shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

♻️ refacto

Browse Source
This commit is contained in:
auricom
2023-09-14 22:52:04 +02:00
parent 16bdd0e977
commit 10ed7ead5d
6 changed files with 12 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
kubernetes/apps/default/authelia/app/config/configuration.yaml
View File

@@ -29,7 +29,7 @@ access_control:
- domain: - domain:
- "*.${SECRET_CLUSTER_DOMAIN}" - "*.${SECRET_CLUSTER_DOMAIN}"
policy: one_factor policy: one_factor
subject: ["group:homelab_admins", "group:homelab_users"] subject: ["group:admins", "group:users"]
networks: networks:
- private - private
# Deny public resources # Deny public resources
@@ -81,12 +81,3 @@ identity_providers:
scopes: ["openid", "profile", "email"] scopes: ["openid", "profile", "email"]
redirect_uris: ["https://photos.${SECRET_CLUSTER_DOMAIN}/auth/login", "app.immich:/"] redirect_uris: ["https://photos.${SECRET_CLUSTER_DOMAIN}/auth/login", "app.immich:/"]
userinfo_signing_algorithm: none userinfo_signing_algorithm: none
- id: headlamp
description: Immich
secret: "${SECRET_HEADLAMP_OAUTH_CLIENT_SECRET}"
public: false
authorization_policy: two_factor
pre_configured_consent_duration: 1y
scopes: ["openid", "profile", "email"]
redirect_uris: ["https://headlamp.${SECRET_CLUSTER_DOMAIN}/oidc-callback"]
userinfo_signing_algorithm: none

3
kubernetes/apps/default/lldap/app/helmrelease.yaml
View File

@@ -41,8 +41,7 @@ spec:
reloader.stakater.com/auto: "true" reloader.stakater.com/auto: "true"
image: image:
repository: ghcr.io/lldap/lldap repository: ghcr.io/lldap/lldap
# TODO: Switch to release tag on next release tag: v0.5.0
tag: latest-alpine@sha256:261dd6d4e7bc3d7441e939ad57296b45c8c4b5125c0150ba0601352396b7a603
env: env:
TZ: ${TIMEZONE} TZ: ${TIMEZONE}
LLDAP_HTTP_PORT: &port 8080 LLDAP_HTTP_PORT: &port 8080

4
kubernetes/apps/default/paperless/app/externalsecret.yaml
View File

@@ -16,8 +16,8 @@ spec:
engineVersion: v2 engineVersion: v2
data: data:
# App # App
PAPERLESS_ADMIN_USER: "{{ .PAPERLESS_ADMIN_USER }}" PAPERLESS_ADMIN_USER: "{{ .username }}"
PAPERLESS_ADMIN_PASSWORD: "{{ .PAPERLESS_ADMIN_PASSWORD }}" PAPERLESS_ADMIN_PASSWORD: "{{ .password }}"
PAPERLESS_SECRET_KEY: "{{ .PAPERLESS_SECRET_KEY }}" PAPERLESS_SECRET_KEY: "{{ .PAPERLESS_SECRET_KEY }}"
PAPERLESS_DBUSER: &dbUser "{{ .POSTGRES_USER }}" PAPERLESS_DBUSER: &dbUser "{{ .POSTGRES_USER }}"
PAPERLESS_DBPASS: &dbPass "{{ .POSTGRES_PASS }}" PAPERLESS_DBPASS: &dbPass "{{ .POSTGRES_PASS }}"

14
kubernetes/apps/monitoring/grafana/app/helmrelease.yaml
View File

@@ -36,16 +36,20 @@ spec:
GF_DATE_FORMATS_FULL_DATE: "DD.MM.YYYY hh:mm:ss" GF_DATE_FORMATS_FULL_DATE: "DD.MM.YYYY hh:mm:ss"
GF_SECURITY_ALLOW_EMBEDDING: true GF_SECURITY_ALLOW_EMBEDDING: true
GF_SECURITY_COOKIE_SAMESITE: grafana GF_SECURITY_COOKIE_SAMESITE: grafana
admin:
existingSecret: grafana-admin-creds
grafana.ini: grafana.ini:
analytics:
check_for_updates: false
check_for_plugin_updates: false
reporting_enabled: false
auth: auth:
signout_redirect_url: "https://auth.${SECRET_CLUSTER_DOMAIN}/logout" signout_redirect_url: "https://auth.${SECRET_CLUSTER_DOMAIN}/logout"
oauth_auto_login: false oauth_auto_login: true
oauth_allow_insecure_email_lookup: true
auth.generic_oauth: auth.generic_oauth:
enabled: true enabled: true
name: Authelia name: Authelia
client_id: grafana client_id: grafana
icon: signin
client_secret: "${SECRET_GRAFANA_OAUTH_CLIENT_SECRET}" client_secret: "${SECRET_GRAFANA_OAUTH_CLIENT_SECRET}"
scopes: "openid profile email groups" scopes: "openid profile email groups"
empty_scopes: false empty_scopes: false
@@ -61,7 +65,7 @@ spec:
contains(groups[*], 'admins') && 'Admin' || contains(groups[*], 'people') && 'Viewer' contains(groups[*], 'admins') && 'Admin' || contains(groups[*], 'people') && 'Viewer'
org_id: 1 org_id: 1
auth.basic: auth.basic:
disable_login_form: false enabled: false
auth.anonymous: auth.anonymous:
enabled: true enabled: true
org_name: HomeOps org_name: HomeOps
@@ -74,8 +78,6 @@ spec:
logs: /var/log/grafana logs: /var/log/grafana
plugins: /var/lib/grafana/plugins plugins: /var/lib/grafana/plugins
provisioning: /etc/grafana/provisioning provisioning: /etc/grafana/provisioning
analytics:
check_for_updates: false
log: log:
mode: console mode: console
grafana_net: grafana_net:

1
kubernetes/apps/monitoring/grafana/app/kustomization.yaml
View File

@@ -4,5 +4,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: monitoring namespace: monitoring
resources: resources:
- ./secrets.sops.yaml
- ./helmrelease.yaml - ./helmrelease.yaml

29
kubernetes/apps/monitoring/grafana/app/secrets.sops.yaml
View File

@@ -1,29 +0,0 @@
# yamllint disable
apiVersion: v1
kind: Secret
metadata:
name: grafana-admin-creds
namespace: monitoring
stringData:
admin-user: ENC[AES256_GCM,data:NrH2m8c=,iv:uO1V1XHpx5q72uiZ7ZZ07oagTou64bY2cmA+O+sjbQs=,tag:0kMdvkMr3W83rmwOwmv//w==,type:str]
admin-password: ENC[AES256_GCM,data:/UlQnEL9N3pr/XIYKIY=,iv:AtUad/V1y3UG9TGUZnaT7G7lykhzm3Yx7gzaLE/0tlA=,tag:qQ9nok5b1uH+az0gmTKHEw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHQmtZeUVvaWtSNzZBWHBx
VWxYMjY0MlFSVEN0cjhvQUFxVWNHbFB2cndzCkZURTNGQXBXSm8yT0hvWVR0aDVC
NmVhRDNaUFh4eWYyUTFqRTZIQ2o5QkUKLS0tIHhuM3lFREZyYnhlZ3JKQUJwVEdX
Z3d6U0dVUWhPTDBZcXY4cFNsRGM3cFUKdIPaiHrS/B4zNHpNaxi9zYrOv+HrZ/oP
NVkIbemYIYGKhcqSjRy53EQhIimu0q4oCxal6KkXahVB0edysD9JBQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-07-08T08:38:39Z"
mac: ENC[AES256_GCM,data:y/XhXzy4Q3CQOpJFbMtMlDAOfoE3AoewrqL2LD7k3uaGtN5qcZRvZrshtlFc6aLu0Xz0Tquhk2knaRVx4iHBPosHchBQkBnOKydpI7vnqJTpTk9l6rbB08Xy4hwTZToiIonvYclceXeVbt/HKtdasq1LGJVBogNeGEQrn50kVUY=,iv:jDdz7nEw8h3J6Py9MWAnj5mTXY5jxhYvxHB53riiP/M=,tag:znmJxs869qluZNSnk8QmGg==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.7.3