Compare commits
38 Commits
e1b98ccd3c
...
renovate/u
| Author | SHA1 | Date | |
|---|---|---|---|
b3f86fd08e
|
|||
| 17632c9da7 | |||
|
efe4d16f40
|
|||
| 9f96688b1f | |||
|
ceeebfc5e1
|
|||
| 939b9c3f8c | |||
| 78043bdaab | |||
| 912cc8df6c | |||
|
7a06594947
|
|||
| 4b7cc18956 | |||
| 6cbe4bcdb3 | |||
| 01e419879d | |||
| 8486899750 | |||
|
15526181c8
|
|||
| bf24f60161 | |||
| 2eee76307a | |||
| 2a6062a62f | |||
| 0beda0a4c1 | |||
| c9bc02b831 | |||
| 0cd6ca5ea0 | |||
| df27228e11 | |||
| 5878d1eb45 | |||
| c67ee7c8e6 | |||
| c6948462cb | |||
| d0bb9edbb0 | |||
| b9d3cd7453 | |||
|
4416f2fca6
|
|||
| 651c135e15 | |||
| b9e649fa66 | |||
| ad070b5767 | |||
| acad2fa4e2 | |||
| cf3bdbe9a9 | |||
| 020a3b297d | |||
| fd8819a38b | |||
| f1d383ed9a | |||
| baf50c63b6 | |||
| 9078347d8f | |||
| 3b3832865f |
@@ -169,9 +169,10 @@ jobs:
|
|||||||
|
|
||||||
echo ">> Running linting on changed charts ..."
|
echo ">> Running linting on changed charts ..."
|
||||||
|
|
||||||
for DIR in ${CHANGED_CHARTS}; do
|
lint_chart() {
|
||||||
CHART_PATH="clusters/${CLUSTER}/helm/${DIR}"
|
local DIR="$1"
|
||||||
CHART_NAME=$(basename "${CHART_PATH}")
|
local CHART_PATH="clusters/${CLUSTER}/helm/${DIR}"
|
||||||
|
local CHART_NAME=$(basename "${CHART_PATH}")
|
||||||
|
|
||||||
if [ -f "${CHART_PATH}/Chart.yaml" ]; then
|
if [ -f "${CHART_PATH}/Chart.yaml" ]; then
|
||||||
echo ""
|
echo ""
|
||||||
@@ -182,15 +183,8 @@ jobs:
|
|||||||
echo ">> Linting helm chart ${CHART_NAME} ..."
|
echo ">> Linting helm chart ${CHART_NAME} ..."
|
||||||
|
|
||||||
if ! helm lint "${CHART_PATH}" --namespace "default"; then
|
if ! helm lint "${CHART_PATH}" --namespace "default"; then
|
||||||
EXIT_CODE=1
|
echo "${DIR}" > ".failed_chart_${CHART_NAME}"
|
||||||
|
return 1
|
||||||
if [ -z "${FAILED_CHARTS}" ]; then
|
|
||||||
FAILED_CHARTS="${DIR}"
|
|
||||||
|
|
||||||
else
|
|
||||||
FAILED_CHARTS="${FAILED_CHARTS}, ${DIR}"
|
|
||||||
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
else
|
else
|
||||||
@@ -198,8 +192,20 @@ jobs:
|
|||||||
echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..."
|
echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..."
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
done
|
export -f lint_chart
|
||||||
|
export CLUSTER
|
||||||
|
|
||||||
|
for DIR in ${CHANGED_CHARTS}; do
|
||||||
|
echo "${DIR}"
|
||||||
|
done | xargs -P 4 -I {} bash -c 'OUT=$(lint_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {}
|
||||||
|
|
||||||
|
if ls .failed_chart_* 1> /dev/null 2>&1; then
|
||||||
|
EXIT_CODE=1
|
||||||
|
FAILED_CHARTS=$(cat .failed_chart_* | paste -sd ',' - | sed 's/,/, /g')
|
||||||
|
rm -f .failed_chart_*
|
||||||
|
fi
|
||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
echo "----"
|
echo "----"
|
||||||
@@ -329,8 +335,9 @@ jobs:
|
|||||||
EXIT_CODE=0
|
EXIT_CODE=0
|
||||||
FAILED_CHARTS=""
|
FAILED_CHARTS=""
|
||||||
|
|
||||||
for DIR in ${CHANGED_CHARTS}; do
|
validate_chart() {
|
||||||
CHART_PATH="clusters/${CLUSTER}/helm/${DIR}"
|
local DIR="$1"
|
||||||
|
local CHART_PATH="clusters/${CLUSTER}/helm/${DIR}"
|
||||||
echo ""
|
echo ""
|
||||||
echo ">> Validating: ${DIR}"
|
echo ">> Validating: ${DIR}"
|
||||||
|
|
||||||
@@ -343,18 +350,23 @@ jobs:
|
|||||||
-strict \
|
-strict \
|
||||||
-summary; then
|
-summary; then
|
||||||
|
|
||||||
|
echo "${DIR}" > ".failed_chart_${DIR}"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
export -f validate_chart
|
||||||
|
export CLUSTER SCHEMA_LOCATIONS
|
||||||
|
|
||||||
|
for DIR in ${CHANGED_CHARTS}; do
|
||||||
|
echo "${DIR}"
|
||||||
|
done | xargs -P 4 -I {} bash -c 'OUT=$(validate_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {}
|
||||||
|
|
||||||
|
if ls .failed_chart_* 1> /dev/null 2>&1; then
|
||||||
EXIT_CODE=1
|
EXIT_CODE=1
|
||||||
|
FAILED_CHARTS=$(cat .failed_chart_* | paste -sd ',' - | sed 's/,/, /g')
|
||||||
if [ -z "${FAILED_CHARTS}" ]; then
|
rm -f .failed_chart_*
|
||||||
FAILED_CHARTS="${DIR}"
|
|
||||||
|
|
||||||
else
|
|
||||||
FAILED_CHARTS="${FAILED_CHARTS}, ${DIR}"
|
|
||||||
|
|
||||||
fi
|
fi
|
||||||
fi
|
|
||||||
|
|
||||||
done
|
|
||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
echo "----"
|
echo "----"
|
||||||
|
|||||||
@@ -19,4 +19,4 @@ dependencies:
|
|||||||
version: 4.6.2
|
version: 4.6.2
|
||||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/excalidraw.png
|
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/excalidraw.png
|
||||||
# renovate: datasource=github-releases depName=excalidraw/excalidraw
|
# renovate: datasource=github-releases depName=excalidraw/excalidraw
|
||||||
appVersion: v0.18.0
|
appVersion: v0.18.1
|
||||||
|
|||||||
@@ -13,5 +13,5 @@ spec:
|
|||||||
data:
|
data:
|
||||||
- secretKey: api-key
|
- secretKey: api-key
|
||||||
remoteRef:
|
remoteRef:
|
||||||
key: /unifi/auth/cl01tl
|
key: /unifi/users/cl01tl
|
||||||
property: api-key
|
property: api-key
|
||||||
|
|||||||
@@ -70,7 +70,7 @@ foldergram:
|
|||||||
forceRename: foldergram-data
|
forceRename: foldergram-data
|
||||||
storageClass: synology-iscsi-delete
|
storageClass: synology-iscsi-delete
|
||||||
accessMode: ReadWriteOnce
|
accessMode: ReadWriteOnce
|
||||||
size: 250Gi
|
size: 500Gi
|
||||||
advancedMounts:
|
advancedMounts:
|
||||||
main:
|
main:
|
||||||
main:
|
main:
|
||||||
|
|||||||
@@ -213,7 +213,7 @@ gitea-actions:
|
|||||||
registry: docker.io
|
registry: docker.io
|
||||||
repository: docker
|
repository: docker
|
||||||
# renovate: datasource=docker depName=docker
|
# renovate: datasource=docker depName=docker
|
||||||
tag: 29.4.0-dind@sha256:f80c26212befc1c1988b529495532c6b9180d9b1dab1611f4a1efbe9da8ec821
|
tag: 29.4.1-dind@sha256:c77e5d7912f9b137cc67051fdc2991d8f5ae22c55ddf532bb836dcb693a04940
|
||||||
extraVolumeMounts:
|
extraVolumeMounts:
|
||||||
- name: docker-vol
|
- name: docker-vol
|
||||||
mountPath: /var/lib/docker
|
mountPath: /var/lib/docker
|
||||||
|
|||||||
@@ -1,10 +1,10 @@
|
|||||||
apiVersion: external-secrets.io/v1
|
apiVersion: external-secrets.io/v1
|
||||||
kind: ExternalSecret
|
kind: ExternalSecret
|
||||||
metadata:
|
metadata:
|
||||||
name: grimmory-database-config
|
name: grimmory-database-secret
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: grimmory-database-config
|
app.kubernetes.io/name: grimmory-database-secret
|
||||||
{{- include "custom.labels" . | nindent 4 }}
|
{{- include "custom.labels" . | nindent 4 }}
|
||||||
spec:
|
spec:
|
||||||
secretStoreRef:
|
secretStoreRef:
|
||||||
@@ -33,11 +33,11 @@ spec:
|
|||||||
- secretKey: access
|
- secretKey: access
|
||||||
remoteRef:
|
remoteRef:
|
||||||
key: /digital-ocean/home-infra/mariadb-backups
|
key: /digital-ocean/home-infra/mariadb-backups
|
||||||
property: access
|
property: AWS_ACCESS_KEY_ID
|
||||||
- secretKey: secret
|
- secretKey: secret
|
||||||
remoteRef:
|
remoteRef:
|
||||||
key: /digital-ocean/home-infra/mariadb-backups
|
key: /digital-ocean/home-infra/mariadb-backups
|
||||||
property: secret
|
property: AWS_SECRET_ACCESS_KEY
|
||||||
|
|
||||||
---
|
---
|
||||||
apiVersion: external-secrets.io/v1
|
apiVersion: external-secrets.io/v1
|
||||||
|
|||||||
@@ -27,7 +27,7 @@ grimmory:
|
|||||||
- name: DATABASE_PASSWORD
|
- name: DATABASE_PASSWORD
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: grimmory-database-config
|
name: grimmory-database-secret
|
||||||
key: password
|
key: password
|
||||||
- name: GRIMMORY_PORT
|
- name: GRIMMORY_PORT
|
||||||
value: 6060
|
value: 6060
|
||||||
@@ -98,7 +98,7 @@ mariadb-cluster:
|
|||||||
mariadb:
|
mariadb:
|
||||||
rootPasswordSecretKeyRef:
|
rootPasswordSecretKeyRef:
|
||||||
generate: false
|
generate: false
|
||||||
name: grimmory-database-config
|
name: grimmory-database-secret
|
||||||
key: password
|
key: password
|
||||||
storage:
|
storage:
|
||||||
size: 5Gi
|
size: 5Gi
|
||||||
|
|||||||
@@ -23,7 +23,7 @@ home-assistant:
|
|||||||
code-server:
|
code-server:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/linuxserver/code-server
|
repository: ghcr.io/linuxserver/code-server
|
||||||
tag: 4.116.0-ls333@sha256:4620adace18935dd6ca79d77e3bc1c379e21875392192f970cf5d6b0fb4aefcd
|
tag: 4.117.0-ls334@sha256:1f384394d473c43ab6a39b2227ba3aa9c95af648ce3a67e1b4da1969c16c7c0d
|
||||||
env:
|
env:
|
||||||
- name: TZ
|
- name: TZ
|
||||||
value: America/Chicago
|
value: America/Chicago
|
||||||
|
|||||||
@@ -21,5 +21,5 @@ spec:
|
|||||||
property: user
|
property: user
|
||||||
- secretKey: password
|
- secretKey: password
|
||||||
remoteRef:
|
remoteRef:
|
||||||
key: /cl01tl/jellystat/cconfig
|
key: /cl01tl/jellystat/config
|
||||||
property: password
|
property: password
|
||||||
|
|||||||
@@ -26,4 +26,4 @@ dependencies:
|
|||||||
repository: oci://harbor.alexlebens.net/helm-charts
|
repository: oci://harbor.alexlebens.net/helm-charts
|
||||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/libation.png
|
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/libation.png
|
||||||
# renovate: datasource=github-releases depName=rmcrackan/Libation
|
# renovate: datasource=github-releases depName=rmcrackan/Libation
|
||||||
appVersion: 13.3.4
|
appVersion: 13.3.5
|
||||||
|
|||||||
@@ -12,7 +12,7 @@ libation:
|
|||||||
main:
|
main:
|
||||||
image:
|
image:
|
||||||
repository: rmcrackan/libation
|
repository: rmcrackan/libation
|
||||||
tag: 13.3.4@sha256:eb0357e8a880ed0049dffd2a99a9d2eda322ed33b3b9e16f4fb93eb15275f396
|
tag: 13.3.5@sha256:fcfeaa406a3567e3de89d85bf761d17868029c6e8a127922672770cb812b9be8
|
||||||
env:
|
env:
|
||||||
- name: SLEEP_TIME
|
- name: SLEEP_TIME
|
||||||
value: "-1"
|
value: "-1"
|
||||||
|
|||||||
@@ -16,22 +16,102 @@ spec:
|
|||||||
fileName: config.yaml
|
fileName: config.yaml
|
||||||
secretPath: secret/data/cl01tl/matrix-synapse/config
|
secretPath: secret/data/cl01tl/matrix-synapse/config
|
||||||
secretKey: config.yaml
|
secretKey: config.yaml
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: secrets-store.csi.x-k8s.io/v1
|
||||||
|
kind: SecretProviderClass
|
||||||
|
metadata:
|
||||||
|
name: matrix-synapse-oidc-config
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: matrix-synapse-oidc-config
|
||||||
|
{{- include "custom.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
provider: openbao
|
||||||
|
parameters:
|
||||||
|
baoAddress: "http://openbao-internal.openbao:8200"
|
||||||
|
roleName: matrix-synapse
|
||||||
|
objects: |
|
||||||
- objectName: oidc.yaml
|
- objectName: oidc.yaml
|
||||||
fileName: oidc.yaml
|
fileName: oidc.yaml
|
||||||
secretPath: secret/data/cl01tl/matrix-synapse/config
|
secretPath: secret/data/cl01tl/matrix-synapse/config
|
||||||
secretKey: oidc.yaml
|
secretKey: oidc.yaml
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: secrets-store.csi.x-k8s.io/v1
|
||||||
|
kind: SecretProviderClass
|
||||||
|
metadata:
|
||||||
|
name: matrix-synapse-hookshot-config
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: matrix-synapse-hookshot-config
|
||||||
|
{{- include "custom.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
provider: openbao
|
||||||
|
parameters:
|
||||||
|
baoAddress: "http://openbao-internal.openbao:8200"
|
||||||
|
roleName: matrix-synapse
|
||||||
|
objects: |
|
||||||
- objectName: hookshot-registration.yaml
|
- objectName: hookshot-registration.yaml
|
||||||
fileName: hookshot-registration.yaml
|
fileName: hookshot-registration.yaml
|
||||||
secretPath: secret/data/cl01tl/matrix-synapse/hookshot
|
secretPath: secret/data/cl01tl/matrix-synapse/hookshot
|
||||||
secretKey: hookshot-registration.yaml
|
secretKey: hookshot-registration.yaml
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: secrets-store.csi.x-k8s.io/v1
|
||||||
|
kind: SecretProviderClass
|
||||||
|
metadata:
|
||||||
|
name: matrix-synapse-mautrix-discord-config
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: matrix-synapse-mautrix-discord-config
|
||||||
|
{{- include "custom.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
provider: openbao
|
||||||
|
parameters:
|
||||||
|
baoAddress: "http://openbao-internal.openbao:8200"
|
||||||
|
roleName: matrix-synapse
|
||||||
|
objects: |
|
||||||
- objectName: mautrix-discord-registration.yaml
|
- objectName: mautrix-discord-registration.yaml
|
||||||
fileName: mautrix-discord-registration.yaml
|
fileName: mautrix-discord-registration.yaml
|
||||||
secretPath: secret/data/cl01tl/matrix-synapse/mautrix-discord
|
secretPath: secret/data/cl01tl/matrix-synapse/mautrix-discord
|
||||||
secretKey: mautrix-discord-registration.yaml
|
secretKey: mautrix-discord-registration.yaml
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: secrets-store.csi.x-k8s.io/v1
|
||||||
|
kind: SecretProviderClass
|
||||||
|
metadata:
|
||||||
|
name: matrix-synapse-mautrix-whatsapp-config
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: matrix-synapse-mautrix-whatsapp-config
|
||||||
|
{{- include "custom.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
provider: openbao
|
||||||
|
parameters:
|
||||||
|
baoAddress: "http://openbao-internal.openbao:8200"
|
||||||
|
roleName: matrix-synapse
|
||||||
|
objects: |
|
||||||
- objectName: mautrix-whatsapp-registration.yaml
|
- objectName: mautrix-whatsapp-registration.yaml
|
||||||
fileName: mautrix-whatsapp-registration.yaml
|
fileName: mautrix-whatsapp-registration.yaml
|
||||||
secretPath: secret/data/cl01tl/matrix-synapse/mautrix-whatsapp
|
secretPath: secret/data/cl01tl/matrix-synapse/mautrix-whatsapp
|
||||||
secretKey: mautrix-whatsapp-registration.yaml
|
secretKey: mautrix-whatsapp-registration.yaml
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: secrets-store.csi.x-k8s.io/v1
|
||||||
|
kind: SecretProviderClass
|
||||||
|
metadata:
|
||||||
|
name: matrix-synapse-double-puppet-config
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: matrix-synapse-double-puppet-config
|
||||||
|
{{- include "custom.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
provider: openbao
|
||||||
|
parameters:
|
||||||
|
baoAddress: "http://openbao-internal.openbao:8200"
|
||||||
|
roleName: matrix-synapse
|
||||||
|
objects: |
|
||||||
- objectName: double-puppet-registration.yaml
|
- objectName: double-puppet-registration.yaml
|
||||||
fileName: double-puppet-registration.yaml
|
fileName: double-puppet-registration.yaml
|
||||||
secretPath: secret/data/cl01tl/matrix-synapse/double-puppet
|
secretPath: secret/data/cl01tl/matrix-synapse/double-puppet
|
||||||
|
|||||||
@@ -43,11 +43,67 @@ matrix-synapse:
|
|||||||
readOnly: true
|
readOnly: true
|
||||||
volumeAttributes:
|
volumeAttributes:
|
||||||
secretProviderClass: matrix-synapse-config
|
secretProviderClass: matrix-synapse-config
|
||||||
|
- name: oidc-config
|
||||||
|
csi:
|
||||||
|
driver: secrets-store.csi.k8s.io
|
||||||
|
readOnly: true
|
||||||
|
volumeAttributes:
|
||||||
|
secretProviderClass: matrix-synapse-oidc-config
|
||||||
|
- name: hookshot-config
|
||||||
|
csi:
|
||||||
|
driver: secrets-store.csi.k8s.io
|
||||||
|
readOnly: true
|
||||||
|
volumeAttributes:
|
||||||
|
secretProviderClass: matrix-synapse-hookshot-config
|
||||||
|
- name: mautrix-discord-config
|
||||||
|
csi:
|
||||||
|
driver: secrets-store.csi.k8s.io
|
||||||
|
readOnly: true
|
||||||
|
volumeAttributes:
|
||||||
|
secretProviderClass: matrix-synapse-mautrix-discord-config
|
||||||
|
- name: mautrix-whatsapp-config
|
||||||
|
csi:
|
||||||
|
driver: secrets-store.csi.k8s.io
|
||||||
|
readOnly: true
|
||||||
|
volumeAttributes:
|
||||||
|
secretProviderClass: matrix-synapse-mautrix-whatsapp-config
|
||||||
|
- name: double-puppet-config
|
||||||
|
csi:
|
||||||
|
driver: secrets-store.csi.k8s.io
|
||||||
|
readOnly: true
|
||||||
|
volumeAttributes:
|
||||||
|
secretProviderClass: matrix-synapse-double-puppet-config
|
||||||
extraVolumeMounts:
|
extraVolumeMounts:
|
||||||
- name: config
|
- name: config
|
||||||
mountPath: /synapse/config/conf.d
|
mountPath: /synapse/config/conf.d/config.yaml
|
||||||
mountPropagation: None
|
mountPropagation: None
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
subPath: config.yaml
|
||||||
|
- name: oidc-config
|
||||||
|
mountPath: /synapse/config/conf.d/oidc.yaml
|
||||||
|
mountPropagation: None
|
||||||
|
readOnly: true
|
||||||
|
subPath: oidc.yaml
|
||||||
|
- name: hookshot-config
|
||||||
|
mountPath: /synapse/config/conf.d/hookshot-registration.yaml
|
||||||
|
mountPropagation: None
|
||||||
|
readOnly: true
|
||||||
|
subPath: hookshot-registration.yaml
|
||||||
|
- name: mautrix-discord-config
|
||||||
|
mountPath: /synapse/config/conf.d/mautrix-discord-registration.yaml
|
||||||
|
mountPropagation: None
|
||||||
|
readOnly: true
|
||||||
|
subPath: mautrix-discord-registration.yaml
|
||||||
|
- name: mautrix-whatsapp-config
|
||||||
|
mountPath: /synapse/config/conf.d/mautrix-whatsapp-registration.yaml
|
||||||
|
mountPropagation: None
|
||||||
|
readOnly: true
|
||||||
|
subPath: mautrix-whatsapp-registration.yaml
|
||||||
|
- name: double-puppet-config
|
||||||
|
mountPath: /synapse/config/conf.d/double-puppet-registration.yaml
|
||||||
|
mountPropagation: None
|
||||||
|
readOnly: true
|
||||||
|
subPath: double-puppet-registration.yaml
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: 10m
|
cpu: 10m
|
||||||
@@ -118,6 +174,8 @@ matrix-hookshot:
|
|||||||
type: deployment
|
type: deployment
|
||||||
replicas: 1
|
replicas: 1
|
||||||
strategy: Recreate
|
strategy: Recreate
|
||||||
|
serviceAccount:
|
||||||
|
name: matrix-synapse
|
||||||
containers:
|
containers:
|
||||||
main:
|
main:
|
||||||
image:
|
image:
|
||||||
|
|||||||
@@ -127,7 +127,7 @@ ollama:
|
|||||||
- name: WEBUI_SECRET_KEY
|
- name: WEBUI_SECRET_KEY
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: ollama-key
|
name: open-webui-key
|
||||||
key: key
|
key: key
|
||||||
- name: DATABASE_URL
|
- name: DATABASE_URL
|
||||||
valueFrom:
|
valueFrom:
|
||||||
|
|||||||
@@ -19,7 +19,7 @@ maintainers:
|
|||||||
- name: alexlebens
|
- name: alexlebens
|
||||||
dependencies:
|
dependencies:
|
||||||
- name: openbao
|
- name: openbao
|
||||||
version: 0.27.1
|
version: 0.27.2
|
||||||
repository: https://openbao.github.io/openbao-helm
|
repository: https://openbao.github.io/openbao-helm
|
||||||
- name: app-template
|
- name: app-template
|
||||||
alias: unseal
|
alias: unseal
|
||||||
|
|||||||
@@ -9,7 +9,7 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
secretStoreRef:
|
secretStoreRef:
|
||||||
kind: ClusterSecretStore
|
kind: ClusterSecretStore
|
||||||
name: vault
|
name: openbao
|
||||||
data:
|
data:
|
||||||
- secretKey: AWS_ACCESS_KEY_ID
|
- secretKey: AWS_ACCESS_KEY_ID
|
||||||
remoteRef:
|
remoteRef:
|
||||||
@@ -40,24 +40,20 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
secretStoreRef:
|
secretStoreRef:
|
||||||
kind: ClusterSecretStore
|
kind: ClusterSecretStore
|
||||||
name: vault
|
name: openbao
|
||||||
data:
|
data:
|
||||||
- secretKey: ENVIRONMENT
|
- secretKey: ENVIRONMENT
|
||||||
remoteRef:
|
remoteRef:
|
||||||
key: /cl01tl/openbao/unseal
|
key: /cl01tl/openbao/unseal
|
||||||
property: ENVIRONMENT
|
property: environment
|
||||||
- secretKey: NODES
|
- secretKey: NODES
|
||||||
remoteRef:
|
remoteRef:
|
||||||
key: /cl01tl/openbao/unseal
|
key: /cl01tl/openbao/unseal
|
||||||
property: NODES
|
property: nodes
|
||||||
- secretKey: TOKENS
|
- secretKey: TOKENS
|
||||||
remoteRef:
|
remoteRef:
|
||||||
key: /cl01tl/openbao/unseal
|
key: /cl01tl/openbao/unseal
|
||||||
property: TOKENS_1
|
property: tokens-1
|
||||||
- secretKey: NOTIFY_QUEUE_URLS
|
|
||||||
remoteRef:
|
|
||||||
key: /cl01tl/openbao/unseal
|
|
||||||
property: NOTIFY_QUEUE_URLS
|
|
||||||
|
|
||||||
---
|
---
|
||||||
apiVersion: external-secrets.io/v1
|
apiVersion: external-secrets.io/v1
|
||||||
@@ -71,24 +67,20 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
secretStoreRef:
|
secretStoreRef:
|
||||||
kind: ClusterSecretStore
|
kind: ClusterSecretStore
|
||||||
name: vault
|
name: openbao
|
||||||
data:
|
data:
|
||||||
- secretKey: ENVIRONMENT
|
- secretKey: ENVIRONMENT
|
||||||
remoteRef:
|
remoteRef:
|
||||||
key: /cl01tl/openbao/unseal
|
key: /cl01tl/openbao/unseal
|
||||||
property: ENVIRONMENT
|
property: environment
|
||||||
- secretKey: NODES
|
- secretKey: NODES
|
||||||
remoteRef:
|
remoteRef:
|
||||||
key: /cl01tl/openbao/unseal
|
key: /cl01tl/openbao/unseal
|
||||||
property: NODES
|
property: nodes
|
||||||
- secretKey: TOKENS
|
- secretKey: TOKENS
|
||||||
remoteRef:
|
remoteRef:
|
||||||
key: /cl01tl/openbao/unseal
|
key: /cl01tl/openbao/unseal
|
||||||
property: TOKENS_2
|
property: tokens-2
|
||||||
- secretKey: NOTIFY_QUEUE_URLS
|
|
||||||
remoteRef:
|
|
||||||
key: /cl01tl/openbao/unseal
|
|
||||||
property: NOTIFY_QUEUE_URLS
|
|
||||||
|
|
||||||
---
|
---
|
||||||
apiVersion: external-secrets.io/v1
|
apiVersion: external-secrets.io/v1
|
||||||
@@ -102,61 +94,46 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
secretStoreRef:
|
secretStoreRef:
|
||||||
kind: ClusterSecretStore
|
kind: ClusterSecretStore
|
||||||
name: vault
|
name: openbao
|
||||||
data:
|
data:
|
||||||
- secretKey: ENVIRONMENT
|
- secretKey: ENVIRONMENT
|
||||||
remoteRef:
|
remoteRef:
|
||||||
key: /cl01tl/openbao/unseal
|
key: /cl01tl/openbao/unseal
|
||||||
property: ENVIRONMENT
|
property: environment
|
||||||
- secretKey: NODES
|
- secretKey: NODES
|
||||||
remoteRef:
|
remoteRef:
|
||||||
key: /cl01tl/openbao/unseal
|
key: /cl01tl/openbao/unseal
|
||||||
property: NODES
|
property: nodes
|
||||||
- secretKey: TOKENS
|
- secretKey: TOKENS
|
||||||
remoteRef:
|
remoteRef:
|
||||||
key: /cl01tl/openbao/unseal
|
key: /cl01tl/openbao/unseal
|
||||||
property: TOKENS_3
|
property: tokens-3
|
||||||
- secretKey: NOTIFY_QUEUE_URLS
|
|
||||||
remoteRef:
|
|
||||||
key: /cl01tl/openbao/unseal
|
|
||||||
property: NOTIFY_QUEUE_URLS
|
|
||||||
|
|
||||||
# ---
|
---
|
||||||
# apiVersion: external-secrets.io/v1
|
apiVersion: external-secrets.io/v1
|
||||||
# kind: ExternalSecret
|
kind: ExternalSecret
|
||||||
# metadata:
|
metadata:
|
||||||
# name: openbao-token
|
name: openbao-ntfy-unseal-config
|
||||||
# namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
# labels:
|
labels:
|
||||||
# app.kubernetes.io/name: openbao-token
|
app.kubernetes.io/name: openbao-ntfy-unseal-config
|
||||||
# app.kubernetes.io/instance: {{ .Release.Name }}
|
{{- include "custom.labels" . | nindent 4 }}
|
||||||
# app.kubernetes.io/part-of: {{ .Release.Name }}
|
spec:
|
||||||
# spec:
|
secretStoreRef:
|
||||||
# secretStoreRef:
|
kind: ClusterSecretStore
|
||||||
# kind: ClusterSecretStore
|
name: openbao
|
||||||
# name: openbao
|
target:
|
||||||
# data:
|
template:
|
||||||
# - secretKey: token
|
mergePolicy: Merge
|
||||||
# remoteRef:
|
engineVersion: v2
|
||||||
# key: /cl01tl/openbao/token
|
data:
|
||||||
# property: token
|
NOTIFY_QUEUE_URLS: "{{ `{{ .endpoint }}` }}/{{ `{{ .topic }}` }}/?priority=4&tags=vault,unseal&title=Vault+Unsealed"
|
||||||
# - secretKey: unseal_key_1
|
data:
|
||||||
# remoteRef:
|
- secretKey: endpoint
|
||||||
# key: /cl01tl/openbao/token
|
remoteRef:
|
||||||
# property: unseal_key_1
|
key: /cl01tl/ntfy/users/cl01tl
|
||||||
# - secretKey: unseal_key_2
|
property: internal-endpoint-credential
|
||||||
# remoteRef:
|
- secretKey: topic
|
||||||
# key: /cl01tl/openbao/token
|
remoteRef:
|
||||||
# property: unseal_key_2
|
key: /cl01tl/ntfy/topics
|
||||||
# - secretKey: unseal_key_3
|
property: openbao
|
||||||
# remoteRef:
|
|
||||||
# key: /cl01tl/openbao/token
|
|
||||||
# property: unseal_key_3
|
|
||||||
# - secretKey: unseal_key_4
|
|
||||||
# remoteRef:
|
|
||||||
# key: /cl01tl/openbao/token
|
|
||||||
# property: unseal_key_4
|
|
||||||
# - secretKey: unseal_key_5
|
|
||||||
# remoteRef:
|
|
||||||
# key: /cl01tl/openbao/token
|
|
||||||
# property: unseal_key_5
|
|
||||||
|
|||||||
@@ -160,6 +160,8 @@ unseal:
|
|||||||
envFrom:
|
envFrom:
|
||||||
- secretRef:
|
- secretRef:
|
||||||
name: openbao-unseal-config-1
|
name: openbao-unseal-config-1
|
||||||
|
- secretRef:
|
||||||
|
name: openbao-ntfy-unseal-config
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: 1m
|
cpu: 1m
|
||||||
@@ -176,6 +178,8 @@ unseal:
|
|||||||
envFrom:
|
envFrom:
|
||||||
- secretRef:
|
- secretRef:
|
||||||
name: openbao-unseal-config-2
|
name: openbao-unseal-config-2
|
||||||
|
- secretRef:
|
||||||
|
name: openbao-ntfy-unseal-config
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: 1m
|
cpu: 1m
|
||||||
@@ -192,6 +196,8 @@ unseal:
|
|||||||
envFrom:
|
envFrom:
|
||||||
- secretRef:
|
- secretRef:
|
||||||
name: openbao-unseal-config-3
|
name: openbao-unseal-config-3
|
||||||
|
- secretRef:
|
||||||
|
name: openbao-ntfy-unseal-config
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: 1m
|
cpu: 1m
|
||||||
|
|||||||
@@ -55,5 +55,5 @@ spec:
|
|||||||
data:
|
data:
|
||||||
- secretKey: PAPERLESS_SOCIALACCOUNT_PROVIDERS
|
- secretKey: PAPERLESS_SOCIALACCOUNT_PROVIDERS
|
||||||
remoteRef:
|
remoteRef:
|
||||||
key: /authentik/oidc/paperless-ngx
|
key: /cl01tl/authentik/oidc/paperless-ngx
|
||||||
property: PAPERLESS_SOCIALACCOUNT_PROVIDERS
|
property: PAPERLESS_SOCIALACCOUNT_PROVIDERS
|
||||||
|
|||||||
@@ -71,9 +71,9 @@ qbittorrent:
|
|||||||
name: protonvpn-wireguard-conf
|
name: protonvpn-wireguard-conf
|
||||||
key: private-key
|
key: private-key
|
||||||
- name: FIREWALL_OUTBOUND_SUBNETS
|
- name: FIREWALL_OUTBOUND_SUBNETS
|
||||||
value: 192.168.1.0/24,10.244.0.0/16
|
value: 192.168.1.0/24,10.0.0.0/8
|
||||||
- name: FIREWALL_INPUT_PORTS
|
- name: FIREWALL_INPUT_PORTS
|
||||||
value: 5030,50300
|
value: 8080,9022
|
||||||
- name: VPN_PORT_FORWARDING
|
- name: VPN_PORT_FORWARDING
|
||||||
value: 'on'
|
value: 'on'
|
||||||
- name: VPN_PORT_FORWARDING_UP_COMMAND
|
- name: VPN_PORT_FORWARDING_UP_COMMAND
|
||||||
|
|||||||
@@ -44,7 +44,7 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
secretStoreRef:
|
secretStoreRef:
|
||||||
kind: ClusterSecretStore
|
kind: ClusterSecretStore
|
||||||
name: vault
|
name: openbao
|
||||||
data:
|
data:
|
||||||
- secretKey: ACCESS_KEY_ID
|
- secretKey: ACCESS_KEY_ID
|
||||||
remoteRef:
|
remoteRef:
|
||||||
@@ -79,7 +79,7 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
secretStoreRef:
|
secretStoreRef:
|
||||||
kind: ClusterSecretStore
|
kind: ClusterSecretStore
|
||||||
name: vault
|
name: openbao
|
||||||
data:
|
data:
|
||||||
- secretKey: ACCESS_KEY_ID
|
- secretKey: ACCESS_KEY_ID
|
||||||
remoteRef:
|
remoteRef:
|
||||||
@@ -114,7 +114,7 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
secretStoreRef:
|
secretStoreRef:
|
||||||
kind: ClusterSecretStore
|
kind: ClusterSecretStore
|
||||||
name: vault
|
name: openbao
|
||||||
data:
|
data:
|
||||||
- secretKey: ACCESS_KEY_ID
|
- secretKey: ACCESS_KEY_ID
|
||||||
remoteRef:
|
remoteRef:
|
||||||
@@ -149,7 +149,7 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
secretStoreRef:
|
secretStoreRef:
|
||||||
kind: ClusterSecretStore
|
kind: ClusterSecretStore
|
||||||
name: vault
|
name: openbao
|
||||||
data:
|
data:
|
||||||
- secretKey: ACCESS_KEY_ID
|
- secretKey: ACCESS_KEY_ID
|
||||||
remoteRef:
|
remoteRef:
|
||||||
@@ -184,7 +184,7 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
secretStoreRef:
|
secretStoreRef:
|
||||||
kind: ClusterSecretStore
|
kind: ClusterSecretStore
|
||||||
name: vault
|
name: openbao
|
||||||
data:
|
data:
|
||||||
- secretKey: ACCESS_KEY_ID
|
- secretKey: ACCESS_KEY_ID
|
||||||
remoteRef:
|
remoteRef:
|
||||||
|
|||||||
@@ -9,7 +9,7 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
secretStoreRef:
|
secretStoreRef:
|
||||||
kind: ClusterSecretStore
|
kind: ClusterSecretStore
|
||||||
name: vault
|
name: openbao
|
||||||
data:
|
data:
|
||||||
- secretKey: metrics-password
|
- secretKey: metrics-password
|
||||||
remoteRef:
|
remoteRef:
|
||||||
|
|||||||
@@ -10,7 +10,7 @@ searxng:
|
|||||||
main:
|
main:
|
||||||
image:
|
image:
|
||||||
repository: searxng/searxng
|
repository: searxng/searxng
|
||||||
tag: latest@sha256:37c616a774b90fb5df9239eb143f1b11866ddf7b830cd1ebcca6ba11b38cc2bf
|
tag: latest@sha256:c9100c29c14a77d5289263a671580226c3b8a396a1a0130d2f500f57076a0119
|
||||||
env:
|
env:
|
||||||
- name: SEARXNG_BASE_URL
|
- name: SEARXNG_BASE_URL
|
||||||
value: http://searxng-api.searxng:8080
|
value: http://searxng-api.searxng:8080
|
||||||
@@ -38,7 +38,7 @@ searxng:
|
|||||||
main:
|
main:
|
||||||
image:
|
image:
|
||||||
repository: searxng/searxng
|
repository: searxng/searxng
|
||||||
tag: latest@sha256:37c616a774b90fb5df9239eb143f1b11866ddf7b830cd1ebcca6ba11b38cc2bf
|
tag: latest@sha256:c9100c29c14a77d5289263a671580226c3b8a396a1a0130d2f500f57076a0119
|
||||||
env:
|
env:
|
||||||
- name: SEARXNG_BASE_URL
|
- name: SEARXNG_BASE_URL
|
||||||
value: https://searxng.alexlebens.net/
|
value: https://searxng.alexlebens.net/
|
||||||
|
|||||||
@@ -73,7 +73,7 @@ slskd:
|
|||||||
name: protonvpn-wireguard-conf
|
name: protonvpn-wireguard-conf
|
||||||
key: private-key
|
key: private-key
|
||||||
- name: FIREWALL_OUTBOUND_SUBNETS
|
- name: FIREWALL_OUTBOUND_SUBNETS
|
||||||
value: 192.168.1.0/24,10.244.0.0/16
|
value: 192.168.1.0/24,10.0.0.0/8
|
||||||
- name: FIREWALL_INPUT_PORTS
|
- name: FIREWALL_INPUT_PORTS
|
||||||
value: 5030,50300
|
value: 5030,50300
|
||||||
- name: DNS_UPSTREAM_RESOLVER_TYPE
|
- name: DNS_UPSTREAM_RESOLVER_TYPE
|
||||||
|
|||||||
@@ -62,7 +62,7 @@ tubearchivist:
|
|||||||
name: protonvpn-wireguard-conf
|
name: protonvpn-wireguard-conf
|
||||||
key: private-key
|
key: private-key
|
||||||
- name: FIREWALL_OUTBOUND_SUBNETS
|
- name: FIREWALL_OUTBOUND_SUBNETS
|
||||||
value: 192.168.1.0/24,10.244.0.0/16
|
value: 192.168.1.0/24,10.0.0.0/8
|
||||||
- name: FIREWALL_INPUT_PORTS
|
- name: FIREWALL_INPUT_PORTS
|
||||||
value: 80,8000,24000
|
value: 80,8000,24000
|
||||||
- name: DNS_UPSTREAM_RESOLVER_TYPE
|
- name: DNS_UPSTREAM_RESOLVER_TYPE
|
||||||
|
|||||||
@@ -1,5 +1,24 @@
|
|||||||
apiVersion: external-secrets.io/v1
|
apiVersion: external-secrets.io/v1
|
||||||
kind: ExternalSecret
|
kind: ExternalSecret
|
||||||
|
metadata:
|
||||||
|
name: vault-token
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: vault-token
|
||||||
|
{{- include "custom.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
secretStoreRef:
|
||||||
|
kind: ClusterSecretStore
|
||||||
|
name: openbao
|
||||||
|
data:
|
||||||
|
- secretKey: token
|
||||||
|
remoteRef:
|
||||||
|
key: /cl01tl/vault/token
|
||||||
|
property: root
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: external-secrets.io/v1
|
||||||
|
kind: ExternalSecret
|
||||||
metadata:
|
metadata:
|
||||||
name: vault-snapshot-agent-role
|
name: vault-snapshot-agent-role
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
@@ -74,7 +93,7 @@ spec:
|
|||||||
data:
|
data:
|
||||||
- secretKey: BUCKET
|
- secretKey: BUCKET
|
||||||
remoteRef:
|
remoteRef:
|
||||||
key: /digital-ocean/home-infra/vault-backup
|
key: /digital-ocean/home-infra/vault-backups
|
||||||
property: BUCKET_PATH
|
property: BUCKET_PATH
|
||||||
|
|
||||||
---
|
---
|
||||||
@@ -174,12 +193,12 @@ spec:
|
|||||||
data:
|
data:
|
||||||
- secretKey: NTFY_TOKEN
|
- secretKey: NTFY_TOKEN
|
||||||
remoteRef:
|
remoteRef:
|
||||||
key: /ntfy/user/cl01tl
|
key: /cl01tl/ntfy/users/cl01tl
|
||||||
property: token
|
property: token
|
||||||
- secretKey: NTFY_ENDPOINT
|
- secretKey: NTFY_ENDPOINT
|
||||||
remoteRef:
|
remoteRef:
|
||||||
key: /ntfy/user/cl01tl
|
key: /cl01tl/ntfy/config
|
||||||
property: endpoint
|
property: internal-endpoint
|
||||||
- secretKey: NTFY_TOPIC
|
- secretKey: NTFY_TOPIC
|
||||||
remoteRef:
|
remoteRef:
|
||||||
key: /cl01tl/ntfy/topics
|
key: /cl01tl/ntfy/topics
|
||||||
|
|||||||
@@ -14,7 +14,7 @@ spec:
|
|||||||
- secretKey: SECRET
|
- secretKey: SECRET
|
||||||
remoteRef:
|
remoteRef:
|
||||||
key: /cl01tl/yamtrack/config
|
key: /cl01tl/yamtrack/config
|
||||||
property: SECRET
|
property: secret
|
||||||
|
|
||||||
---
|
---
|
||||||
apiVersion: external-secrets.io/v1
|
apiVersion: external-secrets.io/v1
|
||||||
|
|||||||
Reference in New Issue
Block a user