More scaffolding for homelab.
This commit is contained in:
parent
645ed81c88
commit
08ac08c6a8
50 changed files with 115 additions and 784 deletions
|
@ -9,7 +9,7 @@ exclude: |
|
|||
|
||||
repos:
|
||||
- repo: https://github.com/adrienverge/yamllint
|
||||
rev: v1.32.0
|
||||
rev: v1.33.0
|
||||
hooks:
|
||||
- id: yamllint
|
||||
args:
|
||||
|
|
12
.sops.yaml
12
.sops.yaml
|
@ -2,14 +2,14 @@
|
|||
creation_rules:
|
||||
- path_regex: kubernetes/.*\.sops\.ya?ml
|
||||
encrypted_regex: "^(data|stringData)$"
|
||||
# Valinor
|
||||
# Homelab
|
||||
age: >-
|
||||
age1g786w8t40g9y29l33rfd4jqlwhrgsxsc7ped6uju60k54j0q3enql3kfve
|
||||
age1eqlaq205y5jre9hu5hvulywa7w3d4qyxwmafneamxcn7nejesedsf4q9g6
|
||||
- path_regex: .*\.sops\.(env|ini|json|toml)
|
||||
# Valinor
|
||||
# Homelab
|
||||
age: >-
|
||||
age1g786w8t40g9y29l33rfd4jqlwhrgsxsc7ped6uju60k54j0q3enql3kfve
|
||||
age1eqlaq205y5jre9hu5hvulywa7w3d4qyxwmafneamxcn7nejesedsf4q9g6
|
||||
- path_regex: (ansible|terraform|talos)/.*\.sops\.ya?ml
|
||||
# Valinor
|
||||
# Homelab
|
||||
age: >-
|
||||
age1g786w8t40g9y29l33rfd4jqlwhrgsxsc7ped6uju60k54j0q3enql3kfve
|
||||
age1eqlaq205y5jre9hu5hvulywa7w3d4qyxwmafneamxcn7nejesedsf4q9g6
|
||||
|
|
|
@ -1,22 +0,0 @@
|
|||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: flow-schema-reader
|
||||
rules:
|
||||
- apiGroups: ["flowcontrol.apiserver.k8s.io"]
|
||||
resources: ["flowschemas", "prioritylevelconfigurations"]
|
||||
verbs: ["list", "watch"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: grant-flow-schema-permission
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: dnsimple-issuer-cert-manager-webhook-dnsimple
|
||||
namespace: cert-manager
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: flow-schema-reader
|
||||
apiGroup: rbac.authorization.k8s.io
|
|
@ -1,23 +0,0 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: dnsimple-api-token
|
||||
namespace: cert-manager
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: onepassword-connect
|
||||
target:
|
||||
name: dnsimple-api-token
|
||||
creationPolicy: Owner
|
||||
data:
|
||||
- secretKey: api-token
|
||||
remoteRef:
|
||||
key: DNSimple
|
||||
property: cert-manager
|
||||
- secretKey: letsencrypt-email
|
||||
remoteRef:
|
||||
key: DNSimple
|
||||
property: letsencrypt-email
|
|
@ -1,36 +0,0 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2beta2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: dnsimple-issuer
|
||||
namespace: cert-manager
|
||||
spec:
|
||||
interval: 30m
|
||||
chart:
|
||||
spec:
|
||||
chart: cert-manager-webhook-dnsimple
|
||||
version: 0.0.11
|
||||
interval: 30m
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: jahanson
|
||||
namespace: flux-system
|
||||
|
||||
values:
|
||||
controller:
|
||||
annotations:
|
||||
reloader.stakater.com/auto: "true"
|
||||
dnsimple:
|
||||
token:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dnsimple-api-token
|
||||
key: api-token
|
||||
clusterIssuer:
|
||||
email:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dnsimple-api-token
|
||||
key: letsencrypt-email
|
||||
containerport: 8443
|
|
@ -1,22 +0,0 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/cert-manager.io/clusterissuer_v1.json
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: letsencrypt-dnsimple-production
|
||||
spec:
|
||||
acme:
|
||||
email: "joe@veri.dev"
|
||||
preferredChain: ""
|
||||
privateKeySecretRef:
|
||||
name: letsencrypt-dnsimple-production
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
solvers:
|
||||
- dns01:
|
||||
webhook:
|
||||
config:
|
||||
tokenSecretRef:
|
||||
key: api-token
|
||||
name: dnsimple-api-token
|
||||
solverName: dnsimple
|
||||
groupName: acme.jahanson.com
|
|
@ -1,21 +0,0 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/cert-manager.io/clusterissuer_v1.json
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: letsencrypt-staging
|
||||
spec:
|
||||
acme:
|
||||
preferredChain: ""
|
||||
privateKeySecretRef:
|
||||
name: letsencrypt-staging
|
||||
server: https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
solvers:
|
||||
- dns01:
|
||||
webhook:
|
||||
config:
|
||||
tokenSecretRef:
|
||||
key: api-token
|
||||
name: dnsimple-api-token
|
||||
solverName: dnsimple
|
||||
groupName: acme.jahanson.com
|
|
@ -4,11 +4,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
|||
kind: Kustomization
|
||||
namespace: cert-manager
|
||||
resources:
|
||||
- ./dnsimple/externalsecret.yaml
|
||||
- ./dnsimple/issuer-letsencrypt-prod.yaml
|
||||
- ./dnsimple/issuer-letsencrypt-staging.yaml
|
||||
- ./dnsimple/dnsimple-issuer-rbac.yaml
|
||||
- ./dnsimple/helmrelease.yaml
|
||||
- ./cloudflare/externalsecret.yaml
|
||||
- ./cloudflare/issuer-letsencrypt-prod.yaml
|
||||
- ./cloudflare/issuer-letsencrypt-staging.yaml
|
||||
|
|
|
@ -11,7 +11,7 @@ spec:
|
|||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: valinor
|
||||
name: homelab
|
||||
wait: true
|
||||
---
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
||||
|
@ -26,7 +26,7 @@ spec:
|
|||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: valinor
|
||||
name: homelab
|
||||
wait: false
|
||||
dependsOn:
|
||||
- name: cluster-apps-cert-manager
|
||||
|
|
|
@ -12,7 +12,7 @@ spec:
|
|||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: valinor
|
||||
name: homelab
|
||||
wait: false
|
||||
interval: 30m
|
||||
retryInterval: 1m
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: rocky-nessa
|
||||
name: rocky-nenya
|
||||
namespace: default
|
||||
spec:
|
||||
nodeName: nessa
|
||||
nodeName: nenya
|
||||
containers:
|
||||
- name: rocky
|
||||
image: rockylinux:9
|
|
@ -1,20 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: rocky-nienna
|
||||
namespace: default
|
||||
spec:
|
||||
nodeName: nienna
|
||||
containers:
|
||||
- name: rocky
|
||||
image: rockylinux:9
|
||||
securityContext:
|
||||
privileged: true
|
||||
command: ["/bin/bash", "-c", "while true; do sleep 10; done"]
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 512Mi
|
||||
limits:
|
||||
cpu: 4000m
|
||||
memory: 4000Mi
|
|
@ -4,6 +4,7 @@ metadata:
|
|||
name: ubuntu
|
||||
namespace: default
|
||||
spec:
|
||||
nodeName: nenya
|
||||
containers:
|
||||
- name: ubuntu
|
||||
image: ubuntu:latest
|
|
@ -13,7 +13,7 @@ spec:
|
|||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: valinor
|
||||
name: homelab
|
||||
wait: true
|
||||
---
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
||||
|
@ -30,5 +30,5 @@ spec:
|
|||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: valinor
|
||||
name: homelab
|
||||
wait: true
|
||||
|
|
|
@ -27,7 +27,7 @@ spec:
|
|||
keepHistory: false
|
||||
values:
|
||||
cluster:
|
||||
name: valinor
|
||||
name: homelab
|
||||
id: 1
|
||||
hubble:
|
||||
relay:
|
||||
|
@ -35,7 +35,6 @@ spec:
|
|||
ui:
|
||||
enabled: true
|
||||
metrics:
|
||||
# enabled: "{dns,drop,tcp,flow,port-distribution,icmp,httpV2:exemplars=true;labelsContext=source_ip,source_namespace,source_workload,destination_ip,destination_namespace,destination_workload,traffic_direction}"
|
||||
enableOpenMetrics: true
|
||||
prometheus:
|
||||
enabled: true
|
||||
|
@ -50,26 +49,7 @@ spec:
|
|||
enabled: true # enable host policies
|
||||
extraConfig:
|
||||
allow-localhost: policy # enable policies for localhost
|
||||
|
||||
kubeProxyReplacement: true
|
||||
securityContext:
|
||||
capabilities:
|
||||
ciliumAgent:
|
||||
- CHOWN
|
||||
- KILL
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- IPC_LOCK
|
||||
- SYS_ADMIN
|
||||
- SYS_RESOURCE
|
||||
- DAC_OVERRIDE
|
||||
- FOWNER
|
||||
- SETGID
|
||||
- SETUID
|
||||
cleanCiliumState:
|
||||
- NET_ADMIN
|
||||
- SYS_ADMIN
|
||||
- SYS_RESOURCE
|
||||
k8sServiceHost: ${K8S_SERVICE_ENDPOINT}
|
||||
k8sServicePort: 6443
|
||||
rollOutCiliumPods: true
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: allow-ns-ingress
|
||||
spec:
|
||||
podSelector: {}
|
||||
ingress:
|
||||
- from:
|
||||
- podSelector: {}
|
|
@ -13,5 +13,5 @@ spec:
|
|||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: valinor
|
||||
name: homelab
|
||||
wait: false
|
||||
|
|
|
@ -7,5 +7,4 @@ resources:
|
|||
- ./namespace.yaml
|
||||
# Flux-Kustomizations
|
||||
- ./cilium/ks.yaml
|
||||
- ./hccm/ks.yaml
|
||||
- ./metrics-server/ks.yaml
|
||||
|
|
|
@ -13,5 +13,5 @@ spec:
|
|||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: valinor
|
||||
name: homelab
|
||||
wait: true
|
||||
|
|
|
@ -10,7 +10,7 @@ spec:
|
|||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: valinor
|
||||
name: homelab
|
||||
wait: true
|
||||
interval: 30m
|
||||
retryInterval: 1m
|
||||
|
@ -29,7 +29,7 @@ spec:
|
|||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: valinor
|
||||
name: homelab
|
||||
wait: false
|
||||
interval: 30m
|
||||
retryInterval: 1m
|
||||
|
|
|
@ -13,5 +13,5 @@ spec:
|
|||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: valinor
|
||||
name: homelab
|
||||
wait: true
|
||||
|
|
|
@ -1,19 +0,0 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: externaldns-valinor-social-secrets
|
||||
namespace: cert-manager
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: onepassword-connect
|
||||
target:
|
||||
name: externaldns-valinor-social-secrets
|
||||
creationPolicy: Owner
|
||||
data:
|
||||
- secretKey: dnsimple_api_token
|
||||
remoteRef:
|
||||
key: DNSimple
|
||||
property: external-dns
|
|
@ -1,70 +0,0 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2beta2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: &name externaldns-valinor-social
|
||||
namespace: network
|
||||
spec:
|
||||
interval: 30m
|
||||
chart:
|
||||
spec:
|
||||
chart: external-dns
|
||||
version: 1.13.1
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: kubernetes-sigs-external-dns
|
||||
namespace: flux-system
|
||||
interval: 30m
|
||||
|
||||
values:
|
||||
fullnameOverride: *name
|
||||
|
||||
domainFilters:
|
||||
- valinor.social
|
||||
|
||||
env:
|
||||
- name: DNSIMPLE_OAUTH
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: externaldns-valinor-social-secrets
|
||||
key: dnsimple_api_token
|
||||
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
|
||||
extraArgs:
|
||||
- --crd-source-apiversion=externaldns.k8s.io/v1alpha1
|
||||
- --crd-source-kind=DNSEndpoint
|
||||
- --annotation-filter=external-dns.alpha.kubernetes.io/target
|
||||
|
||||
podAnnotations:
|
||||
secret.reloader.stakater.com/reload: externaldns-valinor-social-secrets
|
||||
|
||||
policy: sync
|
||||
provider: dnsimple
|
||||
|
||||
resources:
|
||||
requests:
|
||||
cpu: 5m
|
||||
memory: 100Mi
|
||||
limits:
|
||||
memory: 100Mi
|
||||
|
||||
sources:
|
||||
- ingress
|
||||
- crd
|
||||
|
||||
txtPrefix: "k8s."
|
||||
|
||||
postRenderers:
|
||||
- kustomize:
|
||||
patches:
|
||||
- target:
|
||||
version: v1
|
||||
kind: Deployment
|
||||
name: *name
|
||||
patch: |
|
||||
- op: add
|
||||
path: /spec/template/spec/enableServiceLinks
|
||||
value: false
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: network
|
||||
resources:
|
||||
- ./helmrelease.yaml
|
||||
- ./externalsecret.yaml
|
|
@ -13,45 +13,7 @@ spec:
|
|||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: valinor
|
||||
wait: true
|
||||
dependsOn:
|
||||
- name: cluster-apps-external-secrets-stores
|
||||
---
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: cluster-apps-externaldns-valinor-social
|
||||
namespace: flux-system
|
||||
labels:
|
||||
substitution.flux.home.arpa/enabled: "true"
|
||||
spec:
|
||||
interval: 10m
|
||||
path: "./kubernetes/apps/network/external-dns/app/valinor-social"
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: valinor
|
||||
wait: true
|
||||
dependsOn:
|
||||
- name: cluster-apps-external-secrets-stores
|
||||
---
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: cluster-apps-externaldns-shared
|
||||
namespace: flux-system
|
||||
labels:
|
||||
substitution.flux.home.arpa/enabled: "true"
|
||||
spec:
|
||||
interval: 10m
|
||||
path: "./kubernetes/apps/network/external-dns/app/shared"
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: valinor
|
||||
name: homelab
|
||||
wait: true
|
||||
dependsOn:
|
||||
- name: cluster-apps-external-secrets-stores
|
||||
|
|
|
@ -10,10 +10,11 @@ spec:
|
|||
kind: ClusterSecretStore
|
||||
name: onepassword-connect
|
||||
target:
|
||||
name: nginx-ingress-secrets
|
||||
creationPolicy: Owner
|
||||
data:
|
||||
- secretKey: nginx-ingress-bouncer-apikey
|
||||
remoteRef:
|
||||
key: Crowdsec
|
||||
property: nginx-ingress-bouncer
|
||||
name: nginx-external-maxmind-secret
|
||||
template:
|
||||
engineVersion: v2
|
||||
data:
|
||||
MAXMIND_LICENSE_KEY: "{{ .homelab_nginx }}"
|
||||
dataFrom:
|
||||
- extract:
|
||||
key: maxmind
|
|
@ -15,6 +15,11 @@ spec:
|
|||
name: ingress-nginx
|
||||
namespace: flux-system
|
||||
interval: 30m
|
||||
valuesFrom:
|
||||
- targetPath: controller.maxmindLicenseKey
|
||||
kind: Secret
|
||||
name: nginx-external-maxmind-secret
|
||||
valuesKey: MAXMIND_LICENSE_KEY
|
||||
values:
|
||||
controller:
|
||||
replicaCount: 2
|
||||
|
@ -26,10 +31,8 @@ spec:
|
|||
enabled: true
|
||||
type: LoadBalancer
|
||||
annotations:
|
||||
load-balancer.hetzner.cloud/location: fsn1
|
||||
load-balancer.hetzner.cloud/protocol: tcp
|
||||
load-balancer.hetzner.cloud/name: hsn-nginx
|
||||
load-balancer.hetzner.cloud/uses-proxyprotocol: true
|
||||
external-dns.alpha.kubernetes.io/hostname: external.hsn.dev
|
||||
io.cilium/lb-ipam-ips: 10.45.0.2
|
||||
|
||||
publishService:
|
||||
enabled: true
|
||||
|
@ -43,27 +46,33 @@ spec:
|
|||
any: true
|
||||
|
||||
ingressClassResource:
|
||||
name: hsn-nginx
|
||||
name: external
|
||||
default: true
|
||||
|
||||
config:
|
||||
block-user-agents: "GPTBot,~*GPTBot*,ChatGPT-User,~*ChatGPT-User*,Google-Extended,~*Google-Extended*,CCBot,~*CCBot*,Omgilibot,~*Omgilibot*,FacebookBot,~*FacebookBot*" # taken from https://github.com/superseriousbusiness/gotosocial/blob/main/internal/web/robots.go
|
||||
client-header-timeout: 120
|
||||
client-body-buffer-size: "100M"
|
||||
client-body-buffer-size: 100M
|
||||
client-body-timeout: 120
|
||||
client-header-timeout: 120
|
||||
enable-brotli: "true"
|
||||
enable-ocsp: "true"
|
||||
enable-real-ip: "true"
|
||||
use-proxy-protocol: "true"
|
||||
hide-headers: Server,X-Powered-By
|
||||
hsts-max-age: "31449600"
|
||||
keep-alive: 120
|
||||
hsts-max-age: 31449600
|
||||
keep-alive-requests: 10000
|
||||
keep-alive: 120
|
||||
log-format-escape-json: "true"
|
||||
log-format-upstream: >
|
||||
{"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forwarded_for": "$proxy_add_x_forwarded_for",
|
||||
"request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time,
|
||||
"status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args",
|
||||
"request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer",
|
||||
"http_user_agent": "$http_user_agent", "country_code": "$geoip2_city_country_code", "country_name": "$geoip2_city_country_name"}
|
||||
proxy-body-size: 0
|
||||
proxy-buffer-size: "16k"
|
||||
ssl-protocols: "TLSv1.3 TLSv1.2"
|
||||
proxy-buffer-size: 16k
|
||||
ssl-protocols: TLSv1.3 TLSv1.2
|
||||
use-geoip2: true
|
||||
use-forwarded-headers: "true"
|
||||
|
||||
extraArgs:
|
||||
default-ssl-certificate: "network/hsn-dev-tls"
|
||||
|
||||
|
@ -75,24 +84,10 @@ spec:
|
|||
matchLabels:
|
||||
app.kubernetes.io/instance: ingress-nginx-hsn
|
||||
app.kubernetes.io/component: controller
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchExpressions:
|
||||
- key: app.kubernetes.io/component
|
||||
operator: In
|
||||
values:
|
||||
- controller
|
||||
- key: app.kubernetes.io/instance
|
||||
operator: In
|
||||
values:
|
||||
- ingress-nginx-hsn
|
||||
topologyKey: kubernetes.io/hostname
|
||||
|
||||
resources:
|
||||
requests:
|
||||
cpu: 23m
|
||||
cpu: 100m
|
||||
memory: 381M
|
||||
|
||||
defaultBackend:
|
|
@ -3,17 +3,17 @@
|
|||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: cluster-apps-ingress-nginx
|
||||
name: cluster-apps-ingress-nginx-external
|
||||
namespace: flux-system
|
||||
labels:
|
||||
substitution.flux.home.arpa/enabled: "true"
|
||||
spec:
|
||||
interval: 10m
|
||||
path: "./kubernetes/apps/network/ingress-nginx/app"
|
||||
path: "./kubernetes/apps/network/ingress-nginx/external"
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: valinor
|
||||
name: homelab
|
||||
wait: true
|
||||
dependsOn:
|
||||
- name: cluster-apps-cert-manager-issuers
|
||||
|
@ -32,7 +32,7 @@ spec:
|
|||
# prune: true
|
||||
# sourceRef:
|
||||
# kind: GitRepository
|
||||
# name: valinor
|
||||
# name: homelab
|
||||
# wait: true
|
||||
# dependsOn:
|
||||
# - name: cluster-apps-cert-manager-issuers
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/cert-manager.io/certificate_v1.json
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: "valinor-social"
|
||||
namespace: network
|
||||
spec:
|
||||
secretName: "valinor-social-tls"
|
||||
issuerRef:
|
||||
name: letsencrypt-dnsimple-production
|
||||
kind: ClusterIssuer
|
||||
commonName: "valinor.social"
|
||||
dnsNames:
|
||||
- "valinor.social"
|
||||
- "*.valinor.social"
|
|
@ -1,16 +0,0 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/cert-manager.io/certificate_v1.json
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: "khazadtube-tv"
|
||||
namespace: network
|
||||
spec:
|
||||
secretName: "khazadtube-tv-tls"
|
||||
issuerRef:
|
||||
name: letsencrypt-dnsimple-production
|
||||
kind: ClusterIssuer
|
||||
commonName: "khazadtube.tv"
|
||||
dnsNames:
|
||||
- "khazadtube.tv"
|
||||
- "*.khazadtube.tv"
|
|
@ -1,108 +0,0 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2beta2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: ingress-nginx-peertube
|
||||
spec:
|
||||
interval: 30m
|
||||
chart:
|
||||
spec:
|
||||
chart: ingress-nginx
|
||||
version: 4.9.0
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: ingress-nginx
|
||||
namespace: flux-system
|
||||
interval: 30m
|
||||
values:
|
||||
controller:
|
||||
replicaCount: 3
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
allowSnippetAnnotations: true
|
||||
enableAnnotationValidations: true
|
||||
service:
|
||||
enabled: true
|
||||
type: LoadBalancer
|
||||
annotations:
|
||||
load-balancer.hetzner.cloud/location: fsn1
|
||||
load-balancer.hetzner.cloud/protocol: tcp
|
||||
load-balancer.hetzner.cloud/name: peertube-nginx
|
||||
load-balancer.hetzner.cloud/use-private-ip: false
|
||||
load-balancer.hetzner.cloud/uses-proxyprotocol: true
|
||||
|
||||
publishService:
|
||||
enabled: true
|
||||
|
||||
metrics:
|
||||
enabled: true
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
namespace: network
|
||||
namespaceSelector:
|
||||
any: true
|
||||
|
||||
ingressClassResource:
|
||||
name: peertube-nginx
|
||||
default: false
|
||||
|
||||
config:
|
||||
block-user-agents: "GPTBot,~*GPTBot*,ChatGPT-User,~*ChatGPT-User*,Google-Extended,~*Google-Extended*,CCBot,~*CCBot*,Omgilibot,~*Omgilibot*,FacebookBot,~*FacebookBot*" # taken from https://github.com/superseriousbusiness/gotosocial/blob/main/internal/web/robots.go
|
||||
client-header-timeout: 120
|
||||
client-body-buffer-size: "100M"
|
||||
client-body-timeout: 120
|
||||
enable-brotli: "true"
|
||||
enable-ocsp: "true"
|
||||
enable-real-ip: "true"
|
||||
use-proxy-protocol: "true"
|
||||
hide-headers: Server,X-Powered-By
|
||||
hsts-max-age: "31449600"
|
||||
keep-alive: 120
|
||||
keep-alive-requests: 10000
|
||||
proxy-body-size: 0
|
||||
proxy-buffer-size: "16k"
|
||||
ssl-protocols: "TLSv1.3 TLSv1.2"
|
||||
use-forwarded-headers: "true"
|
||||
server-snippet: |
|
||||
resolver local=on ipv6=off;
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
ssl-echd-curve: "secp384r1"
|
||||
ssl-session-timeout: "1d"
|
||||
ssl-session-cache: "shared:SSL:10m"
|
||||
ssl-session-tickets: "off"
|
||||
|
||||
extraArgs:
|
||||
default-ssl-certificate: "network/khazadtube-tv-tls"
|
||||
|
||||
topologySpreadConstraints:
|
||||
- maxSkew: 2
|
||||
topologyKey: kubernetes.io/hostname
|
||||
whenUnsatisfiable: DoNotSchedule
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/instance: ingress-nginx-peertube
|
||||
app.kubernetes.io/component: controller
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchExpressions:
|
||||
- key: app.kubernetes.io/component
|
||||
operator: In
|
||||
values:
|
||||
- controller
|
||||
- key: app.kubernetes.io/instance
|
||||
operator: In
|
||||
values:
|
||||
- ingress-nginx-peertube
|
||||
topologyKey: kubernetes.io/hostname
|
||||
|
||||
resources:
|
||||
requests:
|
||||
cpu: 23m
|
||||
memory: 381M
|
||||
|
||||
defaultBackend:
|
||||
enabled: false
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: network
|
||||
resources:
|
||||
- ./helmrelease.yaml
|
||||
- ./certificate.yaml
|
|
@ -11,7 +11,7 @@ spec:
|
|||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: valinor
|
||||
name: homelab
|
||||
wait: true
|
||||
---
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
||||
|
@ -26,7 +26,7 @@ spec:
|
|||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: valinor
|
||||
name: homelab
|
||||
wait: true
|
||||
dependsOn:
|
||||
- name: cluster-apps-external-secrets
|
||||
|
@ -43,7 +43,7 @@ spec:
|
|||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: valinor
|
||||
name: homelab
|
||||
wait: true
|
||||
dependsOn:
|
||||
- name: cluster-apps-external-secrets
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/clustersecretstore_v1beta1.json
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ClusterSecretStore
|
||||
metadata:
|
||||
|
@ -8,9 +7,9 @@ metadata:
|
|||
spec:
|
||||
provider:
|
||||
onepassword:
|
||||
connectHost: http://onepassword-connect:8080
|
||||
connectHost: http://10.5.0.5:8080
|
||||
vaults:
|
||||
valinor: 1
|
||||
hsn.dev: 1
|
||||
auth:
|
||||
secretRef:
|
||||
connectTokenSecretRef:
|
||||
|
|
|
@ -1,142 +0,0 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2beta2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: onepassword-connect
|
||||
namespace: security
|
||||
spec:
|
||||
interval: 30m
|
||||
chart:
|
||||
spec:
|
||||
chart: app-template
|
||||
version: 2.4.0
|
||||
interval: 30m
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: bjw-s
|
||||
namespace: flux-system
|
||||
|
||||
values:
|
||||
controllers:
|
||||
main:
|
||||
annotations:
|
||||
reloader.stakater.com/auto: "true"
|
||||
containers:
|
||||
main:
|
||||
image:
|
||||
repository: docker.io/1password/connect-api
|
||||
tag: 1.7.2
|
||||
env:
|
||||
OP_BUS_PORT: "11220"
|
||||
OP_BUS_PEERS: "localhost:11221"
|
||||
OP_HTTP_PORT: &port-connect 8080
|
||||
OP_SESSION:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: onepassword-connect-secret
|
||||
key: onepassword-credentials.json
|
||||
probes:
|
||||
liveness:
|
||||
enabled: true
|
||||
custom: true
|
||||
spec:
|
||||
httpGet:
|
||||
path: /heartbeat
|
||||
port: *port-connect
|
||||
initialDelaySeconds: 15
|
||||
periodSeconds: 30
|
||||
failureThreshold: 3
|
||||
readiness:
|
||||
enabled: true
|
||||
custom: true
|
||||
spec:
|
||||
httpGet:
|
||||
path: /health
|
||||
port: *port-connect
|
||||
initialDelaySeconds: 15
|
||||
startup:
|
||||
enabled: true
|
||||
custom: true
|
||||
spec:
|
||||
httpGet:
|
||||
path: /health
|
||||
port: *port-connect
|
||||
failureThreshold: 30
|
||||
periodSeconds: 5
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
sync:
|
||||
image:
|
||||
repository: docker.io/1password/connect-sync
|
||||
tag: 1.7.2
|
||||
env:
|
||||
- name: OP_SESSION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: onepassword-connect-secret
|
||||
key: onepassword-credentials.json
|
||||
- name: OP_HTTP_PORT
|
||||
value: &port-sync 8081
|
||||
- name: OP_BUS_PORT
|
||||
value: "11221"
|
||||
- name: OP_BUS_PEERS
|
||||
value: "localhost:11220"
|
||||
probes:
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /health
|
||||
port: *port-sync
|
||||
initialDelaySeconds: 15
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /heartbeat
|
||||
port: *port-sync
|
||||
failureThreshold: 3
|
||||
periodSeconds: 30
|
||||
initialDelaySeconds: 15
|
||||
volumeMounts:
|
||||
- name: shared
|
||||
mountPath: /home/opuser/.op/data
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
http:
|
||||
port: *port-connect
|
||||
|
||||
ingress:
|
||||
main:
|
||||
classname: "nginx"
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/whitelist-source-range: "10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
|
||||
hosts:
|
||||
- host: &host "1pwconnect.hsn.dev"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
name: main
|
||||
port: http
|
||||
|
||||
tls:
|
||||
- hosts:
|
||||
- *host
|
||||
|
||||
defaultPodOptions:
|
||||
securityContext:
|
||||
runAsUser: 999
|
||||
runAsGroup: 999
|
||||
|
||||
persistence:
|
||||
shared:
|
||||
enabled: true
|
||||
type: emptyDir
|
||||
globalMounts:
|
||||
- path: /home/opuser/.op/data
|
||||
|
||||
resources:
|
||||
requests:
|
||||
cpu: 5m
|
||||
memory: 10Mi
|
||||
limits:
|
||||
memory: 100Mi
|
|
@ -5,9 +5,7 @@ kind: Kustomization
|
|||
namespace: security
|
||||
resources:
|
||||
- ./secret.sops.yaml
|
||||
- ./helmrelease.yaml
|
||||
- ./clustersecretstore.yaml
|
||||
|
||||
labels:
|
||||
- pairs:
|
||||
app.kubernetes.io/name: stores
|
||||
|
|
|
@ -4,52 +4,24 @@ metadata:
|
|||
name: onepassword-connect-token
|
||||
namespace: security
|
||||
stringData:
|
||||
token: ENC[AES256_GCM,data:ks4uBrkQP+oqamaYE60ubJ6XjCdGXPPMaqfUWOhaFBehL0F2jgXKildwYsEOYtUNbsOmYRXGYaoZpkIqFd8/JlOX6eYoC0ibCdKJHexV4z4KQ/o9fKcGcP2VpfdqCYlJn/Lt716MHJHA70a0kI/whdtK+FAwFHn9ulMpM4EvOTgbK9RkPO5sh6kOjHywnu3Ri7F3bp8/HXrj0ZAsIijlhQFQiNzctXvD1Q/jEaLIXpFPS0yK9SDMMQ2LYwxTu/gde7X5+J76PWE53R9hm31/eDiW9c9I52XRqWVVVXzuVFvP5SEMS5DKjcfb8ZsZB+ahL+80FKnW0tpEGWqjfGUY9aGN4VOLp3q3EFu3YW54vmUq1Eg2f/i4TeT133NCgpuntaGtfkhv5YIJ182v5fo2F5J9FalaJXNS95CjxDHSC08mGZ8XITbi6oIuvjT1R1g3myalZ9WUXcP3BIQY/kkx2zrNbmTlk/mhchkgxQZObosAnbtpUsUrpKjlMzsvODuQg1iqcuMaooJ8yjovbhdsrp7SEafK5cEVfOTmfUuzm2jzxh4R1m2TJuAqPa/SOJ1sPlCXHa1Q10dxT4kkGjWZ9Muhf7SAkB7PDPcBXfX8/0gwwai2X4Gl+3Szsyt+deZOM60bp+XZ9xRjPWcIxl1uhDoG7gykpsKeDE6tf1+PC9B2GESFHFqbPVicZ/cZv/YHXcXJb5YRKPuE8/OWjzC0A4W5CC/IH3UAzBafiAu9UU/hk7ASqIv/k0wgTZboyRmzxiH06ahdj5qMUqd3schknIsuxgM0Hjv3W/sSaW3xAkR+3gfhcCLxc1IhhPRIO0OEeoaEBQD9UMVuRKRwPo+lpVU7n/UePjuDHpjXeBu2u83sLqaJrcSyId6ksJLoayCKch+46PazE/E/1vn054rml4hDA4Zuwgnyu/g=,iv:lerOeNOfahiAJX1WFUxu5aiw51q274Cz2fmiPtqC0go=,tag:o8eDvJXG+l/YB516m6GB7A==,type:str]
|
||||
token: ENC[AES256_GCM,data:nZZqUP8WUluVOwxeX5b6DygCJo8ptjAXIAkHVGQ7KOVYXV5pw5BYs3GpVnFFny+9aaQ3wQDZ2DjXwecSG0Mk+qdpvaMGvDq05dXC7YeDVQ8hgVpop5enVa3DqPNHb2xbgDn4+dUGsYib0uKADMJX3Hv5WStIjy20IgsiYREtDjlZhrINuBH2l0sRykKi8FUG4R530mCbRv+n33+eHmHHHnY97JWpAvfIRs80EzX8j4sWdlpR0LEIJB/QbXXy+c5Amo2m3rKekMdyPwcsUmVGSprnUir/PbyiIqwDLpe4P/+RAAPewO/6u2KeoJXlpkEAC47CEmsAunuYrAHy/PK67dOK0BygV0ZDI1WsbbC/c3Fauamlb6ZuOWXIkO5EpE1a3whwMj2QLOiI1f6J3AKP2zv235pW36LRiN436PPCewZw7PwtXTMRT08l2qFKg81w/UWqdbtQF/kjkbO9pLVvXZIrUnF6w/w+34e7PYJcaEoKWNzem/usTKhes//rT8GUamcm/Mrno9rXo7KsyajWp/bWlo5GI2uLZ98gtBePNFCxY7YY35qzyH1k9H1SXzlTXOvghB4AJqKqwoBZosMJOxEP4EiY2/ALGl3MYgYKUIqb7RsBP7/5cSLuM4/BXORaG9CtyESqUChcTtYPgO4CANTJsZ+ORXm651DcxUYOQw/EA72Hfo0NfE2xKQwhwLEfh6ycWCtRvjq5i/AnESXO9OgAfLA3VT3roP+OjqfOIKcqc2qRH7is3Cgm2xPlMoIOhi9t5EloBQlA2EpZFl0ZKf65u0++F0pHgyKzCP2JXDh5QK/hLDqNOYrz7LLsFBnxhNjEcYw2Ix/Sfur+cNzXjw/F25iSczPELGFf2KZO1ZGTS1whOZyj++nzocp1+h/al8KvfSGyA13bo8nCeDy9oJr3lEzEqinFxPI=,iv:9w0GTjZ9bGNtbOWVhw0M/+Y/5WonChhNyHMU3nuxZYI=,tag:O+v6ZttlyxaUEZ02Jd+Z/Q==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1g786w8t40g9y29l33rfd4jqlwhrgsxsc7ped6uju60k54j0q3enql3kfve
|
||||
- recipient: age1eqlaq205y5jre9hu5hvulywa7w3d4qyxwmafneamxcn7nejesedsf4q9g6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRVjdHNjVDN1JCNEFqa203
|
||||
bVN6cStUeWFYUUZHZGhCSFFsemM4TnBkQ0g0CmdFZTBpUVgwMWFPbmZFT01BdUpu
|
||||
NG1HZURFb0o3T2JwQ3U4YnJoYzhFOUkKLS0tIDhGVnhLRmhSZ3pQbGRvRWs5dWx4
|
||||
WWxwbndNQVBOeGRoandWL256Z2s2ZFEKtIKW60qNUBPMS0yWPEkDBMokemihiWQ7
|
||||
GqSGjNHDDlkKtd1jyY/qCZGM9t1ZiD9t34wAQVOrn9P/WGJg6X/FsQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5ZHo5aWdxVndCUkdCSEc4
|
||||
dkFkeGQ5ZkY2Rk4wM0RuaGxvU2g3K1JGTEJNCnJpYm1DbXBQOTdGSjVITU8xaE5D
|
||||
RGRoYjVHWVh5Rno4THIvMmlZWWJVWncKLS0tIEVQNmQ1TTA2V0VjdWw2SU9WbUNt
|
||||
VkJYWGZnMEJOdlkweS82RjFQdGtHekkK1LCJ2Ww1Ar1fXcepNTldf/hiBVbYdGRf
|
||||
NwCgEa18sMHVVx1XdhBT67bhQewIr6yYHk4jX8y22ScS9GTx9syD4g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-08-15T16:15:14Z"
|
||||
mac: ENC[AES256_GCM,data:YVC+MuYp66Ej8XRpT/fsBPBz3laCjfoXikNzc4C5k4E3QbM68+jKX81sbJDGL0B3TSwcIxTc4e8GTisqVhxdH26y/g+xOK5/n6Y+FulDuMmvIiIqBhmQXlQii+DUcLZocRhwEkKDm344M3pRliSVVHa44JRY4qf3E9wKjQhg9tk=,iv:sBTtgB0QK52EFfIxJzFRvXP5MR4ARSfR8v/pha0rDDI=,tag:7KZI8DC967fFvO83KnXkPQ==,type:str]
|
||||
lastmodified: "2024-01-11T23:40:03Z"
|
||||
mac: ENC[AES256_GCM,data:1QP1VTuw/fGnMbOeyf+dWADPVSDgzI2UkzJRjEStBVrirj/bUIgpRmRUE2tO5c3fZr5NEJ6kO8ydCrr/WCYSReX2Cbnzf4U5Qap/EEq7G5Xx7NKDM+TQ4jq86F7j+T7OP8tAeGbO3I+8WSqIyc5Z8XkjkFY+hLDRP6cACsh1wQQ=,iv:/zAfi3ZdbzHZAliJZqDu3+lgkopg17NXtotbxkNtBuU=,tag:/wdSv18ydEPzNVL+DQEhGA==,type:str]
|
||||
pgp: []
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.7.3
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: onepassword-connect-secret
|
||||
namespace: security
|
||||
stringData:
|
||||
onepassword-credentials.json: ENC[AES256_GCM,data:Ro43t6FQ22+gIg0VAlcuwBy+jNUNM8Q9HI64InTcDSo0HoF2n5ombH1XrVw8aHYacOMM7WlNNsU5DeecC68HpSo45tOiIQTiXDNQyHDsCkoCEqgUZnEY0ggN2hpycnSmWFn7Kj8HoAnG+5q1aGsKI8PzjTAJYdbF36pmXAm01Ge2IaJAKXaWZ2WA+wUqUXtgr4wtIWgfDacQYMhonnlzzvjFFCkynOhRdCC35jiwJA5bX+OnXnN39ANZufYqlWdhoQHOVgBrrFTX5ooBp3Nvf0Ent3L+zDVvTpmmQm19gxc5jYUGHAlwUEbA/rE/Z6yvMMQhsRxTZtIR/f+ehpgd3OBYCy60ub0dTsbafinOvRJp4xcuhmNX333Li/b+OYOgmKY/vdEUn/2cxbA4Uo/PIRWXmwIaweDShRegHGBYzoCOndfLjfkOwtD7jsShPQ5Vu/aTXQCIFjl2zvcZeR2TT+3Oi3uIiLXlQsOWyU1asQz23PSFeXsiUV8G4P8eomZxiX8/k3D3okkknqvi3GfoRXY49vrewurybLBhBSvRNxYrGouk+Vxy/HtZCwUV7q2TwTlI0eGpBpnbJMGDiuzPV4LFy9SGuroHhKhrNyh2n72IovKLAh//ml+4QVFcUJw7HUP3D7VfYRuohItXi5DDZz4566gNf9a4QkPB/2GHkkcQduDVuDqIFIvxjG7vVpBxi+dbyO6zEt7kI7qo0yLoGsVX7t1laiKD28skgKBOiHyGsMwkjxLtcjjOLfYVM/BgN9BAN5nu9Wqm9HdVM8Rfbjc7U/ts/BtfxRgWNM3qvS7NFkKlYKTtD0JmnzUh7ddgi7HUOczltSl6OgdZcFLEmuQIGdtNeILdHSjp1D3wIT5vgfmKnkhwNqX14K6jLmFaxmtzgYa+65DyWnoYgA1QbvTAPQIfVFvCe2NhwBG5XFNcAKOQbwYdwjmhlKVh+Y5uUwaeTCP9VueUpnrxDzkWOsp33XixkcjCfvrQmY5HQs+sGwr+Be1T+t3ET/8p377CjUf0K3U4PIYvB6NeoD9TU+chYPwpToZoe6vwDEP+GEqhLOBBc6Kmd0VgI1vkShqGtLE/92L5xM+kVJTdUCdLZ9//jFwhfgFFITGhju5UiR4FsPY/IwLTqf+VzXI19aBzrEWN0R88KBk6koL4bORXdd4OEKX36S/Vw9NLGLxQzHxw5mihhBksPdh+kyiDgBgktL2levNF7PV/epdbNRvva/hNKSEaPRCzFV5xlVlMOqiC8wfkMnbatiOX3vGRIhzKjWOMKg3v7MUi6zPRZxs1N4l+V8mddIXsf+BGpGEK4vnlvXQFCP7g97pa6unGv+L9D1RKU4Mp9+AU7Oo82k54oWpgg5DqiCWfnQhXGJLRZabr48Hglp8tdoqKnPCLK+TalofreZxBrtlK3T8qY8g7uUYLTe2nSwU8KKJbgMCtHLtifdrvtyY/S6nN5EUHJpQA2eNqVFQwLDuwJ6crO6ipGbaQ2U36ujhuqJ1+9a8OT4PkJK/aE6/koVRzZe50K+H+rbxCVQEpPM+kG4ClSuT47vxLujEm78Npf+PeIyS36RWICxeNyHhdFtbKDyFriBVi+pEEpXFhtpgBTqmB6MQ7te/L9kglkPOIOjbF4/rnzffvDEWZW5XeKz3vYujZ6vTgosf+rDsqsnyRWU2RHbhPQ6U7aS0ujAiBYdMQY4Mtlz+sa8f/b5nCzNPuv2Y1KdwIzCLLjIcqa/UnuTPNPcI8k6arXFWXS2Mq0R5QYfPKFCStVvHzHITHvZNt8bV1g2j5gYvnJkauu66yzUSDvglJVjjvI55nJQTryUDFtZX+lpiAZxwrsepYcP/EygKdZEdg3f8KbZWNQXxt2njLeJmad7Le5UHBhiGqP9H8eCLbwi0gvGwkGkveQHtCsTswOuY3l9E2WG0R9iamwDSC,iv:9QuqDosuTy7OoTfcSJ2mTYLQY9yTa9krJvvzqA7tH30=,tag:wtN/GsxxKhYgipOz8FqsCw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1g786w8t40g9y29l33rfd4jqlwhrgsxsc7ped6uju60k54j0q3enql3kfve
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRVjdHNjVDN1JCNEFqa203
|
||||
bVN6cStUeWFYUUZHZGhCSFFsemM4TnBkQ0g0CmdFZTBpUVgwMWFPbmZFT01BdUpu
|
||||
NG1HZURFb0o3T2JwQ3U4YnJoYzhFOUkKLS0tIDhGVnhLRmhSZ3pQbGRvRWs5dWx4
|
||||
WWxwbndNQVBOeGRoandWL256Z2s2ZFEKtIKW60qNUBPMS0yWPEkDBMokemihiWQ7
|
||||
GqSGjNHDDlkKtd1jyY/qCZGM9t1ZiD9t34wAQVOrn9P/WGJg6X/FsQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-08-15T16:15:14Z"
|
||||
mac: ENC[AES256_GCM,data:YVC+MuYp66Ej8XRpT/fsBPBz3laCjfoXikNzc4C5k4E3QbM68+jKX81sbJDGL0B3TSwcIxTc4e8GTisqVhxdH26y/g+xOK5/n6Y+FulDuMmvIiIqBhmQXlQii+DUcLZocRhwEkKDm344M3pRliSVVHa44JRY4qf3E9wKjQhg9tk=,iv:sBTtgB0QK52EFfIxJzFRvXP5MR4ARSfR8v/pha0rDDI=,tag:7KZI8DC967fFvO83KnXkPQ==,type:str]
|
||||
pgp: []
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.7.3
|
||||
version: 3.8.1
|
||||
|
|
|
@ -6,7 +6,6 @@ resources:
|
|||
# Pre Flux-Kustomizations
|
||||
- ./namespace.yaml
|
||||
# Flux-Kustomizations
|
||||
- ./intel-device-plugins/ks.yaml
|
||||
- ./node-feature-discovery/ks.yaml
|
||||
- ./reloader/ks.yaml
|
||||
- ./snapshot-controller/ks.yaml
|
||||
|
|
|
@ -15,5 +15,5 @@ spec:
|
|||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: valinor
|
||||
name: homelab
|
||||
wait: true
|
||||
|
|
|
@ -13,5 +13,5 @@ spec:
|
|||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: valinor
|
||||
name: homelab
|
||||
wait: true
|
||||
|
|
|
@ -15,7 +15,7 @@ spec:
|
|||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: valinor
|
||||
name: homelab
|
||||
wait: true
|
||||
timeout: 2m
|
||||
dependsOn:
|
||||
|
|
|
@ -5,24 +5,24 @@ metadata:
|
|||
name: sops-age
|
||||
namespace: flux-system
|
||||
stringData:
|
||||
age.agekey: ENC[AES256_GCM,data:DELuczoRtBQW58s5i8Nmb4Hp+XzZ35aiOfwBJDXaqgfQMFY63QXRzBVkTDS0GxFoGt3jvLILJPwde0OHiVrkNEZdDwRr3JZKnTs=,iv:DqAaHlJRT8SUItoceaIQ7smJUcmtTeu51AJt1WM0pKA=,tag:YGbmN4hRhWCCGLPvyDLsnA==,type:str]
|
||||
age.agekey: ENC[AES256_GCM,data:f+9hVYtS9xNgh3KSpC7HtIzSWnFEEtKNijhT4NWi9Yx3dlRuX50vhc8exLYcjcIbytCwMtTCI4xAjUk4TkxlGaj5DzhU/rdvE+c=,iv:uzhwlqMG1F2rb4XM00EXCI8mpCcKMTn1a2KPH/NGYqo=,tag:Ao+cLYINlL1AfJGFR9EG/A==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1g786w8t40g9y29l33rfd4jqlwhrgsxsc7ped6uju60k54j0q3enql3kfve
|
||||
- recipient: age1eqlaq205y5jre9hu5hvulywa7w3d4qyxwmafneamxcn7nejesedsf4q9g6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMURBNzFadmc1ejZ4eStp
|
||||
czlYTUtWUk52NzlaZ1NJSzU2R3R4VFB4TWtZCmc2SjZ1OVhNYXlXQ21WT1I0ZjU3
|
||||
V2RzRU5PUnYzMWlRcy9vTG5JNkIwVncKLS0tIHdjU0VSaVdBQ3A5ZDlybTBiUVB1
|
||||
YVE3NVptM1Q2ZjEyZHE3N2ZIaEtlRFUKQZEkNHDnlnZYXqK62SplHa7gEsEIBVNV
|
||||
4TYZQzf+fBmlxmDCwDLTNTJZZJfgLjYPfBStvGSx+VbW2HS6PoXMFQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5cVRSZUZjR1Y2Q0U2RUJC
|
||||
M05wdVdhWU1oTjZBeTliNDR1V29KN3hKMFN3ClJJQkx2RTRSL2V4ZjR2QmJQUGph
|
||||
ZUo3UlpPaVc4YjdJbGRkaVhTQmpHVGsKLS0tIFlYMHY2a1FjZ2xobUpKNnRwSDhV
|
||||
eE1VUmwxNjU0SVAvaWF1dVNKMlV6ZzAKrxZ1g+mkSBNECmd+sf5Z4L7xVDaFw1g/
|
||||
hUoFCpjo7fiGS0ru7lhkLzBAwRflWDkpjn75W/18ULaF69bsF9swPQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-08-15T16:24:05Z"
|
||||
mac: ENC[AES256_GCM,data:QxME2bUjRTBpPpMR1ZWANlF+EskMRJuyylOiRHcPzWu9Bve1rz+4mkNdlUYzf0gdLi8psRc6ko0Jb6IH9lLZxOkMAh2YYaMrzAf3hMRBytiJKX/nUs9tIJv8Lft21nXibeaT/TcT5YNwNvd3nTZgBJcJ5nYwmU1sTn3/Lay5jrY=,iv:0uVxxRg+Dp8oZ43DnbtEx25rQcJ23Ag13eKfvvXukVk=,tag:/4Ufpkh8DCONTEWy4pc5bw==,type:str]
|
||||
lastmodified: "2024-01-11T22:06:47Z"
|
||||
mac: ENC[AES256_GCM,data:Sg8eZvpifFdLezfcQ8FFwCUzQpCzx+iOrje2E2fVM4AcIcVR/i3zrdCOzJ252W7Fe6mreVpZA0rKKePCEH1A6ZSvjnPKpMvAdhei7BMyIkDs/8VDJMjZOJOWmtLNIwCYIbkwA+cOnFfufnRdSp7/NsqVo+8STOcr4qWAyfDenVQ=,iv:FHFTiD1NtBHslxuTwdmxw3Xb31F9xK6hhKdw0szXfkk=,tag:MbNsGc1ZW1biUOEDFRTSMQ==,type:str]
|
||||
pgp: []
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.7.3
|
||||
version: 3.8.1
|
||||
|
|
|
@ -5,27 +5,27 @@ metadata:
|
|||
name: git-deploy-key
|
||||
namespace: flux-system
|
||||
stringData:
|
||||
#ENC[AES256_GCM,data:O1eknYe94FguDRRTE4tIv0yQKVJcqHqrHe510i15Kw==,iv:aa5mj7DH/ZEXtqeG+7s/eThK8SYJDT8WmGtwDng9Zh4=,tag:kPuHF2ObA/8IlPzwsuuEqw==,type:comment]
|
||||
identity: ENC[AES256_GCM,data:DSBU1rLXKta1xWzwagSPpHvT3f/j8ICa4iTkYkby63sYefFfQt9u0qFAYMQChfR9imjUtLmV4AvwF/c9pnOpyHTTLXdZMgkK/y8/17NAbmolUOFQfFvvU7WarxArOqk5QYon4vvIxI1d0Xtug46h7KXHQjJl3UWeBJ2IUnYWEfsPAoN4fNrAxI5DNtS+ppPcFZbJ6BMHx8rPadOhuKbgLR4KACg8PFKHW9RLvJ4s2Kykv9bYyHxUPaLMdL4UAC55i0+RGydZ/72CHokIXDKmwtQquf1vL5HVup/5aB9FQA4oLe0Pk5v2m001YfrvMaO+1GXodU3V2+VIWVcdjJciQsTk/IbbJbr0IIdLlT53WOKx1FNmb1HODUBAX8/mt1Kv5pNDm/BtZXk9ad0chheBB96GRyDTU+/qUzSh3WYGxGrLX+KTE3W8NCbzieOwVgwrDt5P09i0iBrAbXJzSwuDfF0mENzoNN1uRWgA+cm9FGbR+HjEv0UHHN8I9/BCBRMIeXXZ,iv:hn3PwE5mnIgzJNLw+ruu5/jUqFQOpQTYh2oZUdeOplM=,tag:2qttj/0hdChixM7rzaLr5g==,type:str]
|
||||
#ENC[AES256_GCM,data:yG8yduTJrEB1oGbSQdLwFyDgjbmkT4fcbkvhMj0oCw3Yi9HvSdygq5Uo/2DQ0t+GRzpVqsedrLvB0yciVWpfEaKewXj6neGmMTcsT/llWbSvXS4dHWGBDL6Y/BXVNhyrYLRu,iv:K4dJKqM+AZE8giMcoBOlb9GDnLDCJSyhpWangKsNXkE=,tag:rfRpq8iv+2rwFRJY6sw19A==,type:comment]
|
||||
known_hosts: ENC[AES256_GCM,data:Ej+HKpMCe/3FGSh/qd7cud4OyBAWpH9tAxP5lSq50kGdyNUz/pLWde4t8uxN6aLtV8Md0lewMtVQTIl3peQuOnroB+EOUnimJTTLLuno9G4zyzkcZRf1un9UY4Jvs9g1vT26DyE/paqIOvJ3u8pfotI4tyO1so60HpHc4lQoakp5L7VMzlPUY3g6hHlOGmqEMXfg8s07UUC0DRNyzBb5INXmL4YweGluI6ros1t1Rh0UKjfF7U0f/5xgzY80WvvcXmhd/NYuKaqUb5YMT7Gk/dUtD0RpxhH+iUi4WMaRyWcbwt+HvS4cUDrHi9ZypLBLxD0I6oiz8ZZYnbNAbe2vsqxiYOPbE+E+QXGY98B1eP18nVXe5YICMuclgAXV54Kcc+/Fw/25oNcJREgdvbxA0CGYwXooURan33kKAXFaBdGpGinj4mBXciepy+fPpxe3sa9YpY1pAF88lmBHzmBR77XltWebOmsagauI1gG/QEgItUaaMy3aDt1dNmrG1jzjkrXYJfCrmLdDXJ3kgd+ZS/95l+B0WfUralbZtQte1IzsgyCRTMhOv8NJ1okCetmi7i5kD2+hiZ7T90M4UMDczHfBXulq9mqlyqQKx1hzdKLP5CnmF0QLbupau+xOLvn8l8Qpt4pxZ6K/ul9jC6PlKZE2iTmgBb2WV1cXdG6sQfrxBFYKaibG4hv7jmIJAI+hzdFq9M+nQ0olIuU3FI3vQqSC05nzRMo0PH+408xnqAWKmY/43SfXpXzUa6eg1+GpoYZjK/BcWA7Nmcy1Fk1lf49JVu0eS3/dqxq+iBbPK9Zy/CQaaWXMg1wpu9y+13CwDuEYC/luz9SrryuY14T7hHldjSxDh+gp0qD2T2VrJA1f846Q7c2SWLcRSPuvYnRcGIS4gQpLjnNKLA14GqDhmFFA/cjkIkgnuILB08SxulMYFu0wu5s4p/vNYj+9BGj66CDvynyLZjCas0cT4ubfq8A=,iv:j1jftBGnQlln+7gECyaanotig27AzyHWLFOG5KWX53c=,tag:1NyHwqKx6RpruLKuYPYIxQ==,type:str]
|
||||
#ENC[AES256_GCM,data:+GbB2yDDUQ4804/B/XphECCkAErDIe+JwXkhuXWDJw==,iv:EFYG8fEaGJt6ZVftO9px4cykuopjQcqNRTLPcT0vK+M=,tag:mPuA+9y+AZDA39/k1a4jmw==,type:comment]
|
||||
identity: ENC[AES256_GCM,data:6ZByb2BqIDMe+sSnwfNlPkEcBbnlQbmYNzZcdAe+Uvi0OPKRTwuuw2sy+yBFlGdz0EpiqUV0GiuR+bVcWEHZZaSBpw//2oKKjR1AfK5E4BPGKR/saZ+6Rg8Xp2HgIjBh/wiLD/KDxYJ5qzE5OndUALmdsXvpnThgExyVGtD8KSWqgdnUY/UP0KMnSvakpaEAWnSC5O+YOKSH55UKAXGVBHSWpG4vedKwnQfdadu2sI2kg0G1MScqAD1Cx6OAZ05KF1AdbV1KDdeYwhGjQjtIob1LhozFqP20Wlhxr6ZwrrVQLOCIIQj2k1Tn0ilxsLA5G35BT/bPOTYIEGih1qF9ZfFGxjBtZJ80puf5DYo7QLow78o8Xe7SPGEKSuY8ryD0DG3GotYaExTaAHD8eTer+EJghYGrLoTgnPrSV1lrsKjMslAAWtrjOPd/1kH3wwrnHk1FauZ/Ft99yGpqXVOvHtmXnKiyoI79t8fq0kNLZ+e2/kd5ntMCJyFgh76lgdzb1knc,iv:OEJl0Oo56DsaOxbt43oaynYtUpUYCDaePBz3wGdqKDw=,tag:axW1M4UckNOmodsZWLLEzA==,type:str]
|
||||
#ENC[AES256_GCM,data:x6ZbaxSmg8cybQLBN60EMMz3b7wcB6zAgcRcPQVr/Y7boCjbVlfdNumSu1/+f2OPJLZLpK+URTqAIhtwDlEwPRabe3MMpQfE3ifKobKPmvws4pvbdPeHG1UEPpGeqh3VJLN8,iv:65mO126WzjKiEJYhjpZnaWftQ2YMnRhak8E2J7X2CfE=,tag:Zof3hhjPzrmOPNWSWkGaEg==,type:comment]
|
||||
known_hosts: ENC[AES256_GCM,data:yaBZz02NVnC34rNmR42CJN32++LO9gLohYOs8JiKE1z5cAL56RHAhwxtcSfuQOPvXyX3WLJvjmFHZL9TQmdCukdmzukBk1J/IaUQ9wCVL9+flRJwtsyf1Xd6SAIk4XwP7M0Rm9F91mPJ9Wdju6ALusSRLN5J7UOwTUoZVcjjSjmM4Q4Kchk0GyZNv3ozgSU5L5cuF620+RX6NlYx3Fk/GVvU468HN4wz4qr7g5NwVS2ZKcTNrZasekuwzohfjheK/4WcxYYHe90/NIr3CpCt1DI1ZTIftvVgodRnK+28p7ZT3hoI/Go7qukY+hXTJEd8gu0ZWjeAWhvtfasy6ZEMLNwo5Zg1IyHnrE9KfOPS/MG2P88V7ooIpvYSNXQP5g3mwm009GQ0yLNAMVmnTqiURTqUOlenI44UWQYmqrcMP28QE0XHR6Id1p1LA+ZRMEnvdvyrYi8FH9VvK1vxJIIBsLCJSvuBCM2Uy+MX1MJNXUzvAp8bDAbgPE4wPx7y/DgOzhyYRyaVQxPRm8IbA+ciBg/3t7dkjLWK6afbOVzE4OxtBwxDtbDcUmpZ7cVE7gKnSM3tywOzxkwXrUAuMkSIKH4pgSAn4BBf8NsA2qr/fzUdvkYl6OF8qRa6Yw7kCtZO9zZTLK3i9gzfJfZ9LlaRaLLSMbQdOIN2FQfYG7+F2OPADNjhCIDHHvMoBKFdAhcLFGdtRP8FuqYMHd3zprCr0F8XgaD3tWAfx3Cq7JDhElM4e3vuIiCwVHGtHvydI4OqKFeO5DKp4+ErOxDyMhaxF8Qd/IPsKgA8QQK2/HkgFZH+fwyf+uRoylmOuQo/8PeaKkag1SihcSzt/vMBroMw9ZbMF6MyYXPC+8IsLggNFh6O7EyoVMIYm1PqSGBckyLb7gHWJu7r2zsajx6TeRwAVlEoVq9ScC8sj2XkrUo8HNLX6lt7J5/RDchmjta5pdTCGvsV7SOQi7mMUFjxAp+RBFE=,iv:KsQ5SqWokEmwZPXCFuEVhV2X7c+6rC8ZhqEc7Tc+rT8=,tag:fA1se7HrUltBOGhIg7zG/w==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1g786w8t40g9y29l33rfd4jqlwhrgsxsc7ped6uju60k54j0q3enql3kfve
|
||||
- recipient: age1eqlaq205y5jre9hu5hvulywa7w3d4qyxwmafneamxcn7nejesedsf4q9g6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnbkdZamFHbTVoYXpCdGpx
|
||||
a214aFQvUUxWSW43SHV2QWFzVjJTeTNiSXhrCnF2VmR5eFlpc3JlcGY0R2J3aWdr
|
||||
aEZSL0gvRzZiYi9ELzZOeVkyRExkM0EKLS0tIGczRVRZY2U3S3F1ZVY2RnJwTWlw
|
||||
L0s5YXNFUlhmTS9GSkdZNWNJeDlCSm8K8j+Pvu+DUYLjQ27N2dPU8rGXYaZORK4I
|
||||
n6U4KG2qiRAZn1eVp4t/8/2A5/0UupsrcYyKvXAiMLrpsf9kaq3Xmw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTeS83SmdkZ2daM05UVkpO
|
||||
RG1jM1lNVDREUGdQZmFuREdOaVIzQkd6MzN3CmdaQnRDbUJwTG9tZ2treFJ2RFFU
|
||||
NkVWUlVVNlVJd2xSRkU0bUUzZDY0ZGMKLS0tIG8wRzZCZ29Pc0tNb3dVcnVyYWl6
|
||||
MmVnNzdNWU83MGl6TzFwNFYydHQ0WFkKMy8Ew8clnoYcNR9qicauSBlLDp8N8qvg
|
||||
jAMftEoS6bUhSozWW4zCpcRK6hCTi8X+IsHe0niTotGRUZgPgdXUWg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-08-21T21:51:49Z"
|
||||
mac: ENC[AES256_GCM,data:lXLx3E5CrfeVN6/a9WDVie4Mfn0v7pcadSWmiKoge9B5obhgAIVChSG8d8KFPkAN6gCBi1D/O3ukSogAwASZ2q8t4yUes6YsD3t4aZrADw6YVgOjNDeJHMiaXMP6fQ0ze665NEgyGBnIRxDuaTXHpaNXsiqSHr+51rRHi0S6K2g=,iv:I616VwtsUKqqvDfmu2KiY9i2ODaTD0tZZHaYG8DjyZA=,tag:dKFmvDZWMBsfhnuqAyMm+g==,type:str]
|
||||
lastmodified: "2024-01-11T22:06:54Z"
|
||||
mac: ENC[AES256_GCM,data:P1ZUYJ+ZKO7y3ZC9qy/ODizNGohS6VlSLRzXFUw0dG4OSL/4G3lo+YzkOx/ly4oaLRKZAlW9dLONJYPldE1785A3DfUD3YjV+xrF4akxPAkCwer5ikmCEuG+jw+ihOxn+36s5KZhjVt7k+EVOqVAR60Oh62onq5IR608ND6zits=,iv:d3tdmEjvB/n/TquFRE8qs7Lr4O5q8zXaESvqHl5IiVk=,tag:AKo3NuJTDS0ov3jjHJTahA==,type:str]
|
||||
pgp: []
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.7.3
|
||||
version: 3.8.1
|
||||
|
|
|
@ -1,30 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: hcloud
|
||||
namespace: kube-system
|
||||
stringData:
|
||||
ROBOT_ENABLED: ENC[AES256_GCM,data:tTSnWw==,iv:rSrqYIiQSOv6G0QxSYVU6DtW7b3PT7XNF/1pWx68M1g=,tag:2m6YXewARCcyXTjZGimodQ==,type:str]
|
||||
token: ENC[AES256_GCM,data:DzLwUiv5JH/S6OBrzgNp0NO5U/7w0Pq2YtQ7uOAfg7Iw90qzGlzc8CqzlQOw0jHv91LzCUgjpeZn9QP93Dgprw==,iv:T6rqz1HmdKATl+8ov5qclhAo/NzHQTIN6eRSiCEyiZU=,tag:39VZ8N96NEXgvXTPQ/vvBA==,type:str]
|
||||
robot-password: ENC[AES256_GCM,data:OeITzLUpgj03MyQ2n+SYgwykcw==,iv:9ZdbQW4ZAtqmGEiR4KBsziRXMAoHGHcBYXiwjep5H2A=,tag:4eGKJTfn0+NARz1k7j8jXA==,type:str]
|
||||
robot-user: ENC[AES256_GCM,data:Cy2ilSDCVNaxES0N,iv:fs/fu9OOhNPDwgnw1xV8SPtbzlbDkbynvL4Z5L6aO2o=,tag:n2+BeAx8HLtD4rFbKMdUqw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1g786w8t40g9y29l33rfd4jqlwhrgsxsc7ped6uju60k54j0q3enql3kfve
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSaVJMaEQvSGw1Y3h1WXVi
|
||||
TGFnM1dTaHRaUEtOaVl5anpKazZjbVRpckIwCi9Bc1BueHYvMUljdWRrZFVpQldJ
|
||||
bkRVMWJIdmdubGJXL2NOeUloV3RXQ0EKLS0tIEZadWZJcytYZW5ZdmtFbGcrUjZN
|
||||
SGkvdTBIM1hxMTREL1JDT0NCcXo0ckUKW3fJ509OnrgKxLvWHALLvA4Ha91pN+GM
|
||||
JRdKi8tSlyVEpFgumeOsan3fIrsi9urgqYjMuW5e6ApMZ8/2522MWA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-12-12T18:16:51Z"
|
||||
mac: ENC[AES256_GCM,data:m3jplww3Pv4UnCIdyJ2DEkA95U5+Ovddk2DhEG7KhVQ/PTtG31UFCHdoBIgHf0ZcYmAYRLeyvUfRmi19I+h0h1eDrlbTwpFSYByunLvJZqk2Dp9WWCyGnoJ2Wh/dzW/pcLRSJCZWPxUGPR48cyZTlzg+iZHm760kbXQmzAE+ZHc=,iv:xxyyd9IaTtd+Te+2T156/c+842GVeOoPEs+IBZibWrk=,tag:EruEq5+6kU+nme9NydF/bg==,type:str]
|
||||
pgp: []
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.8.1
|
|
@ -11,7 +11,7 @@ spec:
|
|||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: valinor
|
||||
name: homelab
|
||||
decryption:
|
||||
provider: sops
|
||||
secretRef:
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
apiVersion: source.toolkit.fluxcd.io/v1
|
||||
kind: GitRepository
|
||||
metadata:
|
||||
name: valinor
|
||||
name: homelab
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 30m
|
||||
|
@ -31,7 +31,7 @@ spec:
|
|||
wait: false
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: valinor
|
||||
name: homelab
|
||||
decryption:
|
||||
provider: sops
|
||||
secretRef:
|
||||
|
|
|
@ -4,28 +4,28 @@ metadata:
|
|||
name: cluster-secrets
|
||||
namespace: flux-system
|
||||
stringData:
|
||||
SECRET_PUSHOVER_USERKEY: ENC[AES256_GCM,data:MeaD8iRbieNr5W9PqpjZ5ywdbMijX9nYQJbbVj6s,iv:42QymFlr47PYNjorJc5tgDjzZ9WHPVIk543GGChalVM=,tag:qyk1chI/IpPdfyEMdOqsbQ==,type:str]
|
||||
SECRET_PUSHOVER_ALERT_MANAGER_APIKEY: ENC[AES256_GCM,data:4+9e/tWQBszoPakAo+1vNhWsdKz8qfoioeUz+dTb,iv:sY4dkzMEmvi8kCLesBiknmoYHWq3uqXpWs5Y4FeFSuk=,tag:rPxH+5m6rPiSnhm2JrrT4w==,type:str]
|
||||
SECRET_HEALTHCHECKS_WEBHOOK: ENC[AES256_GCM,data:a6hjTy2HRy7s2+KHxfop8077CgAzzILCF/g5I9TIXdhRiziUrLpJVzC0mqNmfdooJsZyErrJ9ihamFKLFoK8S/PmD5IgWuZu,iv:l5JTxmiWct5nr7eJM/Rtl7AclhCoIQ4KW6nJK6Slhg0=,tag:K5yGxYBTNSSoxYJt8Kmhyw==,type:str]
|
||||
SECRET_CLOUDFLARE_ACCOUNT_ID: ENC[AES256_GCM,data:X63a7aMBMyd9Be6bik0knOyMXnYx/Kg3SoOrG0bkAHU=,iv:POcU1kIRWekrzUdzqPopKDovviK+fMZRVuZVWp9Vuuc=,tag:n9UamxITJCiLbH37Ta2lTg==,type:str]
|
||||
K8S_SERVICE_ENDPOINT: ENC[AES256_GCM,data:mons7ADYFZv+PjnGpAg=,iv:vRkH6yn+nr2azS+kWOCG9rayB/X/02OlmQVhaIsJDkQ=,tag:RyPwMRcWgQV2kKFa6YQtMg==,type:str]
|
||||
SECRET_PUSHOVER_USERKEY: ENC[AES256_GCM,data:HknjiEQXIa1zntN4yOlTQ/buKx2xppiQV7faAxIe,iv:A9sMptT1QcgQvuP8jqPUZDjqTa56kbsLBjITQvPQyF8=,tag:Sa5PIweT7OYuoq5YG43rpA==,type:str]
|
||||
SECRET_PUSHOVER_ALERT_MANAGER_APIKEY: ENC[AES256_GCM,data:n0cFsAwCX1/y5HhsNxr/c2KT/5dzt55Ygi17rX+OV7cwKPKMImmLinb6GhD9fDIz1AINGBijXuXvD8TL,iv:4nwdHlSJEUSyMEDvh+5mhONXCGTJ3qyTITwG6CxeG3A=,tag:kurCrF2rGQFBF2u7Hhinuw==,type:str]
|
||||
SECRET_HEALTHCHECKS_WEBHOOK: ENC[AES256_GCM,data:YG8/g4i8inIQnCIsQyEkPdNyVmbFYU4bhixacOEEEcuJMl8ax8TH1yBRl5ziQmBggp/CETorWCmNiC3jkUXYYta/znlo76T5,iv:SGdg9htpyFP38jbAJDg+zq4Rs+axgM5m3SsgBG38Bu8=,tag:TTIVFki9e03rqVvNmtsFuw==,type:str]
|
||||
SECRET_CLOUDFLARE_ACCOUNT_ID: ENC[AES256_GCM,data:bKGSKh/TxNtCMRa83/i44fX7XC5mRxBLVeZ94UltjOo=,iv:Ji0tUnrvDywxMeCvNwBrG/a8JVudfK4sXYL8q0i/cz8=,tag:j4Bwvcz73RdIInsiz0F0JA==,type:str]
|
||||
K8S_SERVICE_ENDPOINT: ENC[AES256_GCM,data:3s9EeJwFzDQ=,iv:a4oU9bf7ESscw6o9YqhBx8kRm/rL1l2ydjjd1ngn/P0=,tag:TAwJ2UmFuEHeHsEhfiVH9g==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1g786w8t40g9y29l33rfd4jqlwhrgsxsc7ped6uju60k54j0q3enql3kfve
|
||||
- recipient: age1eqlaq205y5jre9hu5hvulywa7w3d4qyxwmafneamxcn7nejesedsf4q9g6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzNUJOSGgzempjQS9ZQVlo
|
||||
citDR1Vta2ZHWHJYNElySzA4a1ZIdktQREhFCnZyQlYvYlhRbDlwYVkxZmZJYm5S
|
||||
TEU0c2R4WkFWZGNEcjYyTHE3MmVLT0kKLS0tIHZwQWNGYks1alNnYVAyOWZsL1J2
|
||||
dDhWMDZYait3UzNRZy9oVk85cHBPdEUKa7e22jHlW1chaLDKBB1in8ZTFnfKMXug
|
||||
QJQ/9z6z/RjmnnFam2FWg++Xg2A8LQ7XTZcfR97csf59DQ/xwu7sVw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwSC9CNFkwMHVLd0dWb0Jq
|
||||
cnN0OUJzYVlYV2VRS3p2ek5UcHl4TXNQckhjCnlHQTVNNmdyZFF6RXhETlBzSW9v
|
||||
S00ra2k2Y0VyWnJjcU9oWG5XVGJDQkkKLS0tIHB2bGxDOWhWci81aGViVFlsL0JE
|
||||
ZGRUUFpKTXpjWW9HQ0R1VDk2RmVmQ2MKJwHW3q0vCZClJFfDrWSLw6C43vWVfyLr
|
||||
1ACvmNWml+xv/MOQwoRRMx6OVF74X83UyTFdVrXXk7SkzRcwQr4j+A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-01-02T23:49:24Z"
|
||||
mac: ENC[AES256_GCM,data:OZzwxpqsXk2tfWmDRjWdmRZaP1pc0HRAuxt1om1Q0yN0R7LTafyRaKdWRdDYi7g76/C8qvSwgT72If5u+M10Q/KKNDy/PavDKn9yMHLkYkdmnXCbyxuWCFqlDoVoOQyPG3H4+ahZkYDnXwzcScR8klTZxdG2n5xO6FJc3PKJFlk=,iv:f2d0J2vG3amQ5UCowNU4U9X+siuWq43uq3nLndoy76A=,tag:ZbfWo82UhiR1AOh93WkpLQ==,type:str]
|
||||
lastmodified: "2024-01-11T22:06:29Z"
|
||||
mac: ENC[AES256_GCM,data:kpt0cEtZo9e2wRcnbp7VosxzVdRTUsnNOmCfjFW/6dAVt3PQuck4hoQ+5ZVO/kL02JDxfLFDaSrbEGwWyf3pwvWV0IQHPFH1W0DcgHe0bSHLBB1AAufISuaQ+OfrO6igYiUjJ1ijk8sErT64qY0WN1NTnMbhbGpXrmKl9jSxpbc=,iv:bVeu6F3V6dkx/VvHume/KdxVPArMzPCkTS+e5M9+ru8=,tag:u8MdtwtUcbk2/XFvdfvomw==,type:str]
|
||||
pgp: []
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.8.1
|
||||
|
|
|
@ -5,4 +5,4 @@ metadata:
|
|||
name: cluster-settings
|
||||
namespace: flux-system
|
||||
data:
|
||||
CLUSTER_NAME: valinor
|
||||
CLUSTER_NAME: homelab
|
||||
|
|
Reference in a new issue