alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 5 Actions Activity

Compare commits

base: alexlebens:a7d122b6162cc837d7060a6f314ef1b1c85c4e46
Branches Tags
alexlebens:main alexlebens:renovate/major-unified-loki alexlebens:renovate/unified-stalwartlabs alexlebens:renovate/unified-gitea alexlebens:renovate/unified-talosctl alexlebens:renovate/unified-cilium alexlebens:manifests
..
compare: alexlebens:722694b022c195db57f548cb0b655f2f03476d2b
Branches Tags
alexlebens:renovate/major-unified-loki alexlebens:renovate/unified-stalwartlabs alexlebens:renovate/unified-gitea alexlebens:renovate/unified-talosctl alexlebens:renovate/unified-cilium alexlebens:manifests alexlebens:main

2 Commits
a7d122b616 ... 722694b022

Author SHA1 Message Date
Alex Lebens
722694b022 add protonvpn
Some checks failed
lint-test-helm / lint-helm (push) Failing after 15s
Details
render-manifests-push / render-manifests-push (push) Successful in 23s
Details
renovate / renovate (push) Has been cancelled
Details
2025-12-06 20:52:20 -06:00
Alex Lebens
18a5ef9b6f strip comments from yaml 2025-12-06 20:52:03 -06:00
6 changed files with 67 additions and 4 deletions
Expand all files Collapse all files

2
.gitea/workflows/render-manifests-automerge.yaml
View File

@@ -191,7 +191,7 @@ jobs:
echo ""
echo ">> Formating rendered template ..."
echo "$TEMPLATE" | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
echo "$TEMPLATE" | yq 'select(. != null)' | yq '... comments=""' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
echo ""
echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"

2
.gitea/workflows/render-manifests-dispatch.yaml
View File

@@ -176,7 +176,7 @@ jobs:
echo ""
echo ">> Formating rendered template ..."
echo "$TEMPLATE" | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
echo "$TEMPLATE" | yq 'select(. != null)' | yq '... comments=""' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
echo ""
echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"

2
.gitea/workflows/render-manifests-merge.yaml
View File

@@ -196,7 +196,7 @@ jobs:
echo ""
echo ">> Formating rendered template ..."
echo "$TEMPLATE" | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
echo "$TEMPLATE" | yq 'select(. != null)' | yq '... comments=""' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
echo ""
echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"

2
.gitea/workflows/render-manifests-push.yaml
View File

@@ -194,7 +194,7 @@ jobs:
echo ""
echo ">> Formating rendered template ..."
echo "$TEMPLATE" | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
echo "$TEMPLATE" | yq 'select(. != null)' | yq '... comments=""' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
echo ""
echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"

23
clusters/cl01tl/helm/searxng/templates/external-secret.yaml
View File

@@ -1,5 +1,28 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: searxng-wireguard-conf
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: searxng-wireguard-conf
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: private-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: private-key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: searxng-api-config-secret
namespace: {{ .Release.Namespace }}

40
clusters/cl01tl/helm/searxng/values.yaml
View File

@@ -62,6 +62,46 @@ searxng:
requests:
cpu: 10m
memory: 256Mi
gluetun:
image:
repository: ghcr.io/qdm12/gluetun
tag: v3.40.3@sha256:ef4a44819a60469682c7b5e69183e6401171891feaa60186652d292c59e41b30
pullPolicy: IfNotPresent
env:
- name: VPN_SERVICE_PROVIDER
value: protonvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: searxng-wireguard-conf
key: private-key
- name: VPN_PORT_FORWARDING
value: "on"
- name: VPN_PORT_FORWARDING_UP_COMMAND
value: '/bin/sh -c "/gluetun/update.sh {{ printf "{{PORTS}}" }}"'
- name: PORT_FORWARD_ONLY
value: "on"
- name: FIREWALL_OUTBOUND_SUBNETS
value: 192.168.1.0/24,10.244.0.0/16
- name: FIREWALL_INPUT_PORTS
value: 8080
- name: DOT
value: "off"
securityContext:
privileged: True
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
resources:
limits:
devic.es/tun: "1"
requests:
devic.es/tun: "1"
cpu: 10m
memory: 64Mi
service:
api:
controller: api