diff options
164 files changed, 4462 insertions, 241 deletions
diff --git a/data.d/etc-portage/.gitignore b/data.d/etc-portage/.gitignore new file mode 100644 index 0000000..72e8ffc --- /dev/null +++ b/data.d/etc-portage/.gitignore @@ -0,0 +1 @@ +* diff --git a/data.d/etc-portage/make.conf/00-defaults.conf b/data.d/etc-portage/make.conf/00-defaults.conf new file mode 100644 index 0000000..21c3c58 --- /dev/null +++ b/data.d/etc-portage/make.conf/00-defaults.conf @@ -0,0 +1,15 @@ +# These settings were set by the catalyst build script that automatically +# built this stage. +# Please consult /usr/share/portage/config/make.conf.example for a more +# detailed example. +COMMON_FLAGS="-O2 -pipe" +CFLAGS="${COMMON_FLAGS}" +CXXFLAGS="${COMMON_FLAGS}" +FCFLAGS="${COMMON_FLAGS}" +FFLAGS="${COMMON_FLAGS}" + +# NOTE: This stage was built with the bindist Use flag enabled + +# This sets the language of build output to English. +# Please keep this setting intact when reporting bugs. +LC_MESSAGES=C.utf8 diff --git a/data.d/etc-portage/make.conf/10-global.conf b/data.d/etc-portage/make.conf/10-global.conf new file mode 100644 index 0000000..deff7d8 --- /dev/null +++ b/data.d/etc-portage/make.conf/10-global.conf @@ -0,0 +1,54 @@ +USE=" + bash-completion + introspection + vim-syntax + zsh-completion +" + +FEATURES=" + $FEATURES + buildpkg + network-sandbox + parallel-fetch + parallel-install + sandbox + sign + userfetch + userpriv + usersandbox + usersync +" + +EMERGE_DEFAULT_OPTS=" + $EMERGE_DEFAULT_OPTS + --alert + --ask + --binpkg-changed-deps=y + --binpkg-respect-use=y + --buildpkg-exclude */*-bin + --buildpkg-exclude acct-*/* + --buildpkg-exclude sys-kernel/*-sources + --buildpkg-exclude virtual/* + --keep-going + --tree + --usepkg-exclude */*-bin + --usepkg-exclude acct-*/* + --usepkg-exclude sys-kernel/*-sources + --usepkg-exclude virtual/* + --verbose +" + +PKGDIR="/var/portage/packages" +DISTDIR="/var/portage/distfiles" + +ACCEPT_LICENSE=" + -* + @FREE +" + +LC_MESSAGES=C.UTF8 + +L10N=" + en + nl +" diff --git a/data.d/etc-portage/package.accept_keywords/15-vpn.accept_keywords b/data.d/etc-portage/package.accept_keywords/15-vpn.accept_keywords new file mode 100644 index 0000000..2376e42 --- /dev/null +++ b/data.d/etc-portage/package.accept_keywords/15-vpn.accept_keywords @@ -0,0 +1 @@ +net-vpn/tinc ~* diff --git a/data.d/etc-portage/package.license b/data.d/etc-portage/package.license new file mode 100644 index 0000000..348558e --- /dev/null +++ b/data.d/etc-portage/package.license @@ -0,0 +1 @@ +sys-kernel/linux-firmware linux-fw-redistributable diff --git a/data.d/etc-portage/package.use/15-apcupsd.use b/data.d/etc-portage/package.use/15-apcupsd.use new file mode 100644 index 0000000..91eeffb --- /dev/null +++ b/data.d/etc-portage/package.use/15-apcupsd.use @@ -0,0 +1 @@ +sys-apps/util-linux tty-helpers diff --git a/data.d/etc-portage/repos.conf/gentoo.conf b/data.d/etc-portage/repos.conf/gentoo.conf new file mode 100644 index 0000000..6cb6e3b --- /dev/null +++ b/data.d/etc-portage/repos.conf/gentoo.conf @@ -0,0 +1,19 @@ +[DEFAULT] +main-repo = gentoo + +[gentoo] +location = /var/db/repos/gentoo +sync-type = rsync +sync-uri = rsync://rsync.gentoo.org/gentoo-portage +auto-sync = yes +sync-rsync-verify-jobs = 1 +sync-rsync-verify-metamanifest = yes +sync-rsync-verify-max-age = 24 +sync-openpgp-key-path = /usr/share/openpgp-keys/gentoo-release.asc +sync-openpgp-keyserver = hkps://keys.gentoo.org +sync-openpgp-key-refresh-retry-count = 40 +sync-openpgp-key-refresh-retry-overall-timeout = 1200 +sync-openpgp-key-refresh-retry-delay-exp-base = 2 +sync-openpgp-key-refresh-retry-delay-max = 60 +sync-openpgp-key-refresh-retry-delay-mult = 4 +sync-webrsync-verify-signature = yes diff --git a/data.d/k3s-master/helm.d/seaweedfs-csi-driver.yaml b/data.d/k3s-master/helm.d/seaweedfs-csi-driver.yaml new file mode 100644 index 0000000..77b6962 --- /dev/null +++ b/data.d/k3s-master/helm.d/seaweedfs-csi-driver.yaml @@ -0,0 +1 @@ +seaweedfsFiler: "10.57.101.10:8888" diff --git a/data.d/k3s-master/manifests.d/hurzak/public-services/invidious/sealed-secret.yaml b/data.d/k3s-master/manifests.d/hurzak/public-services/invidious/sealed-secret.yaml index 4f6736e..1662910 100644 --- a/data.d/k3s-master/manifests.d/hurzak/public-services/invidious/sealed-secret.yaml +++ b/data.d/k3s-master/manifests.d/hurzak/public-services/invidious/sealed-secret.yaml @@ -6,7 +6,7 @@ metadata: namespace: public-services spec: encryptedData: - config.yml: AgCUIY2odVFpqoCnVTOXzZ0/88nju6scuftHfRhe5R11TSrV4yPdrxmvEQ9X2f/7i0j/46KA3ynCaPXjcsbXMjy4XaWJuikEdFsIhlNWjo97sN9tZ8FBZBabfaxW/CERb3tvGsvt6iVi6wrk0yv1tA6u8mgxRUi1Y+wQAhgBsIQJ5ZYsv5Yk7jXCiq6pr9lA0lhuDJS0GeOhRwf7UIrNODHg/z9dmovYOM2iy5dS+2MrG29oBQf9MA3CbKqZx/53g/6QwI0x8i1Id4K2jRdPUF85QdE29duqLkNKYMLtqMbivl7z/CXtPk8fwIgL7Qf4/UIEZGvI/PhejwpzHu9tXhcyF5uvXm5C2z+ZGum/TyS2eaF421Y7V0nupvddCZjNSasDi1iGUENXrhbizYPlXPvhnMZMf1KK2IBcE+1950oNvM/2v55WzM1qku9dF+MFNNndADCTZ5GYXfMA+LqmwXE2BnVVHUbhbBDDQRuf0hdqcfeyUr3F3DDcAxx0gjF3QaFbsOif+iRzhkb1GNsqYhNTWcQCp+lzC716s6ocIPxa6Prad1TZ7FXLCPyLRpOaQrE3Ia5MSgPIc9J1Qq+Ma8wYReAmazB4cq8kNAsbiSsAqN5wPqsrEJQLCkZexgn5+TTRz3U1tWwaKSnIqPeGo1Dg//wBnZh9V9fwBkMTmdz9qOOjAWLiw37MUClTFhKW40y9UHdi+tfUu9m3nKvH/U/aG2KM8+VxwH8gDMFE4wzhNNA9hbro7xJZagHaln4bhXuzm/oT+3eUYpQmgBvxuHG2aF4JLeBjcZ5nEiE9T7vtcVFE7gS7GEujFQSNgthsq2RJY3gp3ST7TLzUkFonBQnraTL/iz31xlGm6DCa+XOH6SIMfgALkVcYALkOWpDmQ88H+vpDXYjNj7PZtYqlLaQDou1r7mRZUQQYm0rQ57DAjZRKuP3BXqjO6tI+xxXYZ5L58bmcCTrOEQErigYHUQvfy1MvgiieIvaryb627Kb6XhRGRfu43KOoNXpPWM7EffoxbshlgsO8ozAhqcwmvdICPa0nTiqMHJ9c5NaXZJgF2ubNxrZMWFB5Mnp8evDNr2QMkZJfnPduCzX55uW/bl7V8bmHHabrEOBNOZ5BUpq6VjY3uyuijNqCXSp0thCL/ueAavv/e6Z9vwnAA0e1M3ZPQByNMPHq/4hKBpdQbctAC/CaWcGjAIGWLWokORc= + config.yml: AgC6AqJN79jmnQmF8X2+LY61UGqOltC9l7/jug3Z5mWLgT4M36F0wdVweFdxG5Qq8Tt7QmFyvfS6HA0RQSjL0gXG77SXVt4Q5HWGN5SpeRmpY5wymM2jV94ms7C4/QD5kOHkKp1o/tcajLXmLeZM3446r/rMhMjSoeTc7zf/rlc88NFTPhtJNM7wejeSzYN/+dvaBxfZBXFUXZuITkrqgRUaalWu1Zrooc/cLt+lG6hVgEgYPGITp31GFte/27/D48pfOkvayl8cdTxcBLM3d1QUxVBxel3ik6m/d7M/c76FsIvGTOfTXUpIFsJu+z2oQeC2QaY4ICvZdIZSqUTzzPxkziE9nZ0ZKmhv662Nri3DHjwvKRQiCEd53bG10YBaaiFBTFt9HxqA0u/2oEsbeVEeHCtQ+1UoQN1eCI27/Bx3RGIHZrireOamuddMHFcacZj0J9WX6O8dVoyrCbn9AdrTi20PeT77RzkxXTiICjYgiO70P6j2CF/hxKWwZKKFjq5CVPOVTMGEUy3L92sNg9M2dPgMAD7klvB4V/x8fzc3dnAFFM64uqFE2WqC/G62+LUeU8vI/YPHkzBxyA8L9Pya+cjkHR2UAh3KDiDAJBe4ow2H4lCqGEv15sD+XX9cVN8iLd0zoCp54FK39wIHH1b8VEk+1Kw7zu2+Dr6ZvNuJkppaBCqWFqOsOox3d/wgbDSAEp/0Slc5mrGNVoQzji0lWz2fAKioIKAxoWHc3a2CaUZ0f8nz3kMg3dj4yUWNcffTnjn0YQ3oX7bSAZ3lVifPGowaVN6x4cUICy1NybMfUnJC/cO6CLI9MQemeKO7DUcA0npncgJxavdL1+ITrKcJJ/W4NXuv70PdRm+CLiwtguRSuiH78BmVMdH3u0lwMHPSSfum7WlBLSVPVa+QQEFqE/qJe/03HVoEpycz+E5GI22WoOfReS39AOuFuHPwMVSO+vuQfjESaf+pmaiYtFHlwu/7f5l4vUlRBBFrxBgYcT94X5Ier+EHP3DT0exnje1mfiAckgRjD+eUGCkJIYYHrCOjP3Lx8ITxqLDvu+HYS3xCJW6JsayMFxs5bwqyJVcQe8HRdwSnXOAfW8H8CSkfAkgwsim+z4ro/mfNoEU/IBYy+Hpc2kUewaSA+GNfVwjhBUA3gMHqqkTsTm32YJ/oXb6UGViq8ymhnSoPVoS9bCgehVT3mQ8iSosAGjXhC17Sqb4RUsgBWVtg59fN646UnKWPz2wJSh7xcggD template: metadata: creationTimestamp: null diff --git a/data.d/k3s-master/manifests.d/hurzak/public-services/nitter/deployment.yaml b/data.d/k3s-master/manifests.d/hurzak/public-services/nitter/deployment.yaml deleted file mode 100644 index 0452599..0000000 --- a/data.d/k3s-master/manifests.d/hurzak/public-services/nitter/deployment.yaml +++ /dev/null @@ -1,44 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nitter - namespace: public-services -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: nitter - app.kubernetes.io/part-of: public-services - template: - metadata: - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: nitter - app.kubernetes.io/part-of: public-services - spec: - containers: - - name: nitter - image: zedeus/nitter - ports: - - containerPort: 8080 - env: - - name: REDIS_HOST - value: "redis-nitter-master" - volumeMounts: - - name: config - subPath: nitter.conf - mountPath: /src/nitter.conf - resources: - requests: - memory: 11Mi - limits: - memory: 32Mi - volumes: - - name: config - secret: - secretName: nitter-config -... diff --git a/data.d/k3s-master/manifests.d/hurzak/public-services/nitter/sealed-secret.yaml b/data.d/k3s-master/manifests.d/hurzak/public-services/nitter/sealed-secret.yaml deleted file mode 100644 index ab6cf1b..0000000 --- a/data.d/k3s-master/manifests.d/hurzak/public-services/nitter/sealed-secret.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: nitter-config - namespace: public-services -spec: - encryptedData: - nitter.conf: AgA/KW9/ptYadmBAk8uwZ4u/OkJqzLg3Cns+XPGKHKii66esMuA9M4EqqB8dMHbI1zZi5wPxcdVBNeEX2cguPv0V9/PYtq24T5HJ2tGiQKKPxi1KqQUJquIxyDYZIzr5qYCu9TQfUSIQg3aGzuKyJTdckG3BJtjnGY8DMU/AIfSeU67ZEyNWSFmUtt80pqCL0oKi+tq7Bngb9jFCJHQv5F0yWF2MehuknNuI++QECAModVtkq/nRViKSGaN8IqVDWnfn71vH7CRsbL5c/Eb9ra7ptAHtLEuC54U5ezDhNEeJt93SGw6yniBy69sBtAauWzGofhK3y+eVAsjZsRZPZGpyyziHl21MHJdaCjvJTvxVp8tJqtD2bwOZTczV2tZO84ES2wftqgZaWBOqewtgPcH/yC4AtHdgK1xlEwNbE8EQ0rCpWdhPTsK4ZB3r9w2xujbQh5DiH7y+D50z4D54BJdvmdC/M/9s4WdSytSGF7fXU9LOfUE4/r9fUDn6vEDe5UYoFY9ej7ObBP6tZ2OFOizmyZ0BbS+IZ+szHHZI3Scgl1nPzUhJ3XcFQC549va5QgWg07ykFZdf/EDypbic/iK2Bke31G9BtP1DCoj34FUh+APIwUKEx9SnXJ732wOo7zPN0JCW32K8+OrStdKCX2K7STLoQ8Tby9Az5H0DSnTaYQvrt+FvRuNX+vriC4u4L8C5rQbRxJi67e1+FDPp8XoxZrhv5UZuS1hA5X2nEL+Q76s1ZdHiokVvBqj82F0fW7Jymt3AeGPqgorWWlmCJrLw7Rqfq3AoRy5QQ94jF4emeMVzZlp5HND0ZaIlajUeNl8R7/qmMgy/BoRnJP+QAhIfX8mwFowRnDY1YASIpt+eNoYf8XLaJO611glOTdUgt3FVNE1+3qbO7agBTx/rX9lfJf2BMwSyEWqsQbM+pnxQZxS36j85deTxTze758raPNgEcT2p4dr0RCWJt0jJchEpWcBLdGNMM+5J+Y5WQOFiA+MyS3R0SlSib+grvoxgFZMDO9UPJvCkijxuAki1n2y5D2S2vbNn2Cnk1gBCFBFbrK2u41i2HXsl1o4YoBTqinaD4SktCnJ1WSXalaVMkBA6FZz9tiyHwbC3LQRy8UoeSEF3cz90jD6JniN2nn5K2CmgSKiJLBNk/UDhiLEicCbVBkwuOxvygc07fTYU/+fWIV0HqkkdhTby3mLL//ylQNB2axlujeQgqfQEcqrkYbQrNaCh+cpQTBy9sV0yVAgXDrrhPjnvTWelp8V6wtUypLFh0CoEZ9qdgUiFPLSy1Jkt72zPiur7Uml6UAPaw5Q4Y5U7rHB530m1XWpfw7xQ43yMTI9P3aBPxgVyz0k0NAdWlCgXpqyH1Lrn/d0LmGRmDhsvJtO6ArJyikO3bbxecYCyOVDNZO4Uglf/vqKbhUtqRgj8xYV6tZqaoNk/AHAMVAncSCas7ffDS9Awx0GNhcPz0Vw5h/VeeuR2HbVcclLZ3hPKQUfGGHdUyO3nxSxyuGdjNiuJjiSsyWRoX57sxpX2DeQyqrxddsL9Hudxc9RMdpkq6YchfoReF3vdDkgENwAYI4A0xFRNgn8I8vDSx9A2UKjahns/aRvRJ6LLrn2KvXW5yQk2Oomdo4ak2Co2HAmVVa/C6WbsnlPzaHLVGupEVwV/aw== - template: - metadata: - creationTimestamp: null - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: nitter-config - app.kubernetes.io/part-of: nitter - name: nitter-config - namespace: public-services - type: Opaque - diff --git a/data.d/k3s-master/manifests.d/hurzak/public-services/teddit/deployment.yaml b/data.d/k3s-master/manifests.d/hurzak/public-services/teddit/deployment.yaml deleted file mode 100644 index 9d79c61..0000000 --- a/data.d/k3s-master/manifests.d/hurzak/public-services/teddit/deployment.yaml +++ /dev/null @@ -1,44 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: teddit - namespace: public-services -spec: - replicas: 2 - selector: - matchLabels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: teddit - app.kubernetes.io/part-of: public-services - template: - metadata: - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: teddit - app.kubernetes.io/part-of: public-services - spec: - containers: - - name: teddit - image: teddit/teddit:latest - ports: - - containerPort: 8080 - env: - - name: DOMAIN - value: "reddit.alt.tyil.nl" - - name: REDIS_HOST - value: "redis-teddit-master" - - name: TRUST_PROXY - value: "true" - - name: USE_HELMET - value: "true" - - name: USE_HELMET_HSTS - value: "true" - resources: - requests: - memory: 113Mi - limits: - memory: 256Mi -... diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/helm-chart.yaml new file mode 100644 index 0000000..bfa00c1 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/helm-chart.yaml @@ -0,0 +1,49 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: keycloak + namespace: auth-system +spec: + chart: oci://registry-1.docker.io/bitnamicharts/keycloak + valuesContent: |- + global: + storageClass: longhorn + clusterDomain: k3s.tyil.nl + externalDatabase: + existingSecret: keycloak-database + existingSecretHostKey: host + existingSecretPortKey: port + existingSecretUserKey: user + existingSecretDatabaseKey: database + existingSecretPasswordKey: password + extraEnvVars: + - name: KC_HOSTNAME_URL + value: "https://keycloak.tyil.nl" + - name: KC_HOSTNAME_ADMIN_URL + value: "https://keycloak.tyil.nl" + - name: KC_PROXY + value: "edge" + resources: + requests: + cpu: 100m + memory: 512Mi + limits: + cpu: 200m + memory: 1024Mi + ingress: + enabled: true + certManager: true + tls: true + hostname: keycloak.tyil.nl + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd + ingressClassName: traefik + metrics: + enabled: true + serviceMonitor: + enabled: true + postgresql: + enabled: false +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/deployment.yaml new file mode 100644 index 0000000..26f46ef --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/deployment.yaml @@ -0,0 +1,58 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: lldap + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system + spec: + nodeName: oolah.tyil.net + containers: + - env: + - name: GID + value: "1001" + - name: TZ + value: Europe/Amsterdam + - name: UID + value: "1001" + image: nitnelave/lldap:stable + name: lldap + ports: + - containerPort: 3890 + - containerPort: 6360 + - containerPort: 17170 + volumeMounts: + - mountPath: /data + name: data + resources: + requests: + memory: 32Mi + limits: + memory: 128Mi + restartPolicy: Always + volumes: + - name: data + hostPath: + path: /etc/lldap +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/ingress.yaml new file mode 100644 index 0000000..4e32f29 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/ingress.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: lldap + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: + - ldap.tyil.nl + secretName: tls-nl.tyil.ldap + rules: + - host: ldap.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: lldap + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/persistent-volume-claim.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/persistent-volume-claim.yaml new file mode 100644 index 0000000..38479d4 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/persistent-volume-claim.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: lldap + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system +spec: + storageClassName: longhorn + resources: + requests: + storage: "1Mi" + accessModes: + - ReadWriteMany +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/service.yaml new file mode 100644 index 0000000..76aea0f --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/service.yaml @@ -0,0 +1,51 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: lldap + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system + ports: + - name: http + port: 80 + targetPort: 17170 +... +--- +apiVersion: v1 +kind: Service +metadata: + # This port may _not_ be named "lldap_ldap", as the application itself wants + # to use LLDAP_LDAP_PORT, which Kubernetes will override with a value the + # application can't handle. + name: ldap + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system + type: LoadBalancer + ports: + - name: ldap + port: 389 + targetPort: 3890 + - name: ldaps + port: 636 + targetPort: 6360 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/helm-chart b/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/helm-chart new file mode 100644 index 0000000..4350177 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/helm-chart @@ -0,0 +1,13 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: certmanager + namespace: kube-system +spec: + repo: https://charts.jetstack.io + chart: cert-manager + targetNamespace: base-system + valuesContent: | + installCRDs: true +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/letsencrypt-production.yaml b/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/letsencrypt-production.yaml new file mode 100644 index 0000000..dbff2c2 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/letsencrypt-production.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-production +spec: + acme: + email: root@tyil.net + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: clusterissuer-letsencrypt-production + solvers: + - http01: + ingress: + class: traefik +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/letsencrypt-staging.yaml b/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/letsencrypt-staging.yaml new file mode 100644 index 0000000..9b0a27d --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/letsencrypt-staging.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-staging +spec: + acme: + email: root@tyil.net + server: https://acme-staging-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: clusterissuer-letsencrypt-staging + solvers: + - http01: + ingress: + class: traefik + selector: {} +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/deployment.yaml new file mode 100644 index 0000000..68b920f --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/deployment.yaml @@ -0,0 +1,68 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: garage + namespace: base-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: garage + app.kubernetes.io/part-of: base-system +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: garage + app.kubernetes.io/part-of: base-system + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: garage + app.kubernetes.io/part-of: base-system + spec: + nodeName: mieshu.tyil.net + containers: + - image: dxflrs/garage:v0.8.0 + name: garage + ports: + - containerPort: 3900 + - containerPort: 3901 + - containerPort: 3902 + - containerPort: 3903 + - containerPort: 3904 + volumeMounts: + - mountPath: /var/lib/garage/meta + name: meta + - mountPath: /var/lib/garage/data + name: data + - mountPath: /etc/garage.toml + name: config + restartPolicy: Always + volumes: + - name: data + hostPath: + path: /mnt/pool/garage/data + - name: meta + hostPath: + path: /mnt/pool/garage/meta + - name: config + hostPath: + path: /etc/garage.toml + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - garage + topologyKey: "kubernetes.io/hostname" +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/ingress.yaml new file mode 100644 index 0000000..92458cc --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/ingress.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: garage + namespace: base-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: s3 + app.kubernetes.io/part-of: garage + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: + - misskey.s3.tyil.nl + secretName: tls-nl.tyil.s3.misskey + - hosts: + - dist.s3.tyil.nl + secretName: tls-nl-tyil.s3.dist + rules: + - host: "*.s3.tyil.nl" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: garage + port: + number: 3902 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/persistent-volume-claim.yaml b/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/persistent-volume-claim.yaml new file mode 100644 index 0000000..8e54918 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/persistent-volume-claim.yaml @@ -0,0 +1,38 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: garage-data + namespace: base-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: garage-data + app.kubernetes.io/part-of: base-system +spec: + storageClassName: longhorn + resources: + requests: + storage: "10Gi" + accessModes: + - ReadWriteMany +... +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: garage-meta + namespace: base-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: garage-meta + app.kubernetes.io/part-of: base-system +spec: + storageClassName: longhorn + resources: + requests: + storage: "5Gi" + accessModes: + - ReadWriteMany +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/service.yaml new file mode 100644 index 0000000..fa48032 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/service.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: garage + namespace: base-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: garage + app.kubernetes.io/part-of: base-system +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: garage + app.kubernetes.io/part-of: base-system + type: LoadBalancer + ports: + - name: s3 + port: 3900 + targetPort: 3900 + - name: s3-rpc + port: 3901 + targetPort: 3901 + - name: s3-web + port: 3902 + targetPort: 3902 + - name: s3-admin + port: 3903 + targetPort: 3903 + - name: s3-k2v + port: 3904 + targetPort: 3904 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/base-system/longhorn/auth-proxy.yaml b/data.d/k3s-master/manifests.d/tyilnet/base-system/longhorn/auth-proxy.yaml new file mode 100644 index 0000000..d3823c1 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/longhorn/auth-proxy.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: auth-proxy-longhorn + namespace: base-system +spec: + chart: https://git.tyil.nl/helm/oauth2-proxy/snapshot/oauth2-proxy-497a618778ead59ce985b81031a863dda9ff2126.tar.gz + valuesContent: |- + image: + tag: v7.4.0 + secret: + enabled: false + envFrom: + secretRef: + - name: auth-proxy-longhorn + ingress: + enabled: true + ingressClassName: traefik + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd + tls: + - secretName: tls-nl.tyil.longhorn + hosts: + - longhorn.tyil.nl + hosts: + - host: longhorn.tyil.nl + paths: + - path: / + pathType: Prefix diff --git a/data.d/k3s-master/manifests.d/tyilnet/base-system/longhorn/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/base-system/longhorn/helm-chart.yaml new file mode 100644 index 0000000..e5cce42 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/longhorn/helm-chart.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: longhorn + namespace: base-system +spec: + repo: https://charts.longhorn.io + chart: longhorn + valuesContent: |- + persistence: + defaultClass: true + defaultFsType: xfs + defaultClassReplicaCount: 1 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/base-system/longhorn/service-monitor.yaml b/data.d/k3s-master/manifests.d/tyilnet/base-system/longhorn/service-monitor.yaml new file mode 100644 index 0000000..07981b6 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/longhorn/service-monitor.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: longhorn + namespace: base-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: longhorn + app.kubernetes.io/part-of: base-system +spec: + selector: + matchLabels: + app: longhorn-manager + namespaceSelector: + matchNames: + - base-system + endpoints: + - port: manager +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/event-bus.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/event-bus.yaml new file mode 100644 index 0000000..b7d1b72 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/event-bus.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: EventBus +metadata: + name: default + namespace: cicd-system +spec: + nats: + native: + replicas: 3 + containerTemplate: + resources: + requests: + cpu: "10m" + memory: "64Mi" + #persistence: + # storageClassName: longhorn + # accessMode: ReadWriteOnce + # volumeSize: 10Gi +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/helm-chart.yaml new file mode 100644 index 0000000..3acd2cd --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/helm-chart.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: argo-events + namespace: cicd-system +spec: + repo: https://argoproj.github.io/argo-helm + chart: argo-events + valuesContent: |- + controller: + rbac: + namespaced: true + serviceAccount: + name: argo-events +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-workflows/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-workflows/helm-chart.yaml new file mode 100644 index 0000000..7978820 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-workflows/helm-chart.yaml @@ -0,0 +1,64 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: argo-workflows + namespace: cicd-system +spec: + repo: https://argoproj.github.io/argo-helm + chart: argo-workflows + valuesContent: |- + artifactRepository: + archiveLogs: true + s3: + bucket: argo + endpoint: 10.57.101.1:3900 + insecure: true + accessKeySecret: + name: credentials + key: garageAccessKey + secretKeySecret: + name: credentials + key: garageSecretKey + controller: + persistence: + archive: true + postgresql: + host: 10.57.101.20 + port: 5432 + database: argo + tableName: argo_workflows + userNameSecret: + name: credentials + key: postgresqlUsername + passwordSecret: + name: credentials + key: postgresqlPassword + workflowDefaults: + spec: + entrypoint: main + serviceAccountName: "argo-runner" + ttlStrategy: + secondsAfterCompletion: 300 + podGC: + strategy: null + singleNamespace: true + server: + extraArgs: + - "--auth-mode=server" + ingress: + enabled: false + ingressClassName: traefik + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd + tls: + - secretName: tls-nl.tyil.ci + hosts: + - ci.tyil.nl + hosts: + - ci.tyil.nl + workflow: + serviceAccount: + create: true +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/auth-proxy.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/auth-proxy.yaml new file mode 100644 index 0000000..3b96bf8 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/auth-proxy.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: auth-proxy-ci + namespace: cicd-system +spec: + chart: https://git.tyil.nl/helm/oauth2-proxy/snapshot/oauth2-proxy-497a618778ead59ce985b81031a863dda9ff2126.tar.gz + valuesContent: |- + image: + tag: v7.4.0 + secret: + enabled: false + envFrom: + secretRef: + - name: auth-proxy-ci + ingress: + enabled: true + ingressClassName: traefik + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd + traefik.ingress.kubernetes.io/router.middlewares: kube-system-headers-argo@kubernetescrd + tls: + - secretName: tls-nl.tyil.ci + hosts: + - ci.tyil.nl + hosts: + - host: ci.tyil.nl + paths: + - path: / + pathType: Prefix +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/ingress.yaml new file mode 100644 index 0000000..39da576 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/ingress.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ci + namespace: cicd-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: trigger-bashtard + app.kubernetes.io/part-of: cicd-system + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd + traefik.ingress.kubernetes.io/router.middlewares: kube-system-headers-argo@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: + - ci.tyil.nl + secretName: tls-nl.tyil.ci + rules: + - host: ci.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: auth-proxy-ci-oauth2-proxy + port: + number: 4180 + - path: /trigger + pathType: Prefix + backend: + service: + name: webhook-eventsource-svc + port: + number: 12000 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/rbac.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/rbac.yaml new file mode 100644 index 0000000..ddca028 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/rbac.yaml @@ -0,0 +1,101 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argo-runner + namespace: cicd-system +automountServiceAccountToken: true +... +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-runner + namespace: cicd-system +rules: +- apiGroups: + - "" + resources: + - secrets + - persistentvolumeclaims + - pods + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + verbs: + - get + - list +- apiGroups: + - argoproj.io + resources: + - eventbus + - eventsources + - sensors + verbs: + - get + - list + - watch +- apiGroups: + - argoproj.io + resources: + - workflows + - workflowtaskresults + verbs: + - get + - list + - create + - update + - patch + - watch +... +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argo-runner + namespace: cicd-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-runner +subjects: +- kind: ServiceAccount + name: argo-runner + namespace: cicd-system +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/event-bus/default.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/event-bus/default.yaml new file mode 100644 index 0000000..20143b6 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/event-bus/default.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: EventBus +metadata: + name: default + namespace: cicd-system +spec: + nats: + native: + replicas: 3 + containerTemplate: + resources: + requests: + cpu: "10m" + memory: "64Mi" + persistence: + storageClassName: longhorn + accessMode: ReadWriteOnce + volumeSize: 10Gi +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/event-sources/webhook.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/event-sources/webhook.yaml new file mode 100644 index 0000000..1b901e0 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/event-sources/webhook.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: EventSource +metadata: + name: webhook + namespace: cicd-system +spec: + service: + ports: + - port: 12000 + targetPort: 12000 + webhook: + default: + endpoint: /trigger + method: POST + port: "12000" + url: https://ci.tyil.nl + generic-raku: + endpoint: /trigger/generic-raku + method: POST + port: "12000" + url: https://ci.tyil.nl + project-bashtard: + endpoint: /trigger/project-bashtard + method: POST + port: "12000" + url: https://ci.tyil.nl +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/default.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/default.yaml new file mode 100644 index 0000000..b97239c --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/default.yaml @@ -0,0 +1,61 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Sensor +metadata: + name: default + namespace: cicd-system +spec: + template: + serviceAccountName: argo-runner + dependencies: + - name: webhook + eventSourceName: webhook + eventName: generic + triggers: + - template: + name: webhook-workflow-trigger + k8s: + operation: create + source: + resource: + apiVersion: argoproj.io/v1alpha1 + kind: Workflow + metadata: + generateName: generic + spec: + entrypoint: main + arguments: + parameters: + - name: ref + value: "" + - name: repo + value: "" + templates: + - name: main + inputs: + parameters: + - name: ref + value: "{{workflows.parameters.ref}}" + steps: + - - name: main + templateRef: + name: generic + template: main + arguments: + parameters: + - name: ref + value: "{{inputs.parameters.ref}}" + - name: repo + value: "{{inputs.parameters.repo}}" + parameters: + - src: + dependencyName: webhook + dataKey: body.commit + value: "origin/master" + dest: spec.arguments.parameters.0.value + - src: + dependencyName: "webhook" + dataKey: body.repo + value: "" + dest: spec.arguments.parameters.1.value +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/generic-raku.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/generic-raku.yaml new file mode 100644 index 0000000..ca42ce9 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/generic-raku.yaml @@ -0,0 +1,61 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Sensor +metadata: + name: generic-raku + namespace: cicd-system +spec: + template: + serviceAccountName: argo-runner + dependencies: + - name: webhook + eventSourceName: webhook + eventName: project-raku-config-parser-toml + triggers: + - template: + name: webhook-workflow-trigger + k8s: + operation: create + source: + resource: + apiVersion: argoproj.io/v1alpha1 + kind: Workflow + metadata: + generateName: generic-raku- + spec: + entrypoint: main + arguments: + parameters: + - name: ref + value: "" + - name: repo + value: "" + templates: + - name: main + inputs: + parameters: + - name: ref + value: "{{workflows.parameters.ref}}" + steps: + - - name: main + templateRef: + name: generic-raku + template: main + arguments: + parameters: + - name: ref + value: "{{inputs.parameters.ref}}" + - name: repo + value: "{{inputs.parameters.repo}}" + parameters: + - src: + dependencyName: webhook + dataKey: body.commit + value: "origin/master" + dest: spec.arguments.parameters.0.value + - src: + dependencyName: "webhook" + dataKey: body.repo + value: "" + dest: spec.arguments.parameters.1.value +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/project-bashtard.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/project-bashtard.yaml new file mode 100644 index 0000000..8e77b3a --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/project-bashtard.yaml @@ -0,0 +1,52 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Sensor +metadata: + name: project-bashtard + namespace: cicd-system +spec: + template: + serviceAccountName: argo-runner + dependencies: + - name: webhook + eventSourceName: webhook + eventName: project-bashtard + triggers: + - template: + name: webhook-workflow-trigger + k8s: + operation: create + source: + resource: + apiVersion: argoproj.io/v1alpha1 + kind: Workflow + metadata: + generateName: project-bashtard- + spec: + entrypoint: main + arguments: + parameters: + - name: ref + value: "" + templates: + - name: main + inputs: + parameters: + - name: ref + value: "{{workflows.parameters.ref}}" + steps: + - - name: main + templateRef: + name: project-bashtard + template: main + arguments: + parameters: + - name: ref + value: "{{inputs.parameters.ref}}" + parameters: + - src: + dependencyName: webhook + dataKey: body.commit + value: "master" + dest: spec.arguments.parameters.0.value +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/fetch-git.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/fetch-git.yaml new file mode 100644 index 0000000..0742e79 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/fetch-git.yaml @@ -0,0 +1,46 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: WorkflowTemplate +metadata: + name: fetch-git + namespace: cicd-system +spec: + arguments: + parameters: + - name: repo + value: "" + - name: ref + value: master + - name: path + value: "/usr/src" + templates: + - name: main + inputs: + parameters: + - name: repo + value: "{{workflow.parameters.repo}}" + - name: ref + value: "{{workflow.parameters.ref}}" + - name: path + value: "{{workflow.parameters.path}}" + outputs: + artifacts: + - name: src + path: "{{inputs.parameters.path}}" + script: + image: debian + command: + - dash + source: | + export DEBIAN_FRONTEND=noninteractive + export GIT_WORK_TREE="{{inputs.parameters.path}}" + export GIT_DIR="$(mktemp -d)" + mkdir -pv -- "$GIT_WORK_TREE" + + apt update && apt install -y git + + git init + git remote add origin "{{inputs.parameters.repo}}" + git fetch origin -a + git reset --hard "{{inputs.parameters.ref}}" +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/generic-raku.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/generic-raku.yaml new file mode 100644 index 0000000..869c497 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/generic-raku.yaml @@ -0,0 +1,82 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: WorkflowTemplate +metadata: + name: generic-raku + namespace: cicd-system +spec: + entrypoint: main + arguments: + parameters: + - name: dist + value: false + - name: ref + value: origin/master + - name: repo + value: "" + templates: + - name: main + dag: + tasks: + - name: workdir + templateRef: + name: util + template: pvc-create + - name: fetch + templateRef: + name: util + template: fetch-git + arguments: + parameters: + - name: ref + value: "{{workflow.parameters.ref}}" + - name: repo + value: "{{workflow.parameters.repo}}" + - name: workingPVC + value: "{{tasks.workdir.outputs.parameters.name}}" + dependencies: + - workdir + - name: qa-prove + templateRef: + name: util-raku + template: qa-prove + arguments: + parameters: + - name: workingPVC + value: "{{tasks.workdir.outputs.parameters.name}}" + dependencies: + - fetch + - name: qa-reuse + templateRef: + name: util + template: qa-reuse + arguments: + parameters: + - name: workingPVC + value: "{{tasks.workdir.outputs.parameters.name}}" + dependencies: + - fetch + - name: qa-fez + templateRef: + name: util-raku + template: qa-fez + arguments: + parameters: + - name: workingPVC + value: "{{tasks.workdir.outputs.parameters.name}}" + dependencies: + - fetch + - name: dist-fez + templateRef: + name: util-raku + template: dist-fez + arguments: + parameters: + - name: workingPVC + value: "{{tasks.workdir.outputs.parameters.name}}" + dependencies: + - qa-prove + - qa-reuse + - qa-fez + when: "{{workflow.parameters.dist}} == true" +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/generic.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/generic.yaml new file mode 100644 index 0000000..5e541df --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/generic.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: WorkflowTemplate +metadata: + name: generic + namespace: cicd-system +spec: + entrypoint: main + arguments: + parameters: + - name: ref + value: origin/master + - name: repo + value: "" + - name: vcs + value: "git" + templates: + - name: main + dag: + tasks: + - name: workdir + templateRef: + name: util + template: pvc-create + # TODO: Decide on fetch function + # TODO: Check for Makefile + # TODO: Run make install-deps + # TODO: Run make test + - name: fetch + templateRef: + name: util + template: fetch-git + arguments: + parameters: + - name: ref + value: "{{workflow.parameters.ref}}" + - name: repo + value: "{{workflow.parameters.repo}}" + - name: workingPVC + value: "{{tasks.workdir.outputs.parameters.name}}" + dependencies: + - workdir +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/project-bashtard.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/project-bashtard.yaml new file mode 100644 index 0000000..0642028 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/project-bashtard.yaml @@ -0,0 +1,90 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: WorkflowTemplate +metadata: + name: project-bashtard + namespace: cicd-system +spec: + arguments: + parameters: + - name: ref + value: origin/master + templates: + - name: main + steps: + - - name: fetch + templateRef: + name: fetch-git + template: main + arguments: + parameters: + - name: ref + value: "{{workflow.parameters.ref}}" + - name: repo + value: "https://git.tyil.nl/bashtard" + - - name: qa-reuse + templateRef: + name: qa-reuse + template: main + arguments: + artifacts: + - name: src + from: "{{steps.fetch.outputs.artifacts.src}}" + - name: qa-shellcheck + template: qa-shellcheck + arguments: + artifacts: + - name: src + from: "{{steps.fetch.outputs.artifacts.src}}" + - - name: dist-tar-gz + template: dist + arguments: + artifacts: + - name: src + from: "{{steps.fetch.outputs.artifacts.src}}" + parameters: + - name: format + value: targz + - name: dist-deb + template: dist + arguments: + artifacts: + - name: src + from: "{{steps.fetch.outputs.artifacts.src}}" + parameters: + - name: format + value: debian + + - name: qa-shellcheck + inputs: + artifacts: + - name: src + path: "/code" + script: + image: pipelinecomponents/shellcheck + command: + - bash + source: |- + shellcheck -s sh bin/bashtard + shellcheck -x -s bash **/*.bash + + - name: dist + inputs: + artifacts: + - name: src + path: "/usr/src/bashtard-{{workflow.parameters.ref}}" + parameters: + - name: format + value: "targz" + script: + image: debian + command: + - dash + source: |- + export DEBIAN_FRONTEND=noninteractive + + cd -- "/usr/src/bashtard-{{workflow.parameters.ref}}" + + apt update && apt install -y make + make pkg-{{inputs.parameters.format}} +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/qa-reuse.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/qa-reuse.yaml new file mode 100644 index 0000000..7c7d455 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/qa-reuse.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: WorkflowTemplate +metadata: + name: qa-reuse + namespace: cicd-system +spec: + arguments: + parameters: + - name: path + value: "/usr/src" + artifacts: + - name: src + from: "" + templates: + - name: main + inputs: + parameters: + - name: path + value: "{{workflow.parameters.path}}" + artifacts: + - name: src + path: "{{workflow.artifacts.path}}" + container: + image: fsfe/reuse + workdir: "{{inputs.parameters.path}}" + command: + - reuse + args: + - lint +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/util-raku.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/util-raku.yaml new file mode 100644 index 0000000..2d0f606 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/util-raku.yaml @@ -0,0 +1,216 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: WorkflowTemplate +metadata: + name: util-raku + namespace: cicd-system +spec: + templates: + - name: dist-fez + inputs: + parameters: + - name: fezUsernameSecret + value: "credentials-fez" + - name: fezPasswordSecret + value: "credentials-fez" + - name: fezUsernameSecretKey + value: "username" + - name: fezPasswordSecretKey + value: "password" + - name: workingDir + value: "/work" + - name: workingPVC + value: "" + script: + image: rakudo-star + env: + - name: FEZ_USERNAME + valueFrom: + secretKeyRef: + name: "{{inputs.parameters.fezUsernameSecret}}" + key: "{{inputs.parameters.fezUsernameSecretKey}}" + - name: FEZ_PASSWORD + valueFrom: + secretKeyRef: + name: "{{inputs.parameters.fezPasswordSecret}}" + key: "{{inputs.parameters.fezPasswordSecretKey}}" + command: + - sh + source: | + cd -- "{{inputs.parameters.workingDir}}" + + set -x + + apt update && apt install -y expect + zef install fez --exclude="z" + + expect <<-EOF + set timeout 30 + + spawn fez login + + expect ">>= Username*" { + send -- "$FEZ_USERNAME\r" + } + + expect ">>= Password*" { + log_user 0 + send -- "$FEZ_PASSWORD\r" + log_user 1 + } + + expect { + eof { + exit 0 + } + + "*Failed to login*" { + exit 1 + } + } + + EOF + + printf "\n" + + expect <<-EOF + set timeout 60 + + spawn fez upload -f + + expect { + "Upload anyway*" { + send -- "n\r" + exit 1 + } + eof { + exit 0 + } + } + EOF + volumeMounts: + - name: workdir + mountPath: "{{inputs.parameters.workingDir}}" + volumes: + - name: workdir + persistentVolumeClaim: + claimName: "{{inputs.parameters.workingPVC}}" + + - name: qa-fez + inputs: + parameters: + - name: fezUsernameSecret + value: "credentials-fez" + - name: fezPasswordSecret + value: "credentials-fez" + - name: fezUsernameSecretKey + value: "username" + - name: fezPasswordSecretKey + value: "password" + - name: workingDir + value: "/work" + - name: workingPVC + value: "" + script: + image: rakudo-star + env: + - name: FEZ_USERNAME + valueFrom: + secretKeyRef: + name: "{{inputs.parameters.fezUsernameSecret}}" + key: "{{inputs.parameters.fezUsernameSecretKey}}" + - name: FEZ_PASSWORD + valueFrom: + secretKeyRef: + name: "{{inputs.parameters.fezPasswordSecret}}" + key: "{{inputs.parameters.fezPasswordSecretKey}}" + command: + - sh + source: | + cd -- "{{inputs.parameters.workingDir}}" + + set -x + + apt update && apt install -y expect + zef install fez --exclude="z" + + expect <<-EOF + set timeout 30 + log_user 0 + + spawn fez login + + expect ">>= Username*" { + send -- "$FEZ_USERNAME\r" + } + + expect ">>= Password*" { + send -- "$FEZ_PASSWORD\r" + } + + expect { + eof { + exit 0 + } + + "*Failed to login*" { + exit 1 + } + } + EOF + + printf "\n" + + expect <<-EOF + set timeout 60 + + spawn fez upload --dry-run + + expect { + "*ERROR*" { + exit 1 + } + + eof { + exit 0 + } + } + EOF + fez_exit=$? + + rm -fr -- sdist # Who in their right mind leaves trash on a dry-run + exit $fez_exit + volumeMounts: + - name: workdir + mountPath: "{{inputs.parameters.workingDir}}" + volumes: + - name: workdir + persistentVolumeClaim: + claimName: "{{inputs.parameters.workingPVC}}" + + - name: qa-prove + inputs: + parameters: + - name: workingDir + value: "/work" + - name: workingPVC + value: "" + script: + image: rakudo-star + command: + - sh + source: | + cd -- "{{inputs.parameters.workingDir}}" + + set -x + + zef install . --deps-only + prove6 -lv --timer + volumeMounts: + - name: workdir + mountPath: "{{inputs.parameters.workingDir}}" + volumes: + - name: workdir + persistentVolumeClaim: + claimName: "{{inputs.parameters.workingPVC}}" +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/util.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/util.yaml new file mode 100644 index 0000000..465311b --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/util.yaml @@ -0,0 +1,107 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: WorkflowTemplate +metadata: + name: util + namespace: cicd-system +spec: + templates: + - name: fetch-git + inputs: + parameters: + - name: repo + value: "" + - name: ref + value: "origin/master" + - name: workingDir + value: "/work" + - name: workingPVC + value: "" + script: + image: debian + command: + - dash + source: | + export DEBIAN_FRONTEND=noninteractive + export GIT_WORK_TREE="{{inputs.parameters.workingDir}}" + export GIT_DIR="$GIT_WORK_TREE/.git" + + apt update && apt install -y git + + git init + git remote add origin "{{inputs.parameters.repo}}" + git fetch origin -a + git reset --hard "{{inputs.parameters.ref}}" + volumeMounts: + - name: workdir + mountPath: "{{inputs.parameters.workingDir}}" + volumes: + - name: workdir + persistentVolumeClaim: + claimName: "{{inputs.parameters.workingPVC}}" + + - name: pvc-create + inputs: + parameters: + - name: size + value: 1Gi + - name: storageClass + value: longhorn + - name: namePrefix + value: argo- + outputs: + parameters: + - name: name + valueFrom: + jsonPath: "{.metadata.name}" + resource: + action: create + setOwnerReference: true + manifest: | + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + generateName: "{{inputs.parameters.namePrefix}}" + spec: + storageClassName: "{{inputs.parameters.storageClass}}" + accessModes: + - ReadWriteMany + resources: + requests: + storage: "{{inputs.parameters.size}}" + + - name: pvc-delete + inputs: + parametes: + - name: name + value: "" + resource: + action: delete + manifest: | + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: "{{inputs.parameters.name}}" + + - name: qa-reuse + inputs: + parameters: + - name: workingDir + value: "/work" + - name: workingPVC + value: "" + script: + image: fsfe/reuse + command: + - sh + source: | + cd -- "{{inputs.parameters.workingDir}}" + reuse lint + volumeMounts: + - name: workdir + mountPath: "{{inputs.parameters.workingDir}}" + volumes: + - name: workdir + persistentVolumeClaim: + claimName: "{{inputs.parameters.workingPVC}}" +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/kube-system/amdgpu-device-plugin/deamon-set.yaml b/data.d/k3s-master/manifests.d/tyilnet/kube-system/amdgpu-device-plugin/deamon-set.yaml new file mode 100644 index 0000000..9faf539 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/kube-system/amdgpu-device-plugin/deamon-set.yaml @@ -0,0 +1,40 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: amdgpu-device-plugin-daemonset + namespace: kube-system +spec: + selector: + matchLabels: + name: amdgpu-dp-ds + template: + metadata: + labels: + name: amdgpu-dp-ds + spec: + nodeSelector: + kubernetes.io/arch: amd64 + amdgpu: "true" + priorityClassName: system-node-critical + tolerations: + - key: CriticalAddonsOnly + operator: Exists + containers: + - image: rocm/k8s-device-plugin + name: amdgpu-dp-cntr + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + volumeMounts: + - name: dp + mountPath: /var/lib/kubelet/device-plugins + - name: sys + mountPath: /sys + volumes: + - name: dp + hostPath: + path: /var/lib/kubelet/device-plugins + - name: sys + hostPath: + path: /sys diff --git a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/helm-chart-config.yaml b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/helm-chart-config.yaml new file mode 100644 index 0000000..a9ab6af --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/helm-chart-config.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChartConfig +metadata: + name: traefik + namespace: kube-system +spec: + valuesContent: |- + deployment: + kind: DaemonSet +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-argo.yaml b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-argo.yaml new file mode 100644 index 0000000..c19e4f6 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-argo.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: headers-argo + namespace: kube-system +spec: + headers: + stsPreload: true + forceSTSHeader: true + contentSecurityPolicy: "default-src 'self' 'unsafe-eval' 'unsafe-inline'; img-src 'self' data:; worker-src *" +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-keycloak.yaml b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-keycloak.yaml new file mode 100644 index 0000000..d8e4001 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-keycloak.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: headers-keycloak + namespace: kube-system +spec: + headers: + stsPreload: true + forceSTSHeader: true + contentSecurityPolicy: "default-src 'self'; style-src 'unsafe-inline'" +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-nextcloud.yaml b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-nextcloud.yaml new file mode 100644 index 0000000..e3b4179 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-nextcloud.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: headers-nextcloud + namespace: kube-system +spec: + headers: + stsPreload: true + forceSTSHeader: true + contentSecurityPolicy: "default-src 'self' data: 'unsafe-inline';" +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-https.yaml b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-https.yaml new file mode 100644 index 0000000..0bfb82c --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-https.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: redirect-https + namespace: kube-system +spec: + redirectScheme: + scheme: https + permanent: true +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/monitoring/grafana/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/monitoring/grafana/helm-chart.yaml new file mode 100644 index 0000000..20fc702 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/monitoring/grafana/helm-chart.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: grafana + namespace: kube-system +spec: + repo: https://grafana.github.io/helm-charts + chart: grafana + targetNamespace: monitoring + valuesContent: |- + ingress: + enabled: true + ingressClassName: "traefik" + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + tls: + - hosts: + - grafana.tyil.nl + secretName: tls-nl.tyil.grafana + hosts: + - "grafana.tyil.nl" + envFromSecret: "grafana-env" + grafana.ini: + auth.ldap: + enabled: true + allow_sign_up: true + database: + type: "postgres" + ldap: + enabled: true + existingSecret: grafana-config +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus-exporter-postgresql/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus-exporter-postgresql/helm-chart.yaml new file mode 100644 index 0000000..88b237d --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus-exporter-postgresql/helm-chart.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: prometheus-exporter-postgresql + namespace: monitoring +spec: + repo: https://prometheus-community.github.io/helm-charts + chart: prometheus-postgres-exporter + valuesContent: |- + config: + datasourceSecret: + name: prometheus-exporter-postgresql + key: connection-string +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus/auth-proxy.yaml b/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus/auth-proxy.yaml new file mode 100644 index 0000000..8388e3a --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus/auth-proxy.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: auth-proxy-prometheus + namespace: monitoring +spec: + chart: https://git.tyil.nl/helm/oauth2-proxy/snapshot/oauth2-proxy-497a618778ead59ce985b81031a863dda9ff2126.tar.gz + valuesContent: |- + image: + tag: v7.4.0 + secret: + enabled: false + envFrom: + secretRef: + - name: auth-proxy-prometheus + ingress: + enabled: true + ingressClassName: traefik + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd + tls: + - secretName: tls-nl.tyil.prometheus + hosts: + - prometheus.tyil.nl + hosts: + - host: prometheus.tyil.nl + paths: + - path: / + pathType: Prefix diff --git a/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus/helm-chart.yaml new file mode 100644 index 0000000..43d78b4 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus/helm-chart.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: prometheus + namespace: monitoring +spec: + repo: https://prometheus-community.github.io/helm-charts + chart: kube-prometheus-stack + valuesContent: |- + alertmanager: + enabled: false + grafana: + enabled: false + prometheus: + enabled: true + prometheusSpec: + retention: 10d + serviceMonitorSelectorNilUsesHelmValues: false + storageSpec: + emptyDir: {} +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/namespaces.yaml b/data.d/k3s-master/manifests.d/tyilnet/namespaces.yaml new file mode 100644 index 0000000..bc0f4ad --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/namespaces.yaml @@ -0,0 +1,42 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: auth-system +... +--- +apiVersion: v1 +kind: Namespace +metadata: + name: cicd-system +... +--- +apiVersion: v1 +kind: Namespace +metadata: + name: base-system +... +--- +apiVersion: v1 +kind: Namespace +metadata: + name: monitoring +... +--- +apiVersion: v1 +kind: Namespace +metadata: + name: personal-services +... +--- +apiVersion: v1 +kind: Namespace +metadata: + name: public-services +... +--- +apiVersion: v1 +kind: Namespace +metadata: + name: servarr +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/configmap.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/configmap.yaml new file mode 100644 index 0000000..bdbc8b2 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/configmap.yaml @@ -0,0 +1,68 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: cgit + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: cgit + app.kubernetes.io/part-of: personal-services +data: + cgitrc: | + root-desc=All public repos from tyil + + source-filter=/usr/lib/cgit/filters/syntax-highlighting.sh + about-filter=/usr/lib/cgit/filters/about-formatting.sh + + readme=:INSTALL + readme=:INSTALL.htm + readme=:INSTALL.html + readme=:INSTALL.md + readme=:INSTALL.mkd + readme=:INSTALL.rst + readme=:INSTALL.txt + readme=:README + readme=:README.htm + readme=:README.html + readme=:README.md + readme=:README.mkd + readme=:README.pod6 + readme=:README.rakudoc + readme=:README.rst + readme=:README.txt + readme=:install + readme=:install.htm + readme=:install.html + readme=:install.md + readme=:install.mkd + readme=:install.rst + readme=:install.txt + readme=:readme + readme=:readme.htm + readme=:readme.html + readme=:readme.md + readme=:readme.mkd + readme=:readme.rst + readme=:readme.txt + + css=/cgit-css/cgit.css + logo=/cgit-css/cgit.png + + #cache-root=/var/cache/cgit + #cache-size=1000 + + clone-prefix=https://git.tyil.nl + enable-git-config=1 + enable-index-links=1 + enable-index-owner=0 + enable-log-filecount=1 + enable-log-linecount=1 + remove-suffix=1 + robots=index, follow + scan-path=/srv/git/ + section-from-path=1 + snapshots=tar.gz tar.bz2 + virtual-root=/ +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/deployment.yaml new file mode 100644 index 0000000..715a3f6 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/deployment.yaml @@ -0,0 +1,51 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cgit + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: cgit + app.kubernetes.io/part-of: personal-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: cgit + app.kubernetes.io/part-of: personal-services + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: cgit + app.kubernetes.io/part-of: personal-services + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: emarcs/nginx-cgit + name: cgit + ports: + - containerPort: 80 + volumeMounts: + - mountPath: /srv/git + name: data + - mountPath: /etc/cgitrc + subPath: cgitrc + name: config + restartPolicy: Always + volumes: + - name: data + hostPath: + path: /mnt/pool/git + type: DirectoryOrCreate + - name: config + configMap: + name: cgit +... diff --git a/data.d/k3s-master/manifests.d/hurzak/public-services/teddit/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/ingress.yaml index 4830961..4dcf92e 100644 --- a/data.d/k3s-master/manifests.d/hurzak/public-services/teddit/ingress.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/ingress.yaml @@ -2,30 +2,30 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: teddit - namespace: public-services - annotations: - cert-manager.io/cluster-issuer: "letsencrypt-production" + name: cgit + namespace: personal-services labels: app.kubernetes.io/created-by: tyil app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: teddit - app.kubernetes.io/part-of: public-services + app.kubernetes.io/name: cgit + app.kubernetes.io/part-of: personal-services + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" spec: - ingressClassName: "traefik" + ingressClassName: traefik tls: - hosts: - - reddit.alt.tyil.nl - secretName: tls-nl.tyil.alt.reddit + - git.tyil.nl + secretName: tls-nl.tyil.git rules: - - host: reddit.alt.tyil.nl + - host: git.tyil.nl http: paths: - path: / pathType: Prefix backend: service: - name: teddit + name: cgit port: number: 80 ... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/service.yaml new file mode 100644 index 0000000..ac2ab26 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/service.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: cgit + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: cgit + app.kubernetes.io/part-of: personal-services +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: cgit + app.kubernetes.io/part-of: personal-services + ports: + - name: http + port: 80 + targetPort: 80 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/configmap.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/configmap.yaml new file mode 100644 index 0000000..b78a822 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/configmap.yaml @@ -0,0 +1,38 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: grocy + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: grocy + app.kubernetes.io/part-of: personal-services +data: + # A custom common.conf is required because the name of the backend service is + # not configurable through conventional means. Instead, I supply my own + # version with the correct backend name and overwrite the one supplied by the + # grocy docker container itself. + common.conf: | + charset utf-8; + + location / { + try_files $uri /index.php$is_args$query_string; + } + + location ~* .(jpg|jpeg|png|gif|ico|css|js)$ { + expires 365d; + } + + location ~ \.php$ { + fastcgi_pass grocy-backend:80; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location ~ /\.ht { + deny all; + } +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/deployment-backend.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/deployment-backend.yaml new file mode 100644 index 0000000..ef77883 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/deployment-backend.yaml @@ -0,0 +1,60 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: grocy-backend + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: grocy-backend + app.kubernetes.io/part-of: personal-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: grocy-backend + app.kubernetes.io/part-of: personal-services + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: grocy-backend + app.kubernetes.io/part-of: personal-services + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: grocy/backend:v3.3.2 + name: grocy + env: + - name: GROCY_CURRENCY + value: "EUR" + - name: GROCY_MODE + value: "production" + - name: GROCY_CULTURE + name: "en" + - name: MAX_UPLOAD + value: "50M" + - name: PHP_MAX_FILE_UPLOAD + value: "200" + - name: PHP_MAX_POST + value: "100M" + - name: PHP_MEMORY_LIMIT + value: "512M" + ports: + - containerPort: 9000 + volumeMounts: + - mountPath: /var/www/data + name: data + restartPolicy: Always + volumes: + - name: data + hostPath: + path: /etc/grocy + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/deployment-frontend.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/deployment-frontend.yaml new file mode 100644 index 0000000..07fbb68 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/deployment-frontend.yaml @@ -0,0 +1,59 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: grocy-frontend + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: grocy-frontend + app.kubernetes.io/part-of: personal-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: grocy-frontend + app.kubernetes.io/part-of: personal-services + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: grocy-frontend + app.kubernetes.io/part-of: personal-services + spec: + containers: + - image: grocy/frontend:v3.3.2 + name: grocy + env: + - name: GROCY_CURRENCY + value: "EUR" + - name: GROCY_MODE + value: "production" + - name: GROCY_CULTURE + name: "en" + - name: MAX_UPLOAD + value: "50M" + - name: PHP_MAX_FILE_UPLOAD + value: "200" + - name: PHP_MAX_POST + value: "100M" + - name: PHP_MEMORY_LIMIT + value: "512M" + ports: + - containerPort: 8080 + volumeMounts: + - mountPath: /etc/nginx/common.conf + subPath: common.conf + name: config + restartPolicy: Always + volumes: + - name: config + configMap: + name: grocy +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/ingress.yaml new file mode 100644 index 0000000..80d1089 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/ingress.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: grocy + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: grocy + app.kubernetes.io/part-of: personal-services + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: + - erp.tyil.nl + secretName: tls-nl.tyil.erp + rules: + - host: erp.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: grocy-frontend + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/service-backend.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/service-backend.yaml new file mode 100644 index 0000000..e9a179d --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/service-backend.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: grocy-backend + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: grocy-backend + app.kubernetes.io/part-of: personal-services +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: grocy-backend + app.kubernetes.io/part-of: personal-services + ports: + - name: http + port: 80 + targetPort: 9000 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/service-frontend.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/service-frontend.yaml new file mode 100644 index 0000000..d9d1e93 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/service-frontend.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: grocy-frontend + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: grocy-frontend + app.kubernetes.io/part-of: personal-services +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: grocy-frontend + app.kubernetes.io/part-of: personal-services + ports: + - name: http + port: 80 + targetPort: 8080 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-blockdiag.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-blockdiag.yaml new file mode 100644 index 0000000..6eb7fea --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-blockdiag.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kroki-blockdiag + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-blockdiag + app.kubernetes.io/part-of: personal-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-blockdiag + app.kubernetes.io/part-of: personal-services + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-blockdiag + app.kubernetes.io/part-of: personal-services + spec: + containers: + - image: yuzutech/kroki-blockdiag + name: blockdiag + ports: + - containerPort: 8001 + restartPolicy: Always +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-bpmn.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-bpmn.yaml new file mode 100644 index 0000000..26acd15 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-bpmn.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kroki-bpmn + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-bpmn + app.kubernetes.io/part-of: personal-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-bpmn + app.kubernetes.io/part-of: personal-services + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-bpmn + app.kubernetes.io/part-of: personal-services + spec: + containers: + - image: yuzutech/kroki-bpmn + name: bpmn + ports: + - containerPort: 8003 + restartPolicy: Always +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-excalidraw.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-excalidraw.yaml new file mode 100644 index 0000000..d1c6699 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-excalidraw.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kroki-excalidraw + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-excalidraw + app.kubernetes.io/part-of: personal-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-excalidraw + app.kubernetes.io/part-of: personal-services + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-excalidraw + app.kubernetes.io/part-of: personal-services + spec: + containers: + - image: yuzutech/kroki-excalidraw + name: excalidraw + ports: + - containerPort: 8004 + restartPolicy: Always +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-mermaid.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-mermaid.yaml new file mode 100644 index 0000000..ee6edaf --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-mermaid.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kroki-mermaid + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-mermaid + app.kubernetes.io/part-of: personal-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-mermaid + app.kubernetes.io/part-of: personal-services + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-mermaid + app.kubernetes.io/part-of: personal-services + spec: + containers: + - image: yuzutech/kroki-mermaid + name: mermaid + ports: + - containerPort: 8002 + restartPolicy: Always diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki.yaml new file mode 100644 index 0000000..f192697 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki.yaml @@ -0,0 +1,53 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kroki + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki + app.kubernetes.io/part-of: personal-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki + app.kubernetes.io/part-of: personal-services + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki + app.kubernetes.io/part-of: personal-services + spec: + containers: + - image: yuzutech/kroki + name: kroki + env: + - name: KROKI_BLOCKDIAG_HOST + value: kroki-blockdiag + - name: KROKI_BLOCKDIAG_PORT + value: "80" + - name: KROKI_BPMN_HOST + value: kroki-bpmn + - name: KROKI_BPMN_PORT + value: "80" + - name: KROKI_EXCALIDRAW_HOST + value: kroki-excalidraw + - name: KROKI_EXCALIDRAW_PORT + value: "80" + - name: KROKI_MERMAID_HOST + value: kroki-mermaid + - name: KROKI_MERMAID_PORT + value: "80" + - name: KROKI_MAX_URI_LENGTH + value: "4096" + ports: + - containerPort: 8000 + restartPolicy: Always +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/ingress-kroki.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/ingress-kroki.yaml new file mode 100644 index 0000000..c33644e --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/ingress-kroki.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: kroki + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki + app.kubernetes.io/part-of: personal-services + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" +spec: + tls: + - hosts: + - kroki.tyil.nl + secretName: tls-nl.tyil.kroki + rules: + - host: kroki.tyil.nl + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: kroki + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-blockdiag.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-blockdiag.yaml new file mode 100644 index 0000000..7ac6c4e --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-blockdiag.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: kroki-blockdiag + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-blockdiag + app.kubernetes.io/part-of: personal-services +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-blockdiag + app.kubernetes.io/part-of: personal-services + ports: + - name: http + port: 80 + targetPort: 8001 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-bpmn.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-bpmn.yaml new file mode 100644 index 0000000..73e2c58 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-bpmn.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: kroki-bpmn + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-bpmn + app.kubernetes.io/part-of: personal-services +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-bpmn + app.kubernetes.io/part-of: personal-services + ports: + - name: http + port: 80 + targetPort: 8003 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-excalidraw.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-excalidraw.yaml new file mode 100644 index 0000000..a011428 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-excalidraw.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: kroki-excalidraw + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-excalidraw + app.kubernetes.io/part-of: personal-services +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-excalidraw + app.kubernetes.io/part-of: personal-services + ports: + - name: http + port: 80 + targetPort: 8004 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-mermaid.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-mermaid.yaml new file mode 100644 index 0000000..872433c --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-mermaid.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: kroki-mermaid + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-mermaid + app.kubernetes.io/part-of: personal-services +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-mermaid + app.kubernetes.io/part-of: personal-services + ports: + - name: http + port: 80 + targetPort: 8002 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki.yaml new file mode 100644 index 0000000..0c98dc8 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: kroki + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki + app.kubernetes.io/part-of: personal-services +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki + app.kubernetes.io/part-of: personal-services + ports: + - name: http + port: 80 + targetPort: 8000 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/cron.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/cron.yaml new file mode 100644 index 0000000..1f0b3a1 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/cron.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + name: nextcloud + namespace: personal-services +spec: + schedule: "*/5 * * * *" + jobTemplate: + spec: + template: + spec: + securityContext: + runAsUser: 33 + runAsGroup: 33 + nodeName: "mieshu.tyil.net" + containers: + - name: nextcloud + image: nextcloud:27 + command: + - php + args: + - -f + - /var/www/html/cron.php + volumeMounts: + - mountPath: /var/www/html + name: data + restartPolicy: OnFailure + volumes: + - name: data + hostPath: + path: /mnt/pool/nextcloud + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/deployment.yaml new file mode 100644 index 0000000..250f670 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/deployment.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nextcloud + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: nextcloud + app.kubernetes.io/part-of: personal-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: nextcloud + app.kubernetes.io/part-of: personal-services + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: nextcloud + app.kubernetes.io/part-of: personal-services + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: nextcloud:27 + name: nextcloud + ports: + - containerPort: 80 + volumeMounts: + - mountPath: /var/www/html + name: data + restartPolicy: Always + volumes: + - name: data + hostPath: + path: /mnt/pool/nextcloud + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/ingress.yaml new file mode 100644 index 0000000..ac616a0 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/ingress.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nextcloud + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: nextcloud + app.kubernetes.io/part-of: personal-services + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-headers-nextcloud@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: + - cloud.tyil.nl + secretName: tls-nl.tyil.cloud + rules: + - host: cloud.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: nextcloud + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/service.yaml new file mode 100644 index 0000000..fd9a7d6 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/service.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: nextcloud + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: nextcloud + app.kubernetes.io/part-of: personal-services +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: nextcloud + app.kubernetes.io/part-of: personal-services + ports: + - name: http + port: 80 + targetPort: 80 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/deployment.yaml new file mode 100644 index 0000000..d910c47 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/deployment.yaml @@ -0,0 +1,54 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: invidious + namespace: public-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: invidious + app.kubernetes.io/part-of: public-services +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: invidious + app.kubernetes.io/part-of: public-services + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: invidious + app.kubernetes.io/part-of: public-services + spec: + containers: + - name: invidious + image: quay.io/invidious/invidious:latest + ports: + - containerPort: 8080 + env: + - name: INVIDIOUS_CONFIG + valueFrom: + secretKeyRef: + name: invidious-config + key: config.yml + resources: + requests: + memory: 64Mi + limits: + memory: 128Mi + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - invidious + topologyKey: "kubernetes.io/hostname" +... diff --git a/data.d/k3s-master/manifests.d/hurzak/public-services/nitter/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/ingress.yaml index 6c3e671..cb675a9 100644 --- a/data.d/k3s-master/manifests.d/hurzak/public-services/nitter/ingress.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/ingress.yaml @@ -2,30 +2,30 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: nitter + name: invidious namespace: public-services annotations: cert-manager.io/cluster-issuer: "letsencrypt-production" labels: app.kubernetes.io/created-by: tyil app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: nitter + app.kubernetes.io/name: invidious app.kubernetes.io/part-of: public-services spec: ingressClassName: "traefik" tls: - hosts: - - twitter.alt.tyil.nl - secretName: tls-nl.tyil.alt.twitter + - youtube.alt.tyil.nl + secretName: tls-nl.tyil.alt.youtube rules: - - host: twitter.alt.tyil.nl + - host: youtube.alt.tyil.nl http: paths: - path: / pathType: Prefix backend: service: - name: nitter + name: invidious-http port: number: 80 ... diff --git a/data.d/k3s-master/manifests.d/hurzak/public-services/teddit/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/service.yaml index b91c1d1..e4f95be 100644 --- a/data.d/k3s-master/manifests.d/hurzak/public-services/teddit/service.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/service.yaml @@ -2,21 +2,23 @@ apiVersion: v1 kind: Service metadata: - name: teddit + # Funfact: if this name is set to "invidious", things will break! + # https://github.com/iv-org/invidious/issues/2970 + name: invidious-http namespace: public-services labels: app.kubernetes.io/created-by: tyil app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: teddit + app.kubernetes.io/name: invidious app.kubernetes.io/part-of: public-services spec: selector: app.kubernetes.io/created-by: tyil app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: teddit + app.kubernetes.io/name: invidious app.kubernetes.io/part-of: public-services ports: - protocol: TCP port: 80 - targetPort: 8080 + targetPort: 3000 ... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/deployment.yaml new file mode 100644 index 0000000..e967412 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/deployment.yaml @@ -0,0 +1,78 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: bazarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: bazarr + app.kubernetes.io/part-of: servarr +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: bazarr + app.kubernetes.io/part-of: servarr + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: bazarr + app.kubernetes.io/part-of: servarr + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: hotio/bazarr:testing + name: bazarr + env: + - name: TZ + value: "Europe/Amsterdam" + - name: UMASK + value: "002" + - name: GUID + value: "169" + - name: PUID + value: "169" + ports: + - containerPort: 6767 + volumeMounts: + - mountPath: /mnt/pool/media/anime-series/exported + name: anime-series + - mountPath: /mnt/pool/media/anime-movies/exported + name: anime-movies + - mountPath: /mnt/pool/media/series/exported + name: series + - mountPath: /mnt/pool/media/movies/exported + name: movies + - mountPath: /config + name: config + restartPolicy: Always + volumes: + - name: anime-series + hostPath: + path: /mnt/pool/media/anime-series/exported + type: Directory + - name: anime-movies + hostPath: + path: /mnt/pool/media/anime-movies/exported + type: Directory + - name: series + hostPath: + path: /mnt/pool/media/series/exported + type: Directory + - name: movies + hostPath: + path: /mnt/pool/media/movies/exported + type: Directory + - name: config + hostPath: + path: /etc/servarr/bazarr + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/ingress.yaml new file mode 100644 index 0000000..ff20477 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/ingress.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: bazarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: bazarr + app.kubernetes.io/part-of: servarr + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: + - bazarr.arr.tyil.nl + secretName: tls-nl.tyil.arr.bazarr + rules: + - host: bazarr.arr.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: bazarr + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/service.yaml new file mode 100644 index 0000000..1f3cc23 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/service.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: bazarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: bazarr + app.kubernetes.io/part-of: servarr +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: bazarr + app.kubernetes.io/part-of: servarr + ports: + - name: http + port: 80 + targetPort: 6767 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/auth-proxy.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/auth-proxy.yaml new file mode 100644 index 0000000..57ab370 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/auth-proxy.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: auth-proxy-dirlist + namespace: kube-system +spec: + chart: https://git.tyil.nl/helm/oauth2-proxy/snapshot/oauth2-proxy-497a618778ead59ce985b81031a863dda9ff2126.tar.gz + targetNamespace: servarr + valuesContent: |- + image: + tag: v7.4.0 + secret: + enabled: false + envFrom: + secretRef: + - name: auth-proxy-dirlist + ingress: + enabled: true + ingressClassName: traefik + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd + tls: + - secretName: tls-nl.tyil.media + hosts: + - media.tyil.nl + hosts: + - host: media.tyil.nl + paths: + - path: / + pathType: Prefix diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/deployment.yaml new file mode 100644 index 0000000..e443551 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/deployment.yaml @@ -0,0 +1,86 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: dirlist + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: dirlist + app.kubernetes.io/part-of: servarr +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: dirlist + app.kubernetes.io/part-of: servarr + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: dirlist + app.kubernetes.io/part-of: servarr + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: docker.io/svenstaro/miniserve:latest + args: + - --enable-tar + - --enable-tar-gz + - --qrcode + - /var/www + name: miniserve + ports: + - containerPort: 8080 + volumeMounts: + - mountPath: /var/www/anime-movies + name: anime-movies + readOnly: true + - mountPath: /var/www/anime-series + name: anime-series + readOnly: true + - mountPath: /var/www/books + name: books + readOnly: true + - mountPath: /var/www/movies + name: movies + readOnly: true + - mountPath: /var/www/music + name: music + readOnly: true + - mountPath: /var/www/series + name: series + readOnly: true + restartPolicy: Always + volumes: + - name: anime-series + hostPath: + path: /mnt/pool/media/anime-series/exported + type: Directory + - name: anime-movies + hostPath: + path: /mnt/pool/media/anime-movies/exported + type: Directory + - name: books + hostPath: + path: /mnt/pool/media/books/exported + type: Directory + - name: movies + hostPath: + path: /mnt/pool/media/movies/exported + type: Directory + - name: music + hostPath: + path: /mnt/pool/media/music/exported + type: Directory + - name: series + hostPath: + path: /mnt/pool/media/series/exported + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/hurzak/public-services/nitter/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/service.yaml index f9bba4b..31f638f 100644 --- a/data.d/k3s-master/manifests.d/hurzak/public-services/nitter/service.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/service.yaml @@ -2,21 +2,21 @@ apiVersion: v1 kind: Service metadata: - name: nitter - namespace: public-services + name: dirlist + namespace: servarr labels: app.kubernetes.io/created-by: tyil app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: nitter - app.kubernetes.io/part-of: public-services + app.kubernetes.io/name: dirlist + app.kubernetes.io/part-of: servarr spec: selector: app.kubernetes.io/created-by: tyil app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: nitter - app.kubernetes.io/part-of: public-services + app.kubernetes.io/name: dirlist + app.kubernetes.io/part-of: servarr ports: - - protocol: TCP + - name: http port: 80 targetPort: 8080 ... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/deployment.yaml new file mode 100644 index 0000000..18205c4 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/deployment.yaml @@ -0,0 +1,96 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: jellyfin + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyfin + app.kubernetes.io/part-of: servarr +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyfin + app.kubernetes.io/part-of: servarr + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyfin + app.kubernetes.io/part-of: servarr + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: jellyfin/jellyfin + name: jellyfin + ports: + - containerPort: 8096 + volumeMounts: + - mountPath: /var/media/anime-movies + name: anime-movies + readOnly: true + - mountPath: /var/media/anime-series + name: anime-series + readOnly: true + - mountPath: /var/media/books + name: books + readOnly: true + - mountPath: /var/media/movies + name: movies + readOnly: true + - mountPath: /var/media/music + name: music + readOnly: true + - mountPath: /var/media/series + name: series + readOnly: true + - mountPath: /config + name: config + - mountPath: /cache + name: cache + resources: + limits: + amd.com/gpu: 1 + restartPolicy: Always + volumes: + - name: anime-movies + hostPath: + path: /mnt/pool/media/anime-movies/exported + type: Directory + - name: anime-series + hostPath: + path: /mnt/pool/media/anime-series/exported + type: Directory + - name: books + hostPath: + path: /mnt/pool/media/books/exported + type: Directory + - name: movies + hostPath: + path: /mnt/pool/media/movies/exported + type: Directory + - name: music + hostPath: + path: /mnt/pool/media/music/exported + type: Directory + - name: series + hostPath: + path: /mnt/pool/media/series/exported + type: Directory + - name: cache + hostPath: + path: /var/cache/jellyfin + type: Directory + - name: config + hostPath: + path: /etc/servarr/jellyfin + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/ingress.yaml new file mode 100644 index 0000000..b527143 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/ingress.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: jellyfin + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyfin + app.kubernetes.io/part-of: servarr + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: + - tv.tyil.nl + secretName: tls-nl.tyil.tv + rules: + - host: tv.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: jellyfin + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/service.yaml new file mode 100644 index 0000000..cc0ae84 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/service.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: jellyfin + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyfin + app.kubernetes.io/part-of: servarr +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyfin + app.kubernetes.io/part-of: servarr + ports: + - name: http + port: 80 + targetPort: 8096 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/deployment.yaml new file mode 100644 index 0000000..217f949 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/deployment.yaml @@ -0,0 +1,54 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: jellyseerr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyseerr + app.kubernetes.io/part-of: servarr +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyseerr + app.kubernetes.io/part-of: servarr + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyseerr + app.kubernetes.io/part-of: servarr + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: fallenbagel/jellyseerr:latest + name: jellyseerr + env: + - name: TZ + value: "Europe/Amsterdam" + - name: UMASK + value: "002" + - name: GUID + value: "169" + - name: PUID + value: "169" + ports: + - containerPort: 5055 + volumeMounts: + - mountPath: /app/config + name: config + restartPolicy: Always + volumes: + - name: config + hostPath: + path: /etc/servarr/jellyseerr + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/ingress.yaml new file mode 100644 index 0000000..11671d7 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/ingress.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: jellyseerr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyseerr + app.kubernetes.io/part-of: servarr + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: + - jellyseerr.arr.tyil.nl + secretName: tls-nl.tyil.arr.jellyseerr + rules: + - host: jellyseerr.arr.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: jellyseerr + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/service.yaml new file mode 100644 index 0000000..a8f3b18 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/service.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: jellyseerr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyseerr + app.kubernetes.io/part-of: servarr +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyseerr + app.kubernetes.io/part-of: servarr + ports: + - name: http + port: 80 + targetPort: 5055 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/deployment.yaml new file mode 100644 index 0000000..baea1d9 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/deployment.yaml @@ -0,0 +1,60 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: lidarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lidarr + app.kubernetes.io/part-of: servarr +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lidarr + app.kubernetes.io/part-of: servarr + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lidarr + app.kubernetes.io/part-of: servarr + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: hotio/lidarr:release + name: lidarr + env: + - name: TZ + value: "Europe/Amsterdam" + - name: UMASK + value: "002" + - name: GUID + value: "169" + - name: PUID + value: "169" + ports: + - containerPort: 8686 + volumeMounts: + - mountPath: /mnt/pool/media/music + name: music + - mountPath: /config + name: config + restartPolicy: Always + volumes: + - name: music + hostPath: + path: /mnt/pool/media/music + type: Directory + - name: config + hostPath: + path: /etc/servarr/lidarr + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/ingress.yaml new file mode 100644 index 0000000..bff21d5 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/ingress.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: lidarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lidarr + app.kubernetes.io/part-of: servarr + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: + - lidarr.arr.tyil.nl + secretName: tls-nl.tyil.arr.lidarr + rules: + - host: lidarr.arr.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: lidarr + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/service.yaml new file mode 100644 index 0000000..f154924 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/service.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: lidarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lidarr + app.kubernetes.io/part-of: servarr +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lidarr + app.kubernetes.io/part-of: servarr + ports: + - name: http + port: 80 + targetPort: 8686 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/deployment.yaml new file mode 100644 index 0000000..4dcaf31 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/deployment.yaml @@ -0,0 +1,54 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: prowlarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prowlarr + app.kubernetes.io/part-of: servarr +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prowlarr + app.kubernetes.io/part-of: servarr + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prowlarr + app.kubernetes.io/part-of: servarr + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: cr.hotio.dev/hotio/prowlarr:nightly + name: prowlarr + env: + - name: TZ + value: "Europe/Amsterdam" + - name: UMASK + value: "002" + - name: GUID + value: "169" + - name: PUID + value: "169" + ports: + - containerPort: 9696 + volumeMounts: + - mountPath: /config + name: config + restartPolicy: Always + volumes: + - name: config + hostPath: + path: /etc/servarr/prowlarr + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/ingress.yaml new file mode 100644 index 0000000..1043a2d --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/ingress.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: prowlarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prowlarr + app.kubernetes.io/part-of: servarr + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: + - prowlarr.arr.tyil.nl + secretName: tls-nl.tyil.arr.prowlarr + rules: + - host: prowlarr.arr.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: prowlarr + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/service.yaml new file mode 100644 index 0000000..ff16907 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/service.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: prowlarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prowlarr + app.kubernetes.io/part-of: servarr +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prowlarr + app.kubernetes.io/part-of: servarr + ports: + - name: http + port: 80 + targetPort: 9696 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/deployment.yaml new file mode 100644 index 0000000..c49ccb0 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/deployment.yaml @@ -0,0 +1,66 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: radarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: radarr + app.kubernetes.io/part-of: servarr +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: radarr + app.kubernetes.io/part-of: servarr + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: radarr + app.kubernetes.io/part-of: servarr + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: hotio/radarr:release + name: radarr + env: + - name: TZ + value: "Europe/Amsterdam" + - name: UMASK + value: "002" + - name: GUID + value: "169" + - name: PUID + value: "169" + ports: + - containerPort: 8787 + volumeMounts: + - mountPath: /mnt/pool/media/anime-movies + name: anime-movies + - mountPath: /mnt/pool/media/movies + name: movies + - mountPath: /config + name: config + restartPolicy: Always + volumes: + - name: anime-movies + hostPath: + path: /mnt/pool/media/anime-movies + type: Directory + - name: movies + hostPath: + path: /mnt/pool/media/movies + type: Directory + - name: config + hostPath: + path: /etc/servarr/radarr + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/ingress.yaml new file mode 100644 index 0000000..ace583f --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/ingress.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: radarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: radarr + app.kubernetes.io/part-of: servarr + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: + - radarr.arr.tyil.nl + secretName: tls-nl.tyil.arr.radarr + rules: + - host: radarr.arr.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: radarr + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/service.yaml new file mode 100644 index 0000000..28df782 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/service.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: radarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: radarr + app.kubernetes.io/part-of: servarr +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: radarr + app.kubernetes.io/part-of: servarr + ports: + - name: http + port: 80 + targetPort: 7878 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/deployment.yaml new file mode 100644 index 0000000..a266b8d --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/deployment.yaml @@ -0,0 +1,60 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: readarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: readarr + app.kubernetes.io/part-of: servarr +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: readarr + app.kubernetes.io/part-of: servarr + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: readarr + app.kubernetes.io/part-of: servarr + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: hotio/readarr:testing + name: readarr + env: + - name: TZ + value: "Europe/Amsterdam" + - name: UMASK + value: "002" + - name: GUID + value: "169" + - name: PUID + value: "169" + ports: + - containerPort: 8787 + volumeMounts: + - mountPath: /mnt/pool/media/books + name: books + - mountPath: /config + name: config + restartPolicy: Always + volumes: + - name: books + hostPath: + path: /mnt/pool/media/books + type: Directory + - name: config + hostPath: + path: /etc/servarr/readarr + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/ingress.yaml new file mode 100644 index 0000000..94aa05e --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/ingress.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: readarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: readarr + app.kubernetes.io/part-of: servarr + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: + - readarr.arr.tyil.nl + secretName: tls-nl.tyil.arr.readarr + rules: + - host: readarr.arr.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: readarr + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/service.yaml new file mode 100644 index 0000000..3d6cdc7 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/service.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: readarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: readarr + app.kubernetes.io/part-of: servarr +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: readarr + app.kubernetes.io/part-of: servarr + ports: + - name: http + port: 80 + targetPort: 8787 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/deployment.yaml new file mode 100644 index 0000000..126acfe --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/deployment.yaml @@ -0,0 +1,66 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: sonarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: sonarr + app.kubernetes.io/part-of: servarr +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: sonarr + app.kubernetes.io/part-of: servarr + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: sonarr + app.kubernetes.io/part-of: servarr + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: hotio/sonarr:release + name: sonarr + env: + - name: TZ + value: "Europe/Amsterdam" + - name: UMASK + value: "002" + - name: GUID + value: "169" + - name: PUID + value: "169" + ports: + - containerPort: 8787 + volumeMounts: + - mountPath: /mnt/pool/media/anime-series + name: anime-series + - mountPath: /mnt/pool/media/series + name: series + - mountPath: /config + name: config + restartPolicy: Always + volumes: + - name: anime-series + hostPath: + path: /mnt/pool/media/anime-series + type: Directory + - name: series + hostPath: + path: /mnt/pool/media/series + type: Directory + - name: config + hostPath: + path: /etc/servarr/sonarr + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/ingress.yaml new file mode 100644 index 0000000..e53868a --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/ingress.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: sonarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: sonarr + app.kubernetes.io/part-of: servarr + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: + - sonarr.arr.tyil.nl + secretName: tls-nl.tyil.arr.sonarr + rules: + - host: sonarr.arr.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: sonarr + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/service.yaml new file mode 100644 index 0000000..5251050 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/service.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: sonarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: sonarr + app.kubernetes.io/part-of: servarr +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: sonarr + app.kubernetes.io/part-of: servarr + ports: + - name: http + port: 80 + targetPort: 8989 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/unpackerr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/unpackerr/deployment.yaml new file mode 100644 index 0000000..d54c478 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/unpackerr/deployment.yaml @@ -0,0 +1,88 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: unpackerr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: unpackerr + app.kubernetes.io/part-of: servarr +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: unpackerr + app.kubernetes.io/part-of: servarr + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: unpackerr + app.kubernetes.io/part-of: servarr + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: golift/unpackerr:latest + name: unpackerr + env: + - name: TZ + value: "Europe/Amsterdam" + - name: UMASK + value: "002" + - name: GUID + value: "169" + - name: PUID + value: "169" + volumeMounts: + - mountPath: /mnt/pool/media/anime-movies + name: anime-movies + - mountPath: /mnt/pool/media/anime-series + name: anime-series + - mountPath: /mnt/pool/media/books + name: books + - mountPath: /mnt/pool/media/movies + name: movies + - mountPath: /mnt/pool/media/music + name: music + - mountPath: /mnt/pool/media/series + name: series + - mountPath: /config + name: config + restartPolicy: Always + volumes: + - name: anime-series + hostPath: + path: /mnt/pool/media/anime-series + type: Directory + - name: anime-movies + hostPath: + path: /mnt/pool/media/anime-movies + type: Directory + - name: books + hostPath: + path: /mnt/pool/media/books + type: Directory + - name: movies + hostPath: + path: /mnt/pool/media/movies + type: Directory + - name: music + hostPath: + path: /mnt/pool/media/music + type: Directory + - name: series + hostPath: + path: /mnt/pool/media/series + type: Directory + - name: config + hostPath: + path: /etc/servarr/unpackerr + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/deployment.yaml new file mode 100644 index 0000000..f650a60 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/deployment.yaml @@ -0,0 +1,60 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: whisparr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: whisparr + app.kubernetes.io/part-of: servarr +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: whisparr + app.kubernetes.io/part-of: servarr + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: whisparr + app.kubernetes.io/part-of: servarr + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: cr.hotio.dev/hotio/whisparr:nightly + name: whisparr + env: + - name: TZ + value: "Europe/Amsterdam" + - name: UMASK + value: "002" + - name: GUID + value: "169" + - name: PUID + value: "169" + ports: + - containerPort: 6969 + volumeMounts: + - mountPath: /mnt/pool/media/porn + name: porn + - mountPath: /config + name: config + restartPolicy: Always + volumes: + - name: porn + hostPath: + path: /mnt/pool/media/porn + type: Directory + - name: config + hostPath: + path: /etc/servarr/whisparr + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/ingress.yaml new file mode 100644 index 0000000..a71692c --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/ingress.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: whisparr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: whisparr + app.kubernetes.io/part-of: servarr + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: + - whisparr.arr.tyil.nl + secretName: tls-nl.tyil.arr.whisparr + rules: + - host: whisparr.arr.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: whisparr + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/service.yaml new file mode 100644 index 0000000..abafcaf --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/service.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: whisparr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: whisparr + app.kubernetes.io/part-of: servarr +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: whisparr + app.kubernetes.io/part-of: servarr + ports: + - name: http + port: 80 + targetPort: 6969 +... diff --git a/data.d/vpn-tinc/hosts/gaeru_tyil_net b/data.d/vpn-tinc/hosts/gaeru_tyil_net index eba305b..d7a3c0b 100644 --- a/data.d/vpn-tinc/hosts/gaeru_tyil_net +++ b/data.d/vpn-tinc/hosts/gaeru_tyil_net @@ -2,15 +2,15 @@ Address = 37.48.120.26 Subnet = 10.57.20.6/32 -----BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEA9NUrWO0L8lqrfs4BgZsLdfJZPfKx+Fi8P4k79CIBuVfkQ4OzJmoV -ahupoOo5edjYLJK09epa9zFRc1DuaotYC7Wm9DdIF82WNZXN9x/Mvuq06WaKXBdj -iTJKbYfVN/yv8Xfjzfp4DH3txwsq+9AuICHJkHOmb0lsDinpfbmP8C8ozBnutrLM -XGaIzXzkV2NbunyjaiR7dho5+4P6wedck+IV63KRzepbX36OW9xImmEEpBPeMPzd -VOgWs35FIgnE5uumXXfIax9CA9wFahvMYUlQbxA6kCg9PTteM3C44udFx8DxzGcR -giKEbfxjcZ4pK9JG+LTxNZC2BK1gsUNw8sX6mEEY496cs0T10RWzRZM/HvMIpj1W -5i72yh6kc8ieSr9hGIkm/oM/gwrFeC11PZQKis1P/0O5j7Lv6S7u6Edrpy/+WziV -Yk10eZXzHcFuVAh9+wQUeD3v4bMQA/mE8RPI9JX4Xkpbu1LOhtglEwFU1CWlG179 -B990cfr3cjJkTqS7qEfWuNh2lQd4iwpgqyPZB7Dd7tHT5EKEZSZ+4+w9Xo8xfy0v -7pdfImVHZ1PGVEsRk6AZZqcVcCRrjbKfqqL0m9JmB8vV5L3oZL/mXhFkh52aRMeZ -tzODNlBH0LW2TVVrBw3DJxFyRCRYjk4At8jagVe9fYM4ERkTQxqCFi0CAwEAAQ== +MIICCgKCAgEAvoIVYdxmypwYxZh89WAQDjpNWs8TDhn/mQVRy+WPqT39HCkHhOab +6GN8Ktsi6WU6arxL3PKfRzyXJhFbVktfzgHv6fKuBZwWSZM/qQ5T7DmtUkHv4NPB +AaRCDD1vkK0oGjX/BYOVCo9oCfaGWheAg/usw2XLZE+nz3FSb4GBs6vRQV95D7Px +v8/vmBJSfd3dIRvf0C6fvSSLH2Caq2E2cnKB+CG6F/1qbvhbppVnMJTySR+xCbW/ +YQv1pqND5TYZ0KZ8YuPmjxsd23L6roZJBgBbsiUPWktnKyUP2MEjrpZLcpD7Hnj8 +Qs1bkIdpz9Lj1i8g+k02IfoeRsSi0sf+hbyXovjHLfmdDoEeCtwbrL+JMPCtmzuS +S+AMIpWW4x74o0YNKgXFbjj179+BCVBXzGJBjoJ1dS1r/xDi97m5UxVVK6hfocBc +5x42h0Oc/b20lzoQ1Ixk+qRa71gEAa4OQgwDAKgQZnLgnmqq8mSU/x+f7pcRNGf5 +M/Ae6+rnOghLihReYpw09UinZT7Wqcp1MgAnsYqDohsJe5lEMfJkUS9zdLXlzlpv +PnAEknM4Nb2I3xEeHIeAnD0ZfzY81Jp+sfxdArGv+Hu+s9nTChlC8HlpVIsdUOFo +mVD3iOVvNEjR8LqfWexkhlG3qr69bzUUiguRLJicPaKZRJ68IOsX5EsCAwEAAQ== -----END RSA PUBLIC KEY----- diff --git a/data.d/vpn-tinc/hosts/ivdea_tyil_net b/data.d/vpn-tinc/hosts/ivdea_tyil_net deleted file mode 100644 index 17f8c89..0000000 --- a/data.d/vpn-tinc/hosts/ivdea_tyil_net +++ /dev/null @@ -1,16 +0,0 @@ -Subnet = 10.57.100.8/32 - - ------BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEA1cPD37/K8EHfro9L/qmEGcG7Ivu6Lvc9K9ry2f6YAjvLQHAwFrf3 -WXOHwg+x6aaE8Us7f2gHs8tU4NMNz4ggSIOesDOSUrVPOrrvZJnDaPzl8+bIOCrq -WOlgmo3RJv4w9G0QGmE7QGK2nX/gA05zaAMDP7Jd+yh7ohtYosth3/j/hetRdLD4 -j6D9tuwGKoQND3rlc7P4QV9bMM1wvKw63hj08YowBzD5GkYN+J833ZN2wmRqAvLp -cRnELg/UqSp0wu0l5VJImi8oz59zGzWPzxFBakemjCkM7xVe5LKK3ZkjwojWDTqG -BQXnhInrFplDm6j+A+jM1iOLwhwg1LbWthhzvrvZd68Dl3oBAsmRM8YmY7RjDpNW -nhqPWen5fum9kURwczY9GLj5GcRkBjEXVTU3KTpYKXeTZrRc3HT69WbbzdfXNKYj -aKRdL/OJZG4hNZFRgPHJP1svNrf4DLZiWIoAjeAdgXcHih1cUi2rP530YvRaajwT -FFDgcfRdWp00WQUkJ8Fcl//rynnZWjHSi4NXTsB7qVvdFClNqglxVewzBgBkriEO -n7SIXz6iNTaKLD63YaUY4oiqg4yY12P6ggY6U2atcXmK1g9syaYTIVD6MAA7XDxY -uI88cs2AZnjLsfpW4p7TD90r1qRZjbkguLhy71cEaIZMbH+H/8eAyD0CAwEAAQ== ------END RSA PUBLIC KEY----- diff --git a/data.d/vpn-tinc/hosts/jaomox_tyil_net b/data.d/vpn-tinc/hosts/jaomox_tyil_net index c1b7faa..afafdd4 100644 --- a/data.d/vpn-tinc/hosts/jaomox_tyil_net +++ b/data.d/vpn-tinc/hosts/jaomox_tyil_net @@ -1,16 +1,16 @@ -Address = 163.172.218.246 Subnet = 10.57.21.1/32 + -----BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEA1hTIMQha2vUVy0c8Ci5jF06T62IDDj9FhBtDBKOsvlZ1Lzh9OsqH -x7blL0WNBDoqmgyX0RdDwUIqnMOttMFK4y6ARY50Yw+s8m2uy3i9FgRUn2Y+Qjc8 -SmFh1fKt9yThKfBFDhUmTW0vjXlWR3jf77QB1PAJzk8wRmDx0GbBzcrsRMBrKc9a -rUN5mXz96xjkzq4vsAQ8W8aa4OmTR+oZcSe5iGzksXoh5BxmV8WjHK5ZpjuNi6qt -t1pWWanq3DG44/5pfvobULDh2Z1b8dV4oTGZW9CFFHmjOve5f+AQuy6nnFX9FH6R -dQ41GRCt3FFGMiCmej1BErPW2dE53A618vmcdd0J5Tt41TXX3oJo+gw3F1R5pNV7 -rd6hg634Iyx5y3JIJh9gQXbygCAnq32vtI6/j60MyGHk2Iu6KjfhtN56X/PRnJxa -G2swLdJtUi11WgEhEdBd2x3l3P46eVj4YS48d3J++9mFKZ+ejoKosc7u5Xaj055I -q0fQudOZswD4i8JT5cn7VFYAZSM+Po9Yxq9tfaIm5jld4f/XJGYL39lXBrUTFBWh -PFXDrb35MstSVgHWlKtsLJj+Por4K5NxHdUHRIsOaMGem5GgOYos0AvkLYiQngey -noZ41YSSyJwitHefW46+PKmx5MVlcMcwDOSpvZImTphnlKEttg9/RwMCAwEAAQ== +MIICCgKCAgEAuIBWktCuiEBGV0xDHqXXyUNXjfKf4WWKjCYmA3eFbVMEDinoZef3 +wHTtLuEieJ5kA7xjaYBLCSenaj1RSQQt+tUaLoB2/gARTLteuUCuBjkO4/+h7UOd ++GaqR7+w6mkHaB/03Bl07loEZhgHA6Acrufg2jV0n9krOqv3opk8zrLN3BdwSrXE ++ZWZIqgakDVmQzc57VZEb3O8wZzNHmAZXIiv4gkvKs59sVvSfcPEMywo2cSPPfK9 +UdaZiejjymDY9kbzcp26cwfsksvwxewZk0JKYK9kx96DC97amTZYeEKCkuy4cSZF +qSWcxSfoNkFXYas/UCy7kPegyim9ZMshfzV8dH5HHpvMsaIaMH5674U+LCoViN57 +AD1AabNXSAKuI3KGDJhSC2TDgMbXrj8dV9Sc+hLwwqwi14M6ld7MZBfEQ8Jma+Hz +14Ps2t3p3tZeoeEcySJCvU2nw4i5lkHjsObcgw7g5IaW2u/wYsPi3nprcz1HmUXW +PUHWaOLzLc79xGVq/xKcxyHS0yqrlfa26j6IMc8OaBwIdJW+cyNnlb/xjxwyMEsW +wdGNn2U7FYxatxGfnRWnSn68lJX5RUQsAX0Wnw4cJruyytt3Xq3fZfX0F0dLRiVo +tmfbogj+5ajBKw747CaZgczhMIxWpjzC/JwHXWa0kEuRhC7U90D5mqkCAwEAAQ== -----END RSA PUBLIC KEY----- diff --git a/data.d/vpn-tinc/hosts/mieshu_tyil_net b/data.d/vpn-tinc/hosts/mieshu_tyil_net new file mode 100644 index 0000000..3165294 --- /dev/null +++ b/data.d/vpn-tinc/hosts/mieshu_tyil_net @@ -0,0 +1,16 @@ +Subnet = 10.57.101.10/32 + +-----BEGIN RSA PUBLIC KEY----- +MIICCgKCAgEAtanpLzqjn0nFSeGBxJvVlTsmkXLkXa5QZZkXg4P6xGcXkIq38DV5 +sxpRxHfnL7gWap7K/6VffMmKk/hryob6PRREGjzff2JX72JTskdZh8yXv/9CWD4p +HCaICKz7Rfq6XdrERuSdIDQ+nRTsvQrotbBky7O7BgpT6kHasVpIVRlhjppuZqIM +Vt3U3pTHFR5ltrZlTmHxkuXH2KFlpZuBkqCwfSdrKjkeJke/pJo+BKBPBVJZzE7p +lRxrLJmshdlixoW0A2x5O+kvy75Zd2Nche2si8VJytOaKbOD1frRXZEC0Njz6PtB +Egje+6b49d9v3/EO8va6Gqf83Ef2PDbYc7Ev2aFqCyB+mlkYNUGUM4NXsSUyyY7/ +JroKpchNAVOabFSwdZ05iHsCBG1+IUimT/u2OjQpfcA6jjG5EoY3udgyI0jt8LHj +LnhkKjS+bCxvrfZ7eVY8ZRSGUjKNNG9QuTiVDBqndWCMrZMykuJuLElpchQym7ib +KaMzsrcVpDVqKi6EpkI1lMMT8RuD2reLqp/few5+bnJ28q5EaxdO5HNGb5R/GUMu +20Zl05WAFdlsmyL2K1+1tEUOqphFb3PwfJwLmyZbiNcg4l3E8thz0dRoZtfozNQH +DlsCy8vIsUQrcc10Qe3PtI3zaJbNnFkrLEUv92CmsDRbC6cuTB9cNaUCAwEAAQ== +-----END RSA PUBLIC KEY----- +Ed25519PublicKey = uhJdCV4h/0W+1QWzOlne2BWDX6G/d27QPHdDwNZjUMB diff --git a/data.d/vpn-tinc/hosts/nouki_tyil_net b/data.d/vpn-tinc/hosts/nouki_tyil_net new file mode 100644 index 0000000..e479041 --- /dev/null +++ b/data.d/vpn-tinc/hosts/nouki_tyil_net @@ -0,0 +1,16 @@ +Subnet = 10.57.101.20/32 + +-----BEGIN RSA PUBLIC KEY----- +MIICCgKCAgEAvBBrlZ9vU+LiW30AWQAMfJDMH4IJcr3CuQNWqnYs7xRKtAE3Rqnc +OjMFavgyCnMZd0SAguQYzFRY4jUlM7FtznmeMaf21/9/qfBQRRpCaKB/6frQfieY +NA1eDgE+nfLn5i2l8Of2LBM7YNjhkLGMqgTU1rZUOkD8wv1pn8Z5YpwGISmBAk5o +S4HfbFGq4QpLR4IW33qmmWUUHU5saBHde/MuJyxgff7BtLg6Z5kgaAyG/Oj0NM1W +96KC4u6QjIxeHLVHy4FI298JXMm7txuIGmb3D5hcpFb3Yh5hE9RXAV6aBN3p1s+c ++L8YANlQZTAAlzNveHLF8TKtQa0CVBM3Y4TIpwpFlRGrPpPqExnoAw8pCvjAsUbZ +XvJwNWH6ifo9Snf1Ww3d6zv8at0+ULxIlWAW0AGwDThMJx8qalqyiv1r8eNjANXw +qPXH9f49iZ4OwPgoWC91AQSjgrVKuZStRbjHzalbjDidpLTLceMvjg+MExLzbzpj +Jl4AIp0Oxn9GLEiiVMuvPvfViF0wf3EzQl0GVYdZrftwozJU9/I3hSETl8ISAVa2 +vxm0nzw1d5eZ3MPj36t7K4sNDbIasqJLMDbIHNFhA2GjsP3WlX2eHNY2lThbhScG +qqm4q3bdVo3VCgh0iiMJchw0m7PVntF0FMC6Ghxwcds7u2CsrsBK738CAwEAAQ== +-----END RSA PUBLIC KEY----- +Ed25519PublicKey = z6XeVexx6bPgOqM4LA3Jg0hZehhZZRo/KCM+sf0po/H diff --git a/data.d/vpn-tinc/hosts/oolah_tyil_net b/data.d/vpn-tinc/hosts/oolah_tyil_net new file mode 100644 index 0000000..01278fd --- /dev/null +++ b/data.d/vpn-tinc/hosts/oolah_tyil_net @@ -0,0 +1,16 @@ +Subnet = 10.57.101.1/32 + + +-----BEGIN RSA PUBLIC KEY----- +MIICCgKCAgEA3uaxPI2q7VPAVOh4D9u8b6kSFXNMLtvJQozlhH/Hr3+5Cv/wfKlB +vMPnavGf2J4dlw4d0EoYCCD8k84NkvWCcaXnCpRy80zVQmge2OLaIU7zScCAAqpj +BvCF5q9AbeeI0hxdD8sJI0yYjWpdxsS3tN63kTm0JeYSfrMIwNOoajMUuYOApDB4 +JpZCR3SEgnbkTXsr0uWWUQs9IPnrn2BtwfaN3YDK0KQal36eDwNYiInFutfgWMMh +6WmBLJwNtU4OA68sifs9HGqAkJe+M+Ro43/n8BtUgkNH+RnAtwegZgAWLMMkEoPL +WAGumBsg1QwxLfmSZovUTe4QFFqEYSFhRzRVUTvvBYJI/GGRBBx7igKsc3rfTH6S +Pm483NYeXdNri90Wf77rpfJuEWXtNk9TVRniSHEcs7jxsCs0wxTDE5ozKw3xhlY8 +ezWdbZnY6YKXyvJnHE+Wbe4bO3yt2lPB5Xli7OyGm9TP9TeXnhM60Q12KOIYxhBw +NO7MnyrIAvV3rURaMNJQdDJEtTstgxnXsEjtTQHhduw6RqbDf3Pjz/8XNqium/ss +ifhXawQL6aTzU3N0z/MVh4yYE/svcV36Eh8whnRVGD/p41WwaqDOeAxpxlkB7/rZ +ROujwLLJG4hFHefPtU0cdrFi/oQVGjvywJRro2eqMjPRBwfBELDTTEUCAwEAAQ== +-----END RSA PUBLIC KEY----- diff --git a/data.d/vpn-tinc/hosts/plarabe_tyil_net b/data.d/vpn-tinc/hosts/plarabe_tyil_net new file mode 100644 index 0000000..c375b95 --- /dev/null +++ b/data.d/vpn-tinc/hosts/plarabe_tyil_net @@ -0,0 +1,16 @@ +Subnet = 10.57.100.10/32 + + +-----BEGIN RSA PUBLIC KEY----- +MIICCgKCAgEAvply9cPmEi7zqZEqIEYpTisk+OJvIOXhEL1uwz3ntf8z/1CjG7bq +lGCtgwEx4ilQ4M4JUp5Y+7DSt2JQmpzfunQszhVNSNIBm57iLM7pkhfr6LEXglfW +eGe8nFv4Kph8D+N0kY9xdRIMDCDxvcsdaMcnjCBs+NoGXeF0Yl2Z1pXw0jU4bAe4 +JfXT/AvuvOrBTXVZ+vzqiKbOCxJRK6gWeyfs3gnHTgSQ2eOjyYFOLkTAxnYmFLkO +DPkhQ/s1QviqYFgvJ0of99Q9WnyK7Ki1w5Wx46qoh05ic9FwJ5/AV/1s83TDvUfD +YiVtsdLQxwZcsiXfLa1whisDRy0z93CrnzrVOTEncxo3tGu+Fmz43h5NgQLnIxKq +EWT7SOA0yvyynNRpWmav7XEfWMFJAw08Cz3hlCK+nYAL9w92PIMOVxGQ9QpWcQTb +bxkKNF9A08GKUb3OHjxM3Va+7f4/Ju8fQJ5Ce7UvGAaoWIVSIdO/bWtaKBLpSNou +kgvpyyuOCAMfBFD1c44m8pqtHBfkM6dH5Yp55dV4Q249/E5r/6nErwBYtAcUdRcu +9Tchbc5nLynfRwmG8xVG+sNS/Vmp3S0BFVzqrnmKvB3j5GqU2GZIP7TcWgzf+Y4t +E5mGIbAjTSw7DCqodMzl8MDQqSaauB5rSpy+TfFnw3dsImQyfXN7Lm8CAwEAAQ== +-----END RSA PUBLIC KEY----- @@ -8,10 +8,16 @@ dns.upstream.2=51.83.172.84 dns.upstream.3=2a03:94e0:1804::1 dns.upstream.4=2001:470:71:6dc::53 etc-nixos.path=/etc/nixos -k3s-master.helm.repos.jetstack.url=https://charts.jetstack.io +etc-portage.path=/etc/portage +k3s-master.cluster-domain=k3s.tyil.nl k3s-master.helm.apps.certmanager.chart=jetstack/cert-manager k3s-master.helm.apps.certmanager.namespace=base-system k3s-master.helm.apps.certmanager.values=certmanager.yaml +k3s-master.helm.repos.jetstack.url=https://charts.jetstack.io +k3s-master.service-node-port-min=1025 +k3s-node.entry.host=10.57.101.1 +k3s-node.cluster-domain=k3s.tyil.nl +k3s-node.service-node-port-min=1025 vpn-tinc.name=tyilnet www-blog.generator=hugo www-blog.path=/var/www/nl.tyil.www diff --git a/hosts.d/edephas.tyil.net b/hosts.d/edephas.tyil.net index 93aeba2..38f39c8 100644 --- a/hosts.d/edephas.tyil.net +++ b/hosts.d/edephas.tyil.net @@ -7,29 +7,5 @@ bashtard.backup.fs.paths.3=/var/www/* bashtard.backup.repositories.edephas=/var/media/backups/{fqdn} bashtard.backup.repositories.rsync=rsync.net:{fqdn} bashtard.ssh.host=10.57.100.7 -git.repos.bashtard.description=Configuration Management System in Bash -git.repos.bashtard/vpn-tinc.description=A Bashtard playbook for configuring tinc -git.repos.bashtard/www-static.description=A Bashtard playbook for generating static websites -git.repos.bashtard/k3s-master.description=A Bashtard playbook to set up k3s on a single-node -git.repos.blog.description=The source files to my blog, www.tyil.nl -git.repos.dotfiles.description=My user-level configuration files, use with caution! -git.repos.helm/invidious.description=Helm chart to deploy Invidious -git.repos.helm/nitter.description=Helm chart to deploy Nitter -git.repos.raku/config-parser-toml.description=TOML parser for Config -git.repos.raku/config-parser-yaml.description=YAML parser for Config -git.repos.raku/config.description=Extensible library for reading and writing configuration files in the Raku programming language -git.repos.raku/hash-merge.description=Raku module for deep merging of Hashes -git.repos.raku/io-path-xdg.description=Convenience functions for working with the XDG Base Directory Specification in the Raku programming language -git.repos.raku/irc-client.description=Sources for the IRC::Client module for the Raku programming language -git.repos.raku/irc-grammar.description=Grammar to parse IRC messages -git.repos.raku/log-colored.description=A Log implementation with colored output -git.repos.raku/log-json.description=A Log implementation with JSON formatted output -git.repos.raku/log-simple.description=A simple implementation of the Log library for the Raku programming language -git.repos.raku/log.description=An interface for logging mechanisms in the Raku programming language -git.repos.raku/string-fold.description=Fold strings to a certain length -git.repos.raku/url.description=A Raku library to handle URLs -git.repos.rakudo-star.description=User-friendly distribution of the Raku programming language -git.repos.tyilnet.description=Configuration for machines in my personal network -git.repos.vim/camelcasemotion.description=A plugin for vim to make motions stop at camelCase or snake_case boundaries meta.provider=self vpn-tinc.ipv4=10.57.100.7 diff --git a/hosts.d/gaeru.tyil.net b/hosts.d/gaeru.tyil.net index dfa535b..9adeaa0 100644 --- a/hosts.d/gaeru.tyil.net +++ b/hosts.d/gaeru.tyil.net @@ -3,5 +3,5 @@ bashtard.backup.fs.paths.1=/etc bashtard.backup.fs.paths.2=/home bashtard.backup.repositories.1=rsync.net:{fqdn} bashtard.ssh.host=10.57.20.6 -meta.provider=hetzner +meta.provider=leaseweb vpn-tinc.ipv4=10.57.20.6 diff --git a/hosts.d/hurzak.tyil.net b/hosts.d/hurzak.tyil.net index 9c781c0..af46503 100644 --- a/hosts.d/hurzak.tyil.net +++ b/hosts.d/hurzak.tyil.net @@ -10,12 +10,6 @@ k3s-master.helm.repos.sealed-secrets.url=https://bitnami-labs.github.io/sealed-s k3s-master.helm.repos.bitnami.url=https://charts.bitnami.com/bitnami k3s-master.helm.apps.sealedsecrets.chart=sealed-secrets/sealed-secrets k3s-master.helm.apps.sealedsecrets.namespace=base-system -k3s-master.helm.apps.redis-nitter.chart=bitnami/redis -k3s-master.helm.apps.redis-nitter.namespace=public-services -k3s-master.helm.apps.redis-nitter.values=redis.yaml k3s-master.helm.apps.redis-omgur.chart=bitnami/redis k3s-master.helm.apps.redis-omgur.namespace=public-services k3s-master.helm.apps.redis-omgur.values=redis.yaml -k3s-master.helm.apps.redis-teddit.chart=bitnami/redis -k3s-master.helm.apps.redis-teddit.namespace=public-services -k3s-master.helm.apps.redis-teddit.values=redis.yaml diff --git a/hosts.d/ivdea.tyil.net b/hosts.d/ivdea.tyil.net deleted file mode 100644 index 7dba35c..0000000 --- a/hosts.d/ivdea.tyil.net +++ /dev/null @@ -1,10 +0,0 @@ -bashtard.backup.borg.remote_paths.1=borg1 -bashtard.backup.fs.paths.1=/etc -bashtard.backup.fs.paths.2=/home/tyil -bashtard.ssh.host=10.57.100.8 -k3s-master.helm.apps.ingress.chart=ingress-nginx -k3s-master.helm.apps.ingress.namespace=ingress -k3s-master.helm.apps.ingress.repo=ingress-nginx -k3s-master.helm.apps.ingress.values=nginx/ivdea.yaml -meta.provider=self -vpn-tinc.ipv4=10.57.100.8 diff --git a/hosts.d/jaomox.tyil.net b/hosts.d/jaomox.tyil.net index 1ca394b..e0c9b5a 100644 --- a/hosts.d/jaomox.tyil.net +++ b/hosts.d/jaomox.tyil.net @@ -3,14 +3,5 @@ bashtard.backup.fs.paths.1=/etc bashtard.backup.fs.paths.2=/home/tyil bashtard.backup.repositories.1=rsync.net:{fqdn} bashtard.ssh.host=10.57.21.1 -meta.provider=self +meta.provider=oneprovider vpn-tinc.ipv4=10.57.21.1 -k3s-master.manifest-prefix=jaomox -k3s-master.helm.repos.minio.url=https://charts.min.io/ -k3s-master.helm.repos.grafana.url=https://grafana.github.io/helm-charts/ -k3s-master.helm.apps.mimir.chart=grafana/mimir-distributed -k3s-master.helm.apps.mimir.namespace=personal-services -k3s-master.helm.apps.mimir.values=mimir.yaml -k3s-master.helm.apps.minio.chart=minio/minio -k3s-master.helm.apps.minio.namespace=personal-services -k3s-master.helm.apps.minio.values=minio.yaml diff --git a/hosts.d/mieshu.tyil.net b/hosts.d/mieshu.tyil.net new file mode 100644 index 0000000..00013ec --- /dev/null +++ b/hosts.d/mieshu.tyil.net @@ -0,0 +1,32 @@ +bashtard.ssh.host=10.57.101.10 +git.repodir=/mnt/pool/git +git.repos.bashtard.description=Configuration Management System in Bash +git.repos.bashtard/k3s-master.description=A Bashtard playbook to set up k3s on a single-node +git.repos.bashtard/vpn-tinc.description=A Bashtard playbook for configuring tinc +git.repos.bashtard/www-static.description=A Bashtard playbook for generating static websites +git.repos.blog.description=The source files to my blog, www.tyil.nl +git.repos.dotfiles.description=My user-level configuration files, use with caution! +git.repos.helm/invidious.description=Helm chart to deploy Invidious +git.repos.helm/nitter.description=Helm chart to deploy Nitter +git.repos.kubernetes/nfs-operator.description=An operator for Kubernetes to provision NFS mounts for PVC resources +git.repos.raku/config.description=Extensible library for reading and writing configuration files in the Raku programming language +git.repos.raku/config-parser-toml.description=TOML parser for Config +git.repos.raku/config-parser-yaml.description=YAML parser for Config +git.repos.rakudo-star.description=User-friendly distribution of the Raku programming language +git.repos.raku/hash-merge.description=Raku module for deep merging of Hashes +git.repos.raku/io-path-xdg.description=Convenience functions for working with the XDG Base Directory Specification in the Raku programming language +git.repos.raku/irc-client.description=Sources for the IRC::Client module for the Raku programming language +git.repos.raku/irc-grammar.description=Grammar to parse IRC messages +git.repos.raku/log-colored.description=A Log implementation with colored output +git.repos.raku/log.description=An interface for logging mechanisms in the Raku programming language +git.repos.raku/log-json.description=A Log implementation with JSON formatted output +git.repos.raku/log-simple.description=A simple implementation of the Log library for the Raku programming language +git.repos.raku/string-fold.description=Fold strings to a certain length +git.repos.raku/url.description=A Raku library to handle URLs +git.repos.tyilnet.description=Configuration for machines in my personal network +git.repos.vim/camelcasemotion.description=A plugin for vim to make motions stop at camelCase or snake_case boundaries +k3s-node.role=server +meta.provider=self +nfs-server.exports./mnt/exports/invidious.fsid=97d3493c-1397-479f-bb8a-5c71833b9e17 +nfs-server.exports./mnt/exports/prometheus.fsid=052f42b5-33c0-40b9-aa69-d05dc03a9fa1 +vpn-tinc.ipv4=10.57.101.10 diff --git a/hosts.d/nouki.tyil.net b/hosts.d/nouki.tyil.net new file mode 100644 index 0000000..049d795 --- /dev/null +++ b/hosts.d/nouki.tyil.net @@ -0,0 +1,4 @@ +bashtard.ssh.host=10.57.101.20 +k3s-node.role=server +meta.provider=self +vpn-tinc.ipv4=10.57.101.20 diff --git a/hosts.d/oolah.tyil.net b/hosts.d/oolah.tyil.net new file mode 100644 index 0000000..0db655c --- /dev/null +++ b/hosts.d/oolah.tyil.net @@ -0,0 +1,6 @@ +bashtard.ssh.host=10.57.101.1 +k3s-master.manifest-prefix=tyilnet +k3s-node.role=server +k3s-node.entry.host=10.57.101.20 +meta.provider=self +vpn-tinc.ipv4=10.57.101.1 diff --git a/hosts.d/plarabe.tyil.net b/hosts.d/plarabe.tyil.net new file mode 100644 index 0000000..0a8a289 --- /dev/null +++ b/hosts.d/plarabe.tyil.net @@ -0,0 +1,3 @@ +bashtard.ssh.host=10.57.100.10 +meta.provider=self +vpn-tinc.ipv4=10.57.100.10 diff --git a/playbooks.d/etc-portage/description.txt b/playbooks.d/etc-portage/description.txt new file mode 100644 index 0000000..8d90523 --- /dev/null +++ b/playbooks.d/etc-portage/description.txt @@ -0,0 +1 @@ +A symlinked directory to keep its content synced through Bashtard diff --git a/playbooks.d/etc-portage/playbook.bash b/playbooks.d/etc-portage/playbook.bash new file mode 100644 index 0000000..3140bb3 --- /dev/null +++ b/playbooks.d/etc-portage/playbook.bash @@ -0,0 +1,18 @@ +#!/usr/bin/env bash + +# shellcheck disable=SC2034 + +BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.path]="required" + +playbook_add() { + mkdir -pv -- "$(dirname "$(config "$BASHTARD_PLAYBOOK.path")")" + ln -sv -- "$(playbook_path "data")" "$(config "$BASHTARD_PLAYBOOK.path")" +} + +playbook_sync() { + :; +} + +playbook_del() { + rm -- "$(config "$BASHTARD_PLAYBOOK.path")" +} diff --git a/playbooks.d/git-server/share/pubkeys.d/root@bast-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@bast-ed25519.pub deleted file mode 100644 index e1d7ab3..0000000 --- a/playbooks.d/git-server/share/pubkeys.d/root@bast-ed25519.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICk/6jLojpp5Jaum8C1trxqtZuLd/GJH8sh0SB/Z/y9J root@bast diff --git a/playbooks.d/git-server/share/pubkeys.d/root@gaeru-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@gaeru-ed25519.pub index 3056a3d..fe3c6a7 100644 --- a/playbooks.d/git-server/share/pubkeys.d/root@gaeru-ed25519.pub +++ b/playbooks.d/git-server/share/pubkeys.d/root@gaeru-ed25519.pub @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICj0hW49y+AGuMN2D672I5K6ZVLPVZLCsd+2MIat54nP root@gaeru.tyil.net +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmqoy/OXsmmNpxEN/xISbHwDFt2u8f3HmGIvS2CASHm root@gaeru.tyil.net diff --git a/playbooks.d/git-server/share/pubkeys.d/root@krohxe-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@krohxe-ed25519.pub new file mode 100644 index 0000000..ed9e5ff --- /dev/null +++ b/playbooks.d/git-server/share/pubkeys.d/root@krohxe-ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC331lDhnHuQl4vkTUU5riqJ72ShdZN6zWdt1E3UJ/CJ root@krohxe.tyil.net diff --git a/playbooks.d/git-server/share/pubkeys.d/root@mieshu-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@mieshu-ed25519.pub new file mode 100644 index 0000000..0faf439 --- /dev/null +++ b/playbooks.d/git-server/share/pubkeys.d/root@mieshu-ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJLcXzcOPEYQWEARFgPpZCq2NZhTBWTsIezd4Mrkt0PY root@mieshu.tyil.net diff --git a/playbooks.d/git-server/share/pubkeys.d/root@nouki-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@nouki-ed25519.pub new file mode 100644 index 0000000..a19b34e --- /dev/null +++ b/playbooks.d/git-server/share/pubkeys.d/root@nouki-ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIh9xYBxb5n2N20Dj03lsij32UkPJ27EMQ/6VdKhjWVJ root@nouki.tyil.net diff --git a/playbooks.d/git-server/share/pubkeys.d/root@oolah-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@oolah-ed25519.pub new file mode 100644 index 0000000..d4c3c0d --- /dev/null +++ b/playbooks.d/git-server/share/pubkeys.d/root@oolah-ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII6oh68n5HXeK45YaNnQC0mHufB/bUgsEyE500OW40B1 root@oolah.tyil.net diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@bast-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@bast-ed25519.pub deleted file mode 100644 index 00e492d..0000000 --- a/playbooks.d/git-server/share/pubkeys.d/tyil@bast-ed25519.pub +++ /dev/null @@ -1,5 +0,0 @@ -<<<<<<< HEAD -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAXhPa+EGS4NySl0YqG38xGEab6uqdimseqq4tlLWyV4 tyil@bast.tyil.net -======= -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILE1+6HjG3XvLQDHLwnFzq78SEsPTNa8Wu6+inmTMqu7 tyil@bast ->>>>>>> d8b0063 (Update pubkey for tyil@bast) diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@gaeru-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@gaeru-ed25519.pub new file mode 100644 index 0000000..d5632d9 --- /dev/null +++ b/playbooks.d/git-server/share/pubkeys.d/tyil@gaeru-ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ94ffGPvEb/Hi2B2XSaYjKpMiV93fzGLe0QUlXRJb1L tyil@gaeru.tyil.net diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@ivdea-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@ivdea-ed25519.pub deleted file mode 100644 index 834bcd2..0000000 --- a/playbooks.d/git-server/share/pubkeys.d/tyil@ivdea-ed25519.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+Ki28DBM3A8QUpxbAlZx2x111+rhn8JPcec67y9xi/ tyil@ivdea.tyil.net diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@ludifah-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@ludifah-ed25519.pub new file mode 100644 index 0000000..e3503e7 --- /dev/null +++ b/playbooks.d/git-server/share/pubkeys.d/tyil@ludifah-ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIVPGs2LkDvdkMzwR1Crk8OblMQD2snClUuIcYgUYcu4 tyil@ludifah.tyil.net diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@mieshu-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@mieshu-ed25519.pub new file mode 100644 index 0000000..a70b37c --- /dev/null +++ b/playbooks.d/git-server/share/pubkeys.d/tyil@mieshu-ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFqLhjoIYRZmkD9sv1l1c03x6EpkadjfrGJ+4gqgkmp5 tyil@mieshu.tyil.net diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@nouki-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@nouki-ed25519.pub new file mode 100644 index 0000000..52f292a --- /dev/null +++ b/playbooks.d/git-server/share/pubkeys.d/tyil@nouki-ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNztf75LVF+UvoIDyduHfynZupdC+9g7RaIs6cGgmCa tyil@nouki.tyil.net diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@oolah-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@oolah-ed25519.pub new file mode 100644 index 0000000..dabadac --- /dev/null +++ b/playbooks.d/git-server/share/pubkeys.d/tyil@oolah-ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJkjrJ6agLK5Bdg2Y5B+88XDbP5UsQyvdUbd3LrOVmjI tyil@oolah.tyil.net diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@sessifet-rsa.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@sessifet-rsa.pub deleted file mode 100644 index 1b8d9e6..0000000 --- a/playbooks.d/git-server/share/pubkeys.d/tyil@sessifet-rsa.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqntlHQ/3HHPUoNl7bpQ6pZIxZHnUAAIXTB5eBjDE0auJZE0Qz5HjUkqZNSb0SzoK9GgLLMH7yNMaYMSTRJguRARRTY3MpdQbrsMu5/8HbKZwxhy7jVRAODnIDO2b3A67ZOHQAazNZYlX873fVhDJHP3RPpYWJS1L2jyk6Z3euvg0duo4JolBEHzmuDi8mEhdNhjW54VM9CRofRrD2VBrnxbmH6LCQwVfuEiz7jVlyugKIiPtaX/9fSnwUVjpNVn0TA93FL0M6xypZFywORrAGLV9kuoQ/G0iVfXqH1A04OFzH1RGNq+oHfHWYZdE098SS+ur9E8+wXcIDBkkI37kF tyil@sessifet.tyil.net diff --git a/playbooks.d/k3s-master b/playbooks.d/k3s-master -Subproject 00e7ed1c2e5c4cd26aa91fe4e020b301250e252 +Subproject 27d48e4dec3e2eee30d6000f16dc7eb8f67b85e diff --git a/playbooks.d/k3s-node/description.txt b/playbooks.d/k3s-node/description.txt new file mode 100644 index 0000000..2a299e3 --- /dev/null +++ b/playbooks.d/k3s-node/description.txt @@ -0,0 +1 @@ +Playbook for a single k3s node to be part of an existing cluster. diff --git a/playbooks.d/k3s-node/etc/defaults b/playbooks.d/k3s-node/etc/defaults new file mode 100644 index 0000000..3e2c63b --- /dev/null +++ b/playbooks.d/k3s-node/etc/defaults @@ -0,0 +1,3 @@ +pkg.curl=curl +pkg.nfs-common=nfs-common +pkg.open-iscsi=open-iscsi diff --git a/playbooks.d/k3s-node/etc/os.d/linux-gentoo b/playbooks.d/k3s-node/etc/os.d/linux-gentoo new file mode 100644 index 0000000..5e7bc08 --- /dev/null +++ b/playbooks.d/k3s-node/etc/os.d/linux-gentoo @@ -0,0 +1,2 @@ +pkg.nfs-common=net-fs/nfs-utils +pkg.open-iscsi=sys-block/open-iscsi diff --git a/playbooks.d/k3s-node/playbook.bash b/playbooks.d/k3s-node/playbook.bash new file mode 100644 index 0000000..f2ae8d6 --- /dev/null +++ b/playbooks.d/k3s-node/playbook.bash @@ -0,0 +1,41 @@ +#!/usr/bin/env bash + +BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.entry.host]="required" +BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.entry.token]="required" + +playbook_add() { + pkg install curl nfs-common open-iscsi + + info "$BASHTARD_PLAYBOOK" "Writing config.yaml for k3s" + mkdir -pv -- /etc/rancher/k3s + cat <<-EOF > /etc/rancher/k3s/config.yaml + node-ip: "$(config "$BASHTARD_PLAYBOOK.node-ip" "$(config "bashtard.ssh.host")")" + node-name: "${BASHTARD_PLATFORM[fqdn]}" + server: "https://$(config "$BASHTARD_PLAYBOOK.entry.host"):$(config "$BASHTARD_PLAYBOOK.entry.port" "6443")" + token: "$(config "$BASHTARD_PLAYBOOK.entry.token")" + EOF + + if [[ "$(config "$BASHTARD_PLAYBOOK.role")" == "server" ]] + then + cat <<-EOF >> /etc/rancher/k3s/config.yaml + cluster-cidr: "$(config "$BASHTARD_PLAYBOOK.cluster-cidr" "172.19.0.0/16")" + cluster-domain: "$(config "$BASHTARD_PLAYBOOK.cluster-domain" "cluster.local")" + service-cidr: "$(config "$BASHTARD_PLAYBOOK.service-cidr" "172.20.0.0/16")" + service-node-port-range: "$(config "$BASHTARD_PLAYBOOK.service-node-port-min" "30000")-$(config "$BASHTARD_PLAYBOOK.service-node-port-max" "32767")" + EOF + fi + + info "$BASHTARD_PLAYBOOK" "Installing k3s" + curl -sfL https://get.k3s.io | sh -s - "$(config "$BASHTARD_PLAYBOOK.role" "agent")" + + notice "$BASHTARD_PLAYBOOK" "Waiting for node to become available" + { grep -q -m 1 "${BASHTARD_PLATFORM[fqdn]}[[:space:]]\+Ready"; kill $!; } < <(k3s kubectl get node -w) +} + +playbook_sync() { + :; +} + +playbook_del() { + /usr/local/bin/k3s-uninstall.sh +} diff --git a/playbooks.d/nfs-server/description.txt b/playbooks.d/nfs-server/description.txt new file mode 100644 index 0000000..8e396fe --- /dev/null +++ b/playbooks.d/nfs-server/description.txt @@ -0,0 +1 @@ +A Bashtard playbook to configure a machine as an NFS server diff --git a/playbooks.d/nfs-server/etc/defaults b/playbooks.d/nfs-server/etc/defaults new file mode 100644 index 0000000..f8af32e --- /dev/null +++ b/playbooks.d/nfs-server/etc/defaults @@ -0,0 +1,3 @@ +pkg.nfs-utils=nfs-utils +svc.nfs=nfs-server +svc.rpcbind=rpcbind diff --git a/playbooks.d/nfs-server/etc/os.d/linux-gentoo b/playbooks.d/nfs-server/etc/os.d/linux-gentoo new file mode 100644 index 0000000..a76300d --- /dev/null +++ b/playbooks.d/nfs-server/etc/os.d/linux-gentoo @@ -0,0 +1 @@ +pkg.nfs-utils=net-fs/nfs-utils diff --git a/playbooks.d/nfs-server/playbook.bash b/playbooks.d/nfs-server/playbook.bash new file mode 100644 index 0000000..6856c72 --- /dev/null +++ b/playbooks.d/nfs-server/playbook.bash @@ -0,0 +1,75 @@ +#!/usr/bin/env bash + +playbook_add() { + pkg install nfs-utils + + touch /etc/exports + + playbook_sync + + svc enable nfs + svc enable rpcbind + + svc start nfs + svc start rpcbind +} + +playbook_sync() { + local buffer="$(tmpfile)" + local exports="/etc/exports.d/kubernetes.exports" + local hash="$(file_hash "$exports")" + + local root_options="ro,no_subtree_check" + local export_options="rw,no_root_squash,no_subtree_check" + local root_export="/mnt/exports" + local allowed_cidr=("10.57.0.0/16" "172.19.0.0/16") + local fsid + + { + printf "%s" "$root_export" + for host in "${allowed_cidr[@]}" + do + printf " %s(fsid=%s,%s)" "$host" "0" "$export_options" + done + printf "\n" + + for path in "$root_export"/* + do + fsid="$(config "$BASHTARD_PLAYBOOK.exports.$path.fsid" "")" + + if [[ "$fsid" == "" ]] + then + warn "$BASHTARD_PLAYBOOK" "Generating fsid for $path" + fsid="$(uuidgen)" + $BASHTARD_BIN var "$BASHTARD_PLAYBOOK.exports.$path.fsid" "$fsid" + fi + + printf "%s" "$path" + for host in "${allowed_cidr[@]}" + do + printf " %s(fsid=%s,%s)" "$host" "$fsid" "$export_options" + done + printf "\n" + + unset fsid + done + } > "$buffer" + + [[ "$(file_hash "$buffer")" == "$hash" ]] && return + + mv -- "$buffer" "$exports" + + [[ "$BASHTARD_ACTION" == "add" ]] && return + + exportfs -rv +} + +playbook_del() { + svc stop rpcbind + svc stop nfs + + svc disable rpcbind + svc disable nfs + + pkg uninstall nfs-utils +} diff --git a/playbooks.d/ssh/playbook.bash b/playbooks.d/ssh/playbook.bash index 066d099..66d5963 100644 --- a/playbooks.d/ssh/playbook.bash +++ b/playbooks.d/ssh/playbook.bash @@ -13,7 +13,7 @@ playbook_add() { playbook_sync() { info "$BASHTARD_PLAYBOOK" "Templating sshd_config" - file_template "sshd_config.bpt" \ + file_template "sshd_config.satpl" \ "sftp=$(config "ssh.sftp")" \ > /etc/ssh/sshd_config @@ -26,7 +26,7 @@ playbook_sync() { fi info "$BASHTARD_PLAYBOOK" "Generating MotD" - file_template "motd" \ + file_template "motd.satpl" \ "fqdn=${BASHTARD_PLATFORM[fqdn]}" \ "time=$(date -u "+%FT%T")" \ > /etc/motd diff --git a/playbooks.d/ssh/share/motd b/playbooks.d/ssh/share/motd.satpl index 7fc4e34..7fc4e34 100644 --- a/playbooks.d/ssh/share/motd +++ b/playbooks.d/ssh/share/motd.satpl diff --git a/playbooks.d/ssh/share/sshd_config.bpt b/playbooks.d/ssh/share/sshd_config.satpl index f1976a5..900ed34 100644 --- a/playbooks.d/ssh/share/sshd_config.bpt +++ b/playbooks.d/ssh/share/sshd_config.satpl @@ -8,7 +8,7 @@ ListenAddress :: PrintMotd yes # SFTP -Subsystem sftp {{sftp}} +Subsystem sftp ${sftp} # Authentication AuthorizedKeysFile /etc/ssh/authorized_keys .ssh/authorized_keys diff --git a/registry.d/mieshu.tyil.net b/registry.d/mieshu.tyil.net new file mode 100644 index 0000000..d2cc84d --- /dev/null +++ b/registry.d/mieshu.tyil.net @@ -0,0 +1,7 @@ +etc-portage +git-server +k3s-node +nfs-server +ssh +user-tyil +vpn-tinc diff --git a/registry.d/nouki.tyil.net b/registry.d/nouki.tyil.net new file mode 100644 index 0000000..912e4c3 --- /dev/null +++ b/registry.d/nouki.tyil.net @@ -0,0 +1,5 @@ +etc-portage +k3s-node +ssh +user-tyil +vpn-tinc diff --git a/registry.d/ivdea.tyil.net b/registry.d/oolah.tyil.net index 2e7ea04..2e7ea04 100644 --- a/registry.d/ivdea.tyil.net +++ b/registry.d/oolah.tyil.net diff --git a/registry.d/plarabe.tyil.net b/registry.d/plarabe.tyil.net new file mode 100644 index 0000000..98cfbf8 --- /dev/null +++ b/registry.d/plarabe.tyil.net @@ -0,0 +1 @@ +vpn-tinc |