kind: Cluster
name: homelab
kubernetes:
  version: v1.29.2
talos:
  version: v1.6.4
features:
  backupConfiguration:
    interval: 1h0m0s
patches:
  - idOverride: 500-2f051f5c-7177-4cbb-b3c9-801e5eb556b1
    annotations:
      name: increase fs events
    inline:
      machine:
        sysctls:
          fs.inotify.max_queued_events: "65536"
          fs.inotify.max_user_instances: "8192"
          fs.inotify.max_user_watches: "524288"
  - idOverride: 500-602f425a-d488-4ecd-a528-68118bfc6cb1
    annotations:
      name: openebs local mounts
    inline:
      machine:
        kubelet:
          extraMounts:
            - destination: /var/openebs/local
              options:
                - bind
                - rshared
                - rw
              source: /var/openebs/local
              type: bind
  - idOverride: 500-63fc2c84-33e5-42ae-b79e-e48928d8ef9a
    annotations:
      description: Disables flannel and kube-proxy to make way for cilium.
      name: disable-cni
    inline:
      cluster:
        network:
          cni:
            name: none
        proxy:
          disabled: true
  - idOverride: 500-a6b7ecdb-884f-44b1-8eee-709a4b4d99a1
    annotations:
      description: Patch for spegel to work with containerd
      name: spegel-containerd
    inline:
      machine:
        files:
          - content: |-
              [plugins."io.containerd.grpc.v1.cri"]
                enable_unprivileged_ports = true
                enable_unprivileged_icmp = true
              [plugins."io.containerd.grpc.v1.cri".containerd]
                discard_unpacked_layers = false
              [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
                discard_unpacked_layers = false
            op: create
            path: /etc/cri/conf.d/20-customization.part
            permissions: 0
  - idOverride: 500-b9b199c3-030b-48d2-a34b-dc47fa07372b
    annotations:
      name: default seccomp
    inline:
      machine:
        kubelet:
          defaultRuntimeSeccompProfileEnabled: true
---
kind: ControlPlane
machines:
  - 4c4c4544-0038-4810-8057-b5c04f513232
  - 4c4c4544-0047-3010-804a-b2c04f4d3232
  - 4c4c4544-0047-4c10-8056-b7c04f513232
patches:
  - idOverride: 500-0b228a5c-62b8-4f22-9908-2e98dcd82559
    annotations:
      description: Enable several monitoring services on the control planes
      name: monitoring
    inline:
      cluster:
        apiServer:
          extraArgs:
            bind-address: 0.0.0.0
        controllerManager:
          extraArgs:
            bind-address: 0.0.0.0
        etcd:
          extraArgs:
            listen-metrics-urls: http://0.0.0.0:2381
        scheduler:
          extraArgs:
            bind-address: 0.0.0.0
  - idOverride: 500-c714a4d2-d205-4bc2-924b-aa1a4c174d9a
    annotations:
      name: disable pod security
    inline:
      cluster:
        apiServer:
          disablePodSecurityPolicy: true
  - idOverride: 500-f7275be8-0f4a-40f0-8da8-d2dcaa93e575
    annotations:
      name: remove admission contollers
    inline:
      cluster:
        apiServer:
          admissionControl:
            - configuration:
                exemptions:
                  namespaces:
                    - openebs-system
                    - security
                    - kyverno
                    - rook-ceph
                    - qbittorrent
              name: PodSecurity
---
kind: Workers
machines:
  - 325dfcd5-a5fa-d714-5037-8df713d9f4f1
  - 4968005b-9579-5c15-6d32-7b58e850a7d9
  - 95d6c80f-d76e-42c2-7e77-c9938b5b52bf
---
kind: Machine
name: 325dfcd5-a5fa-d714-5037-8df713d9f4f1
---
kind: Machine
name: 4968005b-9579-5c15-6d32-7b58e850a7d9
---
kind: Machine
name: 4c4c4544-0038-4810-8057-b5c04f513232
---
kind: Machine
name: 4c4c4544-0047-3010-804a-b2c04f4d3232
---
kind: Machine
name: 4c4c4544-0047-4c10-8056-b7c04f513232
---
kind: Machine
name: 95d6c80f-d76e-42c2-7e77-c9938b5b52bf