Compare commits

..

1 commit

Author SHA1 Message Date
bb56038f7c
add shoko server 2024-11-07 15:47:40 -06:00
90 changed files with 342 additions and 255 deletions

View file

@ -1,55 +0,0 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app plex
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/apps/default/plex/app
prune: true
sourceRef:
kind: GitRepository
name: theshire
wait: true
dependsOn:
- name: rook-ceph-cluster
- name: volsync
- name: external-secrets-stores
interval: 30m
timeout: 5m
postBuild:
substitute:
APP: *app
GATUS_PATH: /web/index.html
VOLSYNC_CAPACITY: 30Gi
---
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app kometa-image-maid
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
interval: 30m
timeout: 5m
path: "./kubernetes/apps/default/plex/kometa-image-maid"
prune: true
sourceRef:
kind: GitRepository
name: theshire
wait: false
dependsOn:
- name: external-secrets-stores
- name: plex
postBuild:
substitute:
APP: *app

3
.gitignore vendored
View file

@ -24,6 +24,3 @@ omniconfig.yaml
*.pem
*.secrets
config.xml
# syncthing
**/*sync-conflict*

51
.vscode/settings.json vendored
View file

@ -1,41 +1,32 @@
{
"ansible.validation.lint.arguments": "-c .ansible-lint",
"files.associations": {
"*.json5": "jsonc",
"**/ansible/**/*.yaml": "ansible",
"**/ansible/**/*.sops.yaml": "yaml",
"**/ansible/**/inventory/**/*.yaml": "yaml",
"**/kubernetes/**/*.sops.toml": "plaintext",
"*.hujson": "jsonc"
"*.json5": "jsonc",
"**/ansible/**/*.yaml": "ansible",
"**/ansible/**/*.sops.yaml": "yaml",
"**/ansible/**/inventory/**/*.yaml": "yaml",
"**/kubernetes/**/*.sops.toml": "plaintext"
},
"material-icon-theme.folders.associations": {
".taskfiles": "utils",
"bootstrap": "import",
"charts": "kubernetes",
"hack": "scripts",
"repositories": "database",
"vars": "other",
// namespaces
"cert-manager": "guard",
"external-secrets": "keys",
"kube-system": "kubernetes",
"monitoring": "event",
"networking": "connection",
"rook-ceph": "dump"
".taskfiles": "utils",
"bootstrap": "import",
"charts": "kubernetes",
"hack": "scripts",
"repositories": "database",
"vars": "other",
// namespaces
"cert-manager": "guard",
"external-secrets": "keys",
"kube-system": "kubernetes",
"monitoring": "event",
"networking": "connection",
"rook-ceph": "dump",
},
"yaml.schemaStore.enable": true,
"yaml.schemas": {
"ansible": "ansible/**/*.yaml",
"kubernetes": "kubernetes/**/*.yaml"
},
"json.schemas": [
{
"fileMatch": ["*.hujson"],
"schema": {
"allowTrailingCommas": true
}
}
],
"editor.fontFamily": "FiraCode Nerd Font",
"editor.fontLigatures": true,
"editor.bracketPairColorization.enabled": true,
@ -44,7 +35,9 @@
"editor.guides.highlightActiveBracketPair": true,
"editor.hover.delay": 1500,
"editor.stickyScroll.enabled": false,
"editor.rulers": [100],
"editor.rulers": [
100
],
"explorer.autoReveal": false,
"files.trimTrailingWhitespace": true,
"ansible.python.interpreterPath": "/usr/bin/python3",
@ -53,5 +46,5 @@
"prettier.quoteProps": "preserve",
"[jsonc]": {
"editor.defaultFormatter": "esbenp.prettier-vscode"
}
},
}

View file

@ -6,4 +6,5 @@ resources:
# Pre Flux-Kustomizations
- ./namespace.yaml
# Flux-Kustomizations
- ./ollama/ks.yaml
- ./open-webui/ks.yaml

View file

@ -35,7 +35,7 @@ spec:
app:
image:
repository: docker.io/ollama/ollama
tag: 0.4.2
tag: 0.4.0
env:
- name: OLLAMA_HOST
value: 0.0.0.0

View file

@ -33,10 +33,10 @@ spec:
app:
image:
repository: ghcr.io/open-webui/open-webui
tag: v0.4.4
tag: 0.3.35
env:
- name: OLLAMA_BASE_URL
value: http://10.1.1.61:11434
value: http://ollama.ai.svc.cluster.local:11434
- name: ENABLE_RAG_WEB_SEARCH
value: true
- name: RAG_WEB_SEARCH_ENGINE

View file

@ -12,6 +12,7 @@ spec:
app.kubernetes.io/name: *app
dependsOn:
- name: volsync
- name: ollama
path: ./kubernetes/apps/ai/open-webui/app
prune: true
sourceRef:

View file

@ -40,7 +40,7 @@ spec:
app:
image:
repository: ghcr.io/jellyfin/jellyfin
tag: 10.10.3@sha256:17c3a8d9dddb97789b5f37112840ebf96566442c14d4754193a6c2eb154bc221
tag: 10.10.1@sha256:12b7aa2c8086e5566badc35370fab41b8cc8774dc3a80b07a1d6eb14f282b816
env:
DOTNET_SYSTEM_IO_DISABLEFILELOCKING: "true"
JELLYFIN_FFmpeg__probesize: 50000000

View file

@ -36,7 +36,7 @@ spec:
app:
image:
repository: fallenbagel/jellyseerr
tag: 2.1.0
tag: 2.0.1
env:
TZ: America/Chicago
LOG_LEVEL: "info"

View file

@ -6,6 +6,8 @@ resources:
# Pre Flux-Kustomizations
- ./namespace.yaml
# Flux-Kustomizations
- ./jellyfin/ks.yaml # sqlite
- ./jellyseerr/ks.yaml # sqlite
- ./radarr/ks.yaml # postgres
- ./shoko/ks.yaml # sqlite
- ./sonarr/ks.yaml # postgres

View file

@ -31,7 +31,7 @@ spec:
app:
image:
repository: ghcr.io/onedr0p/radarr-develop
tag: 5.15.1.9463
tag: 5.15.0.9412
env:
RADARR__APP__INSTANCENAME: Radarr-Anime
RADARR__APP__THEME: dark

View file

@ -0,0 +1,31 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: shokoserver
spec:
refreshInterval: 5m
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: shokoserver-secret
creationPolicy: Owner
data:
- secretKey: WIREGUARD_ENDPOINT_IP
remoteRef:
key: ProtonVPN
property: shokoserver_vpn_endpoint_ip
- secretKey: WIREGUARD_PUBLIC_KEY
remoteRef:
key: ProtonVPN
property: shokoserver_wireguard_public_key
- secretKey: WIREGUARD_PRIVATE_KEY
remoteRef:
key: ProtonVPN
property: shokoserver_wireguard_private_key
- secretKey: WIREGUARD_ADDRESSES
remoteRef:
key: ProtonVPN
property: wireguard_addresses

View file

@ -0,0 +1,125 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app shokoserver
spec:
interval: 30m
chart:
spec:
chart: app-template
version: 3.5.1
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
strategy: rollback
retries: 3
dependsOn:
- name: rook-ceph-cluster
namespace: rook-ceph
- name: volsync
namespace: volsync-system
values:
controllers:
shokoserver:
annotations:
reloader.stakater.com/auto: "true"
initContainers:
gluetun:
image:
repository: ghcr.io/qdm12/gluetun
tag: v3.39.1
env:
DOT: "off"
VPN_SERVICE_PROVIDER: protonvpn
VPN_TYPE: wireguard
VPN_INTERFACE: wg0
FIREWALL_INPUT_PORTS: "80"
envFrom:
- secretRef:
name: shokoserver-secret
resources:
limits:
kernel.org/tun: 1
restartPolicy: Always
securityContext:
capabilities:
add: ["NET_ADMIN"]
allowPrivilegeEscalation: false
containers:
app:
image:
repository: ghcr.io/jahanson/shokoserver
tag: v5.0.0@sha256:193aedf3e3f2d7031a76274d5bae0004c3d920c24831d688d991f85d4bb24ce2
env:
TZ: America/Chicago
PORT: &port 80
# probes:
# liveness: &probes
# enabled: true
# custom: true
# spec:
# httpGet:
# path: /status
# port: *port
# initialDelaySeconds: 0
# periodSeconds: 10
# timeoutSeconds: 1
# failureThreshold: 3
# readiness: *probes
# startup:
# enabled: false
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities: { drop: ["ALL"] }
defaultPodOptions:
securityContext:
runAsNonRoot: true
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
seccompProfile: { type: RuntimeDefault }
service:
app:
controller: shokoserver
ports:
http:
port: *port
targetPort: 8111
ingress:
app:
className: internal-nginx
hosts:
- host: "${APP}.jahanson.tech"
paths:
- path: /
service:
identifier: app
port: http
persistence:
config:
existingClaim: "${APP}"
globalMounts:
- path: /.shoko
media:
type: nfs
server: 10.1.1.61
path: /moria/media/
globalMounts:
- path: /data/moria-media
# logs:
# type: emptyDir
# globalMounts:
# - path: /app/config/logs
tmp:
type: emptyDir

View file

@ -3,10 +3,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./externalsecret.yaml
- ./helmrelease.yaml
configMapGenerator:
- name: generic-device-plugin-configmap
files:
- ./resources/config.yml
generatorOptions:
disableNameSuffixHash: true
- ../../../../templates/gatus/internal
- ../../../../templates/volsync

View file

@ -3,18 +3,22 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app generic-device-plugin
name: &app shoko
namespace: flux-system
spec:
targetNamespace: kube-system
targetNamespace: anime
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: "./kubernetes/apps/kube-system/generic-device-plugin/app"
path: ./kubernetes/apps/anime/shoko/app
prune: true
sourceRef:
kind: GitRepository
name: theshire
wait: true
wait: false
interval: 30m
timeout: 5m
postBuild:
substitute:
APP: *app
VOLSYNC_CAPACITY: 5Gi

View file

@ -31,7 +31,7 @@ spec:
app:
image:
repository: ghcr.io/onedr0p/sonarr-develop
tag: 4.0.10.2656
tag: 4.0.10.2624
env:
SONARR__APP__INSTANCENAME: Sonarr-Anime
SONARR__APP__THEME: dark

View file

@ -10,7 +10,7 @@ spec:
chart:
spec:
chart: cert-manager
version: v1.16.2
version: v1.16.1
sourceRef:
kind: HelmRepository
name: jetstack

View file

@ -30,7 +30,7 @@ spec:
runner-register:
image:
repository: code.forgejo.org/forgejo/runner
tag: 5.0.2
tag: 4.0.1
command:
- "forgejo-runner"
- "register"
@ -72,7 +72,7 @@ spec:
app:
image:
repository: code.forgejo.org/forgejo/runner
tag: 5.0.2
tag: 4.0.1
command:
- "sh"
- "-c"

View file

@ -30,7 +30,7 @@ spec:
app:
image:
repository: ghcr.io/dragonflydb/operator
tag: v1.1.8
tag: v1.1.7
command: ["/manager"]
args:
- --health-probe-bind-address=:8081

View file

@ -4,6 +4,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
# renovate: datasource=github-releases depName=dragonflydb/dragonfly-operator
- https://raw.githubusercontent.com/dragonflydb/dragonfly-operator/v1.1.8/manifests/crd.yaml
- https://raw.githubusercontent.com/dragonflydb/dragonfly-operator/v1.1.7/manifests/crd.yaml
- ./helmrelease.yaml
- ./rbac.yaml

View file

@ -5,7 +5,7 @@ kind: Dragonfly
metadata:
name: dragonfly
spec:
image: ghcr.io/dragonflydb/dragonfly:v1.25.2
image: ghcr.io/dragonflydb/dragonfly:v1.24.0
replicas: 3
env:
- name: MAX_MEMORY

View file

@ -5,7 +5,7 @@ kind: EMQX
metadata:
name: emqx
spec:
image: public.ecr.aws/emqx/emqx:5.8.2
image: public.ecr.aws/emqx/emqx:5.8.1
config:
mode: Merge
coreTemplate:

View file

@ -31,7 +31,7 @@ spec:
app:
image:
repository: ghcr.io/autobrr/autobrr
tag: v1.50.0@sha256:6a6f23570ab6b418318ab12bf2558712714e2f243cf18b139afa414f8417e97d
tag: v1.48.0@sha256:0ae19e3beedf491396e450b024c23e9e24df4d692286c0442a81fa699493def0
env:
AUTOBRR__CHECK_FOR_UPDATES: "false"
AUTOBRR__HOST: 0.0.0.0

View file

@ -36,7 +36,7 @@ spec:
app:
image:
repository: ghcr.io/onedr0p/home-assistant
tag: 2024.11.3@sha256:f45f502b1738e46eb435fbc8947cdcc2574f3713b156c6738129ea2ea9b49018
tag: 2024.11.0@sha256:23a1ba70e7d5518527e6324d28ccb07f1cbf7c334dbb6326a0b413ef8fe5fafd
env:
TZ: America/Chicago
envFrom:
@ -54,7 +54,7 @@ spec:
code-server:
image:
repository: ghcr.io/coder/code-server
tag: 4.95.3@sha256:6d74583d68179cbb6ddadc2518b450d2ac3eaec2d342474fe1941e03371cd2cf
tag: 4.93.1@sha256:c69e398d1b64589b3b77a7becfd03f4ec524982def20e6bffbb51b1b839e72ba
args: [
"--auth", "none",
"--user-data-dir", "/config/.vscode",

View file

@ -16,12 +16,14 @@ resources:
- ./morphos/ks.yaml
- ./omegabrr/ks.yaml
- ./overseerr/ks.yaml
- ./piped/ks.yaml
- ./plex/ks.yaml
- ./prowlarr/ks.yaml
- ./radarr/ks.yaml
- ./recyclarr/ks.yaml
- ./redlib/ks.yaml
- ./sabnzbd/ks.yaml
- ./scrypted/ks.yaml
- ./searxng/ks.yaml
- ./sonarr/ks.yaml
- ./stirling-pdf/ks.yaml

View file

@ -31,7 +31,7 @@ spec:
app:
image:
repository: ghcr.io/linkwarden/linkwarden
tag: v2.8.3@sha256:7f80a03d688c3e5d9ec6b34f5b65cd861ff8c9eb08d12932dc8fc7482991f238
tag: v2.7.1@sha256:bbd22798ee726184d4571ea4f4d831d57475c86c4965c2bb1c3c2d3de88c728a
env:
TIMEZONE: "America/Chicago"
NEXTAUTH_URL: "https://{{ .Release.Name }}.jahanson.tech/api/v1/auth"

View file

@ -32,7 +32,7 @@ spec:
app:
image:
repository: ghcr.io/jorenn92/maintainerr
tag: 2.2.1@sha256:13121a8292ef6db7560a931bf19b601cf3cc12df0a9dea9086b757798eea5b6d
tag: 2.2.0@sha256:fbb2c0341b8af502e4488f3664e34992f24947708c7dac10dcbee592f99a946c
env:
TZ: America/Chicago
resources:

View file

@ -31,7 +31,7 @@ spec:
app:
image:
repository: ghcr.io/autobrr/omegabrr
tag: v1.15.0@sha256:4f6099a76ff9d248e9f032e29c04a92b483f21456e46f3b01eb20399f4732ad0
tag: v1.14.0@sha256:6f65c7967609746662815933ecc8168c8c25a3b82d909f49833fcce2b47ee052
env:
TZ: America/Chicago
securityContext:

View file

@ -38,7 +38,7 @@ spec:
app:
image:
repository: ghcr.io/onedr0p/plex
tag: 1.41.2.9200-c6bbc1b53@sha256:47c6f3d85f4e739210860934a0bb24126170fa2f6a602fb909467f17a035c311
tag: 1.41.1.9057-af5eaea7a@sha256:5926b77196bb7c9f75b52f431d0483abea0fef1f576b7201592b385449201456
env:
TZ: America/Chicago
PLEX_ADVERTISE_URL: https://plex.hsn.dev:443,http://10.1.1.39:32400

View file

@ -2,6 +2,35 @@
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app plex
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/apps/default/plex/app
prune: true
sourceRef:
kind: GitRepository
name: theshire
wait: true
dependsOn:
- name: rook-ceph-cluster
- name: volsync
- name: external-secrets-stores
interval: 30m
timeout: 5m
postBuild:
substitute:
APP: *app
GATUS_PATH: /web/index.html
VOLSYNC_CAPACITY: 30Gi
---
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app plex-trakt-sync
namespace: flux-system
@ -22,7 +51,34 @@ spec:
- name: rook-ceph-cluster
- name: volsync
- name: external-secrets-stores
- name: plex
postBuild:
substitute:
APP: *app
VOLSYNC_CAPACITY: 1Gi
---
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app kometa-image-maid
namespace: flux-system
spec:
targetNamespace: default
commonMetadata:
labels:
app.kubernetes.io/name: *app
interval: 30m
timeout: 5m
path: "./kubernetes/apps/default/plex/kometa-image-maid"
prune: true
sourceRef:
kind: GitRepository
name: theshire
wait: false
dependsOn:
- name: external-secrets-stores
- name: plex
postBuild:
substitute:
APP: *app

View file

@ -33,12 +33,12 @@ spec:
app:
image:
repository: ghcr.io/taxel/plextraktsync
tag: 0.32.2
tag: 0.32.0
args:
- sync
env:
PLEX_BASEURL: http://10.1.1.61:32400
PLEX_LOCALURL: http://10.1.1.61:32400
PLEX_BASEURL: http://plex.default.svc.cluster.local:32400
PLEX_LOCALURL: http://plex.default.svc.cluster.local:32400
PLEX_USERNAME: veriwind
TRAKT_USERNAME: jahanson
probes:

View file

@ -31,7 +31,7 @@ spec:
app:
image:
repository: ghcr.io/onedr0p/prowlarr-develop
tag: 1.26.1.4844@sha256:dd6ab1a0c8f2d780b990f1034f2da6ffb0b4d3e3ca6042b656f691f06d4c9397
tag: 1.26.0.4833@sha256:face4aa669a4eb68b041dcf73ed4848cfe8f673826ef3032398a5e267eb1eac0
env:
# Ref: https://github.com/Radarr/Radarr/issues/7030#issuecomment-1039689518
# Ref: https://github.com/dotnet/runtime/issues/9336

View file

@ -31,7 +31,7 @@ spec:
app:
image:
repository: ghcr.io/onedr0p/radarr-develop
tag: 5.15.1.9463
tag: 5.15.0.9412
env:
RADARR__APP__INSTANCENAME: Radarr
RADARR__APP__THEME: dark

View file

@ -34,7 +34,7 @@ spec:
app:
image:
repository: ghcr.io/recyclarr/recyclarr
tag: 7.4.0@sha256:619c3b8920a179f2c578acd0f54e9a068f57c049aff840469eed66e93a4be2cf
tag: 7.3.0@sha256:2aaa0205a93171b93a159e4665004ccee1a5aacd60359fb8d7683db0ae7e774b
env:
# Ref: https://github.com/Radarr/Radarr/issues/7030#issuecomment-1039689518
# Ref: https://github.com/dotnet/runtime/issues/9336

View file

@ -38,7 +38,7 @@ spec:
app:
image:
repository: quay.io/redlib/redlib
tag: latest@sha256:d350eebf055527e2f2189aa0ef3a1e5a178a427ff6ae65a9d3ecbe7f43e83f71
tag: latest@sha256:42db7afd24d3e55ceccb38f6e91ecfd44d78f381a04848bb4de67dae1836a3e4
env:
REDLIB_DEFAULT_SHOW_NSFW: on
REDLIB_DEFAULT_WIDE: on

View file

@ -75,9 +75,12 @@ spec:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities: { drop: ["ALL"] }
resources:
requests:
cpu: 100m
limits:
memory: 16Gi
defaultPodOptions:
nodeSelector: # ~~testing~~
kubernetes.io/hostname: gandalf-01
securityContext:
runAsNonRoot: true
runAsUser: 568

View file

@ -32,7 +32,7 @@ spec:
app:
image:
repository: ghcr.io/koush/scrypted
tag: v0.123.31-jammy-nvidia
tag: v0.123.0-jammy-nvidia
probes:
liveness:
enabled: true

View file

@ -31,7 +31,7 @@ spec:
app:
image:
repository: ghcr.io/onedr0p/sonarr-develop
tag: 4.0.10.2656
tag: 4.0.10.2624
env:
SONARR__APP__INSTANCENAME: Sonarr
SONARR__APP__THEME: dark

View file

@ -31,7 +31,7 @@ spec:
app:
image:
repository: ghcr.io/stirling-tools/s-pdf
tag: 0.33.1@sha256:d30bf0b2826f0e71cf6fe1b806d918db6d90121ac70b3384569e3b49edf51b3f
tag: 0.31.1@sha256:fefbcbdc851bfdb29e172df03d8ac280efdd3eada92b16c46b0fc15932152c6c
pullPolicy: IfNotPresent
env:
TZ: America/Chicago

View file

@ -36,7 +36,7 @@ spec:
app:
image:
repository: ghcr.io/zwave-js/zwave-js-ui
tag: 9.27.7@sha256:b7327c74e9cb228af9fc2817330319d4e57e041767dc40e550fd6577a436ad7d
tag: 9.26.0@sha256:dd945bf63aca8c31763d90addf36db1f0d809c232b806d193173c329c03a183f
env:
TZ: America/Chicago
PORT: &port 80

View file

@ -7,7 +7,7 @@ spec:
# nodeName: nenya
containers:
- name: fstrim
image: ghcr.io/onedr0p/kubanetics:2024.11.1
image: ghcr.io/onedr0p/kubanetics:2024.10.7
securityContext:
privileged: true
command: ["/bin/bash", "-c", "while true; do sleep 10; done"]

View file

@ -33,7 +33,7 @@ spec:
app:
image:
repository: ghcr.io/onedr0p/kubanetics
tag: 2024.11.1@sha256:875b7c22fbb046958ae0116b4a7e9ea81062cf60f54d5b27e53ebf29078bdcc4
tag: 2024.10.7@sha256:f1abb7d38bb45b2eeace4eba1c44763134d6e88c377deb9928f93c5d042ea9af
env:
SCRIPT_NAME: fstrim.sh
probes:

View file

@ -1,67 +0,0 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: generic-device-plugin
spec:
interval: 30m
chart:
spec:
chart: app-template
version: 3.5.1
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
driftDetection:
mode: enabled
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
strategy: rollback
retries: 3
values:
defaultPodOptions:
priorityClassName: system-node-critical
controllers:
generic-device-plugin:
type: daemonset
strategy: RollingUpdate
annotations:
reloader.stakater.com/auto: "true"
containers:
generic-device-plugin:
image:
repository: ghcr.io/squat/generic-device-plugin
tag: latest@sha256:ba6f0b4cf6c858d6ad29ba4d32e4da11638abbc7d96436bf04f582a97b2b8821
args:
- --config=/config/config.yml
ports:
- containerPort: 8080
name: http
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities: { drop: ["ALL"] }
persistence:
config:
type: configMap
name: generic-device-plugin-configmap
globalMounts:
- path: /config/config.yml
subPath: config.yml
readOnly: true
dev:
type: hostPath
hostPath: /dev
globalMounts:
- path: /dev
device-plugin:
type: hostPath
hostPath: /var/lib/kubelet/device-plugins
globalMounts:
- path: /var/lib/kubelet/device-plugins

View file

@ -1,9 +0,0 @@
---
log-level: info
domain: kernel.org
devices:
- name: tun
groups:
- count: 1000
paths:
- path: /dev/net/tun

View file

@ -1,2 +1,2 @@
---
providerRegex: ^bilbo|^frodo|^sam|^merry|^pippin|^rosie|^gandalf-01$
providerRegex: ^bilbo|^frodo|^sam|^merry|^pippin|^rosie|^shadowfax-01|^gandalf-01$

View file

@ -12,7 +12,6 @@ resources:
- ./descheduler/ks.yaml
- ./dnsimple-webhook-rbac.yaml
- ./fstrim/ks.yaml
- ./generic-device-plugin/ks.yaml
- ./kubelet-csr-approver/ks.yaml
- ./metrics-server/ks.yaml
- ./node-feature-discovery/ks.yaml

View file

@ -36,7 +36,7 @@ spec:
app:
image:
repository: docker.io/cloudflare/cloudflared
tag: 2024.11.1@sha256:665dda65335e35a782ed9319aa63e8404f88b34d2644d30adf3e91253604ffa0
tag: 2024.11.0@sha256:2c78df02e1f23ab19d4c636921f05b9ebec163b887e946f98e22e56254a5540f
env:
NO_AUTOUPDATE: "true"
TUNNEL_CRED_FILE: /etc/cloudflared/creds/credentials.json

View file

@ -35,7 +35,7 @@ spec:
app:
image:
repository: ghcr.io/onedr0p/kubanetics
tag: 2024.11.1
tag: 2024.10.7
env:
SCRIPT_NAME: alertmanager-silencer.sh
ALERTMANAGER_URL: http://alertmanager.observability.svc.cluster.local:9093

View file

@ -196,6 +196,9 @@ spec:
cert-manager:
url: https://gitlab.com/uneeq-oss/cert-manager-mixin/-/raw/master/dashboards/cert-manager.json?ref_type=heads
datasource: Prometheus
dcgm-exporter:
url: https://raw.githubusercontent.com/NVIDIA/dcgm-exporter/main/grafana/dcgm-exporter-dashboard.json
datasource: Prometheus
external-secrets:
url: https://raw.githubusercontent.com/external-secrets/external-secrets/main/docs/snippets/dashboard.json
datasource: Prometheus
@ -249,7 +252,7 @@ spec:
victoria-alert:
# renovate: depName="VictoriaMetrics - vmalert"
gnetId: 14950
revision: 13
revision: 12
datasource: Prometheus
victoria-operator:
# renovate: depName="VictoriaMetrics - operator"

View file

@ -9,7 +9,7 @@ spec:
chart:
spec:
chart: prometheus-operator-crds
version: 16.0.0
version: 15.0.0
sourceRef:
kind: HelmRepository
name: prometheus-community

View file

@ -35,8 +35,8 @@ spec:
skipRecheck: true,
sonarr: ["http://sonarr.default.svc.cluster.local/?apikey={{ .SONARR_API_KEY }}"],
torrentDir: "/qbittorrent/qBittorrent/BT_backup",
torznab: []
/* torznab: [
// torznab: []
torznab: [
6, // ANT
8, // BLU
9, // TL
@ -44,7 +44,6 @@ spec:
12, // FNP
14, // TD
].map(i => `http://prowlarr.default.svc.cluster.local/$${i}/api?apikey={{ .PROWLARR_API_KEY }}`),
*/
};
dataFrom:
- extract:

View file

@ -43,7 +43,7 @@ spec:
app:
image:
repository: jesec/flood
tag: master@sha256:7b0f2b863434946260621b037d293130acb9f5d9248071408c641b858ffacccf
tag: master@sha256:8d04ec24abcc879f14e744e809520f7a7ec3c66395e1f6efa4179c9399803fbe
envFrom:
- secretRef:
name: flood-secret

View file

@ -34,7 +34,7 @@ spec:
nameOverride: qbittorrent
image:
repository: ghcr.io/onedr0p/qbittorrent-beta
tag: 5.0.2@sha256:adfd625f9cc7226eabad8aa117a551d42d5818c914850ef7fa3be60111383107
tag: 5.0.1@sha256:684422cab9fe3cba04812cf4207398bb72aa0f0283c92fddecd833648ac3f7bf
env:
UMASK: "022"
QBT_WEBUI_PORT: &port 80
@ -66,9 +66,15 @@ spec:
capabilities:
drop:
- ALL
resources:
requests:
cpu: 100m
memory: 1024Mi
limits:
memory: 8Gi
defaultPodOptions:
nodeSelector: # ~~testing~~
kubernetes.io/hostname: gandalf-01
kubernetes.io/hostname: shadowfax-01
securityContext:
runAsNonRoot: true
runAsUser: 568

View file

@ -39,7 +39,7 @@ spec:
tagging: &container
image:
repository: ghcr.io/buroa/qbtools
tag: v0.19.9@sha256:f5405e3c00256d7911d2abb839084a5147c108586adb281e97587cf93729c89b
tag: v0.19.7@sha256:ceb38f6794b10a8f1147dbc8a4df24857e0dae72341eaf2d435796937d77ba3a
env:
TZ: *timeZone
POD_NAMESPACE:

View file

@ -10,7 +10,7 @@ spec:
chart:
spec:
chart: rook-ceph
version: v1.15.6
version: v1.15.5
sourceRef:
kind: HelmRepository
name: rook-ceph

View file

@ -10,7 +10,7 @@ spec:
chart:
spec:
chart: rook-ceph-cluster
version: v1.15.6
version: v1.15.5
sourceRef:
kind: HelmRepository
name: rook-ceph

View file

@ -10,7 +10,7 @@ spec:
chart:
spec:
chart: external-secrets
version: 0.10.7
version: 0.10.5
interval: 30m
sourceRef:
kind: HelmRepository

View file

@ -22,6 +22,8 @@ spec:
strategy: rollback
retries: 3
dependsOn:
- name: kyverno
namespace: kyverno
- name: snapshot-controller
namespace: volsync-system
values:

View file

@ -10,6 +10,8 @@ spec:
commonMetadata:
labels:
app.kubernetes.io/name: *app
dependsOn:
- name: cluster-policies
path: ./kubernetes/apps/volsync-system/volsync/app
prune: true
sourceRef:

View file

@ -19,7 +19,7 @@ releases:
- name: prometheus-operator-crds
namespace: observability
chart: oci://ghcr.io/prometheus-community/charts/prometheus-operator-crds
version: 16.0.0
version: 15.0.0
- name: cilium
namespace: kube-system
chart: cilium/cilium

View file

@ -1,11 +1,9 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/budimanjojo/talhelper/master/pkg/config/schemas/talconfig.json
# yaml-language-server: $schema=https://ks.hsn.dev/talconfig.json
clusterName: theshire
# renovate: datasource=github-releases depName=siderolabs/talos
talosVersion: v1.8.3
# renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet
kubernetesVersion: 1.31.2
talosVersion: v1.8.2
kubernetesVersion: 1.31.1
endpoint: "https://10.1.1.57:6444"
additionalApiServerCertSans:

View file

@ -12,4 +12,4 @@ spec:
operation: copy
url: oci://ghcr.io/grafana/helm-charts/grafana
ref:
tag: 8.6.1
tag: 8.5.12

View file

@ -4,5 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./claim.yaml
- ./minio.yaml
- ./nfs.yaml
- ./r2.yaml

View file

@ -23,9 +23,8 @@
"(^|/)\\.taskfiles/.+\\.ya?ml(?:\\.j2)?$"
]
},
"customManagers": [
"regexManagers": [
{
"customType": "regex",
"description": [
"Process CRD dependencies - Chart and Github Release are the same version"
],
@ -36,17 +35,15 @@
"datasourceTemplate": "helm"
},
{
"customType": "regex",
"description": ["Generic Docker image Regex manager"],
"fileMatch": ["infrastructure/.+\\.ya?ml$", "infrastructure/.+\\.tf$"],
"matchStrings": [
"# renovate: docker-image( versioning=(?<versioning>.*=?))?\\\n .*[:|=] \"?(?<depName>.*?):(?<currentValue>[^\"\\n]*=?)\"?"
"# renovate: docker-image( versioning=(?<versioning>.*=?))?\n .*[:|=] \"?(?<depName>.*?):(?<currentValue>[^\"\n]*=?)\"?"
],
"datasourceTemplate": "docker",
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}"
},
{
"customType": "regex",
"description": ["Raw GitHub URL Regex manager"],
"fileMatch": ["infrastructure/.+\\.ya?ml$", "kubernetes/.+\\.ya?ml$"],
"matchStrings": [
@ -72,24 +69,24 @@
{
"description": "Flux Group",
"groupName": "Flux",
"matchPackagePatterns": ["^flux", "^ghcr.io/fluxcd/"],
"matchDatasources": ["docker", "github-tags"],
"versioning": "semver",
"group": {
"commitMessageTopic": "{{{groupName}}} group"
},
"separateMinorPatch": true,
"matchPackageNames": ["/^flux/", "/^ghcr.io/fluxcd//"]
"separateMinorPatch": true
},
{
"description": "Mastodon images",
"groupName": "Mastodon",
"matchPackagePatterns": ["mastodon", "^ghcr.io/mastodon/"],
"matchDatasources": ["docker", "github-tags"],
"versioning": "semver",
"group": {
"commitMessageTopic": "{{{groupName}}} group"
},
"separateMinorPatch": true,
"matchPackageNames": ["/mastodon/", "/^ghcr.io/mastodon//"]
"separateMinorPatch": true
},
{
"description": "1Password Connect images",
@ -107,12 +104,12 @@
{
"description": "Rook-Ceph image and chart",
"groupName": "Rook Ceph",
"matchPackagePatterns": ["rook.ceph"],
"matchDatasources": ["docker", "helm"],
"group": {
"commitMessageTopic": "{{{groupName}}} group"
},
"separateMinorPatch": true,
"matchPackageNames": ["/rook.ceph/"]
"separateMinorPatch": true
},
{
"description": "Cilium image and chart",
@ -131,7 +128,10 @@
{
"description": "External Snapshotter charts",
"groupName": "External Snapshotter",
"matchPackageNames": ["snapshot-controller", "snapshot-validation-webhook"],
"matchPackageNames": [
"snapshot-controller",
"snapshot-validation-webhook"
],
"matchDatasources": ["helm"],
"group": {
"commitMessageTopic": "{{{groupName}}} group"
@ -141,22 +141,23 @@
{
"description": "Thanos image and chart - versions do not match",
"groupName": "Thanos",
"matchPackagePatterns": ["quay.io/thanos/thanos", "thanos"],
"matchDatasources": ["docker", "github-releases", "helm"],
"matchUpdateTypes": ["minor", "patch"],
"group": {
"commitMessageTopic": "{{{groupName}}} group"
},
"matchPackageNames": ["/quay.io/thanos/thanos/", "/thanos/"]
}
},
{
"description": "Vector image and chart - versions do not match",
"groupName": "Vector",
"matchPackagePatterns": ["vector"],
"matchDatasources": ["docker", "github-releases", "helm"],
"matchUpdateTypes": ["minor", "patch"],
"group": {
"commitMessageTopic": "{{{groupName}}} group"
},
"matchPackageNames": ["/vector/"]
}
}
// Version strategies
]
}

View file

@ -3,11 +3,6 @@
pkgs.mkShell {
# Enable experimental features without having to specify the argument
NIX_CONFIG = "experimental-features = nix-command flakes";
shellHook = ''
export TMP=$(mktemp -d "/tmp/nix-shell-XXXXXX")
export TEMP=$TMP
export TMPDIR=$TMP
'';
nativeBuildInputs = with pkgs; [
fluxcd
@ -15,6 +10,8 @@ pkgs.mkShell {
gitleaks
helmfile
k9s
krew
kubectl
kubevirt
kubernetes-helm
pre-commit
@ -23,6 +20,5 @@ pkgs.mkShell {
mqttui
kustomize
yq-go
go-task
];
}