragonfly/app 13 | prune: true 14 | sourceRef: 15 | kind: GitRepository 16 | name: flux-system 17 | namespace: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | --- 23 | apiVersion: kustomize.toolkit.fluxcd.io/v1 24 | kind: Kustomization 25 | metadata: 26 | name: &app dragonfly-cluster 27 | namespace: &ns database 28 | spec: 29 | targetNamespace: *ns 30 | commonMetadata: 31 | labels: 32 | app.kubernetes.io/name: *app 33 | dependsOn: 34 | - name: dragonfly 35 | path: kubernetes/apps/database/dragonfly/cluster 36 | prune: true 37 | sourceRef: 38 | kind: GitRepository 39 | name: flux-system 40 | namespace: flux-system 41 | wait: true 42 | interval: 30m 43 | retryInterval: 1m 44 | timeout: 5m 45 | -------------------------------------------------------------------------------- /kubernetes/apps/database/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: database 6 | components: 7 | - ../../components/common 8 | resources: 9 | - cloudnative-pg/ks.yaml 10 | - dragonfly/ks.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/autobrr/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1beta1 4 | kind: ExternalSecret 5 | metadata: 6 | name: autobrr 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: autobrr-secret 13 | template: 14 | engineVersion: v2 15 | data: 16 | AUTOBRR__DATABASE_TYPE: postgres 17 | AUTOBRR__POSTGRES_DATABASE: &dbName autobrr 18 | AUTOBRR__POSTGRES_HOST: &dbHost redspot-rw.database.svc.cluster.local 19 | AUTOBRR__POSTGRES_USER: &dbUser "{{ .AUTOBRR_POSTGRES_USER }}" 20 | AUTOBRR__POSTGRES_PASS: &dbPass "{{ .AUTOBRR_POSTGRES_PASS }}" 21 | AUTOBRR__POSTGRES_PORT: "5432" 22 | AUTOBRR__SESSION_SECRET: "{{ .AUTOBRR_SESSION_SECRET }}" 23 | INIT_POSTGRES_DBNAME: *dbName 24 | INIT_POSTGRES_HOST: *dbHost 25 | INIT_POSTGRES_USER: *dbUser 26 | INIT_POSTGRES_PASS: *dbPass 27 | INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}" 28 | dataFrom: 29 | - extract: 30 | key: autobrr 31 | - extract: 32 | key: cloudnative-pg 33 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/autobrr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | configMapGenerator: 9 | - name: autobrr-loki-rules 10 | files: 11 | - autobrr.yaml=resources/lokirule.yaml 12 | options: 13 | labels: 14 | loki_rule: "true" 15 | - name: autobrr-grafana-dashboard 16 | files: 17 | - autobrr.json=resources/grafana-dashboard.json 18 | options: 19 | annotations: 20 | grafana_folder: "Media" 21 | labels: 22 | grafana_dashboard: "true" 23 | generatorOptions: 24 | disableNameSuffixHash: true 25 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/autobrr/app/resources/lokirule.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | groups: 3 | - name: autobrr 4 | rules: 5 | - alert: AutobrrNetworkUnhealthy 6 | expr: | 7 | sum by (app) (count_over_time({app="autobrr"} |~ "(?i)network unhealthy"[2m])) > 0 8 | for: 2m 9 | labels: 10 | severity: critical 11 | category: logs 12 | annotations: 13 | app: "{{ $labels.app }}" 14 | summary: "{{ $labels.app }} has a unhealthy network" 15 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/autobrr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app autobrr 7 | namespace: &ns downloads 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | dependsOn: 14 | - name: cloudnative-pg-cluster 15 | namespace: database 16 | - name: onepassword 17 | namespace: external-secrets 18 | path: kubernetes/apps/downloads/autobrr/app 19 | prune: true 20 | sourceRef: 21 | kind: GitRepository 22 | name: flux-system 23 | namespace: flux-system 24 | wait: false 25 | interval: 30m 26 | retryInterval: 1m 27 | timeout: 5m 28 | postBuild: 29 | substitute: 30 | APP: *app 31 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/bazarr/hd/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1beta1 4 | kind: ExternalSecret 5 | metadata: 6 | name: bazarr 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: bazarr-secret 13 | template: 14 | engineVersion: v2 15 | data: 16 | PLEX_TOKEN: "{{ .PLEX_TOKEN }}" 17 | dataFrom: 18 | - extract: 19 | key: plex 20 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/bazarr/hd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | configMapGenerator: 9 | - name: bazarr-scripts 10 | files: 11 | - subcleaner.sh=../resources/subcleaner.sh 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | annotations: 15 | kustomize.toolkit.fluxcd.io/substitute: disabled 16 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/bazarr/resources/subcleaner.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | printf "Cleaning subtitles for '%s' ...\n" "$1" 4 | python3 /add-ons/subcleaner/subcleaner.py "$1" -s 5 | 6 | case $1 in 7 | *movies*) section="1";; 8 | *shows*) section="2";; 9 | esac 10 | 11 | if [[ -n "$section" ]]; then 12 | printf "Refreshing Plex section '%s' for '%s' ...\n" "$section" "$(dirname "$1")" 13 | /usr/bin/curl -I -X GET -G \ 14 | --data-urlencode "path=$(dirname "$1")" \ 15 | --data-urlencode "X-Plex-Token=${PLEX_TOKEN}" \ 16 | --no-progress-meter \ 17 | "http://plex.default.svc.cluster.local:32400/library/sections/${section}/refresh" 18 | fi 19 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/bazarr/uhd/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1beta1 4 | kind: ExternalSecret 5 | metadata: 6 | name: bazarr-uhd 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: bazarr-uhd-secret 13 | template: 14 | engineVersion: v2 15 | data: 16 | PLEX_TOKEN: "{{ .PLEX_TOKEN }}" 17 | dataFrom: 18 | - extract: 19 | key: plex 20 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/bazarr/uhd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | configMapGenerator: 9 | - name: bazarr-uhd-scripts 10 | files: 11 | - subcleaner.sh=../resources/subcleaner.sh 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | annotations: 15 | kustomize.toolkit.fluxcd.io/substitute: disabled 16 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/cross-seed/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1beta1 4 | kind: ExternalSecret 5 | metadata: 6 | name: cross-seed 7 | spec: 8 | refreshInterval: 5m 9 | secretStoreRef: 10 | kind: ClusterSecretStore 11 | name: onepassword 12 | target: 13 | name: cross-seed-secret 14 | template: 15 | engineVersion: v2 16 | data: 17 | CROSS_SEED_API_KEY: "{{ .CROSS_SEED_API_KEY }}" 18 | PROWLARR_API_KEY: "{{ .PROWLARR_API_KEY }}" 19 | SONARR_API_KEY: "{{ .SONARR_API_KEY }}" 20 | RADARR_API_KEY: "{{ .RADARR_API_KEY }}" 21 | dataFrom: 22 | - extract: 23 | key: cross-seed 24 | - extract: 25 | key: radarr 26 | - extract: 27 | key: sonarr 28 | - extract: 29 | key: prowlarr 30 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/cross-seed/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | configMapGenerator: 9 | - name: cross-seed-configmap 10 | files: 11 | - resources/config.js 12 | - name: cross-seed-loki-rules 13 | files: 14 | - resources/lokirule.yaml 15 | options: 16 | labels: 17 | loki_rule: "true" 18 | generatorOptions: 19 | disableNameSuffixHash: true 20 | annotations: 21 | kustomize.toolkit.fluxcd.io/substitute: disabled 22 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/cross-seed/app/resources/lokirule.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | groups: 3 | - name: cross-seed 4 | rules: 5 | - alert: CrossSeedDatabaseMalformed 6 | expr: | 7 | sum by (app) (count_over_time({app="cross-seed"} |~ "(?i)database disk image is malformed"[1h])) > 0 8 | for: 2m 9 | labels: 10 | severity: critical 11 | category: logs 12 | annotations: 13 | app: "{{ $labels.container }}" 14 | summary: "{{ $labels.container }} is experiencing database issues" 15 | - alert: CrossSeedFailedToInject 16 | expr: | 17 | sum by (app) (count_over_time({app="cross-seed"} |~ "(?i)failed to inject"[1h])) > 0 18 | for: 2m 19 | labels: 20 | severity: critical 21 | category: logs 22 | annotations: 23 | app: "{{ $labels.container }}" 24 | summary: "{{ $labels.container }} failed to inject a torrent" 25 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/cross-seed/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app cross-seed 7 | namespace: &ns downloads 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | components: 14 | - ../../../../components/volsync 15 | dependsOn: 16 | - name: onepassword 17 | namespace: external-secrets 18 | - name: rook-ceph-cluster 19 | namespace: rook-ceph 20 | - name: volsync 21 | namespace: volsync-system 22 | path: kubernetes/apps/downloads/cross-seed/app 23 | prune: true 24 | sourceRef: 25 | kind: GitRepository 26 | name: flux-system 27 | namespace: flux-system 28 | wait: false 29 | interval: 30m 30 | retryInterval: 1m 31 | timeout: 5m 32 | postBuild: 33 | substitute: 34 | APP: *app 35 | VOLSYNC_CAPACITY: 5Gi 36 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/flaresolverr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/flaresolverr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app flaresolverr 7 | namespace: &ns downloads 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: kubernetes/apps/downloads/flaresolverr/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | wait: false 20 | interval: 30m 21 | retryInterval: 1m 22 | timeout: 5m 23 | postBuild: 24 | substitute: 25 | APP: *app 26 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: downloads 6 | components: 7 | - ../../components/common 8 | resources: 9 | - autobrr/ks.yaml 10 | - bazarr/ks.yaml 11 | - cross-seed/ks.yaml 12 | - flaresolverr/ks.yaml 13 | - lidarr/ks.yaml 14 | - omegabrr/ks.yaml 15 | - openbooks/ks.yaml 16 | - prowlarr/ks.yaml 17 | - qbittorrent/ks.yaml 18 | - radarr/ks.yaml 19 | - recyclarr/ks.yaml 20 | - sonarr/ks.yaml 21 | - unpackerr/ks.yaml 22 | - whisparr/ks.yaml 23 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/lidarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | - pvc.yaml 9 | configMapGenerator: 10 | - name: lidarr-configmap 11 | files: 12 | - notify-pushover.sh=scripts/notify-pushover.sh 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | annotations: 16 | kustomize.toolkit.fluxcd.io/substitute: disabled 17 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/lidarr/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: lidarr-cache 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 30Gi 11 | storageClassName: ceph-block 12 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/lidarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app lidarr 7 | namespace: &ns downloads 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | dependsOn: 14 | - name: cloudnative-pg-cluster 15 | namespace: database 16 | - name: onepassword 17 | namespace: external-secrets 18 | - name: rook-ceph-cluster 19 | namespace: rook-ceph 20 | path: kubernetes/apps/downloads/lidarr/app 21 | prune: true 22 | sourceRef: 23 | kind: GitRepository 24 | name: flux-system 25 | namespace: flux-system 26 | wait: false 27 | interval: 30m 28 | retryInterval: 1m 29 | timeout: 5m 30 | postBuild: 31 | substitute: 32 | APP: *app 33 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/omegabrr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: downloads 6 | resources: 7 | - externalsecret.yaml 8 | - helmrelease.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/omegabrr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app omegabrr 7 | namespace: &ns downloads 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | dependsOn: 14 | - name: onepassword 15 | namespace: external-secrets 16 | path: kubernetes/apps/downloads/omegabrr/app 17 | prune: true 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | wait: false 23 | interval: 30m 24 | retryInterval: 1m 25 | timeout: 5m 26 | postBuild: 27 | substitute: 28 | APP: *app 29 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/openbooks/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1beta1 4 | kind: ExternalSecret 5 | metadata: 6 | name: openbooks 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: openbooks-secret 13 | template: 14 | engineVersion: v2 15 | data: 16 | OPENBOOKS_IRC_NICK: "{{ .OPENBOOKS_IRC_NICK }}" 17 | dataFrom: 18 | - extract: 19 | key: openbooks 20 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/openbooks/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/openbooks/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app openbooks 7 | namespace: &ns downloads 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | dependsOn: 14 | - name: onepassword 15 | namespace: external-secrets 16 | path: kubernetes/apps/downloads/openbooks/app 17 | prune: true 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | wait: false 23 | interval: 30m 24 | timeout: 5m 25 | postBuild: 26 | substitute: 27 | APP: *app 28 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/prowlarr/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1beta1 4 | kind: ExternalSecret 5 | metadata: 6 | name: prowlarr 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: prowlarr-secret 13 | template: 14 | engineVersion: v2 15 | data: 16 | PROWLARR__AUTH__APIKEY: "{{ .PROWLARR_API_KEY }}" 17 | PROWLARR__POSTGRES__HOST: &dbHost redspot-rw.database.svc.cluster.local 18 | PROWLARR__POSTGRES__PORT: "5432" 19 | PROWLARR__POSTGRES__USER: &dbUser "{{ .PROWLARR_POSTGRES_USER }}" 20 | PROWLARR__POSTGRES__PASSWORD: &dbPass "{{ .PROWLARR_POSTGRES_PASSWORD }}" 21 | PROWLARR__POSTGRES__MAINDB: &dbName prowlarr 22 | INIT_POSTGRES_DBNAME: *dbName 23 | INIT_POSTGRES_HOST: *dbHost 24 | INIT_POSTGRES_USER: *dbUser 25 | INIT_POSTGRES_PASS: *dbPass 26 | INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}" 27 | dataFrom: 28 | - extract: 29 | key: prowlarr 30 | - extract: 31 | key: cloudnative-pg 32 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/prowlarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/prowlarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app prowlarr 7 | namespace: &ns downloads 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | dependsOn: 14 | - name: cloudnative-pg-cluster 15 | namespace: database 16 | - name: onepassword 17 | namespace: external-secrets 18 | path: kubernetes/apps/downloads/prowlarr/app 19 | prune: true 20 | sourceRef: 21 | kind: GitRepository 22 | name: flux-system 23 | namespace: flux-system 24 | wait: false 25 | interval: 30m 26 | retryInterval: 1m 27 | timeout: 5m 28 | postBuild: 29 | substitute: 30 | APP: *app 31 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/qbittorrent/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1beta1 4 | kind: ExternalSecret 5 | metadata: 6 | name: qbittorrent 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: qbittorrent-secret 13 | template: 14 | engineVersion: v2 15 | data: 16 | CROSS_SEED_API_KEY: "{{ .CROSS_SEED_API_KEY }}" 17 | PUSHOVER_TOKEN: "{{ .QBITTORRENT_PUSHOVER_TOKEN }}" 18 | PUSHOVER_USER_KEY: "{{ .PUSHOVER_USER_KEY }}" 19 | dataFrom: 20 | - extract: 21 | key: cross-seed 22 | - extract: 23 | key: pushover 24 | - extract: 25 | key: qbittorrent 26 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/qbittorrent/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | configMapGenerator: 9 | - name: qbittorrent-loki-rules 10 | files: 11 | - qbittorrent.yaml=resources/lokirule.yaml 12 | options: 13 | labels: 14 | loki_rule: "true" 15 | - name: qbittorrent-scripts 16 | files: 17 | - post-process.sh=resources/post-process.sh 18 | generatorOptions: 19 | disableNameSuffixHash: true 20 | annotations: 21 | kustomize.toolkit.fluxcd.io/substitute: disabled 22 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/qbittorrent/app/resources/lokirule.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | groups: 3 | - name: qbittorrent 4 | rules: 5 | - alert: QbittorrentFastResumeRejected 6 | expr: | 7 | sum by (app) (count_over_time({app="qbittorrent"} |~ "(?i)fast resume rejected"[1h])) > 0 8 | for: 2m 9 | labels: 10 | severity: critical 11 | category: logs 12 | annotations: 13 | app: "{{ $labels.container }}" 14 | summary: "{{ $labels.container }} has a torrent with fast resume rejected" 15 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/qbittorrent/tools/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | configMapGenerator: 7 | - name: qbtools-configmap 8 | files: 9 | - resources/config.yaml 10 | generatorOptions: 11 | disableNameSuffixHash: true 12 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/qbittorrent/tools/resources/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | trackers: 3 | - { name: gt, required_seed_ratio: 1.01, required_seed_days: 0, urls: ["gaytor.rent"] } 4 | - { name: hds, required_seed_ratio: 0, required_seed_days: 7.3, urls: ["hd-space.pw"] } 5 | - { name: huno, required_seed_ratio: 1.01, required_seed_days: 5.3, urls: ["hawke.uno"] } 6 | - { name: jptv, required_seed_ratio: 1.01, required_seed_days: 7.3, urls: ["jptv.club"] } 7 | - { name: lst, required_seed_ratio: 0, required_seed_days: 3.3, urls: ["lst.gg"]} 8 | - { name: mlk, required_seed_ratio: 1.01, required_seed_days: 7.3, urls: ["milkie.cc"] } 9 | - { name: oe, required_seed_ratio: 0, required_seed_days: 2.3, urls: ["onlyencodes.cc"] } 10 | - { name: ot, required_seed_ratio: 0.41, required_seed_days: 2.3, urls: ["oldtoons.world"] } 11 | - { name: ptp, required_seed_ratio: 1.01, required_seed_days: 7.3, urls: ["passthepopcorn.me"] } 12 | - { name: sp, required_seed_ratio: 1.01, required_seed_days: 10.3, urls: ["seedpool.org"] } 13 | - { name: tl, required_seed_ratio: 1.01, required_seed_days: 8.3, urls: ["tleechreload.org", "torrentleech.org"] } 14 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/radarr/app/hd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | - pvc.yaml 9 | configMapGenerator: 10 | - name: radarr-configmap 11 | files: 12 | - notify-pushover.sh=../scripts/notify-pushover.sh 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | annotations: 16 | kustomize.toolkit.fluxcd.io/substitute: disabled 17 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/radarr/app/hd/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: radarr-cache 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 30Gi 11 | storageClassName: ceph-block 12 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/radarr/app/uhd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | - pvc.yaml 9 | configMapGenerator: 10 | - name: radarr-uhd-configmap 11 | files: 12 | - notify-pushover.sh=../scripts/notify-pushover.sh 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | annotations: 16 | kustomize.toolkit.fluxcd.io/substitute: disabled 17 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/radarr/app/uhd/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: radarr-uhd-cache 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 30Gi 11 | storageClassName: ceph-block 12 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/recyclarr/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1beta1 4 | kind: ExternalSecret 5 | metadata: 6 | name: recyclarr 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: recyclarr-secret 13 | template: 14 | engineVersion: v2 15 | data: 16 | RADARR_API_KEY: "{{ .RADARR_API_KEY }}" 17 | SONARR_API_KEY: "{{ .SONARR_API_KEY }}" 18 | dataFrom: 19 | - extract: 20 | key: radarr 21 | - extract: 22 | key: sonarr 23 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/recyclarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | configMapGenerator: 9 | - name: recyclarr-configmap 10 | files: 11 | - recyclarr.yml=resources/recyclarr.yml 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/recyclarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app recyclarr 7 | namespace: &ns downloads 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | dependsOn: 14 | - name: onepassword 15 | namespace: external-secrets 16 | path: kubernetes/apps/downloads/recyclarr/app 17 | prune: true 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | wait: false 23 | interval: 30m 24 | retryInterval: 1m 25 | timeout: 5m 26 | postBuild: 27 | substitute: 28 | APP: *app 29 | VOLSYNC_CAPACITY: 1Gi 30 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/sonarr/app/hd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | - pvc.yaml 9 | configMapGenerator: 10 | - name: sonarr-configmap 11 | files: 12 | - notify-pushover.sh=../scripts/notify-pushover.sh 13 | - refresh-tba.sh=../scripts/refresh-tba.sh 14 | - tag-codec.sh=../scripts/tag-codec.sh 15 | generatorOptions: 16 | disableNameSuffixHash: true 17 | annotations: 18 | kustomize.toolkit.fluxcd.io/substitute: disabled 19 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/sonarr/app/hd/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: sonarr-cache 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 30Gi 11 | storageClassName: ceph-block 12 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/sonarr/app/scripts/refresh-tba.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | CURL_CMD=("curl" "-fsSL" "--header" "X-Api-Key: ${SONARR__AUTH__APIKEY:-}") 5 | SONARR_API_URL="http://localhost:${SONARR__SERVER__PORT:-}/api/v3" 6 | 7 | if [[ "${sonarr_eventtype:-}" == "Grab" ]]; then 8 | tba=$("${CURL_CMD[@]}" "${SONARR_API_URL}/episode?seriesId=${sonarr_series_id:-}" | jq --raw-output ' 9 | [.[] | select((.title == "TBA") or (.title == "TBD"))] | length 10 | ') 11 | 12 | if (( tba > 0 )); then 13 | echo "INFO: Refreshing series ${sonarr_series_id:-} due to TBA/TBD episodes found" 14 | "${CURL_CMD[@]}" \ 15 | --request POST \ 16 | --header "Content-Type: application/json" \ 17 | --data-binary '{"name": "RefreshSeries", "seriesId": '"${sonarr_series_id:-}"'}' \ 18 | "${SONARR_API_URL}/command" &>/dev/null 19 | fi 20 | fi 21 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/sonarr/app/uhd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | - pvc.yaml 9 | configMapGenerator: 10 | - name: sonarr-uhd-configmap 11 | files: 12 | - notify-pushover.sh=../scripts/notify-pushover.sh 13 | - refresh-tba.sh=../scripts/refresh-tba.sh 14 | - tag-codec.sh=../scripts/tag-codec.sh 15 | generatorOptions: 16 | disableNameSuffixHash: true 17 | annotations: 18 | kustomize.toolkit.fluxcd.io/substitute: disabled 19 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/sonarr/app/uhd/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: sonarr-uhd-cache 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 30Gi 11 | storageClassName: ceph-block 12 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/unpackerr/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1beta1 4 | kind: ExternalSecret 5 | metadata: 6 | name: unpackerr 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: unpackerr-secret 13 | template: 14 | engineVersion: v2 15 | data: 16 | UN_LIDARR_0_API_KEY: "{{ .LIDARR_API_KEY }}" 17 | UN_RADARR_0_API_KEY: "{{ .RADARR_API_KEY }}" 18 | UN_RADARR_1_API_KEY: "{{ .RADARR_API_KEY }}" 19 | UN_SONARR_0_API_KEY: "{{ .SONARR_API_KEY }}" 20 | UN_SONARR_1_API_KEY: "{{ .SONARR_API_KEY }}" 21 | UN_WHISPARR_0_API_KEY: "{{ .WHISPARR_API_KEY }}" 22 | dataFrom: 23 | - extract: 24 | key: lidarr 25 | - extract: 26 | key: radarr 27 | - extract: 28 | key: sonarr 29 | - extract: 30 | key: whisparr 31 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/unpackerr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/unpackerr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app unpackerr 7 | namespace: &ns downloads 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | dependsOn: 14 | - name: onepassword 15 | namespace: external-secrets 16 | path: kubernetes/apps/downloads/unpackerr/app 17 | prune: true 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | wait: false 23 | interval: 30m 24 | retryInterval: 1m 25 | timeout: 5m 26 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/whisparr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | - externalsecret.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/downloads/whisparr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app whisparr 7 | namespace: &ns downloads 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | components: 14 | - ../../../../components/volsync 15 | dependsOn: 16 | - name: cloudnative-pg-cluster 17 | namespace: database 18 | - name: onepassword 19 | namespace: external-secrets 20 | - name: rook-ceph-cluster 21 | namespace: rook-ceph 22 | - name: volsync 23 | namespace: volsync-system 24 | path: kubernetes/apps/downloads/whisparr/app 25 | prune: true 26 | sourceRef: 27 | kind: GitRepository 28 | name: flux-system 29 | namespace: flux-system 30 | wait: false 31 | interval: 30m 32 | retryInterval: 1m 33 | timeout: 5m 34 | postBuild: 35 | substitute: 36 | APP: *app 37 | VOLSYNC_CAPACITY: 10Gi 38 | -------------------------------------------------------------------------------- /kubernetes/apps/external-secrets/external-secrets/app/helm-values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | installCRDs: true 3 | replicaCount: 1 4 | leaderElect: true 5 | image: 6 | repository: ghcr.io/external-secrets/external-secrets 7 | webhook: 8 | image: 9 | repository: ghcr.io/external-secrets/external-secrets 10 | serviceMonitor: 11 | enabled: true 12 | interval: 1m 13 | certController: 14 | image: 15 | repository: ghcr.io/external-secrets/external-secrets 16 | serviceMonitor: 17 | enabled: true 18 | interval: 1m 19 | serviceMonitor: 20 | enabled: true 21 | interval: 1m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/external-secrets/external-secrets/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: external-secrets 6 | spec: 7 | interval: 30m 8 | chart: 9 | spec: 10 | chart: external-secrets 11 | version: 0.16.1 12 | sourceRef: 13 | kind: HelmRepository 14 | name: external-secrets 15 | namespace: flux-system 16 | install: 17 | remediation: 18 | retries: 3 19 | upgrade: 20 | cleanupOnFail: true 21 | remediation: 22 | strategy: rollback 23 | retries: 3 24 | valuesFrom: 25 | - kind: ConfigMap 26 | name: external-secrets-helm-values 27 | -------------------------------------------------------------------------------- /kubernetes/apps/external-secrets/external-secrets/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | configMapGenerator: 8 | - name: external-secrets-helm-values 9 | files: 10 | - values.yaml=./helm-values.yaml 11 | configurations: 12 | - kustomizeconfig.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/external-secrets/external-secrets/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/external-secrets/external-secrets/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app external-secrets 7 | namespace: &ns external-secrets 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: kubernetes/apps/external-secrets/external-secrets/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | wait: true 20 | interval: 30m 21 | retryInterval: 1m 22 | timeout: 5m 23 | -------------------------------------------------------------------------------- /kubernetes/apps/external-secrets/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: external-secrets 6 | components: 7 | - ../../components/common 8 | resources: 9 | - external-secrets/ks.yaml 10 | - onepassword/ks.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/apps/external-secrets/onepassword/app/clustersecretstore.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/clustersecretstore_v1beta1.json 3 | apiVersion: external-secrets.io/v1beta1 4 | kind: ClusterSecretStore 5 | metadata: 6 | name: onepassword 7 | spec: 8 | provider: 9 | onepassword: 10 | connectHost: http://onepassword.external-secrets.svc.cluster.local 11 | vaults: 12 | Secrets: 1 13 | auth: 14 | secretRef: 15 | connectTokenSecretRef: 16 | name: onepassword-secret 17 | key: token 18 | namespace: external-secrets 19 | -------------------------------------------------------------------------------- /kubernetes/apps/external-secrets/onepassword/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - clustersecretstore.yaml 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/external-secrets/onepassword/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app onepassword 7 | namespace: &ns external-secrets 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: external-secrets 14 | namespace: *ns 15 | healthCheckExprs: 16 | - apiVersion: external-secrets.io/v1beta1 17 | kind: ClusterSecretStore 18 | failed: status.conditions.filter(e, e.type == 'Ready').all(e, e.status == 'False') 19 | current: status.conditions.filter(e, e.type == 'Ready').all(e, e.status == 'True') 20 | interval: 30m 21 | path: kubernetes/apps/external-secrets/onepassword/app 22 | prune: true 23 | sourceRef: 24 | kind: GitRepository 25 | name: flux-system 26 | namespace: flux-system 27 | targetNamespace: *ns 28 | timeout: 5m 29 | wait: true 30 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/app/helm-values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | serviceMonitor: 3 | create: true 4 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: flux-operator 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: flux-operator 12 | version: 0.19.0 13 | sourceRef: 14 | kind: HelmRepository 15 | name: controlplaneio 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | strategy: rollback 24 | retries: 3 25 | valuesFrom: 26 | - kind: ConfigMap 27 | name: flux-operator-helm-values 28 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | configMapGenerator: 8 | - name: flux-operator-helm-values 9 | files: 10 | - values.yaml=./helm-values.yaml 11 | configurations: 12 | - kustomizeconfig.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/instance/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: flux-instance 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: flux-instance 12 | version: 0.19.0 13 | sourceRef: 14 | kind: HelmRepository 15 | name: controlplaneio 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | strategy: rollback 24 | retries: 3 25 | valuesFrom: 26 | - kind: ConfigMap 27 | name: flux-instance-helm-values 28 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/instance/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | - prometheusrule.yaml 8 | - webhook/ 9 | configMapGenerator: 10 | - name: flux-instance-helm-values 11 | files: 12 | - values.yaml=helm-values.yaml 13 | - name: flux-webhook-gatus-ep 14 | files: 15 | - config.yaml=webhook/gatus-config.yaml 16 | options: 17 | disableNameSuffixHash: true 18 | labels: 19 | gatus.io/enabled: "true" 20 | configurations: 21 | - kustomizeconfig.yaml 22 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/instance/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/instance/prometheusrule.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/prometheusrule_v1.json 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: PrometheusRule 5 | metadata: 6 | name: flux-instance-rules 7 | namespace: flux-system 8 | spec: 9 | groups: 10 | - name: flux-instance.rules 11 | rules: 12 | - alert: FluxInstanceAbsent 13 | expr: | 14 | absent(flux_instance_info{exported_namespace="flux-system", name="flux"}) 15 | for: 5m 16 | annotations: 17 | summary: > 18 | Flux instance metric is missing 19 | labels: 20 | severity: critical 21 | 22 | - alert: FluxInstanceNotReady 23 | expr: | 24 | flux_instance_info{exported_namespace="flux-system", name="flux", ready!="True"} 25 | for: 5m 26 | annotations: 27 | summary: > 28 | Flux instance {{ $labels.name }} is not ready 29 | labels: 30 | severity: critical 31 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/instance/webhook/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1beta1 4 | kind: ExternalSecret 5 | metadata: 6 | name: github-webhook-token 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: github-webhook-token-secret 13 | template: 14 | engineVersion: v2 15 | data: 16 | token: "{{ .FLUX_GITHUB_WEBHOOK_TOKEN }}" 17 | dataFrom: 18 | - extract: 19 | key: flux 20 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/instance/webhook/gatus-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | endpoints: 3 | - name: flux-webhook 4 | url: https://flux-webhook.zebernst.dev/ 5 | interval: 1m 6 | client: 7 | dns-resolver: tcp://1.1.1.1:53 8 | conditions: 9 | - "[STATUS] == 404" 10 | alerts: 11 | - type: pushover 12 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/instance/webhook/ingress.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: webhook-receiver 6 | annotations: 7 | external-dns.alpha.kubernetes.io/target: "external.zebernst.dev" 8 | spec: 9 | ingressClassName: external 10 | rules: 11 | - host: "flux-webhook.zebernst.dev" 12 | http: 13 | paths: 14 | - path: /hook/ 15 | pathType: Prefix 16 | backend: 17 | service: 18 | name: webhook-receiver 19 | port: 20 | number: 80 21 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/instance/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - externalsecret.yaml 6 | - ingress.yaml 7 | - receiver.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/flux-operator/instance/webhook/receiver.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/notification.toolkit.fluxcd.io/receiver_v1.json 3 | apiVersion: notification.toolkit.fluxcd.io/v1 4 | kind: Receiver 5 | metadata: 6 | name: github-receiver 7 | spec: 8 | type: github 9 | events: 10 | - ping 11 | - push 12 | secretRef: 13 | name: github-webhook-token-secret 14 | resources: 15 | - apiVersion: source.toolkit.fluxcd.io/v1 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | - apiVersion: kustomize.toolkit.fluxcd.io/v1 20 | kind: Kustomization 21 | name: cluster 22 | namespace: flux-system 23 | - apiVersion: kustomize.toolkit.fluxcd.io/v1 24 | kind: Kustomization 25 | name: cluster-apps 26 | namespace: flux-system 27 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: flux-system 5 | components: 6 | - ../../components/common 7 | resources: 8 | - flux-operator/ks.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | configMapGenerator: 7 | - name: cilium-helm-values 8 | files: 9 | - values.yaml=./helm-values.yaml 10 | configurations: 11 | - kustomizeconfig.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - l2.yaml 6 | - l3.yaml 7 | - node-europa.yaml 8 | - pool.yaml 9 | - vip.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/config/l2.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cilium.io/v2alpha1 3 | kind: CiliumL2AnnouncementPolicy 4 | metadata: 5 | name: l2-policy 6 | spec: 7 | loadBalancerIPs: true 8 | interfaces: 9 | - bond0.20 10 | nodeSelector: 11 | matchLabels: 12 | kubernetes.io/os: linux 13 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/config/node-europa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cilium.io/v2 2 | kind: CiliumNodeConfig 3 | metadata: 4 | name: node-europa 5 | spec: 6 | nodeSelector: 7 | matchLabels: 8 | kubernetes.io/hostname: "europa" 9 | defaults: 10 | devices: enp12s0 11 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/config/pool.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cilium.io/v2alpha1 3 | kind: CiliumLoadBalancerIPPool 4 | metadata: 5 | name: lb-pool 6 | spec: 7 | allowFirstLastIPs: "No" 8 | blocks: 9 | - cidr: 192.168.20.0/24 10 | - cidr: ::ffff:c0a8:1400/120 11 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/config/vip.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: kube-vip 6 | annotations: 7 | lbipam.cilium.io/ips: 192.168.20.2, ::ffff:c0a8:1402 8 | spec: 9 | type: LoadBalancer 10 | selector: 11 | k8s-app: kube-apiserver 12 | tier: control-plane 13 | ports: 14 | - name: https 15 | port: 6443 16 | protocol: TCP 17 | targetPort: 6443 18 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: &app cilium 6 | namespace: &ns kube-system 7 | spec: 8 | targetNamespace: *ns 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | path: kubernetes/apps/kube-system/cilium/app 13 | prune: false # never should be deleted 14 | sourceRef: 15 | kind: GitRepository 16 | name: flux-system 17 | namespace: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | --- 23 | apiVersion: kustomize.toolkit.fluxcd.io/v1 24 | kind: Kustomization 25 | metadata: 26 | name: &app cilium-config 27 | namespace: &ns kube-system 28 | spec: 29 | targetNamespace: *ns 30 | commonMetadata: 31 | labels: 32 | app.kubernetes.io/name: *app 33 | dependsOn: 34 | - name: cilium 35 | namespace: *ns 36 | path: kubernetes/apps/kube-system/cilium/config 37 | prune: false # never should be deleted 38 | sourceRef: 39 | kind: GitRepository 40 | name: flux-system 41 | namespace: flux-system 42 | wait: false 43 | interval: 30m 44 | retryInterval: 1m 45 | timeout: 5m 46 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/coredns/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: coredns 6 | spec: 7 | interval: 30m 8 | chart: 9 | spec: 10 | chart: coredns 11 | version: 1.40.0 12 | sourceRef: 13 | kind: HelmRepository 14 | name: coredns 15 | namespace: flux-system 16 | install: 17 | remediation: 18 | retries: 3 19 | upgrade: 20 | cleanupOnFail: true 21 | remediation: 22 | strategy: rollback 23 | retries: 3 24 | valuesFrom: 25 | - kind: ConfigMap 26 | name: coredns-helm-values 27 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/coredns/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | configMapGenerator: 7 | - name: coredns-helm-values 8 | files: 9 | - values.yaml=./helm-values.yaml 10 | configurations: 11 | - kustomizeconfig.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/coredns/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/coredns/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: &app coredns 6 | namespace: &ns kube-system 7 | spec: 8 | targetNamespace: *ns 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | path: kubernetes/apps/kube-system/coredns/app 13 | prune: false # never should be deleted 14 | sourceRef: 15 | kind: GitRepository 16 | name: flux-system 17 | namespace: flux-system 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/descheduler/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/descheduler/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app descheduler 7 | namespace: &ns kube-system 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: kubernetes/apps/kube-system/descheduler/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | wait: false 20 | interval: 30m 21 | retryInterval: 1m 22 | timeout: 5m 23 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/generic-device-plugin/app/config/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | devices: 3 | - name: tun 4 | groups: 5 | - count: 1000 6 | paths: 7 | - path: /dev/net/tun 8 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/generic-device-plugin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | configMapGenerator: 8 | - name: generic-device-plugin-configmap 9 | files: 10 | - config/config.yaml 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/generic-device-plugin/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &appname generic-device-plugin 7 | namespace: &ns kube-system 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *appname 13 | path: kubernetes/apps/kube-system/generic-device-plugin/app 14 | sourceRef: 15 | kind: GitRepository 16 | name: flux-system 17 | namespace: flux-system 18 | interval: 30m 19 | timeout: 5m 20 | prune: true 21 | wait: true 22 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/intel-device-plugin/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: intel-device-plugin-operator 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: intel-device-plugins-operator 12 | version: 0.32.0 13 | sourceRef: 14 | kind: HelmRepository 15 | name: intel 16 | namespace: flux-system 17 | install: 18 | crds: CreateReplace 19 | remediation: 20 | retries: 3 21 | upgrade: 22 | cleanupOnFail: true 23 | crds: CreateReplace 24 | remediation: 25 | strategy: rollback 26 | retries: 3 27 | dependsOn: 28 | - name: node-feature-discovery 29 | namespace: kube-system 30 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/intel-device-plugin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/intel-device-plugin/gpu/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: intel-device-plugin-gpu 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: intel-device-plugins-gpu 12 | version: 0.32.0 13 | sourceRef: 14 | kind: HelmRepository 15 | name: intel 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | strategy: rollback 24 | retries: 3 25 | dependsOn: 26 | - name: intel-device-plugin-operator 27 | namespace: kube-system 28 | values: 29 | name: intel-gpu-plugin 30 | nodeFeatureRule: true 31 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/intel-device-plugin/gpu/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/irqbalance/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/irqbalance/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: &app irqbalance 6 | namespace: &ns kube-system 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 30m 12 | path: kubernetes/apps/kube-system/irqbalance/app 13 | prune: true 14 | sourceRef: 15 | kind: GitRepository 16 | name: flux-system 17 | namespace: flux-system 18 | targetNamespace: *ns 19 | timeout: 5m 20 | wait: true 21 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/kubelet-csr-approver/app/helm-values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | providerRegex: ^(controlplane1|controlplane2|controlplane3|io|europa|ganymede|callisto)$ 3 | bypassDnsResolution: true 4 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/kubelet-csr-approver/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: kubelet-csr-approver 6 | spec: 7 | interval: 30m 8 | chart: 9 | spec: 10 | chart: kubelet-csr-approver 11 | version: 1.2.7 12 | sourceRef: 13 | kind: HelmRepository 14 | name: postfinance 15 | namespace: flux-system 16 | install: 17 | remediation: 18 | retries: 3 19 | upgrade: 20 | cleanupOnFail: true 21 | remediation: 22 | retries: 3 23 | valuesFrom: 24 | - kind: ConfigMap 25 | name: kubelet-csr-approver-helm-values 26 | values: 27 | metrics: 28 | enable: true 29 | serviceMonitor: 30 | enabled: true 31 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | configMapGenerator: 7 | - name: kubelet-csr-approver-helm-values 8 | files: 9 | - values.yaml=./helm-values.yaml 10 | configurations: 11 | - kustomizeconfig.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/kubelet-csr-approver/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: &app kubelet-csr-approver 6 | namespace: &ns kube-system 7 | spec: 8 | targetNamespace: *ns 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | path: kubernetes/apps/kube-system/kubelet-csr-approver/app 13 | prune: false # never should be deleted 14 | sourceRef: 15 | kind: GitRepository 16 | name: flux-system 17 | namespace: flux-system 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-system 6 | components: 7 | - ../../components/common 8 | resources: 9 | - cilium/ks.yaml 10 | - coredns/ks.yaml 11 | - descheduler/ks.yaml 12 | - generic-device-plugin/ks.yaml 13 | - intel-device-plugin/ks.yaml 14 | - irqbalance/ks.yaml 15 | - kubelet-csr-approver/ks.yaml 16 | - metrics-server/ks.yaml 17 | - nfs-subdir-external-provisioner/ks.yaml 18 | - node-feature-discovery/ks.yaml 19 | - node-problem-detector/ks.yaml 20 | - nvidia-device-plugin/ks.yaml 21 | - reloader/ks.yaml 22 | - snapshot-controller/ks.yaml 23 | - spegel/ks.yaml 24 | - synology-csi-driver/ks.yaml 25 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/metrics-server/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: metrics-server 6 | spec: 7 | interval: 30m 8 | chart: 9 | spec: 10 | chart: metrics-server 11 | version: 3.12.2 12 | sourceRef: 13 | kind: HelmRepository 14 | name: metrics-server 15 | namespace: flux-system 16 | install: 17 | remediation: 18 | retries: 3 19 | upgrade: 20 | cleanupOnFail: true 21 | remediation: 22 | strategy: rollback 23 | retries: 3 24 | values: 25 | args: 26 | - --kubelet-insecure-tls 27 | - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname 28 | - --kubelet-use-node-status-port 29 | - --metric-resolution=10s 30 | - --kubelet-request-timeout=2s 31 | metrics: 32 | enabled: true 33 | serviceMonitor: 34 | enabled: true 35 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/metrics-server/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/metrics-server/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: &app metrics-server 6 | namespace: &ns kube-system 7 | spec: 8 | targetNamespace: *ns 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | path: kubernetes/apps/kube-system/metrics-server/app 13 | prune: true 14 | sourceRef: 15 | kind: GitRepository 16 | name: flux-system 17 | namespace: flux-system 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/nfs-subdir-external-provisioner/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: nfs-subdir-external-provisioner 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: nfs-subdir-external-provisioner 12 | version: 4.0.18 13 | sourceRef: 14 | kind: HelmRepository 15 | name: nfs-subdir-external-provisioner 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | strategy: rollback 24 | retries: 3 25 | values: 26 | storageClass: 27 | name: nfs 28 | accessModes: 29 | - ReadWriteMany 30 | nfs: 31 | server: nas.internal 32 | path: /volume1/kubernetes 33 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/nfs-subdir-external-provisioner/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/nfs-subdir-external-provisioner/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app nfs-subdir-external-provisioner 7 | namespace: &ns kube-system 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: kubernetes/apps/kube-system/nfs-subdir-external-provisioner/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | wait: false 20 | interval: 30m 21 | retryInterval: 1m 22 | timeout: 5m 23 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/node-feature-discovery/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: node-feature-discovery 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: node-feature-discovery 12 | version: 0.17.3 13 | sourceRef: 14 | kind: HelmRepository 15 | name: node-feature-discovery 16 | namespace: flux-system 17 | install: 18 | crds: CreateReplace 19 | remediation: 20 | retries: 3 21 | upgrade: 22 | cleanupOnFail: true 23 | crds: CreateReplace 24 | remediation: 25 | strategy: rollback 26 | retries: 3 27 | values: 28 | worker: 29 | config: 30 | core: 31 | sources: ["pci", "system", "usb"] 32 | prometheus: 33 | enable: true 34 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/node-feature-discovery/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/node-feature-discovery/features/google-coral.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: nfd.k8s-sigs.io/v1alpha1 3 | kind: NodeFeatureRule 4 | metadata: 5 | name: google-coral-device 6 | spec: 7 | rules: 8 | - name: google.coral 9 | labels: 10 | google.feature.node.kubernetes.io/coral: "true" 11 | matchFeatures: 12 | - feature: pci.device 13 | matchExpressions: 14 | vendor: { op: In, value: ["1ac1"] } 15 | class: { op: In, value: ["0880"] } 16 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/node-feature-discovery/features/intel-gpu.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/nfd.k8s-sigs.io/nodefeaturerule_v1alpha1.json 3 | apiVersion: nfd.k8s-sigs.io/v1alpha1 4 | kind: NodeFeatureRule 5 | metadata: 6 | name: intel-gpu-device 7 | spec: 8 | rules: 9 | - name: intel.gpu 10 | labels: 11 | intel.feature.node.kubernetes.io/gpu: "true" 12 | matchFeatures: 13 | - feature: pci.device 14 | matchExpressions: 15 | class: { op: In, value: [ "0300", "0380" ] } 16 | vendor: { op: In, value: [ "8086" ] } 17 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/node-feature-discovery/features/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - intel-gpu.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/node-problem-detector/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: node-problem-detector 6 | spec: 7 | interval: 30m 8 | chart: 9 | spec: 10 | chart: node-problem-detector 11 | version: 2.3.14 12 | sourceRef: 13 | kind: HelmRepository 14 | name: deliveryhero 15 | namespace: flux-system 16 | install: 17 | remediation: 18 | retries: 3 19 | upgrade: 20 | cleanupOnFail: true 21 | remediation: 22 | retries: 3 23 | values: 24 | args: 25 | - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname 26 | - --kubelet-use-node-status-port 27 | - --metric-resolution=15s 28 | metrics: 29 | enabled: true 30 | serviceMonitor: 31 | enabled: true 32 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/node-problem-detector/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/node-problem-detector/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: &app node-problem-detector 6 | namespace: &ns kube-system 7 | spec: 8 | targetNamespace: *ns 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | path: kubernetes/apps/kube-system/node-problem-detector/app 13 | prune: true 14 | sourceRef: 15 | kind: GitRepository 16 | name: flux-system 17 | namespace: flux-system 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/nvidia-device-plugin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | - runtimeclass.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/nvidia-device-plugin/app/runtimeclass.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: node.k8s.io/v1 3 | kind: RuntimeClass 4 | metadata: 5 | name: nvidia 6 | handler: nvidia 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/nvidia-device-plugin/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app nvidia-device-plugin 7 | namespace: &ns kube-system 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: kubernetes/apps/kube-system/nvidia-device-plugin/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | wait: false 20 | interval: 30m 21 | retryInterval: 1m 22 | timeout: 5m 23 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/reloader/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: reloader 6 | spec: 7 | interval: 30m 8 | chart: 9 | spec: 10 | chart: reloader 11 | version: 2.1.2 12 | sourceRef: 13 | kind: HelmRepository 14 | name: stakater 15 | namespace: flux-system 16 | install: 17 | remediation: 18 | retries: 3 19 | upgrade: 20 | cleanupOnFail: true 21 | remediation: 22 | retries: 3 23 | values: 24 | fullnameOverride: reloader 25 | reloader: 26 | readOnlyRootFileSystem: true 27 | podMonitor: 28 | enabled: true 29 | namespace: "{{ .Release.Namespace }}" 30 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/reloader/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/reloader/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: &app reloader 6 | namespace: &ns kube-system 7 | spec: 8 | targetNamespace: *ns 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | path: kubernetes/apps/kube-system/reloader/app 13 | prune: true 14 | sourceRef: 15 | kind: GitRepository 16 | name: flux-system 17 | namespace: flux-system 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/snapshot-controller/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: snapshot-controller 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: snapshot-controller 12 | version: 4.0.2 13 | sourceRef: 14 | kind: HelmRepository 15 | name: piraeus 16 | namespace: flux-system 17 | install: 18 | crds: CreateReplace 19 | remediation: 20 | retries: 3 21 | upgrade: 22 | cleanupOnFail: true 23 | crds: CreateReplace 24 | remediation: 25 | strategy: rollback 26 | retries: 3 27 | values: 28 | controller: 29 | serviceMonitor: 30 | create: true 31 | webhook: 32 | enabled: false 33 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/snapshot-controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/snapshot-controller/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app snapshot-controller 7 | namespace: &ns kube-system 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: kubernetes/apps/kube-system/snapshot-controller/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | wait: false 20 | interval: 30m 21 | retryInterval: 1m 22 | timeout: 5m 23 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/spegel/app/helm-values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | spegel: 3 | containerdSock: /run/containerd/containerd.sock 4 | containerdRegistryConfigPath: /etc/cri/conf.d/hosts 5 | service: 6 | registry: 7 | hostPort: 29999 8 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/spegel/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: spegel 6 | spec: 7 | interval: 30m 8 | chart: 9 | spec: 10 | chart: spegel 11 | version: 0.2.0 12 | sourceRef: 13 | kind: HelmRepository 14 | name: spegel 15 | namespace: flux-system 16 | install: 17 | remediation: 18 | retries: 3 19 | upgrade: 20 | cleanupOnFail: true 21 | remediation: 22 | retries: 3 23 | valuesFrom: 24 | - kind: ConfigMap 25 | name: spegel-helm-values 26 | values: 27 | grafanaDashboard: 28 | enabled: true 29 | annotations: 30 | grafana_folder: "Kubernetes" 31 | serviceMonitor: 32 | enabled: true 33 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/spegel/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | configMapGenerator: 7 | - name: spegel-helm-values 8 | files: 9 | - values.yaml=./helm-values.yaml 10 | configurations: 11 | - kustomizeconfig.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/spegel/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/spegel/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: &app spegel 6 | namespace: &ns kube-system 7 | spec: 8 | targetNamespace: *ns 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | path: kubernetes/apps/kube-system/spegel/app 13 | prune: true 14 | sourceRef: 15 | kind: GitRepository 16 | name: flux-system 17 | namespace: flux-system 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/synology-csi-driver/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1beta1 3 | kind: ExternalSecret 4 | metadata: 5 | name: synology-csi-credentials 6 | spec: 7 | secretStoreRef: 8 | kind: ClusterSecretStore 9 | name: onepassword 10 | target: 11 | name: synology-csi-driver-credentials 12 | template: 13 | engineVersion: v2 14 | data: 15 | client-info.yml: | 16 | clients: 17 | - host: nas.internal 18 | port: {{ .port }} 19 | username: {{ .username }} 20 | password: {{ .password }} 21 | https: {{ .https }} 22 | dataFrom: 23 | - extract: 24 | key: synology-csi-credentials 25 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/synology-csi-driver/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | - externalsecret.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/synology-csi-driver/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app synology-csi-driver 7 | namespace: &ns kube-system 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: kubernetes/apps/kube-system/synology-csi-driver/app 14 | prune: true 15 | dependsOn: 16 | - name: onepassword 17 | namespace: external-secrets 18 | - name: snapshot-controller 19 | namespace: *ns 20 | sourceRef: 21 | kind: GitRepository 22 | name: flux-system 23 | namespace: flux-system 24 | wait: false 25 | interval: 30m 26 | retryInterval: 1m 27 | timeout: 5m 28 | -------------------------------------------------------------------------------- /kubernetes/apps/media/calibre-web/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/media/calibre-web/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app calibre-web 7 | namespace: &ns media 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | components: 14 | - ../../../../components/volsync 15 | dependsOn: 16 | - name: rook-ceph-cluster 17 | namespace: rook-ceph 18 | - name: volsync 19 | namespace: volsync-system 20 | path: kubernetes/apps/media/calibre-web/app 21 | prune: true 22 | sourceRef: 23 | kind: GitRepository 24 | name: flux-system 25 | namespace: flux-system 26 | wait: false 27 | interval: 30m 28 | retryInterval: 1m 29 | timeout: 5m 30 | postBuild: 31 | substitute: 32 | APP: *app 33 | VOLSYNC_CAPACITY: 20Gi 34 | -------------------------------------------------------------------------------- /kubernetes/apps/media/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: media 6 | components: 7 | - ../../components/common 8 | resources: 9 | - calibre-web/ks.yaml 10 | - maintainerr/ks.yaml 11 | - overseerr/ks.yaml 12 | - plex/ks.yaml 13 | - stash/ks.yaml 14 | - steam/ks.yaml 15 | - tautulli/ks.yaml 16 | - wizarr/ks.yaml 17 | -------------------------------------------------------------------------------- /kubernetes/apps/media/maintainerr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/media/maintainerr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &appname maintainerr 7 | namespace: &ns media 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *appname 13 | components: 14 | - ../../../../components/volsync 15 | interval: 30m 16 | timeout: 5m 17 | path: kubernetes/apps/media/maintainerr/app 18 | prune: true 19 | sourceRef: 20 | kind: GitRepository 21 | name: flux-system 22 | namespace: flux-system 23 | wait: false 24 | dependsOn: 25 | - name: rook-ceph-cluster 26 | namespace: rook-ceph 27 | - name: volsync 28 | namespace: volsync-system 29 | - name: onepassword 30 | namespace: external-secrets 31 | postBuild: 32 | substitute: 33 | APP: *appname 34 | VOLSYNC_CAPACITY: 10Gi 35 | -------------------------------------------------------------------------------- /kubernetes/apps/media/overseerr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/media/overseerr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app overseerr 7 | namespace: &ns media 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | components: 14 | - ../../../../components/gatus 15 | - ../../../../components/volsync 16 | dependsOn: 17 | - name: rook-ceph-cluster 18 | namespace: rook-ceph 19 | - name: volsync 20 | namespace: volsync-system 21 | path: kubernetes/apps/media/overseerr/app 22 | prune: true 23 | sourceRef: 24 | kind: GitRepository 25 | name: flux-system 26 | namespace: flux-system 27 | wait: false 28 | interval: 30m 29 | retryInterval: 1m 30 | timeout: 5m 31 | postBuild: 32 | substitute: 33 | APP: *app 34 | GATUS_SUBDOMAIN: requests 35 | GATUS_PATH: /api/v1/status 36 | VOLSYNC_CAPACITY: 10Gi 37 | -------------------------------------------------------------------------------- /kubernetes/apps/media/plex/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - pvc.yaml 7 | - helmrelease.yaml 8 | configMapGenerator: 9 | - name: plex-loki-rules 10 | files: 11 | - plex.yaml=resources/lokirule.yaml 12 | options: 13 | labels: 14 | loki_rule: "true" 15 | generatorOptions: 16 | disableNameSuffixHash: true 17 | -------------------------------------------------------------------------------- /kubernetes/apps/media/plex/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: plex-cache 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 500Gi 11 | storageClassName: ceph-block 12 | --- 13 | apiVersion: v1 14 | kind: PersistentVolumeClaim 15 | metadata: 16 | name: plex-optimized-media 17 | spec: 18 | accessModes: ["ReadWriteMany"] 19 | resources: 20 | requests: 21 | storage: 1Ti 22 | storageClassName: nfs 23 | -------------------------------------------------------------------------------- /kubernetes/apps/media/plex/app/resources/lokirule.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | groups: 3 | - name: plex 4 | rules: 5 | - alert: PlexDatabaseBusy 6 | expr: | 7 | sum by (app) (count_over_time({app="plex"} |~ "(?i)retry busy DB"[2m])) > 0 8 | for: 2m 9 | labels: 10 | severity: critical 11 | category: logs 12 | annotations: 13 | app: "{{ $labels.app }}" 14 | summary: "{{ $labels.app }} is experiencing database issues" 15 | -------------------------------------------------------------------------------- /kubernetes/apps/media/plex/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app plex 7 | namespace: &ns media 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | components: 14 | - ../../../../components/gatus 15 | - ../../../../components/volsync 16 | dependsOn: 17 | - name: onepassword 18 | namespace: external-secrets 19 | - name: rook-ceph-cluster 20 | namespace: rook-ceph 21 | - name: volsync 22 | namespace: volsync-system 23 | path: kubernetes/apps/media/plex/app 24 | prune: true 25 | sourceRef: 26 | kind: GitRepository 27 | name: flux-system 28 | namespace: flux-system 29 | wait: false 30 | interval: 30m 31 | retryInterval: 1m 32 | timeout: 5m 33 | postBuild: 34 | substitute: 35 | APP: *app 36 | GATUS_PATH: /web/index.html 37 | VOLSYNC_CAPACITY: 30Gi 38 | -------------------------------------------------------------------------------- /kubernetes/apps/media/stash/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | - pvc.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/media/stash/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: stash-cache 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 100Gi 11 | storageClassName: ceph-block 12 | -------------------------------------------------------------------------------- /kubernetes/apps/media/stash/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app stash 7 | namespace: &ns media 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | components: 14 | - ../../../../components/volsync 15 | dependsOn: 16 | - name: cloudnative-pg-cluster 17 | namespace: database 18 | - name: onepassword 19 | namespace: external-secrets 20 | - name: rook-ceph-cluster 21 | namespace: rook-ceph 22 | - name: volsync 23 | namespace: volsync-system 24 | path: kubernetes/apps/media/stash/app 25 | prune: true 26 | sourceRef: 27 | kind: GitRepository 28 | name: flux-system 29 | namespace: flux-system 30 | wait: false 31 | interval: 30m 32 | retryInterval: 1m 33 | timeout: 5m 34 | postBuild: 35 | substitute: 36 | APP: *app 37 | VOLSYNC_CAPACITY: 10Gi 38 | -------------------------------------------------------------------------------- /kubernetes/apps/media/steam/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1beta1 4 | kind: ExternalSecret 5 | metadata: 6 | name: steam-headless 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: steam-headless-secret 13 | template: 14 | engineVersion: v2 15 | data: 16 | USER_PASSWORD: "{{ .STEAM_HEADLESS_PASSWORD }}" 17 | SUNSHINE_USER: "{{ .SUNSHINE_USERNAME }}" 18 | SUNSHINE_PASS: "{{ .SUNSHINE_PASSWORD }}" 19 | 20 | dataFrom: 21 | - extract: 22 | key: steam-headless 23 | - extract: 24 | key: sunshine 25 | -------------------------------------------------------------------------------- /kubernetes/apps/media/steam/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | - pvc.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/media/steam/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: steam-library 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 1.5Ti 11 | storageClassName: openebs-hostpath 12 | -------------------------------------------------------------------------------- /kubernetes/apps/media/steam/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app steam 7 | namespace: &ns media 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | components: 14 | - ../../../../components/volsync 15 | dependsOn: 16 | - name: onepassword 17 | namespace: external-secrets 18 | - name: rook-ceph-cluster 19 | namespace: rook-ceph 20 | - name: volsync 21 | namespace: volsync-system 22 | path: kubernetes/apps/media/steam/app 23 | prune: true 24 | sourceRef: 25 | kind: GitRepository 26 | name: flux-system 27 | namespace: flux-system 28 | wait: false 29 | interval: 30m 30 | retryInterval: 1m 31 | timeout: 5m 32 | postBuild: 33 | substitute: 34 | APP: *app 35 | VOLSYNC_CAPACITY: 50Gi 36 | -------------------------------------------------------------------------------- /kubernetes/apps/media/tautulli/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - pvc.yaml 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/media/tautulli/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: tautulli-cache 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 15Gi 11 | storageClassName: ceph-block 12 | -------------------------------------------------------------------------------- /kubernetes/apps/media/tautulli/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app tautulli 7 | namespace: &ns media 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | components: 14 | - ../../../../components/volsync 15 | dependsOn: 16 | - name: rook-ceph-cluster 17 | namespace: rook-ceph 18 | - name: volsync 19 | namespace: volsync-system 20 | path: kubernetes/apps/media/tautulli/app 21 | prune: true 22 | sourceRef: 23 | kind: GitRepository 24 | name: flux-system 25 | namespace: flux-system 26 | wait: false 27 | interval: 30m 28 | retryInterval: 1m 29 | timeout: 5m 30 | postBuild: 31 | substitute: 32 | APP: *app 33 | VOLSYNC_CAPACITY: 5Gi 34 | -------------------------------------------------------------------------------- /kubernetes/apps/media/wizarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/media/wizarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app wizarr 7 | namespace: &ns media 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | components: 14 | - ../../../../components/gatus 15 | - ../../../../components/volsync 16 | dependsOn: 17 | - name: rook-ceph-cluster 18 | namespace: rook-ceph 19 | - name: volsync 20 | namespace: volsync-system 21 | path: kubernetes/apps/media/wizarr/app 22 | prune: true 23 | sourceRef: 24 | kind: GitRepository 25 | name: flux-system 26 | namespace: flux-system 27 | wait: false # no flux ks dependents 28 | interval: 30m 29 | timeout: 5m 30 | postBuild: 31 | substitute: 32 | APP: *app 33 | GATUS_SUBDOMAIN: join 34 | VOLSYNC_CAPACITY: 4Gi 35 | -------------------------------------------------------------------------------- /kubernetes/apps/network/cloudflared/app/configs/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | originRequest: 3 | originServerName: "external.zebernst.dev" 4 | 5 | ingress: 6 | - hostname: "zebernst.dev" 7 | service: https://ingress-nginx-external-controller.network.svc.cluster.local:443 8 | - hostname: "*.zebernst.dev" 9 | service: https://ingress-nginx-external-controller.network.svc.cluster.local:443 10 | - service: http_status:404 11 | -------------------------------------------------------------------------------- /kubernetes/apps/network/cloudflared/app/dnsendpoint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: externaldns.k8s.io/v1alpha1 3 | kind: DNSEndpoint 4 | metadata: 5 | name: cloudflared 6 | spec: 7 | endpoints: 8 | - dnsName: "external.zebernst.dev" 9 | recordType: CNAME 10 | targets: ["465a5e5c-3f01-442a-ae6e-4cc62748e5f4.cfargotunnel.com"] 11 | -------------------------------------------------------------------------------- /kubernetes/apps/network/cloudflared/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1beta1 3 | kind: ExternalSecret 4 | metadata: 5 | name: cloudflared 6 | spec: 7 | secretStoreRef: 8 | kind: ClusterSecretStore 9 | name: onepassword 10 | target: 11 | name: cloudflared-secret 12 | creationPolicy: Owner 13 | template: 14 | data: 15 | CLOUDFLARE_TUNNEL_ID: "{{ .CLOUDFLARE_TUNNEL_ID }}" 16 | credentials.json: | 17 | { 18 | "AccountTag": "{{ .CLOUDFLARE_ACCOUNT_ID }}", 19 | "TunnelID": "{{ .CLOUDFLARE_TUNNEL_ID }}", 20 | "TunnelSecret": "{{ .CLOUDFLARE_TUNNEL_SECRET }}" 21 | } 22 | dataFrom: 23 | - extract: 24 | key: cloudflare 25 | -------------------------------------------------------------------------------- /kubernetes/apps/network/cloudflared/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - dnsendpoint.yaml 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | configMapGenerator: 9 | - name: cloudflared-configmap 10 | files: 11 | - configs/config.yaml 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/apps/network/cloudflared/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: &app cloudflared 6 | namespace: &ns network 7 | spec: 8 | targetNamespace: *ns 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: onepassword 14 | namespace: external-secrets 15 | path: kubernetes/apps/network/cloudflared/app 16 | prune: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | wait: false 22 | interval: 30m 23 | retryInterval: 1m 24 | timeout: 5m 25 | -------------------------------------------------------------------------------- /kubernetes/apps/network/echo-server/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/network/echo-server/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: &app echo-server 6 | namespace: &ns network 7 | spec: 8 | targetNamespace: *ns 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | path: kubernetes/apps/network/echo-server/app 13 | prune: true 14 | sourceRef: 15 | kind: GitRepository 16 | name: flux-system 17 | namespace: flux-system 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/network/external-dns/cloudflare/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 2 | --- 3 | apiVersion: external-secrets.io/v1beta1 4 | kind: ExternalSecret 5 | metadata: 6 | name: external-dns-cloudflare-credentials 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: external-dns-cloudflare-secret 13 | data: 14 | - secretKey: api-token 15 | remoteRef: 16 | key: cloudflare 17 | property: CLOUDFLARE_API_TOKEN 18 | -------------------------------------------------------------------------------- /kubernetes/apps/network/external-dns/cloudflare/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - externalsecret.yaml 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/network/external-dns/unifi/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 2 | --- 3 | apiVersion: external-secrets.io/v1beta1 4 | kind: ExternalSecret 5 | metadata: 6 | name: external-dns-unifi-credentials 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: external-dns-unifi-secret 13 | dataFrom: 14 | - extract: 15 | key: external-dns-unifi 16 | -------------------------------------------------------------------------------- /kubernetes/apps/network/external-dns/unifi/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - externalsecret.yaml 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/network/ingress-nginx/external/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/network/ingress-nginx/internal/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/network/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: network 5 | components: 6 | - ../../components/common 7 | resources: 8 | - cloudflared/ks.yaml 9 | - echo-server/ks.yaml 10 | - external-dns/ks.yaml 11 | - ingress-nginx/ks.yaml 12 | - tailscale-operator/ks.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/network/tailscale-operator/app/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: tailnet-zach 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: cluster-admin 9 | subjects: 10 | - apiGroup: rbac.authorization.k8s.io 11 | kind: User 12 | name: zebernst@gmail.com 13 | -------------------------------------------------------------------------------- /kubernetes/apps/network/tailscale-operator/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1beta1 4 | kind: ExternalSecret 5 | metadata: 6 | name: tailscale 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: tailscale-secret 13 | template: 14 | engineVersion: v2 15 | data: 16 | clientId: "{{ .OAUTH_CLIENT_ID }}" 17 | clientSecret: "{{ .OAUTH_CLIENT_SECRET }}" 18 | dataFrom: 19 | - extract: 20 | key: tailscale 21 | -------------------------------------------------------------------------------- /kubernetes/apps/network/tailscale-operator/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - clusterrolebinding.yaml 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | - proxyclass.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/network/tailscale-operator/app/proxyclass.yaml: -------------------------------------------------------------------------------- 1 | # proxy-class.yaml 2 | apiVersion: tailscale.com/v1alpha1 3 | kind: ProxyClass 4 | metadata: 5 | name: tailscale-tun 6 | spec: 7 | statefulSet: 8 | pod: 9 | tailscaleContainer: 10 | resources: 11 | limits: 12 | squat.ai/tun: "1" 13 | securityContext: 14 | allowPrivilegeEscalation: false 15 | capabilities: 16 | drop: 17 | - ALL 18 | add: 19 | - NET_ADMIN 20 | -------------------------------------------------------------------------------- /kubernetes/apps/network/tailscale-operator/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: &app tailscale-operator 6 | namespace: &ns network 7 | spec: 8 | targetNamespace: *ns 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: onepassword 14 | namespace: external-secrets 15 | path: kubernetes/apps/network/tailscale-operator/app 16 | prune: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | wait: false 22 | interval: 30m 23 | postBuild: 24 | substitute: 25 | APP: *app 26 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/gatus/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1beta1 4 | kind: ExternalSecret 5 | metadata: 6 | name: gatus 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: gatus-secret 13 | template: 14 | engineVersion: v2 15 | data: 16 | GATUS_PUSHOVER_APP_TOKEN: "{{ .GATUS_PUSHOVER_TOKEN }}" 17 | GATUS_PUSHOVER_USER_KEY: "{{ .PUSHOVER_USER_KEY }}" 18 | INIT_POSTGRES_DBNAME: gatus 19 | INIT_POSTGRES_HOST: redspot-rw.database.svc.cluster.local 20 | INIT_POSTGRES_USER: "{{ .GATUS_POSTGRES_USER }}" 21 | INIT_POSTGRES_PASS: "{{ .GATUS_POSTGRES_PASS }}" 22 | INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}" 23 | dataFrom: 24 | - extract: 25 | key: cloudnative-pg 26 | - extract: 27 | key: gatus 28 | - extract: 29 | key: pushover 30 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/gatus/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - rbac.yaml 8 | - helmrelease.yaml 9 | configMapGenerator: 10 | - name: gatus-configmap 11 | files: 12 | - config.yaml=./resources/config.yaml 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | annotations: 16 | kustomize.toolkit.fluxcd.io/substitute: disabled 17 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/gatus/app/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: gatus 6 | rules: 7 | - apiGroups: [""] 8 | resources: ["configmaps", "secrets"] 9 | verbs: ["get", "watch", "list"] 10 | --- 11 | apiVersion: rbac.authorization.k8s.io/v1 12 | kind: ClusterRoleBinding 13 | metadata: 14 | name: gatus 15 | roleRef: 16 | apiGroup: rbac.authorization.k8s.io 17 | kind: ClusterRole 18 | name: gatus 19 | subjects: 20 | - kind: ServiceAccount 21 | name: gatus 22 | namespace: observability 23 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/gatus/app/resources/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | alerting: 3 | pushover: 4 | application-token: ${GATUS_PUSHOVER_APP_TOKEN} 5 | user-key: ${GATUS_PUSHOVER_USER_KEY} 6 | priority: 1 7 | resolved-priority: 0 8 | default-alert: 9 | description: health-check failed 10 | send-on-resolved: true 11 | failure-threshold: 3 12 | success-threshold: 3 13 | 14 | connectivity: 15 | checker: 16 | target: 1.1.1.1:53 17 | interval: 1m 18 | 19 | endpoints: [] 20 | 21 | metrics: true 22 | 23 | storage: 24 | type: postgres 25 | path: postgres://${INIT_POSTGRES_USER}:${INIT_POSTGRES_PASS}@${INIT_POSTGRES_HOST}:5432/${INIT_POSTGRES_DBNAME}?sslmode=disable 26 | caching: true 27 | 28 | ui: 29 | title: Status | Gatus 30 | header: Status 31 | logo: https://github.com/user-attachments/assets/0248f379-cc4a-4a59-a400-014a750c61fa 32 | link: https://github.com/zebernst 33 | buttons: 34 | - name: Github 35 | link: https://github.com/zebernst 36 | - name: Homelab 37 | link: https://github.com/zebernst/homelab 38 | 39 | web: 40 | port: ${GATUS_WEB_PORT} 41 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/gatus/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: &app gatus 6 | namespace: &ns observability 7 | spec: 8 | targetNamespace: *ns 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | components: 13 | - ../../../../components/gatus 14 | dependsOn: 15 | - name: cloudnative-pg-cluster 16 | namespace: database 17 | - name: onepassword 18 | namespace: external-secrets 19 | path: kubernetes/apps/observability/gatus/app 20 | prune: true 21 | sourceRef: 22 | kind: GitRepository 23 | name: flux-system 24 | namespace: flux-system 25 | wait: false 26 | interval: 30m 27 | retryInterval: 1m 28 | timeout: 5m 29 | postBuild: 30 | substitute: 31 | APP: *app 32 | GATUS_PATH: /health 33 | GATUS_SUBDOMAIN: status 34 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/grafana/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1beta1 4 | kind: ExternalSecret 5 | metadata: 6 | name: grafana-admin 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: grafana-admin-secret 13 | template: 14 | data: 15 | admin-user: "{{ .username }}" 16 | admin-password: "{{ .password }}" 17 | dataFrom: 18 | - extract: 19 | key: grafana 20 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/grafana/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/grafana/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app grafana 7 | namespace: &ns observability 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: onepassword 14 | namespace: external-secrets 15 | interval: 30m 16 | path: kubernetes/apps/observability/grafana/app 17 | prune: true 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | targetNamespace: *ns 23 | timeout: 5m 24 | wait: false 25 | postBuild: 26 | substitute: 27 | APP: *app 28 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/kromgo/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | configMapGenerator: 8 | - name: kromgo-configmap 9 | files: 10 | - config.yaml=./resources/config.yaml 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/kromgo/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app kromgo 7 | namespace: &ns observability 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | components: 14 | - ../../../../components/gatus 15 | path: kubernetes/apps/observability/kromgo/app 16 | prune: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | wait: false 22 | interval: 30m 23 | retryInterval: 1m 24 | timeout: 5m 25 | postBuild: 26 | substitute: 27 | APP: *app 28 | GATUS_PATH: /talos_version 29 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/kube-prometheus-stack/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1beta1 4 | kind: ExternalSecret 5 | metadata: 6 | name: alertmanager 7 | spec: 8 | refreshInterval: 5m 9 | secretStoreRef: 10 | kind: ClusterSecretStore 11 | name: onepassword 12 | target: 13 | name: alertmanager-secret 14 | template: 15 | data: 16 | ALERTMANAGER_HEARTBEAT_URL: "{{ .ALERTMANAGER_HEARTBEAT_URL }}" 17 | ALERTMANAGER_PUSHOVER_TOKEN: "{{ .ALERTMANAGER_PUSHOVER_TOKEN }}" 18 | PUSHOVER_USER_KEY: "{{ .PUSHOVER_USER_KEY }}" 19 | dataFrom: 20 | - extract: 21 | key: pushover 22 | - extract: 23 | key: alertmanager 24 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/kube-prometheus-stack/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - alertmanagerconfig.yaml 7 | - externalsecret.yaml 8 | - helmrelease.yaml 9 | - scrapeconfigs/minio.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/kube-prometheus-stack/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app kube-prometheus-stack 7 | namespace: &ns observability 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: onepassword 14 | namespace: external-secrets 15 | - name: rook-ceph-cluster 16 | namespace: rook-ceph 17 | interval: 30m 18 | path: kubernetes/apps/observability/kube-prometheus-stack/app 19 | postBuild: 20 | substitute: 21 | APP: kube-prometheus-stack 22 | GATUS_SUBDOMAIN: prometheus 23 | prune: true 24 | sourceRef: 25 | kind: GitRepository 26 | name: flux-system 27 | namespace: flux-system 28 | targetNamespace: *ns 29 | timeout: 5m 30 | wait: false 31 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: observability 5 | components: 6 | - ../../components/common 7 | resources: 8 | - gatus/ks.yaml 9 | - grafana/ks.yaml 10 | - kromgo/ks.yaml 11 | - kube-prometheus-stack/ks.yaml 12 | - loki/ks.yaml 13 | - promtail/ks.yaml 14 | - snmp-exporter/ks.yaml 15 | - unpoller/ks.yaml 16 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/loki/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/loki/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app loki 7 | namespace: &ns observability 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | dependsOn: 13 | - name: rook-ceph-cluster 14 | namespace: rook-ceph 15 | interval: 30m 16 | path: kubernetes/apps/observability/loki/app 17 | prune: true 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | targetNamespace: *ns 23 | timeout: 5m 24 | wait: false 25 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/promtail/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: promtail 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: promtail 12 | version: 6.16.6 13 | sourceRef: 14 | kind: HelmRepository 15 | name: grafana 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | retries: 3 24 | values: 25 | fullnameOverride: promtail 26 | config: 27 | clients: 28 | - url: http://loki-headless.observability.svc.cluster.local:3100/loki/api/v1/push 29 | serviceMonitor: 30 | enabled: true 31 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/promtail/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/promtail/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app promtail 7 | namespace: &ns observability 8 | spec: 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | interval: 30m 13 | path: kubernetes/apps/observability/promtail/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | targetNamespace: *ns 20 | timeout: 5m 21 | wait: false 22 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/snmp-exporter/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | - prometheusrule.yaml 7 | configMapGenerator: 8 | - name: snmp-exporter 9 | files: 10 | - snmp.yaml=resources/snmp.yml 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | labels: 14 | - pairs: 15 | app.kubernetes.io/name: snmp-exporter 16 | app.kubernetes.io/instance: snmp-exporter 17 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/snmp-exporter/app/prometheusrule.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PrometheusRule 4 | metadata: 5 | name: snmp-exporter 6 | spec: 7 | groups: 8 | - name: snmp-exporter.rules 9 | rules: 10 | - alert: UPSOnBattery 11 | expr: | 12 | (upsAdvBatteryRunTimeRemaining/60/100 <= 20 and upsBasicBatteryTimeOnBattery > 0) 13 | annotations: 14 | summary: > 15 | ZPM {{ $labels.instance }} is running on battery power and has less than {{ $value }} minutes of runtime remaining 16 | for: 5m 17 | labels: 18 | severity: critical 19 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/snmp-exporter/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: &app snmp-exporter 6 | namespace: &ns observability 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | interval: 30m 12 | path: kubernetes/apps/observability/snmp-exporter/app 13 | prune: true 14 | sourceRef: 15 | kind: GitRepository 16 | name: flux-system 17 | namespace: flux-system 18 | targetNamespace: *ns 19 | timeout: 5m 20 | wait: true 21 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/unpoller/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1beta1 4 | kind: ExternalSecret 5 | metadata: 6 | name: unpoller 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: unpoller-secret 13 | template: 14 | engineVersion: v2 15 | data: 16 | UP_UNIFI_DEFAULT_USER: "{{ .UNIFI_USERNAME }}" 17 | UP_UNIFI_DEFAULT_PASS: "{{ .UNIFI_PASSWORD }}" 18 | dataFrom: 19 | - extract: 20 | key: unpoller 21 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/unpoller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/unpoller/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app unpoller 7 | namespace: &ns observability 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | dependsOn: 14 | - name: onepassword 15 | namespace: external-secrets 16 | path: kubernetes/apps/observability/unpoller/app 17 | prune: true 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | wait: false 23 | interval: 30m 24 | retryInterval: 1m 25 | timeout: 5m 26 | -------------------------------------------------------------------------------- /kubernetes/apps/openebs-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: openebs-system 5 | components: 6 | - ../../components/common 7 | resources: 8 | - openebs/ks.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/openebs-system/openebs/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/openebs-system/openebs/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: &app openebs 6 | namespace: &ns openebs-system 7 | spec: 8 | targetNamespace: *ns 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | path: kubernetes/apps/openebs-system/openebs/app 13 | prune: true 14 | sourceRef: 15 | kind: GitRepository 16 | name: flux-system 17 | namespace: flux-system 18 | wait: false 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/rook-ceph/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: rook-ceph 5 | components: 6 | - ../../components/common 7 | resources: 8 | - rook-ceph/ks.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/rook-ceph/rook-ceph/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: rook-ceph-operator 6 | spec: 7 | interval: 30m 8 | chart: 9 | spec: 10 | chart: rook-ceph 11 | version: v1.17.1 12 | sourceRef: 13 | kind: HelmRepository 14 | name: rook-ceph 15 | namespace: flux-system 16 | install: 17 | remediation: 18 | retries: 3 19 | upgrade: 20 | cleanupOnFail: true 21 | remediation: 22 | strategy: rollback 23 | retries: 3 24 | values: 25 | csi: 26 | cephFSKernelMountOptions: ms_mode=prefer-crc 27 | enableLiveness: true 28 | serviceMonitor: 29 | enabled: true 30 | enableDiscoveryDaemon: true 31 | monitoring: 32 | enabled: true 33 | resources: 34 | requests: 35 | cpu: 100m # unchangable 36 | memory: 128Mi # unchangable 37 | limits: {} 38 | -------------------------------------------------------------------------------- /kubernetes/apps/rook-ceph/rook-ceph/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/rook-ceph/rook-ceph/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/self-hosted/atuin/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1beta1 4 | kind: ExternalSecret 5 | metadata: 6 | name: atuin 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: atuin-secret 13 | template: 14 | engineVersion: v2 15 | data: 16 | ATUIN_DB_URI: |- 17 | postgres://{{ .ATUIN_POSTGRES_USER }}:{{ .ATUIN_POSTGRES_PASS }}@redspot-rw.database.svc.cluster.local/atuin 18 | INIT_POSTGRES_DBNAME: atuin 19 | INIT_POSTGRES_HOST: redspot-rw.database.svc.cluster.local 20 | INIT_POSTGRES_USER: "{{ .ATUIN_POSTGRES_USER }}" 21 | INIT_POSTGRES_PASS: "{{ .ATUIN_POSTGRES_PASS }}" 22 | INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}" 23 | dataFrom: 24 | - extract: 25 | key: atuin 26 | - extract: 27 | key: cloudnative-pg 28 | -------------------------------------------------------------------------------- /kubernetes/apps/self-hosted/atuin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/self-hosted/atuin/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app atuin 7 | namespace: &ns self-hosted 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | dependsOn: 14 | - name: cloudnative-pg-cluster 15 | namespace: database 16 | - name: onepassword 17 | namespace: external-secrets 18 | path: kubernetes/apps/self-hosted/atuin/app 19 | prune: true 20 | sourceRef: 21 | kind: GitRepository 22 | name: flux-system 23 | namespace: flux-system 24 | wait: false 25 | interval: 30m 26 | retryInterval: 1m 27 | timeout: 5m 28 | postBuild: 29 | substitute: 30 | APP: *app 31 | GATUS_SUBDOMAIN: sh 32 | -------------------------------------------------------------------------------- /kubernetes/apps/self-hosted/hajimari/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - helmrelease.yaml 6 | -------------------------------------------------------------------------------- /kubernetes/apps/self-hosted/hajimari/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: &app hajimari 6 | namespace: &ns self-hosted 7 | spec: 8 | targetNamespace: *ns 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: *app 12 | path: kubernetes/apps/self-hosted/hajimari/app 13 | prune: true 14 | sourceRef: 15 | kind: GitRepository 16 | name: flux-system 17 | namespace: flux-system 18 | wait: true 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | -------------------------------------------------------------------------------- /kubernetes/apps/self-hosted/homebox/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1beta1 4 | kind: ExternalSecret 5 | metadata: 6 | name: homebox 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: homebox-secret 13 | creationPolicy: Owner 14 | template: 15 | data: 16 | HBOX_DATABASE_HOST: &dbHost redspot-rw.database.svc.cluster.local 17 | HBOX_DATABASE_PORT: "5432" 18 | HBOX_DATABASE_USERNAME: &dbUser "{{ .HOMEBOX_POSTGRES_USER }}" 19 | HBOX_DATABASE_PASSWORD: &dbPass "{{ .HOMEBOX_POSTGRES_PASSWORD }}" 20 | HBOX_DATABASE_DATABASE: &dbName homebox 21 | INIT_POSTGRES_DBNAME: *dbName 22 | INIT_POSTGRES_HOST: *dbHost 23 | INIT_POSTGRES_USER: *dbUser 24 | INIT_POSTGRES_PASS: *dbPass 25 | INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}" 26 | dataFrom: 27 | - extract: 28 | key: homebox 29 | - extract: 30 | key: cloudnative-pg 31 | -------------------------------------------------------------------------------- /kubernetes/apps/self-hosted/homebox/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/self-hosted/homebox/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app homebox 7 | namespace: &ns self-hosted 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | components: 14 | - ../../../../components/volsync 15 | dependsOn: 16 | - name: cloudnative-pg-cluster 17 | namespace: database 18 | - name: onepassword 19 | namespace: external-secrets 20 | - name: rook-ceph-cluster 21 | namespace: rook-ceph 22 | - name: volsync 23 | namespace: volsync-system 24 | path: kubernetes/apps/self-hosted/homebox/app 25 | prune: true 26 | sourceRef: 27 | kind: GitRepository 28 | name: flux-system 29 | namespace: flux-system 30 | wait: false 31 | interval: 30m 32 | retryInterval: 1m 33 | timeout: 5m 34 | postBuild: 35 | substitute: 36 | APP: *app 37 | VOLSYNC_CAPACITY: 15Gi 38 | -------------------------------------------------------------------------------- /kubernetes/apps/self-hosted/it-tools/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/self-hosted/it-tools/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app it-tools 7 | namespace: &ns self-hosted 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | interval: 30m 14 | timeout: 5m 15 | path: kubernetes/apps/self-hosted/it-tools/app 16 | prune: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | wait: false 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /kubernetes/apps/self-hosted/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: self-hosted 6 | components: 7 | - ../../components/common 8 | resources: 9 | - atuin/ks.yaml 10 | - hajimari/ks.yaml 11 | - homebox/ks.yaml 12 | - it-tools/ks.yaml 13 | - mealie/ks.yaml 14 | - nocodb/ks.yaml 15 | - paperless/ks.yaml 16 | - radicale/ks.yaml 17 | -------------------------------------------------------------------------------- /kubernetes/apps/self-hosted/mealie/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: external-secrets.io/v1beta1 3 | kind: ExternalSecret 4 | metadata: 5 | name: mealie 6 | spec: 7 | secretStoreRef: 8 | kind: ClusterSecretStore 9 | name: onepassword 10 | target: 11 | name: mealie-secret 12 | creationPolicy: Owner 13 | template: 14 | engineVersion: v2 15 | data: 16 | POSTGRES_SERVER: &dbHost redspot-rw.database.svc.cluster.local 17 | POSTGRES_PORT: "5432" 18 | POSTGRES_USER: &dbUser "{{ .MEALIE_POSTGRES_USER }}" 19 | POSTGRES_PASSWORD: &dbPass "{{ .MEALIE_POSTGRES_PASS }}" 20 | POSTGRES_DB: &dbName mealie 21 | INIT_POSTGRES_DBNAME: *dbName 22 | INIT_POSTGRES_HOST: *dbHost 23 | INIT_POSTGRES_USER: *dbUser 24 | INIT_POSTGRES_PASS: *dbPass 25 | INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}" 26 | dataFrom: 27 | - extract: 28 | key: mealie 29 | - extract: 30 | key: cloudnative-pg 31 | -------------------------------------------------------------------------------- /kubernetes/apps/self-hosted/mealie/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | 9 | -------------------------------------------------------------------------------- /kubernetes/apps/self-hosted/mealie/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app mealie 7 | namespace: &ns self-hosted 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | components: 14 | - ../../../../components/volsync 15 | dependsOn: 16 | - name: cloudnative-pg-cluster 17 | namespace: database 18 | - name: onepassword 19 | namespace: external-secrets 20 | - name: rook-ceph-cluster 21 | namespace: rook-ceph 22 | - name: volsync 23 | namespace: volsync-system 24 | path: kubernetes/apps/self-hosted/mealie/app 25 | prune: true 26 | sourceRef: 27 | kind: GitRepository 28 | name: flux-system 29 | namespace: flux-system 30 | wait: false 31 | interval: 30m 32 | retryInterval: 1m 33 | timeout: 5m 34 | postBuild: 35 | substitute: 36 | APP: *app 37 | VOLSYNC_CAPACITY: 15Gi 38 | -------------------------------------------------------------------------------- /kubernetes/apps/self-hosted/nocodb/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/self-hosted/nocodb/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app nocodb 7 | namespace: &namespace self-hosted 8 | spec: 9 | targetNamespace: *namespace 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | interval: 30m 14 | timeout: 5m 15 | path: kubernetes/apps/self-hosted/nocodb/app 16 | prune: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | wait: false 22 | dependsOn: 23 | - name: cloudnative-pg-cluster 24 | namespace: database 25 | - name: dragonfly-cluster 26 | namespace: database 27 | - name: onepassword 28 | namespace: external-secrets 29 | - name: rook-ceph-cluster 30 | namespace: rook-ceph 31 | - name: volsync 32 | namespace: volsync-system 33 | components: 34 | - ../../../../components/volsync 35 | postBuild: 36 | substitute: 37 | APP: *app 38 | VOLSYNC_CAPACITY: 5Gi 39 | -------------------------------------------------------------------------------- /kubernetes/apps/self-hosted/paperless/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/self-hosted/paperless/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app paperless 7 | namespace: &ns self-hosted 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | components: 14 | - ../../../../components/volsync 15 | dependsOn: 16 | - name: cloudnative-pg-cluster 17 | namespace: database 18 | - name: dragonfly-cluster 19 | namespace: database 20 | - name: onepassword 21 | namespace: external-secrets 22 | - name: rook-ceph-cluster 23 | namespace: rook-ceph 24 | - name: volsync 25 | namespace: volsync-system 26 | path: kubernetes/apps/self-hosted/paperless/app 27 | prune: true 28 | sourceRef: 29 | kind: GitRepository 30 | name: flux-system 31 | namespace: flux-system 32 | wait: false 33 | interval: 30m 34 | retryInterval: 1m 35 | timeout: 5m 36 | postBuild: 37 | substitute: 38 | APP: *app 39 | VOLSYNC_CAPACITY: 15Gi 40 | VOLSYNC_PUID: "1000" 41 | VOLSYNC_PGID: "1000" 42 | -------------------------------------------------------------------------------- /kubernetes/apps/self-hosted/radicale/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1beta1 4 | kind: ExternalSecret 5 | metadata: 6 | name: radicale 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: radicale-secret 13 | creationPolicy: Owner 14 | template: 15 | engineVersion: v2 16 | data: 17 | users: |- 18 | {{ .username }}:{{ .password}} 19 | dataFrom: 20 | - extract: 21 | key: radicale 22 | -------------------------------------------------------------------------------- /kubernetes/apps/self-hosted/radicale/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | - externalsecret.yaml 8 | configMapGenerator: 9 | - name: radicale-configmap 10 | files: 11 | - ./config/config.cfg 12 | generatorOptions: 13 | annotations: 14 | kustomize.toolkit.fluxcd.io/substitute: disabled 15 | configurations: 16 | - kustomizeconfig.yaml 17 | -------------------------------------------------------------------------------- /kubernetes/apps/self-hosted/radicale/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/values/persistence/config/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/self-hosted/radicale/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app radicale 7 | namespace: &ns self-hosted 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | components: 14 | - ../../../../components/volsync 15 | dependsOn: 16 | - name: cloudnative-pg-cluster 17 | namespace: database 18 | - name: onepassword 19 | namespace: external-secrets 20 | - name: rook-ceph-cluster 21 | namespace: rook-ceph 22 | - name: volsync 23 | namespace: volsync-system 24 | path: kubernetes/apps/self-hosted/radicale/app 25 | prune: true 26 | sourceRef: 27 | kind: GitRepository 28 | name: flux-system 29 | namespace: flux-system 30 | wait: false 31 | interval: 30m 32 | retryInterval: 1m 33 | timeout: 5m 34 | postBuild: 35 | substitute: 36 | APP: *app 37 | VOLSYNC_CAPACITY: 15Gi 38 | -------------------------------------------------------------------------------- /kubernetes/apps/system-upgrade/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: system-upgrade 6 | components: 7 | - ../../components/common 8 | resources: 9 | - ./system-upgrade-controller/ks.yaml 10 | configMapGenerator: 11 | - name: versions 12 | envs: [versions.env] 13 | configurations: 14 | - ./kustomizeconfig.yaml 15 | -------------------------------------------------------------------------------- /kubernetes/apps/system-upgrade/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/postBuild/substituteFrom/name 7 | kind: Kustomization 8 | -------------------------------------------------------------------------------- /kubernetes/apps/system-upgrade/system-upgrade-controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | - rbac.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/system-upgrade/system-upgrade-controller/app/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: system-upgrade-controller 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: cluster-admin 10 | subjects: 11 | - kind: ServiceAccount 12 | name: system-upgrade-controller 13 | namespace: system-upgrade 14 | --- 15 | apiVersion: talos.dev/v1alpha1 16 | kind: ServiceAccount 17 | metadata: 18 | name: system-upgrade-controller 19 | spec: 20 | roles: ["os:admin"] 21 | -------------------------------------------------------------------------------- /kubernetes/apps/system-upgrade/system-upgrade-controller/plans/kubernetes.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/upgrade.cattle.io/plan_v1.json 3 | apiVersion: upgrade.cattle.io/v1 4 | kind: Plan 5 | metadata: 6 | name: kubernetes 7 | spec: 8 | version: ${KUBERNETES_VERSION} 9 | concurrency: 1 10 | exclusive: true 11 | serviceAccountName: system-upgrade-controller 12 | secrets: 13 | - name: system-upgrade-controller 14 | path: /var/run/secrets/talos.dev 15 | ignoreUpdates: true 16 | nodeSelector: 17 | matchExpressions: 18 | - key: node-role.kubernetes.io/control-plane 19 | operator: Exists 20 | upgrade: 21 | image: ghcr.io/siderolabs/talosctl:${TALOS_VERSION} 22 | args: 23 | - --nodes=$(SYSTEM_UPGRADE_NODE_NAME) 24 | - upgrade-k8s 25 | - --to=$(SYSTEM_UPGRADE_PLAN_LATEST_VERSION) 26 | -------------------------------------------------------------------------------- /kubernetes/apps/system-upgrade/system-upgrade-controller/plans/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - kubernetes.yaml 7 | - talos.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/system-upgrade/system-upgrade-controller/plans/talos.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/upgrade.cattle.io/plan_v1.json 3 | apiVersion: upgrade.cattle.io/v1 4 | kind: Plan 5 | metadata: 6 | name: talos 7 | spec: 8 | version: ${TALOS_VERSION} 9 | concurrency: 1 10 | postCompleteDelay: 2m 11 | exclusive: true 12 | serviceAccountName: system-upgrade-controller 13 | secrets: 14 | - name: system-upgrade-controller 15 | path: /var/run/secrets/talos.dev 16 | ignoreUpdates: true 17 | nodeSelector: 18 | matchExpressions: 19 | - key: kubernetes.io/hostname 20 | operator: Exists 21 | upgrade: 22 | image: ghcr.io/jfroy/tnu:0.4.1 23 | args: 24 | - --node=$(SYSTEM_UPGRADE_NODE_NAME) 25 | - --tag=$(SYSTEM_UPGRADE_PLAN_LATEST_VERSION) 26 | - --powercycle 27 | -------------------------------------------------------------------------------- /kubernetes/apps/system-upgrade/versions.env: -------------------------------------------------------------------------------- 1 | # renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet 2 | KUBERNETES_VERSION=v1.32.3 3 | # renovate: datasource=docker depName=ghcr.io/siderolabs/installer 4 | TALOS_VERSION=v1.9.5 5 | -------------------------------------------------------------------------------- /kubernetes/apps/volsync-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: volsync-system 6 | components: 7 | - ../../components/common 8 | resources: 9 | - volsync/ks.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/volsync-system/volsync/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: volsync 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: volsync 12 | version: 0.12.1 13 | sourceRef: 14 | kind: HelmRepository 15 | name: backube 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | strategy: rollback 24 | retries: 3 25 | dependsOn: 26 | - name: snapshot-controller 27 | namespace: kube-system 28 | values: 29 | manageCRDs: true 30 | metrics: 31 | disableAuth: true 32 | -------------------------------------------------------------------------------- /kubernetes/apps/volsync-system/volsync/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | - prometheusrule.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/volsync-system/volsync/app/prometheusrule.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/prometheusrule_v1.json 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: PrometheusRule 5 | metadata: 6 | name: volsync 7 | spec: 8 | groups: 9 | - name: volsync.rules 10 | rules: 11 | - alert: VolSyncComponentAbsent 12 | annotations: 13 | summary: VolSync component has disappeared from Prometheus target discovery. 14 | expr: | 15 | absent(up{job="volsync-metrics"}) 16 | for: 15m 17 | labels: 18 | severity: critical 19 | - alert: VolSyncVolumeOutOfSync 20 | annotations: 21 | summary: >- 22 | {{ $labels.obj_namespace }}/{{ $labels.obj_name }} volume 23 | is out of sync. 24 | expr: | 25 | volsync_volume_out_of_sync == 1 26 | for: 15m 27 | labels: 28 | severity: critical 29 | -------------------------------------------------------------------------------- /kubernetes/apps/volsync-system/volsync/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app volsync 7 | namespace: &ns volsync-system 8 | spec: 9 | targetNamespace: *ns 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *app 13 | path: kubernetes/apps/volsync-system/volsync/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | wait: false 20 | interval: 30m 21 | retryInterval: 1m 22 | timeout: 5m 23 | -------------------------------------------------------------------------------- /kubernetes/bootstrap/.sourceignore: -------------------------------------------------------------------------------- 1 | # excluded from flux GitRepository archive tarball 2 | * 3 | -------------------------------------------------------------------------------- /kubernetes/bootstrap/resources/secrets.yaml.tpl: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: external-secrets 6 | --- 7 | apiVersion: v1 8 | kind: Secret 9 | metadata: 10 | name: onepassword-secret 11 | namespace: external-secrets 12 | stringData: 13 | 1password-credentials.json: op://Secrets/1password/OP_CREDENTIALS_JSON 14 | token: op://Secrets/1password/OP_CONNECT_TOKEN 15 | -------------------------------------------------------------------------------- /kubernetes/components/common/alerts/alertmanager/alert.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: notification.toolkit.fluxcd.io/v1beta3 3 | kind: Alert 4 | metadata: 5 | name: alertmanager 6 | spec: 7 | providerRef: 8 | name: alertmanager 9 | eventSeverity: error 10 | eventSources: 11 | - kind: FluxInstance 12 | name: "*" 13 | - kind: GitRepository 14 | name: "*" 15 | - kind: HelmRelease 16 | name: "*" 17 | - kind: HelmRepository 18 | name: "*" 19 | - kind: Kustomization 20 | name: "*" 21 | - kind: OCIRepository 22 | name: "*" 23 | exclusionList: 24 | - "error.*lookup github\\.com" 25 | - "error.*lookup raw\\.githubusercontent\\.com" 26 | - "dial.*tcp.*timeout" 27 | - "waiting.*socket" 28 | suspend: false 29 | -------------------------------------------------------------------------------- /kubernetes/components/common/alerts/alertmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - alert.yaml 6 | - provider.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/components/common/alerts/alertmanager/provider.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: notification.toolkit.fluxcd.io/v1beta3 3 | kind: Provider 4 | metadata: 5 | name: alertmanager 6 | spec: 7 | type: alertmanager 8 | address: http://alertmanager-operated.monitoring.svc.cluster.local:9093/api/v2/alerts/ 9 | -------------------------------------------------------------------------------- /kubernetes/components/common/alerts/github/alert.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/notification.toolkit.fluxcd.io/alert_v1beta3.json 3 | apiVersion: notification.toolkit.fluxcd.io/v1beta3 4 | kind: Alert 5 | metadata: 6 | name: github 7 | spec: 8 | providerRef: 9 | name: github 10 | eventSeverity: info 11 | eventSources: 12 | - kind: Kustomization 13 | name: "*" 14 | -------------------------------------------------------------------------------- /kubernetes/components/common/alerts/github/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1beta1 4 | kind: ExternalSecret 5 | metadata: 6 | name: github-token 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: github-token-secret 13 | template: 14 | engineVersion: v2 15 | data: 16 | token: "{{ .FLUX_GITHUB_TOKEN }}" 17 | dataFrom: 18 | - extract: 19 | key: flux 20 | -------------------------------------------------------------------------------- /kubernetes/components/common/alerts/github/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - alert.yaml 7 | - externalsecret.yaml 8 | - provider.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/components/common/alerts/github/provider.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/notification.toolkit.fluxcd.io/provider_v1beta3.json 3 | apiVersion: notification.toolkit.fluxcd.io/v1beta3 4 | kind: Provider 5 | metadata: 6 | name: github 7 | spec: 8 | type: github 9 | address: https://github.com/zebernst/homelab 10 | secretRef: 11 | name: github-token-secret 12 | -------------------------------------------------------------------------------- /kubernetes/components/common/alerts/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - alertmanager 6 | - github 7 | -------------------------------------------------------------------------------- /kubernetes/components/common/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1alpha1 3 | kind: Component 4 | resources: 5 | - alerts/ 6 | - namespace.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/components/common/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: not-used 6 | annotations: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | volsync.backube/privileged-movers: "true" 9 | -------------------------------------------------------------------------------- /kubernetes/components/gatus/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | endpoints: 3 | - name: "${APP}" 4 | url: "https://${GATUS_SUBDOMAIN:=${APP}}.zebernst.dev${GATUS_PATH:=/}" 5 | interval: 1m 6 | client: 7 | dns-resolver: tcp://1.1.1.1:53 8 | conditions: 9 | - "[STATUS] == ${GATUS_STATUS:=200}" 10 | alerts: 11 | - type: pushover 12 | -------------------------------------------------------------------------------- /kubernetes/components/gatus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1alpha1 4 | kind: Component 5 | configMapGenerator: 6 | - name: ${APP}-gatus-ep 7 | files: 8 | - config.yaml 9 | options: 10 | labels: 11 | gatus.io/enabled: "true" 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/components/volsync/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1alpha1 4 | kind: Component 5 | resources: 6 | - b2.yaml 7 | - pvc.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/components/volsync/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: "${APP}" 6 | spec: 7 | accessModes: ["${VOLSYNC_ACCESSMODES:=ReadWriteOnce}"] 8 | dataSourceRef: 9 | kind: ReplicationDestination 10 | apiGroup: volsync.backube 11 | name: "${APP}" 12 | resources: 13 | requests: 14 | storage: "${VOLSYNC_CAPACITY:=5Gi}" 15 | storageClassName: "${VOLSYNC_STORAGECLASS:=ceph-block}" 16 | -------------------------------------------------------------------------------- /kubernetes/flux/cluster/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: cluster-meta 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | path: kubernetes/flux/meta 10 | prune: true 11 | sourceRef: 12 | kind: GitRepository 13 | name: flux-system 14 | namespace: flux-system 15 | # Flux repositories under this need flux-system hardcoded as namespace for Renovate lookups 16 | targetNamespace: flux-system 17 | timeout: 5m 18 | wait: true 19 | --- 20 | apiVersion: kustomize.toolkit.fluxcd.io/v1 21 | kind: Kustomization 22 | metadata: 23 | name: cluster-apps 24 | namespace: flux-system 25 | spec: 26 | dependsOn: 27 | - name: cluster-meta 28 | namespace: flux-system 29 | interval: 30m 30 | path: kubernetes/apps 31 | prune: true 32 | sourceRef: 33 | kind: GitRepository 34 | name: flux-system 35 | namespace: flux-system 36 | wait: false 37 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - repositories 6 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/git/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: [] 5 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/backube.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: backube 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://backube.github.io/helm-charts/ 11 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/bjw-s.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: bjw-s 6 | namespace: flux-system 7 | spec: 8 | type: oci 9 | interval: 5m 10 | url: oci://ghcr.io/bjw-s/helm 11 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/cilium.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: cilium 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://helm.cilium.io 10 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/cloudnative-pg.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: cloudnative-pg 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://cloudnative-pg.github.io/charts 11 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/controlplaneio.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: controlplaneio 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 5m 11 | url: oci://ghcr.io/controlplaneio-fluxcd/charts 12 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/coredns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: coredns 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://coredns.github.io/helm 10 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/deliveryhero.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: deliveryhero 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://charts.deliveryhero.io/ 11 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/descheduler.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: descheduler 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://kubernetes-sigs.github.io/descheduler 11 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/emqx.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: emqx-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://repos.emqx.io/charts 10 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/external-dns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: external-dns 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://kubernetes-sigs.github.io/external-dns 10 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/external-secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: external-secrets 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://charts.external-secrets.io 11 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/go-skynet.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: go-skynet 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://go-skynet.github.io/helm-charts/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/grafana.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: grafana 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://grafana.github.io/helm-charts 10 | --- 11 | apiVersion: source.toolkit.fluxcd.io/v1 12 | kind: HelmRepository 13 | metadata: 14 | name: grafana-oci 15 | namespace: flux-system 16 | spec: 17 | interval: 1h 18 | type: "oci" 19 | url: oci://ghcr.io/grafana/helm-charts 20 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/hajimari-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: hajimari-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://hajimari.io 10 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/ingress-nginx.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: ingress-nginx 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://kubernetes.github.io/ingress-nginx 10 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/intel.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: intel 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://intel.github.io/helm-charts 11 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/jetstack.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: jetstack 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://charts.jetstack.io 10 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/k8s-gateway.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: k8s-gateway 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://ori-edge.github.io/k8s_gateway 10 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - backube.yaml 7 | - bjw-s.yaml 8 | - cilium.yaml 9 | - cloudnative-pg.yaml 10 | - controlplaneio.yaml 11 | - coredns.yaml 12 | - deliveryhero.yaml 13 | - descheduler.yaml 14 | - emqx.yaml 15 | - external-dns.yaml 16 | - external-secrets.yaml 17 | - go-skynet.yaml 18 | - grafana.yaml 19 | - hajimari-charts.yaml 20 | - ingress-nginx.yaml 21 | - intel.yaml 22 | - jetstack.yaml 23 | - k8s-gateway.yaml 24 | - metrics-server.yaml 25 | - nfs-subdir-external-provisioner.yaml 26 | - node-feature-discovery.yaml 27 | - nvidia.yaml 28 | - openebs.yaml 29 | - piraeus.yaml 30 | - postfinance.yaml 31 | - prometheus-community.yaml 32 | - rook-ceph.yaml 33 | - spegel.yaml 34 | - stakater.yaml 35 | - synology-csi-talos.yaml 36 | - tailscale.yaml 37 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/metrics-server.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: metrics-server 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://kubernetes-sigs.github.io/metrics-server 10 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/nfs-subdir-external-provisioner.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: nfs-subdir-external-provisioner 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner 11 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/node-feature-discovery.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: node-feature-discovery 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://kubernetes-sigs.github.io/node-feature-discovery/charts 11 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/nvidia.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: nvidia 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://nvidia.github.io/k8s-device-plugin 11 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/openebs.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: openebs 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://openebs.github.io/openebs 10 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/piraeus.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: piraeus 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://piraeus.io/helm-charts/ 11 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/postfinance.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: postfinance 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://postfinance.github.io/kubelet-csr-approver 10 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/prometheus-community.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: prometheus-community 6 | namespace: flux-system 7 | spec: 8 | type: oci 9 | interval: 5m 10 | url: oci://ghcr.io/prometheus-community/charts 11 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/rook-ceph.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: rook-ceph 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://charts.rook.io/release 10 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/spegel.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: spegel 6 | namespace: flux-system 7 | spec: 8 | type: oci 9 | interval: 5m 10 | url: oci://ghcr.io/spegel-org/helm-charts 11 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/stakater.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: stakater 6 | namespace: flux-system 7 | spec: 8 | type: oci 9 | interval: 5m 10 | url: oci://ghcr.io/stakater/charts 11 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/synology-csi-talos.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: synology-csi-talos 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | url: https://zebernst.github.io/synology-csi-talos 10 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/helm/tailscale.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: tailscale 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://pkgs.tailscale.com/helmcharts/ 10 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - git 6 | - helm 7 | - oci 8 | -------------------------------------------------------------------------------- /kubernetes/flux/meta/repositories/oci/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: [] 5 | -------------------------------------------------------------------------------- /talos/controlplane/io.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | machine: 3 | install: 4 | diskSelector: 5 | serial: 50026B728363711A 6 | extraKernelArgs: 7 | - intel_iommu=on # PCI Passthrough 8 | network: 9 | hostname: io.k8s.internal 10 | interfaces: 11 | - interface: bond0 12 | bond: 13 | deviceSelectors: [ { hardwareAddr: "58:47:ca:7a:*", driver: igc } ] 14 | mode: 802.3ad 15 | xmitHashPolicy: layer3+4 16 | lacpRate: fast 17 | miimon: 1000 18 | dhcp: true 19 | mtu: 9000 20 | vlans: 21 | - { vlanId: 20, dhcp: false, mtu: 1500 } 22 | - { vlanId: 30, dhcp: false, mtu: 1500 } 23 | - # ganymede 24 | deviceSelector: { busPath: 0-1.0 } 25 | dhcp: false 26 | mtu: 65520 27 | addresses: [169.254.255.10/32] 28 | routes: [{ network: 169.254.255.11/32, metric: 2048 }] 29 | - # callisto 30 | deviceSelector: { busPath: 1-1.0 } 31 | dhcp: false 32 | mtu: 65520 33 | addresses: [169.254.255.10/32] 34 | routes: [{ network: 169.254.255.12/32, metric: 2048 }] 35 | nodeLabels: 36 | topology.kubernetes.io/zone: m 37 | sysfs: 38 | devices.system.cpu.intel_pstate.hwp_dynamic_boost: 1 39 | --------------------------------------------------------------------------------