shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

new talos cluster

Browse Source
This commit is contained in:
auricom
2022-11-19 04:47:32 +01:00
parent 42346bd99b
commit 4ac38f95e9
548 changed files with 1642 additions and 2331 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
kubernetes/base/config/cluster-secrets.sops.yaml Normal file
View File

@@ -0,0 +1,57 @@
# yamllint disable
apiVersion: v1
kind: Secret
metadata:
name: cluster-secrets
namespace: flux-system
stringData:
SECRET_CLUSTER_CERTIFICATE_DEFAULT: ENC[AES256_GCM,data:7BbZIX1f2j2a15gq1/gwqKcSTA==,iv:WOhJ5HlcnsPEeI/ALT5O+AnKtorJYueQqPJQStpvIMo=,tag:GPOpCrQ9F1ku7tqAtxHJdw==,type:str]
SECRET_CLUSTER_DOMAIN_EMAIL: ENC[AES256_GCM,data:j1yBajAlXKQeDuvbV2IyJp8IT3wA,iv:pxPgYZEZ6pvcr6trM1gkL5MZORewARaiVfwRTyWxny0=,tag:y31EGp46NgF/Pf3hQ2Iavw==,type:str]
SECRET_DOMAIN: ENC[AES256_GCM,data:UtdBDs6+azVHO7Y=,iv:ZnWrBW+vW6HiMs1PbgY2LjcwUwuUh1HxYjqvOXvCrDk=,tag:r6uDIJhVoTIcizIfRW+lHw==,type:str]
SECRET_CLUSTER_DOMAIN: ENC[AES256_GCM,data:lTfn9GCJHlgeO/BGXbvT,iv:LBsxVLf+WpS7Ac233XjVoWCjHqZpnhhhiJn2Q0YEHt8=,tag:d//kWxt2bJkqCF1EkEzYqA==,type:str]
SECRET_CLUSTER_OVH_APPLICATION_KEY: ENC[AES256_GCM,data:W8BOyYQbQJpQco0XQ8wgtA==,iv:z/nc9+DkIkvKw6Daf/UpuMsIc/H7AnwQF5ZjQarf03U=,tag:j+Qm6oK6jei7EFDBTT5ddQ==,type:str]
SECRET_CLUSTER_OVH_APPLICATION_SECRET: ENC[AES256_GCM,data:+R6Vy1qlYZuvFsGTnK3m94PuzdsYNPe1JVpGqhq9Dy0=,iv:bNKMp6VNMyuiJokr5xm9To2OuBYzoiJSRXUm4S00MdI=,tag:8YJoz5MICyC9bES/IP6ROw==,type:str]
SECRET_CLUSTER_OVH_CONSUMER_KEY: ENC[AES256_GCM,data:HwEaNSLEoON99KzgVLuDWxj8DPz1gz8tc3q/1hWJOvM=,iv:uTHCAT81Js9yQ/7iK90+elZzA0j6ia7AOWEufE1i/4k=,tag:D4tI50RyJz8o3n9hrrYz4Q==,type:str]
SECRET_EMAIL_DOMAIN: ENC[AES256_GCM,data:tggMEXyLi03dAorm,iv:tXHmWmm9wUIOyGXbHUagS0gl4cEW588XSvBIoNsADFw=,tag:69X+WZoj6CiI6mUJT01DzQ==,type:str]
SECRET_EMAIL_SMTP_USERNAME: ENC[AES256_GCM,data:U8UiC6SdBbX9JbpRglyXfofDzYf+LNY=,iv:BLqn6nWm+il2yxWBJgpjlLKp5/eVh8L9qSEfM9LzUEo=,tag:1+afhSVYeHTvzzBiTxP7Ew==,type:str]
SECRET_GITEA_API_TOKEN: ENC[AES256_GCM,data:A5zJGhQdlWUAagcPIvCIzvpeyzVaV5uDGegjvW4zl6X9kYDxG7JDUA==,iv:kogD/wl3KTlVE4by96vyEwTCMEmzbmEKmcAVK+8OjnI=,tag:PLbEaJQI7fWKz0tQSO35iA==,type:str]
SECRET_GITEA_OAUTH_CLIENT_SECRET: ENC[AES256_GCM,data:VWetZHP8haXPy1r20RMJvECxEWw=,iv:B3+rjPXWSbyCdi4KAy/FeMbtNUv40UIWN462OWfv9Ww=,tag:5wK7nUGu7HmdC90d2jllwQ==,type:str]
SECRET_GRAFANA_OAUTH_CLIENT_SECRET: ENC[AES256_GCM,data:3igfeqGHygjnmJXnoiKV7W8Tm2M=,iv:Hrjh38GuRvzS4Hi69QftBhaAJ02is5B0E5h23XICpUc=,tag:O4JFVSaoTQDhf3QZPLbn1Q==,type:str]
SECRET_HEALTHCHECKS_PING_KEY: ENC[AES256_GCM,data:ik/lEfCHBKcgnc+zRDrkhw3ykbITSw==,iv:XYqxF9yuRbR+WECjC+0xaT8V4qKYpdsWoNCzfzr33cc=,tag:AZBATumRJMbsLBw2XttV/w==,type:str]
SECRET_INVIDIOUS_DB_USER: ENC[AES256_GCM,data:snjA33syqy4X,iv:OF8LJSTdcIGgwAJPmS0HdCz0adsTuTwZ5zfuvJrA7fs=,tag:E4EnsKWITN4l6qnuxZ3A5g==,type:str]
SECRET_INVIDIOUS_DB_PASSWORD: ENC[AES256_GCM,data:jmHWk/hXAb9E97CEa4w=,iv:RYnGwoCy+RyVDdKVOXWFWPB/dqF2vPlx7ofRApEAsMg=,tag:nEydKLEw6mHJetEVa+NFzQ==,type:str]
SECRET_K10_HTPASSWD: ENC[AES256_GCM,data:u89AKCM/FSXn6Czo6KnG1rqkxclczczcE+wz7GMWU2HIoC9qUzqHvFKe7w==,iv:ZjE1p2P65TbSeVk0oXiWd4nH+7zNWonTjWYNmb3NFg0=,tag:UJn01B6MdJDHv1fN8mV21g==,type:str]
SECRET_KUBE_PROMETHEUS_STACK_ALERTMANAGER_PUSHOVER_USER_KEY: ENC[AES256_GCM,data:X1J9WLT26soYzlDb8+YtPotGw8p0lJKMuNkn69WX,iv:mW2cJOq5gfzSE+U24IuvPVL+dL2nZcTFpPAkG77Ohus=,tag:kxokidtuE5RAGJlj4Q4P2A==,type:str]
SECRET_KUBE_PROMETHEUS_STACK_ALERTMANAGER_PUSHOVER_TOKEN: ENC[AES256_GCM,data:Bwvuy/jHIRduy/r1A8dOs0OE8ewdjCgs8g/br1oW,iv:PdnPH9I509MT6UJkUG1zLAGn9aV4AVrROgAVCD4a3Y0=,tag:59kBGx9qx3jeauokyoolQQ==,type:str]
SECRET_KUBE_PROMETHEUS_STACK_GRAFANA_ADMIN_PASSWORD: ENC[AES256_GCM,data:L7LS6+tuwPCyb5HN4zg=,iv:JM2KTtDN/VrKicjp5qwqusWiJKHRZnfTtsZE2hkLq6Q=,tag:XGF3L5P6JxVBrlGuKosdZA==,type:str]
SECRET_MQTT_USER: ENC[AES256_GCM,data:Ggn82GysDHM2b/uNhQ==,iv:f5NXCE5/nfTqq1zdtBNH6Lu8ndf5YZKHgEWc9O0fB0I=,tag:z1OUzEeVgm+a9QRBxo9BEg==,type:str]
SECRET_MQTT_PASSWORD: ENC[AES256_GCM,data:WBqLezPi1sbzyzfubG71KfR+tg==,iv:gKDgjpPwZ+fEWs+zn3aHiiKglsEl/kue/vx2FaSAtsA=,tag:jXECLxyekqmejJfi11DKsQ==,type:str]
SECRET_NITTER_HMAC: ENC[AES256_GCM,data:pOA1LqHV9rcY3xAv5JMuSCMz1rk=,iv:3LkFNu/M3r1K/xBE/f7Kbf526eA4cgyGr4Wu/c+gxD0=,tag:ibJ8U+Pa66B2UmWwP/ZhNQ==,type:str]
SECRET_OUTLINE_OAUTH_CLIENT_SECRET: ENC[AES256_GCM,data:BB/eZQ/oLQ09AxGwKRddbiyiRMA=,iv:dhiyOUP3GyvHXUdPYqQKPQCMmqornj6WVWtfreq9T6A=,tag:WijFyu8XGk3dklYJR4/81A==,type:str]
SECRET_RADARR_API_KEY: ENC[AES256_GCM,data:Mom5SOMHf7xUvvUkjLIRqMzOSSQshzWdKlSGIzZtIGM=,iv:4vrZFrsTCUW2e0bo2sA2iT+ZVKUDEuyferNJ5Q5klFY=,tag:xha/NKx2XN3Mpa0XPSMPvA==,type:str]
SECRET_SONARR_API_KEY: ENC[AES256_GCM,data:JO5N+MeVeQmAlfv/dLJru5oHyVjpy9iUrfrTe4PLVXA=,iv:NjGstpjwFapd2LJNPy6nhXsp9UuCYTBuHRovmHdCSNc=,tag:BARsx6FBISHhxueBSDJSNw==,type:str]
SECRET_SHARRY_DB_USERNAME: ENC[AES256_GCM,data:wWnV6hHz,iv:+uV0X2tovaisFuO5KcF9PpKPyYeS4WtrrPt4Ll+CnsU=,tag:zNWR9AqheMGho0yV923vvw==,type:str]
SECRET_SHARRY_DB_PASSWORD: ENC[AES256_GCM,data:Y0gk4bRcEws2b0SF4AY=,iv:3cQbD/uvWNGjEmz3z8uEbXWwJffIrTj3nSDsGBS0MEU=,tag:RsIBq9zI8+2temGj5r/Lqg==,type:str]
SECRET_SHARRY_MINIO_S3_ACCESS_KEY: ENC[AES256_GCM,data:2qLE/cs=,iv:Ctrw213BgCC2jyEvFp38aOejzY/ZYiwAj9fsPzXgaY0=,tag:LBlIUm1LTAjUIKu4JeLw9A==,type:str]
SECRET_SHARRY_MINIO_S3_SECRET_KEY: ENC[AES256_GCM,data:ewm/Pfjb0t3KY46o2+DsnOGUzrk=,iv:rf6K/qx24iMeHG/a/mCQgD132LsFt+wme4Udx50v6NA=,tag:OskpvWusk2B1P/OACWN2eA==,type:str]
type: Opaque
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGVkZXb3RYbEZ5eTVSbmFE
R1QxMmw0ZzkvT0NIa01URTAvQ0xWa2tZKzNvCnl0UDQ1MGV6dEtuVEd2S0NhcThS
MGZ1VWNXMmxHSi90eFBGbXE2V0hwamcKLS0tIEp3a2ZTeTNyaXBhSW5nSU0yN1hu
WG82VkdBMlNnRzBySFQzMk41cEtXSlEKBqOmq9UpO61C85+pj0ibdT31y4pmFsbm
pTi4N0vv81kcf4ilqBU5h1gudNCb42Q2iL0eGNR4e3JzH4iaNsvnEg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-11-19T03:54:00Z"
mac: ENC[AES256_GCM,data:OTGwsnmD9ZMe3WJ+g2OOtd9wV2U8VC/HAew9uQ3WGv/I8lChcYl+2Q8JOH3GNQXghnME5OVuXCXK2Ax75p1DO1eXcR3NfTT2/uEeu3Ttdc0PRKynxEkmVQSZE8LrBzBHl+uiNhjOqHeMnw7JTAyRBwBoXJqpbWVAvkpsZ1PQbDY=,iv:nOoyPOesi+/NEywQF25smTgisS+b9vFnfPL71P785hU=,tag:zbhrHCwFs3F77oXcyYXA9A==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.7.3

26
kubernetes/base/config/cluster-settings.yaml Normal file
View File

@@ -0,0 +1,26 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
namespace: flux-system
name: cluster-settings
data:
CILIUM_BGP_SVC_RANGE: 192.168.169.0/24
CILIUM_POD_CIDR: 10.69.0.0/16
CLUSTER_LB_K8SGATEWAY: 192.168.169.100
CLUSTER_LB_NGINX: 192.168.169.101
CLUSTER_LB_SMTP_RELAY: 192.168.169.102
CLUSTER_LB_UNIFI: 192.168.169.103
CLUSTER_LB_GITEA: 192.168.169.104
CLUSTER_LB_QBITTORRENT: 192.168.169.105
CLUSTER_LB_RESILIOSYNC_CLAUDE: 192.168.169.106
CLUSTER_LB_HASS: 192.168.169.107
CLUSTER_LB_VECTOR: 192.168.169.108
CLUSTER_LB_EMQX: 192.168.169.109
CLUSTER_LB_JELLYFIN: 192.168.169.110
CLUSTER_LB_RESILIOSYNC_HELENE: 192.168.169.111
LOCAL_LAN: 192.168.8.0/22
LOCAL_LAN_OPNSENSE: 192.168.8.1
LOCAL_LAN_TRUENAS: 192.168.9.10
LOCAL_LAN_TRUENAS_REMOTE: 10.10.0.2
TIMEZONE: "Europe/Paris"

5
kubernetes/base/config/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cluster-secrets.sops.yaml
- cluster-settings.yaml

5
kubernetes/base/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- config
- repositories

10
kubernetes/base/repositories/helm/bitnami.yaml Normal file
View File

@@ -0,0 +1,10 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: bitnami
namespace: flux-system
spec:
interval: 1h
url: https://charts.bitnami.com/bitnami
timeout: 3m

9
kubernetes/base/repositories/helm/bjw-s.yaml Normal file
View File

@@ -0,0 +1,9 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: bjw-s
namespace: flux-system
spec:
interval: 1h
url: https://bjw-s.github.io/helm-charts/

16
kubernetes/base/repositories/helm/cert-manager-webhook-ovh.yaml Normal file
View File

@@ -0,0 +1,16 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: GitRepository
metadata:
name: cert-manager-webhook-ovh
namespace: flux-system
spec:
interval: 12h
url: https://github.com/baarde/cert-manager-webhook-ovh
ref:
branch: master
ignore: |
# exclude all
/*
# include charts directory
!/deploy/

9
kubernetes/base/repositories/helm/cilium.yaml Normal file
View File

@@ -0,0 +1,9 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: cilium
namespace: flux-system
spec:
interval: 1h
url: https://helm.cilium.io

9
kubernetes/base/repositories/helm/cloudnative-pg.yaml Normal file
View File

@@ -0,0 +1,9 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: cloudnative-pg
namespace: flux-system
spec:
interval: 1h
url: https://cloudnative-pg.github.io/charts

9
kubernetes/base/repositories/helm/descheduler.yaml Normal file
View File

@@ -0,0 +1,9 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: descheduler
namespace: flux-system
spec:
interval: 1h
url: https://kubernetes-sigs.github.io/descheduler

8
kubernetes/base/repositories/helm/drone.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: drone
namespace: flux-system
spec:
interval: 1h
url: https://charts.drone.io

9
kubernetes/base/repositories/helm/dysnix.yaml Normal file
View File

@@ -0,0 +1,9 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: dysnix
namespace: flux-system
spec:
interval: 1h
url: https://dysnix.github.io/charts

10
kubernetes/base/repositories/helm/emxq.yaml Normal file
View File

@@ -0,0 +1,10 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: emqx
namespace: flux-system
spec:
interval: 1h
url: https://repos.emqx.io/charts
timeout: 3m

9
kubernetes/base/repositories/helm/external-dns.yaml Normal file
View File

@@ -0,0 +1,9 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: external-dns
namespace: flux-system
spec:
interval: 1h
url: https://kubernetes-sigs.github.io/external-dns

10
kubernetes/base/repositories/helm/gitea.yaml Normal file
View File

@@ -0,0 +1,10 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: gitea
namespace: flux-system
spec:
interval: 1h
url: https://dl.gitea.io/charts
timeout: 3m

10
kubernetes/base/repositories/helm/grafana.yaml Normal file
View File

@@ -0,0 +1,10 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: grafana
namespace: flux-system
spec:
interval: 1h
url: https://grafana.github.io/helm-charts
timeout: 3m

10
kubernetes/base/repositories/helm/ingress-nginx.yaml Normal file
View File

@@ -0,0 +1,10 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: ingress-nginx
namespace: flux-system
spec:
interval: 1h
url: https://kubernetes.github.io/ingress-nginx
timeout: 3m

10
kubernetes/base/repositories/helm/jetstack.yaml Normal file
View File

@@ -0,0 +1,10 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: jetstack
namespace: flux-system
spec:
interval: 1h
url: https://charts.jetstack.io/
timeout: 3m

10
kubernetes/base/repositories/helm/k8s-gateway.yaml Normal file
View File

@@ -0,0 +1,10 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: k8s-gateway
namespace: flux-system
spec:
interval: 1h
url: https://ori-edge.github.io/k8s_gateway/
timeout: 3m

27
kubernetes/base/repositories/helm/kustomization.yaml Normal file
View File

@@ -0,0 +1,27 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- bitnami.yaml
- bjw-s.yaml
- cert-manager-webhook-ovh.yaml
- cilium.yaml
- cloudnative-pg.yaml
- descheduler.yaml
- drone.yaml
- dysnix.yaml
- emxq.yaml
- external-dns.yaml
- gitea.yaml
- grafana.yaml
- ingress-nginx.yaml
- jetstack.yaml
- k8s-gateway.yaml
- kyverno.yaml
- metrics-server.yaml
- node-feature-discovery.yaml
- prometheus-community.yaml
- rook-ceph.yaml
- stakater.yaml
- vector.yaml
- weave-gitops.yaml

9
kubernetes/base/repositories/helm/kyverno.yaml Normal file
View File

@@ -0,0 +1,9 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: kyverno
namespace: flux-system
spec:
interval: 1h
url: https://kyverno.github.io/kyverno/

9
kubernetes/base/repositories/helm/metrics-server.yaml Normal file
View File

@@ -0,0 +1,9 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: metrics-server
namespace: flux-system
spec:
interval: 1h
url: https://kubernetes-sigs.github.io/metrics-server

10
kubernetes/base/repositories/helm/node-feature-discovery.yaml Normal file
View File

@@ -0,0 +1,10 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: node-feature-discovery
namespace: flux-system
spec:
interval: 1h
url: https://kubernetes-sigs.github.io/node-feature-discovery/charts
timeout: 3m

10
kubernetes/base/repositories/helm/prometheus-community.yaml Normal file
View File

@@ -0,0 +1,10 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: prometheus-community
namespace: flux-system
spec:
interval: 1h
url: https://prometheus-community.github.io/helm-charts
timeout: 3m

10
kubernetes/base/repositories/helm/rook-ceph.yaml Normal file
View File

@@ -0,0 +1,10 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: rook-ceph
namespace: flux-system
spec:
interval: 1h
url: https://charts.rook.io/release
timeout: 3m

10
kubernetes/base/repositories/helm/stakater.yaml Normal file
View File

@@ -0,0 +1,10 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: stakater
namespace: flux-system
spec:
interval: 1h
url: https://stakater.github.io/stakater-charts
timeout: 3m

9
kubernetes/base/repositories/helm/vector.yaml Normal file
View File

@@ -0,0 +1,9 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: vector
namespace: flux-system
spec:
interval: 1h
url: https://helm.vector.dev

10
kubernetes/base/repositories/helm/weave-gitops.yaml Normal file
View File

@@ -0,0 +1,10 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: weave-gitops
namespace: flux-system
spec:
interval: 30m
url: https://helm.gitops.weave.works
timeout: 3m

4
kubernetes/base/repositories/kustomization.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm