More scaffolding for homelab.
This commit is contained in:
parent
645ed81c88
commit
08ac08c6a8
50 changed files with 115 additions and 784 deletions
|
@ -9,7 +9,7 @@ exclude: |
|
||||||
|
|
||||||
repos:
|
repos:
|
||||||
- repo: https://github.com/adrienverge/yamllint
|
- repo: https://github.com/adrienverge/yamllint
|
||||||
rev: v1.32.0
|
rev: v1.33.0
|
||||||
hooks:
|
hooks:
|
||||||
- id: yamllint
|
- id: yamllint
|
||||||
args:
|
args:
|
||||||
|
|
12
.sops.yaml
12
.sops.yaml
|
@ -2,14 +2,14 @@
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: kubernetes/.*\.sops\.ya?ml
|
- path_regex: kubernetes/.*\.sops\.ya?ml
|
||||||
encrypted_regex: "^(data|stringData)$"
|
encrypted_regex: "^(data|stringData)$"
|
||||||
# Valinor
|
# Homelab
|
||||||
age: >-
|
age: >-
|
||||||
age1g786w8t40g9y29l33rfd4jqlwhrgsxsc7ped6uju60k54j0q3enql3kfve
|
age1eqlaq205y5jre9hu5hvulywa7w3d4qyxwmafneamxcn7nejesedsf4q9g6
|
||||||
- path_regex: .*\.sops\.(env|ini|json|toml)
|
- path_regex: .*\.sops\.(env|ini|json|toml)
|
||||||
# Valinor
|
# Homelab
|
||||||
age: >-
|
age: >-
|
||||||
age1g786w8t40g9y29l33rfd4jqlwhrgsxsc7ped6uju60k54j0q3enql3kfve
|
age1eqlaq205y5jre9hu5hvulywa7w3d4qyxwmafneamxcn7nejesedsf4q9g6
|
||||||
- path_regex: (ansible|terraform|talos)/.*\.sops\.ya?ml
|
- path_regex: (ansible|terraform|talos)/.*\.sops\.ya?ml
|
||||||
# Valinor
|
# Homelab
|
||||||
age: >-
|
age: >-
|
||||||
age1g786w8t40g9y29l33rfd4jqlwhrgsxsc7ped6uju60k54j0q3enql3kfve
|
age1eqlaq205y5jre9hu5hvulywa7w3d4qyxwmafneamxcn7nejesedsf4q9g6
|
||||||
|
|
|
@ -1,22 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRole
|
|
||||||
metadata:
|
|
||||||
name: flow-schema-reader
|
|
||||||
rules:
|
|
||||||
- apiGroups: ["flowcontrol.apiserver.k8s.io"]
|
|
||||||
resources: ["flowschemas", "prioritylevelconfigurations"]
|
|
||||||
verbs: ["list", "watch"]
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
name: grant-flow-schema-permission
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: dnsimple-issuer-cert-manager-webhook-dnsimple
|
|
||||||
namespace: cert-manager
|
|
||||||
roleRef:
|
|
||||||
kind: ClusterRole
|
|
||||||
name: flow-schema-reader
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
|
@ -1,23 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
|
|
||||||
apiVersion: external-secrets.io/v1beta1
|
|
||||||
kind: ExternalSecret
|
|
||||||
metadata:
|
|
||||||
name: dnsimple-api-token
|
|
||||||
namespace: cert-manager
|
|
||||||
spec:
|
|
||||||
secretStoreRef:
|
|
||||||
kind: ClusterSecretStore
|
|
||||||
name: onepassword-connect
|
|
||||||
target:
|
|
||||||
name: dnsimple-api-token
|
|
||||||
creationPolicy: Owner
|
|
||||||
data:
|
|
||||||
- secretKey: api-token
|
|
||||||
remoteRef:
|
|
||||||
key: DNSimple
|
|
||||||
property: cert-manager
|
|
||||||
- secretKey: letsencrypt-email
|
|
||||||
remoteRef:
|
|
||||||
key: DNSimple
|
|
||||||
property: letsencrypt-email
|
|
|
@ -1,36 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json
|
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2beta2
|
|
||||||
kind: HelmRelease
|
|
||||||
metadata:
|
|
||||||
name: dnsimple-issuer
|
|
||||||
namespace: cert-manager
|
|
||||||
spec:
|
|
||||||
interval: 30m
|
|
||||||
chart:
|
|
||||||
spec:
|
|
||||||
chart: cert-manager-webhook-dnsimple
|
|
||||||
version: 0.0.11
|
|
||||||
interval: 30m
|
|
||||||
sourceRef:
|
|
||||||
kind: HelmRepository
|
|
||||||
name: jahanson
|
|
||||||
namespace: flux-system
|
|
||||||
|
|
||||||
values:
|
|
||||||
controller:
|
|
||||||
annotations:
|
|
||||||
reloader.stakater.com/auto: "true"
|
|
||||||
dnsimple:
|
|
||||||
token:
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: dnsimple-api-token
|
|
||||||
key: api-token
|
|
||||||
clusterIssuer:
|
|
||||||
email:
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: dnsimple-api-token
|
|
||||||
key: letsencrypt-email
|
|
||||||
containerport: 8443
|
|
|
@ -1,22 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/cert-manager.io/clusterissuer_v1.json
|
|
||||||
apiVersion: cert-manager.io/v1
|
|
||||||
kind: ClusterIssuer
|
|
||||||
metadata:
|
|
||||||
name: letsencrypt-dnsimple-production
|
|
||||||
spec:
|
|
||||||
acme:
|
|
||||||
email: "joe@veri.dev"
|
|
||||||
preferredChain: ""
|
|
||||||
privateKeySecretRef:
|
|
||||||
name: letsencrypt-dnsimple-production
|
|
||||||
server: https://acme-v02.api.letsencrypt.org/directory
|
|
||||||
solvers:
|
|
||||||
- dns01:
|
|
||||||
webhook:
|
|
||||||
config:
|
|
||||||
tokenSecretRef:
|
|
||||||
key: api-token
|
|
||||||
name: dnsimple-api-token
|
|
||||||
solverName: dnsimple
|
|
||||||
groupName: acme.jahanson.com
|
|
|
@ -1,21 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/cert-manager.io/clusterissuer_v1.json
|
|
||||||
apiVersion: cert-manager.io/v1
|
|
||||||
kind: ClusterIssuer
|
|
||||||
metadata:
|
|
||||||
name: letsencrypt-staging
|
|
||||||
spec:
|
|
||||||
acme:
|
|
||||||
preferredChain: ""
|
|
||||||
privateKeySecretRef:
|
|
||||||
name: letsencrypt-staging
|
|
||||||
server: https://acme-staging-v02.api.letsencrypt.org/directory
|
|
||||||
solvers:
|
|
||||||
- dns01:
|
|
||||||
webhook:
|
|
||||||
config:
|
|
||||||
tokenSecretRef:
|
|
||||||
key: api-token
|
|
||||||
name: dnsimple-api-token
|
|
||||||
solverName: dnsimple
|
|
||||||
groupName: acme.jahanson.com
|
|
|
@ -4,11 +4,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
namespace: cert-manager
|
namespace: cert-manager
|
||||||
resources:
|
resources:
|
||||||
- ./dnsimple/externalsecret.yaml
|
|
||||||
- ./dnsimple/issuer-letsencrypt-prod.yaml
|
|
||||||
- ./dnsimple/issuer-letsencrypt-staging.yaml
|
|
||||||
- ./dnsimple/dnsimple-issuer-rbac.yaml
|
|
||||||
- ./dnsimple/helmrelease.yaml
|
|
||||||
- ./cloudflare/externalsecret.yaml
|
- ./cloudflare/externalsecret.yaml
|
||||||
- ./cloudflare/issuer-letsencrypt-prod.yaml
|
- ./cloudflare/issuer-letsencrypt-prod.yaml
|
||||||
- ./cloudflare/issuer-letsencrypt-staging.yaml
|
- ./cloudflare/issuer-letsencrypt-staging.yaml
|
||||||
|
|
|
@ -11,7 +11,7 @@ spec:
|
||||||
prune: true
|
prune: true
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: GitRepository
|
kind: GitRepository
|
||||||
name: valinor
|
name: homelab
|
||||||
wait: true
|
wait: true
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
||||||
|
@ -26,7 +26,7 @@ spec:
|
||||||
prune: true
|
prune: true
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: GitRepository
|
kind: GitRepository
|
||||||
name: valinor
|
name: homelab
|
||||||
wait: false
|
wait: false
|
||||||
dependsOn:
|
dependsOn:
|
||||||
- name: cluster-apps-cert-manager
|
- name: cluster-apps-cert-manager
|
||||||
|
|
|
@ -12,7 +12,7 @@ spec:
|
||||||
prune: true
|
prune: true
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: GitRepository
|
kind: GitRepository
|
||||||
name: valinor
|
name: homelab
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
retryInterval: 1m
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Pod
|
kind: Pod
|
||||||
metadata:
|
metadata:
|
||||||
name: rocky-nessa
|
name: rocky-nenya
|
||||||
namespace: default
|
namespace: default
|
||||||
spec:
|
spec:
|
||||||
nodeName: nessa
|
nodeName: nenya
|
||||||
containers:
|
containers:
|
||||||
- name: rocky
|
- name: rocky
|
||||||
image: rockylinux:9
|
image: rockylinux:9
|
|
@ -1,20 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Pod
|
|
||||||
metadata:
|
|
||||||
name: rocky-nienna
|
|
||||||
namespace: default
|
|
||||||
spec:
|
|
||||||
nodeName: nienna
|
|
||||||
containers:
|
|
||||||
- name: rocky
|
|
||||||
image: rockylinux:9
|
|
||||||
securityContext:
|
|
||||||
privileged: true
|
|
||||||
command: ["/bin/bash", "-c", "while true; do sleep 10; done"]
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
cpu: 100m
|
|
||||||
memory: 512Mi
|
|
||||||
limits:
|
|
||||||
cpu: 4000m
|
|
||||||
memory: 4000Mi
|
|
|
@ -4,6 +4,7 @@ metadata:
|
||||||
name: ubuntu
|
name: ubuntu
|
||||||
namespace: default
|
namespace: default
|
||||||
spec:
|
spec:
|
||||||
|
nodeName: nenya
|
||||||
containers:
|
containers:
|
||||||
- name: ubuntu
|
- name: ubuntu
|
||||||
image: ubuntu:latest
|
image: ubuntu:latest
|
|
@ -13,7 +13,7 @@ spec:
|
||||||
prune: true
|
prune: true
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: GitRepository
|
kind: GitRepository
|
||||||
name: valinor
|
name: homelab
|
||||||
wait: true
|
wait: true
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
||||||
|
@ -30,5 +30,5 @@ spec:
|
||||||
prune: true
|
prune: true
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: GitRepository
|
kind: GitRepository
|
||||||
name: valinor
|
name: homelab
|
||||||
wait: true
|
wait: true
|
||||||
|
|
|
@ -27,7 +27,7 @@ spec:
|
||||||
keepHistory: false
|
keepHistory: false
|
||||||
values:
|
values:
|
||||||
cluster:
|
cluster:
|
||||||
name: valinor
|
name: homelab
|
||||||
id: 1
|
id: 1
|
||||||
hubble:
|
hubble:
|
||||||
relay:
|
relay:
|
||||||
|
@ -35,7 +35,6 @@ spec:
|
||||||
ui:
|
ui:
|
||||||
enabled: true
|
enabled: true
|
||||||
metrics:
|
metrics:
|
||||||
# enabled: "{dns,drop,tcp,flow,port-distribution,icmp,httpV2:exemplars=true;labelsContext=source_ip,source_namespace,source_workload,destination_ip,destination_namespace,destination_workload,traffic_direction}"
|
|
||||||
enableOpenMetrics: true
|
enableOpenMetrics: true
|
||||||
prometheus:
|
prometheus:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
@ -50,26 +49,7 @@ spec:
|
||||||
enabled: true # enable host policies
|
enabled: true # enable host policies
|
||||||
extraConfig:
|
extraConfig:
|
||||||
allow-localhost: policy # enable policies for localhost
|
allow-localhost: policy # enable policies for localhost
|
||||||
|
|
||||||
kubeProxyReplacement: true
|
kubeProxyReplacement: true
|
||||||
securityContext:
|
|
||||||
capabilities:
|
|
||||||
ciliumAgent:
|
|
||||||
- CHOWN
|
|
||||||
- KILL
|
|
||||||
- NET_ADMIN
|
|
||||||
- NET_RAW
|
|
||||||
- IPC_LOCK
|
|
||||||
- SYS_ADMIN
|
|
||||||
- SYS_RESOURCE
|
|
||||||
- DAC_OVERRIDE
|
|
||||||
- FOWNER
|
|
||||||
- SETGID
|
|
||||||
- SETUID
|
|
||||||
cleanCiliumState:
|
|
||||||
- NET_ADMIN
|
|
||||||
- SYS_ADMIN
|
|
||||||
- SYS_RESOURCE
|
|
||||||
k8sServiceHost: ${K8S_SERVICE_ENDPOINT}
|
k8sServiceHost: ${K8S_SERVICE_ENDPOINT}
|
||||||
k8sServicePort: 6443
|
k8sServicePort: 6443
|
||||||
rollOutCiliumPods: true
|
rollOutCiliumPods: true
|
||||||
|
|
|
@ -1,9 +0,0 @@
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: NetworkPolicy
|
|
||||||
metadata:
|
|
||||||
name: allow-ns-ingress
|
|
||||||
spec:
|
|
||||||
podSelector: {}
|
|
||||||
ingress:
|
|
||||||
- from:
|
|
||||||
- podSelector: {}
|
|
|
@ -13,5 +13,5 @@ spec:
|
||||||
prune: true
|
prune: true
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: GitRepository
|
kind: GitRepository
|
||||||
name: valinor
|
name: homelab
|
||||||
wait: false
|
wait: false
|
||||||
|
|
|
@ -7,5 +7,4 @@ resources:
|
||||||
- ./namespace.yaml
|
- ./namespace.yaml
|
||||||
# Flux-Kustomizations
|
# Flux-Kustomizations
|
||||||
- ./cilium/ks.yaml
|
- ./cilium/ks.yaml
|
||||||
- ./hccm/ks.yaml
|
|
||||||
- ./metrics-server/ks.yaml
|
- ./metrics-server/ks.yaml
|
||||||
|
|
|
@ -13,5 +13,5 @@ spec:
|
||||||
prune: true
|
prune: true
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: GitRepository
|
kind: GitRepository
|
||||||
name: valinor
|
name: homelab
|
||||||
wait: true
|
wait: true
|
||||||
|
|
|
@ -10,7 +10,7 @@ spec:
|
||||||
prune: true
|
prune: true
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: GitRepository
|
kind: GitRepository
|
||||||
name: valinor
|
name: homelab
|
||||||
wait: true
|
wait: true
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
retryInterval: 1m
|
||||||
|
@ -29,7 +29,7 @@ spec:
|
||||||
prune: true
|
prune: true
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: GitRepository
|
kind: GitRepository
|
||||||
name: valinor
|
name: homelab
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
retryInterval: 1m
|
||||||
|
|
|
@ -13,5 +13,5 @@ spec:
|
||||||
prune: true
|
prune: true
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: GitRepository
|
kind: GitRepository
|
||||||
name: valinor
|
name: homelab
|
||||||
wait: true
|
wait: true
|
||||||
|
|
|
@ -1,19 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
|
|
||||||
apiVersion: external-secrets.io/v1beta1
|
|
||||||
kind: ExternalSecret
|
|
||||||
metadata:
|
|
||||||
name: externaldns-valinor-social-secrets
|
|
||||||
namespace: cert-manager
|
|
||||||
spec:
|
|
||||||
secretStoreRef:
|
|
||||||
kind: ClusterSecretStore
|
|
||||||
name: onepassword-connect
|
|
||||||
target:
|
|
||||||
name: externaldns-valinor-social-secrets
|
|
||||||
creationPolicy: Owner
|
|
||||||
data:
|
|
||||||
- secretKey: dnsimple_api_token
|
|
||||||
remoteRef:
|
|
||||||
key: DNSimple
|
|
||||||
property: external-dns
|
|
|
@ -1,70 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json
|
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2beta2
|
|
||||||
kind: HelmRelease
|
|
||||||
metadata:
|
|
||||||
name: &name externaldns-valinor-social
|
|
||||||
namespace: network
|
|
||||||
spec:
|
|
||||||
interval: 30m
|
|
||||||
chart:
|
|
||||||
spec:
|
|
||||||
chart: external-dns
|
|
||||||
version: 1.13.1
|
|
||||||
sourceRef:
|
|
||||||
kind: HelmRepository
|
|
||||||
name: kubernetes-sigs-external-dns
|
|
||||||
namespace: flux-system
|
|
||||||
interval: 30m
|
|
||||||
|
|
||||||
values:
|
|
||||||
fullnameOverride: *name
|
|
||||||
|
|
||||||
domainFilters:
|
|
||||||
- valinor.social
|
|
||||||
|
|
||||||
env:
|
|
||||||
- name: DNSIMPLE_OAUTH
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: externaldns-valinor-social-secrets
|
|
||||||
key: dnsimple_api_token
|
|
||||||
|
|
||||||
serviceMonitor:
|
|
||||||
enabled: true
|
|
||||||
|
|
||||||
extraArgs:
|
|
||||||
- --crd-source-apiversion=externaldns.k8s.io/v1alpha1
|
|
||||||
- --crd-source-kind=DNSEndpoint
|
|
||||||
- --annotation-filter=external-dns.alpha.kubernetes.io/target
|
|
||||||
|
|
||||||
podAnnotations:
|
|
||||||
secret.reloader.stakater.com/reload: externaldns-valinor-social-secrets
|
|
||||||
|
|
||||||
policy: sync
|
|
||||||
provider: dnsimple
|
|
||||||
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
cpu: 5m
|
|
||||||
memory: 100Mi
|
|
||||||
limits:
|
|
||||||
memory: 100Mi
|
|
||||||
|
|
||||||
sources:
|
|
||||||
- ingress
|
|
||||||
- crd
|
|
||||||
|
|
||||||
txtPrefix: "k8s."
|
|
||||||
|
|
||||||
postRenderers:
|
|
||||||
- kustomize:
|
|
||||||
patches:
|
|
||||||
- target:
|
|
||||||
version: v1
|
|
||||||
kind: Deployment
|
|
||||||
name: *name
|
|
||||||
patch: |
|
|
||||||
- op: add
|
|
||||||
path: /spec/template/spec/enableServiceLinks
|
|
||||||
value: false
|
|
|
@ -1,8 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
|
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
namespace: network
|
|
||||||
resources:
|
|
||||||
- ./helmrelease.yaml
|
|
||||||
- ./externalsecret.yaml
|
|
|
@ -13,45 +13,7 @@ spec:
|
||||||
prune: true
|
prune: true
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: GitRepository
|
kind: GitRepository
|
||||||
name: valinor
|
name: homelab
|
||||||
wait: true
|
|
||||||
dependsOn:
|
|
||||||
- name: cluster-apps-external-secrets-stores
|
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
|
||||||
kind: Kustomization
|
|
||||||
metadata:
|
|
||||||
name: cluster-apps-externaldns-valinor-social
|
|
||||||
namespace: flux-system
|
|
||||||
labels:
|
|
||||||
substitution.flux.home.arpa/enabled: "true"
|
|
||||||
spec:
|
|
||||||
interval: 10m
|
|
||||||
path: "./kubernetes/apps/network/external-dns/app/valinor-social"
|
|
||||||
prune: true
|
|
||||||
sourceRef:
|
|
||||||
kind: GitRepository
|
|
||||||
name: valinor
|
|
||||||
wait: true
|
|
||||||
dependsOn:
|
|
||||||
- name: cluster-apps-external-secrets-stores
|
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
|
||||||
kind: Kustomization
|
|
||||||
metadata:
|
|
||||||
name: cluster-apps-externaldns-shared
|
|
||||||
namespace: flux-system
|
|
||||||
labels:
|
|
||||||
substitution.flux.home.arpa/enabled: "true"
|
|
||||||
spec:
|
|
||||||
interval: 10m
|
|
||||||
path: "./kubernetes/apps/network/external-dns/app/shared"
|
|
||||||
prune: true
|
|
||||||
sourceRef:
|
|
||||||
kind: GitRepository
|
|
||||||
name: valinor
|
|
||||||
wait: true
|
wait: true
|
||||||
dependsOn:
|
dependsOn:
|
||||||
- name: cluster-apps-external-secrets-stores
|
- name: cluster-apps-external-secrets-stores
|
||||||
|
|
|
@ -10,10 +10,11 @@ spec:
|
||||||
kind: ClusterSecretStore
|
kind: ClusterSecretStore
|
||||||
name: onepassword-connect
|
name: onepassword-connect
|
||||||
target:
|
target:
|
||||||
name: nginx-ingress-secrets
|
name: nginx-external-maxmind-secret
|
||||||
creationPolicy: Owner
|
template:
|
||||||
data:
|
engineVersion: v2
|
||||||
- secretKey: nginx-ingress-bouncer-apikey
|
data:
|
||||||
remoteRef:
|
MAXMIND_LICENSE_KEY: "{{ .homelab_nginx }}"
|
||||||
key: Crowdsec
|
dataFrom:
|
||||||
property: nginx-ingress-bouncer
|
- extract:
|
||||||
|
key: maxmind
|
|
@ -15,6 +15,11 @@ spec:
|
||||||
name: ingress-nginx
|
name: ingress-nginx
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
valuesFrom:
|
||||||
|
- targetPath: controller.maxmindLicenseKey
|
||||||
|
kind: Secret
|
||||||
|
name: nginx-external-maxmind-secret
|
||||||
|
valuesKey: MAXMIND_LICENSE_KEY
|
||||||
values:
|
values:
|
||||||
controller:
|
controller:
|
||||||
replicaCount: 2
|
replicaCount: 2
|
||||||
|
@ -26,10 +31,8 @@ spec:
|
||||||
enabled: true
|
enabled: true
|
||||||
type: LoadBalancer
|
type: LoadBalancer
|
||||||
annotations:
|
annotations:
|
||||||
load-balancer.hetzner.cloud/location: fsn1
|
external-dns.alpha.kubernetes.io/hostname: external.hsn.dev
|
||||||
load-balancer.hetzner.cloud/protocol: tcp
|
io.cilium/lb-ipam-ips: 10.45.0.2
|
||||||
load-balancer.hetzner.cloud/name: hsn-nginx
|
|
||||||
load-balancer.hetzner.cloud/uses-proxyprotocol: true
|
|
||||||
|
|
||||||
publishService:
|
publishService:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
@ -43,27 +46,33 @@ spec:
|
||||||
any: true
|
any: true
|
||||||
|
|
||||||
ingressClassResource:
|
ingressClassResource:
|
||||||
name: hsn-nginx
|
name: external
|
||||||
default: true
|
default: true
|
||||||
|
|
||||||
config:
|
config:
|
||||||
block-user-agents: "GPTBot,~*GPTBot*,ChatGPT-User,~*ChatGPT-User*,Google-Extended,~*Google-Extended*,CCBot,~*CCBot*,Omgilibot,~*Omgilibot*,FacebookBot,~*FacebookBot*" # taken from https://github.com/superseriousbusiness/gotosocial/blob/main/internal/web/robots.go
|
block-user-agents: "GPTBot,~*GPTBot*,ChatGPT-User,~*ChatGPT-User*,Google-Extended,~*Google-Extended*,CCBot,~*CCBot*,Omgilibot,~*Omgilibot*,FacebookBot,~*FacebookBot*" # taken from https://github.com/superseriousbusiness/gotosocial/blob/main/internal/web/robots.go
|
||||||
client-header-timeout: 120
|
client-body-buffer-size: 100M
|
||||||
client-body-buffer-size: "100M"
|
|
||||||
client-body-timeout: 120
|
client-body-timeout: 120
|
||||||
|
client-header-timeout: 120
|
||||||
enable-brotli: "true"
|
enable-brotli: "true"
|
||||||
enable-ocsp: "true"
|
enable-ocsp: "true"
|
||||||
enable-real-ip: "true"
|
enable-real-ip: "true"
|
||||||
use-proxy-protocol: "true"
|
|
||||||
hide-headers: Server,X-Powered-By
|
hide-headers: Server,X-Powered-By
|
||||||
hsts-max-age: "31449600"
|
hsts-max-age: 31449600
|
||||||
keep-alive: 120
|
|
||||||
keep-alive-requests: 10000
|
keep-alive-requests: 10000
|
||||||
|
keep-alive: 120
|
||||||
|
log-format-escape-json: "true"
|
||||||
|
log-format-upstream: >
|
||||||
|
{"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forwarded_for": "$proxy_add_x_forwarded_for",
|
||||||
|
"request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time,
|
||||||
|
"status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args",
|
||||||
|
"request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer",
|
||||||
|
"http_user_agent": "$http_user_agent", "country_code": "$geoip2_city_country_code", "country_name": "$geoip2_city_country_name"}
|
||||||
proxy-body-size: 0
|
proxy-body-size: 0
|
||||||
proxy-buffer-size: "16k"
|
proxy-buffer-size: 16k
|
||||||
ssl-protocols: "TLSv1.3 TLSv1.2"
|
ssl-protocols: TLSv1.3 TLSv1.2
|
||||||
|
use-geoip2: true
|
||||||
use-forwarded-headers: "true"
|
use-forwarded-headers: "true"
|
||||||
|
|
||||||
extraArgs:
|
extraArgs:
|
||||||
default-ssl-certificate: "network/hsn-dev-tls"
|
default-ssl-certificate: "network/hsn-dev-tls"
|
||||||
|
|
||||||
|
@ -75,24 +84,10 @@ spec:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app.kubernetes.io/instance: ingress-nginx-hsn
|
app.kubernetes.io/instance: ingress-nginx-hsn
|
||||||
app.kubernetes.io/component: controller
|
app.kubernetes.io/component: controller
|
||||||
affinity:
|
|
||||||
podAntiAffinity:
|
|
||||||
requiredDuringSchedulingIgnoredDuringExecution:
|
|
||||||
- labelSelector:
|
|
||||||
matchExpressions:
|
|
||||||
- key: app.kubernetes.io/component
|
|
||||||
operator: In
|
|
||||||
values:
|
|
||||||
- controller
|
|
||||||
- key: app.kubernetes.io/instance
|
|
||||||
operator: In
|
|
||||||
values:
|
|
||||||
- ingress-nginx-hsn
|
|
||||||
topologyKey: kubernetes.io/hostname
|
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: 23m
|
cpu: 100m
|
||||||
memory: 381M
|
memory: 381M
|
||||||
|
|
||||||
defaultBackend:
|
defaultBackend:
|
|
@ -3,17 +3,17 @@
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
metadata:
|
metadata:
|
||||||
name: cluster-apps-ingress-nginx
|
name: cluster-apps-ingress-nginx-external
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
labels:
|
labels:
|
||||||
substitution.flux.home.arpa/enabled: "true"
|
substitution.flux.home.arpa/enabled: "true"
|
||||||
spec:
|
spec:
|
||||||
interval: 10m
|
interval: 10m
|
||||||
path: "./kubernetes/apps/network/ingress-nginx/app"
|
path: "./kubernetes/apps/network/ingress-nginx/external"
|
||||||
prune: true
|
prune: true
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: GitRepository
|
kind: GitRepository
|
||||||
name: valinor
|
name: homelab
|
||||||
wait: true
|
wait: true
|
||||||
dependsOn:
|
dependsOn:
|
||||||
- name: cluster-apps-cert-manager-issuers
|
- name: cluster-apps-cert-manager-issuers
|
||||||
|
@ -32,7 +32,7 @@ spec:
|
||||||
# prune: true
|
# prune: true
|
||||||
# sourceRef:
|
# sourceRef:
|
||||||
# kind: GitRepository
|
# kind: GitRepository
|
||||||
# name: valinor
|
# name: homelab
|
||||||
# wait: true
|
# wait: true
|
||||||
# dependsOn:
|
# dependsOn:
|
||||||
# - name: cluster-apps-cert-manager-issuers
|
# - name: cluster-apps-cert-manager-issuers
|
||||||
|
|
|
@ -1,16 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/cert-manager.io/certificate_v1.json
|
|
||||||
apiVersion: cert-manager.io/v1
|
|
||||||
kind: Certificate
|
|
||||||
metadata:
|
|
||||||
name: "valinor-social"
|
|
||||||
namespace: network
|
|
||||||
spec:
|
|
||||||
secretName: "valinor-social-tls"
|
|
||||||
issuerRef:
|
|
||||||
name: letsencrypt-dnsimple-production
|
|
||||||
kind: ClusterIssuer
|
|
||||||
commonName: "valinor.social"
|
|
||||||
dnsNames:
|
|
||||||
- "valinor.social"
|
|
||||||
- "*.valinor.social"
|
|
|
@ -1,16 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/cert-manager.io/certificate_v1.json
|
|
||||||
apiVersion: cert-manager.io/v1
|
|
||||||
kind: Certificate
|
|
||||||
metadata:
|
|
||||||
name: "khazadtube-tv"
|
|
||||||
namespace: network
|
|
||||||
spec:
|
|
||||||
secretName: "khazadtube-tv-tls"
|
|
||||||
issuerRef:
|
|
||||||
name: letsencrypt-dnsimple-production
|
|
||||||
kind: ClusterIssuer
|
|
||||||
commonName: "khazadtube.tv"
|
|
||||||
dnsNames:
|
|
||||||
- "khazadtube.tv"
|
|
||||||
- "*.khazadtube.tv"
|
|
|
@ -1,108 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json
|
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2beta2
|
|
||||||
kind: HelmRelease
|
|
||||||
metadata:
|
|
||||||
name: ingress-nginx-peertube
|
|
||||||
spec:
|
|
||||||
interval: 30m
|
|
||||||
chart:
|
|
||||||
spec:
|
|
||||||
chart: ingress-nginx
|
|
||||||
version: 4.9.0
|
|
||||||
sourceRef:
|
|
||||||
kind: HelmRepository
|
|
||||||
name: ingress-nginx
|
|
||||||
namespace: flux-system
|
|
||||||
interval: 30m
|
|
||||||
values:
|
|
||||||
controller:
|
|
||||||
replicaCount: 3
|
|
||||||
updateStrategy:
|
|
||||||
type: RollingUpdate
|
|
||||||
allowSnippetAnnotations: true
|
|
||||||
enableAnnotationValidations: true
|
|
||||||
service:
|
|
||||||
enabled: true
|
|
||||||
type: LoadBalancer
|
|
||||||
annotations:
|
|
||||||
load-balancer.hetzner.cloud/location: fsn1
|
|
||||||
load-balancer.hetzner.cloud/protocol: tcp
|
|
||||||
load-balancer.hetzner.cloud/name: peertube-nginx
|
|
||||||
load-balancer.hetzner.cloud/use-private-ip: false
|
|
||||||
load-balancer.hetzner.cloud/uses-proxyprotocol: true
|
|
||||||
|
|
||||||
publishService:
|
|
||||||
enabled: true
|
|
||||||
|
|
||||||
metrics:
|
|
||||||
enabled: true
|
|
||||||
serviceMonitor:
|
|
||||||
enabled: true
|
|
||||||
namespace: network
|
|
||||||
namespaceSelector:
|
|
||||||
any: true
|
|
||||||
|
|
||||||
ingressClassResource:
|
|
||||||
name: peertube-nginx
|
|
||||||
default: false
|
|
||||||
|
|
||||||
config:
|
|
||||||
block-user-agents: "GPTBot,~*GPTBot*,ChatGPT-User,~*ChatGPT-User*,Google-Extended,~*Google-Extended*,CCBot,~*CCBot*,Omgilibot,~*Omgilibot*,FacebookBot,~*FacebookBot*" # taken from https://github.com/superseriousbusiness/gotosocial/blob/main/internal/web/robots.go
|
|
||||||
client-header-timeout: 120
|
|
||||||
client-body-buffer-size: "100M"
|
|
||||||
client-body-timeout: 120
|
|
||||||
enable-brotli: "true"
|
|
||||||
enable-ocsp: "true"
|
|
||||||
enable-real-ip: "true"
|
|
||||||
use-proxy-protocol: "true"
|
|
||||||
hide-headers: Server,X-Powered-By
|
|
||||||
hsts-max-age: "31449600"
|
|
||||||
keep-alive: 120
|
|
||||||
keep-alive-requests: 10000
|
|
||||||
proxy-body-size: 0
|
|
||||||
proxy-buffer-size: "16k"
|
|
||||||
ssl-protocols: "TLSv1.3 TLSv1.2"
|
|
||||||
use-forwarded-headers: "true"
|
|
||||||
server-snippet: |
|
|
||||||
resolver local=on ipv6=off;
|
|
||||||
ssl_stapling on;
|
|
||||||
ssl_stapling_verify on;
|
|
||||||
ssl-echd-curve: "secp384r1"
|
|
||||||
ssl-session-timeout: "1d"
|
|
||||||
ssl-session-cache: "shared:SSL:10m"
|
|
||||||
ssl-session-tickets: "off"
|
|
||||||
|
|
||||||
extraArgs:
|
|
||||||
default-ssl-certificate: "network/khazadtube-tv-tls"
|
|
||||||
|
|
||||||
topologySpreadConstraints:
|
|
||||||
- maxSkew: 2
|
|
||||||
topologyKey: kubernetes.io/hostname
|
|
||||||
whenUnsatisfiable: DoNotSchedule
|
|
||||||
labelSelector:
|
|
||||||
matchLabels:
|
|
||||||
app.kubernetes.io/instance: ingress-nginx-peertube
|
|
||||||
app.kubernetes.io/component: controller
|
|
||||||
affinity:
|
|
||||||
podAntiAffinity:
|
|
||||||
requiredDuringSchedulingIgnoredDuringExecution:
|
|
||||||
- labelSelector:
|
|
||||||
matchExpressions:
|
|
||||||
- key: app.kubernetes.io/component
|
|
||||||
operator: In
|
|
||||||
values:
|
|
||||||
- controller
|
|
||||||
- key: app.kubernetes.io/instance
|
|
||||||
operator: In
|
|
||||||
values:
|
|
||||||
- ingress-nginx-peertube
|
|
||||||
topologyKey: kubernetes.io/hostname
|
|
||||||
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
cpu: 23m
|
|
||||||
memory: 381M
|
|
||||||
|
|
||||||
defaultBackend:
|
|
||||||
enabled: false
|
|
|
@ -1,8 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
|
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
namespace: network
|
|
||||||
resources:
|
|
||||||
- ./helmrelease.yaml
|
|
||||||
- ./certificate.yaml
|
|
|
@ -11,7 +11,7 @@ spec:
|
||||||
prune: true
|
prune: true
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: GitRepository
|
kind: GitRepository
|
||||||
name: valinor
|
name: homelab
|
||||||
wait: true
|
wait: true
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
||||||
|
@ -26,7 +26,7 @@ spec:
|
||||||
prune: true
|
prune: true
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: GitRepository
|
kind: GitRepository
|
||||||
name: valinor
|
name: homelab
|
||||||
wait: true
|
wait: true
|
||||||
dependsOn:
|
dependsOn:
|
||||||
- name: cluster-apps-external-secrets
|
- name: cluster-apps-external-secrets
|
||||||
|
@ -43,7 +43,7 @@ spec:
|
||||||
prune: true
|
prune: true
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: GitRepository
|
kind: GitRepository
|
||||||
name: valinor
|
name: homelab
|
||||||
wait: true
|
wait: true
|
||||||
dependsOn:
|
dependsOn:
|
||||||
- name: cluster-apps-external-secrets
|
- name: cluster-apps-external-secrets
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/clustersecretstore_v1beta1.json
|
|
||||||
apiVersion: external-secrets.io/v1beta1
|
apiVersion: external-secrets.io/v1beta1
|
||||||
kind: ClusterSecretStore
|
kind: ClusterSecretStore
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -8,9 +7,9 @@ metadata:
|
||||||
spec:
|
spec:
|
||||||
provider:
|
provider:
|
||||||
onepassword:
|
onepassword:
|
||||||
connectHost: http://onepassword-connect:8080
|
connectHost: http://10.5.0.5:8080
|
||||||
vaults:
|
vaults:
|
||||||
valinor: 1
|
hsn.dev: 1
|
||||||
auth:
|
auth:
|
||||||
secretRef:
|
secretRef:
|
||||||
connectTokenSecretRef:
|
connectTokenSecretRef:
|
||||||
|
|
|
@ -1,142 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json
|
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2beta2
|
|
||||||
kind: HelmRelease
|
|
||||||
metadata:
|
|
||||||
name: onepassword-connect
|
|
||||||
namespace: security
|
|
||||||
spec:
|
|
||||||
interval: 30m
|
|
||||||
chart:
|
|
||||||
spec:
|
|
||||||
chart: app-template
|
|
||||||
version: 2.4.0
|
|
||||||
interval: 30m
|
|
||||||
sourceRef:
|
|
||||||
kind: HelmRepository
|
|
||||||
name: bjw-s
|
|
||||||
namespace: flux-system
|
|
||||||
|
|
||||||
values:
|
|
||||||
controllers:
|
|
||||||
main:
|
|
||||||
annotations:
|
|
||||||
reloader.stakater.com/auto: "true"
|
|
||||||
containers:
|
|
||||||
main:
|
|
||||||
image:
|
|
||||||
repository: docker.io/1password/connect-api
|
|
||||||
tag: 1.7.2
|
|
||||||
env:
|
|
||||||
OP_BUS_PORT: "11220"
|
|
||||||
OP_BUS_PEERS: "localhost:11221"
|
|
||||||
OP_HTTP_PORT: &port-connect 8080
|
|
||||||
OP_SESSION:
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: onepassword-connect-secret
|
|
||||||
key: onepassword-credentials.json
|
|
||||||
probes:
|
|
||||||
liveness:
|
|
||||||
enabled: true
|
|
||||||
custom: true
|
|
||||||
spec:
|
|
||||||
httpGet:
|
|
||||||
path: /heartbeat
|
|
||||||
port: *port-connect
|
|
||||||
initialDelaySeconds: 15
|
|
||||||
periodSeconds: 30
|
|
||||||
failureThreshold: 3
|
|
||||||
readiness:
|
|
||||||
enabled: true
|
|
||||||
custom: true
|
|
||||||
spec:
|
|
||||||
httpGet:
|
|
||||||
path: /health
|
|
||||||
port: *port-connect
|
|
||||||
initialDelaySeconds: 15
|
|
||||||
startup:
|
|
||||||
enabled: true
|
|
||||||
custom: true
|
|
||||||
spec:
|
|
||||||
httpGet:
|
|
||||||
path: /health
|
|
||||||
port: *port-connect
|
|
||||||
failureThreshold: 30
|
|
||||||
periodSeconds: 5
|
|
||||||
successThreshold: 1
|
|
||||||
timeoutSeconds: 1
|
|
||||||
sync:
|
|
||||||
image:
|
|
||||||
repository: docker.io/1password/connect-sync
|
|
||||||
tag: 1.7.2
|
|
||||||
env:
|
|
||||||
- name: OP_SESSION
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: onepassword-connect-secret
|
|
||||||
key: onepassword-credentials.json
|
|
||||||
- name: OP_HTTP_PORT
|
|
||||||
value: &port-sync 8081
|
|
||||||
- name: OP_BUS_PORT
|
|
||||||
value: "11221"
|
|
||||||
- name: OP_BUS_PEERS
|
|
||||||
value: "localhost:11220"
|
|
||||||
probes:
|
|
||||||
readinessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /health
|
|
||||||
port: *port-sync
|
|
||||||
initialDelaySeconds: 15
|
|
||||||
livenessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /heartbeat
|
|
||||||
port: *port-sync
|
|
||||||
failureThreshold: 3
|
|
||||||
periodSeconds: 30
|
|
||||||
initialDelaySeconds: 15
|
|
||||||
volumeMounts:
|
|
||||||
- name: shared
|
|
||||||
mountPath: /home/opuser/.op/data
|
|
||||||
|
|
||||||
service:
|
|
||||||
main:
|
|
||||||
ports:
|
|
||||||
http:
|
|
||||||
port: *port-connect
|
|
||||||
|
|
||||||
ingress:
|
|
||||||
main:
|
|
||||||
classname: "nginx"
|
|
||||||
annotations:
|
|
||||||
nginx.ingress.kubernetes.io/whitelist-source-range: "10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
|
|
||||||
hosts:
|
|
||||||
- host: &host "1pwconnect.hsn.dev"
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
service:
|
|
||||||
name: main
|
|
||||||
port: http
|
|
||||||
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- *host
|
|
||||||
|
|
||||||
defaultPodOptions:
|
|
||||||
securityContext:
|
|
||||||
runAsUser: 999
|
|
||||||
runAsGroup: 999
|
|
||||||
|
|
||||||
persistence:
|
|
||||||
shared:
|
|
||||||
enabled: true
|
|
||||||
type: emptyDir
|
|
||||||
globalMounts:
|
|
||||||
- path: /home/opuser/.op/data
|
|
||||||
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
cpu: 5m
|
|
||||||
memory: 10Mi
|
|
||||||
limits:
|
|
||||||
memory: 100Mi
|
|
|
@ -5,9 +5,7 @@ kind: Kustomization
|
||||||
namespace: security
|
namespace: security
|
||||||
resources:
|
resources:
|
||||||
- ./secret.sops.yaml
|
- ./secret.sops.yaml
|
||||||
- ./helmrelease.yaml
|
|
||||||
- ./clustersecretstore.yaml
|
- ./clustersecretstore.yaml
|
||||||
|
|
||||||
labels:
|
labels:
|
||||||
- pairs:
|
- pairs:
|
||||||
app.kubernetes.io/name: stores
|
app.kubernetes.io/name: stores
|
||||||
|
|
|
@ -4,52 +4,24 @@ metadata:
|
||||||
name: onepassword-connect-token
|
name: onepassword-connect-token
|
||||||
namespace: security
|
namespace: security
|
||||||
stringData:
|
stringData:
|
||||||
token: ENC[AES256_GCM,data:ks4uBrkQP+oqamaYE60ubJ6XjCdGXPPMaqfUWOhaFBehL0F2jgXKildwYsEOYtUNbsOmYRXGYaoZpkIqFd8/JlOX6eYoC0ibCdKJHexV4z4KQ/o9fKcGcP2VpfdqCYlJn/Lt716MHJHA70a0kI/whdtK+FAwFHn9ulMpM4EvOTgbK9RkPO5sh6kOjHywnu3Ri7F3bp8/HXrj0ZAsIijlhQFQiNzctXvD1Q/jEaLIXpFPS0yK9SDMMQ2LYwxTu/gde7X5+J76PWE53R9hm31/eDiW9c9I52XRqWVVVXzuVFvP5SEMS5DKjcfb8ZsZB+ahL+80FKnW0tpEGWqjfGUY9aGN4VOLp3q3EFu3YW54vmUq1Eg2f/i4TeT133NCgpuntaGtfkhv5YIJ182v5fo2F5J9FalaJXNS95CjxDHSC08mGZ8XITbi6oIuvjT1R1g3myalZ9WUXcP3BIQY/kkx2zrNbmTlk/mhchkgxQZObosAnbtpUsUrpKjlMzsvODuQg1iqcuMaooJ8yjovbhdsrp7SEafK5cEVfOTmfUuzm2jzxh4R1m2TJuAqPa/SOJ1sPlCXHa1Q10dxT4kkGjWZ9Muhf7SAkB7PDPcBXfX8/0gwwai2X4Gl+3Szsyt+deZOM60bp+XZ9xRjPWcIxl1uhDoG7gykpsKeDE6tf1+PC9B2GESFHFqbPVicZ/cZv/YHXcXJb5YRKPuE8/OWjzC0A4W5CC/IH3UAzBafiAu9UU/hk7ASqIv/k0wgTZboyRmzxiH06ahdj5qMUqd3schknIsuxgM0Hjv3W/sSaW3xAkR+3gfhcCLxc1IhhPRIO0OEeoaEBQD9UMVuRKRwPo+lpVU7n/UePjuDHpjXeBu2u83sLqaJrcSyId6ksJLoayCKch+46PazE/E/1vn054rml4hDA4Zuwgnyu/g=,iv:lerOeNOfahiAJX1WFUxu5aiw51q274Cz2fmiPtqC0go=,tag:o8eDvJXG+l/YB516m6GB7A==,type:str]
|
token: ENC[AES256_GCM,data:nZZqUP8WUluVOwxeX5b6DygCJo8ptjAXIAkHVGQ7KOVYXV5pw5BYs3GpVnFFny+9aaQ3wQDZ2DjXwecSG0Mk+qdpvaMGvDq05dXC7YeDVQ8hgVpop5enVa3DqPNHb2xbgDn4+dUGsYib0uKADMJX3Hv5WStIjy20IgsiYREtDjlZhrINuBH2l0sRykKi8FUG4R530mCbRv+n33+eHmHHHnY97JWpAvfIRs80EzX8j4sWdlpR0LEIJB/QbXXy+c5Amo2m3rKekMdyPwcsUmVGSprnUir/PbyiIqwDLpe4P/+RAAPewO/6u2KeoJXlpkEAC47CEmsAunuYrAHy/PK67dOK0BygV0ZDI1WsbbC/c3Fauamlb6ZuOWXIkO5EpE1a3whwMj2QLOiI1f6J3AKP2zv235pW36LRiN436PPCewZw7PwtXTMRT08l2qFKg81w/UWqdbtQF/kjkbO9pLVvXZIrUnF6w/w+34e7PYJcaEoKWNzem/usTKhes//rT8GUamcm/Mrno9rXo7KsyajWp/bWlo5GI2uLZ98gtBePNFCxY7YY35qzyH1k9H1SXzlTXOvghB4AJqKqwoBZosMJOxEP4EiY2/ALGl3MYgYKUIqb7RsBP7/5cSLuM4/BXORaG9CtyESqUChcTtYPgO4CANTJsZ+ORXm651DcxUYOQw/EA72Hfo0NfE2xKQwhwLEfh6ycWCtRvjq5i/AnESXO9OgAfLA3VT3roP+OjqfOIKcqc2qRH7is3Cgm2xPlMoIOhi9t5EloBQlA2EpZFl0ZKf65u0++F0pHgyKzCP2JXDh5QK/hLDqNOYrz7LLsFBnxhNjEcYw2Ix/Sfur+cNzXjw/F25iSczPELGFf2KZO1ZGTS1whOZyj++nzocp1+h/al8KvfSGyA13bo8nCeDy9oJr3lEzEqinFxPI=,iv:9w0GTjZ9bGNtbOWVhw0M/+Y/5WonChhNyHMU3nuxZYI=,tag:O+v6ZttlyxaUEZ02Jd+Z/Q==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
azure_kv: []
|
azure_kv: []
|
||||||
hc_vault: []
|
hc_vault: []
|
||||||
age:
|
age:
|
||||||
- recipient: age1g786w8t40g9y29l33rfd4jqlwhrgsxsc7ped6uju60k54j0q3enql3kfve
|
- recipient: age1eqlaq205y5jre9hu5hvulywa7w3d4qyxwmafneamxcn7nejesedsf4q9g6
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRVjdHNjVDN1JCNEFqa203
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5ZHo5aWdxVndCUkdCSEc4
|
||||||
bVN6cStUeWFYUUZHZGhCSFFsemM4TnBkQ0g0CmdFZTBpUVgwMWFPbmZFT01BdUpu
|
dkFkeGQ5ZkY2Rk4wM0RuaGxvU2g3K1JGTEJNCnJpYm1DbXBQOTdGSjVITU8xaE5D
|
||||||
NG1HZURFb0o3T2JwQ3U4YnJoYzhFOUkKLS0tIDhGVnhLRmhSZ3pQbGRvRWs5dWx4
|
RGRoYjVHWVh5Rno4THIvMmlZWWJVWncKLS0tIEVQNmQ1TTA2V0VjdWw2SU9WbUNt
|
||||||
WWxwbndNQVBOeGRoandWL256Z2s2ZFEKtIKW60qNUBPMS0yWPEkDBMokemihiWQ7
|
VkJYWGZnMEJOdlkweS82RjFQdGtHekkK1LCJ2Ww1Ar1fXcepNTldf/hiBVbYdGRf
|
||||||
GqSGjNHDDlkKtd1jyY/qCZGM9t1ZiD9t34wAQVOrn9P/WGJg6X/FsQ==
|
NwCgEa18sMHVVx1XdhBT67bhQewIr6yYHk4jX8y22ScS9GTx9syD4g==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-08-15T16:15:14Z"
|
lastmodified: "2024-01-11T23:40:03Z"
|
||||||
mac: ENC[AES256_GCM,data:YVC+MuYp66Ej8XRpT/fsBPBz3laCjfoXikNzc4C5k4E3QbM68+jKX81sbJDGL0B3TSwcIxTc4e8GTisqVhxdH26y/g+xOK5/n6Y+FulDuMmvIiIqBhmQXlQii+DUcLZocRhwEkKDm344M3pRliSVVHa44JRY4qf3E9wKjQhg9tk=,iv:sBTtgB0QK52EFfIxJzFRvXP5MR4ARSfR8v/pha0rDDI=,tag:7KZI8DC967fFvO83KnXkPQ==,type:str]
|
mac: ENC[AES256_GCM,data:1QP1VTuw/fGnMbOeyf+dWADPVSDgzI2UkzJRjEStBVrirj/bUIgpRmRUE2tO5c3fZr5NEJ6kO8ydCrr/WCYSReX2Cbnzf4U5Qap/EEq7G5Xx7NKDM+TQ4jq86F7j+T7OP8tAeGbO3I+8WSqIyc5Z8XkjkFY+hLDRP6cACsh1wQQ=,iv:/zAfi3ZdbzHZAliJZqDu3+lgkopg17NXtotbxkNtBuU=,tag:/wdSv18ydEPzNVL+DQEhGA==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
encrypted_regex: ^(data|stringData)$
|
encrypted_regex: ^(data|stringData)$
|
||||||
version: 3.7.3
|
version: 3.8.1
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: onepassword-connect-secret
|
|
||||||
namespace: security
|
|
||||||
stringData:
|
|
||||||
onepassword-credentials.json: ENC[AES256_GCM,data:Ro43t6FQ22+gIg0VAlcuwBy+jNUNM8Q9HI64InTcDSo0HoF2n5ombH1XrVw8aHYacOMM7WlNNsU5DeecC68HpSo45tOiIQTiXDNQyHDsCkoCEqgUZnEY0ggN2hpycnSmWFn7Kj8HoAnG+5q1aGsKI8PzjTAJYdbF36pmXAm01Ge2IaJAKXaWZ2WA+wUqUXtgr4wtIWgfDacQYMhonnlzzvjFFCkynOhRdCC35jiwJA5bX+OnXnN39ANZufYqlWdhoQHOVgBrrFTX5ooBp3Nvf0Ent3L+zDVvTpmmQm19gxc5jYUGHAlwUEbA/rE/Z6yvMMQhsRxTZtIR/f+ehpgd3OBYCy60ub0dTsbafinOvRJp4xcuhmNX333Li/b+OYOgmKY/vdEUn/2cxbA4Uo/PIRWXmwIaweDShRegHGBYzoCOndfLjfkOwtD7jsShPQ5Vu/aTXQCIFjl2zvcZeR2TT+3Oi3uIiLXlQsOWyU1asQz23PSFeXsiUV8G4P8eomZxiX8/k3D3okkknqvi3GfoRXY49vrewurybLBhBSvRNxYrGouk+Vxy/HtZCwUV7q2TwTlI0eGpBpnbJMGDiuzPV4LFy9SGuroHhKhrNyh2n72IovKLAh//ml+4QVFcUJw7HUP3D7VfYRuohItXi5DDZz4566gNf9a4QkPB/2GHkkcQduDVuDqIFIvxjG7vVpBxi+dbyO6zEt7kI7qo0yLoGsVX7t1laiKD28skgKBOiHyGsMwkjxLtcjjOLfYVM/BgN9BAN5nu9Wqm9HdVM8Rfbjc7U/ts/BtfxRgWNM3qvS7NFkKlYKTtD0JmnzUh7ddgi7HUOczltSl6OgdZcFLEmuQIGdtNeILdHSjp1D3wIT5vgfmKnkhwNqX14K6jLmFaxmtzgYa+65DyWnoYgA1QbvTAPQIfVFvCe2NhwBG5XFNcAKOQbwYdwjmhlKVh+Y5uUwaeTCP9VueUpnrxDzkWOsp33XixkcjCfvrQmY5HQs+sGwr+Be1T+t3ET/8p377CjUf0K3U4PIYvB6NeoD9TU+chYPwpToZoe6vwDEP+GEqhLOBBc6Kmd0VgI1vkShqGtLE/92L5xM+kVJTdUCdLZ9//jFwhfgFFITGhju5UiR4FsPY/IwLTqf+VzXI19aBzrEWN0R88KBk6koL4bORXdd4OEKX36S/Vw9NLGLxQzHxw5mihhBksPdh+kyiDgBgktL2levNF7PV/epdbNRvva/hNKSEaPRCzFV5xlVlMOqiC8wfkMnbatiOX3vGRIhzKjWOMKg3v7MUi6zPRZxs1N4l+V8mddIXsf+BGpGEK4vnlvXQFCP7g97pa6unGv+L9D1RKU4Mp9+AU7Oo82k54oWpgg5DqiCWfnQhXGJLRZabr48Hglp8tdoqKnPCLK+TalofreZxBrtlK3T8qY8g7uUYLTe2nSwU8KKJbgMCtHLtifdrvtyY/S6nN5EUHJpQA2eNqVFQwLDuwJ6crO6ipGbaQ2U36ujhuqJ1+9a8OT4PkJK/aE6/koVRzZe50K+H+rbxCVQEpPM+kG4ClSuT47vxLujEm78Npf+PeIyS36RWICxeNyHhdFtbKDyFriBVi+pEEpXFhtpgBTqmB6MQ7te/L9kglkPOIOjbF4/rnzffvDEWZW5XeKz3vYujZ6vTgosf+rDsqsnyRWU2RHbhPQ6U7aS0ujAiBYdMQY4Mtlz+sa8f/b5nCzNPuv2Y1KdwIzCLLjIcqa/UnuTPNPcI8k6arXFWXS2Mq0R5QYfPKFCStVvHzHITHvZNt8bV1g2j5gYvnJkauu66yzUSDvglJVjjvI55nJQTryUDFtZX+lpiAZxwrsepYcP/EygKdZEdg3f8KbZWNQXxt2njLeJmad7Le5UHBhiGqP9H8eCLbwi0gvGwkGkveQHtCsTswOuY3l9E2WG0R9iamwDSC,iv:9QuqDosuTy7OoTfcSJ2mTYLQY9yTa9krJvvzqA7tH30=,tag:wtN/GsxxKhYgipOz8FqsCw==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age1g786w8t40g9y29l33rfd4jqlwhrgsxsc7ped6uju60k54j0q3enql3kfve
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRVjdHNjVDN1JCNEFqa203
|
|
||||||
bVN6cStUeWFYUUZHZGhCSFFsemM4TnBkQ0g0CmdFZTBpUVgwMWFPbmZFT01BdUpu
|
|
||||||
NG1HZURFb0o3T2JwQ3U4YnJoYzhFOUkKLS0tIDhGVnhLRmhSZ3pQbGRvRWs5dWx4
|
|
||||||
WWxwbndNQVBOeGRoandWL256Z2s2ZFEKtIKW60qNUBPMS0yWPEkDBMokemihiWQ7
|
|
||||||
GqSGjNHDDlkKtd1jyY/qCZGM9t1ZiD9t34wAQVOrn9P/WGJg6X/FsQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2023-08-15T16:15:14Z"
|
|
||||||
mac: ENC[AES256_GCM,data:YVC+MuYp66Ej8XRpT/fsBPBz3laCjfoXikNzc4C5k4E3QbM68+jKX81sbJDGL0B3TSwcIxTc4e8GTisqVhxdH26y/g+xOK5/n6Y+FulDuMmvIiIqBhmQXlQii+DUcLZocRhwEkKDm344M3pRliSVVHa44JRY4qf3E9wKjQhg9tk=,iv:sBTtgB0QK52EFfIxJzFRvXP5MR4ARSfR8v/pha0rDDI=,tag:7KZI8DC967fFvO83KnXkPQ==,type:str]
|
|
||||||
pgp: []
|
|
||||||
encrypted_regex: ^(data|stringData)$
|
|
||||||
version: 3.7.3
|
|
||||||
|
|
|
@ -6,7 +6,6 @@ resources:
|
||||||
# Pre Flux-Kustomizations
|
# Pre Flux-Kustomizations
|
||||||
- ./namespace.yaml
|
- ./namespace.yaml
|
||||||
# Flux-Kustomizations
|
# Flux-Kustomizations
|
||||||
- ./intel-device-plugins/ks.yaml
|
|
||||||
- ./node-feature-discovery/ks.yaml
|
- ./node-feature-discovery/ks.yaml
|
||||||
- ./reloader/ks.yaml
|
- ./reloader/ks.yaml
|
||||||
- ./snapshot-controller/ks.yaml
|
- ./snapshot-controller/ks.yaml
|
||||||
|
|
|
@ -15,5 +15,5 @@ spec:
|
||||||
prune: true
|
prune: true
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: GitRepository
|
kind: GitRepository
|
||||||
name: valinor
|
name: homelab
|
||||||
wait: true
|
wait: true
|
||||||
|
|
|
@ -13,5 +13,5 @@ spec:
|
||||||
prune: true
|
prune: true
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: GitRepository
|
kind: GitRepository
|
||||||
name: valinor
|
name: homelab
|
||||||
wait: true
|
wait: true
|
||||||
|
|
|
@ -15,7 +15,7 @@ spec:
|
||||||
prune: true
|
prune: true
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: GitRepository
|
kind: GitRepository
|
||||||
name: valinor
|
name: homelab
|
||||||
wait: true
|
wait: true
|
||||||
timeout: 2m
|
timeout: 2m
|
||||||
dependsOn:
|
dependsOn:
|
||||||
|
|
|
@ -5,24 +5,24 @@ metadata:
|
||||||
name: sops-age
|
name: sops-age
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
stringData:
|
stringData:
|
||||||
age.agekey: ENC[AES256_GCM,data:DELuczoRtBQW58s5i8Nmb4Hp+XzZ35aiOfwBJDXaqgfQMFY63QXRzBVkTDS0GxFoGt3jvLILJPwde0OHiVrkNEZdDwRr3JZKnTs=,iv:DqAaHlJRT8SUItoceaIQ7smJUcmtTeu51AJt1WM0pKA=,tag:YGbmN4hRhWCCGLPvyDLsnA==,type:str]
|
age.agekey: ENC[AES256_GCM,data:f+9hVYtS9xNgh3KSpC7HtIzSWnFEEtKNijhT4NWi9Yx3dlRuX50vhc8exLYcjcIbytCwMtTCI4xAjUk4TkxlGaj5DzhU/rdvE+c=,iv:uzhwlqMG1F2rb4XM00EXCI8mpCcKMTn1a2KPH/NGYqo=,tag:Ao+cLYINlL1AfJGFR9EG/A==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
azure_kv: []
|
azure_kv: []
|
||||||
hc_vault: []
|
hc_vault: []
|
||||||
age:
|
age:
|
||||||
- recipient: age1g786w8t40g9y29l33rfd4jqlwhrgsxsc7ped6uju60k54j0q3enql3kfve
|
- recipient: age1eqlaq205y5jre9hu5hvulywa7w3d4qyxwmafneamxcn7nejesedsf4q9g6
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMURBNzFadmc1ejZ4eStp
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5cVRSZUZjR1Y2Q0U2RUJC
|
||||||
czlYTUtWUk52NzlaZ1NJSzU2R3R4VFB4TWtZCmc2SjZ1OVhNYXlXQ21WT1I0ZjU3
|
M05wdVdhWU1oTjZBeTliNDR1V29KN3hKMFN3ClJJQkx2RTRSL2V4ZjR2QmJQUGph
|
||||||
V2RzRU5PUnYzMWlRcy9vTG5JNkIwVncKLS0tIHdjU0VSaVdBQ3A5ZDlybTBiUVB1
|
ZUo3UlpPaVc4YjdJbGRkaVhTQmpHVGsKLS0tIFlYMHY2a1FjZ2xobUpKNnRwSDhV
|
||||||
YVE3NVptM1Q2ZjEyZHE3N2ZIaEtlRFUKQZEkNHDnlnZYXqK62SplHa7gEsEIBVNV
|
eE1VUmwxNjU0SVAvaWF1dVNKMlV6ZzAKrxZ1g+mkSBNECmd+sf5Z4L7xVDaFw1g/
|
||||||
4TYZQzf+fBmlxmDCwDLTNTJZZJfgLjYPfBStvGSx+VbW2HS6PoXMFQ==
|
hUoFCpjo7fiGS0ru7lhkLzBAwRflWDkpjn75W/18ULaF69bsF9swPQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-08-15T16:24:05Z"
|
lastmodified: "2024-01-11T22:06:47Z"
|
||||||
mac: ENC[AES256_GCM,data:QxME2bUjRTBpPpMR1ZWANlF+EskMRJuyylOiRHcPzWu9Bve1rz+4mkNdlUYzf0gdLi8psRc6ko0Jb6IH9lLZxOkMAh2YYaMrzAf3hMRBytiJKX/nUs9tIJv8Lft21nXibeaT/TcT5YNwNvd3nTZgBJcJ5nYwmU1sTn3/Lay5jrY=,iv:0uVxxRg+Dp8oZ43DnbtEx25rQcJ23Ag13eKfvvXukVk=,tag:/4Ufpkh8DCONTEWy4pc5bw==,type:str]
|
mac: ENC[AES256_GCM,data:Sg8eZvpifFdLezfcQ8FFwCUzQpCzx+iOrje2E2fVM4AcIcVR/i3zrdCOzJ252W7Fe6mreVpZA0rKKePCEH1A6ZSvjnPKpMvAdhei7BMyIkDs/8VDJMjZOJOWmtLNIwCYIbkwA+cOnFfufnRdSp7/NsqVo+8STOcr4qWAyfDenVQ=,iv:FHFTiD1NtBHslxuTwdmxw3Xb31F9xK6hhKdw0szXfkk=,tag:MbNsGc1ZW1biUOEDFRTSMQ==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
encrypted_regex: ^(data|stringData)$
|
encrypted_regex: ^(data|stringData)$
|
||||||
version: 3.7.3
|
version: 3.8.1
|
||||||
|
|
|
@ -5,27 +5,27 @@ metadata:
|
||||||
name: git-deploy-key
|
name: git-deploy-key
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
stringData:
|
stringData:
|
||||||
#ENC[AES256_GCM,data:O1eknYe94FguDRRTE4tIv0yQKVJcqHqrHe510i15Kw==,iv:aa5mj7DH/ZEXtqeG+7s/eThK8SYJDT8WmGtwDng9Zh4=,tag:kPuHF2ObA/8IlPzwsuuEqw==,type:comment]
|
#ENC[AES256_GCM,data:+GbB2yDDUQ4804/B/XphECCkAErDIe+JwXkhuXWDJw==,iv:EFYG8fEaGJt6ZVftO9px4cykuopjQcqNRTLPcT0vK+M=,tag:mPuA+9y+AZDA39/k1a4jmw==,type:comment]
|
||||||
identity: ENC[AES256_GCM,data:DSBU1rLXKta1xWzwagSPpHvT3f/j8ICa4iTkYkby63sYefFfQt9u0qFAYMQChfR9imjUtLmV4AvwF/c9pnOpyHTTLXdZMgkK/y8/17NAbmolUOFQfFvvU7WarxArOqk5QYon4vvIxI1d0Xtug46h7KXHQjJl3UWeBJ2IUnYWEfsPAoN4fNrAxI5DNtS+ppPcFZbJ6BMHx8rPadOhuKbgLR4KACg8PFKHW9RLvJ4s2Kykv9bYyHxUPaLMdL4UAC55i0+RGydZ/72CHokIXDKmwtQquf1vL5HVup/5aB9FQA4oLe0Pk5v2m001YfrvMaO+1GXodU3V2+VIWVcdjJciQsTk/IbbJbr0IIdLlT53WOKx1FNmb1HODUBAX8/mt1Kv5pNDm/BtZXk9ad0chheBB96GRyDTU+/qUzSh3WYGxGrLX+KTE3W8NCbzieOwVgwrDt5P09i0iBrAbXJzSwuDfF0mENzoNN1uRWgA+cm9FGbR+HjEv0UHHN8I9/BCBRMIeXXZ,iv:hn3PwE5mnIgzJNLw+ruu5/jUqFQOpQTYh2oZUdeOplM=,tag:2qttj/0hdChixM7rzaLr5g==,type:str]
|
identity: ENC[AES256_GCM,data:6ZByb2BqIDMe+sSnwfNlPkEcBbnlQbmYNzZcdAe+Uvi0OPKRTwuuw2sy+yBFlGdz0EpiqUV0GiuR+bVcWEHZZaSBpw//2oKKjR1AfK5E4BPGKR/saZ+6Rg8Xp2HgIjBh/wiLD/KDxYJ5qzE5OndUALmdsXvpnThgExyVGtD8KSWqgdnUY/UP0KMnSvakpaEAWnSC5O+YOKSH55UKAXGVBHSWpG4vedKwnQfdadu2sI2kg0G1MScqAD1Cx6OAZ05KF1AdbV1KDdeYwhGjQjtIob1LhozFqP20Wlhxr6ZwrrVQLOCIIQj2k1Tn0ilxsLA5G35BT/bPOTYIEGih1qF9ZfFGxjBtZJ80puf5DYo7QLow78o8Xe7SPGEKSuY8ryD0DG3GotYaExTaAHD8eTer+EJghYGrLoTgnPrSV1lrsKjMslAAWtrjOPd/1kH3wwrnHk1FauZ/Ft99yGpqXVOvHtmXnKiyoI79t8fq0kNLZ+e2/kd5ntMCJyFgh76lgdzb1knc,iv:OEJl0Oo56DsaOxbt43oaynYtUpUYCDaePBz3wGdqKDw=,tag:axW1M4UckNOmodsZWLLEzA==,type:str]
|
||||||
#ENC[AES256_GCM,data:yG8yduTJrEB1oGbSQdLwFyDgjbmkT4fcbkvhMj0oCw3Yi9HvSdygq5Uo/2DQ0t+GRzpVqsedrLvB0yciVWpfEaKewXj6neGmMTcsT/llWbSvXS4dHWGBDL6Y/BXVNhyrYLRu,iv:K4dJKqM+AZE8giMcoBOlb9GDnLDCJSyhpWangKsNXkE=,tag:rfRpq8iv+2rwFRJY6sw19A==,type:comment]
|
#ENC[AES256_GCM,data:x6ZbaxSmg8cybQLBN60EMMz3b7wcB6zAgcRcPQVr/Y7boCjbVlfdNumSu1/+f2OPJLZLpK+URTqAIhtwDlEwPRabe3MMpQfE3ifKobKPmvws4pvbdPeHG1UEPpGeqh3VJLN8,iv:65mO126WzjKiEJYhjpZnaWftQ2YMnRhak8E2J7X2CfE=,tag:Zof3hhjPzrmOPNWSWkGaEg==,type:comment]
|
||||||
known_hosts: ENC[AES256_GCM,data:Ej+HKpMCe/3FGSh/qd7cud4OyBAWpH9tAxP5lSq50kGdyNUz/pLWde4t8uxN6aLtV8Md0lewMtVQTIl3peQuOnroB+EOUnimJTTLLuno9G4zyzkcZRf1un9UY4Jvs9g1vT26DyE/paqIOvJ3u8pfotI4tyO1so60HpHc4lQoakp5L7VMzlPUY3g6hHlOGmqEMXfg8s07UUC0DRNyzBb5INXmL4YweGluI6ros1t1Rh0UKjfF7U0f/5xgzY80WvvcXmhd/NYuKaqUb5YMT7Gk/dUtD0RpxhH+iUi4WMaRyWcbwt+HvS4cUDrHi9ZypLBLxD0I6oiz8ZZYnbNAbe2vsqxiYOPbE+E+QXGY98B1eP18nVXe5YICMuclgAXV54Kcc+/Fw/25oNcJREgdvbxA0CGYwXooURan33kKAXFaBdGpGinj4mBXciepy+fPpxe3sa9YpY1pAF88lmBHzmBR77XltWebOmsagauI1gG/QEgItUaaMy3aDt1dNmrG1jzjkrXYJfCrmLdDXJ3kgd+ZS/95l+B0WfUralbZtQte1IzsgyCRTMhOv8NJ1okCetmi7i5kD2+hiZ7T90M4UMDczHfBXulq9mqlyqQKx1hzdKLP5CnmF0QLbupau+xOLvn8l8Qpt4pxZ6K/ul9jC6PlKZE2iTmgBb2WV1cXdG6sQfrxBFYKaibG4hv7jmIJAI+hzdFq9M+nQ0olIuU3FI3vQqSC05nzRMo0PH+408xnqAWKmY/43SfXpXzUa6eg1+GpoYZjK/BcWA7Nmcy1Fk1lf49JVu0eS3/dqxq+iBbPK9Zy/CQaaWXMg1wpu9y+13CwDuEYC/luz9SrryuY14T7hHldjSxDh+gp0qD2T2VrJA1f846Q7c2SWLcRSPuvYnRcGIS4gQpLjnNKLA14GqDhmFFA/cjkIkgnuILB08SxulMYFu0wu5s4p/vNYj+9BGj66CDvynyLZjCas0cT4ubfq8A=,iv:j1jftBGnQlln+7gECyaanotig27AzyHWLFOG5KWX53c=,tag:1NyHwqKx6RpruLKuYPYIxQ==,type:str]
|
known_hosts: ENC[AES256_GCM,data:yaBZz02NVnC34rNmR42CJN32++LO9gLohYOs8JiKE1z5cAL56RHAhwxtcSfuQOPvXyX3WLJvjmFHZL9TQmdCukdmzukBk1J/IaUQ9wCVL9+flRJwtsyf1Xd6SAIk4XwP7M0Rm9F91mPJ9Wdju6ALusSRLN5J7UOwTUoZVcjjSjmM4Q4Kchk0GyZNv3ozgSU5L5cuF620+RX6NlYx3Fk/GVvU468HN4wz4qr7g5NwVS2ZKcTNrZasekuwzohfjheK/4WcxYYHe90/NIr3CpCt1DI1ZTIftvVgodRnK+28p7ZT3hoI/Go7qukY+hXTJEd8gu0ZWjeAWhvtfasy6ZEMLNwo5Zg1IyHnrE9KfOPS/MG2P88V7ooIpvYSNXQP5g3mwm009GQ0yLNAMVmnTqiURTqUOlenI44UWQYmqrcMP28QE0XHR6Id1p1LA+ZRMEnvdvyrYi8FH9VvK1vxJIIBsLCJSvuBCM2Uy+MX1MJNXUzvAp8bDAbgPE4wPx7y/DgOzhyYRyaVQxPRm8IbA+ciBg/3t7dkjLWK6afbOVzE4OxtBwxDtbDcUmpZ7cVE7gKnSM3tywOzxkwXrUAuMkSIKH4pgSAn4BBf8NsA2qr/fzUdvkYl6OF8qRa6Yw7kCtZO9zZTLK3i9gzfJfZ9LlaRaLLSMbQdOIN2FQfYG7+F2OPADNjhCIDHHvMoBKFdAhcLFGdtRP8FuqYMHd3zprCr0F8XgaD3tWAfx3Cq7JDhElM4e3vuIiCwVHGtHvydI4OqKFeO5DKp4+ErOxDyMhaxF8Qd/IPsKgA8QQK2/HkgFZH+fwyf+uRoylmOuQo/8PeaKkag1SihcSzt/vMBroMw9ZbMF6MyYXPC+8IsLggNFh6O7EyoVMIYm1PqSGBckyLb7gHWJu7r2zsajx6TeRwAVlEoVq9ScC8sj2XkrUo8HNLX6lt7J5/RDchmjta5pdTCGvsV7SOQi7mMUFjxAp+RBFE=,iv:KsQ5SqWokEmwZPXCFuEVhV2X7c+6rC8ZhqEc7Tc+rT8=,tag:fA1se7HrUltBOGhIg7zG/w==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
azure_kv: []
|
azure_kv: []
|
||||||
hc_vault: []
|
hc_vault: []
|
||||||
age:
|
age:
|
||||||
- recipient: age1g786w8t40g9y29l33rfd4jqlwhrgsxsc7ped6uju60k54j0q3enql3kfve
|
- recipient: age1eqlaq205y5jre9hu5hvulywa7w3d4qyxwmafneamxcn7nejesedsf4q9g6
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnbkdZamFHbTVoYXpCdGpx
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTeS83SmdkZ2daM05UVkpO
|
||||||
a214aFQvUUxWSW43SHV2QWFzVjJTeTNiSXhrCnF2VmR5eFlpc3JlcGY0R2J3aWdr
|
RG1jM1lNVDREUGdQZmFuREdOaVIzQkd6MzN3CmdaQnRDbUJwTG9tZ2treFJ2RFFU
|
||||||
aEZSL0gvRzZiYi9ELzZOeVkyRExkM0EKLS0tIGczRVRZY2U3S3F1ZVY2RnJwTWlw
|
NkVWUlVVNlVJd2xSRkU0bUUzZDY0ZGMKLS0tIG8wRzZCZ29Pc0tNb3dVcnVyYWl6
|
||||||
L0s5YXNFUlhmTS9GSkdZNWNJeDlCSm8K8j+Pvu+DUYLjQ27N2dPU8rGXYaZORK4I
|
MmVnNzdNWU83MGl6TzFwNFYydHQ0WFkKMy8Ew8clnoYcNR9qicauSBlLDp8N8qvg
|
||||||
n6U4KG2qiRAZn1eVp4t/8/2A5/0UupsrcYyKvXAiMLrpsf9kaq3Xmw==
|
jAMftEoS6bUhSozWW4zCpcRK6hCTi8X+IsHe0niTotGRUZgPgdXUWg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-08-21T21:51:49Z"
|
lastmodified: "2024-01-11T22:06:54Z"
|
||||||
mac: ENC[AES256_GCM,data:lXLx3E5CrfeVN6/a9WDVie4Mfn0v7pcadSWmiKoge9B5obhgAIVChSG8d8KFPkAN6gCBi1D/O3ukSogAwASZ2q8t4yUes6YsD3t4aZrADw6YVgOjNDeJHMiaXMP6fQ0ze665NEgyGBnIRxDuaTXHpaNXsiqSHr+51rRHi0S6K2g=,iv:I616VwtsUKqqvDfmu2KiY9i2ODaTD0tZZHaYG8DjyZA=,tag:dKFmvDZWMBsfhnuqAyMm+g==,type:str]
|
mac: ENC[AES256_GCM,data:P1ZUYJ+ZKO7y3ZC9qy/ODizNGohS6VlSLRzXFUw0dG4OSL/4G3lo+YzkOx/ly4oaLRKZAlW9dLONJYPldE1785A3DfUD3YjV+xrF4akxPAkCwer5ikmCEuG+jw+ihOxn+36s5KZhjVt7k+EVOqVAR60Oh62onq5IR608ND6zits=,iv:d3tdmEjvB/n/TquFRE8qs7Lr4O5q8zXaESvqHl5IiVk=,tag:AKo3NuJTDS0ov3jjHJTahA==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
encrypted_regex: ^(data|stringData)$
|
encrypted_regex: ^(data|stringData)$
|
||||||
version: 3.7.3
|
version: 3.8.1
|
||||||
|
|
|
@ -1,30 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: hcloud
|
|
||||||
namespace: kube-system
|
|
||||||
stringData:
|
|
||||||
ROBOT_ENABLED: ENC[AES256_GCM,data:tTSnWw==,iv:rSrqYIiQSOv6G0QxSYVU6DtW7b3PT7XNF/1pWx68M1g=,tag:2m6YXewARCcyXTjZGimodQ==,type:str]
|
|
||||||
token: ENC[AES256_GCM,data:DzLwUiv5JH/S6OBrzgNp0NO5U/7w0Pq2YtQ7uOAfg7Iw90qzGlzc8CqzlQOw0jHv91LzCUgjpeZn9QP93Dgprw==,iv:T6rqz1HmdKATl+8ov5qclhAo/NzHQTIN6eRSiCEyiZU=,tag:39VZ8N96NEXgvXTPQ/vvBA==,type:str]
|
|
||||||
robot-password: ENC[AES256_GCM,data:OeITzLUpgj03MyQ2n+SYgwykcw==,iv:9ZdbQW4ZAtqmGEiR4KBsziRXMAoHGHcBYXiwjep5H2A=,tag:4eGKJTfn0+NARz1k7j8jXA==,type:str]
|
|
||||||
robot-user: ENC[AES256_GCM,data:Cy2ilSDCVNaxES0N,iv:fs/fu9OOhNPDwgnw1xV8SPtbzlbDkbynvL4Z5L6aO2o=,tag:n2+BeAx8HLtD4rFbKMdUqw==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age1g786w8t40g9y29l33rfd4jqlwhrgsxsc7ped6uju60k54j0q3enql3kfve
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSaVJMaEQvSGw1Y3h1WXVi
|
|
||||||
TGFnM1dTaHRaUEtOaVl5anpKazZjbVRpckIwCi9Bc1BueHYvMUljdWRrZFVpQldJ
|
|
||||||
bkRVMWJIdmdubGJXL2NOeUloV3RXQ0EKLS0tIEZadWZJcytYZW5ZdmtFbGcrUjZN
|
|
||||||
SGkvdTBIM1hxMTREL1JDT0NCcXo0ckUKW3fJ509OnrgKxLvWHALLvA4Ha91pN+GM
|
|
||||||
JRdKi8tSlyVEpFgumeOsan3fIrsi9urgqYjMuW5e6ApMZ8/2522MWA==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2023-12-12T18:16:51Z"
|
|
||||||
mac: ENC[AES256_GCM,data:m3jplww3Pv4UnCIdyJ2DEkA95U5+Ovddk2DhEG7KhVQ/PTtG31UFCHdoBIgHf0ZcYmAYRLeyvUfRmi19I+h0h1eDrlbTwpFSYByunLvJZqk2Dp9WWCyGnoJ2Wh/dzW/pcLRSJCZWPxUGPR48cyZTlzg+iZHm760kbXQmzAE+ZHc=,iv:xxyyd9IaTtd+Te+2T156/c+842GVeOoPEs+IBZibWrk=,tag:EruEq5+6kU+nme9NydF/bg==,type:str]
|
|
||||||
pgp: []
|
|
||||||
encrypted_regex: ^(data|stringData)$
|
|
||||||
version: 3.8.1
|
|
|
@ -11,7 +11,7 @@ spec:
|
||||||
prune: true
|
prune: true
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: GitRepository
|
kind: GitRepository
|
||||||
name: valinor
|
name: homelab
|
||||||
decryption:
|
decryption:
|
||||||
provider: sops
|
provider: sops
|
||||||
secretRef:
|
secretRef:
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
apiVersion: source.toolkit.fluxcd.io/v1
|
apiVersion: source.toolkit.fluxcd.io/v1
|
||||||
kind: GitRepository
|
kind: GitRepository
|
||||||
metadata:
|
metadata:
|
||||||
name: valinor
|
name: homelab
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
spec:
|
spec:
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
@ -31,7 +31,7 @@ spec:
|
||||||
wait: false
|
wait: false
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: GitRepository
|
kind: GitRepository
|
||||||
name: valinor
|
name: homelab
|
||||||
decryption:
|
decryption:
|
||||||
provider: sops
|
provider: sops
|
||||||
secretRef:
|
secretRef:
|
||||||
|
|
|
@ -4,28 +4,28 @@ metadata:
|
||||||
name: cluster-secrets
|
name: cluster-secrets
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
stringData:
|
stringData:
|
||||||
SECRET_PUSHOVER_USERKEY: ENC[AES256_GCM,data:MeaD8iRbieNr5W9PqpjZ5ywdbMijX9nYQJbbVj6s,iv:42QymFlr47PYNjorJc5tgDjzZ9WHPVIk543GGChalVM=,tag:qyk1chI/IpPdfyEMdOqsbQ==,type:str]
|
SECRET_PUSHOVER_USERKEY: ENC[AES256_GCM,data:HknjiEQXIa1zntN4yOlTQ/buKx2xppiQV7faAxIe,iv:A9sMptT1QcgQvuP8jqPUZDjqTa56kbsLBjITQvPQyF8=,tag:Sa5PIweT7OYuoq5YG43rpA==,type:str]
|
||||||
SECRET_PUSHOVER_ALERT_MANAGER_APIKEY: ENC[AES256_GCM,data:4+9e/tWQBszoPakAo+1vNhWsdKz8qfoioeUz+dTb,iv:sY4dkzMEmvi8kCLesBiknmoYHWq3uqXpWs5Y4FeFSuk=,tag:rPxH+5m6rPiSnhm2JrrT4w==,type:str]
|
SECRET_PUSHOVER_ALERT_MANAGER_APIKEY: ENC[AES256_GCM,data:n0cFsAwCX1/y5HhsNxr/c2KT/5dzt55Ygi17rX+OV7cwKPKMImmLinb6GhD9fDIz1AINGBijXuXvD8TL,iv:4nwdHlSJEUSyMEDvh+5mhONXCGTJ3qyTITwG6CxeG3A=,tag:kurCrF2rGQFBF2u7Hhinuw==,type:str]
|
||||||
SECRET_HEALTHCHECKS_WEBHOOK: ENC[AES256_GCM,data:a6hjTy2HRy7s2+KHxfop8077CgAzzILCF/g5I9TIXdhRiziUrLpJVzC0mqNmfdooJsZyErrJ9ihamFKLFoK8S/PmD5IgWuZu,iv:l5JTxmiWct5nr7eJM/Rtl7AclhCoIQ4KW6nJK6Slhg0=,tag:K5yGxYBTNSSoxYJt8Kmhyw==,type:str]
|
SECRET_HEALTHCHECKS_WEBHOOK: ENC[AES256_GCM,data:YG8/g4i8inIQnCIsQyEkPdNyVmbFYU4bhixacOEEEcuJMl8ax8TH1yBRl5ziQmBggp/CETorWCmNiC3jkUXYYta/znlo76T5,iv:SGdg9htpyFP38jbAJDg+zq4Rs+axgM5m3SsgBG38Bu8=,tag:TTIVFki9e03rqVvNmtsFuw==,type:str]
|
||||||
SECRET_CLOUDFLARE_ACCOUNT_ID: ENC[AES256_GCM,data:X63a7aMBMyd9Be6bik0knOyMXnYx/Kg3SoOrG0bkAHU=,iv:POcU1kIRWekrzUdzqPopKDovviK+fMZRVuZVWp9Vuuc=,tag:n9UamxITJCiLbH37Ta2lTg==,type:str]
|
SECRET_CLOUDFLARE_ACCOUNT_ID: ENC[AES256_GCM,data:bKGSKh/TxNtCMRa83/i44fX7XC5mRxBLVeZ94UltjOo=,iv:Ji0tUnrvDywxMeCvNwBrG/a8JVudfK4sXYL8q0i/cz8=,tag:j4Bwvcz73RdIInsiz0F0JA==,type:str]
|
||||||
K8S_SERVICE_ENDPOINT: ENC[AES256_GCM,data:mons7ADYFZv+PjnGpAg=,iv:vRkH6yn+nr2azS+kWOCG9rayB/X/02OlmQVhaIsJDkQ=,tag:RyPwMRcWgQV2kKFa6YQtMg==,type:str]
|
K8S_SERVICE_ENDPOINT: ENC[AES256_GCM,data:3s9EeJwFzDQ=,iv:a4oU9bf7ESscw6o9YqhBx8kRm/rL1l2ydjjd1ngn/P0=,tag:TAwJ2UmFuEHeHsEhfiVH9g==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
azure_kv: []
|
azure_kv: []
|
||||||
hc_vault: []
|
hc_vault: []
|
||||||
age:
|
age:
|
||||||
- recipient: age1g786w8t40g9y29l33rfd4jqlwhrgsxsc7ped6uju60k54j0q3enql3kfve
|
- recipient: age1eqlaq205y5jre9hu5hvulywa7w3d4qyxwmafneamxcn7nejesedsf4q9g6
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzNUJOSGgzempjQS9ZQVlo
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwSC9CNFkwMHVLd0dWb0Jq
|
||||||
citDR1Vta2ZHWHJYNElySzA4a1ZIdktQREhFCnZyQlYvYlhRbDlwYVkxZmZJYm5S
|
cnN0OUJzYVlYV2VRS3p2ek5UcHl4TXNQckhjCnlHQTVNNmdyZFF6RXhETlBzSW9v
|
||||||
TEU0c2R4WkFWZGNEcjYyTHE3MmVLT0kKLS0tIHZwQWNGYks1alNnYVAyOWZsL1J2
|
S00ra2k2Y0VyWnJjcU9oWG5XVGJDQkkKLS0tIHB2bGxDOWhWci81aGViVFlsL0JE
|
||||||
dDhWMDZYait3UzNRZy9oVk85cHBPdEUKa7e22jHlW1chaLDKBB1in8ZTFnfKMXug
|
ZGRUUFpKTXpjWW9HQ0R1VDk2RmVmQ2MKJwHW3q0vCZClJFfDrWSLw6C43vWVfyLr
|
||||||
QJQ/9z6z/RjmnnFam2FWg++Xg2A8LQ7XTZcfR97csf59DQ/xwu7sVw==
|
1ACvmNWml+xv/MOQwoRRMx6OVF74X83UyTFdVrXXk7SkzRcwQr4j+A==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-01-02T23:49:24Z"
|
lastmodified: "2024-01-11T22:06:29Z"
|
||||||
mac: ENC[AES256_GCM,data:OZzwxpqsXk2tfWmDRjWdmRZaP1pc0HRAuxt1om1Q0yN0R7LTafyRaKdWRdDYi7g76/C8qvSwgT72If5u+M10Q/KKNDy/PavDKn9yMHLkYkdmnXCbyxuWCFqlDoVoOQyPG3H4+ahZkYDnXwzcScR8klTZxdG2n5xO6FJc3PKJFlk=,iv:f2d0J2vG3amQ5UCowNU4U9X+siuWq43uq3nLndoy76A=,tag:ZbfWo82UhiR1AOh93WkpLQ==,type:str]
|
mac: ENC[AES256_GCM,data:kpt0cEtZo9e2wRcnbp7VosxzVdRTUsnNOmCfjFW/6dAVt3PQuck4hoQ+5ZVO/kL02JDxfLFDaSrbEGwWyf3pwvWV0IQHPFH1W0DcgHe0bSHLBB1AAufISuaQ+OfrO6igYiUjJ1ijk8sErT64qY0WN1NTnMbhbGpXrmKl9jSxpbc=,iv:bVeu6F3V6dkx/VvHume/KdxVPArMzPCkTS+e5M9+ru8=,tag:u8MdtwtUcbk2/XFvdfvomw==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
encrypted_regex: ^(data|stringData)$
|
encrypted_regex: ^(data|stringData)$
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
@ -5,4 +5,4 @@ metadata:
|
||||||
name: cluster-settings
|
name: cluster-settings
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
data:
|
data:
|
||||||
CLUSTER_NAME: valinor
|
CLUSTER_NAME: homelab
|
||||||
|
|
Loading…
Reference in a new issue