refactor: components

2025-09-17 18:24:14 +02:00 · 2025-04-15 16:48:53 +02:00
parent 89beaf64a5
commit 7ad9789d31
77 changed files with 336 additions and 82 deletions
--- a/kubernetes/components/common/vars/cluster-secrets.sops.yaml
+++ b/kubernetes/components/common/vars/cluster-secrets.sops.yaml
@@ -0,0 +1,39 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.1-standalone-strict/secret-v1.json
+apiVersion: v1
+kind: Secret
+metadata:
+    name: cluster-secrets
+    namespace: flux-system
+stringData:
+    SECRET_CLUSTER_CERTIFICATE_DEFAULT: ENC[AES256_GCM,data:8HotHVJva77fd9S+j2BB,iv:fqCDD0NuK9ySCsGGT3G4QsfViM2L9oPp9ZLgwXf0tLI=,tag:rX1quD8RTjvzV75fmwmC6w==,type:str]
+    SECRET_CLUSTER_DOMAIN_EMAIL: ENC[AES256_GCM,data:j1yBajAlXKQeDuvbV2IyJp8IT3wA,iv:pxPgYZEZ6pvcr6trM1gkL5MZORewARaiVfwRTyWxny0=,tag:y31EGp46NgF/Pf3hQ2Iavw==,type:str]
+    SECRET_CLOUDFLARE_TUNNEL_ID: ENC[AES256_GCM,data:nS0cVHEiuEk1w43AjcWNjGVecEr8RZr4iXsMCO9152bn2wWc,iv:jDz8AP6eCF5+CASt3ogR8vzAO5VkbZQ3pY2+AFmz15U=,tag:DVKZ3xSZLrW9pQIx0HJRCQ==,type:str]
+    SECRET_DOMAIN: ENC[AES256_GCM,data:UtdBDs6+azVHO7Y=,iv:ZnWrBW+vW6HiMs1PbgY2LjcwUwuUh1HxYjqvOXvCrDk=,tag:r6uDIJhVoTIcizIfRW+lHw==,type:str]
+    SECRET_EXTERNAL_DOMAIN: ENC[AES256_GCM,data:Brd9H7gizPxew+4=,iv:YaIxv9TFF0mAks9gJXwXA1N7b8k5mcSJ6hs9lpaUV/M=,tag:8xdRoWun3IUVywagpsrsBw==,type:str]
+    SECRET_INTERNAL_DOMAIN: ENC[AES256_GCM,data:WLuQAi9JsUsD5Q==,iv:Zc+5/rQONxepZFVC/ia01aBdlVyG99thOeIipeAVS3E=,tag:FwwjDKoUMfZ/taFPRRThOQ==,type:str]
+    SECRET_CROWDSEC_NGINX_BOUNCER_API_KEY: ENC[AES256_GCM,data:ecukkFOK40WWIxJ48sXrxJUBaHx2BnzqxkIT+cXYZg4=,iv:y6AfslVPufBfrIL3GQqTw0cDAan64mB9J7RY9OzKQqw=,tag:+V4Rgz26wey2UtA32S0PJQ==,type:str]
+    SECRET_KOMF_MAL_CLIENT_ID: ENC[AES256_GCM,data:HuKHFrICgCj6nbcbix8u7qGeggFmmKht7Elk9dINZtE=,iv:c3mqFdFkIO9dctZ3ooPh4ajOZaY0ZudEeNWbG+lryPI=,tag:jWG2+pgkAf/XUgJyUvdrNg==,type:str]
+    SECRET_KUBE_PROMETHEUS_STACK_ALERTMANAGER_PUSHOVER_USER_KEY: ENC[AES256_GCM,data:X1J9WLT26soYzlDb8+YtPotGw8p0lJKMuNkn69WX,iv:mW2cJOq5gfzSE+U24IuvPVL+dL2nZcTFpPAkG77Ohus=,tag:kxokidtuE5RAGJlj4Q4P2A==,type:str]
+    SECRET_KUBE_PROMETHEUS_STACK_ALERTMANAGER_PUSHOVER_TOKEN: ENC[AES256_GCM,data:Bwvuy/jHIRduy/r1A8dOs0OE8ewdjCgs8g/br1oW,iv:PdnPH9I509MT6UJkUG1zLAGn9aV4AVrROgAVCD4a3Y0=,tag:59kBGx9qx3jeauokyoolQQ==,type:str]
+    SECRET_KUBE_PROMETHEUS_STACK_GRAFANA_ADMIN_PASSWORD: ENC[AES256_GCM,data:L7LS6+tuwPCyb5HN4zg=,iv:JM2KTtDN/VrKicjp5qwqusWiJKHRZnfTtsZE2hkLq6Q=,tag:XGF3L5P6JxVBrlGuKosdZA==,type:str]
+type: Opaque
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGVkZXb3RYbEZ5eTVSbmFE
+            R1QxMmw0ZzkvT0NIa01URTAvQ0xWa2tZKzNvCnl0UDQ1MGV6dEtuVEd2S0NhcThS
+            MGZ1VWNXMmxHSi90eFBGbXE2V0hwamcKLS0tIEp3a2ZTeTNyaXBhSW5nSU0yN1hu
+            WG82VkdBMlNnRzBySFQzMk41cEtXSlEKBqOmq9UpO61C85+pj0ibdT31y4pmFsbm
+            pTi4N0vv81kcf4ilqBU5h1gudNCb42Q2iL0eGNR4e3JzH4iaNsvnEg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-01-03T20:27:58Z"
+    mac: ENC[AES256_GCM,data:QgFNCP1l74XISc2/6byMOzk4brz0SkbfjLxgoLRaBx08BHULaJRHiNqRRyhaKF5ZjxsOxVYiFpHrWgfu/mi/InwA6nBttwNSM/+bzKabRC6vdgrLIIXxJKGKu7BlmtILF4uZRqKqcOIK+nrZS8YWdlOY0Vyzunh4kMQoyIvugRk=,iv:0HYH18NEag1KqIXwoiMPHkFiW1jaQkK1LJ5XhENPalw=,tag:RO8oMhTRBLOzf31DgV38CQ==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.9.3
--- a/kubernetes/components/common/vars/cluster-settings.yaml
+++ b/kubernetes/components/common/vars/cluster-settings.yaml
@@ -0,0 +1,34 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: flux-system
+  name: cluster-settings
+data:
+  CILIUM_BGP_SVC_RANGE: 192.168.169.0/24
+  CILIUM_POD_CIDR: 10.69.0.0/16
+  CLUSTER_LB_K8SGATEWAY: 192.168.169.100
+  CLUSTER_LB_SMTP_RELAY: 192.168.169.102
+  CLUSTER_LB_UNIFI: 192.168.169.103
+  CLUSTER_LB_GITEA: 192.168.169.104
+  CLUSTER_LB_QBITTORRENT: 192.168.169.105
+  CLUSTER_LB_RESILIOSYNC_CLAUDE: 192.168.169.106
+  CLUSTER_LB_HASS: 192.168.169.107
+  CLUSTER_LB_VECTOR: 192.168.169.108
+  CLUSTER_LB_EMQX: 192.168.169.109
+  CLUSTER_LB_JELLYFIN: 192.168.169.110
+  CLUSTER_LB_RESILIOSYNC_HELENE: 192.168.169.111
+  CLUSTER_LB_MAILRISE: 192.168.169.112
+  CLUSTER_LB_REDIS: 192.168.169.113
+  CLUSTER_LB_FRIGATE: 192.168.169.114
+  CLUSTER_LB_CILIUM: 192.168.169.115
+  CLUSTER_LB_LMS: 192.168.169.116
+  CLUSTER_LB_TDARR: 192.168.169.117
+  CLUSTER_LB_POSTGRES: 192.168.169.118
+  CLUSTER_LB_NGINX_INTERNAL: 192.168.169.119
+  CLUSTER_LB_NGINX_EXTERNAL: 192.168.169.120
+  LOCAL_LAN: 192.168.8.0/22
+  LOCAL_LAN_OPNSENSE: 192.168.8.1
+  LOCAL_LAN_TRUENAS: 192.168.9.10
+  LOCAL_LAN_TRUENAS_REMOTE: 10.10.0.2
+  TIMEZONE: Europe/Paris
--- a/kubernetes/components/common/vars/kustomization.yaml
+++ b/kubernetes/components/common/vars/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./cluster-secrets.sops.yaml
+  - ./cluster-settings.yaml