From 859a91a3afe15aa5e98c49b8719905456da72b71 Mon Sep 17 00:00:00 2001 From: auricom <27022259+auricom@users.noreply.github.com> Date: Wed, 23 Nov 2022 00:12:41 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=97=91=EF=B8=8F=20truenas=20jails?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- infrastructure/ansible/inventory/hosts.yml | 5 - .../roles/truenas/files/borgserver/rc.d | 96 ------------ .../truenas/files/borgserver/sshd_config | 5 - .../truenas/tasks/jails/borgserver-init.yml | 112 -------------- .../roles/truenas/tasks/jails/init.yml | 31 ---- .../roles/truenas/tasks/jails/main.yml | 41 ----- .../truenas/tasks/jails/postgres-conf.yml | 60 -------- .../truenas/tasks/jails/postgres-init.yml | 143 ------------------ .../ansible/roles/truenas/tasks/main.yml | 27 ---- .../storage/borgserver/secret-host.sops.yaml | 31 ---- .../cluster-0/apps/storage/kustomization.yaml | 1 - 11 files changed, 552 deletions(-) delete mode 100644 infrastructure/ansible/roles/truenas/files/borgserver/rc.d delete mode 100644 infrastructure/ansible/roles/truenas/files/borgserver/sshd_config delete mode 100644 infrastructure/ansible/roles/truenas/tasks/jails/borgserver-init.yml delete mode 100644 infrastructure/ansible/roles/truenas/tasks/jails/init.yml delete mode 100644 infrastructure/ansible/roles/truenas/tasks/jails/main.yml delete mode 100644 infrastructure/ansible/roles/truenas/tasks/jails/postgres-conf.yml delete mode 100644 infrastructure/ansible/roles/truenas/tasks/jails/postgres-init.yml delete mode 100644 kubernetes/cluster-0/apps/storage/borgserver/secret-host.sops.yaml diff --git a/infrastructure/ansible/inventory/hosts.yml b/infrastructure/ansible/inventory/hosts.yml index dababf790..9c7fc5b01 100644 --- a/infrastructure/ansible/inventory/hosts.yml +++ b/infrastructure/ansible/inventory/hosts.yml @@ -16,11 +16,6 @@ all: ansible_port: 35875 vars: ansible_user: homelab - truenas-jails: - hosts: - borgserver: - ansible_host: borgserver.{{ secret_domain }} - # postgres: kubernetes: children: master: diff --git a/infrastructure/ansible/roles/truenas/files/borgserver/rc.d b/infrastructure/ansible/roles/truenas/files/borgserver/rc.d deleted file mode 100644 index c7c5f334f..000000000 --- a/infrastructure/ansible/roles/truenas/files/borgserver/rc.d +++ /dev/null @@ -1,96 +0,0 @@ -#!/usr/bin/env bash - -PUID=${PUID:-1000} -PGID=${PGID:-1000} - -usermod -o -u "$PUID" borg &>/dev/null -groupmod -o -g "$PGID" borg &>/dev/null - -BORG_DATA_DIR=/backups -SSH_KEY_DIR=/keys -BORG_CMD='cd ${BORG_DATA_DIR}/${client_name}; borg serve --restrict-to-path ${BORG_DATA_DIR}/${client_name} ${BORG_SERVE_ARGS}' -AUTHORIZED_KEYS_PATH=/home/borg/.ssh/authorized_keys - -# Append only mode? -BORG_APPEND_ONLY=${BORG_APPEND_ONLY:=no} - -source /etc/os-release -echo "########################################################" -echo -n " * BorgServer powered by " -borg -V -echo " * Based on k8s-at-home" -echo "########################################################" -echo " * User id: $(id -u borg)" -echo " * Group id: $(id -g borg)" -echo "########################################################" - - -# Precheck if BORG_ADMIN is set -if [ "${BORG_APPEND_ONLY}" == "yes" ] && [ -z "${BORG_ADMIN}" ] ; then - echo "WARNING: BORG_APPEND_ONLY is active, but no BORG_ADMIN was specified!" -fi - -# Precheck directories & client ssh-keys -for dir in BORG_DATA_DIR SSH_KEY_DIR ; do - dirpath=$(eval echo '$'${dir}) - echo " * Testing Volume ${dir}: ${dirpath}" - if [ ! -d "${dirpath}" ] ; then - echo "ERROR: ${dirpath} is no directory!" - exit 1 - fi - - if [ "$(find ${SSH_KEY_DIR}/clients ! -regex '.*/\..*' -a -type f | wc -l)" == "0" ] ; then - echo "ERROR: No SSH-Pubkey file found in ${SSH_KEY_DIR}" - exit 1 - fi -done - -# Create SSH-Host-Keys on persistent storage, if not exist -mkdir -p ${SSH_KEY_DIR}/host 2>/dev/null -echo " * Checking / Preparing SSH Host-Keys..." -for keytype in ed25519 rsa ; do - if [ ! -f "${SSH_KEY_DIR}/host/ssh_host_${keytype}_key" ] ; then - echo " ** Creating SSH Hostkey [${keytype}]..." - ssh-keygen -q -f "${SSH_KEY_DIR}/host/ssh_host_${keytype}_key" -N '' -t ${keytype} - fi -done - -echo "########################################################" -echo " * Starting SSH-Key import..." - -# Add every key to borg-users authorized_keys -rm ${AUTHORIZED_KEYS_PATH} &>/dev/null -for keyfile in $(find "${SSH_KEY_DIR}/clients" ! -regex '.*/\..*' -a -type f); do - client_name=$(basename ${keyfile}) - mkdir ${BORG_DATA_DIR}/${client_name} 2>/dev/null - echo " ** Adding client ${client_name} with repo path ${BORG_DATA_DIR}/${client_name}" - - # If client is $BORG_ADMIN unset $client_name, so path restriction equals $BORG_DATA_DIR - # Otherwise add --append-only, if enabled - borg_cmd=${BORG_CMD} - if [ "${client_name}" == "${BORG_ADMIN}" ] ; then - echo " ** Client '${client_name}' is BORG_ADMIN! **" - unset client_name - elif [ "${BORG_APPEND_ONLY}" == "yes" ] ; then - borg_cmd="${BORG_CMD} --append-only" - fi - - echo -n "restrict,command=\"$(eval echo -n \"${borg_cmd}\")\" " >> ${AUTHORIZED_KEYS_PATH} - cat ${keyfile} >> ${AUTHORIZED_KEYS_PATH} - echo >> ${AUTHORIZED_KEYS_PATH} -done -chmod 0600 "${AUTHORIZED_KEYS_PATH}" - -echo " * Validating structure of generated ${AUTHORIZED_KEYS_PATH}..." -ERROR=$(ssh-keygen -lf ${AUTHORIZED_KEYS_PATH} 2>&1 >/dev/null) -if [ $? -ne 0 ]; then - echo "ERROR: ${ERROR}" - exit 1 -fi - -chown -R borg:borg ${BORG_DATA_DIR} -chown borg:borg ${AUTHORIZED_KEYS_PATH} -chmod 600 ${AUTHORIZED_KEYS_PATH} - -echo "########################################################" -echo " * Init done!" diff --git a/infrastructure/ansible/roles/truenas/files/borgserver/sshd_config b/infrastructure/ansible/roles/truenas/files/borgserver/sshd_config deleted file mode 100644 index 09fc06381..000000000 --- a/infrastructure/ansible/roles/truenas/files/borgserver/sshd_config +++ /dev/null @@ -1,5 +0,0 @@ -HostKey /keys/host/ssh_host_rsa_key -HostKey /keys/host/ssh_host_ed25519_key -AuthorizedKeysFile .ssh/authorized_keys -Subsystem sftp /usr/libexec/sftp-server -PermitRootLogin yes diff --git a/infrastructure/ansible/roles/truenas/tasks/jails/borgserver-init.yml b/infrastructure/ansible/roles/truenas/tasks/jails/borgserver-init.yml deleted file mode 100644 index 81d7ac2e0..000000000 --- a/infrastructure/ansible/roles/truenas/tasks/jails/borgserver-init.yml +++ /dev/null @@ -1,112 +0,0 @@ ---- -- name: jail-borgserver | get jail ip - ansible.builtin.shell: - cmd: iocage exec borgserver ifconfig epair0b | grep 'inet' | awk -F ' ' '{ print $2 }' - changed_when: false - register: borgserver_jail_ip - become: true - -- block: - - name: jail-borgserver | create zfs pools - community.general.zfs: - name: "{{ item }}" - state: present - loop: - - "{{ pool_name }}/jail-mounts" - - "{{ pool_name }}/jail-mounts/borgserver" - - "{{ pool_name }}/jail-mounts/borgserver/backups" - - "{{ pool_name }}/jail-mounts/borgserver/keys" - - - name: jail-borgserver | create empty dirs - ansible.builtin.shell: - cmd: iocage exec borgserver mkdir -p /{{ item }} - loop: - - backups - - keys - - - name: jail-borgserver | mount dirs - ansible.builtin.shell: - cmd: iocage fstab -a borgserver /mnt/{{ pool_name }}/jail-mounts/borgserver/{{ item }} /{{ item }} nullfs rw 0 0 - loop: - - backups - - keys - become: true - -- block: - - name: jail-borgserver | packages - community.general.pkgng: - name: - #- py39-borgbackup - - sshguard - state: present - - - name: jail-borgserver | download borg cli - ansible.builtin.get_url: - url: https://github.com/borgbackup/borg/releases/download/1.2.1/borg-freebsd64 - dest: /usr/local/bin/borg - mode: 0755 - - - name: jail-borgserver | user borg - ansible.builtin.user: - name: borg - uid: 1000 - state: present - - - name: jail-borgserver | create directories - ansible.builtin.file: - path: /home/borg/.ssh - owner: 1000 - group: 1000 - state: directory - - - name: jail-borgserver | authorized_keys - ansible.builtin.file: - path: /home/borg/.ssh/authorized_keys - owner: 1000 - group: 1000 - state: touch - - - name: jail-borgserver | change folders mod - ansible.builtin.file: - path: "{{ item }}" - owner: 1000 - group: 1000 - loop: - - /backups - - /keys - - - name: jail-borgserver | copy sshd_config - ansible.builtin.copy: - src: borgserver/sshd_config - dest: /etc/ssh/sshd_config' - mode: 0644 - - - name: jail-borgserver | copy borgserver rc.d - ansible.builtin.copy: - src: borgserver/rc.d - dest: /etc/rc.d/borgserver - mode: 0755 - - - name: jail-borgserver | configure sshguard - community.general.sysrc: - name: "{{ item.name }}" - value: "{{ item.value }}" - state: present - loop: - - { name: "sshguard_enable", value: "YES" } - - { name: "sshguard_danger_thresh", value: "30" } - - { name: "sshguard_release_interval", value: "600" } - - { name: "sshguard_reset_interval", value: "7200" } - - - name: jail-borgserver | start sshguard service - ansible.builtin.service: - name: sshguard - state: started - - - name: jail-borgserver | restart sshd service - ansible.builtin.service: - name: sshd - state: restarted - - delegate_to: "{{ borgserver_jail_ip.stdout }}" - remote_user: root diff --git a/infrastructure/ansible/roles/truenas/tasks/jails/init.yml b/infrastructure/ansible/roles/truenas/tasks/jails/init.yml deleted file mode 100644 index 32ed7dced..000000000 --- a/infrastructure/ansible/roles/truenas/tasks/jails/init.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -- name: jail-prepare | {{ outside_item.item }} | create .ssh directory - ansible.builtin.shell: - cmd: iocage exec {{ outside_item.item }} 'mkdir -p /root/.ssh; echo "" > /root/.ssh/authorized_keys; chmod 700 /root/.ssh; chmod 600 /root/.ssh/authorized_keys' - become: true - -- name: jail-prepare | {{ outside_item.item }} | deploy ssh keys - ansible.builtin.shell: - cmd: iocage exec {{ outside_item.item }} 'echo "{{ item }}" >> /root/.ssh/authorized_keys' - loop: "{{ public_ssh_keys }}" - become: true - -- name: jail-prepare | {{ outside_item.item }} | activate sshd - ansible.builtin.shell: - cmd: iocage exec {{ outside_item.item }} 'sysrc sshd_enable="YES"' - become: true - -- name: jail-prepare | {{ outside_item.item }} | sshd permit root login - ansible.builtin.shell: - cmd: iocage exec {{ outside_item.item }} 'echo "PermitRootLogin yes" >> /etc/ssh/sshd_config' - become: true - -- name: jail-prepare | {{ outside_item.item }} | start sshd - ansible.builtin.shell: - cmd: iocage exec {{ outside_item.item }} 'service sshd start' - become: true - -- name: jail-prepare | {{ outside_item.item }} | install packages - ansible.builtin.shell: - cmd: iocage exec {{ outside_item.item }} 'pkg install -y python39 bash; ln -s /usr/local/bin/bash /bin/bash' - become: true diff --git a/infrastructure/ansible/roles/truenas/tasks/jails/main.yml b/infrastructure/ansible/roles/truenas/tasks/jails/main.yml deleted file mode 100644 index 8e0f5613f..000000000 --- a/infrastructure/ansible/roles/truenas/tasks/jails/main.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -- name: jails | check if jail exist - ansible.builtin.shell: - cmd: iocage list | grep {{ item }} - loop: "{{ groups['truenas-jails'] }}" - register: jails_check - changed_when: false - failed_when: jails_check.rc != 0 and jails_check.rc != 1 - -- name: jails | is iocage fetch required - ansible.builtin.set_fact: - jail_missing: true - loop: "{{ jails_check.results }}" - when: item.rc == 1 - -- block: - - name: jails | get current FreeBSD release - ansible.builtin.shell: - cmd: freebsd-version -k - register: release - failed_when: release.rc != 0 - - - name: jails | fetch iocage template {{ release.stdout }} - ansible.builtin.shell: - cmd: iocage fetch -r {{ release.stdout }} - become: true - - - name: jails | create jail - ansible.builtin.shell: - cmd: iocage create -r {{ release.stdout }} -n {{ item.item }} dhcp=on boot=on - loop: "{{ jails_check.results }}" - when: item.rc == 1 - become: true - when: jail_missing - -- name: jails | init jails - ansible.builtin.include_tasks: init.yml - loop: "{{ jails_check.results }}" - loop_control: - loop_var: outside_item - when: outside_item.rc == 1 diff --git a/infrastructure/ansible/roles/truenas/tasks/jails/postgres-conf.yml b/infrastructure/ansible/roles/truenas/tasks/jails/postgres-conf.yml deleted file mode 100644 index 3f9c06a6f..000000000 --- a/infrastructure/ansible/roles/truenas/tasks/jails/postgres-conf.yml +++ /dev/null @@ -1,60 +0,0 @@ ---- -- name: jail-postgres | get jail ip - ansible.builtin.shell: - cmd: iocage exec postgres ifconfig epair0b | grep 'inet' | awk -F ' ' '{ print $2 }' - changed_when: false - register: postgres_jail_ip - become: true - -- name: jail-postgres | copy letsencrypt certificate - ansible.builtin.copy: - src: /mnt/storage/home/homelab/letsencrypt/{{ secret_domain }}/{{ item.src }} - remote_src: true - dest: /mnt/storage/jail-mounts/postgres/data{{ postgres_version }}/{{ item.dest }} - owner: 770 - group: 770 - mode: 0600 - loop: - - { src: "fullchain.pem", dest: "server.crt" } - - { src: "key.pem", dest: "server.key" } - notify: restart postgresql - become: true - -- block: - - name: jail-postgres | disable full page writes because of ZFS - ansible.builtin.lineinfile: - path: /var/db/postgres/data{{ postgres_version }}/postgresql.conf - regexp: '^full_page_writes\s*=' - line: "full_page_writes=off" - state: present - notify: restart postgresql - - - name: jail-postgres | listen to all addresses - ansible.builtin.lineinfile: - path: /var/db/postgres/data{{ postgres_version }}/postgresql.conf - regexp: '^listen_addresses\s*=' - line: "listen_addresses = '*'" - state: present - notify: restart postgresql - - - name: jail-postgres | ssl configuration - ansible.builtin.blockinfile: - path: /var/db/postgres/data{{ postgres_version }}/postgresql.conf - block: | - ssl = on - ssl_cert_file = 'server.crt' - ssl_key_file = 'server.key' - ssl_prefer_server_ciphers = on - state: present - notify: restart postgresql - - - name: jail-postgres | configure postgres - ansible.builtin.template: - src: postgres/pg_hba.conf - dest: /var/db/postgres/data{{ postgres_version }}/pg_hba.conf - owner: postgres - group: postgres - notify: restart postgresql - - delegate_to: "{{ postgres_jail_ip.stdout }}" - remote_user: root diff --git a/infrastructure/ansible/roles/truenas/tasks/jails/postgres-init.yml b/infrastructure/ansible/roles/truenas/tasks/jails/postgres-init.yml deleted file mode 100644 index c089fb2e7..000000000 --- a/infrastructure/ansible/roles/truenas/tasks/jails/postgres-init.yml +++ /dev/null @@ -1,143 +0,0 @@ ---- -- name: jail-postgres | get jail ip - ansible.builtin.shell: - cmd: iocage exec postgres ifconfig epair0b | grep 'inet' | awk -F ' ' '{ print $2 }' - changed_when: false - register: postgres_jail_ip - become: true - -- block: - - name: jail-postgres | create zfs pools - community.general.zfs: - name: "{{ item }}" - state: present - loop: - - "{{ pool_name }}/jail-mounts" - - "{{ pool_name }}/jail-mounts/postgres" - - "{{ pool_name }}/jail-mounts/postgres/data{{ postgres_version }}" - - - name: jail-postgres | configure zfs pool postgresql - community.general.zfs: - name: "{{ pool_name }}/jail-mounts/postgres" - state: present - extra_zfs_properties: - atime: off - setuid: off - - - name: jail-postgres | configure zfs pool postgresql - community.general.zfs: - name: "{{ pool_name }}/jail-mounts/postgres" - state: present - extra_zfs_properties: - atime: off - setuid: off - - - name: jail-postgres | create empty data{{ postgres_version }} dir - ansible.builtin.shell: - cmd: iocage exec postgres mkdir -p /var/db/postgres/data{{ postgres_version }} - - - name: jail-postgres | mount data{{ postgres_version }} - ansible.builtin.shell: - cmd: iocage fstab -a postgres /mnt/{{ pool_name }}/jail-mounts/postgres/data{{ postgres_version }} /var/db/postgres/data{{ postgres_version }} nullfs rw 0 0 - become: true - -- block: - - name: jail-postgres | packages - community.general.pkgng: - name: - - postgresql{{ postgres_version }}-server - - postgresql{{ postgres_version }}-contrib - - postgresql{{ postgres_version }}-client - - py39-pip - state: present - - - name: jail-postgres | pip packages - ansible.builtin.pip: - name: psycopg2 - state: present - - - name: jail-postgres | change postgres/data{{ postgres_version }} mod - ansible.builtin.file: - path: /var/db/postgres/data{{ postgres_version }} - owner: postgres - group: postgres - - - name: jail-postgres | initdb - ansible.builtin.shell: - cmd: su -m postgres -c 'initdb -E UTF-8 /var/db/postgres/data{{ postgres_version }}' - - - name: jail-postgres | move base and pg_wal - ansible.builtin.shell: - cmd: su -m postgres -c 'mv /var/db/postgres/data{{ postgres_version }}/{{ item }} /var/db/postgres/data{{ postgres_version }}/{{ item }}0' - loop: - - base - - pg_wal - - - name: jail-postgres | create base and pg_wal empty dirs - ansible.builtin.file: - path: /var/db/postgres/data{{ postgres_version }}/{{ item }} - state: directory - owner: postgres - group: postgres - loop: - - base - - pg_wal - - delegate_to: "{{ postgres_jail_ip.stdout }}" - remote_user: root - -- block: - - name: jail-postgres | create missing zfs pools - community.general.zfs: - name: "{{ item }}" - state: present - loop: - - "{{ pool_name }}/jail-mounts/postgres/data{{ postgres_version }}/base" - - "{{ pool_name }}/jail-mounts/postgres/data{{ postgres_version }}/pg_wal" - - - name: jail-postgres | mount base - ansible.builtin.shell: - cmd: iocage fstab -a postgres /mnt/{{ pool_name }}/jail-mounts/postgres/data{{ postgres_version }}/{{ item }} /var/db/postgres/data{{ postgres_version }}/{{ item }} nullfs rw 0 0 - loop: - - base - - pg_wal - - become: true - -- block: - - name: jail-postgres | move base and pg_wal content to mounts - ansible.builtin.shell: - cmd: mv /var/db/postgres/data{{ postgres_version }}/{{ item }}0/* /var/db/postgres/data{{ postgres_version }}/{{ item }}/; rmdir /var/db/postgres/data{{ postgres_version }}/{{ item }}0 - loop: - - base - - pg_wal - - - name: jail-postgres | change mod - ansible.builtin.file: - path: /var/db/postgres/data{{ postgres_version }}/{{ item }} - state: directory - owner: postgres - group: postgres - recurse: true - loop: - - base - - pg_wal - - - name: jail-postgres | enable postgresql service - community.general.sysrc: - name: postgresql_enable - state: present - value: "YES" - - - name: jail-postgres | start postgresql service - ansible.builtin.service: - name: postgresql - state: started - - - name: jail-postgres | change postgres password - postgresql_query: - login_user: postgres - query: ALTER USER postgres PASSWORD '{{ postgres_password }}' - - delegate_to: "{{ postgres_jail_ip.stdout }}" - remote_user: root diff --git a/infrastructure/ansible/roles/truenas/tasks/main.yml b/infrastructure/ansible/roles/truenas/tasks/main.yml index d1f307234..1df06d640 100644 --- a/infrastructure/ansible/roles/truenas/tasks/main.yml +++ b/infrastructure/ansible/roles/truenas/tasks/main.yml @@ -7,30 +7,3 @@ - ansible.builtin.include_tasks: wireguard.yml when: "main_nas == false" - -- block: - - ansible.builtin.include_tasks: jails/main.yml - - # - ansible.builtin.shell: - # cmd: test -f /mnt/storage/jail-mounts/postgres/data{{ postgres_version }}/postgresql.conf - # register: postgres_data_exists - # become: true - # changed_when: false - # failed_when: postgres_data_exists.rc != 0 and postgres_data_exists.rc != 1 - - # - ansible.builtin.include_tasks: jails/postgres-init.yml - # when: postgres_data_exists.rc == 1 - - # - ansible.builtin.include_tasks: jails/postgres-conf.yml - - - ansible.builtin.shell: - cmd: test -f /mnt/storage/jail-mounts/borgserver/keys/host/ssh_host_ed25519_key - register: borgserver_data_exists - become: true - changed_when: false - failed_when: borgserver_data_exists.rc != 0 and borgserver_data_exists.rc != 1 - - - ansible.builtin.include_tasks: jails/borgserver-init.yml - when: borgserver_data_exists.rc == 1 - - when: "main_nas" diff --git a/kubernetes/cluster-0/apps/storage/borgserver/secret-host.sops.yaml b/kubernetes/cluster-0/apps/storage/borgserver/secret-host.sops.yaml deleted file mode 100644 index 7e2c58af4..000000000 --- a/kubernetes/cluster-0/apps/storage/borgserver/secret-host.sops.yaml +++ /dev/null @@ -1,31 +0,0 @@ -kind: Secret -apiVersion: v1 -type: Opaque -metadata: - name: borgserver-host - namespace: default -stringData: - ssh_host_ed25519_key: ENC[AES256_GCM,data:FeWPg7LWcnrFm7DXdizGgxSwN4UVwl39XdQCQv8JeizTqmr9OJQLQzfLW5ExE7UD/bdHs6CvNKDOVBpcicc/Drmio6272WIQk5XcoyfyWaZQfmjKLj7Qfh3UCWi0b59uFXwfvoAEzeBbG+L530bTDyPqiIQxO9m/QVFTsBfZCg0QDJNUbQV/5a4jK5nJXIYrfE+VezbknzZtTvHVCr65ftN+ZWEjHBtClRdmnNjTaDUnCKqu+n8UKw756V5+a5+4MGUiWmwib4fYZnYFquajndvHk+73bd4mo8mO+s7zyl9txcXUJX39qGiSUmY2ABznbpP+nDMwvgHggGV/jsXAzSmhA17SVidWImyPz+vNy8oNIkkM/IviCIYiDmDFyqRGBUxjL/cc3UwtmO40QuJl3TCR8ztLkO7paYmNvwCbfHInygSlR8etao8qKzhh3EE0dTageuKKp8anCrwDeceSQ6kZsNk4zhQTXxhamNni77BcxwFNGJOGdDhXsz9/hxfAgaAPO4PwHo9jxDopX6DEV+VEQZ4vePJVMzyLaBXvgdZQSZqMWndPbbHRsbIC8YIV,iv:A1aZEhL6xK5rnbjoUNByufnpoJRO559KPwF4PlZGRsc=,tag:rtEQIRldBanayzitxHgRiA==,type:str] - ssh_host_ed25519_key.pub: ENC[AES256_GCM,data:C5+/1cNsWoshxXCkJJBofn47qBbz0TaQlHRCUt3zJbfb2T6kne3vVOYA6sEs0Kcr5Ecj6QAINwJlnmWsPsET36m6lHhcFKJeUaAQWVybOxP0eg+NBuuYoZILzdqv6xXGRCiAED+ZhEWsTgcsIjLS4Hsq,iv:yHGTQLc0Wwmc2xtOIHl8kbgInRKFwxk4wlx0UO+Jz6c=,tag:1rmWNdUgNcXGOYElMhx5xQ==,type:str] - ssh_host_rsa_key: ENC[AES256_GCM,data:a99N0mPtEbZK5Nawlj+MycuObFxz5Tn0tspdfBWC18FbUUQNqS6+DYGHJ68KU9o1eT9sVpdMO4jDhoxZNP8JqSuwv0GL6j3OhXM6xdLCO795HeaH/eeJpIjNooEhIImhRnbrz4Z/cKhNmyuHVOj7Nbo6pBJOtQTiPs3YHRRytMMfUe1UByXzA9YZPWYht7OkMOQWXXqhsuXF3JezQnzhRo8SfO2LlSX4H/5Kb444h12VCc4NIHr+ds3R3Z99wTkYcY3WKXAd6P57wAX7G/eSv9iSRKanG7NoyUoimXvTZYKcz3Il6UIZGaCS6ntwJBeBqdZjgf/3gXxyim8I90wmtDpDbqxpOF2K3EmY7DXSHud5SA7d7xvrzDnAiEPaW8GcFnlPtsTbn7DnCQ0uomf3aM8TS/NooRj2M5oufdZ2rq692h+w7q6LFB+rCdNrcttv4IDLmGd7jV7biWHvxyXgYC1DXskJArYnKzZfzNV3Yzdyg4GzKPstV8BhjtKgYTMU9OVVqK84AptGNdYfcBCB1GaNYG5vl/LP3eEjBSLubdC3JUucV5n9p9fBDf41QaCg+DrWs2xFybEM/JoBJt9DQOX4FznXJr7Qc/+FbeKZbZuqNDLReI0oTpp610DSta/Y1rlw0c6NLADA2WZzsodatUgzYfpstZ5cLl4B/i61M+928Wx4P+PrHI7IXRW4j3usNRIS7a6BF1VBdOSQn5H5lLdpDpy8IhhfAvEj1E4eSvG8s3Qp76oS7uSotyecBkCIxiu4HhGN8QGOj/2tjq6sxh05iX4YHg7C4vtmITIP6I3h8ewOP42lo6NxZp+NJKC+lryNcCqMrQuIUK5AKXqO5K1OYa6pWIUXgIssHyt+OpjaJ6VvN1VkXRioGIigg597+0AABDajLefLpFgDIMGLOWw6Mz1LaU4jg2mgfiqdSatrD9whi6TGyMFCwR4oWPZNMjw8udr3LWXj6GgnfNu6VVuLEj6e1qnEdZpywrTEM9pDGLeexvbFv0Ipexyd5OgTbMisvYCUO6nXs7FwxTIsrnjmai16whLBWa+TrChxQDOL5XJZjHZRcT+8DOl4AX9FyffIy7tdS8D2IFhk7ffernFGf/2TUGLREyw1bkAGVZjBRRJ/9y///sRal1dDp52k4OH3QZlHmjjTMExGAjn55K/fDhqdlNRdAVwFylBa83E9ci+RUW1DEJQ8t+WimS55CevwMPRjcABHm3TFgxM4gS2vySwG/+3plACqoTp7IwniTNs9hjMbU24X8FqdTxLLn5VvHjb/NzuAGhcBd/GoRg4sjDB97TWXoRRFjh2UjApUqdoU2XWW1/qkFRxYh1l9ahQy1+nRqWzo0+nVzF9KKtbubNRH9xhDcGtz/R4xep8Bxqg1Mq/wF3So/vGGGCYJ+K6eIBLdnoaq4M/WzlYRSAW94mp2WrIAAZSc+2CO14Hwnf6qyeLWJtAFSh7FBsoEmqkI1kojmI4j8MO/mzouYvaybejpOAe8p0xQ27J1I1cG0ceb5ZPrjpAsaGP3bJDu78JUYfnSHEuFOfXAXny64pFayzPOE6+F0QIK3nL3s+XO4Nj9ySJzn5iL9nGZit49nUvhp/fB+7KCNyPCMF/5+NveMYgerjvvfq+tmCS+TvWjKCrvO2fHBTVcB4XHyTuMu5BC/Vmd6qhOnpJuUt1uHpCkIlZs9tJsXzuKJ/X6Ym2UOXspzTpztzmsmQiqxIrBZ2TP2PdPCL210loK0FSRRS/FAs5/Krna/HcdzLtMhHgFlZNALpti/tHGYOuLI0sDXtdbJhxz99H/onXHTHDHoGM8auvnQCObcAp0eFiyMiEzAl2Y5S0lbGun3xbX19xuOOmn3AN2wkQ46Lcu59Bl3YPBh+ORMhyG8gTJRyS5rXq3/FvSeQbIMMy9dGru5YCu/MKOJ9IeBwyDcN4rissplAljesclZ+yaaVyFTbMgOniEQt4aRt3yuUJKWesuKmsnMXGHSxKkDSLpS3svUMBcC3yuDTONjXe7NPwQgGdqrC1nUPlIHZ6FGc0lfD6lPh0BpdpZHuFaxiHuI1kIi0VLOB05iO5Rw+QJt6oCjxiVzI0HdeKJ8WTrd8OO4XS3L0/MlEsjJO8VHBZ4UfF3jWB74mrjqvyhoOWOaqv5dZJZwtWGO5yrgqilD4MkludWMhrGGREcj5KL3EoT71+3pBUO1gqytE4UQCrPG9n2Jwb0Vb9xvaqiJfsm5tQ7BvqKysnHI4obhO57XYc9bjEwzCpKQa2AMBM2NEa8desa3fmA7JrGUbD463Zu4Cbq0cnX/5bmfPkVYgcvZgGpW++bvEZAH/TWwV8IhEoof3tNRuGs4aWkuebCqULcnspaq0zIjagJLhzVWFp0uSlyn2LUfJm6JCv09aX7nSOVXWRmh/stmxCmzFB/8oSmiTEB3O/evN6c3AzAPz+4hTleoUuIPnd+R59s0S6mm0Kdr7d+AVBOWUMfuRin+yfTXE4Ud5JT1wmTSWzaEshDx3MMH650d7gaYU0f38w7adZpB88uii/iA0SlQ+ucIEMR4UR2R6pFya515u5AVnygS6Xm4sVroEw/8H0ZE2KzdCfY6oBI9Y2Tcc3IDe0D0TNIu0d7GPgjWZPAPDV10Dm/IxHEB4RZoGwj32NqLSplEcTl1JjYg8H90AuUzfDjCV04neUiN0IROVnYYoz37PhaMFV5mSsNiQjoohmAgS3lsb4/Y9n3GfR6OHvwDpCmrA1WpM5eM/W4yzRao7t4f7EYVy1fkNdqfdUJ9IJzsK6iKux0BwE0s7uxbYWJsZwdaaoE7NuhQi0+PyltDEDrELa2tf0fFQ89PJuXiIHo6zaOomTQcqhTpte7I1nr35F3nlHWjdNp/pbYAax53owp0WY8N/Tp5Nwxg7f90KWyiAqPLpLpSi8PkNOk+hyI4Gw+QT86KjRO1P1szLDGqAy1WS02mkSvcmBF/ax3mrBrEs2aqkYTjz9jPma7vL1/VzIKuyx6j0QJWbbOTdjZBUQJjgPfWVWYPR+HjBqXX6QPF3Qo13g8BeMz2ZVsqGaTO+H/HEeX8C1i/U13+ZA3oAxAJLgbH7b2oBb3ja35Df2pBg8orCSnS8ay5yDSPOFO2UIJERuJzqHdyLlSOrgp8avEVK3U3CFbjjE1dOI7krqeKwYXoUsROSDbNTzstYBjW4zlhoK/e9P79xMmTcGaE8B0CswTcJdRH3btT0Qao+BL8s0lB4yX0rvFVvRNVNuG214/WTLll9mTs7MJZuQeX2zaC32aJ5RmGwzoBZDSik/3ZSsKr1Uyc6rOrdgrflHrDWb/a1SXuGatLfqWHUiQmyeXQjxebWcGVEset6Pby7QMwXD75HhzgCSjdP+fef9KI/Hkgt0GJJ0tzbnf277VJVgl3p1US1BiHbdzVn9wmWn4a1Wy/OqnwU571sE8QKQRCz6D8tDfm3VfBY2avxdYBMqAXttdrvaHZo5w6k4yX+qWwiQBbh4URrnsH8mZ,iv:AX/hwSuHPNe8BMFiM0n9j21SwEw3gNPP3Azq1QFkddo=,tag:kI7F5Xbmk8RE/jMIxkIkOw==,type:str] - ssh_host_rsa_key.pub: ENC[AES256_GCM,data:qXkMPzaXNnvnrmus0nALNxLH1jEqew0MS2YJ5jhDIB3Z1zfwMha/Jd+bslwDuuNeIOo+BBtNgYvvmNKAAefKbbbMFsJo9o5Yi1Y3En3xek/v3COqS/AQ7iDRkTvvrMKtKtXsPChDSsDE5xS9+cRVFlxPkNIne69bqmTdz+WImj8let9YBB6HYg7jpsnOE7CcJ2Jqw9qGJqH5cIFQoNOSWTvd//v7CcXkE0t+eAqAQDYo01y9bcTzow4qRX5RRXx6qNC7KzSDGwtBnUe1A3Z68GmlsZaSpGrGyKQTCBJ/fod+WmbsfbfDZBorJiFrVfA+nU6JfowRkWC5Bt4gg4ArcR7uW6qN7Hg6EcEZf+GPG8Isdg7Bim41JijTedD6GuPvrpxTf7klLLgKcgRjjw4vjAMa1gzl9lYdMCxVrarD61Ex1z2lvmQqvpKDpTlbnXGqbYNUYq86TsN8/PyrxzquYS21j8je8b31IgAUysnOjOVwbtegbCn6EkfisDZdQTv1vJ6Ey1SShV4udk9TT5WRaKKGDELKp94CWFdHsRHClAdCUkltqBRkQHZZC2GOCO1kROiQVbKT5TAhd96uuvAG5U+GH+CokZn7PgTVzLStIxVItueFWV2/oKxpaACEiLNwPQnXAXqqL/ArGkeQN3lWZVRUBpzNKv71vIowRA48+qHt8JqRLKqfFcUzwJaiGRCfn4g7amSvqTGOKGQ/LsZAsdSIt71//wk6zJE8/ZIfSN3rqE6WSu4RC150lJI5MF6teQ0Mz+S+AyBuUw==,iv:zUoqq6FDBMas2fkWNz3zhnM+wvxBGAb2MeI1PRzmw+8=,tag:oAN/GvXfjOYwXP4uXzts4Q==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSd2h2N2RELzkvODM0WE1p - c1M3bEQxdDZkZ3Zlcm9uKzFWYklLWWpUYXhvCkN1bXU3YmNrY255RmkwSXFDWmt1 - dHExaGZRODhKdm1NR2xYV29CeE5vbk0KLS0tIHpBUGVaNUhKaE5UOU1hM3c0akxX - ZWRhWnBrY1FBNVQyOU0yVGFXb0QrVnMK26Nc5Bw/jOzuxXcufHcxnugG1bzqO9T8 - LNIau17zdWX5bfWGDj++ipnm8x1sPswEULal4U2Muc2Iy7GuZPhVyg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-11-20T18:08:09Z" - mac: ENC[AES256_GCM,data:ztMF0JW6BZfpXitcdFy6wG8cIvsEGB6jVY25xijONz2qhi0F9Lw4IiJwumfJ+3hFqMJUznI3IoEjhUIR54YNpmzVwn60CJIK0nVw4WrsGDg0728fuZmA4UlLi8Paynksn3ulGjaal9+K9ML266Xmo+12lf/13Q73yA9XsVy3nRk=,iv:suhFmkdB0UprQOpR6BuJZ9K1XHaDBxzTr7ViFNOCENE=,tag:nwYdO/cYPQM2GMNI4d+GEg==,type:str] - pgp: [] - encrypted_regex: ^(data|stringData)$ - version: 3.7.3 diff --git a/kubernetes/cluster-0/apps/storage/kustomization.yaml b/kubernetes/cluster-0/apps/storage/kustomization.yaml index d50230323..2e7739feb 100644 --- a/kubernetes/cluster-0/apps/storage/kustomization.yaml +++ b/kubernetes/cluster-0/apps/storage/kustomization.yaml @@ -2,7 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - borgserver - kopia-web - resilio-sync - smartctl-exporter