summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitmodules7
-rw-r--r--data.d/etc-nixos/.gitignore2
-rw-r--r--data.d/etc-nixos/README.md119
-rw-r--r--data.d/etc-nixos/apps/vpn-tinc.nix283
-rw-r--r--data.d/etc-nixos/env/global.nix72
-rw-r--r--data.d/etc-nixos/env/laptop.nix13
-rw-r--r--data.d/etc-nixos/env/server.nix7
-rw-r--r--data.d/etc-nixos/env/workstation.nix74
-rw-r--r--data.d/etc-nixos/wm/awesome.nix30
-rw-r--r--data.d/etc-nixos/wm/herbstluftwm.nix22
-rw-r--r--data.d/etc-nixos/wm/kde.nix55
-rw-r--r--data.d/etc-portage/.gitignore3
-rw-r--r--data.d/etc-portage/binrepos.conf/gentoobinhost.conf3
-rw-r--r--data.d/etc-portage/binrepos.conf/tyilnet.conf3
-rw-r--r--data.d/etc-portage/make.conf/00-defaults.conf15
-rw-r--r--data.d/etc-portage/make.conf/10-global.conf56
-rw-r--r--data.d/etc-portage/package.accept_keywords/15-vpn.accept_keywords1
-rw-r--r--data.d/etc-portage/package.license1
-rw-r--r--data.d/etc-portage/package.use/10-kernel.use3
-rw-r--r--data.d/etc-portage/package.use/15-apcupsd.use1
-rw-r--r--data.d/etc-portage/repos.conf/gentoo.conf19
-rw-r--r--data.d/etc-portage/sets/mintlab22
-rw-r--r--data.d/etc-portage/sets/tyil47
-rw-r--r--data.d/etc-portage/sets/tyil-gaming2
-rw-r--r--data.d/etc-portage/sets/tyil-gui53
-rw-r--r--data.d/etc-portage/sets/tyil-laptop7
-rw-r--r--data.d/etc-portage/sets/tyil-workstation16
-rw-r--r--data.d/etc-portage/sets/yubikey2
-rw-r--r--data.d/k3s-master/manifests.d/_/namespaces.yaml60
-rw-r--r--data.d/k3s-master/manifests.d/_/pv/dist.yaml21
-rw-r--r--data.d/k3s-master/manifests.d/_/pv/etc-lldap.yaml21
-rw-r--r--data.d/k3s-master/manifests.d/auth-system/lldap/deployment.yaml65
-rw-r--r--data.d/k3s-master/manifests.d/auth-system/lldap/ingress.yaml31
-rw-r--r--data.d/k3s-master/manifests.d/auth-system/lldap/pvc.yaml15
-rw-r--r--data.d/k3s-master/manifests.d/auth-system/lldap/service.yaml52
-rw-r--r--data.d/k3s-master/manifests.d/base-system/amdgpu-device-plugin.yaml42
-rw-r--r--data.d/k3s-master/manifests.d/base-system/cert-manager.yaml28
-rw-r--r--data.d/k3s-master/manifests.d/base-system/fuse-device-plugin.yaml36
-rw-r--r--data.d/k3s-master/manifests.d/base-system/ingress-nginx.yaml32
-rw-r--r--data.d/k3s-master/manifests.d/base-system/sealed-secrets.yaml18
-rw-r--r--data.d/k3s-master/manifests.d/base-system/seaweedfs-csi-driver.yaml14
-rw-r--r--data.d/k3s-master/manifests.d/base-system/vertical-pod-autoscaler.yaml14
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/biboumi/deployment.yaml55
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/biboumi/secret-config.yaml17
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/cgit/configmap.yaml68
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/cgit/deployment.yaml51
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/cgit/ingress.yaml31
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/cgit/service.yaml23
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/dist/deployment.yaml47
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/dist/ingress.yaml31
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/dist/pvc.yaml15
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/dist/service.yaml (renamed from playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/service.yaml)14
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/nextcloud/cron.yaml36
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/nextcloud/deployment.yaml (renamed from playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/deployment.yaml)27
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/nextcloud/ingress.yaml35
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/nextcloud/service.yaml23
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/prosody/configmap.yaml160
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/prosody/deployment.yaml66
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/prosody/ingress.yaml33
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/prosody/secret-components.yaml17
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/prosody/secret-config.yaml16
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/prosody/service.yaml56
-rw-r--r--data.d/k3s-master/manifests.d/public-services/invidious/deployment.yaml56
-rw-r--r--data.d/k3s-master/manifests.d/public-services/invidious/ingress.yaml (renamed from playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/ingress.yaml)14
-rw-r--r--data.d/k3s-master/manifests.d/public-services/invidious/service.yaml25
-rw-r--r--data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-blockdiag.yaml34
-rw-r--r--data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-bpmn.yaml (renamed from playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/deployment.yaml)21
-rw-r--r--data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-excalidraw.yaml34
-rw-r--r--data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-mermaid.yaml33
-rw-r--r--data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki.yaml53
-rw-r--r--data.d/k3s-master/manifests.d/public-services/kroki/ingress-kroki.yaml (renamed from playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/ingress.yaml)20
-rw-r--r--data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-blockdiag.yaml22
-rw-r--r--data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-bpmn.yaml (renamed from playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/service.yaml)10
-rw-r--r--data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-excalidraw.yaml22
-rw-r--r--data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-mermaid.yaml (renamed from playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/service.yaml)10
-rw-r--r--data.d/k3s-master/manifests.d/public-services/kroki/service-kroki.yaml (renamed from playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/service.yaml)10
-rw-r--r--data.d/k3s-master/manifests.d/servarr/bazarr/deployment.yaml78
-rw-r--r--data.d/k3s-master/manifests.d/servarr/bazarr/ingress.yaml32
-rw-r--r--data.d/k3s-master/manifests.d/servarr/bazarr/service.yaml22
-rw-r--r--data.d/k3s-master/manifests.d/servarr/jellyfin/deployment.yaml103
-rw-r--r--data.d/k3s-master/manifests.d/servarr/jellyfin/ingress.yaml31
-rw-r--r--data.d/k3s-master/manifests.d/servarr/jellyfin/service.yaml23
-rw-r--r--data.d/k3s-master/manifests.d/servarr/jellyseerr/deployment.yaml54
-rw-r--r--data.d/k3s-master/manifests.d/servarr/jellyseerr/ingress.yaml31
-rw-r--r--data.d/k3s-master/manifests.d/servarr/jellyseerr/service.yaml22
-rw-r--r--data.d/k3s-master/manifests.d/servarr/lidarr/deployment.yaml60
-rw-r--r--data.d/k3s-master/manifests.d/servarr/lidarr/ingress.yaml31
-rw-r--r--data.d/k3s-master/manifests.d/servarr/lidarr/service.yaml23
-rw-r--r--data.d/k3s-master/manifests.d/servarr/prowlarr/deployment.yaml54
-rw-r--r--data.d/k3s-master/manifests.d/servarr/prowlarr/ingress.yaml31
-rw-r--r--data.d/k3s-master/manifests.d/servarr/prowlarr/service.yaml23
-rw-r--r--data.d/k3s-master/manifests.d/servarr/radarr/deployment.yaml66
-rw-r--r--data.d/k3s-master/manifests.d/servarr/radarr/ingress.yaml31
-rw-r--r--data.d/k3s-master/manifests.d/servarr/radarr/service.yaml23
-rw-r--r--data.d/k3s-master/manifests.d/servarr/readarr/deployment.yaml60
-rw-r--r--data.d/k3s-master/manifests.d/servarr/readarr/ingress.yaml31
-rw-r--r--data.d/k3s-master/manifests.d/servarr/readarr/service.yaml22
-rw-r--r--data.d/k3s-master/manifests.d/servarr/sonarr/deployment.yaml66
-rw-r--r--data.d/k3s-master/manifests.d/servarr/sonarr/ingress.yaml31
-rw-r--r--data.d/k3s-master/manifests.d/servarr/sonarr/service.yaml23
-rw-r--r--data.d/k3s-master/manifests.d/servarr/unpackerr/deployment.yaml88
-rw-r--r--data.d/k3s-master/manifests.d/servarr/whisparr/deployment.yaml60
-rw-r--r--data.d/k3s-master/manifests.d/servarr/whisparr/ingress.yaml32
-rw-r--r--data.d/k3s-master/manifests.d/servarr/whisparr/service.yaml22
-rw-r--r--data.d/vpn-tinc/hosts/anoia_tyil_net25
-rw-r--r--data.d/vpn-tinc/hosts/caeghi_tyil_net27
-rw-r--r--data.d/vpn-tinc/hosts/denahnu_tyil_net16
-rw-r--r--data.d/vpn-tinc/hosts/edephas_tyil_net27
-rw-r--r--data.d/vpn-tinc/hosts/faiwoo_tyil_net27
-rw-r--r--data.d/vpn-tinc/hosts/gaeru_tyil_net26
-rw-r--r--data.d/vpn-tinc/hosts/hurzak_tyil_net16
-rw-r--r--data.d/vpn-tinc/hosts/ivdea_tyil_net16
-rw-r--r--data.d/vpn-tinc/hosts/jaomox_tyil_net26
-rw-r--r--data.d/vpn-tinc/hosts/krohxe_tyil_net16
-rw-r--r--data.d/vpn-tinc/hosts/ludifah_tyil_net4
-rw-r--r--data.d/vpn-tinc/hosts/mieshu_tyil_net17
-rw-r--r--data.d/vpn-tinc/hosts/nouki_tyil_net17
-rw-r--r--data.d/vpn-tinc/hosts/oolah_tyil_net16
-rw-r--r--data.d/vpn-tinc/hosts/plarabe_tyil_net18
-rw-r--r--data.d/vpn-tinc/hosts/qohrei_tyil_net19
-rw-r--r--data.d/vpn-tinc/hosts/ricui_tyil_net18
-rw-r--r--data.d/vpn-wireguard/.gitignore1
-rwxr-xr-xdata.d/vpn-wireguard/hooks/post-up47
-rw-r--r--data.d/vpn-wireguard/peers/faiwoo.tyil.net5
-rw-r--r--data.d/vpn-wireguard/peers/gaeru.tyil.net5
-rw-r--r--data.d/vpn-wireguard/peers/jaomox.tyil.net5
-rw-r--r--data.d/vpn-wireguard/peers/mieshu.tyil.net5
-rw-r--r--data.d/vpn-wireguard/peers/nouki.tyil.net5
-rw-r--r--data.d/vpn-wireguard/peers/oolah.tyil.net5
-rw-r--r--data.d/vpn-wireguard/peers/qohrei.tyil.net5
-rw-r--r--data.d/vpn-wireguard/peers/ricui.tyil.net5
-rw-r--r--defaults62
-rw-r--r--hosts.d/anoia.tyil.net8
-rw-r--r--hosts.d/caeghi.tyil.net6
-rw-r--r--hosts.d/denahnu.tyil.net7
-rw-r--r--hosts.d/edephas.tyil.net29
-rw-r--r--hosts.d/faiwoo.tyil.net8
-rw-r--r--hosts.d/gaeru.tyil.net13
-rw-r--r--hosts.d/hurzak.tyil.net7
-rw-r--r--hosts.d/ivdea.tyil.net6
-rw-r--r--hosts.d/jaomox.tyil.net28
-rw-r--r--hosts.d/krohxe.tyil.net2
-rw-r--r--hosts.d/ludifah.tyil.net8
-rw-r--r--hosts.d/mieshu.tyil.net48
-rw-r--r--hosts.d/nouki.tyil.net8
-rw-r--r--hosts.d/oolah.tyil.net8
-rw-r--r--hosts.d/plarabe.tyil.net3
-rw-r--r--hosts.d/qohrei.tyil.net19
-rw-r--r--hosts.d/ricui.tyil.net12
-rw-r--r--os.d/linux-alpine_linux0
-rw-r--r--os.d/linux-debian_gnu_linux1
-rw-r--r--playbooks.d/dns-dnsmasq/description.txt1
-rw-r--r--playbooks.d/dns-dnsmasq/etc/defaults6
-rw-r--r--playbooks.d/dns-dnsmasq/etc/os.d/linux-gentoo1
-rw-r--r--playbooks.d/dns-dnsmasq/playbook.bash48
-rw-r--r--playbooks.d/dns-dnsmasq/share/dnsmasq.conf14
-rw-r--r--playbooks.d/etc-nixos/description.txt1
-rw-r--r--playbooks.d/etc-nixos/playbook.bash18
-rw-r--r--playbooks.d/etc-portage/description.txt1
-rw-r--r--playbooks.d/etc-portage/playbook.bash18
-rw-r--r--playbooks.d/git-server/playbook.bash2
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/root@bast-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/root@gaeru-ed25519.pub2
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/root@mieshu-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/root@nouki-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/root@oolah-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/tyil@anoia-ed25519.pub2
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/tyil@bast-ed25519.pub5
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/tyil@gaeru-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/tyil@ivdea-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/tyil@ludifah-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/tyil@mieshu-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/tyil@nouki-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/tyil@oolah-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/tyil@plarabe-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/tyil@sessifet-rsa.pub1
-rw-r--r--playbooks.d/k3s-master/etc/defaults12
-rw-r--r--playbooks.d/k3s-master/etc/os.d/linux-gentoo4
-rw-r--r--playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/kustomization.yaml7
-rw-r--r--playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/ingress.yaml45
-rw-r--r--playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/service.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/deployment.yaml31
-rw-r--r--playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/ingress.yaml26
-rw-r--r--playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/service.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/deployment.yaml77
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/ingress.yaml25
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/kustomization.yaml7
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/release.yaml41
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/values.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/kustomization.yaml10
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/nitter/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/nitter/release.yaml33
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/ingress.yaml25
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/deployment.yaml54
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/deployment.yaml41
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/applications.yaml14
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/gotk-components.yaml5583
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/gotk-sync.yaml27
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/kustomization.yaml5
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-configuration.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-releases.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-sources.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/namespaces.yaml14
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/applications.yaml14
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/gotk-components.yaml5583
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/gotk-sync.yaml27
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/kustomization.yaml5
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/infrastructure-configuration.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/infrastructure-releases.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/infrastructure-sources.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/namespaces.yaml14
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/configuration/cluster-issuers/kustomization.yaml7
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/configuration/cluster-issuers/letsencrypt-production.yaml16
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/configuration/cluster-issuers/letsencrypt-staging.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/configuration/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/cert-manager/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/cert-manager/release.yaml20
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/external-dns/kustomization.yaml7
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/external-dns/release.yaml24
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/external-dns/values.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/ingress-nginx/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/ingress-nginx/release.yaml26
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/sealed-secrets/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/sealed-secrets/release.yaml19
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/seaweedfs-csi-driver/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/seaweedfs-csi-driver/release.yaml22
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/sources/bitnami.yaml10
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/sources/ingress-nginx.yaml10
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/sources/jetstack.yaml10
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/sources/kustomization.yaml12
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/sources/nextcloud.yaml10
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/sources/seaweedfs.yaml12
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/sources/tyil-invidious.yaml12
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/sources/tyil-nitter.yaml12
-rw-r--r--playbooks.d/k3s-master/manifests/namespaces/base-system.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/namespaces/kustomization.yaml10
-rw-r--r--playbooks.d/k3s-master/manifests/namespaces/media.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/namespaces/personal-services.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/namespaces/public-services.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/namespaces/servarr.yaml6
-rw-r--r--playbooks.d/k3s-master/playbook.bash74
-rw-r--r--playbooks.d/k3s-node/description.txt1
-rw-r--r--playbooks.d/k3s-node/etc/defaults3
-rw-r--r--playbooks.d/k3s-node/etc/os.d/linux-gentoo2
-rw-r--r--playbooks.d/k3s-node/playbook.bash97
-rw-r--r--playbooks.d/nfs-server/description.txt1
-rw-r--r--playbooks.d/nfs-server/etc/defaults3
-rw-r--r--playbooks.d/nfs-server/etc/os.d/linux-gentoo1
-rw-r--r--playbooks.d/nfs-server/playbook.bash75
-rw-r--r--playbooks.d/nftables/description.txt1
-rw-r--r--playbooks.d/nftables/etc/defaults2
-rw-r--r--playbooks.d/nftables/playbook.bash99
-rw-r--r--playbooks.d/seaweedfs-filer/description.txt1
-rw-r--r--playbooks.d/seaweedfs-filer/etc/defaults1
-rw-r--r--playbooks.d/seaweedfs-filer/playbook.bash111
-rw-r--r--playbooks.d/seaweedfs-filer/share/filer-leveldb3.toml3
-rw-r--r--playbooks.d/seaweedfs-filer/share/filer-postgres2.toml24
-rw-r--r--playbooks.d/seaweedfs-filer/share/filer.conf7
-rw-r--r--playbooks.d/seaweedfs-master/description.txt1
-rw-r--r--playbooks.d/seaweedfs-master/etc/defaults1
-rw-r--r--playbooks.d/seaweedfs-master/playbook.bash95
-rw-r--r--playbooks.d/seaweedfs-master/share/master.conf8
-rw-r--r--playbooks.d/seaweedfs-volume/description.txt1
-rw-r--r--playbooks.d/seaweedfs-volume/etc/defaults1
-rw-r--r--playbooks.d/seaweedfs-volume/playbook.bash106
-rw-r--r--playbooks.d/seaweedfs-volume/share/volume.conf13
-rw-r--r--playbooks.d/seaweedfs/description.txt1
-rw-r--r--playbooks.d/seaweedfs/etc/defaults1
-rw-r--r--playbooks.d/seaweedfs/playbook.bash48
-rw-r--r--playbooks.d/seaweedfs/share/seaweedfs-mount@.service15
-rw-r--r--playbooks.d/ssh/playbook.bash8
-rw-r--r--playbooks.d/ssh/share/motd.satpl (renamed from playbooks.d/ssh/share/motd)0
-rw-r--r--playbooks.d/ssh/share/notify.sh8
-rw-r--r--playbooks.d/ssh/share/sshd_config.satpl (renamed from playbooks.d/ssh/share/sshd_config)2
m---------playbooks.d/vpn-tinc0
-rw-r--r--playbooks.d/vpn-tinc/description.txt1
-rw-r--r--playbooks.d/vpn-tinc/etc/defaults6
-rw-r--r--playbooks.d/vpn-tinc/etc/os.d/linux-debian_gnu_linux1
-rw-r--r--playbooks.d/vpn-tinc/playbook.bash188
-rw-r--r--playbooks.d/vpn-tinc/share/host4
-rw-r--r--playbooks.d/vpn-tinc/share/tinc-down-ifconfig3
-rw-r--r--playbooks.d/vpn-tinc/share/tinc-down-ip3
-rw-r--r--playbooks.d/vpn-tinc/share/tinc-up-ifconfig4
-rw-r--r--playbooks.d/vpn-tinc/share/tinc-up-ip6
-rw-r--r--playbooks.d/vpn-tinc/share/tinc.conf10
-rw-r--r--playbooks.d/vpn-wireguard/description.txt1
-rw-r--r--playbooks.d/vpn-wireguard/etc/defaults1
-rw-r--r--playbooks.d/vpn-wireguard/etc/os.d/linux-gentoo1
-rw-r--r--playbooks.d/vpn-wireguard/playbook.bash119
-rw-r--r--playbooks.d/vpn-wireguard/share/interface4
-rw-r--r--playbooks.d/vpn-wireguard/share/peer5
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.media13
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.s313
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.s3.misskey13
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.media22
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.s320
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.s3.misskey21
-rw-r--r--registry.d/anoia.tyil.net5
-rw-r--r--registry.d/caeghi.tyil.net1
-rw-r--r--registry.d/denahnu.tyil.net4
-rw-r--r--registry.d/edephas.tyil.net3
-rw-r--r--registry.d/faiwoo.tyil.net1
-rw-r--r--registry.d/gaeru.tyil.net1
-rw-r--r--registry.d/hurzak.tyil.net4
-rw-r--r--registry.d/ivdea.tyil.net4
-rw-r--r--registry.d/jaomox.tyil.net2
-rw-r--r--registry.d/krohxe.tyil.net4
-rw-r--r--registry.d/ludifah.tyil.net1
-rw-r--r--registry.d/mieshu.tyil.net12
-rw-r--r--registry.d/nouki.tyil.net6
-rw-r--r--registry.d/oolah.tyil.net7
-rw-r--r--registry.d/plarabe.tyil.net2
-rw-r--r--registry.d/qohrei.tyil.net4
-rw-r--r--registry.d/ricui.tyil.net5
324 files changed, 5516 insertions, 12692 deletions
diff --git a/.gitmodules b/.gitmodules
index 36d1ae1..ae999ae 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,6 +1,9 @@
[submodule "playbooks.d/www-blog"]
path = playbooks.d/www-blog
- url = https://git.tyil.nl/bashtard-playbooks/www-static
+ url = https://git.tyil.nl/bashtard/www-static
[submodule "playbooks.d/vpn-tinc"]
path = playbooks.d/vpn-tinc
- url = https://git.tyil.nl/bashtard-playbooks/vpn-tinc
+ url = https://git.tyil.nl/bashtard/vpn-tinc
+[submodule "playbooks.d/k3s-hurzak"]
+ path = playbooks.d/k3s-master
+ url = https://git.tyil.nl/bashtard/k3s-master
diff --git a/data.d/etc-nixos/.gitignore b/data.d/etc-nixos/.gitignore
new file mode 100644
index 0000000..2ee4098
--- /dev/null
+++ b/data.d/etc-nixos/.gitignore
@@ -0,0 +1,2 @@
+configuration.nix
+hardware-configuration.nix
diff --git a/data.d/etc-nixos/README.md b/data.d/etc-nixos/README.md
new file mode 100644
index 0000000..798fe0c
--- /dev/null
+++ b/data.d/etc-nixos/README.md
@@ -0,0 +1,119 @@
+# Set variables
+
+```sh
+disk=...
+zfs_pool=...
+swap_ratio=1.5
+```
+
+# Partition disk
+
+```sh
+parted -s "$disk" mklabel gpt
+```
+
+## boot
+
+### MBR
+
+We don't do MBR anymore!
+
+### EFI
+
+```sh
+parted -a optimal "$disk" mkpart primary fat32 1MiB 1001MiB
+parted "$disk" set 1 esp on
+
+mkfs.vfat -F32 "${disk}1"
+```
+
+## swap
+
+```sh
+swap_end=$(awk '/MemTotal/ { print int($2 / 1000 * '"$swap_ratio"') + 1001 }' /proc/meminfo)
+parted -a optimal "$disk" mkpart primary linux-swap 1001MiB "$swap_end"
+
+mkswap "${disk}2"
+swapon "${disk}2"
+```
+
+## zpool
+
+```sh
+parted -a optimal "$disk" mkpart primary "$swap_end" 100%
+
+zpool create \
+ -O mountpoint=none \
+ -O encryption=on \
+ -O keyformat=passphrase \
+ -O keylocation=prompt \
+ -O acltype=posixacl \
+ -O xattr=sa \
+ -O compression=zstd \
+ -O dnodesize=auto \
+ -O normalization=formD \
+ -o ashift=12 \
+ -o autotrim=on \
+ -R /mnt \
+ "$zfs_pool" "${disk}3"
+```
+
+### zfs volumes
+
+```sh
+zfs create -o mountpoint=none "$zfs_pool/rootfs"
+zfs create -o mountpoint=legacy "$zfs_pool/rootfs/nixos"
+zfs create -o mountpoint=legacy "$zfs_pool/homefs"
+zfs create -o mountpoint=legacy "$zfs_pool/homefs/root"
+zfs create -o mountpoint=legacy "$zfs_pool/homefs/tyil"
+```
+
+# Mount partitions/volumes
+
+```sh
+mount -t zfs "$zfs_pool/rootfs/nixos" /mnt
+
+mkdir -pv -- /mnt/boot
+mount -t vfat "${disk}1" /mnt/boot
+
+mkdir -pv -- /mnt/home
+mount -t zfs "$zfs_pool/homefs" /mnt/home
+
+mkdir -pv -- /mnt/root
+mkdir -pv -- /mnt/home/tyil
+mount -t zfs "$zfs_pool/homefs/root" /mnt/root
+mount -t zfs "$zfs_pool/homefs/tyil" /mnt/home/tyil
+```
+
+# Install NixOS
+
+## Configure
+
+```sh
+nixos-generate-config --root /mnt
+```
+
+Apply configs in `/mnt/etc/nixos`
+
+```nix
+{
+ boot.supportedFilesystems = [ "zfs" ];
+ boot.zfs.devNodes = ...
+ boot.zfs.forceImportRoot = false;
+ networking.hostId = $(head -c4 /dev/urandom | od -A none -t x4)
+ networking.hostName = ...
+}
+```
+
+## Install
+
+```sh
+cd /mnt && nixos-install
+```
+
+## Reboot
+
+```sh
+umount -lR /mnt
+zpool export "$zfs_pool"
+```
diff --git a/data.d/etc-nixos/apps/vpn-tinc.nix b/data.d/etc-nixos/apps/vpn-tinc.nix
new file mode 100644
index 0000000..0634ecc
--- /dev/null
+++ b/data.d/etc-nixos/apps/vpn-tinc.nix
@@ -0,0 +1,283 @@
+{ config, pkgs, ... }:
+
+# To have this node join the network, generate keys, add the new host with its
+# public keys to the list in this file, then rebuild.
+#
+# - mkdir -pv -- /etc/tinc/tyilnet
+# - nix-shell -p tinc_pre --run "tinc -n tyilnet generate-keys 4096"
+# - $EDITOR /etc/nixos/configuration.nix
+# ? networking.interfaces."tinc.tyilnet".address
+# - services.tinc.networks.tyilnet.name
+# - imports += [ "./apps/vpn-tinc.nix" ]
+# - cat /etc/tinc/tyilnet/*.pub
+# - $EDITOR /etc/nixos/apps/vpn-tinc.nix
+
+{
+ environment = {
+ etc = {
+ # This part should be written to configuration.nix while I try to learn
+ # how to do it cleanly with a simple variable
+ #
+ #"tinc/tyilnet/tinc-up".source = pkgs.writeScript "tinc-up" ''
+ # #!${pkgs.stdenv.shell}
+ # ${pkgs.nettools}/bin/ifconfig $INTERFACE 10.57.50.50 netmask 255.255.0.0
+ #'';
+ "tinc/tyilnet/tinc-down".source = pkgs.writeScript "tinc-down" ''
+ #!${pkgs.stdenv.shell}
+ /run/wrappers/bin/sudo ${pkgs.nettools}/bin/ifconfig $INTERFACE down
+ '';
+ };
+ };
+
+ networking = {
+ firewall = {
+ allowedUDPPorts = [ 655 ];
+ allowedTCPPorts = [ 655 ];
+ };
+ };
+
+ security.sudo.extraRules = [
+ {
+ users = [ "tinc.tyilnet" ];
+ commands = [
+ {
+ command = "${pkgs.nettools}/bin/ifconfig";
+ options = [ "NOPASSWD" ];
+ }
+ ];
+ }
+ ];
+
+ services = {
+ tinc = {
+ networks = {
+ tyilnet = {
+ debugLevel = 3;
+ chroot = false;
+ interfaceType = "tap";
+
+ extraConfig = ''
+ ConnectTo = caeghi_tyil_net
+ ConnectTo = denahnu_tyil_net
+ ConnectTo = faiwoo_tyil_net
+ ConnectTo = gaeru_tyil_net
+ ConnectTo = hurzak_tyil_net
+ ConnectTo = jaomox_tyil_net
+
+ Ed25519PrivateKeyFile = /etc/tinc/tyilnet/ed25519_key.priv
+ PrivateKeyFile = /etc/tinc/tyilnet/rsa_key.priv
+ '';
+
+ hosts = {
+ anoia_tyil_net = ''
+ Subnet = 10.57.100.3/32
+
+ Ed25519PublicKey = 04G6200IYDzDT3H0Yj6ZjQUIUc8tCIvzPaXmyk36e2M
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAt+7D3zRySAfd9cYnMSNhp/yRnBygmnfLdKm/dH9X7QbJ1BNcQpTP
+ I1RmC9lNlWABhB46DJUqQAQeGlZPUHxbCnmdDN6HyDaSA45m/yGUbVhN/ClK7iap
+ EXfNmxZbtE4eBHDz5DsFe7i2nla4gogyiUQsvRgIP2b2v9qzBhqf2kXwv0X+n7hv
+ HvQOdN60x/xm1+Vh6wsdX2HYatEh3dy1pfj+1RCQIWV1FDS1YVbFZFb1UJz917G/
+ DIpM/Cb/3txH0ffVh2NVqFBW3kd60Cs42/6htpHucBQ1dRVZUCKKWz1sgi5H4nty
+ HdPDPwOphrvNE7kXjvhkPIif1KtCr2SLwOK0UXR9iZtWuDH/Uxn2v7ofa0a3zKGf
+ yPrVwzhciv2cdbXPiTFyAS8YbpQUQTcuqDVi1AxE8Z0KmuvgBtTtAzMDyoTLOfzS
+ yZ3a0qQhX3nvLkXWh7cA7cquuP4LgP5iY1vJSRO2EZA61/WdKs8asl0EN8Zn8EEz
+ opnvcM3M0ptBZy1Dz2X6Lz0QliQrzajmSRhfUMTOq3ARvnLsES14ZqehavH5Ntms
+ G1OVdVnd7fqibMhWz/dKiB3uG+1e39isTPW3+22MEm4R0ngfF6olZ8SdHrIWFPW8
+ bvdzf7ebFrjuqi6qN/NdUwrzWdDGU83W2xEBsHHbHcoKaB2uwcCKvjcCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ bast_tyil_net = ''
+ Subnet = 10.57.50.50/32
+
+ Ed25519PublicKey = De60ft6TStf9oJ060kxpSmX7xJ/ZVO9EFXgQdqWcWaO
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAwvOYvgciXHsrqMHIWKDUcJjCF1ARjAxqb3s/BzRlz0XcynzpYDV/
+ EtiZWRkKmDveUILe8pk3gFlu2vwen9DGVydg+tW4G0z4NIejoC9FR8a/NpjTzMvw
+ gNCihTFpPqoqn7loy+OdHIWv34v26zUFY8r0W1XUX0O0vtUcWTHwkV6DggujFPxG
+ SM9yGyl7MxuDbr9EP520dsklWGQT93RlUizr1dm2QNLgQN6+FMTpVPJN/2uaHSMo
+ 9xx3vLltqweyvMrIWCPQQSu+vj9Dqq+4ToC2rXkEfMsjkDyVJViOzSarZfAHCdJL
+ S/aZh4PC9EMsc+DmoIQwN7fKG3CQkm3QZ2P1WKG0jNZ2jdC50G7G9QypKdPFh5Al
+ Oy6z/+VG05+ouRmfQTi12Kap7aakMOw9vjL1BSGgoTxToS7m+O5Q9ByodhVhRBMc
+ pp0ZHvPhZjM0jmtqrTtTkQDGonCiN/IxOdneTkiM0lW9UnROWqYJHL1B92sVyADw
+ S9ddyfUbUFLnOdJkF/JBFR3d5GxIcY1HVfYbugbIBGnal5koALFfhDkYJqQbbuAz
+ z1rSm4yYFWKKFThpZA1oRvEh9UJNbFOepreImCmUKZurgQZFMUjRMRtTcRXy07fR
+ /EctKPyzDKmQOHlnR4hNd3laefwL0vMO7Wra4NqoJx4MMmnPtl5s8okCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ caeghi_tyil_net = ''
+ Address = 116.202.102.33
+ Subnet = 10.57.20.2/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA2abFKFB1Dr1YMcAIWcy/2+jJn+suPyiQjz6vgt476P9a/I7SUCta
+ P5QUPxvS9pZxFVTFKzpmdKxG1pbCAkhArtNg2R1VFEiYCxS+iey+F11pMPEZFVpC
+ EIXeVDQeBm9UXjrOpcTRIwEO7Q2J2lzRrhGm6Rpb6XbdmtQ3S8XgVsXYwWoV7muf
+ TE/d5fgtz8Hghti8w86FP9q61iH6AHCREwbHEUyat5hwznmbiNJHyjx+otI63sQo
+ FS37EazhqCEvt9jyvVSmB7kVTOLnIVATWDaUlPCLLvps09eRsz6aAa7RHCGd3x/W
+ mRHxDCbeKL4ilpo/FPZhANdQImLmFovOtwZ6xawRWKPcRXhkaL24qQC0MLH9wmnY
+ oM6EMioWUa0F11iFM99DTK+NF2Pk8vHNzm0Ep5g0SHzqnAIDDzeNTC9ogwsETqL5
+ t7VY1GXuKWgta9L2q03X7FMEgjIc3lPgVLc0Ccx11MTgVzcIaLxFQ58oo+xFuc9I
+ rBqjZgJwg5MTdZiyZesLJuV+YP+yRat3LifAwIZhloSBVPU6YKx/y30BHjDM8FP1
+ OM2IzJLrafZDy034XyD4s62YsKrHMcQ3CeoQ80QjvSyWvSlvn2vEqrbWIZADi0d/
+ 8vgl44gF9g9yN++G6S7BsTJ5PNgv0jrRFu/RpEN1hVOuo+nBqFsvxW8CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ denahnu_tyil_net = ''
+ Address = 81.2.254.110
+ Subnet = 10.57.20.4/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEApFXqCta82BLknLg9jI4ZLmjROl9S9worvIo4hQeDFtZrKlelfx8f
+ RwfT9xF4YwI688FAlmZcGc1iRUTuCt+Pfbc+Lws6Kw1U/QIqAnga80chLzOkwPxV
+ idZyMPpZ0nWc/XCj63znozr6KGPVgibNKB3p/qGI7f00CVWJHlff7knAmCiShxyK
+ z+d7WglolSv7H7QE0Qz5tyMq7zkeide2MINd8Es+UpM4RpJHNIjFZmXm+lmfk/mW
+ fYYIi0z7dbOv+9fKdgljyAahL+sKIH1lfVTIaywY50eq7rAuG0UrA6/HXrNS9Hs2
+ LNPfUcDVQLwqM+ZTCbVykQ29/EyU28RRwDM/L85NY6YFSvCv35lqaeo+PokTFMI4
+ Dzro+IyEI4VvCQ4CeA8085HVTErnVMCRI4hwooyuBBmiKVB62KfHDD6D5J49dg8A
+ NzSkjmx1tqF+B8bOpk+gHJsk2ZXc1oU44S+1ydG7SdbqF2KWufpr9DIVIkTL64Cl
+ 9ymrmdW86NYTpsvUJVdqw+RW+hE55vUPr+/0mMkNVFdWy56EICxKqhW+wN80CxNE
+ raiNuFWqKPxw3yrAomsgPIuH/a3bmqsTzHb5Rmkw5nArWqSENagF5tVFSBUcZkWb
+ 6wwu/ourq6q1HXwP3Z9/03quelwKqmjPxwUCkl7CYeo8um1tjANeZvUCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ edephas_tyil_net = ''
+ Subnet = 10.57.100.7/32
+
+ Ed25519PublicKey = 4ABczlbBBLs5WMztIzafWw1ozwKZVkj4/of3Jc6awiO
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEApxmzAXv4Mch5FP5AxHmpvHjkJGxcegbFzdFzHjhdLDJ9MQQZdM1p
+ PomhyYXB9Gsq4oJIOcjqJJdbp4dchYGJ++eS3V1wwstLMTl/+kWZ4ojI9sb/J5rl
+ a3gknTjipdUuoOpdkAkXKCbq9AXyFsvLr4Q6WaFpeTuIjNb2QgPOLUmcD1eNCdnn
+ KcHQAGR3zRh3uu8zMkaJZwQDZAdRLV6b77OLe7PXCsYgQ68qw3uti3JENv8VC80T
+ UxUmv8He7xgAqRCJbD3FH3WT2O63mK9jpnFj/BKDTm5k4hUDtZRY1O92JUqQAruw
+ gq3I8mhSqFMkvt+S67u950hRzN4/ZGs7lzxRkDqDqLy+ZISN2cDpbX1i4WmZFfex
+ zj7ZbmfsVzwSF/+K31AOQrODt79bGGFwjZgAVn9Cny/bysBxrOJy39D2Awioynpc
+ mjICtRP7utpo959YmSNsEcjfamIHVfUOTsEoIYhYASmWRjrSF6v7j2bbC+aFOWsf
+ yIRZc0EtH803/Ks++ieIDWFmhB0ydtkqFm8HK2eyqOqnlHTepmrDflkxfao3JTXP
+ CbldDpUGKBcLZ5FNaJ5hlQHnJGzU+wbnc133cdYtg9vvhFVgameme8ElcOjZZxMJ
+ fPWXMAWc2Szx3Hs/jlaTSIH2GoX1Rr2HdrrNg0qOG/qhLPNrtmrxH/sCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ faiwoo_tyil_net = ''
+ Address = 65.21.5.254
+ Subnet = 10.57.20.5/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA3nBf2UWehfNWNrR6i4HJp64aPYI5SpV/7LplRwqXcmnJuHmQJ8Ht
+ Tozv5RHGGUNoSigbDxJSe16RQ0ESAzGNPSUEV6kntySXLvHSYb+SdjFm2wRpL8FI
+ 8t69ZnRF0x+4ZShfa0rgco8sDdkhuPMNrPu8U6bMs+o4Lh8sVTRhDThv2+VfQkxG
+ T4G9kgdsxP0yi8sq1uflSYY3mYlVl9OPZwSO+vcVO9JFPvkVYFrqDHtvFGFqziQ/
+ KvKcjwDTjpNVkFfJD6SIheeVrhysGk8qQIVMYc8yW9I8HGD7uP1BccZ0C/+b310i
+ y3qkNz/qqtgy0AxrrzbmFsVDgVyiPlwsD2SL+C4m6uEvB0FvYeL2/7vL8fI4RqcJ
+ ORAcA5G4FgzZRgHdZoZ1W4OB6eUCV4g9l425qbP3VVngJjX9PjPA/puz0i1IB0ZW
+ 6ijGccgYtyj5+ibt3if0+inepT2BJba7pyQ4A92ogfsQKlSg1x27CfvsGKuMZjdo
+ y/akxYPEqKHQK37smpjcQTLVmLTTbGnf30ObTNW5LOJUmBue9B4fqBA/NV4fM1Gj
+ Omw/lazjwrJuenwEeGegRQhvjKlBLdjOnzsLoVrCCIe90KK/+RVSC0Mi2D0dzEPE
+ BNSbD4EJYs+6dJVT7+sneS8iwg9kG9wZ+UjeO4vraEjMrKj9BaKiJ1cCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ gaeru_tyil_net = ''
+ Address = 37.48.120.26
+ Subnet = 10.57.20.6/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA9NUrWO0L8lqrfs4BgZsLdfJZPfKx+Fi8P4k79CIBuVfkQ4OzJmoV
+ ahupoOo5edjYLJK09epa9zFRc1DuaotYC7Wm9DdIF82WNZXN9x/Mvuq06WaKXBdj
+ iTJKbYfVN/yv8Xfjzfp4DH3txwsq+9AuICHJkHOmb0lsDinpfbmP8C8ozBnutrLM
+ XGaIzXzkV2NbunyjaiR7dho5+4P6wedck+IV63KRzepbX36OW9xImmEEpBPeMPzd
+ VOgWs35FIgnE5uumXXfIax9CA9wFahvMYUlQbxA6kCg9PTteM3C44udFx8DxzGcR
+ giKEbfxjcZ4pK9JG+LTxNZC2BK1gsUNw8sX6mEEY496cs0T10RWzRZM/HvMIpj1W
+ 5i72yh6kc8ieSr9hGIkm/oM/gwrFeC11PZQKis1P/0O5j7Lv6S7u6Edrpy/+WziV
+ Yk10eZXzHcFuVAh9+wQUeD3v4bMQA/mE8RPI9JX4Xkpbu1LOhtglEwFU1CWlG179
+ B990cfr3cjJkTqS7qEfWuNh2lQd4iwpgqyPZB7Dd7tHT5EKEZSZ+4+w9Xo8xfy0v
+ 7pdfImVHZ1PGVEsRk6AZZqcVcCRrjbKfqqL0m9JmB8vV5L3oZL/mXhFkh52aRMeZ
+ tzODNlBH0LW2TVVrBw3DJxFyRCRYjk4At8jagVe9fYM4ERkTQxqCFi0CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ hurzak_tyil_net = ''
+ Address = 178.162.131.11
+ Subnet = 10.57.20.7/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAmL0UOj+pMAV7R1Lq0rj3D+oGRnp5fz1q+jtbK3janX7gz0lFcXA8
+ k6nOAzwksihQ9QfPLa0NEFpZ8PbLZP1mTFCf4f+1RWy9S2o4hLEzi+Ka8h/X54oH
+ jOcEZQd7hGpwDGvU/lTG+1Iofh4NAsuiKIS/pT58fZ8WIGDIbL5PHYGas44MEJX6
+ BXn9CJx8kzktFGJ27isCrl93kueSqp9ajNCCsmoisJxxdyxG8L+iWktuusTOoi31
+ IhmKqhA9wf87p5bYJ7Ae1079OXT7RxjExG+z2C9s6UouxDEmI2oXtmn5luRQkikw
+ T/nV29NJoUETcgVgrW3LHKr25cbXoaeosIgRsD6bLs0plOzECNrpl+/7ZKhr86M0
+ ZynJyfoAWFVKaCHSqD9Js5HH13U7oOpTPMIZgZO0CwtESeUE1z7j4xNPMF8x9Ajg
+ E7zny0SVO5JJNPqy6WFa1s5fWjU4YlFZKPG2jpIBqgw/unOCywQlQlrJH26Oo8RF
+ 5l9ccLmdQY2HWIpeY/BCEBCAZnsEt1/dV82HvgDeULXDyUOmpPgaNzCH445lzsg6
+ xKtAyWt32VWS9x/OdAflmeHvKk+GM7g0X7g7IxCzkLRMYSn3M87IBKQ/cjE7yg50
+ CbaLBdiDc3tVmR90fRalt/7PCccPychrFRFzE7E1/RIJKzqh6JTHUVkCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ ivdea_tyil_net = ''
+ Subnet = 10.57.100.8/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA1cPD37/K8EHfro9L/qmEGcG7Ivu6Lvc9K9ry2f6YAjvLQHAwFrf3
+ WXOHwg+x6aaE8Us7f2gHs8tU4NMNz4ggSIOesDOSUrVPOrrvZJnDaPzl8+bIOCrq
+ WOlgmo3RJv4w9G0QGmE7QGK2nX/gA05zaAMDP7Jd+yh7ohtYosth3/j/hetRdLD4
+ j6D9tuwGKoQND3rlc7P4QV9bMM1wvKw63hj08YowBzD5GkYN+J833ZN2wmRqAvLp
+ cRnELg/UqSp0wu0l5VJImi8oz59zGzWPzxFBakemjCkM7xVe5LKK3ZkjwojWDTqG
+ BQXnhInrFplDm6j+A+jM1iOLwhwg1LbWthhzvrvZd68Dl3oBAsmRM8YmY7RjDpNW
+ nhqPWen5fum9kURwczY9GLj5GcRkBjEXVTU3KTpYKXeTZrRc3HT69WbbzdfXNKYj
+ aKRdL/OJZG4hNZFRgPHJP1svNrf4DLZiWIoAjeAdgXcHih1cUi2rP530YvRaajwT
+ FFDgcfRdWp00WQUkJ8Fcl//rynnZWjHSi4NXTsB7qVvdFClNqglxVewzBgBkriEO
+ n7SIXz6iNTaKLD63YaUY4oiqg4yY12P6ggY6U2atcXmK1g9syaYTIVD6MAA7XDxY
+ uI88cs2AZnjLsfpW4p7TD90r1qRZjbkguLhy71cEaIZMbH+H/8eAyD0CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ jaomox_tyil_net = ''
+ Address = 163.172.218.246
+ Subnet = 10.57.21.1/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA1hTIMQha2vUVy0c8Ci5jF06T62IDDj9FhBtDBKOsvlZ1Lzh9OsqH
+ x7blL0WNBDoqmgyX0RdDwUIqnMOttMFK4y6ARY50Yw+s8m2uy3i9FgRUn2Y+Qjc8
+ SmFh1fKt9yThKfBFDhUmTW0vjXlWR3jf77QB1PAJzk8wRmDx0GbBzcrsRMBrKc9a
+ rUN5mXz96xjkzq4vsAQ8W8aa4OmTR+oZcSe5iGzksXoh5BxmV8WjHK5ZpjuNi6qt
+ t1pWWanq3DG44/5pfvobULDh2Z1b8dV4oTGZW9CFFHmjOve5f+AQuy6nnFX9FH6R
+ dQ41GRCt3FFGMiCmej1BErPW2dE53A618vmcdd0J5Tt41TXX3oJo+gw3F1R5pNV7
+ rd6hg634Iyx5y3JIJh9gQXbygCAnq32vtI6/j60MyGHk2Iu6KjfhtN56X/PRnJxa
+ G2swLdJtUi11WgEhEdBd2x3l3P46eVj4YS48d3J++9mFKZ+ejoKosc7u5Xaj055I
+ q0fQudOZswD4i8JT5cn7VFYAZSM+Po9Yxq9tfaIm5jld4f/XJGYL39lXBrUTFBWh
+ PFXDrb35MstSVgHWlKtsLJj+Por4K5NxHdUHRIsOaMGem5GgOYos0AvkLYiQngey
+ noZ41YSSyJwitHefW46+PKmx5MVlcMcwDOSpvZImTphnlKEttg9/RwMCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ ludifah_tyil_net = ''
+ Subnet = 10.57.100.9/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA2pXuIIPoQhWLzTSsO0bvgkQ1+7RgqPVv8b6zNfmRUfj2uKy3OZEn
+ HS5TfmukDtHev/Z2p/UmBSHtaMT2/G+Nz7ogT0rMRBtjAk+DR9FYFz75zmsjQuFQ
+ U+deh/fQgrpsEDiNmapRtM6EwYYH/A/0MJ2eN9HPVUB864mN79ZfEhTWMbv6khbq
+ VwqAd+9GbjfRPLqifRpS9LuspXNpCBOl+r5l7+T1llN/BUgs71BVWbssaRUH7B2I
+ rS9qjhWfUN9RC3PX98yVbzTOeL/jxNn57eOr/KUDtRpqQwy2zFTAxT+d+X37abYK
+ OyHXBs3rLtpleoh6Hw9UNwLDUVfjpcrxwgFEogJosiA+CBG26b5H6mm+updkyKTE
+ 4r5y1+8dLQpmaLIaI7KFbPJTUaJvfGRwzulA/lDRdmZaetrHKrMqZyQ4M1Yq67Ba
+ 0cqDQEvnY/XoKTJTgNxn8cWMKm+biB7zs/92pKKPRmv6DQ+gjrDTepn5XzVbIFS9
+ GM30AqQiqoNL0PbTYWMPQmznEJo8LyehWr621/GARLTMFa3Pp7eGm7Afwy4zA4hG
+ AZLNXdEE7YMVoQUHWfiTGUl9yxX7o6g3gdZloAwGjeGB7BHOmi4SJEg1hUJ8wOn8
+ wtnjybxDTxdRkQ2RMdlsfSGZsu7jUxSjnPvwLWH/2cHXSmencQXOhTUCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ };
+ };
+}
diff --git a/data.d/etc-nixos/env/global.nix b/data.d/etc-nixos/env/global.nix
new file mode 100644
index 0000000..9bf9882
--- /dev/null
+++ b/data.d/etc-nixos/env/global.nix
@@ -0,0 +1,72 @@
+{ config, pkgs, ... }:
+
+{
+ boot = {
+ supportedFilesystems = [ "zfs" ];
+ zfs = {
+ forceImportRoot = false;
+ };
+ };
+
+ environment = {
+ binsh = "${pkgs.dash}/bin/dash";
+ shells = with pkgs; [
+ bash
+ dash
+ zsh
+ ];
+ systemPackages = with pkgs; [
+ borgbackup
+ git
+ gnupg
+ jq
+ mosh
+ silver-searcher
+ tmux
+ vim
+ ];
+ };
+
+ i18n = {
+ defaultLocale = "en_US.UTF-8";
+ supportedLocales = [
+ "C.UTF-8/UTF-8"
+ "en_US.UTF-8/UTF-8"
+ "nl_NL.UTF-8/UTF-8"
+ ];
+ };
+
+ networking = {
+ domain = "tyil.net";
+ };
+
+ programs = {
+ zsh = {
+ enable = true;
+ };
+ };
+
+ services = {
+ openssh = {
+ enable = true;
+ };
+ };
+
+ system = {
+ copySystemConfiguration = true;
+ };
+
+ time = {
+ timeZone = "Europe/Amsterdam";
+ };
+
+ users = {
+ users = {
+ tyil = {
+ extraGroups = [ "wheel" ];
+ isNormalUser = true;
+ shell = pkgs.zsh;
+ };
+ };
+ };
+}
diff --git a/data.d/etc-nixos/env/laptop.nix b/data.d/etc-nixos/env/laptop.nix
new file mode 100644
index 0000000..2681547
--- /dev/null
+++ b/data.d/etc-nixos/env/laptop.nix
@@ -0,0 +1,13 @@
+{ config, pkgs, ... }:
+
+{
+ imports = [
+ ./workstation.nix
+ ];
+
+ environment = {
+ systemPackages = with pkgs; [
+ acpi
+ ];
+ };
+}
diff --git a/data.d/etc-nixos/env/server.nix b/data.d/etc-nixos/env/server.nix
new file mode 100644
index 0000000..b04af8d
--- /dev/null
+++ b/data.d/etc-nixos/env/server.nix
@@ -0,0 +1,7 @@
+{ config, pkgs, ... }:
+
+{
+ imports = [
+ ./global.nix
+ ];
+}
diff --git a/data.d/etc-nixos/env/workstation.nix b/data.d/etc-nixos/env/workstation.nix
new file mode 100644
index 0000000..93cef52
--- /dev/null
+++ b/data.d/etc-nixos/env/workstation.nix
@@ -0,0 +1,74 @@
+{ config, pkgs, ... }:
+
+{
+ imports = [
+ ./global.nix
+ ];
+
+ environment = {
+ systemPackages = with pkgs; [
+ # CLI programs
+ kubectl
+ kubernetes-helm
+ neomutt
+ notmuch
+ ntfy-sh
+ pass
+ plantuml
+ shellcheck
+ tree
+
+ # GUI utils
+ xclip
+ xdotool
+ xprintidle
+
+ # GUI programs
+ alacritty
+ chromium
+ feh
+ mpv
+ nextcloud-client
+ pavucontrol
+ qutebrowser
+ scrot
+ yt-dlp
+ zathura
+ signal-desktop
+ ];
+ };
+
+ fonts.fonts = with pkgs; [
+ open-sans
+ liberation_ttf
+ ];
+
+ hardware = {
+ pulseaudio = {
+ enable = true;
+ };
+ };
+
+ programs = {
+ gnupg = {
+ agent = {
+ enable = true;
+ enableSSHSupport = true;
+ };
+ };
+ };
+
+ services = {
+ pcscd = {
+ enable = true;
+ };
+ };
+
+ users = {
+ users = {
+ tyil = {
+ extraGroups = [ "audio" "video" ];
+ };
+ };
+ };
+}
diff --git a/data.d/etc-nixos/wm/awesome.nix b/data.d/etc-nixos/wm/awesome.nix
new file mode 100644
index 0000000..b427f4a
--- /dev/null
+++ b/data.d/etc-nixos/wm/awesome.nix
@@ -0,0 +1,30 @@
+{ config, pkgs, ... }:
+
+{
+ environment = {
+ systemPackages = with pkgs; [
+ dunst
+ physlock
+ redshift
+ rofi
+ sxhkd
+ xcompmgr
+ ];
+ };
+
+ services = {
+ xserver = {
+ enable = true;
+ displayManager = {
+ startx = {
+ enable = true;
+ };
+ };
+ windowManager = {
+ awesome = {
+ enable = true;
+ };
+ };
+ };
+ };
+}
diff --git a/data.d/etc-nixos/wm/herbstluftwm.nix b/data.d/etc-nixos/wm/herbstluftwm.nix
new file mode 100644
index 0000000..5dd884b
--- /dev/null
+++ b/data.d/etc-nixos/wm/herbstluftwm.nix
@@ -0,0 +1,22 @@
+{ config, pkgs, ... }:
+
+{
+ environment = {
+ systemPackages = with pkgs; [
+ redshift
+ xcompmgr
+ rofi
+ ];
+ };
+
+ services = {
+ xserver = {
+ enable = true;
+ windowManager = {
+ herbstluftwm = {
+ enable = true;
+ };
+ };
+ };
+ };
+}
diff --git a/data.d/etc-nixos/wm/kde.nix b/data.d/etc-nixos/wm/kde.nix
new file mode 100644
index 0000000..6f60249
--- /dev/null
+++ b/data.d/etc-nixos/wm/kde.nix
@@ -0,0 +1,55 @@
+{ config, pkgs, ... }:
+
+{
+ environment = {
+ systemPackages = with pkgs; [
+ arc-kde-theme
+ kmymoney
+ plasma-pass
+ pinentry-qt
+ libsForQt5.kaccounts-integration
+ libsForQt5.kaccounts-providers
+ libsForQt5.kweather
+ libsForQt5.kalendar
+ libsForQt5.kmail
+ thunderbird
+ ];
+ };
+
+ networking = {
+ firewall = {
+ allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; # kdeconnect
+ allowedUDPPortRanges = [ { from = 1714; to = 1764; } ]; # kdeconnect
+ };
+ };
+
+ programs = {
+ dconf = {
+ enable = true;
+ };
+ gnupg = {
+ agent = {
+ pinentryFlavor = "qt";
+ };
+ };
+ kdeconnect = {
+ enable = true;
+ };
+ };
+
+ services = {
+ xserver = {
+ enable = true;
+ displayManager = {
+ sddm = {
+ enable = true;
+ };
+ };
+ desktopManager = {
+ plasma5 = {
+ enable = true;
+ };
+ };
+ };
+ };
+}
diff --git a/data.d/etc-portage/.gitignore b/data.d/etc-portage/.gitignore
new file mode 100644
index 0000000..baec047
--- /dev/null
+++ b/data.d/etc-portage/.gitignore
@@ -0,0 +1,3 @@
+99-*
+make.profile
+savedconfig
diff --git a/data.d/etc-portage/binrepos.conf/gentoobinhost.conf b/data.d/etc-portage/binrepos.conf/gentoobinhost.conf
new file mode 100644
index 0000000..28343d2
--- /dev/null
+++ b/data.d/etc-portage/binrepos.conf/gentoobinhost.conf
@@ -0,0 +1,3 @@
+[binhost]
+priority = 9999
+sync-uri = https://distfiles.gentoo.org/releases/amd64/binpackages/23.0/x86-64/
diff --git a/data.d/etc-portage/binrepos.conf/tyilnet.conf b/data.d/etc-portage/binrepos.conf/tyilnet.conf
new file mode 100644
index 0000000..28adec7
--- /dev/null
+++ b/data.d/etc-portage/binrepos.conf/tyilnet.conf
@@ -0,0 +1,3 @@
+[binhost]
+priority = 1337
+sync-uri = https://dist.tyil.nl/gentoo/packages
diff --git a/data.d/etc-portage/make.conf/00-defaults.conf b/data.d/etc-portage/make.conf/00-defaults.conf
new file mode 100644
index 0000000..21c3c58
--- /dev/null
+++ b/data.d/etc-portage/make.conf/00-defaults.conf
@@ -0,0 +1,15 @@
+# These settings were set by the catalyst build script that automatically
+# built this stage.
+# Please consult /usr/share/portage/config/make.conf.example for a more
+# detailed example.
+COMMON_FLAGS="-O2 -pipe"
+CFLAGS="${COMMON_FLAGS}"
+CXXFLAGS="${COMMON_FLAGS}"
+FCFLAGS="${COMMON_FLAGS}"
+FFLAGS="${COMMON_FLAGS}"
+
+# NOTE: This stage was built with the bindist Use flag enabled
+
+# This sets the language of build output to English.
+# Please keep this setting intact when reporting bugs.
+LC_MESSAGES=C.utf8
diff --git a/data.d/etc-portage/make.conf/10-global.conf b/data.d/etc-portage/make.conf/10-global.conf
new file mode 100644
index 0000000..7d11afb
--- /dev/null
+++ b/data.d/etc-portage/make.conf/10-global.conf
@@ -0,0 +1,56 @@
+USE="
+ bash-completion
+ introspection
+ vim-syntax
+ zsh-completion
+"
+
+FEATURES="
+ $FEATURES
+ buildpkg
+ getbinpkg
+ network-sandbox
+ parallel-fetch
+ parallel-install
+ sandbox
+ sign
+ userfetch
+ userpriv
+ usersandbox
+ usersync
+"
+
+EMERGE_DEFAULT_OPTS="
+ $EMERGE_DEFAULT_OPTS
+ --alert
+ --ask
+ --binpkg-changed-deps=y
+ --binpkg-respect-use=y
+ --buildpkg-exclude */*-bin
+ --buildpkg-exclude acct-*/*
+ --buildpkg-exclude sys-fs/zfs-kmod
+ --buildpkg-exclude sys-kernel/*-sources
+ --buildpkg-exclude virtual/*
+ --keep-going
+ --tree
+ --usepkg-exclude */*-bin
+ --usepkg-exclude acct-*/*
+ --usepkg-exclude sys-kernel/*-sources
+ --usepkg-exclude virtual/*
+ --verbose
+"
+
+PKGDIR="/var/portage/packages"
+DISTDIR="/var/portage/distfiles"
+
+ACCEPT_LICENSE="
+ -*
+ @FREE
+"
+
+LC_MESSAGES=C.UTF8
+
+L10N="
+ en
+ nl
+"
diff --git a/data.d/etc-portage/package.accept_keywords/15-vpn.accept_keywords b/data.d/etc-portage/package.accept_keywords/15-vpn.accept_keywords
new file mode 100644
index 0000000..2376e42
--- /dev/null
+++ b/data.d/etc-portage/package.accept_keywords/15-vpn.accept_keywords
@@ -0,0 +1 @@
+net-vpn/tinc ~*
diff --git a/data.d/etc-portage/package.license b/data.d/etc-portage/package.license
new file mode 100644
index 0000000..348558e
--- /dev/null
+++ b/data.d/etc-portage/package.license
@@ -0,0 +1 @@
+sys-kernel/linux-firmware linux-fw-redistributable
diff --git a/data.d/etc-portage/package.use/10-kernel.use b/data.d/etc-portage/package.use/10-kernel.use
new file mode 100644
index 0000000..782dae3
--- /dev/null
+++ b/data.d/etc-portage/package.use/10-kernel.use
@@ -0,0 +1,3 @@
+sys-kernel/installkernel dracut
+sys-fs/zfs dist-kernel
+sys-fs/zfs-kmod dist-kernel
diff --git a/data.d/etc-portage/package.use/15-apcupsd.use b/data.d/etc-portage/package.use/15-apcupsd.use
new file mode 100644
index 0000000..91eeffb
--- /dev/null
+++ b/data.d/etc-portage/package.use/15-apcupsd.use
@@ -0,0 +1 @@
+sys-apps/util-linux tty-helpers
diff --git a/data.d/etc-portage/repos.conf/gentoo.conf b/data.d/etc-portage/repos.conf/gentoo.conf
new file mode 100644
index 0000000..6cb6e3b
--- /dev/null
+++ b/data.d/etc-portage/repos.conf/gentoo.conf
@@ -0,0 +1,19 @@
+[DEFAULT]
+main-repo = gentoo
+
+[gentoo]
+location = /var/db/repos/gentoo
+sync-type = rsync
+sync-uri = rsync://rsync.gentoo.org/gentoo-portage
+auto-sync = yes
+sync-rsync-verify-jobs = 1
+sync-rsync-verify-metamanifest = yes
+sync-rsync-verify-max-age = 24
+sync-openpgp-key-path = /usr/share/openpgp-keys/gentoo-release.asc
+sync-openpgp-keyserver = hkps://keys.gentoo.org
+sync-openpgp-key-refresh-retry-count = 40
+sync-openpgp-key-refresh-retry-overall-timeout = 1200
+sync-openpgp-key-refresh-retry-delay-exp-base = 2
+sync-openpgp-key-refresh-retry-delay-max = 60
+sync-openpgp-key-refresh-retry-delay-mult = 4
+sync-webrsync-verify-signature = yes
diff --git a/data.d/etc-portage/sets/mintlab b/data.d/etc-portage/sets/mintlab
new file mode 100644
index 0000000..ca247c7
--- /dev/null
+++ b/data.d/etc-portage/sets/mintlab
@@ -0,0 +1,22 @@
+# DevOps utilities
+app-admin/awscli
+app-admin/helm
+app-admin/terraform
+app-containers/docker
+app-containers/docker-compose
+dev-db/postgresql
+dev-vcs/git
+net-misc/rclone
+sys-cluster/kubectl
+
+# Development tools
+dev-python/flake8
+dev-python/pip
+dev-python/virtualenv
+dev-vcs/mr
+
+# General required software
+app-admin/lastpass-cli
+
+# Browser
+www-client/chromium
diff --git a/data.d/etc-portage/sets/tyil b/data.d/etc-portage/sets/tyil
new file mode 100644
index 0000000..bf99911
--- /dev/null
+++ b/data.d/etc-portage/sets/tyil
@@ -0,0 +1,47 @@
+# System services
+app-admin/syslog-ng
+app-admin/logrotate
+net-misc/ntp
+
+# Maintainance tools
+app-admin/sudo
+app-backup/borgbackup
+app-backup/borgmatic
+app-portage/eix
+app-portage/gentoolkit
+sys-boot/grub
+sys-fs/cryptsetup
+sys-kernel/genkernel
+
+# Debugging tools
+net-analyzer/nmap
+net-analyzer/traceroute
+net-dns/bind-tools
+net-misc/telnet-bsd
+net-misc/whois
+sys-process/lsof
+
+# VPN
+net-vpn/tinc
+
+# Filesystems
+net-fs/cifs-utils
+net-fs/nfs-utils
+sys-fs/dmraid
+sys-fs/lvm2
+sys-fs/mhddfs
+sys-fs/reiserfsprogs
+sys-fs/xfsprogs
+
+# Email client
+mail-client/neomutt
+net-mail/notmuch
+
+# User tools
+app-crypt/gnupg
+app-editors/vim
+app-misc/tmux
+dev-vcs/git
+net-analyzer/openbsd-netcat
+net-misc/mosh
+sys-apps/the_silver_searcher
diff --git a/data.d/etc-portage/sets/tyil-gaming b/data.d/etc-portage/sets/tyil-gaming
new file mode 100644
index 0000000..f9f81af
--- /dev/null
+++ b/data.d/etc-portage/sets/tyil-gaming
@@ -0,0 +1,2 @@
+app-emulation/dxvk-bin
+dev-util/vulkan-tools
diff --git a/data.d/etc-portage/sets/tyil-gui b/data.d/etc-portage/sets/tyil-gui
new file mode 100644
index 0000000..071c634
--- /dev/null
+++ b/data.d/etc-portage/sets/tyil-gui
@@ -0,0 +1,53 @@
+@tyil
+
+x11-base/xorg-server
+
+# Login manager
+sys-auth/elogind
+
+# Window managers
+x11-wm/awesome
+x11-wm/openbox
+
+# Desktop "services"
+app-misc/physlock
+x11-misc/dmenu
+x11-misc/dunst
+x11-misc/redshift
+x11-misc/sxhkd
+x11-misc/xcompmgr
+x11-misc/xprintidle
+
+# Applets
+net-misc/nextcloud-client
+
+# Browsers
+www-client/elinks
+www-client/librewolf-bin
+
+# Theming
+media-fonts/freefont
+media-fonts/inconsolata
+media-fonts/noto-cjk
+media-fonts/noto-emoji
+media-fonts/open-sans
+
+# Misc applications
+app-admin/pass
+app-text/zathura
+app-text/zathura-cb
+app-text/zathura-pdf-mupdf
+media-gfx/feh
+media-gfx/scrot
+media-sound/pavucontrol
+media-video/mpv
+net-misc/yt-dlp
+x11-apps/xkill
+x11-misc/pcmanfm
+x11-misc/xclip
+x11-misc/xdotool
+x11-terms/alacritty
+
+# Rice
+#x11-apps/glava
+x11-themes/arc-theme
diff --git a/data.d/etc-portage/sets/tyil-laptop b/data.d/etc-portage/sets/tyil-laptop
new file mode 100644
index 0000000..2f3c2de
--- /dev/null
+++ b/data.d/etc-portage/sets/tyil-laptop
@@ -0,0 +1,7 @@
+@tyil-gui
+
+# System services
+gnome-extra/nm-applet
+
+# System utilities
+sys-power/acpi
diff --git a/data.d/etc-portage/sets/tyil-workstation b/data.d/etc-portage/sets/tyil-workstation
new file mode 100644
index 0000000..f2017c1
--- /dev/null
+++ b/data.d/etc-portage/sets/tyil-workstation
@@ -0,0 +1,16 @@
+app-admin/apache-tools
+app-containers/docker
+app-misc/jq
+app-shells/dash
+app-text/dos2unix
+dev-db/pgbadger
+dev-db/postgresql
+dev-texlive/texlive-latex
+dev-texlive/texlive-latexextra
+dev-texlive/texlive-latexrecommended
+dev-util/shellcheck-bin
+dev-vcs/tig
+media-gfx/plantuml
+net-analyzer/testssl
+net-fs/sshfs
+net-wireless/wpa_supplicant
diff --git a/data.d/etc-portage/sets/yubikey b/data.d/etc-portage/sets/yubikey
new file mode 100644
index 0000000..fe69e44
--- /dev/null
+++ b/data.d/etc-portage/sets/yubikey
@@ -0,0 +1,2 @@
+app-crypt/libu2f-host
+sys-apps/pcsc-lite
diff --git a/data.d/k3s-master/manifests.d/_/namespaces.yaml b/data.d/k3s-master/manifests.d/_/namespaces.yaml
new file mode 100644
index 0000000..21cd009
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/_/namespaces.yaml
@@ -0,0 +1,60 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: auth-system
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: automation
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: base-system
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: fediverse
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: monitoring
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: personal-services
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: public-services
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: registry
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: servarr
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: websites
+...
diff --git a/data.d/k3s-master/manifests.d/_/pv/dist.yaml b/data.d/k3s-master/manifests.d/_/pv/dist.yaml
new file mode 100644
index 0000000..2490f9f
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/_/pv/dist.yaml
@@ -0,0 +1,21 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: dist
+spec:
+ storageClassName: seaweedfs
+ accessModes:
+ - ReadWriteMany
+ capacity:
+ storage: 100Gi
+ persistentVolumeReclaimPolicy: Retain
+ volumeMode: Filesystem
+ csi:
+ driver: seaweedfs-csi-driver
+ volumeHandle: dist
+ volumeAttributes:
+ collection: "dist"
+ replication: "001"
+ path: "/buckets/dist"
+...
diff --git a/data.d/k3s-master/manifests.d/_/pv/etc-lldap.yaml b/data.d/k3s-master/manifests.d/_/pv/etc-lldap.yaml
new file mode 100644
index 0000000..5a4a85b
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/_/pv/etc-lldap.yaml
@@ -0,0 +1,21 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: etc-lldap
+spec:
+ storageClassName: seaweedfs
+ accessModes:
+ - ReadWriteMany
+ capacity:
+ storage: 1Gi
+ persistentVolumeReclaimPolicy: Retain
+ volumeMode: Filesystem
+ csi:
+ driver: seaweedfs-csi-driver
+ volumeHandle: etc-lldap
+ volumeAttributes:
+ collection: "etc"
+ replication: "001"
+ path: /buckets/etc/lldap
+...
diff --git a/data.d/k3s-master/manifests.d/auth-system/lldap/deployment.yaml b/data.d/k3s-master/manifests.d/auth-system/lldap/deployment.yaml
new file mode 100644
index 0000000..6eeccc0
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/auth-system/lldap/deployment.yaml
@@ -0,0 +1,65 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: lldap
+ namespace: auth-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+ spec:
+ containers:
+ - env:
+ - name: GID
+ value: "1001"
+ - name: TZ
+ value: Europe/Amsterdam
+ - name: UID
+ value: "1001"
+ image: nitnelave/lldap:latest
+ name: lldap
+ ports:
+ - name: ldap
+ containerPort: 3890
+ - name: ldaps
+ containerPort: 6360
+ - name: http
+ containerPort: 8080
+ volumeMounts:
+ - mountPath: /data
+ name: data
+ - mountPath: /etc/tls
+ name: tls
+ resources:
+ requests:
+ memory: 32Mi
+ limits:
+ memory: 128Mi
+ restartPolicy: Always
+ volumes:
+ - name: data
+ persistentVolumeClaim:
+ claimName: lldap
+ - name: tls
+ secret:
+ secretName: tls-nl.tyil.lldap
+...
diff --git a/data.d/k3s-master/manifests.d/auth-system/lldap/ingress.yaml b/data.d/k3s-master/manifests.d/auth-system/lldap/ingress.yaml
new file mode 100644
index 0000000..95b63bb
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/auth-system/lldap/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: lldap
+ namespace: auth-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt"
+spec:
+ ingressClassName: nginx
+ tls:
+ - hosts:
+ - lldap.tyil.nl
+ secretName: tls-nl.tyil.lldap
+ rules:
+ - host: lldap.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: lldap
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/auth-system/lldap/pvc.yaml b/data.d/k3s-master/manifests.d/auth-system/lldap/pvc.yaml
new file mode 100644
index 0000000..666a465
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/auth-system/lldap/pvc.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: lldap
+ namespace: auth-system
+spec:
+ storageClassName: seaweedfs
+ volumeName: etc-lldap
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 1Gi
+...
diff --git a/data.d/k3s-master/manifests.d/auth-system/lldap/service.yaml b/data.d/k3s-master/manifests.d/auth-system/lldap/service.yaml
new file mode 100644
index 0000000..6539352
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/auth-system/lldap/service.yaml
@@ -0,0 +1,52 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: lldap
+ namespace: auth-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+spec:
+ ipFamilyPolicy: PreferDualStack
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+ ports:
+ - name: http
+ port: 80
+ targetPort: 8080
+...
+---
+apiVersion: v1
+kind: Service
+metadata:
+ # This port may _not_ be named "lldap_ldap", as the application itself wants
+ # to use LLDAP_LDAP_PORT, which Kubernetes will override with a value the
+ # application can't handle.
+ name: ldap
+ namespace: auth-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+spec:
+ ipFamilyPolicy: PreferDualStack
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+ ports:
+ - name: ldap
+ port: 389
+ targetPort: 3890
+ - name: ldaps
+ port: 636
+ targetPort: 6360
+...
diff --git a/data.d/k3s-master/manifests.d/base-system/amdgpu-device-plugin.yaml b/data.d/k3s-master/manifests.d/base-system/amdgpu-device-plugin.yaml
new file mode 100644
index 0000000..6051e18
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/base-system/amdgpu-device-plugin.yaml
@@ -0,0 +1,42 @@
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: amdgpu-device-plugin-daemonset
+ namespace: kube-system
+spec:
+ selector:
+ matchLabels:
+ name: amdgpu-dp-ds
+ template:
+ metadata:
+ labels:
+ name: amdgpu-dp-ds
+ spec:
+ nodeSelector:
+ kubernetes.io/arch: amd64
+ amdgpu: "true"
+ priorityClassName: system-node-critical
+ tolerations:
+ - key: CriticalAddonsOnly
+ operator: Exists
+ containers:
+ - image: rocm/k8s-device-plugin
+ name: amdgpu-dp-cntr
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop: ["ALL"]
+ volumeMounts:
+ - name: dp
+ mountPath: /var/lib/kubelet/device-plugins
+ - name: sys
+ mountPath: /sys
+ volumes:
+ - name: dp
+ hostPath:
+ path: /var/lib/kubelet/device-plugins
+ - name: sys
+ hostPath:
+ path: /sys
+...
diff --git a/data.d/k3s-master/manifests.d/base-system/cert-manager.yaml b/data.d/k3s-master/manifests.d/base-system/cert-manager.yaml
new file mode 100644
index 0000000..6f0c1a5
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/base-system/cert-manager.yaml
@@ -0,0 +1,28 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+ name: cert-manager
+ namespace: base-system
+spec:
+ repo: https://charts.jetstack.io
+ chart: cert-manager
+ valuesContent: |
+ installCRDs: true
+...
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+ name: letsencrypt
+spec:
+ acme:
+ email: root@tyil.net
+ server: https://acme-v02.api.letsencrypt.org/directory
+ privateKeySecretRef:
+ name: clusterissuer-letsencrypt
+ solvers:
+ - http01:
+ ingress:
+ class: nginx
+...
diff --git a/data.d/k3s-master/manifests.d/base-system/fuse-device-plugin.yaml b/data.d/k3s-master/manifests.d/base-system/fuse-device-plugin.yaml
new file mode 100644
index 0000000..90ffad7
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/base-system/fuse-device-plugin.yaml
@@ -0,0 +1,36 @@
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: fuse-device-plugin-daemonset
+ namespace: base-system
+spec:
+ selector:
+ matchLabels:
+ name: fuse-device-plugin-ds
+ template:
+ metadata:
+ labels:
+ name: fuse-device-plugin-ds
+ spec:
+ hostNetwork: true
+ containers:
+ - image: flavio/fuse-device-plugin
+ name: fuse-device-plugin-ctr
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop: ["ALL"]
+ volumeMounts:
+ - name: device-plugin
+ mountPath: /var/lib/kubelet/device-plugins
+ volumes:
+ - name: device-plugin
+ hostPath:
+ path: /var/lib/kubelet/device-plugins
+ #imagePullSecrets:
+ # - name: registry-secret
+ tolerations:
+ - key: tyil.net/role
+ operator: Exists
+...
diff --git a/data.d/k3s-master/manifests.d/base-system/ingress-nginx.yaml b/data.d/k3s-master/manifests.d/base-system/ingress-nginx.yaml
new file mode 100644
index 0000000..6fe5057
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/base-system/ingress-nginx.yaml
@@ -0,0 +1,32 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+ name: ingress-nginx
+ namespace: base-system
+spec:
+ repo: https://kubernetes.github.io/ingress-nginx
+ chart: ingress-nginx
+ valuesContent: |-
+ controller:
+ kind: DaemonSet
+ allowSnippetAnnotations: true
+ config:
+ block-user-agents: >
+ ~*.*ahrefsbot.*,
+ ~*.*amazonbot.*,
+ ~*.*barkrowler.*,
+ ~*.*bytespider.*,
+ ~*.*claudeBot.*,
+ ~*.*dotbot.*,
+ ~*.*facebookexternalhit.*,
+ ~*.*googlebot.*,
+ ~*.*mozilla\/5\.0\ \(linux\;\ android\ 6\.0\.1\;\ nexus\ 5x\ build\/mmb29p\).*,
+ ~*.*petalbot.*,
+ ~*.*semrushbot.*
+ service:
+ ipFamilyPolicy: PreferDualStack
+ externalTrafficPolicy: Local
+ nodeSelector:
+ svccontroller.k3s.cattle.io/enablelb: "true"
+...
diff --git a/data.d/k3s-master/manifests.d/base-system/sealed-secrets.yaml b/data.d/k3s-master/manifests.d/base-system/sealed-secrets.yaml
new file mode 100644
index 0000000..d8a38d8
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/base-system/sealed-secrets.yaml
@@ -0,0 +1,18 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+ name: sealed-secrets
+ namespace: base-system
+spec:
+ repo: https://bitnami-labs.github.io/sealed-secrets
+ chart: sealed-secrets
+ valuesContent: |-
+ keyrenewperiod: "672h"
+ #resources:
+ # limits: ...
+ # requests: ...
+ #metrics:
+ # serviceMonitor:
+ # enabled: false
+...
diff --git a/data.d/k3s-master/manifests.d/base-system/seaweedfs-csi-driver.yaml b/data.d/k3s-master/manifests.d/base-system/seaweedfs-csi-driver.yaml
new file mode 100644
index 0000000..f5c1edf
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/base-system/seaweedfs-csi-driver.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+ name: seaweedfs-csi-driver
+ namespace: base-system
+spec:
+ repo: https://seaweedfs.github.io/seaweedfs-csi-driver/helm
+ chart: seaweedfs-csi-driver
+ valuesContent: |-
+ seaweedfsFiler: "10.57.3.1:8888"
+ storageClassName: seaweedfs
+ isDefaultStorageClass: true
+...
diff --git a/data.d/k3s-master/manifests.d/base-system/vertical-pod-autoscaler.yaml b/data.d/k3s-master/manifests.d/base-system/vertical-pod-autoscaler.yaml
new file mode 100644
index 0000000..3b12d49
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/base-system/vertical-pod-autoscaler.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+ name: vertical-pod-autoscaler
+ namespace: base-system
+spec:
+ chart: oci://ghcr.io/stevehipwell/helm-charts/vertical-pod-autoscaler
+ version: 1.5.0
+ valuesContent: |-
+ recommenderOnly: false
+ #serviceMonitor:
+ # enabled: true
+...
diff --git a/data.d/k3s-master/manifests.d/personal-services/biboumi/deployment.yaml b/data.d/k3s-master/manifests.d/personal-services/biboumi/deployment.yaml
new file mode 100644
index 0000000..ee8a4d3
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/biboumi/deployment.yaml
@@ -0,0 +1,55 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: biboumi
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: biboumi
+ app.kubernetes.io/part-of: personal-services
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: biboumi
+ app.kubernetes.io/part-of: personal-services
+ strategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: biboumi
+ app.kubernetes.io/part-of: personal-services
+ spec:
+ containers:
+ - image: louiz/biboumi:9.0
+ name: biboumi
+ ports:
+ - containerPort: 5437
+ env:
+ - name: BIBOUMI_ADMIN
+ value: tyil@chat.tyil.nl
+ - name: BIBOUMI_DB_NAME
+ valueFrom:
+ secretKeyRef:
+ name: biboumi-config
+ key: db-name
+ - name: BIBOUMI_HOSTNAME
+ value: biboumi.chat.tyil.nl
+ - name: BIBOUMI_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: biboumi-config
+ key: password
+ - name: BIBOUMI_XMPP_SERVER_IP
+ value: prosody
+ - name: BIBOUMI_PERSISTENT_BY_DEFAULT
+ value: "true"
+ restartPolicy: Always
+...
diff --git a/data.d/k3s-master/manifests.d/personal-services/biboumi/secret-config.yaml b/data.d/k3s-master/manifests.d/personal-services/biboumi/secret-config.yaml
new file mode 100644
index 0000000..0e1ed9b
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/biboumi/secret-config.yaml
@@ -0,0 +1,17 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+ creationTimestamp: null
+ name: biboumi-config
+ namespace: personal-services
+spec:
+ encryptedData:
+ db-name: AgBTyqCQE9tlteDjO0q2hdXTUb0arZnY+mfni9D7Yq23w0bmjxa4P3YZUZ4aIaYnxIsLek1YQ6W2EgVJtWu+uWn3qwuogkQJ6zhRFjB4Gewu+EtPgCCqCFkrSb92Y7M/E/znna78q3az7dkLD0sH3NAozmZd5jeNrAzS+kIxIS2hfmIMojEJYJz/ESaAj/6J93117UUxizxoysYcFaMxoyEdeJV4+mCFENZpMsp6tqxKpTVCoPOKa62I7yVzxkHDFxJGaI7un1swt297vgB7dCM2wwtr5NA/Y1ccmYz0FgTt4oz0oiwN2HkiC7PLEAV1ru3r+3OZ9HFpgcrps6CfQBGvvgmcRgumOAl7ZGyI2Oxx3OrymojSqSxofks22IGYXmqhqhhRzGEfGK6tybIBdxB0PJ1yg6ziWNogxvvh9sNRB6rinaOZ+M9UQ7/qWo/SmP70DYkC9vbyl1AdolSEgpbENZBSPQmWhdzUktTJUhagZVmhaahsna+85zq+0wh1M3+12iIghfB8vjHCRxicQLlKBgqAiN96ZnYHhRyMgFi7zCpzNFeMXx1Kn5h29QuhcloIRTMV+S3L/ilQTDk3+1xK/ODslhNPPdoqe5YkGpu/0fTNYcb2slILO2t4mOCvo188bK4LzLfRmkRCfIJOf8vrv1uVfD3GhHH2l9diq0hadSz5kzWZydyugvpk5DNTTNj4TiCU5lmP7m7SlGgUChY2iAtP9Lz+tu3UthSvTW1Ct7dO/n68jJ9t/IvIoEZBuhlapF2jFDupkarJz/mruj+2jAt/bvlqtjA0CgZnwj/8KJjv6+9tMN+s5rJKkO8CfVDZlHF+BODmrg==
+ password: AgAXpJTkQIqKTPpube8O4AcRpAEPnbWvDnQg83DiCHejImXMrTKGr8mjaylqSnCz0AzZofF235ic/22yQrBwl0Ymk4/5KWaNfQD7sEbZwBMUnR1zvCGVtY4rQwge+FCxoGfUFKF+S6eeneIhQxlMfG1fRDvHcJuqrattn13Rv7L5QGW4kMujs+Dz6ZPwoQV3Vd4Jy400wYAElKEckVsNlPmmHz1zOW+p0ZkRRosGZHlMslNcHMAhXJwvj9Eedod/Xk61d7G/MDozCHtYtFTUvoU/QrgNzoVFOVy3sM4oVan4B+uywxQDMbhZbqGzNP/Xp/cmKHe9QTbw2jiXYgXWDdW6tRSlc9b1ic2T3Lflv1qBmzIzwvixEGJSZi14me+O6vUftattwxiH7C4nihfCwohC9GfRUGK+kHLsX7t0InN4KFClFA9bysldqHVKU9xKQc6oya/HAN5qZnBD3HyEBd4GL2lpiTgo/vyzGA7oHX1c57hl891JTnGm7fklC5fANvjDDcYbQHBAMsG91kdBYR2AXSxDJWK4eoph00uBChHA5iUYpeRWND14hDXrWcjoWRWpi2bRQJ06cp0nJ+897dfDHAj7iC7ciMhcoKW601UpxirOHbncMsSxgInW6/Q6raaEI0ezfqYRhamjPH+6uZTDZZFLfIg4/9hkSi/0ZnwEv30B1DJd9phTISUzWT1uBgW0QHzx9X/GWcx/efUk2/cZbmmUIPHZskw+C/R/e/5THuGiRteIxagFHuZ8jGcXlCt7wzd9YHePNn0mY0Y=
+ template:
+ metadata:
+ creationTimestamp: null
+ name: biboumi-config
+ namespace: personal-services
+ type: Opaque
diff --git a/data.d/k3s-master/manifests.d/personal-services/cgit/configmap.yaml b/data.d/k3s-master/manifests.d/personal-services/cgit/configmap.yaml
new file mode 100644
index 0000000..bdbc8b2
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/cgit/configmap.yaml
@@ -0,0 +1,68 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: cgit
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: cgit
+ app.kubernetes.io/part-of: personal-services
+data:
+ cgitrc: |
+ root-desc=All public repos from tyil
+
+ source-filter=/usr/lib/cgit/filters/syntax-highlighting.sh
+ about-filter=/usr/lib/cgit/filters/about-formatting.sh
+
+ readme=:INSTALL
+ readme=:INSTALL.htm
+ readme=:INSTALL.html
+ readme=:INSTALL.md
+ readme=:INSTALL.mkd
+ readme=:INSTALL.rst
+ readme=:INSTALL.txt
+ readme=:README
+ readme=:README.htm
+ readme=:README.html
+ readme=:README.md
+ readme=:README.mkd
+ readme=:README.pod6
+ readme=:README.rakudoc
+ readme=:README.rst
+ readme=:README.txt
+ readme=:install
+ readme=:install.htm
+ readme=:install.html
+ readme=:install.md
+ readme=:install.mkd
+ readme=:install.rst
+ readme=:install.txt
+ readme=:readme
+ readme=:readme.htm
+ readme=:readme.html
+ readme=:readme.md
+ readme=:readme.mkd
+ readme=:readme.rst
+ readme=:readme.txt
+
+ css=/cgit-css/cgit.css
+ logo=/cgit-css/cgit.png
+
+ #cache-root=/var/cache/cgit
+ #cache-size=1000
+
+ clone-prefix=https://git.tyil.nl
+ enable-git-config=1
+ enable-index-links=1
+ enable-index-owner=0
+ enable-log-filecount=1
+ enable-log-linecount=1
+ remove-suffix=1
+ robots=index, follow
+ scan-path=/srv/git/
+ section-from-path=1
+ snapshots=tar.gz tar.bz2
+ virtual-root=/
+...
diff --git a/data.d/k3s-master/manifests.d/personal-services/cgit/deployment.yaml b/data.d/k3s-master/manifests.d/personal-services/cgit/deployment.yaml
new file mode 100644
index 0000000..715a3f6
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/cgit/deployment.yaml
@@ -0,0 +1,51 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: cgit
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: cgit
+ app.kubernetes.io/part-of: personal-services
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: cgit
+ app.kubernetes.io/part-of: personal-services
+ strategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: cgit
+ app.kubernetes.io/part-of: personal-services
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: emarcs/nginx-cgit
+ name: cgit
+ ports:
+ - containerPort: 80
+ volumeMounts:
+ - mountPath: /srv/git
+ name: data
+ - mountPath: /etc/cgitrc
+ subPath: cgitrc
+ name: config
+ restartPolicy: Always
+ volumes:
+ - name: data
+ hostPath:
+ path: /mnt/pool/git
+ type: DirectoryOrCreate
+ - name: config
+ configMap:
+ name: cgit
+...
diff --git a/data.d/k3s-master/manifests.d/personal-services/cgit/ingress.yaml b/data.d/k3s-master/manifests.d/personal-services/cgit/ingress.yaml
new file mode 100644
index 0000000..4de2546
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/cgit/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: cgit
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: cgit
+ app.kubernetes.io/part-of: personal-services
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt"
+spec:
+ ingressClassName: nginx
+ tls:
+ - hosts:
+ - git.tyil.nl
+ secretName: tls-nl.tyil.git
+ rules:
+ - host: git.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: cgit
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/personal-services/cgit/service.yaml b/data.d/k3s-master/manifests.d/personal-services/cgit/service.yaml
new file mode 100644
index 0000000..7a6a5a2
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/cgit/service.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: cgit
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: cgit
+ app.kubernetes.io/part-of: personal-services
+spec:
+ ipFamilyPolicy: PreferDualStack
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: cgit
+ app.kubernetes.io/part-of: personal-services
+ ports:
+ - name: http
+ port: 80
+ targetPort: 80
+...
diff --git a/data.d/k3s-master/manifests.d/personal-services/dist/deployment.yaml b/data.d/k3s-master/manifests.d/personal-services/dist/deployment.yaml
new file mode 100644
index 0000000..5a85a00
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/dist/deployment.yaml
@@ -0,0 +1,47 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: dist
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: dist
+ app.kubernetes.io/part-of: personal-services
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: dist
+ app.kubernetes.io/part-of: personal-services
+ strategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: dist
+ app.kubernetes.io/part-of: personal-services
+ spec:
+ containers:
+ - image: docker.io/svenstaro/miniserve:latest
+ args:
+ - --qrcode
+ - /var/www
+ name: miniserve
+ ports:
+ - containerPort: 8080
+ volumeMounts:
+ - mountPath: /var/www
+ name: bucket
+ readOnly: true
+ restartPolicy: Always
+ volumes:
+ - name: bucket
+ persistentVolumeClaim:
+ claimName: dist
+...
diff --git a/data.d/k3s-master/manifests.d/personal-services/dist/ingress.yaml b/data.d/k3s-master/manifests.d/personal-services/dist/ingress.yaml
new file mode 100644
index 0000000..5c67478
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/dist/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: dist
+ namespace: personal-services
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt"
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: dist
+ app.kubernetes.io/part-of: personal-services
+spec:
+ ingressClassName: nginx
+ tls:
+ - hosts:
+ - dist.tyil.nl
+ secretName: tls-nl.tyil.dist
+ rules:
+ - host: dist.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: dist
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/personal-services/dist/pvc.yaml b/data.d/k3s-master/manifests.d/personal-services/dist/pvc.yaml
new file mode 100644
index 0000000..de9111f
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/dist/pvc.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: dist
+ namespace: personal-services
+spec:
+ storageClassName: seaweedfs
+ volumeName: dist
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 20Gi
+...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/service.yaml b/data.d/k3s-master/manifests.d/personal-services/dist/service.yaml
index 14e9c61..999025f 100644
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/service.yaml
+++ b/data.d/k3s-master/manifests.d/personal-services/dist/service.yaml
@@ -2,21 +2,21 @@
apiVersion: v1
kind: Service
metadata:
- name: dirlist
- namespace: media
+ name: dist
+ namespace: personal-services
labels:
app.kubernetes.io/created-by: tyil
app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: dirlist
- app.kubernetes.io/part-of: media
+ app.kubernetes.io/name: dist
+ app.kubernetes.io/part-of: personal-services
spec:
selector:
app.kubernetes.io/created-by: tyil
app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: dirlist
- app.kubernetes.io/part-of: media
+ app.kubernetes.io/name: dist
+ app.kubernetes.io/part-of: personal-services
ports:
- - protocol: TCP
+ - name: http
port: 80
targetPort: 8080
...
diff --git a/data.d/k3s-master/manifests.d/personal-services/nextcloud/cron.yaml b/data.d/k3s-master/manifests.d/personal-services/nextcloud/cron.yaml
new file mode 100644
index 0000000..79a1f15
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/nextcloud/cron.yaml
@@ -0,0 +1,36 @@
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+ name: nextcloud
+ namespace: personal-services
+spec:
+ schedule: "*/5 * * * *"
+ successfulJobsHistoryLimit: 0
+ failedJobsHistoryLimit: 2
+ jobTemplate:
+ spec:
+ template:
+ spec:
+ securityContext:
+ runAsUser: 33
+ runAsGroup: 33
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - name: nextcloud
+ image: nextcloud:27
+ command:
+ - php
+ args:
+ - -f
+ - /var/www/html/cron.php
+ volumeMounts:
+ - mountPath: /var/www/html
+ name: data
+ restartPolicy: OnFailure
+ volumes:
+ - name: data
+ hostPath:
+ path: /mnt/pool/nextcloud
+ type: Directory
+...
diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/deployment.yaml b/data.d/k3s-master/manifests.d/personal-services/nextcloud/deployment.yaml
index 9553007..250f670 100644
--- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/deployment.yaml
+++ b/data.d/k3s-master/manifests.d/personal-services/nextcloud/deployment.yaml
@@ -2,35 +2,44 @@
apiVersion: apps/v1
kind: Deployment
metadata:
- name: uptime-kuma
+ name: nextcloud
namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: nextcloud
+ app.kubernetes.io/part-of: personal-services
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/created-by: tyil
app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: uptime-kuma
+ app.kubernetes.io/name: nextcloud
app.kubernetes.io/part-of: personal-services
+ strategy:
+ type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/created-by: tyil
app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: uptime-kuma
+ app.kubernetes.io/name: nextcloud
app.kubernetes.io/part-of: personal-services
spec:
+ nodeName: "mieshu.tyil.net"
containers:
- - name: uptime-kuma
- image: louislam/uptime-kuma:1
+ - image: nextcloud:27
+ name: nextcloud
ports:
- - containerPort: 3001
+ - containerPort: 80
volumeMounts:
- - name: data
- mountPath: /app/data
+ - mountPath: /var/www/html
+ name: data
+ restartPolicy: Always
volumes:
- name: data
hostPath:
+ path: /mnt/pool/nextcloud
type: Directory
- path: /srv/personal-services/uptime-kuma
...
diff --git a/data.d/k3s-master/manifests.d/personal-services/nextcloud/ingress.yaml b/data.d/k3s-master/manifests.d/personal-services/nextcloud/ingress.yaml
new file mode 100644
index 0000000..33060ab
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/nextcloud/ingress.yaml
@@ -0,0 +1,35 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: nextcloud
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: nextcloud
+ app.kubernetes.io/part-of: personal-services
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt"
+ nginx.ingress.kubernetes.io/proxy-body-size: 512m
+# nginx.ingress.kubernetes.io/configuration-snippet: |
+# client_max_body_size 512M;
+# fastcgi_buffers 64 4K;
+spec:
+ ingressClassName: nginx
+ tls:
+ - hosts:
+ - cloud.tyil.nl
+ secretName: tls-nl.tyil.cloud
+ rules:
+ - host: cloud.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: nextcloud
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/personal-services/nextcloud/service.yaml b/data.d/k3s-master/manifests.d/personal-services/nextcloud/service.yaml
new file mode 100644
index 0000000..7e03fe2
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/nextcloud/service.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: nextcloud
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: nextcloud
+ app.kubernetes.io/part-of: personal-services
+spec:
+ ipFamilyPolicy: PreferDualStack
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: nextcloud
+ app.kubernetes.io/part-of: personal-services
+ ports:
+ - name: http
+ port: 80
+ targetPort: 80
+...
diff --git a/data.d/k3s-master/manifests.d/personal-services/prosody/configmap.yaml b/data.d/k3s-master/manifests.d/personal-services/prosody/configmap.yaml
new file mode 100644
index 0000000..2785249
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/prosody/configmap.yaml
@@ -0,0 +1,160 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: prosody-config
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prosody
+ app.kubernetes.io/part-of: personal-services
+data:
+ prosody.cfg.lua: |
+ -- Information on configuring Prosody can be found on our
+ -- website at https://prosody.im/doc/configure
+
+ daemonize = false;
+
+ ---------- Server-wide settings ----------
+ admins = {
+ "tyil@chat.tyil.nl",
+ }
+
+ log = {
+ { levels = { min = "debug" }, to = "console" };
+ }
+
+ plugin_paths = { "/usr/local/lib/prosody/modules" }
+ installer_plugin_path = "/var/lib/prosody/custom_plugins"
+
+ modules_enabled = {
+ -- Generally required
+ "disco"; -- Service discovery
+ "roster"; -- Allow users to have a roster. Recommended ;)
+ "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
+ "tls"; -- Add support for secure TLS on c2s/s2s connections
+
+ -- Not essential, but recommended
+ "adhoc"; -- XEP-0050
+ "blocklist"; -- Allow users to block communications with other users
+ --"bookmarks"; -- Synchronise the list of open rooms between clients
+ "carbons"; -- Keep multiple online clients in sync
+ "dialback"; -- Support for verifying remote servers using DNS
+ "limits"; -- Enable bandwidth limiting for XMPP connections
+ "pep"; -- Allow users to store public and private data in their account
+ "private"; -- Legacy account storage mechanism (XEP-0049)
+ --"smacks"; -- Stream management and resumption (XEP-0198)
+ "vcard4"; -- User profiles (stored in PEP)
+ "vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard
+
+ -- Nice to have
+ "csi_simple"; -- Simple but effective traffic optimizations for mobile devices
+ --"invites"; -- Create and manage invites
+ --"invites_adhoc"; -- Allow admins/users to create invitations via their client
+ --"invites_register"; -- Allows invited users to create accounts
+ "ping"; -- Replies to XMPP pings with pongs
+ "register"; -- Allow users to register on this server using a client and change passwords
+ "time"; -- Let others know the time here on this server
+ "uptime"; -- Report how long server has been running
+ "version"; -- Replies to server version requests
+ "mam"; -- Store recent messages to allow multi-device synchronization
+ --"turn_external"; -- Provide external STUN/TURN service for e.g. audio/video calls
+
+ -- Admin interfaces
+ "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
+ --"admin_shell"; -- Allow secure administration via 'prosodyctl shell'
+
+ -- HTTP modules
+ --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
+ --"http_openmetrics"; -- for exposing metrics to stats collectors
+ --"websocket"; -- XMPP over WebSockets
+
+ -- Other specific functionality
+ "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
+ --"announce"; -- Send announcement to all online users
+ --"groups"; -- Shared roster support
+ --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
+ --"mimicking"; -- Prevent address spoofing
+ --"motd"; -- Send a message to users when they log in
+ --"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
+ --"s2s_bidi"; -- Bi-directional server-to-server (XEP-0288)
+ --"server_contact_info"; -- Publish contact information for this service
+ --"tombstones"; -- Prevent registration of deleted accounts
+ --"watchregistrations"; -- Alert admins of registrations
+ --"welcome"; -- Welcome users who register accounts
+ }
+
+ modules_disabled = {
+ -- "offline"; -- Store offline messages
+ -- "c2s"; -- Handle client connections
+ -- "s2s"; -- Handle server-to-server connections
+ }
+
+ s2s_secure_auth = true
+
+ limits = {
+ c2s = {
+ rate = "10kb/s";
+ };
+ s2sin = {
+ rate = "30kb/s";
+ };
+ }
+
+ authentication = "internal_hashed"
+ archive_expires_after = "1w" -- Remove archived messages after 1 week
+
+ -- Audio/video call relay (STUN/TURN)
+ -- To ensure clients connected to the server can establish connections for
+ -- low-latency media streaming (such as audio and video calls), it is
+ -- recommended to run a STUN/TURN server for clients to use. If you do this,
+ -- specify the details here so clients can discover it.
+ -- Find more information at https://prosody.im/doc/turn
+
+ -- Specify the address of the TURN service (you may use the same domain as XMPP)
+ --turn_external_host = "turn.example.com"
+
+ -- This secret must be set to the same value in both Prosody and the TURN server
+ --turn_external_secret = "your-secret-turn-access-token"
+ statistics = "internal"
+
+ -- Load configuration from secrets
+ Include "secrets.d/*"
+
+ -- Configure components
+ component_ports = {
+ 5347,
+ }
+ component_interfaces = {
+ "*",
+ "::",
+ }
+
+ Include "components.d/*"
+
+ -- Load configuration for additional hosts
+ Include "hosts.d/*"
+...
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: prosody-vhosts
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prosody
+ app.kubernetes.io/part-of: personal-services
+data:
+ chat.tyil.nl: |
+ VirtualHost "chat.tyil.nl"
+ ssl = {
+ certificate = "certs.d/chat.tyil.nl/tls.crt";
+ key = "certs.d/chat.tyil.nl/tls.key";
+ }
+
+ Component "muc.chat.tyil.nl" "muc"
+ name = "Tyil's Chatrooms"
+...
diff --git a/data.d/k3s-master/manifests.d/personal-services/prosody/deployment.yaml b/data.d/k3s-master/manifests.d/personal-services/prosody/deployment.yaml
new file mode 100644
index 0000000..6e2e995
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/prosody/deployment.yaml
@@ -0,0 +1,66 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: prosody
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prosody
+ app.kubernetes.io/part-of: personal-services
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prosody
+ app.kubernetes.io/part-of: personal-services
+ strategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prosody
+ app.kubernetes.io/part-of: personal-services
+ spec:
+ containers:
+ - image: prosody/prosody:0.11
+ name: prosody
+ ports:
+ - containerPort: 5222
+ - containerPort: 5269
+ - containerPort: 5347
+ volumeMounts:
+ - mountPath: /etc/prosody
+ name: config
+ - mountPath: /etc/prosody/secrets.d
+ name: config-secret
+ - mountPath: /etc/prosody/components.d
+ name: config-components
+ - mountPath: /etc/prosody/hosts.d
+ name: config-hosts
+ - mountPath: /etc/prosody/certs.d/chat.tyil.nl
+ name: cert-nl-tyil-chat
+ readOnly: true
+ restartPolicy: Always
+ volumes:
+ - name: config
+ configMap:
+ name: prosody-config
+ - name: config-secret
+ secret:
+ secretName: prosody-config
+ - name: config-components
+ secret:
+ secretName: prosody-components
+ - name: config-hosts
+ configMap:
+ name: prosody-vhosts
+ - name: cert-nl-tyil-chat
+ secret:
+ secretName: tls-nl.tyil.chat
+...
diff --git a/data.d/k3s-master/manifests.d/personal-services/prosody/ingress.yaml b/data.d/k3s-master/manifests.d/personal-services/prosody/ingress.yaml
new file mode 100644
index 0000000..dfb78cd
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/prosody/ingress.yaml
@@ -0,0 +1,33 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: prosody
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prosody
+ app.kubernetes.io/part-of: personal-services
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt"
+spec:
+ ingressClassName: nginx
+ tls:
+ - hosts:
+ - chat.tyil.nl
+ - muc.chat.tyil.nl
+ - share.chat.tyil.nl
+ secretName: tls-nl.tyil.chat
+ rules:
+ - host: chat.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: prosody
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/personal-services/prosody/secret-components.yaml b/data.d/k3s-master/manifests.d/personal-services/prosody/secret-components.yaml
new file mode 100644
index 0000000..27857a1
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/prosody/secret-components.yaml
@@ -0,0 +1,17 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+ creationTimestamp: null
+ name: prosody-components
+ namespace: personal-services
+spec:
+ encryptedData:
+ biboumi.conf: AgAOjX2cxWU2bj7GDIJ5l6GlFGqnko1/o8w3VeDcTRK8lw0gGWXEQe4fn8MAwKpaauMYU9ItSWASWF0oxG9BIlV73YXRZbeiWwCZImH9No2uaaYESOssnx+Yq3kDaYUybw2ycG74ixy7ZynoH00Pkv3QMTNrmOOvUwuJdnU8mChwVbyAh1XiG253Y7eALZ7t8r7exlQ5SqPLoWt+l/loCPXPo8/mlPZX4eOngCHbgX6UPznESynn+Kjk4Jo5mNzQngPZa9+LHAjFvRnn+fZpbX7bvv01Gj6enbdmrgN0hcOncrXmZ59t746Sqwfo91LKZjqlKbD2lqO9sXjAqh3SLH1L2XRxCRBZDJTm7EuNuTJ/0tWgWI+8o9NlH3eSTbCjafBfApdK8gl2KR7XrYpQoTXiE68osP068FNmrGldr4m3qWlZ35lzEuXD93Aey4vDl0K1mSBWJ67eAhbOFrlCwhdhMyxReacdlXLOAIytQ2vPtKiInlSLlcZklBWyrHHz4l6JTMrRSehGlwjT2jDnc8Zg5lpj8msb4vNcbTM9o8RJ8p3+s01tVZU5uZ4imaZ2OUEmVxnZb5lGbEGydbULkZKGXyQSJ2vYzveLiiXuijV3jlShVol8MN2C4OHkDkuxMJKUbMc1TD5HEZDeW45Gk9+bXL2DUC9i8H/seuZp7XFrhsPbnvYqwltPecRhyJJNFSFPlGch2yFNtWvXTFfRFw1wBMwYHbnlLdCkxaDShx6KpfqexpvMdLluKuN2LIBV/+EmWjK5zQ1UcYeMwCm6Zn43CuwNurk9Lv3+7y8vfIunkpOkYjMh5gWiigaaiPbEbiBvLtP3TOGK61y2iGmAA+beA4b6mAE=
+ sleamdge.conf: AgA2akX2XFsgBWl5FN1gRjQTnkhHejr1Puixw634sAfPoGVwP7/qdFQNE6hEtvuFJ2ocBguLZviJyxJZye8G0wLDR5NZ+yg+DIWYiZBYIPHHxc6gBW1PNsb/sW9j4rDj3KX/Gr63MNdOyuh/8+z6Tf8TfbGjGorGlGH18buHAACqraumEK8/uh0WCzTMPw+lmLdmtI2YAXiHWPHck0TcKtAoKaRzr3BKqOO50Lqw20Zr5EtDqj/xvK/zZI1yE1PDDaQpxnS/PRzspvx2owyTJHTAwukZLY1Jn0deRFnkoXgL6AUt3wz7uHqEVXTxfMuvanhqUE4/Ze8kFbc0FTF8fUZZoue2tIOBKlqCN68wn1Ow6HjUlhYZlF9CLHPj/hKL+OhEx/ejCUv79gWb1/GQijJcehXnWpFzXROiW85+CoRvVgb/aan5hEVpNOBZ6KfwSyYJHfOVSKlwxE/T8NjguQMN1WEqljYq3rmtwD0T/t+xZzlVJ1xh6hEiRmwlYOrI1mAxDdUKOnvNt/VxV1lSudsDWaXhLHqlj8pz4r4Y1y418kX4v8o7GOmKOWMrCj+g/aSM2m74UIi09dLoY9bCJK+4k6zXWfJ+aTmSz1m6NzmwV9H4Gg82S9v+T5TK9vqkw9/7HnPpEu3dWbWyH4mhl1tx2/XoJp/iTc8e+e/zIhs9SETrETQkwVYIXu5fpnKAIbzf/7FFQEUTMBrgCCc7QWWhrAFAqxN69fiyEi9aGDNDzzAp6ESg2kQo/0U3oAbqdRCJj3isApgllmcFj1QYsU+FYKbPsmXk2jfU4KqWKPlXbZ4srX1wqSKSqyB64ZBvI65RXOWCFmXS4fwBsya1t6evhgj5Sw4r
+ template:
+ metadata:
+ creationTimestamp: null
+ name: prosody-components
+ namespace: personal-services
+ type: Opaque
diff --git a/data.d/k3s-master/manifests.d/personal-services/prosody/secret-config.yaml b/data.d/k3s-master/manifests.d/personal-services/prosody/secret-config.yaml
new file mode 100644
index 0000000..64e1d2a
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/prosody/secret-config.yaml
@@ -0,0 +1,16 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+ creationTimestamp: null
+ name: prosody-config
+ namespace: personal-services
+spec:
+ encryptedData:
+ storage: AgBIomSzF4Wzwl/+oRYsQLSVuiCj/7Jwr3ftXwDGiZ6GRqsOmm9KZp71+4AUGvYSp1tTkSafzwK67ZZ7k6xuiOFXFDURczN/KDw5eduCtuGVcwrJAdJmpF4S3KghKkHuFDPJyZP95uI8bkHxGr1/J2QmQ1sT0pH3sWMr5E3e7cN1j4V8dzr98I+bCOgCVghbd187gEDz0QrIRespyvjvD28kopx/eri3re+zRkTep6krbH2w1x8H/Xdgs/iqCM3IXUugT1YbBuKJBPYc2T48K/ul4ww0GqVDnpYnzP3ThL9PClhXVeKKLLyvkKPn6JW43eWy1XVZ1xNwnZZAzcr1quteZeqLDSZlK/rr3PJ8uJVvHFlNrhZn61cl3TjQ8XjLgLOapDxLIX9yLEe+uK15TJCCnnmjSBQ5mETCW/vaxeCbFOjD+qdQbU2O/GbZ06fQNWqSmu5/Z75LNWYuwn3CT09B+4lctjDjrGMuYOxhtvug6Bt0qKtqMoIYg4FTPAueLj5nJ3vWu320xBpd7RgTIt/x+f/um23OjsaGsilAoz95V1bUdHs6t8txTlsgtXDM6GpiZoY5j7NfUuxm6Px+GaHsYDj0RZRlpOVZVhyucvvJxCc975BrvYjCmyrgopAQGzFO8TSdb91N9UnJ3lxcZM9KChZC3LGjAiqEz6aZ13Yxcd5f02Q7Nfp3DXYUYqL+HnDpi4fRkysmYkYO6jqT7joc9c57I8Zw0YRIoVPm5rU04aEe9V4DsQjR70cKpyaqk3eHxzVr+kYb+zqt21q+iBTHpK4XOsiV522XPsd56aU4ukf+j2g/XduK2SSIBqV1DYntYrFEzZAmuSpDRlYMw/AIh647ksrmt04y+SHV+IoegKVu0bWfOQJbWOtQYiskMnXBNXIqk9asIPyo2nuNAbDRxH0veuY4akM6QUhJ3jjfm/uU8O/A/kaQP9P6M0Z2buL/KSlTCDnGSPx8NSkGUSe0V/izO7WuK558zg==
+ template:
+ metadata:
+ creationTimestamp: null
+ name: prosody-config
+ namespace: personal-services
+ type: Opaque
diff --git a/data.d/k3s-master/manifests.d/personal-services/prosody/service.yaml b/data.d/k3s-master/manifests.d/personal-services/prosody/service.yaml
new file mode 100644
index 0000000..22e9539
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/prosody/service.yaml
@@ -0,0 +1,56 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: xmpp
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: xmpp
+ app.kubernetes.io/part-of: personal-services
+spec:
+ ipFamilyPolicy: PreferDualStack
+ type: LoadBalancer
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prosody
+ app.kubernetes.io/part-of: personal-services
+ ports:
+ - name: xmpp-c2s
+ port: 5222
+ targetPort: 5222
+ - name: xmpp-s2s
+ port: 5269
+ targetPort: 5269
+...
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: prosody
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prosody
+ app.kubernetes.io/part-of: personal-services
+spec:
+ ipFamilyPolicy: PreferDualStack
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prosody
+ app.kubernetes.io/part-of: personal-services
+ ports:
+ - name: xmpp-c2s
+ port: 5222
+ targetPort: 5222
+ - name: xmpp-s2s
+ port: 5269
+ targetPort: 5269
+ - name: components
+ port: 5347
+ targetPort: 5347
+...
diff --git a/data.d/k3s-master/manifests.d/public-services/invidious/deployment.yaml b/data.d/k3s-master/manifests.d/public-services/invidious/deployment.yaml
new file mode 100644
index 0000000..0e3716c
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/public-services/invidious/deployment.yaml
@@ -0,0 +1,56 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: invidious
+ namespace: public-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: invidious
+ app.kubernetes.io/part-of: public-services
+spec:
+ replicas: 2
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: invidious
+ app.kubernetes.io/part-of: public-services
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: invidious
+ app.kubernetes.io/part-of: public-services
+ spec:
+ containers:
+ - name: invidious
+ image: quay.io/invidious/invidious:master
+ ports:
+ - containerPort: 8080
+ env:
+ - name: INVIDIOUS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: invidious-config
+ key: config.yml
+ resources:
+ requests:
+ memory: 1Gi
+ limits:
+ memory: 1Gi
+ nodeSelector:
+ kubernetes.io/arch: amd64
+ affinity:
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchExpressions:
+ - key: app.kubernetes.io/name
+ operator: In
+ values:
+ - invidious
+ topologyKey: "kubernetes.io/hostname"
+...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/ingress.yaml b/data.d/k3s-master/manifests.d/public-services/invidious/ingress.yaml
index 55fc30a..b2542a7 100644
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/ingress.yaml
+++ b/data.d/k3s-master/manifests.d/public-services/invidious/ingress.yaml
@@ -2,24 +2,30 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
- name: teddit
+ name: invidious
namespace: public-services
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt"
labels:
app.kubernetes.io/created-by: tyil
app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: teddit
+ app.kubernetes.io/name: invidious
app.kubernetes.io/part-of: public-services
spec:
ingressClassName: "nginx"
+ tls:
+ - hosts:
+ - youtube.alt.tyil.nl
+ secretName: tls-nl.tyil.alt.youtube
rules:
- - host: reddit.alt.tyil.nl
+ - host: youtube.alt.tyil.nl
http:
paths:
- path: /
pathType: Prefix
backend:
service:
- name: teddit
+ name: invidious-http
port:
number: 80
...
diff --git a/data.d/k3s-master/manifests.d/public-services/invidious/service.yaml b/data.d/k3s-master/manifests.d/public-services/invidious/service.yaml
new file mode 100644
index 0000000..66c4ee3
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/public-services/invidious/service.yaml
@@ -0,0 +1,25 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ # Funfact: if this name is set to "invidious", things will break!
+ # https://github.com/iv-org/invidious/issues/2970
+ name: invidious-http
+ namespace: public-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: invidious
+ app.kubernetes.io/part-of: public-services
+spec:
+ ipFamilyPolicy: PreferDualStack
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: invidious
+ app.kubernetes.io/part-of: public-services
+ ports:
+ - protocol: TCP
+ port: 80
+ targetPort: 3000
+...
diff --git a/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-blockdiag.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-blockdiag.yaml
new file mode 100644
index 0000000..9def36e
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-blockdiag.yaml
@@ -0,0 +1,34 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: kroki-blockdiag
+ namespace: public-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-blockdiag
+ app.kubernetes.io/part-of: public-services
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-blockdiag
+ app.kubernetes.io/part-of: public-services
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-blockdiag
+ app.kubernetes.io/part-of: public-services
+ spec:
+ containers:
+ - image: yuzutech/kroki-blockdiag
+ name: blockdiag
+ ports:
+ - containerPort: 8001
+ restartPolicy: Always
+...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/deployment.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-bpmn.yaml
index a4647dd..3fc2091 100644
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/deployment.yaml
+++ b/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-bpmn.yaml
@@ -2,30 +2,33 @@
apiVersion: apps/v1
kind: Deployment
metadata:
- name: omgur
+ name: kroki-bpmn
namespace: public-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-bpmn
+ app.kubernetes.io/part-of: public-services
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/created-by: tyil
app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: omgur
+ app.kubernetes.io/name: kroki-bpmn
app.kubernetes.io/part-of: public-services
template:
metadata:
labels:
app.kubernetes.io/created-by: tyil
app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: omgur
+ app.kubernetes.io/name: kroki-bpmn
app.kubernetes.io/part-of: public-services
spec:
containers:
- - name: omgur
- image: registry.gitlab.com/geraldwuhoo/omgur:latest
+ - image: yuzutech/kroki-bpmn
+ name: bpmn
ports:
- - containerPort: 8080
- env:
- - name: REDIS_HOST
- value: "10.57.100.7"
+ - containerPort: 8003
+ restartPolicy: Always
...
diff --git a/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-excalidraw.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-excalidraw.yaml
new file mode 100644
index 0000000..57fb1fe
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-excalidraw.yaml
@@ -0,0 +1,34 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: kroki-excalidraw
+ namespace: public-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-excalidraw
+ app.kubernetes.io/part-of: public-services
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-excalidraw
+ app.kubernetes.io/part-of: public-services
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-excalidraw
+ app.kubernetes.io/part-of: public-services
+ spec:
+ containers:
+ - image: yuzutech/kroki-excalidraw
+ name: excalidraw
+ ports:
+ - containerPort: 8004
+ restartPolicy: Always
+...
diff --git a/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-mermaid.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-mermaid.yaml
new file mode 100644
index 0000000..5cc3153
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-mermaid.yaml
@@ -0,0 +1,33 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: kroki-mermaid
+ namespace: public-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-mermaid
+ app.kubernetes.io/part-of: public-services
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-mermaid
+ app.kubernetes.io/part-of: public-services
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-mermaid
+ app.kubernetes.io/part-of: public-services
+ spec:
+ containers:
+ - image: yuzutech/kroki-mermaid
+ name: mermaid
+ ports:
+ - containerPort: 8002
+ restartPolicy: Always
diff --git a/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki.yaml
new file mode 100644
index 0000000..78cf239
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki.yaml
@@ -0,0 +1,53 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: kroki
+ namespace: public-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki
+ app.kubernetes.io/part-of: public-services
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki
+ app.kubernetes.io/part-of: public-services
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki
+ app.kubernetes.io/part-of: public-services
+ spec:
+ containers:
+ - image: yuzutech/kroki
+ name: kroki
+ env:
+ - name: KROKI_BLOCKDIAG_HOST
+ value: kroki-blockdiag
+ - name: KROKI_BLOCKDIAG_PORT
+ value: "80"
+ - name: KROKI_BPMN_HOST
+ value: kroki-bpmn
+ - name: KROKI_BPMN_PORT
+ value: "80"
+ - name: KROKI_EXCALIDRAW_HOST
+ value: kroki-excalidraw
+ - name: KROKI_EXCALIDRAW_PORT
+ value: "80"
+ - name: KROKI_MERMAID_HOST
+ value: kroki-mermaid
+ - name: KROKI_MERMAID_PORT
+ value: "80"
+ - name: KROKI_MAX_URI_LENGTH
+ value: "4096"
+ ports:
+ - containerPort: 8000
+ restartPolicy: Always
+...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/ingress.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/ingress-kroki.yaml
index fdbc6bf..9dea80a 100644
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/ingress.yaml
+++ b/data.d/k3s-master/manifests.d/public-services/kroki/ingress-kroki.yaml
@@ -2,24 +2,30 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
- name: searx
+ name: kroki
namespace: public-services
labels:
app.kubernetes.io/created-by: tyil
app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: searx
+ app.kubernetes.io/name: kroki
app.kubernetes.io/part-of: public-services
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt"
spec:
- ingressClassName: "nginx"
+ ingressClassName: nginx
+ tls:
+ - hosts:
+ - kroki.tyil.nl
+ secretName: tls-nl.tyil.kroki
rules:
- - host: searx.tyil.nl
+ - host: kroki.tyil.nl
http:
paths:
- - path: /
- pathType: Prefix
+ - pathType: Prefix
+ path: "/"
backend:
service:
- name: searx
+ name: kroki
port:
number: 80
...
diff --git a/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-blockdiag.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-blockdiag.yaml
new file mode 100644
index 0000000..fcd20de
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-blockdiag.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: kroki-blockdiag
+ namespace: public-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-blockdiag
+ app.kubernetes.io/part-of: public-services
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-blockdiag
+ app.kubernetes.io/part-of: public-services
+ ports:
+ - name: http
+ port: 80
+ targetPort: 8001
+...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/service.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-bpmn.yaml
index b91c1d1..c2abec2 100644
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/service.yaml
+++ b/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-bpmn.yaml
@@ -2,21 +2,21 @@
apiVersion: v1
kind: Service
metadata:
- name: teddit
+ name: kroki-bpmn
namespace: public-services
labels:
app.kubernetes.io/created-by: tyil
app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: teddit
+ app.kubernetes.io/name: kroki-bpmn
app.kubernetes.io/part-of: public-services
spec:
selector:
app.kubernetes.io/created-by: tyil
app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: teddit
+ app.kubernetes.io/name: kroki-bpmn
app.kubernetes.io/part-of: public-services
ports:
- - protocol: TCP
+ - name: http
port: 80
- targetPort: 8080
+ targetPort: 8003
...
diff --git a/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-excalidraw.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-excalidraw.yaml
new file mode 100644
index 0000000..84033ce
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-excalidraw.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: kroki-excalidraw
+ namespace: public-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-excalidraw
+ app.kubernetes.io/part-of: public-services
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-excalidraw
+ app.kubernetes.io/part-of: public-services
+ ports:
+ - name: http
+ port: 80
+ targetPort: 8004
+...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/service.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-mermaid.yaml
index 80b802b..8d48a04 100644
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/service.yaml
+++ b/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-mermaid.yaml
@@ -2,21 +2,21 @@
apiVersion: v1
kind: Service
metadata:
- name: searx
+ name: kroki-mermaid
namespace: public-services
labels:
app.kubernetes.io/created-by: tyil
app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: searx
+ app.kubernetes.io/name: kroki-mermaid
app.kubernetes.io/part-of: public-services
spec:
selector:
app.kubernetes.io/created-by: tyil
app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: searx
+ app.kubernetes.io/name: kroki-mermaid
app.kubernetes.io/part-of: public-services
ports:
- - protocol: TCP
+ - name: http
port: 80
- targetPort: 8080
+ targetPort: 8002
...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/service.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki.yaml
index f848c14..a28bfde 100644
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/service.yaml
+++ b/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki.yaml
@@ -2,21 +2,21 @@
apiVersion: v1
kind: Service
metadata:
- name: omgur
+ name: kroki
namespace: public-services
labels:
app.kubernetes.io/created-by: tyil
app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: omgur
+ app.kubernetes.io/name: kroki
app.kubernetes.io/part-of: public-services
spec:
selector:
app.kubernetes.io/created-by: tyil
app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: omgur
+ app.kubernetes.io/name: kroki
app.kubernetes.io/part-of: public-services
ports:
- - protocol: TCP
+ - name: http
port: 80
- targetPort: 8080
+ targetPort: 8000
...
diff --git a/data.d/k3s-master/manifests.d/servarr/bazarr/deployment.yaml b/data.d/k3s-master/manifests.d/servarr/bazarr/deployment.yaml
new file mode 100644
index 0000000..e967412
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/bazarr/deployment.yaml
@@ -0,0 +1,78 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: bazarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: bazarr
+ app.kubernetes.io/part-of: servarr
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: bazarr
+ app.kubernetes.io/part-of: servarr
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: bazarr
+ app.kubernetes.io/part-of: servarr
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: hotio/bazarr:testing
+ name: bazarr
+ env:
+ - name: TZ
+ value: "Europe/Amsterdam"
+ - name: UMASK
+ value: "002"
+ - name: GUID
+ value: "169"
+ - name: PUID
+ value: "169"
+ ports:
+ - containerPort: 6767
+ volumeMounts:
+ - mountPath: /mnt/pool/media/anime-series/exported
+ name: anime-series
+ - mountPath: /mnt/pool/media/anime-movies/exported
+ name: anime-movies
+ - mountPath: /mnt/pool/media/series/exported
+ name: series
+ - mountPath: /mnt/pool/media/movies/exported
+ name: movies
+ - mountPath: /config
+ name: config
+ restartPolicy: Always
+ volumes:
+ - name: anime-series
+ hostPath:
+ path: /mnt/pool/media/anime-series/exported
+ type: Directory
+ - name: anime-movies
+ hostPath:
+ path: /mnt/pool/media/anime-movies/exported
+ type: Directory
+ - name: series
+ hostPath:
+ path: /mnt/pool/media/series/exported
+ type: Directory
+ - name: movies
+ hostPath:
+ path: /mnt/pool/media/movies/exported
+ type: Directory
+ - name: config
+ hostPath:
+ path: /etc/servarr/bazarr
+ type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/bazarr/ingress.yaml b/data.d/k3s-master/manifests.d/servarr/bazarr/ingress.yaml
new file mode 100644
index 0000000..ff20477
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/bazarr/ingress.yaml
@@ -0,0 +1,32 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: bazarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: bazarr
+ app.kubernetes.io/part-of: servarr
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+ traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
+spec:
+ ingressClassName: traefik
+ tls:
+ - hosts:
+ - bazarr.arr.tyil.nl
+ secretName: tls-nl.tyil.arr.bazarr
+ rules:
+ - host: bazarr.arr.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: bazarr
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/bazarr/service.yaml b/data.d/k3s-master/manifests.d/servarr/bazarr/service.yaml
new file mode 100644
index 0000000..1f3cc23
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/bazarr/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: bazarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: bazarr
+ app.kubernetes.io/part-of: servarr
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: bazarr
+ app.kubernetes.io/part-of: servarr
+ ports:
+ - name: http
+ port: 80
+ targetPort: 6767
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/jellyfin/deployment.yaml b/data.d/k3s-master/manifests.d/servarr/jellyfin/deployment.yaml
new file mode 100644
index 0000000..c2c38bf
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/jellyfin/deployment.yaml
@@ -0,0 +1,103 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: jellyfin
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyfin
+ app.kubernetes.io/part-of: servarr
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyfin
+ app.kubernetes.io/part-of: servarr
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyfin
+ app.kubernetes.io/part-of: servarr
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: jellyfin/jellyfin
+ name: jellyfin
+ ports:
+ - containerPort: 8096
+ volumeMounts:
+ - mountPath: /var/media/anime-movies
+ name: anime-movies
+ readOnly: true
+ - mountPath: /var/media/anime-series
+ name: anime-series
+ readOnly: true
+ - mountPath: /var/media/books
+ name: books
+ readOnly: true
+ - mountPath: /var/media/movies
+ name: movies
+ readOnly: true
+ - mountPath: /var/media/music
+ name: music
+ readOnly: true
+ - mountPath: /var/media/series
+ name: series
+ readOnly: true
+ - mountPath: /var/media/channels
+ name: channels
+ readOnly: true
+ - mountPath: /config
+ name: config
+ - mountPath: /cache
+ name: cache
+ resources:
+ limits:
+ amd.com/gpu: 1
+ restartPolicy: Always
+ volumes:
+ - name: anime-movies
+ hostPath:
+ path: /mnt/pool/media/anime-movies/exported
+ type: Directory
+ - name: anime-series
+ hostPath:
+ path: /mnt/pool/media/anime-series/exported
+ type: Directory
+ - name: books
+ hostPath:
+ path: /mnt/pool/media/books/exported
+ type: Directory
+ - name: movies
+ hostPath:
+ path: /mnt/pool/media/movies/exported
+ type: Directory
+ - name: music
+ hostPath:
+ path: /mnt/pool/media/music/exported
+ type: Directory
+ - name: series
+ hostPath:
+ path: /mnt/pool/media/series/exported
+ type: Directory
+ - name: channels
+ hostPath:
+ path: /mnt/pool/media/channels/exported
+ type: Directory
+ - name: cache
+ hostPath:
+ path: /var/cache/jellyfin
+ type: Directory
+ - name: config
+ hostPath:
+ path: /etc/servarr/jellyfin
+ type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/jellyfin/ingress.yaml b/data.d/k3s-master/manifests.d/servarr/jellyfin/ingress.yaml
new file mode 100644
index 0000000..f4997d4
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/jellyfin/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: jellyfin
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyfin
+ app.kubernetes.io/part-of: servarr
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt"
+spec:
+ ingressClassName: nginx
+ tls:
+ - hosts:
+ - tv.tyil.nl
+ secretName: tls-nl.tyil.tv
+ rules:
+ - host: tv.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: jellyfin
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/jellyfin/service.yaml b/data.d/k3s-master/manifests.d/servarr/jellyfin/service.yaml
new file mode 100644
index 0000000..8adc813
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/jellyfin/service.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: jellyfin
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyfin
+ app.kubernetes.io/part-of: servarr
+spec:
+ ipFamilyPolicy: PreferDualStack
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyfin
+ app.kubernetes.io/part-of: servarr
+ ports:
+ - name: http
+ port: 80
+ targetPort: 8096
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/jellyseerr/deployment.yaml b/data.d/k3s-master/manifests.d/servarr/jellyseerr/deployment.yaml
new file mode 100644
index 0000000..217f949
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/jellyseerr/deployment.yaml
@@ -0,0 +1,54 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: jellyseerr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyseerr
+ app.kubernetes.io/part-of: servarr
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyseerr
+ app.kubernetes.io/part-of: servarr
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyseerr
+ app.kubernetes.io/part-of: servarr
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: fallenbagel/jellyseerr:latest
+ name: jellyseerr
+ env:
+ - name: TZ
+ value: "Europe/Amsterdam"
+ - name: UMASK
+ value: "002"
+ - name: GUID
+ value: "169"
+ - name: PUID
+ value: "169"
+ ports:
+ - containerPort: 5055
+ volumeMounts:
+ - mountPath: /app/config
+ name: config
+ restartPolicy: Always
+ volumes:
+ - name: config
+ hostPath:
+ path: /etc/servarr/jellyseerr
+ type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/jellyseerr/ingress.yaml b/data.d/k3s-master/manifests.d/servarr/jellyseerr/ingress.yaml
new file mode 100644
index 0000000..690cab1
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/jellyseerr/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: jellyseerr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyseerr
+ app.kubernetes.io/part-of: servarr
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt"
+spec:
+ ingressClassName: nginx
+ tls:
+ - hosts:
+ - jellyseerr.arr.tyil.nl
+ secretName: tls-nl.tyil.arr.jellyseerr
+ rules:
+ - host: jellyseerr.arr.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: jellyseerr
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/jellyseerr/service.yaml b/data.d/k3s-master/manifests.d/servarr/jellyseerr/service.yaml
new file mode 100644
index 0000000..a8f3b18
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/jellyseerr/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: jellyseerr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyseerr
+ app.kubernetes.io/part-of: servarr
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyseerr
+ app.kubernetes.io/part-of: servarr
+ ports:
+ - name: http
+ port: 80
+ targetPort: 5055
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/lidarr/deployment.yaml b/data.d/k3s-master/manifests.d/servarr/lidarr/deployment.yaml
new file mode 100644
index 0000000..baea1d9
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/lidarr/deployment.yaml
@@ -0,0 +1,60 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: lidarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lidarr
+ app.kubernetes.io/part-of: servarr
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lidarr
+ app.kubernetes.io/part-of: servarr
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lidarr
+ app.kubernetes.io/part-of: servarr
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: hotio/lidarr:release
+ name: lidarr
+ env:
+ - name: TZ
+ value: "Europe/Amsterdam"
+ - name: UMASK
+ value: "002"
+ - name: GUID
+ value: "169"
+ - name: PUID
+ value: "169"
+ ports:
+ - containerPort: 8686
+ volumeMounts:
+ - mountPath: /mnt/pool/media/music
+ name: music
+ - mountPath: /config
+ name: config
+ restartPolicy: Always
+ volumes:
+ - name: music
+ hostPath:
+ path: /mnt/pool/media/music
+ type: Directory
+ - name: config
+ hostPath:
+ path: /etc/servarr/lidarr
+ type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/lidarr/ingress.yaml b/data.d/k3s-master/manifests.d/servarr/lidarr/ingress.yaml
new file mode 100644
index 0000000..535af5c
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/lidarr/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: lidarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lidarr
+ app.kubernetes.io/part-of: servarr
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt"
+spec:
+ ingressClassName: nginx
+ tls:
+ - hosts:
+ - lidarr.arr.tyil.nl
+ secretName: tls-nl.tyil.arr.lidarr
+ rules:
+ - host: lidarr.arr.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: lidarr
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/lidarr/service.yaml b/data.d/k3s-master/manifests.d/servarr/lidarr/service.yaml
new file mode 100644
index 0000000..1a22185
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/lidarr/service.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: lidarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lidarr
+ app.kubernetes.io/part-of: servarr
+spec:
+ ipFamilyPolicy: PreferDualStack
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lidarr
+ app.kubernetes.io/part-of: servarr
+ ports:
+ - name: http
+ port: 80
+ targetPort: 8686
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/prowlarr/deployment.yaml b/data.d/k3s-master/manifests.d/servarr/prowlarr/deployment.yaml
new file mode 100644
index 0000000..d1a21e0
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/prowlarr/deployment.yaml
@@ -0,0 +1,54 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: prowlarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prowlarr
+ app.kubernetes.io/part-of: servarr
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prowlarr
+ app.kubernetes.io/part-of: servarr
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prowlarr
+ app.kubernetes.io/part-of: servarr
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: ghcr.io/hotio/prowlarr:nightly
+ name: prowlarr
+ env:
+ - name: TZ
+ value: "Europe/Amsterdam"
+ - name: UMASK
+ value: "002"
+ - name: GUID
+ value: "169"
+ - name: PUID
+ value: "169"
+ ports:
+ - containerPort: 9696
+ volumeMounts:
+ - mountPath: /config
+ name: config
+ restartPolicy: Always
+ volumes:
+ - name: config
+ hostPath:
+ path: /etc/servarr/prowlarr
+ type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/prowlarr/ingress.yaml b/data.d/k3s-master/manifests.d/servarr/prowlarr/ingress.yaml
new file mode 100644
index 0000000..6fc78f9
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/prowlarr/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: prowlarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prowlarr
+ app.kubernetes.io/part-of: servarr
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt"
+spec:
+ ingressClassName: nginx
+ tls:
+ - hosts:
+ - prowlarr.arr.tyil.nl
+ secretName: tls-nl.tyil.arr.prowlarr
+ rules:
+ - host: prowlarr.arr.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: prowlarr
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/prowlarr/service.yaml b/data.d/k3s-master/manifests.d/servarr/prowlarr/service.yaml
new file mode 100644
index 0000000..3351548
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/prowlarr/service.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: prowlarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prowlarr
+ app.kubernetes.io/part-of: servarr
+spec:
+ ipFamilyPolicy: PreferDualStack
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prowlarr
+ app.kubernetes.io/part-of: servarr
+ ports:
+ - name: http
+ port: 80
+ targetPort: 9696
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/radarr/deployment.yaml b/data.d/k3s-master/manifests.d/servarr/radarr/deployment.yaml
new file mode 100644
index 0000000..c49ccb0
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/radarr/deployment.yaml
@@ -0,0 +1,66 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: radarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: radarr
+ app.kubernetes.io/part-of: servarr
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: radarr
+ app.kubernetes.io/part-of: servarr
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: radarr
+ app.kubernetes.io/part-of: servarr
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: hotio/radarr:release
+ name: radarr
+ env:
+ - name: TZ
+ value: "Europe/Amsterdam"
+ - name: UMASK
+ value: "002"
+ - name: GUID
+ value: "169"
+ - name: PUID
+ value: "169"
+ ports:
+ - containerPort: 8787
+ volumeMounts:
+ - mountPath: /mnt/pool/media/anime-movies
+ name: anime-movies
+ - mountPath: /mnt/pool/media/movies
+ name: movies
+ - mountPath: /config
+ name: config
+ restartPolicy: Always
+ volumes:
+ - name: anime-movies
+ hostPath:
+ path: /mnt/pool/media/anime-movies
+ type: Directory
+ - name: movies
+ hostPath:
+ path: /mnt/pool/media/movies
+ type: Directory
+ - name: config
+ hostPath:
+ path: /etc/servarr/radarr
+ type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/radarr/ingress.yaml b/data.d/k3s-master/manifests.d/servarr/radarr/ingress.yaml
new file mode 100644
index 0000000..0db9837
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/radarr/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: radarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: radarr
+ app.kubernetes.io/part-of: servarr
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt"
+spec:
+ ingressClassName: nginx
+ tls:
+ - hosts:
+ - radarr.arr.tyil.nl
+ secretName: tls-nl.tyil.arr.radarr
+ rules:
+ - host: radarr.arr.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: radarr
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/radarr/service.yaml b/data.d/k3s-master/manifests.d/servarr/radarr/service.yaml
new file mode 100644
index 0000000..729fe6b
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/radarr/service.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: radarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: radarr
+ app.kubernetes.io/part-of: servarr
+spec:
+ ipFamilyPolicy: PreferDualStack
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: radarr
+ app.kubernetes.io/part-of: servarr
+ ports:
+ - name: http
+ port: 80
+ targetPort: 7878
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/readarr/deployment.yaml b/data.d/k3s-master/manifests.d/servarr/readarr/deployment.yaml
new file mode 100644
index 0000000..a266b8d
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/readarr/deployment.yaml
@@ -0,0 +1,60 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: readarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: readarr
+ app.kubernetes.io/part-of: servarr
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: readarr
+ app.kubernetes.io/part-of: servarr
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: readarr
+ app.kubernetes.io/part-of: servarr
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: hotio/readarr:testing
+ name: readarr
+ env:
+ - name: TZ
+ value: "Europe/Amsterdam"
+ - name: UMASK
+ value: "002"
+ - name: GUID
+ value: "169"
+ - name: PUID
+ value: "169"
+ ports:
+ - containerPort: 8787
+ volumeMounts:
+ - mountPath: /mnt/pool/media/books
+ name: books
+ - mountPath: /config
+ name: config
+ restartPolicy: Always
+ volumes:
+ - name: books
+ hostPath:
+ path: /mnt/pool/media/books
+ type: Directory
+ - name: config
+ hostPath:
+ path: /etc/servarr/readarr
+ type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/readarr/ingress.yaml b/data.d/k3s-master/manifests.d/servarr/readarr/ingress.yaml
new file mode 100644
index 0000000..20297a4
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/readarr/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: readarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: readarr
+ app.kubernetes.io/part-of: servarr
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt"
+spec:
+ ingressClassName: nginx
+ tls:
+ - hosts:
+ - readarr.arr.tyil.nl
+ secretName: tls-nl.tyil.arr.readarr
+ rules:
+ - host: readarr.arr.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: readarr
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/readarr/service.yaml b/data.d/k3s-master/manifests.d/servarr/readarr/service.yaml
new file mode 100644
index 0000000..3d6cdc7
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/readarr/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: readarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: readarr
+ app.kubernetes.io/part-of: servarr
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: readarr
+ app.kubernetes.io/part-of: servarr
+ ports:
+ - name: http
+ port: 80
+ targetPort: 8787
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/sonarr/deployment.yaml b/data.d/k3s-master/manifests.d/servarr/sonarr/deployment.yaml
new file mode 100644
index 0000000..126acfe
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/sonarr/deployment.yaml
@@ -0,0 +1,66 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: sonarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: sonarr
+ app.kubernetes.io/part-of: servarr
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: sonarr
+ app.kubernetes.io/part-of: servarr
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: sonarr
+ app.kubernetes.io/part-of: servarr
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: hotio/sonarr:release
+ name: sonarr
+ env:
+ - name: TZ
+ value: "Europe/Amsterdam"
+ - name: UMASK
+ value: "002"
+ - name: GUID
+ value: "169"
+ - name: PUID
+ value: "169"
+ ports:
+ - containerPort: 8787
+ volumeMounts:
+ - mountPath: /mnt/pool/media/anime-series
+ name: anime-series
+ - mountPath: /mnt/pool/media/series
+ name: series
+ - mountPath: /config
+ name: config
+ restartPolicy: Always
+ volumes:
+ - name: anime-series
+ hostPath:
+ path: /mnt/pool/media/anime-series
+ type: Directory
+ - name: series
+ hostPath:
+ path: /mnt/pool/media/series
+ type: Directory
+ - name: config
+ hostPath:
+ path: /etc/servarr/sonarr
+ type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/sonarr/ingress.yaml b/data.d/k3s-master/manifests.d/servarr/sonarr/ingress.yaml
new file mode 100644
index 0000000..a8de1f9
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/sonarr/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: sonarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: sonarr
+ app.kubernetes.io/part-of: servarr
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt"
+spec:
+ ingressClassName: nginx
+ tls:
+ - hosts:
+ - sonarr.arr.tyil.nl
+ secretName: tls-nl.tyil.arr.sonarr
+ rules:
+ - host: sonarr.arr.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: sonarr
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/sonarr/service.yaml b/data.d/k3s-master/manifests.d/servarr/sonarr/service.yaml
new file mode 100644
index 0000000..dfd7ac3
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/sonarr/service.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: sonarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: sonarr
+ app.kubernetes.io/part-of: servarr
+spec:
+ ipFamilyPolicy: PreferDualStack
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: sonarr
+ app.kubernetes.io/part-of: servarr
+ ports:
+ - name: http
+ port: 80
+ targetPort: 8989
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/unpackerr/deployment.yaml b/data.d/k3s-master/manifests.d/servarr/unpackerr/deployment.yaml
new file mode 100644
index 0000000..d54c478
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/unpackerr/deployment.yaml
@@ -0,0 +1,88 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: unpackerr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: unpackerr
+ app.kubernetes.io/part-of: servarr
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: unpackerr
+ app.kubernetes.io/part-of: servarr
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: unpackerr
+ app.kubernetes.io/part-of: servarr
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: golift/unpackerr:latest
+ name: unpackerr
+ env:
+ - name: TZ
+ value: "Europe/Amsterdam"
+ - name: UMASK
+ value: "002"
+ - name: GUID
+ value: "169"
+ - name: PUID
+ value: "169"
+ volumeMounts:
+ - mountPath: /mnt/pool/media/anime-movies
+ name: anime-movies
+ - mountPath: /mnt/pool/media/anime-series
+ name: anime-series
+ - mountPath: /mnt/pool/media/books
+ name: books
+ - mountPath: /mnt/pool/media/movies
+ name: movies
+ - mountPath: /mnt/pool/media/music
+ name: music
+ - mountPath: /mnt/pool/media/series
+ name: series
+ - mountPath: /config
+ name: config
+ restartPolicy: Always
+ volumes:
+ - name: anime-series
+ hostPath:
+ path: /mnt/pool/media/anime-series
+ type: Directory
+ - name: anime-movies
+ hostPath:
+ path: /mnt/pool/media/anime-movies
+ type: Directory
+ - name: books
+ hostPath:
+ path: /mnt/pool/media/books
+ type: Directory
+ - name: movies
+ hostPath:
+ path: /mnt/pool/media/movies
+ type: Directory
+ - name: music
+ hostPath:
+ path: /mnt/pool/media/music
+ type: Directory
+ - name: series
+ hostPath:
+ path: /mnt/pool/media/series
+ type: Directory
+ - name: config
+ hostPath:
+ path: /etc/servarr/unpackerr
+ type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/whisparr/deployment.yaml b/data.d/k3s-master/manifests.d/servarr/whisparr/deployment.yaml
new file mode 100644
index 0000000..f650a60
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/whisparr/deployment.yaml
@@ -0,0 +1,60 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: whisparr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: whisparr
+ app.kubernetes.io/part-of: servarr
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: whisparr
+ app.kubernetes.io/part-of: servarr
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: whisparr
+ app.kubernetes.io/part-of: servarr
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: cr.hotio.dev/hotio/whisparr:nightly
+ name: whisparr
+ env:
+ - name: TZ
+ value: "Europe/Amsterdam"
+ - name: UMASK
+ value: "002"
+ - name: GUID
+ value: "169"
+ - name: PUID
+ value: "169"
+ ports:
+ - containerPort: 6969
+ volumeMounts:
+ - mountPath: /mnt/pool/media/porn
+ name: porn
+ - mountPath: /config
+ name: config
+ restartPolicy: Always
+ volumes:
+ - name: porn
+ hostPath:
+ path: /mnt/pool/media/porn
+ type: Directory
+ - name: config
+ hostPath:
+ path: /etc/servarr/whisparr
+ type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/whisparr/ingress.yaml b/data.d/k3s-master/manifests.d/servarr/whisparr/ingress.yaml
new file mode 100644
index 0000000..a71692c
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/whisparr/ingress.yaml
@@ -0,0 +1,32 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: whisparr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: whisparr
+ app.kubernetes.io/part-of: servarr
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+ traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
+spec:
+ ingressClassName: traefik
+ tls:
+ - hosts:
+ - whisparr.arr.tyil.nl
+ secretName: tls-nl.tyil.arr.whisparr
+ rules:
+ - host: whisparr.arr.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: whisparr
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/whisparr/service.yaml b/data.d/k3s-master/manifests.d/servarr/whisparr/service.yaml
new file mode 100644
index 0000000..abafcaf
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/whisparr/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: whisparr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: whisparr
+ app.kubernetes.io/part-of: servarr
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: whisparr
+ app.kubernetes.io/part-of: servarr
+ ports:
+ - name: http
+ port: 80
+ targetPort: 6969
+...
diff --git a/data.d/vpn-tinc/hosts/anoia_tyil_net b/data.d/vpn-tinc/hosts/anoia_tyil_net
index 4856c95..ff46bf7 100644
--- a/data.d/vpn-tinc/hosts/anoia_tyil_net
+++ b/data.d/vpn-tinc/hosts/anoia_tyil_net
@@ -1,16 +1,17 @@
Subnet = 10.57.100.3/32
+Subnet = fd68:1057:1992:3381:0:3317:0:2/128
+Ed25519PublicKey = 04G6200IYDzDT3H0Yj6ZjQUIUc8tCIvzPaXmyk36e2M
-----BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEAvcW/20fxgdGdNelD/eMwEpLChI03rvDbPHAp9en3cwlYaND40udO
-VxjRXj0rE9IA4N0f+o8oJdmG+mzl5Dd3rKXVnBnRymKzpNJ2w+cILPm1sQa6IO85
-F+7Q5v7lb5yFuy3JVi+tg4nqL+xHSZL6w/oPX667bR90oBJEd7C+U7p7r8DXvyHq
-cg9U1maDmZ0IzZtl6BxsjyfUr0o6xBtw+pCSIvOXW5xd4mfBPgvp+3nIcux6nek3
-VR6SJ85aXlYZxER23N13Vi3dGUJSIaBPN5MuS3IHBbAP/Feeyo8p4SCzl0AMfo/K
-+ZGcheL/NX7EVGg4XcZNgFaTBpusScOfxiRlzAeImomiQwKIywXp1otCn6dKIDj0
-jj146Dodf2nHRbTQj7H/2zyiRDjY/tpis/xTVA5AJu+p5aaXBA/eSb4H1OKL5qYs
-38/bUiUJTSbpWvC9WiHq/xi5GSs+3ehDara89yXXhunWLsqvSZOZacqeZQw8k+ip
-pNcnXbbtS0zqNQie3OEKY9qqOGKzjUiYu8yWJ4eo370XzlQ9sUgGfKmwCcc2c2jX
-Rrhjck+4DGeRA10oJpoxKArPaWrGWezIHJ49Jrc+xiTJ5EMVqOpuGvL5lrKn7g6y
-qYk1u6x0We1nCkMNN2LxrmL6j3p6PKRbWg7bczqPO4uEyT/575Ih2ssCAwEAAQ==
+MIICCgKCAgEAt+7D3zRySAfd9cYnMSNhp/yRnBygmnfLdKm/dH9X7QbJ1BNcQpTP
+I1RmC9lNlWABhB46DJUqQAQeGlZPUHxbCnmdDN6HyDaSA45m/yGUbVhN/ClK7iap
+EXfNmxZbtE4eBHDz5DsFe7i2nla4gogyiUQsvRgIP2b2v9qzBhqf2kXwv0X+n7hv
+HvQOdN60x/xm1+Vh6wsdX2HYatEh3dy1pfj+1RCQIWV1FDS1YVbFZFb1UJz917G/
+DIpM/Cb/3txH0ffVh2NVqFBW3kd60Cs42/6htpHucBQ1dRVZUCKKWz1sgi5H4nty
+HdPDPwOphrvNE7kXjvhkPIif1KtCr2SLwOK0UXR9iZtWuDH/Uxn2v7ofa0a3zKGf
+yPrVwzhciv2cdbXPiTFyAS8YbpQUQTcuqDVi1AxE8Z0KmuvgBtTtAzMDyoTLOfzS
+yZ3a0qQhX3nvLkXWh7cA7cquuP4LgP5iY1vJSRO2EZA61/WdKs8asl0EN8Zn8EEz
+opnvcM3M0ptBZy1Dz2X6Lz0QliQrzajmSRhfUMTOq3ARvnLsES14ZqehavH5Ntms
+G1OVdVnd7fqibMhWz/dKiB3uG+1e39isTPW3+22MEm4R0ngfF6olZ8SdHrIWFPW8
+bvdzf7ebFrjuqi6qN/NdUwrzWdDGU83W2xEBsHHbHcoKaB2uwcCKvjcCAwEAAQ==
-----END RSA PUBLIC KEY-----
-Ed25519PublicKey = 7jy41lK2S4BzhUVSAmULDSiZ9NQM4eQ0Geg2+F9pTpG
diff --git a/data.d/vpn-tinc/hosts/caeghi_tyil_net b/data.d/vpn-tinc/hosts/caeghi_tyil_net
index c5d5b05..4638c16 100644
--- a/data.d/vpn-tinc/hosts/caeghi_tyil_net
+++ b/data.d/vpn-tinc/hosts/caeghi_tyil_net
@@ -1,16 +1,19 @@
Address = 116.202.102.33
-Subnet = 10.57.20.2/32
+Address = 2a01:4f8:c010:ca5::1
+
+Subnet = 10.57.1.3/32
+Subnet = fd68:1057:1992:3381:0:1:1:1/128
-----BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEA2abFKFB1Dr1YMcAIWcy/2+jJn+suPyiQjz6vgt476P9a/I7SUCta
-P5QUPxvS9pZxFVTFKzpmdKxG1pbCAkhArtNg2R1VFEiYCxS+iey+F11pMPEZFVpC
-EIXeVDQeBm9UXjrOpcTRIwEO7Q2J2lzRrhGm6Rpb6XbdmtQ3S8XgVsXYwWoV7muf
-TE/d5fgtz8Hghti8w86FP9q61iH6AHCREwbHEUyat5hwznmbiNJHyjx+otI63sQo
-FS37EazhqCEvt9jyvVSmB7kVTOLnIVATWDaUlPCLLvps09eRsz6aAa7RHCGd3x/W
-mRHxDCbeKL4ilpo/FPZhANdQImLmFovOtwZ6xawRWKPcRXhkaL24qQC0MLH9wmnY
-oM6EMioWUa0F11iFM99DTK+NF2Pk8vHNzm0Ep5g0SHzqnAIDDzeNTC9ogwsETqL5
-t7VY1GXuKWgta9L2q03X7FMEgjIc3lPgVLc0Ccx11MTgVzcIaLxFQ58oo+xFuc9I
-rBqjZgJwg5MTdZiyZesLJuV+YP+yRat3LifAwIZhloSBVPU6YKx/y30BHjDM8FP1
-OM2IzJLrafZDy034XyD4s62YsKrHMcQ3CeoQ80QjvSyWvSlvn2vEqrbWIZADi0d/
-8vgl44gF9g9yN++G6S7BsTJ5PNgv0jrRFu/RpEN1hVOuo+nBqFsvxW8CAwEAAQ==
+MIICCgKCAgEA7fatifnB0LfafcNiKG+cZDeBkFynsFSTMA9dDSQOXYoowLSUOcWj
+5WW7b0m6ltM3mq2sAB8fTDJcageycjli8e0b6MzrAhmvzdCMlOBJXuE7iIRJU/IR
+cHjpLzG3tBNtO1NudbeGccC7uzmJuPrmBqX0lsy7FQqIad447FzkwOK5oqs1AEOk
+tgCFoEScQjPVRVG6JhH2DaBMAQ7rXbGmu2+SnZvxmHTA0Daiv0mthv9D4Mm4MIPJ
+QnyMVU85t72D1I/xlugjQI64PvAiROi6Ftm0il/YMiTWC9cxbR8hdpaxJJUoci38
+9KylJ87EpNDsgstlRw+MBvOTeL55pnPQXliQRrhpukAjHpTU38kQXRl5D613jzCy
+o8YGT6midMXnAk3ppr9DQX5113gCLXAwkUpy5pS/PpdQ7tqe1DcCsegYuomeVs1w
+pQlCPH7TJOj+vRaxVbDCvJq3u9wA7mzxoFdS0TiTq9fGIRE0hcCy+iFUEaOA54Fv
+g5Q6p5urtrw0AZueF/UCg+A6C1ag0pTOyoVb8VgcMnN80w+QVrxxB+k4VBzIbg7S
+gp1IgPkKKavTCbUb8cu4q5sidr8xz2diXanwSUjRwRbd6AcZgHU8rIjnUiYokw8E
+5Y2FEYaS4sN6jbZ56AbjmWmTWwo2uYndq4VG4CWYnX38t47HJRQFBtkCAwEAAQ==
-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/denahnu_tyil_net b/data.d/vpn-tinc/hosts/denahnu_tyil_net
deleted file mode 100644
index acc2038..0000000
--- a/data.d/vpn-tinc/hosts/denahnu_tyil_net
+++ /dev/null
@@ -1,16 +0,0 @@
-Address = 81.2.254.110
-Subnet = 10.57.20.4/32
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEApFXqCta82BLknLg9jI4ZLmjROl9S9worvIo4hQeDFtZrKlelfx8f
-RwfT9xF4YwI688FAlmZcGc1iRUTuCt+Pfbc+Lws6Kw1U/QIqAnga80chLzOkwPxV
-idZyMPpZ0nWc/XCj63znozr6KGPVgibNKB3p/qGI7f00CVWJHlff7knAmCiShxyK
-z+d7WglolSv7H7QE0Qz5tyMq7zkeide2MINd8Es+UpM4RpJHNIjFZmXm+lmfk/mW
-fYYIi0z7dbOv+9fKdgljyAahL+sKIH1lfVTIaywY50eq7rAuG0UrA6/HXrNS9Hs2
-LNPfUcDVQLwqM+ZTCbVykQ29/EyU28RRwDM/L85NY6YFSvCv35lqaeo+PokTFMI4
-Dzro+IyEI4VvCQ4CeA8085HVTErnVMCRI4hwooyuBBmiKVB62KfHDD6D5J49dg8A
-NzSkjmx1tqF+B8bOpk+gHJsk2ZXc1oU44S+1ydG7SdbqF2KWufpr9DIVIkTL64Cl
-9ymrmdW86NYTpsvUJVdqw+RW+hE55vUPr+/0mMkNVFdWy56EICxKqhW+wN80CxNE
-raiNuFWqKPxw3yrAomsgPIuH/a3bmqsTzHb5Rmkw5nArWqSENagF5tVFSBUcZkWb
-6wwu/ourq6q1HXwP3Z9/03quelwKqmjPxwUCkl7CYeo8um1tjANeZvUCAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/edephas_tyil_net b/data.d/vpn-tinc/hosts/edephas_tyil_net
index 6e095bb..3dc161a 100644
--- a/data.d/vpn-tinc/hosts/edephas_tyil_net
+++ b/data.d/vpn-tinc/hosts/edephas_tyil_net
@@ -1,16 +1,17 @@
-Subnet = 10.57.100.7/32
+Subnet = 10.57.0.1/32
+Subnet = fd68:1057:1992:3381:0:0:3317:1/128
-----BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEApxmzAXv4Mch5FP5AxHmpvHjkJGxcegbFzdFzHjhdLDJ9MQQZdM1p
-PomhyYXB9Gsq4oJIOcjqJJdbp4dchYGJ++eS3V1wwstLMTl/+kWZ4ojI9sb/J5rl
-a3gknTjipdUuoOpdkAkXKCbq9AXyFsvLr4Q6WaFpeTuIjNb2QgPOLUmcD1eNCdnn
-KcHQAGR3zRh3uu8zMkaJZwQDZAdRLV6b77OLe7PXCsYgQ68qw3uti3JENv8VC80T
-UxUmv8He7xgAqRCJbD3FH3WT2O63mK9jpnFj/BKDTm5k4hUDtZRY1O92JUqQAruw
-gq3I8mhSqFMkvt+S67u950hRzN4/ZGs7lzxRkDqDqLy+ZISN2cDpbX1i4WmZFfex
-zj7ZbmfsVzwSF/+K31AOQrODt79bGGFwjZgAVn9Cny/bysBxrOJy39D2Awioynpc
-mjICtRP7utpo959YmSNsEcjfamIHVfUOTsEoIYhYASmWRjrSF6v7j2bbC+aFOWsf
-yIRZc0EtH803/Ks++ieIDWFmhB0ydtkqFm8HK2eyqOqnlHTepmrDflkxfao3JTXP
-CbldDpUGKBcLZ5FNaJ5hlQHnJGzU+wbnc133cdYtg9vvhFVgameme8ElcOjZZxMJ
-fPWXMAWc2Szx3Hs/jlaTSIH2GoX1Rr2HdrrNg0qOG/qhLPNrtmrxH/sCAwEAAQ==
+MIICCgKCAgEAoxlT2zGSu5YwG5sgZc5u1ulntwLwqTwjx3jAL1ys8ZMVtzkBu9UZ
+2CjLA8XsdwwEnflgO4HpNzXtLwNiNBo6D5NrL+XMZj/XxsIbGMyfumYNhCJEEyTM
+5aROf3vuggKKzr5RYdoe7GxNcoIwnse0JZeBA+hhzIGgyWJwyzIzQ5EGioesFIc7
+2wPRloE4sprvP14mOvoZkUSQvrhfnAYw/xTHyjLvQUjrrh1EMj78bcs72qzdFNqd
+TbV860+2AXvc2ZU8gV40AfWuNL0fIsGCVXUhWX8+gOD75zLd41jJFqRLgLQmUXC1
+h3wMXe0ckXMMFmiFVXOKnZDZwBYHwFEsU2nt0WPkbzMgzcprvkWXg0xPomtyQ7lF
+8Zavohsz/+AjKKNKt+vPNlRQ3kBOdOvlwdcgWAOnVnF75Vct/X7vNxa7kjNdSgGe
+bEuLsCvJe/uRgvE9Dl6Ostkf5V/XLIUtXqt7kdizrhAPaUL7D2Y9K9qJ08qzQCpY
+yY+STnJ0uKzWI/5sbPmEgY+UTJAnC8bCUN3nZ0xNJwxg8VdELYJ36Z8T5sWHLzcW
+pz0jh9OeCAsM6YwapWVX7mqDN1ZF44mb26gfSpOw1Zg3kSoomVg8BNuhl4f/KX8O
+7CsF6lxhjyLRtCoFgTpOWfpSa+57yAMWDc5H8KSmahXWMTYYdfD3IXECAwEAAQ==
-----END RSA PUBLIC KEY-----
-Ed25519PublicKey = 4ABczlbBBLs5WMztIzafWw1ozwKZVkj4/of3Jc6awiO
+Ed25519PublicKey = h85o5piU40cj89zoEPcMq3H5ycn2VbNGKOmtLUnVG/M
diff --git a/data.d/vpn-tinc/hosts/faiwoo_tyil_net b/data.d/vpn-tinc/hosts/faiwoo_tyil_net
index f5eb8f3..869bd4b 100644
--- a/data.d/vpn-tinc/hosts/faiwoo_tyil_net
+++ b/data.d/vpn-tinc/hosts/faiwoo_tyil_net
@@ -1,16 +1,19 @@
Address = 65.21.5.254
-Subnet = 10.57.20.5/32
+Address = 2a01:4f9:c010:e20c::1
+
+Subnet = 10.57.1.4/32
+Subnet = fd68:1057:1992:3381:0:1:1:2/128
-----BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEA3nBf2UWehfNWNrR6i4HJp64aPYI5SpV/7LplRwqXcmnJuHmQJ8Ht
-Tozv5RHGGUNoSigbDxJSe16RQ0ESAzGNPSUEV6kntySXLvHSYb+SdjFm2wRpL8FI
-8t69ZnRF0x+4ZShfa0rgco8sDdkhuPMNrPu8U6bMs+o4Lh8sVTRhDThv2+VfQkxG
-T4G9kgdsxP0yi8sq1uflSYY3mYlVl9OPZwSO+vcVO9JFPvkVYFrqDHtvFGFqziQ/
-KvKcjwDTjpNVkFfJD6SIheeVrhysGk8qQIVMYc8yW9I8HGD7uP1BccZ0C/+b310i
-y3qkNz/qqtgy0AxrrzbmFsVDgVyiPlwsD2SL+C4m6uEvB0FvYeL2/7vL8fI4RqcJ
-ORAcA5G4FgzZRgHdZoZ1W4OB6eUCV4g9l425qbP3VVngJjX9PjPA/puz0i1IB0ZW
-6ijGccgYtyj5+ibt3if0+inepT2BJba7pyQ4A92ogfsQKlSg1x27CfvsGKuMZjdo
-y/akxYPEqKHQK37smpjcQTLVmLTTbGnf30ObTNW5LOJUmBue9B4fqBA/NV4fM1Gj
-Omw/lazjwrJuenwEeGegRQhvjKlBLdjOnzsLoVrCCIe90KK/+RVSC0Mi2D0dzEPE
-BNSbD4EJYs+6dJVT7+sneS8iwg9kG9wZ+UjeO4vraEjMrKj9BaKiJ1cCAwEAAQ==
+MIICCgKCAgEAz2BqK568OVNM3JWfeFzw4+GYMbXHZH/AiLrAABq5IhW+pAMtsKtS
++7EYGt0n0DpGo/J6XNNbduHbAlYdZa3ybhAaaGzUnHDbygdisSXBm0nZ/7vD4YUe
+IoreWyr5VcB8mfegQZRIxbs03ZqI2GGNFAxvT+Ot6HxkpBMq/iVcOkWWzANtP6S7
+njieoLyCTgt3JBX0UCIC2Pnne88HBlgJatbQNRTT+0ltDKNHozUJ6csKYiraWqEw
+yF0Khp+nro+XTn19Aj/V16kIL90oJJKVPwWElXUhooPh87PGoQ4d27DPOofkrE30
+cfv8PI+vHc1H4Eclyy81DwYFp3BKlWACHFOswN8F9bjCOS4aEJajHHEVfGCss140
+rsoNCWkR0GB/KnTzNpu5xpa5o7mllu1LfNU8ICdbhI74zOyZurPIhzH34BZLOROw
+jqvmnyNMX4jSCNCFhP4IZhL1QlpkA93AjNKIE3KyHWHTSgor+k5RvecSCzo22CDA
+5AUaB6lwr//T5XhfB8R94RwMe/zbL0HrtCVXo2tX61czDX22Z+f949LoklAQEtrW
+649hcHJhrUev/QLl2FQ+w1C//9P5JpNjByN1ifgJfVukoxsjnaggygvdn5uHIL4V
+BsmRe3cZoEGmyyxTTJr9CjyqsO0wC/ID/b0Qzc2TVcKMfe/RuYQOlXUCAwEAAQ==
-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/gaeru_tyil_net b/data.d/vpn-tinc/hosts/gaeru_tyil_net
index eba305b..28cd86b 100644
--- a/data.d/vpn-tinc/hosts/gaeru_tyil_net
+++ b/data.d/vpn-tinc/hosts/gaeru_tyil_net
@@ -1,16 +1,18 @@
Address = 37.48.120.26
-Subnet = 10.57.20.6/32
+
+Subnet = 10.57.1.2/32
+Subnet = fd68:1057:1992:3381:0:1:2:1/128
-----BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEA9NUrWO0L8lqrfs4BgZsLdfJZPfKx+Fi8P4k79CIBuVfkQ4OzJmoV
-ahupoOo5edjYLJK09epa9zFRc1DuaotYC7Wm9DdIF82WNZXN9x/Mvuq06WaKXBdj
-iTJKbYfVN/yv8Xfjzfp4DH3txwsq+9AuICHJkHOmb0lsDinpfbmP8C8ozBnutrLM
-XGaIzXzkV2NbunyjaiR7dho5+4P6wedck+IV63KRzepbX36OW9xImmEEpBPeMPzd
-VOgWs35FIgnE5uumXXfIax9CA9wFahvMYUlQbxA6kCg9PTteM3C44udFx8DxzGcR
-giKEbfxjcZ4pK9JG+LTxNZC2BK1gsUNw8sX6mEEY496cs0T10RWzRZM/HvMIpj1W
-5i72yh6kc8ieSr9hGIkm/oM/gwrFeC11PZQKis1P/0O5j7Lv6S7u6Edrpy/+WziV
-Yk10eZXzHcFuVAh9+wQUeD3v4bMQA/mE8RPI9JX4Xkpbu1LOhtglEwFU1CWlG179
-B990cfr3cjJkTqS7qEfWuNh2lQd4iwpgqyPZB7Dd7tHT5EKEZSZ+4+w9Xo8xfy0v
-7pdfImVHZ1PGVEsRk6AZZqcVcCRrjbKfqqL0m9JmB8vV5L3oZL/mXhFkh52aRMeZ
-tzODNlBH0LW2TVVrBw3DJxFyRCRYjk4At8jagVe9fYM4ERkTQxqCFi0CAwEAAQ==
+MIICCgKCAgEAukTWaVQYkx45hOQiXS3XPaEU2HM/FHfqgsW3/0eHkAFPJk642dm6
+IO3xiiF0zEDQMjj2f/t+nLIQ6SgTtH3ajT9OODpvCyixpNPOWbiGeXK0fgDCd/52
+buf+9TJGq5BSqqKYNGWFX36BbZ9AnIJU0Y7lrEGwPUiG/utNJLlXlwfj1u8C0W3T
+sg6eEX0WoP+IqnBXE4NA5Hl2wXQj4jMsU0c0ZHkEdU9Y2jnCl5C6H5NLFykc2qmU
+TMZzCth989TuyfrKQ+XMJjlueWrDA3x9TRJKuJLc7fEr6MpJiJAGkh/cDHR+o693
+9R3ry4Wt4EjQiJFg4/OhtWXv5v/ELiA6BHNBB68X6x7ByYjvtkIXy1lzbFjR2DhY
+dNzZjSbGUjQpIqJUlLWi+/iLQRy93TjxLTqhUwDS0sde7qsxZnzaM5Owc/G/sZ7e
+VroltC2b5DZRMs3EbERdYs3RkpwE1quHFrzwVcCy8D1GEROKle/yg5Ksb3TLVs2c
+oPoq7rHsP6kud7r3HzNO+BUi0FzuZdCqQiVyp1H5L+ZfWZzGOJksbntb9GYDIOYC
+eWZurL8BdajY0zpSyGRcrwzcKFBq6GVdVoCLX5GQFY6rCQey+b0iTlF0rIcZxPtk
+q4dZ4DuBeq75HF9plWVoVMmq6LQfkLLphWHO/EP2ux0zRnBvXSSFtFMCAwEAAQ==
-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/hurzak_tyil_net b/data.d/vpn-tinc/hosts/hurzak_tyil_net
deleted file mode 100644
index d55cf55..0000000
--- a/data.d/vpn-tinc/hosts/hurzak_tyil_net
+++ /dev/null
@@ -1,16 +0,0 @@
-Address = 178.162.131.11
-Subnet = 10.57.20.7/32
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEAmL0UOj+pMAV7R1Lq0rj3D+oGRnp5fz1q+jtbK3janX7gz0lFcXA8
-k6nOAzwksihQ9QfPLa0NEFpZ8PbLZP1mTFCf4f+1RWy9S2o4hLEzi+Ka8h/X54oH
-jOcEZQd7hGpwDGvU/lTG+1Iofh4NAsuiKIS/pT58fZ8WIGDIbL5PHYGas44MEJX6
-BXn9CJx8kzktFGJ27isCrl93kueSqp9ajNCCsmoisJxxdyxG8L+iWktuusTOoi31
-IhmKqhA9wf87p5bYJ7Ae1079OXT7RxjExG+z2C9s6UouxDEmI2oXtmn5luRQkikw
-T/nV29NJoUETcgVgrW3LHKr25cbXoaeosIgRsD6bLs0plOzECNrpl+/7ZKhr86M0
-ZynJyfoAWFVKaCHSqD9Js5HH13U7oOpTPMIZgZO0CwtESeUE1z7j4xNPMF8x9Ajg
-E7zny0SVO5JJNPqy6WFa1s5fWjU4YlFZKPG2jpIBqgw/unOCywQlQlrJH26Oo8RF
-5l9ccLmdQY2HWIpeY/BCEBCAZnsEt1/dV82HvgDeULXDyUOmpPgaNzCH445lzsg6
-xKtAyWt32VWS9x/OdAflmeHvKk+GM7g0X7g7IxCzkLRMYSn3M87IBKQ/cjE7yg50
-CbaLBdiDc3tVmR90fRalt/7PCccPychrFRFzE7E1/RIJKzqh6JTHUVkCAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/ivdea_tyil_net b/data.d/vpn-tinc/hosts/ivdea_tyil_net
deleted file mode 100644
index 17f8c89..0000000
--- a/data.d/vpn-tinc/hosts/ivdea_tyil_net
+++ /dev/null
@@ -1,16 +0,0 @@
-Subnet = 10.57.100.8/32
-
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEA1cPD37/K8EHfro9L/qmEGcG7Ivu6Lvc9K9ry2f6YAjvLQHAwFrf3
-WXOHwg+x6aaE8Us7f2gHs8tU4NMNz4ggSIOesDOSUrVPOrrvZJnDaPzl8+bIOCrq
-WOlgmo3RJv4w9G0QGmE7QGK2nX/gA05zaAMDP7Jd+yh7ohtYosth3/j/hetRdLD4
-j6D9tuwGKoQND3rlc7P4QV9bMM1wvKw63hj08YowBzD5GkYN+J833ZN2wmRqAvLp
-cRnELg/UqSp0wu0l5VJImi8oz59zGzWPzxFBakemjCkM7xVe5LKK3ZkjwojWDTqG
-BQXnhInrFplDm6j+A+jM1iOLwhwg1LbWthhzvrvZd68Dl3oBAsmRM8YmY7RjDpNW
-nhqPWen5fum9kURwczY9GLj5GcRkBjEXVTU3KTpYKXeTZrRc3HT69WbbzdfXNKYj
-aKRdL/OJZG4hNZFRgPHJP1svNrf4DLZiWIoAjeAdgXcHih1cUi2rP530YvRaajwT
-FFDgcfRdWp00WQUkJ8Fcl//rynnZWjHSi4NXTsB7qVvdFClNqglxVewzBgBkriEO
-n7SIXz6iNTaKLD63YaUY4oiqg4yY12P6ggY6U2atcXmK1g9syaYTIVD6MAA7XDxY
-uI88cs2AZnjLsfpW4p7TD90r1qRZjbkguLhy71cEaIZMbH+H/8eAyD0CAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/jaomox_tyil_net b/data.d/vpn-tinc/hosts/jaomox_tyil_net
index c1b7faa..0ba1c21 100644
--- a/data.d/vpn-tinc/hosts/jaomox_tyil_net
+++ b/data.d/vpn-tinc/hosts/jaomox_tyil_net
@@ -1,16 +1,18 @@
Address = 163.172.218.246
-Subnet = 10.57.21.1/32
+
+Subnet = 10.57.3.2/32
+Subnet = fd68:1057:1992:3381:0:3:3:1/128
-----BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEA1hTIMQha2vUVy0c8Ci5jF06T62IDDj9FhBtDBKOsvlZ1Lzh9OsqH
-x7blL0WNBDoqmgyX0RdDwUIqnMOttMFK4y6ARY50Yw+s8m2uy3i9FgRUn2Y+Qjc8
-SmFh1fKt9yThKfBFDhUmTW0vjXlWR3jf77QB1PAJzk8wRmDx0GbBzcrsRMBrKc9a
-rUN5mXz96xjkzq4vsAQ8W8aa4OmTR+oZcSe5iGzksXoh5BxmV8WjHK5ZpjuNi6qt
-t1pWWanq3DG44/5pfvobULDh2Z1b8dV4oTGZW9CFFHmjOve5f+AQuy6nnFX9FH6R
-dQ41GRCt3FFGMiCmej1BErPW2dE53A618vmcdd0J5Tt41TXX3oJo+gw3F1R5pNV7
-rd6hg634Iyx5y3JIJh9gQXbygCAnq32vtI6/j60MyGHk2Iu6KjfhtN56X/PRnJxa
-G2swLdJtUi11WgEhEdBd2x3l3P46eVj4YS48d3J++9mFKZ+ejoKosc7u5Xaj055I
-q0fQudOZswD4i8JT5cn7VFYAZSM+Po9Yxq9tfaIm5jld4f/XJGYL39lXBrUTFBWh
-PFXDrb35MstSVgHWlKtsLJj+Por4K5NxHdUHRIsOaMGem5GgOYos0AvkLYiQngey
-noZ41YSSyJwitHefW46+PKmx5MVlcMcwDOSpvZImTphnlKEttg9/RwMCAwEAAQ==
+MIICCgKCAgEAwy7NrCkjxHY3kUJB0l+cbhDWmxkPsj8fT57cgP/a2QFUc/N4uqdX
+ban2P04KDVzAed9myZ+bRfLNS4umR8TKPY+EB2SbexYowgAaGWzEEfS01YIcGKqf
+Cc/CJeSlHo5X3DWong+K4StqZXcqrjJvApzW/Hdg1F5bLC9ENbC1lTR1ppKUELOJ
+zosbGKmtNDiaGAg+8qOvIXNjf7B+FcWTpL8PtLWXmoSbd4QundNPsD2lfcz2F8cu
+GIbKaV0k0JJGtDdw5XYFgJDGgTewChuvUKYM2q/XP3AtExoGVEMNm440udv/WASE
+4oFs+Dk/aUXI92kkcArbG6pCbzTUI26THlc6ukQZgglxNFhkZae6hqXn3GvVl6Ht
+aZ3DG32VdNls/mgk857O+xk5aY46Nexcc9UYVpAqmUixb+FOtklsOb9ynD0J91qB
+ajL+a3CzDKGC7ICILaZVNSkhP5heOqb/KIIqPk3tRBNmD3uRouo74Leh14EVyA/H
+TP+fRVf5fFAp1Qmaq16tZws9QQj7wte/UhOx1IG2A93FygutwcgAHBokCjRhlgZm
+V9YkVLcdZr58Os1vrocQyu772XgslVUZXDAUh6cieLbv06cvB5wVdL3MoTSSalyo
+cPIrjXsLrWA43OuCGiUKMEUG5ZGQ4/HXX60ajZma1EyAbTwsi3po1VkCAwEAAQ==
-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/krohxe_tyil_net b/data.d/vpn-tinc/hosts/krohxe_tyil_net
deleted file mode 100644
index 0655f39..0000000
--- a/data.d/vpn-tinc/hosts/krohxe_tyil_net
+++ /dev/null
@@ -1,16 +0,0 @@
-Subnet = 10.57.20.8/32
-
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEA0kL+MH9xOLAKrwUF17a642QLnU+72xbxiFtbWFXGIj17hlcqiOAv
-NqWFO1EzroRgaNzqdufMik7G7MFzrGG+7/fziC5Vj7A7UMi+8F8ig1tKLpqe0/+f
-DqQfbU0tPaPPPc95lEYOU4j50ALBNAZLNaP5a0BIN7N+Bj0JQNTah1u45mdIMQh2
-LpIkbe5MWaVcVvh61l5mxM/+rsU8lJE4+SmOuFJZ+7bzsbtQf5mPc4kF8aqPoMle
-XuizHguphe3CrZgOvvmAVvrV9O7FvpFHlJcmt4FkyEZ0e8l0h9/YKHx94py4STa2
-O3zFJFHf4zVAIzSx+1mVV08aulcIGjTpHLSIlAuQ1kqEI8lGfcCawyMCPdcRzWKJ
-eo7fo8/slzg9O/Id/uZwlDltnBXI4053bhjsglEfm/zZHog00IR/rSXuiqJLV+Th
-8uNRGXezB/frVn58w8dbOuPDzsVTLNeDeZJHrKRxTn/bwVFLrG25ow9qMgr/mqaP
-sA6PjBnw01SkBUJY6fmowip9YcQTOjlauUR6w/F70aOIqT65M1ralSVmWAUFCKRz
-KYOaOPHfpQQVxQaDnUKPiDyF8YoP9zoocyh5BnBEKP6ctYZkZd3i5naJ1SG16R5j
-U9iMnzo/uKG1CAP7jnM7IGZ6XhlHchst5LxVAm2cGT8apEWJOvFnqOMCAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/ludifah_tyil_net b/data.d/vpn-tinc/hosts/ludifah_tyil_net
index 6796f17..69a3158 100644
--- a/data.d/vpn-tinc/hosts/ludifah_tyil_net
+++ b/data.d/vpn-tinc/hosts/ludifah_tyil_net
@@ -1,5 +1,5 @@
-Subnet = 10.57.100.9/32
-
+Subnet = 10.57.0.2/32
+Subnet = fd68:1057:1992:3381:0:0:3317:2/128
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA2pXuIIPoQhWLzTSsO0bvgkQ1+7RgqPVv8b6zNfmRUfj2uKy3OZEn
diff --git a/data.d/vpn-tinc/hosts/mieshu_tyil_net b/data.d/vpn-tinc/hosts/mieshu_tyil_net
new file mode 100644
index 0000000..33d0a50
--- /dev/null
+++ b/data.d/vpn-tinc/hosts/mieshu_tyil_net
@@ -0,0 +1,17 @@
+Subnet = 10.57.3.1/32
+Subnet = fd68:1057:1992:3381:0:3:3317:1/128
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEAiH7/vpM4Fq2q9MXgirEX/jy72N56xGViuKwo7plT8ObmFxkhL4pI
+RifRqv2Oal/VNKfECR5IaHzrLxWA7aunw22sFoUTnvQl6wCApPb1us2fn50J9ei/
+9gxrbQbVAX0VNlGzICk9zgKl+qfPtj/7ANoqE8Oo0cHrucfW+HdDpN3PyeDwhUk+
+GjoGFQuQboZNUzGnmIgcqPK2m3yJEy2l9SK2p5Uub0RZMDJrt8RJip4OesqpwIvX
+JGrU4jL2qIVzkhdkV2NyMd3chCdoHIXjXALreSoyZHkSOdJB2d1X/s6QD+aGFicv
+bIokJQWdO9hRh6P0lUEv44IABIj5oat6KU/uLtcr4pycnXMeJ73+CGA8hjG0M2uh
+Urn+hoi7y1h0G3vcoYz4oaxX2wqczEbJTTQmwxsx4XftCy7Fg6cnNCva/ML1hOwj
+1Urs0jfyPZjVzxqBqsia9duKINPnVkhdxWFma/23tEIjzUy4bbFX8T72Y/IcEi6C
+88Q59bgIzDKv1nBzM0/OXbNn5A/zI4FB26xd+NkuwYO9vecRE1DMm+kJiY/L9M4q
+657gy73FRykDPogS8dvoTEDbGuYQYClKNIt50iqBX7mAPGZ9ajEcCaXkd5ZUpKE/
+koYegL06MnryGeiODgSXAiTOxB5zSYaJIjIsSW6O15kXe3OkVHTKesECAwEAAQ==
+-----END RSA PUBLIC KEY-----
+Ed25519PublicKey = z753yL+MnHAouuUKv1pgA40i9dzHp3QIbCHKVNi1NNH
diff --git a/data.d/vpn-tinc/hosts/nouki_tyil_net b/data.d/vpn-tinc/hosts/nouki_tyil_net
new file mode 100644
index 0000000..cdf93a4
--- /dev/null
+++ b/data.d/vpn-tinc/hosts/nouki_tyil_net
@@ -0,0 +1,17 @@
+Subnet = 10.57.2.1/32
+Subnet = fd68:1057:1992:3381:0:2:3317:1/128
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEAu08q7S2MuqMEPeuTBJw6aFcJRF/8FlbxhNrUlHhfhc7N+4FnmQht
+gqr5I20V4BZKkgYI2KUB1+vHGCswy+ReMUtD2njM5BZbNBAOSrVcLtNAuCrCwDev
+Adbf58Mx3IJJSZdvYsOQD6MzNkfvCviaBBue89f8tI0Voh06uJT2AEijQBepindj
+b5hs75npMgkXVlDocgNnt6vN1ZSILK17cllvInrIi1tuA7+0XWTBYxroILYRIhWO
+m4IbnO/tP08e7cEnhCea+/Z5R/ZWlatsYom/gROo6s/ZcwhW1HKVx558Sjynuu92
+GE3o+bxqUD5shPyIo2BOl5h9kGNUtjTpX5rcpRHNr/NX1Zn2ss3bMRTxGGlIU1jI
+R4ZTWqzFNH8wZPNywQcbrxBcYj0xSDrq8u3ZO3mo4YXIv2X7PBBzq3+tyxQfWdcK
+u1AWxIV83W+eBcPQAdIF45yP1EOU7D53Jghe8KrXMnSSyHsghSInnLjqC4dWzveo
+5bQa4koKmMnW5SkvZuihyTWnMs+xgXXxznmUJKUoddgFCpzRhHckQ7KVQmosXthS
+a4njMXzAv/C1gVV0VR3LNSw+ZKOug5Sb7vTeQekOFEv3X98GEy5VKgbq9ebedXh8
+BBJuvClzuWGO3xiRjAwtHWhwOSt0Am1aPq2jEDhxynOGJqXR2Zeqh2UCAwEAAQ==
+-----END RSA PUBLIC KEY-----
+Ed25519PublicKey = ZJkCNlpDKYYzTYl0UfyQMYjAApwbQ5oYgMpnxGXOB+H
diff --git a/data.d/vpn-tinc/hosts/oolah_tyil_net b/data.d/vpn-tinc/hosts/oolah_tyil_net
new file mode 100644
index 0000000..26d59a3
--- /dev/null
+++ b/data.d/vpn-tinc/hosts/oolah_tyil_net
@@ -0,0 +1,16 @@
+Subnet = 10.57.1.1/32
+Subnet = fd68:1057:1992:3381:0:1:3317:1/128
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEAiWbWMo9fujW67rWelrMaxPP3qNHrWUIzg2Z4R4MZegZ2GWVYym3u
+EzboiDO9MOBh7bXSrQavjkecv40d8PDmbcwNy3hYFS2WH+bJCtjHl4xkxEsE2cvA
+1rLW7KEnBfbkKTbVMI/Di9jo4CoVIWNYRU8Ebw+nMWzGcYA1CvtkgzX7gaDio1kk
+0EhZ1BqWnExOEA/ChQEazv1kbFjSUW1Aok/aM95JkZ5h2OmGXxCy3MhvaLd78YC9
+cCc2R53FHsBgmufqqAN2kd96BeW0ZxZUrmzTtbz4ucS41O6hz4yBmz2sQt5TAx9K
+yQcLm2YL11xKkSdc8+LbhnMubYtUSfQcmUW92lxIYy/Odi+OIXjDzk3EconN8nHL
+GFWQJQsuIG9/LsEhR7kNd77becG/QscoV7PnjoxL77QMmlYGOTtS+eeVT8Yn55Lu
+qH4plZso2HL7UJv4cy97ZdTw29SHNz4wZNsDlBT+r8OmnANQShznzboddeY+bbZK
+aBEkwG1IWR719zNLbbeg84MpHx9z+VyS1RWO4Z+xd/g9f8oEWHFKUJRCCmmCGgJU
+qEswMAjPeCsVk31kB+yZujNJnrLCHxUHBHULJVXwcfvOyjZDU+vOgvcjBTOxlzV8
+wPDK2QZyuHNASYnLedyK3b1IRvuSNl5JepuvvwA2JZLlnqU5GLV0l5kCAwEAAQ==
+-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/plarabe_tyil_net b/data.d/vpn-tinc/hosts/plarabe_tyil_net
new file mode 100644
index 0000000..91acd8c
--- /dev/null
+++ b/data.d/vpn-tinc/hosts/plarabe_tyil_net
@@ -0,0 +1,18 @@
+Port = 657
+
+Subnet = 10.57.0.3/32
+Subnet = fd68:1057:1992:3381:0:0:3317:3/128
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEAsasMofIk6AxtX7wsNYf1rZy+tpnnrRrQMX6/kXri+DhMByURJ1HI
+i7jhKBjQBfIcj5FijHHUQHiiKx0bNR0ekpXQFPcsRrspXdQEUnYkc1Pb1J0OMNQ+
+9CT/DH2sun+Zk3qHE+GLdDoWe6gz4uT8Eh+c1/6Z5VwxFpSYKRwT5T/wU9OOEqJi
+svoLZSZUh57Xq2y+3JJvfPx3LS6UP9mwz6cmvLWAkRBn18WG81ZBXvN/4ida23o8
+qhaxDhYIO20lDKY+in2oiN1qztLPcQKiXdn/R3ATr8dZ3pPm8YMclnH4Uil10IAw
+sl7B7Zt/As/LxklCdwWvPLcRMPC7bAMTGRMFW89C9APY3FsfRD5oiX3jqUMDLw6p
+UIVt6/gxnXBjyfgVFouG2ThrqGJp+sC3TfEEjBQ38/W8zk7S3IwMEqLd0gBc8Yq7
+QUWbORloNvv4CtwkeYFonM0eoYn9euxuXJ7RSBGzXadqkKiwtsG4rsvaLU+LKQnQ
+xRdzyiEZFcACU5/bdydHXYWWX1xfD2dPsW0nOelvJukgJvNWn0HyCZ1uClTdcAOr
+/m3Wh4clCiYgDfvurdVKRmgzzG/5U+xih+SUjgDnf/zgfOViY30BzRxoeWvJ+bCH
+TfMKk85a/Zdxxqosasoq6tMlt7EKhPDX5FmL/T102BB40Wtz4U3b81cCAwEAAQ==
+-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/qohrei_tyil_net b/data.d/vpn-tinc/hosts/qohrei_tyil_net
new file mode 100644
index 0000000..decdcfa
--- /dev/null
+++ b/data.d/vpn-tinc/hosts/qohrei_tyil_net
@@ -0,0 +1,19 @@
+Address = 37.27.37.131
+Address = 2a01:4f9:c012:6273::1
+
+Subnet = 10.57.1.6/32
+Subnet = fd68:1057:1992:3381:0:1:1:3/128
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEApbLsMPasXP2g/gJzxo40aayVPH7rDrxuiOaKfm4R0LKVnDuRGQDj
+V+ksZgM5UNxBsJdchzo8BfwtSASFeqlNu4cM9SqMvnKnFOe/W5TCu8+VUx2syrcp
+AhTnZ9yzEsHKMqdup7hOExQ+QXQXWPLbSsKEK6Jel4Kw5gQNc/fOq+sPQQPFb/Y+
+gQvaBrylHnM8oGlohutZjbnZdOaLFWLr4/3xgvzawWgudXOLa5lEmdkMJF0KjsJ0
+NuCVTf8TzzTZf/vdlE/ODYL7dAKuDWUScqpK4RE5+mqS1qHcmXl0hCuu5HecnT3t
+q5S5d4YuatacSI5PaAmGZgD2YoXK4L3LMfvqcO5z5EAKx+GaR+ePY2AB6kljy909
+zyAHW3uRsYA33QqUXQovPBJ4J9hiwDXgsHUUJ5OO1ZTpUJaT1n3Z3TmDwvYA6ZmF
+6LMqu4Mgs2Uvb8kR4xVPuw1dNzsOo9SeN9pQsypYwPatluJVjRwMVibH04ory0uQ
+5gzh+ixNbnEwhYCru8gh5raxgtXJe4WoIunX/G/0L23Jr331oLMHAXXkHKsd63/7
+cwVIvcLN/3bYpraG7tzHCfW2EcGMn1zEoWx6sXooXEgo7qcylHfPIjEpWiq153VY
+VFLwEyd+CHz8uDx57k4grHE4ggjCAJ6LYBUhl2Nk3lY9f4+Gl/I+D2ECAwEAAQ==
+-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/ricui_tyil_net b/data.d/vpn-tinc/hosts/ricui_tyil_net
new file mode 100644
index 0000000..30866a2
--- /dev/null
+++ b/data.d/vpn-tinc/hosts/ricui_tyil_net
@@ -0,0 +1,18 @@
+Address = 2a01:4f8:1c1b:67d7::1
+
+Subnet = 10.57.1.7/32
+Subnet = fd68:1057:1992:3381:0:1:1:4/128
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEAqtSWcbWqGvmpwQuFaLhTXIxr1j2mVApKhV0Bw8UyggszBsEsZiZd
+b3eAbJOrklLhedZVendcjPhK8PPBJCWABW9Jm100xDaHc5HfMp/O5J2cSWD7vQVu
+iRVonHWaJRYAGeOUnG7mkIfAaHLIOnVzIVEpyuV9z8SCl48Bx7pU351WqYGwk75X
+VEIexX8C8vtHneeZJnF5p79kHCQuzwv1DlrAShjmh7qjr4rB97sZYnuwt9g2W9s9
+4wKUk+CJdmrARWyDxXQaS7P5VyqcJw7FpLefe+9B8Hq4ruU1HbqIxjKPFG1Kvtdf
+19KATOjEAlbeIlEvyiJnOi8Bedxo+MmeX2B3rE2aQyZTHEnkAImILLEgvDf8GnFx
+N6JWAnHELkrPOvQhFRhjQeQz4uk4WAEY2aSCqxnx0iQiqEjrHF38tntqZuahSknX
+3nXKiy5qeBi/4a6QcAEBn0L1WaJr12kbviqortg/ltSv1qwmWEnVw+Wdl3sF7uxw
+5fz2ciDrqOQE75jz7ouz28FhinGiLYXOddqWKWhE5J2hW2y+XfClXn0Z6uvCbSe+
+XZzmF3Yz6u/PEib8JWteaYkU2M3DVVvl/UDOuYP+lG6xISCIyCOGEFPtRq6VHHwD
+ReFPww8iAT8lD1/8zmPI0f2Ktm1Jnpf3aIHhBu2NugRTkDqj0djnafkCAwEAAQ==
+-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-wireguard/.gitignore b/data.d/vpn-wireguard/.gitignore
new file mode 100644
index 0000000..ae60a25
--- /dev/null
+++ b/data.d/vpn-wireguard/.gitignore
@@ -0,0 +1 @@
+privkey
diff --git a/data.d/vpn-wireguard/hooks/post-up b/data.d/vpn-wireguard/hooks/post-up
new file mode 100755
index 0000000..edbcd50
--- /dev/null
+++ b/data.d/vpn-wireguard/hooks/post-up
@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+
+readonly COLOR_RESET="\033[0m"
+readonly COLOR_OK="\033[32;1m"
+readonly COLOR_NOK="\033[31;1m"
+readonly BUFFER="$(mktemp)"
+
+main() {
+ printf "Verifying connectability...\n"
+
+ # Ping all known hosts, as it seems that the wireguard interface comes up when
+ # only after it gets used on the machine itself.
+ while read -r addr;
+ do
+ check "$addr" &
+ done < <(awk -F= '/vpn-wireguard.ipv(4|6)=/ { print $NF }' /etc/bashtard/hosts.d/*)
+
+ wait
+
+ sort -- "$BUFFER" >&2
+}
+
+check() {
+ local addr="$1"
+
+ if ping -c 1 -q -w 1 "$addr" > /dev/null
+ then
+ log OK "$addr"
+ else
+ log NOK "$addr"
+ fi
+}
+
+log() {
+ local state="$1"
+ local addr="$2"
+ local color="$COLOR_NOK"
+
+ if [[ $state == "OK" ]]
+ then
+ color="$COLOR_OK"
+ fi
+
+ printf "%b%3s%b: %s\n" "$color" "$state" "$COLOR_RESET" "$addr" >> "$BUFFER"
+}
+
+main "$@"
diff --git a/data.d/vpn-wireguard/peers/faiwoo.tyil.net b/data.d/vpn-wireguard/peers/faiwoo.tyil.net
new file mode 100644
index 0000000..631f39a
--- /dev/null
+++ b/data.d/vpn-wireguard/peers/faiwoo.tyil.net
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = fd68:1058:1992:3381:0:1:1:2/128,10.58.1.2/32,fd00:8:0:3::/64,172.28.3.0/24
+Endpoint = [2a01:4f9:c010:e20c::1]:51820
+PublicKey = Rrl9qa09Gc8LM3CIr0BIMTnkCMhL1GZFVKCh1P2okWg=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/gaeru.tyil.net b/data.d/vpn-wireguard/peers/gaeru.tyil.net
new file mode 100644
index 0000000..4b65f52
--- /dev/null
+++ b/data.d/vpn-wireguard/peers/gaeru.tyil.net
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = fd68:1058:1992:3381:0:1:2:1/128,10.58.1.5/32
+Endpoint = [37.48.120.26]:51820
+PublicKey = np17FGeZB0N77/SfaHfKTbsD/oV0LnjdOUeIMePGQG4=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/jaomox.tyil.net b/data.d/vpn-wireguard/peers/jaomox.tyil.net
new file mode 100644
index 0000000..15c3dc2
--- /dev/null
+++ b/data.d/vpn-wireguard/peers/jaomox.tyil.net
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = fd68:1058:1992:3381:0:3:3:1/128,10.58.3.1/32
+Endpoint = [163.172.218.246]:51820
+PublicKey = VBqMAsZkCNVlqaMZGT7SKDuCkjXcVrwZNCxVKBRII0Q=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/mieshu.tyil.net b/data.d/vpn-wireguard/peers/mieshu.tyil.net
new file mode 100644
index 0000000..0b9001f
--- /dev/null
+++ b/data.d/vpn-wireguard/peers/mieshu.tyil.net
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = fd68:1058:1992:3381:0:3:3317:2/128,10.58.3.2/32
+Endpoint = [2a10:3781:2453:1:4950:47ce:f8db:1fed]:51820
+PublicKey = hrVjitF/wpaNvL9/hlswTL/G8hhKcpMmqGsinU34IBA=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/nouki.tyil.net b/data.d/vpn-wireguard/peers/nouki.tyil.net
new file mode 100644
index 0000000..0986864
--- /dev/null
+++ b/data.d/vpn-wireguard/peers/nouki.tyil.net
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = fd68:1058:1992:3381:0:2:3317:1/128,10.58.2.1/32
+Endpoint = [2a10:3781:2453:1:c8cb:d1a:bc0:dc38]:51820
+PublicKey = Mo2jVPUCIX3o5fY+H2rrVMWAKatVrF9nF75OCZZhRGM=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/oolah.tyil.net b/data.d/vpn-wireguard/peers/oolah.tyil.net
new file mode 100644
index 0000000..2951f1f
--- /dev/null
+++ b/data.d/vpn-wireguard/peers/oolah.tyil.net
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = fd68:1058:1992:3381:0:1:3317:1/128,10.58.1.4/32,fd00:8:0:0::/64,172.28.0.0/24
+Endpoint = [2a10:3781:2453:1:7aaf:8ff:fe7a:9ba8]:51820
+PublicKey = 8UkQ71m0xVPJbQ4zySRqH/WXJm479zj5xcgeJVoBWi8=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/qohrei.tyil.net b/data.d/vpn-wireguard/peers/qohrei.tyil.net
new file mode 100644
index 0000000..2a206d6
--- /dev/null
+++ b/data.d/vpn-wireguard/peers/qohrei.tyil.net
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = fd68:1058:1992:3381:0:1:1:1/128,10.58.1.1/32,fd00:8:0:2::/64,172.28.2.0/24
+Endpoint = [2a01:4f9:c012:6273::1]:51820
+PublicKey = cD1NveEPXKKNdGcx9bO4+91b1abDwoUSGnF4dI1m0R4=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/ricui.tyil.net b/data.d/vpn-wireguard/peers/ricui.tyil.net
new file mode 100644
index 0000000..a8cfdd7
--- /dev/null
+++ b/data.d/vpn-wireguard/peers/ricui.tyil.net
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = fd68:1058:1992:3381:0:1:1:3/128,10.58.1.3/32,fd00:8:0:4::/64,172.28.4.0/24
+Endpoint = [2a01:4f8:1c1b:67d7::1]:51820
+PublicKey = Rv41YhKkhAVKefwlKtD0Uywv7r6a2/uhsdhWVcZUYyU=
+PersistentKeepalive = 10
diff --git a/defaults b/defaults
index ed6b73a..7f41ce5 100644
--- a/defaults
+++ b/defaults
@@ -1,17 +1,69 @@
bashtard.backup.elements.0=filesystem
bashtard.backup.fs.paths.0=/etc
bashtard.backup.repositories.edephas=backup@edephas:{fqdn}
-k3s.network.cidr.pods=10.57.40.0/20
-k3s.network.cidr.svcs=10.57.48.0/20
-k3s.network.service.dns=10.57.48.53
-k3s.flux.repo.url=ssh://git@10.57.100.7/srv/git/tyilnet
+bashtard.ssh.host&=vpn-tinc.ipv6
dns.domain=tyil.net
dns.upstream.0=185.181.61.24
dns.upstream.1=188.68.231.82
dns.upstream.2=51.83.172.84
dns.upstream.3=2a03:94e0:1804::1
dns.upstream.4=2001:470:71:6dc::53
+etc-nixos.path=/etc/nixos
+etc-portage.path=/etc/portage
+k3s-master.bind-address&=k3s-node.bind-address
+k3s-master.cluster-cidr=fd00:8::0/48,172.28.0.0/16
+k3s-master.cluster-domain=k3s.tyil.nl
+k3s-master.external-ip&=k3s-node.internal-ip
+k3s-master.flannel-iface&=k3s-node.flannel-iface
+k3s-master.internal-ip&=k3s-node.internal-ip
+k3s-master.service-cidr=fd00:5::0/108,172.25.0.0/16
+k3s-master.service-node-port-min=1025
+k3s-node.bind-address&=vpn-tinc.ipv6
+k3s-node.cluster-cidr&=k3s-master.cluster-cidr
+k3s-node.cluster-domain&=k3s-master.cluster-domain
+k3s-node.cluster-domain=k3s.tyil.nl
+k3s-node.entry.host=[fd68:1057:1992:3381:0:1:3317:1]
+k3s-node.flannel-iface&=vpn-tinc.name
+k3s-node.external-ip&=k3s-node.internal-ip
+k3s-node.role=agent
+k3s-node.service-cidr&=k3s-master.service-cidr
+nftables.input.icmp.ipv4.policy=accept
+nftables.input.icmp.ipv4.rate=2/second
+nftables.input.icmp.ipv6.policy=accept
+nftables.input.icmp.ipv6.rate=2/second
+nftables.input.interfaces.lo.policy=accept
+nftables.input.interfaces.tyilnet.policy=accept
+nftables.input.interfaces.tyilnet1058.policy=accept
+nftables.input.policy=drop
+nftables.input.rules.mosh.policy=accept
+nftables.input.rules.mosh.port=60000-61000
+nftables.input.rules.mosh.proto=udp
+nftables.input.rules.ssh.policy=accept
+nftables.input.rules.ssh.port=22
+nftables.input.rules.ssh.proto=tcp
+nftables.input.rules.tincd.policy=accept
+nftables.input.rules.tincd.port=655
+nftables.input.rules.tincd.proto=tcp,udp
+nftables.input.rules.wireguard.policy=accept
+nftables.input.rules.wireguard.port=51820
+nftables.input.rules.wireguard.proto=udp
+nftables.input.state.established.policy=accept
+nftables.input.state.invalid.policy=drop
+nftables.input.state.related.policy=accept
+seaweedfs-filer.db.type=postgres2
+seaweedfs-filer.db.host=10.57.2.1
+seaweedfs-filer.ip&=vpn-tinc.ipv4
+seaweedfs-master.replication=001
+seaweedfs-volume.ip&=vpn-tinc.ipv4
+vpn-tinc.name=tyilnet1057
+vpn-tinc.peers.caeghi=caeghi_tyil_net
+vpn-tinc.peers.faiwoo=faiwoo_tyil_net
+vpn-tinc.peers.gaeru=gaeru_tyil_net
+vpn-tinc.peers.qohrei=qohrei_tyil_net
+vpn-tinc.peers.ricui=ricui_tyil_net
+vpn-tinc.port=657
+vpn-wireguard.interface=tyilnet1058
+vpn-wireguard.keepalive=10
www-blog.generator=hugo
www-blog.path=/var/www/nl.tyil.www
www-blog.repository=https://git.tyil.nl/blog
-vpn-tinc.name=tyilnet
diff --git a/hosts.d/anoia.tyil.net b/hosts.d/anoia.tyil.net
index da37125..c41fbfb 100644
--- a/hosts.d/anoia.tyil.net
+++ b/hosts.d/anoia.tyil.net
@@ -1,4 +1,6 @@
-bashtard.backup.fs.paths.1=/home/tyil
-bashtard.ssh.host=10.57.100.3
+bashtard.backup.fs.paths.1=/etc
+bashtard.backup.fs.paths.2=/home/tyil
+bashtard.backup.repositories.1=rsync.net:{fqdn}
meta.provider=self
-vpn-tinc.ipv4=10.57.100.3
+vpn-tinc.ipv4=10.57.0.4
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:0:3317:4
diff --git a/hosts.d/caeghi.tyil.net b/hosts.d/caeghi.tyil.net
index ce19c3f..b17df23 100644
--- a/hosts.d/caeghi.tyil.net
+++ b/hosts.d/caeghi.tyil.net
@@ -3,6 +3,8 @@ bashtard.backup.fs.paths.1=/etc
bashtard.backup.fs.paths.2=/home
bashtard.backup.fs.paths.3=/var/lib/mumble-server
bashtard.backup.repositories.1=rsync.net:{fqdn}
-bashtard.ssh.host=10.57.20.2
meta.provider=hetzner
-vpn-tinc.ipv4=10.57.20.2
+vpn-tinc.ipv4=10.57.1.3
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:1:1:1
+vpn-wireguard.ipv4=10.58.1.3
+vpn-wireguard.ipv6=fd68:1058:1992:3381:0:1:1:1
diff --git a/hosts.d/denahnu.tyil.net b/hosts.d/denahnu.tyil.net
deleted file mode 100644
index e699c41..0000000
--- a/hosts.d/denahnu.tyil.net
+++ /dev/null
@@ -1,7 +0,0 @@
-bashtard.backup.borg.remote_paths.1=borg1
-bashtard.backup.fs.paths.1=/usr/home
-bashtard.backup.fs.paths.2=/usr/local/etc
-bashtard.backup.repositories.1=rsync.net:{fqdn}
-bashtard.ssh.host=10.57.20.4
-meta.provider=arubacloud
-vpn-tinc.ipv4=10.57.20.4
diff --git a/hosts.d/edephas.tyil.net b/hosts.d/edephas.tyil.net
index acef6fe..f86f044 100644
--- a/hosts.d/edephas.tyil.net
+++ b/hosts.d/edephas.tyil.net
@@ -1,34 +1,11 @@
bashtard.backup.borg.remote_paths.rsync=borg1
bashtard.backup.db.postgresql.user=postgres
-bashtard.backup.elements.1=database_postgres
+bashtard.backup.elements.1=database_postgresql
bashtard.backup.fs.paths.1=/home/tyil
bashtard.backup.fs.paths.2=/home/tyil/.local/git
bashtard.backup.fs.paths.3=/var/www/*
bashtard.backup.repositories.edephas=/var/media/backups/{fqdn}
bashtard.backup.repositories.rsync=rsync.net:{fqdn}
-bashtard.ssh.host=10.57.100.7
-git.repos.bashtard.description=Configuration Management System in Bash
-git.repos.bashtard-playbooks/vpn-tinc.description=A Bashtard playbook for configuring tinc
-git.repos.bashtard-playbooks/www-static.description=A Bashtard playbook for generating static websites
-git.repos.blog.description=The source files to my blog, www.tyil.nl
-git.repos.dotfiles.description=My user-level configuration files, use with caution!
-git.repos.helm/invidious.description=Helm chart to deploy Invidious
-git.repos.helm/nitter.description=Helm chart to deploy Nitter
-git.repos.raku/config-parser-toml.description=TOML parser for Config
-git.repos.raku/config-parser-yaml.description=YAML parser for Config
-git.repos.raku/config.description=Extensible library for reading and writing configuration files in the Raku programming language
-git.repos.raku/hash-merge.description=Raku module for deep merging of Hashes
-git.repos.raku/io-path-xdg.description=Convenience functions for working with the XDG Base Directory Specification in the Raku programming language
-git.repos.raku/irc-client.description=Sources for the IRC::Client module for the Raku programming language
-git.repos.raku/irc-grammar.description=Grammar to parse IRC messages
-git.repos.raku/log-colored.description=A Log implementation with colored output
-git.repos.raku/log-json.description=A Log implementation with JSON formatted output
-git.repos.raku/log-simple.description=A simple implementation of the Log library for the Raku programming language
-git.repos.raku/log.description=An interface for logging mechanisms in the Raku programming language
-git.repos.raku/string-fold.description=Fold strings to a certain length
-git.repos.raku/url.description=A Raku library to handle URLs
-git.repos.rakudo-star.description=User-friendly distribution of the Raku programming language
-git.repos.tyilnet.description=Configuration for machines in my personal network
-git.repos.vim/camelcasemotion.description=A plugin for vim to make motions stop at camelCase or snake_case boundaries
meta.provider=self
-vpn-tinc.ipv4=10.57.100.7
+vpn-tinc.ipv4=10.57.0.1
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:0:3317:1
diff --git a/hosts.d/faiwoo.tyil.net b/hosts.d/faiwoo.tyil.net
index b8a7d1a..7c22a65 100644
--- a/hosts.d/faiwoo.tyil.net
+++ b/hosts.d/faiwoo.tyil.net
@@ -1,7 +1,11 @@
bashtard.backup.borg.remote_paths.1=borg1
bashtard.backup.fs.paths.1=/home
bashtard.backup.fs.paths.2=/var/www
+bashtard.backup.fs.paths.3=/etc
bashtard.backup.repositories.1=rsync.net:{fqdn}
-bashtard.ssh.host=10.57.20.5
meta.provider=hetzner
-vpn-tinc.ipv4=10.57.20.5
+vpn-tinc.ipv4=10.57.1.4
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:1:1:2
+vpn-wireguard.endpoint=2a01:4f9:c010:e20c::1
+vpn-wireguard.ipv4=10.58.1.4
+vpn-wireguard.ipv6=fd68:1058:1992:3381:0:1:1:2
diff --git a/hosts.d/gaeru.tyil.net b/hosts.d/gaeru.tyil.net
index 07f931c..bc01b3a 100644
--- a/hosts.d/gaeru.tyil.net
+++ b/hosts.d/gaeru.tyil.net
@@ -1,3 +1,10 @@
-bashtard.ssh.host=10.57.20.6
-meta.provider=hetzner
-vpn-tinc.ipv4=10.57.20.6
+bashtard.backup.borg.remote_paths.1=borg1
+bashtard.backup.fs.paths.1=/etc
+bashtard.backup.fs.paths.2=/home
+bashtard.backup.repositories.1=rsync.net:{fqdn}
+meta.provider=leaseweb
+vpn-tinc.ipv4=10.57.1.2
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:1:2:1
+vpn-wireguard.endpoint=37.48.120.26
+vpn-wireguard.ipv4=10.58.1.2
+vpn-wireguard.ipv6=fd68:1058:1992:3381:0:1:2:1
diff --git a/hosts.d/hurzak.tyil.net b/hosts.d/hurzak.tyil.net
deleted file mode 100644
index f5b0ec7..0000000
--- a/hosts.d/hurzak.tyil.net
+++ /dev/null
@@ -1,7 +0,0 @@
-bashtard.backup.borg.remote_paths.1=borg1
-bashtard.backup.fs.paths.1=/etc
-bashtard.backup.fs.paths.2=/home
-bashtard.backup.repositories.1=rsync.net:{fqdn}
-bashtard.ssh.host=10.57.20.7
-meta.provider=leaseweb
-vpn-tinc.ipv4=10.57.20.7
diff --git a/hosts.d/ivdea.tyil.net b/hosts.d/ivdea.tyil.net
deleted file mode 100644
index 2427d97..0000000
--- a/hosts.d/ivdea.tyil.net
+++ /dev/null
@@ -1,6 +0,0 @@
-bashtard.backup.borg.remote_paths.1=borg1
-bashtard.backup.fs.paths.1=/etc
-bashtard.backup.fs.paths.2=/home/tyil
-bashtard.ssh.host=10.57.100.8
-meta.provider=self
-vpn-tinc.ipv4=10.57.100.8
diff --git a/hosts.d/jaomox.tyil.net b/hosts.d/jaomox.tyil.net
index 10af86f..f9c9af9 100644
--- a/hosts.d/jaomox.tyil.net
+++ b/hosts.d/jaomox.tyil.net
@@ -1,6 +1,28 @@
bashtard.backup.borg.remote_paths.1=borg1
bashtard.backup.fs.paths.1=/etc
bashtard.backup.fs.paths.2=/home/tyil
-bashtard.ssh.host=10.57.21.1
-meta.provider=self
-vpn-tinc.ipv4=10.57.21.1
+bashtard.backup.repositories.1=rsync.net:{fqdn}
+meta.provider=oneprovider
+nftables.input.rules.seaweedfs-filer.policy=accept
+nftables.input.rules.seaweedfs-filer.port=8888
+nftables.input.rules.seaweedfs-filer.proto=tcp
+nftables.input.rules.seaweedfs-master.policy=accept
+nftables.input.rules.seaweedfs-master.port=9333
+nftables.input.rules.seaweedfs-master.proto=tcp
+nftables.input.rules.seaweedfs-s3.policy=accept
+nftables.input.rules.seaweedfs-s3.port=8333
+nftables.input.rules.seaweedfs-s3.proto=tcp
+nftables.input.rules.seaweedfs-volume-0.policy=accept
+nftables.input.rules.seaweedfs-volume-0.port=8080
+nftables.input.rules.seaweedfs-volume-0.proto=tcp
+seaweedfs-filer.ip&=vpn-wireguard.ipv6
+seaweedfs-master.ip&=vpn-wireguard.ipv6
+seaweedfs-volume.ip&=vpn-wireguard.ipv6
+seaweedfs-volume.dc&=meta.provider
+seaweedfs-volume.rack=amsterdam
+seaweedfs-volume.volumes.0.port=8080
+vpn-tinc.ipv4=10.57.3.2
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:3:3:1
+vpn-wireguard.endpoint=163.172.218.246
+vpn-wireguard.ipv4=10.58.3.2
+vpn-wireguard.ipv6=fd68:1058:1992:3381:0:3:3:1
diff --git a/hosts.d/krohxe.tyil.net b/hosts.d/krohxe.tyil.net
deleted file mode 100644
index 4388eee..0000000
--- a/hosts.d/krohxe.tyil.net
+++ /dev/null
@@ -1,2 +0,0 @@
-meta.provider=self
-vpn-tinc.ipv4=10.57.20.8
diff --git a/hosts.d/ludifah.tyil.net b/hosts.d/ludifah.tyil.net
index 5e4a628..214404b 100644
--- a/hosts.d/ludifah.tyil.net
+++ b/hosts.d/ludifah.tyil.net
@@ -1,3 +1,7 @@
-bashtard.ssh.host=10.57.100.9
+bashtard.backup.borg.remote_paths.1=borg1
+bashtard.backup.fs.paths.1=/etc
+bashtard.backup.fs.paths.2=/home/tyil
+bashtard.backup.repositories.1=rsync.net:{fqdn}
meta.provider=self
-vpn.ipv4=10.57.100.9
+vpn-tinc.ipv4=10.57.0.2
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:0:3317:2
diff --git a/hosts.d/mieshu.tyil.net b/hosts.d/mieshu.tyil.net
new file mode 100644
index 0000000..27e53e9
--- /dev/null
+++ b/hosts.d/mieshu.tyil.net
@@ -0,0 +1,48 @@
+git.repodir=/mnt/pool/git
+git.repos.bashtard.description=Configuration Management System in Bash
+git.repos.bashtard/k3s-master.description=A Bashtard playbook to set up k3s on a single-node
+git.repos.bashtard/vpn-tinc.description=A Bashtard playbook for configuring tinc
+git.repos.bashtard/www-static.description=A Bashtard playbook for generating static websites
+git.repos.blog.description=The source files to my blog, www.tyil.nl
+git.repos.dotfiles.description=My user-level configuration files, use with caution!
+git.repos.helm/invidious.description=Helm chart to deploy Invidious
+git.repos.helm/nitter.description=Helm chart to deploy Nitter
+git.repos.kubernetes/nfs-operator.description=An operator for Kubernetes to provision NFS mounts for PVC resources
+git.repos.raku/config-parser-toml.description=TOML parser for Config
+git.repos.raku/config-parser-yaml.description=YAML parser for Config
+git.repos.raku/config.description=Extensible library for reading and writing configuration files in the Raku programming language
+git.repos.raku/hash-merge.description=Raku module for deep merging of Hashes
+git.repos.raku/io-path-xdg.description=Convenience functions for working with the XDG Base Directory Specification in the Raku programming language
+git.repos.raku/irc-client.description=Sources for the IRC::Client module for the Raku programming language
+git.repos.raku/irc-grammar.description=Grammar to parse IRC messages
+git.repos.raku/log-colored.description=A Log implementation with colored output
+git.repos.raku/log-json.description=A Log implementation with JSON formatted output
+git.repos.raku/log-simple.description=A simple implementation of the Log library for the Raku programming language
+git.repos.raku/log.description=An interface for logging mechanisms in the Raku programming language
+git.repos.raku/string-fold.description=Fold strings to a certain length
+git.repos.raku/url.description=A Raku library to handle URLs
+git.repos.rakudo-star.description=User-friendly distribution of the Raku programming language
+git.repos.tyilnet.description=Configuration for machines in my personal network
+git.repos.vim/camelcasemotion.description=A plugin for vim to make motions stop at camelCase or snake_case boundaries
+k3s-node.internal-ip=fd68:1057:1992:3381:0:3:3317:1,10.57.3.1
+k3s-node.role=server
+meta.provider=self
+nfs-server.exports./mnt/exports/invidious.fsid=97d3493c-1397-479f-bb8a-5c71833b9e17
+nfs-server.exports./mnt/exports/lldap.fsid=ee8ee25b-6f14-47f0-81b1-f6fe03a9761f
+nfs-server.exports./mnt/exports/prometheus.fsid=052f42b5-33c0-40b9-aa69-d05dc03a9fa1
+seaweedfs-master.ip&=vpn-tinc.ipv4
+seaweedfs-volume.dc=schokkerstraat
+seaweedfs-volume.rack=main
+seaweedfs-volume.volumes.tyilstore0.port.grpc=17080
+seaweedfs-volume.volumes.tyilstore0.port.http=5080
+seaweedfs-volume.volumes.tyilstore1.port.grpc=17081
+seaweedfs-volume.volumes.tyilstore1.port.http=5081
+seaweedfs-volume.volumes.tyilstore2.port.grpc=17082
+seaweedfs-volume.volumes.tyilstore2.port.http=5082
+seaweedfs-volume.volumes.tyilstore3.port.grpc=17083
+seaweedfs-volume.volumes.tyilstore3.port.http=5083
+vpn-tinc.ipv4=10.57.3.1
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:3:3317:1
+vpn-wireguard.endpoint=2a10:3781:2453:1:7aaf:8ff:fe7a:9ba8
+vpn-wireguard.ipv4=10.58.3.1
+vpn-wireguard.ipv6=fd68:1058:1992:3381:0:3:3317:1
diff --git a/hosts.d/nouki.tyil.net b/hosts.d/nouki.tyil.net
new file mode 100644
index 0000000..bd0f098
--- /dev/null
+++ b/hosts.d/nouki.tyil.net
@@ -0,0 +1,8 @@
+k3s-node.internal-ip=fd68:1057:1992:3381:0:2:3317:1,10.57.2.1
+k3s-node.role=server
+meta.provider=self
+vpn-tinc.ipv4=10.57.2.1
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:2:3317:1
+vpn-wireguard.endpoint=2a10:3781:2453:1:c8cb:d1a:bc0:dc38
+vpn-wireguard.ipv4=10.58.2.1
+vpn-wireguard.ipv6=fd68:1058:1992:3381:0:2:3317:1
diff --git a/hosts.d/oolah.tyil.net b/hosts.d/oolah.tyil.net
new file mode 100644
index 0000000..a70c3b0
--- /dev/null
+++ b/hosts.d/oolah.tyil.net
@@ -0,0 +1,8 @@
+k3s-node.role=server
+k3s-node.internal-ip=fd68:1057:1992:3381:0:1:3317:1,10.57.1.1
+meta.provider=self
+vpn-tinc.ipv4=10.57.1.1
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:1:3317:1
+vpn-wireguard.endpoint=2a10:3781:2453:1:7aaf:8ff:fe7a:9ba8
+vpn-wireguard.ipv4=10.58.1.1
+vpn-wireguard.ipv6=fd68:1058:1992:3381:0:1:3317:1
diff --git a/hosts.d/plarabe.tyil.net b/hosts.d/plarabe.tyil.net
new file mode 100644
index 0000000..4163491
--- /dev/null
+++ b/hosts.d/plarabe.tyil.net
@@ -0,0 +1,3 @@
+meta.provider=self
+vpn-tinc.ipv4=10.57.0.3
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:0:3317:3
diff --git a/hosts.d/qohrei.tyil.net b/hosts.d/qohrei.tyil.net
new file mode 100644
index 0000000..cbbf444
--- /dev/null
+++ b/hosts.d/qohrei.tyil.net
@@ -0,0 +1,19 @@
+k3s-node.internal-ip=fd68:1057:1992:3381:0:1:1:3,10.57.1.6
+k3s-node.role=server
+meta.provider=hetzner
+nftables.input.interfaces.cilium*.policy=accept
+nftables.input.interfaces.lxc*.policy=accept
+nftables.input.rules.etcd.policy=accept
+nftables.input.rules.etcd.port=2379-2381
+nftables.input.rules.etcd.proto=tcp
+nftables.input.rules.kubeapi.policy=accept
+nftables.input.rules.kubeapi.port=6443
+nftables.input.rules.kubeapi.proto=tcp
+nftables.input.rules.kubelet.policy=accept
+nftables.input.rules.kubelet.port=10250
+nftables.input.rules.kubelet.proto=tcp
+vpn-tinc.ipv4=10.57.1.6
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:1:1:3
+vpn-wireguard.endpoint=2a01:4f9:c012:6273::1
+vpn-wireguard.ipv4=10.58.1.6
+vpn-wireguard.ipv6=fd68:1058:1992:3381:0:1:1:3
diff --git a/hosts.d/ricui.tyil.net b/hosts.d/ricui.tyil.net
new file mode 100644
index 0000000..9c4c8b5
--- /dev/null
+++ b/hosts.d/ricui.tyil.net
@@ -0,0 +1,12 @@
+k3s-node.internal-ip=fd68:1057:1992:3381:0:1:1:4,10.57.1.7
+meta.provider=hetzner
+nftables.input.interfaces.cilium*.policy=accept
+nftables.input.interfaces.lxc*.policy=accept
+nftables.input.rules.kubelet.policy=accept
+nftables.input.rules.kubelet.port=10250
+nftables.input.rules.kubelet.proto=tcp
+vpn-tinc.ipv4=10.57.1.7
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:1:1:4
+vpn-wireguard.endpoint=2a01:4f8:1c1b:67d7::1
+vpn-wireguard.ipv4=10.58.1.7
+vpn-wireguard.ipv6=fd68:1058:1992:3381:0:1:1:4
diff --git a/os.d/linux-alpine_linux b/os.d/linux-alpine_linux
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/os.d/linux-alpine_linux
diff --git a/os.d/linux-debian_gnu_linux b/os.d/linux-debian_gnu_linux
index e69de29..b0d8bb7 100644
--- a/os.d/linux-debian_gnu_linux
+++ b/os.d/linux-debian_gnu_linux
@@ -0,0 +1 @@
+pkg.borg=borgbackup
diff --git a/playbooks.d/dns-dnsmasq/description.txt b/playbooks.d/dns-dnsmasq/description.txt
deleted file mode 100644
index 0c12e3a..0000000
--- a/playbooks.d/dns-dnsmasq/description.txt
+++ /dev/null
@@ -1 +0,0 @@
-Local DNS resolver with dnsmasq
diff --git a/playbooks.d/dns-dnsmasq/etc/defaults b/playbooks.d/dns-dnsmasq/etc/defaults
deleted file mode 100644
index 4d3305a..0000000
--- a/playbooks.d/dns-dnsmasq/etc/defaults
+++ /dev/null
@@ -1,6 +0,0 @@
-pkg.dnsmasq=dnsmasq
-svc.dnsmasq=dnsmasq
-
-dns.port=53
-dns.host=127.0.0.1
-dns.domain=localhost
diff --git a/playbooks.d/dns-dnsmasq/etc/os.d/linux-gentoo b/playbooks.d/dns-dnsmasq/etc/os.d/linux-gentoo
deleted file mode 100644
index 2aec434..0000000
--- a/playbooks.d/dns-dnsmasq/etc/os.d/linux-gentoo
+++ /dev/null
@@ -1 +0,0 @@
-pkg.dnsmasq=net-dns/dnsmasq
diff --git a/playbooks.d/dns-dnsmasq/playbook.bash b/playbooks.d/dns-dnsmasq/playbook.bash
deleted file mode 100644
index f4be8cd..0000000
--- a/playbooks.d/dns-dnsmasq/playbook.bash
+++ /dev/null
@@ -1,48 +0,0 @@
-#!/usr/bin/env bash
-
-playbook_add() {
- info "$BASHTARD_PLAYBOOK" "Installing packages"
- pkg install dnsmasq
-
- playbook_sync
-
- info "$BASHTARD_PLAYBOOK" "Enabling services"
- svc enable dnsmasq
- svc start dnsmasq
-}
-
-playbook_sync() {
- mkdir -pv -- "$(config "fs.etcdir")/dnsmasq.d"
-
- info "$BASHTARD_PLAYBOOK" "Writing config"
- file_template "dnsmasq.conf" \
- "host=$(config "dns.host")" \
- "port=$(config "dns.port")" \
- "domain=$(config "dns.domain")" \
- "confd=$(config "fs.etcdir")/dnsmasq.d" \
- > "$(config "fs.etcdir")/dnsmasq.conf"
-
- while read -r key
- do
- printf "server=%s\n" "$(config "dns.upstream.$key")"
- done < <(config_subkeys "dns.upstream") > "$(config "fs.etcdir")/dnsmasq.d/servers.conf"
-
- while read -r key
- do
- printf "address=/$(config "dns.address.$key" | sed s@:@/@)\n"
- done < <(config_subkeys "dns.address") > "$(config "fs.etcdir")/dnsmasq.d/addresses.conf"
-
- [[ "$BASHTARD_COMMAND" == "add" ]] && return
-
- info "$BASHTARD_PLAYBOOK" "Restarting services"
- svc restart dnsmasq
-}
-
-playbook_del() {
- info "$BASHTARD_PLAYBOOK" "Disabling services"
- svc stop dnsmasq
- svc disable dnsmasq
-
- info "$BASHTARD_PLAYBOOK" "Uninstalling packages"
- pkg uninstall dnsmasq
-}
diff --git a/playbooks.d/dns-dnsmasq/share/dnsmasq.conf b/playbooks.d/dns-dnsmasq/share/dnsmasq.conf
deleted file mode 100644
index 4fe090c..0000000
--- a/playbooks.d/dns-dnsmasq/share/dnsmasq.conf
+++ /dev/null
@@ -1,14 +0,0 @@
-# Binding
-listen-address=${host}
-port=${port}
-bind-interfaces
-
-# Local domain
-domain=${domain}
-
-# Upstream DNS Servers
-no-resolv
-conf-file=${confd}/servers.conf
-
-# Addresses
-conf-file=${confd}/addresses.conf
diff --git a/playbooks.d/etc-nixos/description.txt b/playbooks.d/etc-nixos/description.txt
new file mode 100644
index 0000000..8d90523
--- /dev/null
+++ b/playbooks.d/etc-nixos/description.txt
@@ -0,0 +1 @@
+A symlinked directory to keep its content synced through Bashtard
diff --git a/playbooks.d/etc-nixos/playbook.bash b/playbooks.d/etc-nixos/playbook.bash
new file mode 100644
index 0000000..3140bb3
--- /dev/null
+++ b/playbooks.d/etc-nixos/playbook.bash
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+# shellcheck disable=SC2034
+
+BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.path]="required"
+
+playbook_add() {
+ mkdir -pv -- "$(dirname "$(config "$BASHTARD_PLAYBOOK.path")")"
+ ln -sv -- "$(playbook_path "data")" "$(config "$BASHTARD_PLAYBOOK.path")"
+}
+
+playbook_sync() {
+ :;
+}
+
+playbook_del() {
+ rm -- "$(config "$BASHTARD_PLAYBOOK.path")"
+}
diff --git a/playbooks.d/etc-portage/description.txt b/playbooks.d/etc-portage/description.txt
new file mode 100644
index 0000000..8d90523
--- /dev/null
+++ b/playbooks.d/etc-portage/description.txt
@@ -0,0 +1 @@
+A symlinked directory to keep its content synced through Bashtard
diff --git a/playbooks.d/etc-portage/playbook.bash b/playbooks.d/etc-portage/playbook.bash
new file mode 100644
index 0000000..3140bb3
--- /dev/null
+++ b/playbooks.d/etc-portage/playbook.bash
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+# shellcheck disable=SC2034
+
+BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.path]="required"
+
+playbook_add() {
+ mkdir -pv -- "$(dirname "$(config "$BASHTARD_PLAYBOOK.path")")"
+ ln -sv -- "$(playbook_path "data")" "$(config "$BASHTARD_PLAYBOOK.path")"
+}
+
+playbook_sync() {
+ :;
+}
+
+playbook_del() {
+ rm -- "$(config "$BASHTARD_PLAYBOOK.path")"
+}
diff --git a/playbooks.d/git-server/playbook.bash b/playbooks.d/git-server/playbook.bash
index f1b8287..74eda61 100644
--- a/playbooks.d/git-server/playbook.bash
+++ b/playbooks.d/git-server/playbook.bash
@@ -32,7 +32,7 @@ playbook_sync() {
while read -r repo
do
local name="$(config "git.repos.$repo.name" "$repo")"
- local path="$(config "git.repodir")/$(config "git.repos.$repo.path" "$name")"
+ local path="$(config "git.repodir")/$(config "git.repos.$repo.path" "$name").git"
info "$BASHTARD_PLAYBOOK" "Ensuring $name exists ($repo)"
diff --git a/playbooks.d/git-server/share/pubkeys.d/root@bast-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@bast-ed25519.pub
deleted file mode 100644
index e1d7ab3..0000000
--- a/playbooks.d/git-server/share/pubkeys.d/root@bast-ed25519.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICk/6jLojpp5Jaum8C1trxqtZuLd/GJH8sh0SB/Z/y9J root@bast
diff --git a/playbooks.d/git-server/share/pubkeys.d/root@gaeru-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@gaeru-ed25519.pub
index 3056a3d..fe3c6a7 100644
--- a/playbooks.d/git-server/share/pubkeys.d/root@gaeru-ed25519.pub
+++ b/playbooks.d/git-server/share/pubkeys.d/root@gaeru-ed25519.pub
@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICj0hW49y+AGuMN2D672I5K6ZVLPVZLCsd+2MIat54nP root@gaeru.tyil.net
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmqoy/OXsmmNpxEN/xISbHwDFt2u8f3HmGIvS2CASHm root@gaeru.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/root@mieshu-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@mieshu-ed25519.pub
new file mode 100644
index 0000000..0faf439
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/root@mieshu-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJLcXzcOPEYQWEARFgPpZCq2NZhTBWTsIezd4Mrkt0PY root@mieshu.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/root@nouki-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@nouki-ed25519.pub
new file mode 100644
index 0000000..a19b34e
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/root@nouki-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIh9xYBxb5n2N20Dj03lsij32UkPJ27EMQ/6VdKhjWVJ root@nouki.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/root@oolah-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@oolah-ed25519.pub
new file mode 100644
index 0000000..d4c3c0d
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/root@oolah-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII6oh68n5HXeK45YaNnQC0mHufB/bUgsEyE500OW40B1 root@oolah.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@anoia-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@anoia-ed25519.pub
index aea0daa..f1b7158 100644
--- a/playbooks.d/git-server/share/pubkeys.d/tyil@anoia-ed25519.pub
+++ b/playbooks.d/git-server/share/pubkeys.d/tyil@anoia-ed25519.pub
@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOLpn3Tny1LSWaLeIDmdAkZZoAajSJN9CQvfFdgLFfsK tyil@anoia.tyil.net
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtUkeSiwk+1UnMfy8Z53cQkKTlBBFZXUuDiXfPcalHj tyil@anoia
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@bast-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@bast-ed25519.pub
deleted file mode 100644
index 00e492d..0000000
--- a/playbooks.d/git-server/share/pubkeys.d/tyil@bast-ed25519.pub
+++ /dev/null
@@ -1,5 +0,0 @@
-<<<<<<< HEAD
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAXhPa+EGS4NySl0YqG38xGEab6uqdimseqq4tlLWyV4 tyil@bast.tyil.net
-=======
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILE1+6HjG3XvLQDHLwnFzq78SEsPTNa8Wu6+inmTMqu7 tyil@bast
->>>>>>> d8b0063 (Update pubkey for tyil@bast)
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@gaeru-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@gaeru-ed25519.pub
new file mode 100644
index 0000000..d5632d9
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/tyil@gaeru-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ94ffGPvEb/Hi2B2XSaYjKpMiV93fzGLe0QUlXRJb1L tyil@gaeru.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@ivdea-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@ivdea-ed25519.pub
deleted file mode 100644
index 834bcd2..0000000
--- a/playbooks.d/git-server/share/pubkeys.d/tyil@ivdea-ed25519.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+Ki28DBM3A8QUpxbAlZx2x111+rhn8JPcec67y9xi/ tyil@ivdea.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@ludifah-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@ludifah-ed25519.pub
new file mode 100644
index 0000000..e3503e7
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/tyil@ludifah-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIVPGs2LkDvdkMzwR1Crk8OblMQD2snClUuIcYgUYcu4 tyil@ludifah.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@mieshu-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@mieshu-ed25519.pub
new file mode 100644
index 0000000..a70b37c
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/tyil@mieshu-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFqLhjoIYRZmkD9sv1l1c03x6EpkadjfrGJ+4gqgkmp5 tyil@mieshu.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@nouki-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@nouki-ed25519.pub
new file mode 100644
index 0000000..52f292a
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/tyil@nouki-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNztf75LVF+UvoIDyduHfynZupdC+9g7RaIs6cGgmCa tyil@nouki.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@oolah-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@oolah-ed25519.pub
new file mode 100644
index 0000000..dabadac
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/tyil@oolah-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJkjrJ6agLK5Bdg2Y5B+88XDbP5UsQyvdUbd3LrOVmjI tyil@oolah.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@plarabe-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@plarabe-ed25519.pub
new file mode 100644
index 0000000..25a5449
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/tyil@plarabe-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ7XKD3KxXTe5GlM4w4xdap3VAPvYCi4EowD88ymInFR tyil@plarabe
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@sessifet-rsa.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@sessifet-rsa.pub
deleted file mode 100644
index 1b8d9e6..0000000
--- a/playbooks.d/git-server/share/pubkeys.d/tyil@sessifet-rsa.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqntlHQ/3HHPUoNl7bpQ6pZIxZHnUAAIXTB5eBjDE0auJZE0Qz5HjUkqZNSb0SzoK9GgLLMH7yNMaYMSTRJguRARRTY3MpdQbrsMu5/8HbKZwxhy7jVRAODnIDO2b3A67ZOHQAazNZYlX873fVhDJHP3RPpYWJS1L2jyk6Z3euvg0duo4JolBEHzmuDi8mEhdNhjW54VM9CRofRrD2VBrnxbmH6LCQwVfuEiz7jVlyugKIiPtaX/9fSnwUVjpNVn0TA93FL0M6xypZFywORrAGLV9kuoQ/G0iVfXqH1A04OFzH1RGNq+oHfHWYZdE098SS+ur9E8+wXcIDBkkI37kF tyil@sessifet.tyil.net
diff --git a/playbooks.d/k3s-master/etc/defaults b/playbooks.d/k3s-master/etc/defaults
index eab4aee..3cbca90 100644
--- a/playbooks.d/k3s-master/etc/defaults
+++ b/playbooks.d/k3s-master/etc/defaults
@@ -1,8 +1,4 @@
-pkg.k3s=k3s
-pkg.helm=helm
-
-k3s.domain=cluster.local
-k3s.network.cidr.pods=172.19.0.0/16
-k3s.network.cidr.svcs=172.20.0.0/16
-k3s.network.service.dns=172.20.0.53
-k3s.flux.repo.branch=master
+pkg.curl=curl
+pkg.kubectl=kubectl
+pkg.nfs-common=nfs-common
+pkg.open-iscsi=open-iscsi
diff --git a/playbooks.d/k3s-master/etc/os.d/linux-gentoo b/playbooks.d/k3s-master/etc/os.d/linux-gentoo
index 4aaaabf..5e7bc08 100644
--- a/playbooks.d/k3s-master/etc/os.d/linux-gentoo
+++ b/playbooks.d/k3s-master/etc/os.d/linux-gentoo
@@ -1,2 +1,2 @@
-pkg.k3s=sys-cluster/k3s
-pkg.helm=app-admin/helm
+pkg.nfs-common=net-fs/nfs-utils
+pkg.open-iscsi=sys-block/open-iscsi
diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/kustomization.yaml
deleted file mode 100644
index 9b456c1..0000000
--- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- personal-services
-- public-services
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/kustomization.yaml
deleted file mode 100644
index 9081ab6..0000000
--- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- uptime-kuma
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/ingress.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/ingress.yaml
deleted file mode 100644
index 03828f2..0000000
--- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/ingress.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: uptime-kuma
- namespace: personal-services
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: uptime-kuma
- app.kubernetes.io/part-of: personal-services
- annotations:
- cert-manager.io/cluster-issuer: letsencrypt-production
- #nginx.ingress.kubernetes.io/configuration-snippet: |
- # proxy_cache_bypass $http_upgrade;
- # proxy_set_header Connection "Upgrade";
- # proxy_set_header Host $host;
- # proxy_set_header Upgrade $http_upgrade;
- # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- # proxy_set_header X-Forwarded-For $remote_addr;
- # proxy_set_header X-Forwarded-Host $http_host;
- # proxy_set_header X-Forwarded-Proto $scheme;
- # proxy_set_header X-Real-IP $remote_addr;
- #nginx.ingress.kubernetes.io/proxy-http-version: "1.1"
- #nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
- #nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
- #nginx.ingress.kubernetes.io/ssl-redirect: "true"
-spec:
- ingressClassName: "nginx"
- rules:
- - host: uptime.tyil.nl
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: uptime-kuma
- port:
- number: 80
- tls:
- - hosts:
- - uptime.tyil.nl
- secretName: cert-uptime.tyil.nl
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/kustomization.yaml
deleted file mode 100644
index 5ee3790..0000000
--- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- ingress.yaml
-- service.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/service.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/service.yaml
deleted file mode 100644
index 51d6d53..0000000
--- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/service.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: uptime-kuma
- namespace: personal-services
-spec:
- selector:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: uptime-kuma
- app.kubernetes.io/part-of: personal-services
- ports:
- - protocol: TCP
- port: 80
- targetPort: 3001
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/kustomization.yaml
deleted file mode 100644
index 168bb15..0000000
--- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- searxng
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/deployment.yaml
deleted file mode 100644
index f5f6064..0000000
--- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/deployment.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: searxng
- namespace: public-services
-spec:
- replicas: 1
- selector:
- matchLabels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: searxng
- app.kubernetes.io/part-of: searxng
- template:
- metadata:
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: searxng
- app.kubernetes.io/part-of: searxng
- spec:
- containers:
- - name: searxng
- image: searxng/searxng:2022.08.01-7c9c1124
- ports:
- - containerPort: 8080
- env:
- - name: BASE_URL
- value: https://searxng.tyil.nl
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/ingress.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/ingress.yaml
deleted file mode 100644
index 8bd3d94..0000000
--- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/ingress.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: searxng
- namespace: public-services
- annotations:
- cert-manager.io/cluster-issuer: "letsencrypt-production"
-spec:
- ingressClassName: "nginx"
- tls:
- - hosts:
- - searxng.tyil.nl
- secretName: tls-nl.tyil.searxng
- rules:
- - host: searxng.tyil.nl
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: searxng
- port:
- number: 80
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/kustomization.yaml
deleted file mode 100644
index e0ff25d..0000000
--- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- service.yaml
-- ingress.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/service.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/service.yaml
deleted file mode 100644
index 23fb8ac..0000000
--- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/service.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: searxng
- namespace: public-services
-spec:
- selector:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: searxng
- app.kubernetes.io/part-of: searxng
- ports:
- - protocol: TCP
- port: 80
- targetPort: 8080
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/deployment.yaml
deleted file mode 100644
index 920b1f5..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/deployment.yaml
+++ /dev/null
@@ -1,77 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: dirlist
- namespace: media
-spec:
- replicas: 1
- selector:
- matchLabels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: dirlist
- app.kubernetes.io/part-of: media
- template:
- metadata:
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: dirlist
- app.kubernetes.io/part-of: media
- spec:
- containers:
- - name: miniserve
- image: docker.io/svenstaro/miniserve:latest
- args:
- - "--enable-tar-gz"
- - "--qrcode"
- - "--enable-tar"
- - "/var/www"
- ports:
- - containerPort: 8080
- volumeMounts:
- - name: anime-movies
- mountPath: /var/www/anime-movies
- readOnly: true
- - name: anime-series
- mountPath: /var/www/anime-series
- readOnly: true
- - name: books
- mountPath: /var/www/books
- readOnly: true
- - name: movies
- mountPath: /var/www/movies
- readOnly: true
- - name: music
- mountPath: /var/www/music
- readOnly: true
- - name: series
- mountPath: /var/www/series
- readOnly: true
- volumes:
- - name: anime-movies
- nfs:
- server: 10.57.100.7
- path: /mnt/media/anime-movies/exported
- - name: anime-series
- nfs:
- server: 10.57.100.7
- path: /mnt/media/anime-series/exported
- - name: books
- nfs:
- server: 10.57.100.7
- path: /mnt/media/books/exported
- - name: movies
- nfs:
- server: 10.57.100.7
- path: /mnt/media/movies/exported
- - name: music
- nfs:
- server: 10.57.100.7
- path: /mnt/media/music/exported
- - name: series
- nfs:
- server: 10.57.100.7
- path: /mnt/media/series/exported
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/ingress.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/ingress.yaml
deleted file mode 100644
index 4a87af7..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/ingress.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: dirlist
- namespace: media
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: dirlist
- app.kubernetes.io/part-of: media
-spec:
- ingressClassName: "nginx"
- rules:
- - host: media.tyil.nl
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: dirlist
- port:
- number: 80
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/kustomization.yaml
deleted file mode 100644
index 5ee3790..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- ingress.yaml
-- service.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/kustomization.yaml
deleted file mode 100644
index 8059d7b..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- dirlist
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/kustomization.yaml
deleted file mode 100644
index ab637fe..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- release.yaml
-- values.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/release.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/release.yaml
deleted file mode 100644
index 3664202..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/release.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: invidious
- namespace: public-services
-spec:
- interval: 5m
- chart:
- spec:
- chart: .
- version: 2.0.2
- sourceRef:
- kind: GitRepository
- name: tyil-helm-invidious
- namespace: flux-system
- interval: 1m
- valuesFrom:
- - name: invidious-config
- kind: Secret
- values:
- replicaCount: 1
- ingress:
- enabled: true
- className: nginx
- hosts:
- - host: youtube.alt.tyil.nl
- paths:
- - path: /
- config:
- channel_threads: 1
- db:
- user: invidious
- host: 10.57.100.7
- port: 5432
- dbname: invidious
- domain: youtube.alt.tyil.nl
- feed_threads: 1
- full_refresh: false
- https_only: true
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/values.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/values.yaml
deleted file mode 100644
index 1db538b..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/values.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
- creationTimestamp: null
- name: invidious-config
- namespace: public-services
-spec:
- encryptedData:
- values.yaml: AgAPilCc/Cr7+x+lpKGQxINSPwCMyn6UomHo5GSszksUtU3GcUagAbtQCi8s8uOuk3lTdhQ7poGc0bQiPxoN1cWLyhe4yo5iQ2Ad+uNUDxp7crlWUVQb9fQr/wvveBsm2RV1JmhhIHSVEAVtGAqwjTG44qyRsvlAI9umFuuQio1P4CxNxJGsI3BRbDA/Y3PDSxJ2PufYxkYxMDVPuWR/wB7s4qpgz8VSAvIfQvqs9KGOZ0oVwEGMj/zBHPXkn978hHSebB2rZWn5Gli91Yec0EP1jyDA0nVynanZDabOcnk+KQFCx17pJklZqRG3GEEHVVCDE1L1O96UfLz9tL+a8Y8/26pWbBuvIvuLq7w4j1pg/K3NKtA7ZfM316WOBUvLc8iNnr0hqagA9YF0w4VZMNjxxTPjOmpo+NP71fAc95i+qK5VBPat2LpiPES/+HV0Gr0k7g6ejIuy94/IQH0jFvg5Cmv7Tuo+uGuOhkOC78DZG2igdDRAk7eS6i+LfooTegKgWxCyfWct60ulBUZ+RRa987kmihAZ5XOxAy2J5+CU+HCZc8KeU7Km2bJooKBauWTUDVMraeAfVFA00oiczS1y5DfrwJIQeozDaknxmqQq1bN9ouKAuA+BIaZ/cZ80LYcJmw40dc5wI6UtgBMVZaV0iwhd00Hio6iVvB8ABynpwYdQVCRFARl4GcuwK6Or/uFRkQPaosFk807VjKOZsA0YJU1rc0El8UR7TmYIFK75FU8iecuGZbc1HlzWjrWjFa+ayIRng5EOW59x02GT8n/wDb/m6HapRG5DtkGk95iBoEupexmVXYO28w==
- template:
- data: null
- metadata:
- creationTimestamp: null
- name: invidious-config
- namespace: public-services
- type: Opaque
-
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/kustomization.yaml
deleted file mode 100644
index 3ce6c98..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/kustomization.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- invidious
-- nitter
-- omgur
-- searx
-- teddit
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/nitter/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/nitter/kustomization.yaml
deleted file mode 100644
index 3c7eaaa..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/nitter/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- release.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/nitter/release.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/nitter/release.yaml
deleted file mode 100644
index 80a11ca..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/nitter/release.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: nitter
- namespace: public-services
-spec:
- interval: 5m
- chart:
- spec:
- chart: .
- version: 0.1.0
- sourceRef:
- kind: GitRepository
- name: tyil-helm-nitter
- namespace: flux-system
- interval: 1m
- values:
- replicaCount: 1
- ingress:
- enabled: true
- className: nginx
- hosts:
- - host: twitter.alt.tyil.nl
- paths:
- - path: /
- redis:
- host: 10.57.100.7
- urlReplacements:
- twitter: twitter.alt.tyil.nl
- youtube: yewtu.be
- reddit: reddit.alt.tyil.nl
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/ingress.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/ingress.yaml
deleted file mode 100644
index ca92947..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/ingress.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: omgur
- namespace: public-services
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: omgur
- app.kubernetes.io/part-of: public-services
-spec:
- ingressClassName: "nginx"
- rules:
- - host: imgur.alt.tyil.nl
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: omgur
- port:
- number: 80
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/kustomization.yaml
deleted file mode 100644
index 5ee3790..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- ingress.yaml
-- service.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/deployment.yaml
deleted file mode 100644
index ff93f12..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/deployment.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: searx
- namespace: public-services
-spec:
- replicas: 1
- selector:
- matchLabels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: searx
- app.kubernetes.io/part-of: public-services
- template:
- metadata:
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: searx
- app.kubernetes.io/part-of: public-services
- spec:
- containers:
- - name: searx
- image: searx/searx:latest
- ports:
- - containerPort: 8080
- env:
- - name: BIND_ADDRESS
- value: "0.0.0.0:8080"
- - name: BASE_URL
- value: "https://searx.tyil.nl"
- volumeMounts:
- - name: srv
- subPath: config
- mountPath: /etc/searx
- - name: filtron
- image: dalf/filtron
- args: [
- "-listen", "0.0.0.0:4040",
- "-target", "searx:8080",
- ]
- ports:
- - containerPort: 4040
- volumeMounts:
- - name: srv
- subPath: rules.json
- mountPath: /etc/filtron/rules.json
- volumes:
- - name: srv
- nfs:
- server: 10.57.100.7
- path: /srv/searx
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/kustomization.yaml
deleted file mode 100644
index 5ee3790..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- ingress.yaml
-- service.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/deployment.yaml
deleted file mode 100644
index 9542cde..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/deployment.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: teddit
- namespace: public-services
-spec:
- replicas: 1
- selector:
- matchLabels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: teddit
- app.kubernetes.io/part-of: public-services
- template:
- metadata:
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: teddit
- app.kubernetes.io/part-of: public-services
- spec:
- containers:
- - name: teddit
- image: teddit/teddit:latest
- ports:
- - containerPort: 8080
- env:
- - name: DOMAIN
- value: "reddit.alt.tyil.nl"
- - name: REDIS_DB
- value: "1"
- - name: REDIS_HOST
- value: "10.57.100.7"
- - name: TRUST_PROXY
- value: "true"
- - name: USE_HELMET
- value: "true"
- - name: USE_HELMET_HSTS
- value: "true"
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/kustomization.yaml
deleted file mode 100644
index 5ee3790..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- ingress.yaml
-- service.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/applications.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/applications.yaml
deleted file mode 100644
index 8e8d43c..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/applications.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: applications
- namespace: flux-system
-spec:
- interval: 10m0s
- sourceRef:
- kind: GitRepository
- name: flux-system
- path: ./playbooks.d/k3s-master/share/manifests/applications/hurzak.tyil.net
- prune: true
-...
diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/gotk-components.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/gotk-components.yaml
deleted file mode 100644
index 4c7ce9b..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/gotk-components.yaml
+++ /dev/null
@@ -1,5583 +0,0 @@
----
-# This manifest was generated by flux. DO NOT EDIT.
-# Flux Version: v0.31.5
-# Components: source-controller,kustomize-controller,helm-controller,notification-controller
-apiVersion: v1
-kind: Namespace
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- pod-security.kubernetes.io/warn: restricted
- pod-security.kubernetes.io/warn-version: latest
- name: flux-system
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: alerts.notification.toolkit.fluxcd.io
-spec:
- group: notification.toolkit.fluxcd.io
- names:
- kind: Alert
- listKind: AlertList
- plural: alerts
- singular: alert
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Alert is the Schema for the alerts API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: AlertSpec defines an alerting rule for events involving a
- list of objects
- properties:
- eventSeverity:
- default: info
- description: Filter events based on severity, defaults to ('info').
- If set to 'info' no events will be filtered.
- enum:
- - info
- - error
- type: string
- eventSources:
- description: Filter events based on the involved objects.
- items:
- description: CrossNamespaceObjectReference contains enough information
- to let you locate the typed referenced object at cluster level
- properties:
- apiVersion:
- description: API version of the referent
- type: string
- kind:
- description: Kind of the referent
- enum:
- - Bucket
- - GitRepository
- - Kustomization
- - HelmRelease
- - HelmChart
- - HelmRepository
- - ImageRepository
- - ImagePolicy
- - ImageUpdateAutomation
- type: string
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs. A single
- {key,value} in the matchLabels map is equivalent to an element
- of matchExpressions, whose key field is "key", the operator
- is "In", and the values array contains only "value". The requirements
- are ANDed.
- type: object
- name:
- description: Name of the referent
- maxLength: 53
- minLength: 1
- type: string
- namespace:
- description: Namespace of the referent
- maxLength: 53
- minLength: 1
- type: string
- required:
- - name
- type: object
- type: array
- exclusionList:
- description: A list of Golang regular expressions to be used for excluding
- messages.
- items:
- type: string
- type: array
- providerRef:
- description: Send events using this provider.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- summary:
- description: Short description of the impact and affected cluster.
- type: string
- suspend:
- description: This flag tells the controller to suspend subsequent
- events dispatching. Defaults to false.
- type: boolean
- required:
- - eventSources
- - providerRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: AlertStatus defines the observed state of Alert
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: buckets.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: Bucket
- listKind: BucketList
- plural: buckets
- singular: bucket
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.endpoint
- name: Endpoint
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Bucket is the Schema for the buckets API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: BucketSpec defines the desired state of an S3 compatible
- bucket
- properties:
- accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- bucketName:
- description: The bucket name.
- type: string
- endpoint:
- description: The bucket endpoint address.
- type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the
- .sourceignore format (which is the same as .gitignore). If not provided,
- a default will be used, consult the documentation for your version
- to find out what those are.
- type: string
- insecure:
- description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.
- type: boolean
- interval:
- description: The interval at which to check for bucket updates.
- type: string
- provider:
- default: generic
- description: The S3 compatible storage provider name, default ('generic').
- enum:
- - generic
- - aws
- - gcp
- type: string
- region:
- description: The bucket region.
- type: string
- secretRef:
- description: The name of the secret containing authentication credentials
- for the Bucket.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- timeout:
- default: 60s
- description: The timeout for download operations, defaults to 60s.
- type: string
- required:
- - bucketName
- - endpoint
- - interval
- type: object
- status:
- default:
- observedGeneration: -1
- description: BucketStatus defines the observed state of a bucket
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- Bucket sync.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the Bucket.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the artifact output of the
- last Bucket sync.
- type: string
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .spec.endpoint
- name: Endpoint
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: Bucket is the Schema for the buckets API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: BucketSpec specifies the required configuration to produce
- an Artifact for an object storage bucket.
- properties:
- accessFrom:
- description: 'AccessFrom specifies an Access Control List for allowing
- cross-namespace references to this object. NOTE: Not implemented,
- provisional as of https://github.com/fluxcd/flux2/pull/2092'
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- bucketName:
- description: BucketName is the name of the object storage bucket.
- type: string
- endpoint:
- description: Endpoint is the object storage address the BucketName
- is located at.
- type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the
- .sourceignore format (which is the same as .gitignore). If not provided,
- a default will be used, consult the documentation for your version
- to find out what those are.
- type: string
- insecure:
- description: Insecure allows connecting to a non-TLS HTTP Endpoint.
- type: boolean
- interval:
- description: Interval at which to check the Endpoint for updates.
- type: string
- provider:
- default: generic
- description: Provider of the object storage bucket. Defaults to 'generic',
- which expects an S3 (API) compatible object storage.
- enum:
- - generic
- - aws
- - gcp
- - azure
- type: string
- region:
- description: Region of the Endpoint where the BucketName is located
- in.
- type: string
- secretRef:
- description: SecretRef specifies the Secret containing authentication
- credentials for the Bucket.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: Suspend tells the controller to suspend the reconciliation
- of this Bucket.
- type: boolean
- timeout:
- default: 60s
- description: Timeout for fetch operations, defaults to 60s.
- type: string
- required:
- - bucketName
- - endpoint
- - interval
- type: object
- status:
- default:
- observedGeneration: -1
- description: BucketStatus records the observed state of a Bucket.
- properties:
- artifact:
- description: Artifact represents the last successful Bucket reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the Bucket.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the Bucket object.
- format: int64
- type: integer
- url:
- description: URL is the dynamic fetch link for the latest Artifact.
- It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact
- data is recommended.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: gitrepositories.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: GitRepository
- listKind: GitRepositoryList
- plural: gitrepositories
- shortNames:
- - gitrepo
- singular: gitrepository
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: GitRepository is the Schema for the gitrepositories API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: GitRepositorySpec defines the desired state of a Git repository.
- properties:
- accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- gitImplementation:
- default: go-git
- description: Determines which git client library to use. Defaults
- to go-git, valid values are ('go-git', 'libgit2').
- enum:
- - go-git
- - libgit2
- type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the
- .sourceignore format (which is the same as .gitignore). If not provided,
- a default will be used, consult the documentation for your version
- to find out what those are.
- type: string
- include:
- description: Extra git repositories to map into the repository
- items:
- description: GitRepositoryInclude defines a source with a from and
- to path.
- properties:
- fromPath:
- description: The path to copy contents from, defaults to the
- root directory.
- type: string
- repository:
- description: Reference to a GitRepository to include.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- toPath:
- description: The path to copy contents to, defaults to the name
- of the source ref.
- type: string
- required:
- - repository
- type: object
- type: array
- interval:
- description: The interval at which to check for repository updates.
- type: string
- recurseSubmodules:
- description: When enabled, after the clone is created, initializes
- all submodules within, using their default settings. This option
- is available only when using the 'go-git' GitImplementation.
- type: boolean
- ref:
- description: The Git reference to checkout and monitor for changes,
- defaults to master branch.
- properties:
- branch:
- description: The Git branch to checkout, defaults to master.
- type: string
- commit:
- description: The Git commit SHA to checkout, if specified Tag
- filters will be ignored.
- type: string
- semver:
- description: The Git tag semver expression, takes precedence over
- Tag.
- type: string
- tag:
- description: The Git tag to checkout, takes precedence over Branch.
- type: string
- type: object
- secretRef:
- description: The secret name containing the Git credentials. For HTTPS
- repositories the secret must contain username and password fields.
- For SSH repositories the secret must contain identity and known_hosts
- fields.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- timeout:
- default: 60s
- description: The timeout for remote Git operations like cloning, defaults
- to 60s.
- type: string
- url:
- description: The repository URL, can be a HTTP/S or SSH address.
- pattern: ^(http|https|ssh)://
- type: string
- verify:
- description: Verify OpenPGP signature for the Git commit HEAD points
- to.
- properties:
- mode:
- description: Mode describes what git object should be verified,
- currently ('head').
- enum:
- - head
- type: string
- secretRef:
- description: The secret name containing the public keys of all
- trusted Git authors.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- required:
- - mode
- type: object
- required:
- - interval
- - url
- type: object
- status:
- default:
- observedGeneration: -1
- description: GitRepositoryStatus defines the observed state of a Git repository.
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- repository sync.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the GitRepository.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- includedArtifacts:
- description: IncludedArtifacts represents the included artifacts from
- the last successful repository sync.
- items:
- description: Artifact represents the output of a source synchronisation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the artifact output of the
- last repository sync.
- type: string
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: GitRepository is the Schema for the gitrepositories API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: GitRepositorySpec specifies the required configuration to
- produce an Artifact for a Git repository.
- properties:
- accessFrom:
- description: 'AccessFrom specifies an Access Control List for allowing
- cross-namespace references to this object. NOTE: Not implemented,
- provisional as of https://github.com/fluxcd/flux2/pull/2092'
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- gitImplementation:
- default: go-git
- description: GitImplementation specifies which Git client library
- implementation to use. Defaults to 'go-git', valid values are ('go-git',
- 'libgit2').
- enum:
- - go-git
- - libgit2
- type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the
- .sourceignore format (which is the same as .gitignore). If not provided,
- a default will be used, consult the documentation for your version
- to find out what those are.
- type: string
- include:
- description: Include specifies a list of GitRepository resources which
- Artifacts should be included in the Artifact produced for this GitRepository.
- items:
- description: GitRepositoryInclude specifies a local reference to
- a GitRepository which Artifact (sub-)contents must be included,
- and where they should be placed.
- properties:
- fromPath:
- description: FromPath specifies the path to copy contents from,
- defaults to the root of the Artifact.
- type: string
- repository:
- description: GitRepositoryRef specifies the GitRepository which
- Artifact contents must be included.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- toPath:
- description: ToPath specifies the path to copy contents to,
- defaults to the name of the GitRepositoryRef.
- type: string
- required:
- - repository
- type: object
- type: array
- interval:
- description: Interval at which to check the GitRepository for updates.
- type: string
- recurseSubmodules:
- description: RecurseSubmodules enables the initialization of all submodules
- within the GitRepository as cloned from the URL, using their default
- settings. This option is available only when using the 'go-git'
- GitImplementation.
- type: boolean
- ref:
- description: Reference specifies the Git reference to resolve and
- monitor for changes, defaults to the 'master' branch.
- properties:
- branch:
- description: "Branch to check out, defaults to 'master' if no
- other field is defined. \n When GitRepositorySpec.GitImplementation
- is set to 'go-git', a shallow clone of the specified branch
- is performed."
- type: string
- commit:
- description: "Commit SHA to check out, takes precedence over all
- reference fields. \n When GitRepositorySpec.GitImplementation
- is set to 'go-git', this can be combined with Branch to shallow
- clone the branch, in which the commit is expected to exist."
- type: string
- semver:
- description: SemVer tag expression to check out, takes precedence
- over Tag.
- type: string
- tag:
- description: Tag to check out, takes precedence over Branch.
- type: string
- type: object
- secretRef:
- description: SecretRef specifies the Secret containing authentication
- credentials for the GitRepository. For HTTPS repositories the Secret
- must contain 'username' and 'password' fields. For SSH repositories
- the Secret must contain 'identity' and 'known_hosts' fields.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: Suspend tells the controller to suspend the reconciliation
- of this GitRepository.
- type: boolean
- timeout:
- default: 60s
- description: Timeout for Git operations like cloning, defaults to
- 60s.
- type: string
- url:
- description: URL specifies the Git repository URL, it can be an HTTP/S
- or SSH address.
- pattern: ^(http|https|ssh)://
- type: string
- verify:
- description: Verification specifies the configuration to verify the
- Git commit signature(s).
- properties:
- mode:
- description: Mode specifies what Git object should be verified,
- currently ('head').
- enum:
- - head
- type: string
- secretRef:
- description: SecretRef specifies the Secret containing the public
- keys of trusted Git authors.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- required:
- - mode
- type: object
- required:
- - interval
- - url
- type: object
- status:
- default:
- observedGeneration: -1
- description: GitRepositoryStatus records the observed state of a Git repository.
- properties:
- artifact:
- description: Artifact represents the last successful GitRepository
- reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the GitRepository.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- contentConfigChecksum:
- description: 'ContentConfigChecksum is a checksum of all the configurations
- related to the content of the source artifact: - .spec.ignore -
- .spec.recurseSubmodules - .spec.included and the checksum of the
- included artifacts observed in .status.observedGeneration version
- of the object. This can be used to determine if the content of the
- included repository has changed. It has the format of `<algo>:<checksum>`,
- for example: `sha256:<checksum>`.'
- type: string
- includedArtifacts:
- description: IncludedArtifacts contains a list of the last successfully
- included Artifacts as instructed by GitRepositorySpec.Include.
- items:
- description: Artifact represents the output of a Source reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact
- file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact.
- It can be used to locate the file in the root of the Artifact
- storage on the local file system of the controller managing
- the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the GitRepository object.
- format: int64
- type: integer
- url:
- description: URL is the dynamic fetch link for the latest Artifact.
- It is provided on a "best effort" basis, and using the precise GitRepositoryStatus.Artifact
- data is recommended.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: helmcharts.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: HelmChart
- listKind: HelmChartList
- plural: helmcharts
- shortNames:
- - hc
- singular: helmchart
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.chart
- name: Chart
- type: string
- - jsonPath: .spec.version
- name: Version
- type: string
- - jsonPath: .spec.sourceRef.kind
- name: Source Kind
- type: string
- - jsonPath: .spec.sourceRef.name
- name: Source Name
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: HelmChart is the Schema for the helmcharts API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmChartSpec defines the desired state of a Helm chart.
- properties:
- accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- chart:
- description: The name or path the Helm chart is available at in the
- SourceRef.
- type: string
- interval:
- description: The interval at which to check the Source for updates.
- type: string
- reconcileStrategy:
- default: ChartVersion
- description: Determines what enables the creation of a new artifact.
- Valid values are ('ChartVersion', 'Revision'). See the documentation
- of the values for an explanation on their behavior. Defaults to
- ChartVersion when omitted.
- enum:
- - ChartVersion
- - Revision
- type: string
- sourceRef:
- description: The reference to the Source the chart is available at.
- properties:
- apiVersion:
- description: APIVersion of the referent.
- type: string
- kind:
- description: Kind of the referent, valid values are ('HelmRepository',
- 'GitRepository', 'Bucket').
- enum:
- - HelmRepository
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent.
- type: string
- required:
- - kind
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- valuesFile:
- description: Alternative values file to use as the default chart values,
- expected to be a relative path in the SourceRef. Deprecated in favor
- of ValuesFiles, for backwards compatibility the file defined here
- is merged before the ValuesFiles items. Ignored when omitted.
- type: string
- valuesFiles:
- description: Alternative list of values files to use as the chart
- values (values.yaml is not included by default), expected to be
- a relative path in the SourceRef. Values files are merged in the
- order of this list with the last file overriding the first. Ignored
- when omitted.
- items:
- type: string
- type: array
- version:
- default: '*'
- description: The chart version semver expression, ignored for charts
- from GitRepository and Bucket sources. Defaults to latest when omitted.
- type: string
- required:
- - chart
- - interval
- - sourceRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmChartStatus defines the observed state of the HelmChart.
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- chart sync.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the HelmChart.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the last chart pulled.
- type: string
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .spec.chart
- name: Chart
- type: string
- - jsonPath: .spec.version
- name: Version
- type: string
- - jsonPath: .spec.sourceRef.kind
- name: Source Kind
- type: string
- - jsonPath: .spec.sourceRef.name
- name: Source Name
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: HelmChart is the Schema for the helmcharts API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmChartSpec specifies the desired state of a Helm chart.
- properties:
- accessFrom:
- description: 'AccessFrom specifies an Access Control List for allowing
- cross-namespace references to this object. NOTE: Not implemented,
- provisional as of https://github.com/fluxcd/flux2/pull/2092'
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- chart:
- description: Chart is the name or path the Helm chart is available
- at in the SourceRef.
- type: string
- interval:
- description: Interval is the interval at which to check the Source
- for updates.
- type: string
- reconcileStrategy:
- default: ChartVersion
- description: ReconcileStrategy determines what enables the creation
- of a new artifact. Valid values are ('ChartVersion', 'Revision').
- See the documentation of the values for an explanation on their
- behavior. Defaults to ChartVersion when omitted.
- enum:
- - ChartVersion
- - Revision
- type: string
- sourceRef:
- description: SourceRef is the reference to the Source the chart is
- available at.
- properties:
- apiVersion:
- description: APIVersion of the referent.
- type: string
- kind:
- description: Kind of the referent, valid values are ('HelmRepository',
- 'GitRepository', 'Bucket').
- enum:
- - HelmRepository
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent.
- type: string
- required:
- - kind
- - name
- type: object
- suspend:
- description: Suspend tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- valuesFile:
- description: ValuesFile is an alternative values file to use as the
- default chart values, expected to be a relative path in the SourceRef.
- Deprecated in favor of ValuesFiles, for backwards compatibility
- the file specified here is merged before the ValuesFiles items.
- Ignored when omitted.
- type: string
- valuesFiles:
- description: ValuesFiles is an alternative list of values files to
- use as the chart values (values.yaml is not included by default),
- expected to be a relative path in the SourceRef. Values files are
- merged in the order of this list with the last file overriding the
- first. Ignored when omitted.
- items:
- type: string
- type: array
- version:
- default: '*'
- description: Version is the chart version semver expression, ignored
- for charts from GitRepository and Bucket sources. Defaults to latest
- when omitted.
- type: string
- required:
- - chart
- - interval
- - sourceRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmChartStatus records the observed state of the HelmChart.
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the HelmChart.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedChartName:
- description: ObservedChartName is the last observed chart name as
- specified by the resolved chart reference.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the HelmChart object.
- format: int64
- type: integer
- observedSourceArtifactRevision:
- description: ObservedSourceArtifactRevision is the last observed Artifact.Revision
- of the HelmChartSpec.SourceRef.
- type: string
- url:
- description: URL is the dynamic fetch link for the latest Artifact.
- It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact
- data is recommended.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: helmreleases.helm.toolkit.fluxcd.io
-spec:
- group: helm.toolkit.fluxcd.io
- names:
- kind: HelmRelease
- listKind: HelmReleaseList
- plural: helmreleases
- shortNames:
- - hr
- singular: helmrelease
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v2beta1
- schema:
- openAPIV3Schema:
- description: HelmRelease is the Schema for the helmreleases API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmReleaseSpec defines the desired state of a Helm release.
- properties:
- chart:
- description: Chart defines the template of the v1beta2.HelmChart that
- should be created for this HelmRelease.
- properties:
- spec:
- description: Spec holds the template for the v1beta2.HelmChartSpec
- for this HelmRelease.
- properties:
- chart:
- description: The name or path the Helm chart is available
- at in the SourceRef.
- type: string
- interval:
- description: Interval at which to check the v1beta2.Source
- for updates. Defaults to 'HelmReleaseSpec.Interval'.
- type: string
- reconcileStrategy:
- default: ChartVersion
- description: Determines what enables the creation of a new
- artifact. Valid values are ('ChartVersion', 'Revision').
- See the documentation of the values for an explanation on
- their behavior. Defaults to ChartVersion when omitted.
- enum:
- - ChartVersion
- - Revision
- type: string
- sourceRef:
- description: The name and namespace of the v1beta2.Source
- the chart is available at.
- properties:
- apiVersion:
- description: APIVersion of the referent.
- type: string
- kind:
- description: Kind of the referent.
- enum:
- - HelmRepository
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent.
- maxLength: 253
- minLength: 1
- type: string
- namespace:
- description: Namespace of the referent.
- maxLength: 63
- minLength: 1
- type: string
- required:
- - name
- type: object
- valuesFile:
- description: Alternative values file to use as the default
- chart values, expected to be a relative path in the SourceRef.
- Deprecated in favor of ValuesFiles, for backwards compatibility
- the file defined here is merged before the ValuesFiles items.
- Ignored when omitted.
- type: string
- valuesFiles:
- description: Alternative list of values files to use as the
- chart values (values.yaml is not included by default), expected
- to be a relative path in the SourceRef. Values files are
- merged in the order of this list with the last file overriding
- the first. Ignored when omitted.
- items:
- type: string
- type: array
- version:
- default: '*'
- description: Version semver expression, ignored for charts
- from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults
- to latest when omitted.
- type: string
- required:
- - chart
- - sourceRef
- type: object
- required:
- - spec
- type: object
- dependsOn:
- description: DependsOn may contain a meta.NamespacedObjectReference
- slice with references to HelmRelease resources that must be ready
- before this HelmRelease can be reconciled.
- items:
- description: NamespacedObjectReference contains enough information
- to locate the referenced Kubernetes resource object in any namespace.
- properties:
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - name
- type: object
- type: array
- install:
- description: Install holds the configuration for Helm install actions
- for this HelmRelease.
- properties:
- crds:
- description: "CRDs upgrade CRDs from the Helm Chart's crds directory
- according to the CRD upgrade policy provided here. Valid values
- are `Skip`, `Create` or `CreateReplace`. Default is `Create`
- and if omitted CRDs are installed but not updated. \n Skip:
- do neither install nor replace (update) any CRDs. \n Create:
- new CRDs are created, existing CRDs are neither updated nor
- deleted. \n CreateReplace: new CRDs are created, existing CRDs
- are updated (replaced) but not deleted. \n By default, CRDs
- are applied (installed) during Helm install action. With this
- option users can opt-in to CRD replace existing CRDs on Helm
- install actions, which is not (yet) natively supported by Helm.
- https://helm.sh/docs/chart_best_practices/custom_resource_definitions."
- enum:
- - Skip
- - Create
- - CreateReplace
- type: string
- createNamespace:
- description: CreateNamespace tells the Helm install action to
- create the HelmReleaseSpec.TargetNamespace if it does not exist
- yet. On uninstall, the namespace will not be garbage collected.
- type: boolean
- disableHooks:
- description: DisableHooks prevents hooks from running during the
- Helm install action.
- type: boolean
- disableOpenAPIValidation:
- description: DisableOpenAPIValidation prevents the Helm install
- action from validating rendered templates against the Kubernetes
- OpenAPI Schema.
- type: boolean
- disableWait:
- description: DisableWait disables the waiting for resources to
- be ready after a Helm install has been performed.
- type: boolean
- disableWaitForJobs:
- description: DisableWaitForJobs disables waiting for jobs to complete
- after a Helm install has been performed.
- type: boolean
- remediation:
- description: Remediation holds the remediation configuration for
- when the Helm install action for the HelmRelease fails. The
- default is to not perform any action.
- properties:
- ignoreTestFailures:
- description: IgnoreTestFailures tells the controller to skip
- remediation when the Helm tests are run after an install
- action but fail. Defaults to 'Test.IgnoreFailures'.
- type: boolean
- remediateLastFailure:
- description: RemediateLastFailure tells the controller to
- remediate the last failure, when no retries remain. Defaults
- to 'false'.
- type: boolean
- retries:
- description: Retries is the number of retries that should
- be attempted on failures before bailing. Remediation, using
- an uninstall, is performed between each attempt. Defaults
- to '0', a negative integer equals to unlimited retries.
- type: integer
- type: object
- replace:
- description: Replace tells the Helm install action to re-use the
- 'ReleaseName', but only if that name is a deleted release which
- remains in the history.
- type: boolean
- skipCRDs:
- description: "SkipCRDs tells the Helm install action to not install
- any CRDs. By default, CRDs are installed if not already present.
- \n Deprecated use CRD policy (`crds`) attribute with value `Skip`
- instead."
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a
- Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- interval:
- description: Interval at which to reconcile the Helm release.
- type: string
- kubeConfig:
- description: KubeConfig for reconciling the HelmRelease on a remote
- cluster. When used in combination with HelmReleaseSpec.ServiceAccountName,
- forces the controller to act on behalf of that Service Account at
- the target cluster. If the --default-service-account flag is set,
- its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName
- is empty.
- properties:
- secretRef:
- description: SecretRef holds the name to a secret that contains
- a key with the kubeconfig file as the value. If no key is specified
- the key will default to 'value'. The secret must be in the same
- namespace as the HelmRelease. It is recommended that the kubeconfig
- is self-contained, and the secret is regularly updated if credentials
- such as a cloud-access-token expire. Cloud specific `cmd-path`
- auth helpers will not function without adding binaries and credentials
- to the Pod that is responsible for reconciling the HelmRelease.
- properties:
- key:
- description: Key in the Secret, when not specified an implementation-specific
- default key is used.
- type: string
- name:
- description: Name of the Secret.
- type: string
- required:
- - name
- type: object
- type: object
- maxHistory:
- description: MaxHistory is the number of revisions saved by Helm for
- this HelmRelease. Use '0' for an unlimited number of revisions;
- defaults to '10'.
- type: integer
- postRenderers:
- description: PostRenderers holds an array of Helm PostRenderers, which
- will be applied in order of their definition.
- items:
- description: PostRenderer contains a Helm PostRenderer specification.
- properties:
- kustomize:
- description: Kustomization to apply as PostRenderer.
- properties:
- images:
- description: Images is a list of (image name, new name,
- new tag or digest) for changing image names, tags or digests.
- This can also be achieved with a patch, but this operator
- is simpler to specify.
- items:
- description: Image contains an image name, a new name,
- a new tag or digest, which will replace the original
- name and tag.
- properties:
- digest:
- description: Digest is the value used to replace the
- original image tag. If digest is present NewTag
- value is ignored.
- type: string
- name:
- description: Name is a tag-less image name.
- type: string
- newName:
- description: NewName is the value used to replace
- the original name.
- type: string
- newTag:
- description: NewTag is the value used to replace the
- original tag.
- type: string
- required:
- - name
- type: object
- type: array
- patches:
- description: Strategic merge and JSON patches, defined as
- inline YAML objects, capable of targeting objects based
- on kind, label and annotation selectors.
- items:
- description: Patch contains an inline StrategicMerge or
- JSON6902 patch, and the target the patch should be applied
- to.
- properties:
- patch:
- description: Patch contains an inline StrategicMerge
- patch or an inline JSON6902 patch with an array
- of operation objects.
- type: string
- target:
- description: Target points to the resources that the
- patch document should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that
- follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select
- resources from. Together with Version and Kind
- it is capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources
- from. Together with Group and Version it is
- capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select
- resources from. Together with Group and Kind
- it is capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- type: object
- type: array
- patchesJson6902:
- description: JSON 6902 patches, defined as inline YAML objects.
- items:
- description: JSON6902Patch contains a JSON6902 patch and
- the target the patch should be applied to.
- properties:
- patch:
- description: Patch contains the JSON6902 patch document
- with an array of operation objects.
- items:
- description: JSON6902 is a JSON6902 operation object.
- https://datatracker.ietf.org/doc/html/rfc6902#section-4
- properties:
- from:
- description: From contains a JSON-pointer value
- that references a location within the target
- document where the operation is performed.
- The meaning of the value depends on the value
- of Op, and is NOT taken into account by all
- operations.
- type: string
- op:
- description: Op indicates the operation to perform.
- Its value MUST be one of "add", "remove",
- "replace", "move", "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
- enum:
- - test
- - remove
- - add
- - replace
- - move
- - copy
- type: string
- path:
- description: Path contains the JSON-pointer
- value that references a location within the
- target document where the operation is performed.
- The meaning of the value depends on the value
- of Op.
- type: string
- value:
- description: Value contains a valid JSON structure.
- The meaning of the value depends on the value
- of Op, and is NOT taken into account by all
- operations.
- x-kubernetes-preserve-unknown-fields: true
- required:
- - op
- - path
- type: object
- type: array
- target:
- description: Target points to the resources that the
- patch document should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that
- follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select
- resources from. Together with Version and Kind
- it is capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources
- from. Together with Group and Version it is
- capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select
- resources from. Together with Group and Kind
- it is capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- required:
- - patch
- - target
- type: object
- type: array
- patchesStrategicMerge:
- description: Strategic merge patches, defined as inline
- YAML objects.
- items:
- x-kubernetes-preserve-unknown-fields: true
- type: array
- type: object
- type: object
- type: array
- releaseName:
- description: ReleaseName used for the Helm release. Defaults to a
- composition of '[TargetNamespace-]Name'.
- maxLength: 53
- minLength: 1
- type: string
- rollback:
- description: Rollback holds the configuration for Helm rollback actions
- for this HelmRelease.
- properties:
- cleanupOnFail:
- description: CleanupOnFail allows deletion of new resources created
- during the Helm rollback action when it fails.
- type: boolean
- disableHooks:
- description: DisableHooks prevents hooks from running during the
- Helm rollback action.
- type: boolean
- disableWait:
- description: DisableWait disables the waiting for resources to
- be ready after a Helm rollback has been performed.
- type: boolean
- disableWaitForJobs:
- description: DisableWaitForJobs disables waiting for jobs to complete
- after a Helm rollback has been performed.
- type: boolean
- force:
- description: Force forces resource updates through a replacement
- strategy.
- type: boolean
- recreate:
- description: Recreate performs pod restarts for the resource if
- applicable.
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a
- Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- serviceAccountName:
- description: The name of the Kubernetes service account to impersonate
- when reconciling this HelmRelease.
- type: string
- storageNamespace:
- description: StorageNamespace used for the Helm storage. Defaults
- to the namespace of the HelmRelease.
- maxLength: 63
- minLength: 1
- type: string
- suspend:
- description: Suspend tells the controller to suspend reconciliation
- for this HelmRelease, it does not apply to already started reconciliations.
- Defaults to false.
- type: boolean
- targetNamespace:
- description: TargetNamespace to target when performing operations
- for the HelmRelease. Defaults to the namespace of the HelmRelease.
- maxLength: 63
- minLength: 1
- type: string
- test:
- description: Test holds the configuration for Helm test actions for
- this HelmRelease.
- properties:
- enable:
- description: Enable enables Helm test actions for this HelmRelease
- after an Helm install or upgrade action has been performed.
- type: boolean
- ignoreFailures:
- description: IgnoreFailures tells the controller to skip remediation
- when the Helm tests are run but fail. Can be overwritten for
- tests run after install or upgrade actions in 'Install.IgnoreTestFailures'
- and 'Upgrade.IgnoreTestFailures'.
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation during the performance of a Helm test action. Defaults
- to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a Helm
- action. Defaults to '5m0s'.
- type: string
- uninstall:
- description: Uninstall holds the configuration for Helm uninstall
- actions for this HelmRelease.
- properties:
- disableHooks:
- description: DisableHooks prevents hooks from running during the
- Helm rollback action.
- type: boolean
- disableWait:
- description: DisableWait disables waiting for all the resources
- to be deleted after a Helm uninstall is performed.
- type: boolean
- keepHistory:
- description: KeepHistory tells Helm to remove all associated resources
- and mark the release as deleted, but retain the release history.
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a
- Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- upgrade:
- description: Upgrade holds the configuration for Helm upgrade actions
- for this HelmRelease.
- properties:
- cleanupOnFail:
- description: CleanupOnFail allows deletion of new resources created
- during the Helm upgrade action when it fails.
- type: boolean
- crds:
- description: "CRDs upgrade CRDs from the Helm Chart's crds directory
- according to the CRD upgrade policy provided here. Valid values
- are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and
- if omitted CRDs are neither installed nor upgraded. \n Skip:
- do neither install nor replace (update) any CRDs. \n Create:
- new CRDs are created, existing CRDs are neither updated nor
- deleted. \n CreateReplace: new CRDs are created, existing CRDs
- are updated (replaced) but not deleted. \n By default, CRDs
- are not applied during Helm upgrade action. With this option
- users can opt-in to CRD upgrade, which is not (yet) natively
- supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions."
- enum:
- - Skip
- - Create
- - CreateReplace
- type: string
- disableHooks:
- description: DisableHooks prevents hooks from running during the
- Helm upgrade action.
- type: boolean
- disableOpenAPIValidation:
- description: DisableOpenAPIValidation prevents the Helm upgrade
- action from validating rendered templates against the Kubernetes
- OpenAPI Schema.
- type: boolean
- disableWait:
- description: DisableWait disables the waiting for resources to
- be ready after a Helm upgrade has been performed.
- type: boolean
- disableWaitForJobs:
- description: DisableWaitForJobs disables waiting for jobs to complete
- after a Helm upgrade has been performed.
- type: boolean
- force:
- description: Force forces resource updates through a replacement
- strategy.
- type: boolean
- preserveValues:
- description: PreserveValues will make Helm reuse the last release's
- values and merge in overrides from 'Values'. Setting this flag
- makes the HelmRelease non-declarative.
- type: boolean
- remediation:
- description: Remediation holds the remediation configuration for
- when the Helm upgrade action for the HelmRelease fails. The
- default is to not perform any action.
- properties:
- ignoreTestFailures:
- description: IgnoreTestFailures tells the controller to skip
- remediation when the Helm tests are run after an upgrade
- action but fail. Defaults to 'Test.IgnoreFailures'.
- type: boolean
- remediateLastFailure:
- description: RemediateLastFailure tells the controller to
- remediate the last failure, when no retries remain. Defaults
- to 'false' unless 'Retries' is greater than 0.
- type: boolean
- retries:
- description: Retries is the number of retries that should
- be attempted on failures before bailing. Remediation, using
- 'Strategy', is performed between each attempt. Defaults
- to '0', a negative integer equals to unlimited retries.
- type: integer
- strategy:
- description: Strategy to use for failure remediation. Defaults
- to 'rollback'.
- enum:
- - rollback
- - uninstall
- type: string
- type: object
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a
- Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- values:
- description: Values holds the values for this Helm release.
- x-kubernetes-preserve-unknown-fields: true
- valuesFrom:
- description: ValuesFrom holds references to resources containing Helm
- values for this HelmRelease, and information about how they should
- be merged.
- items:
- description: ValuesReference contains a reference to a resource
- containing Helm values, and optionally the key they can be found
- at.
- properties:
- kind:
- description: Kind of the values referent, valid values are ('Secret',
- 'ConfigMap').
- enum:
- - Secret
- - ConfigMap
- type: string
- name:
- description: Name of the values referent. Should reside in the
- same namespace as the referring resource.
- maxLength: 253
- minLength: 1
- type: string
- optional:
- description: Optional marks this ValuesReference as optional.
- When set, a not found error for the values reference is ignored,
- but any ValuesKey, TargetPath or transient error will still
- result in a reconciliation failure.
- type: boolean
- targetPath:
- description: TargetPath is the YAML dot notation path the value
- should be merged at. When set, the ValuesKey is expected to
- be a single flat value. Defaults to 'None', which results
- in the values getting merged at the root.
- type: string
- valuesKey:
- description: ValuesKey is the data key where the values.yaml
- or a specific value can be found at. Defaults to 'values.yaml'.
- type: string
- required:
- - kind
- - name
- type: object
- type: array
- required:
- - chart
- - interval
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmReleaseStatus defines the observed state of a HelmRelease.
- properties:
- conditions:
- description: Conditions holds the conditions for the HelmRelease.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- failures:
- description: Failures is the reconciliation failure count against
- the latest desired state. It is reset after a successful reconciliation.
- format: int64
- type: integer
- helmChart:
- description: HelmChart is the namespaced name of the HelmChart resource
- created by the controller for the HelmRelease.
- type: string
- installFailures:
- description: InstallFailures is the install failure count against
- the latest desired state. It is reset after a successful reconciliation.
- format: int64
- type: integer
- lastAppliedRevision:
- description: LastAppliedRevision is the revision of the last successfully
- applied source.
- type: string
- lastAttemptedRevision:
- description: LastAttemptedRevision is the revision of the last reconciliation
- attempt.
- type: string
- lastAttemptedValuesChecksum:
- description: LastAttemptedValuesChecksum is the SHA1 checksum of the
- values of the last reconciliation attempt.
- type: string
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- lastReleaseRevision:
- description: LastReleaseRevision is the revision of the last successful
- Helm release.
- type: integer
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- upgradeFailures:
- description: UpgradeFailures is the upgrade failure count against
- the latest desired state. It is reset after a successful reconciliation.
- format: int64
- type: integer
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: helmrepositories.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: HelmRepository
- listKind: HelmRepositoryList
- plural: helmrepositories
- shortNames:
- - helmrepo
- singular: helmrepository
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: HelmRepository is the Schema for the helmrepositories API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmRepositorySpec defines the reference to a Helm repository.
- properties:
- accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- interval:
- description: The interval at which to check the upstream for updates.
- type: string
- passCredentials:
- description: PassCredentials allows the credentials from the SecretRef
- to be passed on to a host that does not match the host as defined
- in URL. This may be required if the host of the advertised chart
- URLs in the index differ from the defined URL. Enabling this should
- be done with caution, as it can potentially result in credentials
- getting stolen in a MITM-attack.
- type: boolean
- secretRef:
- description: The name of the secret containing authentication credentials
- for the Helm repository. For HTTP/S basic auth the secret must contain
- username and password fields. For TLS the secret must contain a
- certFile and keyFile, and/or caCert fields.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- timeout:
- default: 60s
- description: The timeout of index downloading, defaults to 60s.
- type: string
- url:
- description: The Helm repository URL, a valid URL contains at least
- a protocol and host.
- type: string
- required:
- - interval
- - url
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmRepositoryStatus defines the observed state of the HelmRepository.
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- repository sync.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the HelmRepository.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the last index fetched.
- type: string
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: HelmRepository is the Schema for the helmrepositories API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmRepositorySpec specifies the required configuration to
- produce an Artifact for a Helm repository index YAML.
- properties:
- accessFrom:
- description: 'AccessFrom specifies an Access Control List for allowing
- cross-namespace references to this object. NOTE: Not implemented,
- provisional as of https://github.com/fluxcd/flux2/pull/2092'
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- interval:
- description: Interval at which to check the URL for updates.
- type: string
- passCredentials:
- description: PassCredentials allows the credentials from the SecretRef
- to be passed on to a host that does not match the host as defined
- in URL. This may be required if the host of the advertised chart
- URLs in the index differ from the defined URL. Enabling this should
- be done with caution, as it can potentially result in credentials
- getting stolen in a MITM-attack.
- type: boolean
- secretRef:
- description: SecretRef specifies the Secret containing authentication
- credentials for the HelmRepository. For HTTP/S basic auth the secret
- must contain 'username' and 'password' fields. For TLS the secret
- must contain a 'certFile' and 'keyFile', and/or 'caCert' fields.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: Suspend tells the controller to suspend the reconciliation
- of this HelmRepository.
- type: boolean
- timeout:
- default: 60s
- description: Timeout of the index fetch operation, defaults to 60s.
- type: string
- type:
- description: Type of the HelmRepository. When this field is set to "oci",
- the URL field value must be prefixed with "oci://".
- enum:
- - default
- - oci
- type: string
- url:
- description: URL of the Helm repository, a valid URL contains at least
- a protocol and host.
- type: string
- required:
- - interval
- - url
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmRepositoryStatus records the observed state of the HelmRepository.
- properties:
- artifact:
- description: Artifact represents the last successful HelmRepository
- reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the HelmRepository.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the HelmRepository object.
- format: int64
- type: integer
- url:
- description: URL is the dynamic fetch link for the latest Artifact.
- It is provided on a "best effort" basis, and using the precise HelmRepositoryStatus.Artifact
- data is recommended.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: kustomizations.kustomize.toolkit.fluxcd.io
-spec:
- group: kustomize.toolkit.fluxcd.io
- names:
- kind: Kustomization
- listKind: KustomizationList
- plural: kustomizations
- shortNames:
- - ks
- singular: kustomization
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Kustomization is the Schema for the kustomizations API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: KustomizationSpec defines the desired state of a kustomization.
- properties:
- decryption:
- description: Decrypt Kubernetes secrets before applying them on the
- cluster.
- properties:
- provider:
- description: Provider is the name of the decryption engine.
- enum:
- - sops
- type: string
- secretRef:
- description: The secret name containing the private OpenPGP keys
- used for decryption.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- required:
- - provider
- type: object
- dependsOn:
- description: DependsOn may contain a meta.NamespacedObjectReference
- slice with references to Kustomization resources that must be ready
- before this Kustomization can be reconciled.
- items:
- description: NamespacedObjectReference contains enough information
- to locate the referenced Kubernetes resource object in any namespace.
- properties:
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - name
- type: object
- type: array
- force:
- default: false
- description: Force instructs the controller to recreate resources
- when patching fails due to an immutable field change.
- type: boolean
- healthChecks:
- description: A list of resources to be included in the health assessment.
- items:
- description: NamespacedObjectKindReference contains enough information
- to locate the typed referenced Kubernetes resource object in any
- namespace.
- properties:
- apiVersion:
- description: API version of the referent, if not specified the
- Kubernetes preferred version will be used.
- type: string
- kind:
- description: Kind of the referent.
- type: string
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - kind
- - name
- type: object
- type: array
- images:
- description: Images is a list of (image name, new name, new tag or
- digest) for changing image names, tags or digests. This can also
- be achieved with a patch, but this operator is simpler to specify.
- items:
- description: Image contains an image name, a new name, a new tag
- or digest, which will replace the original name and tag.
- properties:
- digest:
- description: Digest is the value used to replace the original
- image tag. If digest is present NewTag value is ignored.
- type: string
- name:
- description: Name is a tag-less image name.
- type: string
- newName:
- description: NewName is the value used to replace the original
- name.
- type: string
- newTag:
- description: NewTag is the value used to replace the original
- tag.
- type: string
- required:
- - name
- type: object
- type: array
- interval:
- description: The interval at which to reconcile the Kustomization.
- type: string
- kubeConfig:
- description: The KubeConfig for reconciling the Kustomization on a
- remote cluster. When specified, KubeConfig takes precedence over
- ServiceAccountName.
- properties:
- secretRef:
- description: SecretRef holds the name to a secret that contains
- a 'value' key with the kubeconfig file as the value. It must
- be in the same namespace as the Kustomization. It is recommended
- that the kubeconfig is self-contained, and the secret is regularly
- updated if credentials such as a cloud-access-token expire.
- Cloud specific `cmd-path` auth helpers will not function without
- adding binaries and credentials to the Pod that is responsible
- for reconciling the Kustomization.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- type: object
- patches:
- description: Strategic merge and JSON patches, defined as inline YAML
- objects, capable of targeting objects based on kind, label and annotation
- selectors.
- items:
- description: Patch contains an inline StrategicMerge or JSON6902
- patch, and the target the patch should be applied to.
- properties:
- patch:
- description: Patch contains an inline StrategicMerge patch or
- an inline JSON6902 patch with an array of operation objects.
- type: string
- target:
- description: Target points to the resources that the patch document
- should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select resources
- from. Together with Version and Kind it is capable of
- unambiguously identifying and/or selecting resources.
- https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources from.
- Together with Group and Version it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows the
- label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select resources
- from. Together with Group and Kind it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- type: object
- type: array
- patchesJson6902:
- description: JSON 6902 patches, defined as inline YAML objects.
- items:
- description: JSON6902Patch contains a JSON6902 patch and the target
- the patch should be applied to.
- properties:
- patch:
- description: Patch contains the JSON6902 patch document with
- an array of operation objects.
- items:
- description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4
- properties:
- from:
- description: From contains a JSON-pointer value that references
- a location within the target document where the operation
- is performed. The meaning of the value depends on the
- value of Op, and is NOT taken into account by all operations.
- type: string
- op:
- description: Op indicates the operation to perform. Its
- value MUST be one of "add", "remove", "replace", "move",
- "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
- enum:
- - test
- - remove
- - add
- - replace
- - move
- - copy
- type: string
- path:
- description: Path contains the JSON-pointer value that
- references a location within the target document where
- the operation is performed. The meaning of the value
- depends on the value of Op.
- type: string
- value:
- description: Value contains a valid JSON structure. The
- meaning of the value depends on the value of Op, and
- is NOT taken into account by all operations.
- x-kubernetes-preserve-unknown-fields: true
- required:
- - op
- - path
- type: object
- type: array
- target:
- description: Target points to the resources that the patch document
- should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select resources
- from. Together with Version and Kind it is capable of
- unambiguously identifying and/or selecting resources.
- https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources from.
- Together with Group and Version it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows the
- label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select resources
- from. Together with Group and Kind it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- required:
- - patch
- - target
- type: object
- type: array
- patchesStrategicMerge:
- description: Strategic merge patches, defined as inline YAML objects.
- items:
- x-kubernetes-preserve-unknown-fields: true
- type: array
- path:
- description: Path to the directory containing the kustomization.yaml
- file, or the set of plain YAMLs a kustomization.yaml should be generated
- for. Defaults to 'None', which translates to the root path of the
- SourceRef.
- type: string
- postBuild:
- description: PostBuild describes which actions to perform on the YAML
- manifest generated by building the kustomize overlay.
- properties:
- substitute:
- additionalProperties:
- type: string
- description: Substitute holds a map of key/value pairs. The variables
- defined in your YAML manifests that match any of the keys defined
- in the map will be substituted with the set value. Includes
- support for bash string replacement functions e.g. ${var:=default},
- ${var:position} and ${var/substring/replacement}.
- type: object
- substituteFrom:
- description: SubstituteFrom holds references to ConfigMaps and
- Secrets containing the variables and their values to be substituted
- in the YAML manifests. The ConfigMap and the Secret data keys
- represent the var names and they must match the vars declared
- in the manifests for the substitution to happen.
- items:
- description: SubstituteReference contains a reference to a resource
- containing the variables name and value.
- properties:
- kind:
- description: Kind of the values referent, valid values are
- ('Secret', 'ConfigMap').
- enum:
- - Secret
- - ConfigMap
- type: string
- name:
- description: Name of the values referent. Should reside
- in the same namespace as the referring resource.
- maxLength: 253
- minLength: 1
- type: string
- required:
- - kind
- - name
- type: object
- type: array
- type: object
- prune:
- description: Prune enables garbage collection.
- type: boolean
- retryInterval:
- description: The interval at which to retry a previously failed reconciliation.
- When not specified, the controller uses the KustomizationSpec.Interval
- value to retry failures.
- type: string
- serviceAccountName:
- description: The name of the Kubernetes service account to impersonate
- when reconciling this Kustomization.
- type: string
- sourceRef:
- description: Reference of the source where the kustomization file
- is.
- properties:
- apiVersion:
- description: API version of the referent
- type: string
- kind:
- description: Kind of the referent
- enum:
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent
- type: string
- namespace:
- description: Namespace of the referent, defaults to the Kustomization
- namespace
- type: string
- required:
- - kind
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend subsequent
- kustomize executions, it does not apply to already started executions.
- Defaults to false.
- type: boolean
- targetNamespace:
- description: TargetNamespace sets or overrides the namespace in the
- kustomization.yaml file.
- maxLength: 63
- minLength: 1
- type: string
- timeout:
- description: Timeout for validation, apply and health checking operations.
- Defaults to 'Interval' duration.
- type: string
- validation:
- description: Validate the Kubernetes objects before applying them
- on the cluster. The validation strategy can be 'client' (local dry-run),
- 'server' (APIServer dry-run) or 'none'. When 'Force' is 'true',
- validation will fallback to 'client' if set to 'server' because
- server-side validation is not supported in this scenario.
- enum:
- - none
- - client
- - server
- type: string
- required:
- - interval
- - prune
- - sourceRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: KustomizationStatus defines the observed state of a kustomization.
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastAppliedRevision:
- description: The last successfully applied revision. The revision
- format for Git sources is <branch|tag>/<commit-sha>.
- type: string
- lastAttemptedRevision:
- description: LastAttemptedRevision is the revision of the last reconciliation
- attempt.
- type: string
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last reconciled generation.
- format: int64
- type: integer
- snapshot:
- description: The last successfully applied revision metadata.
- properties:
- checksum:
- description: The manifests sha1 checksum.
- type: string
- entries:
- description: A list of Kubernetes kinds grouped by namespace.
- items:
- description: Snapshot holds the metadata of namespaced Kubernetes
- objects
- properties:
- kinds:
- additionalProperties:
- type: string
- description: The list of Kubernetes kinds.
- type: object
- namespace:
- description: The namespace of this entry.
- type: string
- required:
- - kinds
- type: object
- type: array
- required:
- - checksum
- - entries
- type: object
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: Kustomization is the Schema for the kustomizations API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: KustomizationSpec defines the configuration to calculate
- the desired state from a Source using Kustomize.
- properties:
- decryption:
- description: Decrypt Kubernetes secrets before applying them on the
- cluster.
- properties:
- provider:
- description: Provider is the name of the decryption engine.
- enum:
- - sops
- type: string
- secretRef:
- description: The secret name containing the private OpenPGP keys
- used for decryption.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- required:
- - provider
- type: object
- dependsOn:
- description: DependsOn may contain a meta.NamespacedObjectReference
- slice with references to Kustomization resources that must be ready
- before this Kustomization can be reconciled.
- items:
- description: NamespacedObjectReference contains enough information
- to locate the referenced Kubernetes resource object in any namespace.
- properties:
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - name
- type: object
- type: array
- force:
- default: false
- description: Force instructs the controller to recreate resources
- when patching fails due to an immutable field change.
- type: boolean
- healthChecks:
- description: A list of resources to be included in the health assessment.
- items:
- description: NamespacedObjectKindReference contains enough information
- to locate the typed referenced Kubernetes resource object in any
- namespace.
- properties:
- apiVersion:
- description: API version of the referent, if not specified the
- Kubernetes preferred version will be used.
- type: string
- kind:
- description: Kind of the referent.
- type: string
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - kind
- - name
- type: object
- type: array
- images:
- description: Images is a list of (image name, new name, new tag or
- digest) for changing image names, tags or digests. This can also
- be achieved with a patch, but this operator is simpler to specify.
- items:
- description: Image contains an image name, a new name, a new tag
- or digest, which will replace the original name and tag.
- properties:
- digest:
- description: Digest is the value used to replace the original
- image tag. If digest is present NewTag value is ignored.
- type: string
- name:
- description: Name is a tag-less image name.
- type: string
- newName:
- description: NewName is the value used to replace the original
- name.
- type: string
- newTag:
- description: NewTag is the value used to replace the original
- tag.
- type: string
- required:
- - name
- type: object
- type: array
- interval:
- description: The interval at which to reconcile the Kustomization.
- type: string
- kubeConfig:
- description: The KubeConfig for reconciling the Kustomization on a
- remote cluster. When used in combination with KustomizationSpec.ServiceAccountName,
- forces the controller to act on behalf of that Service Account at
- the target cluster. If the --default-service-account flag is set,
- its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName
- is empty.
- properties:
- secretRef:
- description: SecretRef holds the name of a secret that contains
- a key with the kubeconfig file as the value. If no key is set,
- the key will default to 'value'. The secret must be in the same
- namespace as the Kustomization. It is recommended that the kubeconfig
- is self-contained, and the secret is regularly updated if credentials
- such as a cloud-access-token expire. Cloud specific `cmd-path`
- auth helpers will not function without adding binaries and credentials
- to the Pod that is responsible for reconciling the Kustomization.
- properties:
- key:
- description: Key in the Secret, when not specified an implementation-specific
- default key is used.
- type: string
- name:
- description: Name of the Secret.
- type: string
- required:
- - name
- type: object
- type: object
- patches:
- description: Strategic merge and JSON patches, defined as inline YAML
- objects, capable of targeting objects based on kind, label and annotation
- selectors.
- items:
- description: Patch contains an inline StrategicMerge or JSON6902
- patch, and the target the patch should be applied to.
- properties:
- patch:
- description: Patch contains an inline StrategicMerge patch or
- an inline JSON6902 patch with an array of operation objects.
- type: string
- target:
- description: Target points to the resources that the patch document
- should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select resources
- from. Together with Version and Kind it is capable of
- unambiguously identifying and/or selecting resources.
- https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources from.
- Together with Group and Version it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows the
- label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select resources
- from. Together with Group and Kind it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- type: object
- type: array
- patchesJson6902:
- description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated:
- Use Patches instead.'
- items:
- description: JSON6902Patch contains a JSON6902 patch and the target
- the patch should be applied to.
- properties:
- patch:
- description: Patch contains the JSON6902 patch document with
- an array of operation objects.
- items:
- description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4
- properties:
- from:
- description: From contains a JSON-pointer value that references
- a location within the target document where the operation
- is performed. The meaning of the value depends on the
- value of Op, and is NOT taken into account by all operations.
- type: string
- op:
- description: Op indicates the operation to perform. Its
- value MUST be one of "add", "remove", "replace", "move",
- "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
- enum:
- - test
- - remove
- - add
- - replace
- - move
- - copy
- type: string
- path:
- description: Path contains the JSON-pointer value that
- references a location within the target document where
- the operation is performed. The meaning of the value
- depends on the value of Op.
- type: string
- value:
- description: Value contains a valid JSON structure. The
- meaning of the value depends on the value of Op, and
- is NOT taken into account by all operations.
- x-kubernetes-preserve-unknown-fields: true
- required:
- - op
- - path
- type: object
- type: array
- target:
- description: Target points to the resources that the patch document
- should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select resources
- from. Together with Version and Kind it is capable of
- unambiguously identifying and/or selecting resources.
- https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources from.
- Together with Group and Version it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows the
- label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select resources
- from. Together with Group and Kind it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- required:
- - patch
- - target
- type: object
- type: array
- patchesStrategicMerge:
- description: 'Strategic merge patches, defined as inline YAML objects.
- Deprecated: Use Patches instead.'
- items:
- x-kubernetes-preserve-unknown-fields: true
- type: array
- path:
- description: Path to the directory containing the kustomization.yaml
- file, or the set of plain YAMLs a kustomization.yaml should be generated
- for. Defaults to 'None', which translates to the root path of the
- SourceRef.
- type: string
- postBuild:
- description: PostBuild describes which actions to perform on the YAML
- manifest generated by building the kustomize overlay.
- properties:
- substitute:
- additionalProperties:
- type: string
- description: Substitute holds a map of key/value pairs. The variables
- defined in your YAML manifests that match any of the keys defined
- in the map will be substituted with the set value. Includes
- support for bash string replacement functions e.g. ${var:=default},
- ${var:position} and ${var/substring/replacement}.
- type: object
- substituteFrom:
- description: SubstituteFrom holds references to ConfigMaps and
- Secrets containing the variables and their values to be substituted
- in the YAML manifests. The ConfigMap and the Secret data keys
- represent the var names and they must match the vars declared
- in the manifests for the substitution to happen.
- items:
- description: SubstituteReference contains a reference to a resource
- containing the variables name and value.
- properties:
- kind:
- description: Kind of the values referent, valid values are
- ('Secret', 'ConfigMap').
- enum:
- - Secret
- - ConfigMap
- type: string
- name:
- description: Name of the values referent. Should reside
- in the same namespace as the referring resource.
- maxLength: 253
- minLength: 1
- type: string
- optional:
- default: false
- description: Optional indicates whether the referenced resource
- must exist, or whether to tolerate its absence. If true
- and the referenced resource is absent, proceed as if the
- resource was present but empty, without any variables
- defined.
- type: boolean
- required:
- - kind
- - name
- type: object
- type: array
- type: object
- prune:
- description: Prune enables garbage collection.
- type: boolean
- retryInterval:
- description: The interval at which to retry a previously failed reconciliation.
- When not specified, the controller uses the KustomizationSpec.Interval
- value to retry failures.
- type: string
- serviceAccountName:
- description: The name of the Kubernetes service account to impersonate
- when reconciling this Kustomization.
- type: string
- sourceRef:
- description: Reference of the source where the kustomization file
- is.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- kind:
- description: Kind of the referent.
- enum:
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, defaults to the namespace
- of the Kubernetes resource object that contains the reference.
- type: string
- required:
- - kind
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend subsequent
- kustomize executions, it does not apply to already started executions.
- Defaults to false.
- type: boolean
- targetNamespace:
- description: TargetNamespace sets or overrides the namespace in the
- kustomization.yaml file.
- maxLength: 63
- minLength: 1
- type: string
- timeout:
- description: Timeout for validation, apply and health checking operations.
- Defaults to 'Interval' duration.
- type: string
- validation:
- description: 'Deprecated: Not used in v1beta2.'
- enum:
- - none
- - client
- - server
- type: string
- wait:
- description: Wait instructs the controller to check the health of
- all the reconciled resources. When enabled, the HealthChecks are
- ignored. Defaults to false.
- type: boolean
- required:
- - interval
- - prune
- - sourceRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: KustomizationStatus defines the observed state of a kustomization.
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- inventory:
- description: Inventory contains the list of Kubernetes resource object
- references that have been successfully applied.
- properties:
- entries:
- description: Entries of Kubernetes resource object references.
- items:
- description: ResourceRef contains the information necessary
- to locate a resource within a cluster.
- properties:
- id:
- description: ID is the string representation of the Kubernetes
- resource object's metadata, in the format '<namespace>_<name>_<group>_<kind>'.
- type: string
- v:
- description: Version is the API version of the Kubernetes
- resource object's kind.
- type: string
- required:
- - id
- - v
- type: object
- type: array
- required:
- - entries
- type: object
- lastAppliedRevision:
- description: The last successfully applied revision. The revision
- format for Git sources is <branch|tag>/<commit-sha>.
- type: string
- lastAttemptedRevision:
- description: LastAttemptedRevision is the revision of the last reconciliation
- attempt.
- type: string
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last reconciled generation.
- format: int64
- type: integer
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: providers.notification.toolkit.fluxcd.io
-spec:
- group: notification.toolkit.fluxcd.io
- names:
- kind: Provider
- listKind: ProviderList
- plural: providers
- singular: provider
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Provider is the Schema for the providers API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: ProviderSpec defines the desired state of Provider
- properties:
- address:
- description: HTTP/S webhook address of this provider
- pattern: ^(http|https)://
- type: string
- certSecretRef:
- description: CertSecretRef can be given the name of a secret containing
- a PEM-encoded CA certificate (`caFile`)
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- channel:
- description: Alert channel for this provider
- type: string
- proxy:
- description: HTTP/S address of the proxy
- pattern: ^(http|https)://
- type: string
- secretRef:
- description: Secret reference containing the provider webhook URL
- using "address" as data key
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend subsequent
- events handling. Defaults to false.
- type: boolean
- type:
- description: Type of provider
- enum:
- - slack
- - discord
- - msteams
- - rocket
- - generic
- - github
- - gitlab
- - bitbucket
- - azuredevops
- - googlechat
- - webex
- - sentry
- - azureeventhub
- - telegram
- - lark
- - matrix
- - opsgenie
- - alertmanager
- - grafana
- - githubdispatch
- type: string
- username:
- description: Bot username for this provider
- type: string
- required:
- - type
- type: object
- status:
- default:
- observedGeneration: -1
- description: ProviderStatus defines the observed state of Provider
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: ObservedGeneration is the last reconciled generation.
- format: int64
- type: integer
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: receivers.notification.toolkit.fluxcd.io
-spec:
- group: notification.toolkit.fluxcd.io
- names:
- kind: Receiver
- listKind: ReceiverList
- plural: receivers
- singular: receiver
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Receiver is the Schema for the receivers API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: ReceiverSpec defines the desired state of Receiver
- properties:
- events:
- description: A list of events to handle, e.g. 'push' for GitHub or
- 'Push Hook' for GitLab.
- items:
- type: string
- type: array
- resources:
- description: A list of resources to be notified about changes.
- items:
- description: CrossNamespaceObjectReference contains enough information
- to let you locate the typed referenced object at cluster level
- properties:
- apiVersion:
- description: API version of the referent
- type: string
- kind:
- description: Kind of the referent
- enum:
- - Bucket
- - GitRepository
- - Kustomization
- - HelmRelease
- - HelmChart
- - HelmRepository
- - ImageRepository
- - ImagePolicy
- - ImageUpdateAutomation
- type: string
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs. A single
- {key,value} in the matchLabels map is equivalent to an element
- of matchExpressions, whose key field is "key", the operator
- is "In", and the values array contains only "value". The requirements
- are ANDed.
- type: object
- name:
- description: Name of the referent
- maxLength: 53
- minLength: 1
- type: string
- namespace:
- description: Namespace of the referent
- maxLength: 53
- minLength: 1
- type: string
- required:
- - name
- type: object
- type: array
- secretRef:
- description: Secret reference containing the token used to validate
- the payload authenticity
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend subsequent
- events handling. Defaults to false.
- type: boolean
- type:
- description: Type of webhook sender, used to determine the validation
- procedure and payload deserialization.
- enum:
- - generic
- - generic-hmac
- - github
- - gitlab
- - bitbucket
- - harbor
- - dockerhub
- - quay
- - gcr
- - nexus
- - acr
- type: string
- required:
- - resources
- - type
- type: object
- status:
- default:
- observedGeneration: -1
- description: ReceiverStatus defines the observed state of Receiver
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: helm-controller
- namespace: flux-system
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: kustomize-controller
- namespace: flux-system
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: notification-controller
- namespace: flux-system
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: source-controller
- namespace: flux-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: crd-controller-flux-system
-rules:
-- apiGroups:
- - source.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - kustomize.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - helm.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - notification.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - image.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - ""
- resources:
- - namespaces
- - secrets
- - configmaps
- - serviceaccounts
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - patch
-- apiGroups:
- - ""
- resources:
- - configmaps
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
-- apiGroups:
- - ""
- resources:
- - configmaps/status
- verbs:
- - get
- - update
- - patch
-- apiGroups:
- - coordination.k8s.io
- resources:
- - leases
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: cluster-reconciler-flux-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: cluster-admin
-subjects:
-- kind: ServiceAccount
- name: kustomize-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: helm-controller
- namespace: flux-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: crd-controller-flux-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: crd-controller-flux-system
-subjects:
-- kind: ServiceAccount
- name: kustomize-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: helm-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: source-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: notification-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: image-reflector-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: image-automation-controller
- namespace: flux-system
----
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: notification-controller
- namespace: flux-system
-spec:
- ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: http
- selector:
- app: notification-controller
- type: ClusterIP
----
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: source-controller
- namespace: flux-system
-spec:
- ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: http
- selector:
- app: source-controller
- type: ClusterIP
----
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: webhook-receiver
- namespace: flux-system
-spec:
- ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: http-webhook
- selector:
- app: notification-controller
- type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: helm-controller
- namespace: flux-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: helm-controller
- template:
- metadata:
- annotations:
- prometheus.io/port: "8080"
- prometheus.io/scrape: "true"
- labels:
- app: helm-controller
- spec:
- containers:
- - args:
- - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/helm-controller:v0.22.2
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 8080
- name: http-prom
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: healthz
- resources:
- limits:
- cpu: 1000m
- memory: 1Gi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /tmp
- name: temp
- nodeSelector:
- kubernetes.io/os: linux
- securityContext:
- fsGroup: 1337
- serviceAccountName: helm-controller
- terminationGracePeriodSeconds: 600
- volumes:
- - emptyDir: {}
- name: temp
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: kustomize-controller
- namespace: flux-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: kustomize-controller
- template:
- metadata:
- annotations:
- prometheus.io/port: "8080"
- prometheus.io/scrape: "true"
- labels:
- app: kustomize-controller
- spec:
- containers:
- - args:
- - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/kustomize-controller:v0.26.3
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 8080
- name: http-prom
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: healthz
- resources:
- limits:
- cpu: 1000m
- memory: 1Gi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /tmp
- name: temp
- nodeSelector:
- kubernetes.io/os: linux
- securityContext:
- fsGroup: 1337
- serviceAccountName: kustomize-controller
- terminationGracePeriodSeconds: 60
- volumes:
- - emptyDir: {}
- name: temp
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: notification-controller
- namespace: flux-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: notification-controller
- template:
- metadata:
- annotations:
- prometheus.io/port: "8080"
- prometheus.io/scrape: "true"
- labels:
- app: notification-controller
- spec:
- containers:
- - args:
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/notification-controller:v0.24.1
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 9090
- name: http
- protocol: TCP
- - containerPort: 9292
- name: http-webhook
- protocol: TCP
- - containerPort: 8080
- name: http-prom
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: healthz
- resources:
- limits:
- cpu: 1000m
- memory: 1Gi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /tmp
- name: temp
- nodeSelector:
- kubernetes.io/os: linux
- securityContext:
- fsGroup: 1337
- serviceAccountName: notification-controller
- terminationGracePeriodSeconds: 10
- volumes:
- - emptyDir: {}
- name: temp
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: source-controller
- namespace: flux-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: source-controller
- strategy:
- type: Recreate
- template:
- metadata:
- annotations:
- prometheus.io/port: "8080"
- prometheus.io/scrape: "true"
- labels:
- app: source-controller
- spec:
- containers:
- - args:
- - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- - --storage-path=/data
- - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/source-controller:v0.25.11
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 9090
- name: http
- protocol: TCP
- - containerPort: 8080
- name: http-prom
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /
- port: http
- resources:
- limits:
- cpu: 1000m
- memory: 1Gi
- requests:
- cpu: 50m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /data
- name: data
- - mountPath: /tmp
- name: tmp
- nodeSelector:
- kubernetes.io/os: linux
- securityContext:
- fsGroup: 1337
- serviceAccountName: source-controller
- terminationGracePeriodSeconds: 10
- volumes:
- - emptyDir: {}
- name: data
- - emptyDir: {}
- name: tmp
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: allow-egress
- namespace: flux-system
-spec:
- egress:
- - {}
- ingress:
- - from:
- - podSelector: {}
- podSelector: {}
- policyTypes:
- - Ingress
- - Egress
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: allow-scraping
- namespace: flux-system
-spec:
- ingress:
- - from:
- - namespaceSelector: {}
- ports:
- - port: 8080
- protocol: TCP
- podSelector: {}
- policyTypes:
- - Ingress
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: allow-webhooks
- namespace: flux-system
-spec:
- ingress:
- - from:
- - namespaceSelector: {}
- podSelector:
- matchLabels:
- app: notification-controller
- policyTypes:
- - Ingress
diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/gotk-sync.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/gotk-sync.yaml
deleted file mode 100644
index 0d32ce5..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/gotk-sync.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-# This manifest was generated by flux. DO NOT EDIT.
----
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: GitRepository
-metadata:
- name: flux-system
- namespace: flux-system
-spec:
- interval: 1m0s
- ref:
- branch: master
- secretRef:
- name: flux-system
- url: ssh://git@10.57.100.7/srv/git/tyilnet
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: flux-system
- namespace: flux-system
-spec:
- interval: 10m0s
- path: ./playbooks.d/k3s-master/share/manifests/clusters/hurzak.tyil.net
- prune: true
- sourceRef:
- kind: GitRepository
- name: flux-system
diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/kustomization.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/kustomization.yaml
deleted file mode 100644
index 3842229..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/kustomization.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- gotk-components.yaml
-- gotk-sync.yaml
diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-configuration.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-configuration.yaml
deleted file mode 100644
index 9df248a..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-configuration.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: infrastructure-configurations
- namespace: flux-system
-spec:
- interval: 10m0s
- dependsOn:
- - name: infrastructure-releases
- sourceRef:
- kind: GitRepository
- name: flux-system
- path: ./playbooks.d/k3s-master/share/manifests/infrastructure/configuration
- prune: true
- wait: true
-...
diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-releases.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-releases.yaml
deleted file mode 100644
index cc449ac..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-releases.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: infrastructure-releases
- namespace: flux-system
-spec:
- interval: 10m0s
- dependsOn:
- - name: infrastructure-sources
- sourceRef:
- kind: GitRepository
- name: flux-system
- path: ./playbooks.d/k3s-master/share/manifests/infrastructure/releases
- prune: true
- wait: true
-...
diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-sources.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-sources.yaml
deleted file mode 100644
index eda76f3..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-sources.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: infrastructure-sources
- namespace: flux-system
-spec:
- interval: 10m0s
- dependsOn:
- - name: namespaces
- sourceRef:
- kind: GitRepository
- name: flux-system
- path: ./playbooks.d/k3s-master/share/manifests/infrastructure/sources
- prune: true
- wait: true
-...
diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/namespaces.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/namespaces.yaml
deleted file mode 100644
index 4fc4292..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/namespaces.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: namespaces
- namespace: flux-system
-spec:
- interval: 10m0s
- sourceRef:
- kind: GitRepository
- name: flux-system
- path: ./playbooks.d/k3s-master/share/manifests/namespaces
- prune: true
-...
diff --git a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/applications.yaml b/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/applications.yaml
deleted file mode 100644
index 809cdb4..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/applications.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: applications
- namespace: flux-system
-spec:
- interval: 10m0s
- sourceRef:
- kind: GitRepository
- name: flux-system
- path: ./playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net
- prune: true
-...
diff --git a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/gotk-components.yaml b/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/gotk-components.yaml
deleted file mode 100644
index 4c7ce9b..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/gotk-components.yaml
+++ /dev/null
@@ -1,5583 +0,0 @@
----
-# This manifest was generated by flux. DO NOT EDIT.
-# Flux Version: v0.31.5
-# Components: source-controller,kustomize-controller,helm-controller,notification-controller
-apiVersion: v1
-kind: Namespace
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- pod-security.kubernetes.io/warn: restricted
- pod-security.kubernetes.io/warn-version: latest
- name: flux-system
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: alerts.notification.toolkit.fluxcd.io
-spec:
- group: notification.toolkit.fluxcd.io
- names:
- kind: Alert
- listKind: AlertList
- plural: alerts
- singular: alert
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Alert is the Schema for the alerts API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: AlertSpec defines an alerting rule for events involving a
- list of objects
- properties:
- eventSeverity:
- default: info
- description: Filter events based on severity, defaults to ('info').
- If set to 'info' no events will be filtered.
- enum:
- - info
- - error
- type: string
- eventSources:
- description: Filter events based on the involved objects.
- items:
- description: CrossNamespaceObjectReference contains enough information
- to let you locate the typed referenced object at cluster level
- properties:
- apiVersion:
- description: API version of the referent
- type: string
- kind:
- description: Kind of the referent
- enum:
- - Bucket
- - GitRepository
- - Kustomization
- - HelmRelease
- - HelmChart
- - HelmRepository
- - ImageRepository
- - ImagePolicy
- - ImageUpdateAutomation
- type: string
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs. A single
- {key,value} in the matchLabels map is equivalent to an element
- of matchExpressions, whose key field is "key", the operator
- is "In", and the values array contains only "value". The requirements
- are ANDed.
- type: object
- name:
- description: Name of the referent
- maxLength: 53
- minLength: 1
- type: string
- namespace:
- description: Namespace of the referent
- maxLength: 53
- minLength: 1
- type: string
- required:
- - name
- type: object
- type: array
- exclusionList:
- description: A list of Golang regular expressions to be used for excluding
- messages.
- items:
- type: string
- type: array
- providerRef:
- description: Send events using this provider.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- summary:
- description: Short description of the impact and affected cluster.
- type: string
- suspend:
- description: This flag tells the controller to suspend subsequent
- events dispatching. Defaults to false.
- type: boolean
- required:
- - eventSources
- - providerRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: AlertStatus defines the observed state of Alert
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: buckets.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: Bucket
- listKind: BucketList
- plural: buckets
- singular: bucket
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.endpoint
- name: Endpoint
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Bucket is the Schema for the buckets API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: BucketSpec defines the desired state of an S3 compatible
- bucket
- properties:
- accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- bucketName:
- description: The bucket name.
- type: string
- endpoint:
- description: The bucket endpoint address.
- type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the
- .sourceignore format (which is the same as .gitignore). If not provided,
- a default will be used, consult the documentation for your version
- to find out what those are.
- type: string
- insecure:
- description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.
- type: boolean
- interval:
- description: The interval at which to check for bucket updates.
- type: string
- provider:
- default: generic
- description: The S3 compatible storage provider name, default ('generic').
- enum:
- - generic
- - aws
- - gcp
- type: string
- region:
- description: The bucket region.
- type: string
- secretRef:
- description: The name of the secret containing authentication credentials
- for the Bucket.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- timeout:
- default: 60s
- description: The timeout for download operations, defaults to 60s.
- type: string
- required:
- - bucketName
- - endpoint
- - interval
- type: object
- status:
- default:
- observedGeneration: -1
- description: BucketStatus defines the observed state of a bucket
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- Bucket sync.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the Bucket.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the artifact output of the
- last Bucket sync.
- type: string
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .spec.endpoint
- name: Endpoint
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: Bucket is the Schema for the buckets API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: BucketSpec specifies the required configuration to produce
- an Artifact for an object storage bucket.
- properties:
- accessFrom:
- description: 'AccessFrom specifies an Access Control List for allowing
- cross-namespace references to this object. NOTE: Not implemented,
- provisional as of https://github.com/fluxcd/flux2/pull/2092'
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- bucketName:
- description: BucketName is the name of the object storage bucket.
- type: string
- endpoint:
- description: Endpoint is the object storage address the BucketName
- is located at.
- type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the
- .sourceignore format (which is the same as .gitignore). If not provided,
- a default will be used, consult the documentation for your version
- to find out what those are.
- type: string
- insecure:
- description: Insecure allows connecting to a non-TLS HTTP Endpoint.
- type: boolean
- interval:
- description: Interval at which to check the Endpoint for updates.
- type: string
- provider:
- default: generic
- description: Provider of the object storage bucket. Defaults to 'generic',
- which expects an S3 (API) compatible object storage.
- enum:
- - generic
- - aws
- - gcp
- - azure
- type: string
- region:
- description: Region of the Endpoint where the BucketName is located
- in.
- type: string
- secretRef:
- description: SecretRef specifies the Secret containing authentication
- credentials for the Bucket.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: Suspend tells the controller to suspend the reconciliation
- of this Bucket.
- type: boolean
- timeout:
- default: 60s
- description: Timeout for fetch operations, defaults to 60s.
- type: string
- required:
- - bucketName
- - endpoint
- - interval
- type: object
- status:
- default:
- observedGeneration: -1
- description: BucketStatus records the observed state of a Bucket.
- properties:
- artifact:
- description: Artifact represents the last successful Bucket reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the Bucket.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the Bucket object.
- format: int64
- type: integer
- url:
- description: URL is the dynamic fetch link for the latest Artifact.
- It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact
- data is recommended.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: gitrepositories.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: GitRepository
- listKind: GitRepositoryList
- plural: gitrepositories
- shortNames:
- - gitrepo
- singular: gitrepository
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: GitRepository is the Schema for the gitrepositories API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: GitRepositorySpec defines the desired state of a Git repository.
- properties:
- accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- gitImplementation:
- default: go-git
- description: Determines which git client library to use. Defaults
- to go-git, valid values are ('go-git', 'libgit2').
- enum:
- - go-git
- - libgit2
- type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the
- .sourceignore format (which is the same as .gitignore). If not provided,
- a default will be used, consult the documentation for your version
- to find out what those are.
- type: string
- include:
- description: Extra git repositories to map into the repository
- items:
- description: GitRepositoryInclude defines a source with a from and
- to path.
- properties:
- fromPath:
- description: The path to copy contents from, defaults to the
- root directory.
- type: string
- repository:
- description: Reference to a GitRepository to include.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- toPath:
- description: The path to copy contents to, defaults to the name
- of the source ref.
- type: string
- required:
- - repository
- type: object
- type: array
- interval:
- description: The interval at which to check for repository updates.
- type: string
- recurseSubmodules:
- description: When enabled, after the clone is created, initializes
- all submodules within, using their default settings. This option
- is available only when using the 'go-git' GitImplementation.
- type: boolean
- ref:
- description: The Git reference to checkout and monitor for changes,
- defaults to master branch.
- properties:
- branch:
- description: The Git branch to checkout, defaults to master.
- type: string
- commit:
- description: The Git commit SHA to checkout, if specified Tag
- filters will be ignored.
- type: string
- semver:
- description: The Git tag semver expression, takes precedence over
- Tag.
- type: string
- tag:
- description: The Git tag to checkout, takes precedence over Branch.
- type: string
- type: object
- secretRef:
- description: The secret name containing the Git credentials. For HTTPS
- repositories the secret must contain username and password fields.
- For SSH repositories the secret must contain identity and known_hosts
- fields.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- timeout:
- default: 60s
- description: The timeout for remote Git operations like cloning, defaults
- to 60s.
- type: string
- url:
- description: The repository URL, can be a HTTP/S or SSH address.
- pattern: ^(http|https|ssh)://
- type: string
- verify:
- description: Verify OpenPGP signature for the Git commit HEAD points
- to.
- properties:
- mode:
- description: Mode describes what git object should be verified,
- currently ('head').
- enum:
- - head
- type: string
- secretRef:
- description: The secret name containing the public keys of all
- trusted Git authors.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- required:
- - mode
- type: object
- required:
- - interval
- - url
- type: object
- status:
- default:
- observedGeneration: -1
- description: GitRepositoryStatus defines the observed state of a Git repository.
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- repository sync.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the GitRepository.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- includedArtifacts:
- description: IncludedArtifacts represents the included artifacts from
- the last successful repository sync.
- items:
- description: Artifact represents the output of a source synchronisation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the artifact output of the
- last repository sync.
- type: string
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: GitRepository is the Schema for the gitrepositories API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: GitRepositorySpec specifies the required configuration to
- produce an Artifact for a Git repository.
- properties:
- accessFrom:
- description: 'AccessFrom specifies an Access Control List for allowing
- cross-namespace references to this object. NOTE: Not implemented,
- provisional as of https://github.com/fluxcd/flux2/pull/2092'
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- gitImplementation:
- default: go-git
- description: GitImplementation specifies which Git client library
- implementation to use. Defaults to 'go-git', valid values are ('go-git',
- 'libgit2').
- enum:
- - go-git
- - libgit2
- type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the
- .sourceignore format (which is the same as .gitignore). If not provided,
- a default will be used, consult the documentation for your version
- to find out what those are.
- type: string
- include:
- description: Include specifies a list of GitRepository resources which
- Artifacts should be included in the Artifact produced for this GitRepository.
- items:
- description: GitRepositoryInclude specifies a local reference to
- a GitRepository which Artifact (sub-)contents must be included,
- and where they should be placed.
- properties:
- fromPath:
- description: FromPath specifies the path to copy contents from,
- defaults to the root of the Artifact.
- type: string
- repository:
- description: GitRepositoryRef specifies the GitRepository which
- Artifact contents must be included.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- toPath:
- description: ToPath specifies the path to copy contents to,
- defaults to the name of the GitRepositoryRef.
- type: string
- required:
- - repository
- type: object
- type: array
- interval:
- description: Interval at which to check the GitRepository for updates.
- type: string
- recurseSubmodules:
- description: RecurseSubmodules enables the initialization of all submodules
- within the GitRepository as cloned from the URL, using their default
- settings. This option is available only when using the 'go-git'
- GitImplementation.
- type: boolean
- ref:
- description: Reference specifies the Git reference to resolve and
- monitor for changes, defaults to the 'master' branch.
- properties:
- branch:
- description: "Branch to check out, defaults to 'master' if no
- other field is defined. \n When GitRepositorySpec.GitImplementation
- is set to 'go-git', a shallow clone of the specified branch
- is performed."
- type: string
- commit:
- description: "Commit SHA to check out, takes precedence over all
- reference fields. \n When GitRepositorySpec.GitImplementation
- is set to 'go-git', this can be combined with Branch to shallow
- clone the branch, in which the commit is expected to exist."
- type: string
- semver:
- description: SemVer tag expression to check out, takes precedence
- over Tag.
- type: string
- tag:
- description: Tag to check out, takes precedence over Branch.
- type: string
- type: object
- secretRef:
- description: SecretRef specifies the Secret containing authentication
- credentials for the GitRepository. For HTTPS repositories the Secret
- must contain 'username' and 'password' fields. For SSH repositories
- the Secret must contain 'identity' and 'known_hosts' fields.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: Suspend tells the controller to suspend the reconciliation
- of this GitRepository.
- type: boolean
- timeout:
- default: 60s
- description: Timeout for Git operations like cloning, defaults to
- 60s.
- type: string
- url:
- description: URL specifies the Git repository URL, it can be an HTTP/S
- or SSH address.
- pattern: ^(http|https|ssh)://
- type: string
- verify:
- description: Verification specifies the configuration to verify the
- Git commit signature(s).
- properties:
- mode:
- description: Mode specifies what Git object should be verified,
- currently ('head').
- enum:
- - head
- type: string
- secretRef:
- description: SecretRef specifies the Secret containing the public
- keys of trusted Git authors.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- required:
- - mode
- type: object
- required:
- - interval
- - url
- type: object
- status:
- default:
- observedGeneration: -1
- description: GitRepositoryStatus records the observed state of a Git repository.
- properties:
- artifact:
- description: Artifact represents the last successful GitRepository
- reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the GitRepository.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- contentConfigChecksum:
- description: 'ContentConfigChecksum is a checksum of all the configurations
- related to the content of the source artifact: - .spec.ignore -
- .spec.recurseSubmodules - .spec.included and the checksum of the
- included artifacts observed in .status.observedGeneration version
- of the object. This can be used to determine if the content of the
- included repository has changed. It has the format of `<algo>:<checksum>`,
- for example: `sha256:<checksum>`.'
- type: string
- includedArtifacts:
- description: IncludedArtifacts contains a list of the last successfully
- included Artifacts as instructed by GitRepositorySpec.Include.
- items:
- description: Artifact represents the output of a Source reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact
- file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact.
- It can be used to locate the file in the root of the Artifact
- storage on the local file system of the controller managing
- the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the GitRepository object.
- format: int64
- type: integer
- url:
- description: URL is the dynamic fetch link for the latest Artifact.
- It is provided on a "best effort" basis, and using the precise GitRepositoryStatus.Artifact
- data is recommended.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: helmcharts.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: HelmChart
- listKind: HelmChartList
- plural: helmcharts
- shortNames:
- - hc
- singular: helmchart
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.chart
- name: Chart
- type: string
- - jsonPath: .spec.version
- name: Version
- type: string
- - jsonPath: .spec.sourceRef.kind
- name: Source Kind
- type: string
- - jsonPath: .spec.sourceRef.name
- name: Source Name
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: HelmChart is the Schema for the helmcharts API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmChartSpec defines the desired state of a Helm chart.
- properties:
- accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- chart:
- description: The name or path the Helm chart is available at in the
- SourceRef.
- type: string
- interval:
- description: The interval at which to check the Source for updates.
- type: string
- reconcileStrategy:
- default: ChartVersion
- description: Determines what enables the creation of a new artifact.
- Valid values are ('ChartVersion', 'Revision'). See the documentation
- of the values for an explanation on their behavior. Defaults to
- ChartVersion when omitted.
- enum:
- - ChartVersion
- - Revision
- type: string
- sourceRef:
- description: The reference to the Source the chart is available at.
- properties:
- apiVersion:
- description: APIVersion of the referent.
- type: string
- kind:
- description: Kind of the referent, valid values are ('HelmRepository',
- 'GitRepository', 'Bucket').
- enum:
- - HelmRepository
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent.
- type: string
- required:
- - kind
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- valuesFile:
- description: Alternative values file to use as the default chart values,
- expected to be a relative path in the SourceRef. Deprecated in favor
- of ValuesFiles, for backwards compatibility the file defined here
- is merged before the ValuesFiles items. Ignored when omitted.
- type: string
- valuesFiles:
- description: Alternative list of values files to use as the chart
- values (values.yaml is not included by default), expected to be
- a relative path in the SourceRef. Values files are merged in the
- order of this list with the last file overriding the first. Ignored
- when omitted.
- items:
- type: string
- type: array
- version:
- default: '*'
- description: The chart version semver expression, ignored for charts
- from GitRepository and Bucket sources. Defaults to latest when omitted.
- type: string
- required:
- - chart
- - interval
- - sourceRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmChartStatus defines the observed state of the HelmChart.
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- chart sync.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
<