From e7db09f87f3b960ac601270c7c230411ac75ee62 Mon Sep 17 00:00:00 2001
From: auricom <27022259+auricom@users.noreply.github.com>
Date: Fri, 30 Dec 2022 04:29:45 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=A9=B9=20bootstrap?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../VolSync/ReplicationDestination.tmpl.yaml  |  2 +-
 .../cloudnative-pg/cluster/cluster.yaml       | 36 +++++++++----------
 .../apps/default/drone/app/kustomization.yaml |  1 -
 .../kubernetes-secrets/kustomization.yaml     |  1 +
 .../secret.sops.yaml                          |  0
 .../default/tandoor/app/kustomization.yaml    |  1 +
 .../apps/default/unifi/replicationsource.yaml | 23 ++++++++++++
 .../apps/kube-system/kustomization.yaml       |  2 +-
 kubernetes/apps/kustomization.yaml            | 17 +++++----
 .../monitoring/kube-prometheus-stack/ks.yaml  |  1 +
 kubernetes/apps/monitoring/kustomization.yaml |  8 ++---
 kubernetes/apps/monitoring/thanos/ks.yaml     |  2 +-
 kubernetes/apps/rook-ceph/namespace.yaml      |  1 -
 .../trivy-system/kustomization.yaml           |  0
 .../trivy-system/namespace.yaml               |  0
 .../trivy-operator/app/helmrelease.yaml       |  0
 .../trivy-operator/app/kustomization.yaml     |  0
 .../trivy-system/trivy-operator/ks.yaml       |  0
 kubernetes/flux/config/flux.yaml              | 17 +++++++++
 19 files changed, 76 insertions(+), 36 deletions(-)
 rename kubernetes/apps/default/drone/{app => kubernetes-secrets}/secret.sops.yaml (100%)
 create mode 100644 kubernetes/apps/default/unifi/replicationsource.yaml
 rename kubernetes/{apps => archive}/trivy-system/kustomization.yaml (100%)
 rename kubernetes/{apps => archive}/trivy-system/namespace.yaml (100%)
 rename kubernetes/{apps => archive}/trivy-system/trivy-operator/app/helmrelease.yaml (100%)
 rename kubernetes/{apps => archive}/trivy-system/trivy-operator/app/kustomization.yaml (100%)
 rename kubernetes/{apps => archive}/trivy-system/trivy-operator/ks.yaml (100%)

diff --git a/.taskfiles/VolSync/ReplicationDestination.tmpl.yaml b/.taskfiles/VolSync/ReplicationDestination.tmpl.yaml
index 2e0fbcc0e..359132522 100644
--- a/.taskfiles/VolSync/ReplicationDestination.tmpl.yaml
+++ b/.taskfiles/VolSync/ReplicationDestination.tmpl.yaml
@@ -17,4 +17,4 @@ spec:
     #   from a application that started with default data in the PVC.
     #   Do not restore snapshots made after the following RFC3339 Timestamp.
     #   date --rfc-3339=seconds (--utc)
-    # restoreAsOf: "2022-12-10T16:00:00-05:00"
+    restoreAsOf: "2022-12-29T01:00:00-05:00"
diff --git a/kubernetes/apps/default/cloudnative-pg/cluster/cluster.yaml b/kubernetes/apps/default/cloudnative-pg/cluster/cluster.yaml
index efc5060c1..0b297101c 100644
--- a/kubernetes/apps/default/cloudnative-pg/cluster/cluster.yaml
+++ b/kubernetes/apps/default/cloudnative-pg/cluster/cluster.yaml
@@ -24,7 +24,7 @@ spec:
         maxParallel: 8
       destinationPath: s3://postgresql/
       endpointURL: https://truenas.${SECRET_DOMAIN}:51515
-      serverName: postgres-v4
+      serverName: postgres-v5
       s3Credentials:
         accessKeyId:
           name: postgres-minio
@@ -32,20 +32,20 @@ spec:
         secretAccessKey:
           name: postgres-minio
           key: MINIO_SECRET_KEY
-  # bootstrap:
-  #   recovery:
-  #     source: postgres
-  # externalClusters:
-  #   - name: postgres
-  #     barmanObjectStore:
-  #       destinationPath: s3://postgresql/
-  #       endpointURL: https://truenas.${SECRET_DOMAIN}:51515
-  #       s3Credentials:
-  #         accessKeyId:
-  #           name: postgres-minio
-  #           key: MINIO_ACCESS_KEY
-  #         secretAccessKey:
-  #           name: postgres-minio
-  #           key: MINIO_SECRET_KEY
-  #       wal:
-  #         maxParallel: 8
+  bootstrap:
+    recovery:
+      source: postgres-v4
+  externalClusters:
+    - name: postgres-v4
+      barmanObjectStore:
+        destinationPath: s3://postgresql/
+        endpointURL: https://truenas.${SECRET_DOMAIN}:51515
+        s3Credentials:
+          accessKeyId:
+            name: postgres-minio
+            key: MINIO_ACCESS_KEY
+          secretAccessKey:
+            name: postgres-minio
+            key: MINIO_SECRET_KEY
+        wal:
+          maxParallel: 8
diff --git a/kubernetes/apps/default/drone/app/kustomization.yaml b/kubernetes/apps/default/drone/app/kustomization.yaml
index 174d4b6e6..5b48b4e26 100644
--- a/kubernetes/apps/default/drone/app/kustomization.yaml
+++ b/kubernetes/apps/default/drone/app/kustomization.yaml
@@ -5,4 +5,3 @@ kind: Kustomization
 namespace: default
 resources:
   - ./helmrelease.yaml
-  - ./secret.sops.yaml
diff --git a/kubernetes/apps/default/drone/kubernetes-secrets/kustomization.yaml b/kubernetes/apps/default/drone/kubernetes-secrets/kustomization.yaml
index 5b48b4e26..174d4b6e6 100644
--- a/kubernetes/apps/default/drone/kubernetes-secrets/kustomization.yaml
+++ b/kubernetes/apps/default/drone/kubernetes-secrets/kustomization.yaml
@@ -5,3 +5,4 @@ kind: Kustomization
 namespace: default
 resources:
   - ./helmrelease.yaml
+  - ./secret.sops.yaml
diff --git a/kubernetes/apps/default/drone/app/secret.sops.yaml b/kubernetes/apps/default/drone/kubernetes-secrets/secret.sops.yaml
similarity index 100%
rename from kubernetes/apps/default/drone/app/secret.sops.yaml
rename to kubernetes/apps/default/drone/kubernetes-secrets/secret.sops.yaml
diff --git a/kubernetes/apps/default/tandoor/app/kustomization.yaml b/kubernetes/apps/default/tandoor/app/kustomization.yaml
index 153b4bb48..c3d118f86 100644
--- a/kubernetes/apps/default/tandoor/app/kustomization.yaml
+++ b/kubernetes/apps/default/tandoor/app/kustomization.yaml
@@ -4,6 +4,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: default
 resources:
+  - ./backups
   - ./helmrelease.yaml
   - ./secret.sops.yaml
   - ./volume.yaml
diff --git a/kubernetes/apps/default/unifi/replicationsource.yaml b/kubernetes/apps/default/unifi/replicationsource.yaml
new file mode 100644
index 000000000..62722a2e3
--- /dev/null
+++ b/kubernetes/apps/default/unifi/replicationsource.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/replicationsource_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+  name: unifi
+  namespace: default
+spec:
+  sourcePVC: unifi-config
+  trigger:
+    schedule: "0 0 * * *"
+  restic:
+    copyMethod: Snapshot
+    pruneIntervalDays: 10
+    repository: bazarr-restic-secret
+    cacheCapacity: 2Gi
+    volumeSnapshotClassName: csi-ceph-blockpool
+    storageClassName: rook-ceph-block
+    retain:
+      hourly: 0
+      daily: 10
+      weekly: 0
+      monthly: 0
diff --git a/kubernetes/apps/kube-system/kustomization.yaml b/kubernetes/apps/kube-system/kustomization.yaml
index b5f7b806c..5e95d30fe 100644
--- a/kubernetes/apps/kube-system/kustomization.yaml
+++ b/kubernetes/apps/kube-system/kustomization.yaml
@@ -9,7 +9,7 @@ resources:
   - ./cilium/ks.yaml
   - ./descheduler/ks.yaml
   - ./intel-gpu/ks.yaml
-  - ./kubelet-csr-approver/ks.yaml
+  # - ./kubelet-csr-approver/ks.yaml
   - ./metrics-server/ks.yaml
   - ./node-feature-discovery/ks.yaml
   - ./reloader/ks.yaml
diff --git a/kubernetes/apps/kustomization.yaml b/kubernetes/apps/kustomization.yaml
index f69a62f4b..8c2e35882 100644
--- a/kubernetes/apps/kustomization.yaml
+++ b/kubernetes/apps/kustomization.yaml
@@ -3,13 +3,12 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  # - ./cert-manager
-  # - ./default
-  # - ./flux-system
-  # - ./kube-system
-  # - ./kyverno
-  # - ./monitoring
-  # - ./networking
+  - ./cert-manager
+  - ./default
+  - ./flux-system
+  - ./kube-system
+  - ./kyverno
+  - ./monitoring
+  - ./networking
   - ./rook-ceph
-  # - ./trivy-system
-  # - ./volsync
+  - ./volsync
diff --git a/kubernetes/apps/monitoring/kube-prometheus-stack/ks.yaml b/kubernetes/apps/monitoring/kube-prometheus-stack/ks.yaml
index dcda91adf..922e9359f 100644
--- a/kubernetes/apps/monitoring/kube-prometheus-stack/ks.yaml
+++ b/kubernetes/apps/monitoring/kube-prometheus-stack/ks.yaml
@@ -10,6 +10,7 @@ metadata:
 spec:
   dependsOn:
     - name: cluster-apps-rook-ceph-cluster
+    - name: cluster-apps-thanos-app
   path: ./kubernetes/apps/monitoring/kube-prometheus-stack/app
   prune: true
   sourceRef:
diff --git a/kubernetes/apps/monitoring/kustomization.yaml b/kubernetes/apps/monitoring/kustomization.yaml
index f0877510d..ad14c50a9 100644
--- a/kubernetes/apps/monitoring/kustomization.yaml
+++ b/kubernetes/apps/monitoring/kustomization.yaml
@@ -6,9 +6,9 @@ resources:
   # Pre Flux-Kustomizations
   - ./namespace.yaml
   # Flux-Kustomizations
-  - ./grafana/ks.yaml
+  # - ./grafana/ks.yaml
   - ./kube-prometheus-stack/ks.yaml
-  - ./loki/ks.yaml
-  - ./smartctl-exporter/ks.yaml
+  # - ./loki/ks.yaml
+  # - ./smartctl-exporter/ks.yaml
   - ./thanos/ks.yaml
-  - ./vector/ks.yaml
+  # - ./vector/ks.yaml
diff --git a/kubernetes/apps/monitoring/thanos/ks.yaml b/kubernetes/apps/monitoring/thanos/ks.yaml
index 0b990411c..6733e5425 100644
--- a/kubernetes/apps/monitoring/thanos/ks.yaml
+++ b/kubernetes/apps/monitoring/thanos/ks.yaml
@@ -9,7 +9,7 @@ metadata:
     substitution.flux.home.arpa/enabled: "true"
 spec:
   dependsOn:
-    - name: cluster-apps-kube-prometheus-stack-app
+    - name: cluster-apps-rook-ceph-cluster
   path: ./kubernetes/apps/monitoring/thanos/app
   prune: true
   sourceRef:
diff --git a/kubernetes/apps/rook-ceph/namespace.yaml b/kubernetes/apps/rook-ceph/namespace.yaml
index dea2828b2..930522bab 100644
--- a/kubernetes/apps/rook-ceph/namespace.yaml
+++ b/kubernetes/apps/rook-ceph/namespace.yaml
@@ -6,4 +6,3 @@ metadata:
   labels:
     kustomize.toolkit.fluxcd.io/prune: disabled
     pod-security.kubernetes.io/enforce: privileged
-    pod-security.kubernetes.io/enforce-version: latest
diff --git a/kubernetes/apps/trivy-system/kustomization.yaml b/kubernetes/archive/trivy-system/kustomization.yaml
similarity index 100%
rename from kubernetes/apps/trivy-system/kustomization.yaml
rename to kubernetes/archive/trivy-system/kustomization.yaml
diff --git a/kubernetes/apps/trivy-system/namespace.yaml b/kubernetes/archive/trivy-system/namespace.yaml
similarity index 100%
rename from kubernetes/apps/trivy-system/namespace.yaml
rename to kubernetes/archive/trivy-system/namespace.yaml
diff --git a/kubernetes/apps/trivy-system/trivy-operator/app/helmrelease.yaml b/kubernetes/archive/trivy-system/trivy-operator/app/helmrelease.yaml
similarity index 100%
rename from kubernetes/apps/trivy-system/trivy-operator/app/helmrelease.yaml
rename to kubernetes/archive/trivy-system/trivy-operator/app/helmrelease.yaml
diff --git a/kubernetes/apps/trivy-system/trivy-operator/app/kustomization.yaml b/kubernetes/archive/trivy-system/trivy-operator/app/kustomization.yaml
similarity index 100%
rename from kubernetes/apps/trivy-system/trivy-operator/app/kustomization.yaml
rename to kubernetes/archive/trivy-system/trivy-operator/app/kustomization.yaml
diff --git a/kubernetes/apps/trivy-system/trivy-operator/ks.yaml b/kubernetes/archive/trivy-system/trivy-operator/ks.yaml
similarity index 100%
rename from kubernetes/apps/trivy-system/trivy-operator/ks.yaml
rename to kubernetes/archive/trivy-system/trivy-operator/ks.yaml
diff --git a/kubernetes/flux/config/flux.yaml b/kubernetes/flux/config/flux.yaml
index f34f93628..1233f4200 100644
--- a/kubernetes/flux/config/flux.yaml
+++ b/kubernetes/flux/config/flux.yaml
@@ -46,3 +46,20 @@ spec:
       target:
         kind: Deployment
         name: "(kustomize-controller|helm-controller|source-controller)"
+    - patch: |
+        apiVersion: v1
+        kind: Deployment
+        metadata:
+          name: helm-controller
+        spec:
+          template:
+            spec:
+              containers:
+                - name: manager
+                  resources:
+                    limits:
+                      memory:
+                      $patch: delete
+      target:
+        kind: Deployment
+        name: helm-controller