diff --git a/.envrc b/.envrc index 9d281dedf0006..7998ea6b16a93 100644 --- a/.envrc +++ b/.envrc @@ -1,4 +1,4 @@ #shellcheck disable=SC2148,SC2155 -export KUBECONFIG=$(expand_path ./ansible/kubernetes/kubeconfig) +export KUBECONFIG=$(expand_path ./provision/kubernetes/ansible/kubeconfig) export KUBECTL_EXTERNAL_DIFF="dyff between --omit-header --set-exit-code" export SOPS_AGE_KEY_FILE=$(expand_path ~/.config/sops/age/keys.txt) diff --git a/.github/workflows/publish-terraform-oci.yaml b/.github/workflows/publish-terraform-oci.yaml index c9dc3586f1728..577913a83f6dc 100644 --- a/.github/workflows/publish-terraform-oci.yaml +++ b/.github/workflows/publish-terraform-oci.yaml @@ -7,9 +7,6 @@ on: branches: ["main"] paths: ["terraform/**"] -env: - IMAGE_REGISTRY: ghcr.io - jobs: changed-files: name: Generate Build Matrix @@ -38,7 +35,7 @@ jobs: dir_names_max_depth: 2 json: true files: | - terraform/** + provision/** - name: List all changed files run: | @@ -85,7 +82,7 @@ jobs: - name: Generate OCI tag id: generate-tag - run: echo "tag=${{ env.IMAGE_REGISTRY }}/${{ github.repository_owner }}/terraform-$(basename ${{ matrix.project }})-oci:$(git rev-parse --short HEAD)" >> "${GITHUB_OUTPUT}" + run: echo "tag=ghcr.io/${{ github.repository_owner }}/provision-$(basename ${{ matrix.project }})-oci:$(git rev-parse --short HEAD)" >> "${GITHUB_OUTPUT}" - name: Publish OCI run: | diff --git a/.sops.yaml b/.sops.yaml index 960912ea01c3b..30dd3ef61bdbd 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -17,11 +17,7 @@ creation_rules: key_groups: - age: - age15uzrw396e67z9wdzsxzdk7ka0g2gr3l460e0slaea563zll3hdfqwqxdta - - path_regex: ansible/.*\.sops\.ya?ml - key_groups: - - age: - - age15uzrw396e67z9wdzsxzdk7ka0g2gr3l460e0slaea563zll3hdfqwqxdta - - path_regex: terraform/.*\.sops\.ya?ml + - path_regex: provision/.*\.sops\.ya?ml key_groups: - age: - age15uzrw396e67z9wdzsxzdk7ka0g2gr3l460e0slaea563zll3hdfqwqxdta diff --git a/Taskfile.yml b/Taskfile.yml index 8753fc6fdd833..1fed268eb8913 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -2,14 +2,13 @@ version: "3" vars: - ANSIBLE_DIR: "{{.ROOT_DIR}}/ansible" CLUSTER_DIR: "{{.ROOT_DIR}}/kubernetes" + PROVISION_DIR: "{{.ROOT_DIR}}/provision" env: - KUBECONFIG: "{{.ANSIBLE_DIR}}/kubernetes/kubeconfig" + KUBECONFIG: "{{.PROVISION_DIR}}/kubernetes/ansible/kubeconfig" includes: - an: .taskfiles/Ansible/Tasks.yml es: .taskfiles/ExternalSecrets/Tasks.yml fx: .taskfiles/Flux/Tasks.yml ku: .taskfiles/Kubernetes/Tasks.yml diff --git a/archive/default/audiobookshelf/app/helmrelease.yaml b/archive/default/audiobookshelf/app/helmrelease.yaml deleted file mode 100644 index 2690c3c34122a..0000000000000 --- a/archive/default/audiobookshelf/app/helmrelease.yaml +++ /dev/null @@ -1,91 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: audiobookshelf - namespace: default -spec: - interval: 15m - chart: - spec: - chart: app-template - version: 1.3.0 - sourceRef: - kind: HelmRepository - name: bjw-s - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - controller: - type: statefulset - image: - repository: ghcr.io/advplyr/audiobookshelf - tag: 2.2.14 - env: - TZ: America/New_York - AUDIOBOOKSHELF_UID: 568 - AUDIOBOOKSHELF_GID: 568 - CONFIG_PATH: /config - METADATA_PATH: /config/metadata - service: - main: - ports: - http: - port: 80 - ingress: - main: - enabled: true - ingressClassName: nginx - annotations: - nginx.ingress.kubernetes.io/whitelist-source-range: | - 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 - hajimari.io/icon: mdi:podcast - hosts: - - host: &host "{{ .Release.Name }}.devbu.io" - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - *host - podSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - fsGroupChangePolicy: OnRootMismatch - supplementalGroups: [10000] - volumeClaimTemplates: - - name: config - mountPath: /config - accessMode: ReadWriteOnce - size: 5Gi - storageClass: ceph-block - persistence: - media: - enabled: true - type: nfs - server: expanse.turbo.ac - path: /eros/Media - mountPath: /media - readOnly: true - cache: - enabled: true - mountPath: /.npm - type: emptyDir - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - memory: 500Mi diff --git a/archive/default/audiobookshelf/app/kustomization.yaml b/archive/default/audiobookshelf/app/kustomization.yaml deleted file mode 100644 index 21adcf0e38f3a..0000000000000 --- a/archive/default/audiobookshelf/app/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: default -resources: - - ./helmrelease.yaml - - ./volsync.yaml diff --git a/archive/default/audiobookshelf/app/volsync.yaml b/archive/default/audiobookshelf/app/volsync.yaml deleted file mode 100644 index d3bd01a4f0e63..0000000000000 --- a/archive/default/audiobookshelf/app/volsync.yaml +++ /dev/null @@ -1,45 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/externalsecret_v1beta1.json -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: audiobookshelf-restic - namespace: default -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect - target: - name: audiobookshelf-restic-secret - creationPolicy: Owner - template: - engineVersion: v2 - data: - RESTIC_REPOSITORY: '{{ .REPOSITORY_TEMPLATE }}/audiobookshelf' - RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}' - AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}' - AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}' - dataFrom: - - extract: - key: volsync-restic-template ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: audiobookshelf - namespace: default -spec: - sourcePVC: config-audiobookshelf-0 - trigger: - schedule: "0 0 * * *" - restic: - copyMethod: Snapshot - pruneIntervalDays: 10 - repository: audiobookshelf-restic-secret - cacheCapacity: 2Gi - volumeSnapshotClassName: csi-ceph-blockpool - storageClassName: ceph-block - retain: - daily: 10 - within: 3d diff --git a/archive/default/audiobookshelf/ks.yaml b/archive/default/audiobookshelf/ks.yaml deleted file mode 100644 index a548b22248daf..0000000000000 --- a/archive/default/audiobookshelf/ks.yaml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: cluster-apps-audiobookshelf - namespace: flux-system -spec: - dependsOn: - - name: cluster-apps-rook-ceph-cluster - - name: cluster-apps-volsync - path: ./kubernetes/apps/default/audiobookshelf/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: audiobookshelf - namespace: default - interval: 30m - retryInterval: 1m - timeout: 3m diff --git a/archive/default/echo-server/app/helmrelease.yaml b/archive/default/echo-server/app/helmrelease.yaml deleted file mode 100644 index cdc4f43423401..0000000000000 --- a/archive/default/echo-server/app/helmrelease.yaml +++ /dev/null @@ -1,83 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: &app echo-server - namespace: default -spec: - interval: 15m - chart: - spec: - chart: app-template - version: 1.2.1 - sourceRef: - kind: HelmRepository - name: bjw-s - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - controller: - replicas: 3 - strategy: RollingUpdate - image: - repository: docker.io/jmalloc/echo-server - tag: 0.3.4 - service: - main: - ports: - http: - port: &port 8080 - probes: - liveness: &probes - enabled: true - custom: true - spec: - httpGet: - path: /health - port: *port - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - readiness: *probes - startup: - enabled: false - ingress: - main: - enabled: true - ingressClassName: nginx - annotations: - external-dns.alpha.kubernetes.io/target: ipv4.devbu.io - hajimari.io/icon: mdi:video-input-antenna - hosts: - - host: &host "{{ .Release.Name }}.devbu.io" - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - *host - topologySpreadConstraints: - - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - labelSelector: - matchLabels: - app.kubernetes.io/name: *app - resources: - requests: - cpu: 5m - memory: 10Mi - limits: - memory: 50Mi diff --git a/archive/default/echo-server/app/kustomization.yaml b/archive/default/echo-server/app/kustomization.yaml deleted file mode 100644 index 5b48b4e2611dc..0000000000000 --- a/archive/default/echo-server/app/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: default -resources: - - ./helmrelease.yaml diff --git a/archive/default/echo-server/ks.yaml b/archive/default/echo-server/ks.yaml deleted file mode 100644 index e5ab1816a4cae..0000000000000 --- a/archive/default/echo-server/ks.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: cluster-apps-echo-server - namespace: flux-system -spec: - path: ./kubernetes/apps/default/echo-server/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: echo-server - namespace: default - interval: 30m - retryInterval: 1m - timeout: 3m diff --git a/archive/default/emqx/app/externalsecret.yaml b/archive/default/emqx/app/externalsecret.yaml deleted file mode 100644 index 842065f6b557d..0000000000000 --- a/archive/default/emqx/app/externalsecret.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/externalsecret_v1beta1.json -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: emqx - namespace: default -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect - target: - name: emqx-secret - creationPolicy: Owner - dataFrom: - - extract: - # admin_password, user_1_username, user_2_password - key: emqx diff --git a/archive/default/emqx/app/helmrelease.yaml b/archive/default/emqx/app/helmrelease.yaml deleted file mode 100644 index 71f9502cd3201..0000000000000 --- a/archive/default/emqx/app/helmrelease.yaml +++ /dev/null @@ -1,88 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: emqx - namespace: default -spec: - interval: 15m - chart: - spec: - chart: emqx - version: 5.0.18 - sourceRef: - kind: HelmRepository - name: emqx - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - image: - repository: public.ecr.aws/emqx/emqx - replicaCount: 3 - recreatePods: true - emqxConfig: - EMQX_ALLOW_ANONYMOUS: "false" - EMQX_AUTH__MNESIA__PASSWORD_HASH: plain - service: - type: LoadBalancer - annotations: - coredns.io/hostname: emqx.devbu.io - externalIPs: ["${SVC_EMQX_ADDR}"] - externalTrafficPolicy: Local - ingress: - dashboard: - enabled: true - ingressClassName: nginx - annotations: - nginx.ingress.kubernetes.io/whitelist-source-range: | - 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 - hajimari.io/appName: "EMQX" - hajimari.io/icon: simple-icons:eclipsemosquitto - path: / - pathType: Prefix - hosts: - - &host emqx.devbu.io - tls: - - hosts: - - *host - metrics: - enabled: false - persistence: - enabled: true - storageClassName: local-path - size: 100Mi - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: ["emqx"] - topologyKey: kubernetes.io/hostname - valuesFrom: - - targetPath: emqxConfig.EMQX_DASHBOARD__DEFAULT_PASSWORD - kind: Secret - name: emqx-secret - valuesKey: admin_password - - targetPath: emqxConfig.EMQX_AUTH__USER__1__USERNAME - kind: Secret - name: emqx-secret - valuesKey: user_1_username - - targetPath: emqxConfig.EMQX_AUTH__USER__1__PASSWORD - kind: Secret - name: emqx-secret - valuesKey: user_1_password diff --git a/archive/default/emqx/app/kustomization.yaml b/archive/default/emqx/app/kustomization.yaml deleted file mode 100644 index b27773f8c4381..0000000000000 --- a/archive/default/emqx/app/kustomization.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: default -resources: - - ./externalsecret.yaml - - ./helmrelease.yaml -labels: - - pairs: - app.kubernetes.io/name: emqx - app.kubernetes.io/instance: emqx diff --git a/archive/default/emqx/ks.yaml b/archive/default/emqx/ks.yaml deleted file mode 100644 index 1a7295cd5702c..0000000000000 --- a/archive/default/emqx/ks.yaml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: cluster-apps-emqx - namespace: flux-system -spec: - dependsOn: - - name: cluster-apps-local-path-provisioner - - name: cluster-apps-rook-ceph-cluster - path: ./kubernetes/apps/default/emqx/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: emqx - namespace: default - interval: 30m - retryInterval: 1m - timeout: 3m diff --git a/archive/default/gitea/app/externalsecret.yaml b/archive/default/gitea/app/externalsecret.yaml deleted file mode 100644 index 80c24d718fd13..0000000000000 --- a/archive/default/gitea/app/externalsecret.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/externalsecret_v1beta1.json -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: gitea-config - namespace: default -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect - target: - name: gitea-config-secret - creationPolicy: Owner - template: - engineVersion: v2 - data: - # Gitea - adminPassword: "{{ .ADMIN_PASSWORD }}" - accessKeyId: "{{ .AWS_ACCESS_KEY_ID }}" - secretAccessKey: "{{ .AWS_SECRET_ACCESS_KEY }}" - # bindDn: "{{ .LDAP_BIND_DN }}" - # bindPassword: "{{ .LDAP_BIND_PASSWORD }}" - # Authelia - key: gitea - secret: "{{ .GITEA_OAUTH_CLIENT_SECRET }}" - dataFrom: - - extract: - key: authelia - - extract: - key: gitea diff --git a/archive/default/gitea/app/helmrelease.yaml b/archive/default/gitea/app/helmrelease.yaml deleted file mode 100644 index 97677194b017a..0000000000000 --- a/archive/default/gitea/app/helmrelease.yaml +++ /dev/null @@ -1,161 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: gitea - namespace: default -spec: - interval: 15m - chart: - spec: - chart: gitea - version: 7.0.2 - sourceRef: - kind: HelmRepository - name: gitea - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 5 - upgrade: - remediation: - retries: 5 - values: - statefulset: - annotations: - reloader.stakater.com/auto: "true" - image: - rootless: true - containerSecurityContext: - capabilities: - add: ["SYS_CHROOT"] - ingress: - enabled: true - ingressClassName: nginx - annotations: - nginx.ingress.kubernetes.io/whitelist-source-range: | - 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 - hosts: - - host: &host gitea.devbu.io - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - *host - memcached: - enabled: false - postgresql: - enabled: false - persistence: - enabled: true - accessModes: ["ReadWriteOnce"] - size: 10Gi - storageClass: ceph-block - gitea: - admin: - email: admin@buhl.casa - username: gitea - config: - APP_NAME: Tea, Git, Hot - server: - DISABLE_SSH: true - DOMAIN: gitea.devbu.io - ROOT_URL: https://gitea.devbu.io - ENABLE_GZIP: true - LANDING_PAGE: login - LFS_START_SERVER: true - admin: - DISABLE_REGULAR_ORG_CREATION: true - ui: - DEFAULT_THEME: arc-green - repository: - DEFAULT_BRANCH: main - DEFAULT_PRIVATE: true - database: - DB_TYPE: sqlite3 - # DB_TYPE: postgres - # HOST: postgres-rw.default.svc.cluster.local:5432 - # NAME: gitea - # USER: gitea - # PASSWD: - service: - DISABLE_REGISTRATION: false - ALLOW_ONLY_EXTERNAL_REGISTRATION: true - SHOW_REGISTRATION_BUTTON: false - REQUIRE_SIGNIN_VIEW: true - DEFAULT_KEEP_EMAIL_PRIVATE: true - DEFAULT_ALLOW_CREATE_ORGANIZATION: false - DEFAULT_USER_IS_RESTRICTED: true - cron: - ENABLED: true - attachment: - STORAGE_TYPE: minio - MINIO_ENDPOINT: s3.turbo.ac - MINIO_BUCKET: gitea - storage: - STORAGE_TYPE: minio - MINIO_ENDPOINT: s3.turbo.ac - MINIO_BUCKET: gitea - mailer: - ENABLED: true - MAILER_TYPE: smtp - SMTP_ADDR: opnsense.turbo.ac - SMTP_PORT: 25 - FROM: "Admin " - openid: - ENABLE_OPENID_SIGNIN: false - ENABLE_OPENID_SIGNUP: true - WHITELISTED_URIS: auth.devbu.io - oauth: - - name: authelia - existingSecret: gitea-config-secret - provider: openidConnect - autoDiscoverUrl: https://auth.devbu.io/.well-known/openid-configuration - groupClaimName: groups - adminGroup: admins - restrictedGroup: people - # ldap: - # - name: glauth - # existingSecret: gitea-config-secret - # securityProtocol: unencrypted - # host: glauth.default.svc.cluster.local - # port: "389" - # userSearchBase: ou=people,dc=home,dc=arpa - # userFilter: (&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s))) - # adminFilter: (memberOf=ou=admins,ou=groups,dc=home,dc=arpa) - # emailAttribute: mail - # usernameAttribute: uid - # firstnameAttribute: givenname - # surnameAttribute: sn - # publicSSHKeyAttribute: publicSSHKey - # synchronizeUsers: "true" - # attributesInBind: "true" - metrics: - enabled: true - serviceMonitor: - enabled: true - valuesFrom: - - targetPath: gitea.admin.password - kind: Secret - name: gitea-config-secret - valuesKey: adminPassword - - targetPath: gitea.config.attachment.MINIO_ACCESS_KEY_ID - kind: Secret - name: gitea-config-secret - valuesKey: minioAccessKeyId - - targetPath: gitea.config.attachment.MINIO_SECRET_ACCESS_KEY - kind: Secret - name: gitea-config-secret - valuesKey: minioSecretAccessKey - - targetPath: gitea.config.storage.MINIO_ACCESS_KEY_ID - kind: Secret - name: gitea-config-secret - valuesKey: minioAccessKeyId - - targetPath: gitea.config.storage.MINIO_SECRET_ACCESS_KEY - kind: Secret - name: gitea-config-secret - valuesKey: minioSecretAccessKey diff --git a/archive/default/gitea/app/kustomization.yaml b/archive/default/gitea/app/kustomization.yaml deleted file mode 100644 index 885e82f08ede4..0000000000000 --- a/archive/default/gitea/app/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: default -resources: - - externalsecret.yaml - - helmrelease.yaml diff --git a/archive/default/gitea/ks.yaml b/archive/default/gitea/ks.yaml deleted file mode 100644 index a88e0e7487692..0000000000000 --- a/archive/default/gitea/ks.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: cluster-apps-gitea - namespace: flux-system -spec: - path: ./kubernetes/apps/default/gitea/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: gitea - namespace: default - interval: 30m - retryInterval: 1m - timeout: 3m diff --git a/archive/default/gonic/app/helmrelease.yaml b/archive/default/gonic/app/helmrelease.yaml deleted file mode 100644 index fc02549ac0a0b..0000000000000 --- a/archive/default/gonic/app/helmrelease.yaml +++ /dev/null @@ -1,94 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: gonic - namespace: default -spec: - interval: 15m - chart: - spec: - chart: app-template - version: 1.3.0 - sourceRef: - kind: HelmRepository - name: bjw-s - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - initContainers: - init-cache: - image: public.ecr.aws/docker/library/busybox:latest - imagePullPolicy: IfNotPresent - command: ["/bin/sh", "-c", "mkdir -p /data/cache"] - volumeMounts: - - { name: config, mountPath: /data } - controller: - type: statefulset - image: - repository: ghcr.io/sentriz/gonic - tag: v0.15.2 - env: - TZ: America/New_York - GONIC_MUSIC_PATH: /media/Library/Music - GONIC_PODCAST_PATH: /media/Library/Podcasts - GONIC_CACHE_PATH: /data/cache - GONIC_SCAN_INTERVAL: "60" - service: - main: - ports: - http: - port: 80 - ingress: - main: - enabled: true - ingressClassName: nginx - annotations: - nginx.ingress.kubernetes.io/whitelist-source-range: | - 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 - hajimari.io/icon: mdi:music-circle-outline - hosts: - - host: &host "{{ .Release.Name }}.devbu.io" - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - *host - podSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - fsGroupChangePolicy: OnRootMismatch - supplementalGroups: [10000] - volumeClaimTemplates: - - name: config - mountPath: /data - accessMode: ReadWriteOnce - size: 5Gi - storageClass: ceph-block - persistence: - media: - enabled: true - type: nfs - server: expanse.turbo.ac - path: /eros/Media - mountPath: /media - readOnly: true - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - memory: 500Mi diff --git a/archive/default/gonic/app/kustomization.yaml b/archive/default/gonic/app/kustomization.yaml deleted file mode 100644 index 21adcf0e38f3a..0000000000000 --- a/archive/default/gonic/app/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: default -resources: - - ./helmrelease.yaml - - ./volsync.yaml diff --git a/archive/default/gonic/app/volsync.yaml b/archive/default/gonic/app/volsync.yaml deleted file mode 100644 index 507580a2cf8ab..0000000000000 --- a/archive/default/gonic/app/volsync.yaml +++ /dev/null @@ -1,45 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/externalsecret_v1beta1.json -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: gonic-restic - namespace: default -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect - target: - name: gonic-restic-secret - creationPolicy: Owner - template: - engineVersion: v2 - data: - RESTIC_REPOSITORY: '{{ .REPOSITORY_TEMPLATE }}/gonic' - RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}' - AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}' - AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}' - dataFrom: - - extract: - key: volsync-restic-template ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: gonic - namespace: default -spec: - sourcePVC: config-gonic-0 - trigger: - schedule: "0 0 * * *" - restic: - copyMethod: Snapshot - pruneIntervalDays: 10 - repository: gonic-restic-secret - cacheCapacity: 2Gi - volumeSnapshotClassName: csi-ceph-blockpool - storageClassName: ceph-block - retain: - daily: 10 - within: 3d diff --git a/archive/default/gonic/ks.yaml b/archive/default/gonic/ks.yaml deleted file mode 100644 index 1a674234ce59e..0000000000000 --- a/archive/default/gonic/ks.yaml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: cluster-apps-gonic - namespace: flux-system -spec: - dependsOn: - - name: cluster-apps-rook-ceph-cluster - - name: cluster-apps-volsync - path: ./kubernetes/apps/default/gonic/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: gonic - namespace: default - interval: 30m - retryInterval: 1m - timeout: 3m diff --git a/archive/default/mailrise/app/externalsecret.yaml b/archive/default/mailrise/app/externalsecret.yaml deleted file mode 100644 index b4480f2b9257e..0000000000000 --- a/archive/default/mailrise/app/externalsecret.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/externalsecret_v1beta1.json -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: mailrise - namespace: default -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect - target: - name: mailrise-secret - creationPolicy: Owner - template: - engineVersion: v2 - data: - PUSHOVER_SMART: "pover://{{.PUSHOVER_USER_KEY}}@{{.PUSHOVER_SMART_TOKEN}}" - PUSHOVER_ZED: "pover://{{.PUSHOVER_USER_KEY}}@{{.PUSHOVER_ZED_TOKEN}}" - dataFrom: - # PUSHOVER_SMARTCTL_TOKEN, PUSHOVER_ZED_TOKEN - - extract: - key: mailrise - # PUSHOVER_USER_KEY - - extract: - key: pushover diff --git a/archive/default/mailrise/app/helmrelease.yaml b/archive/default/mailrise/app/helmrelease.yaml deleted file mode 100644 index 3c665f09b5143..0000000000000 --- a/archive/default/mailrise/app/helmrelease.yaml +++ /dev/null @@ -1,87 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: &app mailrise - namespace: default -spec: - interval: 15m - chart: - spec: - chart: app-template - version: 1.2.1 - sourceRef: - kind: HelmRepository - name: bjw-s - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - controller: - replicas: 3 - strategy: RollingUpdate - annotations: - reloader.stakater.com/auto: "true" - image: - repository: ghcr.io/yoryan/mailrise - tag: 1.3.0 - env: - TZ: America/New_York - envFrom: - - secretRef: - name: mailrise-secret - service: - main: - type: LoadBalancer - externalIPs: ["${SVC_MAILRISE_ADDR}"] - externalTrafficPolicy: Local - ports: - http: - port: 8025 - ingress: - main: - enabled: true - ingressClassName: nginx - annotations: - nginx.ingress.kubernetes.io/whitelist-source-range: | - 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 - hajimari.io/enable: "false" - hosts: - - host: &host "{{ .Release.Name }}.devbu.io" - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - *host - persistence: - config: - enabled: true - type: configMap - name: mailrise-configmap - subPath: mailrise.conf - mountPath: /etc/mailrise.conf - readOnly: true - topologySpreadConstraints: - - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - labelSelector: - matchLabels: - app.kubernetes.io/name: *app - resources: - requests: - cpu: 10m - memory: 10Mi - limits: - memory: 200Mi diff --git a/archive/default/mailrise/app/kustomization.yaml b/archive/default/mailrise/app/kustomization.yaml deleted file mode 100644 index 1d8be59ef6c63..0000000000000 --- a/archive/default/mailrise/app/kustomization.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: default -resources: - - ./externalsecret.yaml - - ./helmrelease.yaml -configMapGenerator: - - name: mailrise-configmap - files: - - mailrise.conf=./mailrise.yaml -generatorOptions: - disableNameSuffixHash: true - annotations: - kustomize.toolkit.fluxcd.io/substitute: disabled diff --git a/archive/default/mailrise/app/mailrise.yaml b/archive/default/mailrise/app/mailrise.yaml deleted file mode 100644 index 378960e263dda..0000000000000 --- a/archive/default/mailrise/app/mailrise.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -configs: - smart@mailrise.home.arpa: - mailrise: - title_template: "SMART" - urls: - - !env_var PUSHOVER_SMART - zed@mailrise.home.arpa: - mailrise: - title_template: "ZED" - urls: - - !env_var PUSHOVER_ZED diff --git a/archive/default/mailrise/ks.yaml b/archive/default/mailrise/ks.yaml deleted file mode 100644 index 5617bfacabc8a..0000000000000 --- a/archive/default/mailrise/ks.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: cluster-apps-mailrise - namespace: flux-system -spec: - dependsOn: - - name: cluster-apps-external-secrets-stores - path: ./kubernetes/apps/default/mailrise/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: mailrise - namespace: default - interval: 30m - retryInterval: 1m - timeout: 3m diff --git a/archive/default/minio/app/externalsecret.yaml b/archive/default/minio/app/externalsecret.yaml deleted file mode 100644 index 1fc0b96cd3207..0000000000000 --- a/archive/default/minio/app/externalsecret.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/externalsecret_v1beta1.json -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: minio - namespace: default -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect - target: - name: minio-secret - creationPolicy: Owner - dataFrom: - - extract: - # MINIO_ROOT_USER, MINIO_ROOT_PASSWORD, MINIO_PROMETHEUS_TOKEN - key: minio diff --git a/archive/default/minio/app/helmrelease.yaml b/archive/default/minio/app/helmrelease.yaml deleted file mode 100644 index e694271f59f21..0000000000000 --- a/archive/default/minio/app/helmrelease.yaml +++ /dev/null @@ -1,139 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: minio - namespace: default -spec: - interval: 15m - chart: - spec: - chart: app-template - version: 1.2.1 - sourceRef: - kind: HelmRepository - name: bjw-s - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - controller: - annotations: - reloader.stakater.com/auto: "true" - image: - repository: quay.io/minio/minio - tag: RELEASE.2023-01-25T00-19-54Z - env: - TZ: America/New_York - MINIO_UPDATE: "off" - MINIO_PROMETHEUS_URL: http://kube-prometheus-stack-prometheus.monitoring.svc.cluster.local:9090 - MINIO_PROMETHEUS_JOB_ID: minio - MINIO_BROWSER_REDIRECT_URL: https://minio.devbu.io - MINIO_SERVER_URL: https://s3.devbu.io - MINIO_API_CORS_ALLOW_ORIGIN: https://minio.devbu.io,https://s3.devbu.io - envFrom: - - secretRef: - name: minio-secret - args: ["server", "/data", "--console-address", ":9001"] - service: - main: - enabled: true - ports: - http: - port: &console-port 9001 - api: - enabled: true - port: &api-port 9000 - serviceMonitor: - main: - enabled: true - endpoints: - - port: api - scheme: http - path: /minio/v2/metrics/cluster - interval: 1m - scrapeTimeout: 10s - bearerTokenSecret: - name: minio-secret - key: MINIO_PROMETHEUS_TOKEN - probes: - liveness: &probes - enabled: true - custom: true - spec: - httpGet: - path: /minio/health/live - port: *api-port - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - readiness: *probes - startup: - enabled: false - ingress: - main: - enabled: true - ingressClassName: nginx - annotations: - nginx.ingress.kubernetes.io/whitelist-source-range: | - 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 - hajimari.io/icon: mdi:pail - hosts: - - host: &console-host "{{ .Release.Name }}.devbu.io" - paths: - - path: / - pathType: Prefix - service: - port: *console-port - tls: - - hosts: - - *console-host - s3: - enabled: true - ingressClassName: nginx - annotations: - external-dns.alpha.kubernetes.io/target: ipv4.devbu.io - nginx.ingress.kubernetes.io/proxy-connect-timeout: "180" - nginx.ingress.kubernetes.io/proxy-body-size: 1024m - nginx.ingress.kubernetes.io/proxy-request-buffering: "off" - nginx.ingress.kubernetes.io/configuration-snippet: | - chunked_transfer_encoding off; - hajimari.io/enable: "false" - hosts: - - host: &api-host s3.devbu.io - paths: - - path: / - pathType: Prefix - service: - port: *api-port - tls: - - hosts: - - *api-host - podSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - fsGroupChangePolicy: OnRootMismatch - supplementalGroups: [100] - persistence: - config: - enabled: true - existingClaim: minio-nfs - mountPath: /data - resources: - requests: - memory: 100Mi - cpu: 100m - limits: - memory: 750Mi diff --git a/archive/default/minio/app/kustomization.yaml b/archive/default/minio/app/kustomization.yaml deleted file mode 100644 index ff9e184df0d20..0000000000000 --- a/archive/default/minio/app/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./externalsecret.yaml - - ./nfs-pvc.yaml - - ./helmrelease.yaml diff --git a/archive/default/minio/app/nfs-pvc.yaml b/archive/default/minio/app/nfs-pvc.yaml deleted file mode 100644 index 88ad1afae38b5..0000000000000 --- a/archive/default/minio/app/nfs-pvc.yaml +++ /dev/null @@ -1,28 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: minio-nfs -spec: - capacity: - storage: 1Mi # Size does not matter - accessModes: ["ReadWriteMany"] - storageClassName: minio-nfs - persistentVolumeReclaimPolicy: Retain - nfs: - server: expanse.turbo.ac - path: /eros/Apps/MinIO - # Note: The first two options are strictly for NFSv4.2 - mountOptions: ["nfsvers=4.2", "nconnect=8", "hard", "noatime"] ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: minio-nfs - namespace: default -spec: - accessModes: ["ReadWriteMany"] - storageClassName: minio-nfs - resources: - requests: - storage: 1Mi # Size does not matter diff --git a/archive/default/minio/ks.yaml b/archive/default/minio/ks.yaml deleted file mode 100644 index b01454643b693..0000000000000 --- a/archive/default/minio/ks.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: cluster-apps-minio - namespace: flux-system -spec: - dependsOn: - - name: cluster-apps-external-secrets-stores - path: ./kubernetes/apps/default/minio/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: minio - namespace: default - interval: 30m - retryInterval: 1m - timeout: 3m diff --git a/archive/default/n8n/app/externalsecret.yaml b/archive/default/n8n/app/externalsecret.yaml deleted file mode 100644 index b2cddcb630f74..0000000000000 --- a/archive/default/n8n/app/externalsecret.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/externalsecret_v1beta1.json -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: n8n - namespace: default -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect - target: - name: n8n-secret - creationPolicy: Owner - template: - engineVersion: v2 - data: - # n8n - DB_POSTGRESDB_USER: "{{ .DB_POSTGRESDB_USER }}" - DB_POSTGRESDB_PASSWORD: "{{ .DB_POSTGRESDB_PASSWORD }}" - DB_TYPE: postgresdb - DB_POSTGRESDB_DATABASE: &dbname n8n - DB_POSTGRESDB_HOST: &dbhost postgres-rw.default.svc.cluster.local - DB_POSTGRESDB_PORT: "5432" - # Postgres Init - POSTGRES_DB: *dbname - POSTGRES_HOST: *dbhost - POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}" - POSTGRES_PASS: "{{ .DB_POSTGRESDB_PASSWORD }}" - POSTGRES_USER: "{{ .DB_POSTGRESDB_USER }}" - dataFrom: - - extract: - key: n8n - - extract: - key: cloudnative-pg diff --git a/archive/default/n8n/app/helmrelease.yaml b/archive/default/n8n/app/helmrelease.yaml deleted file mode 100644 index 4af50d191c9dd..0000000000000 --- a/archive/default/n8n/app/helmrelease.yaml +++ /dev/null @@ -1,88 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: &app n8n - namespace: default -spec: - interval: 15m - chart: - spec: - chart: app-template - version: 1.3.0 - sourceRef: - kind: HelmRepository - name: bjw-s - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - initContainers: - init-db: - image: ghcr.io/onedr0p/postgres-initdb:14.6 - imagePullPolicy: IfNotPresent - envFrom: - - secretRef: - name: n8n-secret - controller: - type: statefulset - annotations: - reloader.stakater.com/auto: "true" - image: - repository: ghcr.io/n8n-io/n8n - tag: 0.214.0 - env: - GENERIC_TIMEZONE: America/New_York - TZ: America/New_York - N8N_PORT: &port 80 - N8N_EMAIL_MODE: smtp - N8N_SMTP_HOST: opnsense.turbo.ac - N8N_SMTP_PORT: 25 - N8N_SMTP_SENDER: admin@buhl.casa - N8N_METRICS: "true" - envFrom: - - secretRef: - name: n8n-secret - service: - main: - ports: - http: - port: *port - ingress: - main: - enabled: true - ingressClassName: nginx - annotations: - nginx.ingress.kubernetes.io/whitelist-source-range: | - 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 - hajimari.io/icon: mdi:workflow - hosts: - - host: &host n8n.devbu.io - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - *host - volumeClaimTemplates: - - name: config - mountPath: /home/node/.n8n - accessMode: ReadWriteOnce - size: 1Gi - storageClass: ceph-block - resources: - requests: - cpu: 10m - memory: 50Mi - limits: - memory: 500Mi diff --git a/archive/default/n8n/app/kustomization.yaml b/archive/default/n8n/app/kustomization.yaml deleted file mode 100644 index 9200527c64125..0000000000000 --- a/archive/default/n8n/app/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: default -resources: - - ./externalsecret.yaml - - ./helmrelease.yaml - - ./volsync.yaml diff --git a/archive/default/n8n/app/volsync.yaml b/archive/default/n8n/app/volsync.yaml deleted file mode 100644 index fee3fe121da1c..0000000000000 --- a/archive/default/n8n/app/volsync.yaml +++ /dev/null @@ -1,45 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/externalsecret_v1beta1.json -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: n8n-restic - namespace: default -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect - target: - name: n8n-restic-secret - creationPolicy: Owner - template: - engineVersion: v2 - data: - RESTIC_REPOSITORY: '{{ .REPOSITORY_TEMPLATE }}/n8n' - RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}' - AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}' - AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}' - dataFrom: - - extract: - key: volsync-restic-template ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: n8n - namespace: default -spec: - sourcePVC: config-n8n-0 - trigger: - schedule: "0 0 * * *" - restic: - copyMethod: Snapshot - pruneIntervalDays: 10 - repository: n8n-restic-secret - cacheCapacity: 2Gi - volumeSnapshotClassName: csi-ceph-blockpool - storageClassName: ceph-block - retain: - daily: 10 - within: 3d diff --git a/archive/default/n8n/ks.yaml b/archive/default/n8n/ks.yaml deleted file mode 100644 index c0fdcc5b45c72..0000000000000 --- a/archive/default/n8n/ks.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: cluster-apps-n8n - namespace: flux-system -spec: - dependsOn: - - name: cluster-apps-cloudnative-pg - - name: cluster-apps-external-secrets-stores - - name: cluster-apps-rook-ceph-cluster - - name: cluster-apps-volsync - path: ./kubernetes/apps/default/n8n/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: n8n - namespace: default - interval: 30m - retryInterval: 1m - timeout: 3m diff --git a/archive/default/nextcloud/app/config-pvc.yaml b/archive/default/nextcloud/app/config-pvc.yaml deleted file mode 100644 index b78d3a93bf03c..0000000000000 --- a/archive/default/nextcloud/app/config-pvc.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: &name nextcloud - namespace: default - labels: - app.kubernetes.io/name: *name - app.kubernetes.io/instance: *name - snapshot.home.arpa/enabled: "true" -spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 5Gi - storageClassName: ceph-block diff --git a/archive/default/nextcloud/app/helmrelease.yaml b/archive/default/nextcloud/app/helmrelease.yaml deleted file mode 100644 index 6a00db705a0e1..0000000000000 --- a/archive/default/nextcloud/app/helmrelease.yaml +++ /dev/null @@ -1,91 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: nextcloud - namespace: default -spec: - interval: 15m - chart: - spec: - chart: nextcloud - version: 3.4.3 - sourceRef: - kind: HelmRepository - name: nextcloud - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - image: - flavor: fpm-alpine - nginx: - enabled: true - nextcloud: - datadir: /var/www/data - extraEnv: - - name: REDIS_HOST - value: redis-lb.default.svc.cluster.local - - name: REDIS_HOST_PORT - value: "6379" - existingSecret: - enabled: true - secretName: nextcloud - host: &host cloud.devbu.io - mail: - enabled: true - fromAddress: admin - domain: buhl.casa - smtp: - host: opnsense.turbo.ac - port: 25 - authtype: NONE - name: "" - password: "" - internalDatabase: - enabled: false - externalDatabase: - enabled: true - type: postgresql - host: postgres-rw.default.svc.cluster.local:5432 - database: nextcloud - ingress: - enabled: true - className: "nginx" - annotations: - nginx.ingress.kubernetes.io/proxy-body-size: "10G" - nginx.ingress.kubernetes.io/proxy-buffering: "off" - nginx.ingress.kubernetes.io/proxy-request-buffering: "off" - nginx.ingress.kubernetes.io/server-snippet: |- - server_tokens off; - proxy_hide_header X-Powered-By; - path: / - pathType: Prefix - tls: - - hosts: - - *host - persistence: - enabled: true - existingClaim: nextcloud - nextcloudData: - enabled: true - existingClaim: nextcloud-nfs - accessMode: ReadWriteMany - valuesFrom: - - targetPath: externalDatabase.user - kind: Secret - name: nextcloud - valuesKey: database-username - - targetPath: externalDatabase.password - kind: Secret - name: nextcloud - valuesKey: database-password diff --git a/archive/default/nextcloud/app/kustomization.yaml b/archive/default/nextcloud/app/kustomization.yaml deleted file mode 100644 index 550335d5face1..0000000000000 --- a/archive/default/nextcloud/app/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - secret.sops.yaml - - config-pvc.yaml - - nfs-pvc.yaml - - helmrelease.yaml -patchesStrategicMerge: - - patches/postgres.yaml diff --git a/archive/default/nextcloud/app/nfs-pvc.yaml b/archive/default/nextcloud/app/nfs-pvc.yaml deleted file mode 100644 index f8b19fbbd1834..0000000000000 --- a/archive/default/nextcloud/app/nfs-pvc.yaml +++ /dev/null @@ -1,28 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: nextcloud-nfs -spec: - capacity: - storage: 1Mi # Size does not matter - accessModes: ["ReadWriteMany"] - storageClassName: nextcloud-nfs - persistentVolumeReclaimPolicy: Retain - nfs: - server: expanse.turbo.ac - path: /eros/Apps/Nextcloud - # Note: The first two options are strictly for NFSv4.2 - mountOptions: ["nfsvers=4.2", "nconnect=8", "hard", "noatime"] ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: nextcloud-nfs - namespace: default -spec: - accessModes: ["ReadWriteMany"] - storageClassName: nextcloud-nfs - resources: - requests: - storage: 1Mi # Size does not matter diff --git a/archive/default/nextcloud/app/patches/postgres.yaml b/archive/default/nextcloud/app/patches/postgres.yaml deleted file mode 100644 index 44ead1c6131c7..0000000000000 --- a/archive/default/nextcloud/app/patches/postgres.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: nextcloud - namespace: default -spec: - values: - nextcloud: - extraInitContainers: - - name: init-db - image: ghcr.io/onedr0p/postgres-initdb:14.6 - imagePullPolicy: IfNotPresent - env: - - name: POSTGRES_HOST - value: postgres-rw.default.svc.cluster.local - - name: POSTGRES_DB - value: nextcloud - - name: POSTGRES_SUPER_PASS - valueFrom: - secretKeyRef: - name: postgres-superuser - key: password - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: nextcloud - key: database-username - - name: POSTGRES_PASS - valueFrom: - secretKeyRef: - name: nextcloud - key: database-password diff --git a/archive/default/nextcloud/app/secret.sops.yaml b/archive/default/nextcloud/app/secret.sops.yaml deleted file mode 100644 index ebee751166529..0000000000000 --- a/archive/default/nextcloud/app/secret.sops.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# yamllint disable -apiVersion: v1 -kind: Secret -metadata: - name: nextcloud - namespace: default -stringData: - nextcloud-username: ENC[AES256_GCM,data:mynIfWd7qiN/,iv:bLr3SOIGs1XK36y/7DGAsGtDfDeiycJpnjLkR91y3Cg=,tag:S8Uro4BWwLjdYti1v0cZ+Q==,type:str] - nextcloud-password: ENC[AES256_GCM,data:AJ6lRDRsGU3mcXYNi8YBbIyKpvn4tsZm8ELG,iv:kPS2pdaR89A73Lc6F65eBPgC5+wICe5K499OS0nM4Ao=,tag:44z9yIWSUqu8avWQTMvpBQ==,type:str] - database-username: ENC[AES256_GCM,data:oGGs07QmPVMX,iv:qLiHnEg0K2MKMBcx2NQq1ZEFIXdzVxyC4urNV+qJ04U=,tag:EhV4Epsb/Obk3uZeHW+zZw==,type:str] - database-password: ENC[AES256_GCM,data:FvtbLXRRNCvh4utcMO02U1QDyK0Y2Vt8GD3Jyj4=,iv:kbQ7c7YutVK5vTLsh6rCoM4lwiI60AeH2uItVsIl3kg=,tag:ljPXPKhgQbwuBXK3zxYc0g==,type:str] - smtp-username: "" - smtp-password: "" -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age15uzrw396e67z9wdzsxzdk7ka0g2gr3l460e0slaea563zll3hdfqwqxdta - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaUldTSWdlcmpJNjlpblNP - K2x0RGVsZ0RXcWRCSXhsUThoaW5rbWljNndzClFFU2MzYUtnR3RNb1NteWRZZDRS - SmJNdUtVRnc5MnJPR3hlcXlTZXpBU3cKLS0tIC9vSWhVUDJid3BOZXVNZTNJZ2Y4 - cEFRVkdHbzdJcVQzSzQ1UmNVWGROSjAKh10HB7vKq9RTQEDxNnFZYX+gUSJESSMf - fw53wQznjr3vpn8/xOisTSW5SsiI1GeUY5nhjtuCKjBq9Rzu4qCmJQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-08-28T13:18:51Z" - mac: ENC[AES256_GCM,data:G3c7mkd40hgdD2EXWON4aKUDX3iQ43kjdNJd1xprs9yPDOi26qBHtk0XkhkEbh4sD0ijkBem7cV2kqgGEK2fUB0OjdYosc8NrFLhSp433Hnclhh15yziexNlEYgXn1zGTy6o3y8ZIj+zMwpKhwbhV1UQsJ+LiBVKhYLHw/+ioWs=,iv:u+XdfFXOYdhBeS8Ds9BHoxxPO4pr5m2jdv0jaVB1A10=,tag:Nn7csoiV8v8e5BG9njTSzA==,type:str] - pgp: [] - encrypted_regex: ^(data|stringData)$ - version: 3.7.3 diff --git a/archive/default/nextcloud/ks.yaml b/archive/default/nextcloud/ks.yaml deleted file mode 100644 index 115c30db56906..0000000000000 --- a/archive/default/nextcloud/ks.yaml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: cluster-apps-nexcloud - namespace: flux-system -spec: - dependsOn: - - name: cluster-apps-cloudnative-pg - - name: cluster-apps-external-secrets-stores - path: ./kubernetes/apps/default/nexcloud/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: nexcloud - namespace: default - interval: 30m - retryInterval: 1m - timeout: 3m diff --git a/archive/default/opnsense/app/dashboard.json b/archive/default/opnsense/app/dashboard.json deleted file mode 100644 index c5fbd49720862..0000000000000 --- a/archive/default/opnsense/app/dashboard.json +++ /dev/null @@ -1,202 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "target": { - "limit": 100, - "matchAny": false, - "tags": [], - "type": "dashboard" - }, - "type": "dashboard" - } - ] - }, - "editable": true, - "fiscalYearStartMonth": 0, - "graphTooltip": 0, - "id": 66, - "links": [], - "liveNow": false, - "panels": [ - { - "circleMaxSize": 30, - "circleMinSize": 2, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "decimals": 0, - "esMetric": "Count", - "gridPos": { - "h": 11, - "w": 12, - "x": 0, - "y": 0 - }, - "hideEmpty": false, - "hideZero": false, - "id": 2, - "initialZoom": 1, - "locationData": "countries", - "mapCenter": "(0°, 0°)", - "mapCenterLatitude": 0, - "mapCenterLongitude": 0, - "maxDataPoints": 1, - "mouseWheelZoom": false, - "showLegend": true, - "stickyLabels": false, - "tableQueryOptions": { - "geohashField": "geohash", - "latitudeField": "latitude", - "longitudeField": "longitude", - "metricField": "metric", - "queryType": "geohash" - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "expr": "sum(count_over_time({hostname=\"opnsense\"} | json | appname = \"filterlog\" | filter_action = \"pass\"[$__interval])) by (geoip_country_code)", - "legendFormat": "{{geoip_country_code}}", - "refId": "A" - } - ], - "thresholds": "0,10", - "title": "Allowed incoming connections by GeoIP", - "type": "grafana-worldmap-panel", - "unitPlural": "", - "unitSingle": "", - "valueName": "total" - }, - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "continuous-GrYlRd" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 11, - "w": 12, - "x": 12, - "y": 0 - }, - "id": 4, - "options": { - "displayMode": "lcd", - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showUnfilled": true - }, - "pluginVersion": "8.3.3", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "expr": "topk(10, \n sum by (filter_destination_port) (\n count_over_time(\n {hostname=\"opnsense\"} \n | json \n | appname = \"filterlog\"\n | filter_destination_port != \"\"\n | filter_action = \"pass\"\n | filter_interface = \"igb0\"\n [$__range]\n )\n )\n)", - "instant": true, - "legendFormat": "{{filter_destination_port}}", - "range": false, - "refId": "A" - } - ], - "title": "Top 10 allowed incoming ports", - "transformations": [ - { - "id": "sortBy", - "options": { - "fields": {}, - "sort": [ - { - "desc": true, - "field": "Value #A" - } - ] - } - }, - { - "id": "rowsToFields", - "options": { - "mappings": [ - { - "fieldName": "Time", - "handlerKey": "field.value" - }, - { - "fieldName": "filter_source_port", - "handlerKey": "field.name" - }, - { - "fieldName": "Value #A", - "handlerKey": "field.value" - }, - { - "fieldName": "filter_destination_port", - "handlerKey": "field.name" - } - ] - } - } - ], - "type": "bargauge" - } - ], - "schemaVersion": 34, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-30m", - "to": "now" - }, - "timepicker": {}, - "timezone": "", - "title": "OPNsense", - "uid": "itdu1LAnk", - "version": 9, - "weekStart": "" -} diff --git a/archive/default/opnsense/app/externalsecret.yaml b/archive/default/opnsense/app/externalsecret.yaml deleted file mode 100644 index d026f2743e42a..0000000000000 --- a/archive/default/opnsense/app/externalsecret.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/externalsecret_v1beta1.json -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: opnsense - namespace: default -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect - target: - name: opnsense-secret - creationPolicy: Owner - template: - engineVersion: v2 - dataFrom: - - extract: - # OPNSENSE_API_KEY, OPNSENSE_API_SECRET_KEY, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY - key: opnsense diff --git a/archive/default/opnsense/app/helmrelease.yaml b/archive/default/opnsense/app/helmrelease.yaml deleted file mode 100644 index c40b4c0538e33..0000000000000 --- a/archive/default/opnsense/app/helmrelease.yaml +++ /dev/null @@ -1,57 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: opnsense-backup - namespace: default -spec: - interval: 15m - chart: - spec: - chart: app-template - version: 1.3.0 - sourceRef: - kind: HelmRepository - name: bjw-s - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - controller: - type: cronjob - cronjob: - concurrencyPolicy: Forbid - schedule: "@daily" - restartPolicy: OnFailure - image: - repository: ghcr.io/onedr0p/alpine - tag: 3.17.1@sha256:da2846e0398d55a5178448f7cb9ee1eeeeee13830fba40289152798595f78c8a - command: ["/bin/bash", "/app/opnsense-backup.sh"] - env: - OPNSENSE_URL: "http://opnsense.turbo.ac" - S3_URL: "http://s3.turbo.ac" - envFrom: - - secretRef: - name: opnsense-secret - service: - main: - enabled: false - persistence: - config: - enabled: true - type: configMap - name: opnsense-backup-configmap - subPath: opnsense-backup.sh - mountPath: /app/opnsense-backup.sh - defaultMode: 0775 - readOnly: true diff --git a/archive/default/opnsense/app/kustomization.yaml b/archive/default/opnsense/app/kustomization.yaml deleted file mode 100644 index 00c6f50fb2e06..0000000000000 --- a/archive/default/opnsense/app/kustomization.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: default -resources: - - ./externalsecret.yaml - - ./helmrelease.yaml -configMapGenerator: - - name: opnsense-backup-configmap - files: - - ./opnsense-backup.sh - - name: opnsense-dashboard - files: - - opnsense-dashboard.json=./dashboard.json -generatorOptions: - disableNameSuffixHash: true - annotations: - kustomize.toolkit.fluxcd.io/substitute: disabled - labels: - grafana_dashboard: "true" diff --git a/archive/default/opnsense/app/opnsense-backup.sh b/archive/default/opnsense/app/opnsense-backup.sh deleted file mode 100755 index dbf37f1259106..0000000000000 --- a/archive/default/opnsense/app/opnsense-backup.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/env bash - -set -o nounset -set -o errexit - -config_filename="$(date "+%Y%m%d-%H%M%S").xml" - -http_host=${S3_URL#*//} -http_host=${http_host%:*} -http_request_date=$(date -R) -http_filepath="opnsense-backup/${config_filename}" -http_signature=$( - printf "PUT\n\ntext/xml\n%s\n/%s" "${http_request_date}" "${http_filepath}" \ - | openssl sha1 -hmac "${AWS_SECRET_ACCESS_KEY}" -binary \ - | base64 -) - -echo "Download Opnsense config file ..." -curl -fsSL \ - --user "${OPNSENSE_API_KEY}:${OPNSENSE_API_SECRET_KEY}" \ - --output "/tmp/${config_filename}" \ - "${OPNSENSE_URL}/api/backup/backup/download" - -echo "Upload backup to s3 bucket ..." -curl -fsSL \ - -X PUT -T "/tmp/${config_filename}" \ - -H "Host: ${http_host}" \ - -H "Date: ${http_request_date}" \ - -H "Content-Type: text/xml" \ - -H "Authorization: AWS ${AWS_ACCESS_KEY_ID}:${http_signature}" \ - "${S3_URL}/${http_filepath}" diff --git a/archive/default/opnsense/ks.yaml b/archive/default/opnsense/ks.yaml deleted file mode 100644 index 84411f906cc35..0000000000000 --- a/archive/default/opnsense/ks.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: cluster-apps-opnsense - namespace: flux-system -spec: - dependsOn: - - name: cluster-apps-external-secrets-stores - path: ./kubernetes/apps/default/opnsense/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: opnsense-backup - namespace: default - interval: 30m - retryInterval: 1m - timeout: 3m diff --git a/archive/default/outline/app/externalsecret.yaml b/archive/default/outline/app/externalsecret.yaml deleted file mode 100644 index 3c7c8700395c2..0000000000000 --- a/archive/default/outline/app/externalsecret.yaml +++ /dev/null @@ -1,37 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/externalsecret_v1beta1.json -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: outline - namespace: default -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect - target: - name: outline-secret - creationPolicy: Owner - template: - engineVersion: v2 - data: - # Outline - AWS_ACCESS_KEY_ID: "{{ .AWS_ACCESS_KEY_ID }}" - AWS_SECRET_ACCESS_KEY: "{{ .AWS_SECRET_ACCESS_KEY }}" - SECRET_KEY: "{{ .SECRET_KEY }}" - UTILS_SECRET: "{{ .UTILS_SECRET }}" - DATABASE_URL: postgres://{{ .POSTGRES_USER }}:{{ .POSTGRES_PASS }}@postgres-rw.default.svc.cluster.local:5432/outline - OIDC_CLIENT_SECRET: "{{ .OUTLINE_OAUTH_CLIENT_SECRET }}" # from authelia - # Postgres Init - POSTGRES_DB: outline - POSTGRES_HOST: postgres-rw.default.svc.cluster.local - POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}" - POSTGRES_PASS: "{{ .POSTGRES_PASS }}" - POSTGRES_USER: "{{ .POSTGRES_USER }}" - dataFrom: - - extract: - key: outline - - extract: - key: cloudnative-pg - - extract: - key: authelia diff --git a/archive/default/outline/app/helmrelease.yaml b/archive/default/outline/app/helmrelease.yaml deleted file mode 100644 index 8473d79607f20..0000000000000 --- a/archive/default/outline/app/helmrelease.yaml +++ /dev/null @@ -1,81 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: &app outline - namespace: default -spec: - interval: 15m - chart: - spec: - chart: app-template - version: 1.2.1 - sourceRef: - kind: HelmRepository - name: bjw-s - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - initContainers: - init-db: - image: ghcr.io/onedr0p/postgres-initdb:14.6 - imagePullPolicy: IfNotPresent - envFrom: - - secretRef: - name: outline-secret - controller: - replicas: 3 - strategy: RollingUpdate - annotations: - reloader.stakater.com/auto: "true" - image: - repository: docker.io/outlinewiki/outline - tag: 0.67.2 - envFrom: - - secretRef: - name: outline-secret - command: ["/bin/sh", "-c", "yarn db:migrate --env=production-ssl-disabled && yarn start --env=production-ssl-disabled"] - service: - main: - ports: - http: - port: 80 - ingress: - main: - enabled: true - ingressClassName: nginx - annotations: - external-dns.alpha.kubernetes.io/target: ipv4.devbu.io - hajimari.io/icon: mdi:notebook-edit-outline - hosts: - - host: &host docs.devbu.io - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - *host - topologySpreadConstraints: - - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - labelSelector: - matchLabels: - app.kubernetes.io/name: *app - resources: - requests: - cpu: 10m - memory: 50Mi - limits: - memory: 500Mi diff --git a/archive/default/outline/app/kustomization.yaml b/archive/default/outline/app/kustomization.yaml deleted file mode 100644 index 4976e9d756517..0000000000000 --- a/archive/default/outline/app/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: default -resources: - - ./externalsecret.yaml - - ./helmrelease.yaml -patchesStrategicMerge: - - ./patches/env.yaml diff --git a/archive/default/outline/app/patches/env.yaml b/archive/default/outline/app/patches/env.yaml deleted file mode 100644 index 487907fa41898..0000000000000 --- a/archive/default/outline/app/patches/env.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: outline - namespace: default -spec: - values: - env: - AWS_REGION: us-east-1 - AWS_S3_ACL: private - AWS_S3_FORCE_PATH_STYLE: "true" - AWS_S3_UPLOAD_BUCKET_NAME: outline - AWS_S3_UPLOAD_BUCKET_URL: https://s3.devbu.io - AWS_S3_UPLOAD_MAX_SIZE: "26214400" - ENABLE_UPDATES: "false" - OIDC_AUTH_URI: https://auth.devbu.io/api/oidc/authorization - OIDC_CLIENT_ID: outline - OIDC_DISPLAY_NAME: Authelia - OIDC_SCOPES: "openid profile email offline_access" - OIDC_TOKEN_URI: https://auth.devbu.io/api/oidc/token - OIDC_USERINFO_URI: https://auth.devbu.io/api/oidc/userinfo - OIDC_USERNAME_CLAIM: email - PGSSLMODE: disable - PORT: 80 - REDIS_URL: ioredis://eyJkYiI6MTUsInNlbnRpbmVscyI6W3siaG9zdCI6InJlZGlzLW5vZGUtMC5yZWRpcy1oZWFkbGVzcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwicG9ydCI6MjYzNzl9LHsiaG9zdCI6InJlZGlzLW5vZGUtMS5yZWRpcy1oZWFkbGVzcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwicG9ydCI6MjYzNzl9LHsiaG9zdCI6InJlZGlzLW5vZGUtMi5yZWRpcy1oZWFkbGVzcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwicG9ydCI6MjYzNzl9XSwibmFtZSI6InJlZGlzLW1hc3RlciJ9 - SMTP_HOST: opnsense.turbo.ac - SMTP_PORT: 25 - SMTP_FROM_EMAIL: admin@buhl.casa - SMTP_SECURE: "false" - URL: https://docs.devbu.io - WEB_CONCURRENCY: 10 diff --git a/archive/default/outline/ks.yaml b/archive/default/outline/ks.yaml deleted file mode 100644 index 19b259ed5c5c4..0000000000000 --- a/archive/default/outline/ks.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: cluster-apps-outline - namespace: flux-system -spec: - dependsOn: - - name: cluster-apps-cloudnative-pg - - name: cluster-apps-external-secrets-stores - - name: cluster-apps-redis - path: ./kubernetes/apps/default/outline/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: outline - namespace: default - interval: 30m - retryInterval: 1m - timeout: 3m diff --git a/archive/default/outline/readme.md b/archive/default/outline/readme.md deleted file mode 100644 index b0638a076e144..0000000000000 --- a/archive/default/outline/readme.md +++ /dev/null @@ -1,14 +0,0 @@ -# outline - -## Redis Sentinel Configuration - -1. Create base64 encoded Redis configuation - ```sh - echo -n '{"db":15,"sentinels":[{"host":"redis-node-0.redis-headless.default.svc.cluster.local","port":26379},{"host":"redis-node-1.redis-headless.default.svc.cluster.local","port":26379},{"host":"redis-node-2.redis-headless.default.svc.cluster.local","port":26379}],"name":"redis-master"}' \ - | base64 -w 0 - ``` - -2. Use this base64 encoded string in the Kubernetes secret - ```yaml - REDIS_URL: ioredis://eyJkYiI6MTUsInNlbnRpbmVscyI6W3siaG9zdCI6InJlZGlzLW5vZGUtMC5yZWRpcy1oZWFkbGVzcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwicG9ydCI6MjYzNzl9LHsiaG9zdCI6InJlZGlzLW5vZGUtMS5yZWRpcy1oZWFkbGVzcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwicG9ydCI6MjYzNzl9LHsiaG9zdCI6InJlZGlzLW5vZGUtMi5yZWRpcy1oZWFkbGVzcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwicG9ydCI6MjYzNzl9XSwibmFtZSI6InJlZGlzLW1hc3RlciJ9 - ``` diff --git a/archive/default/redis-operator/app/helmrelease.yaml b/archive/default/redis-operator/app/helmrelease.yaml deleted file mode 100644 index 8e591f1a7d64f..0000000000000 --- a/archive/default/redis-operator/app/helmrelease.yaml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: redis-operator - namespace: default -spec: - interval: 15m - chart: - spec: - chart: redis-operator - version: 3.2.7 - sourceRef: - kind: HelmRepository - name: redis-operator - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - crds: CreateReplace - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - crds: CreateReplace - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - monitoring: - enabled: true - serviceMonitor: true - prometheus: - name: default diff --git a/archive/default/redis-operator/app/kustomization.yaml b/archive/default/redis-operator/app/kustomization.yaml deleted file mode 100644 index 5b48b4e2611dc..0000000000000 --- a/archive/default/redis-operator/app/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: default -resources: - - ./helmrelease.yaml diff --git a/archive/default/redis-operator/ks.yaml b/archive/default/redis-operator/ks.yaml deleted file mode 100644 index 1380ea36612aa..0000000000000 --- a/archive/default/redis-operator/ks.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: cluster-apps-redis-operator - namespace: flux-system -spec: - path: ./kubernetes/apps/default/redis-operator/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: redis-operator - namespace: default - interval: 30m - retryInterval: 1m - timeout: 3m diff --git a/archive/default/rtorrent-flood/app/helm-release.yaml b/archive/default/rtorrent-flood/app/helm-release.yaml deleted file mode 100644 index bdbf8e03fc905..0000000000000 --- a/archive/default/rtorrent-flood/app/helm-release.yaml +++ /dev/null @@ -1,113 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: rtorrent-flood - namespace: default -spec: - interval: 15m - chart: - spec: - chart: app-template - version: 1.3.0 - sourceRef: - kind: HelmRepository - name: bjw-s - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - controller: - type: statefulset - annotations: - reloader.stakater.com/auto: "true" - image: - repository: ghcr.io/onedr0p/flood - tag: 4.7.0@sha256:6e7c784f64a0f533b876e3291034a5d5f47708f389bc5d9080949a2bb54169cc - env: - TZ: America/New_York - FLOOD_OPTION_auth: "none" - FLOOD_OPTION_allowedpath: "/config,/sock,/rc,/media" - FLOOD_OPTION_rtsocket: "/sock/rtorrent.sock" - FLOOD_OPTION_rtconfig: "/rc/rtorrent.rc" - FLOOD_OPTION_port: &port 80 - service: - main: - ports: - http: - port: *port - ingress: - main: - enabled: true - ingressClassName: nginx - annotations: - nginx.ingress.kubernetes.io/whitelist-source-range: | - 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 - hosts: - - host: &host "{{ .Release.Name }}.devbu.io" - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - *host - podSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - fsGroupChangePolicy: OnRootMismatch - supplementalGroups: [10000] - volumeClaimTemplates: - - name: config - mountPath: /config - accessMode: ReadWriteOnce - size: 1Gi - storageClass: ceph-block - persistence: - rtorrent-rc: - enabled: true - type: configMap - name: rtorrent-flood-configmap - subPath: rtorrent.rc - mountPath: /rc/rtorrent.rc - rtorrent-sock: - enabled: true - type: emptyDir - medium: Memory - mountPath: /sock - media: - enabled: true - type: nfs - server: expanse.turbo.ac - path: /eros/Media - mountPath: /media - resources: - requests: - cpu: 10m - memory: 100Mi - limits: - memory: 1200Mi - sidecars: - rtorrent: - image: ghcr.io/onedr0p/rtorrent:0.9.8-r16@sha256:a1337db01ad5f2ba35ae1283aa458c5f32589a3832981e6c76b83b20ccba3737 - imagePullPolicy: IfNotPresent - env: - - { name: RTORRENT__DEFAULT_CONFIG, value: "false" } - - { name: RTORRENT__CONFIG_FILE, value: "/rc/rtorrent.rc" } - - { name: RTORRENT__SOCKET, value: "/sock/rtorrent.sock" } - - { name: RTORRENT__BT_PORT, value: "50415" } - volumeMounts: - - { name: config, mountPath: /config } - - { name: rtorrent-rc, mountPath: /rc/rtorrent.rc, subPath: rtorrent.rc } - - { name: rtorrent-sock, mountPath: /sock } - - { name: media, mountPath: /media } diff --git a/archive/default/rtorrent-flood/app/kustomization.yaml b/archive/default/rtorrent-flood/app/kustomization.yaml deleted file mode 100644 index bd1cbda092881..0000000000000 --- a/archive/default/rtorrent-flood/app/kustomization.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: default -resources: - - helm-release.yaml -configMapGenerator: - - name: rtorrent-flood-configmap - files: - - rtorrent.rc -generatorOptions: - disableNameSuffixHash: true - annotations: - kustomize.toolkit.fluxcd.io/substitute: disabled diff --git a/archive/default/rtorrent-flood/app/rtorrent.rc b/archive/default/rtorrent-flood/app/rtorrent.rc deleted file mode 100644 index e054c9b311e4e..0000000000000 --- a/archive/default/rtorrent-flood/app/rtorrent.rc +++ /dev/null @@ -1,57 +0,0 @@ -# -# Refs: -# https://github.com/jesec/rtorrent/blob/master/doc/rtorrent.rc -# https://rtorrent-docs.readthedocs.io/en/latest/cookbook.html -# https://wiki.archlinux.org/title/RTorrent -# - -## Define directories -method.insert = cfg.basedir, private|const|string, (cat, "/config/") -method.insert = cfg.session, private|const|string, (cat, (cfg.basedir), "session/") -method.insert = cfg.download, private|const|string, (cat, (cfg.basedir), "download/") - -## Create defined directories -fs.mkdir.recursive = (cat,(cfg.basedir)) -fs.mkdir = (cat, (cfg.session)) -fs.mkdir = (cat, (cfg.download)) - -## Set default paths -system.cwd.set = (directory.default) -directory.default.set = (cat, (cfg.download)) -session.path.set = (cat, (cfg.session)) - -## Set last started time -method.insert = system.startup_time, value|const, (system.time) - -## Set the path to an items data, and the path to its session file. -method.insert = d.data_path, simple,"if=(d.is_multi_file),(cat, (d.directory), /),(cat, (d.directory), /, (d.name))" -method.insert = d.session_file, simple, "cat=(session.path), (d.hash), .torrent" - -## Configuration -pieces.memory.max.set = 1024M -throttle.max_uploads.set = 100 -throttle.max_uploads.global.set = 250 -throttle.min_peers.normal.set = 20 -throttle.max_peers.normal.set = 60 -throttle.min_peers.seed.set = 30 -throttle.max_peers.seed.set = 80 -trackers.numwant.set = 80 -protocol.encryption.set = allow_incoming,try_outgoing,enable_retry -network.http.max_open.set = 50 -network.http.dns_cache_timeout.set = 25 -network.max_open_files.set = 600 -network.max_open_sockets.set = 300 -network.xmlrpc.size_limit.set = 4M - -## Disable tracker-less torrent and UDP tracker support -dht.mode.set = disable -protocol.pex.set = no -trackers.use_udp.set = no - -## Log all messages to stdout -method.insert = cfg.logfile, private|const|string, (cat, "/dev/stdout") -log.open_file = "log", (cfg.logfile) -log.add_output = "info", "log" -log.add_output = "warn", "log" -log.add_output = "critical", "log" -log.add_output = "torrent_info", "log" diff --git a/archive/default/rtorrent-flood/ks.yaml b/archive/default/rtorrent-flood/ks.yaml deleted file mode 100644 index 9e4a15a1112e3..0000000000000 --- a/archive/default/rtorrent-flood/ks.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: cluster-apps-rtorrent-flood - namespace: flux-system -spec: - path: ./kubernetes/apps/default/rtorrent-flood/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: rtorrent-flood - namespace: default - interval: 30m - retryInterval: 1m - timeout: 3m diff --git a/archive/default/semaphore/app/externalsecret.yaml b/archive/default/semaphore/app/externalsecret.yaml deleted file mode 100644 index b21b9b011fe3b..0000000000000 --- a/archive/default/semaphore/app/externalsecret.yaml +++ /dev/null @@ -1,39 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/externalsecret_v1beta1.json -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: semaphore - namespace: default -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect - target: - name: semaphore-secret - creationPolicy: Owner - template: - engineVersion: v2 - data: - # Ansible Semaphore - SEMAPHORE_DB_DIALECT: postgres - SEMAPHORE_DB_USER: "{{ .SEMAPHORE_DB_USER }}" - SEMAPHORE_DB_PASS: "{{ .SEMAPHORE_DB_PASS }}" - SEMAPHORE_DB_HOST: &dbhost postgres-rw.default.svc.cluster.local - SEMAPHORE_DB_PORT: "5432" - SEMAPHORE_DB: semaphore - SEMAPHORE_ADMIN_PASSWORD: "{{ .SEMAPHORE_ADMIN_PASSWORD }}" - SEMAPHORE_ADMIN_NAME: "{{ .SEMAPHORE_ADMIN_NAME }}" - SEMAPHORE_ADMIN: "{{ .SEMAPHORE_ADMIN_NAME }}" - SEMAPHORE_ACCESS_KEY_ENCRYPTION: "{{ .SEMAPHORE_ACCESS_KEY_ENCRYPTION }}" - # Postgres Init - POSTGRES_DB: semaphore - POSTGRES_HOST: *dbhost - POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}" - POSTGRES_PASS: "{{ .SEMAPHORE_DB_PASS }}" - POSTGRES_USER: "{{ .SEMAPHORE_DB_USER }}" - dataFrom: - - extract: - key: semaphore - - extract: - key: cloudnative-pg diff --git a/archive/default/semaphore/app/helmrelease.yaml b/archive/default/semaphore/app/helmrelease.yaml deleted file mode 100644 index ef31cc2e4e18c..0000000000000 --- a/archive/default/semaphore/app/helmrelease.yaml +++ /dev/null @@ -1,77 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: semaphore - namespace: default -spec: - interval: 15m - chart: - spec: - chart: app-template - version: 1.3.0 - sourceRef: - kind: HelmRepository - name: bjw-s - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - initContainers: - init-db: - image: ghcr.io/onedr0p/postgres-initdb:14.6 - imagePullPolicy: IfNotPresent - envFrom: - - secretRef: - name: semaphore-secret - controller: - annotations: - reloader.stakater.com/auto: "true" - image: - # https://github.com/ansible-semaphore/semaphore/issues/1149 - repository: ghcr.io/onedr0p/semaphore - tag: v2.8.80 - env: - SEMAPHORE_LDAP_ACTIVATED: "no" - SEMAPHORE_PLAYBOOK_PATH: /tmp/semaphore/ - SEMAPHORE_ADMIN_EMAIL: admin@buhl.casa - envFrom: - - secretRef: - name: semaphore-secret - service: - main: - ports: - http: - port: 3000 - ingress: - main: - enabled: true - ingressClassName: nginx - annotations: - nginx.ingress.kubernetes.io/whitelist-source-range: | - 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 - hajimari.io/icon: mdi:ansible - hosts: - - host: &host "{{ .Release.Name }}.devbu.io" - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - *host - resources: - requests: - cpu: 10m - memory: 50Mi - limits: - memory: 1000Mi diff --git a/archive/default/semaphore/app/kustomization.yaml b/archive/default/semaphore/app/kustomization.yaml deleted file mode 100644 index 85e530b33747e..0000000000000 --- a/archive/default/semaphore/app/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: default -resources: - - ./externalsecret.yaml - - ./helmrelease.yaml diff --git a/archive/default/semaphore/ks.yaml b/archive/default/semaphore/ks.yaml deleted file mode 100644 index 76ce91a1e41f3..0000000000000 --- a/archive/default/semaphore/ks.yaml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: cluster-apps-semaphore - namespace: flux-system -spec: - dependsOn: - - name: cluster-apps-cloudnative-pg - - name: cluster-apps-external-secrets-stores - path: ./kubernetes/apps/default/semaphore/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: semaphore - namespace: default - interval: 30m - retryInterval: 1m - timeout: 3m diff --git a/archive/default/smtp-relay/app/externalsecret.yaml b/archive/default/smtp-relay/app/externalsecret.yaml deleted file mode 100644 index 94ea6c189c1a7..0000000000000 --- a/archive/default/smtp-relay/app/externalsecret.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/externalsecret_v1beta1.json -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: smtp-relay - namespace: default -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect - target: - name: smtp-relay-secret - creationPolicy: Owner - dataFrom: - - extract: - # SMTP_DOMAIN, SMTP_SERVER, SMTP_USERNAME, SMTP_PASSWORD - key: smtp-relay diff --git a/archive/default/smtp-relay/app/helmrelease.yaml b/archive/default/smtp-relay/app/helmrelease.yaml deleted file mode 100644 index 719b9757aec88..0000000000000 --- a/archive/default/smtp-relay/app/helmrelease.yaml +++ /dev/null @@ -1,90 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: &app smtp-relay - namespace: default -spec: - interval: 15m - chart: - spec: - chart: app-template - version: 1.2.1 - sourceRef: - kind: HelmRepository - name: bjw-s - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - controller: - replicas: 3 - strategy: RollingUpdate - annotations: - reloader.stakater.com/auto: "true" - image: - repository: ghcr.io/foxcpp/maddy - tag: 0.6.2 - env: - DEBUG: "true" - SMTP_PORT: 465 - envFrom: - - secretRef: - name: smtp-relay-secret - service: - main: - type: LoadBalancer - externalIPs: ["${SVC_SMTP_RELAY_ADDR}"] - externalTrafficPolicy: Local - ports: - http: - port: 2525 - metrics: - enabled: true - port: 9749 - serviceMonitor: - main: - enabled: true - endpoints: - - port: metrics - scheme: http - path: /metrics - interval: 1m - scrapeTimeout: 10s - persistence: - config: - enabled: true - type: configMap - name: smtp-relay-configmap - subPath: maddy.conf - mountPath: /data/maddy.conf - readOnly: true - data: - enabled: true - type: emptyDir - medium: Memory - sizeLimit: 1Gi - mountPath: /dev/shm - topologySpreadConstraints: - - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - labelSelector: - matchLabels: - app.kubernetes.io/name: *app - resources: - requests: - cpu: 10m - memory: 10Mi - limits: - memory: 50Mi diff --git a/archive/default/smtp-relay/app/kustomization.yaml b/archive/default/smtp-relay/app/kustomization.yaml deleted file mode 100644 index 44d7277536fc1..0000000000000 --- a/archive/default/smtp-relay/app/kustomization.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: default -resources: - - ./externalsecret.yaml - - ./helmrelease.yaml -configMapGenerator: - - name: smtp-relay-configmap - files: - - ./maddy.conf -generatorOptions: - disableNameSuffixHash: true - annotations: - kustomize.toolkit.fluxcd.io/substitute: disabled diff --git a/archive/default/smtp-relay/app/maddy.conf b/archive/default/smtp-relay/app/maddy.conf deleted file mode 100644 index a7d854b9da5e2..0000000000000 --- a/archive/default/smtp-relay/app/maddy.conf +++ /dev/null @@ -1,33 +0,0 @@ -state_dir /dev/shm/maddy/state -runtime_dir /dev/shm/maddy/run - -openmetrics tcp://0.0.0.0:9749 { } - -tls off -hostname {env:SMTP_DOMAIN} - -smtp tcp://0.0.0.0:2525 { - debug {env:DEBUG} - io_debug {env:DEBUG} - - source {env:SMTP_DOMAIN} { - deliver_to &remote_queue - } - - default_source { - reject - } -} - -target.queue remote_queue { - debug {env:DEBUG} - target &remote_smtp -} - -target.smtp remote_smtp { - debug {env:DEBUG} - attempt_starttls yes - require_tls yes - auth plain {env:SMTP_USERNAME} {env:SMTP_PASSWORD} - targets tls://{env:SMTP_SERVER}:{env:SMTP_PORT} -} diff --git a/archive/default/smtp-relay/ks.yaml b/archive/default/smtp-relay/ks.yaml deleted file mode 100644 index 994078d16c3fa..0000000000000 --- a/archive/default/smtp-relay/ks.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: cluster-apps-smtp-relay - namespace: flux-system -spec: - dependsOn: - - name: cluster-apps-external-secrets-stores - path: ./kubernetes/apps/default/smtp-relay/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: smtp-relay - namespace: default - interval: 30m - retryInterval: 1m - timeout: 3m diff --git a/archive/default/tubearchivist/app/elasticsearch/helmrelease.yaml b/archive/default/tubearchivist/app/elasticsearch/helmrelease.yaml deleted file mode 100644 index da93f140da8a4..0000000000000 --- a/archive/default/tubearchivist/app/elasticsearch/helmrelease.yaml +++ /dev/null @@ -1,65 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: tubearchivist-elasticsearch - namespace: default -spec: - interval: 15m - chart: - spec: - chart: app-template - version: 1.2.1 - sourceRef: - kind: HelmRepository - name: bjw-s - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - controller: - type: statefulset - annotations: - reloader.stakater.com/auto: "true" - image: - repository: docker.io/bbilly1/tubearchivist-es - tag: 8.6.0 - env: - ES_JAVA_OPTS: -Xms512m -Xmx512m - xpack.security.enabled: "true" - discovery.type: single-node - path.repo: /usr/share/elasticsearch/data/snapshot - envFrom: - - secretRef: - name: tubearchivist-secret - service: - main: - ports: - http: - port: 9200 - podSecurityContext: - runAsUser: 1000 - runAsGroup: 0 - fsGroup: 0 - volumeClaimTemplates: - - name: config - mountPath: /usr/share/elasticsearch/data - accessMode: ReadWriteOnce - size: 5Gi - storageClass: ceph-block - resources: - requests: - cpu: 10m - memory: 100Mi - limits: - memory: 1000Mi diff --git a/archive/default/tubearchivist/app/elasticsearch/kustomization.yaml b/archive/default/tubearchivist/app/elasticsearch/kustomization.yaml deleted file mode 100644 index 17cbc72b25c80..0000000000000 --- a/archive/default/tubearchivist/app/elasticsearch/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./helmrelease.yaml diff --git a/archive/default/tubearchivist/app/externalsecret.yaml b/archive/default/tubearchivist/app/externalsecret.yaml deleted file mode 100644 index f3dab625f4a02..0000000000000 --- a/archive/default/tubearchivist/app/externalsecret.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/externalsecret_v1beta1.json -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: tubearchivist - namespace: default -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect - target: - name: tubearchivist-secret - creationPolicy: Owner - dataFrom: - - extract: - # TA_PASSWORD, ELASTIC_PASSWORD - key: tubearchivist diff --git a/archive/default/tubearchivist/app/kustomization.yaml b/archive/default/tubearchivist/app/kustomization.yaml deleted file mode 100644 index 018313804d112..0000000000000 --- a/archive/default/tubearchivist/app/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: default -resources: - - ./externalsecret.yaml - - ./nfs-pvc.yaml - - ./elasticsearch - - ./redis - - ./web diff --git a/archive/default/tubearchivist/app/nfs-pvc.yaml b/archive/default/tubearchivist/app/nfs-pvc.yaml deleted file mode 100644 index 76704da598e97..0000000000000 --- a/archive/default/tubearchivist/app/nfs-pvc.yaml +++ /dev/null @@ -1,28 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: tubearchivist-nfs -spec: - storageClassName: tubearchivist-nfs - capacity: - storage: 1Mi # Size does not matter - accessModes: ["ReadWriteMany"] - persistentVolumeReclaimPolicy: Retain - nfs: - server: expanse.turbo.ac - path: /eros/Apps/TubeArchivist - # Note: The first two options are strictly for NFSv4.2 - mountOptions: ["nfsvers=4.2", "nconnect=8", "hard", "noatime"] ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: tubearchivist-nfs - namespace: default -spec: - accessModes: ["ReadWriteMany"] - storageClassName: tubearchivist-nfs - resources: - requests: - storage: 1Mi # Size does not matter diff --git a/archive/default/tubearchivist/app/redis/helmrelease.yaml b/archive/default/tubearchivist/app/redis/helmrelease.yaml deleted file mode 100644 index 5566c8a670eeb..0000000000000 --- a/archive/default/tubearchivist/app/redis/helmrelease.yaml +++ /dev/null @@ -1,55 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: tubearchivist-redis - namespace: default -spec: - interval: 15m - chart: - spec: - chart: app-template - version: 1.2.1 - sourceRef: - kind: HelmRepository - name: bjw-s - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - dependsOn: - - name: tubearchivist-elasticsearch - values: - controller: - type: statefulset - annotations: - reloader.stakater.com/auto: "true" - image: - repository: docker.io/redislabs/rejson - tag: 2.4.3 - service: - main: - ports: - http: - port: 6379 - volumeClaimTemplates: - - name: config - mountPath: /data - accessMode: ReadWriteOnce - size: 1Gi - storageClass: ceph-block - resources: - requests: - cpu: 10m - memory: 10Mi - limits: - memory: 100Mi diff --git a/archive/default/tubearchivist/app/redis/kustomization.yaml b/archive/default/tubearchivist/app/redis/kustomization.yaml deleted file mode 100644 index 17cbc72b25c80..0000000000000 --- a/archive/default/tubearchivist/app/redis/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./helmrelease.yaml diff --git a/archive/default/tubearchivist/app/web/helmrelease.yaml b/archive/default/tubearchivist/app/web/helmrelease.yaml deleted file mode 100644 index ebdad511f91c6..0000000000000 --- a/archive/default/tubearchivist/app/web/helmrelease.yaml +++ /dev/null @@ -1,94 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: tubearchivist-web - namespace: default -spec: - interval: 15m - chart: - spec: - chart: app-template - version: 1.2.1 - sourceRef: - kind: HelmRepository - name: bjw-s - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - dependsOn: - - name: tubearchivist-redis - - name: tubearchivist-elasticsearch - values: - controller: - type: statefulset - annotations: - reloader.stakater.com/auto: "true" - image: - repository: docker.io/bbilly1/tubearchivist - tag: v0.3.2 - env: - TZ: America/New_York - ES_URL: http://tubearchivist-elasticsearch.default.svc.cluster.local:9200 - REDIS_HOST: tubearchivist-redis.default.svc.cluster.local - HOST_UID: 568 - HOST_GID: 568 - TA_HOST: &host tubearchivist.devbu.io - TA_USERNAME: admin - envFrom: - - secretRef: - name: tubearchivist-secret - service: - main: - ports: - http: - port: 8000 - ingress: - main: - enabled: true - ingressClassName: nginx - annotations: - nginx.ingress.kubernetes.io/whitelist-source-range: | - 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 - hajimari.io/icon: mdi:youtube - hosts: - - host: *host - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - *host - podSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - fsGroupChangePolicy: OnRootMismatch - supplementalGroups: [10000] - volumeClaimTemplates: - - name: config - mountPath: /cache - accessMode: ReadWriteOnce - size: 1Gi - storageClass: ceph-block - persistence: - library: - enabled: true - existingClaim: tubearchivist-nfs - mountPath: /youtube - resources: - requests: - cpu: 100m - memory: 250Mi - limits: - memory: 2000Mi diff --git a/archive/default/tubearchivist/app/web/kustomization.yaml b/archive/default/tubearchivist/app/web/kustomization.yaml deleted file mode 100644 index 17cbc72b25c80..0000000000000 --- a/archive/default/tubearchivist/app/web/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./helmrelease.yaml diff --git a/archive/default/tubearchivist/ks.yaml b/archive/default/tubearchivist/ks.yaml deleted file mode 100644 index 4ca2927cfcf13..0000000000000 --- a/archive/default/tubearchivist/ks.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: cluster-apps-tubearchivist - namespace: flux-system -spec: - dependsOn: - - name: cluster-apps-cloudnative-pg - - name: cluster-apps-external-secrets-stores - - name: cluster-apps-volsync - path: ./kubernetes/apps/default/tubearchivist/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: tubearchivist - namespace: default - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: tubearchivist-redis - namespace: default - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: tubearchivist-elasticsearch - namespace: default - interval: 30m - retryInterval: 1m - timeout: 5m diff --git a/archive/default/tubearchivist/readme.md b/archive/default/tubearchivist/readme.md deleted file mode 100644 index bb0625a6f5865..0000000000000 --- a/archive/default/tubearchivist/readme.md +++ /dev/null @@ -1,3 +0,0 @@ -# tubearchivist - -**App runs as root, therefore will not run in my cluster see [this](https://github.com/tubearchivist/tubearchivist/issues/394) issue** diff --git a/archive/downloads/kustomization.yaml b/archive/downloads/kustomization.yaml deleted file mode 100644 index b70167c129855..0000000000000 --- a/archive/downloads/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - # Pre Flux-Kustomizations - - ./namespace.yaml - # Flux-Kustomizations - - ./qbittorrent-vpn/ks.yaml diff --git a/archive/downloads/namespace.yaml b/archive/downloads/namespace.yaml deleted file mode 100644 index 48e4f74de5393..0000000000000 --- a/archive/downloads/namespace.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: downloads - labels: - kustomize.toolkit.fluxcd.io/prune: disabled - goldilocks.fairwinds.com/enabled: "true" - routed-gateway: "true" diff --git a/archive/downloads/qbittorrent-vpn/app/helmrelease.yaml b/archive/downloads/qbittorrent-vpn/app/helmrelease.yaml deleted file mode 100644 index 9caa0613413a4..0000000000000 --- a/archive/downloads/qbittorrent-vpn/app/helmrelease.yaml +++ /dev/null @@ -1,96 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: qbittorrent-vpn - namespace: downloads -spec: - interval: 15m - chart: - spec: - chart: app-template - version: 1.2.1 - sourceRef: - kind: HelmRepository - name: bjw-s - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - controller: - type: statefulset - image: - repository: ghcr.io/onedr0p/qbittorrent - tag: 4.5.0@sha256:5ff2064d788100f54770dc5e477f32d41be7e71ee36923a22236053576e39d5d - env: - TZ: America/New_York - QBITTORRENT__PORT: &port 80 - service: - main: - ports: - http: - port: *port - ingress: - main: - enabled: true - ingressClassName: nginx - annotations: - nginx.ingress.kubernetes.io/whitelist-source-range: | - 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 - hajimari.io/enabled: "false" - hosts: - - host: &host qbvpn.devbu.io - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - *host - podSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - fsGroupChangePolicy: OnRootMismatch - supplementalGroups: [100] - volumeClaimTemplates: - - name: config - mountPath: /config - accessMode: ReadWriteOnce - size: 1Gi - storageClass: ceph-block - podAnnotations: - setGateway: "true" - persistence: - downloads: - enabled: true - type: nfs - server: expanse.turbo.ac - path: /eros/Downloads - mountPath: /downloads - media: - enabled: true - type: nfs - server: expanse.turbo.ac - path: /eros/Media - mountPath: /media - incomplete: - enabled: true - type: emptyDir - nodeSelector: - node-role.kubernetes.io/worker: "true" - resources: - requests: - cpu: 10m - memory: 100Mi - limits: - memory: 500Mi diff --git a/archive/downloads/qbittorrent-vpn/app/kustomization.yaml b/archive/downloads/qbittorrent-vpn/app/kustomization.yaml deleted file mode 100644 index 5df977388f2aa..0000000000000 --- a/archive/downloads/qbittorrent-vpn/app/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: downloads -resources: - - ./helmrelease.yaml diff --git a/archive/downloads/qbittorrent-vpn/ks.yaml b/archive/downloads/qbittorrent-vpn/ks.yaml deleted file mode 100644 index 4fcbbff56c2d8..0000000000000 --- a/archive/downloads/qbittorrent-vpn/ks.yaml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: cluster-apps-qbittorrent-vpn - namespace: flux-system -spec: - dependsOn: - - name: cluster-apps-pod-gateway - - name: cluster-apps-rook-ceph-cluster - path: ./kubernetes/apps/downloads/qbittorrent-vpn/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: qbittorrent-vpn - namespace: downloads - interval: 30m - retryInterval: 1m - timeout: 3m diff --git a/archive/falco-system/falco/app/helmrelease.yaml b/archive/falco-system/falco/app/helmrelease.yaml deleted file mode 100644 index a36264a5ade47..0000000000000 --- a/archive/falco-system/falco/app/helmrelease.yaml +++ /dev/null @@ -1,237 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: falco - namespace: falco-system -spec: - interval: 15m - chart: - spec: - chart: falco - version: 2.5.3 - sourceRef: - kind: HelmRepository - name: falco-security - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - # image: - # registry: public.ecr.aws - driver: - enabled: true - kind: ebpf - collectors: - containerd: - enabled: true - socket: /var/run/k3s/containerd/containerd.sock - docker: - enabled: false - crio: - enabled: false - falcosidekick: - enabled: true - # image: - # registry: public.ecr.aws - config: - alertmanager: - hostport: > - http://kube-prometheus-stack-alertmanager.monitoring.svc.cluster.local:9093 - endpoint: /api/v2/alerts - minimumpriority: emergency - webui: - enabled: true - # image: - # registry: public.ecr.aws - ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/whitelist-source-range: | - 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 - hajimari.io/icon: simple-icons:eagle - hosts: - - host: &host falco.devbu.io - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - *host - redis: - storageClass: ceph-block - # https://securityhub.dev/ - customRules: - rules-admin-activities.yaml: | - - rule: Detect su or sudo - desc: detect sudo activities - condition: - spawned_process and proc.name in (sudo, su) - output: > - Detected sudo or su privilege escalation activity (user=%user.name command=%proc.cmdline) - priority: WARNING - tags: [process] - - rule: Package Management Launched - desc: detect package management launched - condition: > - spawned_process and user.name != "_apt" and package_mgmt_procs and not package_mgmt_ancestor_procs - output: > - Package management process launched in container (user=%user.name - command=%proc.cmdline container_id=%container.id container_name=%container.name image=%container.image.repository:%container.image.tag) - priority: ERROR - tags: [process] - rules-ssh-connections.yaml: |- - - rule: Inbound SSH Connection - desc: Detect Inbound SSH Connection - condition: > - ((evt.type in (accept,listen) and evt.dir=<) or - (evt.type in (recvfrom,recvmsg))) and ssh_port - output: > - Inbound SSH connection (user=%user.name client_ip=%fd.cip client_port=%fd.cport server_ip=%fd.sip) - priority: WARNING - tags: [network] - - rule: Outbound SSH Connection - desc: Detect Outbound SSH Connection - condition: > - ((evt.type = connect and evt.dir=<) or - (evt.type in (sendto,sendmsg))) and ssh_port - output: > - Outbound SSH connection (user=%user.name server_ip=%fd.sip server_port=%fd.sport client_ip=%fd.cip) - priority: WARNING - tags: [network] - rules-file-integrity.yaml: |- - - rule: Detect New File - desc: detect new file created - condition: > - evt.type = chmod or evt.type = fchmod - output: > - File below a known directory opened for writing (user=%user.name - command=%proc.cmdline file=%fd.name parent=%proc.pname pcmdline=%proc.pcmdline gparent=%proc.aname[2]) - priority: ERROR - tags: [filesystem] - - rule: Detect New Directory - desc: detect new directory created - condition: > - mkdir - output: > - File below a known directory opened for writing (user=%user.name - command=%proc.cmdline file=%fd.name parent=%proc.pname pcmdline=%proc.pcmdline gparent=%proc.aname[2]) - priority: ERROR - tags: [filesystem] - - rule: Detect File Permission or Ownership Change - desc: detect file permission/ownership change - condition: > - spawned_process and proc.name in (chmod, chown) and proc.args contains "/tmp/" - output: > - File below a known directory has permission or ownership change (user=%user.name - command=%proc.cmdline file=%fd.name parent=%proc.pname pcmdline=%proc.pcmdline gparent=%proc.aname[2]) - priority: WARNING - tags: [filesystem] - - rule: Detect Directory Change - desc: detect directories change - condition: > - spawned_process and proc.name in (mkdir, rmdir, mvdir, mv) - output: > - Directory Change in Filesystem (user=%user.name - command=%proc.cmdline file=%fd.name parent=%proc.pname pcmdline=%proc.pcmdline gparent=%proc.aname[2]) - priority: WARNING - tags: [filesystem] - - rule: Kernel Module Modification - desc: detect kernel module change - condition: > - spawned_process and proc.name in (insmod, modprobe) - output: > - Kernel Module Change (user=%user.name - command=%proc.cmdline file=%fd.name parent=%proc.pname pcmdline=%proc.pcmdline gparent=%proc.aname[2] result=%evt.res) - priority: WARNING - tags: [process] - - rule: Node Created in Filesystem - desc: detect node created in filesystem - condition: > - spawned_process and proc.name = mknod - output: > - Node Creation in Filesystem (user=%user.name - command=%proc.cmdline file=%fd.name parent=%proc.pname pcmdline=%proc.pcmdline gparent=%proc.aname[2] result=%evt.res) - priority: WARNING - tags: [filesystem] - - rule: Listen on New Port - desc: Detection a new port is listening - condition: - evt.type = listen - output: > - A new port is open to listen (port=%fd.sport ip=%fd.sip) - priority: WARNING - tags: [network] - rules-nginx.yaml: |- - - macro: nginx_consider_syscalls - condition: (evt.num < 0) - - - macro: app_nginx - condition: container and container.image contains "nginx" - - # Any outbound traffic raises a WARNING - - - rule: Unauthorized process opened an outbound connection (nginx) - desc: A nginx process tried to open an outbound connection and is not whitelisted - condition: outbound and evt.rawres >= 0 and app_nginx - output: Non-whitelisted process opened an outbound connection (command=%proc.cmdline - connection=%fd.name) - priority: WARNING - - - # Restricting listening ports to selected set - - - list: nginx_allowed_inbound_ports_tcp - items: [80, 443, 8080, 8443] - - - rule: Unexpected inbound tcp connection nginx - desc: Detect inbound traffic to nginx using tcp on a port outside of expected set - condition: inbound and evt.rawres >= 0 and not fd.sport in (nginx_allowed_inbound_ports_tcp) and app_nginx - output: Inbound network connection to nginx on unexpected port (command=%proc.cmdline pid=%proc.pid connection=%fd.name sport=%fd.sport user=%user.name %container.info image=%container.image) - priority: NOTICE - - # Restricting spawned processes to selected set - - - list: nginx_allowed_processes - items: ["nginx", "app-entrypoint.", "basename", "dirname", "grep", "nami", "node", "tini"] - - - rule: Unexpected spawned process nginx - desc: Detect a process started in a nginx container outside of an expected set - condition: spawned_process and not proc.name in (nginx_allowed_processes) and app_nginx - output: Unexpected process spawned in nginx container (command=%proc.cmdline pid=%proc.pid user=%user.name %container.info image=%container.image) - priority: NOTICE - - # Restricting files read or written to specific set - - - list: nginx_allowed_file_prefixes_readwrite - items: ["/var/log/nginx", "/var/run"] - # Remember to add your nginx cache path - - - rule: Unexpected file access readwrite for nginx - desc: Detect an attempt to access a file readwrite other than below an expected list of directories - condition: (open_write) and not fd.name pmatch (nginx_allowed_file_prefixes_readwrite) and app_nginx - output: Unexpected file accessed readwrite for nginx (command=%proc.cmdline pid=%proc.pid file=%fd.name %container.info image=%container.image) - priority: NOTICE - - # Restricting syscalls to selected set - - - list: nginx_allowed_syscalls - items: [accept, bind, clone, connect, dup, listen, mkdir, open, recvfrom, recvmsg, sendto, setgid, setuid, socket, socketpair] - - - rule: Unexpected syscall nginx - desc: Detect a syscall in a nginx container outside of an expected set - condition: nginx_consider_syscalls and not evt.type in ("", nginx_allowed_syscalls) and app_nginx - output: Unexpected syscall in nginx container (command=%proc.cmdline pid=%proc.pid user=%user.name syscall=%evt.type args=%evt.args %container.info image=%container.image) - priority: NOTICE - warn_evttypes: False diff --git a/archive/falco-system/falco/app/kustomization.yaml b/archive/falco-system/falco/app/kustomization.yaml deleted file mode 100644 index edbb147630dcb..0000000000000 --- a/archive/falco-system/falco/app/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: falco-system -resources: - - helmrelease.yaml diff --git a/archive/falco-system/falco/ks.yaml b/archive/falco-system/falco/ks.yaml deleted file mode 100644 index 83f66194b87ee..0000000000000 --- a/archive/falco-system/falco/ks.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: cluster-apps-falco - namespace: flux-system -spec: - dependsOn: - - name: cluster-apps-redis-lb - path: ./kubernetes/apps/falco-system/falco/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: falco - namespace: falco-system - interval: 30m - retryInterval: 1m - timeout: 3m diff --git a/archive/falco-system/kustomization.yaml b/archive/falco-system/kustomization.yaml deleted file mode 100644 index 58b814e1baf78..0000000000000 --- a/archive/falco-system/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - # Pre Flux-Kustomizations - - ./namespace.yaml - # Flux-Kustomizations - - ./falco/ks.yaml diff --git a/archive/falco-system/namespace.yaml b/archive/falco-system/namespace.yaml deleted file mode 100644 index 1ca592c654626..0000000000000 --- a/archive/falco-system/namespace.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: falco-system - labels: - kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/archive/flagger-system/flagger/app/helmrelease.yaml b/archive/flagger-system/flagger/app/helmrelease.yaml deleted file mode 100644 index 6203ca83f924b..0000000000000 --- a/archive/flagger-system/flagger/app/helmrelease.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: flagger - namespace: flagger-system -spec: - interval: 15m - chart: - spec: - chart: flagger - version: 1.27.0 - sourceRef: - kind: HelmRepository - name: flagger - namespace: flux-system - verify: - provider: cosign - maxHistory: 3 - install: - createNamespace: true - crds: CreateReplace - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - crds: CreateReplace - remediation: - retries: 3 - uninstall: - keepHistory: false diff --git a/archive/flagger-system/flagger/app/kustomization.yaml b/archive/flagger-system/flagger/app/kustomization.yaml deleted file mode 100644 index c90e69d8c046c..0000000000000 --- a/archive/flagger-system/flagger/app/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: flagger-system -resources: - - ./helmrelease.yaml diff --git a/archive/flagger-system/flagger/ks.yaml b/archive/flagger-system/flagger/ks.yaml deleted file mode 100644 index 3a3e829ae852f..0000000000000 --- a/archive/flagger-system/flagger/ks.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: cluster-apps-flagger - namespace: flux-system -spec: - path: ./kubernetes/apps/flagger-system/flagger/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: flagger - namespace: flagger-system - interval: 30m - retryInterval: 1m - timeout: 3m diff --git a/archive/flagger-system/kustomization.yaml b/archive/flagger-system/kustomization.yaml deleted file mode 100644 index 2b13673b9af12..0000000000000 --- a/archive/flagger-system/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - # Pre Flux-Kustomizations - - ./namespace.yaml - # Flux-Kustomizations - - ./flagger/ks.yaml diff --git a/archive/flagger-system/namespace.yaml b/archive/flagger-system/namespace.yaml deleted file mode 100644 index ee2a5acfb4fe0..0000000000000 --- a/archive/flagger-system/namespace.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: flagger-system - labels: - goldilocks.fairwinds.com/enabled: "true" - kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/archive/kube-system/csi-driver-nfs/app/helmrelease.yaml b/archive/kube-system/csi-driver-nfs/app/helmrelease.yaml deleted file mode 100644 index bbaf1871ef9d9..0000000000000 --- a/archive/kube-system/csi-driver-nfs/app/helmrelease.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: csi-driver-nfs - namespace: kube-system -spec: - interval: 15m - chart: - spec: - chart: csi-driver-nfs - version: v4.1.0 - sourceRef: - kind: HelmRepository - name: csi-driver-nfs - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - kubeletDir: /var/lib/kubelet diff --git a/archive/kube-system/csi-driver-nfs/app/kustomization.yaml b/archive/kube-system/csi-driver-nfs/app/kustomization.yaml deleted file mode 100644 index 61b3f7854a352..0000000000000 --- a/archive/kube-system/csi-driver-nfs/app/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: kube-system -resources: - - ./helmrelease.yaml - - ./storage-class.yaml diff --git a/archive/kube-system/csi-driver-nfs/app/storage-class.yaml b/archive/kube-system/csi-driver-nfs/app/storage-class.yaml deleted file mode 100644 index d147a9d7f863e..0000000000000 --- a/archive/kube-system/csi-driver-nfs/app/storage-class.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: nfs-slow -provisioner: nfs.csi.k8s.io -parameters: - server: expanse.turbo.ac - share: /eros/Apps/PVCs -reclaimPolicy: Delete -volumeBindingMode: Immediate -mountOptions: - - nfsvers=4.2 - - nconnect=8 - - hard - - noatime ---- -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: nfs-fast -provisioner: nfs.csi.k8s.io -parameters: - server: expanse.turbo.ac - share: /share/PVCs -reclaimPolicy: Delete -volumeBindingMode: Immediate -mountOptions: - - nfsvers=4.2 - - nconnect=8 - - hard - - noatime diff --git a/archive/kube-system/csi-driver-nfs/ks.yaml b/archive/kube-system/csi-driver-nfs/ks.yaml deleted file mode 100644 index 542bc0592f6eb..0000000000000 --- a/archive/kube-system/csi-driver-nfs/ks.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: cluster-apps-csi-driver-nfs - namespace: flux-system -spec: - path: ./kubernetes/apps/kube-system/csi-driver-nfs/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: csi-driver-nfs - namespace: kube-system - interval: 30m - retryInterval: 1m - timeout: 3m diff --git a/archive/kube-system/descheduler/app/helmrelease.yaml b/archive/kube-system/descheduler/app/helmrelease.yaml deleted file mode 100644 index cc27b130a4f23..0000000000000 --- a/archive/kube-system/descheduler/app/helmrelease.yaml +++ /dev/null @@ -1,80 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: descheduler - namespace: kube-system -spec: - interval: 15m - chart: - spec: - chart: descheduler - version: 0.26.0 - sourceRef: - kind: HelmRepository - name: descheduler - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - kind: Deployment - deschedulerPolicy: - strategies: - RemoveDuplicates: - enabled: true - RemovePodsViolatingNodeTaints: - enabled: true - RemovePodsViolatingNodeAffinity: - enabled: true - params: - nodeAffinityType: ["requiredDuringSchedulingIgnoredDuringExecution"] - RemovePodsViolatingTopologySpreadConstraint: - enabled: true - params: - includeSoftConstraints: true - RemovePodsViolatingInterPodAntiAffinity: - enabled: true - params: - nodeFit: true - LowNodeUtilization: - enabled: false - RemoveFailedPods: - enabled: true - params: - failedPods: - includingInitContainers: true - excludeOwnerKinds: ["Job"] - minPodLifetimeSeconds: 3600 - RemovePodsHavingTooManyRestarts: - enabled: true - params: - podsHavingTooManyRestarts: - podRestartThreshold: 100 - includingInitContainers: true - service: - enabled: true - serviceMonitor: - enabled: true - podAnnotations: - configmap.reloader.stakater.com/reload: "descheduler" - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: ["descheduler"] - topologyKey: kubernetes.io/hostname diff --git a/archive/kube-system/descheduler/app/kustomization.yaml b/archive/kube-system/descheduler/app/kustomization.yaml deleted file mode 100644 index a09cef3142e70..0000000000000 --- a/archive/kube-system/descheduler/app/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: kube-system -resources: - - ./helmrelease.yaml diff --git a/archive/kube-system/descheduler/ks.yaml b/archive/kube-system/descheduler/ks.yaml deleted file mode 100644 index 411c323008b41..0000000000000 --- a/archive/kube-system/descheduler/ks.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: cluster-apps-descheduler - namespace: flux-system -spec: - path: ./kubernetes/apps/kube-system/descheduler/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: descheduler - namespace: kube-system - interval: 30m - retryInterval: 1m - timeout: 3m diff --git a/archive/kuik-system/kube-image-keeper/app/helmrelease.yaml b/archive/kuik-system/kube-image-keeper/app/helmrelease.yaml deleted file mode 100644 index 1521318489155..0000000000000 --- a/archive/kuik-system/kube-image-keeper/app/helmrelease.yaml +++ /dev/null @@ -1,48 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: kube-image-keeper - namespace: kuik-system -spec: - interval: 15m - chart: - spec: - chart: kube-image-keeper - version: 1.0.1 - sourceRef: - kind: HelmRepository - name: enix - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - controllers: - image: - repository: quay.io/enix/kube-image-keeper - webhook: - objectSelector: - matchExpressions: - - key: kube-image-keeper.enix.io/image-cache - operator: In - values: ["enabled"] - proxy: - image: - repository: quay.io/enix/kube-image-keeper - registry: - image: - repository: public.ecr.aws/docker/library/registry - persistence: - enabled: true - storageClass: ceph-filesystem - size: 20Gi diff --git a/archive/kuik-system/kube-image-keeper/app/kustomization.yaml b/archive/kuik-system/kube-image-keeper/app/kustomization.yaml deleted file mode 100644 index 060c4c8aa79b3..0000000000000 --- a/archive/kuik-system/kube-image-keeper/app/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: kuik-system -resources: - - ./helmrelease.yaml -labels: - - pairs: - app.kubernetes.io/name: kube-image-keeper - app.kubernetes.io/instance: kube-image-keeper diff --git a/archive/kuik-system/kube-image-keeper/ks.yaml b/archive/kuik-system/kube-image-keeper/ks.yaml deleted file mode 100644 index 196d2ebf2b03c..0000000000000 --- a/archive/kuik-system/kube-image-keeper/ks.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: cluster-apps-kube-image-keeper - namespace: flux-system -spec: - dependsOn: - - name: cluster-apps-rook-ceph-cluster - path: ./kubernetes/apps/kuik-system/kube-image-keeper/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: kube-image-keeper - namespace: kuik-system - interval: 30m - retryInterval: 1m - timeout: 3m diff --git a/archive/kuik-system/kustomization.yaml b/archive/kuik-system/kustomization.yaml deleted file mode 100644 index 40690b9d0f55b..0000000000000 --- a/archive/kuik-system/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - # Pre Flux-Kustomizations - - ./namespace.yaml - # Flux-Kustomizations - - ./kube-image-keeper/ks.yaml diff --git a/archive/kuik-system/namespace.yaml b/archive/kuik-system/namespace.yaml deleted file mode 100644 index 4f8d18b7e2658..0000000000000 --- a/archive/kuik-system/namespace.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: kuik-system - labels: - goldilocks.fairwinds.com/enabled: "true" - kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/archive/monitoring/mimir/app/helmrelease.yaml b/archive/monitoring/mimir/app/helmrelease.yaml deleted file mode 100644 index 95100d773aa66..0000000000000 --- a/archive/monitoring/mimir/app/helmrelease.yaml +++ /dev/null @@ -1,85 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: mimir - namespace: monitoring -spec: - interval: 15m - chart: - spec: - chart: mimir-distributed - version: 2.2.0-weekly.192 - sourceRef: - kind: HelmRepository - name: grafana - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - mimir: - structuredConfig: - multitenancy_enabled: false - limits: - max_global_series_per_metric: 0 - max_global_series_per_user: 0 - blocks_storage: - backend: s3 - s3: - insecure: true - ruler_storage: - backend: s3 - s3: - insecure: true - nginx: - enabled: false - alertmanager: - enabled: false - minio: - enabled: false - serviceMonitor: - enabled: true - clusterLabel: null - valuesFrom: - - targetPath: mimir.structuredConfig.ruler_storage.s3.bucket_name - name: mimir-ruler-v1 - kind: ConfigMap - valuesKey: BUCKET_NAME - - targetPath: mimir.structuredConfig.ruler_storage.s3.endpoint - name: mimir-ruler-v1 - kind: ConfigMap - valuesKey: BUCKET_HOST - - targetPath: mimir.structuredConfig.ruler_storage.s3.access_key_id - name: mimir-ruler-v1 - kind: Secret - valuesKey: AWS_ACCESS_KEY_ID - - targetPath: mimir.structuredConfig.ruler_storage.s3.secret_access_key - name: mimir-ruler-v1 - kind: Secret - valuesKey: AWS_SECRET_ACCESS_KEY - - targetPath: mimir.structuredConfig.blocks_storage.s3.bucket_name - name: mimir-tsdb-v1 - kind: ConfigMap - valuesKey: BUCKET_NAME - - targetPath: mimir.structuredConfig.blocks_storage.s3.endpoint - name: mimir-tsdb-v1 - kind: ConfigMap - valuesKey: BUCKET_HOST - - targetPath: mimir.structuredConfig.blocks_storage.s3.access_key_id - name: mimir-tsdb-v1 - kind: Secret - valuesKey: AWS_ACCESS_KEY_ID - - targetPath: mimir.structuredConfig.blocks_storage.s3.secret_access_key - name: mimir-tsdb-v1 - kind: Secret - valuesKey: AWS_SECRET_ACCESS_KEY diff --git a/archive/monitoring/mimir/app/kustomization.yaml b/archive/monitoring/mimir/app/kustomization.yaml deleted file mode 100644 index 4eb7258c788c7..0000000000000 --- a/archive/monitoring/mimir/app/kustomization.yaml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - objectbucketclaim.yaml - - helmrelease.yaml -configMapGenerator: - - name: mimir-alertmanager-dashboard - files: - - mimir-alertmanager-dashboard.json=https://raw.githubusercontent.com/grafana/mimir/main/operations/mimir-mixin-compiled/dashboards/mimir-alertmanager.json - - name: mimir-compactor-dashboard - files: - - mimir-compactor-dashboard.json=https://raw.githubusercontent.com/grafana/mimir/main/operations/mimir-mixin-compiled/dashboards/mimir-compactor.json - - name: mimir-overrides-dashboard - files: - - mimir-overrides-dashboard.json=https://raw.githubusercontent.com/grafana/mimir/main/operations/mimir-mixin-compiled/dashboards/mimir-overrides.json - - name: mimir-object-store-dashboard - files: - - mimir-object-store-dashboard.json=https://raw.githubusercontent.com/grafana/mimir/main/operations/mimir-mixin-compiled/dashboards/mimir-object-store.json - - name: mimir-queries-dashboard - files: - - mimir-queries-dashboard.json=https://raw.githubusercontent.com/grafana/mimir/main/operations/mimir-mixin-compiled/dashboards/mimir-queries.json - - name: mimir-reads-dashboard - files: - - mimir-reads-dashboard.json=https://raw.githubusercontent.com/grafana/mimir/main/operations/mimir-mixin-compiled/dashboards/mimir-reads.json - - name: mimir-ruler-dashboard - files: - - mimir-ruler-dashboard.json=https://raw.githubusercontent.com/grafana/mimir/main/operations/mimir-mixin-compiled/dashboards/mimir-ruler.json - - name: mimir-writes-dashboard - files: - - mimir-writes-dashboard.json=https://raw.githubusercontent.com/grafana/mimir/main/operations/mimir-mixin-compiled/dashboards/mimir-writes.json -generatorOptions: - disableNameSuffixHash: true - annotations: - kustomize.toolkit.fluxcd.io/substitute: disabled - labels: - grafana_dashboard: "true" diff --git a/archive/monitoring/mimir/app/objectbucketclaim.yaml b/archive/monitoring/mimir/app/objectbucketclaim.yaml deleted file mode 100644 index f43281a334b8c..0000000000000 --- a/archive/monitoring/mimir/app/objectbucketclaim.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/objectbucketclaim_v1alpha1.json -apiVersion: objectbucket.io/v1alpha1 -kind: ObjectBucketClaim -metadata: - name: mimir-ruler-v1 - namespace: monitoring -spec: - bucketName: ruler-v1 - storageClassName: ceph-bucket ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/objectbucketclaim_v1alpha1.json -apiVersion: objectbucket.io/v1alpha1 -kind: ObjectBucketClaim -metadata: - name: mimir-tsdb-v1 - namespace: monitoring -spec: - bucketName: tsdb-v1 - storageClassName: ceph-bucket diff --git a/archive/monitoring/mimir/ks.yaml b/archive/monitoring/mimir/ks.yaml deleted file mode 100644 index 7e21d76b81fa6..0000000000000 --- a/archive/monitoring/mimir/ks.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: cluster-apps-mimir - namespace: flux-system -spec: - path: ./kubernetes/apps/monitoring/mimir/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: mimir - namespace: monitoring - interval: 30m - retryInterval: 1m - timeout: 3m diff --git a/archive/monitoring/uptimerobot-heartbeat/app/externalsecret.yaml b/archive/monitoring/uptimerobot-heartbeat/app/externalsecret.yaml deleted file mode 100644 index 0e2cc6f7c7981..0000000000000 --- a/archive/monitoring/uptimerobot-heartbeat/app/externalsecret.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/externalsecret_v1beta1.json -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: uptimerobot-heartbeat - namespace: monitoring -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect - target: - name: uptimerobot-heartbeat-secret - creationPolicy: Owner - dataFrom: - - extract: - # UPTIMEROBOT_HEARTBEAT_URL - key: uptimerobot diff --git a/archive/monitoring/uptimerobot-heartbeat/app/helmrelease.yaml b/archive/monitoring/uptimerobot-heartbeat/app/helmrelease.yaml deleted file mode 100644 index 55050657b584f..0000000000000 --- a/archive/monitoring/uptimerobot-heartbeat/app/helmrelease.yaml +++ /dev/null @@ -1,54 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: uptimerobot-heartbeat - namespace: monitoring -spec: - interval: 15m - chart: - spec: - chart: app-template - version: 1.3.0 - sourceRef: - kind: HelmRepository - name: bjw-s - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - controller: - type: cronjob - cronjob: - concurrencyPolicy: Forbid - schedule: "* * * * *" - restartPolicy: OnFailure - image: - repository: ghcr.io/onedr0p/kubernetes-kubectl - tag: 1.26.1@sha256:c85224928b2e384e63bd8c9ba89753dd3d1cd9c178350d83efa3182b480c31a0 - command: ["/bin/bash", "/app/uptimerobot-heartbeat.sh"] - envFrom: - - secretRef: - name: uptimerobot-heartbeat-secret - service: - main: - enabled: false - persistence: - config: - enabled: true - type: configMap - name: uptimerobot-heartbeat-configmap - subPath: uptimerobot-heartbeat.sh - mountPath: /app/uptimerobot-heartbeat.sh - defaultMode: 0775 - readOnly: true diff --git a/archive/monitoring/uptimerobot-heartbeat/app/kustomization.yaml b/archive/monitoring/uptimerobot-heartbeat/app/kustomization.yaml deleted file mode 100644 index b3eac012849fc..0000000000000 --- a/archive/monitoring/uptimerobot-heartbeat/app/kustomization.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: monitoring -resources: - - ./externalsecret.yaml - - ./helmrelease.yaml -configMapGenerator: - - name: uptimerobot-heartbeat-configmap - files: - - ./uptimerobot-heartbeat.sh -generatorOptions: - disableNameSuffixHash: true - annotations: - kustomize.toolkit.fluxcd.io/substitute: disabled diff --git a/archive/monitoring/uptimerobot-heartbeat/app/uptimerobot-heartbeat.sh b/archive/monitoring/uptimerobot-heartbeat/app/uptimerobot-heartbeat.sh deleted file mode 100755 index 43db06c84c5cc..0000000000000 --- a/archive/monitoring/uptimerobot-heartbeat/app/uptimerobot-heartbeat.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/env bash - -if [[ -z "${UPTIMEROBOT_HEARTBEAT_URL}" ]]; then - printf "%s - Yikes - Missing UPTIMEROBOT_HEARTBEAT_URL environment variable" "$(date -u)" - exit 0 -fi - -status_code=$(curl --connect-timeout 10 --max-time 30 -I -s -o /dev/null -w '%{http_code}' "${UPTIMEROBOT_HEARTBEAT_URL}") -if [[ ! ${status_code} =~ ^[2|3][0-9]{2}$ ]]; then - printf "%s - Yikes - Heartbeat request failed, http code: %s" "$(date -u)" "${status_code}" - exit 0 -fi - -printf "%s - Success - Heartbeat request received and processed successfully" "$(date -u)" -exit 0 diff --git a/archive/monitoring/uptimerobot-heartbeat/ks.yaml b/archive/monitoring/uptimerobot-heartbeat/ks.yaml deleted file mode 100644 index 71dc3316b8e0c..0000000000000 --- a/archive/monitoring/uptimerobot-heartbeat/ks.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: cluster-apps-uptimerobot-heartbeat - namespace: flux-system -spec: - dependsOn: - - name: cluster-apps-external-secrets-stores - path: ./kubernetes/apps/monitoring/uptimerobot-heartbeat/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: uptimerobot-heartbeat - namespace: monitoring - interval: 30m - retryInterval: 1m - timeout: 3m diff --git a/archive/networking/cloudflare-ddns/app/cloudflare-ddns.sh b/archive/networking/cloudflare-ddns/app/cloudflare-ddns.sh deleted file mode 100755 index 0ba5b7039a401..0000000000000 --- a/archive/networking/cloudflare-ddns/app/cloudflare-ddns.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/usr/bin/env bash - -set -o nounset -set -o errexit - -current_ipv4="$(curl -s https://ipv4.icanhazip.com/)" -zone_id=$(curl -s -X GET \ - "https://api.cloudflare.com/client/v4/zones?name=${CLOUDFLARE_RECORD_NAME#*.}&status=active" \ - -H "X-Auth-Email: ${CLOUDFLARE_EMAIL}" \ - -H "X-Auth-Key: ${CLOUDFLARE_APIKEY}" \ - -H "Content-Type: application/json" \ - | jq --raw-output ".result[0] | .id" -) -record_ipv4=$(curl -s -X GET \ - "https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records?name=${CLOUDFLARE_RECORD_NAME}&type=A" \ - -H "X-Auth-Email: ${CLOUDFLARE_EMAIL}" \ - -H "X-Auth-Key: ${CLOUDFLARE_APIKEY}" \ - -H "Content-Type: application/json" \ -) -old_ip4=$(echo "$record_ipv4" | jq --raw-output '.result[0] | .content') -if [[ "${current_ipv4}" == "${old_ip4}" ]]; then - printf "%s - IP Address '%s' has not changed" "$(date -u)" "${current_ipv4}" - exit 0 -fi -record_ipv4_identifier="$(echo "$record_ipv4" | jq --raw-output '.result[0] | .id')" -update_ipv4=$(curl -s -X PUT \ - "https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_ipv4_identifier}" \ - -H "X-Auth-Email: ${CLOUDFLARE_EMAIL}" \ - -H "X-Auth-Key: ${CLOUDFLARE_APIKEY}" \ - -H "Content-Type: application/json" \ - --data "{\"id\":\"${zone_id}\",\"type\":\"A\",\"proxied\":true,\"name\":\"${CLOUDFLARE_RECORD_NAME}\",\"content\":\"${current_ipv4}\"}" \ -) -if [[ "$(echo "$update_ipv4" | jq --raw-output '.success')" == "true" ]]; then - printf "%s - Success - IP Address '%s' has been updated" "$(date -u)" "${current_ipv4}" - exit 0 -else - printf "%s - Yikes - Updating IP Address '%s' has failed" "$(date -u)" "${current_ipv4}" - exit 1 -fi diff --git a/archive/networking/cloudflare-ddns/app/externalsecret.yaml b/archive/networking/cloudflare-ddns/app/externalsecret.yaml deleted file mode 100644 index 57aa9ea5519b4..0000000000000 --- a/archive/networking/cloudflare-ddns/app/externalsecret.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/externalsecret_v1beta1.json -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: cloudflare-ddns - namespace: networking -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect - target: - name: cloudflare-ddns-secret - creationPolicy: Owner - dataFrom: - - extract: - # CLOUDFLARE_EMAIL: The email used to log into https://dash.cloudflare.com - # CLOUDFLARE_APIKEY: Top right corner, "My profile" > "Global API Key" - # CLOUDFLARE_RECORD_NAME: The name of your A record - key: cloudflare diff --git a/archive/networking/cloudflare-ddns/app/helmrelease.yaml b/archive/networking/cloudflare-ddns/app/helmrelease.yaml deleted file mode 100644 index 525509f809d74..0000000000000 --- a/archive/networking/cloudflare-ddns/app/helmrelease.yaml +++ /dev/null @@ -1,54 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: cloudflare-ddns - namespace: networking -spec: - interval: 15m - chart: - spec: - chart: app-template - version: 1.3.1 - sourceRef: - kind: HelmRepository - name: bjw-s - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - controller: - type: cronjob - cronjob: - concurrencyPolicy: Forbid - schedule: "@hourly" - restartPolicy: OnFailure - image: - repository: ghcr.io/onedr0p/kubernetes-kubectl - tag: 1.26.1@sha256:b3c111e0eca603f3e3f638a713669f7b2c64e8eb58ba5937632a7c2a2b58f51c - command: ["/bin/bash", "/app/cloudflare-ddns.sh"] - envFrom: - - secretRef: - name: cloudflare-ddns-secret - service: - main: - enabled: false - persistence: - config: - enabled: true - type: configMap - name: cloudflare-ddns-configmap - subPath: cloudflare-ddns.sh - mountPath: /app/cloudflare-ddns.sh - defaultMode: 0775 - readOnly: true diff --git a/archive/networking/cloudflare-ddns/app/kustomization.yaml b/archive/networking/cloudflare-ddns/app/kustomization.yaml deleted file mode 100644 index 355a0a5ab70a0..0000000000000 --- a/archive/networking/cloudflare-ddns/app/kustomization.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: networking -resources: - - ./externalsecret.yaml - - ./helmrelease.yaml -configMapGenerator: - - name: cloudflare-ddns-configmap - files: - - ./cloudflare-ddns.sh -generatorOptions: - disableNameSuffixHash: true - annotations: - kustomize.toolkit.fluxcd.io/substitute: disabled -labels: - - pairs: - app.kubernetes.io/name: cloudflare-ddns - app.kubernetes.io/instance: cloudflare-ddns diff --git a/archive/networking/cloudflare-ddns/ks.yaml b/archive/networking/cloudflare-ddns/ks.yaml deleted file mode 100644 index c8e7345eb2789..0000000000000 --- a/archive/networking/cloudflare-ddns/ks.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: cluster-apps-cloudflare-ddns - namespace: flux-system -spec: - dependsOn: - - name: cluster-apps-external-secrets-stores - path: ./kubernetes/apps/networking/cloudflare-ddns/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: cloudflare-ddns - namespace: networking - interval: 30m - timeout: 5m diff --git a/archive/trivy-system/kustomization.yaml b/archive/trivy-system/kustomization.yaml deleted file mode 100644 index 908f7ac08f6bf..0000000000000 --- a/archive/trivy-system/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - # Pre Flux-Kustomizations - - ./namespace.yaml - # Flux-Kustomizations - - ./trivy-operator/ks.yaml diff --git a/archive/trivy-system/namespace.yaml b/archive/trivy-system/namespace.yaml deleted file mode 100644 index 426abe25433f2..0000000000000 --- a/archive/trivy-system/namespace.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: trivy-system - labels: - kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/archive/trivy-system/trivy-operator/app/helmrelease.yaml b/archive/trivy-system/trivy-operator/app/helmrelease.yaml deleted file mode 100644 index 172f8fbe9478f..0000000000000 --- a/archive/trivy-system/trivy-operator/app/helmrelease.yaml +++ /dev/null @@ -1,41 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: trivy-operator - namespace: trivy-system -spec: - interval: 15m - chart: - spec: - chart: trivy-operator - version: 0.10.1 - sourceRef: - kind: HelmRepository - name: aqua - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - crds: CreateReplace - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - crds: CreateReplace - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - excludeNamespaces: "{{ .Release.Namespace }}" - operator: - replicas: 3 - scanJobsConcurrentLimit: 3 - vulnerabilityScannerScanOnlyCurrentRevisions: true - configAuditScannerScanOnlyCurrentRevisions: true - trivy: - ignoreUnfixed: true - serviceMonitor: - enabled: true diff --git a/archive/trivy-system/trivy-operator/app/kustomization.yaml b/archive/trivy-system/trivy-operator/app/kustomization.yaml deleted file mode 100644 index 63d5cfc22da4e..0000000000000 --- a/archive/trivy-system/trivy-operator/app/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: trivy-system -resources: - - ./helmrelease.yaml diff --git a/archive/trivy-system/trivy-operator/ks.yaml b/archive/trivy-system/trivy-operator/ks.yaml deleted file mode 100644 index cbee4af49a72a..0000000000000 --- a/archive/trivy-system/trivy-operator/ks.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: cluster-apps-trivy-operator - namespace: flux-system -spec: - path: ./kubernetes/apps/trivy-system/trivy-operator/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: trivy-operator - namespace: trivy-system - interval: 30m - retryInterval: 1m - timeout: 3m diff --git a/archive/volsync/snapscheduler/app/helmrelease.yaml b/archive/volsync/snapscheduler/app/helmrelease.yaml deleted file mode 100644 index 9acc03cbf1c2e..0000000000000 --- a/archive/volsync/snapscheduler/app/helmrelease.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: snapscheduler - namespace: volsync -spec: - interval: 15m - chart: - spec: - chart: snapscheduler - version: 3.2.0 - sourceRef: - kind: HelmRepository - name: backube - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - manageCRDs: true - metrics: - disableAuth: true diff --git a/archive/volsync/snapscheduler/app/kustomization.yaml b/archive/volsync/snapscheduler/app/kustomization.yaml deleted file mode 100644 index f8f5b9cf927be..0000000000000 --- a/archive/volsync/snapscheduler/app/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: volsync -resources: - - ./helmrelease.yaml diff --git a/archive/volsync/snapscheduler/ks.yaml b/archive/volsync/snapscheduler/ks.yaml deleted file mode 100644 index d35c1104a8797..0000000000000 --- a/archive/volsync/snapscheduler/ks.yaml +++ /dev/null @@ -1,42 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: cluster-apps-snapscheduler - namespace: flux-system -spec: - dependsOn: - - name: cluster-apps-snapshot-controller - path: ./kubernetes/apps/volsync/snapscheduler/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: snapscheduler - namespace: volsync - interval: 30m - retryInterval: 1m - timeout: 3m ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: cluster-apps-snapscheduler-schedules - namespace: flux-system -spec: - dependsOn: - - name: cluster-apps-snapscheduler - path: ./kubernetes/apps/volsync/snapscheduler/schedules - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - wait: true - interval: 30m - retryInterval: 1m - timeout: 3m diff --git a/archive/volsync/snapscheduler/schedules/kustomization.yaml b/archive/volsync/snapscheduler/schedules/kustomization.yaml deleted file mode 100644 index 5be33ab76a9a9..0000000000000 --- a/archive/volsync/snapscheduler/schedules/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./snapschedule.yaml diff --git a/archive/volsync/snapscheduler/schedules/snapschedule.yaml b/archive/volsync/snapscheduler/schedules/snapschedule.yaml deleted file mode 100644 index 264d064ea91f2..0000000000000 --- a/archive/volsync/snapscheduler/schedules/snapschedule.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/snapshotschedule_v1.json -apiVersion: snapscheduler.backube/v1 -kind: SnapshotSchedule -metadata: - name: main - namespace: default -spec: - disabled: false - claimSelector: - matchLabels: - snapshot.home.arpa/enabled: "true" - retention: - expires: 48h - schedule: "@daily" - snapshotTemplate: - snapshotClassName: csi-ceph-blockpool diff --git a/archive/vpn/kustomization.yaml b/archive/vpn/kustomization.yaml deleted file mode 100644 index ccb10ac841ab0..0000000000000 --- a/archive/vpn/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - # Pre Flux-Kustomizations - - ./namespace.yaml - # Flux-Kustomizations - # - ./pod-gateway/ks.yaml diff --git a/archive/vpn/namespace.yaml b/archive/vpn/namespace.yaml deleted file mode 100644 index 1bbecbb3c9397..0000000000000 --- a/archive/vpn/namespace.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: vpn - labels: - goldilocks.fairwinds.com/enabled: "true" - kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/archive/vpn/pod-gateway/app/externalsecret.yaml b/archive/vpn/pod-gateway/app/externalsecret.yaml deleted file mode 100644 index 7f9d4cf8c5286..0000000000000 --- a/archive/vpn/pod-gateway/app/externalsecret.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/externalsecret_v1beta1.json -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: mullvad - namespace: vpn -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect - target: - name: mullvad-secret - creationPolicy: Owner - dataFrom: - - extract: - # WIREGUARD_PRIVATE_KEY, WIREGUARD_ADDRESSES - key: mullvad diff --git a/archive/vpn/pod-gateway/app/helmrelease.yaml b/archive/vpn/pod-gateway/app/helmrelease.yaml deleted file mode 100644 index 573421f8684e8..0000000000000 --- a/archive/vpn/pod-gateway/app/helmrelease.yaml +++ /dev/null @@ -1,104 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: pod-gateway - namespace: vpn -spec: - interval: 15m - chart: - spec: - chart: pod-gateway - version: 6.0.0 - sourceRef: - kind: HelmRepository - name: angelnu - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - controller: - annotations: - reloader.stakater.com/auto: "true" - image: - repository: ghcr.io/angelnu/pod-gateway - tag: v1.8.1 - DNS: 172.16.1.1 - addons: - netshoot: - enabled: true - vpn: - enabled: true - type: gluetun - image: - # TODO: Replace with ghcr.io/qdm12/gluetun when a versioned tag is available - repository: docker.io/qmcgaw/gluetun - tag: v3.32.0 - env: - - name: VPN_SERVICE_PROVIDER - value: mullvad - - name: VPN_TYPE - value: wireguard - - name: VPN_INTERFACE - value: wg0 - - name: FIREWALL - value: "off" - - name: DOT - value: "off" - - name: SERVER_CITIES - value: Atlanta GA - - name: SERVER_HOSTNAMES - value: us167-wireguard - - name: LOG_LEVEL - value: debug - envFrom: - - secretRef: - name: mullvad-secret - securityContext: - capabilities: - add: ["NET_ADMIN"] - networkPolicy: - enabled: true - egress: - - to: - - ipBlock: - cidr: 0.0.0.0/0 - ports: - - port: 51820 - protocol: UDP - - to: - - namespaceSelector: {} - publicPorts: - - IP: 10 - hostname: qbittorrent-vpn-0 - ports: - - port: 56202 - type: udp - - port: 56202 - type: tcp - routed_namespaces: ["downloads"] - settings: - VPN_INTERFACE: "wg0" - VXLAN_ID: "43" - VXLAN_IP_NETWORK: "172.16.1" - VPN_BLOCK_OTHER_TRAFFIC: "true" - VPN_TRAFFIC_PORT: "51820" - DNS_LOCAL_CIDRS: "local" - NOT_ROUTED_TO_GATEWAY_CIDRS: "10.0.0.0/8 172.16.0.0/12 192.168.0.0/16" - VPN_LOCAL_CIDRS: "10.0.0.0/8 172.16.0.0/12 192.168.0.0/16" - IPTABLES_NFT: "yes" - webhook: - gatewayDefault: false - image: - repository: ghcr.io/angelnu/gateway-admision-controller - tag: v3.7.0 diff --git a/archive/vpn/pod-gateway/app/kustomization.yaml b/archive/vpn/pod-gateway/app/kustomization.yaml deleted file mode 100644 index 50fb16db878c2..0000000000000 --- a/archive/vpn/pod-gateway/app/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: vpn -resources: - - ./helmrelease.yaml - - ./externalsecret.yaml - # - ./networkpolicy.yaml diff --git a/archive/vpn/pod-gateway/app/networkpolicy.yaml b/archive/vpn/pod-gateway/app/networkpolicy.yaml deleted file mode 100644 index dd2569e37c544..0000000000000 --- a/archive/vpn/pod-gateway/app/networkpolicy.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: projectcalico.org/v3 -kind: NetworkPolicy -metadata: - name: pod-gateway - namespace: vpn -spec: - selector: app.kubernetes.io/name == 'pod-gateway' - types: ["Egress"] - egress: - - action: Allow - protocol: UDP - destination: - nets: ["0.0.0.0/0"] - ports: [51820] diff --git a/archive/vpn/pod-gateway/ks.yaml b/archive/vpn/pod-gateway/ks.yaml deleted file mode 100644 index e0399f53d3f9a..0000000000000 --- a/archive/vpn/pod-gateway/ks.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: cluster-apps-pod-gateway - namespace: flux-system -spec: - path: ./kubernetes/apps/vpn/pod-gateway/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: pod-gateway - namespace: vpn - interval: 30m - retryInterval: 1m - timeout: 3m diff --git a/ansible/kubernetes/.envrc b/provision/kubernetes/ansible/.envrc similarity index 100% rename from ansible/kubernetes/.envrc rename to provision/kubernetes/ansible/.envrc diff --git a/ansible/kubernetes/ansible.cfg b/provision/kubernetes/ansible/ansible.cfg similarity index 100% rename from ansible/kubernetes/ansible.cfg rename to provision/kubernetes/ansible/ansible.cfg diff --git a/ansible/kubernetes/inventory/group_vars/all/k3s-calico.yml b/provision/kubernetes/ansible/inventory/group_vars/all/k3s-calico.yml similarity index 100% rename from ansible/kubernetes/inventory/group_vars/all/k3s-calico.yml rename to provision/kubernetes/ansible/inventory/group_vars/all/k3s-calico.yml diff --git a/ansible/kubernetes/inventory/group_vars/all/k3s.yml b/provision/kubernetes/ansible/inventory/group_vars/all/k3s.yml similarity index 100% rename from ansible/kubernetes/inventory/group_vars/all/k3s.yml rename to provision/kubernetes/ansible/inventory/group_vars/all/k3s.yml diff --git a/ansible/kubernetes/inventory/group_vars/all/os.yml b/provision/kubernetes/ansible/inventory/group_vars/all/os.yml similarity index 100% rename from ansible/kubernetes/inventory/group_vars/all/os.yml rename to provision/kubernetes/ansible/inventory/group_vars/all/os.yml diff --git a/ansible/kubernetes/inventory/group_vars/master/k3s.yml b/provision/kubernetes/ansible/inventory/group_vars/master/k3s.yml similarity index 100% rename from ansible/kubernetes/inventory/group_vars/master/k3s.yml rename to provision/kubernetes/ansible/inventory/group_vars/master/k3s.yml diff --git a/ansible/kubernetes/inventory/group_vars/worker/k3s.yml b/provision/kubernetes/ansible/inventory/group_vars/worker/k3s.yml similarity index 100% rename from ansible/kubernetes/inventory/group_vars/worker/k3s.yml rename to provision/kubernetes/ansible/inventory/group_vars/worker/k3s.yml diff --git a/ansible/kubernetes/inventory/host_vars/k8s-0.sops.yml b/provision/kubernetes/ansible/inventory/host_vars/k8s-0.sops.yml similarity index 100% rename from ansible/kubernetes/inventory/host_vars/k8s-0.sops.yml rename to provision/kubernetes/ansible/inventory/host_vars/k8s-0.sops.yml diff --git a/ansible/kubernetes/inventory/host_vars/k8s-1.sops.yml b/provision/kubernetes/ansible/inventory/host_vars/k8s-1.sops.yml similarity index 100% rename from ansible/kubernetes/inventory/host_vars/k8s-1.sops.yml rename to provision/kubernetes/ansible/inventory/host_vars/k8s-1.sops.yml diff --git a/ansible/kubernetes/inventory/host_vars/k8s-2.sops.yml b/provision/kubernetes/ansible/inventory/host_vars/k8s-2.sops.yml similarity index 100% rename from ansible/kubernetes/inventory/host_vars/k8s-2.sops.yml rename to provision/kubernetes/ansible/inventory/host_vars/k8s-2.sops.yml diff --git a/ansible/kubernetes/inventory/host_vars/k8s-3.sops.yml b/provision/kubernetes/ansible/inventory/host_vars/k8s-3.sops.yml similarity index 100% rename from ansible/kubernetes/inventory/host_vars/k8s-3.sops.yml rename to provision/kubernetes/ansible/inventory/host_vars/k8s-3.sops.yml diff --git a/ansible/kubernetes/inventory/host_vars/k8s-4.sops.yml b/provision/kubernetes/ansible/inventory/host_vars/k8s-4.sops.yml similarity index 100% rename from ansible/kubernetes/inventory/host_vars/k8s-4.sops.yml rename to provision/kubernetes/ansible/inventory/host_vars/k8s-4.sops.yml diff --git a/ansible/kubernetes/inventory/host_vars/k8s-5.sops.yml b/provision/kubernetes/ansible/inventory/host_vars/k8s-5.sops.yml similarity index 100% rename from ansible/kubernetes/inventory/host_vars/k8s-5.sops.yml rename to provision/kubernetes/ansible/inventory/host_vars/k8s-5.sops.yml diff --git a/ansible/kubernetes/inventory/hosts.yml b/provision/kubernetes/ansible/inventory/hosts.yml similarity index 100% rename from ansible/kubernetes/inventory/hosts.yml rename to provision/kubernetes/ansible/inventory/hosts.yml diff --git a/ansible/kubernetes/playbooks/cluster-installation.yml b/provision/kubernetes/ansible/playbooks/cluster-installation.yml similarity index 100% rename from ansible/kubernetes/playbooks/cluster-installation.yml rename to provision/kubernetes/ansible/playbooks/cluster-installation.yml diff --git a/ansible/kubernetes/playbooks/cluster-nuke.yml b/provision/kubernetes/ansible/playbooks/cluster-nuke.yml similarity index 100% rename from ansible/kubernetes/playbooks/cluster-nuke.yml rename to provision/kubernetes/ansible/playbooks/cluster-nuke.yml diff --git a/ansible/kubernetes/playbooks/cluster-prepare.yml b/provision/kubernetes/ansible/playbooks/cluster-prepare.yml similarity index 100% rename from ansible/kubernetes/playbooks/cluster-prepare.yml rename to provision/kubernetes/ansible/playbooks/cluster-prepare.yml diff --git a/ansible/kubernetes/playbooks/cluster-rook-nuke.yml b/provision/kubernetes/ansible/playbooks/cluster-rook-nuke.yml similarity index 100% rename from ansible/kubernetes/playbooks/cluster-rook-nuke.yml rename to provision/kubernetes/ansible/playbooks/cluster-rook-nuke.yml diff --git a/ansible/kubernetes/playbooks/templates/audit-policy.yaml.j2 b/provision/kubernetes/ansible/playbooks/templates/audit-policy.yaml.j2 similarity index 100% rename from ansible/kubernetes/playbooks/templates/audit-policy.yaml.j2 rename to provision/kubernetes/ansible/playbooks/templates/audit-policy.yaml.j2 diff --git a/ansible/kubernetes/playbooks/templates/calico-bgpconfiguration.yaml.j2 b/provision/kubernetes/ansible/playbooks/templates/calico-bgpconfiguration.yaml.j2 similarity index 100% rename from ansible/kubernetes/playbooks/templates/calico-bgpconfiguration.yaml.j2 rename to provision/kubernetes/ansible/playbooks/templates/calico-bgpconfiguration.yaml.j2 diff --git a/ansible/kubernetes/playbooks/templates/calico-bgppeer.yaml.j2 b/provision/kubernetes/ansible/playbooks/templates/calico-bgppeer.yaml.j2 similarity index 100% rename from ansible/kubernetes/playbooks/templates/calico-bgppeer.yaml.j2 rename to provision/kubernetes/ansible/playbooks/templates/calico-bgppeer.yaml.j2 diff --git a/ansible/kubernetes/playbooks/templates/calico-ebpf.yaml.j2 b/provision/kubernetes/ansible/playbooks/templates/calico-ebpf.yaml.j2 similarity index 100% rename from ansible/kubernetes/playbooks/templates/calico-ebpf.yaml.j2 rename to provision/kubernetes/ansible/playbooks/templates/calico-ebpf.yaml.j2 diff --git a/ansible/kubernetes/playbooks/templates/calico-installation.yaml.j2 b/provision/kubernetes/ansible/playbooks/templates/calico-installation.yaml.j2 similarity index 100% rename from ansible/kubernetes/playbooks/templates/calico-installation.yaml.j2 rename to provision/kubernetes/ansible/playbooks/templates/calico-installation.yaml.j2 diff --git a/ansible/requirements.yml b/provision/kubernetes/ansible/requirements.yml similarity index 100% rename from ansible/requirements.yml rename to provision/kubernetes/ansible/requirements.yml diff --git a/terraform/cloudflare/.terraform.lock.hcl b/provision/kubernetes/terraform/.terraform.lock.hcl similarity index 100% rename from terraform/cloudflare/.terraform.lock.hcl rename to provision/kubernetes/terraform/.terraform.lock.hcl diff --git a/terraform/cloudflare/domain_buhl_casa.tf b/provision/kubernetes/terraform/domain_buhl_casa.tf similarity index 100% rename from terraform/cloudflare/domain_buhl_casa.tf rename to provision/kubernetes/terraform/domain_buhl_casa.tf diff --git a/terraform/cloudflare/domain_devbu_io.tf b/provision/kubernetes/terraform/domain_devbu_io.tf similarity index 100% rename from terraform/cloudflare/domain_devbu_io.tf rename to provision/kubernetes/terraform/domain_devbu_io.tf diff --git a/terraform/cloudflare/main.tf b/provision/kubernetes/terraform/main.tf similarity index 100% rename from terraform/cloudflare/main.tf rename to provision/kubernetes/terraform/main.tf diff --git a/terraform/cloudflare/providers.tf b/provision/kubernetes/terraform/providers.tf similarity index 100% rename from terraform/cloudflare/providers.tf rename to provision/kubernetes/terraform/providers.tf diff --git a/terraform/cloudflare/readme.md b/provision/kubernetes/terraform/readme.md similarity index 100% rename from terraform/cloudflare/readme.md rename to provision/kubernetes/terraform/readme.md diff --git a/terraform/cloudflare/secret.sops.yaml b/provision/kubernetes/terraform/secret.sops.yaml similarity index 100% rename from terraform/cloudflare/secret.sops.yaml rename to provision/kubernetes/terraform/secret.sops.yaml diff --git a/provision/router/.gitkeep b/provision/router/.gitkeep new file mode 100644 index 0000000000000..e69de29bb2d1d diff --git a/ansible/storage/.envrc b/provision/storage/ansible/.envrc similarity index 100% rename from ansible/storage/.envrc rename to provision/storage/ansible/.envrc diff --git a/ansible/storage/ansible.cfg b/provision/storage/ansible/ansible.cfg similarity index 100% rename from ansible/storage/ansible.cfg rename to provision/storage/ansible/ansible.cfg diff --git a/ansible/storage/inventory/group_vars/all/os.yml b/provision/storage/ansible/inventory/group_vars/all/os.yml similarity index 100% rename from ansible/storage/inventory/group_vars/all/os.yml rename to provision/storage/ansible/inventory/group_vars/all/os.yml diff --git a/ansible/storage/inventory/group_vars/master/k3s.yml b/provision/storage/ansible/inventory/group_vars/master/k3s.yml similarity index 100% rename from ansible/storage/inventory/group_vars/master/k3s.yml rename to provision/storage/ansible/inventory/group_vars/master/k3s.yml diff --git a/ansible/storage/inventory/host_vars/expanse.sops.yml b/provision/storage/ansible/inventory/host_vars/expanse.sops.yml similarity index 100% rename from ansible/storage/inventory/host_vars/expanse.sops.yml rename to provision/storage/ansible/inventory/host_vars/expanse.sops.yml diff --git a/ansible/storage/inventory/hosts.yml b/provision/storage/ansible/inventory/hosts.yml similarity index 100% rename from ansible/storage/inventory/hosts.yml rename to provision/storage/ansible/inventory/hosts.yml diff --git a/ansible/storage/playbooks/cluster-installation.yml b/provision/storage/ansible/playbooks/cluster-installation.yml similarity index 100% rename from ansible/storage/playbooks/cluster-installation.yml rename to provision/storage/ansible/playbooks/cluster-installation.yml diff --git a/ansible/storage/playbooks/cluster-nuke.yml b/provision/storage/ansible/playbooks/cluster-nuke.yml similarity index 100% rename from ansible/storage/playbooks/cluster-nuke.yml rename to provision/storage/ansible/playbooks/cluster-nuke.yml diff --git a/ansible/storage/playbooks/cluster-prepare.yml b/provision/storage/ansible/playbooks/cluster-prepare.yml similarity index 100% rename from ansible/storage/playbooks/cluster-prepare.yml rename to provision/storage/ansible/playbooks/cluster-prepare.yml diff --git a/ansible/storage/playbooks/templates/aliases.j2 b/provision/storage/ansible/playbooks/templates/aliases.j2 similarity index 100% rename from ansible/storage/playbooks/templates/aliases.j2 rename to provision/storage/ansible/playbooks/templates/aliases.j2 diff --git a/ansible/storage/playbooks/templates/msmtprc.j2 b/provision/storage/ansible/playbooks/templates/msmtprc.j2 similarity index 100% rename from ansible/storage/playbooks/templates/msmtprc.j2 rename to provision/storage/ansible/playbooks/templates/msmtprc.j2 diff --git a/ansible/storage/playbooks/templates/smartd.conf.j2 b/provision/storage/ansible/playbooks/templates/smartd.conf.j2 similarity index 100% rename from ansible/storage/playbooks/templates/smartd.conf.j2 rename to provision/storage/ansible/playbooks/templates/smartd.conf.j2 diff --git a/ansible/storage/playbooks/templates/zed.rc.j2 b/provision/storage/ansible/playbooks/templates/zed.rc.j2 similarity index 100% rename from ansible/storage/playbooks/templates/zed.rc.j2 rename to provision/storage/ansible/playbooks/templates/zed.rc.j2 diff --git a/provision/storage/ansible/requirements.yml b/provision/storage/ansible/requirements.yml new file mode 100644 index 0000000000000..2eb031521279f --- /dev/null +++ b/provision/storage/ansible/requirements.yml @@ -0,0 +1,14 @@ +--- +collections: + - name: ansible.posix + version: 1.5.1 + - name: community.general + version: 6.3.0 + - name: kubernetes.core + version: 2.4.0 + - name: community.sops + version: 1.6.1 +roles: + - name: xanmanning.k3s + src: https://github.com/PyratLabs/ansible-role-k3s.git + version: v3.3.1 diff --git a/terraform/storage/.terraform.lock.hcl b/provision/storage/terraform/.terraform.lock.hcl similarity index 100% rename from terraform/storage/.terraform.lock.hcl rename to provision/storage/terraform/.terraform.lock.hcl diff --git a/terraform/storage/app_kopia.tf b/provision/storage/terraform/app_kopia.tf similarity index 100% rename from terraform/storage/app_kopia.tf rename to provision/storage/terraform/app_kopia.tf diff --git a/terraform/storage/app_minio.tf b/provision/storage/terraform/app_minio.tf similarity index 100% rename from terraform/storage/app_minio.tf rename to provision/storage/terraform/app_minio.tf diff --git a/terraform/storage/app_node_exporter.tf b/provision/storage/terraform/app_node_exporter.tf similarity index 100% rename from terraform/storage/app_node_exporter.tf rename to provision/storage/terraform/app_node_exporter.tf diff --git a/terraform/storage/app_smartctl_exporter.tf b/provision/storage/terraform/app_smartctl_exporter.tf similarity index 100% rename from terraform/storage/app_smartctl_exporter.tf rename to provision/storage/terraform/app_smartctl_exporter.tf diff --git a/terraform/storage/app_vector_agent.tf b/provision/storage/terraform/app_vector_agent.tf similarity index 100% rename from terraform/storage/app_vector_agent.tf rename to provision/storage/terraform/app_vector_agent.tf diff --git a/terraform/storage/main.tf b/provision/storage/terraform/main.tf similarity index 100% rename from terraform/storage/main.tf rename to provision/storage/terraform/main.tf diff --git a/terraform/storage/providers.tf b/provision/storage/terraform/providers.tf similarity index 100% rename from terraform/storage/providers.tf rename to provision/storage/terraform/providers.tf diff --git a/terraform/storage/readme.md b/provision/storage/terraform/readme.md similarity index 100% rename from terraform/storage/readme.md rename to provision/storage/terraform/readme.md diff --git a/terraform/storage/secret.sops.yaml b/provision/storage/terraform/secret.sops.yaml similarity index 100% rename from terraform/storage/secret.sops.yaml rename to provision/storage/terraform/secret.sops.yaml diff --git a/terraform/storage/templates/repository.config.tftpl b/provision/storage/terraform/templates/repository.config.tftpl similarity index 100% rename from terraform/storage/templates/repository.config.tftpl rename to provision/storage/terraform/templates/repository.config.tftpl diff --git a/terraform/storage/templates/vector.yaml.tftpl b/provision/storage/terraform/templates/vector.yaml.tftpl similarity index 100% rename from terraform/storage/templates/vector.yaml.tftpl rename to provision/storage/terraform/templates/vector.yaml.tftpl diff --git a/terraform/storage/variables.tf b/provision/storage/terraform/variables.tf similarity index 100% rename from terraform/storage/variables.tf rename to provision/storage/terraform/variables.tf diff --git a/terraform/readme.md b/terraform/readme.md deleted file mode 100644 index 46f96ad845943..0000000000000 --- a/terraform/readme.md +++ /dev/null @@ -1 +0,0 @@ -# Terraform