shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

new talos cluster

Browse Source
This commit is contained in:
auricom
2022-11-19 04:47:32 +01:00
parent 42346bd99b
commit 4ac38f95e9
548 changed files with 1642 additions and 2331 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
kubernetes/cluster-0/apps/storage/kopia-kube/config/repository.config Normal file
View File

@@ -0,0 +1,20 @@
{
"storage": {
"type": "filesystem",
"config": {
"path": "/snapshots",
"dirShards": null
}
},
"caching": {
"cacheDirectory": "cache",
"maxCacheSize": 5242880000,
"maxMetadataCacheSize": 5242880000,
"maxListCacheDuration": 30
},
"hostname": "cluster",
"username": "root",
"description": "Cluster",
"enableActions": false,
"formatBlobCacheDuration": 900000000000
}

109
kubernetes/cluster-0/apps/storage/kopia-kube/helm-release.yaml Normal file
View File

@@ -0,0 +1,109 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: &app kopia
namespace: default
spec:
interval: 15m
chart:
spec:
chart: app-template
version: 1.0.1
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
createNamespace: true
remediation:
retries: 5
upgrade:
remediation:
retries: 5
values:
initContainers:
wait-for-repo:
image: ghcr.io/onedr0p/kopia:0.12.1@sha256:88106e6bb642ee4cb58b61a335ff55992ee2c03493f1aec804422774cf7cf063
command:
- /bin/bash
- -c
- |-
until [ -f /snapshots/kopia.repository.f ]; do
printf "\e[1;32m%-6s\e[m\n" "Waiting for the Kopia repo to become ready ..."
sleep 1
done
volumeMounts:
- name: snapshots
mountPath: /snapshots
image:
repository: ghcr.io/onedr0p/kopia
tag: 0.12.1@sha256:88106e6bb642ee4cb58b61a335ff55992ee2c03493f1aec804422774cf7cf063
env:
TZ: "${TIMEZONE}"
KOPIA_PASSWORD: "none"
command: kopia
args:
- server
- --insecure
- --address
- 0.0.0.0:80
- --metrics-listen-addr
- 0.0.0.0:8080
- --without-password
- --log-level
- debug
service:
main:
ports:
http:
port: 80
metrics:
enabled: true
port: 8080
serviceMonitor:
main:
enabled: true
endpoints:
- port: metrics
scheme: http
path: /metrics
interval: 1m
scrapeTimeout: 10s
ingress:
main:
enabled: true
ingressClassName: "nginx"
hosts:
- host: &host "kopia.${SECRET_CLUSTER_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
podSecurityContext:
supplementalGroups:
- 100
persistence:
config:
enabled: true
type: configMap
name: *app
subPath: repository.config
mountPath: /config/repository.config
readOnly: true
snapshots:
enabled: true
type: nfs
server: "${LOCAL_LAN_TRUENAS}"
path: /mnt/storage/backups/kubernetes
mountPath: /snapshots
podAnnotations:
configmap.reloader.stakater.com/reload: *app
resources:
requests:
cpu: 10m
memory: 100Mi
limits:
memory: 500Mi

12
kubernetes/cluster-0/apps/storage/kopia-kube/kustomization.yaml Normal file
View File

@@ -0,0 +1,12 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml
namespace: default
configMapGenerator:
- name: kopia
files:
- ./config/repository.config
generatorOptions:
disableNameSuffixHash: true

20
kubernetes/cluster-0/apps/storage/kopia/kopia-kube/config/repository.config Normal file
View File

@@ -0,0 +1,20 @@
{
"storage": {
"type": "filesystem",
"config": {
"path": "/snapshots",
"dirShards": null
}
},
"caching": {
"cacheDirectory": "cache",
"maxCacheSize": 5242880000,
"maxMetadataCacheSize": 5242880000,
"maxListCacheDuration": 30
},
"hostname": "cluster",
"username": "root",
"description": "Cluster",
"enableActions": false,
"formatBlobCacheDuration": 900000000000
}

109
kubernetes/cluster-0/apps/storage/kopia/kopia-kube/helm-release.yaml Normal file
View File

@@ -0,0 +1,109 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: &app kopia-kube
namespace: default
spec:
interval: 15m
chart:
spec:
chart: app-template
version: 1.0.1
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
createNamespace: true
remediation:
retries: 5
upgrade:
remediation:
retries: 5
values:
initContainers:
wait-for-repo:
image: ghcr.io/onedr0p/kopia:0.12.1@sha256:88106e6bb642ee4cb58b61a335ff55992ee2c03493f1aec804422774cf7cf063
command:
- /bin/bash
- -c
- |-
until [ -f /snapshots/kopia.repository.f ]; do
printf "\e[1;32m%-6s\e[m\n" "Waiting for the Kopia repo to become ready ..."
sleep 1
done
volumeMounts:
- name: snapshots
mountPath: /snapshots
image:
repository: ghcr.io/onedr0p/kopia
tag: 0.12.1@sha256:88106e6bb642ee4cb58b61a335ff55992ee2c03493f1aec804422774cf7cf063
env:
TZ: "${TIMEZONE}"
KOPIA_PASSWORD: "none"
command: kopia
args:
- server
- --insecure
- --address
- 0.0.0.0:80
- --metrics-listen-addr
- 0.0.0.0:8080
- --without-password
- --log-level
- debug
service:
main:
ports:
http:
port: 80
metrics:
enabled: true
port: 8080
serviceMonitor:
main:
enabled: true
endpoints:
- port: metrics
scheme: http
path: /metrics
interval: 1m
scrapeTimeout: 10s
ingress:
main:
enabled: true
ingressClassName: "nginx"
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
podSecurityContext:
supplementalGroups:
- 100
persistence:
config:
enabled: true
type: configMap
name: *app
subPath: repository.config
mountPath: /config/repository.config
readOnly: true
snapshots:
enabled: true
type: nfs
server: "${LOCAL_LAN_TRUENAS}"
path: /mnt/storage/backups/kubernetes
mountPath: /snapshots
podAnnotations:
configmap.reloader.stakater.com/reload: *app
resources:
requests:
cpu: 10m
memory: 100Mi
limits:
memory: 500Mi

12
kubernetes/cluster-0/apps/storage/kopia/kopia-kube/kustomization.yaml Normal file
View File

@@ -0,0 +1,12 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml
namespace: default
configMapGenerator:
- name: kopia-kube
files:
- ./config/repository.config
generatorOptions:
disableNameSuffixHash: true

20
kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/config/repository.config Normal file
View File

@@ -0,0 +1,20 @@
{
"storage": {
"type": "filesystem",
"config": {
"path": "/snapshots",
"dirShards": null
}
},
"caching": {
"cacheDirectory": "cache",
"maxCacheSize": 5242880000,
"maxMetadataCacheSize": 5242880000,
"maxListCacheDuration": 30
},
"hostname": "cluster",
"username": "root",
"description": "Cluster",
"enableActions": false,
"formatBlobCacheDuration": 900000000000
}

109
kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/helm-release.yaml Normal file
View File

@@ -0,0 +1,109 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: &app kopia-workstations
namespace: default
spec:
interval: 15m
chart:
spec:
chart: app-template
version: 1.0.1
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
createNamespace: true
remediation:
retries: 5
upgrade:
remediation:
retries: 5
values:
initContainers:
wait-for-repo:
image: ghcr.io/onedr0p/kopia:0.12.1@sha256:88106e6bb642ee4cb58b61a335ff55992ee2c03493f1aec804422774cf7cf063
command:
- /bin/bash
- -c
- |-
until [ -f /snapshots/kopia.repository.f ]; do
printf "\e[1;32m%-6s\e[m\n" "Waiting for the Kopia repo to become ready ..."
sleep 1
done
volumeMounts:
- name: snapshots
mountPath: /snapshots
image:
repository: ghcr.io/onedr0p/kopia
tag: 0.12.1@sha256:88106e6bb642ee4cb58b61a335ff55992ee2c03493f1aec804422774cf7cf063
env:
TZ: "${TIMEZONE}"
KOPIA_PASSWORD: "none"
command: kopia
args:
- server
- --insecure
- --address
- 0.0.0.0:80
- --metrics-listen-addr
- 0.0.0.0:8080
- --without-password
- --log-level
- debug
service:
main:
ports:
http:
port: 80
metrics:
enabled: true
port: 8080
serviceMonitor:
main:
enabled: true
endpoints:
- port: metrics
scheme: http
path: /metrics
interval: 1m
scrapeTimeout: 10s
ingress:
main:
enabled: true
ingressClassName: "nginx"
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
podSecurityContext:
supplementalGroups:
- 100
persistence:
config:
enabled: true
type: configMap
name: *app
subPath: repository.config
mountPath: /config/repository.config
readOnly: true
snapshots:
enabled: true
type: nfs
server: "${LOCAL_LAN_TRUENAS}"
path: /mnt/storage/backups/kopia-workstations
mountPath: /snapshots
podAnnotations:
configmap.reloader.stakater.com/reload: *app
resources:
requests:
cpu: 10m
memory: 100Mi
limits:
memory: 500Mi

12
kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/kustomization.yaml Normal file
View File

@@ -0,0 +1,12 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml
namespace: default
configMapGenerator:
- name: kopia-workstations
files:
- ./config/repository.config
generatorOptions:
disableNameSuffixHash: true

6
kubernetes/cluster-0/apps/storage/kopia/kustomization.yaml Normal file
View File

@@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- kopia-kube
- kopia-workstations

8
kubernetes/cluster-0/apps/storage/kustomization.yaml Normal file
View File

@@ -0,0 +1,8 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- kopia
- resilio-sync
- smartctl-exporter
- truecommand

15
kubernetes/cluster-0/apps/storage/resilio-sync/claude/config/sync.conf Normal file
View File

@@ -0,0 +1,15 @@
{
"listening_port" : 55555,
"storage_path" : "/config",
"vendor" : "docker",
"display_new_version": false,
"directory_root_policy" : "belowroot",
"directory_root" : "/sync/",
"webui" :
{
"listen" : "0.0.0.0:8888",
"allow_empty_password" : false,
"dir_whitelist" : [ "/sync" ]
}
}

104
kubernetes/cluster-0/apps/storage/resilio-sync/claude/helm-release.yaml Normal file
View File

@@ -0,0 +1,104 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: &app resilio-claude
namespace: default
spec:
interval: 15m
chart:
spec:
chart: app-template
version: 1.0.1
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
createNamespace: true
remediation:
retries: 5
upgrade:
remediation:
retries: 5
values:
image:
repository: ghcr.io/auricom/resilio-sync
tag: 2.7.3.1381-1@sha256:ec9c45bc0d04f9622d00009b4c8f431ddbf83e53d1942e00282f7059f7dc5ae7
env:
- name: TZ
value: "${TIMEZONE}"
service:
main:
ports:
http:
port: 8888
com:
port: 55555
ingress:
main:
enabled: true
ingressClassName: "nginx"
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
persistence:
config:
enabled: true
existingClaim: resilio-claude-config
sync-conf:
enabled: true
type: configMap
configMap:
name: resilio-claude-sync-conf
mountPath: /config/sync.conf
subPath: sync.conf
backups:
enabled: true
type: nfs
server: "${LOCAL_LAN_TRUENAS}"
path: /mnt/storage/backups
mountPath: /sync/backup
home-claude:
enabled: true
type: nfs
server: "${LOCAL_LAN_TRUENAS}"
path: /mnt/storage/home/claude
mountPath: /sync/home/claude
music-transcoded:
enabled: true
type: nfs
server: "${LOCAL_LAN_TRUENAS}"
path: /mnt/storage/music_transcoded
mountPath: /sync/music_transcoded
photo:
enabled: true
type: nfs
server: "${LOCAL_LAN_TRUENAS}"
path: /mnt/storage/photo
mountPath: /sync/photo
shared-documents:
enabled: true
type: nfs
server: "${LOCAL_LAN_TRUENAS}"
path: /mnt/storage/shared-documents
mountPath: /sync/shared-documents
video:
enabled: true
type: nfs
server: "${LOCAL_LAN_TRUENAS}"
path: /mnt/storage/video
mountPath: /sync/video
podSecurityContext:
runAsUser: 0
resources:
requests:
cpu: 250m
memory: 512Mi
limits:
memory: 2Gi

13
kubernetes/cluster-0/apps/storage/resilio-sync/claude/kustomization.yaml Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml
- volume.yaml
configMapGenerator:
- name: resilio-claude-sync-conf
namespace: default
files:
- config/sync.conf
generatorOptions:
disableNameSuffixHash: true

17
kubernetes/cluster-0/apps/storage/resilio-sync/claude/volume.yaml Normal file
View File

@@ -0,0 +1,17 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: resilio-claude-config
namespace: default
labels:
app.kubernetes.io/name: &name resilio-claude
app.kubernetes.io/instance: *name
snapshot.home.arpa/enabled: "true"
spec:
accessModes:
- ReadWriteOnce
storageClassName: rook-ceph-block
resources:
requests:
storage: 1Gi

15
kubernetes/cluster-0/apps/storage/resilio-sync/helene/config/sync.conf Normal file
View File

@@ -0,0 +1,15 @@
{
"listening_port" : 55556,
"storage_path" : "/config",
"vendor" : "docker",
"display_new_version": false,
"directory_root_policy" : "belowroot",
"directory_root" : "/sync/",
"webui" :
{
"listen" : "0.0.0.0:8889",
"allow_empty_password" : false,
"dir_whitelist" : [ "/sync" ]
}
}

81
kubernetes/cluster-0/apps/storage/resilio-sync/helene/helm-release.yaml Normal file
View File

@@ -0,0 +1,81 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: &app resilio-helene
namespace: default
spec:
interval: 15m
chart:
spec:
chart: app-template
version: 1.0.1
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
createNamespace: true
remediation:
retries: 5
upgrade:
remediation:
retries: 5
values:
image:
repository: ghcr.io/auricom/resilio-sync
tag: 2.7.3.1381-1@sha256:ec9c45bc0d04f9622d00009b4c8f431ddbf83e53d1942e00282f7059f7dc5ae7
env:
- name: TZ
value: "${TIMEZONE}"
service:
main:
ports:
http:
port: 8889
com:
port: 55556
ingress:
main:
enabled: true
ingressClassName: "nginx"
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
persistence:
config:
enabled: true
existingClaim: resilio-helene-config
sync-conf:
enabled: true
type: configMap
configMap:
name: resilio-helene-sync-conf
mountPath: /config/sync.conf
subPath: sync.conf
backups:
enabled: true
type: nfs
server: "${LOCAL_LAN_TRUENAS}"
path: /mnt/storage/backups
mountPath: /sync/backup
home-helene:
enabled: true
type: nfs
server: "${LOCAL_LAN_TRUENAS}"
path: /mnt/storage/home/helene
mountPath: /sync/home
podSecurityContext:
runAsUser: 0
resources:
requests:
cpu: 250m
memory: 512Mi
limits:
memory: 2Gi

13
kubernetes/cluster-0/apps/storage/resilio-sync/helene/kustomization.yaml Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml
- volume.yaml
configMapGenerator:
- name: resilio-helene-sync-conf
namespace: default
files:
- config/sync.conf
generatorOptions:
disableNameSuffixHash: true

17
kubernetes/cluster-0/apps/storage/resilio-sync/helene/volume.yaml Normal file
View File

@@ -0,0 +1,17 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: resilio-helene-config
namespace: default
labels:
app.kubernetes.io/name: &name resilio-helene
app.kubernetes.io/instance: *name
snapshot.home.arpa/enabled: "true"
spec:
accessModes:
- ReadWriteOnce
storageClassName: rook-ceph-block
resources:
requests:
storage: 1Gi

6
kubernetes/cluster-0/apps/storage/resilio-sync/kustomization.yaml Normal file
View File

@@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- claude
- helene

33
kubernetes/cluster-0/apps/storage/smartctl-exporter/helm-release.yaml Normal file
View File

@@ -0,0 +1,33 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: &app smartctl-exporter
namespace: default
spec:
interval: 15m
chart:
spec:
chart: prometheus-smartctl-exporter
version: 0.3.1
sourceRef:
kind: HelmRepository
name: prometheus-community
namespace: flux-system
install:
createNamespace: true
remediation:
retries: 5
upgrade:
remediation:
retries: 5
values:
fullnameOverride: *app
config:
devices:
- /dev/sda
- /dev/nvme0n1
serviceMonitor:
enabled: true
prometheusRules:
enabled: false

5
kubernetes/cluster-0/apps/storage/smartctl-exporter/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml

57
kubernetes/cluster-0/apps/storage/truecommand/helm-release.yaml Normal file
View File

@@ -0,0 +1,57 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: &app truecommand
namespace: default
spec:
interval: 15m
chart:
spec:
chart: app-template
version: 1.0.1
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
createNamespace: true
remediation:
retries: 5
upgrade:
remediation:
retries: 5
values:
image:
repository: docker.io/ixsystems/truecommand
tag: "2.2"
service:
main:
ports:
http:
port: 80
ingress:
main:
enabled: true
ingressClassName: "nginx"
annotations:
external-dns.home.arpa/enabled: "true"
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
persistence:
config:
enabled: true
existingClaim: truecommand-config
mountPath: /data
resources:
requests:
cpu: 50m
memory: 256Mi
limits:
memory: 500Mi

6
kubernetes/cluster-0/apps/storage/truecommand/kustomization.yaml Normal file
View File

@@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml
- volume.yaml

17
kubernetes/cluster-0/apps/storage/truecommand/volume.yaml Normal file
View File

@@ -0,0 +1,17 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: truecommand-config
namespace: default
labels:
app.kubernetes.io/name: &name truecommand
app.kubernetes.io/instance: *name
snapshot.home.arpa/enabled: "true"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: rook-ceph-block