shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

♻️ apply kube templates

Browse Source
This commit is contained in:
auricom
2024-01-23 17:22:40 +01:00
parent d384984388
commit cb87a67dd2
262 changed files with 1510 additions and 3360 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
kubernetes/apps/default/atuin/ks.yaml
View File

@@ -3,11 +3,15 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-atuin
name: &app atuin
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
dependsOn:
- name: cluster-apps-external-secrets-stores
- name: external-secrets-stores
path: ./kubernetes/apps/default/atuin/app
prune: true
sourceRef:
@@ -17,3 +21,6 @@ spec:
interval: 30m
retryInterval: 1m
timeout: 5m
postBuild:
substitute:
APP: *app

32
kubernetes/apps/default/authelia/ks.yaml
View File

@@ -3,32 +3,50 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-authelia-app
name: &app authelia
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
dependsOn:
- name: cluster-apps-authelia-redis
- name: cluster-apps-external-secrets-stores
- name: authelia-redis
- name: external-secrets-stores
path: ./kubernetes/apps/default/authelia/app
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
wait: false
interval: 30m
retryInterval: 1m
timeout: 3m
timeout: 5m
postBuild:
substitute:
APP: *app
GATUS_SUBDOMAIN: auth
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-authelia-redis
name: authelia-redis
namespace: flux-system
spec:
interval: 10m
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: &app authelia
path: ./kubernetes/apps/default/authelia/redis
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
wait: false # no flux ks dependents
wait: false
interval: 30m
retryInterval: 1m
timeout: 5m
postBuild:
substitute:
APP: *app

22
kubernetes/apps/default/babybuddy/app/gatus.yaml
View File

@@ -1,22 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: babybuddy-gatus-ep
namespace: default
labels:
gatus.io/enabled: "true"
data:
config.yaml: |
endpoints:
- name: babybuddy
group: internal
url: https://babybuddy.${SECRET_CLUSTER_DOMAIN}/login/
interval: 1m
client:
insecure: true
conditions:
- "[STATUS] == 200"
alerts:
- type: pushover

15
kubernetes/apps/default/babybuddy/app/helmrelease.yaml
View File

@@ -31,7 +31,6 @@ spec:
main:
annotations:
reloader.stakater.com/auto: "true"
type: statefulset
initContainers:
init-db:
order: 1
@@ -75,14 +74,6 @@ spec:
requests:
cpu: 100m
memory: 256Mi
statefulset:
volumeClaimTemplates:
- name: config
accessMode: ReadWriteOnce
size: 1Gi
storageClass: rook-ceph-block
globalMounts:
- path: /config
service:
main:
ports:
@@ -104,3 +95,9 @@ spec:
tls:
- hosts:
- *host
persistence:
config:
enabled: true
existingClaim: *app
globalMounts:
- path: /config

4
kubernetes/apps/default/babybuddy/app/kustomization.yaml
View File

@@ -5,6 +5,6 @@ kind: Kustomization
namespace: default
resources:
- ./externalsecret.yaml
- ./gatus.yaml
- ./helmrelease.yaml
- ./volsync.yaml
- ../../../../templates/gatus/guarded
- ../../../../templates/volsync

48
kubernetes/apps/default/babybuddy/app/volsync.yaml
View File

@@ -1,48 +0,0 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: babybuddy-restic
namespace: default
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: babybuddy-restic-secret
template:
engineVersion: v2
data:
RESTIC_REPOSITORY: '{{ .REPOSITORY_TEMPLATE }}/babybuddy'
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
dataFrom:
- extract:
key: volsync-restic-template
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/volsync.backube/replicationsource_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: babybuddy
namespace: default
spec:
sourcePVC: config-babybuddy-0
trigger:
schedule: "0 7 * * *"
restic:
copyMethod: Snapshot
pruneIntervalDays: 7
repository: babybuddy-restic-secret
cacheCapacity: 10Gi
volumeSnapshotClassName: csi-ceph-blockpool
storageClassName: rook-ceph-block
moverSecurityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
retain:
daily: 7
within: 3d

17
kubernetes/apps/default/babybuddy/ks.yaml
View File

@@ -3,17 +3,26 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-babybuddy
name: &app babybuddy
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/apps/default/babybuddy/app
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
dependsOn:
- name: cluster-apps-external-secrets-stores
# - name: cluster-apps-volsync-app
- name: external-secrets-stores
- name: volsync
wait: false
interval: 30m
retryInterval: 1m
timeout: 3m
timeout: 5m
postBuild:
substitute:
APP: *app
VOLSYNC_CAPACITY: 2Gi

26
kubernetes/apps/default/bazarr/app/gatus.yaml
View File

@@ -1,26 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: bazarr-gatus-ep
namespace: default
labels:
gatus.io/enabled: "true"
data:
config.yaml: |
endpoints:
- name: bazarr
group: internal
url: 192.168.8.1
interval: 1m
ui:
hide-hostname: true
hide-url: true
dns:
query-name: bazarr.${SECRET_CLUSTER_DOMAIN}
query-type: A
conditions:
- "[BODY] == 192.168.169.101"
- "[DNS_RCODE] == NOERROR"
alerts:
- type: pushover

16
kubernetes/apps/default/bazarr/app/helmrelease.yaml
View File

@@ -40,7 +40,6 @@ spec:
fsGroupChangePolicy: OnRootMismatch
controllers:
main:
type: statefulset
annotations:
reloader.stakater.com/auto: "true"
initContainers:
@@ -51,7 +50,7 @@ spec:
tag: 16
envFrom: &envFrom
- secretRef:
name: atuin-secret
name: bazarr-secret
containers:
main:
image:
@@ -76,14 +75,6 @@ spec:
- --branch=master
- --wait=86400 # 1 day
- --root=/add-ons
statefulset:
volumeClaimTemplates:
- name: config
accessMode: ReadWriteOnce
size: 1Gi
storageClass: rook-ceph-block
globalMounts:
- path: /config
service:
main:
ports:
@@ -111,6 +102,11 @@ spec:
- hosts:
- *host
persistence:
config:
enabled: true
existingClaim: *app
globalMounts:
- path: /config
add-ons:
enabled: true
type: emptyDir

6
kubernetes/apps/default/bazarr/app/kustomization.yaml
View File

@@ -5,12 +5,14 @@ kind: Kustomization
namespace: default
resources:
- ./externalsecret.yaml
- ./gatus.yaml
- ./helmrelease.yaml
- ./volsync.yaml
- ../../../../templates/gatus/guarded
- ../../../../templates/volsync
configMapGenerator:
- name: bazarr-scripts
files:
- post-process.sh=./scripts/post-process.sh
configurations:
- ./patches/kustomizeconfig.yaml
generatorOptions:
disableNameSuffixHash: true

48
kubernetes/apps/default/bazarr/app/volsync.yaml
View File

@@ -1,48 +0,0 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: bazarr-restic
namespace: default
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: bazarr-restic-secret
template:
engineVersion: v2
data:
RESTIC_REPOSITORY: '{{ .REPOSITORY_TEMPLATE }}/bazarr'
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
dataFrom:
- extract:
key: volsync-restic-template
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/volsync.backube/replicationsource_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: bazarr
namespace: default
spec:
sourcePVC: config-bazarr-0
trigger:
schedule: "0 7 * * *"
restic:
copyMethod: Snapshot
pruneIntervalDays: 7
repository: bazarr-restic-secret
cacheCapacity: 10Gi
volumeSnapshotClassName: csi-ceph-blockpool
storageClassName: rook-ceph-block
moverSecurityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
retain:
daily: 7
within: 3d

17
kubernetes/apps/default/bazarr/ks.yaml
View File

@@ -3,17 +3,26 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-bazarr-app
name: &app bazarr
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
dependsOn:
- name: cluster-apps-external-secrets-stores
- name: cluster-apps-volsync-app
- name: external-secrets-stores
- name: volsync
path: ./kubernetes/apps/default/bazarr/app
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
wait: false
interval: 30m
retryInterval: 1m
timeout: 3m
timeout: 5m
postBuild:
substitute:
APP: *app
VOLSYNC_CAPACITY: 2Gi

26
kubernetes/apps/default/calibre/app/gatus.yaml
View File

@@ -1,26 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: calibre-gatus-ep
namespace: default
labels:
gatus.io/enabled: "true"
data:
config.yaml: |
endpoints:
- name: calibre
group: internal
url: 192.168.8.1
interval: 1m
ui:
hide-hostname: true
hide-url: true
dns:
query-name: calibre.${SECRET_CLUSTER_DOMAIN}
query-type: A
conditions:
- "[BODY] == 192.168.169.101"
- "[DNS_RCODE] == NOERROR"
alerts:
- type: pushover

14
kubernetes/apps/default/calibre/app/helmrelease.yaml
View File

@@ -29,7 +29,6 @@ spec:
values:
controllers:
main:
type: statefulset
containers:
main:
image:
@@ -45,14 +44,6 @@ spec:
memory: 324M
limits:
memory: 604M
statefulset:
volumeClaimTemplates:
- name: config
accessMode: ReadWriteOnce
size: 1Gi
storageClass: rook-ceph-block
globalMounts:
- path: /config
service:
main:
ports:
@@ -80,6 +71,11 @@ spec:
- hosts:
- *host
persistence:
config:
enabled: true
existingClaim: *app
globalMounts:
- path: /config
books:
enabled: true
type: nfs

4
kubernetes/apps/default/calibre/app/kustomization.yaml
View File

@@ -4,6 +4,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: default
resources:
- ./gatus.yaml
- ./helmrelease.yaml
- ./volsync.yaml
- ../../../../templates/gatus/guarded
- ../../../../templates/volsync

47
kubernetes/apps/default/calibre/app/volsync.yaml
View File

@@ -1,47 +0,0 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: calibre-restic
namespace: default
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: calibre-restic-secret
template:
engineVersion: v2
data:
RESTIC_REPOSITORY: '{{ .REPOSITORY_TEMPLATE }}/calibre'
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
dataFrom:
- extract:
key: volsync-restic-template
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/volsync.backube/replicationsource_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: calibre
namespace: default
spec:
sourcePVC: config-calibre-0
trigger:
schedule: "0 7 * * *"
restic:
copyMethod: Snapshot
pruneIntervalDays: 7
repository: calibre-restic-secret
cacheCapacity: 10Gi
volumeSnapshotClassName: csi-ceph-blockpool
storageClassName: rook-ceph-block
moverSecurityContext:
runAsUser: 1026
runAsGroup: 1000
retain:
daily: 7
within: 3d

19
kubernetes/apps/default/calibre/ks.yaml
View File

@@ -3,18 +3,27 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-calibre
name: &app calibre
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
dependsOn:
- name: cluster-apps-external-secrets-stores
- name: cluster-apps-rook-ceph-cluster
- name: cluster-apps-volsync-app
- name: external-secrets-stores
- name: rook-ceph-cluster
- name: volsync
path: ./kubernetes/apps/default/calibre/app
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
wait: false
interval: 30m
retryInterval: 1m
timeout: 3m
timeout: 5m
postBuild:
substitute:
APP: *app
VOLSYNC_CAPACITY: 2Gi

16
kubernetes/apps/default/emqx/ks.yaml
View File

@@ -3,17 +3,25 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-emqx-app
name: &app emqx
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
dependsOn:
- name: cluster-apps-rook-ceph-cluster
- name: cluster-apps-external-secrets-stores
- name: rook-ceph-cluster
- name: external-secrets-stores
path: ./kubernetes/apps/default/emqx/app
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
wait: false
interval: 30m
retryInterval: 1m
timeout: 3m
timeout: 5m
postBuild:
substitute:
APP: *app

26
kubernetes/apps/default/flood/app/gatus.yaml
View File

@@ -1,26 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: flood-gatus-ep
namespace: default
labels:
gatus.io/enabled: "true"
data:
config.yaml: |
endpoints:
- name: flood
group: internal
url: 192.168.8.1
interval: 1m
ui:
hide-hostname: true
hide-url: true
dns:
query-name: flood.${SECRET_CLUSTER_DOMAIN}
query-type: A
conditions:
- "[BODY] == 192.168.169.101"
- "[DNS_RCODE] == NOERROR"
alerts:
- type: pushover

15
kubernetes/apps/default/flood/app/helmrelease.yaml
View File

@@ -35,7 +35,6 @@ spec:
fsGroupChangePolicy: "OnRootMismatch"
controllers:
main:
type: statefulset
annotations:
reloader.stakater.com/auto: "true"
containers:
@@ -56,14 +55,6 @@ spec:
cpu: 15m
limits:
memory: 512Mi
statefulset:
volumeClaimTemplates:
- name: config
accessMode: ReadWriteOnce
size: 50Gi
storageClass: rook-ceph-block
globalMounts:
- path: /data
service:
main:
ports:
@@ -90,3 +81,9 @@ spec:
tls:
- hosts:
- *host
persistence:
config:
enabled: true
existingClaim: *app
globalMounts:
- path: /data

4
kubernetes/apps/default/flood/app/kustomization.yaml
View File

@@ -5,6 +5,6 @@ kind: Kustomization
namespace: default
resources:
- ./externalsecret.yaml
- ./gatus.yaml
- ./helmrelease.yaml
- ./volsync.yaml
- ../../../../templates/gatus/guarded
- ../../../../templates/volsync

48
kubernetes/apps/default/flood/app/volsync.yaml
View File

@@ -1,48 +0,0 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: flood-restic
namespace: default
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: flood-restic-secret
template:
engineVersion: v2
data:
RESTIC_REPOSITORY: '{{ .REPOSITORY_TEMPLATE }}/flood'
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
dataFrom:
- extract:
key: volsync-restic-template
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/volsync.backube/replicationsource_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: flood
namespace: default
spec:
sourcePVC: config-flood-0
trigger:
schedule: "0 7 * * *"
restic:
copyMethod: Snapshot
pruneIntervalDays: 7
repository: flood-restic-secret
cacheCapacity: 10Gi
volumeSnapshotClassName: csi-ceph-blockpool
storageClassName: rook-ceph-block
moverSecurityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
retain:
daily: 7
within: 3d

19
kubernetes/apps/default/flood/ks.yaml
View File

@@ -3,18 +3,27 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-flood-app
name: &app flood
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
dependsOn:
- name: cluster-apps-external-secrets-stores
- name: cluster-apps-qbittorrent-app
- name: cluster-apps-volsync-app
- name: external-secrets-stores
- name: qbittorrent
- name: volsync
path: ./kubernetes/apps/default/flood/app
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
wait: false
interval: 30m
retryInterval: 1m
timeout: 3m
timeout: 5m
postBuild:
substitute:
APP: *app
VOLSYNC_CAPACITY: 2Gi

22
kubernetes/apps/default/freshrss/app/gatus.yaml
View File

@@ -1,22 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: freshrss-gatus-ep
namespace: default
labels:
gatus.io/enabled: "true"
data:
config.yaml: |
endpoints:
- name: freshrss
group: internal
url: https://freshrss.${SECRET_CLUSTER_DOMAIN}/i/
interval: 1m
client:
insecure: true
conditions:
- "[STATUS] == 200"
alerts:
- type: pushover

15
kubernetes/apps/default/freshrss/app/helmrelease.yaml
View File

@@ -29,7 +29,6 @@ spec:
values:
controllers:
main:
type: statefulset
annotations:
reloader.stakater.com/auto: "true"
initContainers:
@@ -54,14 +53,6 @@ spec:
requests:
cpu: 50m
memory: 256Mi
statefulset:
volumeClaimTemplates:
- name: config
accessMode: ReadWriteOnce
size: 1Gi
storageClass: rook-ceph-block
globalMounts:
- path: /var/www/FreshRSS/data
service:
main:
ports:
@@ -83,3 +74,9 @@ spec:
tls:
- hosts:
- *host
persistence:
config:
enabled: true
existingClaim: *app
globalMounts:
- path: /var/www/FreshRSS/data

4
kubernetes/apps/default/freshrss/app/kustomization.yaml
View File

@@ -5,6 +5,6 @@ kind: Kustomization
namespace: default
resources:
- ./externalsecret.yaml
- ./gatus.yaml
- ./helmrelease.yaml
- ./volsync.yaml
- ../../../../templates/gatus/external
- ../../../../templates/volsync

44
kubernetes/apps/default/freshrss/app/volsync.yaml
View File

@@ -1,44 +0,0 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: freshrss-restic
namespace: default
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: freshrss-restic-secret
template:
engineVersion: v2
data:
RESTIC_REPOSITORY: '{{ .REPOSITORY_TEMPLATE }}/freshrss'
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
dataFrom:
- extract:
key: volsync-restic-template
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/volsync.backube/replicationsource_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: freshrss
namespace: default
spec:
sourcePVC: config-freshrss-0
trigger:
schedule: "0 7 * * *"
restic:
copyMethod: Snapshot
pruneIntervalDays: 7
repository: freshrss-restic-secret
cacheCapacity: 10Gi
volumeSnapshotClassName: csi-ceph-blockpool
storageClassName: rook-ceph-block
retain:
daily: 7
within: 3d

17
kubernetes/apps/default/freshrss/ks.yaml
View File

@@ -3,17 +3,26 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-freshrss
name: &app freshrss
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/apps/default/freshrss/app
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
dependsOn:
- name: cluster-apps-external-secrets-stores
- name: cluster-apps-volsync-app
- name: external-secrets-stores
- name: volsync
wait: false
interval: 30m
retryInterval: 1m
timeout: 3m
timeout: 5m
postBuild:
substitute:
APP: *app
VOLSYNC_CAPACITY: 2Gi

47
kubernetes/apps/default/frigate/app/gatus.yaml
View File

@@ -1,47 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: frigate-gatus-ep
namespace: default
labels:
gatus.io/enabled: "true"
data:
config.yaml: |
endpoints:
- name: frigate
group: internal
url: 192.168.8.1
interval: 1m
ui:
hide-hostname: true
hide-url: true
dns:
query-name: frigate.${SECRET_CLUSTER_DOMAIN}
query-type: A
conditions:
- "[BODY] == 192.168.169.101"
- "[DNS_RCODE] == NOERROR"
alerts:
- type: pushover
---
apiVersion: v1
kind: ConfigMap
metadata:
name: frigate-cam-01-bedroom-gatus-ep
namespace: default
labels:
gatus.io/enabled: "true"
data:
config.yaml: |
endpoints:
- name: cam-01-bedroom
group: cameras
url: https://cam-01-bedroom.${SECRET_DOMAIN}
interval: 5m
client:
insecure: true
conditions:
- "[STATUS] == 200"
alerts:
- type: pushover

20
kubernetes/apps/default/frigate/app/helmrelease.yaml
View File

@@ -3,7 +3,7 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: frigate
name: &app frigate
namespace: default
spec:
interval: 30m
@@ -41,7 +41,6 @@ spec:
intel.feature.node.kubernetes.io/gpu: "true"
controllers:
main:
type: statefulset
annotations:
reloader.stakater.com/auto: "true"
containers:
@@ -80,14 +79,6 @@ spec:
gpu.intel.com/i915: 1
securityContext:
privileged: true
statefulset:
volumeClaimTemplates:
- name: config
accessMode: ReadWriteOnce
size: 5Gi
storageClass: rook-ceph-block
globalMounts:
- path: /data
service:
main:
type: LoadBalancer
@@ -121,12 +112,19 @@ spec:
- hosts:
- *host
persistence:
config:
enabled: true
existingClaim: *app
globalMounts:
- path: /data
config-file:
type: configMap
name: frigate-configmap
readOnly: true
globalMounts:
- path: /config
- path: /config/config.yml
subPath: config.yml
readOnly: true
media:
type: nfs
server: "${LOCAL_LAN_TRUENAS}"

4
kubernetes/apps/default/frigate/app/kustomization.yaml
View File

@@ -5,9 +5,9 @@ kind: Kustomization
namespace: default
resources:
- ./externalsecret.yaml
- ./gatus.yaml
- ./helmrelease.yaml
- ./volsync.yaml
- ../../../../templates/gatus/guarded
- ../../../../templates/volsync
configMapGenerator:
- name: frigate-configmap
files:

48
kubernetes/apps/default/frigate/app/volsync.yaml
View File

@@ -1,48 +0,0 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: frigate-restic
namespace: default
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: frigate-restic-secret
template:
engineVersion: v2
data:
RESTIC_REPOSITORY: '{{ .REPOSITORY_TEMPLATE }}/frigate'
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
dataFrom:
- extract:
key: volsync-restic-template
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/volsync.backube/replicationsource_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: frigate
namespace: default
spec:
sourcePVC: config-frigate-0
trigger:
schedule: "0 7 * * *"
restic:
copyMethod: Snapshot
pruneIntervalDays: 7
repository: frigate-restic-secret
cacheCapacity: 10Gi
volumeSnapshotClassName: csi-ceph-blockpool
storageClassName: rook-ceph-block
moverSecurityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
retain:
daily: 7
within: 3d

14
kubernetes/apps/default/frigate/ks.yaml
View File

@@ -3,12 +3,16 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-frigate
name: &app frigate
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
dependsOn:
- name: cluster-apps-external-secrets-stores
- name: cluster-apps-node-feature-discovery-rules
- name: external-secrets-stores
- name: node-feature-discovery-rules
path: ./kubernetes/apps/default/frigate/app
prune: true
sourceRef:
@@ -18,3 +22,7 @@ spec:
interval: 30m
retryInterval: 1m
timeout: 5m
postBuild:
substitute:
APP: *app
VOLSYNC_CAPACITY: 5Gi

22
kubernetes/apps/default/ghostfolio/app/gatus.yaml
View File

@@ -1,22 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ghostfolio-gatus-ep
namespace: default
labels:
gatus.io/enabled: "true"
data:
config.yaml: |
endpoints:
- name: ghostfolio
group: internal
url: https://portfolio.${SECRET_CLUSTER_DOMAIN}
interval: 1m
client:
insecure: true
conditions:
- "[STATUS] == 200"
alerts:
- type: pushover

2
kubernetes/apps/default/ghostfolio/app/helmrelease.yaml
View File

@@ -68,7 +68,7 @@ spec:
annotations:
hajimari.io/icon: mdi:cash-multiple
hosts:
- host: &host "portfolio.${SECRET_CLUSTER_DOMAIN}"
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
paths:
- path: /
service:

2
kubernetes/apps/default/ghostfolio/app/kustomization.yaml
View File

@@ -5,5 +5,5 @@ kind: Kustomization
namespace: default
resources:
- ./externalsecret.yaml
- ./gatus.yaml
- ./helmrelease.yaml
- ../../../../templates/gatus/guarded

31
kubernetes/apps/default/ghostfolio/ks.yaml
View File

@@ -3,32 +3,49 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-ghostfolio
name: &app ghostfolio
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/apps/default/ghostfolio/app
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
dependsOn:
- name: cluster-apps-external-secrets-stores
- name: cluster-apps-ghostfolio-redis
- name: external-secrets-stores
- name: ghostfolio-redis
wait: false
interval: 30m
retryInterval: 1m
timeout: 3m
timeout: 5m
postBuild:
substitute:
APP: *app
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-ghostfolio-redis
name: ghostfolio-redis
namespace: flux-system
spec:
interval: 10m
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: &app ghostfolio
path: ./kubernetes/apps/default/ghostfolio/redis
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
wait: false # no flux ks dependents
wait: false
interval: 30m
retryInterval: 1m
timeout: 5m
postBuild:
substitute:
APP: *app

12
kubernetes/apps/default/hajimari/ks.yaml
View File

@@ -3,14 +3,22 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-hajimari
name: &app hajimari
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/apps/default/hajimari/app
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
wait: false
interval: 30m
retryInterval: 1m
timeout: 3m
timeout: 5m
postBuild:
substitute:
APP: *app
GATUS_SUBDOMAIN: apps

22
kubernetes/apps/default/home-assistant/app/gatus.yaml
View File

@@ -1,22 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: home-assistant-gatus-ep
namespace: default
labels:
gatus.io/enabled: "true"
data:
config.yaml: |
endpoints:
- name: home-assistant
group: internal
url: https://hass.${SECRET_CLUSTER_DOMAIN}
interval: 1m
client:
insecure: true
conditions:
- "[STATUS] == 200"
alerts:
- type: pushover

14
kubernetes/apps/default/home-assistant/app/helmrelease.yaml
View File

@@ -37,7 +37,6 @@ spec:
nodo.feature.node.kubernetes.io/rflink: "true"
controllers:
main:
type: statefulset
annotations:
reloader.stakater.com/auto: "true"
initContainers:
@@ -73,14 +72,6 @@ spec:
memory: 1Gi
securityContext:
privileged: true
statefulset:
volumeClaimTemplates:
- name: config
accessMode: ReadWriteOnce
size: 10Gi
storageClass: rook-ceph-block
globalMounts:
- path: /config
service:
main:
type: LoadBalancer
@@ -106,6 +97,11 @@ spec:
- hosts:
- *host
persistence:
config:
enabled: true
existingClaim: *app
globalMounts:
- path: /config
usb:
enabled: true
type: hostPath

10
kubernetes/apps/default/home-assistant/app/kustomization.yaml
View File

@@ -3,8 +3,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: default
resources:
- ./externalsecret.yaml
- ./gatus.yaml
- ./helmrelease.yaml
- ./podmonitor.yaml
- ./volsync.yaml
- ./externalsecret.yaml
- ./helmrelease.yaml
- ./podmonitor.yaml
- ../../../../templates/gatus/guarded
- ../../../../templates/volsync

48
kubernetes/apps/default/home-assistant/app/volsync.yaml
View File

@@ -1,48 +0,0 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: home-assistant-restic
namespace: default
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: home-assistant-restic-secret
template:
engineVersion: v2
data:
RESTIC_REPOSITORY: '{{ .REPOSITORY_TEMPLATE }}/home-assistant'
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
dataFrom:
- extract:
key: volsync-restic-template
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/volsync.backube/replicationsource_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: home-assistant
namespace: default
spec:
sourcePVC: config-home-assistant-0
trigger:
schedule: "0 7 * * *"
restic:
copyMethod: Snapshot
pruneIntervalDays: 7
repository: home-assistant-restic-secret
cacheCapacity: 10Gi
volumeSnapshotClassName: csi-ceph-blockpool
storageClassName: rook-ceph-block
moverSecurityContext:
runAsUser: 0
runAsGroup: 0
fsGroup: 0
retain:
daily: 7
within: 3d

22
kubernetes/apps/default/home-assistant/code/gatus.yaml
View File

@@ -1,22 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: hass-code-gatus-ep
namespace: default
labels:
gatus.io/enabled: "true"
data:
config.yaml: |
endpoints:
- name: hass-code
group: internal
url: https://hass-code.${SECRET_CLUSTER_DOMAIN}
interval: 1m
client:
insecure: true
conditions:
- "[STATUS] == 200"
alerts:
- type: pushover

2
kubernetes/apps/default/home-assistant/code/kustomization.yaml
View File

@@ -4,5 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: default
resources:
- ./gatus.yaml
- ./helmrelease.yaml
- ../../../../templates/gatus/guarded

28
kubernetes/apps/default/home-assistant/ks.yaml
View File

@@ -3,12 +3,16 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-home-assistant-app
name: &app home-assistant
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
dependsOn:
- name: cluster-apps-external-secrets-stores
- name: cluster-apps-volsync-app
- name: external-secrets-stores
- name: volsync
path: ./kubernetes/apps/default/home-assistant/app
prune: true
sourceRef:
@@ -18,14 +22,26 @@ spec:
interval: 30m
retryInterval: 1m
timeout: 5m
postBuild:
substitute:
APP: *app
GATUS_SUBDOMAIN: hass
VOLSYNC_CAPACITY: 5Gi
VOLSYNC_ACCESSMODES: ReadWriteMany
VOLSYNC_STORAGECLASS: rook-ceph-filesystem
VOLSYNC_SNAPSHOTCLASS: csi-ceph-filesystem
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-home-assistant-code
name: home-assistant-code
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: &app home-assistant
path: ./kubernetes/apps/default/home-assistant/code
prune: true
sourceRef:
@@ -35,3 +51,7 @@ spec:
interval: 30m
retryInterval: 1m
timeout: 5m
postBuild:
substitute:
APP: *app
GATUS_SUBDOMAIN: hass-code

22
kubernetes/apps/default/homebox/app/gatus.yaml
View File

@@ -1,22 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: homebox-gatus-ep
namespace: default
labels:
gatus.io/enabled: "true"
data:
config.yaml: |
endpoints:
- name: homebox
group: internal
url: https://homebox.${SECRET_CLUSTER_DOMAIN}
interval: 1m
client:
insecure: true
conditions:
- "[STATUS] == 200"
alerts:
- type: pushover

15
kubernetes/apps/default/homebox/app/helmrelease.yaml
View File

@@ -29,7 +29,6 @@ spec:
values:
controllers:
main:
type: statefulset
containers:
main:
image:
@@ -46,14 +45,6 @@ spec:
memory: 52M
limits:
memory: 256M
statefulset:
volumeClaimTemplates:
- name: config
accessMode: ReadWriteOnce
size: 1Gi
storageClass: rook-ceph-block
globalMounts:
- path: /config
service:
main:
ports:
@@ -79,3 +70,9 @@ spec:
tls:
- hosts:
- *host
persistence:
config:
enabled: true
existingClaim: *app
globalMounts:
- path: /config

4
kubernetes/apps/default/homebox/app/kustomization.yaml
View File

@@ -4,6 +4,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: default
resources:
- ./gatus.yaml
- ./helmrelease.yaml
- ./volsync.yaml
- ../../../../templates/gatus/guarded
- ../../../../templates/volsync

44
kubernetes/apps/default/homebox/app/volsync.yaml
View File

@@ -1,44 +0,0 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: homebox-restic
namespace: default
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: homebox-restic-secret
template:
engineVersion: v2
data:
RESTIC_REPOSITORY: '{{ .REPOSITORY_TEMPLATE }}/homebox'
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
dataFrom:
- extract:
key: volsync-restic-template
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/volsync.backube/replicationsource_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: homebox
namespace: default
spec:
sourcePVC: config-homebox-0
trigger:
schedule: "0 7 * * *"
restic:
copyMethod: Snapshot
pruneIntervalDays: 7
repository: homebox-restic-secret
cacheCapacity: 10Gi
volumeSnapshotClassName: csi-ceph-blockpool
storageClassName: rook-ceph-block
retain:
daily: 7
within: 3d

13
kubernetes/apps/default/homebox/ks.yaml
View File

@@ -3,14 +3,23 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-homebox
name: &app homebox
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/apps/default/homebox/app
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
wait: false
interval: 30m
retryInterval: 1m
timeout: 3m
timeout: 5m
postBuild:
substitute:
APP: *app
VOLSYNC_CAPACITY: 2Gi

42
kubernetes/apps/default/homelab/ks.yaml
View File

@@ -3,52 +3,76 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-homelab-minio
name: &app homelab-minio
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/apps/default/homelab/minio
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
dependsOn:
- name: cluster-apps-external-secrets-stores
- name: external-secrets-stores
wait: false
interval: 30m
retryInterval: 1m
timeout: 3m
timeout: 5m
postBuild:
substitute:
APP: *app
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-homelab-opnsense
name: &app homelab-opnsense
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/apps/default/homelab/opnsense
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
dependsOn:
- name: cluster-apps-external-secrets-stores
- name: external-secrets-stores
wait: false
interval: 30m
retryInterval: 1m
timeout: 3m
timeout: 5m
postBuild:
substitute:
APP: *app
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-homelab-truenas
name: &app homelab-truenas
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/apps/default/homelab/truenas
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
dependsOn:
- name: cluster-apps-external-secrets-stores
- name: external-secrets-stores
wait: false
interval: 30m
retryInterval: 1m
timeout: 3m
timeout: 5m
postBuild:
substitute:
APP: *app

22
kubernetes/apps/default/immich/app/gatus.yaml
View File

@@ -1,22 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: immich-gatus-ep
namespace: default
labels:
gatus.io/enabled: "true"
data:
config.yaml: |
endpoints:
- name: immich
group: internal
url: https://photos.${SECRET_CLUSTER_DOMAIN}/auth/login
interval: 1m
client:
insecure: true
conditions:
- "[STATUS] == 200"
alerts:
- type: pushover

4
kubernetes/apps/default/immich/app/kustomization.yaml
View File

@@ -6,10 +6,10 @@ namespace: default
resources:
- ./configmap.yaml
- ./externalsecret.yaml
- ./gatus.yaml
- ./microservices
- ./machine-learning
- ./server
- ./typesense
- ./volsync.yaml
- ./volumes.yaml
- ../../../../templates/gatus/external
- ../../../../templates/volsync

3
kubernetes/apps/default/immich/app/typesense/helmrelease.yaml
View File

@@ -32,7 +32,6 @@ spec:
enableServiceLinks: false
controllers:
main:
type: statefulset
strategy: RollingUpdate
annotations:
configmap.reloader.stakater.com/reload: &configMap immich-configmap
@@ -84,6 +83,6 @@ spec:
config:
enabled: true
type: persistentVolumeClaim
existingClaim: immich-config
existingClaim: immich
globalMounts:
- path: /config

65
kubernetes/apps/default/immich/app/volsync.yaml
View File

@@ -1,65 +0,0 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: immich-restic
namespace: default
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: immich-restic-secret
template:
engineVersion: v2
data:
RESTIC_REPOSITORY: '{{ .REPOSITORY_TEMPLATE }}/immich'
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
dataFrom:
- extract:
key: volsync-restic-template
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/volsync.backube/replicationsource_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: immich-config
namespace: default
spec:
sourcePVC: immich-config
trigger:
schedule: "0 7 * * *"
restic:
copyMethod: Snapshot
pruneIntervalDays: 7
repository: immich-restic-secret
cacheCapacity: 10Gi
volumeSnapshotClassName: csi-ceph-blockpool
storageClassName: rook-ceph-block
retain:
daily: 7
within: 3d
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/volsync.backube/replicationsource_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: immich-machine-learning-cache
namespace: default
spec:
sourcePVC: immich-machine-learning-cache
trigger:
schedule: "0 7 * * *"
restic:
copyMethod: Snapshot
pruneIntervalDays: 7
repository: immich-restic-secret
cacheCapacity: 10Gi
volumeSnapshotClassName: csi-ceph-blockpool
storageClassName: rook-ceph-block
retain:
daily: 7
within: 3d

16
kubernetes/apps/default/immich/app/volumes.yaml
View File

@@ -30,22 +30,6 @@ spec:
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: immich-config
namespace: default
labels:
app.kubernetes.io/name: &name immich
app.kubernetes.io/instance: *name
spec:
accessModes:
- ReadWriteOnce
storageClassName: rook-ceph-block
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: immich-machine-learning-cache
namespace: default

31
kubernetes/apps/default/immich/ks.yaml
View File

@@ -3,32 +3,51 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-immich-app
name: &app immich
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
dependsOn:
- name: cluster-apps-external-secrets-stores
- name: external-secrets-stores
path: ./kubernetes/apps/default/immich/app
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
wait: false # no flux ks dependents
wait: false
interval: 30m
retryInterval: 1m
timeout: 5m
postBuild:
substitute:
APP: *app
GATUS_SUBDOMAIN: photos
VOLSYNC_CAPACITY: 2Gi
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-immich-redis
name: immich-redis
namespace: flux-system
spec:
interval: 10m
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: &app immich
path: ./kubernetes/apps/default/immich/redis
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
wait: false # no flux ks dependents
wait: false
interval: 30m
retryInterval: 1m
timeout: 5m
postBuild:
substitute:
APP: *app
VOLSYNC_CAPACITY: 2Gi

22
kubernetes/apps/default/invidious/app/gatus.yaml
View File

@@ -1,22 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: invidious-gatus-ep
namespace: default
labels:
gatus.io/enabled: "true"
data:
config.yaml: |
endpoints:
- name: invidious
group: external
url: https://invidious.${SECRET_CLUSTER_DOMAIN}
interval: 1m
client:
dns-resolver: tcp://1.1.1.1:53
insecure: true
conditions:
- "[STATUS] == 200"
alerts:
- type: pushover

2
kubernetes/apps/default/invidious/app/kustomization.yaml
View File

@@ -5,5 +5,5 @@ kind: Kustomization
namespace: default
resources:
- ./externalsecret.yaml
- ./gatus.yaml
- ./helmrelease.yaml
- ../../../../templates/gatus/guarded

14
kubernetes/apps/default/invidious/ks.yaml
View File

@@ -3,16 +3,24 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-invidious
name: &app invidious
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/apps/default/invidious/app
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
dependsOn:
- name: cluster-apps-external-secrets-stores
- name: external-secrets-stores
wait: false
interval: 30m
retryInterval: 1m
timeout: 3m
timeout: 5m
postBuild:
substitute:
APP: *app

21
kubernetes/apps/default/jellyfin/app/gatus.yaml
View File

@@ -1,21 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: jellyfin-gatus-ep
namespace: default
labels:
gatus.io/enabled: "true"
data:
config.yaml: |
endpoints:
- name: jellyfin
group: internal
url: https://jellyfin.${SECRET_CLUSTER_DOMAIN}/web/index.html
interval: 1m
client:
insecure: true
conditions:
- "[STATUS] == 200"
alerts:
- type: pushover

14
kubernetes/apps/default/jellyfin/app/helmrelease.yaml
View File

@@ -38,7 +38,6 @@ spec:
fsGroupChangePolicy: OnRootMismatch
controllers:
main:
type: statefulset
annotations:
reloader.stakater.com/auto: "true"
containers:
@@ -75,14 +74,6 @@ spec:
limits:
gpu.intel.com/i915: 1
memory: 4Gi
statefulset:
volumeClaimTemplates:
- name: config
accessMode: ReadWriteOnce
size: 50Gi
storageClass: rook-ceph-block
globalMounts:
- path: /config
service:
main:
type: LoadBalancer
@@ -108,6 +99,11 @@ spec:
- hosts:
- *host
persistence:
config:
enabled: true
existingClaim: *app
globalMounts:
- path: /config
music:
enabled: true
type: nfs

4
kubernetes/apps/default/jellyfin/app/kustomization.yaml
View File

@@ -4,6 +4,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: default
resources:
- ./gatus.yaml
- ./helmrelease.yaml
- ./volsync.yaml
- ../../../../templates/gatus/external
- ../../../../templates/volsync

48
kubernetes/apps/default/jellyfin/app/volsync.yaml
View File

@@ -1,48 +0,0 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: jellyfin-restic
namespace: default
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: jellyfin-restic-secret
template:
engineVersion: v2
data:
RESTIC_REPOSITORY: '{{ .REPOSITORY_TEMPLATE }}/jellyfin'
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
dataFrom:
- extract:
key: volsync-restic-template
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/volsync.backube/replicationsource_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: jellyfin
namespace: default
spec:
sourcePVC: config-jellyfin-0
trigger:
schedule: "0 7 * * *"
restic:
copyMethod: Snapshot
pruneIntervalDays: 7
repository: jellyfin-restic-secret
cacheCapacity: 10Gi
volumeSnapshotClassName: csi-ceph-blockpool
storageClassName: rook-ceph-block
moverSecurityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
retain:
daily: 7
within: 3d

19
kubernetes/apps/default/jellyfin/ks.yaml
View File

@@ -3,18 +3,27 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-jellyfin-app
name: &app jellyfin
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
dependsOn:
- name: cluster-apps-rook-ceph-cluster
- name: cluster-apps-external-secrets-stores
- name: cluster-apps-volsync-app
- name: rook-ceph-cluster
- name: external-secrets-stores
- name: volsync
path: ./kubernetes/apps/default/jellyfin/app
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
wait: false
interval: 30m
retryInterval: 1m
timeout: 3m
timeout: 5m
postBuild:
substitute:
APP: *app
VOLSYNC_CAPACITY: 20Gi

22
kubernetes/apps/default/joplin/app/gatus.yaml
View File

@@ -1,22 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: joplin-gatus-ep
namespace: default
labels:
gatus.io/enabled: "true"
data:
config.yaml: |
endpoints:
- name: joplin
group: external
url: https://joplin.${SECRET_CLUSTER_DOMAIN}
interval: 1m
client:
dns-resolver: tcp://1.1.1.1:53
insecure: true
conditions:
- "[STATUS] == 200"
alerts:
- type: pushover

2
kubernetes/apps/default/joplin/app/kustomization.yaml
View File

@@ -5,5 +5,5 @@ kind: Kustomization
namespace: default
resources:
- ./externalsecret.yaml
- ./gatus.yaml
- ./helmrelease.yaml
- ../../../../templates/gatus/external

14
kubernetes/apps/default/joplin/ks.yaml
View File

@@ -3,16 +3,24 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-joplin
name: &app joplin
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/apps/default/joplin/app
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
dependsOn:
- name: cluster-apps-external-secrets-stores
- name: external-secrets-stores
wait: false
interval: 30m
retryInterval: 1m
timeout: 3m
timeout: 5m
postBuild:
substitute:
APP: *app

24
kubernetes/apps/default/komf/app/helmrelease.yaml
View File

@@ -31,7 +31,6 @@ spec:
values:
controllers:
main:
type: statefulset
annotations:
reloader.stakater.com/auto: "true"
containers:
@@ -51,27 +50,22 @@ spec:
cpu: 15m
limits:
memory: 4282M
statefulset:
volumeClaimTemplates:
- name: config
accessMode: ReadWriteOnce
size: 1Gi
storageClass: rook-ceph-block
globalMounts:
- path: /config
service:
main:
ports:
http:
port: 8085
persistence:
config:
enabled: true
existingClaim: *app
globalMounts:
- path: /config
configmap:
enabled: true
type: configMap
name: komf-configmap
advancedMounts:
main:
main:
- path: /config/application.yml
readOnly: true
subPath: application.yml
globalMounts:
- path: /config/application.yml
readOnly: true
subPath: application.yml

2
kubernetes/apps/default/komf/app/kustomization.yaml
View File

@@ -6,7 +6,7 @@ namespace: default
resources:
- ./externalsecret.yaml
- ./helmrelease.yaml
- ./volsync.yaml
- ../../../../templates/volsync
configMapGenerator:
- name: komf-configmap
files:

44
kubernetes/apps/default/komf/app/volsync.yaml
View File

@@ -1,44 +0,0 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: komf-restic
namespace: default
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: komf-restic-secret
template:
engineVersion: v2
data:
RESTIC_REPOSITORY: '{{ .REPOSITORY_TEMPLATE }}/komf'
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
dataFrom:
- extract:
key: volsync-restic-template
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/volsync.backube/replicationsource_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: komf
namespace: default
spec:
sourcePVC: config-komf-0
trigger:
schedule: "0 7 * * *"
restic:
copyMethod: Snapshot
pruneIntervalDays: 7
repository: komf-restic-secret
cacheCapacity: 10Gi
volumeSnapshotClassName: csi-ceph-blockpool
storageClassName: rook-ceph-block
retain:
daily: 7
within: 3d

19
kubernetes/apps/default/komf/ks.yaml
View File

@@ -3,18 +3,27 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-komf
name: &app komf
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
dependsOn:
- name: cluster-apps-external-secrets-stores
- name: cluster-apps-rook-ceph-cluster
- name: cluster-apps-volsync-app
- name: external-secrets-stores
- name: rook-ceph-cluster
- name: volsync
path: ./kubernetes/apps/default/komf/app
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
wait: false
interval: 30m
retryInterval: 1m
timeout: 3m
timeout: 5m
postBuild:
substitute:
APP: *app
VOLSYNC_CAPACITY: 2Gi

22
kubernetes/apps/default/komga/app/gatus.yaml
View File

@@ -1,22 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: komga-gatus-ep
namespace: default
labels:
gatus.io/enabled: "true"
data:
config.yaml: |
endpoints:
- name: komga
group: internal
url: https://komga.${SECRET_CLUSTER_DOMAIN}
interval: 1m
client:
insecure: true
conditions:
- "[STATUS] == 200"
alerts:
- type: pushover

14
kubernetes/apps/default/komga/app/helmrelease.yaml
View File

@@ -29,7 +29,6 @@ spec:
values:
controllers:
main:
type: statefulset
containers:
main:
image:
@@ -44,14 +43,6 @@ spec:
cpu: 15m
limits:
memory: 4282M
statefulset:
volumeClaimTemplates:
- name: config
accessMode: ReadWriteOnce
size: 20Gi
storageClass: rook-ceph-block
globalMounts:
- path: /config
service:
main:
ports:
@@ -74,6 +65,11 @@ spec:
- hosts:
- *host
persistence:
config:
enabled: true
existingClaim: *app
globalMounts:
- path: /config
comics:
type: nfs
server: "${LOCAL_LAN_TRUENAS}"

4
kubernetes/apps/default/komga/app/kustomization.yaml
View File

@@ -4,6 +4,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: default
resources:
- ./gatus.yaml
- ./helmrelease.yaml
- ./volsync.yaml
- ../../../../templates/gatus/guarded
- ../../../../templates/volsync

48
kubernetes/apps/default/komga/app/volsync.yaml
View File

@@ -1,48 +0,0 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: komga-restic
namespace: default
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: komga-restic-secret
template:
engineVersion: v2
data:
RESTIC_REPOSITORY: '{{ .REPOSITORY_TEMPLATE }}/komga'
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
dataFrom:
- extract:
key: volsync-restic-template
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/volsync.backube/replicationsource_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: komga
namespace: default
spec:
sourcePVC: config-komga-0
trigger:
schedule: "0 7 * * *"
restic:
copyMethod: Snapshot
pruneIntervalDays: 7
repository: komga-restic-secret
cacheCapacity: 10Gi
volumeSnapshotClassName: csi-ceph-blockpool
storageClassName: rook-ceph-block
moverSecurityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
retain:
daily: 7
within: 3d

19
kubernetes/apps/default/komga/ks.yaml
View File

@@ -3,18 +3,27 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-komga
name: &app komga
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
dependsOn:
- name: cluster-apps-external-secrets-stores
- name: cluster-apps-rook-ceph-cluster
- name: cluster-apps-volsync-app
- name: external-secrets-stores
- name: rook-ceph-cluster
- name: volsync
path: ./kubernetes/apps/default/komga/app
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
wait: false
interval: 30m
retryInterval: 1m
timeout: 3m
timeout: 5m
postBuild:
substitute:
APP: *app
VOLSYNC_CAPACITY: 2Gi

26
kubernetes/apps/default/kresus/app/gatus.yaml
View File

@@ -1,26 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: kresus-gatus-ep
namespace: default
labels:
gatus.io/enabled: "true"
data:
config.yaml: |
endpoints:
- name: kresus
group: internal
url: 192.168.8.1
interval: 1m
ui:
hide-hostname: true
hide-url: true
dns:
query-name: cash.${SECRET_CLUSTER_DOMAIN}
query-type: A
conditions:
- "[BODY] == 192.168.169.101"
- "[DNS_RCODE] == NOERROR"
alerts:
- type: pushover

14
kubernetes/apps/default/kresus/app/helmrelease.yaml
View File

@@ -35,7 +35,6 @@ spec:
fsGroupChangePolicy: OnRootMismatch
controllers:
main:
type: statefulset
annotations:
reloader.stakater.com/auto: "true"
initContainers:
@@ -71,14 +70,6 @@ spec:
requests:
cpu: 100m
memory: 256Mi
statefulset:
volumeClaimTemplates:
- name: config
accessMode: ReadWriteOnce
size: 1Gi
storageClass: rook-ceph-block
globalMounts:
- path: /config
service:
main:
ports:
@@ -106,6 +97,11 @@ spec:
- hosts:
- *host
persistence:
config:
enabled: true
existingClaim: *app
globalMounts:
- path: /config
woob:
enabled: true
type: emptyDir

4
kubernetes/apps/default/kresus/app/kustomization.yaml
View File

@@ -5,6 +5,6 @@ kind: Kustomization
namespace: default
resources:
- ./externalsecret.yaml
- ./gatus.yaml
- ./helmrelease.yaml
- ./volsync.yaml
- ../../../../templates/gatus/guarded
- ../../../../templates/volsync

48
kubernetes/apps/default/kresus/app/volsync.yaml
View File

@@ -1,48 +0,0 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: kresus-restic
namespace: default
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: kresus-restic-secret
template:
engineVersion: v2
data:
RESTIC_REPOSITORY: '{{ .REPOSITORY_TEMPLATE }}/kresus'
RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}'
AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
dataFrom:
- extract:
key: volsync-restic-template
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/volsync.backube/replicationsource_v1alpha1.json
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: kresus
namespace: default
spec:
sourcePVC: config-kresus-0
trigger:
schedule: "0 7 * * *"
restic:
copyMethod: Snapshot
pruneIntervalDays: 7
repository: kresus-restic-secret
cacheCapacity: 10Gi
volumeSnapshotClassName: csi-ceph-blockpool
storageClassName: rook-ceph-block
moverSecurityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
retain:
daily: 7
within: 3d

17
kubernetes/apps/default/kresus/ks.yaml
View File

@@ -3,17 +3,26 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-kresus
name: &app kresus
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/apps/default/kresus/app
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
dependsOn:
- name: cluster-apps-external-secrets-stores
- name: cluster-apps-volsync-app
- name: external-secrets-stores
- name: volsync
wait: false
interval: 30m
retryInterval: 1m
timeout: 3m
timeout: 5m
postBuild:
substitute:
APP: *app
VOLSYNC_CAPACITY: 2Gi

22
kubernetes/apps/default/libmedium/app/gatus.yaml
View File

@@ -1,22 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: libmedium-gatus-ep
namespace: default
labels:
gatus.io/enabled: "true"
data:
config.yaml: |
endpoints:
- name: libmedium
group: external
url: https://libmedium.${SECRET_CLUSTER_DOMAIN}
interval: 1m
client:
dns-resolver: tcp://1.1.1.1:53
insecure: true
conditions:
- "[STATUS] == 200"
alerts:
- type: pushover

3
kubernetes/apps/default/libmedium/app/kustomization.yaml
View File

@@ -4,12 +4,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: default
resources:
- ./gatus.yaml
- ./helmrelease.yaml
- ../../../../templates/gatus/guarded
configMapGenerator:
- name: libmedium-configmap
files:
- config.toml=./config/config.toml
generatorOptions:
disableNameSuffixHash: true

18
kubernetes/apps/default/libmedium/ks.yaml
View File

@@ -3,16 +3,26 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-libmedium
name: &app libmedium
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/apps/default/libmedium/app
dependsOn:
- name: external-secrets-stores
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
dependsOn:
- name: cluster-apps-external-secrets-stores
wait: false
interval: 30m
retryInterval: 1m
timeout: 3m
timeout: 5m
postBuild:
substitute:
APP: *app
VOLSYNC_CAPACITY: 2Gi

22
kubernetes/apps/default/libreddit/app/gatus.yaml
View File

@@ -1,22 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: invidious-gatus-ep
namespace: default
labels:
gatus.io/enabled: "true"
data:
config.yaml: |
endpoints:
- name: invidious
group: external
url: https://invidious.${SECRET_CLUSTER_DOMAIN}
interval: 1m
client:
dns-resolver: tcp://1.1.1.1:53
insecure: true
conditions:
- "[STATUS] == 200"
alerts:
- type: pushover

2
kubernetes/apps/default/libreddit/app/kustomization.yaml
View File

@@ -4,5 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: default
resources:
- ./gatus.yaml
- ./helmrelease.yaml
- ../../../../templates/gatus/guarded

12
kubernetes/apps/default/libreddit/ks.yaml
View File

@@ -3,14 +3,22 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-libreddit
name: &app libreddit
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/apps/default/libreddit/app
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
wait: false
interval: 30m
retryInterval: 1m
timeout: 3m
timeout: 5m
postBuild:
substitute:
APP: *app

26
kubernetes/apps/default/lidarr/app/gatus.yaml
View File

@@ -1,26 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: lidarr-gatus-ep
namespace: default
labels:
gatus.io/enabled: "true"
data:
config.yaml: |
endpoints:
- name: lidarr
group: internal
url: 192.168.8.1
interval: 1m
ui:
hide-hostname: true
hide-url: true
dns:
query-name: lidarr.${SECRET_CLUSTER_DOMAIN}
query-type: A
conditions:
- "[BODY] == 192.168.169.101"
- "[DNS_RCODE] == NOERROR"
alerts:
- type: pushover

4
kubernetes/apps/default/lidarr/app/helmrelease.yaml
View File

@@ -97,7 +97,9 @@ spec:
persistence:
config:
enabled: true
type: emptyDir
existingClaim: *app
globalMounts:
- path: /config
music:
type: nfs
server: "${LOCAL_LAN_TRUENAS}"

3
kubernetes/apps/default/lidarr/app/kustomization.yaml
View File

@@ -5,8 +5,9 @@ kind: Kustomization
namespace: default
resources:
- ./externalsecret.yaml
- ./gatus.yaml
- ./helmrelease.yaml
- ../../../../templates/gatus/guarded
- ../../../../templates/volsync
configMapGenerator:
- name: lidarr-pushover
files:

20
kubernetes/apps/default/lidarr/ks.yaml
View File

@@ -3,18 +3,28 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-lidarr-app
name: &app lidarr
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
dependsOn:
- name: cluster-apps-external-secrets-stores
- name: cluster-apps-rook-ceph-cluster
- name: cluster-apps-volsync-app
- name: external-secrets-stores
- name: rook-ceph-cluster
- name: volsync
path: ./kubernetes/apps/default/lidarr/app
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
wait: false
interval: 30m
retryInterval: 1m
timeout: 3m
timeout: 5m
postBuild:
substitute:
APP: *app
VOLSYNC_CAPACITY: 20Gi

22
kubernetes/apps/default/linkding/app/gatus.yaml
View File

@@ -1,22 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: linkding-gatus-ep
namespace: default
labels:
gatus.io/enabled: "true"
data:
config.yaml: |
endpoints:
- name: linkding
group: internal
url: https://links.${SECRET_CLUSTER_DOMAIN}
interval: 1m
client:
insecure: true
conditions:
- "[STATUS] == 200"
alerts:
- type: pushover

2
kubernetes/apps/default/linkding/app/kustomization.yaml
View File

@@ -5,5 +5,5 @@ kind: Kustomization
namespace: default
resources:
- ./externalsecret.yaml
- ./gatus.yaml
- ./helmrelease.yaml
- ../../../../templates/gatus/guarded

14
kubernetes/apps/default/linkding/ks.yaml
View File

@@ -3,16 +3,24 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-linkding
name: &app linkding
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/apps/default/linkding/app
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
dependsOn:
- name: cluster-apps-external-secrets-stores
- name: external-secrets-stores
wait: false
interval: 30m
retryInterval: 1m
timeout: 3m
timeout: 5m
postBuild:
substitute:
APP: *app

21
kubernetes/apps/default/lldap/app/gatus.yaml
View File

@@ -1,21 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: lldap-gatus-ep
namespace: default
labels:
gatus.io/enabled: "true"
data:
config.yaml: |
endpoints:
- name: lldap
group: internal
url: https://lldap.${SECRET_CLUSTER_DOMAIN}
interval: 1m
client:
insecure: true
conditions:
- "[STATUS] == 200"
alerts:
- type: pushover

2
kubernetes/apps/default/lldap/app/kustomization.yaml
View File

@@ -5,5 +5,5 @@ kind: Kustomization
namespace: default
resources:
- ./externalsecret.yaml
- ./gatus.yaml
- ./helmrelease.yaml
- ../../../../templates/gatus/guarded

11
kubernetes/apps/default/lldap/ks.yaml
View File

@@ -3,15 +3,22 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-lldap
name: &app lldap
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/apps/default/lldap/app
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
wait: true
wait: false
interval: 30m
retryInterval: 1m
timeout: 5m
postBuild:
substitute:
APP: *app

26
kubernetes/apps/default/lms/app/gatus.yaml
View File

@@ -1,26 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: lms-gatus-ep
namespace: default
labels:
gatus.io/enabled: "true"
data:
config.yaml: |
endpoints:
- name: lms
group: internal
url: 192.168.8.1
interval: 1m
ui:
hide-hostname: true
hide-url: true
dns:
query-name: lms.${SECRET_CLUSTER_DOMAIN}
query-type: A
conditions:
- "[BODY] == 192.168.169.101"
- "[DNS_RCODE] == NOERROR"
alerts:
- type: pushover

14
kubernetes/apps/default/lms/app/helmrelease.yaml
View File

@@ -29,7 +29,6 @@ spec:
values:
controllers:
main:
type: statefulset
annotations:
reloader.stakater.com/auto: "true"
containers:
@@ -46,14 +45,6 @@ spec:
cpu: 15m
limits:
memory: 4096Mi
statefulset:
volumeClaimTemplates:
- name: config
accessMode: ReadWriteOnce
size: 10Gi
storageClass: rook-ceph-block
globalMounts:
- path: /srv/squeezebox
service:
main:
type: LoadBalancer
@@ -91,6 +82,11 @@ spec:
- hosts:
- *host
persistence:
config:
enabled: true
existingClaim: *app
globalMounts:
- path: /srv/squeezebox
music:
type: nfs
server: "${LOCAL_LAN_TRUENAS}"

Some files were not shown because too many files have changed in this diff Show More