diff --git a/.github/linters/.jscpd.json b/.github/linters/.jscpd.json
deleted file mode 100644
index b12845277..000000000
--- a/.github/linters/.jscpd.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- "ignore": ["**/truenas/files/scripts/**"]
-}
diff --git a/.github/linters/.markdownlint.yaml b/.github/linters/.markdownlint.yaml
deleted file mode 100644
index 517c3140d..000000000
--- a/.github/linters/.markdownlint.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-default: true
-
-# MD013/line-length - Line length
-MD013:
- # Number of characters
- line_length: 240
- # Number of characters for headings
- heading_line_length: 80
- # Number of characters for code blocks
- code_block_line_length: 300
- # Include code blocks
- code_blocks: true
- # Include tables
- tables: true
- # Include headings
- headings: true
- # Include headings
- headers: true
- # Strict length checking
- strict: false
- # Stern length checking
- stern: false
diff --git a/.github/linters/.prettierignore b/.github/linters/.prettierignore
deleted file mode 100644
index 3e805f833..000000000
--- a/.github/linters/.prettierignore
+++ /dev/null
@@ -1,7 +0,0 @@
-charts/
-docs/
-.private/
-.terraform/
-.vscode/
-*.sops.*
-gotk-components.yaml
\ No newline at end of file
diff --git a/.github/linters/.prettierrc.yaml b/.github/linters/.prettierrc.yaml
deleted file mode 100644
index 2e643f08a..000000000
--- a/.github/linters/.prettierrc.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-trailingComma: "es5"
-tabWidth: 2
-semi: false
-singleQuote: false
-bracketSpacing: false
-useTabs: false
diff --git a/.github/linters/.yamllint.yaml b/.github/linters/.yamllint.yaml
deleted file mode 100644
index 7a2cc5b41..000000000
--- a/.github/linters/.yamllint.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-ignore: |
- charts/
- docs/
- .private/
- .terraform/
- .vscode/
- *.sops.*
- gotk-components.yaml
-extends: default
-rules:
- truthy:
- allowed-values: ["true", "false", "on"]
- comments:
- min-spaces-from-content: 1
- line-length: disable
- braces:
- min-spaces-inside: 0
- max-spaces-inside: 1
- brackets:
- min-spaces-inside: 0
- max-spaces-inside: 0
- indentation: disable
diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml
index dc74fb597..211c6de8a 100644
--- a/.github/workflows/renovate.yaml
+++ b/.github/workflows/renovate.yaml
@@ -1,23 +1,23 @@
name: "Renovate"
on:
- workflow_dispatch:
- inputs:
- dryRun:
- description: "Dry-Run"
- default: "false"
- required: false
- logLevel:
- description: "Log-Level"
- default: "debug"
- required: false
- schedule:
- - cron: "0 * * * *"
- push:
- branches: ["main"]
- paths:
- - ".github/renovate.json5"
- - ".github/renovate/**.json5"
+# workflow_dispatch:
+# inputs:
+# dryRun:
+# description: "Dry-Run"
+# default: "false"
+# required: false
+# logLevel:
+# description: "Log-Level"
+# default: "debug"
+# required: false
+# schedule:
+# - cron: "0 * * * *"
+# push:
+# branches: ["main"]
+# paths:
+# - ".github/renovate.json5"
+# - ".github/renovate/**.json5"
env:
LOG_LEVEL: debug
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index f296f7c81..5911b849a 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -3,13 +3,6 @@
# See https://pre-commit.com/hooks.html for more hooks
fail_fast: false
repos:
- - repo: https://github.com/adrienverge/yamllint.git
- rev: v1.28.0
- hooks:
- - id: yamllint
- args:
- - --config-file
- - .github/linters/.yamllint.yaml
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.4.0
hooks:
@@ -34,10 +27,3 @@ repos:
rev: v2.1.1
hooks:
- id: forbid-secrets
- - repo: https://github.com/igorshubovych/markdownlint-cli
- rev: v0.32.2
- hooks:
- - id: markdownlint
- args:
- - --config
- - ".github/linters/.markdownlint.yaml"
diff --git a/.sops.yaml b/.sops.yaml
index 5cef33cc8..66a29f8da 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -8,7 +8,7 @@ creation_rules:
key_groups:
- age:
- age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
- - path_regex: infrastructure/ansible/.*\.sops\.ya?ml
+ - path_regex: ansible/.*\.sops\.ya?ml
unencrypted_regex: ^(kind)$
key_groups:
- age:
@@ -17,4 +17,3 @@ creation_rules:
key_groups:
- age:
- age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
-
diff --git a/.taskfiles/Ansible/Tasks.yml b/.taskfiles/Ansible/Tasks.yml
new file mode 100644
index 000000000..75de87d05
--- /dev/null
+++ b/.taskfiles/Ansible/Tasks.yml
@@ -0,0 +1,13 @@
+---
+version: "3"
+
+tasks:
+
+ deps:
+ desc: Install/Upgrade Ansible deps
+ dir: '{{.ANSIBLE_DIR}}'
+ cmds:
+ - ansible-galaxy install -r requirements.yml --roles-path ~/.ansible/roles --force
+ - ansible-galaxy collection install -r requirements.yml --collections-path ~/.ansible/collections --force
+ preconditions:
+ - test -f "{{.ANSIBLE_DIR}}/requirements.yml"
diff --git a/.taskfiles/Flux/Tasks.yml b/.taskfiles/Flux/Tasks.yml
new file mode 100644
index 000000000..8ff335b19
--- /dev/null
+++ b/.taskfiles/Flux/Tasks.yml
@@ -0,0 +1,16 @@
+---
+version: "3"
+
+tasks:
+
+ sync:
+ desc: Sync Flux resources
+ cmds:
+ - |
+ kubectl get gitrepositories --all-namespaces --no-headers -A | awk '{print $1, $2}' \
+ | xargs --max-procs=4 -l bash -c \
+ 'kubectl -n $0 annotate gitrepositories $1 reconcile.fluxcd.io/requestedAt=$(date +%s) --field-manager=flux-client-side-apply --overwrite'
+ - |
+ kubectl get kustomization --all-namespaces --no-headers -A | awk '{print $1, $2}' \
+ | xargs --max-procs=4 -l bash -c \
+ 'kubectl -n $0 annotate kustomization $1 reconcile.fluxcd.io/requestedAt="$(date +%s)" --field-manager=flux-client-side-apply --overwrite'
diff --git a/.taskfiles/Kubernetes/Tasks.yml b/.taskfiles/Kubernetes/Tasks.yml
new file mode 100644
index 000000000..ca37ecbe0
--- /dev/null
+++ b/.taskfiles/Kubernetes/Tasks.yml
@@ -0,0 +1,48 @@
+---
+version: "3"
+
+tasks:
+
+ mount:
+ desc: Mount a PersistantVolumeClaim to a pod temporarily
+ interactive: true
+ vars:
+ claim: '{{ or .claim (fail "PersistentVolumeClaim `claim` is required") }}'
+ namespace: '{{.namespace | default "default"}}'
+ cmds:
+ - |
+ kubectl run -n {{.namespace}} debug-{{.claim}} -i --tty --rm --image=null --privileged --overrides='
+ {
+ "apiVersion": "v1",
+ "spec": {
+ "containers": [
+ {
+ "name": "debug",
+ "image": "ghcr.io/onedr0p/alpine:rolling",
+ "command": [
+ "/bin/bash"
+ ],
+ "stdin": true,
+ "stdinOnce": true,
+ "tty": true,
+ "volumeMounts": [
+ {
+ "name": "config",
+ "mountPath": "/data/config"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "config",
+ "persistentVolumeClaim": {
+ "claimName": "{{.claim}}"
+ }
+ }
+ ],
+ "restartPolicy": "Never"
+ }
+ }'
+ preconditions:
+ - kubectl -n {{.namespace}} get pvc {{.claim}}
diff --git a/.taskfiles/VolSync/ListJob.tmpl.yaml b/.taskfiles/VolSync/ListJob.tmpl.yaml
new file mode 100644
index 000000000..e43f5a9d8
--- /dev/null
+++ b/.taskfiles/VolSync/ListJob.tmpl.yaml
@@ -0,0 +1,19 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: "list-${rsrc}-${ts}"
+ namespace: "${namespace}"
+spec:
+ ttlSecondsAfterFinished: 3600
+ template:
+ spec:
+ automountServiceAccountToken: false
+ restartPolicy: OnFailure
+ containers:
+ - name: list
+ image: docker.io/restic/restic:0.14.0
+ args: ["snapshots"]
+ envFrom:
+ - secretRef:
+ name: "${rsrc}-restic"
diff --git a/.taskfiles/VolSync/ReplicationDestination.tmpl.yaml b/.taskfiles/VolSync/ReplicationDestination.tmpl.yaml
new file mode 100644
index 000000000..2e0fbcc0e
--- /dev/null
+++ b/.taskfiles/VolSync/ReplicationDestination.tmpl.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationDestination
+metadata:
+ name: "${rsrc}-${claim}-${ts}"
+ namespace: "${namespace}"
+spec:
+ trigger:
+ manual: restore-once
+ restic:
+ repository: "${rsrc}-restic"
+ destinationPVC: "${claim}"
+ copyMethod: Direct
+ # IMPORTANT NOTE:
+ # On bootstrap set `restoreAsOf` to the time the old cluster was destroyed.
+ # This will essentially prevent volsync from trying to restore a backup
+ # from a application that started with default data in the PVC.
+ # Do not restore snapshots made after the following RFC3339 Timestamp.
+ # date --rfc-3339=seconds (--utc)
+ # restoreAsOf: "2022-12-10T16:00:00-05:00"
diff --git a/.taskfiles/VolSync/Tasks.yml b/.taskfiles/VolSync/Tasks.yml
new file mode 100644
index 000000000..aed26fdae
--- /dev/null
+++ b/.taskfiles/VolSync/Tasks.yml
@@ -0,0 +1,136 @@
+---
+version: "3"
+
+x-task-vars: &task-vars
+ rsrc: '{{.rsrc}}'
+ controller: '{{.controller}}'
+ namespace: '{{.namespace}}'
+ claim: '{{.claim}}'
+ ts: '{{.ts}}'
+ kustomization: '{{.kustomization}}'
+
+vars:
+ destinationTemplate: "{{.PROJECT_DIR}}/.taskfiles/VolSync/ReplicationDestination.tmpl.yaml"
+ wipeJobTemplate: "{{.PROJECT_DIR}}/.taskfiles/VolSync/WipeJob.tmpl.yaml"
+ waitForJobScript: "{{.PROJECT_DIR}}/.taskfiles/VolSync/wait-for-job.sh"
+ listJobTemplate: "{{.PROJECT_DIR}}/.taskfiles/VolSync/ListJob.tmpl.yaml"
+ ts: '{{now | date "150405"}}'
+
+tasks:
+
+ list:
+ desc: List all snapshots taken by restic for a given ReplicationSource (ex. task vs:list rsrc=plex [namespace=default])
+ silent: true
+ cmds:
+ - envsubst < {{.listJobTemplate}} | kubectl apply -f -
+ - bash {{.waitForJobScript}} list-{{.rsrc}}-{{.ts}} {{.namespace}}
+ - kubectl -n {{.namespace}} wait job/list-{{.rsrc}}-{{.ts}} --for condition=complete --timeout=1m
+ - kubectl -n {{.namespace}} logs job/list-{{.rsrc}}-{{.ts}} --container list
+ - kubectl -n {{.namespace}} delete job list-{{.rsrc}}-{{.ts}}
+ vars:
+ rsrc: '{{ or .rsrc (fail "ReplicationSource `rsrc` is required") }}'
+ namespace: '{{.namespace | default "default"}}'
+ env: *task-vars
+ preconditions:
+ - sh: test -f {{.waitForJobScript}}
+ - sh: test -f {{.listJobTemplate}}
+
+ # To run backup jobs in parallel for all replicationsources:
+ # - kubectl get replicationsources --all-namespaces --no-headers | awk '{print $2, $1}' | xargs --max-procs=4 -l bash -c 'task vs:snapshot rsrc=$0 namespace=$1'
+ #
+ snapshot:
+ desc: Trigger a Restic ReplicationSource snapshot (ex. task vs:snapshot rsrc=plex [namespace=default])
+ cmds:
+ - kubectl -n {{.namespace}} patch replicationsources {{.rsrc}} --type merge -p '{"spec":{"trigger":{"manual":"{{.ts}}"}}}'
+ - bash {{.waitForJobScript}} volsync-src-{{.rsrc}} {{.namespace}}
+ - kubectl -n {{.namespace}} wait job/volsync-src-{{.rsrc}} --for condition=complete --timeout=120m
+ # TODO: Error from server (NotFound): jobs.batch "volsync-src-zzztest" not found
+ # - kubectl -n {{.namespace}} logs job/volsync-src-{{.rsrc}}
+ vars:
+ rsrc: '{{ or .rsrc (fail "ReplicationSource `rsrc` is required") }}'
+ namespace: '{{.namespace | default "default"}}'
+ env: *task-vars
+ preconditions:
+ - sh: test -f {{.waitForJobScript}}
+ - sh: kubectl -n {{.namespace}} get replicationsources {{.rsrc}}
+ msg: "ReplicationSource '{{.rsrc}}' not found in namespace '{{.namespace}}'"
+
+ # To run restore jobs in parallel for all replicationdestinations:
+ # - kubectl get replicationsources --all-namespaces --no-headers | awk '{print $2, $1}' | xargs --max-procs=4 -l bash -c 'task vs:restore rsrc=$0 namespace=$1'
+ #
+ restore:
+ desc: Trigger a Restic ReplicationSource restore (ex. task vs:restore rsrc=plex [namespace=default])
+ cmds:
+ - task: restore-suspend-app
+ vars: *task-vars
+ - task: restore-wipe-job
+ vars: *task-vars
+ - task: restore-volsync-job
+ vars: *task-vars
+ - task: restore-resume-app
+ vars: *task-vars
+ vars:
+ rsrc: '{{ or .rsrc (fail "Variable `rsrc` is required") }}'
+ namespace: '{{.namespace | default "default"}}'
+ # 1) Query to find the Flux Kustomization associated with the ReplicationSource (rsrc)
+ kustomization:
+ sh: |
+ kubectl -n {{.namespace}} get replicationsource {{.rsrc}} \
+ -o jsonpath="{.metadata.labels.kustomize\.toolkit\.fluxcd\.io/name}"
+ # 2) Query to find the Claim associated with the ReplicationSource (rsrc)
+ claim:
+ sh: |
+ kubectl -n {{.namespace}} get replicationsource {{.rsrc}} \
+ -o jsonpath="{.spec.sourcePVC}"
+ # 3) Query to find the controller associated with the PersistentVolumeClaim (claim)
+ controller:
+ sh: |
+ app=$(kubectl -n {{.namespace}} get persistentvolumeclaim {{.claim}} -o jsonpath="{.metadata.labels.app\.kubernetes\.io/name}")
+ if [[ $(kubectl -n {{.namespace}} get deployment ${app}) ]]; then
+ echo "deployments.apps/$app" && exit 0
+ fi
+ echo "statefulsets.apps/$app"
+ env: *task-vars
+ preconditions:
+ - sh: test -f {{.wipeJobTemplate}}
+ - sh: test -f {{.destinationTemplate}}
+ - sh: test -f {{.waitForJobScript}}
+
+ # Suspend the Flux ks and hr
+ restore-suspend-app:
+ internal: true
+ cmds:
+ - flux -n flux-system suspend kustomization {{.kustomization}}
+ - flux -n {{.namespace}} suspend helmrelease {{.rsrc}}
+ - kubectl -n {{.namespace}} scale {{.controller}} --replicas 0
+ - kubectl -n {{.namespace}} wait pod --for delete --selector="app.kubernetes.io/name={{.rsrc}}" --timeout=2m
+ env: *task-vars
+
+ # Wipe the PVC of all data
+ restore-wipe-job:
+ internal: true
+ cmds:
+ - envsubst < <(cat {{.wipeJobTemplate}}) | kubectl apply -f -
+ - bash {{.waitForJobScript}} wipe-{{.rsrc}}-{{.claim}}-{{.ts}} {{.namespace}}
+ - kubectl -n {{.namespace}} wait job/wipe-{{.rsrc}}-{{.claim}}-{{.ts}} --for condition=complete --timeout=120m
+ - kubectl -n {{.namespace}} logs job/wipe-{{.rsrc}}-{{.claim}}-{{.ts}} --container wipe
+ - kubectl -n {{.namespace}} delete job wipe-{{.rsrc}}-{{.claim}}-{{.ts}}
+ env: *task-vars
+
+ # Create VolSync replicationdestination CR to restore data
+ restore-volsync-job:
+ internal: true
+ cmds:
+ - envsubst < <(cat {{.destinationTemplate}}) | kubectl apply -f -
+ - bash {{.waitForJobScript}} volsync-dst-{{.rsrc}}-{{.claim}}-{{.ts}} {{.namespace}}
+ - kubectl -n {{.namespace}} wait job/volsync-dst-{{.rsrc}}-{{.claim}}-{{.ts}} --for condition=complete --timeout=120m
+ - kubectl -n {{.namespace}} delete replicationdestination {{.rsrc}}-{{.claim}}-{{.ts}}
+ env: *task-vars
+
+ # Resume Flux ks and hr
+ restore-resume-app:
+ internal: true
+ cmds:
+ - flux -n {{.namespace}} resume helmrelease {{.rsrc}}
+ - flux -n flux-system resume kustomization {{.kustomization}}
+ env: *task-vars
diff --git a/.taskfiles/VolSync/WipeJob.tmpl.yaml b/.taskfiles/VolSync/WipeJob.tmpl.yaml
new file mode 100644
index 000000000..ee0551d23
--- /dev/null
+++ b/.taskfiles/VolSync/WipeJob.tmpl.yaml
@@ -0,0 +1,25 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: "wipe-${rsrc}-${claim}-${ts}"
+ namespace: "${namespace}"
+spec:
+ ttlSecondsAfterFinished: 3600
+ template:
+ spec:
+ automountServiceAccountToken: false
+ restartPolicy: OnFailure
+ containers:
+ - name: wipe
+ image: ghcr.io/onedr0p/alpine:3.17.0@sha256:8e1eb13c3ca5c038f3bf22a5fe9e354867f97f98a78027c44b7c76fce81fa61d
+ command: ["/bin/bash", "-c", "cd /config; find . -delete"]
+ volumeMounts:
+ - name: config
+ mountPath: /config
+ securityContext:
+ privileged: true
+ volumes:
+ - name: config
+ persistentVolumeClaim:
+ claimName: "${claim}"
diff --git a/.taskfiles/VolSync/wait-for-job.sh b/.taskfiles/VolSync/wait-for-job.sh
new file mode 100755
index 000000000..32feaddd1
--- /dev/null
+++ b/.taskfiles/VolSync/wait-for-job.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+JOB_NAME=$1
+NAMESPACE="${2:-default}"
+
+[[ -z "${JOB_NAME}" ]] && echo "Job name not specified" && exit 1
+
+while true; do
+ STATUS="$(kubectl -n "${NAMESPACE}" get pod -l job-name="${JOB_NAME}" -o jsonpath='{.items[*].status.phase}')"
+ if [ "${STATUS}" == "Pending" ]; then
+ break
+ fi
+ sleep 1
+done
diff --git a/.taskfiles/kopia.yaml b/.taskfiles/kopia.yaml
index 58f057887..76314f25e 100644
--- a/.taskfiles/kopia.yaml
+++ b/.taskfiles/kopia.yaml
@@ -12,8 +12,8 @@ x-preconditions: &preconditions
msg: "Claim '{{.CLAIM}}' in namespace '{{.NAMESPACE}}' not found"
sh: kubectl get pvc -n {{.NAMESPACE}} {{.CLAIM}}
- &has-restore-job-file
- msg: "File '{{.PROJECT_DIR}}/kubernetes/tools/kopia-restore.yaml' not found"
- sh: "test -f {{.PROJECT_DIR}}/kubernetes/tools/kopia-restore.yaml"
+ msg: "File '{{.PROJECT_DIR}}/tools/kopia-restore.yaml' not found"
+ sh: "test -f {{.PROJECT_DIR}}/tools/kopia-restore.yaml"
x-vars: &vars
NAMESPACE:
diff --git a/Taskfile.yml b/Taskfile.yml
index 71c36732a..c3ff0f097 100644
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -4,7 +4,18 @@ version: "3"
vars:
PROJECT_DIR:
sh: "git rev-parse --show-toplevel"
- CLUSTER_DIR: "{{.PROJECT_DIR}}/cluster"
+ ANSIBLE_DIR: "{{.PROJECT_DIR}}/ansible"
+ CLUSTER_DIR: "{{.PROJECT_DIR}}/kubernetes"
includes:
+ an: .taskfiles/Ansible/Tasks.yml
+ fx: .taskfiles/Flux/Tasks.yml
kopia: .taskfiles/kopia.yaml
+ ku: .taskfiles/Kubernetes/Tasks.yml
+ vs: .taskfiles/VolSync/Tasks.yml
+
+tasks:
+
+ default:
+ silent: true
+ cmds: ["task -l"]
diff --git a/infrastructure/ansible/.ansible-lint b/ansible/.ansible-lint
similarity index 100%
rename from infrastructure/ansible/.ansible-lint
rename to ansible/.ansible-lint
diff --git a/infrastructure/ansible/.envrc b/ansible/.envrc
similarity index 100%
rename from infrastructure/ansible/.envrc
rename to ansible/.envrc
diff --git a/infrastructure/ansible/ansible.cfg b/ansible/ansible.cfg
similarity index 100%
rename from infrastructure/ansible/ansible.cfg
rename to ansible/ansible.cfg
diff --git a/infrastructure/ansible/inventory/group_vars/all/all.sops.yml b/ansible/inventory/group_vars/all/all.sops.yml
similarity index 100%
rename from infrastructure/ansible/inventory/group_vars/all/all.sops.yml
rename to ansible/inventory/group_vars/all/all.sops.yml
diff --git a/infrastructure/ansible/inventory/group_vars/all/wireguard.sops.yml b/ansible/inventory/group_vars/all/wireguard.sops.yml
similarity index 100%
rename from infrastructure/ansible/inventory/group_vars/all/wireguard.sops.yml
rename to ansible/inventory/group_vars/all/wireguard.sops.yml
diff --git a/infrastructure/ansible/inventory/host_vars/truenas-remote.sops.yaml b/ansible/inventory/host_vars/truenas-remote.sops.yaml
similarity index 100%
rename from infrastructure/ansible/inventory/host_vars/truenas-remote.sops.yaml
rename to ansible/inventory/host_vars/truenas-remote.sops.yaml
diff --git a/infrastructure/ansible/inventory/host_vars/truenas-remote.yaml b/ansible/inventory/host_vars/truenas-remote.yaml
similarity index 100%
rename from infrastructure/ansible/inventory/host_vars/truenas-remote.yaml
rename to ansible/inventory/host_vars/truenas-remote.yaml
diff --git a/infrastructure/ansible/inventory/host_vars/truenas.sops.yaml b/ansible/inventory/host_vars/truenas.sops.yaml
similarity index 100%
rename from infrastructure/ansible/inventory/host_vars/truenas.sops.yaml
rename to ansible/inventory/host_vars/truenas.sops.yaml
diff --git a/infrastructure/ansible/inventory/host_vars/truenas.yaml b/ansible/inventory/host_vars/truenas.yaml
similarity index 100%
rename from infrastructure/ansible/inventory/host_vars/truenas.yaml
rename to ansible/inventory/host_vars/truenas.yaml
diff --git a/infrastructure/ansible/inventory/hosts.yml b/ansible/inventory/hosts.yml
similarity index 100%
rename from infrastructure/ansible/inventory/hosts.yml
rename to ansible/inventory/hosts.yml
diff --git a/infrastructure/ansible/playbooks/bootstrap_ansible.yml b/ansible/playbooks/bootstrap_ansible.yml
similarity index 100%
rename from infrastructure/ansible/playbooks/bootstrap_ansible.yml
rename to ansible/playbooks/bootstrap_ansible.yml
diff --git a/infrastructure/ansible/playbooks/coreelec.yml b/ansible/playbooks/coreelec.yml
similarity index 100%
rename from infrastructure/ansible/playbooks/coreelec.yml
rename to ansible/playbooks/coreelec.yml
diff --git a/infrastructure/ansible/playbooks/truenas.yml b/ansible/playbooks/truenas.yml
similarity index 100%
rename from infrastructure/ansible/playbooks/truenas.yml
rename to ansible/playbooks/truenas.yml
diff --git a/infrastructure/ansible/playbooks/workstation-work.yaml b/ansible/playbooks/workstation-work.yaml
similarity index 100%
rename from infrastructure/ansible/playbooks/workstation-work.yaml
rename to ansible/playbooks/workstation-work.yaml
diff --git a/infrastructure/ansible/playbooks/workstation.yml b/ansible/playbooks/workstation.yml
similarity index 100%
rename from infrastructure/ansible/playbooks/workstation.yml
rename to ansible/playbooks/workstation.yml
diff --git a/infrastructure/ansible/requirements.yml b/ansible/requirements.yml
similarity index 63%
rename from infrastructure/ansible/requirements.yml
rename to ansible/requirements.yml
index e7871a64e..98e8ae890 100644
--- a/infrastructure/ansible/requirements.yml
+++ b/ansible/requirements.yml
@@ -8,7 +8,3 @@ collections:
version: 2.3.2
- name: community.sops
version: 1.5.0
-roles:
- - name: xanmanning.k3s
- src: https://github.com/PyratLabs/ansible-role-k3s.git
- version: v3.3.1
diff --git a/infrastructure/ansible/roles/coreelec/defaults/main.yml b/ansible/roles/coreelec/defaults/main.yml
similarity index 100%
rename from infrastructure/ansible/roles/coreelec/defaults/main.yml
rename to ansible/roles/coreelec/defaults/main.yml
diff --git a/infrastructure/ansible/roles/coreelec/files/backup.bash b/ansible/roles/coreelec/files/backup.bash
similarity index 100%
rename from infrastructure/ansible/roles/coreelec/files/backup.bash
rename to ansible/roles/coreelec/files/backup.bash
diff --git a/infrastructure/ansible/roles/coreelec/tasks/backup.yml b/ansible/roles/coreelec/tasks/backup.yml
similarity index 100%
rename from infrastructure/ansible/roles/coreelec/tasks/backup.yml
rename to ansible/roles/coreelec/tasks/backup.yml
diff --git a/infrastructure/ansible/roles/coreelec/tasks/main.yml b/ansible/roles/coreelec/tasks/main.yml
similarity index 100%
rename from infrastructure/ansible/roles/coreelec/tasks/main.yml
rename to ansible/roles/coreelec/tasks/main.yml
diff --git a/infrastructure/ansible/roles/coreelec/tasks/nfs.yml b/ansible/roles/coreelec/tasks/nfs.yml
similarity index 100%
rename from infrastructure/ansible/roles/coreelec/tasks/nfs.yml
rename to ansible/roles/coreelec/tasks/nfs.yml
diff --git a/infrastructure/ansible/roles/coreelec/templates/storage-nfs.mount b/ansible/roles/coreelec/templates/storage-nfs.mount
similarity index 100%
rename from infrastructure/ansible/roles/coreelec/templates/storage-nfs.mount
rename to ansible/roles/coreelec/templates/storage-nfs.mount
diff --git a/infrastructure/ansible/roles/truenas/defaults/main.yml b/ansible/roles/truenas/defaults/main.yml
similarity index 100%
rename from infrastructure/ansible/roles/truenas/defaults/main.yml
rename to ansible/roles/truenas/defaults/main.yml
diff --git a/infrastructure/ansible/roles/truenas/files/scripts/certificates_deploy.py b/ansible/roles/truenas/files/scripts/certificates_deploy.py
similarity index 99%
rename from infrastructure/ansible/roles/truenas/files/scripts/certificates_deploy.py
rename to ansible/roles/truenas/files/scripts/certificates_deploy.py
index 1fab27e11..cb18f6d32 100644
--- a/infrastructure/ansible/roles/truenas/files/scripts/certificates_deploy.py
+++ b/ansible/roles/truenas/files/scripts/certificates_deploy.py
@@ -227,7 +227,7 @@ try:
PROTOCOL + FREENAS_ADDRESS + ':' + PORT + '/api/v2.0/system/general/ui_restart',
verify=VERIFY
)
-
+
if r.status_code == 200:
print ("Reloading WebUI successful")
print ("deploy_freenas.py executed successfully")
diff --git a/infrastructure/ansible/roles/truenas/files/scripts/snapshots_clearempty.py b/ansible/roles/truenas/files/scripts/snapshots_clearempty.py
similarity index 100%
rename from infrastructure/ansible/roles/truenas/files/scripts/snapshots_clearempty.py
rename to ansible/roles/truenas/files/scripts/snapshots_clearempty.py
diff --git a/infrastructure/ansible/roles/truenas/files/scripts/snapshots_prune.py b/ansible/roles/truenas/files/scripts/snapshots_prune.py
similarity index 100%
rename from infrastructure/ansible/roles/truenas/files/scripts/snapshots_prune.py
rename to ansible/roles/truenas/files/scripts/snapshots_prune.py
diff --git a/infrastructure/ansible/roles/truenas/files/scripts/telegraf_hddtemp.bash b/ansible/roles/truenas/files/scripts/telegraf_hddtemp.bash
similarity index 97%
rename from infrastructure/ansible/roles/truenas/files/scripts/telegraf_hddtemp.bash
rename to ansible/roles/truenas/files/scripts/telegraf_hddtemp.bash
index ba5e24212..4f0d32d0a 100644
--- a/infrastructure/ansible/roles/truenas/files/scripts/telegraf_hddtemp.bash
+++ b/ansible/roles/truenas/files/scripts/telegraf_hddtemp.bash
@@ -11,7 +11,7 @@ do
# Get temperature from smartctl (requires root).
[[ "${i}" = *"ada"* ]] && TEMP=$(/usr/local/sbin/smartctl -l scttemp /dev/$i | grep '^Current Temperature:' | awk '{print $3}')
[[ "${i}" = *"nvd"* ]] && DEVICE_NUMBER=$(echo ${i} | cut -c 4) && TEMP=$(smartctl -a /dev/nvme${DEVICE_NUMBER} | grep Temperature: | head -1 | awk '{print $2}')
-
+
if [ ${TEMP:-0} -gt 0 ]
then
JSON=$(echo "${JSON}{")
@@ -25,4 +25,4 @@ done
# Remove trailing "," on last field.
JSON=$(echo ${JSON} | sed 's/,$//')
-echo -e "${JSON}]"
\ No newline at end of file
+echo -e "${JSON}]"
diff --git a/infrastructure/ansible/roles/truenas/handlers/main.yml b/ansible/roles/truenas/handlers/main.yml
similarity index 100%
rename from infrastructure/ansible/roles/truenas/handlers/main.yml
rename to ansible/roles/truenas/handlers/main.yml
diff --git a/infrastructure/ansible/roles/truenas/tasks/directories.yml b/ansible/roles/truenas/tasks/directories.yml
similarity index 100%
rename from infrastructure/ansible/roles/truenas/tasks/directories.yml
rename to ansible/roles/truenas/tasks/directories.yml
diff --git a/infrastructure/ansible/roles/truenas/tasks/main.yml b/ansible/roles/truenas/tasks/main.yml
similarity index 100%
rename from infrastructure/ansible/roles/truenas/tasks/main.yml
rename to ansible/roles/truenas/tasks/main.yml
diff --git a/infrastructure/ansible/roles/truenas/tasks/scripts.yml b/ansible/roles/truenas/tasks/scripts.yml
similarity index 100%
rename from infrastructure/ansible/roles/truenas/tasks/scripts.yml
rename to ansible/roles/truenas/tasks/scripts.yml
diff --git a/infrastructure/ansible/roles/truenas/tasks/telegraf.yml b/ansible/roles/truenas/tasks/telegraf.yml
similarity index 100%
rename from infrastructure/ansible/roles/truenas/tasks/telegraf.yml
rename to ansible/roles/truenas/tasks/telegraf.yml
diff --git a/infrastructure/ansible/roles/truenas/tasks/wireguard.yml b/ansible/roles/truenas/tasks/wireguard.yml
similarity index 100%
rename from infrastructure/ansible/roles/truenas/tasks/wireguard.yml
rename to ansible/roles/truenas/tasks/wireguard.yml
diff --git a/infrastructure/ansible/roles/truenas/templates/postgres/pg_hba.conf b/ansible/roles/truenas/templates/postgres/pg_hba.conf
similarity index 100%
rename from infrastructure/ansible/roles/truenas/templates/postgres/pg_hba.conf
rename to ansible/roles/truenas/templates/postgres/pg_hba.conf
diff --git a/infrastructure/ansible/roles/truenas/templates/scripts/backupconfig_cloudsync_pre.bash b/ansible/roles/truenas/templates/scripts/backupconfig_cloudsync_pre.bash
similarity index 100%
rename from infrastructure/ansible/roles/truenas/templates/scripts/backupconfig_cloudsync_pre.bash
rename to ansible/roles/truenas/templates/scripts/backupconfig_cloudsync_pre.bash
diff --git a/infrastructure/ansible/roles/truenas/templates/scripts/certificates_deploy.bash b/ansible/roles/truenas/templates/scripts/certificates_deploy.bash
similarity index 100%
rename from infrastructure/ansible/roles/truenas/templates/scripts/certificates_deploy.bash
rename to ansible/roles/truenas/templates/scripts/certificates_deploy.bash
diff --git a/infrastructure/ansible/roles/truenas/templates/scripts/certificates_deploy.conf b/ansible/roles/truenas/templates/scripts/certificates_deploy.conf
similarity index 98%
rename from infrastructure/ansible/roles/truenas/templates/scripts/certificates_deploy.conf
rename to ansible/roles/truenas/templates/scripts/certificates_deploy.conf
index c37de9a73..b6186ba77 100644
--- a/infrastructure/ansible/roles/truenas/templates/scripts/certificates_deploy.conf
+++ b/ansible/roles/truenas/templates/scripts/certificates_deploy.conf
@@ -6,7 +6,7 @@
# You can generate a new API key in the web interface under "Settings" (upper right) > "API Keys".
api_key = {{ root_api_key }}
# If you are on FreeNAS 11 or lower, set this to your FreeNAS root password
-# password =
+# password =
# Everything below here is optional
@@ -45,4 +45,4 @@ fullchain_path = {{ certificates_dir }}/fullchain.pem
{% if service_s3 is defined %}
s3_enabled = true
-{% endif %}
\ No newline at end of file
+{% endif %}
diff --git a/infrastructure/ansible/roles/truenas/templates/scripts/report_pools.sh b/ansible/roles/truenas/templates/scripts/report_pools.sh
similarity index 100%
rename from infrastructure/ansible/roles/truenas/templates/scripts/report_pools.sh
rename to ansible/roles/truenas/templates/scripts/report_pools.sh
diff --git a/infrastructure/ansible/roles/truenas/templates/scripts/report_smart.sh b/ansible/roles/truenas/templates/scripts/report_smart.sh
similarity index 100%
rename from infrastructure/ansible/roles/truenas/templates/scripts/report_smart.sh
rename to ansible/roles/truenas/templates/scripts/report_smart.sh
diff --git a/infrastructure/ansible/roles/truenas/templates/scripts/report_ups.sh b/ansible/roles/truenas/templates/scripts/report_ups.sh
similarity index 100%
rename from infrastructure/ansible/roles/truenas/templates/scripts/report_ups.sh
rename to ansible/roles/truenas/templates/scripts/report_ups.sh
diff --git a/infrastructure/ansible/roles/truenas/templates/scripts/snapshots_prune.sh b/ansible/roles/truenas/templates/scripts/snapshots_prune.sh
similarity index 100%
rename from infrastructure/ansible/roles/truenas/templates/scripts/snapshots_prune.sh
rename to ansible/roles/truenas/templates/scripts/snapshots_prune.sh
diff --git a/infrastructure/ansible/roles/truenas/templates/telegraf/telegraf.conf b/ansible/roles/truenas/templates/telegraf/telegraf.conf
similarity index 100%
rename from infrastructure/ansible/roles/truenas/templates/telegraf/telegraf.conf
rename to ansible/roles/truenas/templates/telegraf/telegraf.conf
diff --git a/infrastructure/ansible/roles/truenas/templates/wireguard/ip-check.bash b/ansible/roles/truenas/templates/wireguard/ip-check.bash
similarity index 99%
rename from infrastructure/ansible/roles/truenas/templates/wireguard/ip-check.bash
rename to ansible/roles/truenas/templates/wireguard/ip-check.bash
index cb8c1416d..db3de415c 100644
--- a/infrastructure/ansible/roles/truenas/templates/wireguard/ip-check.bash
+++ b/ansible/roles/truenas/templates/wireguard/ip-check.bash
@@ -2,7 +2,7 @@
# Check status of interface
# {{ wg_interface }}: name of the interface to check
# {{ dns_hostname }}: the name of the peer whose IP should be checked
-
+
cip=$(wg show {{ wg_interface }} endpoints | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}")
echo "Wireguard peer IP from Interface: $cip"
pingip=$(ping -c 1 {{ ping_ip }} &> /dev/null && echo success || echo fail) #change ip to target server
diff --git a/infrastructure/ansible/roles/truenas/templates/wireguard/truenas-remote.xpander.ovh.conf b/ansible/roles/truenas/templates/wireguard/truenas-remote.xpander.ovh.conf
similarity index 100%
rename from infrastructure/ansible/roles/truenas/templates/wireguard/truenas-remote.xpander.ovh.conf
rename to ansible/roles/truenas/templates/wireguard/truenas-remote.xpander.ovh.conf
diff --git a/infrastructure/ansible/roles/truenas/vars/main.yml b/ansible/roles/truenas/vars/main.yml
similarity index 100%
rename from infrastructure/ansible/roles/truenas/vars/main.yml
rename to ansible/roles/truenas/vars/main.yml
diff --git a/infrastructure/ansible/roles/workstation/defaults/main.yml b/ansible/roles/workstation/defaults/main.yml
similarity index 100%
rename from infrastructure/ansible/roles/workstation/defaults/main.yml
rename to ansible/roles/workstation/defaults/main.yml
diff --git a/infrastructure/ansible/roles/workstation/files/scripts/backup-local-usb-disk-one.bash b/ansible/roles/workstation/files/scripts/backup-local-usb-disk-one.bash
similarity index 96%
rename from infrastructure/ansible/roles/workstation/files/scripts/backup-local-usb-disk-one.bash
rename to ansible/roles/workstation/files/scripts/backup-local-usb-disk-one.bash
index 242d09bc8..4180eac28 100755
--- a/infrastructure/ansible/roles/workstation/files/scripts/backup-local-usb-disk-one.bash
+++ b/ansible/roles/workstation/files/scripts/backup-local-usb-disk-one.bash
@@ -8,4 +8,4 @@ sudo rsync -avhP /mnt/documents/ /run/media/claude/local-backups/documents/ --de
sudo rsync -avhP /mnt/downloads/ /run/media/claude/local-backups/downloads/ --delete
sudo rsync -avhP /mnt/photo/ /run/media/claude/local-backups/photo/ --delete
sudo rsync -avhP /mnt/piracy/ /run/media/claude/local-backups/piracy/ --delete
-sudo rsync -avhP /mnt/iocage/jails/ /run/media/claude/local-backups/jails/ --delete
\ No newline at end of file
+sudo rsync -avhP /mnt/iocage/jails/ /run/media/claude/local-backups/jails/ --delete
diff --git a/infrastructure/ansible/roles/workstation/files/scripts/backup-local-usb-disk-two.bash b/ansible/roles/workstation/files/scripts/backup-local-usb-disk-two.bash
similarity index 96%
rename from infrastructure/ansible/roles/workstation/files/scripts/backup-local-usb-disk-two.bash
rename to ansible/roles/workstation/files/scripts/backup-local-usb-disk-two.bash
index fb34855b0..8935c6ad7 100755
--- a/infrastructure/ansible/roles/workstation/files/scripts/backup-local-usb-disk-two.bash
+++ b/ansible/roles/workstation/files/scripts/backup-local-usb-disk-two.bash
@@ -6,4 +6,4 @@ mkdir -p /run/media/claude/local-backups/home/{claude,helene}
sudo rsync -avhP /mnt/home-claude/ /run/media/claude/local-backups/home/claude/ --delete
sudo rsync -avhP /mnt/home-helene/ /run/media/claude/local-backups/home/helene/ --delete
-sudo rsync -avhP /mnt/music/ /run/media/claude/local-backups/music/ --delete
\ No newline at end of file
+sudo rsync -avhP /mnt/music/ /run/media/claude/local-backups/music/ --delete
diff --git a/infrastructure/ansible/roles/workstation/files/scripts/update-pip.bash b/ansible/roles/workstation/files/scripts/update-pip.bash
similarity index 61%
rename from infrastructure/ansible/roles/workstation/files/scripts/update-pip.bash
rename to ansible/roles/workstation/files/scripts/update-pip.bash
index fba7f73d0..e56c843dd 100644
--- a/infrastructure/ansible/roles/workstation/files/scripts/update-pip.bash
+++ b/ansible/roles/workstation/files/scripts/update-pip.bash
@@ -1,3 +1,3 @@
#!/bin/bash
-pip3 list --outdated --user --format=freeze | grep -v '^\-e' | cut -d = -f 1 | xargs -n1 pip3 install -U --user
\ No newline at end of file
+pip3 list --outdated --user --format=freeze | grep -v '^\-e' | cut -d = -f 1 | xargs -n1 pip3 install -U --user
diff --git a/infrastructure/ansible/roles/workstation/files/throttled/throttled.conf b/ansible/roles/workstation/files/throttled/throttled.conf
similarity index 100%
rename from infrastructure/ansible/roles/workstation/files/throttled/throttled.conf
rename to ansible/roles/workstation/files/throttled/throttled.conf
diff --git a/infrastructure/ansible/roles/workstation/files/yum/vscodium.repo b/ansible/roles/workstation/files/yum/vscodium.repo
similarity index 100%
rename from infrastructure/ansible/roles/workstation/files/yum/vscodium.repo
rename to ansible/roles/workstation/files/yum/vscodium.repo
diff --git a/infrastructure/ansible/roles/workstation/files/yum/yum.conf b/ansible/roles/workstation/files/yum/yum.conf
similarity index 79%
rename from infrastructure/ansible/roles/workstation/files/yum/yum.conf
rename to ansible/roles/workstation/files/yum/yum.conf
index 2dc022fd9..68e4530e0 100644
--- a/infrastructure/ansible/roles/workstation/files/yum/yum.conf
+++ b/ansible/roles/workstation/files/yum/yum.conf
@@ -1,2 +1,2 @@
#https://www.2daygeek.com/remove-delete-old-unused-kernels-centos-fedora-rhel/
-installonly_limit=3
\ No newline at end of file
+installonly_limit=3
diff --git a/infrastructure/ansible/roles/workstation/tasks/chezmoi.yml b/ansible/roles/workstation/tasks/chezmoi.yml
similarity index 100%
rename from infrastructure/ansible/roles/workstation/tasks/chezmoi.yml
rename to ansible/roles/workstation/tasks/chezmoi.yml
diff --git a/infrastructure/ansible/roles/workstation/tasks/gnome.yml b/ansible/roles/workstation/tasks/gnome.yml
similarity index 100%
rename from infrastructure/ansible/roles/workstation/tasks/gnome.yml
rename to ansible/roles/workstation/tasks/gnome.yml
diff --git a/infrastructure/ansible/roles/workstation/tasks/gpg.yml b/ansible/roles/workstation/tasks/gpg.yml
similarity index 100%
rename from infrastructure/ansible/roles/workstation/tasks/gpg.yml
rename to ansible/roles/workstation/tasks/gpg.yml
diff --git a/infrastructure/ansible/roles/workstation/tasks/main.yml b/ansible/roles/workstation/tasks/main.yml
similarity index 100%
rename from infrastructure/ansible/roles/workstation/tasks/main.yml
rename to ansible/roles/workstation/tasks/main.yml
diff --git a/infrastructure/ansible/roles/workstation/tasks/nfs.yml b/ansible/roles/workstation/tasks/nfs.yml
similarity index 100%
rename from infrastructure/ansible/roles/workstation/tasks/nfs.yml
rename to ansible/roles/workstation/tasks/nfs.yml
diff --git a/infrastructure/ansible/roles/workstation/tasks/packages-claude-fixe-fedora.yml b/ansible/roles/workstation/tasks/packages-claude-fixe-fedora.yml
similarity index 100%
rename from infrastructure/ansible/roles/workstation/tasks/packages-claude-fixe-fedora.yml
rename to ansible/roles/workstation/tasks/packages-claude-fixe-fedora.yml
diff --git a/infrastructure/ansible/roles/workstation/tasks/packages-claude-thinkpad-fedora.yml b/ansible/roles/workstation/tasks/packages-claude-thinkpad-fedora.yml
similarity index 100%
rename from infrastructure/ansible/roles/workstation/tasks/packages-claude-thinkpad-fedora.yml
rename to ansible/roles/workstation/tasks/packages-claude-thinkpad-fedora.yml
diff --git a/infrastructure/ansible/roles/workstation/tasks/packages-common.yml b/ansible/roles/workstation/tasks/packages-common.yml
similarity index 100%
rename from infrastructure/ansible/roles/workstation/tasks/packages-common.yml
rename to ansible/roles/workstation/tasks/packages-common.yml
diff --git a/infrastructure/ansible/roles/workstation/tasks/packages-post.yml b/ansible/roles/workstation/tasks/packages-post.yml
similarity index 100%
rename from infrastructure/ansible/roles/workstation/tasks/packages-post.yml
rename to ansible/roles/workstation/tasks/packages-post.yml
diff --git a/infrastructure/ansible/roles/workstation/tasks/packages-prerequisites.yml b/ansible/roles/workstation/tasks/packages-prerequisites.yml
similarity index 100%
rename from infrastructure/ansible/roles/workstation/tasks/packages-prerequisites.yml
rename to ansible/roles/workstation/tasks/packages-prerequisites.yml
diff --git a/infrastructure/ansible/roles/workstation/tasks/repositories.yml b/ansible/roles/workstation/tasks/repositories.yml
similarity index 100%
rename from infrastructure/ansible/roles/workstation/tasks/repositories.yml
rename to ansible/roles/workstation/tasks/repositories.yml
diff --git a/infrastructure/ansible/roles/workstation/tasks/scripts.yml b/ansible/roles/workstation/tasks/scripts.yml
similarity index 100%
rename from infrastructure/ansible/roles/workstation/tasks/scripts.yml
rename to ansible/roles/workstation/tasks/scripts.yml
diff --git a/infrastructure/ansible/roles/workstation/tasks/shell.yml b/ansible/roles/workstation/tasks/shell.yml
similarity index 100%
rename from infrastructure/ansible/roles/workstation/tasks/shell.yml
rename to ansible/roles/workstation/tasks/shell.yml
diff --git a/infrastructure/ansible/roles/workstation/tasks/system.yml b/ansible/roles/workstation/tasks/system.yml
similarity index 100%
rename from infrastructure/ansible/roles/workstation/tasks/system.yml
rename to ansible/roles/workstation/tasks/system.yml
diff --git a/infrastructure/ansible/roles/workstation/tasks/wireguard.yml b/ansible/roles/workstation/tasks/wireguard.yml
similarity index 100%
rename from infrastructure/ansible/roles/workstation/tasks/wireguard.yml
rename to ansible/roles/workstation/tasks/wireguard.yml
diff --git a/infrastructure/ansible/roles/workstation/templates/application.desktop b/ansible/roles/workstation/templates/application.desktop
similarity index 85%
rename from infrastructure/ansible/roles/workstation/templates/application.desktop
rename to ansible/roles/workstation/templates/application.desktop
index f755d5a1c..aa620b951 100644
--- a/infrastructure/ansible/roles/workstation/templates/application.desktop
+++ b/ansible/roles/workstation/templates/application.desktop
@@ -6,4 +6,4 @@ Exec={{ item.path }}/{{ item.command }}
Type=Application
Categories={{ item.categories }}
Path={{ item.path }}
-X-Desktop-File-Install-Version=0.26
\ No newline at end of file
+X-Desktop-File-Install-Version=0.26
diff --git a/infrastructure/ansible/roles/workstation/templates/chezmoi.toml.j2 b/ansible/roles/workstation/templates/chezmoi.toml.j2
similarity index 100%
rename from infrastructure/ansible/roles/workstation/templates/chezmoi.toml.j2
rename to ansible/roles/workstation/templates/chezmoi.toml.j2
diff --git a/infrastructure/ansible/roles/workstation/templates/wireguard/claude-thinkpad-fedora.conf b/ansible/roles/workstation/templates/wireguard/claude-thinkpad-fedora.conf
similarity index 100%
rename from infrastructure/ansible/roles/workstation/templates/wireguard/claude-thinkpad-fedora.conf
rename to ansible/roles/workstation/templates/wireguard/claude-thinkpad-fedora.conf
diff --git a/infrastructure/ansible/roles/workstation/vars/claude-fixe-fedora.yml b/ansible/roles/workstation/vars/claude-fixe-fedora.yml
similarity index 100%
rename from infrastructure/ansible/roles/workstation/vars/claude-fixe-fedora.yml
rename to ansible/roles/workstation/vars/claude-fixe-fedora.yml
diff --git a/infrastructure/ansible/roles/workstation/vars/claude-thinkpad-fedora.yml b/ansible/roles/workstation/vars/claude-thinkpad-fedora.yml
similarity index 100%
rename from infrastructure/ansible/roles/workstation/vars/claude-thinkpad-fedora.yml
rename to ansible/roles/workstation/vars/claude-thinkpad-fedora.yml
diff --git a/infrastructure/talos/.gitignore b/infrastructure/talos/.gitignore
deleted file mode 100644
index 8b234633c..000000000
--- a/infrastructure/talos/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-charts
-clusterconfig
\ No newline at end of file
diff --git a/kubernetes/cluster-0/apps/networking/cert-manager/helmrelease.yaml b/kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml
similarity index 96%
rename from kubernetes/cluster-0/apps/networking/cert-manager/helmrelease.yaml
rename to kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml
index 47a66b10b..94d835d3f 100644
--- a/kubernetes/cluster-0/apps/networking/cert-manager/helmrelease.yaml
+++ b/kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml
@@ -4,7 +4,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: cert-manager
- namespace: default
+ namespace: cert-manager
spec:
interval: 15m
chart:
diff --git a/kubernetes/apps/cert-manager/cert-manager/app/kustomization.yaml b/kubernetes/apps/cert-manager/cert-manager/app/kustomization.yaml
new file mode 100644
index 000000000..3c615797e
--- /dev/null
+++ b/kubernetes/apps/cert-manager/cert-manager/app/kustomization.yaml
@@ -0,0 +1,18 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: cert-manager
+resources:
+ - ./helmrelease.yaml
+ - ./prometheusrule.yaml
+configMapGenerator:
+ - name: cert-manager-dashboard
+ files:
+ - cert-manager-dashboard.json=https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/cert-manager/dashboards/cert-manager.json
+generatorOptions:
+ disableNameSuffixHash: true
+ annotations:
+ kustomize.toolkit.fluxcd.io/substitute: disabled
+ labels:
+ grafana_dashboard: "true"
diff --git a/kubernetes/cluster-0/apps/networking/cert-manager/prometheus-rule.yaml b/kubernetes/apps/cert-manager/cert-manager/app/prometheusrule.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/networking/cert-manager/prometheus-rule.yaml
rename to kubernetes/apps/cert-manager/cert-manager/app/prometheusrule.yaml
diff --git a/kubernetes/apps/cert-manager/cert-manager/ks.yaml b/kubernetes/apps/cert-manager/cert-manager/ks.yaml
new file mode 100644
index 000000000..a6a26b3c9
--- /dev/null
+++ b/kubernetes/apps/cert-manager/cert-manager/ks.yaml
@@ -0,0 +1,48 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-cert-manager
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/cert-manager/cert-manager/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: cert-manager
+ namespace: cert-manager
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-cert-manager-webhook-ovh
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-cert-manager
+ path: ./kubernetes/apps/cert-manager/cert-manager/webhook-ovh
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: cert-manager-webhook-ovh
+ namespace: cert-manager
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/apps/cert-manager/cert-manager/webhook-ovh/helmrelease.yaml b/kubernetes/apps/cert-manager/cert-manager/webhook-ovh/helmrelease.yaml
new file mode 100644
index 000000000..6996b7d8a
--- /dev/null
+++ b/kubernetes/apps/cert-manager/cert-manager/webhook-ovh/helmrelease.yaml
@@ -0,0 +1,58 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: cert-manager-webhook-ovh
+ namespace: cert-manager
+spec:
+ interval: 15m
+ chart:
+ spec:
+ chart: cert-manager-webhook-ovh
+ version: v0.4.0
+ sourceRef:
+ kind: HelmRepository
+ name: cert-manager-webhook-ovh
+ namespace: flux-system
+ dependsOn:
+ - name: cert-manager
+ namespace: cert-manager
+ values:
+ groupName: "${SECRET_DOMAIN}"
+ certManager:
+ namespace: cert-manager
+ serviceAccountName: cert-manager
+ issuers:
+ - name: letsencrypt-staging
+ create: true
+ kind: ClusterIssuer
+ acmeServerUrl: https://acme-staging-v02.api.letsencrypt.org/directory
+ email: "${SECRET_CLUSTER_DOMAIN_EMAIL}"
+ ovhEndpointName: ovh-eu
+ ovhAuthenticationRef:
+ applicationKeyRef:
+ name: ovh-credentials
+ key: applicationKey
+ applicationSecretRef:
+ name: ovh-credentials
+ key: applicationSecret
+ consumerKeyRef:
+ name: ovh-credentials
+ key: consumerKey
+ - name: letsencrypt-production
+ create: true
+ kind: ClusterIssuer
+ acmeServerUrl: https://acme-v02.api.letsencrypt.org/directory
+ email: "${SECRET_CLUSTER_DOMAIN_EMAIL}"
+ ovhEndpointName: ovh-eu
+ ovhAuthenticationRef:
+ applicationKeyRef:
+ name: ovh-credentials
+ key: applicationKey
+ applicationSecretRef:
+ name: ovh-credentials
+ key: applicationSecret
+ consumerKeyRef:
+ name: ovh-credentials
+ key: consumerKey
diff --git a/kubernetes/cluster-0/apps/security/crowdsec/kustomization.yaml b/kubernetes/apps/cert-manager/cert-manager/webhook-ovh/kustomization.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/security/crowdsec/kustomization.yaml
rename to kubernetes/apps/cert-manager/cert-manager/webhook-ovh/kustomization.yaml
diff --git a/kubernetes/apps/cert-manager/cert-manager/webhook-ovh/secret.sops.yaml b/kubernetes/apps/cert-manager/cert-manager/webhook-ovh/secret.sops.yaml
new file mode 100644
index 000000000..7cb7f31be
--- /dev/null
+++ b/kubernetes/apps/cert-manager/cert-manager/webhook-ovh/secret.sops.yaml
@@ -0,0 +1,30 @@
+kind: Secret
+apiVersion: v1
+metadata:
+ name: ovh-credentials
+ namespace: cert-manager
+stringData:
+ applicationKey: ENC[AES256_GCM,data:UYBGsO4gGWA1iPUqVAYnjw==,iv:/rYA+o/EXOLsbU8WUnp53ejYgi+TFb3DJ/fJS6iUjAM=,tag:hEPzYgcefH5iJWS1bF6R5A==,type:str]
+ applicationSecret: ENC[AES256_GCM,data:QsTdVpgbp/CAqt0mZPRNDINMach/EiM/1+kbgEzxIqE=,iv:/CJVh2tT7wXAdeuxBHN5kM/LidhgGKCTW66hxTcx4QA=,tag:yLw4HpAx7RlZ11LMPMdXtg==,type:str]
+ consumerKey: ENC[AES256_GCM,data:OmI9kc0tNQWCpM+Bg0oQMdYwhZRsqQDZ87NFpkYFpMo=,iv:7elfo7xvxa57du6IjZRJejdpgIQiSjgoRqhWAtMLzXg=,tag:Zk36lNZ+EcZYAye1W+4gwA==,type:str]
+type: Opaque
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByMWQvSUhwYnFyMHJXVWxQ
+ cjllMGlCRnRwdGJZRU9DVGdMUHE5ZUQxUEVjCkJnY3NWeDg5MnZOQjN3RDVtOTN2
+ c1Z0OUNsSm5IZ0k0UGJXRVlVRnRwQzQKLS0tIEtDRGVyN1gyaU9wM3ZLczRVYnBQ
+ czlyZ2lrYk1LNktxTkZiNUdFb0xHblEKlGExd13zMg6MofRAz+GT9wKL/sEBI6XD
+ u+dQAsphIoPpptFY0IeehXTLBV8xK4p1Z1/qu6UgJOnQtb2KGYOOvQ==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-26T23:59:54Z"
+ mac: ENC[AES256_GCM,data:dnguY6zpQRkj3cV2+CzCdIldBTVGUSIMh5bKoRsJ/cYONp9LjpqGZSmuDfFNRVaWU293M+T12criNH7SndGpquw46YJT48S14g9vi6NeRhK6Rl0z2TbNbtm/7uIUkgmHy1aur8IxfdDdzBScIlq0nfjhcTyYz1RYw/K2bKTwvzA=,iv:TZS0p+IPWqEq9trZxs7FGY7kZ83EaijFH1Kw/IElgjg=,tag:AlIFWcQfDMC9h7sm2WI9zQ==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/apps/cert-manager/kustomization.yaml b/kubernetes/apps/cert-manager/kustomization.yaml
new file mode 100644
index 000000000..f17369125
--- /dev/null
+++ b/kubernetes/apps/cert-manager/kustomization.yaml
@@ -0,0 +1,9 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+ # Pre Flux-Kustomizations
+ - ./namespace.yaml
+ # Flux-Kustomizations
+ - ./cert-manager/ks.yaml
diff --git a/kubernetes/apps/cert-manager/namespace.yaml b/kubernetes/apps/cert-manager/namespace.yaml
new file mode 100644
index 000000000..ed788350f
--- /dev/null
+++ b/kubernetes/apps/cert-manager/namespace.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: cert-manager
+ labels:
+ kustomize.toolkit.fluxcd.io/prune: disabled
diff --git a/kubernetes/cluster-0/apps/authentication/authelia/config/configuration.yml b/kubernetes/apps/default/authelia/app/config/configuration.yml
similarity index 100%
rename from kubernetes/cluster-0/apps/authentication/authelia/config/configuration.yml
rename to kubernetes/apps/default/authelia/app/config/configuration.yml
diff --git a/kubernetes/cluster-0/apps/authentication/authelia/helmrelease.yaml b/kubernetes/apps/default/authelia/app/helmrelease.yaml
similarity index 94%
rename from kubernetes/cluster-0/apps/authentication/authelia/helmrelease.yaml
rename to kubernetes/apps/default/authelia/app/helmrelease.yaml
index f3f263bbd..fb3b394f2 100644
--- a/kubernetes/cluster-0/apps/authentication/authelia/helmrelease.yaml
+++ b/kubernetes/apps/default/authelia/app/helmrelease.yaml
@@ -18,17 +18,14 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
dependsOn:
+ - name: cloudnative-pg
- name: glauth
- namespace: default
- - name: postgres-cluster
- namespace: default
- name: redis
- namespace: default
values:
controller:
replicas: 2
diff --git a/kubernetes/cluster-0/apps/authentication/authelia/kustomization.yaml b/kubernetes/apps/default/authelia/app/kustomization.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/authentication/authelia/kustomization.yaml
rename to kubernetes/apps/default/authelia/app/kustomization.yaml
diff --git a/kubernetes/cluster-0/apps/authentication/authelia/patches/env.yaml b/kubernetes/apps/default/authelia/app/patches/env.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/authentication/authelia/patches/env.yaml
rename to kubernetes/apps/default/authelia/app/patches/env.yaml
diff --git a/kubernetes/cluster-0/apps/authentication/authelia/patches/postgres.yaml b/kubernetes/apps/default/authelia/app/patches/postgres.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/authentication/authelia/patches/postgres.yaml
rename to kubernetes/apps/default/authelia/app/patches/postgres.yaml
diff --git a/kubernetes/cluster-0/apps/authentication/authelia/secret.sops.yaml b/kubernetes/apps/default/authelia/app/secret.sops.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/authentication/authelia/secret.sops.yaml
rename to kubernetes/apps/default/authelia/app/secret.sops.yaml
diff --git a/kubernetes/apps/default/authelia/ks.yaml b/kubernetes/apps/default/authelia/ks.yaml
new file mode 100644
index 000000000..2e24fbab5
--- /dev/null
+++ b/kubernetes/apps/default/authelia/ks.yaml
@@ -0,0 +1,28 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-authelia-app
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-cloudnative-pg-app
+ - name: cluster-apps-glauth
+ - name: cluster-apps-redis-app
+ - name: cluster-apps-smtp-relay
+ path: ./kubernetes/apps/default/authelia/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: authelia
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/media-automation/bazarr/helmrelease.yaml b/kubernetes/apps/default/bazarr/app/helmrelease.yaml
similarity index 95%
rename from kubernetes/cluster-0/apps/media-automation/bazarr/helmrelease.yaml
rename to kubernetes/apps/default/bazarr/app/helmrelease.yaml
index 72edab869..7c15ac84d 100644
--- a/kubernetes/cluster-0/apps/media-automation/bazarr/helmrelease.yaml
+++ b/kubernetes/apps/default/bazarr/app/helmrelease.yaml
@@ -18,10 +18,13 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
+ dependsOn:
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
image:
repository: ghcr.io/onedr0p/bazarr
diff --git a/kubernetes/cluster-0/apps/media-automation/bazarr/kustomization.yaml b/kubernetes/apps/default/bazarr/app/kustomization.yaml
similarity index 84%
rename from kubernetes/cluster-0/apps/media-automation/bazarr/kustomization.yaml
rename to kubernetes/apps/default/bazarr/app/kustomization.yaml
index d415a72cb..3eaec08b7 100644
--- a/kubernetes/cluster-0/apps/media-automation/bazarr/kustomization.yaml
+++ b/kubernetes/apps/default/bazarr/app/kustomization.yaml
@@ -4,8 +4,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: default
resources:
+ - ./helmrelease.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
- ./secret.sops.yaml
- ./volume.yaml
- - ./helmrelease.yaml
patchesStrategicMerge:
- ./patches/subcleaner.yaml
diff --git a/kubernetes/cluster-0/apps/media-automation/bazarr/patches/subcleaner.yaml b/kubernetes/apps/default/bazarr/app/patches/subcleaner.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/media-automation/bazarr/patches/subcleaner.yaml
rename to kubernetes/apps/default/bazarr/app/patches/subcleaner.yaml
diff --git a/kubernetes/apps/default/bazarr/app/replicationsource.yaml b/kubernetes/apps/default/bazarr/app/replicationsource.yaml
new file mode 100644
index 000000000..c8654dace
--- /dev/null
+++ b/kubernetes/apps/default/bazarr/app/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: bazarr
+ namespace: default
+spec:
+ sourcePVC: bazarr-config
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: bazarr-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/bazarr/app/restic.sops.yaml b/kubernetes/apps/default/bazarr/app/restic.sops.yaml
new file mode 100644
index 000000000..1b5b23772
--- /dev/null
+++ b/kubernetes/apps/default/bazarr/app/restic.sops.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: bazarr-restic
+ namespace: default
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:nv139ZEGpIFxa3DdsGMpSPlZmW/TcMLeUYjhkbQso9Cs9lxcgUh3V+vXWW+WJEDATT2jSZkcxy4=,iv:R+zvTMTBa0evMizp+04Zs2y4FKmfo1CReMzDyVmA36g=,tag:6gb15igwzatq6vhr5Ym8Fg==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T15:28:16Z"
+ mac: ENC[AES256_GCM,data:GU6+JsaZFIdyRlf0VS/+rYPdZxTmZ+rhVSR6EqLrJNW/zk7Y55vB/WTMKTGJRS7FwZzwYxCnKtC9bo4kmNyNVmtMaRrLlUrzqrAbGlawIAtPEl0oohKKQxvVrwRpymCoyDvryKool2Css6P6qzXVs1iWUMsZixswjtBhpso44DU=,iv:uDoQXjkQ8ZD/vARU4g6Cslza+yGPzs+lviBslXHdmK8=,tag:RQTXfuAhPhegV+6bWrLKWQ==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/media-automation/bazarr/secret.sops.yaml b/kubernetes/apps/default/bazarr/app/secret.sops.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/media-automation/bazarr/secret.sops.yaml
rename to kubernetes/apps/default/bazarr/app/secret.sops.yaml
diff --git a/kubernetes/cluster-0/apps/media-automation/bazarr/volume.yaml b/kubernetes/apps/default/bazarr/app/volume.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/media-automation/bazarr/volume.yaml
rename to kubernetes/apps/default/bazarr/app/volume.yaml
diff --git a/kubernetes/apps/default/bazarr/ks.yaml b/kubernetes/apps/default/bazarr/ks.yaml
new file mode 100644
index 000000000..8dfbf045b
--- /dev/null
+++ b/kubernetes/apps/default/bazarr/ks.yaml
@@ -0,0 +1,26 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-bazarr-app
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ path: ./kubernetes/apps/default/bazarr/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: bazarr
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/media-servers/calibre-web/helmrelease.yaml b/kubernetes/apps/default/calibre-web/app/helmrelease.yaml
similarity index 92%
rename from kubernetes/cluster-0/apps/media-servers/calibre-web/helmrelease.yaml
rename to kubernetes/apps/default/calibre-web/app/helmrelease.yaml
index 5e0e2f2c3..b5bec9ea9 100644
--- a/kubernetes/cluster-0/apps/media-servers/calibre-web/helmrelease.yaml
+++ b/kubernetes/apps/default/calibre-web/app/helmrelease.yaml
@@ -18,14 +18,17 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
+ dependsOn:
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
image:
repository: ghcr.io/auricom/calibre-web
- tag: 0.6.19@sha256:d78d9459867645a553d6cac94bc2a5a9cb918008cfb293b57f6c916ca0ad07b8
+ tag: 0.6.19
env:
TZ: "${TIMEZONE}"
service:
diff --git a/kubernetes/apps/default/calibre-web/app/kustomization.yaml b/kubernetes/apps/default/calibre-web/app/kustomization.yaml
new file mode 100644
index 000000000..fdd4f5040
--- /dev/null
+++ b/kubernetes/apps/default/calibre-web/app/kustomization.yaml
@@ -0,0 +1,10 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+ - ./helmrelease.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
+ - ./volume.yaml
diff --git a/kubernetes/apps/default/calibre-web/app/replicationsource.yaml b/kubernetes/apps/default/calibre-web/app/replicationsource.yaml
new file mode 100644
index 000000000..e976a61b9
--- /dev/null
+++ b/kubernetes/apps/default/calibre-web/app/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: calibre-web
+ namespace: default
+spec:
+ sourcePVC: calibre-web-config
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: calibre-web-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/calibre-web/app/restic.sops.yaml b/kubernetes/apps/default/calibre-web/app/restic.sops.yaml
new file mode 100644
index 000000000..ffe70b8c6
--- /dev/null
+++ b/kubernetes/apps/default/calibre-web/app/restic.sops.yaml
@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: calibre-web-restic
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:bEsDAvrGLpXOhGV4M/bwVDjxroaLKG3vF4OqLy9ChHti4ateAQKOqzsT/9wwejZwmnWB8jBWPuzx2e876g==,iv:/MucYIH5cQNE6m+ceNDWEhKu122iMCUI6te9awbXRO8=,tag:+fkEJP2PWCz/vEOohVgCWw==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T14:53:29Z"
+ mac: ENC[AES256_GCM,data:rTyH2sHO4+/P7S4XLfW4dEyRDi1h044LlXCdlQmk1XdqDH8/5d93UYGSSfW3S6JjIqrOS1ETsRQS2Am8gSVmqZjBi+eXui4kNp7zURcOa8RiuMyySJZLap+KnV2Tu9aZYaaiOms/oy7ABk/+5X4SyJHPtOv51uw+gvfDWaU93Uo=,iv:r919TYG3cfPsjYDRrYdAgUGBwzdVVpMu2pmaJdLSd9Q=,tag:e0JmALQgOu5wXCb35PhGFQ==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/media-servers/calibre-web/volume.yaml b/kubernetes/apps/default/calibre-web/app/volume.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/media-servers/calibre-web/volume.yaml
rename to kubernetes/apps/default/calibre-web/app/volume.yaml
diff --git a/kubernetes/apps/default/calibre-web/ks.yaml b/kubernetes/apps/default/calibre-web/ks.yaml
new file mode 100644
index 000000000..3b86a4b17
--- /dev/null
+++ b/kubernetes/apps/default/calibre-web/ks.yaml
@@ -0,0 +1,26 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-calibre-web
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ path: ./kubernetes/apps/default/calibre-web/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: calibre-web
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/media-servers/calibre/helmrelease.yaml b/kubernetes/apps/default/calibre/app/helmrelease.yaml
similarity index 94%
rename from kubernetes/cluster-0/apps/media-servers/calibre/helmrelease.yaml
rename to kubernetes/apps/default/calibre/app/helmrelease.yaml
index 525888bda..c6ba8d426 100644
--- a/kubernetes/cluster-0/apps/media-servers/calibre/helmrelease.yaml
+++ b/kubernetes/apps/default/calibre/app/helmrelease.yaml
@@ -18,10 +18,13 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
+ dependsOn:
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
image:
repository: ghcr.io/linuxserver/calibre
diff --git a/kubernetes/apps/default/calibre/app/kustomization.yaml b/kubernetes/apps/default/calibre/app/kustomization.yaml
new file mode 100644
index 000000000..fdd4f5040
--- /dev/null
+++ b/kubernetes/apps/default/calibre/app/kustomization.yaml
@@ -0,0 +1,10 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+ - ./helmrelease.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
+ - ./volume.yaml
diff --git a/kubernetes/apps/default/calibre/app/replicationsource.yaml b/kubernetes/apps/default/calibre/app/replicationsource.yaml
new file mode 100644
index 000000000..a127baa26
--- /dev/null
+++ b/kubernetes/apps/default/calibre/app/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: calibre
+ namespace: default
+spec:
+ sourcePVC: calibre-config
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: calibre-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/calibre/app/restic.sops.yaml b/kubernetes/apps/default/calibre/app/restic.sops.yaml
new file mode 100644
index 000000000..2bbc5e8d3
--- /dev/null
+++ b/kubernetes/apps/default/calibre/app/restic.sops.yaml
@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: calibre-restic
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:NCy35YYxOndjxHADaEqPRQQ0nRT8MPxUex80YNjEEL0GCSpvN+exASZefQjRxtkXz84cGgj9gANx,iv:gBwqlwFn1D97913ZxwG1E3WeYi7wXKVk8Mdspa/Tx8o=,tag:dojF0a2jaTcYzz3YMxUmTA==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T14:51:21Z"
+ mac: ENC[AES256_GCM,data:fdP1tAzBaWHagD6DpVtjRuwfs1KLg0ji0IoLArCXiBiXQ9VYlc4cWhgdmzLFzoqu1dNpCUyHsl9dHGgDaoxLEtZDq8bJ9n47Z6h+gP31TRuSgnb1sOAfqxOswLYabzZRfMGIJmaGI8zeWC3Og0xZj0TUbsyc8CBA5rMLj/iHZNE=,iv:NR7VP08kRRcrnbRzBWXlMqB8849jOsEVqt79iLT9Mik=,tag:FvBWbDR3zmKVKxTPiVzASw==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/media-servers/calibre/volume.yaml b/kubernetes/apps/default/calibre/app/volume.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/media-servers/calibre/volume.yaml
rename to kubernetes/apps/default/calibre/app/volume.yaml
diff --git a/kubernetes/apps/default/calibre/ks.yaml b/kubernetes/apps/default/calibre/ks.yaml
new file mode 100644
index 000000000..090294137
--- /dev/null
+++ b/kubernetes/apps/default/calibre/ks.yaml
@@ -0,0 +1,26 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-calibre
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ path: ./kubernetes/apps/default/calibre/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: calibre
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/databases/postgres/helmrelease.yaml b/kubernetes/apps/default/cloudnative-pg/app/helmrelease.yaml
similarity index 91%
rename from kubernetes/cluster-0/apps/databases/postgres/helmrelease.yaml
rename to kubernetes/apps/default/cloudnative-pg/app/helmrelease.yaml
index 2db47d333..f0879dca9 100644
--- a/kubernetes/cluster-0/apps/databases/postgres/helmrelease.yaml
+++ b/kubernetes/apps/default/cloudnative-pg/app/helmrelease.yaml
@@ -3,7 +3,7 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
- name: postgres
+ name: cloudnative-pg
namespace: default
spec:
interval: 15m
@@ -18,10 +18,10 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
values:
crds:
create: true
diff --git a/kubernetes/cluster-0/apps/databases/postgres/kustomization.yaml b/kubernetes/apps/default/cloudnative-pg/app/kustomization.yaml
similarity index 90%
rename from kubernetes/cluster-0/apps/databases/postgres/kustomization.yaml
rename to kubernetes/apps/default/cloudnative-pg/app/kustomization.yaml
index cfdcfcadb..6d95c193c 100644
--- a/kubernetes/cluster-0/apps/databases/postgres/kustomization.yaml
+++ b/kubernetes/apps/default/cloudnative-pg/app/kustomization.yaml
@@ -2,11 +2,10 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+namespace: default
resources:
- ./helmrelease.yaml
- - ./cluster
- - ./external-backup
- - ./scheduled-backup
+ - ./secret.sops.yaml
configMapGenerator:
- name: cloudnative-pg-dashboard
files:
diff --git a/kubernetes/cluster-0/apps/databases/postgres/cluster/secret.sops.yaml b/kubernetes/apps/default/cloudnative-pg/app/secret.sops.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/databases/postgres/cluster/secret.sops.yaml
rename to kubernetes/apps/default/cloudnative-pg/app/secret.sops.yaml
diff --git a/kubernetes/apps/default/cloudnative-pg/cluster/cluster.yaml b/kubernetes/apps/default/cloudnative-pg/cluster/cluster.yaml
new file mode 100644
index 000000000..efc5060c1
--- /dev/null
+++ b/kubernetes/apps/default/cloudnative-pg/cluster/cluster.yaml
@@ -0,0 +1,51 @@
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+ name: postgres
+ namespace: default
+ annotations:
+ kyverno.io/ignore: "true"
+spec:
+ instances: 3
+ primaryUpdateStrategy: unsupervised
+ storage:
+ size: 20Gi
+ storageClass: rook-ceph-block
+ superuserSecret:
+ name: postgres-superuser
+ monitoring:
+ enablePodMonitor: true
+ backup:
+ retentionPolicy: 30d
+ barmanObjectStore:
+ wal:
+ compression: bzip2
+ maxParallel: 8
+ destinationPath: s3://postgresql/
+ endpointURL: https://truenas.${SECRET_DOMAIN}:51515
+ serverName: postgres-v4
+ s3Credentials:
+ accessKeyId:
+ name: postgres-minio
+ key: MINIO_ACCESS_KEY
+ secretAccessKey:
+ name: postgres-minio
+ key: MINIO_SECRET_KEY
+ # bootstrap:
+ # recovery:
+ # source: postgres
+ # externalClusters:
+ # - name: postgres
+ # barmanObjectStore:
+ # destinationPath: s3://postgresql/
+ # endpointURL: https://truenas.${SECRET_DOMAIN}:51515
+ # s3Credentials:
+ # accessKeyId:
+ # name: postgres-minio
+ # key: MINIO_ACCESS_KEY
+ # secretAccessKey:
+ # name: postgres-minio
+ # key: MINIO_SECRET_KEY
+ # wal:
+ # maxParallel: 8
diff --git a/kubernetes/cluster-0/apps/databases/postgres/external-backup/00-webhook b/kubernetes/apps/default/cloudnative-pg/cluster/external-backup/00-webhook
similarity index 100%
rename from kubernetes/cluster-0/apps/databases/postgres/external-backup/00-webhook
rename to kubernetes/apps/default/cloudnative-pg/cluster/external-backup/00-webhook
diff --git a/kubernetes/apps/default/cloudnative-pg/cluster/external-backup/cronjob.yaml b/kubernetes/apps/default/cloudnative-pg/cluster/external-backup/cronjob.yaml
new file mode 100644
index 000000000..16a151993
--- /dev/null
+++ b/kubernetes/apps/default/cloudnative-pg/cluster/external-backup/cronjob.yaml
@@ -0,0 +1,62 @@
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+ name: &app cloudnative-pg-external-backup
+ namespace: default
+spec:
+ schedule: "@daily"
+ jobTemplate:
+ spec:
+ ttlSecondsAfterFinished: 86400
+ template:
+ spec:
+ automountServiceAccountToken: false
+ restartPolicy: OnFailure
+ containers:
+ - name: *app
+ image: prodrigestivill/postgres-backup-local:15-alpine@sha256:1209779d7b39a9f73d498091452051fedfe140252bff59ea1c42e0a9a8a9b8e0
+ env:
+ - name: POSTGRES_HOST
+ value: ${POSTGRES_HOST}
+ - name: POSTGRES_DB
+ value: "authelia,drone,freshrss,gitea,invidious,joplin,lychee,paperless,recipes,sharry,outline,vaultwarden,vikunja,wallabag"
+ - name: POSTGRES_USER
+ valueFrom:
+ secretKeyRef:
+ name: postgres-superuser
+ key: username
+ - name: POSTGRES_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: postgres-superuser
+ key: password
+ - name: POSTGRES_EXTRA_OPTS
+ value: "-Z9 --schema=public --blobs"
+ - name: BACKUP_KEEP_DAYS
+ value: "7"
+ - name: BACKUP_KEEP_WEEKS
+ value: "4"
+ - name: BACKUP_KEEP_MONTHS
+ value: "3"
+ - name: HEALTHCHECK_PORT
+ value: "8080"
+ - name: WEBHOOK_URL
+ value: https://uptime-kuma.${SECRET_CLUSTER_DOMAIN}/api/push/45cHKtahUg?status=up&msg=OK&ping=
+ command:
+ - "/backup.sh"
+ volumeMounts:
+ - name: backups
+ mountPath: /backups
+ - name: files
+ subPath: 00-webhook
+ mountPath: /hooks/00-webhook
+ volumes:
+ - name: backups
+ nfs:
+ server: "${LOCAL_LAN_TRUENAS}"
+ path: /mnt/storage/backups/postgresql
+ - name: files
+ configMap:
+ name: postgres-external-backup
+ defaultMode: 0555
diff --git a/kubernetes/cluster-0/apps/storage/kopia-web/kustomization.yaml b/kubernetes/apps/default/cloudnative-pg/cluster/external-backup/kustomization.yaml
similarity index 77%
rename from kubernetes/cluster-0/apps/storage/kopia-web/kustomization.yaml
rename to kubernetes/apps/default/cloudnative-pg/cluster/external-backup/kustomization.yaml
index 35af49d10..10573bac8 100644
--- a/kubernetes/cluster-0/apps/storage/kopia-web/kustomization.yaml
+++ b/kubernetes/apps/default/cloudnative-pg/cluster/external-backup/kustomization.yaml
@@ -2,12 +2,12 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
-resources:
- - ./helmrelease.yaml
namespace: default
+resources:
+ - ./cronjob.yaml
configMapGenerator:
- - name: kopia
+ - name: postgres-external-backup
files:
- - ./config/repository.config
+ - ./00-webhook
generatorOptions:
disableNameSuffixHash: true
diff --git a/kubernetes/cluster-0/apps/development/gitea/kustomization.yaml b/kubernetes/apps/default/cloudnative-pg/cluster/kustomization.yaml
similarity index 75%
rename from kubernetes/cluster-0/apps/development/gitea/kustomization.yaml
rename to kubernetes/apps/default/cloudnative-pg/cluster/kustomization.yaml
index 6261c8361..82f3f128f 100644
--- a/kubernetes/cluster-0/apps/development/gitea/kustomization.yaml
+++ b/kubernetes/apps/default/cloudnative-pg/cluster/kustomization.yaml
@@ -2,8 +2,9 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+namespace: default
resources:
- - ./secret.sops.yaml
- - ./volume.yaml
- - ./helmrelease.yaml
+ - ./cluster.yaml
- ./external-backup
+ - ./secret.sops.yaml
+ - ./scheduledbackup.yaml
diff --git a/kubernetes/apps/default/cloudnative-pg/cluster/scheduledbackup.yaml b/kubernetes/apps/default/cloudnative-pg/cluster/scheduledbackup.yaml
new file mode 100644
index 000000000..835fbfb68
--- /dev/null
+++ b/kubernetes/apps/default/cloudnative-pg/cluster/scheduledbackup.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: ScheduledBackup
+metadata:
+ name: postgres
+ namespace: default
+spec:
+ schedule: "@daily"
+ immediate: true
+ backupOwnerReference: self
+ cluster:
+ name: postgres
diff --git a/kubernetes/cluster-0/apps/databases/postgres/scheduled-backup/secret.sops.yaml b/kubernetes/apps/default/cloudnative-pg/cluster/secret.sops.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/databases/postgres/scheduled-backup/secret.sops.yaml
rename to kubernetes/apps/default/cloudnative-pg/cluster/secret.sops.yaml
diff --git a/kubernetes/apps/default/cloudnative-pg/ks.yaml b/kubernetes/apps/default/cloudnative-pg/ks.yaml
new file mode 100644
index 000000000..b1791d71a
--- /dev/null
+++ b/kubernetes/apps/default/cloudnative-pg/ks.yaml
@@ -0,0 +1,45 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-cloudnative-pg-app
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/default/cloudnative-pg/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: cloudnative-pg
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-cloudnative-pg-cluster
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-cloudnative-pg-app
+ - name: cluster-apps-kyverno
+ path: ./kubernetes/apps/default/cloudnative-pg/cluster
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ wait: true
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/databases/readme.md b/kubernetes/apps/default/cloudnative-pg/readme.md
similarity index 96%
rename from kubernetes/cluster-0/apps/databases/readme.md
rename to kubernetes/apps/default/cloudnative-pg/readme.md
index 687ff3505..5b9736871 100644
--- a/kubernetes/cluster-0/apps/databases/readme.md
+++ b/kubernetes/apps/default/cloudnative-pg/readme.md
@@ -1,8 +1,6 @@
-# Databases
+# cloudnative-pg
-## Postgres
-
-### S3 Configuration
+## S3 Configuration
1. Create `~/.mc/config.json`
diff --git a/kubernetes/cluster-0/apps/development/drone/helmrelease.yaml b/kubernetes/apps/default/drone/app/helmrelease.yaml
similarity index 96%
rename from kubernetes/cluster-0/apps/development/drone/helmrelease.yaml
rename to kubernetes/apps/default/drone/app/helmrelease.yaml
index 8841687b1..1042d10cf 100644
--- a/kubernetes/cluster-0/apps/development/drone/helmrelease.yaml
+++ b/kubernetes/apps/default/drone/app/helmrelease.yaml
@@ -17,11 +17,8 @@ spec:
namespace: flux-system
dependsOn:
- name: drone-runner-kube
- namespace: default
- name: gitea
- namespace: default
- - name: postgres-cluster
- namespace: default
+ - name: cloudnative-pg
values:
image:
repository: drone/drone
diff --git a/kubernetes/cluster-0/apps/downloaders/flood/kustomization.yaml b/kubernetes/apps/default/drone/app/kustomization.yaml
similarity index 91%
rename from kubernetes/cluster-0/apps/downloaders/flood/kustomization.yaml
rename to kubernetes/apps/default/drone/app/kustomization.yaml
index 0b647c1f8..174d4b6e6 100644
--- a/kubernetes/cluster-0/apps/downloaders/flood/kustomization.yaml
+++ b/kubernetes/apps/default/drone/app/kustomization.yaml
@@ -2,7 +2,7 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+namespace: default
resources:
- - ./secret.sops.yaml
- - ./volume.yaml
- ./helmrelease.yaml
+ - ./secret.sops.yaml
diff --git a/kubernetes/cluster-0/apps/development/drone/secret.sops.yaml b/kubernetes/apps/default/drone/app/secret.sops.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/development/drone/secret.sops.yaml
rename to kubernetes/apps/default/drone/app/secret.sops.yaml
diff --git a/kubernetes/apps/default/drone/ks.yaml b/kubernetes/apps/default/drone/ks.yaml
new file mode 100644
index 000000000..81a31d571
--- /dev/null
+++ b/kubernetes/apps/default/drone/ks.yaml
@@ -0,0 +1,74 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-drone
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/default/drone/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ dependsOn:
+ - name: cluster-apps-cloudnative-pg-cluster
+ - name: cluster-apps-drone-runner-kube
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: drone
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-drone-kubernetes-secrets
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/default/drone/kubernetes-secrets
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: drone-kubernetes-secrets
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-drone-runner-kube
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/default/drone/runner-kube
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ dependsOn:
+ - name: cluster-apps-drone-kubernetes-secrets
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: drone-runner-kube
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/development/drone/drone-kubernetes-secrets/helmrelease.yaml b/kubernetes/apps/default/drone/kubernetes-secrets/helmrelease.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/development/drone/drone-kubernetes-secrets/helmrelease.yaml
rename to kubernetes/apps/default/drone/kubernetes-secrets/helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/media-automation/jellyseerr/kustomization.yaml b/kubernetes/apps/default/drone/kubernetes-secrets/kustomization.yaml
similarity index 91%
rename from kubernetes/cluster-0/apps/media-automation/jellyseerr/kustomization.yaml
rename to kubernetes/apps/default/drone/kubernetes-secrets/kustomization.yaml
index 9ba2b7d0b..5b48b4e26 100644
--- a/kubernetes/cluster-0/apps/media-automation/jellyseerr/kustomization.yaml
+++ b/kubernetes/apps/default/drone/kubernetes-secrets/kustomization.yaml
@@ -4,5 +4,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: default
resources:
- - ./volume.yaml
- ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/development/drone/drone-runner-kube/helmrelease.yaml b/kubernetes/apps/default/drone/runner-kube/helmrelease.yaml
similarity index 97%
rename from kubernetes/cluster-0/apps/development/drone/drone-runner-kube/helmrelease.yaml
rename to kubernetes/apps/default/drone/runner-kube/helmrelease.yaml
index 1145be087..dc3bb559f 100644
--- a/kubernetes/cluster-0/apps/development/drone/drone-runner-kube/helmrelease.yaml
+++ b/kubernetes/apps/default/drone/runner-kube/helmrelease.yaml
@@ -17,7 +17,6 @@ spec:
namespace: flux-system
dependsOn:
- name: drone-kubernetes-secrets
- namespace: default
values:
image:
repository: drone/drone-runner-kube
diff --git a/kubernetes/cluster-0/apps/home-automation/home-assistant-code/kustomization.yaml b/kubernetes/apps/default/drone/runner-kube/kustomization.yaml
similarity index 90%
rename from kubernetes/cluster-0/apps/home-automation/home-assistant-code/kustomization.yaml
rename to kubernetes/apps/default/drone/runner-kube/kustomization.yaml
index 17cbc72b2..5b48b4e26 100644
--- a/kubernetes/cluster-0/apps/home-automation/home-assistant-code/kustomization.yaml
+++ b/kubernetes/apps/default/drone/runner-kube/kustomization.yaml
@@ -2,5 +2,6 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+namespace: default
resources:
- ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/home-automation/emqx/helmrelease.yaml b/kubernetes/apps/default/emqx/app/emqx/helmrelease.yaml
similarity index 98%
rename from kubernetes/cluster-0/apps/home-automation/emqx/helmrelease.yaml
rename to kubernetes/apps/default/emqx/app/emqx/helmrelease.yaml
index 14e8cc966..7a0f47324 100644
--- a/kubernetes/cluster-0/apps/home-automation/emqx/helmrelease.yaml
+++ b/kubernetes/apps/default/emqx/app/emqx/helmrelease.yaml
@@ -18,10 +18,10 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
values:
image:
repository: public.ecr.aws/emqx/emqx
diff --git a/kubernetes/cluster-0/apps/databases/redis/kustomization.yaml b/kubernetes/apps/default/emqx/app/emqx/kustomization.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/databases/redis/kustomization.yaml
rename to kubernetes/apps/default/emqx/app/emqx/kustomization.yaml
diff --git a/kubernetes/cluster-0/apps/home-automation/emqx/secret.sops.yaml b/kubernetes/apps/default/emqx/app/emqx/secret.sops.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/home-automation/emqx/secret.sops.yaml
rename to kubernetes/apps/default/emqx/app/emqx/secret.sops.yaml
diff --git a/kubernetes/apps/default/emqx/ks.yaml b/kubernetes/apps/default/emqx/ks.yaml
new file mode 100644
index 000000000..d0bc4f3ef
--- /dev/null
+++ b/kubernetes/apps/default/emqx/ks.yaml
@@ -0,0 +1,25 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-emqx-app
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-rook-ceph-cluster
+ path: ./kubernetes/apps/default/emqx/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: emqx
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/downloaders/flood/helmrelease.yaml b/kubernetes/apps/default/flood/app/helmrelease.yaml
similarity index 90%
rename from kubernetes/cluster-0/apps/downloaders/flood/helmrelease.yaml
rename to kubernetes/apps/default/flood/app/helmrelease.yaml
index 76fe0fe20..43cd16e30 100644
--- a/kubernetes/cluster-0/apps/downloaders/flood/helmrelease.yaml
+++ b/kubernetes/apps/default/flood/app/helmrelease.yaml
@@ -18,10 +18,14 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
+ dependsOn:
+ - name: qbittorrent
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
image:
repository: jesec/flood
@@ -44,6 +48,7 @@ spec:
ingressClassName: "nginx"
annotations:
auth.home.arpa/enabled: "true"
+ hajimari.io/icon: mdi:download
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/kubernetes/apps/default/flood/app/kustomization.yaml b/kubernetes/apps/default/flood/app/kustomization.yaml
new file mode 100644
index 000000000..f6d952284
--- /dev/null
+++ b/kubernetes/apps/default/flood/app/kustomization.yaml
@@ -0,0 +1,11 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+ - ./helmrelease.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
+ - ./secret.sops.yaml
+ - ./volume.yaml
diff --git a/kubernetes/apps/default/flood/app/replicationsource.yaml b/kubernetes/apps/default/flood/app/replicationsource.yaml
new file mode 100644
index 000000000..1cfcbd3e2
--- /dev/null
+++ b/kubernetes/apps/default/flood/app/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: flood
+ namespace: default
+spec:
+ sourcePVC: flood-config
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: flood-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/flood/app/restic.sops.yaml b/kubernetes/apps/default/flood/app/restic.sops.yaml
new file mode 100644
index 000000000..4969b3c07
--- /dev/null
+++ b/kubernetes/apps/default/flood/app/restic.sops.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: flood-restic
+ namespace: default
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:fVeVjIVtONVdCuSBthH5YYkzirnDbpLzX40UpQIP18xcI4O2hREchTRfKz+EgRKFfj1rDZx5pg==,iv:RlEqORfh8kK4lfl4yrGyZI29KPrWYCW/AvPprrIx7gA=,tag:6J6NRmM1vuagkWafuj5sSw==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T08:19:36Z"
+ mac: ENC[AES256_GCM,data:bysbIEfD4gyDw5Yq6AHxPVqY4CCuc9TIv2Z4wne8RJSgVf1/Tk0H+8xVg5j30FQEW5f3VnwJIFAIUVDoZabq8ywhESjdMclL1BPk4wz0tEDkShwkfIkv43JaEc4XZbqMOxvIVYF+9PmYV3uPXx1aFtOYi5Mtf28CETI4Mpjsvl8=,iv:f2mua5viAurKjFyiVjGT3d9vLUbYzHwXG07w28uyuM4=,tag:OjmcIja38jL2o9p5WBKYbw==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/downloaders/flood/secret.sops.yaml b/kubernetes/apps/default/flood/app/secret.sops.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/downloaders/flood/secret.sops.yaml
rename to kubernetes/apps/default/flood/app/secret.sops.yaml
diff --git a/kubernetes/cluster-0/apps/downloaders/flood/volume.yaml b/kubernetes/apps/default/flood/app/volume.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/downloaders/flood/volume.yaml
rename to kubernetes/apps/default/flood/app/volume.yaml
diff --git a/kubernetes/apps/default/flood/ks.yaml b/kubernetes/apps/default/flood/ks.yaml
new file mode 100644
index 000000000..038807dfe
--- /dev/null
+++ b/kubernetes/apps/default/flood/ks.yaml
@@ -0,0 +1,27 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-flood-app
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-qbittorrent-app
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ path: ./kubernetes/apps/default/flood/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: flood
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/web-tools/freshrss/helmrelease.yaml b/kubernetes/apps/default/freshrss/app/helmrelease.yaml
similarity index 91%
rename from kubernetes/cluster-0/apps/web-tools/freshrss/helmrelease.yaml
rename to kubernetes/apps/default/freshrss/app/helmrelease.yaml
index a8d24be54..1bfc0f4ea 100644
--- a/kubernetes/cluster-0/apps/web-tools/freshrss/helmrelease.yaml
+++ b/kubernetes/apps/default/freshrss/app/helmrelease.yaml
@@ -18,13 +18,14 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
dependsOn:
- - name: postgres
- namespace: default
+ - name: cloudnative-pg
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
image:
repository: freshrss/freshrss
diff --git a/kubernetes/cluster-0/apps/web-tools/freshrss/kustomization.yaml b/kubernetes/apps/default/freshrss/app/kustomization.yaml
similarity index 79%
rename from kubernetes/cluster-0/apps/web-tools/freshrss/kustomization.yaml
rename to kubernetes/apps/default/freshrss/app/kustomization.yaml
index 5342caf09..06c622307 100644
--- a/kubernetes/cluster-0/apps/web-tools/freshrss/kustomization.yaml
+++ b/kubernetes/apps/default/freshrss/app/kustomization.yaml
@@ -2,8 +2,11 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+namespace: default
resources:
- ./helmrelease.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
- ./secret.sops.yaml
- ./volume.yaml
patchesStrategicMerge:
diff --git a/kubernetes/cluster-0/apps/web-tools/freshrss/patches/postgres.yaml b/kubernetes/apps/default/freshrss/app/patches/postgres.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/web-tools/freshrss/patches/postgres.yaml
rename to kubernetes/apps/default/freshrss/app/patches/postgres.yaml
diff --git a/kubernetes/apps/default/freshrss/app/replicationsource.yaml b/kubernetes/apps/default/freshrss/app/replicationsource.yaml
new file mode 100644
index 000000000..d80830e5b
--- /dev/null
+++ b/kubernetes/apps/default/freshrss/app/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: freshrss
+ namespace: default
+spec:
+ sourcePVC: freshrss-config
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: freshrss-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/freshrss/app/restic.sops.yaml b/kubernetes/apps/default/freshrss/app/restic.sops.yaml
new file mode 100644
index 000000000..6a47e3b46
--- /dev/null
+++ b/kubernetes/apps/default/freshrss/app/restic.sops.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: freshrss-restic
+ namespace: default
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:9Ci4hIV+kXv9XSOaXvVg2vAoECXKPvfuTtkazuiEHgLhKCKo7s/+D0/PZEa5Y8hM66E1GkoCLfzWcA==,iv:DDuFt9rgeUvBQY/ztbBJIgYMQ4p7R0O5b5axY9JgTyA=,tag:O2TjT4aPdsCWlly8/+98pQ==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T06:23:44Z"
+ mac: ENC[AES256_GCM,data:fghV+11Qm1SPSbeJlmHlZzUPROR/J0AoLfuN3zfjrwuEc9amCUjZzouEAsBYeOM3eDJRd33g0/pIdUFMrExORdt8vuHrUlAAZkyaJhM/znndlw64Z/7/PDIj6hg1REXyyI5YQsQeGWid4wgbZlaGsNRoeerD5dYrentlK+ceWuM=,iv:GrCfCf1RHaMsptV8UZw/4qy0f1gDGjS1JuD7IYZ+Mwk=,tag:Y5+u4dyYGTPZ+rn54JP0aA==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/web-tools/freshrss/secret.sops.yaml b/kubernetes/apps/default/freshrss/app/secret.sops.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/web-tools/freshrss/secret.sops.yaml
rename to kubernetes/apps/default/freshrss/app/secret.sops.yaml
diff --git a/kubernetes/cluster-0/apps/web-tools/freshrss/volume.yaml b/kubernetes/apps/default/freshrss/app/volume.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/web-tools/freshrss/volume.yaml
rename to kubernetes/apps/default/freshrss/app/volume.yaml
diff --git a/kubernetes/apps/default/freshrss/ks.yaml b/kubernetes/apps/default/freshrss/ks.yaml
new file mode 100644
index 000000000..d3032e1a2
--- /dev/null
+++ b/kubernetes/apps/default/freshrss/ks.yaml
@@ -0,0 +1,27 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-freshrss
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/default/freshrss/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ dependsOn:
+ - name: cluster-apps-cloudnative-pg-cluster
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: freshrss
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/.github/linters/.tflint.hcl b/kubernetes/apps/default/frigate/.gitkeep
similarity index 100%
rename from .github/linters/.tflint.hcl
rename to kubernetes/apps/default/frigate/.gitkeep
diff --git a/kubernetes/apps/default/gitea/app/cronjob.yaml b/kubernetes/apps/default/gitea/app/cronjob.yaml
new file mode 100644
index 000000000..971e0ed1d
--- /dev/null
+++ b/kubernetes/apps/default/gitea/app/cronjob.yaml
@@ -0,0 +1,88 @@
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+ name: &app gitea-external-backup
+ namespace: default
+spec:
+ schedule: "@daily"
+ jobTemplate:
+ spec:
+ template:
+ metadata:
+ name: *app
+ spec:
+ containers:
+ - name: *app
+ image: ghcr.io/auricom/kubectl:1.26.0@sha256:f512e3008d0492cbae7aac6eaccc21b13d723374715aaedd59d352d840f0229c
+ imagePullPolicy: IfNotPresent
+ command:
+ - "/bin/bash"
+ - "-c"
+ - |
+ #!/bin/bash
+
+ set -o nounset
+ set -o errexit
+
+ mkdir -p ~/.ssh
+ cp /opt/id_rsa ~/.ssh/id_rsa
+ chmod 600 ~/.ssh/id_rsa
+
+ ssh -o StrictHostKeyChecking=no homelab@${LOCAL_LAN_TRUENAS} << 'EOF'
+
+ set -o nounset
+ set -o errexit
+
+ WORK_DIR="/mnt/storage/backups/apps/gitea"
+
+ ORGANISATIONS=$(curl --silent --location --request GET "https://gitea.${SECRET_CLUSTER_DOMAIN}/api/v1/orgs" --header "Authorization: Bearer ${SECRET_GITEA_API_TOKEN}" | jq --raw-output .[].username)
+ ORGANISATIONS+=" auricom"
+
+ for org in $ORGANISATIONS
+ do
+ mkdir -p $WORK_DIR/$org
+ if [ $org == "auricom" ]; then
+ keyword="users"
+ else
+ keyword="orgs"
+ fi
+ REPOSITORIES=$(curl --silent --location --request GET "https://gitea.${SECRET_CLUSTER_DOMAIN}/api/v1/$keyword/$org/repos?limit=1000" --header "Authorization: Bearer ${SECRET_GITEA_API_TOKEN}" | jq --raw-output .[].name)
+ for repo in $REPOSITORIES
+ do
+ if [ -d "$WORK_DIR/$org/$repo" ]; then
+ echo "INFO: pull $org/$repo..."
+ cd $WORK_DIR/$org/$repo
+ git remote show origin -n | grep -c main &> /dev/null && MAIN_BRANCH="main" || MAIN_BRANCH="master"
+ git fetch --all
+ test $? -ne 0 && exit 1
+ git reset --hard origin/$MAIN_BRANCH
+ test $? -ne 0 && exit 1
+ git pull origin $MAIN_BRANCH
+ test $? -ne 0 && exit 1
+ echo "INFO: clean $org/$repo..."
+ git fetch --prune
+ for branch in $(git branch -vv | grep ': gone]' | awk '{print $1}')
+ do
+ git branch -D $branch
+ done
+ else
+ echo "INFO: clone $org/$repo..."
+ cd $WORK_DIR/$org
+ git clone git@gitea.${SECRET_DOMAIN}:$org/$repo.git
+ test $? -ne 0 && exit 1
+ fi
+ done
+ done
+ echo "INFO: Backup done"
+ curl -m 10 --retry 5 https://uptime-kuma.${SECRET_CLUSTER_DOMAIN}/api/push/Xk21W4T5mC?status=up&msg=OK&ping=
+ EOF
+ volumeMounts:
+ - name: secret
+ mountPath: /opt/id_rsa
+ subPath: deployment_rsa_priv_key
+ volumes:
+ - name: secret
+ secret:
+ secretName: gitea-config
+ restartPolicy: Never
diff --git a/kubernetes/cluster-0/apps/development/gitea/helmrelease.yaml b/kubernetes/apps/default/gitea/app/helmrelease.yaml
similarity index 97%
rename from kubernetes/cluster-0/apps/development/gitea/helmrelease.yaml
rename to kubernetes/apps/default/gitea/app/helmrelease.yaml
index 94ec54028..7ab8926de 100644
--- a/kubernetes/cluster-0/apps/development/gitea/helmrelease.yaml
+++ b/kubernetes/apps/default/gitea/app/helmrelease.yaml
@@ -18,13 +18,14 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
dependsOn:
- - name: postgres-cluster
- namespace: default
+ - name: cloudnative-pg
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
image:
repository: gitea/gitea
diff --git a/kubernetes/apps/default/gitea/app/kustomization.yaml b/kubernetes/apps/default/gitea/app/kustomization.yaml
new file mode 100644
index 000000000..e3bb2232a
--- /dev/null
+++ b/kubernetes/apps/default/gitea/app/kustomization.yaml
@@ -0,0 +1,12 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+ - ./cronjob.yaml
+ - ./helmrelease.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
+ - ./secret.sops.yaml
+ - ./volume.yaml
diff --git a/kubernetes/apps/default/gitea/app/replicationsource.yaml b/kubernetes/apps/default/gitea/app/replicationsource.yaml
new file mode 100644
index 000000000..f1f1d26f8
--- /dev/null
+++ b/kubernetes/apps/default/gitea/app/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: gitea
+ namespace: default
+spec:
+ sourcePVC: gitea-config
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: gitea-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/gitea/app/restic.sops.yaml b/kubernetes/apps/default/gitea/app/restic.sops.yaml
new file mode 100644
index 000000000..e5cedc7fc
--- /dev/null
+++ b/kubernetes/apps/default/gitea/app/restic.sops.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: gitea-restic
+ namespace: default
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:Y1Kpc918cOrFj1lv9aCUyoJPwYXhpQlirTzDPIiznbbVHfoOWhUdsDWDzv8Dvs7dSFbNiFdYag==,iv:CvQ3u6gmkP9wpUs0pbmG3UK5/jzJvDyjxSB/kRZrOyU=,tag:dhqdXpyGYDqnSxG6OQ0Z9A==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T07:48:12Z"
+ mac: ENC[AES256_GCM,data:yQjxYGqOHqB6OvdHADZpLNpblivcBaNhwmzTZvBQ8j0eb3jk/FXjhYzaomIReq49RmsdQTbqSWNLZkx7Ze6M9E64YOBYFGA5CBucvTn+/0WG4XdrXz0W11BDGtEfU4FlAmHbLZHA11Qw/NcjR4aqP4U8OdNcDye5amGmnLg4U8A=,iv:bZRsW+I3G1uVmBBCrRjVeRAoQgqjehhiF0NJ+ej20ac=,tag:r1rt+3qtL+BIoh/XUacWqw==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/development/gitea/secret.sops.yaml b/kubernetes/apps/default/gitea/app/secret.sops.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/development/gitea/secret.sops.yaml
rename to kubernetes/apps/default/gitea/app/secret.sops.yaml
diff --git a/kubernetes/cluster-0/apps/development/gitea/volume.yaml b/kubernetes/apps/default/gitea/app/volume.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/development/gitea/volume.yaml
rename to kubernetes/apps/default/gitea/app/volume.yaml
diff --git a/kubernetes/apps/default/gitea/ks.yaml b/kubernetes/apps/default/gitea/ks.yaml
new file mode 100644
index 000000000..436f93c2a
--- /dev/null
+++ b/kubernetes/apps/default/gitea/ks.yaml
@@ -0,0 +1,31 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-gitea
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/default/gitea/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ dependsOn:
+ - name: cluster-apps-cloudnative-pg-cluster
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ healthChecks:
+ - apiVersion: batch/v1
+ kind: CronJob
+ name: gitea-external-backup
+ namespace: default
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: gitea
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/development/readme.md b/kubernetes/apps/default/gitea/readme.md
similarity index 96%
rename from kubernetes/cluster-0/apps/development/readme.md
rename to kubernetes/apps/default/gitea/readme.md
index fad181c09..7505288b4 100644
--- a/kubernetes/cluster-0/apps/development/readme.md
+++ b/kubernetes/apps/default/gitea/readme.md
@@ -1,8 +1,6 @@
-# Development
+# Gitea
-## Gitea
-
-### S3 Configuration
+## S3 Configuration
1. Create `~/.mc/config.json`
diff --git a/kubernetes/cluster-0/apps/authentication/glauth/config/groups.sops.toml b/kubernetes/apps/default/glauth/app/config/groups.sops.toml
similarity index 100%
rename from kubernetes/cluster-0/apps/authentication/glauth/config/groups.sops.toml
rename to kubernetes/apps/default/glauth/app/config/groups.sops.toml
diff --git a/kubernetes/cluster-0/apps/authentication/glauth/config/server.sops.toml b/kubernetes/apps/default/glauth/app/config/server.sops.toml
similarity index 100%
rename from kubernetes/cluster-0/apps/authentication/glauth/config/server.sops.toml
rename to kubernetes/apps/default/glauth/app/config/server.sops.toml
diff --git a/kubernetes/cluster-0/apps/authentication/glauth/config/users.sops.toml b/kubernetes/apps/default/glauth/app/config/users.sops.toml
similarity index 100%
rename from kubernetes/cluster-0/apps/authentication/glauth/config/users.sops.toml
rename to kubernetes/apps/default/glauth/app/config/users.sops.toml
diff --git a/kubernetes/cluster-0/apps/authentication/glauth/helmrelease.yaml b/kubernetes/apps/default/glauth/app/helmrelease.yaml
similarity index 97%
rename from kubernetes/cluster-0/apps/authentication/glauth/helmrelease.yaml
rename to kubernetes/apps/default/glauth/app/helmrelease.yaml
index 8c4d5c5bf..c98c227e6 100644
--- a/kubernetes/cluster-0/apps/authentication/glauth/helmrelease.yaml
+++ b/kubernetes/apps/default/glauth/app/helmrelease.yaml
@@ -18,10 +18,10 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
values:
controller:
replicas: 1
diff --git a/kubernetes/cluster-0/apps/authentication/glauth/kustomization.yaml b/kubernetes/apps/default/glauth/app/kustomization.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/authentication/glauth/kustomization.yaml
rename to kubernetes/apps/default/glauth/app/kustomization.yaml
diff --git a/kubernetes/apps/default/glauth/ks.yaml b/kubernetes/apps/default/glauth/ks.yaml
new file mode 100644
index 000000000..3cf09713d
--- /dev/null
+++ b/kubernetes/apps/default/glauth/ks.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-glauth
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/default/glauth/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: glauth
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/authentication/readme.md b/kubernetes/apps/default/glauth/readme.md
similarity index 97%
rename from kubernetes/cluster-0/apps/authentication/readme.md
rename to kubernetes/apps/default/glauth/readme.md
index f4dcb546a..1f45b6cb2 100644
--- a/kubernetes/cluster-0/apps/authentication/readme.md
+++ b/kubernetes/apps/default/glauth/readme.md
@@ -1,8 +1,6 @@
-# Authentication
+# glAuth
-## GLAuth
-
-### Repo configuration
+## Repo configuration
1. Add/Update `.vscode/extensions.json`
diff --git a/kubernetes/apps/default/hajimari/app/helmrelease.yaml b/kubernetes/apps/default/hajimari/app/helmrelease.yaml
new file mode 100644
index 000000000..5bf291dee
--- /dev/null
+++ b/kubernetes/apps/default/hajimari/app/helmrelease.yaml
@@ -0,0 +1,69 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: hajimari
+ namespace: default
+spec:
+ interval: 15m
+ chart:
+ spec:
+ chart: hajimari
+ version: 2.0.2
+ sourceRef:
+ kind: HelmRepository
+ name: hajimari
+ namespace: flux-system
+ install:
+ createNamespace: true
+ remediation:
+ retries: 3
+ upgrade:
+ remediation:
+ retries: 3
+ values:
+ env:
+ TZ: ${TIMEZONE}
+ hajimari:
+ title: Apps
+ darkTheme: espresso
+ alwaysTargetBlank: true
+ showGreeting: false
+ showAppGroups: false
+ showAppStatus: false
+ showBookmarkGroups: false
+ showGlobalBookmarks: false
+ showAppUrls: false
+ defaultEnable: true
+ namespaceSelector:
+ matchNames:
+ - default
+ - flux-system
+ - monitoring
+ - networking
+ - rook-ceph
+ ingress:
+ main:
+ enabled: true
+ ingressClassName: nginx
+ annotations:
+ hajimari.io/enable: "false"
+ hosts:
+ - host: &host apps.${SECRET_CLUSTER_DOMAIN}
+ paths:
+ - path: /
+ pathType: Prefix
+ tls:
+ - hosts:
+ - *host
+ podAnnotations:
+ configmap.reloader.stakater.com/reload: "hajimari-settings"
+ persistence:
+ data:
+ enabled: true
+ type: emptyDir
+ resources:
+ requests:
+ cpu: 100m
+ memory: 128M
diff --git a/kubernetes/cluster-0/apps/downloaders/pyload/kustomization.yaml b/kubernetes/apps/default/hajimari/app/kustomization.yaml
similarity index 90%
rename from kubernetes/cluster-0/apps/downloaders/pyload/kustomization.yaml
rename to kubernetes/apps/default/hajimari/app/kustomization.yaml
index c75cac31e..5b48b4e26 100644
--- a/kubernetes/cluster-0/apps/downloaders/pyload/kustomization.yaml
+++ b/kubernetes/apps/default/hajimari/app/kustomization.yaml
@@ -2,6 +2,6 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+namespace: default
resources:
- - ./volume.yaml
- ./helmrelease.yaml
diff --git a/kubernetes/apps/default/hajimari/ks.yaml b/kubernetes/apps/default/hajimari/ks.yaml
new file mode 100644
index 000000000..fbce10273
--- /dev/null
+++ b/kubernetes/apps/default/hajimari/ks.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-hajimari
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/default/hajimari/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: hajimari
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/home-automation/home-assistant/helmrelease.yaml b/kubernetes/apps/default/home-assistant/app/helmrelease.yaml
similarity index 95%
rename from kubernetes/cluster-0/apps/home-automation/home-assistant/helmrelease.yaml
rename to kubernetes/apps/default/home-assistant/app/helmrelease.yaml
index 201bd28c0..f7a6dcfce 100644
--- a/kubernetes/cluster-0/apps/home-automation/home-assistant/helmrelease.yaml
+++ b/kubernetes/apps/default/home-assistant/app/helmrelease.yaml
@@ -19,15 +19,15 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
dependsOn:
+ - name: cloudnative-pg
- name: emqx
- namespace: default
- - name: postgres-cluster
- namespace: default
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
image:
repository: ghcr.io/onedr0p/home-assistant
diff --git a/kubernetes/apps/default/home-assistant/app/kustomization.yaml b/kubernetes/apps/default/home-assistant/app/kustomization.yaml
new file mode 100644
index 000000000..a1208bb6a
--- /dev/null
+++ b/kubernetes/apps/default/home-assistant/app/kustomization.yaml
@@ -0,0 +1,16 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+ - ./helmrelease.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
+ - ./secret.sops.yaml
+ - ./token.sops.yaml
+ - ./podmonitor.yaml
+ - ./volume.yaml
+patchesStrategicMerge:
+ - ./patches/addons.yaml
+ - ./patches/postgres.yaml
diff --git a/kubernetes/apps/default/home-assistant/app/patches/addons.yaml b/kubernetes/apps/default/home-assistant/app/patches/addons.yaml
new file mode 100644
index 000000000..6e90fe76a
--- /dev/null
+++ b/kubernetes/apps/default/home-assistant/app/patches/addons.yaml
@@ -0,0 +1,42 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: home-assistant
+ namespace: default
+spec:
+ values:
+ addons:
+ codeserver:
+ enabled: true
+ image:
+ repository: ghcr.io/coder/code-server
+ tag: 4.9.1
+ env:
+ TZ: ${TIMEZONE}
+ workingDir: /config
+ args:
+ - --auth
+ - "none"
+ - --user-data-dir
+ - "/config/.vscode"
+ - --extensions-dir
+ - "/config/.vscode"
+ ingress:
+ enabled: true
+ ingressClassName: nginx
+ annotations:
+ hajimari.io/appName: "Hass Config"
+ hajimari.io/icon: cib:visual-studio-code
+ hosts:
+ - host: &host hass-code.${SECRET_CLUSTER_DOMAIN}
+ paths:
+ - path: /
+ pathType: Prefix
+ tls:
+ - hosts:
+ - *host
+ volumeMounts:
+ - name: config
+ mountPath: /config
diff --git a/kubernetes/cluster-0/apps/home-automation/home-assistant/patches/postgres.yaml b/kubernetes/apps/default/home-assistant/app/patches/postgres.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/home-automation/home-assistant/patches/postgres.yaml
rename to kubernetes/apps/default/home-assistant/app/patches/postgres.yaml
diff --git a/kubernetes/cluster-0/apps/home-automation/home-assistant/podmonitor.yaml b/kubernetes/apps/default/home-assistant/app/podmonitor.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/home-automation/home-assistant/podmonitor.yaml
rename to kubernetes/apps/default/home-assistant/app/podmonitor.yaml
diff --git a/kubernetes/apps/default/home-assistant/app/replicationsource.yaml b/kubernetes/apps/default/home-assistant/app/replicationsource.yaml
new file mode 100644
index 000000000..5616b0556
--- /dev/null
+++ b/kubernetes/apps/default/home-assistant/app/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: home-assistant
+ namespace: default
+spec:
+ sourcePVC: hass-config
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: home-assistant-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/home-assistant/app/restic.sops.yaml b/kubernetes/apps/default/home-assistant/app/restic.sops.yaml
new file mode 100644
index 000000000..957fff04a
--- /dev/null
+++ b/kubernetes/apps/default/home-assistant/app/restic.sops.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: home-assistant-restic
+ namespace: default
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:PSUxcuB0ZkoJ3+ims+yBY8gFGbn/JmM29lw7+TZ/ewbyMJeqMpWK4cvNIMzTt0M7dTcVdPiR8NPDyCpVI6maxA==,iv:crebRNDxmJSpGlh83bju2aTLS1aj8CLWaS6gdfeHHBU=,tag:mWjowas5pf0tx7lJyLGCTA==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T06:57:49Z"
+ mac: ENC[AES256_GCM,data:UOdoegFqPZEQYiGM8Pq1QJEIWkd5/5vzgcIDE9NHy4qwBMz182s1Vse5gGa+pWRTHWhLNxC6zjuhZjcBPFCa1K1dGF4dFDYRRxoG+wVEg200mdmYb4t0RPWnJ9tlDV8p0JXa53CJTvuB2+eQSQhCix2sjaOLU5LdEfbP5VYiN3U=,iv:HE6EQHPh5zC6pxBjGHmxU3xt/1Dwk1wHUl0H21W7dvs=,tag:+FaKITLwr7zXB9lKZ7c6kQ==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/home-automation/home-assistant/secret.sops.yaml b/kubernetes/apps/default/home-assistant/app/secret.sops.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/home-automation/home-assistant/secret.sops.yaml
rename to kubernetes/apps/default/home-assistant/app/secret.sops.yaml
diff --git a/kubernetes/cluster-0/apps/home-automation/home-assistant/token.sops.yaml b/kubernetes/apps/default/home-assistant/app/token.sops.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/home-automation/home-assistant/token.sops.yaml
rename to kubernetes/apps/default/home-assistant/app/token.sops.yaml
diff --git a/kubernetes/cluster-0/apps/home-automation/home-assistant/volume.yaml b/kubernetes/apps/default/home-assistant/app/volume.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/home-automation/home-assistant/volume.yaml
rename to kubernetes/apps/default/home-assistant/app/volume.yaml
diff --git a/kubernetes/apps/default/home-assistant/ks.yaml b/kubernetes/apps/default/home-assistant/ks.yaml
new file mode 100644
index 000000000..9bc772f63
--- /dev/null
+++ b/kubernetes/apps/default/home-assistant/ks.yaml
@@ -0,0 +1,27 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-home-assistant-app
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-cloudnative-pg-app
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ path: ./kubernetes/apps/default/home-assistant/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: home-assistant
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/web-tools/invidious/config/config.yml b/kubernetes/apps/default/invidious/app/config/config.yml
similarity index 100%
rename from kubernetes/cluster-0/apps/web-tools/invidious/config/config.yml
rename to kubernetes/apps/default/invidious/app/config/config.yml
diff --git a/kubernetes/cluster-0/apps/web-tools/invidious/helmrelease.yaml b/kubernetes/apps/default/invidious/app/helmrelease.yaml
similarity index 94%
rename from kubernetes/cluster-0/apps/web-tools/invidious/helmrelease.yaml
rename to kubernetes/apps/default/invidious/app/helmrelease.yaml
index d75c818c6..1e1407a27 100644
--- a/kubernetes/cluster-0/apps/web-tools/invidious/helmrelease.yaml
+++ b/kubernetes/apps/default/invidious/app/helmrelease.yaml
@@ -18,13 +18,12 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
dependsOn:
- - name: postgres-cluster
- namespace: default
+ - name: cloudnative-pg
values:
image:
repository: quay.io/invidious/invidious
diff --git a/kubernetes/cluster-0/apps/web-tools/invidious/kustomization.yaml b/kubernetes/apps/default/invidious/app/kustomization.yaml
similarity index 95%
rename from kubernetes/cluster-0/apps/web-tools/invidious/kustomization.yaml
rename to kubernetes/apps/default/invidious/app/kustomization.yaml
index 106556807..163aedfc3 100644
--- a/kubernetes/cluster-0/apps/web-tools/invidious/kustomization.yaml
+++ b/kubernetes/apps/default/invidious/app/kustomization.yaml
@@ -2,6 +2,7 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+namespace: default
resources:
- ./helmrelease.yaml
patchesStrategicMerge:
diff --git a/kubernetes/cluster-0/apps/web-tools/invidious/patches/postgres.yaml b/kubernetes/apps/default/invidious/app/patches/postgres.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/web-tools/invidious/patches/postgres.yaml
rename to kubernetes/apps/default/invidious/app/patches/postgres.yaml
diff --git a/kubernetes/apps/default/invidious/ks.yaml b/kubernetes/apps/default/invidious/ks.yaml
new file mode 100644
index 000000000..f19eb288d
--- /dev/null
+++ b/kubernetes/apps/default/invidious/ks.yaml
@@ -0,0 +1,25 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-invidious
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/default/invidious/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ dependsOn:
+ - name: cluster-apps-cloudnative-pg-cluster
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: invidious-server
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/media-servers/jellyfin/helmrelease.yaml b/kubernetes/apps/default/jellyfin/app/helmrelease.yaml
similarity index 91%
rename from kubernetes/cluster-0/apps/media-servers/jellyfin/helmrelease.yaml
rename to kubernetes/apps/default/jellyfin/app/helmrelease.yaml
index 93a0a7743..03da5229b 100644
--- a/kubernetes/cluster-0/apps/media-servers/jellyfin/helmrelease.yaml
+++ b/kubernetes/apps/default/jellyfin/app/helmrelease.yaml
@@ -18,21 +18,23 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
dependsOn:
- name: intel-gpu-plugin
- namespace: default
+ namespace: kube-system
- name: node-feature-discovery
- namespace: default
+ namespace: kube-system
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
image:
repository: ghcr.io/onedr0p/jellyfin
tag: 10.8.8@sha256:342c94a24b9c12e6b5a4de2d506229b9313d39026404a8137be1df9481ed0e68
env:
- DOTNET_SYSTEM_IO_DISABLEFILELOCKING: "true"
+ TZ: ${TIMEZONE}
service:
main:
type: LoadBalancer
@@ -102,8 +104,8 @@ spec:
resources:
requests:
gpu.intel.com/i915: 1
- cpu: 50m
- memory: 2Gi
+ cpu: 100m
+ memory: 1Gi
limits:
gpu.intel.com/i915: 1
- memory: 3Gi
+ memory: 6Gi
diff --git a/kubernetes/apps/default/jellyfin/app/kustomization.yaml b/kubernetes/apps/default/jellyfin/app/kustomization.yaml
new file mode 100644
index 000000000..fdd4f5040
--- /dev/null
+++ b/kubernetes/apps/default/jellyfin/app/kustomization.yaml
@@ -0,0 +1,10 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+ - ./helmrelease.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
+ - ./volume.yaml
diff --git a/kubernetes/apps/default/jellyfin/app/replicationsource.yaml b/kubernetes/apps/default/jellyfin/app/replicationsource.yaml
new file mode 100644
index 000000000..737dec79a
--- /dev/null
+++ b/kubernetes/apps/default/jellyfin/app/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: jellyfin
+ namespace: default
+spec:
+ sourcePVC: jellyfin-config
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: jellyfin-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/jellyfin/app/restic.sops.yaml b/kubernetes/apps/default/jellyfin/app/restic.sops.yaml
new file mode 100644
index 000000000..9aac615c7
--- /dev/null
+++ b/kubernetes/apps/default/jellyfin/app/restic.sops.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: jellyfin-restic
+ namespace: default
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:zdHAFyDjUDennf91x1RMlGxvBJomtD4mDcYjUUMQUpyfB3b/0NuY9WdTPXERpbgD4RoUIIfifyguCQ==,iv:CvbiSostuIg69mwLf1um6mT8Lr5TJnTvFZrprjOlQW8=,tag:ezJiSmVdbUpKi7juLcm4FA==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T14:58:54Z"
+ mac: ENC[AES256_GCM,data:yuXIyY3j8Pmx9RTdKvTMUbhOHKYUdLtcnLVsng02lJJ2t+LW0lgJWO2B7ypPdSeQvLL8wLhbMaRSBjhR2Jr5mFgzhFQ0HIqR2B2OpF2ryoic28j9Xs7hYHnJSfllbERzNRjV7jqteexxZK6QZ2OUF2/4b53bstf3ayk9cpa5Mbk=,iv:fo9U+AmvzfsI53hZd8OrrlOIYXfSoqsmnmco1rQKBrs=,tag:BUpXfJ3WUpV+CNYGz+z4Vw==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/media-servers/jellyfin/volume.yaml b/kubernetes/apps/default/jellyfin/app/volume.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/media-servers/jellyfin/volume.yaml
rename to kubernetes/apps/default/jellyfin/app/volume.yaml
diff --git a/kubernetes/apps/default/jellyfin/ks.yaml b/kubernetes/apps/default/jellyfin/ks.yaml
new file mode 100644
index 000000000..fc9a4605f
--- /dev/null
+++ b/kubernetes/apps/default/jellyfin/ks.yaml
@@ -0,0 +1,26 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-jellyfin-app
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ path: ./kubernetes/apps/default/jellyfin/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: jellyfin
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/media-automation/jellyseerr/helmrelease.yaml b/kubernetes/apps/default/jellyseer/app/helmrelease.yaml
similarity index 89%
rename from kubernetes/cluster-0/apps/media-automation/jellyseerr/helmrelease.yaml
rename to kubernetes/apps/default/jellyseer/app/helmrelease.yaml
index 91c9843e3..05f182091 100644
--- a/kubernetes/cluster-0/apps/media-automation/jellyseerr/helmrelease.yaml
+++ b/kubernetes/apps/default/jellyseer/app/helmrelease.yaml
@@ -3,7 +3,7 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
- name: &app jellyseerr
+ name: &app jellyseer
namespace: default
spec:
interval: 15m
@@ -18,10 +18,13 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
+ dependsOn:
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
image:
repository: docker.io/fallenbagel/jellyseerr
@@ -60,7 +63,7 @@ spec:
persistence:
config:
enabled: true
- existingClaim: jellyseerr-config
+ existingClaim: jellyseer-config
mountPath: /app/config
resources:
requests:
diff --git a/kubernetes/apps/default/jellyseer/app/kustomization.yaml b/kubernetes/apps/default/jellyseer/app/kustomization.yaml
new file mode 100644
index 000000000..fdd4f5040
--- /dev/null
+++ b/kubernetes/apps/default/jellyseer/app/kustomization.yaml
@@ -0,0 +1,10 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+ - ./helmrelease.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
+ - ./volume.yaml
diff --git a/kubernetes/apps/default/jellyseer/app/replicationsource.yaml b/kubernetes/apps/default/jellyseer/app/replicationsource.yaml
new file mode 100644
index 000000000..cc9e389ef
--- /dev/null
+++ b/kubernetes/apps/default/jellyseer/app/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: jellyseer
+ namespace: default
+spec:
+ sourcePVC: jellyseer-config
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: jellyseer-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/jellyseer/app/restic.sops.yaml b/kubernetes/apps/default/jellyseer/app/restic.sops.yaml
new file mode 100644
index 000000000..ded8236b8
--- /dev/null
+++ b/kubernetes/apps/default/jellyseer/app/restic.sops.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: jellyseer-restic
+ namespace: default
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:5F8kdeH1b4nG7enN+iVgUsUZoCCNtul1EItkZi8T1ZwuSAbJUVCACY616PRd+IPp59F3okD8buBd4sg=,iv:pQTWVo5sO8y4sKqSvSrzBK6khuPIZPCCgAFOsmUVpWE=,tag:QMVMhK4DaevP6v7feKG0+g==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T15:30:10Z"
+ mac: ENC[AES256_GCM,data:lyZmYX4mAjgnKwJiQHi0+jKjXgEl2q7d9hIysAFnZECJM5c2ObrTTzWBSgEzgqgBUA0E01X7AJYGM7/psNCljm1k4a3taXtTpy+5Yn7hd65k2B5nt1im9awwXKXhxayMXFsaVwIglIzW5UfsJ5mVmoGYC+6vVi7teVfhziqps6w=,iv:lmA7+RA+2kR3mJ1Pdv5FLx0+FHa8Ve7i8erItKWBncA=,tag:TMMhypGTeE6FxqO4EO8qhg==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/web-tools/homer/volume.yaml b/kubernetes/apps/default/jellyseer/app/volume.yaml
similarity index 80%
rename from kubernetes/cluster-0/apps/web-tools/homer/volume.yaml
rename to kubernetes/apps/default/jellyseer/app/volume.yaml
index dbdd87d92..847825715 100644
--- a/kubernetes/cluster-0/apps/web-tools/homer/volume.yaml
+++ b/kubernetes/apps/default/jellyseer/app/volume.yaml
@@ -2,10 +2,10 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
- name: homer-config
+ name: jellyseer-config
namespace: default
labels:
- app.kubernetes.io/name: &name homer
+ app.kubernetes.io/name: &name jellyseer
app.kubernetes.io/instance: *name
snapshot.home.arpa/enabled: "true"
spec:
diff --git a/kubernetes/apps/default/jellyseer/ks.yaml b/kubernetes/apps/default/jellyseer/ks.yaml
new file mode 100644
index 000000000..983b7c831
--- /dev/null
+++ b/kubernetes/apps/default/jellyseer/ks.yaml
@@ -0,0 +1,26 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-jellyseer-app
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ path: ./kubernetes/apps/default/jellyseer/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: jellyseer
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/kube-tools/rbac/jobs.yaml b/kubernetes/apps/default/jobs-rbac.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/kube-tools/rbac/jobs.yaml
rename to kubernetes/apps/default/jobs-rbac.yaml
diff --git a/kubernetes/cluster-0/apps/web-tools/joplin/helmrelease.yaml b/kubernetes/apps/default/joplin/app/helmrelease.yaml
similarity index 93%
rename from kubernetes/cluster-0/apps/web-tools/joplin/helmrelease.yaml
rename to kubernetes/apps/default/joplin/app/helmrelease.yaml
index 25151a877..305b7af0a 100644
--- a/kubernetes/cluster-0/apps/web-tools/joplin/helmrelease.yaml
+++ b/kubernetes/apps/default/joplin/app/helmrelease.yaml
@@ -18,13 +18,14 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
dependsOn:
- - name: postgres-cluster
- namespace: default
+ - name: cloudnative-pg
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
global:
nameOverride: *app
diff --git a/kubernetes/cluster-0/apps/media-servers/lychee/kustomization.yaml b/kubernetes/apps/default/joplin/app/kustomization.yaml
similarity index 92%
rename from kubernetes/cluster-0/apps/media-servers/lychee/kustomization.yaml
rename to kubernetes/apps/default/joplin/app/kustomization.yaml
index 3d4e1f12d..788e332dd 100644
--- a/kubernetes/cluster-0/apps/media-servers/lychee/kustomization.yaml
+++ b/kubernetes/apps/default/joplin/app/kustomization.yaml
@@ -2,9 +2,9 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+namespace: default
resources:
- - ./volume.yaml
- - ./secret.sops.yaml
- ./helmrelease.yaml
+ - ./secret.sops.yaml
patchesStrategicMerge:
- ./patches/postgres.yaml
diff --git a/kubernetes/cluster-0/apps/web-tools/joplin/patches/postgres.yaml b/kubernetes/apps/default/joplin/app/patches/postgres.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/web-tools/joplin/patches/postgres.yaml
rename to kubernetes/apps/default/joplin/app/patches/postgres.yaml
diff --git a/kubernetes/cluster-0/apps/web-tools/joplin/secret.sops.yaml b/kubernetes/apps/default/joplin/app/secret.sops.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/web-tools/joplin/secret.sops.yaml
rename to kubernetes/apps/default/joplin/app/secret.sops.yaml
diff --git a/kubernetes/apps/default/joplin/ks.yaml b/kubernetes/apps/default/joplin/ks.yaml
new file mode 100644
index 000000000..b8b2aed54
--- /dev/null
+++ b/kubernetes/apps/default/joplin/ks.yaml
@@ -0,0 +1,25 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-joplin
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/default/joplin/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ dependsOn:
+ - name: cluster-apps-cloudnative-pg-cluster
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: joplin
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/media-servers/media-browser/helmrelease.yaml b/kubernetes/apps/default/komga/app/helmrelease.yaml
similarity index 92%
rename from kubernetes/cluster-0/apps/media-servers/media-browser/helmrelease.yaml
rename to kubernetes/apps/default/komga/app/helmrelease.yaml
index 209e34b69..56aaf1c22 100644
--- a/kubernetes/cluster-0/apps/media-servers/media-browser/helmrelease.yaml
+++ b/kubernetes/apps/default/komga/app/helmrelease.yaml
@@ -3,7 +3,7 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
- name: &app media-browser
+ name: &app komga
namespace: default
spec:
interval: 15m
@@ -18,10 +18,13 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
+ dependsOn:
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
image:
repository: docker.io/filebrowser/filebrowser
@@ -67,7 +70,7 @@ spec:
persistence:
config:
enabled: true
- existingClaim: media-browser-config
+ existingClaim: komga-config
music:
enabled: true
type: nfs
diff --git a/kubernetes/apps/default/komga/app/kustomization.yaml b/kubernetes/apps/default/komga/app/kustomization.yaml
new file mode 100644
index 000000000..fdd4f5040
--- /dev/null
+++ b/kubernetes/apps/default/komga/app/kustomization.yaml
@@ -0,0 +1,10 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+ - ./helmrelease.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
+ - ./volume.yaml
diff --git a/kubernetes/apps/default/komga/app/replicationsource.yaml b/kubernetes/apps/default/komga/app/replicationsource.yaml
new file mode 100644
index 000000000..a417e0c9b
--- /dev/null
+++ b/kubernetes/apps/default/komga/app/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: komga
+ namespace: default
+spec:
+ sourcePVC: komga-config
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: komga-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/komga/app/restic.sops.yaml b/kubernetes/apps/default/komga/app/restic.sops.yaml
new file mode 100644
index 000000000..c14829f0b
--- /dev/null
+++ b/kubernetes/apps/default/komga/app/restic.sops.yaml
@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: komga-restic
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:EQwNtHM7zq+LAautvDr7HuQlHmnL4eqJAqJ8fNXSumsgprsv2jTJGuci536/bW78DDd2I3q2aA==,iv:V1EWy9OWUmf+HF/0TuFhFKIJeDDhJPlCqMGXnegTcwk=,tag:cQo+hhAnhbhgflRnRKISIw==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T14:49:00Z"
+ mac: ENC[AES256_GCM,data:jdh0aJqIvQ+u+A5sl/iCfE1wVRxJe9i4l39trNhSsstl/mEuUnzq3ooQ0I0K1UP1ebgd4vhDQrkcH3dUifrqA6HLu+63JQBzHZ3mCl37yaRmNZ4HKqzjVIqubEttWrbkanbHIVzThvIz26XpM+Oul8+xE5FDVTOFFuKLKPug4s0=,iv:J10+0oZJDn6xTwW7m0YW+J3/EFHzylNjXQF5+TCwviQ=,tag:tevul45+5wIuhti9Ta9ymw==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/media-servers/komga/volume.yaml b/kubernetes/apps/default/komga/app/volume.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/media-servers/komga/volume.yaml
rename to kubernetes/apps/default/komga/app/volume.yaml
diff --git a/kubernetes/apps/default/komga/ks.yaml b/kubernetes/apps/default/komga/ks.yaml
new file mode 100644
index 000000000..01ffabe72
--- /dev/null
+++ b/kubernetes/apps/default/komga/ks.yaml
@@ -0,0 +1,26 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-komga
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ path: ./kubernetes/apps/default/komga/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: komga
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/apps/default/kustomization.yaml b/kubernetes/apps/default/kustomization.yaml
new file mode 100644
index 000000000..9468997e6
--- /dev/null
+++ b/kubernetes/apps/default/kustomization.yaml
@@ -0,0 +1,60 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+ # Pre Flux-Kustomizations
+ - ./namespace.yaml
+ # Flux-Kustomizations
+ - ./authelia/ks.yaml
+ - ./bazarr/ks.yaml
+ - ./calibre/ks.yaml
+ - ./calibre-web/ks.yaml
+ - ./cloudnative-pg/ks.yaml
+ - ./drone/ks.yaml
+ - ./emqx/ks.yaml
+ - ./flood/ks.yaml
+ - ./freshrss/ks.yaml
+ - ./gitea/ks.yaml
+ - ./glauth/ks.yaml
+ - ./hajimari/ks.yaml
+ - ./home-assistant/ks.yaml
+ - ./invidious/ks.yaml
+ - ./jellyfin/ks.yaml
+ - ./jellyseer/ks.yaml
+ - ./joplin/ks.yaml
+ - ./komga/ks.yaml
+ - ./lidarr/ks.yaml
+ - ./libreddit/ks.yaml
+ - ./lychee/ks.yaml
+ - ./media-browser/ks.yaml
+ - ./music-transcode/ks.yaml
+ - ./navidrome/ks.yaml
+ - ./nitter/ks.yaml
+ - ./outline/ks.yaml
+ - ./paperless/ks.yaml
+ - ./pgadmin/ks.yaml
+ - ./prowlarr/ks.yaml
+ - ./pyload/ks.yaml
+ - ./qbittorrent/ks.yaml
+ - ./radarr/ks.yaml
+ - ./readarr/ks.yaml
+ - ./recyclarr/ks.yaml
+ - ./redis/ks.yaml
+ - ./resilio-sync/ks.yaml
+ - ./sabnzbd/ks.yaml
+ - ./sharry/ks.yaml
+ - ./sonarr/ks.yaml
+ - ./smtp-relay/ks.yaml
+ - ./tandoor/ks.yaml
+ - ./theme-park/ks.yaml
+ - ./unifi/ks.yaml
+ - ./uptime-kuma/ks.yaml
+ - ./vaultwarden/ks.yaml
+ - ./vikunja/ks.yaml
+ - ./wallabag/ks.yaml
+ - ./whoogle/ks.yaml
+ - ./zigbee2mqtt/ks.yaml
+ - ./zwave-js-ui/ks.yaml
+ # Default resources
+ - jobs-rbac.yaml
diff --git a/kubernetes/cluster-0/apps/web-tools/libreddit/helmrelease.yaml b/kubernetes/apps/default/libreddit/app/helmrelease.yaml
similarity index 93%
rename from kubernetes/cluster-0/apps/web-tools/libreddit/helmrelease.yaml
rename to kubernetes/apps/default/libreddit/app/helmrelease.yaml
index 8196cbf21..b1f92fed0 100644
--- a/kubernetes/cluster-0/apps/web-tools/libreddit/helmrelease.yaml
+++ b/kubernetes/apps/default/libreddit/app/helmrelease.yaml
@@ -18,13 +18,10 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
- dependsOn:
- - name: postgres-cluster
- namespace: default
+ retries: 3
values:
image:
repository: ghcr.io/auricom/libreddit
diff --git a/kubernetes/cluster-0/apps/kube-tools/descheduler/kustomization.yaml b/kubernetes/apps/default/libreddit/app/kustomization.yaml
similarity index 90%
rename from kubernetes/cluster-0/apps/kube-tools/descheduler/kustomization.yaml
rename to kubernetes/apps/default/libreddit/app/kustomization.yaml
index 17cbc72b2..5b48b4e26 100644
--- a/kubernetes/cluster-0/apps/kube-tools/descheduler/kustomization.yaml
+++ b/kubernetes/apps/default/libreddit/app/kustomization.yaml
@@ -2,5 +2,6 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+namespace: default
resources:
- ./helmrelease.yaml
diff --git a/kubernetes/apps/default/libreddit/ks.yaml b/kubernetes/apps/default/libreddit/ks.yaml
new file mode 100644
index 000000000..5d8346cf3
--- /dev/null
+++ b/kubernetes/apps/default/libreddit/ks.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-libreddit
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/default/libreddit/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: libreddit
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/media-automation/lidarr/helmrelease.yaml b/kubernetes/apps/default/lidarr/app/helmrelease.yaml
similarity index 94%
rename from kubernetes/cluster-0/apps/media-automation/lidarr/helmrelease.yaml
rename to kubernetes/apps/default/lidarr/app/helmrelease.yaml
index 61233938d..df728d151 100644
--- a/kubernetes/cluster-0/apps/media-automation/lidarr/helmrelease.yaml
+++ b/kubernetes/apps/default/lidarr/app/helmrelease.yaml
@@ -18,10 +18,13 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
+ dependsOn:
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
image:
repository: ghcr.io/onedr0p/lidarr-develop
@@ -49,6 +52,7 @@ spec:
proxy_set_header Accept-Encoding "";
sub_filter '' '';
sub_filter_once on;
+ hajimari.io/icon: mdi:headphones
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/kubernetes/apps/default/lidarr/app/kustomization.yaml b/kubernetes/apps/default/lidarr/app/kustomization.yaml
new file mode 100644
index 000000000..f6d952284
--- /dev/null
+++ b/kubernetes/apps/default/lidarr/app/kustomization.yaml
@@ -0,0 +1,11 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+ - ./helmrelease.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
+ - ./secret.sops.yaml
+ - ./volume.yaml
diff --git a/kubernetes/apps/default/lidarr/app/replicationsource.yaml b/kubernetes/apps/default/lidarr/app/replicationsource.yaml
new file mode 100644
index 000000000..b73f50f26
--- /dev/null
+++ b/kubernetes/apps/default/lidarr/app/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: lidarr
+ namespace: default
+spec:
+ sourcePVC: lidarr-config
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: lidarr-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/lidarr/app/restic.sops.yaml b/kubernetes/apps/default/lidarr/app/restic.sops.yaml
new file mode 100644
index 000000000..bdb6f0f90
--- /dev/null
+++ b/kubernetes/apps/default/lidarr/app/restic.sops.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: lidarr-restic
+ namespace: default
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:9TU2gSIK5QV/xBdBBziqF7ajXzwH8F/ZssdBHwufbWVWcDvT+1bVrINVEiHWQf5XnqxOpphq9cI=,iv:l7+Sd+QhcRuq0d0AcBoeRaQCVFxjokRxwh4QQ+BFoxA=,tag:15dkxHK2dOYGiHYI1BZ9Yw==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T15:33:10Z"
+ mac: ENC[AES256_GCM,data:SqVBbFRJ1z/Jq6O5EbGsL20yLjMRf2UyQXmBUxwbLRK8WfBahgW0YYcXCnzWsSWAgAIxgn18INd61zMiH9eT6MIRi2N1avtwoHYIY8Z6lG/+qPf4fUXeXTALuhozwJ73ozYw9hPKh+nUYuSZHluEv8xRalu5Ml4uPY5EhER5l5Q=,iv:4Dja+GbOy986eYvlNSGH0rH/UuQr6sPBzEw8gQbQHsw=,tag:7R7lYosch5PSCZodb1uhdQ==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/apps/default/lidarr/app/secret.sops.yaml b/kubernetes/apps/default/lidarr/app/secret.sops.yaml
new file mode 100644
index 000000000..22ea15d3a
--- /dev/null
+++ b/kubernetes/apps/default/lidarr/app/secret.sops.yaml
@@ -0,0 +1,29 @@
+# yamllint disable
+apiVersion: v1
+kind: Secret
+metadata:
+ name: lidarr
+ namespace: default
+type: Opaque
+stringData:
+ LIDARR__API_KEY: ENC[AES256_GCM,data:GSu/jivdFANYsUrPwRM5bwrWLX/7nwKn9AOLium0m6Y=,iv:xn+wD7ZyJfL80UpAVy/XIiubtifwIrBuU876Uy8vrgU=,tag:H8lV7wJeV2m2XDLVMx6p/Q==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaU16anJNV2pBZmxPR3h2
+ bWREUnpjcTFvd05ZQ2E4VVBDdm1FL2k4WEYwCkdQSStTNWtpdjNkUW51WS9MekdC
+ VkpTUUFjSjY2a1JMOUtqOVh5M0JRR2sKLS0tIDRmcWpJSEVvaUp4U1lsaTZYZGNw
+ OGVKWU0zNUZJSFh4aFJxQWFsYm1VeFkKaDeI/hl7z0Qh8t5W39Kxu9ert1dt4xo+
+ LX+MjpVqxiZNcfwROD4bkWeQSN+VsxoGOOyj4L15BlggNnlg+L7Hww==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T15:32:56Z"
+ mac: ENC[AES256_GCM,data:qYD7LQtuhERFaWAhakfOrX8kRtB9gVa4e3ePf8X61edHBzJAInvUceBCOUDZahnyCSg6pzBIfFp5uOgPbYTs8wfc4Aq/vvgWt4b7LIRdWbpo3EoYDfL/fKKZFGzOoX42y9Krd8dtndD0YYRvRt4pQkBwEkAluSOWbNOG1rWBnHw=,iv:3EZYLcxGsS9YyaITAKw9AG8TWCZrbm80pv7ohQXSZvU=,tag:eQNjWtRicx0b++n28qK7wQ==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/media-automation/lidarr/volume.yaml b/kubernetes/apps/default/lidarr/app/volume.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/media-automation/lidarr/volume.yaml
rename to kubernetes/apps/default/lidarr/app/volume.yaml
diff --git a/kubernetes/apps/default/lidarr/ks.yaml b/kubernetes/apps/default/lidarr/ks.yaml
new file mode 100644
index 000000000..50eae5d37
--- /dev/null
+++ b/kubernetes/apps/default/lidarr/ks.yaml
@@ -0,0 +1,26 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-lidarr-app
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ path: ./kubernetes/apps/default/lidarr/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: lidarr
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/media-servers/lychee/helmrelease.yaml b/kubernetes/apps/default/lychee/app/helmrelease.yaml
similarity index 92%
rename from kubernetes/cluster-0/apps/media-servers/lychee/helmrelease.yaml
rename to kubernetes/apps/default/lychee/app/helmrelease.yaml
index 55bb64e2c..0368f33b8 100644
--- a/kubernetes/cluster-0/apps/media-servers/lychee/helmrelease.yaml
+++ b/kubernetes/apps/default/lychee/app/helmrelease.yaml
@@ -18,15 +18,14 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
dependsOn:
- - name: postgres-cluster
- namespace: default
- - name: redis
- namespace: default
+ - name: cloudnative-pg
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
image:
repository: lycheeorg/lychee-laravel
diff --git a/kubernetes/cluster-0/apps/web-tools/vaultwarden/kustomization.yaml b/kubernetes/apps/default/lychee/app/kustomization.yaml
similarity index 79%
rename from kubernetes/cluster-0/apps/web-tools/vaultwarden/kustomization.yaml
rename to kubernetes/apps/default/lychee/app/kustomization.yaml
index 5342caf09..06c622307 100644
--- a/kubernetes/cluster-0/apps/web-tools/vaultwarden/kustomization.yaml
+++ b/kubernetes/apps/default/lychee/app/kustomization.yaml
@@ -2,8 +2,11 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+namespace: default
resources:
- ./helmrelease.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
- ./secret.sops.yaml
- ./volume.yaml
patchesStrategicMerge:
diff --git a/kubernetes/cluster-0/apps/media-servers/lychee/patches/postgres.yaml b/kubernetes/apps/default/lychee/app/patches/postgres.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/media-servers/lychee/patches/postgres.yaml
rename to kubernetes/apps/default/lychee/app/patches/postgres.yaml
diff --git a/kubernetes/apps/default/lychee/app/replicationsource.yaml b/kubernetes/apps/default/lychee/app/replicationsource.yaml
new file mode 100644
index 000000000..8a03a49fc
--- /dev/null
+++ b/kubernetes/apps/default/lychee/app/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: lychee
+ namespace: default
+spec:
+ sourcePVC: lychee-files
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: lychee-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/lychee/app/restic.sops.yaml b/kubernetes/apps/default/lychee/app/restic.sops.yaml
new file mode 100644
index 000000000..93fca3940
--- /dev/null
+++ b/kubernetes/apps/default/lychee/app/restic.sops.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: lychee-restic
+ namespace: default
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:indKdyrRptk2rKJFrtaNjufG4asKcjTb9mvQjW9t00iJuR1mNLafazViyBcEjIoSm4MN4B9WAI4=,iv:E16uoSrAJQ+CF/uu1dP5ZJ9l0uT5DyTbWa50j3pGk1I=,tag:TPpmObERt9fz8tgWA1P81g==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T15:00:37Z"
+ mac: ENC[AES256_GCM,data:rl+tYaE6BAR0IFy4Jz2mZ6MZKBDmjZ8R0WCxrpV9jgWWGKKnIfduRoiErXFTSX3BojqSMnOowzi3Y7W0YgZTHPJXfymTHx4UfbRyNJkZHOc4P6S4tyZLxj5n/F9uO/i4GSt+x0By2PLuVJUR5oY2siLezSCDevtiSs6MEIlLRAw=,iv:1tvzLaymrwk3u6pv8Y9wbh7Xz8gbUZZ5C3meLFNDB1E=,tag:kDU4NvGtullPjHe0Fw+JVg==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/media-servers/lychee/secret.sops.yaml b/kubernetes/apps/default/lychee/app/secret.sops.yaml
similarity index 58%
rename from kubernetes/cluster-0/apps/media-servers/lychee/secret.sops.yaml
rename to kubernetes/apps/default/lychee/app/secret.sops.yaml
index 9c7842e5b..ffd5e4781 100644
--- a/kubernetes/cluster-0/apps/media-servers/lychee/secret.sops.yaml
+++ b/kubernetes/apps/default/lychee/app/secret.sops.yaml
@@ -6,8 +6,8 @@ metadata:
namespace: default
type: Opaque
stringData:
- DB_USERNAME: ENC[AES256_GCM,data:AYtw694u,iv:WiWUnIxv44F3hP69AMe1iZCO6+E2zG19KtyhACFG9Xs=,tag:Nqozw/OhXSR4AqtsrV/c+Q==,type:str]
- DB_PASSWORD: ENC[AES256_GCM,data:M5kb0xQ7owTY2EFs00U=,iv:zxULHd/EDwr1DbhPPXJ5hH3gb1NvKilkJKV+X5LL9wA=,tag:HYa8DVQT9M2P2ISFTeCdLA==,type:str]
+ DB_USERNAME: ENC[AES256_GCM,data:aEFa7HU4,iv:fS7dJjHGB/Qd0lLKKOG1MJ18WA6L3YxyBWbo8gZvmXc=,tag:FRTCcKgAy9oqUw/qz8MSwg==,type:str]
+ DB_PASSWORD: ENC[AES256_GCM,data:sc3ekmCLFNk+Oy9fAF4=,iv:Jr8XwbB5wO0rGbozPODZIijg9BbBiqnoV34YDOEJHc8=,tag:M/3L2WbfHkRUvfP95GLcMQ==,type:str]
sops:
kms: []
gcp_kms: []
@@ -23,8 +23,8 @@ sops:
OGVKWU0zNUZJSFh4aFJxQWFsYm1VeFkKaDeI/hl7z0Qh8t5W39Kxu9ert1dt4xo+
LX+MjpVqxiZNcfwROD4bkWeQSN+VsxoGOOyj4L15BlggNnlg+L7Hww==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2022-09-15T05:55:48Z"
- mac: ENC[AES256_GCM,data:UWUyj6I6lndX3usRwDhF1EvY5LZ+zRmk0M2MGMUduBTr7+vgNvsV3brugkMPBJcHNmxkyyDh+r+rC8vIE+1BH8P/eYxB1DP0DAQIcieuVto40dIKh0z426VkeF6tD+zHyCWeeUxjVWwxrls7jiTDBWuSk7PSD6VhqBJqMJ2IuiE=,iv:GUz7JE6HXmIApfSgOlRvm4wAlkMFci/tudFU/uLZ/Yc=,tag:qcAAlGszHcuHbZ0uXwYB/A==,type:str]
+ lastmodified: "2022-12-28T15:01:21Z"
+ mac: ENC[AES256_GCM,data:k1UsbtS868JoU28Y1vi+Pdbe5TlHKuH8HFMUrh8V6JA2Kak0TvS+3Mi7aAhXQJnWZRegeyrV4A2Z9rfuS55uKztFDQHdTmk0o00I9rq0G42EdsaynIM2ToR61/1cBHvwUuopxEJ8S+sM18/W0IQIJ2qH4hZsdQBVI75KtehSlT8=,iv:Il7gSuAItFi1k2UF3Y1qPpq+rjDQQx/qtl1Vt0+Th6M=,tag:5vTTFYYzuvDoRORuOsR7aQ==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/media-servers/lychee/volume.yaml b/kubernetes/apps/default/lychee/app/volume.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/media-servers/lychee/volume.yaml
rename to kubernetes/apps/default/lychee/app/volume.yaml
diff --git a/kubernetes/apps/default/lychee/ks.yaml b/kubernetes/apps/default/lychee/ks.yaml
new file mode 100644
index 000000000..c58a7c71c
--- /dev/null
+++ b/kubernetes/apps/default/lychee/ks.yaml
@@ -0,0 +1,27 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-lychee
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/default/lychee/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ dependsOn:
+ - name: cluster-apps-cloudnative-pg-cluster
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: lychee
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/media-servers/komga/helmrelease.yaml b/kubernetes/apps/default/media-browser/app/helmrelease.yaml
similarity index 93%
rename from kubernetes/cluster-0/apps/media-servers/komga/helmrelease.yaml
rename to kubernetes/apps/default/media-browser/app/helmrelease.yaml
index f19af8a19..d1e2b7a54 100644
--- a/kubernetes/cluster-0/apps/media-servers/komga/helmrelease.yaml
+++ b/kubernetes/apps/default/media-browser/app/helmrelease.yaml
@@ -18,10 +18,13 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
+ dependsOn:
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
image:
repository: gotson/komga
diff --git a/kubernetes/apps/default/media-browser/app/kustomization.yaml b/kubernetes/apps/default/media-browser/app/kustomization.yaml
new file mode 100644
index 000000000..fdd4f5040
--- /dev/null
+++ b/kubernetes/apps/default/media-browser/app/kustomization.yaml
@@ -0,0 +1,10 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+ - ./helmrelease.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
+ - ./volume.yaml
diff --git a/kubernetes/apps/default/media-browser/app/replicationsource.yaml b/kubernetes/apps/default/media-browser/app/replicationsource.yaml
new file mode 100644
index 000000000..c72e4932f
--- /dev/null
+++ b/kubernetes/apps/default/media-browser/app/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: media-browser
+ namespace: default
+spec:
+ sourcePVC: media-browser-config
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: media-browser-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/media-browser/app/restic.sops.yaml b/kubernetes/apps/default/media-browser/app/restic.sops.yaml
new file mode 100644
index 000000000..436ef2d4d
--- /dev/null
+++ b/kubernetes/apps/default/media-browser/app/restic.sops.yaml
@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: media-browser-restic
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:0yTdf+xoL8IPuWqVGPSWDpJ9/mDomP9QR5NCkDHrFDoY30nsvyDSChBWa3gCtrBjQOvyoXsfPg2N2eCCvSIR,iv:Ky3NuiDgw9w4isHBNcaWx1EQX5893GgaCPyhCNgmcLM=,tag:TnMn/2adBvA6emxeSRayxA==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T14:47:51Z"
+ mac: ENC[AES256_GCM,data:glyXcw3UgFAceT3sfX1YsO1pZBQg29fK8iXGiaIfx+AlHD/AerUOSoFGYHhlun3lRbXxv1jH8Q4Jkd4afpcQmA9fpXEEP/OIrWF0ORSrPG8jAOCGYHyFoMv4MevTUZqSfY2g8vVfYQt++5TBPDTZe/JNdoPO0v9ENGjWTnPnq3g=,iv:oynyyDwR0yLE5+ZtyZY1Ynhm5xbD8pQ05Hbz/tJROrY=,tag:ULMrr+hXq/Ga2vsf8hHcwg==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/media-servers/media-browser/volume.yaml b/kubernetes/apps/default/media-browser/app/volume.yaml
similarity index 94%
rename from kubernetes/cluster-0/apps/media-servers/media-browser/volume.yaml
rename to kubernetes/apps/default/media-browser/app/volume.yaml
index 2268503b2..bb2185241 100644
--- a/kubernetes/cluster-0/apps/media-servers/media-browser/volume.yaml
+++ b/kubernetes/apps/default/media-browser/app/volume.yaml
@@ -13,5 +13,5 @@ spec:
- ReadWriteOnce
resources:
requests:
- storage: 1Gi
+ storage: 20Gi
storageClassName: rook-ceph-block
diff --git a/kubernetes/apps/default/media-browser/ks.yaml b/kubernetes/apps/default/media-browser/ks.yaml
new file mode 100644
index 000000000..ab3ff1230
--- /dev/null
+++ b/kubernetes/apps/default/media-browser/ks.yaml
@@ -0,0 +1,26 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-media-browser
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ path: ./kubernetes/apps/default/media-browser/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: media-browser
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/media-automation/music-transcode/cronjob.yaml b/kubernetes/apps/default/music-transcode/app/cronjob.yaml
similarity index 67%
rename from kubernetes/cluster-0/apps/media-automation/music-transcode/cronjob.yaml
rename to kubernetes/apps/default/music-transcode/app/cronjob.yaml
index 14965ccce..287e1916c 100644
--- a/kubernetes/cluster-0/apps/media-automation/music-transcode/cronjob.yaml
+++ b/kubernetes/apps/default/music-transcode/app/cronjob.yaml
@@ -36,23 +36,18 @@ spec:
- |
#!/bin/bash
- HEALTHCHECKS=true
+ /app/transcode.sh -c
+ /app/transcode.sh -r
- curl --location raw.githubusercontent.com/auricom/home-ops/main/scripts/transcode_music/transcode.bash --output /tmp/transcode.bash
- chmod a+x /tmp/transcode.bash
- curl --location raw.githubusercontent.com/auricom/home-ops/main/scripts/transcode_music/transcode_exclude.cfg --output /tmp/transcode_exclude.cfg
- cd /tmp
- ./transcode.bash -c
- test $? -ne 0 && HEALTHCHECKS=false
- ./transcode.bash -r
- test $? -ne 0 && HEALTHCHECK=false
-
- test FLAG && curl -m 10 --retry 5 http://healthchecks.default.svc.cluster.local.:/ping/${SECRET_HEALTHCHECKS_PING_KEY}/k3s-transcode-music
volumeMounts:
- name: music-transcoded
mountPath: /mnt/music_transcoded
- name: music
mountPath: /mnt/music
+ - name: scripts
+ mountPath: /app
+ readOnly: true
+
volumes:
- name: music-transcoded
nfs:
@@ -62,3 +57,6 @@ spec:
nfs:
server: "${LOCAL_LAN_TRUENAS}"
path: /mnt/storage/music
+ - name: scripts
+ configMap:
+ name: transcode-configmap
diff --git a/kubernetes/cluster-0/apps/home-automation/frigate/kustomization.yaml b/kubernetes/apps/default/music-transcode/app/kustomization.yaml
similarity index 72%
rename from kubernetes/cluster-0/apps/home-automation/frigate/kustomization.yaml
rename to kubernetes/apps/default/music-transcode/app/kustomization.yaml
index c1d261109..e46aff339 100644
--- a/kubernetes/cluster-0/apps/home-automation/frigate/kustomization.yaml
+++ b/kubernetes/apps/default/music-transcode/app/kustomization.yaml
@@ -2,14 +2,14 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
-resources:
- - ./volume.yaml
- - ./helmrelease.yaml
namespace: default
+resources:
+ - ./cronjob.yaml
configMapGenerator:
- - name: frigate
+ - name: transcode-configmap
files:
- - ./config.yaml
+ - ./scripts/transcode.sh
+ - ./scripts/transcode_exclude.cfg
generatorOptions:
disableNameSuffixHash: true
annotations:
diff --git a/kubernetes/apps/default/music-transcode/app/scripts/transcode.sh b/kubernetes/apps/default/music-transcode/app/scripts/transcode.sh
new file mode 100755
index 000000000..1980531ab
--- /dev/null
+++ b/kubernetes/apps/default/music-transcode/app/scripts/transcode.sh
@@ -0,0 +1,306 @@
+#!/bin/bash
+
+#set -x
+
+exec > >(awk '{ print strftime("[%Y-%m-%d %H:%M:%S]"), $0 }') 2>&1
+
+checkForVariable()
+{
+ local env_var=
+ env_var=$(declare -p "$1")
+ if ! [[ -v $1 && $env_var =~ ^declare\ -x ]]; then
+ echo "ERROR: $1 environment variable is not set"
+ exit 1
+ fi
+}
+
+export MODE_DELETE=false
+export MODE_CHECKSUM=false
+export MODE_DRY_RUN=false
+export TIMESTAMP=$(date "+%Y%m%d_%H%M%S")
+
+checkForVariable TRANSCODE_INPUT_DIR
+checkForVariable TRANSCODE_OUTPUT_DIR
+
+if [ -z "$TRANSCODE_DB" ]; then
+ export TRANSCODE_DB="$TRANSCODE_OUTPUT_DIR.transcode"
+fi
+
+if [ -z "$TRANSCODE_FREAC_BIN" ]; then
+ export TRANSCODE_FREAC_BIN="/app/freaccmd"
+fi
+if [ -z "$TRANSCODE_COVER_EXTENSIONS" ]; then
+ export TRANSCODE_COVER_EXTENSIONS="png jpg"
+fi
+if [ -z "$TRANSCODE_MUSIC_EXTENSIONS" ]; then
+ export TRANSCODE_MUSIC_EXTENSIONS="flac opus mp3 ogg wma m4a wav"
+fi
+if [ -z "$TRANSCODE_FD_FILTERS" ]; then
+ export TRANSCODE_FD_FILTERS="--changed-within 1week"
+fi
+
+if [ ! -d "$TRANSCODE_INPUT_DIR" ]; then
+ echo "ERROR: Directory $TRANSCODE_INPUT_DIR does not exists"
+ exit 1
+fi
+if [ ! -d "$TRANSCODE_OUTPUT_DIR" ]; then
+ echo "ERROR: Directory $TRANSCODE_OUTPUT_DIR does not exists"
+ exit 1
+fi
+if [ ! -f "$TRANSCODE_FREAC_BIN" ]; then
+ echo "ERROR: Binary $TRANSCODE_FREAC_BIN does not exists"
+ exit 1
+fi
+grep -q ID_LIKE=debian /etc/os-release
+if [ $? -eq 0 ]; then
+ export TRANSCODE_FD_BIN="fdfind"
+else
+ export TRANSCODE_FD_BIN="fd"
+fi
+export LD_LIBRARY_PATH=$(dirname $TRANSCODE_FREAC_BIN)
+
+test ! -d $TRANSCODE_DB && mkdir -p $TRANSCODE_DB
+
+if [ ! -f "$(pwd)/transcode_exclude.cfg" ]; then
+ echo "ERROR : transcode_exclude.cfg file is missing"
+ exit 1
+fi
+
+
+while getopts ':frcd' OPTION; do
+ case "$OPTION" in
+ f)
+ echo "INFO: FULL MODE"
+ export TRANSCODE_FD_FILTERS=""
+ ;;
+ r)
+ echo "INFO: DELETE MODE"
+ export MODE_DELETE=true
+ ;;
+ c)
+ echo "INFO: CHECKSUM MODE"
+ export MODE_CHECKSUM=true
+ ;;
+ d)
+ echo "INFO: DRY RUN MODE"
+ export MODE_DRY_RUN=true
+ ;;
+ ?)
+ echo "script usage: $(basename \$0) [-f] [-r] [-c] [-d]"
+ exit 1
+ ;;
+ esac
+done
+
+transcode()
+{
+ input_file=$1
+ output_file=$2
+ md5_file=$3
+
+ echo "##: Processing file $1..."
+ if [ $MODE_DRY_RUN == false ]; then
+ output=$($TRANSCODE_FREAC_BIN --encoder=opus --bitrate 64 "$input_file" -o "$output_file")
+ result=$(echo "$output" | grep -c "Could not process")
+ if [ $result -eq 1 ]; then
+ echo -e "$output"
+ exit 1
+ fi
+ mkdir -p "$TRANSCODE_DB/$(dirname "$input_file")"
+ echo "$(md5sum "$input_file" | awk '{ print $1 }')" > "$md5_file"
+ fi
+}
+
+write_cue()
+{
+ input_file=$1
+ output_file=$2
+ replacement_string=$3
+ md5_file=$4
+
+ echo "##: writing $input_file"
+ if [ $MODE_DRY_RUN == false ]; then
+ sed -i "/FILE/c $replacement_string" "$output_file"
+ if [ $? -ne 0 ]; then
+ echo "ERROR: writing cuefile $output_file"
+ exit 1
+ fi
+ mkdir -p "$TRANSCODE_DB/$(dirname "$input_file")"
+ echo "$(md5sum "$input_file" | awk '{ print $1 }')" > "$md5_file"
+ fi
+}
+
+write_jpg()
+{
+ input_file=$1
+ output_file=$2
+ md5_file=$3
+
+ echo "##: converting cover $input_file"
+ if [ $MODE_DRY_RUN == false ]; then
+ convert "$input_file" -resize 1000 -quality 75 "$output_file"
+ if [ $? -ne 0 ]; then
+ echo "ERROR: converting cover $input_file"
+ exit 1
+ fi
+ mkdir -p "$TRANSCODE_DB/$(dirname "$input_file")"
+ echo "$(md5sum "$input_file" | awk '{ print $1 }')" > "$md5_file"
+ fi
+}
+
+directory_structure()
+{
+ if [ $MODE_DRY_RUN == true ]; then
+ DRYRUN_FLAG="--dry-run"
+ else
+ DRYRUN_FLAG=""
+ fi
+ echo ""
+ echo "INFO: Creating directory structure with rsync..."
+ rsync -rvz $DRYRUN_FLAG --exclude-from="./transcode_exclude.cfg" --include="*/" --exclude="*" $TRANSCODE_INPUT_DIR $TRANSCODE_OUTPUT_DIR
+}
+
+convert_covers()
+{
+ echo "INFO: Looking for covers to convert..."
+ cd $TRANSCODE_INPUT_DIR
+
+ trap "exit" INT
+ for ext in $TRANSCODE_COVER_EXTENSIONS
+ do
+ FILES=$($TRANSCODE_FD_BIN --extension $ext $TRANSCODE_FD_FILTERS)
+ mapfile -t StringArray <<< "$FILES"
+ for val in "${StringArray[@]}"; do
+ if [ ! -z "$val" ]; then
+ FLAG=false
+ FILENAME="$TRANSCODE_OUTPUT_DIR$(dirname "$val")/$(basename "$val" .$ext).jpg"
+ MD5_FILENAME="$TRANSCODE_DB/$(dirname "$val")/$(basename "$val").md5"
+ # Check if a MD5 checksum already exists
+ RESULT=$($TRANSCODE_FD_BIN . "$(dirname "$MD5_FILENAME")" | grep -F "$(basename "$MD5_FILENAME")")
+ if [ $? -ne 0 ] ; then
+ FLAG=true
+ # Check if an existing MD5 checksum is different
+ elif [ $MODE_CHECKSUM == true ]; then
+ if [ "$(cat "$MD5_FILENAME")" != "$(md5sum "$val" | awk '{ print $1 }')" ]; then
+ FLAG=true
+ fi
+ fi
+ if $FLAG; then write_jpg "$val" "$FILENAME" "$MD5_FILENAME"; fi
+ fi
+ done
+ done
+}
+
+convert_music()
+{
+ echo "INFO: Looking for music to transcode..."
+ cd $TRANSCODE_INPUT_DIR
+
+ trap "exit" INT
+ for ext in $TRANSCODE_MUSIC_EXTENSIONS
+ do
+ FILES=$($TRANSCODE_FD_BIN --extension $ext $TRANSCODE_FD_FILTERS)
+ mapfile -t StringArray <<< "$FILES"
+ for val in "${StringArray[@]}"; do
+ if [ ! -z "$val" ]; then
+ FLAG=false
+ FILEBASENAME="$TRANSCODE_OUTPUT_DIR$(dirname "$val")/$(basename "$val" .$ext)"
+ FILENAME="$FILEBASENAME.opus"
+ MD5_FILENAME="$TRANSCODE_DB/$(dirname "$val")/$(basename "$val" .$ext).md5"
+ # Check if a MD5 checksum already exists
+ RESULT=$($TRANSCODE_FD_BIN . "$(dirname "$MD5_FILENAME")" | grep -F "$(basename "$MD5_FILENAME")")
+ if [ $? -ne 0 ] ; then
+ FLAG=true
+ # Check if an existing MD5 checksum is different
+ elif [ $MODE_CHECKSUM == true ]; then
+ if [ "$(cat "$MD5_FILENAME")" != "$(md5sum "$val" | awk '{ print $1 }')" ]; then
+ FLAG=true
+ fi
+ fi
+ if $FLAG; then transcode "$val" "$FILENAME" "$MD5_FILENAME"; fi
+ fi
+ done
+ done
+}
+
+fix_cuefiles()
+{
+ echo "INFO: Looking for cuefiles..."
+ cd $TRANSCODE_INPUT_DIR
+
+ FILES=$($TRANSCODE_FD_BIN --extension cue $TRANSCODE_FD_FILTERS)
+ mapfile -t StringArray <<< "$FILES"
+ for val in "${StringArray[@]}"; do
+ if [ ! -z "$val" ]; then
+ FLAG=false
+ MD5_FILENAME="$TRANSCODE_DB/$val.md5"
+ REPLACEMENT_TEXT_STRING="FILE \"$(basename "$val" .cue).opus\" MP3"
+ # Check if a MD5 checksum already exists
+ RESULT=$($TRANSCODE_FD_BIN . "$(dirname "$MD5_FILENAME")" | grep -F "$(basename "$MD5_FILENAME")")
+ if [ $? -ne 0 ] ; then
+ cp -pr "$val" "$TRANSCODE_OUTPUT_DIR/$val"
+ FLAG=true
+ # Check if an existing MD5 checksum is different
+ elif [ $MODE_CHECKSUM == true ]; then
+ if [ "$(cat "$MD5_FILENAME")" != "$(md5sum "$val" | awk '{ print $1 }')" ]; then
+ cp -pr "$val" "$TRANSCODE_OUTPUT_DIR/$val"
+ FLAG=true
+ fi
+ fi
+ if $FLAG; then write_cue "$val" "$TRANSCODE_OUTPUT_DIR/$val" "$REPLACEMENT_TEXT_STRING" "$MD5_FILENAME"; fi
+ fi
+ done
+}
+
+remove_absent_from_source()
+{
+ cd $TRANSCODE_DB
+
+ EXTENSIONS="md5"
+ for ext in $EXTENSIONS
+ do
+ FILES=$($TRANSCODE_FD_BIN --extension $ext)
+ mapfile -t StringArray <<< "$FILES"
+ for val in "${StringArray[@]}"; do
+ if [ ! -z "$val" ]; then
+ FILENAME=$(dirname "$val")/$(basename "$val" .$ext)
+ RESULT=$($TRANSCODE_FD_BIN . "$TRANSCODE_INPUT_DIR/$(dirname "$FILENAME")" | grep -F "$(basename "$FILENAME" .$ext)")
+ # Transcoded file don't have a source file : delete
+ if [ $? -ne 0 ]; then
+ echo "INFO: Transcoded file $FILENAME don't have a source file : delete"
+ if [ $MODE_DRY_RUN == false ]; then
+ rm "$TRANSCODE_OUTPUT_DIR/$FILENAME"*
+ rm "$TRANSCODE_DB/$FILENAME"*
+ fi
+ fi
+ fi
+ done
+ done
+
+ echo "INFO: removing empty directories..."
+
+ if [ $MODE_DRY_RUN == false ]; then
+ cd "$TRANSCODE_OUTPUT_DIR"
+ $TRANSCODE_FD_BIN --type empty --exec-batch rmdir
+ cd "$TRANSCODE_DB"
+ $TRANSCODE_FD_BIN --type empty --exec-batch rmdir
+ fi
+}
+
+cp -r ./transcode_exclude.cfg $TRANSCODE_INPUT_DIR/.fdignore
+cp -r ./transcode_exclude.cfg $TRANSCODE_OUTPUT_DIR/.fdignore
+
+if [ $MODE_DELETE == false ]; then
+ directory_structure
+
+ convert_covers
+
+ convert_music
+
+ fix_cuefiles
+else
+ remove_absent_from_source
+fi
+
+rm "$TRANSCODE_INPUT_DIR/.fdignore"
+rm "$TRANSCODE_OUTPUT_DIR/.fdignore"
diff --git a/kubernetes/apps/default/music-transcode/app/scripts/transcode_exclude.cfg b/kubernetes/apps/default/music-transcode/app/scripts/transcode_exclude.cfg
new file mode 100644
index 000000000..7ec8cc0a4
--- /dev/null
+++ b/kubernetes/apps/default/music-transcode/app/scripts/transcode_exclude.cfg
@@ -0,0 +1,7 @@
+tmp
+.transcode
+.Trash*
+.sync
+.thumbnails
+.qbittorrent
+.usenet
diff --git a/kubernetes/apps/default/music-transcode/ks.yaml b/kubernetes/apps/default/music-transcode/ks.yaml
new file mode 100644
index 000000000..30404df80
--- /dev/null
+++ b/kubernetes/apps/default/music-transcode/ks.yaml
@@ -0,0 +1,19 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-music-transcode-app
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/default/music-transcode/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ wait: true
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/apps/default/namespace.yaml b/kubernetes/apps/default/namespace.yaml
new file mode 100644
index 000000000..f659b055d
--- /dev/null
+++ b/kubernetes/apps/default/namespace.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: default
+ labels:
+ kustomize.toolkit.fluxcd.io/prune: disabled
diff --git a/kubernetes/cluster-0/apps/media-servers/navidrome/helmrelease.yaml b/kubernetes/apps/default/navidrome/app/helmrelease.yaml
similarity index 95%
rename from kubernetes/cluster-0/apps/media-servers/navidrome/helmrelease.yaml
rename to kubernetes/apps/default/navidrome/app/helmrelease.yaml
index e58b534ae..dd1db05cc 100644
--- a/kubernetes/cluster-0/apps/media-servers/navidrome/helmrelease.yaml
+++ b/kubernetes/apps/default/navidrome/app/helmrelease.yaml
@@ -18,10 +18,13 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
+ dependsOn:
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
image:
repository: ghcr.io/onedr0p/navidrome
diff --git a/kubernetes/apps/default/navidrome/app/kustomization.yaml b/kubernetes/apps/default/navidrome/app/kustomization.yaml
new file mode 100644
index 000000000..fdd4f5040
--- /dev/null
+++ b/kubernetes/apps/default/navidrome/app/kustomization.yaml
@@ -0,0 +1,10 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+ - ./helmrelease.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
+ - ./volume.yaml
diff --git a/kubernetes/apps/default/navidrome/app/replicationsource.yaml b/kubernetes/apps/default/navidrome/app/replicationsource.yaml
new file mode 100644
index 000000000..b2156a90b
--- /dev/null
+++ b/kubernetes/apps/default/navidrome/app/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: navidrome
+ namespace: default
+spec:
+ sourcePVC: navidrome-config
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: navidrome-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/navidrome/app/restic.sops.yaml b/kubernetes/apps/default/navidrome/app/restic.sops.yaml
new file mode 100644
index 000000000..3a3158ef3
--- /dev/null
+++ b/kubernetes/apps/default/navidrome/app/restic.sops.yaml
@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: navidrome-restic
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:/DJM9W9fInB4vj+epdSzoZ6qLJbtgNATZXW34AZ2gStf57gF8QB2z+kiKKEv4bYdcMmg2Q06ejPMvxc=,iv:3gMbOnVt7DZjiMVy3h9FkXDWBdyw1uLmPtwKvApqKyQ=,tag:jFRup6tGA8pfvOOPGlkfow==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T14:46:17Z"
+ mac: ENC[AES256_GCM,data:NWdJiyeL7eqshNhdWXQNHYOEFRbJ38hlz6p2K1RW+poJaSdFwk8sPIcou/h2xbU2Dxf3I7om0nZEeLgFtL1RZ7uTk5fpE6eOvtFerQx+uhHOfm03Ti2kofDLf/RgufPtw9ztq73a/lFBlAYAIFzn9PM95fkvjdRfrHs05PuNFAc=,iv:L7+N//Mh32T9gT5AQ9Nq433odU2lxEot1KaJkEbjOLQ=,tag:Fn4B2an5C0+H48rSc5aQnA==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/media-servers/navidrome/volume.yaml b/kubernetes/apps/default/navidrome/app/volume.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/media-servers/navidrome/volume.yaml
rename to kubernetes/apps/default/navidrome/app/volume.yaml
diff --git a/kubernetes/apps/default/navidrome/ks.yaml b/kubernetes/apps/default/navidrome/ks.yaml
new file mode 100644
index 000000000..9def52a14
--- /dev/null
+++ b/kubernetes/apps/default/navidrome/ks.yaml
@@ -0,0 +1,26 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-navidrome
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ path: ./kubernetes/apps/default/navidrome/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: navidrome
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/web-tools/nitter/config/config.yml b/kubernetes/apps/default/nitter/app/config/config.yml
similarity index 98%
rename from kubernetes/cluster-0/apps/web-tools/nitter/config/config.yml
rename to kubernetes/apps/default/nitter/app/config/config.yml
index 55a1b5de9..271cacee7 100644
--- a/kubernetes/cluster-0/apps/web-tools/nitter/config/config.yml
+++ b/kubernetes/apps/default/nitter/app/config/config.yml
@@ -42,4 +42,4 @@ replaceReddit = "libreddit.${SECRET_CLUSTER_DOMAIN}"
replaceInstagram = ""
proxyVideos = true
hlsPlayback = false
-infiniteScroll = true
\ No newline at end of file
+infiniteScroll = true
diff --git a/kubernetes/cluster-0/apps/web-tools/nitter/helmrelease.yaml b/kubernetes/apps/default/nitter/app/helmrelease.yaml
similarity index 94%
rename from kubernetes/cluster-0/apps/web-tools/nitter/helmrelease.yaml
rename to kubernetes/apps/default/nitter/app/helmrelease.yaml
index 81c4aaf83..e6057de53 100644
--- a/kubernetes/cluster-0/apps/web-tools/nitter/helmrelease.yaml
+++ b/kubernetes/apps/default/nitter/app/helmrelease.yaml
@@ -18,13 +18,10 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
- dependsOn:
- - name: postgres-cluster
- namespace: default
+ retries: 3
values:
image:
repository: docker.io/zedeus/nitter
diff --git a/kubernetes/cluster-0/apps/web-tools/nitter/kustomization.yaml b/kubernetes/apps/default/nitter/app/kustomization.yaml
similarity index 94%
rename from kubernetes/cluster-0/apps/web-tools/nitter/kustomization.yaml
rename to kubernetes/apps/default/nitter/app/kustomization.yaml
index 1db47db58..2252f8ea3 100644
--- a/kubernetes/cluster-0/apps/web-tools/nitter/kustomization.yaml
+++ b/kubernetes/apps/default/nitter/app/kustomization.yaml
@@ -2,6 +2,7 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+namespace: default
resources:
- ./helmrelease.yaml
configMapGenerator:
diff --git a/kubernetes/apps/default/nitter/ks.yaml b/kubernetes/apps/default/nitter/ks.yaml
new file mode 100644
index 000000000..2523712fa
--- /dev/null
+++ b/kubernetes/apps/default/nitter/ks.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-nitter
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/default/nitter/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: nitter
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/documentation/outline/helmrelease.yaml b/kubernetes/apps/default/outline/app/helmrelease.yaml
similarity index 93%
rename from kubernetes/cluster-0/apps/documentation/outline/helmrelease.yaml
rename to kubernetes/apps/default/outline/app/helmrelease.yaml
index 6cc3c3ce1..e07ed62f2 100644
--- a/kubernetes/cluster-0/apps/documentation/outline/helmrelease.yaml
+++ b/kubernetes/apps/default/outline/app/helmrelease.yaml
@@ -18,15 +18,13 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
dependsOn:
- - name: postgres
- namespace: default
+ - name: cloudnative-pg
- name: redis
- namespace: default
values:
controller:
replicas: 1
diff --git a/kubernetes/cluster-0/apps/documentation/outline/kustomization.yaml b/kubernetes/apps/default/outline/app/kustomization.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/documentation/outline/kustomization.yaml
rename to kubernetes/apps/default/outline/app/kustomization.yaml
diff --git a/kubernetes/cluster-0/apps/documentation/outline/patches/env.yaml b/kubernetes/apps/default/outline/app/patches/env.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/documentation/outline/patches/env.yaml
rename to kubernetes/apps/default/outline/app/patches/env.yaml
diff --git a/kubernetes/cluster-0/apps/documentation/outline/patches/postgres.yaml b/kubernetes/apps/default/outline/app/patches/postgres.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/documentation/outline/patches/postgres.yaml
rename to kubernetes/apps/default/outline/app/patches/postgres.yaml
diff --git a/kubernetes/cluster-0/apps/documentation/outline/secret.sops.yaml b/kubernetes/apps/default/outline/app/secret.sops.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/documentation/outline/secret.sops.yaml
rename to kubernetes/apps/default/outline/app/secret.sops.yaml
diff --git a/kubernetes/apps/default/outline/ks.yaml b/kubernetes/apps/default/outline/ks.yaml
new file mode 100644
index 000000000..8df7dad3b
--- /dev/null
+++ b/kubernetes/apps/default/outline/ks.yaml
@@ -0,0 +1,25 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-outline
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/default/outline/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ dependsOn:
+ - name: cluster-apps-cloudnative-pg-cluster
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: outline
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/documentation/readme.md b/kubernetes/apps/default/outline/readme.md
similarity index 100%
rename from kubernetes/cluster-0/apps/documentation/readme.md
rename to kubernetes/apps/default/outline/readme.md
diff --git a/kubernetes/cluster-0/apps/web-tools/paperless/helmrelease.yaml b/kubernetes/apps/default/paperless/app/helmrelease.yaml
similarity index 98%
rename from kubernetes/cluster-0/apps/web-tools/paperless/helmrelease.yaml
rename to kubernetes/apps/default/paperless/app/helmrelease.yaml
index 8321886cb..c2376364f 100644
--- a/kubernetes/cluster-0/apps/web-tools/paperless/helmrelease.yaml
+++ b/kubernetes/apps/default/paperless/app/helmrelease.yaml
@@ -18,10 +18,10 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
dependsOn:
- name: paperless-redis
namespace: default
diff --git a/kubernetes/cluster-0/apps/web-tools/paperless/kustomization.yaml b/kubernetes/apps/default/paperless/app/kustomization.yaml
similarity index 93%
rename from kubernetes/cluster-0/apps/web-tools/paperless/kustomization.yaml
rename to kubernetes/apps/default/paperless/app/kustomization.yaml
index 95049a7f8..7f8d2f666 100644
--- a/kubernetes/cluster-0/apps/web-tools/paperless/kustomization.yaml
+++ b/kubernetes/apps/default/paperless/app/kustomization.yaml
@@ -2,6 +2,7 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+namespace: default
resources:
- ./helmrelease.yaml
- ./redis
diff --git a/kubernetes/cluster-0/apps/web-tools/paperless/patches/postgres.yaml b/kubernetes/apps/default/paperless/app/patches/postgres.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/web-tools/paperless/patches/postgres.yaml
rename to kubernetes/apps/default/paperless/app/patches/postgres.yaml
diff --git a/kubernetes/cluster-0/apps/web-tools/paperless/redis/helmrelease.yaml b/kubernetes/apps/default/paperless/app/redis/helmrelease.yaml
similarity index 95%
rename from kubernetes/cluster-0/apps/web-tools/paperless/redis/helmrelease.yaml
rename to kubernetes/apps/default/paperless/app/redis/helmrelease.yaml
index 1d5da988b..942789fce 100644
--- a/kubernetes/cluster-0/apps/web-tools/paperless/redis/helmrelease.yaml
+++ b/kubernetes/apps/default/paperless/app/redis/helmrelease.yaml
@@ -18,10 +18,10 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
values:
global:
nameOverride: *app
diff --git a/kubernetes/apps/default/paperless/app/redis/kustomization.yaml b/kubernetes/apps/default/paperless/app/redis/kustomization.yaml
new file mode 100644
index 000000000..5b48b4e26
--- /dev/null
+++ b/kubernetes/apps/default/paperless/app/redis/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+ - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/web-tools/paperless/secret.sops.yaml b/kubernetes/apps/default/paperless/app/secret.sops.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/web-tools/paperless/secret.sops.yaml
rename to kubernetes/apps/default/paperless/app/secret.sops.yaml
diff --git a/kubernetes/apps/default/paperless/ks.yaml b/kubernetes/apps/default/paperless/ks.yaml
new file mode 100644
index 000000000..c75d28555
--- /dev/null
+++ b/kubernetes/apps/default/paperless/ks.yaml
@@ -0,0 +1,25 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-paperless
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/default/paperless/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ dependsOn:
+ - name: cluster-apps-cloudnative-pg-cluster
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: paperless
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/databases/pgadmin/helmrelease.yaml b/kubernetes/apps/default/pgadmin/app/helmrelease.yaml
similarity index 93%
rename from kubernetes/cluster-0/apps/databases/pgadmin/helmrelease.yaml
rename to kubernetes/apps/default/pgadmin/app/helmrelease.yaml
index d950ac667..fa179b790 100644
--- a/kubernetes/cluster-0/apps/databases/pgadmin/helmrelease.yaml
+++ b/kubernetes/apps/default/pgadmin/app/helmrelease.yaml
@@ -18,10 +18,13 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
+ dependsOn:
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
image:
repository: dpage/pgadmin4
diff --git a/kubernetes/apps/default/pgadmin/app/kustomization.yaml b/kubernetes/apps/default/pgadmin/app/kustomization.yaml
new file mode 100644
index 000000000..f6d952284
--- /dev/null
+++ b/kubernetes/apps/default/pgadmin/app/kustomization.yaml
@@ -0,0 +1,11 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+ - ./helmrelease.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
+ - ./secret.sops.yaml
+ - ./volume.yaml
diff --git a/kubernetes/apps/default/pgadmin/app/replicationsource.yaml b/kubernetes/apps/default/pgadmin/app/replicationsource.yaml
new file mode 100644
index 000000000..f52d49376
--- /dev/null
+++ b/kubernetes/apps/default/pgadmin/app/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: pgadmin
+ namespace: default
+spec:
+ sourcePVC: pgadmin-config
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: pgadmin-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/pgadmin/app/restic.sops.yaml b/kubernetes/apps/default/pgadmin/app/restic.sops.yaml
new file mode 100644
index 000000000..d5301efe7
--- /dev/null
+++ b/kubernetes/apps/default/pgadmin/app/restic.sops.yaml
@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: pgadmin-restic
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:qryOEQuCawQ2v33QSxpTdhcuHoGh2ruI1wvMYn/En8K3FcoZaKMv7v6oXCgNPgbWgJDTYJfYfK5v,iv:8Eh981HkHI1igvBSd5M6GFjRVYfbqU8lHnabyTOF67Y=,tag:Nqs2IAcPtperhP+t5u+cJw==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T16:07:48Z"
+ mac: ENC[AES256_GCM,data:IgxbLSa14K4zKdl/+xNxkubLynB2+BcAdwU9GeLby5F/hwEHlfychYYJoP+tx7tXC0xSA+m1HvA7H3LKY4pY8rpdkBBFbBrP/10rxhs3etoXkNhn+KmkMgECbiIhk8z1CWj+8H60vQJZfIogDr850Fk5cff3oOELObEHwKF1gfU=,iv:kaZ1uNoiDWrgq7IBnBhMzo8vRDTmVkMYn1CaipE7Gb0=,tag:QZzim5SMJPxonXw7X3sATQ==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/databases/pgadmin/secret.sops.yaml b/kubernetes/apps/default/pgadmin/app/secret.sops.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/databases/pgadmin/secret.sops.yaml
rename to kubernetes/apps/default/pgadmin/app/secret.sops.yaml
diff --git a/kubernetes/cluster-0/apps/databases/pgadmin/volume.yaml b/kubernetes/apps/default/pgadmin/app/volume.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/databases/pgadmin/volume.yaml
rename to kubernetes/apps/default/pgadmin/app/volume.yaml
diff --git a/kubernetes/apps/default/pgadmin/ks.yaml b/kubernetes/apps/default/pgadmin/ks.yaml
new file mode 100644
index 000000000..5333b41f8
--- /dev/null
+++ b/kubernetes/apps/default/pgadmin/ks.yaml
@@ -0,0 +1,26 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-pgadmin
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/default/pgadmin/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ dependsOn:
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: pgadmin
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/media-automation/prowlarr/helmrelease.yaml b/kubernetes/apps/default/prowlarr/app/helmrelease.yaml
similarity index 92%
rename from kubernetes/cluster-0/apps/media-automation/prowlarr/helmrelease.yaml
rename to kubernetes/apps/default/prowlarr/app/helmrelease.yaml
index 75f457666..7fb072ac1 100644
--- a/kubernetes/cluster-0/apps/media-automation/prowlarr/helmrelease.yaml
+++ b/kubernetes/apps/default/prowlarr/app/helmrelease.yaml
@@ -18,10 +18,13 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
+ dependsOn:
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
image:
repository: ghcr.io/onedr0p/prowlarr-nightly
@@ -49,6 +52,7 @@ spec:
proxy_set_header Accept-Encoding "";
sub_filter '' '';
sub_filter_once on;
+ hajimari.io/icon: mdi:movie-search
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/kubernetes/apps/default/prowlarr/app/kustomization.yaml b/kubernetes/apps/default/prowlarr/app/kustomization.yaml
new file mode 100644
index 000000000..f6d952284
--- /dev/null
+++ b/kubernetes/apps/default/prowlarr/app/kustomization.yaml
@@ -0,0 +1,11 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+ - ./helmrelease.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
+ - ./secret.sops.yaml
+ - ./volume.yaml
diff --git a/kubernetes/apps/default/prowlarr/app/replicationsource.yaml b/kubernetes/apps/default/prowlarr/app/replicationsource.yaml
new file mode 100644
index 000000000..ff70e2a53
--- /dev/null
+++ b/kubernetes/apps/default/prowlarr/app/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: prowlarr
+ namespace: default
+spec:
+ sourcePVC: prowlarr-config
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: prowlarr-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/prowlarr/app/restic.sops.yaml b/kubernetes/apps/default/prowlarr/app/restic.sops.yaml
new file mode 100644
index 000000000..379c3d6dd
--- /dev/null
+++ b/kubernetes/apps/default/prowlarr/app/restic.sops.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: prowlarr-restic
+ namespace: default
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:zMuiIhvBSTPAzRgFb+vkJH9oKcqDWhm/HDmyOZw90u9Jyk/x1ECBUjYZV92L1n45FFgad+Ar5itA3A==,iv:8xMm1z4MOeShBffaX3D4/DmTkiQVUXhfJ2vtmGrN47s=,tag:1VaRnhpsc6lRVf7seUcTxQ==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T15:43:42Z"
+ mac: ENC[AES256_GCM,data:RJagSpJ1MfpGmDgIjMyAwinS76tekbRu1OO8AXVWjAnVkV5qYuxaXZv1q2tIkPmx6whTqaywsewEwUQuatuh6cfP0u2Owtf5iSd6kPEnRSNsHt/1Eyy/mZWrFO5F9N644u4ZGKqt3/uYofrMPlWdGb5iDSS5gCu6Pkp/PiQGpdY=,iv:d7n+V0Cc5RngOo1s8bpbHzm++2iMfWqvXma+z2DjarY=,tag:0oVwIAaapVTMn8TFlNXCvQ==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/apps/default/prowlarr/app/secret.sops.yaml b/kubernetes/apps/default/prowlarr/app/secret.sops.yaml
new file mode 100644
index 000000000..1de455f53
--- /dev/null
+++ b/kubernetes/apps/default/prowlarr/app/secret.sops.yaml
@@ -0,0 +1,29 @@
+# yamllint disable
+apiVersion: v1
+kind: Secret
+metadata:
+ name: prowlarr
+ namespace: default
+type: Opaque
+stringData:
+ PROWLARR__API_KEY: ENC[AES256_GCM,data:6/3B+g9AJAUGfsMW1AUVtqaoVf5h3QYfzT3sxSw2eNU=,iv:/Zy/DImNcALRqNpC+A1/9SzXMOQBUfMIS6AfpITluqQ=,tag:nDfX44CMACwX1DNHoGzSIQ==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaU16anJNV2pBZmxPR3h2
+ bWREUnpjcTFvd05ZQ2E4VVBDdm1FL2k4WEYwCkdQSStTNWtpdjNkUW51WS9MekdC
+ VkpTUUFjSjY2a1JMOUtqOVh5M0JRR2sKLS0tIDRmcWpJSEVvaUp4U1lsaTZYZGNw
+ OGVKWU0zNUZJSFh4aFJxQWFsYm1VeFkKaDeI/hl7z0Qh8t5W39Kxu9ert1dt4xo+
+ LX+MjpVqxiZNcfwROD4bkWeQSN+VsxoGOOyj4L15BlggNnlg+L7Hww==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T15:42:44Z"
+ mac: ENC[AES256_GCM,data:hr3DFNBsVq0evyvpIDz9NXOqX48pLhTI+dCbJ9mIGoEeTxdNtJk1RsSrZIF6+wEZcYfryKY5Pdx8RMXyoGklCfrd5gIFmmwip+Z2IqvuXb0OsvvShtfgBzmefS+gUJmuIT0PSs6SjFxJsGUrFAd4R+KGlg4L++sW3TcZ18UEQR4=,iv:zTzHCXD+5JxQzovryzBueqgiNef/yf+Eb6pB9I7cH5I=,tag:iXneOonTSlJsDjycK6z68A==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/media-automation/prowlarr/volume.yaml b/kubernetes/apps/default/prowlarr/app/volume.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/media-automation/prowlarr/volume.yaml
rename to kubernetes/apps/default/prowlarr/app/volume.yaml
diff --git a/kubernetes/apps/default/prowlarr/ks.yaml b/kubernetes/apps/default/prowlarr/ks.yaml
new file mode 100644
index 000000000..7fdd7671a
--- /dev/null
+++ b/kubernetes/apps/default/prowlarr/ks.yaml
@@ -0,0 +1,26 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-prowlarr-app
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ path: ./kubernetes/apps/default/prowlarr/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: prowlarr
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/downloaders/pyload/helmrelease.yaml b/kubernetes/apps/default/pyload/app/helmrelease.yaml
similarity index 93%
rename from kubernetes/cluster-0/apps/downloaders/pyload/helmrelease.yaml
rename to kubernetes/apps/default/pyload/app/helmrelease.yaml
index b961ad529..7d9cf4899 100644
--- a/kubernetes/cluster-0/apps/downloaders/pyload/helmrelease.yaml
+++ b/kubernetes/apps/default/pyload/app/helmrelease.yaml
@@ -18,10 +18,13 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
+ dependsOn:
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
image:
repository: ghcr.io/auricom/pyload-ng
@@ -39,6 +42,7 @@ spec:
ingressClassName: "nginx"
annotations:
auth.home.arpa/enabled: "true"
+ hajimari.io/icon: mdi:download
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/kubernetes/apps/default/pyload/app/kustomization.yaml b/kubernetes/apps/default/pyload/app/kustomization.yaml
new file mode 100644
index 000000000..fdd4f5040
--- /dev/null
+++ b/kubernetes/apps/default/pyload/app/kustomization.yaml
@@ -0,0 +1,10 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+ - ./helmrelease.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
+ - ./volume.yaml
diff --git a/kubernetes/apps/default/pyload/app/replicationsource.yaml b/kubernetes/apps/default/pyload/app/replicationsource.yaml
new file mode 100644
index 000000000..b5e836f9d
--- /dev/null
+++ b/kubernetes/apps/default/pyload/app/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: pyload
+ namespace: default
+spec:
+ sourcePVC: pyload-config
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: pyload-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/pyload/app/restic.sops.yaml b/kubernetes/apps/default/pyload/app/restic.sops.yaml
new file mode 100644
index 000000000..a7d9c5209
--- /dev/null
+++ b/kubernetes/apps/default/pyload/app/restic.sops.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: pyload-restic
+ namespace: default
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:66YmP6yktbN5r4eToOnNylKG0vCriq3u7Q1q93xAPb7sp19x4CptSVGXY5DjY1/i1t9ozHC1LCE=,iv:4D7U693SKgtTpwOxgzEKmureeP+0AQUKdpycFApe4xo=,tag:ZJq5MZjqeMxA3yqftRFLlg==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T08:24:18Z"
+ mac: ENC[AES256_GCM,data:GbJlDb+SkHtJoVFrb/reEfI8GdRIpYSJxK5P3qZ2OAAdSqMs6P94czKPrdGVBZnOZZaZX3OUJlumbiZV4zZlnSztd04ayDEUU5pCP2r8ODMNa/fpTOnZr8a++GVgYsk84JR3R1XEWHnfCqspZENC+spSVvbIO1zu/FlLm4bj/Og=,iv:8CVcYPkssvedzgAtO/6vNspyPjBfvMnGO3n7fNhsayo=,tag:BkCiGbMys+Jfny7SC39mlg==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/downloaders/pyload/volume.yaml b/kubernetes/apps/default/pyload/app/volume.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/downloaders/pyload/volume.yaml
rename to kubernetes/apps/default/pyload/app/volume.yaml
diff --git a/kubernetes/apps/default/pyload/ks.yaml b/kubernetes/apps/default/pyload/ks.yaml
new file mode 100644
index 000000000..658b2afe1
--- /dev/null
+++ b/kubernetes/apps/default/pyload/ks.yaml
@@ -0,0 +1,26 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-pyload-app
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ path: ./kubernetes/apps/default/pyload/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: pyload
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/apps/default/qbittorrent/app/cronjob.yaml b/kubernetes/apps/default/qbittorrent/app/cronjob.yaml
new file mode 100644
index 000000000..8b020cf97
--- /dev/null
+++ b/kubernetes/apps/default/qbittorrent/app/cronjob.yaml
@@ -0,0 +1,42 @@
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+ name: &app qbittorrent-upgrade-p2pblocklist
+ namespace: default
+spec:
+ schedule: "@daily"
+ jobTemplate:
+ spec:
+ template:
+ metadata:
+ name: *app
+ spec:
+ serviceAccountName: jobs
+ containers:
+ - name: *app
+ image: ghcr.io/auricom/kubectl:1.26.0@sha256:f512e3008d0492cbae7aac6eaccc21b13d723374715aaedd59d352d840f0229c
+ imagePullPolicy: IfNotPresent
+ command:
+ - "/bin/bash"
+ - "-c"
+ - |
+ #!/bin/bash
+
+ set -o errexit
+ set -o nounset
+
+ curl --silent --location https://github.com/DavidMoore/ipfilter/releases/download/lists/ipfilter.dat.gz --output /tmp/ipfilter.dat.gz
+ gunzip /tmp/ipfilter.dat.gz
+ result=$(kubectl get pod --selector app.kubernetes.io/name=qbittorrent --output custom-columns=:metadata.name --namespace default)
+ QBITTORRENT_POD=$(echo $result | awk '{ print $NF }')
+ if [[ $QBITTORRENT_POD == *"qbittorrent"* ]]; then
+ kubectl cp /tmp/ipfilter.dat default/$QBITTORRENT_POD:/config/ipfilter.dat
+ kubectl rollout restart deployment qbittorrent --namespace default
+ curl http://uptime-kuma.default.svc.cluster.local.:3001/api/push/6RUDha9bDp?status=up&msg=OK&ping=
+ sleep 5
+ else
+ echo "qbittorrent deployment not found"
+ exit 1
+ fi
+ restartPolicy: Never
diff --git a/kubernetes/cluster-0/apps/downloaders/qbittorrent/helmrelease.yaml b/kubernetes/apps/default/qbittorrent/app/helmrelease.yaml
similarity index 94%
rename from kubernetes/cluster-0/apps/downloaders/qbittorrent/helmrelease.yaml
rename to kubernetes/apps/default/qbittorrent/app/helmrelease.yaml
index 75c286b23..ecd608d69 100644
--- a/kubernetes/cluster-0/apps/downloaders/qbittorrent/helmrelease.yaml
+++ b/kubernetes/apps/default/qbittorrent/app/helmrelease.yaml
@@ -18,10 +18,13 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
+ dependsOn:
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
image:
repository: ghcr.io/onedr0p/qbittorrent
@@ -58,6 +61,7 @@ spec:
proxy_set_header Accept-Encoding "";
sub_filter '' '';
sub_filter_once on;
+ hajimari.io/icon: mdi:download
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/kubernetes/apps/default/qbittorrent/app/kustomization.yaml b/kubernetes/apps/default/qbittorrent/app/kustomization.yaml
new file mode 100644
index 000000000..752a9c5df
--- /dev/null
+++ b/kubernetes/apps/default/qbittorrent/app/kustomization.yaml
@@ -0,0 +1,11 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+ - ./cronjob.yaml
+ - ./helmrelease.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
+ - ./volume.yaml
diff --git a/kubernetes/apps/default/qbittorrent/app/replicationsource.yaml b/kubernetes/apps/default/qbittorrent/app/replicationsource.yaml
new file mode 100644
index 000000000..c18b44f0f
--- /dev/null
+++ b/kubernetes/apps/default/qbittorrent/app/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: qbittorrent
+ namespace: default
+spec:
+ sourcePVC: qbittorrent-config
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: qbittorrent-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/qbittorrent/app/restic.sops.yaml b/kubernetes/apps/default/qbittorrent/app/restic.sops.yaml
new file mode 100644
index 000000000..a8751c2b4
--- /dev/null
+++ b/kubernetes/apps/default/qbittorrent/app/restic.sops.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: qbittorrent-restic
+ namespace: default
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:IjRX4eF0Dy6uP3ocLiw+LV9bdgI6L3n8T4PTdrb+74CoNRRa8IxiWuCqDje6tgPGPwbTbtalanwnWlQFfg==,iv:9V0Z70klLCtYzbiQbHqzXxxxGOLvkax4iJ2b4+xfb5A=,tag:iGwhiZQiI0EB7QQm/rvPVg==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T08:19:27Z"
+ mac: ENC[AES256_GCM,data:pMKVC4IP3YD6kxtLzWNh6sBDCNzDgpHSsF9Ol8G0k5cRgNptV6htHOccOtZ5/gEWbGC9P8413zVDU6dMO27ejQbrf1NdpcaW2PjYAo3qfNGSyV31EKVC72odbSNBhcNzNUm7A6pGy7WwA7H0zhvBjEw1xwT1O9WuC+YX+CqJeTg=,iv:1htxNecL/xznVUhaH3ABkqwuxRMfiRJ9RhwTFb+1Ggk=,tag:3g2C2dfmb4Jx5Sunmrdhwg==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/downloaders/qbittorrent/volume.yaml b/kubernetes/apps/default/qbittorrent/app/volume.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/downloaders/qbittorrent/volume.yaml
rename to kubernetes/apps/default/qbittorrent/app/volume.yaml
diff --git a/kubernetes/apps/default/qbittorrent/ks.yaml b/kubernetes/apps/default/qbittorrent/ks.yaml
new file mode 100644
index 000000000..34cc715b4
--- /dev/null
+++ b/kubernetes/apps/default/qbittorrent/ks.yaml
@@ -0,0 +1,30 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-qbittorrent-app
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ path: ./kubernetes/apps/default/qbittorrent/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: batch/v1
+ kind: CronJob
+ name: qbittorrent-upgrade-p2pblocklist
+ namespace: default
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: qbittorrent
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/media-automation/radarr/helmrelease.yaml b/kubernetes/apps/default/radarr/app/helmrelease.yaml
similarity index 95%
rename from kubernetes/cluster-0/apps/media-automation/radarr/helmrelease.yaml
rename to kubernetes/apps/default/radarr/app/helmrelease.yaml
index dc8d6ba65..79ca21746 100644
--- a/kubernetes/cluster-0/apps/media-automation/radarr/helmrelease.yaml
+++ b/kubernetes/apps/default/radarr/app/helmrelease.yaml
@@ -18,10 +18,13 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
+ dependsOn:
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
image:
repository: ghcr.io/onedr0p/radarr-develop
@@ -52,6 +55,7 @@ spec:
proxy_set_header Accept-Encoding "";
sub_filter '' '';
sub_filter_once on;
+ hajimari.io/icon: mdi:filmstrip
hosts:
- host: *host
paths:
diff --git a/kubernetes/cluster-0/apps/media-automation/radarr/kustomization.yaml b/kubernetes/apps/default/radarr/app/kustomization.yaml
similarity index 89%
rename from kubernetes/cluster-0/apps/media-automation/radarr/kustomization.yaml
rename to kubernetes/apps/default/radarr/app/kustomization.yaml
index 726d93aba..87b95c776 100644
--- a/kubernetes/cluster-0/apps/media-automation/radarr/kustomization.yaml
+++ b/kubernetes/apps/default/radarr/app/kustomization.yaml
@@ -4,9 +4,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: default
resources:
+ - ./helmrelease.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
- ./secret.sops.yaml
- ./volume.yaml
- - ./helmrelease.yaml
configMapGenerator:
- name: radarr-pushover
files:
diff --git a/kubernetes/apps/default/radarr/app/replicationsource.yaml b/kubernetes/apps/default/radarr/app/replicationsource.yaml
new file mode 100644
index 000000000..bbef1c123
--- /dev/null
+++ b/kubernetes/apps/default/radarr/app/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: radarr
+ namespace: default
+spec:
+ sourcePVC: radarr-config
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: radarr-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/radarr/app/restic.sops.yaml b/kubernetes/apps/default/radarr/app/restic.sops.yaml
new file mode 100644
index 000000000..c7f5891f6
--- /dev/null
+++ b/kubernetes/apps/default/radarr/app/restic.sops.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: radarr-restic
+ namespace: default
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:Mwfqvvc/7p7ih8sPZY1uFswPCwDPB3Uw8u0IStIxsje5YS6pZpCH+POaxpMNifr8OIQBEP0xq7k=,iv:ibk8gAjTqDB3F0WAAEfqg+vHSOfg8OgFxR1IlF/gzXc=,tag:+a0WDJxsIWarDR81vWRvSQ==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T15:40:20Z"
+ mac: ENC[AES256_GCM,data:J9bpaDGW5zzW0OrW78rbXUNwRpGh0QviME4Lg1uQuVjosOepWxopG+QNyI0BHddIF7NnDfuSZy6LnclMEFl2vcpZXZTi6kSJEYPPbcLzAQG0FbkK4nSnW2JlL5cy83P81plYzqggXoqvgZWpRikg7iI2KJy6dXDKV5ZtVEy0myA=,iv:cmtmvn96UQvbJbrtVx+GGVEDFGB4QpndTMyYikwQ1BI=,tag:zvhhBHOLjYZy6Z6S/dR9QQ==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/media-automation/radarr/scripts/pushover-notify.sh b/kubernetes/apps/default/radarr/app/scripts/pushover-notify.sh
similarity index 100%
rename from kubernetes/cluster-0/apps/media-automation/radarr/scripts/pushover-notify.sh
rename to kubernetes/apps/default/radarr/app/scripts/pushover-notify.sh
diff --git a/kubernetes/apps/default/radarr/app/secret.sops.yaml b/kubernetes/apps/default/radarr/app/secret.sops.yaml
new file mode 100644
index 000000000..bb75ea54a
--- /dev/null
+++ b/kubernetes/apps/default/radarr/app/secret.sops.yaml
@@ -0,0 +1,31 @@
+# yamllint disable
+apiVersion: v1
+kind: Secret
+metadata:
+ name: radarr
+ namespace: default
+type: Opaque
+stringData:
+ PUSHOVER_TOKEN: ENC[AES256_GCM,data:StcjXKnJz7NbKuMtzWd/FXE1pqY0TSLO8o8AioYe,iv:Cw6dA2Fr3le6d70+TSGmBCjEX6mHFk21ck9IQqKx71o=,tag:4ANhz87eqkbvSNy5Yp6Edw==,type:str]
+ PUSHOVER_USER_KEY: ENC[AES256_GCM,data:3UbR7hAnBAAjw/tdB8TSMZw3inuJJhJx9AiIN4tZ,iv:GuB8Kf/pAOp32SiVhpSLFisIeoEg1VxdYm2Raw2stRM=,tag:A8nDFwYPcZ7fOPG/UPYYzQ==,type:str]
+ RADARR__API_KEY: ENC[AES256_GCM,data:G9ik2e/t2hwFFDvt3LJRdvo8v1T86RvXwTgjWyCW9Lc=,iv:oTPUMOXB8ZvHBChMhmm9CmpSOSQNEnvkrwGa0rTwXUI=,tag:wFJkxS/pNuExTn2UywghYA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaU16anJNV2pBZmxPR3h2
+ bWREUnpjcTFvd05ZQ2E4VVBDdm1FL2k4WEYwCkdQSStTNWtpdjNkUW51WS9MekdC
+ VkpTUUFjSjY2a1JMOUtqOVh5M0JRR2sKLS0tIDRmcWpJSEVvaUp4U1lsaTZYZGNw
+ OGVKWU0zNUZJSFh4aFJxQWFsYm1VeFkKaDeI/hl7z0Qh8t5W39Kxu9ert1dt4xo+
+ LX+MjpVqxiZNcfwROD4bkWeQSN+VsxoGOOyj4L15BlggNnlg+L7Hww==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T15:40:44Z"
+ mac: ENC[AES256_GCM,data:P3hPFflDuXXnshmEDOIZ+yfmcdJsckZshmacp3MP+cQM2Vvb8j6u+w4CQU+Mlpdd04O+x+XWXKC4BvNGXLryvFsjrezP8hrVIQuHX4kTNMOzHNFhzdMab2LpWYOCzT8WfPvLY+RTqf8hj8/ppouJh/R+tzBvQZfvGGRkAqGfj0M=,iv:4GmbEkfLOp2yzvOLlBKRdMZl7mKURBCIovuj5ZKIvbE=,tag:chGlnHNB+kCM/hcyNDeg7Q==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/media-automation/radarr/volume.yaml b/kubernetes/apps/default/radarr/app/volume.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/media-automation/radarr/volume.yaml
rename to kubernetes/apps/default/radarr/app/volume.yaml
diff --git a/kubernetes/apps/default/radarr/ks.yaml b/kubernetes/apps/default/radarr/ks.yaml
new file mode 100644
index 000000000..5a6bd8349
--- /dev/null
+++ b/kubernetes/apps/default/radarr/ks.yaml
@@ -0,0 +1,26 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-radarr-app
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ path: ./kubernetes/apps/default/radarr/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: radarr
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/media-automation/readarr/helmrelease.yaml b/kubernetes/apps/default/readarr/app/helmrelease.yaml
similarity index 94%
rename from kubernetes/cluster-0/apps/media-automation/readarr/helmrelease.yaml
rename to kubernetes/apps/default/readarr/app/helmrelease.yaml
index 2a0d84135..7757303b9 100644
--- a/kubernetes/cluster-0/apps/media-automation/readarr/helmrelease.yaml
+++ b/kubernetes/apps/default/readarr/app/helmrelease.yaml
@@ -18,10 +18,13 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
+ dependsOn:
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
image:
repository: ghcr.io/onedr0p/readarr-nightly
@@ -49,6 +52,7 @@ spec:
proxy_set_header Accept-Encoding "";
sub_filter '' '';
sub_filter_once on;
+ hajimari.io/icon: mdi:bookshelf
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/kubernetes/apps/default/readarr/app/kustomization.yaml b/kubernetes/apps/default/readarr/app/kustomization.yaml
new file mode 100644
index 000000000..f6d952284
--- /dev/null
+++ b/kubernetes/apps/default/readarr/app/kustomization.yaml
@@ -0,0 +1,11 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+ - ./helmrelease.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
+ - ./secret.sops.yaml
+ - ./volume.yaml
diff --git a/kubernetes/apps/default/readarr/app/replicationsource.yaml b/kubernetes/apps/default/readarr/app/replicationsource.yaml
new file mode 100644
index 000000000..6537693aa
--- /dev/null
+++ b/kubernetes/apps/default/readarr/app/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: readarr
+ namespace: default
+spec:
+ sourcePVC: readarr-config
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: readarr-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/readarr/app/restic.sops.yaml b/kubernetes/apps/default/readarr/app/restic.sops.yaml
new file mode 100644
index 000000000..3e8c67c8e
--- /dev/null
+++ b/kubernetes/apps/default/readarr/app/restic.sops.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: readarr-restic
+ namespace: default
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:9NP9PR2gAtRF6m2Nla934qz/p7uETdIM8Ifx4WWwd/SLqKaR/vklmwF3N4pd1hAsVLjbg3KQzcKp,iv:yTSY9TmEYn7niuDqAYr0uGflq9K5CgQTss1k+wnUNB0=,tag:jj+vrqoKE7DldNycnQ/eag==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T15:44:52Z"
+ mac: ENC[AES256_GCM,data:Jxa7Xz8ZPnAbBhU3gr92KMfnqDi4BSaywtykVFQ+S9FHsl0Qsk796SHz0pxfvO95o894a0/sTwFTyzulrs+aIojbZn771PX1LbluJeC7zqjXEqbyKclK7luHIo+B2CqvVP4H3WvSgFD+pOFUQzOfo0Mk6pSvWTra+A0fzveNPrM=,iv:4uObp+QoXWSR+Q+bsmwiDzJG+8G6+8bCKnE9lA2UKpE=,tag:1UR7FJOBxRsXsbn3R5ktBA==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/apps/default/readarr/app/secret.sops.yaml b/kubernetes/apps/default/readarr/app/secret.sops.yaml
new file mode 100644
index 000000000..7294da6b4
--- /dev/null
+++ b/kubernetes/apps/default/readarr/app/secret.sops.yaml
@@ -0,0 +1,29 @@
+# yamllint disable
+apiVersion: v1
+kind: Secret
+metadata:
+ name: readarr
+ namespace: default
+type: Opaque
+stringData:
+ READARR__API_KEY: ENC[AES256_GCM,data:x/TOFsYuY8sOvAyJPqkZbmOJuhtxeIQKau6PiO+p18Q=,iv:GHnX9rSOWjOVNZpUWxDzt95JrzK9sj+tcPv38SPY7UU=,tag:APu6Ux2bdZV6HXG0IUTq2A==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaU16anJNV2pBZmxPR3h2
+ bWREUnpjcTFvd05ZQ2E4VVBDdm1FL2k4WEYwCkdQSStTNWtpdjNkUW51WS9MekdC
+ VkpTUUFjSjY2a1JMOUtqOVh5M0JRR2sKLS0tIDRmcWpJSEVvaUp4U1lsaTZYZGNw
+ OGVKWU0zNUZJSFh4aFJxQWFsYm1VeFkKaDeI/hl7z0Qh8t5W39Kxu9ert1dt4xo+
+ LX+MjpVqxiZNcfwROD4bkWeQSN+VsxoGOOyj4L15BlggNnlg+L7Hww==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T15:45:04Z"
+ mac: ENC[AES256_GCM,data:KFi15cAw/4EkyfTd9fydTbhMXlhOyxPGYvy08dWk6PRXhG7VgV7UC/VnLIzuNkWFKT593fmwg9RBwrcR/v1oS0Zq4IB0vHLHqd4QhwSYTm+ChxeOOWoxkTY5DRMU0g6KGQGktDVm54E3jY9S1/NQJkVRJkpBAsTvFLfIWOOnjM4=,iv:NhJWTB7T+MkuDCicu9GAxS97T2Ql0kRVMkTy781OE/k=,tag:GZo4b5gku+lDuinvVGjhtQ==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/media-automation/readarr/volume.yaml b/kubernetes/apps/default/readarr/app/volume.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/media-automation/readarr/volume.yaml
rename to kubernetes/apps/default/readarr/app/volume.yaml
diff --git a/kubernetes/apps/default/readarr/ks.yaml b/kubernetes/apps/default/readarr/ks.yaml
new file mode 100644
index 000000000..9e761331e
--- /dev/null
+++ b/kubernetes/apps/default/readarr/ks.yaml
@@ -0,0 +1,26 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-readarr-app
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ path: ./kubernetes/apps/default/readarr/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: readarr
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/apps/default/recyclarr/app/cronjob.yaml b/kubernetes/apps/default/recyclarr/app/cronjob.yaml
new file mode 100644
index 000000000..d981af63c
--- /dev/null
+++ b/kubernetes/apps/default/recyclarr/app/cronjob.yaml
@@ -0,0 +1,62 @@
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+ name: recyclarr
+ namespace: default
+spec:
+ schedule: "@daily"
+ jobTemplate:
+ spec:
+ ttlSecondsAfterFinished: 86400
+ template:
+ spec:
+ automountServiceAccountToken: false
+ restartPolicy: OnFailure
+ initContainers:
+ - name: render-configs
+ image: ghcr.io/onedr0p/alpine:3.17.0
+ envFrom:
+ - secretRef:
+ name: radarr-secret
+ - secretRef:
+ name: sonarr-secret
+ command:
+ - "/bin/bash"
+ - -c
+ args:
+ - "envsubst < /config/recyclarr.yml > /shared/recyclarr.yml"
+ volumeMounts:
+ - name: config
+ mountPath: /config
+ - name: shared
+ mountPath: /shared
+ containers:
+ - name: sonarrs
+ image: ghcr.io/recyclarr/recyclarr:4.0.2
+ command:
+ - /app/recyclarr/recyclarr
+ args:
+ - sonarr
+ volumeMounts:
+ - name: shared
+ mountPath: /config/recyclarr.yml
+ subPath: recyclarr.yml
+ readOnly: true
+ - name: radarrs
+ image: ghcr.io/recyclarr/recyclarr:4.0.2
+ command:
+ - /app/recyclarr/recyclarr
+ args:
+ - radarr
+ volumeMounts:
+ - name: shared
+ mountPath: /config/recyclarr.yml
+ subPath: recyclarr.yml
+ readOnly: true
+ volumes:
+ - name: config
+ configMap:
+ name: recyclarr-configmap
+ - name: shared
+ emptyDir: {}
diff --git a/kubernetes/cluster-0/apps/media-automation/recyclarr/kustomization.yaml b/kubernetes/apps/default/recyclarr/app/kustomization.yaml
similarity index 88%
rename from kubernetes/cluster-0/apps/media-automation/recyclarr/kustomization.yaml
rename to kubernetes/apps/default/recyclarr/app/kustomization.yaml
index d114dc800..377831b13 100644
--- a/kubernetes/cluster-0/apps/media-automation/recyclarr/kustomization.yaml
+++ b/kubernetes/apps/default/recyclarr/app/kustomization.yaml
@@ -2,12 +2,12 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
-resources:
- - ./secret.sops.yaml
- - ./helmrelease.yaml
namespace: default
+resources:
+ - ./cronjob.yaml
+ - ./secret.sops.yaml
configMapGenerator:
- - name: recyclarr
+ - name: recyclarr-configmap
files:
- ./recyclarr.yml
generatorOptions:
diff --git a/kubernetes/cluster-0/apps/media-automation/recyclarr/recyclarr.yml b/kubernetes/apps/default/recyclarr/app/recyclarr.yml
similarity index 100%
rename from kubernetes/cluster-0/apps/media-automation/recyclarr/recyclarr.yml
rename to kubernetes/apps/default/recyclarr/app/recyclarr.yml
diff --git a/kubernetes/cluster-0/apps/media-automation/recyclarr/secret.sops.yaml b/kubernetes/apps/default/recyclarr/app/secret.sops.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/media-automation/recyclarr/secret.sops.yaml
rename to kubernetes/apps/default/recyclarr/app/secret.sops.yaml
diff --git a/kubernetes/apps/default/recyclarr/ks.yaml b/kubernetes/apps/default/recyclarr/ks.yaml
new file mode 100644
index 000000000..ce9114fc0
--- /dev/null
+++ b/kubernetes/apps/default/recyclarr/ks.yaml
@@ -0,0 +1,22 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-recyclarr-app
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-radarr-app
+ - name: cluster-apps-sonarr-app
+ path: ./kubernetes/apps/default/recyclarr/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ wait: true
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/databases/redis/helmrelease.yaml b/kubernetes/apps/default/redis/app/helmrelease.yaml
similarity index 85%
rename from kubernetes/cluster-0/apps/databases/redis/helmrelease.yaml
rename to kubernetes/apps/default/redis/app/helmrelease.yaml
index 951fd8c76..846b1c339 100644
--- a/kubernetes/cluster-0/apps/databases/redis/helmrelease.yaml
+++ b/kubernetes/apps/default/redis/app/helmrelease.yaml
@@ -18,13 +18,16 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
+ dependsOn:
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
global:
- imageRegistry: public.ecr.aws
+ # imageRegistry: public.ecr.aws
storageClass: rook-ceph-block
auth:
enabled: false
diff --git a/kubernetes/cluster-0/apps/downloaders/sabnzbd/kustomization.yaml b/kubernetes/apps/default/redis/app/kustomization.yaml
similarity index 91%
rename from kubernetes/cluster-0/apps/downloaders/sabnzbd/kustomization.yaml
rename to kubernetes/apps/default/redis/app/kustomization.yaml
index 0b647c1f8..22859439e 100644
--- a/kubernetes/cluster-0/apps/downloaders/sabnzbd/kustomization.yaml
+++ b/kubernetes/apps/default/redis/app/kustomization.yaml
@@ -2,7 +2,7 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+namespace: default
resources:
- ./secret.sops.yaml
- - ./volume.yaml
- ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/databases/redis/secret.sops.yaml b/kubernetes/apps/default/redis/app/secret.sops.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/databases/redis/secret.sops.yaml
rename to kubernetes/apps/default/redis/app/secret.sops.yaml
diff --git a/kubernetes/apps/default/redis/ks.yaml b/kubernetes/apps/default/redis/ks.yaml
new file mode 100644
index 000000000..305d24bfa
--- /dev/null
+++ b/kubernetes/apps/default/redis/ks.yaml
@@ -0,0 +1,25 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-redis-app
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-rook-ceph-cluster
+ path: ./kubernetes/apps/default/redis/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: redis
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/storage/resilio-sync/claude/config/sync.conf b/kubernetes/apps/default/resilio-sync/claude/config/sync.conf
similarity index 100%
rename from kubernetes/cluster-0/apps/storage/resilio-sync/claude/config/sync.conf
rename to kubernetes/apps/default/resilio-sync/claude/config/sync.conf
diff --git a/kubernetes/cluster-0/apps/storage/resilio-sync/claude/helmrelease.yaml b/kubernetes/apps/default/resilio-sync/claude/helmrelease.yaml
similarity index 96%
rename from kubernetes/cluster-0/apps/storage/resilio-sync/claude/helmrelease.yaml
rename to kubernetes/apps/default/resilio-sync/claude/helmrelease.yaml
index 4f8063122..fa90e580f 100644
--- a/kubernetes/cluster-0/apps/storage/resilio-sync/claude/helmrelease.yaml
+++ b/kubernetes/apps/default/resilio-sync/claude/helmrelease.yaml
@@ -18,10 +18,13 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
+ dependsOn:
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
image:
repository: ghcr.io/auricom/resilio-sync
diff --git a/kubernetes/cluster-0/apps/storage/resilio-sync/claude/kustomization.yaml b/kubernetes/apps/default/resilio-sync/claude/kustomization.yaml
similarity index 82%
rename from kubernetes/cluster-0/apps/storage/resilio-sync/claude/kustomization.yaml
rename to kubernetes/apps/default/resilio-sync/claude/kustomization.yaml
index 0313ab410..0e4158e9d 100644
--- a/kubernetes/cluster-0/apps/storage/resilio-sync/claude/kustomization.yaml
+++ b/kubernetes/apps/default/resilio-sync/claude/kustomization.yaml
@@ -2,12 +2,14 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+namespace: default
resources:
- ./helmrelease.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
- ./volume.yaml
configMapGenerator:
- name: resilio-claude-sync-conf
- namespace: default
files:
- ./config/sync.conf
generatorOptions:
diff --git a/kubernetes/apps/default/resilio-sync/claude/replicationsource.yaml b/kubernetes/apps/default/resilio-sync/claude/replicationsource.yaml
new file mode 100644
index 000000000..57c22cc6e
--- /dev/null
+++ b/kubernetes/apps/default/resilio-sync/claude/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: resilio-claude
+ namespace: default
+spec:
+ sourcePVC: resilio-claude-config
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: resilio-claude-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/resilio-sync/claude/restic.sops.yaml b/kubernetes/apps/default/resilio-sync/claude/restic.sops.yaml
new file mode 100644
index 000000000..f80e13592
--- /dev/null
+++ b/kubernetes/apps/default/resilio-sync/claude/restic.sops.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: resilio-claude-restic
+ namespace: default
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:tle03NzNTqaJ5cJAdT1sjg52Ntx0u9EN9bINzjeUN/CbFKQe4AWiYgZ8GknlmTyMZOvNlCtRG33Qms+11cEn2Q==,iv:pvyfxAfK/7LUYU+jRQAhXy0huhgTA1YWSvz5UXukDk8=,tag:/owfcCbcyJP33pv4KXT7uA==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T06:43:50Z"
+ mac: ENC[AES256_GCM,data:Zo2GQtU7ZqaviBO13/EWHSBgU11KTTCNaudRt7H1TO6VSl8xhtJNb+H+4WZSrf5TY4vtsbYqi46l2DybdtyWKd5z1gk/g7AKw2CPK7Nb8ARsH8F9VTcPr/5AMvHHM7kR0xL2jQsAh7iM+edGBFRaNcNQRxLFArfpgRgUslYMJB4=,iv:JddLCxRb7LYYZzIe/l8dHLNa0tp+LNi9/OtFEbi7Z4c=,tag:AmJlpTk775FaRzxyrKR/9A==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/storage/resilio-sync/claude/volume.yaml b/kubernetes/apps/default/resilio-sync/claude/volume.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/storage/resilio-sync/claude/volume.yaml
rename to kubernetes/apps/default/resilio-sync/claude/volume.yaml
diff --git a/kubernetes/cluster-0/apps/storage/resilio-sync/helene/config/sync.conf b/kubernetes/apps/default/resilio-sync/helene/config/sync.conf
similarity index 100%
rename from kubernetes/cluster-0/apps/storage/resilio-sync/helene/config/sync.conf
rename to kubernetes/apps/default/resilio-sync/helene/config/sync.conf
diff --git a/kubernetes/cluster-0/apps/storage/resilio-sync/helene/helmrelease.yaml b/kubernetes/apps/default/resilio-sync/helene/helmrelease.yaml
similarity index 94%
rename from kubernetes/cluster-0/apps/storage/resilio-sync/helene/helmrelease.yaml
rename to kubernetes/apps/default/resilio-sync/helene/helmrelease.yaml
index 59f0064f6..de4f261ad 100644
--- a/kubernetes/cluster-0/apps/storage/resilio-sync/helene/helmrelease.yaml
+++ b/kubernetes/apps/default/resilio-sync/helene/helmrelease.yaml
@@ -18,11 +18,13 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
-
+ retries: 3
+ dependsOn:
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
image:
repository: ghcr.io/auricom/resilio-sync
diff --git a/kubernetes/cluster-0/apps/storage/resilio-sync/helene/kustomization.yaml b/kubernetes/apps/default/resilio-sync/helene/kustomization.yaml
similarity index 82%
rename from kubernetes/cluster-0/apps/storage/resilio-sync/helene/kustomization.yaml
rename to kubernetes/apps/default/resilio-sync/helene/kustomization.yaml
index dae1410c5..eae844301 100644
--- a/kubernetes/cluster-0/apps/storage/resilio-sync/helene/kustomization.yaml
+++ b/kubernetes/apps/default/resilio-sync/helene/kustomization.yaml
@@ -2,12 +2,14 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+namespace: default
resources:
- ./helmrelease.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
- ./volume.yaml
configMapGenerator:
- name: resilio-helene-sync-conf
- namespace: default
files:
- ./config/sync.conf
generatorOptions:
diff --git a/kubernetes/apps/default/resilio-sync/helene/replicationsource.yaml b/kubernetes/apps/default/resilio-sync/helene/replicationsource.yaml
new file mode 100644
index 000000000..6595152a8
--- /dev/null
+++ b/kubernetes/apps/default/resilio-sync/helene/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: resilio-helene
+ namespace: default
+spec:
+ sourcePVC: resilio-helene-config
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: resilio-helene-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/resilio-sync/helene/restic.sops.yaml b/kubernetes/apps/default/resilio-sync/helene/restic.sops.yaml
new file mode 100644
index 000000000..b2d85639f
--- /dev/null
+++ b/kubernetes/apps/default/resilio-sync/helene/restic.sops.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: resilio-helene-restic
+ namespace: default
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:gGcefoNg68nJNdN4bBgvPlN8LtIp57igeI0w+51XbxvE61oudJm4H5ePqqIom+c4YA+r2MPyRtDcU3zZZZkJGQ==,iv:ujh8jWNTLBpN2YhtjjCPFkq4I3JVBQRdQsTiKeLTuMI=,tag:Bor468jY1eb2k1P4EJRsVg==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T06:38:55Z"
+ mac: ENC[AES256_GCM,data:q9w22A6MR1+1SYCuwEcXlNqf02paU/dLuU0VbL3RJ5zTu5Se4Z+aiA6bTFffhBjusdDQFtfOU4YfFO/OGEyYyA68vjugG8n8OrF7BsSBB9ZjX2C+jwxH+vDHTf+X1FxjhipzX+PuNlTKfHLHe5vvLlKAPeftHy2wpzFb31zU69s=,iv:fBKgliHL7/dEEXL/E/snkX0J3e79gZ3KVtoH/MCkZ6c=,tag:bnd3E1CB8rtOCyZMFnQR5g==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/storage/resilio-sync/helene/volume.yaml b/kubernetes/apps/default/resilio-sync/helene/volume.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/storage/resilio-sync/helene/volume.yaml
rename to kubernetes/apps/default/resilio-sync/helene/volume.yaml
diff --git a/kubernetes/apps/default/resilio-sync/ks.yaml b/kubernetes/apps/default/resilio-sync/ks.yaml
new file mode 100644
index 000000000..b930b39a9
--- /dev/null
+++ b/kubernetes/apps/default/resilio-sync/ks.yaml
@@ -0,0 +1,52 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-resilio-claude
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/default/resilio-sync/claude
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ dependsOn:
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: resilio-claude
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-resilio-helene
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/default/resilio-sync/helene
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ dependsOn:
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: resilio-helene
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/downloaders/sabnzbd/helmrelease.yaml b/kubernetes/apps/default/sabnzbd/app/helmrelease.yaml
similarity index 94%
rename from kubernetes/cluster-0/apps/downloaders/sabnzbd/helmrelease.yaml
rename to kubernetes/apps/default/sabnzbd/app/helmrelease.yaml
index 8b852df7b..9ddcd1e8e 100644
--- a/kubernetes/cluster-0/apps/downloaders/sabnzbd/helmrelease.yaml
+++ b/kubernetes/apps/default/sabnzbd/app/helmrelease.yaml
@@ -18,10 +18,13 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
+ dependsOn:
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
image:
repository: ghcr.io/onedr0p/sabnzbd
@@ -54,7 +57,7 @@ spec:
proxy_set_header Accept-Encoding "";
sub_filter '' '';
sub_filter_once on;
-
+ hajimari.io/icon: mdi:download
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/kubernetes/apps/default/sabnzbd/app/kustomization.yaml b/kubernetes/apps/default/sabnzbd/app/kustomization.yaml
new file mode 100644
index 000000000..f6d952284
--- /dev/null
+++ b/kubernetes/apps/default/sabnzbd/app/kustomization.yaml
@@ -0,0 +1,11 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+ - ./helmrelease.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
+ - ./secret.sops.yaml
+ - ./volume.yaml
diff --git a/kubernetes/apps/default/sabnzbd/app/replicationsource.yaml b/kubernetes/apps/default/sabnzbd/app/replicationsource.yaml
new file mode 100644
index 000000000..3a7b1fd94
--- /dev/null
+++ b/kubernetes/apps/default/sabnzbd/app/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: sabnzbd
+ namespace: default
+spec:
+ sourcePVC: sabnzbd-config
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: sabnzbd-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/sabnzbd/app/restic.sops.yaml b/kubernetes/apps/default/sabnzbd/app/restic.sops.yaml
new file mode 100644
index 000000000..94b5f4151
--- /dev/null
+++ b/kubernetes/apps/default/sabnzbd/app/restic.sops.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: sabnzbd-restic
+ namespace: default
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:1MHDHUB4FpcpVcG2S76kldKBBRyDkt5RojedKnueMfqVB54XZgtQ+eUjjoLAlxedC0YdIb52q7li,iv:BSebPLGLm1DQV5ehrHq9rG2eUtqWdqGshX5/aBJDgz8=,tag:pZLHq8OuMXnj9phtLeLMuw==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T08:26:24Z"
+ mac: ENC[AES256_GCM,data:oilRwF4uQM17O8OIGqduE1UBuQ9xFZE0KGNGJ0gvlEuDxhsA72mIfhXc2sDnPlab+Z8EZY7w0OjCgKI9jUOXW/1W19PhhvF2UbbqK+FR7dTNo0ZtZ+tlu9+dfAylyQwLcWCvc6wbatx5igi4v9R8E4d8/ul7A/jrGPEAsDqNflg=,iv:UI/MdEx2O3JC8nd9nmiCbkJeEhe2TefRB7jpvQCAJc4=,tag:Nmbw7j/cvhKnGFP+XORGEA==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/apps/default/sabnzbd/app/secret.sops.yaml b/kubernetes/apps/default/sabnzbd/app/secret.sops.yaml
new file mode 100644
index 000000000..9f87ed011
--- /dev/null
+++ b/kubernetes/apps/default/sabnzbd/app/secret.sops.yaml
@@ -0,0 +1,30 @@
+# yamllint disable
+apiVersion: v1
+kind: Secret
+metadata:
+ name: sabnzbd
+ namespace: default
+type: Opaque
+stringData:
+ SABNZBD__API_KEY: ENC[AES256_GCM,data:6VgnjcgBVwvaKqWPNisOfct6smrVostiIR/yuoYqjco=,iv:WW1b7LJgG4CWEEm7ETwwXlfu3fG345YAvqi1dlsS8cg=,tag:nZSAbcWxwyXjKnwyVYt/Ug==,type:str]
+ SABNZBD__NZB_KEY: ENC[AES256_GCM,data:RoNUH0En29584v+m85gqlwIrLJ3aP5al0161FTnXGko=,iv:3u/uzWLe1f84WquDjrxXXdArcL1BeF6cNplImjP1yoE=,tag:xoPmImdecg/2twtVRzJh/g==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoN0VJaHVYcXNDZDlZUGRn
+ YUViZDU0TCtmbzkycUpiZUVDbkluSzdSM2hVClpMRDdKREJBZEpEYUIxUGlIem9Q
+ Z08rVUVLUFhWNGdncElCR2hFVFNJUEUKLS0tIDZzcDVyb0lMTzRrNStBRU1KN2wy
+ OU81anNCMk13bXNXRVM3ZWcxTjd6SUkKd5FvLfeXe4p7j5eryl9ZuVh6oT920yiy
+ hsaI1Cwm2WH55lR++P1jtIyTo+lOL5M+IZUeyC7LXBpMp2UBNbllcw==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T08:25:52Z"
+ mac: ENC[AES256_GCM,data:xCWHBq+s8wEUYhPYxE8XlJXJNeGf9w3MaNI7qrDucupXYxl3gnIiixjArRSk3oc2NuqUiNJF5pFlECHaj24/qvLQNftkWlulT3CxFHZ90/L+mK33h7dtOHmjNkqUtCmQgjylpPyT0MLWuYGC7WpcdCyficKk6OUc3F9BXbovbnM=,iv:Gii2DWFNLyy8yBCXwQqaUb9ewVtbkHDEhOz7p379YLA=,tag:HnfsqBeBu6B70eM+GDYXZg==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/downloaders/sabnzbd/volume.yaml b/kubernetes/apps/default/sabnzbd/app/volume.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/downloaders/sabnzbd/volume.yaml
rename to kubernetes/apps/default/sabnzbd/app/volume.yaml
diff --git a/kubernetes/apps/default/sabnzbd/ks.yaml b/kubernetes/apps/default/sabnzbd/ks.yaml
new file mode 100644
index 000000000..b0aede993
--- /dev/null
+++ b/kubernetes/apps/default/sabnzbd/ks.yaml
@@ -0,0 +1,26 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-sabnzbd-app
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ path: ./kubernetes/apps/default/sabnzbd/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: sabnzbd
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/web-tools/sharry/config/sharry.conf b/kubernetes/apps/default/sharry/app/config/sharry.conf
similarity index 100%
rename from kubernetes/cluster-0/apps/web-tools/sharry/config/sharry.conf
rename to kubernetes/apps/default/sharry/app/config/sharry.conf
diff --git a/kubernetes/cluster-0/apps/web-tools/sharry/helmrelease.yaml b/kubernetes/apps/default/sharry/app/helmrelease.yaml
similarity index 94%
rename from kubernetes/cluster-0/apps/web-tools/sharry/helmrelease.yaml
rename to kubernetes/apps/default/sharry/app/helmrelease.yaml
index 282eb33d8..9fa3fef40 100644
--- a/kubernetes/cluster-0/apps/web-tools/sharry/helmrelease.yaml
+++ b/kubernetes/apps/default/sharry/app/helmrelease.yaml
@@ -18,13 +18,12 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
dependsOn:
- - name: postgres-cluster
- namespace: default
+ - name: cloudnative-pg
values:
controller:
replicas: 1
diff --git a/kubernetes/cluster-0/apps/web-tools/sharry/kustomization.yaml b/kubernetes/apps/default/sharry/app/kustomization.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/web-tools/sharry/kustomization.yaml
rename to kubernetes/apps/default/sharry/app/kustomization.yaml
diff --git a/kubernetes/cluster-0/apps/web-tools/sharry/patches/postgres.yaml b/kubernetes/apps/default/sharry/app/patches/postgres.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/web-tools/sharry/patches/postgres.yaml
rename to kubernetes/apps/default/sharry/app/patches/postgres.yaml
diff --git a/kubernetes/apps/default/sharry/ks.yaml b/kubernetes/apps/default/sharry/ks.yaml
new file mode 100644
index 000000000..864a7ccfb
--- /dev/null
+++ b/kubernetes/apps/default/sharry/ks.yaml
@@ -0,0 +1,25 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-sharry
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/default/sharry/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ dependsOn:
+ - name: cluster-apps-cloudnative-pg-cluster
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: sharry
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/web-tools/readme.md b/kubernetes/apps/default/sharry/readme.md
similarity index 96%
rename from kubernetes/cluster-0/apps/web-tools/readme.md
rename to kubernetes/apps/default/sharry/readme.md
index 018a11bb0..d57897dbb 100644
--- a/kubernetes/cluster-0/apps/web-tools/readme.md
+++ b/kubernetes/apps/default/sharry/readme.md
@@ -1,8 +1,6 @@
-# Databases
+# Sharry
-## Sharry
-
-### S3 Configuration
+## S3 Configuration
1. Create `~/.mc/config.json`
diff --git a/kubernetes/cluster-0/apps/networking/smtp-relay/helmrelease.yaml b/kubernetes/apps/default/smtp-relay/app/helmrelease.yaml
similarity index 98%
rename from kubernetes/cluster-0/apps/networking/smtp-relay/helmrelease.yaml
rename to kubernetes/apps/default/smtp-relay/app/helmrelease.yaml
index 037525155..9624025f7 100644
--- a/kubernetes/cluster-0/apps/networking/smtp-relay/helmrelease.yaml
+++ b/kubernetes/apps/default/smtp-relay/app/helmrelease.yaml
@@ -18,10 +18,10 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
values:
controller:
replicas: 1
diff --git a/kubernetes/cluster-0/apps/networking/smtp-relay/kustomization.yaml b/kubernetes/apps/default/smtp-relay/app/kustomization.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/networking/smtp-relay/kustomization.yaml
rename to kubernetes/apps/default/smtp-relay/app/kustomization.yaml
index 67ec6b753..28e70f62e 100644
--- a/kubernetes/cluster-0/apps/networking/smtp-relay/kustomization.yaml
+++ b/kubernetes/apps/default/smtp-relay/app/kustomization.yaml
@@ -2,10 +2,10 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+namespace: default
resources:
- ./helmrelease.yaml
- ./secret.sops.yaml
-namespace: default
configMapGenerator:
- name: smtp-relay-configmap
files:
diff --git a/kubernetes/cluster-0/apps/networking/smtp-relay/maddy.conf b/kubernetes/apps/default/smtp-relay/app/maddy.conf
similarity index 100%
rename from kubernetes/cluster-0/apps/networking/smtp-relay/maddy.conf
rename to kubernetes/apps/default/smtp-relay/app/maddy.conf
diff --git a/kubernetes/cluster-0/apps/networking/smtp-relay/secret.sops.yaml b/kubernetes/apps/default/smtp-relay/app/secret.sops.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/networking/smtp-relay/secret.sops.yaml
rename to kubernetes/apps/default/smtp-relay/app/secret.sops.yaml
diff --git a/kubernetes/apps/default/smtp-relay/ks.yaml b/kubernetes/apps/default/smtp-relay/ks.yaml
new file mode 100644
index 000000000..e164b6b78
--- /dev/null
+++ b/kubernetes/apps/default/smtp-relay/ks.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-smtp-relay
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/default/smtp-relay/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: smtp-relay
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/media-automation/sonarr/helmrelease.yaml b/kubernetes/apps/default/sonarr/app/helmrelease.yaml
similarity index 94%
rename from kubernetes/cluster-0/apps/media-automation/sonarr/helmrelease.yaml
rename to kubernetes/apps/default/sonarr/app/helmrelease.yaml
index c25c97ede..d4cd6b0d5 100644
--- a/kubernetes/cluster-0/apps/media-automation/sonarr/helmrelease.yaml
+++ b/kubernetes/apps/default/sonarr/app/helmrelease.yaml
@@ -18,10 +18,13 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
+ dependsOn:
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
image:
repository: ghcr.io/onedr0p/sonarr-develop
@@ -52,6 +55,7 @@ spec:
proxy_set_header Accept-Encoding "";
sub_filter '' '';
sub_filter_once on;
+ hajimari.io/icon: mdi:television-classic
hosts:
- host: *host
paths:
diff --git a/kubernetes/cluster-0/apps/media-automation/sonarr/kustomization.yaml b/kubernetes/apps/default/sonarr/app/kustomization.yaml
similarity index 89%
rename from kubernetes/cluster-0/apps/media-automation/sonarr/kustomization.yaml
rename to kubernetes/apps/default/sonarr/app/kustomization.yaml
index b61fab265..61945c29d 100644
--- a/kubernetes/cluster-0/apps/media-automation/sonarr/kustomization.yaml
+++ b/kubernetes/apps/default/sonarr/app/kustomization.yaml
@@ -4,9 +4,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: default
resources:
+ - ./helmrelease.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
- ./secret.sops.yaml
- ./volume.yaml
- - ./helmrelease.yaml
configMapGenerator:
- name: sonarr-pushover
files:
diff --git a/kubernetes/apps/default/sonarr/app/replicationsource.yaml b/kubernetes/apps/default/sonarr/app/replicationsource.yaml
new file mode 100644
index 000000000..da46ddc72
--- /dev/null
+++ b/kubernetes/apps/default/sonarr/app/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: sonarr
+ namespace: default
+spec:
+ sourcePVC: sonarr-config
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: sonarr-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/sonarr/app/restic.sops.yaml b/kubernetes/apps/default/sonarr/app/restic.sops.yaml
new file mode 100644
index 000000000..769032af2
--- /dev/null
+++ b/kubernetes/apps/default/sonarr/app/restic.sops.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: sonarr-restic
+ namespace: default
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:E7B+rjyyZrHxiLBh/xnUl1b88ERSnGxUGHzZH+087fbXJOlbySnFuKRv+jPHMCoa//0r8RsC5mM=,iv:evk0OG92emADqogInteT7NSOsd+aGXEF8xMVLIVB63M=,tag:9YuM5VMkLpAA316dkjr5HA==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T15:35:19Z"
+ mac: ENC[AES256_GCM,data:VRBAxTHYtA4MWbi5qylhkRP2OlCAu8lOodgxVHlPicLY/AFxa70NhZcVMAD1iewVpr98ul0BQb/VdtRxlRdq4LjecdNK6o/FJUcvMVRjOBmMMyvqGnGmlif7MLMRt6H+FAknTC6nCJ1uSGu6KihvAA1f7jIeCOxzApGYqIsHp5M=,iv:yCrKaT5zu9ROQH5c8etRrYSlKRIKVeiNngbsOiX2a1g=,tag:4AINfTcGTA07MvMq7g4WXw==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/media-automation/sonarr/scripts/pushover-notify.sh b/kubernetes/apps/default/sonarr/app/scripts/pushover-notify.sh
similarity index 100%
rename from kubernetes/cluster-0/apps/media-automation/sonarr/scripts/pushover-notify.sh
rename to kubernetes/apps/default/sonarr/app/scripts/pushover-notify.sh
diff --git a/kubernetes/apps/default/sonarr/app/secret.sops.yaml b/kubernetes/apps/default/sonarr/app/secret.sops.yaml
new file mode 100644
index 000000000..b160d3d12
--- /dev/null
+++ b/kubernetes/apps/default/sonarr/app/secret.sops.yaml
@@ -0,0 +1,31 @@
+# yamllint disable
+apiVersion: v1
+kind: Secret
+metadata:
+ name: sonarr
+ namespace: default
+type: Opaque
+stringData:
+ PUSHOVER_TOKEN: ENC[AES256_GCM,data:VbPcH4St6p1+rdYkXgXnmWJw9wH1eeFe0KM0TxH9,iv:WLxuFr8DscUhYrgglmAPctrrY2QsItfwQ5ZnKD2P7xE=,tag:tfLhrhos9ZFKhuMdCnHDEA==,type:str]
+ PUSHOVER_USER_KEY: ENC[AES256_GCM,data:3UbR7hAnBAAjw/tdB8TSMZw3inuJJhJx9AiIN4tZ,iv:GuB8Kf/pAOp32SiVhpSLFisIeoEg1VxdYm2Raw2stRM=,tag:A8nDFwYPcZ7fOPG/UPYYzQ==,type:str]
+ SONARR__API_KEY: ENC[AES256_GCM,data:2byvnqPCT5MWJBnSmQrzXDnmfCvokUrr2PIR27iC+Y8=,iv:ejJtd3eXWlw0MyA6eXWVPChyVNgHK+FVpSYg2guOvZ8=,tag:QR0/X0cbJXFvzXhItglnCQ==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaU16anJNV2pBZmxPR3h2
+ bWREUnpjcTFvd05ZQ2E4VVBDdm1FL2k4WEYwCkdQSStTNWtpdjNkUW51WS9MekdC
+ VkpTUUFjSjY2a1JMOUtqOVh5M0JRR2sKLS0tIDRmcWpJSEVvaUp4U1lsaTZYZGNw
+ OGVKWU0zNUZJSFh4aFJxQWFsYm1VeFkKaDeI/hl7z0Qh8t5W39Kxu9ert1dt4xo+
+ LX+MjpVqxiZNcfwROD4bkWeQSN+VsxoGOOyj4L15BlggNnlg+L7Hww==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T15:35:43Z"
+ mac: ENC[AES256_GCM,data:W28v1mhf0LE/Wx/wz5YebMTvEAUY1/g8/aZmJKJNzioyT909NTlixyyMScZ9cUj/tKchkiv9DG9zKHNWiZSWHV8eEIsrzth4ENR0Puj0ZXzAFQAblzQh50DPMIVURt6FXcIh9Uw05fXcJwu2AN/lkWplsG7sDMo7n5y95ZomVHM=,iv:WSvs/o2Jep7DnoHBz2O/5t6aGjfYTNwRclGyf4npbOs=,tag:2OqXhjFhAnnxAK16o8TuOQ==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/media-automation/sonarr/volume.yaml b/kubernetes/apps/default/sonarr/app/volume.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/media-automation/sonarr/volume.yaml
rename to kubernetes/apps/default/sonarr/app/volume.yaml
diff --git a/kubernetes/apps/default/sonarr/ks.yaml b/kubernetes/apps/default/sonarr/ks.yaml
new file mode 100644
index 000000000..f4287f4c8
--- /dev/null
+++ b/kubernetes/apps/default/sonarr/ks.yaml
@@ -0,0 +1,26 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-sonarr-app
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ path: ./kubernetes/apps/default/sonarr/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: sonarr
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/web-tools/tandoor/config/nginx-config b/kubernetes/apps/default/tandoor/app/config/nginx-config
similarity index 100%
rename from kubernetes/cluster-0/apps/web-tools/tandoor/config/nginx-config
rename to kubernetes/apps/default/tandoor/app/config/nginx-config
diff --git a/kubernetes/cluster-0/apps/web-tools/tandoor/helmrelease.yaml b/kubernetes/apps/default/tandoor/app/helmrelease.yaml
similarity index 95%
rename from kubernetes/cluster-0/apps/web-tools/tandoor/helmrelease.yaml
rename to kubernetes/apps/default/tandoor/app/helmrelease.yaml
index 68a247257..d4882aae7 100644
--- a/kubernetes/cluster-0/apps/web-tools/tandoor/helmrelease.yaml
+++ b/kubernetes/apps/default/tandoor/app/helmrelease.yaml
@@ -18,13 +18,14 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
dependsOn:
- - name: postgres-cluster
- namespace: default
+ - name: cloudnative-pg
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
image:
repository: vabene1111/recipes
diff --git a/kubernetes/cluster-0/apps/web-tools/tandoor/kustomization.yaml b/kubernetes/apps/default/tandoor/app/kustomization.yaml
similarity index 89%
rename from kubernetes/cluster-0/apps/web-tools/tandoor/kustomization.yaml
rename to kubernetes/apps/default/tandoor/app/kustomization.yaml
index aa5073932..5c6c8a9ea 100644
--- a/kubernetes/cluster-0/apps/web-tools/tandoor/kustomization.yaml
+++ b/kubernetes/apps/default/tandoor/app/kustomization.yaml
@@ -4,8 +4,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: default
resources:
- - ./secret.sops.yaml
- ./helmrelease.yaml
+ - ./secret.sops.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
- ./volume.yaml
patchesStrategicMerge:
- ./patches/env.yaml
diff --git a/kubernetes/cluster-0/apps/web-tools/tandoor/patches/env.yaml b/kubernetes/apps/default/tandoor/app/patches/env.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/web-tools/tandoor/patches/env.yaml
rename to kubernetes/apps/default/tandoor/app/patches/env.yaml
diff --git a/kubernetes/cluster-0/apps/web-tools/tandoor/patches/postgres.yaml b/kubernetes/apps/default/tandoor/app/patches/postgres.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/web-tools/tandoor/patches/postgres.yaml
rename to kubernetes/apps/default/tandoor/app/patches/postgres.yaml
diff --git a/kubernetes/apps/default/tandoor/app/replicationsource.yaml b/kubernetes/apps/default/tandoor/app/replicationsource.yaml
new file mode 100644
index 000000000..1a3fddb92
--- /dev/null
+++ b/kubernetes/apps/default/tandoor/app/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: tandoor
+ namespace: default
+spec:
+ sourcePVC: tandoor-files
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: tandoor-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/tandoor/app/restic.sops.yaml b/kubernetes/apps/default/tandoor/app/restic.sops.yaml
new file mode 100644
index 000000000..5366b15e0
--- /dev/null
+++ b/kubernetes/apps/default/tandoor/app/restic.sops.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: tandoor-restic
+ namespace: default
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:doNM45RgucJso4t85IZREhHclpvKXYy+GFomdGSokK7kjl7Jn25CJuG/u5t7GnjC0M2uYo8nhyMQ,iv:eNummV+QSSAkFFaZC0WPAMV/G+j70b0X6pN1MgUYx7s=,tag:gR260etgdx6Lwt9GXpDWew==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T06:24:08Z"
+ mac: ENC[AES256_GCM,data:udFHC/EM7a4g1pOvhU8HJRiSSSnBDvzva3rrZdmjidfcjrt90dStpNL+AHCLXjqj0DsPJHP8bvyXsrrOQg+WXi47OnugUu0YnqaoS6n5nklCfhcqWU5PM5eG+zmuDkfnXT9EbwAyKXvnmzhIr4Rr2+LxsZNJpVqY6AfNM4IFRtc=,iv:lqVOyMN1c/9pxU/CRuEjcPd6890uNq3xgqwF8RKkFEo=,tag:YMrnTGCruKCbTq0r24SEyw==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/web-tools/tandoor/secret.sops.yaml b/kubernetes/apps/default/tandoor/app/secret.sops.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/web-tools/tandoor/secret.sops.yaml
rename to kubernetes/apps/default/tandoor/app/secret.sops.yaml
diff --git a/kubernetes/cluster-0/apps/web-tools/tandoor/volume.yaml b/kubernetes/apps/default/tandoor/app/volume.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/web-tools/tandoor/volume.yaml
rename to kubernetes/apps/default/tandoor/app/volume.yaml
diff --git a/kubernetes/apps/default/tandoor/ks.yaml b/kubernetes/apps/default/tandoor/ks.yaml
new file mode 100644
index 000000000..6c6381d49
--- /dev/null
+++ b/kubernetes/apps/default/tandoor/ks.yaml
@@ -0,0 +1,27 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-tandoor
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/default/tandoor/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ dependsOn:
+ - name: cluster-apps-cloudnative-pg-cluster
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: tandoor
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/web-tools/theme-park/helmrelease.yaml b/kubernetes/apps/default/theme-park/app/helmrelease.yaml
similarity index 97%
rename from kubernetes/cluster-0/apps/web-tools/theme-park/helmrelease.yaml
rename to kubernetes/apps/default/theme-park/app/helmrelease.yaml
index 6654a2283..7518714e9 100644
--- a/kubernetes/cluster-0/apps/web-tools/theme-park/helmrelease.yaml
+++ b/kubernetes/apps/default/theme-park/app/helmrelease.yaml
@@ -18,10 +18,10 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
values:
controller:
replicas: 1
diff --git a/kubernetes/apps/default/theme-park/app/kustomization.yaml b/kubernetes/apps/default/theme-park/app/kustomization.yaml
new file mode 100644
index 000000000..5b48b4e26
--- /dev/null
+++ b/kubernetes/apps/default/theme-park/app/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+ - ./helmrelease.yaml
diff --git a/kubernetes/apps/default/theme-park/ks.yaml b/kubernetes/apps/default/theme-park/ks.yaml
new file mode 100644
index 000000000..5c01c3ff0
--- /dev/null
+++ b/kubernetes/apps/default/theme-park/ks.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-theme-park
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/default/theme-park/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: theme-park
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/networking/unifi/helmrelease.yaml b/kubernetes/apps/default/unifi/app/helmrelease.yaml
similarity index 95%
rename from kubernetes/cluster-0/apps/networking/unifi/helmrelease.yaml
rename to kubernetes/apps/default/unifi/app/helmrelease.yaml
index f1b2f3823..4b2b4cc9a 100644
--- a/kubernetes/cluster-0/apps/networking/unifi/helmrelease.yaml
+++ b/kubernetes/apps/default/unifi/app/helmrelease.yaml
@@ -18,10 +18,13 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
+ dependsOn:
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
image:
repository: jacobalberty/unifi
diff --git a/kubernetes/apps/default/unifi/app/kustomization.yaml b/kubernetes/apps/default/unifi/app/kustomization.yaml
new file mode 100644
index 000000000..fdd4f5040
--- /dev/null
+++ b/kubernetes/apps/default/unifi/app/kustomization.yaml
@@ -0,0 +1,10 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+ - ./helmrelease.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
+ - ./volume.yaml
diff --git a/kubernetes/apps/default/unifi/app/replicationsource.yaml b/kubernetes/apps/default/unifi/app/replicationsource.yaml
new file mode 100644
index 000000000..88e8c29d0
--- /dev/null
+++ b/kubernetes/apps/default/unifi/app/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: unifi
+ namespace: default
+spec:
+ sourcePVC: unifi-config
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: unifi-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/unifi/app/restic.sops.yaml b/kubernetes/apps/default/unifi/app/restic.sops.yaml
new file mode 100644
index 000000000..546151ccb
--- /dev/null
+++ b/kubernetes/apps/default/unifi/app/restic.sops.yaml
@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: unifi-restic
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:FthTBOx4mCQ2gDeoZXFhQfqTc8mEVxP80iRGMR7sa3ZLHACzZN1fJKjWEvmDZZrPdVm7jATT7g==,iv:LF73PZaA+S8FPtnSrkG+8iuN+3q+PxR2GL2VmwXaeNg=,tag:yhNZUDL6vT3ZfJpXtuyblA==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T04:29:55Z"
+ mac: ENC[AES256_GCM,data:XlsRVx6bf/r7G1os9tRykc2uwYRcmR+6+noK9ZyaSfJGFDs4NNTQRtk+aXZpPWo7L6BBYeeUk6gV/UjspwoLkKVAO9xOarux5hxN5PbZkS1sRAMTK6oyOZTNyxkhJwQwSj6w1n339yNpJHZcu6FpN1Lw5lGvbvI338RLW1bJ/zY=,iv:SJ1/Ovbp4c3w1B6Utpjk7Yoal3Z4EY6R9HHlV9KpzxQ=,tag:rMMzNLDdnC60mRLV76d/Yg==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/networking/unifi/volume.yaml b/kubernetes/apps/default/unifi/app/volume.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/networking/unifi/volume.yaml
rename to kubernetes/apps/default/unifi/app/volume.yaml
diff --git a/kubernetes/apps/default/unifi/ks.yaml b/kubernetes/apps/default/unifi/ks.yaml
new file mode 100644
index 000000000..a3e9bc385
--- /dev/null
+++ b/kubernetes/apps/default/unifi/ks.yaml
@@ -0,0 +1,26 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-unifi
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ path: ./kubernetes/apps/default/unifi/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: unifi
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/monitoring/uptime-kuma/helmrelease.yaml b/kubernetes/apps/default/uptime-kuma/app/helmrelease.yaml
similarity index 92%
rename from kubernetes/cluster-0/apps/monitoring/uptime-kuma/helmrelease.yaml
rename to kubernetes/apps/default/uptime-kuma/app/helmrelease.yaml
index f68486d5d..a39c3f32d 100644
--- a/kubernetes/cluster-0/apps/monitoring/uptime-kuma/helmrelease.yaml
+++ b/kubernetes/apps/default/uptime-kuma/app/helmrelease.yaml
@@ -18,10 +18,13 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
+ dependsOn:
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
global:
nameOverride: *app
diff --git a/kubernetes/apps/default/uptime-kuma/app/kustomization.yaml b/kubernetes/apps/default/uptime-kuma/app/kustomization.yaml
new file mode 100644
index 000000000..fdd4f5040
--- /dev/null
+++ b/kubernetes/apps/default/uptime-kuma/app/kustomization.yaml
@@ -0,0 +1,10 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+ - ./helmrelease.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
+ - ./volume.yaml
diff --git a/kubernetes/apps/default/uptime-kuma/app/replicationsource.yaml b/kubernetes/apps/default/uptime-kuma/app/replicationsource.yaml
new file mode 100644
index 000000000..51ddcd324
--- /dev/null
+++ b/kubernetes/apps/default/uptime-kuma/app/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: uptime-kuma
+ namespace: default
+spec:
+ sourcePVC: uptime-kuma-config
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: uptime-kuma-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/uptime-kuma/app/restic.sops.yaml b/kubernetes/apps/default/uptime-kuma/app/restic.sops.yaml
new file mode 100644
index 000000000..cfede696e
--- /dev/null
+++ b/kubernetes/apps/default/uptime-kuma/app/restic.sops.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: uptime-kuma-restic
+ namespace: default
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:V/JqjP5wz0g/HFUcAO5JBH1jYTyI3r8tjR5gcJyXs/Z7oC4tvgcRuPdnWelLs4Akr8CXK0zwIHWMHxMIEw==,iv:x3uP1lvMD8Rjdc5FlIqS92QLa9rvK4d3T6URfwe6N3I=,tag:9bIx4bEm5BBEoW66ZtL+yg==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T08:48:42Z"
+ mac: ENC[AES256_GCM,data:65pq1ukBq5WYYSRs78KtclI90fNDHKExPFnhhClhbYfT5eZHgP1VbCQtHJNyNwNOK/WkYny+hOt7jLxJycH+VzkFwN/ivC3wXqZPakL6ZTkNmZPK+Z/gY8+zKUtxuBEOWu1mPKUVGEldWy4An1HlyyOIrCgeE2SPUOu8YjDQlok=,iv:WiQcv1QDJPzh4LHmsSCR9ohaCddNnOlYiGwSxb7baoU=,tag:kaT9nPi1mkgPgKujR4WyDQ==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/monitoring/uptime-kuma/volume.yaml b/kubernetes/apps/default/uptime-kuma/app/volume.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/monitoring/uptime-kuma/volume.yaml
rename to kubernetes/apps/default/uptime-kuma/app/volume.yaml
diff --git a/kubernetes/apps/default/uptime-kuma/ks.yaml b/kubernetes/apps/default/uptime-kuma/ks.yaml
new file mode 100644
index 000000000..eafee34aa
--- /dev/null
+++ b/kubernetes/apps/default/uptime-kuma/ks.yaml
@@ -0,0 +1,26 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-uptime-kuma
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/default/uptime-kuma/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ dependsOn:
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: uptime-kuma
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/web-tools/vaultwarden/helmrelease.yaml b/kubernetes/apps/default/vaultwarden/app/helmrelease.yaml
similarity index 93%
rename from kubernetes/cluster-0/apps/web-tools/vaultwarden/helmrelease.yaml
rename to kubernetes/apps/default/vaultwarden/app/helmrelease.yaml
index 3968dcdd9..5e8bbcf3d 100644
--- a/kubernetes/cluster-0/apps/web-tools/vaultwarden/helmrelease.yaml
+++ b/kubernetes/apps/default/vaultwarden/app/helmrelease.yaml
@@ -18,13 +18,14 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
dependsOn:
- - name: postgres-cluster
- namespace: default
+ - name: cloudnative-pg
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
image:
repository: vaultwarden/server
@@ -43,7 +44,7 @@ spec:
SMTP_FROM: vaultwarden@${SECRET_DOMAIN}
SMTP_FROM_NAME: vaultwarden
SMTP_PORT: 2525
- SMTP_SECURITY: off
+ SMTP_SECURITY: "off"
envFrom:
- secretRef:
name: *app
diff --git a/kubernetes/apps/default/vaultwarden/app/kustomization.yaml b/kubernetes/apps/default/vaultwarden/app/kustomization.yaml
new file mode 100644
index 000000000..06c622307
--- /dev/null
+++ b/kubernetes/apps/default/vaultwarden/app/kustomization.yaml
@@ -0,0 +1,13 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+ - ./helmrelease.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
+ - ./secret.sops.yaml
+ - ./volume.yaml
+patchesStrategicMerge:
+ - ./patches/postgres.yaml
diff --git a/kubernetes/cluster-0/apps/web-tools/vaultwarden/patches/postgres.yaml b/kubernetes/apps/default/vaultwarden/app/patches/postgres.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/web-tools/vaultwarden/patches/postgres.yaml
rename to kubernetes/apps/default/vaultwarden/app/patches/postgres.yaml
diff --git a/kubernetes/apps/default/vaultwarden/app/replicationsource.yaml b/kubernetes/apps/default/vaultwarden/app/replicationsource.yaml
new file mode 100644
index 000000000..0520e6c8f
--- /dev/null
+++ b/kubernetes/apps/default/vaultwarden/app/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: vaultwarden
+ namespace: default
+spec:
+ sourcePVC: vaultwarden-data
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: vaultwarden-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/vaultwarden/app/restic.sops.yaml b/kubernetes/apps/default/vaultwarden/app/restic.sops.yaml
new file mode 100644
index 000000000..ffd3b319e
--- /dev/null
+++ b/kubernetes/apps/default/vaultwarden/app/restic.sops.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: vaultwarden-restic
+ namespace: default
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:uOeOyeDbYvbOzaHbzBEiGGbTajNGiyyvdAZ6gxQsQkK/7zlYGjjHJToe1P08f9ubfJvb1qYDolbUFG1r7w==,iv:Rt+XeXIaPCNe/4RN1j+Oq1onSuL7ygObJ6RE8OtVqQM=,tag:O60RdSxw1vtklvaCSPA+rA==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T06:25:12Z"
+ mac: ENC[AES256_GCM,data:p1g7s7w7umL5nLw8MiFZUwFf7a8/iFE/AAFS5roUoxUZA3L2DULAvx3cHyOHuTWLXJRuvrTWDR4EgvGo3fgXcsWLSKEK/5G7ZK2gsBRjr3nrcGoOmf6ICj7W5tsjP3t9IZ6XHApu1DG83GTm/eehNuQOt6bGp/eTjjB3j+bScOo=,iv:VYZu8ryjAd1N7+2qhZjhbYiSCa5zQTnrITitT8W8QhA=,tag:UV5AmjLD02N0HfqsIqJUeA==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/web-tools/vaultwarden/secret.sops.yaml b/kubernetes/apps/default/vaultwarden/app/secret.sops.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/web-tools/vaultwarden/secret.sops.yaml
rename to kubernetes/apps/default/vaultwarden/app/secret.sops.yaml
diff --git a/kubernetes/cluster-0/apps/web-tools/vaultwarden/volume.yaml b/kubernetes/apps/default/vaultwarden/app/volume.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/web-tools/vaultwarden/volume.yaml
rename to kubernetes/apps/default/vaultwarden/app/volume.yaml
diff --git a/kubernetes/apps/default/vaultwarden/ks.yaml b/kubernetes/apps/default/vaultwarden/ks.yaml
new file mode 100644
index 000000000..88061cef2
--- /dev/null
+++ b/kubernetes/apps/default/vaultwarden/ks.yaml
@@ -0,0 +1,27 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-vaultwarden
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/default/vaultwarden/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ dependsOn:
+ - name: cluster-apps-cloudnative-pg-cluster
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: vaultwarden
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/web-tools/vikunja/config/Caddyfile b/kubernetes/apps/default/vikunja/app/config/Caddyfile
similarity index 100%
rename from kubernetes/cluster-0/apps/web-tools/vikunja/config/Caddyfile
rename to kubernetes/apps/default/vikunja/app/config/Caddyfile
diff --git a/kubernetes/cluster-0/apps/web-tools/vikunja/helmrelease.yaml b/kubernetes/apps/default/vikunja/app/helmrelease.yaml
similarity index 96%
rename from kubernetes/cluster-0/apps/web-tools/vikunja/helmrelease.yaml
rename to kubernetes/apps/default/vikunja/app/helmrelease.yaml
index 0a20cce5d..eb8d4aa09 100644
--- a/kubernetes/cluster-0/apps/web-tools/vikunja/helmrelease.yaml
+++ b/kubernetes/apps/default/vikunja/app/helmrelease.yaml
@@ -18,13 +18,14 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
dependsOn:
- - name: postgres-cluster
- namespace: default
+ - name: cloudnative-pg
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
controller:
replicas: 1
diff --git a/kubernetes/cluster-0/apps/web-tools/vikunja/kustomization.yaml b/kubernetes/apps/default/vikunja/app/kustomization.yaml
similarity index 88%
rename from kubernetes/cluster-0/apps/web-tools/vikunja/kustomization.yaml
rename to kubernetes/apps/default/vikunja/app/kustomization.yaml
index ee22b825b..fcd59a087 100644
--- a/kubernetes/cluster-0/apps/web-tools/vikunja/kustomization.yaml
+++ b/kubernetes/apps/default/vikunja/app/kustomization.yaml
@@ -4,8 +4,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: default
resources:
- - ./secret.sops.yaml
- ./helmrelease.yaml
+ - ./secret.sops.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
- ./volume.yaml
patchesStrategicMerge:
- ./patches/postgres.yaml
diff --git a/kubernetes/cluster-0/apps/web-tools/vikunja/patches/postgres.yaml b/kubernetes/apps/default/vikunja/app/patches/postgres.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/web-tools/vikunja/patches/postgres.yaml
rename to kubernetes/apps/default/vikunja/app/patches/postgres.yaml
diff --git a/kubernetes/apps/default/vikunja/app/replicationsource.yaml b/kubernetes/apps/default/vikunja/app/replicationsource.yaml
new file mode 100644
index 000000000..a772d94f7
--- /dev/null
+++ b/kubernetes/apps/default/vikunja/app/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: vikunja
+ namespace: default
+spec:
+ sourcePVC: vikunja-files
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: vikunja-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/vikunja/app/restic.sops.yaml b/kubernetes/apps/default/vikunja/app/restic.sops.yaml
new file mode 100644
index 000000000..8386cf998
--- /dev/null
+++ b/kubernetes/apps/default/vikunja/app/restic.sops.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: vikunja-restic
+ namespace: default
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:DRnr4ptC0pZnm1K+Vov2pOS89+PXdZA3xtQVGedWFYJJxKAWnJlF2I4VWvegxNGxDRzDFrPAWOZp,iv:FoHVMYFLdC00BjbSUeoac1CoQA06Jm/fV+NEeWpAx8Y=,tag:AmOc73QKyRAgMPGYpVdMgg==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T06:25:36Z"
+ mac: ENC[AES256_GCM,data:aI42cmAJAJd+NhktFhGTZ7uheN3HOWsJhzXKXZasdj4X0T/+COCO/+vjLcY1JH3rlkRi1GQm/PD+b/qncg1wczrn5YGiJJqyS+UmnGKaElBqFuI+/A78eN9BSX958yHuyHRHNUyXOEC0NCyjb5nOSdQi2nDaZX0biMQwXAxHLQQ=,iv:HQnXpSChZXVRhwbitJw1RIJBQdIi64+hfYG8LYiMfPs=,tag:P6kJp+32HXimosiVBuJVEw==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/web-tools/vikunja/secret.sops.yaml b/kubernetes/apps/default/vikunja/app/secret.sops.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/web-tools/vikunja/secret.sops.yaml
rename to kubernetes/apps/default/vikunja/app/secret.sops.yaml
diff --git a/kubernetes/cluster-0/apps/web-tools/vikunja/volume.yaml b/kubernetes/apps/default/vikunja/app/volume.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/web-tools/vikunja/volume.yaml
rename to kubernetes/apps/default/vikunja/app/volume.yaml
diff --git a/kubernetes/apps/default/vikunja/ks.yaml b/kubernetes/apps/default/vikunja/ks.yaml
new file mode 100644
index 000000000..dfcbc666d
--- /dev/null
+++ b/kubernetes/apps/default/vikunja/ks.yaml
@@ -0,0 +1,27 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-vikunja
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/default/vikunja/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ dependsOn:
+ - name: cluster-apps-cloudnative-pg-cluster
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: vikunja
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/web-tools/wallabag/helmrelease.yaml b/kubernetes/apps/default/wallabag/app/helmrelease.yaml
similarity index 92%
rename from kubernetes/cluster-0/apps/web-tools/wallabag/helmrelease.yaml
rename to kubernetes/apps/default/wallabag/app/helmrelease.yaml
index ba4d7cbe2..792b74be1 100644
--- a/kubernetes/cluster-0/apps/web-tools/wallabag/helmrelease.yaml
+++ b/kubernetes/apps/default/wallabag/app/helmrelease.yaml
@@ -18,15 +18,16 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
dependsOn:
- - name: postgres-cluster
- namespace: default
+ - name: cloudnative-pg
- name: redis
namespace: default
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
controller:
replicas: 1
diff --git a/kubernetes/cluster-0/apps/web-tools/wallabag/kustomization.yaml b/kubernetes/apps/default/wallabag/app/kustomization.yaml
similarity index 85%
rename from kubernetes/cluster-0/apps/web-tools/wallabag/kustomization.yaml
rename to kubernetes/apps/default/wallabag/app/kustomization.yaml
index e3e9cda02..8f6f5f104 100644
--- a/kubernetes/cluster-0/apps/web-tools/wallabag/kustomization.yaml
+++ b/kubernetes/apps/default/wallabag/app/kustomization.yaml
@@ -6,6 +6,8 @@ namespace: default
resources:
- ./helmrelease.yaml
- ./secret.sops.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
- ./volume.yaml
patchesStrategicMerge:
- ./patches/env.yaml
diff --git a/kubernetes/cluster-0/apps/web-tools/wallabag/patches/env.yaml b/kubernetes/apps/default/wallabag/app/patches/env.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/web-tools/wallabag/patches/env.yaml
rename to kubernetes/apps/default/wallabag/app/patches/env.yaml
diff --git a/kubernetes/cluster-0/apps/web-tools/wallabag/patches/postgres.yaml b/kubernetes/apps/default/wallabag/app/patches/postgres.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/web-tools/wallabag/patches/postgres.yaml
rename to kubernetes/apps/default/wallabag/app/patches/postgres.yaml
diff --git a/kubernetes/apps/default/wallabag/app/replicationsource.yaml b/kubernetes/apps/default/wallabag/app/replicationsource.yaml
new file mode 100644
index 000000000..0ed02313b
--- /dev/null
+++ b/kubernetes/apps/default/wallabag/app/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: wallabag
+ namespace: default
+spec:
+ sourcePVC: wallabag-images
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: wallabag-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/wallabag/app/restic.sops.yaml b/kubernetes/apps/default/wallabag/app/restic.sops.yaml
new file mode 100644
index 000000000..df33dfe2f
--- /dev/null
+++ b/kubernetes/apps/default/wallabag/app/restic.sops.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: wallabag-restic
+ namespace: default
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:DmxzZkxk68HJTj0BQviWqKcwkR/QI/6clRDeyXzhs/y25kKiVUAjEOoo7pjx12lGPJLkHEehs6szag==,iv:qC2aHOajpp3bm/XDUFlt8VCx1lWWNjHoBn61y+IFVQM=,tag:BiSD1EyP/BPIXZYXkJ9+kQ==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T06:25:57Z"
+ mac: ENC[AES256_GCM,data:wDJZL3xNohPiuk/rwKYvRTv2CJSg5M467+Yu7Ce8qAHQakvmYd7gTuyBXQn7EMTQLhuGgISc+S0RZOVbIimNKj/Th7OPsAeBoQr/OwawpiN+UNZ/0gDn+VdsKE2ZaRY6QXpqZF1D4ZCc8DLCExbifY2T9lgQzryVoky3WRsLpl0=,iv:2mQMILQiKRIL6EPYFAH7a8RZ96+EnZL45gqjbSB40Eg=,tag:TiLoMFbodTD+8m24xwKwvA==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/web-tools/wallabag/secret.sops.yaml b/kubernetes/apps/default/wallabag/app/secret.sops.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/web-tools/wallabag/secret.sops.yaml
rename to kubernetes/apps/default/wallabag/app/secret.sops.yaml
diff --git a/kubernetes/cluster-0/apps/web-tools/wallabag/volume.yaml b/kubernetes/apps/default/wallabag/app/volume.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/web-tools/wallabag/volume.yaml
rename to kubernetes/apps/default/wallabag/app/volume.yaml
diff --git a/kubernetes/apps/default/wallabag/ks.yaml b/kubernetes/apps/default/wallabag/ks.yaml
new file mode 100644
index 000000000..5332906bb
--- /dev/null
+++ b/kubernetes/apps/default/wallabag/ks.yaml
@@ -0,0 +1,27 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-wallabag
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/default/wallabag/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ dependsOn:
+ - name: cluster-apps-cloudnative-pg-cluster
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: wallabag
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/web-tools/whoogle/helmrelease.yaml b/kubernetes/apps/default/whoogle/app/helmrelease.yaml
similarity index 98%
rename from kubernetes/cluster-0/apps/web-tools/whoogle/helmrelease.yaml
rename to kubernetes/apps/default/whoogle/app/helmrelease.yaml
index 90d2d88b7..fa63462c7 100644
--- a/kubernetes/cluster-0/apps/web-tools/whoogle/helmrelease.yaml
+++ b/kubernetes/apps/default/whoogle/app/helmrelease.yaml
@@ -18,10 +18,10 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
values:
controller:
replicas: 2
diff --git a/kubernetes/apps/default/whoogle/app/kustomization.yaml b/kubernetes/apps/default/whoogle/app/kustomization.yaml
new file mode 100644
index 000000000..5b48b4e26
--- /dev/null
+++ b/kubernetes/apps/default/whoogle/app/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+ - ./helmrelease.yaml
diff --git a/kubernetes/apps/default/whoogle/ks.yaml b/kubernetes/apps/default/whoogle/ks.yaml
new file mode 100644
index 000000000..f91e67d88
--- /dev/null
+++ b/kubernetes/apps/default/whoogle/ks.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-whoogle
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/default/whoogle/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: whoogle
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/helmrelease.yaml b/kubernetes/apps/default/zigbee2mqtt/app/helmrelease.yaml
similarity index 94%
rename from kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/helmrelease.yaml
rename to kubernetes/apps/default/zigbee2mqtt/app/helmrelease.yaml
index 85d4d7322..23f2e00c3 100644
--- a/kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/helmrelease.yaml
+++ b/kubernetes/apps/default/zigbee2mqtt/app/helmrelease.yaml
@@ -18,15 +18,17 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
dependsOn:
- - name: node-feature-discovery
- namespace: default
- name: emqx
namespace: default
+ - name: node-feature-discovery
+ namespace: kube-system
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
fullnameOverride: *app
image:
diff --git a/kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/kustomization.yaml b/kubernetes/apps/default/zigbee2mqtt/app/kustomization.yaml
similarity index 73%
rename from kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/kustomization.yaml
rename to kubernetes/apps/default/zigbee2mqtt/app/kustomization.yaml
index c65256f36..f9bdcd64d 100644
--- a/kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/kustomization.yaml
+++ b/kubernetes/apps/default/zigbee2mqtt/app/kustomization.yaml
@@ -2,10 +2,13 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+namespace: default
resources:
- ./helmrelease.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
+ - ./prometheusrule.yaml
- ./volume.yaml
- - ./prometheus-rule.yaml
patchesStrategicMerge:
- ./patches/env.yaml
- ./patches/exporter.yaml
diff --git a/kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/patches/env.yaml b/kubernetes/apps/default/zigbee2mqtt/app/patches/env.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/patches/env.yaml
rename to kubernetes/apps/default/zigbee2mqtt/app/patches/env.yaml
diff --git a/kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/patches/exporter.yaml b/kubernetes/apps/default/zigbee2mqtt/app/patches/exporter.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/patches/exporter.yaml
rename to kubernetes/apps/default/zigbee2mqtt/app/patches/exporter.yaml
diff --git a/kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/prometheus-rule.yaml b/kubernetes/apps/default/zigbee2mqtt/app/prometheusrule.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/prometheus-rule.yaml
rename to kubernetes/apps/default/zigbee2mqtt/app/prometheusrule.yaml
diff --git a/kubernetes/apps/default/zigbee2mqtt/app/replicationsource.yaml b/kubernetes/apps/default/zigbee2mqtt/app/replicationsource.yaml
new file mode 100644
index 000000000..72008958d
--- /dev/null
+++ b/kubernetes/apps/default/zigbee2mqtt/app/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: zigbee2mqtt
+ namespace: default
+spec:
+ sourcePVC: zigbee2mqtt-config
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: zigbee2mqtt-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/zigbee2mqtt/app/restic.sops.yaml b/kubernetes/apps/default/zigbee2mqtt/app/restic.sops.yaml
new file mode 100644
index 000000000..dc24f53c3
--- /dev/null
+++ b/kubernetes/apps/default/zigbee2mqtt/app/restic.sops.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: zigbee2mqtt-restic
+ namespace: default
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:L1Pxmxv7nkAOhkfxBqaFUyjN06zDQ7Ch9zwWd6zGz1Rqy4Lz3K9vyzsteB2TAULio106cMb23UlhhybviQ==,iv:tpkWyt79gi2M1s//rClBfScw6OAOf+5gqUHVhTuB1oA=,tag:+r5keMgEuAGGJYqOnUDmMg==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T07:03:26Z"
+ mac: ENC[AES256_GCM,data:Ibdqa/ZFeJ1MCJIVUWkeAscsVyTVma29RYgs9Ry/UNVhogkxZxSuouvpjASfygVo6nkhUsjM1zbgwPKP6yY1kvpTtj0rCErJirS1FkhlgoCDkfeh7O+5bsInbo0UnmSVitIuyxH1FuQAyqwhnf/SAOoq9uy/K8vzwInisLsgIuU=,iv:U/PQXaFAURKE5BuvToFnP5Js+HXXm7R53/eBUgxX0Ek=,tag:kQESc+NVRepUUoF2m80NCA==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/volume.yaml b/kubernetes/apps/default/zigbee2mqtt/app/volume.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/volume.yaml
rename to kubernetes/apps/default/zigbee2mqtt/app/volume.yaml
diff --git a/kubernetes/apps/default/zigbee2mqtt/ks.yaml b/kubernetes/apps/default/zigbee2mqtt/ks.yaml
new file mode 100644
index 000000000..9c0de06be
--- /dev/null
+++ b/kubernetes/apps/default/zigbee2mqtt/ks.yaml
@@ -0,0 +1,27 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-zigbee2mqtt-app
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-node-feature-discovery
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ path: ./kubernetes/apps/default/zigbee2mqtt/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: zigbee2mqtt
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/home-automation/zwavejs2mqtt/helmrelease.yaml b/kubernetes/apps/default/zwave-js-ui/app/helmrelease.yaml
similarity index 94%
rename from kubernetes/cluster-0/apps/home-automation/zwavejs2mqtt/helmrelease.yaml
rename to kubernetes/apps/default/zwave-js-ui/app/helmrelease.yaml
index 13ffde568..b579ac15f 100644
--- a/kubernetes/cluster-0/apps/home-automation/zwavejs2mqtt/helmrelease.yaml
+++ b/kubernetes/apps/default/zwave-js-ui/app/helmrelease.yaml
@@ -3,7 +3,7 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
- name: &app zwavejs2mqtt
+ name: &app zwave-js-ui
namespace: default
spec:
interval: 15m
@@ -18,15 +18,17 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
dependsOn:
- - name: node-feature-discovery
- namespace: default
- name: emqx
namespace: default
+ - name: node-feature-discovery
+ namespace: kube-system
+ - name: rook-ceph-cluster
+ namespace: rook-ceph
values:
image:
repository: ghcr.io/zwave-js/zwave-js-ui
diff --git a/kubernetes/apps/default/zwave-js-ui/app/kustomization.yaml b/kubernetes/apps/default/zwave-js-ui/app/kustomization.yaml
new file mode 100644
index 000000000..fdd4f5040
--- /dev/null
+++ b/kubernetes/apps/default/zwave-js-ui/app/kustomization.yaml
@@ -0,0 +1,10 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+ - ./helmrelease.yaml
+ - ./replicationsource.yaml
+ - ./restic.sops.yaml
+ - ./volume.yaml
diff --git a/kubernetes/apps/default/zwave-js-ui/app/replicationsource.yaml b/kubernetes/apps/default/zwave-js-ui/app/replicationsource.yaml
new file mode 100644
index 000000000..b1476e4df
--- /dev/null
+++ b/kubernetes/apps/default/zwave-js-ui/app/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ name: zwave-js-ui
+ namespace: default
+spec:
+ sourcePVC: zwavejs2mqtt-config
+ trigger:
+ schedule: "0 0 * * *"
+ restic:
+ copyMethod: Snapshot
+ pruneIntervalDays: 10
+ repository: zwave-js-ui-restic
+ cacheCapacity: 2Gi
+ volumeSnapshotClassName: csi-ceph-blockpool
+ storageClassName: rook-ceph-block
+ retain:
+ hourly: 0
+ daily: 10
+ weekly: 0
+ monthly: 0
diff --git a/kubernetes/apps/default/zwave-js-ui/app/restic.sops.yaml b/kubernetes/apps/default/zwave-js-ui/app/restic.sops.yaml
new file mode 100644
index 000000000..51e24d09b
--- /dev/null
+++ b/kubernetes/apps/default/zwave-js-ui/app/restic.sops.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: zwave-js-ui-restic
+ namespace: default
+type: Opaque
+stringData:
+ #ENC[AES256_GCM,data:WTM0Lkqp+sxjbUgkNzAVZQnC5g==,iv:4y8R8GpLy2Ogh3Lt3v6ibVbJF7jy8K1BOGi+ONt7S5c=,tag:wRhEBfRNHp0PBvIjM60iSA==,type:comment]
+ RESTIC_REPOSITORY: ENC[AES256_GCM,data:ELPM2Nznsjcgg5OttvaL05NZ6t1hgPWeCsH0aHBKJdGdFoSMPozODIs/U5bOLy/1otuZafN+e3iST3oK+Q==,iv:+Rcx/CS0JakDUgqck2uUd9mjUNwvsoWK1hrr7l3X9Pc=,tag:b5FymjZch032ztFmghABNw==,type:str]
+ #ENC[AES256_GCM,data:cRvGVeuDnEbJs01G+Und5ls1EgaC9Q2vj61IE/2R,iv:qSjv4bGEX9QWABhXgnCJsoj0p1kjgYaQwQX0Oyu9RHk=,tag:x8i1WXbAvdpC+Iv8pn/drw==,type:comment]
+ RESTIC_PASSWORD: ENC[AES256_GCM,data:6VI/lJQFZg6hu5r0SqNAKQAQGYY=,iv:UYRMnkHB4jsXcV1tyLDTAqh6dxsd18hYWsDoSpjJarA=,tag:d6hgK6LSgu7vZbLfquKcyA==,type:str]
+ #ENC[AES256_GCM,data:YIIHR5DwXv3YE9fFvNSAfrm47ZsshZMcY31LbaJ4gwXo0yOOHe6qDEc=,iv:axSMsvrIOkJFlErvw9fcAwLNSEWDh6mUU6dWZu6icIo=,tag:MDNlk43vcI9S4o6tMiWVmw==,type:comment]
+ #ENC[AES256_GCM,data:8Wspw6gPIPBsumfRS/5dlZrAQQqBJEDMgcpip4a3HCfHq8SeVDv4Gl0j3hyZqUsP5af8nN69Y/9bas7z1hnIERkrb8DqYg==,iv:WqCz9vBfg1JxUEpd97J37YztSW3HkcOHa6nIJI4VK8I=,tag:+LxnOzGidF39ojPKSOrVsg==,type:comment]
+ AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:I9vuuPEGS6A135zwKUNXvSIAjwk=,iv:dByy2WuuhO6OluWXYRwkdMutK33yKwOcWkR9hvY5bsg=,tag:xHU7Hbx+sxuZ9CRymA55JQ==,type:str]
+ AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kRdbENGS1F32JzkvktYkbfhMGBSrUpFSfyCdIpJwLOc+/2TyHAMrxA==,iv:Q+UKNT9aRo+A0KWu/FiST/4bOQKTOBJKHhpP8JXD3ao=,tag:7VE8lx2QAdNutcUj5kMNNA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RE9wTDZVRlExcnVKYjVZ
+ THNtblNXbGlSUitoS0FYV2k3dlg3aWZEMWxjCmZETUFGSnR0c3JZU2FHNnFneHdB
+ TEdlYjJTcjNsSDQ0dmgvNWlnNWo4TWMKLS0tIGR2Q25heThUUGliY0ZicDNra1FN
+ dGppaVJiME1FQnkzdVJOeTZMcjhYWE0KBrGQAYun1Zs3oyHWQ8iGvmF4hheP3md4
+ 3/Lc9CqEC+V1lT9On8ivEBethjt528vCyVMM5pLMRBEO6CMjlNhJ+g==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2022-12-28T07:07:32Z"
+ mac: ENC[AES256_GCM,data:2KNyrzuE7T3pEL4ODA7EL2SvtobXNMMw490zlX4/HvzPTwSMAlq1Vl4wT2mOCs0F03O9D5zBrfH5oVPZzRhWWrKju36LZ+wTl1q5m1QNK/R7d1DsjwAR4T4x9PkRIGRwxlcRgaok+4+MiOITpF39UBQeIxursfSlzE0zMpZ+FQ8=,iv:msLmdNkotwAXv8trhNdFeCKL9FrpHb+nPVb6NZnFM1Q=,tag:tPlJA7StXoZkivMM3jF8fg==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/home-automation/zwavejs2mqtt/volume.yaml b/kubernetes/apps/default/zwave-js-ui/app/volume.yaml
similarity index 87%
rename from kubernetes/cluster-0/apps/home-automation/zwavejs2mqtt/volume.yaml
rename to kubernetes/apps/default/zwave-js-ui/app/volume.yaml
index c2ea64f19..f8299dbf2 100644
--- a/kubernetes/cluster-0/apps/home-automation/zwavejs2mqtt/volume.yaml
+++ b/kubernetes/apps/default/zwave-js-ui/app/volume.yaml
@@ -5,7 +5,7 @@ metadata:
name: zwavejs2mqtt-config
namespace: default
labels:
- app.kubernetes.io/name: &name zwavejs2mqtt
+ app.kubernetes.io/name: &name zwave-js-ui
app.kubernetes.io/instance: *name
snapshot.home.arpa/enabled: "true"
spec:
diff --git a/kubernetes/apps/default/zwave-js-ui/ks.yaml b/kubernetes/apps/default/zwave-js-ui/ks.yaml
new file mode 100644
index 000000000..ca924e016
--- /dev/null
+++ b/kubernetes/apps/default/zwave-js-ui/ks.yaml
@@ -0,0 +1,27 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-zwave-js-ui-app
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-node-feature-discovery
+ - name: cluster-apps-rook-ceph-cluster
+ - name: cluster-apps-volsync-app
+ path: ./kubernetes/apps/default/zwave-js-ui/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: zwave-js-ui
+ namespace: default
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/apps/flux-system/addons/ks.yaml b/kubernetes/apps/flux-system/addons/ks.yaml
new file mode 100644
index 000000000..bfae8b662
--- /dev/null
+++ b/kubernetes/apps/flux-system/addons/ks.yaml
@@ -0,0 +1,57 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-flux-monitoring
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/flux-system/addons/monitoring
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ wait: true
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-flux-notifications
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/flux-system/addons/notifications
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ wait: true
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-flux-webhooks
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/flux-system/addons/webhooks
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ wait: true
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/apps/flux-system/addons/monitoring/kustomization.yaml b/kubernetes/apps/flux-system/addons/monitoring/kustomization.yaml
new file mode 100644
index 000000000..6b6d1aca5
--- /dev/null
+++ b/kubernetes/apps/flux-system/addons/monitoring/kustomization.yaml
@@ -0,0 +1,24 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: flux-system
+resources:
+ - ./podmonitor.yaml
+ - ./prometheusrule.yaml
+configMapGenerator:
+ - name: flux-cluster-dashboard
+ files:
+ - flux-cluster-dashboard.json=https://raw.githubusercontent.com/fluxcd/flux2/main/manifests/monitoring/monitoring-config/dashboards/cluster.json
+ - name: flux-control-plane-dashboard
+ files:
+ - flux-control-plane-dashboard.json=https://raw.githubusercontent.com/fluxcd/flux2/main/manifests/monitoring/monitoring-config/dashboards/control-plane.json
+ - name: flux-logs-dashboard
+ files:
+ - flux-logs-dashboard.json=https://raw.githubusercontent.com/fluxcd/flux2/main/manifests/monitoring/monitoring-config/dashboards/logs.json
+generatorOptions:
+ disableNameSuffixHash: true
+ annotations:
+ kustomize.toolkit.fluxcd.io/substitute: disabled
+ labels:
+ grafana_dashboard: "true"
diff --git a/kubernetes/apps/flux-system/addons/monitoring/podmonitor.yaml b/kubernetes/apps/flux-system/addons/monitoring/podmonitor.yaml
new file mode 100644
index 000000000..0ca109e2f
--- /dev/null
+++ b/kubernetes/apps/flux-system/addons/monitoring/podmonitor.yaml
@@ -0,0 +1,32 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/podmonitor_v1.json
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+ name: flux-system
+ namespace: flux-system
+ labels:
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/component: monitoring
+spec:
+ namespaceSelector:
+ matchNames:
+ - flux-system
+ selector:
+ matchExpressions:
+ - key: app
+ operator: In
+ values:
+ - helm-controller
+ - source-controller
+ - kustomize-controller
+ - notification-controller
+ - image-automation-controller
+ - image-reflector-controller
+ podMetricsEndpoints:
+ - port: http-prom
+ relabelings:
+ # https://github.com/prometheus-operator/prometheus-operator/issues/4816
+ - sourceLabels: [__meta_kubernetes_pod_phase]
+ action: keep
+ regex: Running
diff --git a/kubernetes/cluster-0/core/flux-system/prometheus-rule.yaml b/kubernetes/apps/flux-system/addons/monitoring/prometheusrule.yaml
similarity index 100%
rename from kubernetes/cluster-0/core/flux-system/prometheus-rule.yaml
rename to kubernetes/apps/flux-system/addons/monitoring/prometheusrule.yaml
diff --git a/kubernetes/cluster-0/core/flux-system/notifications/alert-manager/kustomization.yaml b/kubernetes/apps/flux-system/addons/notifications/alert-manager/kustomization.yaml
similarity index 100%
rename from kubernetes/cluster-0/core/flux-system/notifications/alert-manager/kustomization.yaml
rename to kubernetes/apps/flux-system/addons/notifications/alert-manager/kustomization.yaml
diff --git a/kubernetes/cluster-0/core/flux-system/notifications/alert-manager/notification.yaml b/kubernetes/apps/flux-system/addons/notifications/alert-manager/notification.yaml
similarity index 100%
rename from kubernetes/cluster-0/core/flux-system/notifications/alert-manager/notification.yaml
rename to kubernetes/apps/flux-system/addons/notifications/alert-manager/notification.yaml
diff --git a/kubernetes/cluster-0/core/flux-system/notifications/github/kustomization.yaml b/kubernetes/apps/flux-system/addons/notifications/github/kustomization.yaml
similarity index 100%
rename from kubernetes/cluster-0/core/flux-system/notifications/github/kustomization.yaml
rename to kubernetes/apps/flux-system/addons/notifications/github/kustomization.yaml
diff --git a/kubernetes/cluster-0/core/flux-system/notifications/github/notification.yaml b/kubernetes/apps/flux-system/addons/notifications/github/notification.yaml
similarity index 100%
rename from kubernetes/cluster-0/core/flux-system/notifications/github/notification.yaml
rename to kubernetes/apps/flux-system/addons/notifications/github/notification.yaml
diff --git a/kubernetes/cluster-0/core/flux-system/notifications/github/secret.sops.yaml b/kubernetes/apps/flux-system/addons/notifications/github/secret.sops.yaml
similarity index 100%
rename from kubernetes/cluster-0/core/flux-system/notifications/github/secret.sops.yaml
rename to kubernetes/apps/flux-system/addons/notifications/github/secret.sops.yaml
diff --git a/kubernetes/cluster-0/core/flux-system/notifications/kustomization.yaml b/kubernetes/apps/flux-system/addons/notifications/kustomization.yaml
similarity index 100%
rename from kubernetes/cluster-0/core/flux-system/notifications/kustomization.yaml
rename to kubernetes/apps/flux-system/addons/notifications/kustomization.yaml
diff --git a/kubernetes/cluster-0/core/flux-system/webhook/github/ingress.yaml b/kubernetes/apps/flux-system/addons/webhooks/github/ingress.yaml
similarity index 100%
rename from kubernetes/cluster-0/core/flux-system/webhook/github/ingress.yaml
rename to kubernetes/apps/flux-system/addons/webhooks/github/ingress.yaml
diff --git a/kubernetes/cluster-0/core/flux-system/webhook/github/kustomization.yaml b/kubernetes/apps/flux-system/addons/webhooks/github/kustomization.yaml
similarity index 100%
rename from kubernetes/cluster-0/core/flux-system/webhook/github/kustomization.yaml
rename to kubernetes/apps/flux-system/addons/webhooks/github/kustomization.yaml
diff --git a/kubernetes/cluster-0/core/flux-system/webhook/github/receiver.yaml b/kubernetes/apps/flux-system/addons/webhooks/github/receiver.yaml
similarity index 94%
rename from kubernetes/cluster-0/core/flux-system/webhook/github/receiver.yaml
rename to kubernetes/apps/flux-system/addons/webhooks/github/receiver.yaml
index fb6664b27..7106b4d7b 100644
--- a/kubernetes/cluster-0/core/flux-system/webhook/github/receiver.yaml
+++ b/kubernetes/apps/flux-system/addons/webhooks/github/receiver.yaml
@@ -3,7 +3,7 @@
apiVersion: notification.toolkit.fluxcd.io/v1beta2
kind: Receiver
metadata:
- name: home-ops
+ name: home-ops-kubernetes
namespace: flux-system
spec:
type: github
@@ -15,7 +15,7 @@ spec:
resources:
- apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: GitRepository
- name: home-ops
+ name: home-ops-kubernetes
namespace: flux-system
- apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
diff --git a/kubernetes/cluster-0/core/flux-system/webhook/github/secret.sops.yaml b/kubernetes/apps/flux-system/addons/webhooks/github/secret.sops.yaml
similarity index 100%
rename from kubernetes/cluster-0/core/flux-system/webhook/github/secret.sops.yaml
rename to kubernetes/apps/flux-system/addons/webhooks/github/secret.sops.yaml
diff --git a/kubernetes/cluster-0/core/flux-system/webhook/kustomization.yaml b/kubernetes/apps/flux-system/addons/webhooks/kustomization.yaml
similarity index 100%
rename from kubernetes/cluster-0/core/flux-system/webhook/kustomization.yaml
rename to kubernetes/apps/flux-system/addons/webhooks/kustomization.yaml
diff --git a/kubernetes/apps/flux-system/kustomization.yaml b/kubernetes/apps/flux-system/kustomization.yaml
new file mode 100644
index 000000000..71a4e3a26
--- /dev/null
+++ b/kubernetes/apps/flux-system/kustomization.yaml
@@ -0,0 +1,11 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+ # Pre Flux-Kustomizations
+ - ./namespace.yaml
+ # Flux-Kustomizations
+ - ./addons/ks.yaml
+ - ./weave-gitops/ks.yaml
+ # Standard Resources
diff --git a/kubernetes/apps/flux-system/namespace.yaml b/kubernetes/apps/flux-system/namespace.yaml
new file mode 100644
index 000000000..b48db4521
--- /dev/null
+++ b/kubernetes/apps/flux-system/namespace.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: flux-system
+ labels:
+ kustomize.toolkit.fluxcd.io/prune: disabled
diff --git a/kubernetes/cluster-0/core/flux-system/weave-gitops/helmrelease.yaml b/kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml
similarity index 99%
rename from kubernetes/cluster-0/core/flux-system/weave-gitops/helmrelease.yaml
rename to kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml
index 10503c738..8e6ec29b7 100644
--- a/kubernetes/cluster-0/core/flux-system/weave-gitops/helmrelease.yaml
+++ b/kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml
@@ -32,7 +32,6 @@ spec:
tls:
- hosts:
- *host
-
valuesFrom:
- kind: Secret
name: weave-gitops
diff --git a/kubernetes/cluster-0/core/flux-system/weave-gitops/kustomization.yaml b/kubernetes/apps/flux-system/weave-gitops/app/kustomization.yaml
similarity index 100%
rename from kubernetes/cluster-0/core/flux-system/weave-gitops/kustomization.yaml
rename to kubernetes/apps/flux-system/weave-gitops/app/kustomization.yaml
diff --git a/kubernetes/cluster-0/core/flux-system/weave-gitops/secret.sops.yaml b/kubernetes/apps/flux-system/weave-gitops/app/secret.sops.yaml
similarity index 100%
rename from kubernetes/cluster-0/core/flux-system/weave-gitops/secret.sops.yaml
rename to kubernetes/apps/flux-system/weave-gitops/app/secret.sops.yaml
diff --git a/kubernetes/apps/flux-system/weave-gitops/ks.yaml b/kubernetes/apps/flux-system/weave-gitops/ks.yaml
new file mode 100644
index 000000000..f6a4a4df1
--- /dev/null
+++ b/kubernetes/apps/flux-system/weave-gitops/ks.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-weave-gitops
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/flux-system/weave-gitops/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: weave-gitops
+ namespace: flux-system
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/core/cilium/configmap.yaml b/kubernetes/apps/kube-system/cilium/app/configmap.yaml
similarity index 100%
rename from kubernetes/cluster-0/core/cilium/configmap.yaml
rename to kubernetes/apps/kube-system/cilium/app/configmap.yaml
diff --git a/kubernetes/cluster-0/core/cilium/helmrelease.yaml b/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml
similarity index 98%
rename from kubernetes/cluster-0/core/cilium/helmrelease.yaml
rename to kubernetes/apps/kube-system/cilium/app/helmrelease.yaml
index 642bd19f6..2a9834da5 100644
--- a/kubernetes/cluster-0/core/cilium/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml
@@ -18,10 +18,10 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
values:
autoDirectNodeRoutes: true
bgp:
diff --git a/kubernetes/cluster-0/core/cilium/kustomization.yaml b/kubernetes/apps/kube-system/cilium/app/kustomization.yaml
similarity index 100%
rename from kubernetes/cluster-0/core/cilium/kustomization.yaml
rename to kubernetes/apps/kube-system/cilium/app/kustomization.yaml
diff --git a/kubernetes/apps/kube-system/cilium/ks.yaml b/kubernetes/apps/kube-system/cilium/ks.yaml
new file mode 100644
index 000000000..da805bc08
--- /dev/null
+++ b/kubernetes/apps/kube-system/cilium/ks.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-cilium-app
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/kube-system/cilium/app
+ prune: false
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: cilium
+ namespace: kube-system
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/kube-tools/descheduler/helmrelease.yaml b/kubernetes/apps/kube-system/descheduler/app/helmrelease.yaml
similarity index 97%
rename from kubernetes/cluster-0/apps/kube-tools/descheduler/helmrelease.yaml
rename to kubernetes/apps/kube-system/descheduler/app/helmrelease.yaml
index 49b774c81..669c37708 100644
--- a/kubernetes/cluster-0/apps/kube-tools/descheduler/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/descheduler/app/helmrelease.yaml
@@ -4,7 +4,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: &app descheduler
- namespace: default
+ namespace: kube-system
spec:
interval: 15m
chart:
@@ -18,10 +18,10 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
values:
kind: Deployment
replicas: 1
diff --git a/kubernetes/cluster-0/apps/storage/snapshot-controller/app/kustomization.yaml b/kubernetes/apps/kube-system/descheduler/app/kustomization.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/storage/snapshot-controller/app/kustomization.yaml
rename to kubernetes/apps/kube-system/descheduler/app/kustomization.yaml
diff --git a/kubernetes/apps/kube-system/descheduler/ks.yaml b/kubernetes/apps/kube-system/descheduler/ks.yaml
new file mode 100644
index 000000000..18605a258
--- /dev/null
+++ b/kubernetes/apps/kube-system/descheduler/ks.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-descheduler
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/kube-system/descheduler/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: descheduler
+ namespace: kube-system
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/kube-tools/intel-gpu-exporter/helmrelease.yaml b/kubernetes/apps/kube-system/intel-gpu/exporter/helmrelease.yaml
similarity index 94%
rename from kubernetes/cluster-0/apps/kube-tools/intel-gpu-exporter/helmrelease.yaml
rename to kubernetes/apps/kube-system/intel-gpu/exporter/helmrelease.yaml
index 6824099ca..bbae0abe1 100644
--- a/kubernetes/cluster-0/apps/kube-tools/intel-gpu-exporter/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/intel-gpu/exporter/helmrelease.yaml
@@ -4,7 +4,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: &app intel-gpu-exporter
- namespace: default
+ namespace: kube-system
spec:
interval: 15m
chart:
@@ -18,13 +18,13 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
dependsOn:
- name: intel-gpu-plugin
- namespace: default
+ namespace: kube-system
values:
controller:
type: daemonset
diff --git a/kubernetes/apps/kube-system/intel-gpu/exporter/kustomization.yaml b/kubernetes/apps/kube-system/intel-gpu/exporter/kustomization.yaml
new file mode 100644
index 000000000..a09cef314
--- /dev/null
+++ b/kubernetes/apps/kube-system/intel-gpu/exporter/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kube-system
+resources:
+ - ./helmrelease.yaml
diff --git a/kubernetes/apps/kube-system/intel-gpu/ks.yaml b/kubernetes/apps/kube-system/intel-gpu/ks.yaml
new file mode 100644
index 000000000..bf9db42bd
--- /dev/null
+++ b/kubernetes/apps/kube-system/intel-gpu/ks.yaml
@@ -0,0 +1,50 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-intel-gpu-plugin
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-node-feature-discovery
+ path: ./kubernetes/apps/kube-system/intel-gpu/plugin
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: intel-gpu-plugin
+ namespace: kube-system
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-intel-gpu-exporter
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-intel-gpu-plugin
+ path: ./kubernetes/apps/kube-system/intel-gpu/exporter
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: intel-gpu-exporter
+ namespace: kube-system
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/kube-tools/intel-gpu-plugin/helmrelease.yaml b/kubernetes/apps/kube-system/intel-gpu/plugin/helmrelease.yaml
similarity index 95%
rename from kubernetes/cluster-0/apps/kube-tools/intel-gpu-plugin/helmrelease.yaml
rename to kubernetes/apps/kube-system/intel-gpu/plugin/helmrelease.yaml
index 33573fabb..84744fcf4 100644
--- a/kubernetes/cluster-0/apps/kube-tools/intel-gpu-plugin/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/intel-gpu/plugin/helmrelease.yaml
@@ -4,7 +4,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: &app intel-gpu-plugin
- namespace: default
+ namespace: kube-system
spec:
interval: 15m
chart:
@@ -18,13 +18,13 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
dependsOn:
- name: node-feature-discovery
- namespace: default
+ namespace: kube-system
values:
controller:
type: daemonset
diff --git a/kubernetes/apps/kube-system/intel-gpu/plugin/kustomization.yaml b/kubernetes/apps/kube-system/intel-gpu/plugin/kustomization.yaml
new file mode 100644
index 000000000..a09cef314
--- /dev/null
+++ b/kubernetes/apps/kube-system/intel-gpu/plugin/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kube-system
+resources:
+ - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/kube-tools/kubelet-csr-approver/helmrelease.yaml b/kubernetes/apps/kube-system/kubelet-csr-approver/app/helmrelease.yaml
similarity index 94%
rename from kubernetes/cluster-0/apps/kube-tools/kubelet-csr-approver/helmrelease.yaml
rename to kubernetes/apps/kube-system/kubelet-csr-approver/app/helmrelease.yaml
index 3a495ecfc..1e34bf053 100644
--- a/kubernetes/cluster-0/apps/kube-tools/kubelet-csr-approver/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/kubelet-csr-approver/app/helmrelease.yaml
@@ -18,10 +18,10 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
values:
providerRegex: |
^node-talos-\w*$
diff --git a/kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomization.yaml b/kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomization.yaml
new file mode 100644
index 000000000..a09cef314
--- /dev/null
+++ b/kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kube-system
+resources:
+ - ./helmrelease.yaml
diff --git a/kubernetes/apps/kube-system/kubelet-csr-approver/ks.yaml b/kubernetes/apps/kube-system/kubelet-csr-approver/ks.yaml
new file mode 100644
index 000000000..9c5b10518
--- /dev/null
+++ b/kubernetes/apps/kube-system/kubelet-csr-approver/ks.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-kubelet-csr-approver
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/kube-system/kubelet-csr-approver/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: kubelet-csr-approver
+ namespace: kube-system
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/apps/kube-system/kustomization.yaml b/kubernetes/apps/kube-system/kustomization.yaml
new file mode 100644
index 000000000..b5f7b806c
--- /dev/null
+++ b/kubernetes/apps/kube-system/kustomization.yaml
@@ -0,0 +1,16 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+ # Pre Flux-Kustomizations
+ - ./namespace.yaml
+ # Flux-Kustomizations
+ - ./cilium/ks.yaml
+ - ./descheduler/ks.yaml
+ - ./intel-gpu/ks.yaml
+ - ./kubelet-csr-approver/ks.yaml
+ - ./metrics-server/ks.yaml
+ - ./node-feature-discovery/ks.yaml
+ - ./reloader/ks.yaml
+ - ./snapshot-controller/ks.yaml
diff --git a/kubernetes/cluster-0/apps/kube-tools/metrics-server/helmrelease.yaml b/kubernetes/apps/kube-system/metrics-server/app/helmrelease.yaml
similarity index 92%
rename from kubernetes/cluster-0/apps/kube-tools/metrics-server/helmrelease.yaml
rename to kubernetes/apps/kube-system/metrics-server/app/helmrelease.yaml
index 0e80256a7..c23949f76 100644
--- a/kubernetes/cluster-0/apps/kube-tools/metrics-server/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/metrics-server/app/helmrelease.yaml
@@ -4,7 +4,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: metrics-server
- namespace: default
+ namespace: kube-system
spec:
interval: 15m
chart:
@@ -18,10 +18,10 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
values:
args:
- --kubelet-insecure-tls
diff --git a/kubernetes/apps/kube-system/metrics-server/app/kustomization.yaml b/kubernetes/apps/kube-system/metrics-server/app/kustomization.yaml
new file mode 100644
index 000000000..a09cef314
--- /dev/null
+++ b/kubernetes/apps/kube-system/metrics-server/app/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kube-system
+resources:
+ - ./helmrelease.yaml
diff --git a/kubernetes/apps/kube-system/metrics-server/ks.yaml b/kubernetes/apps/kube-system/metrics-server/ks.yaml
new file mode 100644
index 000000000..bab4da673
--- /dev/null
+++ b/kubernetes/apps/kube-system/metrics-server/ks.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-metrics-server
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/kube-system/metrics-server/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: metrics-server
+ namespace: kube-system
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/apps/kube-system/namespace.yaml b/kubernetes/apps/kube-system/namespace.yaml
new file mode 100644
index 000000000..5eeb2c918
--- /dev/null
+++ b/kubernetes/apps/kube-system/namespace.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: kube-system
+ labels:
+ kustomize.toolkit.fluxcd.io/prune: disabled
diff --git a/kubernetes/cluster-0/apps/kube-tools/node-feature-discovery/helmrelease.yaml b/kubernetes/apps/kube-system/node-feature-discovery/app/helmrelease.yaml
similarity index 96%
rename from kubernetes/cluster-0/apps/kube-tools/node-feature-discovery/helmrelease.yaml
rename to kubernetes/apps/kube-system/node-feature-discovery/app/helmrelease.yaml
index fe7f5508f..f51a0ee09 100644
--- a/kubernetes/cluster-0/apps/kube-tools/node-feature-discovery/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/node-feature-discovery/app/helmrelease.yaml
@@ -4,7 +4,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: node-feature-discovery
- namespace: default
+ namespace: kube-system
spec:
interval: 15m
chart:
@@ -18,10 +18,10 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
values:
worker:
annotations:
diff --git a/kubernetes/apps/kube-system/node-feature-discovery/app/kustomization.yaml b/kubernetes/apps/kube-system/node-feature-discovery/app/kustomization.yaml
new file mode 100644
index 000000000..a09cef314
--- /dev/null
+++ b/kubernetes/apps/kube-system/node-feature-discovery/app/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kube-system
+resources:
+ - ./helmrelease.yaml
diff --git a/kubernetes/apps/kube-system/node-feature-discovery/ks.yaml b/kubernetes/apps/kube-system/node-feature-discovery/ks.yaml
new file mode 100644
index 000000000..9f620033a
--- /dev/null
+++ b/kubernetes/apps/kube-system/node-feature-discovery/ks.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-node-feature-discovery
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/kube-system/node-feature-discovery/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: node-feature-discovery
+ namespace: kube-system
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/kube-tools/reloader/helmrelease.yaml b/kubernetes/apps/kube-system/reloader/app/helmrelease.yaml
similarity index 89%
rename from kubernetes/cluster-0/apps/kube-tools/reloader/helmrelease.yaml
rename to kubernetes/apps/kube-system/reloader/app/helmrelease.yaml
index 76e74e919..50c4e9bea 100644
--- a/kubernetes/cluster-0/apps/kube-tools/reloader/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/reloader/app/helmrelease.yaml
@@ -4,7 +4,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: &name reloader
- namespace: &namespace default
+ namespace: &namespace kube-system
spec:
interval: 15m
chart:
@@ -18,10 +18,10 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
values:
fullnameOverride: *name
reloader:
diff --git a/kubernetes/cluster-0/apps/development/drone/drone-kubernetes-secrets/kustomization.yaml b/kubernetes/apps/kube-system/reloader/app/kustomization.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/development/drone/drone-kubernetes-secrets/kustomization.yaml
rename to kubernetes/apps/kube-system/reloader/app/kustomization.yaml
diff --git a/kubernetes/apps/kube-system/reloader/ks.yaml b/kubernetes/apps/kube-system/reloader/ks.yaml
new file mode 100644
index 000000000..9c1670d26
--- /dev/null
+++ b/kubernetes/apps/kube-system/reloader/ks.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-reloader
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/kube-system/reloader/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: reloader
+ namespace: kube-system
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/storage/snapshot-controller/app/helmrelease.yaml b/kubernetes/apps/kube-system/snapshot-controller/app/helmrelease.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/storage/snapshot-controller/app/helmrelease.yaml
rename to kubernetes/apps/kube-system/snapshot-controller/app/helmrelease.yaml
diff --git a/kubernetes/apps/kube-system/snapshot-controller/app/kustomization.yaml b/kubernetes/apps/kube-system/snapshot-controller/app/kustomization.yaml
new file mode 100644
index 000000000..a09cef314
--- /dev/null
+++ b/kubernetes/apps/kube-system/snapshot-controller/app/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kube-system
+resources:
+ - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/storage/snapshot-controller/ks.yaml b/kubernetes/apps/kube-system/snapshot-controller/ks.yaml
similarity index 88%
rename from kubernetes/cluster-0/apps/storage/snapshot-controller/ks.yaml
rename to kubernetes/apps/kube-system/snapshot-controller/ks.yaml
index 056439a05..96aa2254c 100644
--- a/kubernetes/cluster-0/apps/storage/snapshot-controller/ks.yaml
+++ b/kubernetes/apps/kube-system/snapshot-controller/ks.yaml
@@ -8,11 +8,11 @@ metadata:
labels:
substitution.flux.home.arpa/enabled: "true"
spec:
- path: ./kubernetes/cluster-0/apps/storage/snapshot-controller/app
+ path: ./kubernetes/apps/kube-system/snapshot-controller/app
prune: true
sourceRef:
kind: GitRepository
- name: home-ops
+ name: home-ops-kubernetes
healthChecks:
- apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
diff --git a/kubernetes/cluster-0/core/kustomization.yaml b/kubernetes/apps/kustomization.yaml
similarity index 62%
rename from kubernetes/cluster-0/core/kustomization.yaml
rename to kubernetes/apps/kustomization.yaml
index a577b3ea6..8c2e35882 100644
--- a/kubernetes/cluster-0/core/kustomization.yaml
+++ b/kubernetes/apps/kustomization.yaml
@@ -3,6 +3,12 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- - ./cilium
+ - ./cert-manager
+ - ./default
- ./flux-system
+ - ./kube-system
+ - ./kyverno
+ - ./monitoring
+ - ./networking
- ./rook-ceph
+ - ./volsync
diff --git a/kubernetes/cluster-0/core/rook-ceph/kustomization.yaml b/kubernetes/apps/kyverno/kustomization.yaml
similarity index 70%
rename from kubernetes/cluster-0/core/rook-ceph/kustomization.yaml
rename to kubernetes/apps/kyverno/kustomization.yaml
index de0af96da..10b5d06cd 100644
--- a/kubernetes/cluster-0/core/rook-ceph/kustomization.yaml
+++ b/kubernetes/apps/kyverno/kustomization.yaml
@@ -3,7 +3,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
+ # Pre Flux-Kustomizations
- ./namespace.yaml
- - ./operator
- - ./cluster
- - ./rook-toolbox
+ # Flux-Kustomizations
+ - ./kyverno/ks.yaml
diff --git a/kubernetes/cluster-0/apps/kube-tools/kyverno/helmrelease.yaml b/kubernetes/apps/kyverno/kyverno/app/helmrelease.yaml
similarity index 80%
rename from kubernetes/cluster-0/apps/kube-tools/kyverno/helmrelease.yaml
rename to kubernetes/apps/kyverno/kyverno/app/helmrelease.yaml
index d536a3097..b3121ebbc 100644
--- a/kubernetes/cluster-0/apps/kube-tools/kyverno/helmrelease.yaml
+++ b/kubernetes/apps/kyverno/kyverno/app/helmrelease.yaml
@@ -18,21 +18,15 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
values:
- installCRDs: false
- replicaCount: 3
+ installCRDs: true
+ replicaCount: 1
serviceMonitor:
enabled: true
- resources:
- requests:
- cpu: 247m
- memory: 443M
- limits:
- memory: 1336M
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
diff --git a/kubernetes/apps/kyverno/kyverno/app/kustomization.yaml b/kubernetes/apps/kyverno/kyverno/app/kustomization.yaml
new file mode 100644
index 000000000..6de584847
--- /dev/null
+++ b/kubernetes/apps/kyverno/kyverno/app/kustomization.yaml
@@ -0,0 +1,18 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kyverno
+resources:
+ - ./helmrelease.yaml
+ - ./rbac.yaml
+configMapGenerator:
+ - name: kyverno-dashboard
+ files:
+ - kyverno-dashboard.json=https://raw.githubusercontent.com/kyverno/grafana-dashboard/master/grafana/dashboard.json
+generatorOptions:
+ disableNameSuffixHash: true
+ annotations:
+ kustomize.toolkit.fluxcd.io/substitute: disabled
+ labels:
+ grafana_dashboard: "true"
diff --git a/kubernetes/apps/kyverno/kyverno/app/rbac.yaml b/kubernetes/apps/kyverno/kyverno/app/rbac.yaml
new file mode 100644
index 000000000..298701b56
--- /dev/null
+++ b/kubernetes/apps/kyverno/kyverno/app/rbac.yaml
@@ -0,0 +1,13 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: kyverno:admin
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: admin
+subjects:
+ - kind: ServiceAccount
+ name: kyverno
+ namespace: kyverno
diff --git a/kubernetes/apps/kyverno/kyverno/ks.yaml b/kubernetes/apps/kyverno/kyverno/ks.yaml
new file mode 100644
index 000000000..f949ee4e3
--- /dev/null
+++ b/kubernetes/apps/kyverno/kyverno/ks.yaml
@@ -0,0 +1,44 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-kyverno
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/kyverno/kyverno/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: kyverno
+ namespace: kyverno
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-cluster-policies
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-kyverno
+ path: ./kubernetes/apps/kyverno/kyverno/policies
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ wait: true
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/apps/kyverno/kyverno/policies/delete-cpu-limits.yaml b/kubernetes/apps/kyverno/kyverno/policies/delete-cpu-limits.yaml
new file mode 100644
index 000000000..2866f6523
--- /dev/null
+++ b/kubernetes/apps/kyverno/kyverno/policies/delete-cpu-limits.yaml
@@ -0,0 +1,52 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/clusterpolicy_v1.json
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+ name: delete-cpu-limits
+ annotations:
+ policies.kyverno.io/title: Delete CPU limits
+ policies.kyverno.io/subject: Pod
+ policies.kyverno.io/description: >-
+ This policy deletes CPU limits from all Pods.
+spec:
+ mutateExistingOnPolicyUpdate: true
+ generateExistingOnPolicyUpdate: true
+ rules:
+ - name: delete-cpu-limits
+ match:
+ any:
+ - resources:
+ kinds: ["Pod"]
+ exclude:
+ any:
+ # - resources:
+ # namespaces:
+ # - calico-system
+ # - tigera-operator
+ - resources:
+ kinds: ["Pod"]
+ selector:
+ matchLabels:
+ job-name: "*"
+ - resources:
+ kinds: ["Pod"]
+ selector:
+ matchLabels:
+ statefulset.kubernetes.io/pod-name: "*"
+ - resources:
+ annotations:
+ kyverno.io/ignore: "true"
+ mutate:
+ patchStrategicMerge:
+ spec:
+ initContainers:
+ - (name): "*"
+ resources:
+ limits:
+ cpu: null
+ containers:
+ - (name): "*"
+ resources:
+ limits:
+ cpu: null
diff --git a/kubernetes/cluster-0/apps/kube-tools/intel-gpu-plugin/kustomization.yaml b/kubernetes/apps/kyverno/kyverno/policies/kustomization.yaml
similarity index 84%
rename from kubernetes/cluster-0/apps/kube-tools/intel-gpu-plugin/kustomization.yaml
rename to kubernetes/apps/kyverno/kyverno/policies/kustomization.yaml
index 17cbc72b2..f0fc66ffe 100644
--- a/kubernetes/cluster-0/apps/kube-tools/intel-gpu-plugin/kustomization.yaml
+++ b/kubernetes/apps/kyverno/kyverno/policies/kustomization.yaml
@@ -3,4 +3,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- - ./helmrelease.yaml
+ - ./delete-cpu-limits.yaml
diff --git a/kubernetes/apps/kyverno/namespace.yaml b/kubernetes/apps/kyverno/namespace.yaml
new file mode 100644
index 000000000..263304d1a
--- /dev/null
+++ b/kubernetes/apps/kyverno/namespace.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: kyverno
+ labels:
+ kustomize.toolkit.fluxcd.io/prune: disabled
diff --git a/kubernetes/cluster-0/apps/monitoring/grafana/helmrelease.yaml b/kubernetes/apps/monitoring/grafana/app/helmrelease.yaml
similarity index 94%
rename from kubernetes/cluster-0/apps/monitoring/grafana/helmrelease.yaml
rename to kubernetes/apps/monitoring/grafana/app/helmrelease.yaml
index a2397f876..2d285774c 100644
--- a/kubernetes/cluster-0/apps/monitoring/grafana/helmrelease.yaml
+++ b/kubernetes/apps/monitoring/grafana/app/helmrelease.yaml
@@ -19,10 +19,10 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
values:
rbac:
pspEnabled: false
@@ -109,13 +109,13 @@ spec:
dashboards:
default:
home-assistant:
- url: https://raw.githubusercontent.com/auricom/home-ops/main/kubernetes/cluster-0/apps/monitoring/grafana/dashboards/home-assistant.json
+ url: https://raw.githubusercontent.com/auricom/home-ops/main/kubernetes/apps/monitoring/grafana/dashboards/home-assistant.json
datasource: Prometheus
homelab-temperatures:
- url: https://raw.githubusercontent.com/auricom/home-ops/main/kubernetes/cluster-0/apps/monitoring/grafana/dashboards/homelab-temperatures.json
+ url: https://raw.githubusercontent.com/auricom/home-ops/main/kubernetes/apps/monitoring/grafana/dashboards/homelab-temperatures.json
datasource: Prometheus
truenas:
- url: https://raw.githubusercontent.com/auricom/home-ops/main/kubernetes/cluster-0/apps/monitoring/grafana/dashboards/truenas.json
+ url: https://raw.githubusercontent.com/auricom/home-ops/main/kubernetes/apps/monitoring/grafana/dashboards/truenas.json
datasource: Prometheus
sidecar:
dashboards:
diff --git a/kubernetes/cluster-0/apps/monitoring/grafana/kustomization.yaml b/kubernetes/apps/monitoring/grafana/app/kustomization.yaml
similarity index 90%
rename from kubernetes/cluster-0/apps/monitoring/grafana/kustomization.yaml
rename to kubernetes/apps/monitoring/grafana/app/kustomization.yaml
index b0471f38f..983235d79 100644
--- a/kubernetes/cluster-0/apps/monitoring/grafana/kustomization.yaml
+++ b/kubernetes/apps/monitoring/grafana/app/kustomization.yaml
@@ -2,6 +2,7 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+namespace: monitoring
resources:
- ./secrets.sops.yaml
- ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/monitoring/grafana/secrets.sops.yaml b/kubernetes/apps/monitoring/grafana/app/secrets.sops.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/monitoring/grafana/secrets.sops.yaml
rename to kubernetes/apps/monitoring/grafana/app/secrets.sops.yaml
diff --git a/kubernetes/cluster-0/apps/monitoring/grafana/dashboards/home-assistant.json b/kubernetes/apps/monitoring/grafana/dashboards/home-assistant.json
similarity index 100%
rename from kubernetes/cluster-0/apps/monitoring/grafana/dashboards/home-assistant.json
rename to kubernetes/apps/monitoring/grafana/dashboards/home-assistant.json
diff --git a/kubernetes/cluster-0/apps/monitoring/grafana/dashboards/homelab-temperatures.json b/kubernetes/apps/monitoring/grafana/dashboards/homelab-temperatures.json
similarity index 100%
rename from kubernetes/cluster-0/apps/monitoring/grafana/dashboards/homelab-temperatures.json
rename to kubernetes/apps/monitoring/grafana/dashboards/homelab-temperatures.json
diff --git a/kubernetes/cluster-0/apps/monitoring/grafana/dashboards/truenas.json b/kubernetes/apps/monitoring/grafana/dashboards/truenas.json
similarity index 100%
rename from kubernetes/cluster-0/apps/monitoring/grafana/dashboards/truenas.json
rename to kubernetes/apps/monitoring/grafana/dashboards/truenas.json
diff --git a/kubernetes/apps/monitoring/grafana/ks.yaml b/kubernetes/apps/monitoring/grafana/ks.yaml
new file mode 100644
index 000000000..3e838aa08
--- /dev/null
+++ b/kubernetes/apps/monitoring/grafana/ks.yaml
@@ -0,0 +1,25 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-grafana
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-cloudnative-pg-app
+ path: ./kubernetes/apps/monitoring/grafana/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: grafana
+ namespace: monitoring
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/monitoring/kube-prometheus-stack/helmrelease.yaml b/kubernetes/apps/monitoring/kube-prometheus-stack/app/helmrelease.yaml
similarity index 99%
rename from kubernetes/cluster-0/apps/monitoring/kube-prometheus-stack/helmrelease.yaml
rename to kubernetes/apps/monitoring/kube-prometheus-stack/app/helmrelease.yaml
index d22d7d53f..82b7aaf14 100644
--- a/kubernetes/cluster-0/apps/monitoring/kube-prometheus-stack/helmrelease.yaml
+++ b/kubernetes/apps/monitoring/kube-prometheus-stack/app/helmrelease.yaml
@@ -19,10 +19,10 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
values:
###
### Component values
diff --git a/kubernetes/cluster-0/apps/home-automation/zwavejs2mqtt/kustomization.yaml b/kubernetes/apps/monitoring/kube-prometheus-stack/app/kustomization.yaml
similarity index 88%
rename from kubernetes/cluster-0/apps/home-automation/zwavejs2mqtt/kustomization.yaml
rename to kubernetes/apps/monitoring/kube-prometheus-stack/app/kustomization.yaml
index fa38f3799..27e12039d 100644
--- a/kubernetes/cluster-0/apps/home-automation/zwavejs2mqtt/kustomization.yaml
+++ b/kubernetes/apps/monitoring/kube-prometheus-stack/app/kustomization.yaml
@@ -2,6 +2,6 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+namespace: monitoring
resources:
- ./helmrelease.yaml
- - ./volume.yaml
diff --git a/kubernetes/apps/monitoring/kube-prometheus-stack/ks.yaml b/kubernetes/apps/monitoring/kube-prometheus-stack/ks.yaml
new file mode 100644
index 000000000..dcda91adf
--- /dev/null
+++ b/kubernetes/apps/monitoring/kube-prometheus-stack/ks.yaml
@@ -0,0 +1,25 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-kube-prometheus-stack-app
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-rook-ceph-cluster
+ path: ./kubernetes/apps/monitoring/kube-prometheus-stack/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: kube-prometheus-stack
+ namespace: monitoring
+ interval: 30m
+ retryInterval: 1m
+ timeout: 5m
diff --git a/kubernetes/apps/monitoring/kustomization.yaml b/kubernetes/apps/monitoring/kustomization.yaml
new file mode 100644
index 000000000..f0877510d
--- /dev/null
+++ b/kubernetes/apps/monitoring/kustomization.yaml
@@ -0,0 +1,14 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+ # Pre Flux-Kustomizations
+ - ./namespace.yaml
+ # Flux-Kustomizations
+ - ./grafana/ks.yaml
+ - ./kube-prometheus-stack/ks.yaml
+ - ./loki/ks.yaml
+ - ./smartctl-exporter/ks.yaml
+ - ./thanos/ks.yaml
+ - ./vector/ks.yaml
diff --git a/kubernetes/cluster-0/apps/logs/loki/config-map.yaml b/kubernetes/apps/monitoring/loki/app/config-map.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/logs/loki/config-map.yaml
rename to kubernetes/apps/monitoring/loki/app/config-map.yaml
diff --git a/kubernetes/cluster-0/apps/logs/loki/helmrelease.yaml b/kubernetes/apps/monitoring/loki/app/helmrelease.yaml
similarity index 99%
rename from kubernetes/cluster-0/apps/logs/loki/helmrelease.yaml
rename to kubernetes/apps/monitoring/loki/app/helmrelease.yaml
index c0e4cc559..89ce24e8b 100644
--- a/kubernetes/cluster-0/apps/logs/loki/helmrelease.yaml
+++ b/kubernetes/apps/monitoring/loki/app/helmrelease.yaml
@@ -18,10 +18,10 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
values:
loki:
structuredConfig:
diff --git a/kubernetes/cluster-0/apps/logs/loki/kustomization.yaml b/kubernetes/apps/monitoring/loki/app/kustomization.yaml
similarity index 91%
rename from kubernetes/cluster-0/apps/logs/loki/kustomization.yaml
rename to kubernetes/apps/monitoring/loki/app/kustomization.yaml
index 2eff182dd..d6320a937 100644
--- a/kubernetes/cluster-0/apps/logs/loki/kustomization.yaml
+++ b/kubernetes/apps/monitoring/loki/app/kustomization.yaml
@@ -2,6 +2,7 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+namespace: monitoring
resources:
- ./object-bucket-claim.yaml
- ./config-map.yaml
diff --git a/kubernetes/cluster-0/apps/logs/loki/object-bucket-claim.yaml b/kubernetes/apps/monitoring/loki/app/object-bucket-claim.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/logs/loki/object-bucket-claim.yaml
rename to kubernetes/apps/monitoring/loki/app/object-bucket-claim.yaml
diff --git a/kubernetes/apps/monitoring/loki/ks.yaml b/kubernetes/apps/monitoring/loki/ks.yaml
new file mode 100644
index 000000000..c1b5427ba
--- /dev/null
+++ b/kubernetes/apps/monitoring/loki/ks.yaml
@@ -0,0 +1,25 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-loki-app
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-rook-ceph-cluster
+ path: ./kubernetes/apps/monitoring/loki/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: loki
+ namespace: monitoring
+ interval: 30m
+ retryInterval: 1m
+ timeout: 5m
diff --git a/kubernetes/apps/monitoring/namespace.yaml b/kubernetes/apps/monitoring/namespace.yaml
new file mode 100644
index 000000000..ef4dd87a4
--- /dev/null
+++ b/kubernetes/apps/monitoring/namespace.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: monitoring
+ labels:
+ kustomize.toolkit.fluxcd.io/prune: disabled
diff --git a/kubernetes/cluster-0/apps/storage/smartctl-exporter/helmrelease.yaml b/kubernetes/apps/monitoring/smartctl-exporter/app/helmrelease.yaml
similarity index 95%
rename from kubernetes/cluster-0/apps/storage/smartctl-exporter/helmrelease.yaml
rename to kubernetes/apps/monitoring/smartctl-exporter/app/helmrelease.yaml
index f2fb25bd7..d51b19f77 100644
--- a/kubernetes/cluster-0/apps/storage/smartctl-exporter/helmrelease.yaml
+++ b/kubernetes/apps/monitoring/smartctl-exporter/app/helmrelease.yaml
@@ -18,10 +18,10 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
values:
fullnameOverride: *app
config:
diff --git a/kubernetes/apps/monitoring/smartctl-exporter/app/kustomization.yaml b/kubernetes/apps/monitoring/smartctl-exporter/app/kustomization.yaml
new file mode 100644
index 000000000..27e12039d
--- /dev/null
+++ b/kubernetes/apps/monitoring/smartctl-exporter/app/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: monitoring
+resources:
+ - ./helmrelease.yaml
diff --git a/kubernetes/apps/monitoring/smartctl-exporter/ks.yaml b/kubernetes/apps/monitoring/smartctl-exporter/ks.yaml
new file mode 100644
index 000000000..ffa3701d6
--- /dev/null
+++ b/kubernetes/apps/monitoring/smartctl-exporter/ks.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-smartctl-exporter
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/monitoring/smartctl-exporter/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: smartctl-exporter
+ namespace: monitoring
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/monitoring/thanos/helmrelease.yaml b/kubernetes/apps/monitoring/thanos/app/helmrelease.yaml
similarity index 98%
rename from kubernetes/cluster-0/apps/monitoring/thanos/helmrelease.yaml
rename to kubernetes/apps/monitoring/thanos/app/helmrelease.yaml
index 96fc8a11c..e1e70db3b 100644
--- a/kubernetes/cluster-0/apps/monitoring/thanos/helmrelease.yaml
+++ b/kubernetes/apps/monitoring/thanos/app/helmrelease.yaml
@@ -18,10 +18,10 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
values:
image:
registry: quay.io
diff --git a/kubernetes/cluster-0/apps/home-automation/emqx/kustomization.yaml b/kubernetes/apps/monitoring/thanos/app/kustomization.yaml
similarity index 90%
rename from kubernetes/cluster-0/apps/home-automation/emqx/kustomization.yaml
rename to kubernetes/apps/monitoring/thanos/app/kustomization.yaml
index 16a6ce304..f95906c2d 100644
--- a/kubernetes/cluster-0/apps/home-automation/emqx/kustomization.yaml
+++ b/kubernetes/apps/monitoring/thanos/app/kustomization.yaml
@@ -2,6 +2,7 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+namespace: monitoring
resources:
- ./secret.sops.yaml
- ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/monitoring/thanos/readme.md b/kubernetes/apps/monitoring/thanos/app/readme.md
similarity index 99%
rename from kubernetes/cluster-0/apps/monitoring/thanos/readme.md
rename to kubernetes/apps/monitoring/thanos/app/readme.md
index f6a9418f9..f0949e4a0 100644
--- a/kubernetes/cluster-0/apps/monitoring/thanos/readme.md
+++ b/kubernetes/apps/monitoring/thanos/app/readme.md
@@ -65,4 +65,3 @@
```sh
mc admin policy set minio thanos-private user=thanos
```
-
diff --git a/kubernetes/cluster-0/apps/monitoring/thanos/secret.sops.yaml b/kubernetes/apps/monitoring/thanos/app/secret.sops.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/monitoring/thanos/secret.sops.yaml
rename to kubernetes/apps/monitoring/thanos/app/secret.sops.yaml
diff --git a/kubernetes/apps/monitoring/thanos/ks.yaml b/kubernetes/apps/monitoring/thanos/ks.yaml
new file mode 100644
index 000000000..0b990411c
--- /dev/null
+++ b/kubernetes/apps/monitoring/thanos/ks.yaml
@@ -0,0 +1,25 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-thanos-app
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-kube-prometheus-stack-app
+ path: ./kubernetes/apps/monitoring/thanos/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: thanos
+ namespace: monitoring
+ interval: 30m
+ retryInterval: 1m
+ timeout: 5m
diff --git a/kubernetes/cluster-0/apps/logs/vector/agent/helmrelease.yaml b/kubernetes/apps/monitoring/vector/agent/helmrelease.yaml
similarity index 98%
rename from kubernetes/cluster-0/apps/logs/vector/agent/helmrelease.yaml
rename to kubernetes/apps/monitoring/vector/agent/helmrelease.yaml
index cf9707860..a475cf9b5 100644
--- a/kubernetes/cluster-0/apps/logs/vector/agent/helmrelease.yaml
+++ b/kubernetes/apps/monitoring/vector/agent/helmrelease.yaml
@@ -18,10 +18,10 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
dependsOn:
- name: loki
namespace: monitoring
diff --git a/kubernetes/apps/monitoring/vector/agent/kustomization.yaml b/kubernetes/apps/monitoring/vector/agent/kustomization.yaml
new file mode 100644
index 000000000..27e12039d
--- /dev/null
+++ b/kubernetes/apps/monitoring/vector/agent/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: monitoring
+resources:
+ - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/logs/vector/aggregator/config/vector.yaml b/kubernetes/apps/monitoring/vector/aggregator/config/vector.yaml
similarity index 85%
rename from kubernetes/cluster-0/apps/logs/vector/aggregator/config/vector.yaml
rename to kubernetes/apps/monitoring/vector/aggregator/config/vector.yaml
index e49693ef8..2ac6ef6f2 100644
--- a/kubernetes/cluster-0/apps/logs/vector/aggregator/config/vector.yaml
+++ b/kubernetes/apps/monitoring/vector/aggregator/config/vector.yaml
@@ -7,7 +7,7 @@ api:
enrichment_tables:
geoip_table:
type: geoip
- path: /geoip/GeoLite2-City.mmdb
+ path: /usr/share/GeoIP/GeoLite2-City.mmdb
# Sources
sources:
@@ -54,17 +54,19 @@ transforms:
inputs:
- talos_kernel_logs
source: |-
- .__host = replace!(.__host, "10.1.1.31", "delta")
- .__host = replace(.__host, "10.1.1.32", "enigma")
- .__host = replace(.__host, "10.1.1.33", "felix")
+ .__host = replace!(.__host, "192.168.8.101", "talos-node-1")
+ .__host = replace(.__host, "192.168.8.102", "talos-node-2")
+ .__host = replace(.__host, "192.168.8.103", "talos-node-3")
+ .__host = replace(.__host, "192.168.8.104", "talos-node-4")
talos_service_logs_xform:
type: remap
inputs:
- talos_service_logs
source: |-
- .__host = replace!(.__host, "10.1.1.31", "delta")
- .__host = replace(.__host, "10.1.1.32", "enigma")
- .__host = replace(.__host, "10.1.1.33", "felix")
+ .__host = replace!(.__host, "192.168.8.101", "talos-node-1")
+ .__host = replace(.__host, "192.168.8.102", "talos-node-2")
+ .__host = replace(.__host, "192.168.8.103", "talos-node-3")
+ .__host = replace(.__host, "192.168.8.104", "talos-node-4")
kubernetes_remap:
type: remap
inputs:
diff --git a/kubernetes/apps/monitoring/vector/aggregator/helmrelease.yaml b/kubernetes/apps/monitoring/vector/aggregator/helmrelease.yaml
new file mode 100644
index 000000000..9635cfcc3
--- /dev/null
+++ b/kubernetes/apps/monitoring/vector/aggregator/helmrelease.yaml
@@ -0,0 +1,74 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: &app vector-aggregator
+ namespace: monitoring
+spec:
+ interval: 15m
+ chart:
+ spec:
+ chart: app-template
+ version: 1.2.0
+ sourceRef:
+ kind: HelmRepository
+ name: bjw-s
+ namespace: flux-system
+ install:
+ createNamespace: true
+ remediation:
+ retries: 3
+ upgrade:
+ remediation:
+ retries: 3
+ values:
+ controller:
+ strategy: RollingUpdate
+ annotations:
+ reloader.stakater.com/auto: "true"
+ image:
+ repository: docker.io/timberio/vector
+ tag: 0.26.0-debian
+ args: ["--config", "/etc/vector/vector.yaml"]
+ service:
+ main:
+ type: LoadBalancer
+ loadBalancerIP: "${CLUSTER_LB_VECTOR}"
+ externalTrafficPolicy: Local
+ ports:
+ http:
+ port: 8686
+ kubernetes-logs:
+ enabled: true
+ port: 6000
+ opnsense-logs:
+ enabled: true
+ port: 6001
+ journald-logs:
+ enabled: true
+ port: 6002
+ talos-kernel:
+ enabled: true
+ port: 6050
+ protocol: UDP
+ talos-service:
+ enabled: true
+ port: 6051
+ protocol: UDP
+ persistence:
+ config:
+ enabled: true
+ type: configMap
+ name: vector-aggregator-configmap
+ subPath: vector.yaml
+ mountPath: /etc/vector/vector.yaml
+ readOnly: true
+ data:
+ enabled: true
+ type: emptyDir
+ mountPath: /vector-data-dir
+ geoip:
+ enabled: true
+ type: emptyDir
+ mountPath: /usr/share/GeoIP
diff --git a/kubernetes/cluster-0/apps/logs/vector/aggregator/kustomization.yaml b/kubernetes/apps/monitoring/vector/aggregator/kustomization.yaml
similarity index 78%
rename from kubernetes/cluster-0/apps/logs/vector/aggregator/kustomization.yaml
rename to kubernetes/apps/monitoring/vector/aggregator/kustomization.yaml
index 6f6067ec9..7af1f3aa7 100644
--- a/kubernetes/cluster-0/apps/logs/vector/aggregator/kustomization.yaml
+++ b/kubernetes/apps/monitoring/vector/aggregator/kustomization.yaml
@@ -2,11 +2,14 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+namespace: monitoring
resources:
+ - ./secret.sops.yaml
- ./helmrelease.yaml
+patchesStrategicMerge:
+ - ./patches/geoip.yaml
configMapGenerator:
- name: vector-aggregator-configmap
- namespace: monitoring
files:
- vector.yaml=./config/vector.yaml
generatorOptions:
diff --git a/kubernetes/apps/monitoring/vector/aggregator/patches/geoip.yaml b/kubernetes/apps/monitoring/vector/aggregator/patches/geoip.yaml
new file mode 100644
index 000000000..6ded429e8
--- /dev/null
+++ b/kubernetes/apps/monitoring/vector/aggregator/patches/geoip.yaml
@@ -0,0 +1,25 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: vector-aggregator
+ namespace: monitoring
+spec:
+ values:
+ initContainers:
+ init-geoip:
+ image: docker.io/maxmindinc/geoipupdate:v4.10
+ env:
+ - name: GEOIPUPDATE_EDITION_IDS
+ value: GeoLite2-City
+ - name: GEOIPUPDATE_FREQUENCY
+ value: "0"
+ - name: GEOIPUPDATE_VERBOSE
+ value: "true"
+ envFrom:
+ - secretRef:
+ name: vector-aggregator-secret
+ volumeMounts:
+ - name: geoip
+ mountPath: /usr/share/GeoIP
diff --git a/kubernetes/cluster-0/apps/logs/vector/geoipupdate/secret.sops.yaml b/kubernetes/apps/monitoring/vector/aggregator/secret.sops.yaml
similarity index 97%
rename from kubernetes/cluster-0/apps/logs/vector/geoipupdate/secret.sops.yaml
rename to kubernetes/apps/monitoring/vector/aggregator/secret.sops.yaml
index 80b89a289..786964dff 100644
--- a/kubernetes/cluster-0/apps/logs/vector/geoipupdate/secret.sops.yaml
+++ b/kubernetes/apps/monitoring/vector/aggregator/secret.sops.yaml
@@ -2,7 +2,7 @@
apiVersion: v1
kind: Secret
metadata:
- name: vector-geoipupdate
+ name: vector-aggregator-secret
namespace: monitoring
type: Opaque
stringData:
diff --git a/kubernetes/apps/monitoring/vector/ks.yaml b/kubernetes/apps/monitoring/vector/ks.yaml
new file mode 100644
index 000000000..d57adc043
--- /dev/null
+++ b/kubernetes/apps/monitoring/vector/ks.yaml
@@ -0,0 +1,50 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-vector-aggregator
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-loki-app
+ path: ./kubernetes/apps/monitoring/vector/aggregator
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: vector-aggregator
+ namespace: monitoring
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-vector-agent
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-vector-aggregator
+ path: ./kubernetes/apps/monitoring/vector/agent
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: vector-agent
+ namespace: monitoring
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/networking/external-dns/helmrelease.yaml b/kubernetes/apps/networking/external-dns/app/helmrelease.yaml
similarity index 95%
rename from kubernetes/cluster-0/apps/networking/external-dns/helmrelease.yaml
rename to kubernetes/apps/networking/external-dns/app/helmrelease.yaml
index 6638053f1..0f833aa64 100644
--- a/kubernetes/cluster-0/apps/networking/external-dns/helmrelease.yaml
+++ b/kubernetes/apps/networking/external-dns/app/helmrelease.yaml
@@ -4,7 +4,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: external-dns
- namespace: default
+ namespace: networking
spec:
interval: 15m
chart:
@@ -18,10 +18,10 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
values:
interval: 2m
logLevel: debug
diff --git a/kubernetes/cluster-0/apps/databases/pgadmin/kustomization.yaml b/kubernetes/apps/networking/external-dns/app/kustomization.yaml
similarity index 90%
rename from kubernetes/cluster-0/apps/databases/pgadmin/kustomization.yaml
rename to kubernetes/apps/networking/external-dns/app/kustomization.yaml
index 0b647c1f8..a6a058c0f 100644
--- a/kubernetes/cluster-0/apps/databases/pgadmin/kustomization.yaml
+++ b/kubernetes/apps/networking/external-dns/app/kustomization.yaml
@@ -2,7 +2,7 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+namespace: networking
resources:
- ./secret.sops.yaml
- - ./volume.yaml
- ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/networking/external-dns/secret.sops.yaml b/kubernetes/apps/networking/external-dns/app/secret.sops.yaml
similarity index 78%
rename from kubernetes/cluster-0/apps/networking/external-dns/secret.sops.yaml
rename to kubernetes/apps/networking/external-dns/app/secret.sops.yaml
index 058b09701..ff5a02685 100644
--- a/kubernetes/cluster-0/apps/networking/external-dns/secret.sops.yaml
+++ b/kubernetes/apps/networking/external-dns/app/secret.sops.yaml
@@ -4,7 +4,7 @@ kind: Secret
type: Opaque
metadata:
name: ovh-external-dns-creds
- namespace: default
+ namespace: networking
stringData:
application-key: ENC[AES256_GCM,data:eM+c4o7krcCr38iYl+V9aw==,iv:bWvn6Du2AYczidEiYcCiiXiCWQoNTM55+pEqEDT5gVg=,tag:XAtpQsK7J7mQWs47qqAt/Q==,type:str]
application-secret: ENC[AES256_GCM,data:dsAI3MXIpqC5FQZojzchOUfJPARBYOOUbnmY042w9DQ=,iv:gLh0ySZfm1akVIcnN/LMuuI7GZrBBq/X6mnQd1j9BeA=,tag:wIKWVoDMRfn68Ot56HFPGA==,type:str]
@@ -24,8 +24,8 @@ sops:
bi8wYjlEM0xGZExSV05HSGlkYjQ2VlUKesUixJpqR2iYx5kNxrbD0kTG1siHVKqq
sh8UblAqd1av0/3Qpj9dMF8awR8Q80dElcEwXT90Ks/S7p/uEA358g==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2022-09-15T09:52:51Z"
- mac: ENC[AES256_GCM,data:cZAwl1uF59cBodh8F4KSZU8/sLyoRy6k2rFuYx3KH/YpICKj2Omg9D3cH1uUF+x1URYbRcKajKrIZMmpd6gjvoRERjnreuzosZwxeannkTpfZ0N5ivydTSETa9mjPXCP+4VdPQISG0ZYx91uf0nrsZnK3dPOT0W/TfEhAI3JB9c=,iv:ufpSLuakm9X5VB8ZgHdyZyH6PAo11yKHV5jj7TuNPcU=,tag:+GY39oTJ91codPkDrTQYTw==,type:str]
+ lastmodified: "2022-12-27T00:19:30Z"
+ mac: ENC[AES256_GCM,data:hbC1/+QtH1O0w7cCshPm5b/3pljWMR4Q1bhqoepIJEeLa82N3YqHZ4PcEKPHaJKRpzBN/+OcoMMAC29xBzp+yaS3WZLkh7cz2rYC4+16fjZCjwChZXJOtyE8CrUlsXUj7OvL23RnscCE/0fuIL4uRWqLKokLkbdc6X+sVRlY4l0=,iv:JZZIrTeY0L4jy4cUZfmcm3+ZCjxgn27qIdJf5pVrZkM=,tag:DM+XGSXt/rD/5jTW6LaWTQ==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.7.3
diff --git a/kubernetes/apps/networking/external-dns/ks.yaml b/kubernetes/apps/networking/external-dns/ks.yaml
new file mode 100644
index 000000000..c383774a1
--- /dev/null
+++ b/kubernetes/apps/networking/external-dns/ks.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-external-dns
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/networking/external-dns/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: external-dns
+ namespace: networking
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/apps/networking/ingress-nginx/app/clusterpolicy.yaml b/kubernetes/apps/networking/ingress-nginx/app/clusterpolicy.yaml
new file mode 100644
index 000000000..18ba5678d
--- /dev/null
+++ b/kubernetes/apps/networking/ingress-nginx/app/clusterpolicy.yaml
@@ -0,0 +1,99 @@
+---
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+ name: ingress-auth-annotations
+ annotations:
+ policies.kyverno.io/title: Ingress Auth Annotations
+ policies.kyverno.io/subject: Ingress
+ policies.kyverno.io/description: >-
+ This policy creates auth annotations on ingresses. When
+ the `auth.home.arpa/enabled` annotation is `true` it
+ applies the nginx auth annotations for use with Authelia.
+spec:
+ mutateExistingOnPolicyUpdate: true
+ generateExistingOnPolicyUpdate: true
+ rules:
+ - name: auth
+ match:
+ any:
+ - resources:
+ kinds: ["Ingress"]
+ annotations:
+ auth.home.arpa/enabled: "true"
+ mutate:
+ patchStrategicMerge:
+ metadata:
+ annotations:
+ +(nginx.ingress.kubernetes.io/auth-method): GET
+ +(nginx.ingress.kubernetes.io/auth-url): |-
+ http://authelia.default.svc.cluster.local.:8888/api/verify
+ +(nginx.ingress.kubernetes.io/auth-signin): |-
+ https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
+ +(nginx.ingress.kubernetes.io/auth-response-headers): |-
+ Remote-User,Remote-Name,Remote-Groups,Remote-Email
+ +(nginx.ingress.kubernetes.io/auth-snippet): |
+ proxy_set_header X-Forwarded-Method $request_method;
+---
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+ name: ingress-external-dns-annotations
+ annotations:
+ policies.kyverno.io/title: Ingress External-DNS Annotations
+ policies.kyverno.io/subject: Ingress
+ policies.kyverno.io/description: >-
+ This policy creates external-dns annotations on ingresses.
+ When the `external-dns.home.arpa/enabled` annotation is `true`
+ it applies the external-dns annotations for use with external
+ application access.
+spec:
+ mutateExistingOnPolicyUpdate: true
+ generateExistingOnPolicyUpdate: true
+ rules:
+ - name: external-dns
+ match:
+ any:
+ - resources:
+ kinds: ["Ingress"]
+ annotations:
+ external-dns.home.arpa/enabled: "true"
+ mutate:
+ patchStrategicMerge:
+ metadata:
+ annotations:
+ +(external-dns.alpha.kubernetes.io/target): |-
+ services.${SECRET_DOMAIN}.
+---
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+ name: ingress-whitelist-annotations
+ annotations:
+ policies.kyverno.io/title: Ingress Whitelist Annotations
+ policies.kyverno.io/subject: Ingress
+ policies.kyverno.io/description: >-
+ This policy creates annotations on ingresses. When
+ the `external-dns.home.arpa/enabled` annotation is not
+ set it applies the nginx annotations for use with only
+ internal application access.
+spec:
+ mutateExistingOnPolicyUpdate: true
+ generateExistingOnPolicyUpdate: true
+ rules:
+ - name: whitelist
+ match:
+ any:
+ - resources:
+ kinds: ["Ingress"]
+ exclude:
+ any:
+ - resources:
+ annotations:
+ external-dns.home.arpa/enabled: "true"
+ mutate:
+ patchStrategicMerge:
+ metadata:
+ annotations:
+ +(nginx.ingress.kubernetes.io/whitelist-source-range): |-
+ 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
diff --git a/kubernetes/apps/networking/ingress-nginx/app/dashboard/kustomization.yaml b/kubernetes/apps/networking/ingress-nginx/app/dashboard/kustomization.yaml
new file mode 100644
index 000000000..cb3b57114
--- /dev/null
+++ b/kubernetes/apps/networking/ingress-nginx/app/dashboard/kustomization.yaml
@@ -0,0 +1,18 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: networking
+configMapGenerator:
+ - name: nginx-dashboard
+ files:
+ - nginx-dashboard.json=https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/grafana/dashboards/nginx.json
+ - name: nginx-request-handling-performance-dashboard
+ files:
+ - nginx-request-handling-performance-dashboard.json=https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/grafana/dashboards/request-handling-performance.json
+generatorOptions:
+ disableNameSuffixHash: true
+ annotations:
+ kustomize.toolkit.fluxcd.io/substitute: disabled
+ labels:
+ grafana_dashboard: "true"
diff --git a/kubernetes/cluster-0/apps/networking/ingress-nginx/helmrelease.yaml b/kubernetes/apps/networking/ingress-nginx/app/helmrelease.yaml
similarity index 92%
rename from kubernetes/cluster-0/apps/networking/ingress-nginx/helmrelease.yaml
rename to kubernetes/apps/networking/ingress-nginx/app/helmrelease.yaml
index 3fca0ec85..b6fbf3012 100644
--- a/kubernetes/cluster-0/apps/networking/ingress-nginx/helmrelease.yaml
+++ b/kubernetes/apps/networking/ingress-nginx/app/helmrelease.yaml
@@ -4,7 +4,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: ingress-nginx
- namespace: default
+ namespace: networking
spec:
interval: 15m
chart:
@@ -18,13 +18,13 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
dependsOn:
- name: cert-manager
- namespace: default
+ namespace: cert-manager
values:
controller:
replicaCount: 2
@@ -38,18 +38,16 @@ spec:
default: true
config:
client-body-buffer-size: "100M"
- client-body-timeout: 12
- client-header-timeout: 12
+ client-body-timeout: 120
+ client-header-timeout: 120
custom-http-errors: 400,401,403,404,500,502,503,504
enable-brotli: "true"
- enable-ocsp: "true"
enable-real-ip: "true"
hsts-max-age: "31449600"
keep-alive-requests: 10000
keep-alive: 120
- proxy-body-size: "100M"
+ proxy-body-size: "0"
proxy-buffer-size: "16k"
- service-upstream: "true"
ssl-protocols: "TLSv1.3 TLSv1.2"
use-forwarded-headers: "true"
# crowdsec bouncer
@@ -64,7 +62,7 @@ spec:
any: true
extraArgs:
default-ssl-certificate: |-
- default/${SECRET_CLUSTER_DOMAIN/./-}-tls
+ networking/${SECRET_CLUSTER_DOMAIN/./-}-tls
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
diff --git a/kubernetes/apps/networking/ingress-nginx/app/kustomization.yaml b/kubernetes/apps/networking/ingress-nginx/app/kustomization.yaml
new file mode 100644
index 000000000..6be5f13d0
--- /dev/null
+++ b/kubernetes/apps/networking/ingress-nginx/app/kustomization.yaml
@@ -0,0 +1,9 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: networking
+resources:
+ - ./dashboard
+ - ./helmrelease.yaml
+ - ./clusterpolicy.yaml
diff --git a/kubernetes/apps/networking/ingress-nginx/certificates/certificates.yaml b/kubernetes/apps/networking/ingress-nginx/certificates/certificates.yaml
new file mode 100644
index 000000000..1582bd5c2
--- /dev/null
+++ b/kubernetes/apps/networking/ingress-nginx/certificates/certificates.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: ${SECRET_CLUSTER_DOMAIN/./-}
+ namespace: networking
+spec:
+ secretName: ${SECRET_CLUSTER_DOMAIN/./-}-tls
+ issuerRef:
+ name: letsencrypt-production
+ kind: ClusterIssuer
+ commonName: "${SECRET_CLUSTER_DOMAIN}"
+ dnsNames:
+ - ${SECRET_CLUSTER_DOMAIN}
+ - "*.${SECRET_CLUSTER_DOMAIN}"
diff --git a/kubernetes/cluster-0/apps/kube-tools/intel-gpu-exporter/kustomization.yaml b/kubernetes/apps/networking/ingress-nginx/certificates/kustomization.yaml
similarity index 86%
rename from kubernetes/cluster-0/apps/kube-tools/intel-gpu-exporter/kustomization.yaml
rename to kubernetes/apps/networking/ingress-nginx/certificates/kustomization.yaml
index 17cbc72b2..794280df3 100644
--- a/kubernetes/cluster-0/apps/kube-tools/intel-gpu-exporter/kustomization.yaml
+++ b/kubernetes/apps/networking/ingress-nginx/certificates/kustomization.yaml
@@ -3,4 +3,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- - ./helmrelease.yaml
+ - ./certificates.yaml
diff --git a/kubernetes/apps/networking/ingress-nginx/ks.yaml b/kubernetes/apps/networking/ingress-nginx/ks.yaml
new file mode 100644
index 000000000..8511400bb
--- /dev/null
+++ b/kubernetes/apps/networking/ingress-nginx/ks.yaml
@@ -0,0 +1,47 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-ingress-nginx-certificates
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-cert-manager-webhook-ovh
+ path: ./kubernetes/apps/networking/ingress-nginx/certificates
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ wait: true
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-ingress-nginx
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-ingress-nginx-certificates
+ - name: cluster-apps-kyverno
+ path: ./kubernetes/apps/networking/ingress-nginx/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: ingress-nginx
+ namespace: networking
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/networking/k8s-gateway/Corefile b/kubernetes/apps/networking/k8s-gateway/app/Corefile
similarity index 100%
rename from kubernetes/cluster-0/apps/networking/k8s-gateway/Corefile
rename to kubernetes/apps/networking/k8s-gateway/app/Corefile
diff --git a/kubernetes/cluster-0/apps/networking/k8s-gateway/helmrelease.yaml b/kubernetes/apps/networking/k8s-gateway/app/helmrelease.yaml
similarity index 97%
rename from kubernetes/cluster-0/apps/networking/k8s-gateway/helmrelease.yaml
rename to kubernetes/apps/networking/k8s-gateway/app/helmrelease.yaml
index db27c3cec..c16391c15 100644
--- a/kubernetes/cluster-0/apps/networking/k8s-gateway/helmrelease.yaml
+++ b/kubernetes/apps/networking/k8s-gateway/app/helmrelease.yaml
@@ -4,7 +4,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: &app k8s-gateway
- namespace: default
+ namespace: networking
spec:
interval: 15m
chart:
@@ -18,10 +18,10 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
values:
controller:
replicas: 2
diff --git a/kubernetes/cluster-0/apps/networking/k8s-gateway/kustomization.yaml b/kubernetes/apps/networking/k8s-gateway/app/kustomization.yaml
similarity index 93%
rename from kubernetes/cluster-0/apps/networking/k8s-gateway/kustomization.yaml
rename to kubernetes/apps/networking/k8s-gateway/app/kustomization.yaml
index 0dde218a7..bae4bdb99 100644
--- a/kubernetes/cluster-0/apps/networking/k8s-gateway/kustomization.yaml
+++ b/kubernetes/apps/networking/k8s-gateway/app/kustomization.yaml
@@ -2,6 +2,7 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+namespace: networking
resources:
- ./rbac.yaml
- ./helmrelease.yaml
@@ -9,6 +10,5 @@ configMapGenerator:
- name: k8s-gateway-configmap
files:
- ./Corefile
- namespace: default
generatorOptions:
disableNameSuffixHash: true
diff --git a/kubernetes/cluster-0/apps/networking/k8s-gateway/rbac.yaml b/kubernetes/apps/networking/k8s-gateway/app/rbac.yaml
similarity index 95%
rename from kubernetes/cluster-0/apps/networking/k8s-gateway/rbac.yaml
rename to kubernetes/apps/networking/k8s-gateway/app/rbac.yaml
index a3886ddf8..999630ce9 100644
--- a/kubernetes/cluster-0/apps/networking/k8s-gateway/rbac.yaml
+++ b/kubernetes/apps/networking/k8s-gateway/app/rbac.yaml
@@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: k8s-gateway
- namespace: default
+ namespace: networking
labels:
app.kubernetes.io/instance: k8s-gateway
app.kubernetes.io/name: k8s-gateway
@@ -45,4 +45,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: k8s-gateway
- namespace: default
+ namespace: networking
diff --git a/kubernetes/apps/networking/k8s-gateway/ks.yaml b/kubernetes/apps/networking/k8s-gateway/ks.yaml
new file mode 100644
index 000000000..2f6ea7bec
--- /dev/null
+++ b/kubernetes/apps/networking/k8s-gateway/ks.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-k8s-gateway
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/networking/k8s-gateway/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: k8s-gateway
+ namespace: networking
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
diff --git a/kubernetes/cluster-0/apps/databases/kustomization.yaml b/kubernetes/apps/networking/kustomization.yaml
similarity index 50%
rename from kubernetes/cluster-0/apps/databases/kustomization.yaml
rename to kubernetes/apps/networking/kustomization.yaml
index c9788149e..7d95c5db8 100644
--- a/kubernetes/cluster-0/apps/databases/kustomization.yaml
+++ b/kubernetes/apps/networking/kustomization.yaml
@@ -2,8 +2,10 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
-namespace: default
resources:
- - ./pgadmin
- - ./postgres
- - ./redis
+ # Pre Flux-Kustomizations
+ - ./namespace.yaml
+ # Flux-Kustomizations
+ - ./external-dns/ks.yaml
+ - ./ingress-nginx/ks.yaml
+ - ./k8s-gateway/ks.yaml
diff --git a/kubernetes/apps/networking/namespace.yaml b/kubernetes/apps/networking/namespace.yaml
new file mode 100644
index 000000000..b9e4a4161
--- /dev/null
+++ b/kubernetes/apps/networking/namespace.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: networking
+ labels:
+ kustomize.toolkit.fluxcd.io/prune: disabled
diff --git a/kubernetes/cluster-0/apps/authentication/kustomization.yaml b/kubernetes/apps/rook-ceph/kustomization.yaml
similarity index 61%
rename from kubernetes/cluster-0/apps/authentication/kustomization.yaml
rename to kubernetes/apps/rook-ceph/kustomization.yaml
index d9174326d..dcaf9188b 100644
--- a/kubernetes/cluster-0/apps/authentication/kustomization.yaml
+++ b/kubernetes/apps/rook-ceph/kustomization.yaml
@@ -2,7 +2,8 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
-namespace: default
resources:
- - ./authelia
- - ./glauth
+ # Pre Flux-Kustomizations
+ - ./namespace.yaml
+ # Flux-Kustomizations
+ - ./rook-ceph/ks.yaml
diff --git a/kubernetes/cluster-0/core/rook-ceph/namespace.yaml b/kubernetes/apps/rook-ceph/namespace.yaml
similarity index 52%
rename from kubernetes/cluster-0/core/rook-ceph/namespace.yaml
rename to kubernetes/apps/rook-ceph/namespace.yaml
index 1696c56ee..4f4d74a80 100644
--- a/kubernetes/cluster-0/core/rook-ceph/namespace.yaml
+++ b/kubernetes/apps/rook-ceph/namespace.yaml
@@ -3,3 +3,5 @@ apiVersion: v1
kind: Namespace
metadata:
name: rook-ceph
+ labels:
+ kustomize.toolkit.fluxcd.io/prune: disabled
diff --git a/kubernetes/cluster-0/core/rook-ceph/operator/helmrelease.yaml b/kubernetes/apps/rook-ceph/rook-ceph/app/helmrelease.yaml
similarity index 100%
rename from kubernetes/cluster-0/core/rook-ceph/operator/helmrelease.yaml
rename to kubernetes/apps/rook-ceph/rook-ceph/app/helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/development/drone/drone-runner-kube/kustomization.yaml b/kubernetes/apps/rook-ceph/rook-ceph/app/kustomization.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/development/drone/drone-runner-kube/kustomization.yaml
rename to kubernetes/apps/rook-ceph/rook-ceph/app/kustomization.yaml
diff --git a/kubernetes/cluster-0/core/rook-ceph/cluster/helmrelease.yaml b/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml
similarity index 99%
rename from kubernetes/cluster-0/core/rook-ceph/cluster/helmrelease.yaml
rename to kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml
index c40cea3e4..a9f2f8f7d 100644
--- a/kubernetes/cluster-0/core/rook-ceph/cluster/helmrelease.yaml
+++ b/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml
@@ -18,10 +18,10 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
dependsOn:
- name: rook-ceph-operator
namespace: rook-ceph
diff --git a/kubernetes/cluster-0/apps/development/gitea/external-backup/kustomization.yaml b/kubernetes/apps/rook-ceph/rook-ceph/cluster/kustomization.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/development/gitea/external-backup/kustomization.yaml
rename to kubernetes/apps/rook-ceph/rook-ceph/cluster/kustomization.yaml
diff --git a/kubernetes/apps/rook-ceph/rook-ceph/ks.yaml b/kubernetes/apps/rook-ceph/rook-ceph/ks.yaml
new file mode 100644
index 000000000..2e56d8a0d
--- /dev/null
+++ b/kubernetes/apps/rook-ceph/rook-ceph/ks.yaml
@@ -0,0 +1,73 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-rook-ceph-app
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ path: ./kubernetes/apps/rook-ceph/rook-ceph/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: rook-ceph-operator
+ namespace: rook-ceph
+ interval: 30m
+ retryInterval: 1m
+ timeout: 3m
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-rook-ceph-cluster
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-rook-ceph-app
+ path: ./kubernetes/apps/rook-ceph/rook-ceph/cluster
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: rook-ceph-cluster
+ namespace: rook-ceph
+ interval: 30m
+ retryInterval: 1m
+ timeout: 5m
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: cluster-apps-rook-ceph-toolbox
+ namespace: flux-system
+ labels:
+ substitution.flux.home.arpa/enabled: "true"
+spec:
+ dependsOn:
+ - name: cluster-apps-rook-ceph-app
+ path: ./kubernetes/apps/rook-ceph/rook-ceph/toolbox
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ healthChecks:
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: rook-ceph-toolbox
+ namespace: rook-ceph
+ interval: 30m
+ retryInterval: 1m
+ timeout: 5m
diff --git a/kubernetes/cluster-0/core/rook-ceph/rook-toolbox/deployment.yaml b/kubernetes/apps/rook-ceph/rook-ceph/toolbox/helmrelease.yaml
similarity index 96%
rename from kubernetes/cluster-0/core/rook-ceph/rook-toolbox/deployment.yaml
rename to kubernetes/apps/rook-ceph/rook-ceph/toolbox/helmrelease.yaml
index 052c12e2f..33b950c82 100644
--- a/kubernetes/cluster-0/core/rook-ceph/rook-toolbox/deployment.yaml
+++ b/kubernetes/apps/rook-ceph/rook-ceph/toolbox/helmrelease.yaml
@@ -3,7 +3,7 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
- name: &app rook-toolbox
+ name: &app rook-ceph-toolbox
namespace: rook-ceph
spec:
interval: 15m
@@ -18,10 +18,10 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
values:
global:
nameOverride: *app
diff --git a/kubernetes/cluster-0/apps/downloaders/qbittorrent/upgrade-p2pblocklist/kustomization.yaml b/kubernetes/apps/rook-ceph/rook-ceph/toolbox/kustomization.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/downloaders/qbittorrent/upgrade-p2pblocklist/kustomization.yaml
rename to kubernetes/apps/rook-ceph/rook-ceph/toolbox/kustomization.yaml
diff --git a/kubernetes/cluster-0/apps/storage/volsync/kustomization.yaml b/kubernetes/apps/volsync/kustomization.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/storage/volsync/kustomization.yaml
rename to kubernetes/apps/volsync/kustomization.yaml
diff --git a/kubernetes/cluster-0/apps/storage/volsync/namespace.yaml b/kubernetes/apps/volsync/namespace.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/storage/volsync/namespace.yaml
rename to kubernetes/apps/volsync/namespace.yaml
diff --git a/kubernetes/apps/volsync/readme.md b/kubernetes/apps/volsync/readme.md
new file mode 100644
index 000000000..87c29bda6
--- /dev/null
+++ b/kubernetes/apps/volsync/readme.md
@@ -0,0 +1,65 @@
+# Volsync
+
+## S3 Configuration
+
+1. Create `~/.mc/config.json`
+
+ ```json
+ {
+ "version": "10",
+ "aliases": {
+ "minio": {
+ "url": "https://s3.",
+ "accessKey": "",
+ "secretKey": "",
+ "api": "S3v4",
+ "path": "auto"
+ }
+ }
+ }
+ ```
+
+2. Create the volsync user and password
+
+ ```sh
+ mc admin user add minio volsync
+ ```
+
+3. Create the volsync bucket
+
+ ```sh
+ mc mb minio/volsync
+ ```
+
+4. Create `volsync-user-policy.json`
+
+ ```json
+ {
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Action": [
+ "s3:ListBucket",
+ "s3:PutObject",
+ "s3:GetObject",
+ "s3:DeleteObject"
+ ],
+ "Effect": "Allow",
+ "Resource": ["arn:aws:s3:::volsync/*", "arn:aws:s3:::volsync"],
+ "Sid": ""
+ }
+ ]
+ }
+ ```
+
+5. Apply the bucket policies
+
+ ```sh
+ mc admin policy add minio volsync-private volsync-user-policy.json
+ ```
+
+6. Associate private policy with the user
+
+ ```sh
+ mc admin policy set minio volsync-private user=volsync
+ ```
diff --git a/kubernetes/cluster-0/apps/storage/volsync/snapscheduler/app/helmrelease.yaml b/kubernetes/apps/volsync/snapscheduler/app/helmrelease.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/storage/volsync/snapscheduler/app/helmrelease.yaml
rename to kubernetes/apps/volsync/snapscheduler/app/helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/storage/volsync/snapscheduler/app/kustomization.yaml b/kubernetes/apps/volsync/snapscheduler/app/kustomization.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/storage/volsync/snapscheduler/app/kustomization.yaml
rename to kubernetes/apps/volsync/snapscheduler/app/kustomization.yaml
diff --git a/kubernetes/cluster-0/apps/storage/volsync/snapscheduler/ks.yaml b/kubernetes/apps/volsync/snapscheduler/ks.yaml
similarity index 85%
rename from kubernetes/cluster-0/apps/storage/volsync/snapscheduler/ks.yaml
rename to kubernetes/apps/volsync/snapscheduler/ks.yaml
index ac4d99d56..9dcb7d546 100644
--- a/kubernetes/cluster-0/apps/storage/volsync/snapscheduler/ks.yaml
+++ b/kubernetes/apps/volsync/snapscheduler/ks.yaml
@@ -10,11 +10,11 @@ metadata:
spec:
dependsOn:
- name: cluster-apps-snapshot-controller
- path: ./kubernetes/cluster-0/apps/storage/volsync/snapscheduler/app
+ path: ./kubernetes/apps/volsync/snapscheduler/app
prune: true
sourceRef:
kind: GitRepository
- name: home-ops
+ name: home-ops-kubernetes
healthChecks:
- apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
@@ -35,11 +35,11 @@ metadata:
spec:
dependsOn:
- name: cluster-apps-snapscheduler
- path: ./kubernetes/cluster-0/apps/storage/volsync/snapscheduler/schedules
+ path: ./kubernetes/apps/volsync/snapscheduler/schedules
prune: true
sourceRef:
kind: GitRepository
- name: home-ops
+ name: home-ops-kubernetes
wait: true
interval: 30m
retryInterval: 1m
diff --git a/kubernetes/cluster-0/apps/storage/volsync/snapscheduler/schedules/kustomization.yaml b/kubernetes/apps/volsync/snapscheduler/schedules/kustomization.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/storage/volsync/snapscheduler/schedules/kustomization.yaml
rename to kubernetes/apps/volsync/snapscheduler/schedules/kustomization.yaml
diff --git a/kubernetes/cluster-0/apps/storage/volsync/snapscheduler/schedules/snapschedule.yaml b/kubernetes/apps/volsync/snapscheduler/schedules/snapschedule.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/storage/volsync/snapscheduler/schedules/snapschedule.yaml
rename to kubernetes/apps/volsync/snapscheduler/schedules/snapschedule.yaml
diff --git a/kubernetes/cluster-0/apps/storage/volsync/volsync/app/helmrelease.yaml b/kubernetes/apps/volsync/volsync/app/helmrelease.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/storage/volsync/volsync/app/helmrelease.yaml
rename to kubernetes/apps/volsync/volsync/app/helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/storage/volsync/volsync/app/kustomization.yaml b/kubernetes/apps/volsync/volsync/app/kustomization.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/storage/volsync/volsync/app/kustomization.yaml
rename to kubernetes/apps/volsync/volsync/app/kustomization.yaml
diff --git a/kubernetes/cluster-0/apps/storage/volsync/volsync/app/prometheusrule.yaml b/kubernetes/apps/volsync/volsync/app/prometheusrule.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/storage/volsync/volsync/app/prometheusrule.yaml
rename to kubernetes/apps/volsync/volsync/app/prometheusrule.yaml
diff --git a/kubernetes/cluster-0/apps/storage/volsync/volsync/ks.yaml b/kubernetes/apps/volsync/volsync/ks.yaml
similarity index 87%
rename from kubernetes/cluster-0/apps/storage/volsync/volsync/ks.yaml
rename to kubernetes/apps/volsync/volsync/ks.yaml
index e4fd44dff..7dfed0366 100644
--- a/kubernetes/cluster-0/apps/storage/volsync/volsync/ks.yaml
+++ b/kubernetes/apps/volsync/volsync/ks.yaml
@@ -10,11 +10,11 @@ metadata:
spec:
dependsOn:
- name: cluster-apps-snapshot-controller
- path: ./kubernetes/cluster-0/apps/storage/volsync/volsync/app
+ path: ./kubernetes/apps/volsync/volsync/app
prune: true
sourceRef:
kind: GitRepository
- name: home-ops
+ name: home-ops-kubernetes
healthChecks:
- apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
diff --git a/kubernetes/cluster-0/apps/security/crowdsec/helmrelease.yaml b/kubernetes/archive/crowdsec/helmrelease.yaml
similarity index 99%
rename from kubernetes/cluster-0/apps/security/crowdsec/helmrelease.yaml
rename to kubernetes/archive/crowdsec/helmrelease.yaml
index a4ac3771c..091f384fd 100644
--- a/kubernetes/cluster-0/apps/security/crowdsec/helmrelease.yaml
+++ b/kubernetes/archive/crowdsec/helmrelease.yaml
@@ -18,10 +18,10 @@ spec:
install:
createNamespace: true
remediation:
- retries: 5
+ retries: 3
upgrade:
remediation:
- retries: 5
+ retries: 3
values:
container_runtime: containerd
image:
diff --git a/kubernetes/cluster-0/apps/monitoring/thanos/kustomization.yaml b/kubernetes/archive/crowdsec/kustomization.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/monitoring/thanos/kustomization.yaml
rename to kubernetes/archive/crowdsec/kustomization.yaml
index 16a6ce304..8b3cc1a14 100644
--- a/kubernetes/cluster-0/apps/monitoring/thanos/kustomization.yaml
+++ b/kubernetes/archive/crowdsec/kustomization.yaml
@@ -3,5 +3,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- - ./secret.sops.yaml
- ./helmrelease.yaml
+ - ./secret.sops.yaml
diff --git a/kubernetes/cluster-0/apps/security/crowdsec/secret.sops.yaml b/kubernetes/archive/crowdsec/secret.sops.yaml
similarity index 100%
rename from kubernetes/cluster-0/apps/security/crowdsec/secret.sops.yaml
rename to kubernetes/archive/crowdsec/secret.sops.yaml
diff --git a/kubernetes/bootstrap/README.md b/kubernetes/bootstrap/README.md
new file mode 100644
index 000000000..d39c8e869
--- /dev/null
+++ b/kubernetes/bootstrap/README.md
@@ -0,0 +1,9 @@
+## :memo: Bootstrap
+
+1. Deploy [cilium](https://cilium.io/) : `kubectl kustomize --enable-helm ./kubernetes/bootsrap/cilium | kubectl apply -f -`
+2. Deploy [kubelet-csr-approver](https://github.com/postfinance/kubelet-csr-approver) `kubectl kustomize --enable-helm ./kubernetes/bootstrap/kubelet-csr-approver | kubectl apply -f -` to approve csr issued by talos nodes (that will allow to see pods logs).
+3. Deploy [flux](https://github.com/fluxcd/flux2) `kubectl apply --server-side --kustomize ./kubernetes/bootstrap/flux`
+4. Create flux github secret `sops --decrypt ./kubernetes/bootstrap/flux/github-deploy-key.sops.yaml | kubectl apply -f -`
+5. Create sops secret `cat ~/.config/sops/age/keys.txt | kubectl create secret generic sops-age --namespace=flux-system --from-file=age.agekey=/dev/stdin`
+6. Apply flux cluster variables `kubectl apply -f ./kubernetes/flux/vars/cluster-settings.yaml`
+7. Apply flux kustomization `kubectl apply --server-side --kustomize ./kubernetes/flux/config`
diff --git a/infrastructure/talos/cluster-0/cni/kustomization.yaml b/kubernetes/bootstrap/cilium/kustomization.yaml
similarity index 100%
rename from infrastructure/talos/cluster-0/cni/kustomization.yaml
rename to kubernetes/bootstrap/cilium/kustomization.yaml
diff --git a/infrastructure/talos/cluster-0/cni/values.yaml b/kubernetes/bootstrap/cilium/values.yaml
similarity index 100%
rename from infrastructure/talos/cluster-0/cni/values.yaml
rename to kubernetes/bootstrap/cilium/values.yaml
diff --git a/infrastructure/talos/cluster-0/flux/github-deploy-key.sops.yaml b/kubernetes/bootstrap/flux/github-deploy-key.sops.yaml
similarity index 100%
rename from infrastructure/talos/cluster-0/flux/github-deploy-key.sops.yaml
rename to kubernetes/bootstrap/flux/github-deploy-key.sops.yaml
diff --git a/infrastructure/talos/cluster-0/flux/kustomization.yaml b/kubernetes/bootstrap/flux/kustomization.yaml
similarity index 78%
rename from infrastructure/talos/cluster-0/flux/kustomization.yaml
rename to kubernetes/bootstrap/flux/kustomization.yaml
index 621aa5366..54cf23ecc 100644
--- a/infrastructure/talos/cluster-0/flux/kustomization.yaml
+++ b/kubernetes/bootstrap/flux/kustomization.yaml
@@ -1,4 +1,5 @@
---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
@@ -13,4 +14,4 @@ patches:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
- name: all
+ name: not-used
diff --git a/infrastructure/talos/cluster-0/kubelet-csr-approver/kustomization.yaml b/kubernetes/bootstrap/kubelet-csr-approver/kustomization.yaml
similarity index 100%
rename from infrastructure/talos/cluster-0/kubelet-csr-approver/kustomization.yaml
rename to kubernetes/bootstrap/kubelet-csr-approver/kustomization.yaml
diff --git a/kubernetes/cluster-0/apps/databases/postgres/cluster/helmrelease.yaml b/kubernetes/cluster-0/apps/databases/postgres/cluster/helmrelease.yaml
deleted file mode 100644
index 7c96c205c..000000000
--- a/kubernetes/cluster-0/apps/databases/postgres/cluster/helmrelease.yaml
+++ /dev/null
@@ -1,81 +0,0 @@
----
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: postgres-cluster
- namespace: &namespace default
-spec:
- interval: 15m
- chart:
- spec:
- chart: raw
- version: v0.3.1
- sourceRef:
- kind: HelmRepository
- name: dysnix
- namespace: flux-system
- install:
- createNamespace: true
- remediation:
- retries: 5
- upgrade:
- remediation:
- retries: 5
- dependsOn:
- - name: postgres
- namespace: default
- - name: rook-ceph-cluster
- namespace: rook-ceph
- values:
- resources:
- - apiVersion: postgresql.cnpg.io/v1
- kind: Cluster
- metadata:
- name: postgres
- namespace: *namespace
- annotations:
- kyverno.io/ignore: "true"
- spec:
- instances: 3
- primaryUpdateStrategy: unsupervised
- storage:
- size: 20Gi
- storageClass: rook-ceph-block
- superuserSecret:
- name: postgres-superuser
- monitoring:
- enablePodMonitor: true
- backup:
- retentionPolicy: 30d
- barmanObjectStore:
- wal:
- compression: bzip2
- maxParallel: 8
- destinationPath: s3://postgresql/
- endpointURL: https://truenas.${SECRET_DOMAIN}:51515
- serverName: postgres-v3
- s3Credentials:
- accessKeyId:
- name: postgres-minio
- key: MINIO_ACCESS_KEY
- secretAccessKey:
- name: postgres-minio
- key: MINIO_SECRET_KEY
- # bootstrap:
- # recovery:
- # source: postgres
- # externalClusters:
- # - name: postgres
- # barmanObjectStore:
- # destinationPath: s3://postgresql/
- # endpointURL: https://truenas.${SECRET_DOMAIN}:51515
- # s3Credentials:
- # accessKeyId:
- # name: postgres-minio
- # key: MINIO_ACCESS_KEY
- # secretAccessKey:
- # name: postgres-minio
- # key: MINIO_SECRET_KEY
- # wal:
- # maxParallel: 8
diff --git a/kubernetes/cluster-0/apps/databases/postgres/cluster/kustomization.yaml b/kubernetes/cluster-0/apps/databases/postgres/cluster/kustomization.yaml
deleted file mode 100644
index 95bf4747f..000000000
--- a/kubernetes/cluster-0/apps/databases/postgres/cluster/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./secret.sops.yaml
- - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/databases/postgres/external-backup/helmrelease.yaml b/kubernetes/cluster-0/apps/databases/postgres/external-backup/helmrelease.yaml
deleted file mode 100644
index 4615bca24..000000000
--- a/kubernetes/cluster-0/apps/databases/postgres/external-backup/helmrelease.yaml
+++ /dev/null
@@ -1,90 +0,0 @@
----
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: &app postgres-external-backup
- namespace: &namespace default
-spec:
- interval: 15m
- chart:
- spec:
- chart: raw
- version: v0.3.1
- sourceRef:
- kind: HelmRepository
- name: dysnix
- namespace: flux-system
- install:
- createNamespace: true
- remediation:
- retries: 5
- upgrade:
- remediation:
- retries: 5
- dependsOn:
- - name: postgres-cluster
- namespace: default
- values:
- resources:
- - apiVersion: batch/v1
- kind: CronJob
- metadata:
- name: *app
- namespace: *namespace
- spec:
- schedule: "@daily"
- jobTemplate:
- spec:
- ttlSecondsAfterFinished: 86400
- template:
- spec:
- automountServiceAccountToken: false
- restartPolicy: OnFailure
- containers:
- - name: *app
- image: prodrigestivill/postgres-backup-local:15-alpine@sha256:1209779d7b39a9f73d498091452051fedfe140252bff59ea1c42e0a9a8a9b8e0
- env:
- - name: POSTGRES_HOST
- value: ${POSTGRES_HOST}
- - name: POSTGRES_DB
- value: "authelia,drone,freshrss,gitea,invidious,joplin,lychee,paperless,recipes,sharry,outline,vaultwarden,vikunja,wallabag"
- - name: POSTGRES_USER
- valueFrom:
- secretKeyRef:
- name: postgres-superuser
- key: username
- - name: POSTGRES_PASSWORD
- valueFrom:
- secretKeyRef:
- name: postgres-superuser
- key: password
- - name: POSTGRES_EXTRA_OPTS
- value: "-Z9 --schema=public --blobs"
- - name: BACKUP_KEEP_DAYS
- value: "7"
- - name: BACKUP_KEEP_WEEKS
- value: "4"
- - name: BACKUP_KEEP_MONTHS
- value: "3"
- - name: HEALTHCHECK_PORT
- value: "8080"
- - name: WEBHOOK_URL
- value: https://uptime-kuma.${SECRET_CLUSTER_DOMAIN}/api/push/45cHKtahUg?status=up&msg=OK&ping=
- command:
- - "/backup.sh"
- volumeMounts:
- - name: backups
- mountPath: /backups
- - name: files
- subPath: 00-webhook
- mountPath: /hooks/00-webhook
- volumes:
- - name: backups
- nfs:
- server: "${LOCAL_LAN_TRUENAS}"
- path: /mnt/storage/backups/postgresql
- - name: files
- configMap:
- name: postgres-external-backup
- defaultMode: 0555
diff --git a/kubernetes/cluster-0/apps/databases/postgres/external-backup/kustomization.yaml b/kubernetes/cluster-0/apps/databases/postgres/external-backup/kustomization.yaml
deleted file mode 100644
index 5b842e044..000000000
--- a/kubernetes/cluster-0/apps/databases/postgres/external-backup/kustomization.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./helmrelease.yaml
-configMapGenerator:
- - name: postgres-external-backup
- files:
- - ./00-webhook
-generatorOptions:
- disableNameSuffixHash: true
diff --git a/kubernetes/cluster-0/apps/databases/postgres/scheduled-backup/helmrelease.yaml b/kubernetes/cluster-0/apps/databases/postgres/scheduled-backup/helmrelease.yaml
deleted file mode 100644
index 5f1fa097c..000000000
--- a/kubernetes/cluster-0/apps/databases/postgres/scheduled-backup/helmrelease.yaml
+++ /dev/null
@@ -1,42 +0,0 @@
----
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: postgres-scheduled-backup
- namespace: &namespace default
-spec:
- interval: 15m
- chart:
- spec:
- chart: raw
- version: v0.3.1
- sourceRef:
- kind: HelmRepository
- name: dysnix
- namespace: flux-system
- install:
- createNamespace: true
- remediation:
- retries: 5
- upgrade:
- remediation:
- retries: 5
- dependsOn:
- - name: postgres
- namespace: default
- - name: rook-ceph-cluster
- namespace: rook-ceph
- values:
- resources:
- - apiVersion: postgresql.cnpg.io/v1
- kind: ScheduledBackup
- metadata:
- name: postgres
- namespace: *namespace
- spec:
- schedule: "@daily"
- immediate: true
- backupOwnerReference: self
- cluster:
- name: postgres
diff --git a/kubernetes/cluster-0/apps/databases/postgres/scheduled-backup/kustomization.yaml b/kubernetes/cluster-0/apps/databases/postgres/scheduled-backup/kustomization.yaml
deleted file mode 100644
index 95bf4747f..000000000
--- a/kubernetes/cluster-0/apps/databases/postgres/scheduled-backup/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./secret.sops.yaml
- - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/development/drone/kustomization.yaml b/kubernetes/cluster-0/apps/development/drone/kustomization.yaml
deleted file mode 100644
index cfbb707d0..000000000
--- a/kubernetes/cluster-0/apps/development/drone/kustomization.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./drone-kubernetes-secrets
- - ./drone-runner-kube
- - ./helmrelease.yaml
- - ./secret.sops.yaml
diff --git a/kubernetes/cluster-0/apps/development/gitea/external-backup/helmrelease.yaml b/kubernetes/cluster-0/apps/development/gitea/external-backup/helmrelease.yaml
deleted file mode 100644
index 9ae78c21e..000000000
--- a/kubernetes/cluster-0/apps/development/gitea/external-backup/helmrelease.yaml
+++ /dev/null
@@ -1,116 +0,0 @@
----
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: &app gitea-external-backup
- namespace: &namespace default
-spec:
- interval: 15m
- chart:
- spec:
- chart: raw
- version: v0.3.1
- sourceRef:
- kind: HelmRepository
- name: dysnix
- namespace: flux-system
- install:
- createNamespace: true
- remediation:
- retries: 5
- upgrade:
- remediation:
- retries: 5
- dependsOn:
- - name: gitea
- namespace: default
- values:
- resources:
- - apiVersion: batch/v1
- kind: CronJob
- metadata:
- name: *app
- namespace: *namespace
- spec:
- schedule: "@daily"
- jobTemplate:
- spec:
- template:
- metadata:
- name: *app
- spec:
- containers:
- - name: *app
- image: ghcr.io/auricom/kubectl:1.26.0@sha256:f512e3008d0492cbae7aac6eaccc21b13d723374715aaedd59d352d840f0229c
- imagePullPolicy: IfNotPresent
- command:
- - "/bin/bash"
- - "-c"
- - |
- #!/bin/bash
-
- set -o nounset
- set -o errexit
-
- mkdir -p ~/.ssh
- cp /opt/id_rsa ~/.ssh/id_rsa
- chmod 600 ~/.ssh/id_rsa
-
- ssh -o StrictHostKeyChecking=no homelab@${LOCAL_LAN_TRUENAS} << 'EOF'
-
- set -o nounset
- set -o errexit
-
- WORK_DIR="/mnt/storage/backups/apps/gitea"
-
- ORGANISATIONS=$(curl --silent --location --request GET "https://gitea.${SECRET_CLUSTER_DOMAIN}/api/v1/orgs" --header "Authorization: Bearer ${SECRET_GITEA_API_TOKEN}" | jq --raw-output .[].username)
- ORGANISATIONS+=" auricom"
-
- for org in $ORGANISATIONS
- do
- mkdir -p $WORK_DIR/$org
- if [ $org == "auricom" ]; then
- keyword="users"
- else
- keyword="orgs"
- fi
- REPOSITORIES=$(curl --silent --location --request GET "https://gitea.${SECRET_CLUSTER_DOMAIN}/api/v1/$keyword/$org/repos?limit=1000" --header "Authorization: Bearer ${SECRET_GITEA_API_TOKEN}" | jq --raw-output .[].name)
- for repo in $REPOSITORIES
- do
- if [ -d "$WORK_DIR/$org/$repo" ]; then
- echo "INFO: pull $org/$repo..."
- cd $WORK_DIR/$org/$repo
- git remote show origin -n | grep -c main &> /dev/null && MAIN_BRANCH="main" || MAIN_BRANCH="master"
- git fetch --all
- test $? -ne 0 && exit 1
- git reset --hard origin/$MAIN_BRANCH
- test $? -ne 0 && exit 1
- git pull origin $MAIN_BRANCH
- test $? -ne 0 && exit 1
- echo "INFO: clean $org/$repo..."
- git fetch --prune
- for branch in $(git branch -vv | grep ': gone]' | awk '{print $1}')
- do
- git branch -D $branch
- done
- else
- echo "INFO: clone $org/$repo..."
- cd $WORK_DIR/$org
- git clone git@gitea.${SECRET_DOMAIN}:$org/$repo.git
- test $? -ne 0 && exit 1
- fi
- done
- done
- echo "INFO: Backup done"
- curl -m 10 --retry 5 https://uptime-kuma.${SECRET_CLUSTER_DOMAIN}/api/push/Xk21W4T5mC?status=up&msg=OK&ping=
- EOF
- volumeMounts:
- - name: secret
- mountPath: /opt/id_rsa
- subPath: deployment_rsa_priv_key
- volumes:
- - name: secret
- secret:
- secretName: gitea-config
- restartPolicy: Never
diff --git a/kubernetes/cluster-0/apps/development/kustomization.yaml b/kubernetes/cluster-0/apps/development/kustomization.yaml
deleted file mode 100644
index 2c39e7073..000000000
--- a/kubernetes/cluster-0/apps/development/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./drone
- - ./gitea
- - ./tekton
diff --git a/kubernetes/cluster-0/apps/development/tekton/ingress.yaml b/kubernetes/cluster-0/apps/development/tekton/ingress.yaml
deleted file mode 100644
index b7f346758..000000000
--- a/kubernetes/cluster-0/apps/development/tekton/ingress.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: &app tekton-dashboard
- namespace: tekton-pipelines
- labels:
- app: *app
- app.kubernetes.io/component: dashboard
- app.kubernetes.io/instance: default
- app.kubernetes.io/name: dashboard
- app.kubernetes.io/part-of: *app
- helm.toolkit.fluxcd.io/namespace: default
- annotations:
- auth.home.arpa/enabled: "true"
-spec:
- ingressClassName: nginx
- tls:
- - hosts:
- - &host tekton.k3s.xpander.ovh
- rules:
- - host: *host
- http:
- paths:
- - pathType: ImplementationSpecific
- backend:
- service:
- name: *app
- port:
- number: 9097
diff --git a/kubernetes/cluster-0/apps/development/tekton/kustomization.yaml b/kubernetes/cluster-0/apps/development/tekton/kustomization.yaml
deleted file mode 100644
index b8f1a14f5..000000000
--- a/kubernetes/cluster-0/apps/development/tekton/kustomization.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - https://github.com/tektoncd/pipeline/releases/download/v0.42.0/release.yaml
- - https://github.com/tektoncd/triggers/releases/download/v0.22.0/release.yaml
- - https://github.com/tektoncd/triggers/releases/download/v0.22.0/interceptors.yaml
- - https://github.com/tektoncd/dashboard/releases/download/v0.30.0/tekton-dashboard-release.yaml
- - ./ingress.yaml
diff --git a/kubernetes/cluster-0/apps/documentation/kustomization.yaml b/kubernetes/cluster-0/apps/documentation/kustomization.yaml
deleted file mode 100644
index 4706cdd6d..000000000
--- a/kubernetes/cluster-0/apps/documentation/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: default
-resources:
- - ./outline
diff --git a/kubernetes/cluster-0/apps/downloaders/kustomization.yaml b/kubernetes/cluster-0/apps/downloaders/kustomization.yaml
deleted file mode 100644
index aaf5ac318..000000000
--- a/kubernetes/cluster-0/apps/downloaders/kustomization.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: default
-resources:
- - ./flood
- - ./pyload
- - ./qbittorrent
- - ./sabnzbd
diff --git a/kubernetes/cluster-0/apps/downloaders/qbittorrent/kustomization.yaml b/kubernetes/cluster-0/apps/downloaders/qbittorrent/kustomization.yaml
deleted file mode 100644
index c75725f4e..000000000
--- a/kubernetes/cluster-0/apps/downloaders/qbittorrent/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./volume.yaml
- - ./helmrelease.yaml
- - ./upgrade-p2pblocklist
diff --git a/kubernetes/cluster-0/apps/downloaders/qbittorrent/upgrade-p2pblocklist/helmrelease.yaml b/kubernetes/cluster-0/apps/downloaders/qbittorrent/upgrade-p2pblocklist/helmrelease.yaml
deleted file mode 100644
index 24c953e4a..000000000
--- a/kubernetes/cluster-0/apps/downloaders/qbittorrent/upgrade-p2pblocklist/helmrelease.yaml
+++ /dev/null
@@ -1,70 +0,0 @@
----
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: &app qbittorrent-upgrade-p2pblocklist
- namespace: &namespace default
-spec:
- interval: 15m
- chart:
- spec:
- chart: raw
- version: v0.3.1
- sourceRef:
- kind: HelmRepository
- name: dysnix
- namespace: flux-system
- install:
- createNamespace: true
- remediation:
- retries: 5
- upgrade:
- remediation:
- retries: 5
- dependsOn:
- - name: qbittorrent
- namespace: default
- values:
- resources:
- - apiVersion: batch/v1
- kind: CronJob
- metadata:
- name: *app
- namespace: *namespace
- spec:
- schedule: "@daily"
- jobTemplate:
- spec:
- template:
- metadata:
- name: *app
- spec:
- serviceAccountName: jobs
- containers:
- - name: *app
- image: ghcr.io/auricom/kubectl:1.26.0@sha256:f512e3008d0492cbae7aac6eaccc21b13d723374715aaedd59d352d840f0229c
- imagePullPolicy: IfNotPresent
- command:
- - "/bin/bash"
- - "-c"
- - |
- #!/bin/bash
-
- set -o errexit
- set -o nounset
-
- curl --silent --location https://github.com/DavidMoore/ipfilter/releases/download/lists/ipfilter.dat.gz --output /tmp/ipfilter.dat.gz
- gunzip /tmp/ipfilter.dat.gz
- result=$(kubectl get pod --selector app.kubernetes.io/name=qbittorrent --output custom-columns=:metadata.name --namespace default)
- QBITTORRENT_POD=$(echo $result | awk '{ print $NF }')
- if [[ $QBITTORRENT_POD == *"qbittorrent"* ]]; then
- kubectl cp /tmp/ipfilter.dat default/$QBITTORRENT_POD:/config/ipfilter.dat
- kubectl rollout restart deployment qbittorrent --namespace default
- curl http://uptime-kuma.default.svc.cluster.local.:3001/api/push/6RUDha9bDp?status=up&msg=OK&ping=
- sleep 5
- else
- echo "qbittorrent deployment not found"
- exit 1
- fi
- restartPolicy: Never
diff --git a/kubernetes/cluster-0/apps/downloaders/sabnzbd/secret.sops.yaml b/kubernetes/cluster-0/apps/downloaders/sabnzbd/secret.sops.yaml
deleted file mode 100644
index cf024cc33..000000000
--- a/kubernetes/cluster-0/apps/downloaders/sabnzbd/secret.sops.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-# yamllint disable
-apiVersion: v1
-kind: Secret
-metadata:
- name: sabnzbd
- namespace: default
-type: Opaque
-stringData:
- SABNZBD__API_KEY: ENC[AES256_GCM,data:5uDKu0HStBdS8p0pBz1oVeyy/cKRPkKUn/3h03azChI=,iv:NFYLkuRhA09R4TmzRpQVhVcOfEVpoV49ny2U6ZZ7c5U=,tag:lUhCmx8SlmUnxq1fzAaXlA==,type:str]
- SABNZBD__NZB_KEY: ENC[AES256_GCM,data:jYbVSOaKM/LnR17fAJyphrwfK965P/JFNQWB5lmfeCg=,iv:Ieby0/T86ljW0H+Di+Gl/patAhlyfHsZW99QWRf+B5I=,tag:mPJPPoFquEPff1r7+GAT0Q==,type:str]
-sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
- age:
- - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyOEM5enpWR2FuL3UxaHRR
- TlZ6eDA5TGxxbm5CU0F4Z1Vqaks2ZGVpNG1rCkttdG8zUlBoN3BhSGJNcmZtSERN
- MC80N0QxMjRTeTJFM3lMV3YwRklDbHcKLS0tIEZyam5Cbk9rd2sybXhQdVd6ekVC
- aU11aXhOUi9NaTdRNFV5SEIwaU9zZm8KIKNlG4v1pEb40TRzc3WQnZ2svkDjN45K
- 4vXI/NYrJ9rNrg+qTvmWva/V2oE0zW7OWF0NagS2NXXRLT2b9om6LQ==
- -----END AGE ENCRYPTED FILE-----
- lastmodified: "2022-09-14T07:56:23Z"
- mac: ENC[AES256_GCM,data:nv8FCy2O2oWpWU7IxgIZKnTcLrQKN8hrbdp1+aJ+25GcrFxJgLwBUXQCLg+PjgLtx0tbflh++aiPdMl1142hXLZFZ7vt4xLzb73T1hlI6DeZfTqI2wgz8epdO0p9kmixynS3bYkd+kPvWpCqnTsaIE6Ezi59S+0pAlkingH53dI=,iv:KXAzTHthjQBcCLrbPq00rVEGaymN8BO5aBYfqAkOGps=,tag:paaXEG8GF7RmpW4fPSwwig==,type:str]
- pgp: []
- encrypted_regex: ^(data|stringData)$
- version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/home-automation/frigate/config.yaml b/kubernetes/cluster-0/apps/home-automation/frigate/config.yaml
deleted file mode 100644
index 5460cd156..000000000
--- a/kubernetes/cluster-0/apps/home-automation/frigate/config.yaml
+++ /dev/null
@@ -1,58 +0,0 @@
----
-logger:
- default: info
- logs:
- frigate.record: debug
-
-mqtt:
- host: emqx.default.svc.cluster.local.
- topic_prefix: frigate
- user: "{MQTT_USER}"
- password: "{MQTT_PASSWORD}"
-
-database:
- path: /data/frigate.db
-
-detectors:
- coral:
- type: edgetpu
- device: usb
-
-ffmpeg:
- global_args:
- - -hide_banner
- - -loglevel
- - warning
- hwaccel_args:
- - -hwaccel
- - vaapi
- - -hwaccel_device
- - /dev/dri/renderD128
- - -hwaccel_output_format
- - yuv420p
- # https://github.com/blakeblackshear/frigate/issues/3296
- output_args:
- record: -f segment -segment_time 10 -segment_format mp4 -reset_timestamps 1 -strftime 1 -c:v copy -ar 44100 -c:a aac
- rtmp: -c:v copy -f flv -ar 44100 -c:a aac
-
-rtmp:
- enabled: true
-
-record:
- enabled: true
- retain:
- days: 3
- mode: all
- events:
- retain:
- default: 7
- mode: active_objects
-
-objects:
- track:
- - person
- filters:
- person:
- min_area: 5000
- max_area: 100000
- threshold: 0.7
diff --git a/kubernetes/cluster-0/apps/home-automation/frigate/helmrelease.yaml b/kubernetes/cluster-0/apps/home-automation/frigate/helmrelease.yaml
deleted file mode 100644
index 92b9adde0..000000000
--- a/kubernetes/cluster-0/apps/home-automation/frigate/helmrelease.yaml
+++ /dev/null
@@ -1,119 +0,0 @@
----
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: &app frigate
- namespace: default
-spec:
- interval: 15m
- chart:
- spec:
- chart: app-template
- version: 1.2.0
- sourceRef:
- kind: HelmRepository
- name: bjw-s
- namespace: flux-system
- install:
- createNamespace: true
- remediation:
- retries: 5
- upgrade:
- remediation:
- retries: 5
- dependsOn:
- - name: emqx
- namespace: default
- - name: intel-gpu-plugin
- namespace: default
- - name: node-feature-discovery
- namespace: default
- values:
- fullnameOverride: *app
- image:
- repository: docker.io/blakeblackshear/frigate
- tag: 0.11.1
- env:
- TZ: "${TIMEZONE}"
- LIBVA_DRIVER_NAME: i965
- MQTT_USER: "${SECRET_MQTT_USERNAME}"
- MQTT_PASSWORD: ${SECRET_MQTT_PASSWORD}
- service:
- main:
- ports:
- http:
- port: &port 5000
- probes:
- liveness: &probes
- enabled: true
- custom: true
- spec:
- httpGet:
- path: /api/version
- port: *port
- initialDelaySeconds: 0
- periodSeconds: 10
- timeoutSeconds: 1
- failureThreshold: 3
- readiness: *probes
- startup:
- enabled: false
- ingress:
- main:
- enabled: true
- ingressClassName: "nginx"
- annotations:
- auth.home.arpa/enabled: "true"
- hosts:
- - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
- paths:
- - path: /
- pathType: Prefix
- tls:
- - hosts:
- - *host
- securityContext:
- privileged: true
- persistence:
- config:
- enabled: true
- type: configMap
- name: *app
- subPath: config.yaml
- mountPath: /config/config.yml
- readOnly: true
- data:
- enabled: true
- existingClaim: frigate-config
- usb:
- enabled: true
- type: hostPath
- hostPath: /dev/bus/usb
- hostPathType: Directory
- mountPath: /dev/bus/usb
- cache:
- enabled: true
- type: emptyDir
- medium: Memory
- sizeLimit: 4Gi
- mountPath: /dev/shm
- podAnnotations:
- configmap.reloader.stakater.com/reload: *app
- affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: feature.node.kubernetes.io/custom-coral-tpu
- operator: In
- values:
- - "true"
- resources:
- requests:
- cpu: 100m
- memory: 1Gi
- gpu.intel.com/i915: "1"
- limits:
- memory: 6Gi
- gpu.intel.com/i915: "1"
diff --git a/kubernetes/cluster-0/apps/home-automation/frigate/volume.yaml b/kubernetes/cluster-0/apps/home-automation/frigate/volume.yaml
deleted file mode 100644
index f06f61560..000000000
--- a/kubernetes/cluster-0/apps/home-automation/frigate/volume.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: frigate-config
- namespace: default
- labels:
- app.kubernetes.io/name: &name frigate
- app.kubernetes.io/instance: *name
- snapshot.home.arpa/enabled: "true"
-spec:
- accessModes:
- - ReadWriteOnce
- storageClassName: rook-ceph-block
- resources:
- requests:
- storage: 5Gi
diff --git a/kubernetes/cluster-0/apps/home-automation/home-assistant-code/helmrelease.yaml b/kubernetes/cluster-0/apps/home-automation/home-assistant-code/helmrelease.yaml
deleted file mode 100644
index b202f30f0..000000000
--- a/kubernetes/cluster-0/apps/home-automation/home-assistant-code/helmrelease.yaml
+++ /dev/null
@@ -1,87 +0,0 @@
----
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: &app home-assistant-code
- namespace: default
-spec:
- interval: 15m
- chart:
- spec:
- chart: app-template
- version: 1.2.0
- sourceRef:
- kind: HelmRepository
- name: bjw-s
- namespace: flux-system
- install:
- createNamespace: true
- remediation:
- retries: 5
- upgrade:
- remediation:
- retries: 5
- dependsOn:
- - name: home-assistant
- namespace: default
- values:
- image:
- repository: ghcr.io/coder/code-server
- tag: 4.9.1
- env:
- TZ: "${TIMEZONE}"
- GIT_SSH_COMMAND: "ssh -i /config/.ssh/id_rsa -o IdentitiesOnly=yes"
- args:
- - --auth
- - "none"
- - --user-data-dir
- - "/config/.vscode"
- - --extensions-dir
- - "/config/.vscode"
- - --port
- - "80"
- - "/config"
- service:
- main:
- ports:
- http:
- port: 80
- ingress:
- main:
- enabled: true
- ingressClassName: "nginx"
- hosts:
- - host: &host "hass-code.${SECRET_CLUSTER_DOMAIN}"
- paths:
- - path: /
- pathType: Prefix
- tls:
- - hosts:
- - *host
- podSecurityContext:
- runAsUser: 0
- runAsGroup: 0
- fsGroup: 0
- persistence:
- config:
- enabled: true
- existingClaim: hass-config
- affinity:
- podAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- - labelSelector:
- matchExpressions:
- - key: app.kubernetes.io/name
- operator: In
- values: ["home-assistant"]
- - key: app.kubernetes.io/instance
- operator: In
- values: ["home-assistant"]
- topologyKey: kubernetes.io/hostname
- resources:
- requests:
- cpu: 10m
- memory: 100Mi
- limits:
- memory: 500Mi
diff --git a/kubernetes/cluster-0/apps/home-automation/home-assistant/kustomization.yaml b/kubernetes/cluster-0/apps/home-automation/home-assistant/kustomization.yaml
deleted file mode 100644
index 6765f8f0f..000000000
--- a/kubernetes/cluster-0/apps/home-automation/home-assistant/kustomization.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./secret.sops.yaml
- - ./helmrelease.yaml
- - ./volume.yaml
- - ./token.sops.yaml
- - ./podmonitor.yaml
-patchesStrategicMerge:
- - ./patches/postgres.yaml
diff --git a/kubernetes/cluster-0/apps/home-automation/kustomization.yaml b/kubernetes/cluster-0/apps/home-automation/kustomization.yaml
deleted file mode 100644
index a660630f5..000000000
--- a/kubernetes/cluster-0/apps/home-automation/kustomization.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./emqx
- # - ./frigate
- - ./home-assistant
- - ./home-assistant-code
- - ./zigbee2mqtt
- - ./zwavejs2mqtt
diff --git a/kubernetes/cluster-0/apps/kube-tools/coredns-nodecache/configmap.yaml b/kubernetes/cluster-0/apps/kube-tools/coredns-nodecache/configmap.yaml
deleted file mode 100644
index cf0a29f78..000000000
--- a/kubernetes/cluster-0/apps/kube-tools/coredns-nodecache/configmap.yaml
+++ /dev/null
@@ -1,121 +0,0 @@
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: coredns-nodecache-primary
- namespace: default
-data:
- Corefile: |
- cluster.local:53 {
- errors
- cache {
- success 9984 30
- denial 9984 5
- prefetch 3 60s 15%
- }
- reload
- loop
- bind 169.254.20.10 # Set your cluster dns to this
- nodecache skipteardown
- template IN AAAA {
- rcode NOERROR
- }
- forward . 10.96.0.10 { # Kube-DNS IP
- force_tcp
- }
- prometheus :9253
- health 169.254.20.10:8080
- }
- in-addr.arpa:53 {
- errors
- cache 120
- reload
- loop
- bind 169.254.20.10
- nodecache skipteardown
- template IN AAAA {
- rcode NOERROR
- }
- forward . /etc/resolv.conf {
- force_tcp
- }
- prometheus :9253
- }
- .:53 {
- errors
- cache {
- success 9984 86400
- denial 9984 300
- prefetch 3 60s 15%
- }
- reload
- loop
- bind 169.254.20.10
- nodecache skipteardown
- template IN AAAA {
- rcode NOERROR
- }
- forward . /etc/resolv.conf {
- force_tcp
- }
- prometheus :9253
- }
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: coredns-nodecache-secondary
- namespace: default
-data:
- Corefile: |
- cluster.local:53 {
- errors
- cache {
- success 9984 30
- denial 9984 5
- prefetch 3 60s 15%
- }
- reload
- loop
- bind 169.254.20.10 # Set your cluster dns to this
- template IN AAAA {
- rcode NOERROR
- }
- forward . 10.96.0.10 { # Kube-DNS IP
- force_tcp
- }
- prometheus :9254
- health 169.254.20.10:8082
- }
- in-addr.arpa:53 {
- errors
- cache 120
- reload
- loop
- bind 169.254.20.10
- template IN AAAA {
- rcode NOERROR
- }
- forward . /etc/resolv.conf {
- force_tcp
- }
- prometheus :9254
- }
- .:53 {
- errors
- cache {
- success 9984 86400
- denial 9984 300
- prefetch 3 60s 15%
- }
- reload
- loop
- bind 169.254.20.10
- template IN AAAA {
- rcode NOERROR
- }
- forward . /etc/resolv.conf {
- force_tcp
- }
- prometheus :9254
- }
diff --git a/kubernetes/cluster-0/apps/kube-tools/coredns-nodecache/daemonset.yaml b/kubernetes/cluster-0/apps/kube-tools/coredns-nodecache/daemonset.yaml
deleted file mode 100644
index 361e4f13b..000000000
--- a/kubernetes/cluster-0/apps/kube-tools/coredns-nodecache/daemonset.yaml
+++ /dev/null
@@ -1,147 +0,0 @@
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
- name: coredns-nodecache-primary
- namespace: kube-system
- labels:
- k8s-app: coredns-nodecache
- kubernetes.io/cluster-service: "true"
-spec:
- updateStrategy:
- rollingUpdate:
- maxUnavailable: 10%
- selector:
- matchLabels:
- k8s-app: coredns-nodecache
- template:
- metadata:
- labels:
- k8s-app: coredns-nodecache
- spec:
- priorityClassName: system-node-critical
- serviceAccountName: coredns-nodecache
- hostNetwork: true
- dnsPolicy: Default
- tolerations:
- - key: node-role.kubernetes.io/control-plane
- effect: NoSchedule
- operator: Exists
- containers:
- - name: coredns-nodecache
- image: contentful/coredns-nodecache:latest
- resources:
- limits:
- memory: 50Mi
- requests:
- cpu: 25m
- memory: 5Mi
- args:
- - -conf
- - /etc/coredns/Corefile
- securityContext:
- privileged: true
- ports:
- - containerPort: 53
- name: dns
- protocol: UDP
- - containerPort: 53
- name: dns-tcp
- protocol: TCP
- - containerPort: 9253
- name: metrics
- protocol: TCP
- livenessProbe:
- httpGet:
- host: 169.254.20.10
- path: /health
- port: 8080
- initialDelaySeconds: 60
- timeoutSeconds: 5
- volumeMounts:
- - mountPath: /run/xtables.lock
- name: xtables-lock
- readOnly: false
- - name: config-volume
- mountPath: /etc/coredns
- volumes:
- - name: xtables-lock
- hostPath:
- path: /run/xtables.lock
- type: FileOrCreate
- - name: config-volume
- configMap:
- name: coredns-nodecache-primary
- items:
- - key: Corefile
- path: Corefile
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
- name: coredns-nodecache-secondary
- namespace: kube-system
- labels:
- k8s-app: coredns-nodecache
- kubernetes.io/cluster-service: "true"
-spec:
- updateStrategy:
- rollingUpdate:
- maxUnavailable: 10%
- selector:
- matchLabels:
- k8s-app: coredns-nodecache
- template:
- metadata:
- labels:
- k8s-app: coredns-nodecache
- spec:
- priorityClassName: system-node-critical
- serviceAccountName: coredns-nodecache
- hostNetwork: true
- dnsPolicy: Default
- tolerations:
- - key: node-role.kubernetes.io/control-plane
- effect: NoSchedule
- containers:
- - name: coredns-nodecache
- image: contentful/coredns-nodecache:latest
- resources:
- limits:
- memory: 50Mi
- requests:
- cpu: 25m
- memory: 5Mi
- args:
- - -conf
- - /etc/coredns/Corefile
- securityContext:
- privileged: true
- ports:
- - containerPort: 9254
- name: metrics
- protocol: TCP
- livenessProbe:
- httpGet:
- host: 169.254.20.10
- path: /health
- port: 8082
- initialDelaySeconds: 60
- timeoutSeconds: 5
- volumeMounts:
- - mountPath: /run/xtables.lock
- name: xtables-lock
- readOnly: false
- - name: config-volume
- mountPath: /etc/coredns
- volumes:
- - name: xtables-lock
- hostPath:
- path: /run/xtables.lock
- type: FileOrCreate
- - name: config-volume
- configMap:
- name: coredns-nodecache-secondary
- items:
- - key: Corefile
- path: Corefile
diff --git a/kubernetes/cluster-0/apps/kube-tools/coredns-nodecache/kustomization.yaml b/kubernetes/cluster-0/apps/kube-tools/coredns-nodecache/kustomization.yaml
deleted file mode 100644
index f61c3a976..000000000
--- a/kubernetes/cluster-0/apps/kube-tools/coredns-nodecache/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./service-account.yaml
- - ./configmap.yaml
- - ./daemonset.yaml
diff --git a/kubernetes/cluster-0/apps/kube-tools/coredns-nodecache/service-account.yaml b/kubernetes/cluster-0/apps/kube-tools/coredns-nodecache/service-account.yaml
deleted file mode 100644
index 03729506a..000000000
--- a/kubernetes/cluster-0/apps/kube-tools/coredns-nodecache/service-account.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: coredns-nodecache
- namespace: kube-system
- labels:
- kubernetes.io/cluster-service: "true"
diff --git a/kubernetes/cluster-0/apps/kube-tools/kubelet-csr-approver/kustomization.yaml b/kubernetes/cluster-0/apps/kube-tools/kubelet-csr-approver/kustomization.yaml
deleted file mode 100644
index 17cbc72b2..000000000
--- a/kubernetes/cluster-0/apps/kube-tools/kubelet-csr-approver/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/kube-tools/kustomization.yaml b/kubernetes/cluster-0/apps/kube-tools/kustomization.yaml
deleted file mode 100644
index 70e1c4923..000000000
--- a/kubernetes/cluster-0/apps/kube-tools/kustomization.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- # - ./coredens-nodecache
- - ./descheduler
- - ./intel-gpu-exporter
- - ./intel-gpu-plugin
- - ./kyverno
- - ./metrics-server
- - ./node-feature-discovery
- - ./rbac
- - ./reloader
diff --git a/kubernetes/cluster-0/apps/kube-tools/kyverno/kustomization.yaml b/kubernetes/cluster-0/apps/kube-tools/kyverno/kustomization.yaml
deleted file mode 100644
index 6b2ef1a63..000000000
--- a/kubernetes/cluster-0/apps/kube-tools/kyverno/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./helmrelease.yaml
- - ./policies/helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/kube-tools/kyverno/policies/helmrelease.yaml b/kubernetes/cluster-0/apps/kube-tools/kyverno/policies/helmrelease.yaml
deleted file mode 100644
index 28d6efbaa..000000000
--- a/kubernetes/cluster-0/apps/kube-tools/kyverno/policies/helmrelease.yaml
+++ /dev/null
@@ -1,323 +0,0 @@
----
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: kyverno-policies
- namespace: kyverno
-spec:
- interval: 15m
- chart:
- spec:
- chart: raw
- version: v0.3.1
- sourceRef:
- kind: HelmRepository
- name: dysnix
- namespace: flux-system
- install:
- createNamespace: true
- remediation:
- retries: 5
- upgrade:
- remediation:
- retries: 5
- dependsOn:
- - name: kyverno
- namespace: kyverno
- values:
- resources:
- - apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
- name: kyverno:admin
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: admin
- subjects:
- - kind: ServiceAccount
- name: kyverno
- namespace: kyverno
-
- - apiVersion: kyverno.io/v1
- kind: ClusterPolicy
- metadata:
- name: apply-ingress-auth-annotations
- annotations:
- policies.kyverno.io/title: Apply Ingress Auth Annotations
- policies.kyverno.io/subject: Ingress
- policies.kyverno.io/description: >-
- This policy creates auth annotations on ingresses. When
- the `auth.home.arpa/enabled` annotation is `true` it
- applies the nginx auth annotations for use with Authelia.
- spec:
- mutateExistingOnPolicyUpdate: true
- generateExistingOnPolicyUpdate: true
- rules:
- - name: auth
- match:
- any:
- - resources:
- kinds: ["Ingress"]
- annotations:
- auth.home.arpa/enabled: "true"
- mutate:
- patchStrategicMerge:
- metadata:
- annotations:
- +(nginx.ingress.kubernetes.io/auth-method): GET
- +(nginx.ingress.kubernetes.io/auth-url): |-
- http://authelia.default.svc.cluster.local.:8888/api/verify
- +(nginx.ingress.kubernetes.io/auth-signin): |-
- https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
- +(nginx.ingress.kubernetes.io/auth-response-headers): |-
- Remote-User,Remote-Name,Remote-Groups,Remote-Email
- +(nginx.ingress.kubernetes.io/auth-snippet): |
- proxy_set_header X-Forwarded-Method $request_method;
-
- - apiVersion: kyverno.io/v1
- kind: ClusterPolicy
- metadata:
- name: apply-ingress-external-dns-annotations
- annotations:
- policies.kyverno.io/title: Apply Ingress External-DNS Annotations
- policies.kyverno.io/subject: Ingress
- policies.kyverno.io/description: >-
- This policy creates external-dns annotations on ingresses.
- When the `external-dns.home.arpa/enabled` annotation is `true`
- it applies the external-dns annotations for use with external
- application access.
- spec:
- mutateExistingOnPolicyUpdate: true
- generateExistingOnPolicyUpdate: true
- rules:
- - name: external-dns
- match:
- any:
- - resources:
- kinds: ["Ingress"]
- annotations:
- external-dns.home.arpa/enabled: "true"
- mutate:
- patchStrategicMerge:
- metadata:
- annotations:
- +(external-dns.alpha.kubernetes.io/target): |-
- services.${SECRET_DOMAIN}.
-
- - apiVersion: kyverno.io/v1
- kind: ClusterPolicy
- metadata:
- name: apply-ingress-whitelist-annotations
- annotations:
- policies.kyverno.io/title: Apply Ingress Whitelist Annotations
- policies.kyverno.io/subject: Ingress
- policies.kyverno.io/description: >-
- This policy creates annotations on ingresses. When
- the `external-dns.home.arpa/enabled` annotation is not
- set it applies the nginx annotations for use with only
- internal application access.
- spec:
- mutateExistingOnPolicyUpdate: true
- generateExistingOnPolicyUpdate: true
- rules:
- - name: whitelist
- match:
- any:
- - resources:
- kinds: ["Ingress"]
- exclude:
- any:
- - resources:
- annotations:
- external-dns.home.arpa/enabled: "true"
- mutate:
- patchStrategicMerge:
- metadata:
- annotations:
- +(nginx.ingress.kubernetes.io/whitelist-source-range): |-
- 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
-
- - apiVersion: kyverno.io/v1
- kind: ClusterPolicy
- metadata:
- name: delete-cpu-limits
- annotations:
- policies.kyverno.io/title: Delete CPU limits
- policies.kyverno.io/subject: Pod
- policies.kyverno.io/description: >-
- This policy deletes CPU limits from all Pods.
- spec:
- mutateExistingOnPolicyUpdate: true
- generateExistingOnPolicyUpdate: true
- rules:
- - name: delete-cpu-limits
- match:
- any:
- - resources:
- kinds: ["Pod"]
- exclude:
- any:
- - resources:
- namespaces:
- - calico-system
- - tigera-operator
- - resources:
- kinds: ["Pod"]
- selector:
- matchLabels:
- job-name: "*"
- - resources:
- kinds: ["Pod"]
- selector:
- matchLabels:
- statefulset.kubernetes.io/pod-name: "*"
- - resources:
- annotations:
- kyverno.io/ignore: "true"
- mutate:
- patchStrategicMerge:
- spec:
- initContainers:
- - (name): "*"
- resources:
- limits:
- cpu: null
- containers:
- - (name): "*"
- resources:
- limits:
- cpu: null
-
- - apiVersion: kyverno.io/v1
- kind: ClusterPolicy
- metadata:
- name: snapshot-cronjob-controller
- annotations:
- policies.kyverno.io/title: Snapshot CronJob controller
- policies.kyverno.io/subject: PersistentVolumeClaim
- policies.kyverno.io/description: |
- This policy creates a Kopia snapshot CronJob for labeled PersistentVolumeClaims.
- The following label on PVCs are required for this to run:
- - snapshot.home.arpa/enabled
- spec:
- generateExistingOnPolicyUpdate: true
- mutateExistingOnPolicyUpdate: true
- rules:
- - name: create-snapshot-cronjob
- match:
- any:
- - resources:
- kinds:
- - PersistentVolumeClaim
- selector:
- matchLabels:
- app.kubernetes.io/name: "*"
- app.kubernetes.io/instance: "*"
- snapshot.home.arpa/enabled: "true"
- context:
- - name: appName
- variable:
- jmesPath: 'request.object.metadata.labels."app.kubernetes.io/name"'
- - name: claimName
- variable:
- jmesPath: "request.object.metadata.name"
- # TODO(kyverno): https://github.com/kyverno/kyverno/pull/4767
- # jmesPath: "{{ regex_replace_all('^([^-]*)', {{ request.object.metadata.name }}, '${1}') }}" # 'config' instead of 'config-home-assistant-0'
- - name: namespace
- variable:
- jmesPath: "request.object.metadata.namespace"
- - name: nodeAffinity
- variable:
- value:
- labels:
- - key: app.kubernetes.io/name
- operator: "In"
- values:
- - '{{ request.object.metadata.labels."app.kubernetes.io/name" }}'
- - key: app.kubernetes.io/instance
- operator: "In"
- values:
- - '{{ request.object.metadata.labels."app.kubernetes.io/instance" }}'
- generate:
- synchronize: true
- apiVersion: batch/v1
- kind: CronJob
- name: "{{ appName }}-{{ claimName }}-snapshot"
- namespace: "{{ request.object.metadata.namespace }}"
- data:
- metadata:
- labels:
- app.kubernetes.io/name: '{{ request.object.metadata.labels."app.kubernetes.io/name" }}'
- app.kubernetes.io/instance: '{{ request.object.metadata.labels."app.kubernetes.io/instance" }}'
- ownerReferences:
- - apiVersion: "{{ request.object.apiVersion }}"
- kind: "{{ request.object.kind }}"
- name: "{{ request.object.metadata.name }}"
- uid: "{{ request.object.metadata.uid }}"
- spec:
- schedule: "0 7 * * *"
- suspend: false
- concurrencyPolicy: Forbid
- successfulJobsHistoryLimit: 1
- failedJobsHistoryLimit: 2
- jobTemplate:
- spec:
- # Keep at least one job in completed state in accordance to the schedule
- ttlSecondsAfterFinished: 86400
- template:
- spec:
- automountServiceAccountToken: false
- restartPolicy: OnFailure
- # Stagger jobs to run randomly within X seconds to avoid bringing down all apps at once
- initContainers:
- - name: wait
- image: ghcr.io/onedr0p/kopia:0.12.1@sha256:01ed9b934fa40216f17ffc8a906cf7a7e21c8d41a93f5ed571f2e5efa43844a7
- command: ["/scripts/sleep.sh"]
- args: ["1", "1800"]
- containers:
- - name: snapshot
- image: ghcr.io/onedr0p/kopia:0.12.1@sha256:01ed9b934fa40216f17ffc8a906cf7a7e21c8d41a93f5ed571f2e5efa43844a7
- env:
- - name: KOPIA_CACHE_DIRECTORY
- value: /snapshots/{{ namespace }}/{{ appName }}/{{ claimName }}/cache
- - name: KOPIA_LOG_DIR
- value: /snapshots/{{ namespace }}/{{ appName }}/{{ claimName }}/logs
- - name: KOPIA_PASSWORD
- value: "none"
- command:
- - /bin/bash
- - -c
- - |-
- printf "\e[1;32m%-6s\e[m\n" "[01/10] Create repo ..." && [[ ! -f /snapshots/kopia.repository.f ]] && kopia repository create filesystem --path=/snapshots
- printf "\e[1;32m%-6s\e[m\n" "[02/10] Connect to repo ..." && kopia repo connect filesystem --path=/snapshots --override-hostname=cluster --override-username=root
- printf "\e[1;32m%-6s\e[m\n" "[03/10] Set policies ..." && kopia policy set /data/{{ namespace }}/{{ appName }}/{{ claimName }} --compression=zstd --keep-latest 14 --keep-hourly 0 --keep-daily 7 --keep-weekly 2 --keep-monthly 0 --keep-annual 0
- printf "\e[1;32m%-6s\e[m\n" "[04/10] Freeze {{ claimName }} ..." && fsfreeze -f /data/{{ namespace }}/{{ appName }}/{{ claimName }}
- printf "\e[1;32m%-6s\e[m\n" "[05/10] Snapshot {{ claimName }} ..." && kopia snap create /data/{{ namespace }}/{{ appName }}/{{ claimName }}
- printf "\e[1;32m%-6s\e[m\n" "[06/10] Unfreeze {{ claimName }} ..." && fsfreeze -u /data/{{ namespace }}/{{ appName }}/{{ claimName }}
- printf "\e[1;32m%-6s\e[m\n" "[07/10] List snapshots ..." && kopia snap list /data/{{ namespace }}/{{ appName }}/{{ claimName }}
- printf "\e[1;32m%-6s\e[m\n" "[08/10] Show stats ..." && kopia content stats
- printf "\e[1;32m%-6s\e[m\n" "[09/10] Show maintenance info ..." && kopia maintenance info
- printf "\e[1;32m%-6s\e[m\n" "[10/10] Disconnect from repo ..." && kopia repo disconnect
- volumeMounts:
- - name: data
- mountPath: "/data/{{ namespace }}/{{ appName }}/{{ claimName }}"
- - name: snapshots
- mountPath: /snapshots
- securityContext:
- privileged: true
- volumes:
- - name: data
- persistentVolumeClaim:
- claimName: "{{ claimName }}"
- - name: snapshots
- nfs:
- server: "${LOCAL_LAN_TRUENAS}"
- path: /mnt/storage/backups/kubernetes
- affinity:
- podAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- - topologyKey: kubernetes.io/hostname
- labelSelector:
- matchExpressions: "{{ nodeAffinity.labels }}"
diff --git a/kubernetes/cluster-0/apps/kube-tools/metrics-server/kustomization.yaml b/kubernetes/cluster-0/apps/kube-tools/metrics-server/kustomization.yaml
deleted file mode 100644
index 17cbc72b2..000000000
--- a/kubernetes/cluster-0/apps/kube-tools/metrics-server/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/kube-tools/node-feature-discovery/kustomization.yaml b/kubernetes/cluster-0/apps/kube-tools/node-feature-discovery/kustomization.yaml
deleted file mode 100644
index 17cbc72b2..000000000
--- a/kubernetes/cluster-0/apps/kube-tools/node-feature-discovery/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/kube-tools/rbac/kustomization.yaml b/kubernetes/cluster-0/apps/kube-tools/rbac/kustomization.yaml
deleted file mode 100644
index b60c0c377..000000000
--- a/kubernetes/cluster-0/apps/kube-tools/rbac/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./jobs.yaml
diff --git a/kubernetes/cluster-0/apps/kube-tools/reloader/kustomization.yaml b/kubernetes/cluster-0/apps/kube-tools/reloader/kustomization.yaml
deleted file mode 100644
index 17cbc72b2..000000000
--- a/kubernetes/cluster-0/apps/kube-tools/reloader/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/kustomization.yaml b/kubernetes/cluster-0/apps/kustomization.yaml
deleted file mode 100644
index aca3f4582..000000000
--- a/kubernetes/cluster-0/apps/kustomization.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./namespaces.yaml
- - ./authentication
- - ./databases
- - ./development
- - ./documentation
- - ./downloaders
- - ./home-automation
- - ./kube-tools
- - ./logs
- - ./media-automation
- - ./media-servers
- - ./monitoring
- - ./networking
- # - ./security
- - ./storage
- - ./web-tools
diff --git a/kubernetes/cluster-0/apps/logs/kustomization.yaml b/kubernetes/cluster-0/apps/logs/kustomization.yaml
deleted file mode 100644
index 75bbbd4b2..000000000
--- a/kubernetes/cluster-0/apps/logs/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./loki
- - ./vector
diff --git a/kubernetes/cluster-0/apps/logs/vector/agent/kustomization.yaml b/kubernetes/cluster-0/apps/logs/vector/agent/kustomization.yaml
deleted file mode 100644
index 17cbc72b2..000000000
--- a/kubernetes/cluster-0/apps/logs/vector/agent/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/logs/vector/aggregator/helmrelease.yaml b/kubernetes/cluster-0/apps/logs/vector/aggregator/helmrelease.yaml
deleted file mode 100644
index 8eb9eab93..000000000
--- a/kubernetes/cluster-0/apps/logs/vector/aggregator/helmrelease.yaml
+++ /dev/null
@@ -1,219 +0,0 @@
----
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: &app vector-aggregator
- namespace: monitoring
-spec:
- interval: 15m
- chart:
- spec:
- chart: vector
- version: 0.18.0
- sourceRef:
- kind: HelmRepository
- name: vector
- namespace: flux-system
- install:
- createNamespace: true
- remediation:
- retries: 5
- upgrade:
- remediation:
- retries: 5
- dependsOn:
- - name: loki
- namespace: monitoring
- values:
- image:
- repository: timberio/vector
- tag: 0.26.0-debian
- role: "Stateless-Aggregator"
- podAnnotations:
- configmap.reloader.stakater.com/reload: vector-aggregator
- customConfig:
- data_dir: /vector-data-dir
- api:
- enabled: false
- # Sources
- sources:
- kubernetes_logs:
- address: 0.0.0.0:6000
- type: vector
- version: "2"
- opnsense_logs:
- address: 0.0.0.0:6001
- type: vector
- version: "2"
- journal_logs:
- type: vector
- address: 0.0.0.0:6002
- version: "2"
- vector_metrics:
- type: internal_metrics
- talos_kernel_logs:
- address: 0.0.0.0:6050
- type: socket
- mode: udp
- max_length: 102400
- decoding:
- codec: json
- host_key: __host
- talos_service_logs:
- address: 0.0.0.0:6051
- type: socket
- mode: udp
- max_length: 102400
- decoding:
- codec: json
- host_key: __host
- # Transformations
- transforms:
- talos_kernel_logs_xform:
- type: remap
- inputs:
- - talos_kernel_logs
- source: |-
- .__host = replace!(.__host, "192.168.9.101", "talos-node-1")
- .__host = replace(.__host, "192.168.9.102", "talos-node-2")
- .__host = replace(.__host, "192.168.9.103", "talos-node-3")
- .__host = replace(.__host, "192.168.9.104", "talos-node-4")
- talos_service_logs_xform:
- type: remap
- inputs:
- - talos_service_logs
- source: |-
- .__host = replace!(.__host, "192.168.9.101", "talos-node-1")
- .__host = replace(.__host, "192.168.9.102", "talos-node-2")
- .__host = replace(.__host, "192.168.9.103", "talos-node-3")
- .__host = replace(.__host, "192.168.9.104", "talos-node-4")
- # Sinks
- sinks:
- loki_kubernetes:
- type: loki
- inputs:
- - kubernetes_logs
- endpoint: http://loki-gateway.monitoring:80
- encoding:
- codec: json
- batch:
- max_bytes: 2049000
- out_of_order_action: rewrite_timestamp
- remove_label_fields: true
- remove_timestamp: true
- labels:
- k8s_app: >-
- {{`{{ "kubernetes.pod_labels.app\.kubernetes\.io/name" }}`}}
- k8s_container: >-
- {{`{{ "kubernetes.container_name" }}`}}
- k8s_filename: >-
- {{`{{ "kubernetes.file" }}`}}
- k8s_instance: >-
- {{`{{ "kubernetes.pod_labels.app\.kubernetes\.io/instance" }}`}}
- k8s_namespace: >-
- {{`{{ "kubernetes.pod_namespace" }}`}}
- k8s_node: >-
- {{`{{ "kubernetes.pod_node_name" }}`}}
- k8s_pod: >-
- {{`{{ "kubernetes.pod_name" }}`}}
- loki_opnsense:
- type: loki
- inputs:
- - opnsense_logs
- endpoint: http://loki-gateway.monitoring:80
- encoding:
- codec: json
- batch:
- max_bytes: 400000
- out_of_order_action: rewrite_timestamp
- labels:
- hostname: >-
- {{`{{ host }}`}}
- syslog_identifier: >-
- {{`{{ SYSLOG_IDENTIFIER }}`}}
- loki_journal:
- type: loki
- inputs:
- - journal_logs
- endpoint: http://loki-gateway.monitoring:80
- encoding:
- codec: json
- batch:
- max_bytes: 2049000
- out_of_order_action: accept
- remove_label_fields: true
- remove_timestamp: true
- labels:
- hostname: >-
- {{`{{ host }}`}}
- talos_kernel:
- type: loki
- inputs:
- - talos_kernel_logs_xform
- endpoint: http://loki-gateway.monitoring:80
- encoding:
- codec: json
- except_fields:
- - __host
- batch:
- max_bytes: 1048576
- out_of_order_action: rewrite_timestamp
- labels:
- hostname: >-
- {{`{{ __host }}`}}
- service: >-
- {{`{{ facility }}`}}
- talos_service:
- type: loki
- inputs:
- - talos_service_logs_xform
- endpoint: http://loki-gateway.monitoring:80
- encoding:
- codec: json
- except_fields:
- - __host
- batch:
- max_bytes: 524288
- out_of_order_action: rewrite_timestamp
- labels:
- hostname: >-
- {{`{{ __host }}`}}
- service: >-
- {{`{{ "talos-service" }}`}}
- namespace: "talos:service"
- extraVolumeMounts:
- - name: geoip
- mountPath: /geoip
- extraVolumes:
- - name: geoip
- persistentVolumeClaim:
- claimName: vector-geoipupdate-config
- podMonitor:
- enabled: true
- jobLabel: vector-aggregator
- port: prometheus-sink
- resources:
- requests:
- cpu: 35m
- memory: 381M
- limits:
- memory: 726M
- service:
- enabled: true
- type: LoadBalancer
- annotations:
- coredns.io/hostname: "vector.${SECRET_CLUSTER_DOMAIN}"
- postRenderers:
- - kustomize:
- patchesJson6902:
- - target:
- kind: Service
- name: vector-aggregator
- patch:
- - op: add
- path: /spec/loadBalancerIP
- value: ${CLUSTER_LB_VECTOR}
- - op: replace
- path: /spec/externalTrafficPolicy
- value: Local
diff --git a/kubernetes/cluster-0/apps/logs/vector/geoipupdate/cron-job.yaml b/kubernetes/cluster-0/apps/logs/vector/geoipupdate/cron-job.yaml
deleted file mode 100644
index 084e00078..000000000
--- a/kubernetes/cluster-0/apps/logs/vector/geoipupdate/cron-job.yaml
+++ /dev/null
@@ -1,46 +0,0 @@
----
-apiVersion: batch/v1
-kind: CronJob
-metadata:
- name: &app vector-geoipupdate
- namespace: monitoring
-spec:
- schedule: "@daily"
- concurrencyPolicy: Forbid
- successfulJobsHistoryLimit: 1
- failedJobsHistoryLimit: 2
- jobTemplate:
- spec:
- ttlSecondsAfterFinished: 86400
- template:
- spec:
- automountServiceAccountToken: false
- restartPolicy: Never
- containers:
- - name: *app
- image: docker.io/maxmindinc/geoipupdate:v4.10
- imagePullPolicy: IfNotPresent
- lifecycle:
- preStop:
- exec:
- command:
- - /bin/sh
- - -c
- - rm -rf /usr/share/GeoIP/.geoipupdate.lock
- env:
- - name: GEOIPUPDATE_EDITION_IDS
- value: GeoLite2-City
- - name: GEOIPUPDATE_FREQUENCY
- value: "0"
- - name: GEOIPUPDATE_VERBOSE
- value: "true"
- envFrom:
- - secretRef:
- name: *app
- volumeMounts:
- - name: *app
- mountPath: /usr/share/GeoIP
- volumes:
- - name: *app
- persistentVolumeClaim:
- claimName: vector-geoipupdate-config
diff --git a/kubernetes/cluster-0/apps/logs/vector/geoipupdate/kustomization.yaml b/kubernetes/cluster-0/apps/logs/vector/geoipupdate/kustomization.yaml
deleted file mode 100644
index c0417ebd2..000000000
--- a/kubernetes/cluster-0/apps/logs/vector/geoipupdate/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./cron-job.yaml
- - ./volume.yaml
- - ./secret.sops.yaml
diff --git a/kubernetes/cluster-0/apps/logs/vector/geoipupdate/volume.yaml b/kubernetes/cluster-0/apps/logs/vector/geoipupdate/volume.yaml
deleted file mode 100644
index 255448332..000000000
--- a/kubernetes/cluster-0/apps/logs/vector/geoipupdate/volume.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: vector-geoipupdate-config
- namespace: monitoring
- labels:
- excluded_from_alerts: "true"
-spec:
- accessModes:
- - ReadWriteMany
- resources:
- requests:
- storage: 1Gi
- storageClassName: rook-ceph-filesystem
diff --git a/kubernetes/cluster-0/apps/logs/vector/kustomization.yaml b/kubernetes/cluster-0/apps/logs/vector/kustomization.yaml
deleted file mode 100644
index 406ea1629..000000000
--- a/kubernetes/cluster-0/apps/logs/vector/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./geoipupdate
- - ./agent
- - ./aggregator
diff --git a/kubernetes/cluster-0/apps/media-automation/jellyseerr/volume.yaml b/kubernetes/cluster-0/apps/media-automation/jellyseerr/volume.yaml
deleted file mode 100644
index 7ff9e6e49..000000000
--- a/kubernetes/cluster-0/apps/media-automation/jellyseerr/volume.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: jellyseerr-config
- namespace: default
- labels:
- app.kubernetes.io/name: &name jellyseerr
- app.kubernetes.io/instance: *name
- snapshot.home.arpa/enabled: "true"
-spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 1Gi
- storageClassName: rook-ceph-block
diff --git a/kubernetes/cluster-0/apps/media-automation/kustomization.yaml b/kubernetes/cluster-0/apps/media-automation/kustomization.yaml
deleted file mode 100644
index 3cdd05ee7..000000000
--- a/kubernetes/cluster-0/apps/media-automation/kustomization.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: default
-resources:
- - ./bazarr
- - ./jellyseerr
- - ./lidarr
- - ./music-transcode
- - ./prowlarr
- - ./radarr
- - ./readarr
- - ./recyclarr
- - ./sonarr
diff --git a/kubernetes/cluster-0/apps/media-automation/lidarr/kustomization.yaml b/kubernetes/cluster-0/apps/media-automation/lidarr/kustomization.yaml
deleted file mode 100644
index c83b7d804..000000000
--- a/kubernetes/cluster-0/apps/media-automation/lidarr/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./volume.yaml
- - ./secret.sops.yaml
- - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/media-automation/lidarr/secret.sops.yaml b/kubernetes/cluster-0/apps/media-automation/lidarr/secret.sops.yaml
deleted file mode 100644
index 1bc7be365..000000000
--- a/kubernetes/cluster-0/apps/media-automation/lidarr/secret.sops.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-# yamllint disable
-apiVersion: v1
-kind: Secret
-metadata:
- name: lidarr
- namespace: default
-type: Opaque
-stringData:
- LIDARR__API_KEY: ENC[AES256_GCM,data:DuE9DXc6hYZn1mL5BPuvzFY94SKHnm0Q5UtFiHYre0g=,iv:5/PWpqpeKBK6eqzQ8/1b14m8c+ZiVfpDfzE/mm0FITE=,tag:P6aRHxO6cmduylFvNOgxDg==,type:str]
-sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
- age:
- - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3dDVhQnh6WHlrSU1DVndU
- VGRXdUtLUjQxT21rUHQ3YmtsMllYQWlLRkVVCmM2VVNqTFZrLyswSllPR3ZNaVM3
- S21SQ01Wei9PU1FJU2h3NzBEQVdKNEUKLS0tIHhXandQa2xiUFZLRDFxaVZveGRV
- T21JelR0V0Q0NlJidTZhV3JkbTlkc0kKHsDVi+zO23YBslrf+MXhLfNF5U+AQvMv
- L6kCzz+h1RmLrleC/8cJ9/n4wo1FZZqGXFZHAjLTRGESA7ccWc+DSw==
- -----END AGE ENCRYPTED FILE-----
- lastmodified: "2022-09-15T03:56:24Z"
- mac: ENC[AES256_GCM,data:tDosIpLi/N/8NAsVctp4zTyIQlcQt+JnJpyp+J1dsSFG4ERAwpe9taD3VUwlMim2VccRKUtnEgES3H66sFB9iAhuf/txMbNTd22DWauBiFMoqPjAU8GyvPgwFdWjSSW71CrOLjOlpdMUxV3DKjLjwQDQ/aRJ/oqxNeV90KcU/BU=,iv:3bmvzERWc8u/7sEwlmbEozPmR4gwnemzmF7YkIMDcc4=,tag:RVA4y7nz5MaWXgRJWWhPzA==,type:str]
- pgp: []
- encrypted_regex: ^(data|stringData)$
- version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/media-automation/music-transcode/kustomization.yaml b/kubernetes/cluster-0/apps/media-automation/music-transcode/kustomization.yaml
deleted file mode 100644
index 28d703898..000000000
--- a/kubernetes/cluster-0/apps/media-automation/music-transcode/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./cronjob.yaml
diff --git a/kubernetes/cluster-0/apps/media-automation/prowlarr/kustomization.yaml b/kubernetes/cluster-0/apps/media-automation/prowlarr/kustomization.yaml
deleted file mode 100644
index c83b7d804..000000000
--- a/kubernetes/cluster-0/apps/media-automation/prowlarr/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./volume.yaml
- - ./secret.sops.yaml
- - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/media-automation/prowlarr/secret.sops.yaml b/kubernetes/cluster-0/apps/media-automation/prowlarr/secret.sops.yaml
deleted file mode 100644
index d54ec4ab4..000000000
--- a/kubernetes/cluster-0/apps/media-automation/prowlarr/secret.sops.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-# yamllint disable
-apiVersion: v1
-kind: Secret
-metadata:
- name: prowlarr
- namespace: default
-type: Opaque
-stringData:
- PROWLARR__API_KEY: ENC[AES256_GCM,data:wHw+BL6aLWhVecJ2Pr0qEtdI6VIK3kG0Xa75WWgKy5g=,iv:TclbMhXHpV66KX5Pf8J0JUun2NfRYYFpENUfw3WFKUU=,tag:IntUJuSu7mExXZAyT1daqw==,type:str]
-sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
- age:
- - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkaC9OUGczTHBOSmtHT3Q5
- Z0dsQWc3TCs1N2lPbWtOWU5jVW5SaHJ5Sm4wClRldUlHTnJOVGMyVUI4T0F1Snd0
- TmY1N3RQUFIyTkd4OWg1VGtCOVBoSXcKLS0tIDJWdGI1S0hPVEN0UTF5OVZINll2
- cFg3Y2RVMjNGSUo4YTNHcUJwTFBhcUEKdDUnJq4rf8fxsHm+Ftt7kHdIKkvnj9Sv
- kHrE4pYYDOzY19GUHuRlhRWXZxsymgfEEb162C3IWRek/AP9njYzHQ==
- -----END AGE ENCRYPTED FILE-----
- lastmodified: "2022-09-15T04:02:46Z"
- mac: ENC[AES256_GCM,data:U4eOLJRlSshwVbJyECusFoYeLP+HZUsAEDXj8Tur/8f43oe4zIChfND+h8yG8c7hLir9rhGy9rDfb7fGHV5gL+v2FSoC2m/YYU+V9gJmFAUzg6c+4TR+3EOQdsuNGqkcsA/SVts08W+9K501VsaOXujMVzoZvtGYxqjIDZHhmBE=,iv:OLMzqFKB38FFYslh4KSLtrDKDeK4wc9NN3li31YNsrk=,tag:vyXftB8iKCY3Z27bZ3fQPw==,type:str]
- pgp: []
- encrypted_regex: ^(data|stringData)$
- version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/media-automation/radarr/secret.sops.yaml b/kubernetes/cluster-0/apps/media-automation/radarr/secret.sops.yaml
deleted file mode 100644
index b893b1005..000000000
--- a/kubernetes/cluster-0/apps/media-automation/radarr/secret.sops.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-# yamllint disable
-apiVersion: v1
-kind: Secret
-metadata:
- name: radarr
- namespace: default
-type: Opaque
-stringData:
- PUSHOVER_TOKEN: ENC[AES256_GCM,data:lhRZiBDtUEYQUFh5JkbzToDGjxshew/6NCGTvLgU,iv:0p1ITxTMSSrKy63eGOsX9/cKGxAsDhg7W+pgOyTIp30=,tag:6okXUgaHq134hQAb5Vf09Q==,type:str]
- PUSHOVER_USER_KEY: ENC[AES256_GCM,data:9GOEKsbOEP+d9XzDjanfuNehROa9tJrArdCX6uvy,iv:3IFKbkFs5X2T+HrnwFZImf123jp4nWnafJOy1RFqMtY=,tag:XmnqhAk9oSLSSHi5OYtjEw==,type:str]
- RADARR__API_KEY: ENC[AES256_GCM,data:451DYlNmSDGoHNeiK7+MyTsI26CoICs/isxiWFcpPJo=,iv:1HGC0TgKcL6ShlMgYwx/WSvOG5SFprG/sgmi6lQOvNU=,tag:uPX3JggXwXrNp7qhetG/Mw==,type:str]
-sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
- age:
- - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaU16anJNV2pBZmxPR3h2
- bWREUnpjcTFvd05ZQ2E4VVBDdm1FL2k4WEYwCkdQSStTNWtpdjNkUW51WS9MekdC
- VkpTUUFjSjY2a1JMOUtqOVh5M0JRR2sKLS0tIDRmcWpJSEVvaUp4U1lsaTZYZGNw
- OGVKWU0zNUZJSFh4aFJxQWFsYm1VeFkKaDeI/hl7z0Qh8t5W39Kxu9ert1dt4xo+
- LX+MjpVqxiZNcfwROD4bkWeQSN+VsxoGOOyj4L15BlggNnlg+L7Hww==
- -----END AGE ENCRYPTED FILE-----
- lastmodified: "2022-09-15T04:09:09Z"
- mac: ENC[AES256_GCM,data:O3b3cHpmP2MFjNo2xN+pCm99b8QZoF0XAMVkWLwWf+vMRTnj7f7cCmvqsbfESZzNLUA7n1OUvTXPO2YtavGovy1F1iS98xYDCI/WLRUJTXwOGxqOVnXrFyqD/lE71pANJWFa0Q6GAtNjhl6k6KST1wAmZQCkYlPWQgMXmipOb6s=,iv:ejZ4wuXuUTodyl8wbetG+CcPNGfBaiAu9HNTof7cgm0=,tag:j7kv5V7GsItkjVKyK7GDuw==,type:str]
- pgp: []
- encrypted_regex: ^(data|stringData)$
- version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/media-automation/readarr/kustomization.yaml b/kubernetes/cluster-0/apps/media-automation/readarr/kustomization.yaml
deleted file mode 100644
index c83b7d804..000000000
--- a/kubernetes/cluster-0/apps/media-automation/readarr/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./volume.yaml
- - ./secret.sops.yaml
- - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/media-automation/readarr/secret.sops.yaml b/kubernetes/cluster-0/apps/media-automation/readarr/secret.sops.yaml
deleted file mode 100644
index 7ff543c09..000000000
--- a/kubernetes/cluster-0/apps/media-automation/readarr/secret.sops.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-# yamllint disable
-apiVersion: v1
-kind: Secret
-metadata:
- name: readarr
- namespace: default
-type: Opaque
-stringData:
- READARR__API_KEY: ENC[AES256_GCM,data:Vx735p7czaTKQVxQfUkkX22QN+mza1ms/Ob/qeYqNPk=,iv:AMLS+5V6+22R7IULKEyac4eEXd8yzh+qF/TO9xpbTII=,tag:KG5OWB4SYc1evdJ8Trn2NQ==,type:str]
-sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
- age:
- - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaHh2UDcvUnF1eHJXWXMv
- a1JQaXJYZi9MTmx3OHZ5bmVLVjVsekFyZERNCjdjVk5wb3U1bjROeE5kM1JXRVZi
- QTJIeTMzUDZDWnF2c0NMRm1YUS95Q28KLS0tIGJPdzJLSzJEMGpuQTIwRHYvNmR0
- WU1mNWFQTE1uU0JiOU9CVmFsWXlHRDgKgTLlh8lIOxTDBpHT1kfCerY0KQL96UU7
- gTqR0QIxjJ1qf+KLyKAEonHtNMb1mg/eJUBPeFfhuu3HE6T9bsAIFA==
- -----END AGE ENCRYPTED FILE-----
- lastmodified: "2022-09-15T04:12:05Z"
- mac: ENC[AES256_GCM,data:T/nPAUI8PP6vq8uMCefTpbKCVr747HGmLxBhVw1sWhfb6KylYj8JIRRfT4IEoPQlEcXO9ar72nEYj0AogRJJ3pf/17x3NTd0Qg8F1Xy0ZLAS5g0EHjAYBlG9FJ+2D+7qD3Clej5uWW3oXWlCZcAVYv0vjd4efuKDvyDLNzvopIk=,iv:Uj91JlLiC6Ck+e/7afPUfetc2zyThB2Nk5bi6Oc4Skg=,tag:xvwCp/8WT5EBSTMZ643Ylg==,type:str]
- pgp: []
- encrypted_regex: ^(data|stringData)$
- version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/media-automation/recyclarr/helmrelease.yaml b/kubernetes/cluster-0/apps/media-automation/recyclarr/helmrelease.yaml
deleted file mode 100644
index a85facc09..000000000
--- a/kubernetes/cluster-0/apps/media-automation/recyclarr/helmrelease.yaml
+++ /dev/null
@@ -1,90 +0,0 @@
----
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: &app recyclarr
- namespace: &namespace default
-spec:
- interval: 15m
- chart:
- spec:
- chart: raw
- version: v0.3.1
- sourceRef:
- kind: HelmRepository
- name: dysnix
- namespace: flux-system
- install:
- createNamespace: true
- remediation:
- retries: 5
- upgrade:
- remediation:
- retries: 5
- dependsOn:
- - name: sonarr
- namespace: default
- - name: radarr
- namespace: default
- values:
- resources:
- - apiVersion: batch/v1
- kind: CronJob
- metadata:
- name: *app
- namespace: *namespace
- spec:
- schedule: "@daily"
- jobTemplate:
- spec:
- ttlSecondsAfterFinished: 86400
- template:
- spec:
- automountServiceAccountToken: false
- restartPolicy: OnFailure
- initContainers:
- - name: render-configs
- image: ghcr.io/onedr0p/alpine:3.17.0
- envFrom:
- - secretRef:
- name: *app
- command:
- - "/bin/bash"
- - -c
- args:
- - "envsubst < /config/recyclarr.yml > /shared/recyclarr.yml"
- volumeMounts:
- - name: config
- mountPath: /config
- - name: shared
- mountPath: /shared
- containers:
- - name: sonarr
- image: ghcr.io/recyclarr/recyclarr:4.0.1
- command:
- - /app/recyclarr/recyclarr
- args:
- - sonarr
- volumeMounts:
- - name: shared
- mountPath: /config/recyclarr.yml
- subPath: recyclarr.yml
- readOnly: true
- - name: radarr
- image: ghcr.io/recyclarr/recyclarr:4.0.1
- command:
- - /app/recyclarr/recyclarr
- args:
- - radarr
- volumeMounts:
- - name: shared
- mountPath: /config/recyclarr.yml
- subPath: recyclarr.yml
- readOnly: true
- volumes:
- - name: config
- configMap:
- name: *app
- - name: shared
- emptyDir: {}
diff --git a/kubernetes/cluster-0/apps/media-automation/sonarr/secret.sops.yaml b/kubernetes/cluster-0/apps/media-automation/sonarr/secret.sops.yaml
deleted file mode 100644
index b47d475a7..000000000
--- a/kubernetes/cluster-0/apps/media-automation/sonarr/secret.sops.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-# yamllint disable
-apiVersion: v1
-kind: Secret
-metadata:
- name: sonarr
- namespace: default
-type: Opaque
-stringData:
- PUSHOVER_TOKEN: ENC[AES256_GCM,data:k19SYCSuG2e3SZA2oOc+ORF0/Awd3pbPRMh0rZVf,iv:iNjc9LCjZ1MBEnfibTVnjisyxtm7QtjRNYUnKZn8emk=,tag:uEDCKAshQpybMY/dzR/M1Q==,type:str]
- PUSHOVER_USER_KEY: ENC[AES256_GCM,data:VYp2lrBDk0yW4QcLbeH3p/bJ6mQ7hoA2luljU5lS,iv:8Yp48tC1N+1MdeW1lDDoMKyyE6qiZqd7D6qcY25tQRs=,tag:51G1vkr+vRJx29y9/FZ+DQ==,type:str]
- SONARR__API_KEY: ENC[AES256_GCM,data:KheRN0LzO3Fb5P78lIt8mVZBydQH+xD+uQ8lBVEGieI=,iv:jG4RqKbprdfyqXmBlbXM8BVtwc3xdHof7p2NeP+dGss=,tag:z1nW7D5X+OCXIVcSEDbLog==,type:str]
-sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
- age:
- - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwWTJrS2pINFd3d2pRK0Z2
- K3RUOWZwdXlUa2R2S2tVcldjUkJISTJDa2hFCnA0eThHNUhocisxVGZ1Z21PUno2
- NXo4UjN6cXI1UWZVdjNmUzA5MHdUSDgKLS0tIEx5aFZydDRjTEhnUC94cC9kUlpn
- LzZ0MXorcXRtVFRFNGhEUVAvTEs0UUkKo3F84muItufqs61yKmUVOVg/EORHYRHL
- VNOHwINciH7lSknIZYPP+epMVDYCAe4AFmn2CPmtW6uRDScJAnBidw==
- -----END AGE ENCRYPTED FILE-----
- lastmodified: "2022-09-15T04:29:06Z"
- mac: ENC[AES256_GCM,data:2uaAEPBB/v3k5WnUrGvp4fWW/SmrA306b4fru18NdEcLi8e070DJeThxF+/eHRYWIBDHBOhGDBe5Yv3U3tOnNjrQR8aqL9wWoatHqulGrwm/HiSbJZlDXRqO9DSItisBtTs2Tp5PhxBqsXlG5oEvQiV6/w+N44I2IrDnDW0P0C0=,iv:dAh6cKA3SqdZGBLPBTHkztO2wcgO1xUUbcE2d39eNXA=,tag:S5gtSNWzp/X3X+74y/vycQ==,type:str]
- pgp: []
- encrypted_regex: ^(data|stringData)$
- version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/media-servers/calibre-web/kustomization.yaml b/kubernetes/cluster-0/apps/media-servers/calibre-web/kustomization.yaml
deleted file mode 100644
index c75cac31e..000000000
--- a/kubernetes/cluster-0/apps/media-servers/calibre-web/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./volume.yaml
- - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/media-servers/calibre/kustomization.yaml b/kubernetes/cluster-0/apps/media-servers/calibre/kustomization.yaml
deleted file mode 100644
index c75cac31e..000000000
--- a/kubernetes/cluster-0/apps/media-servers/calibre/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./volume.yaml
- - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/media-servers/jellyfin/kustomization.yaml b/kubernetes/cluster-0/apps/media-servers/jellyfin/kustomization.yaml
deleted file mode 100644
index c75cac31e..000000000
--- a/kubernetes/cluster-0/apps/media-servers/jellyfin/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./volume.yaml
- - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/media-servers/komga/kustomization.yaml b/kubernetes/cluster-0/apps/media-servers/komga/kustomization.yaml
deleted file mode 100644
index c75cac31e..000000000
--- a/kubernetes/cluster-0/apps/media-servers/komga/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./volume.yaml
- - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/media-servers/kustomization.yaml b/kubernetes/cluster-0/apps/media-servers/kustomization.yaml
deleted file mode 100644
index f44fff5ce..000000000
--- a/kubernetes/cluster-0/apps/media-servers/kustomization.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: default
-resources:
- - ./calibre
- - ./calibre-web
- - ./jellyfin
- - ./komga
- - ./lychee
- - ./media-browser
- - ./navidrome
diff --git a/kubernetes/cluster-0/apps/media-servers/media-browser/kustomization.yaml b/kubernetes/cluster-0/apps/media-servers/media-browser/kustomization.yaml
deleted file mode 100644
index c75cac31e..000000000
--- a/kubernetes/cluster-0/apps/media-servers/media-browser/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./volume.yaml
- - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/media-servers/navidrome/kustomization.yaml b/kubernetes/cluster-0/apps/media-servers/navidrome/kustomization.yaml
deleted file mode 100644
index c75cac31e..000000000
--- a/kubernetes/cluster-0/apps/media-servers/navidrome/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./volume.yaml
- - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/monitoring/kube-prometheus-stack/kustomization.yaml b/kubernetes/cluster-0/apps/monitoring/kube-prometheus-stack/kustomization.yaml
deleted file mode 100644
index 17cbc72b2..000000000
--- a/kubernetes/cluster-0/apps/monitoring/kube-prometheus-stack/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/monitoring/kustomization.yaml b/kubernetes/cluster-0/apps/monitoring/kustomization.yaml
deleted file mode 100644
index b11f12f72..000000000
--- a/kubernetes/cluster-0/apps/monitoring/kustomization.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./grafana
- - ./kube-prometheus-stack
- - ./thanos
- - ./uptime-kuma
diff --git a/kubernetes/cluster-0/apps/monitoring/uptime-kuma/kustomization.yaml b/kubernetes/cluster-0/apps/monitoring/uptime-kuma/kustomization.yaml
deleted file mode 100644
index fa38f3799..000000000
--- a/kubernetes/cluster-0/apps/monitoring/uptime-kuma/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./helmrelease.yaml
- - ./volume.yaml
diff --git a/kubernetes/cluster-0/apps/namespaces.yaml b/kubernetes/cluster-0/apps/namespaces.yaml
deleted file mode 100644
index f36bb5a1e..000000000
--- a/kubernetes/cluster-0/apps/namespaces.yaml
+++ /dev/null
@@ -1,42 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
- name: crowdsec
- labels:
- kustomize.toolkit.fluxcd.io/prune: disabled
----
-apiVersion: v1
-kind: Namespace
-metadata:
- name: default
- labels:
- kustomize.toolkit.fluxcd.io/prune: disabled
----
-apiVersion: v1
-kind: Namespace
-metadata:
- name: flux-system
- labels:
- kustomize.toolkit.fluxcd.io/prune: disabled
----
-apiVersion: v1
-kind: Namespace
-metadata:
- name: kube-system
- labels:
- kustomize.toolkit.fluxcd.io/prune: disabled
----
-apiVersion: v1
-kind: Namespace
-metadata:
- name: kyverno
- labels:
- kustomize.toolkit.fluxcd.io/prune: disabled
----
-apiVersion: v1
-kind: Namespace
-metadata:
- name: monitoring
- labels:
- kustomize.toolkit.fluxcd.io/prune: disabled
diff --git a/kubernetes/cluster-0/apps/networking/cert-manager/certificates/helmrelease.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/certificates/helmrelease.yaml
deleted file mode 100644
index 3368ce5d7..000000000
--- a/kubernetes/cluster-0/apps/networking/cert-manager/certificates/helmrelease.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
----
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: cert-manager-certificates
- namespace: default
-spec:
- interval: 15m
- chart:
- spec:
- chart: raw
- version: v0.3.1
- sourceRef:
- kind: HelmRepository
- name: dysnix
- namespace: flux-system
- install:
- createNamespace: true
- remediation:
- retries: 5
- upgrade:
- remediation:
- retries: 5
- dependsOn:
- - name: cert-manager-issuers
- namespace: default
- values:
- resources:
- - apiVersion: cert-manager.io/v1
- kind: Certificate
- metadata:
- name: "${SECRET_CLUSTER_DOMAIN/./-}"
- namespace: default
- spec:
- secretName: "${SECRET_CLUSTER_DOMAIN/./-}-tls"
- issuerRef:
- name: letsencrypt-production
- kind: ClusterIssuer
- commonName: "${SECRET_CLUSTER_DOMAIN}"
- dnsNames:
- - "${SECRET_CLUSTER_DOMAIN}"
- - "*.${SECRET_CLUSTER_DOMAIN}"
diff --git a/kubernetes/cluster-0/apps/networking/cert-manager/certificates/kustomization.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/certificates/kustomization.yaml
deleted file mode 100644
index 17cbc72b2..000000000
--- a/kubernetes/cluster-0/apps/networking/cert-manager/certificates/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/networking/cert-manager/issuers/helmrelease.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/issuers/helmrelease.yaml
deleted file mode 100644
index 57831b702..000000000
--- a/kubernetes/cluster-0/apps/networking/cert-manager/issuers/helmrelease.yaml
+++ /dev/null
@@ -1,75 +0,0 @@
----
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: cert-manager-issuers
- namespace: default
-spec:
- interval: 15m
- chart:
- spec:
- chart: raw
- version: v0.3.1
- sourceRef:
- kind: HelmRepository
- name: dysnix
- namespace: flux-system
- install:
- createNamespace: true
- remediation:
- retries: 5
- upgrade:
- remediation:
- retries: 5
- dependsOn:
- - name: cert-manager
- namespace: default
- - name: cert-manager-webhook-ovh
- namespace: default
- values:
- resources:
- - apiVersion: cert-manager.io/v1
- kind: ClusterIssuer
- metadata:
- name: letsencrypt-production
- spec:
- acme:
- server: https://acme-v02.api.letsencrypt.org/directory
- email: "${SECRET_CLUSTER_DOMAIN_EMAIL}"
- privateKeySecretRef:
- name: letsencrypt-production
- solvers:
- - dns01:
- webhook:
- groupName: "${SECRET_DOMAIN}"
- solverName: ovh
- config:
- endpoint: ovh-eu
- applicationKey: "${SECRET_CLUSTER_OVH_APPLICATION_KEY}"
- applicationSecretRef:
- key: applicationSecret
- name: ovh-credentials
- consumerKey: "${SECRET_CLUSTER_OVH_CONSUMER_KEY}"
- - apiVersion: cert-manager.io/v1
- kind: ClusterIssuer
- metadata:
- name: letsencrypt-staging
- spec:
- acme:
- server: https://acme-staging-v02.api.letsencrypt.org/directory
- email: "${SECRET_CLUSTER_DOMAIN_EMAIL}"
- privateKeySecretRef:
- name: letsencrypt-production
- solvers:
- - dns01:
- webhook:
- groupName: "${SECRET_DOMAIN}"
- solverName: ovh
- config:
- endpoint: ovh-eu
- applicationKey: "${SECRET_CLUSTER_OVH_APPLICATION_KEY}"
- applicationSecretRef:
- key: applicationSecret
- name: ovh-credentials
- consumerKey: "${SECRET_CLUSTER_OVH_CONSUMER_KEY}"
diff --git a/kubernetes/cluster-0/apps/networking/cert-manager/issuers/kustomization.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/issuers/kustomization.yaml
deleted file mode 100644
index 17cbc72b2..000000000
--- a/kubernetes/cluster-0/apps/networking/cert-manager/issuers/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/networking/cert-manager/kustomization.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/kustomization.yaml
deleted file mode 100644
index d22d73bfe..000000000
--- a/kubernetes/cluster-0/apps/networking/cert-manager/kustomization.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./secret.sops.yaml
- - ./helmrelease.yaml
- - ./rbac.yaml
- - ./webhook-ovh
- - ./issuers
- - ./certificates
- - ./prometheus-rule.yaml
diff --git a/kubernetes/cluster-0/apps/networking/cert-manager/rbac.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/rbac.yaml
deleted file mode 100644
index 2c011349f..000000000
--- a/kubernetes/cluster-0/apps/networking/cert-manager/rbac.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: cert-manager:ovh-dns-challenge
- namespace: default
-rules:
- - apiGroups: ["${SECRET_DOMAIN}"]
- resources: ["ovh"]
- verbs: ["get", "watch", "list", "create"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: cert-manager:ovh-dns-challenge
- namespace: default
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: cert-manager:ovh-dns-challenge
-subjects:
- - apiGroup: ""
- kind: ServiceAccount
- name: cert-manager
- namespace: default
diff --git a/kubernetes/cluster-0/apps/networking/cert-manager/secret.sops.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/secret.sops.yaml
deleted file mode 100644
index 845d70f8e..000000000
--- a/kubernetes/cluster-0/apps/networking/cert-manager/secret.sops.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-kind: Secret
-apiVersion: v1
-metadata:
- name: ovh-credentials
- namespace: default
-stringData:
- applicationSecret: ENC[AES256_GCM,data:9vWD0QZ5mSIVhTOg5BinGUhEdJW0Tv6/CzoJor2FO5I=,iv:ymVqh3DKnvTzKi8nWW6ULDLyJLfXE/HDGLmTmLuo9WE=,tag:Aoy6ClqB1K4HVNn6d8H94w==,type:str]
-type: Opaque
-sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
- age:
- - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDcGV1NGhhY3hOa0pjSThx
- ZGt5Y2FPNVcrN0d1SCtCS2NjMHFjM2Y0QUJ3CncvUzB2QlpDL0xxZTQ4NVFyNm51
- bFovMHhXRDVwSmpGaDR2YnBlTUQzTEkKLS0tIGx6bjRQNHQ4enJZN1UydEtiSkxP
- d0Vid3lIQ0NPSmxicFlBN2NCRnE5ZFUKo1l3ST2oUmaWBgbjub/BWPpRzB588ZoJ
- NvB6P1YivKsDZf/fsRT0gf1GPx9gZgql/w3g/9mggKANW4rFrMH1Mg==
- -----END AGE ENCRYPTED FILE-----
- lastmodified: "2022-07-03T14:42:43Z"
- mac: ENC[AES256_GCM,data:shI/qzyWbCozb7CH4KgwZStp21+c/CsT5y+TtdzI+O5Xbbg4WHwUIw73DEqvOD8Rrj39Ym53L8f6G7apvAToU1nv23POs/e4ew2yMOhypfsw19hq93IDLmon6jmj7C2DCSwLWukzCX3/Ot+OELm8t8svZYDD+xE1wtYidmfiZdo=,iv:tURq+EP7UqMKaKHkWD4K3E4lLKFNqBLFut1Se8sC9No=,tag:RAbjiVPIEtkOoAFWE+/l7A==,type:str]
- pgp: []
- encrypted_regex: ^(data|stringData)$
- version: 3.7.3
diff --git a/kubernetes/cluster-0/apps/networking/cert-manager/webhook-ovh/helmrelease.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/webhook-ovh/helmrelease.yaml
deleted file mode 100644
index bd764f606..000000000
--- a/kubernetes/cluster-0/apps/networking/cert-manager/webhook-ovh/helmrelease.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
----
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: cert-manager-webhook-ovh
- namespace: default
-spec:
- interval: 15m
- chart:
- spec:
- chart: ./deploy/cert-manager-webhook-ovh
- version: 0.3.0
- sourceRef:
- kind: GitRepository
- name: cert-manager-webhook-ovh
- namespace: flux-system
- interval: 1440m
- values:
- groupName: "${SECRET_DOMAIN}"
diff --git a/kubernetes/cluster-0/apps/networking/cert-manager/webhook-ovh/kustomization.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/webhook-ovh/kustomization.yaml
deleted file mode 100644
index f4cbed0e1..000000000
--- a/kubernetes/cluster-0/apps/networking/cert-manager/webhook-ovh/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./rbac.yaml
- - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/networking/cert-manager/webhook-ovh/rbac.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/webhook-ovh/rbac.yaml
deleted file mode 100644
index 2ae84e404..000000000
--- a/kubernetes/cluster-0/apps/networking/cert-manager/webhook-ovh/rbac.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: cert-manager-webhook-ovh:secret-reader
- namespace: default
-rules:
- - apiGroups: [""]
- resources: ["secrets"]
- resourceNames: ["ovh-credentials"]
- verbs: ["get", "watch"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: cert-manager-webhook-ovh:secret-reader
- namespace: default
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: cert-manager-webhook-ovh:secret-reader
-subjects:
- - apiGroup: ""
- kind: ServiceAccount
- name: cert-manager-webhook-ovh
- namespace: default
diff --git a/kubernetes/cluster-0/apps/networking/external-dns/kustomization.yaml b/kubernetes/cluster-0/apps/networking/external-dns/kustomization.yaml
deleted file mode 100644
index 16a6ce304..000000000
--- a/kubernetes/cluster-0/apps/networking/external-dns/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./secret.sops.yaml
- - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/networking/ingress-nginx/kustomization.yaml b/kubernetes/cluster-0/apps/networking/ingress-nginx/kustomization.yaml
deleted file mode 100644
index 17cbc72b2..000000000
--- a/kubernetes/cluster-0/apps/networking/ingress-nginx/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/networking/kustomization.yaml b/kubernetes/cluster-0/apps/networking/kustomization.yaml
deleted file mode 100644
index 06c0b849a..000000000
--- a/kubernetes/cluster-0/apps/networking/kustomization.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./cert-manager
- - ./external-dns
- - ./ingress-nginx
- - ./k8s-gateway
- - ./smtp-relay
- - ./unifi
diff --git a/kubernetes/cluster-0/apps/networking/unifi/kustomization.yaml b/kubernetes/cluster-0/apps/networking/unifi/kustomization.yaml
deleted file mode 100644
index fa38f3799..000000000
--- a/kubernetes/cluster-0/apps/networking/unifi/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./helmrelease.yaml
- - ./volume.yaml
diff --git a/kubernetes/cluster-0/apps/security/kustomization.yaml b/kubernetes/cluster-0/apps/security/kustomization.yaml
deleted file mode 100644
index f09c1748e..000000000
--- a/kubernetes/cluster-0/apps/security/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./crowdsec
diff --git a/kubernetes/cluster-0/apps/storage/kopia-web/config/repository.config b/kubernetes/cluster-0/apps/storage/kopia-web/config/repository.config
deleted file mode 100644
index 8eaef1041..000000000
--- a/kubernetes/cluster-0/apps/storage/kopia-web/config/repository.config
+++ /dev/null
@@ -1,20 +0,0 @@
-{
- "storage": {
- "type": "filesystem",
- "config": {
- "path": "/snapshots",
- "dirShards": null
- }
- },
- "caching": {
- "cacheDirectory": "cache",
- "maxCacheSize": 5242880000,
- "maxMetadataCacheSize": 5242880000,
- "maxListCacheDuration": 30
- },
- "hostname": "cluster",
- "username": "root",
- "description": "Cluster",
- "enableActions": false,
- "formatBlobCacheDuration": 900000000000
-}
diff --git a/kubernetes/cluster-0/apps/storage/kopia-web/helmrelease.yaml b/kubernetes/cluster-0/apps/storage/kopia-web/helmrelease.yaml
deleted file mode 100644
index 609079542..000000000
--- a/kubernetes/cluster-0/apps/storage/kopia-web/helmrelease.yaml
+++ /dev/null
@@ -1,110 +0,0 @@
----
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: &app kopia
- namespace: default
-spec:
- interval: 15m
- chart:
- spec:
- chart: app-template
- version: 1.2.0
- sourceRef:
- kind: HelmRepository
- name: bjw-s
- namespace: flux-system
- install:
- createNamespace: true
- remediation:
- retries: 5
- upgrade:
- remediation:
- retries: 5
- values:
- initContainers:
- wait-for-repo:
- image: ghcr.io/onedr0p/kopia:0.12.1@sha256:01ed9b934fa40216f17ffc8a906cf7a7e21c8d41a93f5ed571f2e5efa43844a7
- command:
- - /bin/bash
- - -c
- - |-
- until [ -f /snapshots/kopia.repository.f ]; do
- printf "\e[1;32m%-6s\e[m\n" "Waiting for the Kopia repo to become ready ..."
- sleep 1
- done
- volumeMounts:
- - name: snapshots
- mountPath: /snapshots
- image:
- repository: ghcr.io/onedr0p/kopia
- tag: 0.12.1@sha256:01ed9b934fa40216f17ffc8a906cf7a7e21c8d41a93f5ed571f2e5efa43844a7
- env:
- TZ: "${TIMEZONE}"
- KOPIA_PASSWORD: "none"
- command: kopia
- args:
- - server
- - --insecure
- - --address
- - 0.0.0.0:80
- - --metrics-listen-addr
- - 0.0.0.0:8080
- - --without-password
- - --log-level
- - debug
- service:
- main:
- ports:
- http:
- port: 80
- metrics:
- enabled: true
- port: 8080
- serviceMonitor:
- main:
- enabled: true
- endpoints:
- - port: metrics
- scheme: http
- path: /metrics
- interval: 1m
- scrapeTimeout: 10s
- ingress:
- main:
- enabled: true
- ingressClassName: "nginx"
- hosts:
- - host: &host "kopia.${SECRET_CLUSTER_DOMAIN}"
- paths:
- - path: /
- pathType: Prefix
- tls:
- - hosts:
- - *host
- podSecurityContext:
- supplementalGroups:
- - 100
- persistence:
- config:
- enabled: true
- type: configMap
- name: *app
- subPath: repository.config
- mountPath: /config/repository.config
- readOnly: true
- snapshots:
- enabled: true
- type: nfs
- server: "${LOCAL_LAN_TRUENAS}"
- path: /mnt/storage/backups/kubernetes
- mountPath: /snapshots
- podAnnotations:
- configmap.reloader.stakater.com/reload: *app
- resources:
- requests:
- cpu: 10m
- memory: 100Mi
- limits:
- memory: 500Mi
diff --git a/kubernetes/cluster-0/apps/storage/kustomization.yaml b/kubernetes/cluster-0/apps/storage/kustomization.yaml
deleted file mode 100644
index a39d3a48f..000000000
--- a/kubernetes/cluster-0/apps/storage/kustomization.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./kopia-web
- - ./resilio-sync
- - ./smartctl-exporter
- - ./snapshot-controller/ks.yaml
- - ./truecommand
- - ./volsync
diff --git a/kubernetes/cluster-0/apps/storage/resilio-sync/kustomization.yaml b/kubernetes/cluster-0/apps/storage/resilio-sync/kustomization.yaml
deleted file mode 100644
index 30772d3f7..000000000
--- a/kubernetes/cluster-0/apps/storage/resilio-sync/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./claude
- - ./helene
diff --git a/kubernetes/cluster-0/apps/storage/smartctl-exporter/kustomization.yaml b/kubernetes/cluster-0/apps/storage/smartctl-exporter/kustomization.yaml
deleted file mode 100644
index 17cbc72b2..000000000
--- a/kubernetes/cluster-0/apps/storage/smartctl-exporter/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/storage/truecommand/helmrelease.yaml b/kubernetes/cluster-0/apps/storage/truecommand/helmrelease.yaml
deleted file mode 100644
index 2c77a23e5..000000000
--- a/kubernetes/cluster-0/apps/storage/truecommand/helmrelease.yaml
+++ /dev/null
@@ -1,58 +0,0 @@
----
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: &app truecommand
- namespace: default
-spec:
- interval: 15m
- chart:
- spec:
- chart: app-template
- version: 1.2.0
- sourceRef:
- kind: HelmRepository
- name: bjw-s
- namespace: flux-system
- install:
- createNamespace: true
- remediation:
- retries: 5
- upgrade:
- remediation:
- retries: 5
- values:
- image:
- repository: docker.io/ixsystems/truecommand
- tag: "2.2"
- service:
- main:
- ports:
- http:
- port: 80
- ingress:
- main:
- enabled: true
- ingressClassName: "nginx"
- annotations:
- external-dns.home.arpa/enabled: "true"
- hosts:
- - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
- paths:
- - path: /
- pathType: Prefix
- tls:
- - hosts:
- - *host
- persistence:
- config:
- enabled: true
- existingClaim: truecommand-config
- mountPath: /data
- resources:
- requests:
- cpu: 50m
- memory: 256Mi
- limits:
- memory: 500Mi
diff --git a/kubernetes/cluster-0/apps/storage/truecommand/kustomization.yaml b/kubernetes/cluster-0/apps/storage/truecommand/kustomization.yaml
deleted file mode 100644
index fa38f3799..000000000
--- a/kubernetes/cluster-0/apps/storage/truecommand/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./helmrelease.yaml
- - ./volume.yaml
diff --git a/kubernetes/cluster-0/apps/storage/truecommand/volume.yaml b/kubernetes/cluster-0/apps/storage/truecommand/volume.yaml
deleted file mode 100644
index b85fc3abb..000000000
--- a/kubernetes/cluster-0/apps/storage/truecommand/volume.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: truecommand-config
- namespace: default
- labels:
- app.kubernetes.io/name: &name truecommand
- app.kubernetes.io/instance: *name
- snapshot.home.arpa/enabled: "true"
-spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 1Gi
- storageClassName: rook-ceph-block
diff --git a/kubernetes/cluster-0/apps/web-tools/homer-code/helmrelease.yaml b/kubernetes/cluster-0/apps/web-tools/homer-code/helmrelease.yaml
deleted file mode 100644
index f2af2b0ba..000000000
--- a/kubernetes/cluster-0/apps/web-tools/homer-code/helmrelease.yaml
+++ /dev/null
@@ -1,86 +0,0 @@
----
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: &app homer-code
- namespace: default
-spec:
- interval: 15m
- chart:
- spec:
- chart: app-template
- version: 1.2.0
- sourceRef:
- kind: HelmRepository
- name: bjw-s
- namespace: flux-system
- install:
- createNamespace: true
- remediation:
- retries: 5
- upgrade:
- remediation:
- retries: 5
- dependsOn:
- - name: homer
- namespace: default
- values:
- image:
- repository: ghcr.io/coder/code-server
- tag: 4.9.1
- env:
- TZ: "${TIMEZONE}"
- args:
- - --auth
- - "none"
- - --user-data-dir
- - "/config/.vscode"
- - --extensions-dir
- - "/config/.vscode"
- - --port
- - "80"
- - "/config"
- service:
- main:
- ports:
- http:
- port: 80
- ingress:
- main:
- enabled: true
- ingressClassName: "nginx"
- hosts:
- - host: &host "homer-code.${SECRET_CLUSTER_DOMAIN}"
- paths:
- - path: /
- pathType: Prefix
- tls:
- - hosts:
- - *host
- podSecurityContext:
- runAsUser: 0
- runAsGroup: 0
- fsGroup: 0
- persistence:
- config:
- enabled: true
- existingClaim: homer-config
- affinity:
- podAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- - labelSelector:
- matchExpressions:
- - key: app.kubernetes.io/name
- operator: In
- values: ["homer"]
- - key: app.kubernetes.io/instance
- operator: In
- values: ["homer"]
- topologyKey: kubernetes.io/hostname
- resources:
- requests:
- cpu: 10m
- memory: 100Mi
- limits:
- memory: 500Mi
diff --git a/kubernetes/cluster-0/apps/web-tools/homer-code/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/homer-code/kustomization.yaml
deleted file mode 100644
index 17cbc72b2..000000000
--- a/kubernetes/cluster-0/apps/web-tools/homer-code/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/web-tools/homer/helmrelease.yaml b/kubernetes/cluster-0/apps/web-tools/homer/helmrelease.yaml
deleted file mode 100644
index 3d00f1fe1..000000000
--- a/kubernetes/cluster-0/apps/web-tools/homer/helmrelease.yaml
+++ /dev/null
@@ -1,58 +0,0 @@
----
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: &app homer
- namespace: default
-spec:
- interval: 15m
- chart:
- spec:
- chart: app-template
- version: 1.2.0
- sourceRef:
- kind: HelmRepository
- name: bjw-s
- namespace: flux-system
- install:
- createNamespace: true
- remediation:
- retries: 5
- upgrade:
- remediation:
- retries: 5
- values:
- image:
- repository: b4bz/homer
- tag: v22.11.2
- env:
- TZ: "${TIMEZONE}"
- service:
- main:
- ports:
- http:
- port: 8080
- ingress:
- main:
- enabled: true
- ingressClassName: "nginx"
- hosts:
- - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
- paths:
- - path: /
- pathType: Prefix
- tls:
- - hosts:
- - *host
- persistence:
- config:
- enabled: true
- mountPath: /www/assets
- existingClaim: homer-config
- resources:
- requests:
- cpu: 50m
- memory: 256Mi
- limits:
- memory: 512Mi
diff --git a/kubernetes/cluster-0/apps/web-tools/homer/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/homer/kustomization.yaml
deleted file mode 100644
index fa38f3799..000000000
--- a/kubernetes/cluster-0/apps/web-tools/homer/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./helmrelease.yaml
- - ./volume.yaml
diff --git a/kubernetes/cluster-0/apps/web-tools/joplin/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/joplin/kustomization.yaml
deleted file mode 100644
index 57103bc6a..000000000
--- a/kubernetes/cluster-0/apps/web-tools/joplin/kustomization.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./helmrelease.yaml
- - ./secret.sops.yaml
-patchesStrategicMerge:
- - ./patches/postgres.yaml
diff --git a/kubernetes/cluster-0/apps/web-tools/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/kustomization.yaml
deleted file mode 100644
index 86850543a..000000000
--- a/kubernetes/cluster-0/apps/web-tools/kustomization.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: default
-resources:
- - ./freshrss
- - ./homer
- - ./homer-code
- - ./invidious
- - ./joplin
- - ./libreddit
- - ./nitter
- - ./paperless
- - ./sharry
- - ./tandoor
- - ./theme-park
- - ./vaultwarden
- - ./vikunja
- - ./wallabag
- - ./whoogle
diff --git a/kubernetes/cluster-0/apps/web-tools/libreddit/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/libreddit/kustomization.yaml
deleted file mode 100644
index 17cbc72b2..000000000
--- a/kubernetes/cluster-0/apps/web-tools/libreddit/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/web-tools/paperless/redis/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/paperless/redis/kustomization.yaml
deleted file mode 100644
index 17cbc72b2..000000000
--- a/kubernetes/cluster-0/apps/web-tools/paperless/redis/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/web-tools/theme-park/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/theme-park/kustomization.yaml
deleted file mode 100644
index 17cbc72b2..000000000
--- a/kubernetes/cluster-0/apps/web-tools/theme-park/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/apps/web-tools/whoogle/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/whoogle/kustomization.yaml
deleted file mode 100644
index 17cbc72b2..000000000
--- a/kubernetes/cluster-0/apps/web-tools/whoogle/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/core/flux-system/kustomization.yaml b/kubernetes/cluster-0/core/flux-system/kustomization.yaml
deleted file mode 100644
index 2611cbe27..000000000
--- a/kubernetes/cluster-0/core/flux-system/kustomization.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./notifications
- - ./weave-gitops
- - ./webhook
- - ./pod-monitor.yaml
- - ./prometheus-rule.yaml
diff --git a/kubernetes/cluster-0/core/flux-system/pod-monitor.yaml b/kubernetes/cluster-0/core/flux-system/pod-monitor.yaml
deleted file mode 100644
index dc556dc08..000000000
--- a/kubernetes/cluster-0/core/flux-system/pod-monitor.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-apiVersion: monitoring.coreos.com/v1
-kind: PodMonitor
-metadata:
- name: flux-system
- namespace: flux-system
- labels:
- app.kubernetes.io/part-of: flux
-spec:
- namespaceSelector:
- matchNames:
- - flux-system
- selector:
- matchExpressions:
- - key: app
- operator: Exists
- podMetricsEndpoints:
- - port: http-prom
- honorLabels: true
diff --git a/kubernetes/cluster-0/core/rook-ceph/cluster/kustomization.yaml b/kubernetes/cluster-0/core/rook-ceph/cluster/kustomization.yaml
deleted file mode 100644
index 17cbc72b2..000000000
--- a/kubernetes/cluster-0/core/rook-ceph/cluster/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/core/rook-ceph/operator/kustomization.yaml b/kubernetes/cluster-0/core/rook-ceph/operator/kustomization.yaml
deleted file mode 100644
index 17cbc72b2..000000000
--- a/kubernetes/cluster-0/core/rook-ceph/operator/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./helmrelease.yaml
diff --git a/kubernetes/cluster-0/core/rook-ceph/rook-toolbox/kustomization.yaml b/kubernetes/cluster-0/core/rook-ceph/rook-toolbox/kustomization.yaml
deleted file mode 100644
index 46dc4a4fe..000000000
--- a/kubernetes/cluster-0/core/rook-ceph/rook-toolbox/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./deployment.yaml
diff --git a/kubernetes/flux/apps.yaml b/kubernetes/flux/apps.yaml
new file mode 100644
index 000000000..e689fcdf8
--- /dev/null
+++ b/kubernetes/flux/apps.yaml
@@ -0,0 +1,44 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: apps
+ namespace: flux-system
+spec:
+ interval: 10m0s
+ path: ./kubernetes/apps
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
+ postBuild:
+ substitute: {}
+ substituteFrom:
+ - kind: ConfigMap
+ name: cluster-settings
+ - kind: Secret
+ name: cluster-secrets
+ patches:
+ - patch: |-
+ apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+ kind: Kustomization
+ metadata:
+ name: not-used
+ spec:
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
+ postBuild:
+ substituteFrom:
+ - kind: ConfigMap
+ name: cluster-settings
+ - kind: Secret
+ name: cluster-secrets
+ target:
+ labelSelector: substitution.flux.home.arpa/enabled=true
diff --git a/kubernetes/flux/config/cluster.yaml b/kubernetes/flux/config/cluster.yaml
new file mode 100644
index 000000000..f35f6f817
--- /dev/null
+++ b/kubernetes/flux/config/cluster.yaml
@@ -0,0 +1,47 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/gitrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: GitRepository
+metadata:
+ name: home-ops-kubernetes
+ namespace: flux-system
+spec:
+ interval: 30m
+ # https://github.com/k8s-at-home/template-cluster-k3s/issues/324
+ url: ssh://git@github.com/auricom/home-ops
+ ref:
+ branch: main
+ secretRef:
+ name: github-deploy-key
+ ignore: |
+ # exclude all
+ /*
+ # include kubernetes directory
+ !/kubernetes
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: flux-cluster
+ namespace: flux-system
+spec:
+ interval: 30m
+ path: ./kubernetes/flux
+ prune: true
+ wait: false
+ sourceRef:
+ kind: GitRepository
+ name: home-ops-kubernetes
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
+ postBuild:
+ substituteFrom:
+ - kind: ConfigMap
+ name: cluster-settings
+ optional: false
+ - kind: Secret
+ name: cluster-secrets
+ optional: false
diff --git a/kubernetes/flux/config/flux.yaml b/kubernetes/flux/config/flux.yaml
new file mode 100644
index 000000000..f34f93628
--- /dev/null
+++ b/kubernetes/flux/config/flux.yaml
@@ -0,0 +1,48 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/ocirepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: OCIRepository
+metadata:
+ name: flux-manifests
+ namespace: flux-system
+spec:
+ interval: 10m
+ url: oci://ghcr.io/fluxcd/flux-manifests
+ ref:
+ tag: v0.38.2
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: flux-installation
+ namespace: flux-system
+spec:
+ interval: 10m
+ path: ./
+ prune: true
+ wait: true
+ sourceRef:
+ kind: OCIRepository
+ name: flux-manifests
+ patches:
+ - patch: |
+ $patch: delete
+ apiVersion: networking.k8s.io/v1
+ kind: NetworkPolicy
+ metadata:
+ name: not-used
+ target:
+ group: networking.k8s.io
+ version: v1
+ kind: NetworkPolicy
+ - patch: |
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --concurrent=20
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --requeue-dependency=5s
+ target:
+ kind: Deployment
+ name: "(kustomize-controller|helm-controller|source-controller)"
diff --git a/kubernetes/base/kustomization.yaml b/kubernetes/flux/config/kustomization.yaml
similarity index 81%
rename from kubernetes/base/kustomization.yaml
rename to kubernetes/flux/config/kustomization.yaml
index 9e259c76f..2ff3c784d 100644
--- a/kubernetes/base/kustomization.yaml
+++ b/kubernetes/flux/config/kustomization.yaml
@@ -3,5 +3,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- - ./config
- - ./repositories
+ - ./flux.yaml
+ - ./cluster.yaml
diff --git a/kubernetes/flux/flux-cluster.yaml b/kubernetes/flux/flux-cluster.yaml
deleted file mode 100644
index 015410b8c..000000000
--- a/kubernetes/flux/flux-cluster.yaml
+++ /dev/null
@@ -1,121 +0,0 @@
----
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/gitrepository_v1beta2.json
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: GitRepository
-metadata:
- name: home-ops
- namespace: flux-system
-spec:
- interval: 30m
- # https://github.com/k8s-at-home/template-cluster-k3s/issues/324
- url: ssh://git@github.com/auricom/home-ops
- ref:
- branch: main
- secretRef:
- name: github-deploy-key
----
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: flux-cluster
- namespace: flux-system
-spec:
- interval: 30m
- path: ./kubernetes/flux
- prune: true
- wait: false
- sourceRef:
- kind: GitRepository
- name: home-ops
----
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: base
- namespace: flux-system
-spec:
- interval: 10m0s
- path: ./kubernetes/base
- prune: true
- sourceRef:
- kind: GitRepository
- name: home-ops
- decryption:
- provider: sops
- secretRef:
- name: sops-age
----
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: core
- namespace: flux-system
-spec:
- interval: 10m0s
- dependsOn:
- - name: base
- path: ./kubernetes/cluster-0/core
- prune: false
- sourceRef:
- kind: GitRepository
- name: home-ops
- decryption:
- provider: sops
- secretRef:
- name: sops-age
- postBuild:
- substitute: {}
- substituteFrom:
- - kind: ConfigMap
- name: cluster-settings
- - kind: Secret
- name: cluster-secrets
----
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: apps
- namespace: flux-system
-spec:
- interval: 10m0s
- dependsOn:
- - name: core
- path: ./kubernetes/cluster-0/apps
- prune: true
- sourceRef:
- kind: GitRepository
- name: home-ops
- decryption:
- provider: sops
- secretRef:
- name: sops-age
- postBuild:
- substitute: {}
- substituteFrom:
- - kind: ConfigMap
- name: cluster-settings
- - kind: Secret
- name: cluster-secrets
- patches:
- - patch: |-
- apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
- kind: Kustomization
- metadata:
- name: not-used
- spec:
- decryption:
- provider: sops
- secretRef:
- name: sops-age
- postBuild:
- substituteFrom:
- - kind: ConfigMap
- name: cluster-settings
- - kind: Secret
- name: cluster-secrets
- target:
- labelSelector: substitution.flux.home.arpa/enabled=true
diff --git a/kubernetes/flux/flux-installation.yaml b/kubernetes/flux/flux-installation.yaml
deleted file mode 100644
index 11e0def33..000000000
--- a/kubernetes/flux/flux-installation.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
----
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/gitrepository_v1beta2.json
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: GitRepository
-metadata:
- name: flux-installation
- namespace: flux-system
-spec:
- interval: 30m
- ref:
- # renovate: datasource=github-releases depName=fluxcd/flux2
- tag: "v0.38.2"
- url: https://github.com/fluxcd/flux2
- ignore: |
- # exclude all
- /*
- # path to manifests
- !/manifests
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: flux-installation
- namespace: flux-system
-spec:
- interval: 30m
- path: ./manifests/install
- prune: true
- wait: true
- sourceRef:
- kind: GitRepository
- name: flux-installation
- patches:
- - target:
- group: networking.k8s.io
- version: v1
- kind: NetworkPolicy
- patch: |-
- $patch: delete
- apiVersion: networking.k8s.io/v1
- kind: NetworkPolicy
- metadata:
- name: all
diff --git a/kubernetes/flux/flux-prereqs.yaml b/kubernetes/flux/flux-prereqs.yaml
deleted file mode 100644
index efe0ed6ba..000000000
--- a/kubernetes/flux/flux-prereqs.yaml
+++ /dev/null
@@ -1,61 +0,0 @@
----
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/gitrepository_v1beta2.json
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: GitRepository
-metadata:
- name: kube-prometheus-stack
- namespace: flux-system
-spec:
- interval: 12h
- url: https://github.com/prometheus-community/helm-charts.git
- ref:
- # renovate: registryUrl=https://prometheus-community.github.io/helm-charts chart=kube-prometheus-stack
- tag: kube-prometheus-stack-43.1.1
- ignore: |
- # exclude all
- /*
- # include crd directory
- !/charts/kube-prometheus-stack/crds
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: kube-prometheus-stack-crds
- namespace: flux-system
-spec:
- interval: 30m
- prune: false
- wait: true
- sourceRef:
- kind: GitRepository
- name: kube-prometheus-stack
----
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: GitRepository
-metadata:
- name: kyverno
- namespace: flux-system
-spec:
- interval: 12h
- url: https://github.com/kyverno/kyverno.git
- ref:
- # renovate: registryUrl=https://kyverno.github.io/kyverno chart=kyverno
- tag: kyverno-chart-2.6.5
- ignore: |
- # exclude all
- /*
- # include crd directory
- !/config/crds
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: kyverno-crds
- namespace: flux-system
-spec:
- interval: 30m
- prune: false
- wait: true
- sourceRef:
- kind: GitRepository
- name: kyverno
diff --git a/kubernetes/flux/kustomization.yaml b/kubernetes/flux/kustomization.yaml
deleted file mode 100644
index 736c7320e..000000000
--- a/kubernetes/flux/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - ./flux-installation.yaml
- - ./flux-cluster.yaml
- - ./flux-prereqs.yaml
diff --git a/kubernetes/base/repositories/helm/backube.yaml b/kubernetes/flux/repositories/helm/backube.yaml
similarity index 100%
rename from kubernetes/base/repositories/helm/backube.yaml
rename to kubernetes/flux/repositories/helm/backube.yaml
diff --git a/kubernetes/base/repositories/helm/bitnami.yaml b/kubernetes/flux/repositories/helm/bitnami.yaml
similarity index 94%
rename from kubernetes/base/repositories/helm/bitnami.yaml
rename to kubernetes/flux/repositories/helm/bitnami.yaml
index c06081a73..2010fa83b 100644
--- a/kubernetes/base/repositories/helm/bitnami.yaml
+++ b/kubernetes/flux/repositories/helm/bitnami.yaml
@@ -6,6 +6,6 @@ metadata:
name: bitnami
namespace: flux-system
spec:
- interval: 1h
+ interval: 2h
url: https://charts.bitnami.com/bitnami
timeout: 3m
diff --git a/kubernetes/base/repositories/helm/bjw-s.yaml b/kubernetes/flux/repositories/helm/bjw-s.yaml
similarity index 94%
rename from kubernetes/base/repositories/helm/bjw-s.yaml
rename to kubernetes/flux/repositories/helm/bjw-s.yaml
index 2a5302f3c..012535efb 100644
--- a/kubernetes/base/repositories/helm/bjw-s.yaml
+++ b/kubernetes/flux/repositories/helm/bjw-s.yaml
@@ -6,5 +6,5 @@ metadata:
name: bjw-s
namespace: flux-system
spec:
- interval: 1h
+ interval: 2h
url: https://bjw-s.github.io/helm-charts/
diff --git a/kubernetes/base/repositories/helm/cert-manager-webhook-ovh.yaml b/kubernetes/flux/repositories/helm/cert-manager-webhook-ovh.yaml
similarity index 52%
rename from kubernetes/base/repositories/helm/cert-manager-webhook-ovh.yaml
rename to kubernetes/flux/repositories/helm/cert-manager-webhook-ovh.yaml
index b51c71d33..0ad0181de 100644
--- a/kubernetes/base/repositories/helm/cert-manager-webhook-ovh.yaml
+++ b/kubernetes/flux/repositories/helm/cert-manager-webhook-ovh.yaml
@@ -1,17 +1,10 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: GitRepository
+kind: HelmRepository
metadata:
name: cert-manager-webhook-ovh
namespace: flux-system
spec:
- interval: 12h
- url: https://github.com/baarde/cert-manager-webhook-ovh
- ref:
- branch: master
- ignore: |
- # exclude all
- /*
- # include charts directory
- !/deploy/
+ interval: 2h
+ url: https://aureq.github.io/cert-manager-webhook-ovh/
diff --git a/kubernetes/base/repositories/helm/cilium.yaml b/kubernetes/flux/repositories/helm/cilium.yaml
similarity index 94%
rename from kubernetes/base/repositories/helm/cilium.yaml
rename to kubernetes/flux/repositories/helm/cilium.yaml
index c650d3216..1d07a03de 100644
--- a/kubernetes/base/repositories/helm/cilium.yaml
+++ b/kubernetes/flux/repositories/helm/cilium.yaml
@@ -6,5 +6,5 @@ metadata:
name: cilium
namespace: flux-system
spec:
- interval: 1h
+ interval: 2h
url: https://helm.cilium.io
diff --git a/kubernetes/base/repositories/helm/cloudnative-pg.yaml b/kubernetes/flux/repositories/helm/cloudnative-pg.yaml
similarity index 94%
rename from kubernetes/base/repositories/helm/cloudnative-pg.yaml
rename to kubernetes/flux/repositories/helm/cloudnative-pg.yaml
index e720be076..b7812e283 100644
--- a/kubernetes/base/repositories/helm/cloudnative-pg.yaml
+++ b/kubernetes/flux/repositories/helm/cloudnative-pg.yaml
@@ -6,5 +6,5 @@ metadata:
name: cloudnative-pg
namespace: flux-system
spec:
- interval: 1h
+ interval: 2h
url: https://cloudnative-pg.github.io/charts
diff --git a/kubernetes/base/repositories/helm/crowdsec.yaml b/kubernetes/flux/repositories/helm/crowdsec.yaml
similarity index 94%
rename from kubernetes/base/repositories/helm/crowdsec.yaml
rename to kubernetes/flux/repositories/helm/crowdsec.yaml
index 455f95429..2ba8ab830 100644
--- a/kubernetes/base/repositories/helm/crowdsec.yaml
+++ b/kubernetes/flux/repositories/helm/crowdsec.yaml
@@ -6,5 +6,5 @@ metadata:
name: crowdsec
namespace: flux-system
spec:
- interval: 1h
+ interval: 2h
url: https://crowdsecurity.github.io/helm-charts
diff --git a/kubernetes/base/repositories/helm/descheduler.yaml b/kubernetes/flux/repositories/helm/descheduler.yaml
similarity index 94%
rename from kubernetes/base/repositories/helm/descheduler.yaml
rename to kubernetes/flux/repositories/helm/descheduler.yaml
index d16fd7e7c..2d369e96c 100644
--- a/kubernetes/base/repositories/helm/descheduler.yaml
+++ b/kubernetes/flux/repositories/helm/descheduler.yaml
@@ -6,5 +6,5 @@ metadata:
name: descheduler
namespace: flux-system
spec:
- interval: 1h
+ interval: 2h
url: https://kubernetes-sigs.github.io/descheduler
diff --git a/kubernetes/base/repositories/helm/drone.yaml b/kubernetes/flux/repositories/helm/drone.yaml
similarity index 94%
rename from kubernetes/base/repositories/helm/drone.yaml
rename to kubernetes/flux/repositories/helm/drone.yaml
index ca0afbfa1..f66cc5d03 100644
--- a/kubernetes/base/repositories/helm/drone.yaml
+++ b/kubernetes/flux/repositories/helm/drone.yaml
@@ -6,5 +6,5 @@ metadata:
name: drone
namespace: flux-system
spec:
- interval: 1h
+ interval: 2h
url: https://charts.drone.io
diff --git a/kubernetes/base/repositories/helm/dysnix.yaml b/kubernetes/flux/repositories/helm/dysnix.yaml
similarity index 94%
rename from kubernetes/base/repositories/helm/dysnix.yaml
rename to kubernetes/flux/repositories/helm/dysnix.yaml
index 31adb4db1..2e9538838 100644
--- a/kubernetes/base/repositories/helm/dysnix.yaml
+++ b/kubernetes/flux/repositories/helm/dysnix.yaml
@@ -6,5 +6,5 @@ metadata:
name: dysnix
namespace: flux-system
spec:
- interval: 1h
+ interval: 2h
url: https://dysnix.github.io/charts
diff --git a/kubernetes/base/repositories/helm/emxq.yaml b/kubernetes/flux/repositories/helm/emxq.yaml
similarity index 94%
rename from kubernetes/base/repositories/helm/emxq.yaml
rename to kubernetes/flux/repositories/helm/emxq.yaml
index 7d417ee82..a74fce2df 100644
--- a/kubernetes/base/repositories/helm/emxq.yaml
+++ b/kubernetes/flux/repositories/helm/emxq.yaml
@@ -6,6 +6,6 @@ metadata:
name: emqx
namespace: flux-system
spec:
- interval: 1h
+ interval: 2h
url: https://repos.emqx.io/charts
timeout: 3m
diff --git a/kubernetes/base/repositories/helm/external-dns.yaml b/kubernetes/flux/repositories/helm/external-dns.yaml
similarity index 94%
rename from kubernetes/base/repositories/helm/external-dns.yaml
rename to kubernetes/flux/repositories/helm/external-dns.yaml
index 089b294e8..fe51f2cd6 100644
--- a/kubernetes/base/repositories/helm/external-dns.yaml
+++ b/kubernetes/flux/repositories/helm/external-dns.yaml
@@ -6,5 +6,5 @@ metadata:
name: external-dns
namespace: flux-system
spec:
- interval: 1h
+ interval: 2h
url: https://kubernetes-sigs.github.io/external-dns
diff --git a/kubernetes/base/repositories/helm/gitea.yaml b/kubernetes/flux/repositories/helm/gitea.yaml
similarity index 94%
rename from kubernetes/base/repositories/helm/gitea.yaml
rename to kubernetes/flux/repositories/helm/gitea.yaml
index 5ad2e269e..61aee9b63 100644
--- a/kubernetes/base/repositories/helm/gitea.yaml
+++ b/kubernetes/flux/repositories/helm/gitea.yaml
@@ -6,6 +6,6 @@ metadata:
name: gitea
namespace: flux-system
spec:
- interval: 1h
+ interval: 2h
url: https://dl.gitea.io/charts
timeout: 3m
diff --git a/kubernetes/base/repositories/helm/grafana.yaml b/kubernetes/flux/repositories/helm/grafana.yaml
similarity index 94%
rename from kubernetes/base/repositories/helm/grafana.yaml
rename to kubernetes/flux/repositories/helm/grafana.yaml
index 87a3610b9..2a8c491cc 100644
--- a/kubernetes/base/repositories/helm/grafana.yaml
+++ b/kubernetes/flux/repositories/helm/grafana.yaml
@@ -6,6 +6,6 @@ metadata:
name: grafana
namespace: flux-system
spec:
- interval: 1h
+ interval: 2h
url: https://grafana.github.io/helm-charts
timeout: 3m
diff --git a/kubernetes/flux/repositories/helm/hajimari.yaml b/kubernetes/flux/repositories/helm/hajimari.yaml
new file mode 100644
index 000000000..064a38377
--- /dev/null
+++ b/kubernetes/flux/repositories/helm/hajimari.yaml
@@ -0,0 +1,10 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+ name: hajimari
+ namespace: flux-system
+spec:
+ interval: 2h
+ url: https://hajimari.io
diff --git a/kubernetes/base/repositories/helm/ingress-nginx.yaml b/kubernetes/flux/repositories/helm/ingress-nginx.yaml
similarity index 95%
rename from kubernetes/base/repositories/helm/ingress-nginx.yaml
rename to kubernetes/flux/repositories/helm/ingress-nginx.yaml
index 3f14da991..9c71072ea 100644
--- a/kubernetes/base/repositories/helm/ingress-nginx.yaml
+++ b/kubernetes/flux/repositories/helm/ingress-nginx.yaml
@@ -6,6 +6,6 @@ metadata:
name: ingress-nginx
namespace: flux-system
spec:
- interval: 1h
+ interval: 2h
url: https://kubernetes.github.io/ingress-nginx
timeout: 3m
diff --git a/kubernetes/base/repositories/helm/jetstack.yaml b/kubernetes/flux/repositories/helm/jetstack.yaml
similarity index 94%
rename from kubernetes/base/repositories/helm/jetstack.yaml
rename to kubernetes/flux/repositories/helm/jetstack.yaml
index 444e6636f..21d2096ad 100644
--- a/kubernetes/base/repositories/helm/jetstack.yaml
+++ b/kubernetes/flux/repositories/helm/jetstack.yaml
@@ -6,6 +6,6 @@ metadata:
name: jetstack
namespace: flux-system
spec:
- interval: 1h
+ interval: 2h
url: https://charts.jetstack.io/
timeout: 3m
diff --git a/kubernetes/base/repositories/helm/kustomization.yaml b/kubernetes/flux/repositories/helm/kustomization.yaml
similarity index 97%
rename from kubernetes/base/repositories/helm/kustomization.yaml
rename to kubernetes/flux/repositories/helm/kustomization.yaml
index c6fdcfe15..d2922488c 100644
--- a/kubernetes/base/repositories/helm/kustomization.yaml
+++ b/kubernetes/flux/repositories/helm/kustomization.yaml
@@ -17,6 +17,7 @@ resources:
- ./external-dns.yaml
- ./gitea.yaml
- ./grafana.yaml
+ - ./hajimari.yaml
- ./ingress-nginx.yaml
- ./jetstack.yaml
- ./kyverno.yaml
diff --git a/kubernetes/base/repositories/helm/kyverno.yaml b/kubernetes/flux/repositories/helm/kyverno.yaml
similarity index 94%
rename from kubernetes/base/repositories/helm/kyverno.yaml
rename to kubernetes/flux/repositories/helm/kyverno.yaml
index 3465261a6..bbc64aade 100644
--- a/kubernetes/base/repositories/helm/kyverno.yaml
+++ b/kubernetes/flux/repositories/helm/kyverno.yaml
@@ -6,5 +6,5 @@ metadata:
name: kyverno
namespace: flux-system
spec:
- interval: 1h
+ interval: 2h
url: https://kyverno.github.io/kyverno/
diff --git a/kubernetes/base/repositories/helm/metrics-server.yaml b/kubernetes/flux/repositories/helm/metrics-server.yaml
similarity index 95%
rename from kubernetes/base/repositories/helm/metrics-server.yaml
rename to kubernetes/flux/repositories/helm/metrics-server.yaml
index 74cbc0012..96adea5b1 100644
--- a/kubernetes/base/repositories/helm/metrics-server.yaml
+++ b/kubernetes/flux/repositories/helm/metrics-server.yaml
@@ -6,5 +6,5 @@ metadata:
name: metrics-server
namespace: flux-system
spec:
- interval: 1h
+ interval: 2h
url: https://kubernetes-sigs.github.io/metrics-server
diff --git a/kubernetes/base/repositories/helm/node-feature-discovery.yaml b/kubernetes/flux/repositories/helm/node-feature-discovery.yaml
similarity index 95%
rename from kubernetes/base/repositories/helm/node-feature-discovery.yaml
rename to kubernetes/flux/repositories/helm/node-feature-discovery.yaml
index 2df83a1d6..489ae79fb 100644
--- a/kubernetes/base/repositories/helm/node-feature-discovery.yaml
+++ b/kubernetes/flux/repositories/helm/node-feature-discovery.yaml
@@ -6,6 +6,6 @@ metadata:
name: node-feature-discovery
namespace: flux-system
spec:
- interval: 1h
+ interval: 2h
url: https://kubernetes-sigs.github.io/node-feature-discovery/charts
timeout: 3m
diff --git a/kubernetes/base/repositories/helm/piraeus.yaml b/kubernetes/flux/repositories/helm/piraeus.yaml
similarity index 100%
rename from kubernetes/base/repositories/helm/piraeus.yaml
rename to kubernetes/flux/repositories/helm/piraeus.yaml
diff --git a/kubernetes/base/repositories/helm/postfinance.yaml b/kubernetes/flux/repositories/helm/postfinance.yaml
similarity index 95%
rename from kubernetes/base/repositories/helm/postfinance.yaml
rename to kubernetes/flux/repositories/helm/postfinance.yaml
index 8ef081684..98e0dc353 100644
--- a/kubernetes/base/repositories/helm/postfinance.yaml
+++ b/kubernetes/flux/repositories/helm/postfinance.yaml
@@ -6,5 +6,5 @@ metadata:
name: postfinance
namespace: flux-system
spec:
- interval: 1h
+ interval: 2h
url: https://postfinance.github.io/kubelet-csr-approver
diff --git a/kubernetes/base/repositories/helm/prometheus-community.yaml b/kubernetes/flux/repositories/helm/prometheus-community.yaml
similarity index 95%
rename from kubernetes/base/repositories/helm/prometheus-community.yaml
rename to kubernetes/flux/repositories/helm/prometheus-community.yaml
index e913fbc48..1c1625bb7 100644
--- a/kubernetes/base/repositories/helm/prometheus-community.yaml
+++ b/kubernetes/flux/repositories/helm/prometheus-community.yaml
@@ -6,6 +6,6 @@ metadata:
name: prometheus-community
namespace: flux-system
spec:
- interval: 1h
+ interval: 2h
url: https://prometheus-community.github.io/helm-charts
timeout: 3m
diff --git a/kubernetes/base/repositories/helm/rook-ceph.yaml b/kubernetes/flux/repositories/helm/rook-ceph.yaml
similarity index 94%
rename from kubernetes/base/repositories/helm/rook-ceph.yaml
rename to kubernetes/flux/repositories/helm/rook-ceph.yaml
index b53d02ddf..aeebcba56 100644
--- a/kubernetes/base/repositories/helm/rook-ceph.yaml
+++ b/kubernetes/flux/repositories/helm/rook-ceph.yaml
@@ -6,6 +6,6 @@ metadata:
name: rook-ceph
namespace: flux-system
spec:
- interval: 1h
+ interval: 2h
url: https://charts.rook.io/release
timeout: 3m
diff --git a/kubernetes/base/repositories/helm/stakater.yaml b/kubernetes/flux/repositories/helm/stakater.yaml
similarity index 95%
rename from kubernetes/base/repositories/helm/stakater.yaml
rename to kubernetes/flux/repositories/helm/stakater.yaml
index f2130e3aa..67a915d79 100644
--- a/kubernetes/base/repositories/helm/stakater.yaml
+++ b/kubernetes/flux/repositories/helm/stakater.yaml
@@ -6,6 +6,6 @@ metadata:
name: stakater
namespace: flux-system
spec:
- interval: 1h
+ interval: 2h
url: https://stakater.github.io/stakater-charts
timeout: 3m
diff --git a/kubernetes/base/repositories/helm/vector.yaml b/kubernetes/flux/repositories/helm/vector.yaml
similarity index 94%
rename from kubernetes/base/repositories/helm/vector.yaml
rename to kubernetes/flux/repositories/helm/vector.yaml
index f50cdf45d..ab4237c03 100644
--- a/kubernetes/base/repositories/helm/vector.yaml
+++ b/kubernetes/flux/repositories/helm/vector.yaml
@@ -6,5 +6,5 @@ metadata:
name: vector
namespace: flux-system
spec:
- interval: 1h
+ interval: 2h
url: https://helm.vector.dev
diff --git a/kubernetes/base/repositories/helm/weave-gitops.yaml b/kubernetes/flux/repositories/helm/weave-gitops.yaml
similarity index 100%
rename from kubernetes/base/repositories/helm/weave-gitops.yaml
rename to kubernetes/flux/repositories/helm/weave-gitops.yaml
diff --git a/kubernetes/base/repositories/kustomization.yaml b/kubernetes/flux/repositories/kustomization.yaml
similarity index 100%
rename from kubernetes/base/repositories/kustomization.yaml
rename to kubernetes/flux/repositories/kustomization.yaml
diff --git a/kubernetes/base/config/cluster-secrets.sops.yaml b/kubernetes/flux/vars/cluster-secrets.sops.yaml
similarity index 100%
rename from kubernetes/base/config/cluster-secrets.sops.yaml
rename to kubernetes/flux/vars/cluster-secrets.sops.yaml
diff --git a/kubernetes/base/config/cluster-settings.yaml b/kubernetes/flux/vars/cluster-settings.yaml
similarity index 100%
rename from kubernetes/base/config/cluster-settings.yaml
rename to kubernetes/flux/vars/cluster-settings.yaml
diff --git a/kubernetes/base/config/kustomization.yaml b/kubernetes/flux/vars/kustomization.yaml
similarity index 100%
rename from kubernetes/base/config/kustomization.yaml
rename to kubernetes/flux/vars/kustomization.yaml
diff --git a/talos/.gitignore b/talos/.gitignore
new file mode 100644
index 000000000..d17adace1
--- /dev/null
+++ b/talos/.gitignore
@@ -0,0 +1,2 @@
+charts
+clusterconfig
diff --git a/infrastructure/talos/README.md b/talos/README.md
similarity index 63%
rename from infrastructure/talos/README.md
rename to talos/README.md
index 0c3f19c21..997655500 100644
--- a/infrastructure/talos/README.md
+++ b/talos/README.md
@@ -31,17 +31,3 @@ Feel free to open a [Github issue](https://github.com/budimanjojo/home-cluster/i
7. Copy the generated `./clusterconfig/talosconfig` to your `~/.talos/config`.
8. Run `talosctl -n apply-config --insecure --file ./clusterconfig/-.yaml` on each of your node. Don't forget to run `talosctl -n bootstrap` on one of your controlplane node.
9. Push your current directory to your git repository of choice. :wink:
-
----
-
-## :memo: After bootstrap
-
-1. Deploy [cilium](https://cilium.io/) : `kubectl kustomize --enable-helm ./cni | kubectl apply -f -`
-2. Deploy [kubelet-csr-approver](https://github.com/postfinance/kubelet-csr-approver) `kubectl kustomize --enable-helm ./kubelet-csr-approver | kubectl apply -f -` to approve csr issued by talos nodes (that will allow to see pods logs).
-3. Deploy [flux](https://github.com/fluxcd/flux2) `kubectl apply -k ./flux`
-4. Create flux github secret `kubectl apply -f ./flux/.decrypted\~github-deploy-key.sops.yaml`
-5. Create sops secret `cat ~/.config/sops/age/keys.txt | kubectl create secret generic sops-age --namespace=flux-system --from-file=age.agekey=/dev/stdin`
-6. Apply flux cluster configuration `kubectl apply -k kubernetes/flux`
-7. Apply flux base configuration `kubectl apply -f kubernetes/base/flux.yaml`
-8. Apply flux core `kubectl apply -f kubernetes/cluster-0/core/flux.yaml`
-9. Apply flux apps `kubectl apply -f kubernetes/cluster-0/apps/flux.yaml`
diff --git a/infrastructure/talos/cluster-0/talconfig.yaml b/talos/talconfig.yaml
similarity index 100%
rename from infrastructure/talos/cluster-0/talconfig.yaml
rename to talos/talconfig.yaml
diff --git a/infrastructure/talos/cluster-0/talenv.sops.yaml b/talos/talenv.sops.yaml
similarity index 100%
rename from infrastructure/talos/cluster-0/talenv.sops.yaml
rename to talos/talenv.sops.yaml
diff --git a/infrastructure/talos/cluster-0/talsecret.sops.yaml b/talos/talsecret.sops.yaml
similarity index 100%
rename from infrastructure/talos/cluster-0/talsecret.sops.yaml
rename to talos/talsecret.sops.yaml
diff --git a/kubernetes/tools/kopia-restore.yaml b/tools/kopia-restore.yaml
similarity index 100%
rename from kubernetes/tools/kopia-restore.yaml
rename to tools/kopia-restore.yaml
diff --git a/kubernetes/tools/wipe-rook.yaml b/tools/wipe-rook.yaml
similarity index 100%
rename from kubernetes/tools/wipe-rook.yaml
rename to tools/wipe-rook.yaml