summaryrefslogtreecommitdiff
path: root/data.d
diff options
context:
space:
mode:
Diffstat (limited to 'data.d')
-rw-r--r--data.d/etc-nixos/.gitignore2
-rw-r--r--data.d/etc-nixos/README.md119
-rw-r--r--data.d/etc-nixos/apps/vpn-tinc.nix283
-rw-r--r--data.d/etc-nixos/env/global.nix72
-rw-r--r--data.d/etc-nixos/env/laptop.nix13
-rw-r--r--data.d/etc-nixos/env/server.nix7
-rw-r--r--data.d/etc-nixos/env/workstation.nix74
-rw-r--r--data.d/etc-nixos/wm/awesome.nix30
-rw-r--r--data.d/etc-nixos/wm/herbstluftwm.nix22
-rw-r--r--data.d/etc-nixos/wm/kde.nix55
-rw-r--r--data.d/etc-portage/.gitignore3
-rw-r--r--data.d/etc-portage/binrepos.conf/gentoobinhost.conf3
-rw-r--r--data.d/etc-portage/binrepos.conf/tyilnet.conf3
-rw-r--r--data.d/etc-portage/make.conf/00-defaults.conf15
-rw-r--r--data.d/etc-portage/make.conf/10-global.conf56
-rw-r--r--data.d/etc-portage/package.accept_keywords/15-vpn.accept_keywords1
-rw-r--r--data.d/etc-portage/package.license1
-rw-r--r--data.d/etc-portage/package.use/10-kernel.use3
-rw-r--r--data.d/etc-portage/package.use/15-apcupsd.use1
-rw-r--r--data.d/etc-portage/repos.conf/gentoo.conf19
-rw-r--r--data.d/etc-portage/sets/mintlab22
-rw-r--r--data.d/etc-portage/sets/tyil47
-rw-r--r--data.d/etc-portage/sets/tyil-gaming2
-rw-r--r--data.d/etc-portage/sets/tyil-gui53
-rw-r--r--data.d/etc-portage/sets/tyil-laptop7
-rw-r--r--data.d/etc-portage/sets/tyil-workstation16
-rw-r--r--data.d/etc-portage/sets/yubikey2
-rw-r--r--data.d/k3s-master/manifests.d/_/namespaces.yaml60
-rw-r--r--data.d/k3s-master/manifests.d/_/pv/dist.yaml21
-rw-r--r--data.d/k3s-master/manifests.d/_/pv/etc-lldap.yaml21
-rw-r--r--data.d/k3s-master/manifests.d/auth-system/lldap/deployment.yaml65
-rw-r--r--data.d/k3s-master/manifests.d/auth-system/lldap/ingress.yaml31
-rw-r--r--data.d/k3s-master/manifests.d/auth-system/lldap/pvc.yaml15
-rw-r--r--data.d/k3s-master/manifests.d/auth-system/lldap/service.yaml52
-rw-r--r--data.d/k3s-master/manifests.d/base-system/amdgpu-device-plugin.yaml42
-rw-r--r--data.d/k3s-master/manifests.d/base-system/cert-manager.yaml28
-rw-r--r--data.d/k3s-master/manifests.d/base-system/fuse-device-plugin.yaml36
-rw-r--r--data.d/k3s-master/manifests.d/base-system/ingress-nginx.yaml32
-rw-r--r--data.d/k3s-master/manifests.d/base-system/sealed-secrets.yaml18
-rw-r--r--data.d/k3s-master/manifests.d/base-system/seaweedfs-csi-driver.yaml14
-rw-r--r--data.d/k3s-master/manifests.d/base-system/vertical-pod-autoscaler.yaml14
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/biboumi/deployment.yaml55
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/biboumi/secret-config.yaml17
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/cgit/configmap.yaml68
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/cgit/deployment.yaml51
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/cgit/ingress.yaml31
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/cgit/service.yaml23
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/dist/deployment.yaml47
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/dist/ingress.yaml31
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/dist/pvc.yaml15
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/dist/service.yaml22
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/nextcloud/cron.yaml36
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/nextcloud/deployment.yaml45
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/nextcloud/ingress.yaml35
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/nextcloud/service.yaml23
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/prosody/configmap.yaml160
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/prosody/deployment.yaml66
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/prosody/ingress.yaml33
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/prosody/secret-components.yaml17
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/prosody/secret-config.yaml16
-rw-r--r--data.d/k3s-master/manifests.d/personal-services/prosody/service.yaml56
-rw-r--r--data.d/k3s-master/manifests.d/public-services/invidious/deployment.yaml56
-rw-r--r--data.d/k3s-master/manifests.d/public-services/invidious/ingress.yaml31
-rw-r--r--data.d/k3s-master/manifests.d/public-services/invidious/service.yaml25
-rw-r--r--data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-blockdiag.yaml34
-rw-r--r--data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-bpmn.yaml34
-rw-r--r--data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-excalidraw.yaml34
-rw-r--r--data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-mermaid.yaml33
-rw-r--r--data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki.yaml53
-rw-r--r--data.d/k3s-master/manifests.d/public-services/kroki/ingress-kroki.yaml31
-rw-r--r--data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-blockdiag.yaml22
-rw-r--r--data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-bpmn.yaml22
-rw-r--r--data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-excalidraw.yaml22
-rw-r--r--data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-mermaid.yaml22
-rw-r--r--data.d/k3s-master/manifests.d/public-services/kroki/service-kroki.yaml22
-rw-r--r--data.d/k3s-master/manifests.d/servarr/bazarr/deployment.yaml78
-rw-r--r--data.d/k3s-master/manifests.d/servarr/bazarr/ingress.yaml32
-rw-r--r--data.d/k3s-master/manifests.d/servarr/bazarr/service.yaml22
-rw-r--r--data.d/k3s-master/manifests.d/servarr/jellyfin/deployment.yaml103
-rw-r--r--data.d/k3s-master/manifests.d/servarr/jellyfin/ingress.yaml31
-rw-r--r--data.d/k3s-master/manifests.d/servarr/jellyfin/service.yaml23
-rw-r--r--data.d/k3s-master/manifests.d/servarr/jellyseerr/deployment.yaml54
-rw-r--r--data.d/k3s-master/manifests.d/servarr/jellyseerr/ingress.yaml31
-rw-r--r--data.d/k3s-master/manifests.d/servarr/jellyseerr/service.yaml22
-rw-r--r--data.d/k3s-master/manifests.d/servarr/lidarr/deployment.yaml60
-rw-r--r--data.d/k3s-master/manifests.d/servarr/lidarr/ingress.yaml31
-rw-r--r--data.d/k3s-master/manifests.d/servarr/lidarr/service.yaml23
-rw-r--r--data.d/k3s-master/manifests.d/servarr/prowlarr/deployment.yaml54
-rw-r--r--data.d/k3s-master/manifests.d/servarr/prowlarr/ingress.yaml31
-rw-r--r--data.d/k3s-master/manifests.d/servarr/prowlarr/service.yaml23
-rw-r--r--data.d/k3s-master/manifests.d/servarr/radarr/deployment.yaml66
-rw-r--r--data.d/k3s-master/manifests.d/servarr/radarr/ingress.yaml31
-rw-r--r--data.d/k3s-master/manifests.d/servarr/radarr/service.yaml23
-rw-r--r--data.d/k3s-master/manifests.d/servarr/readarr/deployment.yaml60
-rw-r--r--data.d/k3s-master/manifests.d/servarr/readarr/ingress.yaml31
-rw-r--r--data.d/k3s-master/manifests.d/servarr/readarr/service.yaml22
-rw-r--r--data.d/k3s-master/manifests.d/servarr/sonarr/deployment.yaml66
-rw-r--r--data.d/k3s-master/manifests.d/servarr/sonarr/ingress.yaml31
-rw-r--r--data.d/k3s-master/manifests.d/servarr/sonarr/service.yaml23
-rw-r--r--data.d/k3s-master/manifests.d/servarr/unpackerr/deployment.yaml88
-rw-r--r--data.d/k3s-master/manifests.d/servarr/whisparr/deployment.yaml60
-rw-r--r--data.d/k3s-master/manifests.d/servarr/whisparr/ingress.yaml32
-rw-r--r--data.d/k3s-master/manifests.d/servarr/whisparr/service.yaml22
-rw-r--r--data.d/vpn-tinc/hosts/anoia_tyil_net25
-rw-r--r--data.d/vpn-tinc/hosts/caeghi_tyil_net27
-rw-r--r--data.d/vpn-tinc/hosts/denahnu_tyil_net16
-rw-r--r--data.d/vpn-tinc/hosts/edephas_tyil_net27
-rw-r--r--data.d/vpn-tinc/hosts/faiwoo_tyil_net27
-rw-r--r--data.d/vpn-tinc/hosts/gaeru_tyil_net26
-rw-r--r--data.d/vpn-tinc/hosts/hurzak_tyil_net16
-rw-r--r--data.d/vpn-tinc/hosts/ivdea_tyil_net16
-rw-r--r--data.d/vpn-tinc/hosts/jaomox_tyil_net26
-rw-r--r--data.d/vpn-tinc/hosts/krohxe_tyil_net16
-rw-r--r--data.d/vpn-tinc/hosts/ludifah_tyil_net4
-rw-r--r--data.d/vpn-tinc/hosts/mieshu_tyil_net17
-rw-r--r--data.d/vpn-tinc/hosts/nouki_tyil_net17
-rw-r--r--data.d/vpn-tinc/hosts/oolah_tyil_net16
-rw-r--r--data.d/vpn-tinc/hosts/plarabe_tyil_net18
-rw-r--r--data.d/vpn-tinc/hosts/qohrei_tyil_net19
-rw-r--r--data.d/vpn-tinc/hosts/ricui_tyil_net18
-rw-r--r--data.d/vpn-wireguard/.gitignore1
-rwxr-xr-xdata.d/vpn-wireguard/hooks/post-up47
-rw-r--r--data.d/vpn-wireguard/peers/faiwoo.tyil.net5
-rw-r--r--data.d/vpn-wireguard/peers/gaeru.tyil.net5
-rw-r--r--data.d/vpn-wireguard/peers/jaomox.tyil.net5
-rw-r--r--data.d/vpn-wireguard/peers/mieshu.tyil.net5
-rw-r--r--data.d/vpn-wireguard/peers/nouki.tyil.net5
-rw-r--r--data.d/vpn-wireguard/peers/oolah.tyil.net5
-rw-r--r--data.d/vpn-wireguard/peers/qohrei.tyil.net5
-rw-r--r--data.d/vpn-wireguard/peers/ricui.tyil.net5
130 files changed, 4121 insertions, 139 deletions
diff --git a/data.d/etc-nixos/.gitignore b/data.d/etc-nixos/.gitignore
new file mode 100644
index 0000000..2ee4098
--- /dev/null
+++ b/data.d/etc-nixos/.gitignore
@@ -0,0 +1,2 @@
+configuration.nix
+hardware-configuration.nix
diff --git a/data.d/etc-nixos/README.md b/data.d/etc-nixos/README.md
new file mode 100644
index 0000000..798fe0c
--- /dev/null
+++ b/data.d/etc-nixos/README.md
@@ -0,0 +1,119 @@
+# Set variables
+
+```sh
+disk=...
+zfs_pool=...
+swap_ratio=1.5
+```
+
+# Partition disk
+
+```sh
+parted -s "$disk" mklabel gpt
+```
+
+## boot
+
+### MBR
+
+We don't do MBR anymore!
+
+### EFI
+
+```sh
+parted -a optimal "$disk" mkpart primary fat32 1MiB 1001MiB
+parted "$disk" set 1 esp on
+
+mkfs.vfat -F32 "${disk}1"
+```
+
+## swap
+
+```sh
+swap_end=$(awk '/MemTotal/ { print int($2 / 1000 * '"$swap_ratio"') + 1001 }' /proc/meminfo)
+parted -a optimal "$disk" mkpart primary linux-swap 1001MiB "$swap_end"
+
+mkswap "${disk}2"
+swapon "${disk}2"
+```
+
+## zpool
+
+```sh
+parted -a optimal "$disk" mkpart primary "$swap_end" 100%
+
+zpool create \
+ -O mountpoint=none \
+ -O encryption=on \
+ -O keyformat=passphrase \
+ -O keylocation=prompt \
+ -O acltype=posixacl \
+ -O xattr=sa \
+ -O compression=zstd \
+ -O dnodesize=auto \
+ -O normalization=formD \
+ -o ashift=12 \
+ -o autotrim=on \
+ -R /mnt \
+ "$zfs_pool" "${disk}3"
+```
+
+### zfs volumes
+
+```sh
+zfs create -o mountpoint=none "$zfs_pool/rootfs"
+zfs create -o mountpoint=legacy "$zfs_pool/rootfs/nixos"
+zfs create -o mountpoint=legacy "$zfs_pool/homefs"
+zfs create -o mountpoint=legacy "$zfs_pool/homefs/root"
+zfs create -o mountpoint=legacy "$zfs_pool/homefs/tyil"
+```
+
+# Mount partitions/volumes
+
+```sh
+mount -t zfs "$zfs_pool/rootfs/nixos" /mnt
+
+mkdir -pv -- /mnt/boot
+mount -t vfat "${disk}1" /mnt/boot
+
+mkdir -pv -- /mnt/home
+mount -t zfs "$zfs_pool/homefs" /mnt/home
+
+mkdir -pv -- /mnt/root
+mkdir -pv -- /mnt/home/tyil
+mount -t zfs "$zfs_pool/homefs/root" /mnt/root
+mount -t zfs "$zfs_pool/homefs/tyil" /mnt/home/tyil
+```
+
+# Install NixOS
+
+## Configure
+
+```sh
+nixos-generate-config --root /mnt
+```
+
+Apply configs in `/mnt/etc/nixos`
+
+```nix
+{
+ boot.supportedFilesystems = [ "zfs" ];
+ boot.zfs.devNodes = ...
+ boot.zfs.forceImportRoot = false;
+ networking.hostId = $(head -c4 /dev/urandom | od -A none -t x4)
+ networking.hostName = ...
+}
+```
+
+## Install
+
+```sh
+cd /mnt && nixos-install
+```
+
+## Reboot
+
+```sh
+umount -lR /mnt
+zpool export "$zfs_pool"
+```
diff --git a/data.d/etc-nixos/apps/vpn-tinc.nix b/data.d/etc-nixos/apps/vpn-tinc.nix
new file mode 100644
index 0000000..0634ecc
--- /dev/null
+++ b/data.d/etc-nixos/apps/vpn-tinc.nix
@@ -0,0 +1,283 @@
+{ config, pkgs, ... }:
+
+# To have this node join the network, generate keys, add the new host with its
+# public keys to the list in this file, then rebuild.
+#
+# - mkdir -pv -- /etc/tinc/tyilnet
+# - nix-shell -p tinc_pre --run "tinc -n tyilnet generate-keys 4096"
+# - $EDITOR /etc/nixos/configuration.nix
+# ? networking.interfaces."tinc.tyilnet".address
+# - services.tinc.networks.tyilnet.name
+# - imports += [ "./apps/vpn-tinc.nix" ]
+# - cat /etc/tinc/tyilnet/*.pub
+# - $EDITOR /etc/nixos/apps/vpn-tinc.nix
+
+{
+ environment = {
+ etc = {
+ # This part should be written to configuration.nix while I try to learn
+ # how to do it cleanly with a simple variable
+ #
+ #"tinc/tyilnet/tinc-up".source = pkgs.writeScript "tinc-up" ''
+ # #!${pkgs.stdenv.shell}
+ # ${pkgs.nettools}/bin/ifconfig $INTERFACE 10.57.50.50 netmask 255.255.0.0
+ #'';
+ "tinc/tyilnet/tinc-down".source = pkgs.writeScript "tinc-down" ''
+ #!${pkgs.stdenv.shell}
+ /run/wrappers/bin/sudo ${pkgs.nettools}/bin/ifconfig $INTERFACE down
+ '';
+ };
+ };
+
+ networking = {
+ firewall = {
+ allowedUDPPorts = [ 655 ];
+ allowedTCPPorts = [ 655 ];
+ };
+ };
+
+ security.sudo.extraRules = [
+ {
+ users = [ "tinc.tyilnet" ];
+ commands = [
+ {
+ command = "${pkgs.nettools}/bin/ifconfig";
+ options = [ "NOPASSWD" ];
+ }
+ ];
+ }
+ ];
+
+ services = {
+ tinc = {
+ networks = {
+ tyilnet = {
+ debugLevel = 3;
+ chroot = false;
+ interfaceType = "tap";
+
+ extraConfig = ''
+ ConnectTo = caeghi_tyil_net
+ ConnectTo = denahnu_tyil_net
+ ConnectTo = faiwoo_tyil_net
+ ConnectTo = gaeru_tyil_net
+ ConnectTo = hurzak_tyil_net
+ ConnectTo = jaomox_tyil_net
+
+ Ed25519PrivateKeyFile = /etc/tinc/tyilnet/ed25519_key.priv
+ PrivateKeyFile = /etc/tinc/tyilnet/rsa_key.priv
+ '';
+
+ hosts = {
+ anoia_tyil_net = ''
+ Subnet = 10.57.100.3/32
+
+ Ed25519PublicKey = 04G6200IYDzDT3H0Yj6ZjQUIUc8tCIvzPaXmyk36e2M
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAt+7D3zRySAfd9cYnMSNhp/yRnBygmnfLdKm/dH9X7QbJ1BNcQpTP
+ I1RmC9lNlWABhB46DJUqQAQeGlZPUHxbCnmdDN6HyDaSA45m/yGUbVhN/ClK7iap
+ EXfNmxZbtE4eBHDz5DsFe7i2nla4gogyiUQsvRgIP2b2v9qzBhqf2kXwv0X+n7hv
+ HvQOdN60x/xm1+Vh6wsdX2HYatEh3dy1pfj+1RCQIWV1FDS1YVbFZFb1UJz917G/
+ DIpM/Cb/3txH0ffVh2NVqFBW3kd60Cs42/6htpHucBQ1dRVZUCKKWz1sgi5H4nty
+ HdPDPwOphrvNE7kXjvhkPIif1KtCr2SLwOK0UXR9iZtWuDH/Uxn2v7ofa0a3zKGf
+ yPrVwzhciv2cdbXPiTFyAS8YbpQUQTcuqDVi1AxE8Z0KmuvgBtTtAzMDyoTLOfzS
+ yZ3a0qQhX3nvLkXWh7cA7cquuP4LgP5iY1vJSRO2EZA61/WdKs8asl0EN8Zn8EEz
+ opnvcM3M0ptBZy1Dz2X6Lz0QliQrzajmSRhfUMTOq3ARvnLsES14ZqehavH5Ntms
+ G1OVdVnd7fqibMhWz/dKiB3uG+1e39isTPW3+22MEm4R0ngfF6olZ8SdHrIWFPW8
+ bvdzf7ebFrjuqi6qN/NdUwrzWdDGU83W2xEBsHHbHcoKaB2uwcCKvjcCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ bast_tyil_net = ''
+ Subnet = 10.57.50.50/32
+
+ Ed25519PublicKey = De60ft6TStf9oJ060kxpSmX7xJ/ZVO9EFXgQdqWcWaO
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAwvOYvgciXHsrqMHIWKDUcJjCF1ARjAxqb3s/BzRlz0XcynzpYDV/
+ EtiZWRkKmDveUILe8pk3gFlu2vwen9DGVydg+tW4G0z4NIejoC9FR8a/NpjTzMvw
+ gNCihTFpPqoqn7loy+OdHIWv34v26zUFY8r0W1XUX0O0vtUcWTHwkV6DggujFPxG
+ SM9yGyl7MxuDbr9EP520dsklWGQT93RlUizr1dm2QNLgQN6+FMTpVPJN/2uaHSMo
+ 9xx3vLltqweyvMrIWCPQQSu+vj9Dqq+4ToC2rXkEfMsjkDyVJViOzSarZfAHCdJL
+ S/aZh4PC9EMsc+DmoIQwN7fKG3CQkm3QZ2P1WKG0jNZ2jdC50G7G9QypKdPFh5Al
+ Oy6z/+VG05+ouRmfQTi12Kap7aakMOw9vjL1BSGgoTxToS7m+O5Q9ByodhVhRBMc
+ pp0ZHvPhZjM0jmtqrTtTkQDGonCiN/IxOdneTkiM0lW9UnROWqYJHL1B92sVyADw
+ S9ddyfUbUFLnOdJkF/JBFR3d5GxIcY1HVfYbugbIBGnal5koALFfhDkYJqQbbuAz
+ z1rSm4yYFWKKFThpZA1oRvEh9UJNbFOepreImCmUKZurgQZFMUjRMRtTcRXy07fR
+ /EctKPyzDKmQOHlnR4hNd3laefwL0vMO7Wra4NqoJx4MMmnPtl5s8okCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ caeghi_tyil_net = ''
+ Address = 116.202.102.33
+ Subnet = 10.57.20.2/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA2abFKFB1Dr1YMcAIWcy/2+jJn+suPyiQjz6vgt476P9a/I7SUCta
+ P5QUPxvS9pZxFVTFKzpmdKxG1pbCAkhArtNg2R1VFEiYCxS+iey+F11pMPEZFVpC
+ EIXeVDQeBm9UXjrOpcTRIwEO7Q2J2lzRrhGm6Rpb6XbdmtQ3S8XgVsXYwWoV7muf
+ TE/d5fgtz8Hghti8w86FP9q61iH6AHCREwbHEUyat5hwznmbiNJHyjx+otI63sQo
+ FS37EazhqCEvt9jyvVSmB7kVTOLnIVATWDaUlPCLLvps09eRsz6aAa7RHCGd3x/W
+ mRHxDCbeKL4ilpo/FPZhANdQImLmFovOtwZ6xawRWKPcRXhkaL24qQC0MLH9wmnY
+ oM6EMioWUa0F11iFM99DTK+NF2Pk8vHNzm0Ep5g0SHzqnAIDDzeNTC9ogwsETqL5
+ t7VY1GXuKWgta9L2q03X7FMEgjIc3lPgVLc0Ccx11MTgVzcIaLxFQ58oo+xFuc9I
+ rBqjZgJwg5MTdZiyZesLJuV+YP+yRat3LifAwIZhloSBVPU6YKx/y30BHjDM8FP1
+ OM2IzJLrafZDy034XyD4s62YsKrHMcQ3CeoQ80QjvSyWvSlvn2vEqrbWIZADi0d/
+ 8vgl44gF9g9yN++G6S7BsTJ5PNgv0jrRFu/RpEN1hVOuo+nBqFsvxW8CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ denahnu_tyil_net = ''
+ Address = 81.2.254.110
+ Subnet = 10.57.20.4/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEApFXqCta82BLknLg9jI4ZLmjROl9S9worvIo4hQeDFtZrKlelfx8f
+ RwfT9xF4YwI688FAlmZcGc1iRUTuCt+Pfbc+Lws6Kw1U/QIqAnga80chLzOkwPxV
+ idZyMPpZ0nWc/XCj63znozr6KGPVgibNKB3p/qGI7f00CVWJHlff7knAmCiShxyK
+ z+d7WglolSv7H7QE0Qz5tyMq7zkeide2MINd8Es+UpM4RpJHNIjFZmXm+lmfk/mW
+ fYYIi0z7dbOv+9fKdgljyAahL+sKIH1lfVTIaywY50eq7rAuG0UrA6/HXrNS9Hs2
+ LNPfUcDVQLwqM+ZTCbVykQ29/EyU28RRwDM/L85NY6YFSvCv35lqaeo+PokTFMI4
+ Dzro+IyEI4VvCQ4CeA8085HVTErnVMCRI4hwooyuBBmiKVB62KfHDD6D5J49dg8A
+ NzSkjmx1tqF+B8bOpk+gHJsk2ZXc1oU44S+1ydG7SdbqF2KWufpr9DIVIkTL64Cl
+ 9ymrmdW86NYTpsvUJVdqw+RW+hE55vUPr+/0mMkNVFdWy56EICxKqhW+wN80CxNE
+ raiNuFWqKPxw3yrAomsgPIuH/a3bmqsTzHb5Rmkw5nArWqSENagF5tVFSBUcZkWb
+ 6wwu/ourq6q1HXwP3Z9/03quelwKqmjPxwUCkl7CYeo8um1tjANeZvUCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ edephas_tyil_net = ''
+ Subnet = 10.57.100.7/32
+
+ Ed25519PublicKey = 4ABczlbBBLs5WMztIzafWw1ozwKZVkj4/of3Jc6awiO
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEApxmzAXv4Mch5FP5AxHmpvHjkJGxcegbFzdFzHjhdLDJ9MQQZdM1p
+ PomhyYXB9Gsq4oJIOcjqJJdbp4dchYGJ++eS3V1wwstLMTl/+kWZ4ojI9sb/J5rl
+ a3gknTjipdUuoOpdkAkXKCbq9AXyFsvLr4Q6WaFpeTuIjNb2QgPOLUmcD1eNCdnn
+ KcHQAGR3zRh3uu8zMkaJZwQDZAdRLV6b77OLe7PXCsYgQ68qw3uti3JENv8VC80T
+ UxUmv8He7xgAqRCJbD3FH3WT2O63mK9jpnFj/BKDTm5k4hUDtZRY1O92JUqQAruw
+ gq3I8mhSqFMkvt+S67u950hRzN4/ZGs7lzxRkDqDqLy+ZISN2cDpbX1i4WmZFfex
+ zj7ZbmfsVzwSF/+K31AOQrODt79bGGFwjZgAVn9Cny/bysBxrOJy39D2Awioynpc
+ mjICtRP7utpo959YmSNsEcjfamIHVfUOTsEoIYhYASmWRjrSF6v7j2bbC+aFOWsf
+ yIRZc0EtH803/Ks++ieIDWFmhB0ydtkqFm8HK2eyqOqnlHTepmrDflkxfao3JTXP
+ CbldDpUGKBcLZ5FNaJ5hlQHnJGzU+wbnc133cdYtg9vvhFVgameme8ElcOjZZxMJ
+ fPWXMAWc2Szx3Hs/jlaTSIH2GoX1Rr2HdrrNg0qOG/qhLPNrtmrxH/sCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ faiwoo_tyil_net = ''
+ Address = 65.21.5.254
+ Subnet = 10.57.20.5/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA3nBf2UWehfNWNrR6i4HJp64aPYI5SpV/7LplRwqXcmnJuHmQJ8Ht
+ Tozv5RHGGUNoSigbDxJSe16RQ0ESAzGNPSUEV6kntySXLvHSYb+SdjFm2wRpL8FI
+ 8t69ZnRF0x+4ZShfa0rgco8sDdkhuPMNrPu8U6bMs+o4Lh8sVTRhDThv2+VfQkxG
+ T4G9kgdsxP0yi8sq1uflSYY3mYlVl9OPZwSO+vcVO9JFPvkVYFrqDHtvFGFqziQ/
+ KvKcjwDTjpNVkFfJD6SIheeVrhysGk8qQIVMYc8yW9I8HGD7uP1BccZ0C/+b310i
+ y3qkNz/qqtgy0AxrrzbmFsVDgVyiPlwsD2SL+C4m6uEvB0FvYeL2/7vL8fI4RqcJ
+ ORAcA5G4FgzZRgHdZoZ1W4OB6eUCV4g9l425qbP3VVngJjX9PjPA/puz0i1IB0ZW
+ 6ijGccgYtyj5+ibt3if0+inepT2BJba7pyQ4A92ogfsQKlSg1x27CfvsGKuMZjdo
+ y/akxYPEqKHQK37smpjcQTLVmLTTbGnf30ObTNW5LOJUmBue9B4fqBA/NV4fM1Gj
+ Omw/lazjwrJuenwEeGegRQhvjKlBLdjOnzsLoVrCCIe90KK/+RVSC0Mi2D0dzEPE
+ BNSbD4EJYs+6dJVT7+sneS8iwg9kG9wZ+UjeO4vraEjMrKj9BaKiJ1cCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ gaeru_tyil_net = ''
+ Address = 37.48.120.26
+ Subnet = 10.57.20.6/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA9NUrWO0L8lqrfs4BgZsLdfJZPfKx+Fi8P4k79CIBuVfkQ4OzJmoV
+ ahupoOo5edjYLJK09epa9zFRc1DuaotYC7Wm9DdIF82WNZXN9x/Mvuq06WaKXBdj
+ iTJKbYfVN/yv8Xfjzfp4DH3txwsq+9AuICHJkHOmb0lsDinpfbmP8C8ozBnutrLM
+ XGaIzXzkV2NbunyjaiR7dho5+4P6wedck+IV63KRzepbX36OW9xImmEEpBPeMPzd
+ VOgWs35FIgnE5uumXXfIax9CA9wFahvMYUlQbxA6kCg9PTteM3C44udFx8DxzGcR
+ giKEbfxjcZ4pK9JG+LTxNZC2BK1gsUNw8sX6mEEY496cs0T10RWzRZM/HvMIpj1W
+ 5i72yh6kc8ieSr9hGIkm/oM/gwrFeC11PZQKis1P/0O5j7Lv6S7u6Edrpy/+WziV
+ Yk10eZXzHcFuVAh9+wQUeD3v4bMQA/mE8RPI9JX4Xkpbu1LOhtglEwFU1CWlG179
+ B990cfr3cjJkTqS7qEfWuNh2lQd4iwpgqyPZB7Dd7tHT5EKEZSZ+4+w9Xo8xfy0v
+ 7pdfImVHZ1PGVEsRk6AZZqcVcCRrjbKfqqL0m9JmB8vV5L3oZL/mXhFkh52aRMeZ
+ tzODNlBH0LW2TVVrBw3DJxFyRCRYjk4At8jagVe9fYM4ERkTQxqCFi0CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ hurzak_tyil_net = ''
+ Address = 178.162.131.11
+ Subnet = 10.57.20.7/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAmL0UOj+pMAV7R1Lq0rj3D+oGRnp5fz1q+jtbK3janX7gz0lFcXA8
+ k6nOAzwksihQ9QfPLa0NEFpZ8PbLZP1mTFCf4f+1RWy9S2o4hLEzi+Ka8h/X54oH
+ jOcEZQd7hGpwDGvU/lTG+1Iofh4NAsuiKIS/pT58fZ8WIGDIbL5PHYGas44MEJX6
+ BXn9CJx8kzktFGJ27isCrl93kueSqp9ajNCCsmoisJxxdyxG8L+iWktuusTOoi31
+ IhmKqhA9wf87p5bYJ7Ae1079OXT7RxjExG+z2C9s6UouxDEmI2oXtmn5luRQkikw
+ T/nV29NJoUETcgVgrW3LHKr25cbXoaeosIgRsD6bLs0plOzECNrpl+/7ZKhr86M0
+ ZynJyfoAWFVKaCHSqD9Js5HH13U7oOpTPMIZgZO0CwtESeUE1z7j4xNPMF8x9Ajg
+ E7zny0SVO5JJNPqy6WFa1s5fWjU4YlFZKPG2jpIBqgw/unOCywQlQlrJH26Oo8RF
+ 5l9ccLmdQY2HWIpeY/BCEBCAZnsEt1/dV82HvgDeULXDyUOmpPgaNzCH445lzsg6
+ xKtAyWt32VWS9x/OdAflmeHvKk+GM7g0X7g7IxCzkLRMYSn3M87IBKQ/cjE7yg50
+ CbaLBdiDc3tVmR90fRalt/7PCccPychrFRFzE7E1/RIJKzqh6JTHUVkCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ ivdea_tyil_net = ''
+ Subnet = 10.57.100.8/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA1cPD37/K8EHfro9L/qmEGcG7Ivu6Lvc9K9ry2f6YAjvLQHAwFrf3
+ WXOHwg+x6aaE8Us7f2gHs8tU4NMNz4ggSIOesDOSUrVPOrrvZJnDaPzl8+bIOCrq
+ WOlgmo3RJv4w9G0QGmE7QGK2nX/gA05zaAMDP7Jd+yh7ohtYosth3/j/hetRdLD4
+ j6D9tuwGKoQND3rlc7P4QV9bMM1wvKw63hj08YowBzD5GkYN+J833ZN2wmRqAvLp
+ cRnELg/UqSp0wu0l5VJImi8oz59zGzWPzxFBakemjCkM7xVe5LKK3ZkjwojWDTqG
+ BQXnhInrFplDm6j+A+jM1iOLwhwg1LbWthhzvrvZd68Dl3oBAsmRM8YmY7RjDpNW
+ nhqPWen5fum9kURwczY9GLj5GcRkBjEXVTU3KTpYKXeTZrRc3HT69WbbzdfXNKYj
+ aKRdL/OJZG4hNZFRgPHJP1svNrf4DLZiWIoAjeAdgXcHih1cUi2rP530YvRaajwT
+ FFDgcfRdWp00WQUkJ8Fcl//rynnZWjHSi4NXTsB7qVvdFClNqglxVewzBgBkriEO
+ n7SIXz6iNTaKLD63YaUY4oiqg4yY12P6ggY6U2atcXmK1g9syaYTIVD6MAA7XDxY
+ uI88cs2AZnjLsfpW4p7TD90r1qRZjbkguLhy71cEaIZMbH+H/8eAyD0CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ jaomox_tyil_net = ''
+ Address = 163.172.218.246
+ Subnet = 10.57.21.1/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA1hTIMQha2vUVy0c8Ci5jF06T62IDDj9FhBtDBKOsvlZ1Lzh9OsqH
+ x7blL0WNBDoqmgyX0RdDwUIqnMOttMFK4y6ARY50Yw+s8m2uy3i9FgRUn2Y+Qjc8
+ SmFh1fKt9yThKfBFDhUmTW0vjXlWR3jf77QB1PAJzk8wRmDx0GbBzcrsRMBrKc9a
+ rUN5mXz96xjkzq4vsAQ8W8aa4OmTR+oZcSe5iGzksXoh5BxmV8WjHK5ZpjuNi6qt
+ t1pWWanq3DG44/5pfvobULDh2Z1b8dV4oTGZW9CFFHmjOve5f+AQuy6nnFX9FH6R
+ dQ41GRCt3FFGMiCmej1BErPW2dE53A618vmcdd0J5Tt41TXX3oJo+gw3F1R5pNV7
+ rd6hg634Iyx5y3JIJh9gQXbygCAnq32vtI6/j60MyGHk2Iu6KjfhtN56X/PRnJxa
+ G2swLdJtUi11WgEhEdBd2x3l3P46eVj4YS48d3J++9mFKZ+ejoKosc7u5Xaj055I
+ q0fQudOZswD4i8JT5cn7VFYAZSM+Po9Yxq9tfaIm5jld4f/XJGYL39lXBrUTFBWh
+ PFXDrb35MstSVgHWlKtsLJj+Por4K5NxHdUHRIsOaMGem5GgOYos0AvkLYiQngey
+ noZ41YSSyJwitHefW46+PKmx5MVlcMcwDOSpvZImTphnlKEttg9/RwMCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ ludifah_tyil_net = ''
+ Subnet = 10.57.100.9/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA2pXuIIPoQhWLzTSsO0bvgkQ1+7RgqPVv8b6zNfmRUfj2uKy3OZEn
+ HS5TfmukDtHev/Z2p/UmBSHtaMT2/G+Nz7ogT0rMRBtjAk+DR9FYFz75zmsjQuFQ
+ U+deh/fQgrpsEDiNmapRtM6EwYYH/A/0MJ2eN9HPVUB864mN79ZfEhTWMbv6khbq
+ VwqAd+9GbjfRPLqifRpS9LuspXNpCBOl+r5l7+T1llN/BUgs71BVWbssaRUH7B2I
+ rS9qjhWfUN9RC3PX98yVbzTOeL/jxNn57eOr/KUDtRpqQwy2zFTAxT+d+X37abYK
+ OyHXBs3rLtpleoh6Hw9UNwLDUVfjpcrxwgFEogJosiA+CBG26b5H6mm+updkyKTE
+ 4r5y1+8dLQpmaLIaI7KFbPJTUaJvfGRwzulA/lDRdmZaetrHKrMqZyQ4M1Yq67Ba
+ 0cqDQEvnY/XoKTJTgNxn8cWMKm+biB7zs/92pKKPRmv6DQ+gjrDTepn5XzVbIFS9
+ GM30AqQiqoNL0PbTYWMPQmznEJo8LyehWr621/GARLTMFa3Pp7eGm7Afwy4zA4hG
+ AZLNXdEE7YMVoQUHWfiTGUl9yxX7o6g3gdZloAwGjeGB7BHOmi4SJEg1hUJ8wOn8
+ wtnjybxDTxdRkQ2RMdlsfSGZsu7jUxSjnPvwLWH/2cHXSmencQXOhTUCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ };
+ };
+}
diff --git a/data.d/etc-nixos/env/global.nix b/data.d/etc-nixos/env/global.nix
new file mode 100644
index 0000000..9bf9882
--- /dev/null
+++ b/data.d/etc-nixos/env/global.nix
@@ -0,0 +1,72 @@
+{ config, pkgs, ... }:
+
+{
+ boot = {
+ supportedFilesystems = [ "zfs" ];
+ zfs = {
+ forceImportRoot = false;
+ };
+ };
+
+ environment = {
+ binsh = "${pkgs.dash}/bin/dash";
+ shells = with pkgs; [
+ bash
+ dash
+ zsh
+ ];
+ systemPackages = with pkgs; [
+ borgbackup
+ git
+ gnupg
+ jq
+ mosh
+ silver-searcher
+ tmux
+ vim
+ ];
+ };
+
+ i18n = {
+ defaultLocale = "en_US.UTF-8";
+ supportedLocales = [
+ "C.UTF-8/UTF-8"
+ "en_US.UTF-8/UTF-8"
+ "nl_NL.UTF-8/UTF-8"
+ ];
+ };
+
+ networking = {
+ domain = "tyil.net";
+ };
+
+ programs = {
+ zsh = {
+ enable = true;
+ };
+ };
+
+ services = {
+ openssh = {
+ enable = true;
+ };
+ };
+
+ system = {
+ copySystemConfiguration = true;
+ };
+
+ time = {
+ timeZone = "Europe/Amsterdam";
+ };
+
+ users = {
+ users = {
+ tyil = {
+ extraGroups = [ "wheel" ];
+ isNormalUser = true;
+ shell = pkgs.zsh;
+ };
+ };
+ };
+}
diff --git a/data.d/etc-nixos/env/laptop.nix b/data.d/etc-nixos/env/laptop.nix
new file mode 100644
index 0000000..2681547
--- /dev/null
+++ b/data.d/etc-nixos/env/laptop.nix
@@ -0,0 +1,13 @@
+{ config, pkgs, ... }:
+
+{
+ imports = [
+ ./workstation.nix
+ ];
+
+ environment = {
+ systemPackages = with pkgs; [
+ acpi
+ ];
+ };
+}
diff --git a/data.d/etc-nixos/env/server.nix b/data.d/etc-nixos/env/server.nix
new file mode 100644
index 0000000..b04af8d
--- /dev/null
+++ b/data.d/etc-nixos/env/server.nix
@@ -0,0 +1,7 @@
+{ config, pkgs, ... }:
+
+{
+ imports = [
+ ./global.nix
+ ];
+}
diff --git a/data.d/etc-nixos/env/workstation.nix b/data.d/etc-nixos/env/workstation.nix
new file mode 100644
index 0000000..93cef52
--- /dev/null
+++ b/data.d/etc-nixos/env/workstation.nix
@@ -0,0 +1,74 @@
+{ config, pkgs, ... }:
+
+{
+ imports = [
+ ./global.nix
+ ];
+
+ environment = {
+ systemPackages = with pkgs; [
+ # CLI programs
+ kubectl
+ kubernetes-helm
+ neomutt
+ notmuch
+ ntfy-sh
+ pass
+ plantuml
+ shellcheck
+ tree
+
+ # GUI utils
+ xclip
+ xdotool
+ xprintidle
+
+ # GUI programs
+ alacritty
+ chromium
+ feh
+ mpv
+ nextcloud-client
+ pavucontrol
+ qutebrowser
+ scrot
+ yt-dlp
+ zathura
+ signal-desktop
+ ];
+ };
+
+ fonts.fonts = with pkgs; [
+ open-sans
+ liberation_ttf
+ ];
+
+ hardware = {
+ pulseaudio = {
+ enable = true;
+ };
+ };
+
+ programs = {
+ gnupg = {
+ agent = {
+ enable = true;
+ enableSSHSupport = true;
+ };
+ };
+ };
+
+ services = {
+ pcscd = {
+ enable = true;
+ };
+ };
+
+ users = {
+ users = {
+ tyil = {
+ extraGroups = [ "audio" "video" ];
+ };
+ };
+ };
+}
diff --git a/data.d/etc-nixos/wm/awesome.nix b/data.d/etc-nixos/wm/awesome.nix
new file mode 100644
index 0000000..b427f4a
--- /dev/null
+++ b/data.d/etc-nixos/wm/awesome.nix
@@ -0,0 +1,30 @@
+{ config, pkgs, ... }:
+
+{
+ environment = {
+ systemPackages = with pkgs; [
+ dunst
+ physlock
+ redshift
+ rofi
+ sxhkd
+ xcompmgr
+ ];
+ };
+
+ services = {
+ xserver = {
+ enable = true;
+ displayManager = {
+ startx = {
+ enable = true;
+ };
+ };
+ windowManager = {
+ awesome = {
+ enable = true;
+ };
+ };
+ };
+ };
+}
diff --git a/data.d/etc-nixos/wm/herbstluftwm.nix b/data.d/etc-nixos/wm/herbstluftwm.nix
new file mode 100644
index 0000000..5dd884b
--- /dev/null
+++ b/data.d/etc-nixos/wm/herbstluftwm.nix
@@ -0,0 +1,22 @@
+{ config, pkgs, ... }:
+
+{
+ environment = {
+ systemPackages = with pkgs; [
+ redshift
+ xcompmgr
+ rofi
+ ];
+ };
+
+ services = {
+ xserver = {
+ enable = true;
+ windowManager = {
+ herbstluftwm = {
+ enable = true;
+ };
+ };
+ };
+ };
+}
diff --git a/data.d/etc-nixos/wm/kde.nix b/data.d/etc-nixos/wm/kde.nix
new file mode 100644
index 0000000..6f60249
--- /dev/null
+++ b/data.d/etc-nixos/wm/kde.nix
@@ -0,0 +1,55 @@
+{ config, pkgs, ... }:
+
+{
+ environment = {
+ systemPackages = with pkgs; [
+ arc-kde-theme
+ kmymoney
+ plasma-pass
+ pinentry-qt
+ libsForQt5.kaccounts-integration
+ libsForQt5.kaccounts-providers
+ libsForQt5.kweather
+ libsForQt5.kalendar
+ libsForQt5.kmail
+ thunderbird
+ ];
+ };
+
+ networking = {
+ firewall = {
+ allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; # kdeconnect
+ allowedUDPPortRanges = [ { from = 1714; to = 1764; } ]; # kdeconnect
+ };
+ };
+
+ programs = {
+ dconf = {
+ enable = true;
+ };
+ gnupg = {
+ agent = {
+ pinentryFlavor = "qt";
+ };
+ };
+ kdeconnect = {
+ enable = true;
+ };
+ };
+
+ services = {
+ xserver = {
+ enable = true;
+ displayManager = {
+ sddm = {
+ enable = true;
+ };
+ };
+ desktopManager = {
+ plasma5 = {
+ enable = true;
+ };
+ };
+ };
+ };
+}
diff --git a/data.d/etc-portage/.gitignore b/data.d/etc-portage/.gitignore
new file mode 100644
index 0000000..baec047
--- /dev/null
+++ b/data.d/etc-portage/.gitignore
@@ -0,0 +1,3 @@
+99-*
+make.profile
+savedconfig
diff --git a/data.d/etc-portage/binrepos.conf/gentoobinhost.conf b/data.d/etc-portage/binrepos.conf/gentoobinhost.conf
new file mode 100644
index 0000000..28343d2
--- /dev/null
+++ b/data.d/etc-portage/binrepos.conf/gentoobinhost.conf
@@ -0,0 +1,3 @@
+[binhost]
+priority = 9999
+sync-uri = https://distfiles.gentoo.org/releases/amd64/binpackages/23.0/x86-64/
diff --git a/data.d/etc-portage/binrepos.conf/tyilnet.conf b/data.d/etc-portage/binrepos.conf/tyilnet.conf
new file mode 100644
index 0000000..28adec7
--- /dev/null
+++ b/data.d/etc-portage/binrepos.conf/tyilnet.conf
@@ -0,0 +1,3 @@
+[binhost]
+priority = 1337
+sync-uri = https://dist.tyil.nl/gentoo/packages
diff --git a/data.d/etc-portage/make.conf/00-defaults.conf b/data.d/etc-portage/make.conf/00-defaults.conf
new file mode 100644
index 0000000..21c3c58
--- /dev/null
+++ b/data.d/etc-portage/make.conf/00-defaults.conf
@@ -0,0 +1,15 @@
+# These settings were set by the catalyst build script that automatically
+# built this stage.
+# Please consult /usr/share/portage/config/make.conf.example for a more
+# detailed example.
+COMMON_FLAGS="-O2 -pipe"
+CFLAGS="${COMMON_FLAGS}"
+CXXFLAGS="${COMMON_FLAGS}"
+FCFLAGS="${COMMON_FLAGS}"
+FFLAGS="${COMMON_FLAGS}"
+
+# NOTE: This stage was built with the bindist Use flag enabled
+
+# This sets the language of build output to English.
+# Please keep this setting intact when reporting bugs.
+LC_MESSAGES=C.utf8
diff --git a/data.d/etc-portage/make.conf/10-global.conf b/data.d/etc-portage/make.conf/10-global.conf
new file mode 100644
index 0000000..7d11afb
--- /dev/null
+++ b/data.d/etc-portage/make.conf/10-global.conf
@@ -0,0 +1,56 @@
+USE="
+ bash-completion
+ introspection
+ vim-syntax
+ zsh-completion
+"
+
+FEATURES="
+ $FEATURES
+ buildpkg
+ getbinpkg
+ network-sandbox
+ parallel-fetch
+ parallel-install
+ sandbox
+ sign
+ userfetch
+ userpriv
+ usersandbox
+ usersync
+"
+
+EMERGE_DEFAULT_OPTS="
+ $EMERGE_DEFAULT_OPTS
+ --alert
+ --ask
+ --binpkg-changed-deps=y
+ --binpkg-respect-use=y
+ --buildpkg-exclude */*-bin
+ --buildpkg-exclude acct-*/*
+ --buildpkg-exclude sys-fs/zfs-kmod
+ --buildpkg-exclude sys-kernel/*-sources
+ --buildpkg-exclude virtual/*
+ --keep-going
+ --tree
+ --usepkg-exclude */*-bin
+ --usepkg-exclude acct-*/*
+ --usepkg-exclude sys-kernel/*-sources
+ --usepkg-exclude virtual/*
+ --verbose
+"
+
+PKGDIR="/var/portage/packages"
+DISTDIR="/var/portage/distfiles"
+
+ACCEPT_LICENSE="
+ -*
+ @FREE
+"
+
+LC_MESSAGES=C.UTF8
+
+L10N="
+ en
+ nl
+"
diff --git a/data.d/etc-portage/package.accept_keywords/15-vpn.accept_keywords b/data.d/etc-portage/package.accept_keywords/15-vpn.accept_keywords
new file mode 100644
index 0000000..2376e42
--- /dev/null
+++ b/data.d/etc-portage/package.accept_keywords/15-vpn.accept_keywords
@@ -0,0 +1 @@
+net-vpn/tinc ~*
diff --git a/data.d/etc-portage/package.license b/data.d/etc-portage/package.license
new file mode 100644
index 0000000..348558e
--- /dev/null
+++ b/data.d/etc-portage/package.license
@@ -0,0 +1 @@
+sys-kernel/linux-firmware linux-fw-redistributable
diff --git a/data.d/etc-portage/package.use/10-kernel.use b/data.d/etc-portage/package.use/10-kernel.use
new file mode 100644
index 0000000..782dae3
--- /dev/null
+++ b/data.d/etc-portage/package.use/10-kernel.use
@@ -0,0 +1,3 @@
+sys-kernel/installkernel dracut
+sys-fs/zfs dist-kernel
+sys-fs/zfs-kmod dist-kernel
diff --git a/data.d/etc-portage/package.use/15-apcupsd.use b/data.d/etc-portage/package.use/15-apcupsd.use
new file mode 100644
index 0000000..91eeffb
--- /dev/null
+++ b/data.d/etc-portage/package.use/15-apcupsd.use
@@ -0,0 +1 @@
+sys-apps/util-linux tty-helpers
diff --git a/data.d/etc-portage/repos.conf/gentoo.conf b/data.d/etc-portage/repos.conf/gentoo.conf
new file mode 100644
index 0000000..6cb6e3b
--- /dev/null
+++ b/data.d/etc-portage/repos.conf/gentoo.conf
@@ -0,0 +1,19 @@
+[DEFAULT]
+main-repo = gentoo
+
+[gentoo]
+location = /var/db/repos/gentoo
+sync-type = rsync
+sync-uri = rsync://rsync.gentoo.org/gentoo-portage
+auto-sync = yes
+sync-rsync-verify-jobs = 1
+sync-rsync-verify-metamanifest = yes
+sync-rsync-verify-max-age = 24
+sync-openpgp-key-path = /usr/share/openpgp-keys/gentoo-release.asc
+sync-openpgp-keyserver = hkps://keys.gentoo.org
+sync-openpgp-key-refresh-retry-count = 40
+sync-openpgp-key-refresh-retry-overall-timeout = 1200
+sync-openpgp-key-refresh-retry-delay-exp-base = 2
+sync-openpgp-key-refresh-retry-delay-max = 60
+sync-openpgp-key-refresh-retry-delay-mult = 4
+sync-webrsync-verify-signature = yes
diff --git a/data.d/etc-portage/sets/mintlab b/data.d/etc-portage/sets/mintlab
new file mode 100644
index 0000000..ca247c7
--- /dev/null
+++ b/data.d/etc-portage/sets/mintlab
@@ -0,0 +1,22 @@
+# DevOps utilities
+app-admin/awscli
+app-admin/helm
+app-admin/terraform
+app-containers/docker
+app-containers/docker-compose
+dev-db/postgresql
+dev-vcs/git
+net-misc/rclone
+sys-cluster/kubectl
+
+# Development tools
+dev-python/flake8
+dev-python/pip
+dev-python/virtualenv
+dev-vcs/mr
+
+# General required software
+app-admin/lastpass-cli
+
+# Browser
+www-client/chromium
diff --git a/data.d/etc-portage/sets/tyil b/data.d/etc-portage/sets/tyil
new file mode 100644
index 0000000..bf99911
--- /dev/null
+++ b/data.d/etc-portage/sets/tyil
@@ -0,0 +1,47 @@
+# System services
+app-admin/syslog-ng
+app-admin/logrotate
+net-misc/ntp
+
+# Maintainance tools
+app-admin/sudo
+app-backup/borgbackup
+app-backup/borgmatic
+app-portage/eix
+app-portage/gentoolkit
+sys-boot/grub
+sys-fs/cryptsetup
+sys-kernel/genkernel
+
+# Debugging tools
+net-analyzer/nmap
+net-analyzer/traceroute
+net-dns/bind-tools
+net-misc/telnet-bsd
+net-misc/whois
+sys-process/lsof
+
+# VPN
+net-vpn/tinc
+
+# Filesystems
+net-fs/cifs-utils
+net-fs/nfs-utils
+sys-fs/dmraid
+sys-fs/lvm2
+sys-fs/mhddfs
+sys-fs/reiserfsprogs
+sys-fs/xfsprogs
+
+# Email client
+mail-client/neomutt
+net-mail/notmuch
+
+# User tools
+app-crypt/gnupg
+app-editors/vim
+app-misc/tmux
+dev-vcs/git
+net-analyzer/openbsd-netcat
+net-misc/mosh
+sys-apps/the_silver_searcher
diff --git a/data.d/etc-portage/sets/tyil-gaming b/data.d/etc-portage/sets/tyil-gaming
new file mode 100644
index 0000000..f9f81af
--- /dev/null
+++ b/data.d/etc-portage/sets/tyil-gaming
@@ -0,0 +1,2 @@
+app-emulation/dxvk-bin
+dev-util/vulkan-tools
diff --git a/data.d/etc-portage/sets/tyil-gui b/data.d/etc-portage/sets/tyil-gui
new file mode 100644
index 0000000..071c634
--- /dev/null
+++ b/data.d/etc-portage/sets/tyil-gui
@@ -0,0 +1,53 @@
+@tyil
+
+x11-base/xorg-server
+
+# Login manager
+sys-auth/elogind
+
+# Window managers
+x11-wm/awesome
+x11-wm/openbox
+
+# Desktop "services"
+app-misc/physlock
+x11-misc/dmenu
+x11-misc/dunst
+x11-misc/redshift
+x11-misc/sxhkd
+x11-misc/xcompmgr
+x11-misc/xprintidle
+
+# Applets
+net-misc/nextcloud-client
+
+# Browsers
+www-client/elinks
+www-client/librewolf-bin
+
+# Theming
+media-fonts/freefont
+media-fonts/inconsolata
+media-fonts/noto-cjk
+media-fonts/noto-emoji
+media-fonts/open-sans
+
+# Misc applications
+app-admin/pass
+app-text/zathura
+app-text/zathura-cb
+app-text/zathura-pdf-mupdf
+media-gfx/feh
+media-gfx/scrot
+media-sound/pavucontrol
+media-video/mpv
+net-misc/yt-dlp
+x11-apps/xkill
+x11-misc/pcmanfm
+x11-misc/xclip
+x11-misc/xdotool
+x11-terms/alacritty
+
+# Rice
+#x11-apps/glava
+x11-themes/arc-theme
diff --git a/data.d/etc-portage/sets/tyil-laptop b/data.d/etc-portage/sets/tyil-laptop
new file mode 100644
index 0000000..2f3c2de
--- /dev/null
+++ b/data.d/etc-portage/sets/tyil-laptop
@@ -0,0 +1,7 @@
+@tyil-gui
+
+# System services
+gnome-extra/nm-applet
+
+# System utilities
+sys-power/acpi
diff --git a/data.d/etc-portage/sets/tyil-workstation b/data.d/etc-portage/sets/tyil-workstation
new file mode 100644
index 0000000..f2017c1
--- /dev/null
+++ b/data.d/etc-portage/sets/tyil-workstation
@@ -0,0 +1,16 @@
+app-admin/apache-tools
+app-containers/docker
+app-misc/jq
+app-shells/dash
+app-text/dos2unix
+dev-db/pgbadger
+dev-db/postgresql
+dev-texlive/texlive-latex
+dev-texlive/texlive-latexextra
+dev-texlive/texlive-latexrecommended
+dev-util/shellcheck-bin
+dev-vcs/tig
+media-gfx/plantuml
+net-analyzer/testssl
+net-fs/sshfs
+net-wireless/wpa_supplicant
diff --git a/data.d/etc-portage/sets/yubikey b/data.d/etc-portage/sets/yubikey
new file mode 100644
index 0000000..fe69e44
--- /dev/null
+++ b/data.d/etc-portage/sets/yubikey
@@ -0,0 +1,2 @@
+app-crypt/libu2f-host
+sys-apps/pcsc-lite
diff --git a/data.d/k3s-master/manifests.d/_/namespaces.yaml b/data.d/k3s-master/manifests.d/_/namespaces.yaml
new file mode 100644
index 0000000..21cd009
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/_/namespaces.yaml
@@ -0,0 +1,60 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: auth-system
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: automation
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: base-system
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: fediverse
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: monitoring
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: personal-services
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: public-services
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: registry
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: servarr
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: websites
+...
diff --git a/data.d/k3s-master/manifests.d/_/pv/dist.yaml b/data.d/k3s-master/manifests.d/_/pv/dist.yaml
new file mode 100644
index 0000000..2490f9f
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/_/pv/dist.yaml
@@ -0,0 +1,21 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: dist
+spec:
+ storageClassName: seaweedfs
+ accessModes:
+ - ReadWriteMany
+ capacity:
+ storage: 100Gi
+ persistentVolumeReclaimPolicy: Retain
+ volumeMode: Filesystem
+ csi:
+ driver: seaweedfs-csi-driver
+ volumeHandle: dist
+ volumeAttributes:
+ collection: "dist"
+ replication: "001"
+ path: "/buckets/dist"
+...
diff --git a/data.d/k3s-master/manifests.d/_/pv/etc-lldap.yaml b/data.d/k3s-master/manifests.d/_/pv/etc-lldap.yaml
new file mode 100644
index 0000000..5a4a85b
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/_/pv/etc-lldap.yaml
@@ -0,0 +1,21 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: etc-lldap
+spec:
+ storageClassName: seaweedfs
+ accessModes:
+ - ReadWriteMany
+ capacity:
+ storage: 1Gi
+ persistentVolumeReclaimPolicy: Retain
+ volumeMode: Filesystem
+ csi:
+ driver: seaweedfs-csi-driver
+ volumeHandle: etc-lldap
+ volumeAttributes:
+ collection: "etc"
+ replication: "001"
+ path: /buckets/etc/lldap
+...
diff --git a/data.d/k3s-master/manifests.d/auth-system/lldap/deployment.yaml b/data.d/k3s-master/manifests.d/auth-system/lldap/deployment.yaml
new file mode 100644
index 0000000..6eeccc0
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/auth-system/lldap/deployment.yaml
@@ -0,0 +1,65 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: lldap
+ namespace: auth-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+ spec:
+ containers:
+ - env:
+ - name: GID
+ value: "1001"
+ - name: TZ
+ value: Europe/Amsterdam
+ - name: UID
+ value: "1001"
+ image: nitnelave/lldap:latest
+ name: lldap
+ ports:
+ - name: ldap
+ containerPort: 3890
+ - name: ldaps
+ containerPort: 6360
+ - name: http
+ containerPort: 8080
+ volumeMounts:
+ - mountPath: /data
+ name: data
+ - mountPath: /etc/tls
+ name: tls
+ resources:
+ requests:
+ memory: 32Mi
+ limits:
+ memory: 128Mi
+ restartPolicy: Always
+ volumes:
+ - name: data
+ persistentVolumeClaim:
+ claimName: lldap
+ - name: tls
+ secret:
+ secretName: tls-nl.tyil.lldap
+...
diff --git a/data.d/k3s-master/manifests.d/auth-system/lldap/ingress.yaml b/data.d/k3s-master/manifests.d/auth-system/lldap/ingress.yaml
new file mode 100644
index 0000000..95b63bb
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/auth-system/lldap/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: lldap
+ namespace: auth-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt"
+spec:
+ ingressClassName: nginx
+ tls:
+ - hosts:
+ - lldap.tyil.nl
+ secretName: tls-nl.tyil.lldap
+ rules:
+ - host: lldap.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: lldap
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/auth-system/lldap/pvc.yaml b/data.d/k3s-master/manifests.d/auth-system/lldap/pvc.yaml
new file mode 100644
index 0000000..666a465
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/auth-system/lldap/pvc.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: lldap
+ namespace: auth-system
+spec:
+ storageClassName: seaweedfs
+ volumeName: etc-lldap
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 1Gi
+...
diff --git a/data.d/k3s-master/manifests.d/auth-system/lldap/service.yaml b/data.d/k3s-master/manifests.d/auth-system/lldap/service.yaml
new file mode 100644
index 0000000..6539352
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/auth-system/lldap/service.yaml
@@ -0,0 +1,52 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: lldap
+ namespace: auth-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+spec:
+ ipFamilyPolicy: PreferDualStack
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+ ports:
+ - name: http
+ port: 80
+ targetPort: 8080
+...
+---
+apiVersion: v1
+kind: Service
+metadata:
+ # This port may _not_ be named "lldap_ldap", as the application itself wants
+ # to use LLDAP_LDAP_PORT, which Kubernetes will override with a value the
+ # application can't handle.
+ name: ldap
+ namespace: auth-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+spec:
+ ipFamilyPolicy: PreferDualStack
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+ ports:
+ - name: ldap
+ port: 389
+ targetPort: 3890
+ - name: ldaps
+ port: 636
+ targetPort: 6360
+...
diff --git a/data.d/k3s-master/manifests.d/base-system/amdgpu-device-plugin.yaml b/data.d/k3s-master/manifests.d/base-system/amdgpu-device-plugin.yaml
new file mode 100644
index 0000000..6051e18
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/base-system/amdgpu-device-plugin.yaml
@@ -0,0 +1,42 @@
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: amdgpu-device-plugin-daemonset
+ namespace: kube-system
+spec:
+ selector:
+ matchLabels:
+ name: amdgpu-dp-ds
+ template:
+ metadata:
+ labels:
+ name: amdgpu-dp-ds
+ spec:
+ nodeSelector:
+ kubernetes.io/arch: amd64
+ amdgpu: "true"
+ priorityClassName: system-node-critical
+ tolerations:
+ - key: CriticalAddonsOnly
+ operator: Exists
+ containers:
+ - image: rocm/k8s-device-plugin
+ name: amdgpu-dp-cntr
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop: ["ALL"]
+ volumeMounts:
+ - name: dp
+ mountPath: /var/lib/kubelet/device-plugins
+ - name: sys
+ mountPath: /sys
+ volumes:
+ - name: dp
+ hostPath:
+ path: /var/lib/kubelet/device-plugins
+ - name: sys
+ hostPath:
+ path: /sys
+...
diff --git a/data.d/k3s-master/manifests.d/base-system/cert-manager.yaml b/data.d/k3s-master/manifests.d/base-system/cert-manager.yaml
new file mode 100644
index 0000000..6f0c1a5
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/base-system/cert-manager.yaml
@@ -0,0 +1,28 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+ name: cert-manager
+ namespace: base-system
+spec:
+ repo: https://charts.jetstack.io
+ chart: cert-manager
+ valuesContent: |
+ installCRDs: true
+...
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+ name: letsencrypt
+spec:
+ acme:
+ email: root@tyil.net
+ server: https://acme-v02.api.letsencrypt.org/directory
+ privateKeySecretRef:
+ name: clusterissuer-letsencrypt
+ solvers:
+ - http01:
+ ingress:
+ class: nginx
+...
diff --git a/data.d/k3s-master/manifests.d/base-system/fuse-device-plugin.yaml b/data.d/k3s-master/manifests.d/base-system/fuse-device-plugin.yaml
new file mode 100644
index 0000000..90ffad7
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/base-system/fuse-device-plugin.yaml
@@ -0,0 +1,36 @@
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: fuse-device-plugin-daemonset
+ namespace: base-system
+spec:
+ selector:
+ matchLabels:
+ name: fuse-device-plugin-ds
+ template:
+ metadata:
+ labels:
+ name: fuse-device-plugin-ds
+ spec:
+ hostNetwork: true
+ containers:
+ - image: flavio/fuse-device-plugin
+ name: fuse-device-plugin-ctr
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop: ["ALL"]
+ volumeMounts:
+ - name: device-plugin
+ mountPath: /var/lib/kubelet/device-plugins
+ volumes:
+ - name: device-plugin
+ hostPath:
+ path: /var/lib/kubelet/device-plugins
+ #imagePullSecrets:
+ # - name: registry-secret
+ tolerations:
+ - key: tyil.net/role
+ operator: Exists
+...
diff --git a/data.d/k3s-master/manifests.d/base-system/ingress-nginx.yaml b/data.d/k3s-master/manifests.d/base-system/ingress-nginx.yaml
new file mode 100644
index 0000000..6fe5057
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/base-system/ingress-nginx.yaml
@@ -0,0 +1,32 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+ name: ingress-nginx
+ namespace: base-system
+spec:
+ repo: https://kubernetes.github.io/ingress-nginx
+ chart: ingress-nginx
+ valuesContent: |-
+ controller:
+ kind: DaemonSet
+ allowSnippetAnnotations: true
+ config:
+ block-user-agents: >
+ ~*.*ahrefsbot.*,
+ ~*.*amazonbot.*,
+ ~*.*barkrowler.*,
+ ~*.*bytespider.*,
+ ~*.*claudeBot.*,
+ ~*.*dotbot.*,
+ ~*.*facebookexternalhit.*,
+ ~*.*googlebot.*,
+ ~*.*mozilla\/5\.0\ \(linux\;\ android\ 6\.0\.1\;\ nexus\ 5x\ build\/mmb29p\).*,
+ ~*.*petalbot.*,
+ ~*.*semrushbot.*
+ service:
+ ipFamilyPolicy: PreferDualStack
+ externalTrafficPolicy: Local
+ nodeSelector:
+ svccontroller.k3s.cattle.io/enablelb: "true"
+...
diff --git a/data.d/k3s-master/manifests.d/base-system/sealed-secrets.yaml b/data.d/k3s-master/manifests.d/base-system/sealed-secrets.yaml
new file mode 100644
index 0000000..d8a38d8
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/base-system/sealed-secrets.yaml
@@ -0,0 +1,18 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+ name: sealed-secrets
+ namespace: base-system
+spec:
+ repo: https://bitnami-labs.github.io/sealed-secrets
+ chart: sealed-secrets
+ valuesContent: |-
+ keyrenewperiod: "672h"
+ #resources:
+ # limits: ...
+ # requests: ...
+ #metrics:
+ # serviceMonitor:
+ # enabled: false
+...
diff --git a/data.d/k3s-master/manifests.d/base-system/seaweedfs-csi-driver.yaml b/data.d/k3s-master/manifests.d/base-system/seaweedfs-csi-driver.yaml
new file mode 100644
index 0000000..f5c1edf
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/base-system/seaweedfs-csi-driver.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+ name: seaweedfs-csi-driver
+ namespace: base-system
+spec:
+ repo: https://seaweedfs.github.io/seaweedfs-csi-driver/helm
+ chart: seaweedfs-csi-driver
+ valuesContent: |-
+ seaweedfsFiler: "10.57.3.1:8888"
+ storageClassName: seaweedfs
+ isDefaultStorageClass: true
+...
diff --git a/data.d/k3s-master/manifests.d/base-system/vertical-pod-autoscaler.yaml b/data.d/k3s-master/manifests.d/base-system/vertical-pod-autoscaler.yaml
new file mode 100644
index 0000000..3b12d49
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/base-system/vertical-pod-autoscaler.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+ name: vertical-pod-autoscaler
+ namespace: base-system
+spec:
+ chart: oci://ghcr.io/stevehipwell/helm-charts/vertical-pod-autoscaler
+ version: 1.5.0
+ valuesContent: |-
+ recommenderOnly: false
+ #serviceMonitor:
+ # enabled: true
+...
diff --git a/data.d/k3s-master/manifests.d/personal-services/biboumi/deployment.yaml b/data.d/k3s-master/manifests.d/personal-services/biboumi/deployment.yaml
new file mode 100644
index 0000000..ee8a4d3
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/biboumi/deployment.yaml
@@ -0,0 +1,55 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: biboumi
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: biboumi
+ app.kubernetes.io/part-of: personal-services
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: biboumi
+ app.kubernetes.io/part-of: personal-services
+ strategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: biboumi
+ app.kubernetes.io/part-of: personal-services
+ spec:
+ containers:
+ - image: louiz/biboumi:9.0
+ name: biboumi
+ ports:
+ - containerPort: 5437
+ env:
+ - name: BIBOUMI_ADMIN
+ value: tyil@chat.tyil.nl
+ - name: BIBOUMI_DB_NAME
+ valueFrom:
+ secretKeyRef:
+ name: biboumi-config
+ key: db-name
+ - name: BIBOUMI_HOSTNAME
+ value: biboumi.chat.tyil.nl
+ - name: BIBOUMI_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: biboumi-config
+ key: password
+ - name: BIBOUMI_XMPP_SERVER_IP
+ value: prosody
+ - name: BIBOUMI_PERSISTENT_BY_DEFAULT
+ value: "true"
+ restartPolicy: Always
+...
diff --git a/data.d/k3s-master/manifests.d/personal-services/biboumi/secret-config.yaml b/data.d/k3s-master/manifests.d/personal-services/biboumi/secret-config.yaml
new file mode 100644
index 0000000..0e1ed9b
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/biboumi/secret-config.yaml
@@ -0,0 +1,17 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+ creationTimestamp: null
+ name: biboumi-config
+ namespace: personal-services
+spec:
+ encryptedData:
+ db-name: AgBTyqCQE9tlteDjO0q2hdXTUb0arZnY+mfni9D7Yq23w0bmjxa4P3YZUZ4aIaYnxIsLek1YQ6W2EgVJtWu+uWn3qwuogkQJ6zhRFjB4Gewu+EtPgCCqCFkrSb92Y7M/E/znna78q3az7dkLD0sH3NAozmZd5jeNrAzS+kIxIS2hfmIMojEJYJz/ESaAj/6J93117UUxizxoysYcFaMxoyEdeJV4+mCFENZpMsp6tqxKpTVCoPOKa62I7yVzxkHDFxJGaI7un1swt297vgB7dCM2wwtr5NA/Y1ccmYz0FgTt4oz0oiwN2HkiC7PLEAV1ru3r+3OZ9HFpgcrps6CfQBGvvgmcRgumOAl7ZGyI2Oxx3OrymojSqSxofks22IGYXmqhqhhRzGEfGK6tybIBdxB0PJ1yg6ziWNogxvvh9sNRB6rinaOZ+M9UQ7/qWo/SmP70DYkC9vbyl1AdolSEgpbENZBSPQmWhdzUktTJUhagZVmhaahsna+85zq+0wh1M3+12iIghfB8vjHCRxicQLlKBgqAiN96ZnYHhRyMgFi7zCpzNFeMXx1Kn5h29QuhcloIRTMV+S3L/ilQTDk3+1xK/ODslhNPPdoqe5YkGpu/0fTNYcb2slILO2t4mOCvo188bK4LzLfRmkRCfIJOf8vrv1uVfD3GhHH2l9diq0hadSz5kzWZydyugvpk5DNTTNj4TiCU5lmP7m7SlGgUChY2iAtP9Lz+tu3UthSvTW1Ct7dO/n68jJ9t/IvIoEZBuhlapF2jFDupkarJz/mruj+2jAt/bvlqtjA0CgZnwj/8KJjv6+9tMN+s5rJKkO8CfVDZlHF+BODmrg==
+ password: AgAXpJTkQIqKTPpube8O4AcRpAEPnbWvDnQg83DiCHejImXMrTKGr8mjaylqSnCz0AzZofF235ic/22yQrBwl0Ymk4/5KWaNfQD7sEbZwBMUnR1zvCGVtY4rQwge+FCxoGfUFKF+S6eeneIhQxlMfG1fRDvHcJuqrattn13Rv7L5QGW4kMujs+Dz6ZPwoQV3Vd4Jy400wYAElKEckVsNlPmmHz1zOW+p0ZkRRosGZHlMslNcHMAhXJwvj9Eedod/Xk61d7G/MDozCHtYtFTUvoU/QrgNzoVFOVy3sM4oVan4B+uywxQDMbhZbqGzNP/Xp/cmKHe9QTbw2jiXYgXWDdW6tRSlc9b1ic2T3Lflv1qBmzIzwvixEGJSZi14me+O6vUftattwxiH7C4nihfCwohC9GfRUGK+kHLsX7t0InN4KFClFA9bysldqHVKU9xKQc6oya/HAN5qZnBD3HyEBd4GL2lpiTgo/vyzGA7oHX1c57hl891JTnGm7fklC5fANvjDDcYbQHBAMsG91kdBYR2AXSxDJWK4eoph00uBChHA5iUYpeRWND14hDXrWcjoWRWpi2bRQJ06cp0nJ+897dfDHAj7iC7ciMhcoKW601UpxirOHbncMsSxgInW6/Q6raaEI0ezfqYRhamjPH+6uZTDZZFLfIg4/9hkSi/0ZnwEv30B1DJd9phTISUzWT1uBgW0QHzx9X/GWcx/efUk2/cZbmmUIPHZskw+C/R/e/5THuGiRteIxagFHuZ8jGcXlCt7wzd9YHePNn0mY0Y=
+ template:
+ metadata:
+ creationTimestamp: null
+ name: biboumi-config
+ namespace: personal-services
+ type: Opaque
diff --git a/data.d/k3s-master/manifests.d/personal-services/cgit/configmap.yaml b/data.d/k3s-master/manifests.d/personal-services/cgit/configmap.yaml
new file mode 100644
index 0000000..bdbc8b2
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/cgit/configmap.yaml
@@ -0,0 +1,68 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: cgit
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: cgit
+ app.kubernetes.io/part-of: personal-services
+data:
+ cgitrc: |
+ root-desc=All public repos from tyil
+
+ source-filter=/usr/lib/cgit/filters/syntax-highlighting.sh
+ about-filter=/usr/lib/cgit/filters/about-formatting.sh
+
+ readme=:INSTALL
+ readme=:INSTALL.htm
+ readme=:INSTALL.html
+ readme=:INSTALL.md
+ readme=:INSTALL.mkd
+ readme=:INSTALL.rst
+ readme=:INSTALL.txt
+ readme=:README
+ readme=:README.htm
+ readme=:README.html
+ readme=:README.md
+ readme=:README.mkd
+ readme=:README.pod6
+ readme=:README.rakudoc
+ readme=:README.rst
+ readme=:README.txt
+ readme=:install
+ readme=:install.htm
+ readme=:install.html
+ readme=:install.md
+ readme=:install.mkd
+ readme=:install.rst
+ readme=:install.txt
+ readme=:readme
+ readme=:readme.htm
+ readme=:readme.html
+ readme=:readme.md
+ readme=:readme.mkd
+ readme=:readme.rst
+ readme=:readme.txt
+
+ css=/cgit-css/cgit.css
+ logo=/cgit-css/cgit.png
+
+ #cache-root=/var/cache/cgit
+ #cache-size=1000
+
+ clone-prefix=https://git.tyil.nl
+ enable-git-config=1
+ enable-index-links=1
+ enable-index-owner=0
+ enable-log-filecount=1
+ enable-log-linecount=1
+ remove-suffix=1
+ robots=index, follow
+ scan-path=/srv/git/
+ section-from-path=1
+ snapshots=tar.gz tar.bz2
+ virtual-root=/
+...
diff --git a/data.d/k3s-master/manifests.d/personal-services/cgit/deployment.yaml b/data.d/k3s-master/manifests.d/personal-services/cgit/deployment.yaml
new file mode 100644
index 0000000..715a3f6
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/cgit/deployment.yaml
@@ -0,0 +1,51 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: cgit
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: cgit
+ app.kubernetes.io/part-of: personal-services
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: cgit
+ app.kubernetes.io/part-of: personal-services
+ strategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: cgit
+ app.kubernetes.io/part-of: personal-services
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: emarcs/nginx-cgit
+ name: cgit
+ ports:
+ - containerPort: 80
+ volumeMounts:
+ - mountPath: /srv/git
+ name: data
+ - mountPath: /etc/cgitrc
+ subPath: cgitrc
+ name: config
+ restartPolicy: Always
+ volumes:
+ - name: data
+ hostPath:
+ path: /mnt/pool/git
+ type: DirectoryOrCreate
+ - name: config
+ configMap:
+ name: cgit
+...
diff --git a/data.d/k3s-master/manifests.d/personal-services/cgit/ingress.yaml b/data.d/k3s-master/manifests.d/personal-services/cgit/ingress.yaml
new file mode 100644
index 0000000..4de2546
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/cgit/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: cgit
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: cgit
+ app.kubernetes.io/part-of: personal-services
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt"
+spec:
+ ingressClassName: nginx
+ tls:
+ - hosts:
+ - git.tyil.nl
+ secretName: tls-nl.tyil.git
+ rules:
+ - host: git.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: cgit
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/personal-services/cgit/service.yaml b/data.d/k3s-master/manifests.d/personal-services/cgit/service.yaml
new file mode 100644
index 0000000..7a6a5a2
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/cgit/service.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: cgit
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: cgit
+ app.kubernetes.io/part-of: personal-services
+spec:
+ ipFamilyPolicy: PreferDualStack
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: cgit
+ app.kubernetes.io/part-of: personal-services
+ ports:
+ - name: http
+ port: 80
+ targetPort: 80
+...
diff --git a/data.d/k3s-master/manifests.d/personal-services/dist/deployment.yaml b/data.d/k3s-master/manifests.d/personal-services/dist/deployment.yaml
new file mode 100644
index 0000000..5a85a00
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/dist/deployment.yaml
@@ -0,0 +1,47 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: dist
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: dist
+ app.kubernetes.io/part-of: personal-services
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: dist
+ app.kubernetes.io/part-of: personal-services
+ strategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: dist
+ app.kubernetes.io/part-of: personal-services
+ spec:
+ containers:
+ - image: docker.io/svenstaro/miniserve:latest
+ args:
+ - --qrcode
+ - /var/www
+ name: miniserve
+ ports:
+ - containerPort: 8080
+ volumeMounts:
+ - mountPath: /var/www
+ name: bucket
+ readOnly: true
+ restartPolicy: Always
+ volumes:
+ - name: bucket
+ persistentVolumeClaim:
+ claimName: dist
+...
diff --git a/data.d/k3s-master/manifests.d/personal-services/dist/ingress.yaml b/data.d/k3s-master/manifests.d/personal-services/dist/ingress.yaml
new file mode 100644
index 0000000..5c67478
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/dist/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: dist
+ namespace: personal-services
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt"
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: dist
+ app.kubernetes.io/part-of: personal-services
+spec:
+ ingressClassName: nginx
+ tls:
+ - hosts:
+ - dist.tyil.nl
+ secretName: tls-nl.tyil.dist
+ rules:
+ - host: dist.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: dist
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/personal-services/dist/pvc.yaml b/data.d/k3s-master/manifests.d/personal-services/dist/pvc.yaml
new file mode 100644
index 0000000..de9111f
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/dist/pvc.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: dist
+ namespace: personal-services
+spec:
+ storageClassName: seaweedfs
+ volumeName: dist
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 20Gi
+...
diff --git a/data.d/k3s-master/manifests.d/personal-services/dist/service.yaml b/data.d/k3s-master/manifests.d/personal-services/dist/service.yaml
new file mode 100644
index 0000000..999025f
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/dist/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: dist
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: dist
+ app.kubernetes.io/part-of: personal-services
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: dist
+ app.kubernetes.io/part-of: personal-services
+ ports:
+ - name: http
+ port: 80
+ targetPort: 8080
+...
diff --git a/data.d/k3s-master/manifests.d/personal-services/nextcloud/cron.yaml b/data.d/k3s-master/manifests.d/personal-services/nextcloud/cron.yaml
new file mode 100644
index 0000000..79a1f15
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/nextcloud/cron.yaml
@@ -0,0 +1,36 @@
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+ name: nextcloud
+ namespace: personal-services
+spec:
+ schedule: "*/5 * * * *"
+ successfulJobsHistoryLimit: 0
+ failedJobsHistoryLimit: 2
+ jobTemplate:
+ spec:
+ template:
+ spec:
+ securityContext:
+ runAsUser: 33
+ runAsGroup: 33
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - name: nextcloud
+ image: nextcloud:27
+ command:
+ - php
+ args:
+ - -f
+ - /var/www/html/cron.php
+ volumeMounts:
+ - mountPath: /var/www/html
+ name: data
+ restartPolicy: OnFailure
+ volumes:
+ - name: data
+ hostPath:
+ path: /mnt/pool/nextcloud
+ type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/personal-services/nextcloud/deployment.yaml b/data.d/k3s-master/manifests.d/personal-services/nextcloud/deployment.yaml
new file mode 100644
index 0000000..250f670
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/nextcloud/deployment.yaml
@@ -0,0 +1,45 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: nextcloud
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: nextcloud
+ app.kubernetes.io/part-of: personal-services
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: nextcloud
+ app.kubernetes.io/part-of: personal-services
+ strategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: nextcloud
+ app.kubernetes.io/part-of: personal-services
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: nextcloud:27
+ name: nextcloud
+ ports:
+ - containerPort: 80
+ volumeMounts:
+ - mountPath: /var/www/html
+ name: data
+ restartPolicy: Always
+ volumes:
+ - name: data
+ hostPath:
+ path: /mnt/pool/nextcloud
+ type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/personal-services/nextcloud/ingress.yaml b/data.d/k3s-master/manifests.d/personal-services/nextcloud/ingress.yaml
new file mode 100644
index 0000000..33060ab
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/nextcloud/ingress.yaml
@@ -0,0 +1,35 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: nextcloud
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: nextcloud
+ app.kubernetes.io/part-of: personal-services
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt"
+ nginx.ingress.kubernetes.io/proxy-body-size: 512m
+# nginx.ingress.kubernetes.io/configuration-snippet: |
+# client_max_body_size 512M;
+# fastcgi_buffers 64 4K;
+spec:
+ ingressClassName: nginx
+ tls:
+ - hosts:
+ - cloud.tyil.nl
+ secretName: tls-nl.tyil.cloud
+ rules:
+ - host: cloud.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: nextcloud
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/personal-services/nextcloud/service.yaml b/data.d/k3s-master/manifests.d/personal-services/nextcloud/service.yaml
new file mode 100644
index 0000000..7e03fe2
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/nextcloud/service.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: nextcloud
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: nextcloud
+ app.kubernetes.io/part-of: personal-services
+spec:
+ ipFamilyPolicy: PreferDualStack
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: nextcloud
+ app.kubernetes.io/part-of: personal-services
+ ports:
+ - name: http
+ port: 80
+ targetPort: 80
+...
diff --git a/data.d/k3s-master/manifests.d/personal-services/prosody/configmap.yaml b/data.d/k3s-master/manifests.d/personal-services/prosody/configmap.yaml
new file mode 100644
index 0000000..2785249
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/prosody/configmap.yaml
@@ -0,0 +1,160 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: prosody-config
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prosody
+ app.kubernetes.io/part-of: personal-services
+data:
+ prosody.cfg.lua: |
+ -- Information on configuring Prosody can be found on our
+ -- website at https://prosody.im/doc/configure
+
+ daemonize = false;
+
+ ---------- Server-wide settings ----------
+ admins = {
+ "tyil@chat.tyil.nl",
+ }
+
+ log = {
+ { levels = { min = "debug" }, to = "console" };
+ }
+
+ plugin_paths = { "/usr/local/lib/prosody/modules" }
+ installer_plugin_path = "/var/lib/prosody/custom_plugins"
+
+ modules_enabled = {
+ -- Generally required
+ "disco"; -- Service discovery
+ "roster"; -- Allow users to have a roster. Recommended ;)
+ "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
+ "tls"; -- Add support for secure TLS on c2s/s2s connections
+
+ -- Not essential, but recommended
+ "adhoc"; -- XEP-0050
+ "blocklist"; -- Allow users to block communications with other users
+ --"bookmarks"; -- Synchronise the list of open rooms between clients
+ "carbons"; -- Keep multiple online clients in sync
+ "dialback"; -- Support for verifying remote servers using DNS
+ "limits"; -- Enable bandwidth limiting for XMPP connections
+ "pep"; -- Allow users to store public and private data in their account
+ "private"; -- Legacy account storage mechanism (XEP-0049)
+ --"smacks"; -- Stream management and resumption (XEP-0198)
+ "vcard4"; -- User profiles (stored in PEP)
+ "vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard
+
+ -- Nice to have
+ "csi_simple"; -- Simple but effective traffic optimizations for mobile devices
+ --"invites"; -- Create and manage invites
+ --"invites_adhoc"; -- Allow admins/users to create invitations via their client
+ --"invites_register"; -- Allows invited users to create accounts
+ "ping"; -- Replies to XMPP pings with pongs
+ "register"; -- Allow users to register on this server using a client and change passwords
+ "time"; -- Let others know the time here on this server
+ "uptime"; -- Report how long server has been running
+ "version"; -- Replies to server version requests
+ "mam"; -- Store recent messages to allow multi-device synchronization
+ --"turn_external"; -- Provide external STUN/TURN service for e.g. audio/video calls
+
+ -- Admin interfaces
+ "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
+ --"admin_shell"; -- Allow secure administration via 'prosodyctl shell'
+
+ -- HTTP modules
+ --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
+ --"http_openmetrics"; -- for exposing metrics to stats collectors
+ --"websocket"; -- XMPP over WebSockets
+
+ -- Other specific functionality
+ "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
+ --"announce"; -- Send announcement to all online users
+ --"groups"; -- Shared roster support
+ --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
+ --"mimicking"; -- Prevent address spoofing
+ --"motd"; -- Send a message to users when they log in
+ --"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
+ --"s2s_bidi"; -- Bi-directional server-to-server (XEP-0288)
+ --"server_contact_info"; -- Publish contact information for this service
+ --"tombstones"; -- Prevent registration of deleted accounts
+ --"watchregistrations"; -- Alert admins of registrations
+ --"welcome"; -- Welcome users who register accounts
+ }
+
+ modules_disabled = {
+ -- "offline"; -- Store offline messages
+ -- "c2s"; -- Handle client connections
+ -- "s2s"; -- Handle server-to-server connections
+ }
+
+ s2s_secure_auth = true
+
+ limits = {
+ c2s = {
+ rate = "10kb/s";
+ };
+ s2sin = {
+ rate = "30kb/s";
+ };
+ }
+
+ authentication = "internal_hashed"
+ archive_expires_after = "1w" -- Remove archived messages after 1 week
+
+ -- Audio/video call relay (STUN/TURN)
+ -- To ensure clients connected to the server can establish connections for
+ -- low-latency media streaming (such as audio and video calls), it is
+ -- recommended to run a STUN/TURN server for clients to use. If you do this,
+ -- specify the details here so clients can discover it.
+ -- Find more information at https://prosody.im/doc/turn
+
+ -- Specify the address of the TURN service (you may use the same domain as XMPP)
+ --turn_external_host = "turn.example.com"
+
+ -- This secret must be set to the same value in both Prosody and the TURN server
+ --turn_external_secret = "your-secret-turn-access-token"
+ statistics = "internal"
+
+ -- Load configuration from secrets
+ Include "secrets.d/*"
+
+ -- Configure components
+ component_ports = {
+ 5347,
+ }
+ component_interfaces = {
+ "*",
+ "::",
+ }
+
+ Include "components.d/*"
+
+ -- Load configuration for additional hosts
+ Include "hosts.d/*"
+...
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: prosody-vhosts
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prosody
+ app.kubernetes.io/part-of: personal-services
+data:
+ chat.tyil.nl: |
+ VirtualHost "chat.tyil.nl"
+ ssl = {
+ certificate = "certs.d/chat.tyil.nl/tls.crt";
+ key = "certs.d/chat.tyil.nl/tls.key";
+ }
+
+ Component "muc.chat.tyil.nl" "muc"
+ name = "Tyil's Chatrooms"
+...
diff --git a/data.d/k3s-master/manifests.d/personal-services/prosody/deployment.yaml b/data.d/k3s-master/manifests.d/personal-services/prosody/deployment.yaml
new file mode 100644
index 0000000..6e2e995
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/prosody/deployment.yaml
@@ -0,0 +1,66 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: prosody
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prosody
+ app.kubernetes.io/part-of: personal-services
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prosody
+ app.kubernetes.io/part-of: personal-services
+ strategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prosody
+ app.kubernetes.io/part-of: personal-services
+ spec:
+ containers:
+ - image: prosody/prosody:0.11
+ name: prosody
+ ports:
+ - containerPort: 5222
+ - containerPort: 5269
+ - containerPort: 5347
+ volumeMounts:
+ - mountPath: /etc/prosody
+ name: config
+ - mountPath: /etc/prosody/secrets.d
+ name: config-secret
+ - mountPath: /etc/prosody/components.d
+ name: config-components
+ - mountPath: /etc/prosody/hosts.d
+ name: config-hosts
+ - mountPath: /etc/prosody/certs.d/chat.tyil.nl
+ name: cert-nl-tyil-chat
+ readOnly: true
+ restartPolicy: Always
+ volumes:
+ - name: config
+ configMap:
+ name: prosody-config
+ - name: config-secret
+ secret:
+ secretName: prosody-config
+ - name: config-components
+ secret:
+ secretName: prosody-components
+ - name: config-hosts
+ configMap:
+ name: prosody-vhosts
+ - name: cert-nl-tyil-chat
+ secret:
+ secretName: tls-nl.tyil.chat
+...
diff --git a/data.d/k3s-master/manifests.d/personal-services/prosody/ingress.yaml b/data.d/k3s-master/manifests.d/personal-services/prosody/ingress.yaml
new file mode 100644
index 0000000..dfb78cd
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/prosody/ingress.yaml
@@ -0,0 +1,33 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: prosody
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prosody
+ app.kubernetes.io/part-of: personal-services
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt"
+spec:
+ ingressClassName: nginx
+ tls:
+ - hosts:
+ - chat.tyil.nl
+ - muc.chat.tyil.nl
+ - share.chat.tyil.nl
+ secretName: tls-nl.tyil.chat
+ rules:
+ - host: chat.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: prosody
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/personal-services/prosody/secret-components.yaml b/data.d/k3s-master/manifests.d/personal-services/prosody/secret-components.yaml
new file mode 100644
index 0000000..27857a1
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/prosody/secret-components.yaml
@@ -0,0 +1,17 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+ creationTimestamp: null
+ name: prosody-components
+ namespace: personal-services
+spec:
+ encryptedData:
+ biboumi.conf: AgAOjX2cxWU2bj7GDIJ5l6GlFGqnko1/o8w3VeDcTRK8lw0gGWXEQe4fn8MAwKpaauMYU9ItSWASWF0oxG9BIlV73YXRZbeiWwCZImH9No2uaaYESOssnx+Yq3kDaYUybw2ycG74ixy7ZynoH00Pkv3QMTNrmOOvUwuJdnU8mChwVbyAh1XiG253Y7eALZ7t8r7exlQ5SqPLoWt+l/loCPXPo8/mlPZX4eOngCHbgX6UPznESynn+Kjk4Jo5mNzQngPZa9+LHAjFvRnn+fZpbX7bvv01Gj6enbdmrgN0hcOncrXmZ59t746Sqwfo91LKZjqlKbD2lqO9sXjAqh3SLH1L2XRxCRBZDJTm7EuNuTJ/0tWgWI+8o9NlH3eSTbCjafBfApdK8gl2KR7XrYpQoTXiE68osP068FNmrGldr4m3qWlZ35lzEuXD93Aey4vDl0K1mSBWJ67eAhbOFrlCwhdhMyxReacdlXLOAIytQ2vPtKiInlSLlcZklBWyrHHz4l6JTMrRSehGlwjT2jDnc8Zg5lpj8msb4vNcbTM9o8RJ8p3+s01tVZU5uZ4imaZ2OUEmVxnZb5lGbEGydbULkZKGXyQSJ2vYzveLiiXuijV3jlShVol8MN2C4OHkDkuxMJKUbMc1TD5HEZDeW45Gk9+bXL2DUC9i8H/seuZp7XFrhsPbnvYqwltPecRhyJJNFSFPlGch2yFNtWvXTFfRFw1wBMwYHbnlLdCkxaDShx6KpfqexpvMdLluKuN2LIBV/+EmWjK5zQ1UcYeMwCm6Zn43CuwNurk9Lv3+7y8vfIunkpOkYjMh5gWiigaaiPbEbiBvLtP3TOGK61y2iGmAA+beA4b6mAE=
+ sleamdge.conf: AgA2akX2XFsgBWl5FN1gRjQTnkhHejr1Puixw634sAfPoGVwP7/qdFQNE6hEtvuFJ2ocBguLZviJyxJZye8G0wLDR5NZ+yg+DIWYiZBYIPHHxc6gBW1PNsb/sW9j4rDj3KX/Gr63MNdOyuh/8+z6Tf8TfbGjGorGlGH18buHAACqraumEK8/uh0WCzTMPw+lmLdmtI2YAXiHWPHck0TcKtAoKaRzr3BKqOO50Lqw20Zr5EtDqj/xvK/zZI1yE1PDDaQpxnS/PRzspvx2owyTJHTAwukZLY1Jn0deRFnkoXgL6AUt3wz7uHqEVXTxfMuvanhqUE4/Ze8kFbc0FTF8fUZZoue2tIOBKlqCN68wn1Ow6HjUlhYZlF9CLHPj/hKL+OhEx/ejCUv79gWb1/GQijJcehXnWpFzXROiW85+CoRvVgb/aan5hEVpNOBZ6KfwSyYJHfOVSKlwxE/T8NjguQMN1WEqljYq3rmtwD0T/t+xZzlVJ1xh6hEiRmwlYOrI1mAxDdUKOnvNt/VxV1lSudsDWaXhLHqlj8pz4r4Y1y418kX4v8o7GOmKOWMrCj+g/aSM2m74UIi09dLoY9bCJK+4k6zXWfJ+aTmSz1m6NzmwV9H4Gg82S9v+T5TK9vqkw9/7HnPpEu3dWbWyH4mhl1tx2/XoJp/iTc8e+e/zIhs9SETrETQkwVYIXu5fpnKAIbzf/7FFQEUTMBrgCCc7QWWhrAFAqxN69fiyEi9aGDNDzzAp6ESg2kQo/0U3oAbqdRCJj3isApgllmcFj1QYsU+FYKbPsmXk2jfU4KqWKPlXbZ4srX1wqSKSqyB64ZBvI65RXOWCFmXS4fwBsya1t6evhgj5Sw4r
+ template:
+ metadata:
+ creationTimestamp: null
+ name: prosody-components
+ namespace: personal-services
+ type: Opaque
diff --git a/data.d/k3s-master/manifests.d/personal-services/prosody/secret-config.yaml b/data.d/k3s-master/manifests.d/personal-services/prosody/secret-config.yaml
new file mode 100644
index 0000000..64e1d2a
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/prosody/secret-config.yaml
@@ -0,0 +1,16 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+ creationTimestamp: null
+ name: prosody-config
+ namespace: personal-services
+spec:
+ encryptedData:
+ storage: AgBIomSzF4Wzwl/+oRYsQLSVuiCj/7Jwr3ftXwDGiZ6GRqsOmm9KZp71+4AUGvYSp1tTkSafzwK67ZZ7k6xuiOFXFDURczN/KDw5eduCtuGVcwrJAdJmpF4S3KghKkHuFDPJyZP95uI8bkHxGr1/J2QmQ1sT0pH3sWMr5E3e7cN1j4V8dzr98I+bCOgCVghbd187gEDz0QrIRespyvjvD28kopx/eri3re+zRkTep6krbH2w1x8H/Xdgs/iqCM3IXUugT1YbBuKJBPYc2T48K/ul4ww0GqVDnpYnzP3ThL9PClhXVeKKLLyvkKPn6JW43eWy1XVZ1xNwnZZAzcr1quteZeqLDSZlK/rr3PJ8uJVvHFlNrhZn61cl3TjQ8XjLgLOapDxLIX9yLEe+uK15TJCCnnmjSBQ5mETCW/vaxeCbFOjD+qdQbU2O/GbZ06fQNWqSmu5/Z75LNWYuwn3CT09B+4lctjDjrGMuYOxhtvug6Bt0qKtqMoIYg4FTPAueLj5nJ3vWu320xBpd7RgTIt/x+f/um23OjsaGsilAoz95V1bUdHs6t8txTlsgtXDM6GpiZoY5j7NfUuxm6Px+GaHsYDj0RZRlpOVZVhyucvvJxCc975BrvYjCmyrgopAQGzFO8TSdb91N9UnJ3lxcZM9KChZC3LGjAiqEz6aZ13Yxcd5f02Q7Nfp3DXYUYqL+HnDpi4fRkysmYkYO6jqT7joc9c57I8Zw0YRIoVPm5rU04aEe9V4DsQjR70cKpyaqk3eHxzVr+kYb+zqt21q+iBTHpK4XOsiV522XPsd56aU4ukf+j2g/XduK2SSIBqV1DYntYrFEzZAmuSpDRlYMw/AIh647ksrmt04y+SHV+IoegKVu0bWfOQJbWOtQYiskMnXBNXIqk9asIPyo2nuNAbDRxH0veuY4akM6QUhJ3jjfm/uU8O/A/kaQP9P6M0Z2buL/KSlTCDnGSPx8NSkGUSe0V/izO7WuK558zg==
+ template:
+ metadata:
+ creationTimestamp: null
+ name: prosody-config
+ namespace: personal-services
+ type: Opaque
diff --git a/data.d/k3s-master/manifests.d/personal-services/prosody/service.yaml b/data.d/k3s-master/manifests.d/personal-services/prosody/service.yaml
new file mode 100644
index 0000000..22e9539
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/personal-services/prosody/service.yaml
@@ -0,0 +1,56 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: xmpp
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: xmpp
+ app.kubernetes.io/part-of: personal-services
+spec:
+ ipFamilyPolicy: PreferDualStack
+ type: LoadBalancer
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prosody
+ app.kubernetes.io/part-of: personal-services
+ ports:
+ - name: xmpp-c2s
+ port: 5222
+ targetPort: 5222
+ - name: xmpp-s2s
+ port: 5269
+ targetPort: 5269
+...
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: prosody
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prosody
+ app.kubernetes.io/part-of: personal-services
+spec:
+ ipFamilyPolicy: PreferDualStack
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prosody
+ app.kubernetes.io/part-of: personal-services
+ ports:
+ - name: xmpp-c2s
+ port: 5222
+ targetPort: 5222
+ - name: xmpp-s2s
+ port: 5269
+ targetPort: 5269
+ - name: components
+ port: 5347
+ targetPort: 5347
+...
diff --git a/data.d/k3s-master/manifests.d/public-services/invidious/deployment.yaml b/data.d/k3s-master/manifests.d/public-services/invidious/deployment.yaml
new file mode 100644
index 0000000..0e3716c
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/public-services/invidious/deployment.yaml
@@ -0,0 +1,56 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: invidious
+ namespace: public-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: invidious
+ app.kubernetes.io/part-of: public-services
+spec:
+ replicas: 2
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: invidious
+ app.kubernetes.io/part-of: public-services
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: invidious
+ app.kubernetes.io/part-of: public-services
+ spec:
+ containers:
+ - name: invidious
+ image: quay.io/invidious/invidious:master
+ ports:
+ - containerPort: 8080
+ env:
+ - name: INVIDIOUS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: invidious-config
+ key: config.yml
+ resources:
+ requests:
+ memory: 1Gi
+ limits:
+ memory: 1Gi
+ nodeSelector:
+ kubernetes.io/arch: amd64
+ affinity:
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchExpressions:
+ - key: app.kubernetes.io/name
+ operator: In
+ values:
+ - invidious
+ topologyKey: "kubernetes.io/hostname"
+...
diff --git a/data.d/k3s-master/manifests.d/public-services/invidious/ingress.yaml b/data.d/k3s-master/manifests.d/public-services/invidious/ingress.yaml
new file mode 100644
index 0000000..b2542a7
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/public-services/invidious/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: invidious
+ namespace: public-services
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt"
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: invidious
+ app.kubernetes.io/part-of: public-services
+spec:
+ ingressClassName: "nginx"
+ tls:
+ - hosts:
+ - youtube.alt.tyil.nl
+ secretName: tls-nl.tyil.alt.youtube
+ rules:
+ - host: youtube.alt.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: invidious-http
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/public-services/invidious/service.yaml b/data.d/k3s-master/manifests.d/public-services/invidious/service.yaml
new file mode 100644
index 0000000..66c4ee3
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/public-services/invidious/service.yaml
@@ -0,0 +1,25 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ # Funfact: if this name is set to "invidious", things will break!
+ # https://github.com/iv-org/invidious/issues/2970
+ name: invidious-http
+ namespace: public-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: invidious
+ app.kubernetes.io/part-of: public-services
+spec:
+ ipFamilyPolicy: PreferDualStack
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: invidious
+ app.kubernetes.io/part-of: public-services
+ ports:
+ - protocol: TCP
+ port: 80
+ targetPort: 3000
+...
diff --git a/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-blockdiag.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-blockdiag.yaml
new file mode 100644
index 0000000..9def36e
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-blockdiag.yaml
@@ -0,0 +1,34 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: kroki-blockdiag
+ namespace: public-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-blockdiag
+ app.kubernetes.io/part-of: public-services
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-blockdiag
+ app.kubernetes.io/part-of: public-services
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-blockdiag
+ app.kubernetes.io/part-of: public-services
+ spec:
+ containers:
+ - image: yuzutech/kroki-blockdiag
+ name: blockdiag
+ ports:
+ - containerPort: 8001
+ restartPolicy: Always
+...
diff --git a/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-bpmn.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-bpmn.yaml
new file mode 100644
index 0000000..3fc2091
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-bpmn.yaml
@@ -0,0 +1,34 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: kroki-bpmn
+ namespace: public-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-bpmn
+ app.kubernetes.io/part-of: public-services
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-bpmn
+ app.kubernetes.io/part-of: public-services
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-bpmn
+ app.kubernetes.io/part-of: public-services
+ spec:
+ containers:
+ - image: yuzutech/kroki-bpmn
+ name: bpmn
+ ports:
+ - containerPort: 8003
+ restartPolicy: Always
+...
diff --git a/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-excalidraw.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-excalidraw.yaml
new file mode 100644
index 0000000..57fb1fe
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-excalidraw.yaml
@@ -0,0 +1,34 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: kroki-excalidraw
+ namespace: public-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-excalidraw
+ app.kubernetes.io/part-of: public-services
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-excalidraw
+ app.kubernetes.io/part-of: public-services
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-excalidraw
+ app.kubernetes.io/part-of: public-services
+ spec:
+ containers:
+ - image: yuzutech/kroki-excalidraw
+ name: excalidraw
+ ports:
+ - containerPort: 8004
+ restartPolicy: Always
+...
diff --git a/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-mermaid.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-mermaid.yaml
new file mode 100644
index 0000000..5cc3153
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki-mermaid.yaml
@@ -0,0 +1,33 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: kroki-mermaid
+ namespace: public-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-mermaid
+ app.kubernetes.io/part-of: public-services
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-mermaid
+ app.kubernetes.io/part-of: public-services
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-mermaid
+ app.kubernetes.io/part-of: public-services
+ spec:
+ containers:
+ - image: yuzutech/kroki-mermaid
+ name: mermaid
+ ports:
+ - containerPort: 8002
+ restartPolicy: Always
diff --git a/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki.yaml
new file mode 100644
index 0000000..78cf239
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/public-services/kroki/deployment-kroki.yaml
@@ -0,0 +1,53 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: kroki
+ namespace: public-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki
+ app.kubernetes.io/part-of: public-services
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki
+ app.kubernetes.io/part-of: public-services
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki
+ app.kubernetes.io/part-of: public-services
+ spec:
+ containers:
+ - image: yuzutech/kroki
+ name: kroki
+ env:
+ - name: KROKI_BLOCKDIAG_HOST
+ value: kroki-blockdiag
+ - name: KROKI_BLOCKDIAG_PORT
+ value: "80"
+ - name: KROKI_BPMN_HOST
+ value: kroki-bpmn
+ - name: KROKI_BPMN_PORT
+ value: "80"
+ - name: KROKI_EXCALIDRAW_HOST
+ value: kroki-excalidraw
+ - name: KROKI_EXCALIDRAW_PORT
+ value: "80"
+ - name: KROKI_MERMAID_HOST
+ value: kroki-mermaid
+ - name: KROKI_MERMAID_PORT
+ value: "80"
+ - name: KROKI_MAX_URI_LENGTH
+ value: "4096"
+ ports:
+ - containerPort: 8000
+ restartPolicy: Always
+...
diff --git a/data.d/k3s-master/manifests.d/public-services/kroki/ingress-kroki.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/ingress-kroki.yaml
new file mode 100644
index 0000000..9dea80a
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/public-services/kroki/ingress-kroki.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: kroki
+ namespace: public-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki
+ app.kubernetes.io/part-of: public-services
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt"
+spec:
+ ingressClassName: nginx
+ tls:
+ - hosts:
+ - kroki.tyil.nl
+ secretName: tls-nl.tyil.kroki
+ rules:
+ - host: kroki.tyil.nl
+ http:
+ paths:
+ - pathType: Prefix
+ path: "/"
+ backend:
+ service:
+ name: kroki
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-blockdiag.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-blockdiag.yaml
new file mode 100644
index 0000000..fcd20de
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-blockdiag.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: kroki-blockdiag
+ namespace: public-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-blockdiag
+ app.kubernetes.io/part-of: public-services
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-blockdiag
+ app.kubernetes.io/part-of: public-services
+ ports:
+ - name: http
+ port: 80
+ targetPort: 8001
+...
diff --git a/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-bpmn.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-bpmn.yaml
new file mode 100644
index 0000000..c2abec2
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-bpmn.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: kroki-bpmn
+ namespace: public-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-bpmn
+ app.kubernetes.io/part-of: public-services
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-bpmn
+ app.kubernetes.io/part-of: public-services
+ ports:
+ - name: http
+ port: 80
+ targetPort: 8003
+...
diff --git a/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-excalidraw.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-excalidraw.yaml
new file mode 100644
index 0000000..84033ce
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-excalidraw.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: kroki-excalidraw
+ namespace: public-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-excalidraw
+ app.kubernetes.io/part-of: public-services
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-excalidraw
+ app.kubernetes.io/part-of: public-services
+ ports:
+ - name: http
+ port: 80
+ targetPort: 8004
+...
diff --git a/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-mermaid.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-mermaid.yaml
new file mode 100644
index 0000000..8d48a04
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki-mermaid.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: kroki-mermaid
+ namespace: public-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-mermaid
+ app.kubernetes.io/part-of: public-services
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-mermaid
+ app.kubernetes.io/part-of: public-services
+ ports:
+ - name: http
+ port: 80
+ targetPort: 8002
+...
diff --git a/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki.yaml b/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki.yaml
new file mode 100644
index 0000000..a28bfde
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/public-services/kroki/service-kroki.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: kroki
+ namespace: public-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki
+ app.kubernetes.io/part-of: public-services
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki
+ app.kubernetes.io/part-of: public-services
+ ports:
+ - name: http
+ port: 80
+ targetPort: 8000
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/bazarr/deployment.yaml b/data.d/k3s-master/manifests.d/servarr/bazarr/deployment.yaml
new file mode 100644
index 0000000..e967412
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/bazarr/deployment.yaml
@@ -0,0 +1,78 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: bazarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: bazarr
+ app.kubernetes.io/part-of: servarr
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: bazarr
+ app.kubernetes.io/part-of: servarr
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: bazarr
+ app.kubernetes.io/part-of: servarr
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: hotio/bazarr:testing
+ name: bazarr
+ env:
+ - name: TZ
+ value: "Europe/Amsterdam"
+ - name: UMASK
+ value: "002"
+ - name: GUID
+ value: "169"
+ - name: PUID
+ value: "169"
+ ports:
+ - containerPort: 6767
+ volumeMounts:
+ - mountPath: /mnt/pool/media/anime-series/exported
+ name: anime-series
+ - mountPath: /mnt/pool/media/anime-movies/exported
+ name: anime-movies
+ - mountPath: /mnt/pool/media/series/exported
+ name: series
+ - mountPath: /mnt/pool/media/movies/exported
+ name: movies
+ - mountPath: /config
+ name: config
+ restartPolicy: Always
+ volumes:
+ - name: anime-series
+ hostPath:
+ path: /mnt/pool/media/anime-series/exported
+ type: Directory
+ - name: anime-movies
+ hostPath:
+ path: /mnt/pool/media/anime-movies/exported
+ type: Directory
+ - name: series
+ hostPath:
+ path: /mnt/pool/media/series/exported
+ type: Directory
+ - name: movies
+ hostPath:
+ path: /mnt/pool/media/movies/exported
+ type: Directory
+ - name: config
+ hostPath:
+ path: /etc/servarr/bazarr
+ type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/bazarr/ingress.yaml b/data.d/k3s-master/manifests.d/servarr/bazarr/ingress.yaml
new file mode 100644
index 0000000..ff20477
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/bazarr/ingress.yaml
@@ -0,0 +1,32 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: bazarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: bazarr
+ app.kubernetes.io/part-of: servarr
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+ traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
+spec:
+ ingressClassName: traefik
+ tls:
+ - hosts:
+ - bazarr.arr.tyil.nl
+ secretName: tls-nl.tyil.arr.bazarr
+ rules:
+ - host: bazarr.arr.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: bazarr
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/bazarr/service.yaml b/data.d/k3s-master/manifests.d/servarr/bazarr/service.yaml
new file mode 100644
index 0000000..1f3cc23
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/bazarr/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: bazarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: bazarr
+ app.kubernetes.io/part-of: servarr
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: bazarr
+ app.kubernetes.io/part-of: servarr
+ ports:
+ - name: http
+ port: 80
+ targetPort: 6767
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/jellyfin/deployment.yaml b/data.d/k3s-master/manifests.d/servarr/jellyfin/deployment.yaml
new file mode 100644
index 0000000..c2c38bf
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/jellyfin/deployment.yaml
@@ -0,0 +1,103 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: jellyfin
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyfin
+ app.kubernetes.io/part-of: servarr
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyfin
+ app.kubernetes.io/part-of: servarr
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyfin
+ app.kubernetes.io/part-of: servarr
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: jellyfin/jellyfin
+ name: jellyfin
+ ports:
+ - containerPort: 8096
+ volumeMounts:
+ - mountPath: /var/media/anime-movies
+ name: anime-movies
+ readOnly: true
+ - mountPath: /var/media/anime-series
+ name: anime-series
+ readOnly: true
+ - mountPath: /var/media/books
+ name: books
+ readOnly: true
+ - mountPath: /var/media/movies
+ name: movies
+ readOnly: true
+ - mountPath: /var/media/music
+ name: music
+ readOnly: true
+ - mountPath: /var/media/series
+ name: series
+ readOnly: true
+ - mountPath: /var/media/channels
+ name: channels
+ readOnly: true
+ - mountPath: /config
+ name: config
+ - mountPath: /cache
+ name: cache
+ resources:
+ limits:
+ amd.com/gpu: 1
+ restartPolicy: Always
+ volumes:
+ - name: anime-movies
+ hostPath:
+ path: /mnt/pool/media/anime-movies/exported
+ type: Directory
+ - name: anime-series
+ hostPath:
+ path: /mnt/pool/media/anime-series/exported
+ type: Directory
+ - name: books
+ hostPath:
+ path: /mnt/pool/media/books/exported
+ type: Directory
+ - name: movies
+ hostPath:
+ path: /mnt/pool/media/movies/exported
+ type: Directory
+ - name: music
+ hostPath:
+ path: /mnt/pool/media/music/exported
+ type: Directory
+ - name: series
+ hostPath:
+ path: /mnt/pool/media/series/exported
+ type: Directory
+ - name: channels
+ hostPath:
+ path: /mnt/pool/media/channels/exported
+ type: Directory
+ - name: cache
+ hostPath:
+ path: /var/cache/jellyfin
+ type: Directory
+ - name: config
+ hostPath:
+ path: /etc/servarr/jellyfin
+ type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/jellyfin/ingress.yaml b/data.d/k3s-master/manifests.d/servarr/jellyfin/ingress.yaml
new file mode 100644
index 0000000..f4997d4
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/jellyfin/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: jellyfin
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyfin
+ app.kubernetes.io/part-of: servarr
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt"
+spec:
+ ingressClassName: nginx
+ tls:
+ - hosts:
+ - tv.tyil.nl
+ secretName: tls-nl.tyil.tv
+ rules:
+ - host: tv.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: jellyfin
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/jellyfin/service.yaml b/data.d/k3s-master/manifests.d/servarr/jellyfin/service.yaml
new file mode 100644
index 0000000..8adc813
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/jellyfin/service.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: jellyfin
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyfin
+ app.kubernetes.io/part-of: servarr
+spec:
+ ipFamilyPolicy: PreferDualStack
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyfin
+ app.kubernetes.io/part-of: servarr
+ ports:
+ - name: http
+ port: 80
+ targetPort: 8096
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/jellyseerr/deployment.yaml b/data.d/k3s-master/manifests.d/servarr/jellyseerr/deployment.yaml
new file mode 100644
index 0000000..217f949
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/jellyseerr/deployment.yaml
@@ -0,0 +1,54 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: jellyseerr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyseerr
+ app.kubernetes.io/part-of: servarr
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyseerr
+ app.kubernetes.io/part-of: servarr
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyseerr
+ app.kubernetes.io/part-of: servarr
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: fallenbagel/jellyseerr:latest
+ name: jellyseerr
+ env:
+ - name: TZ
+ value: "Europe/Amsterdam"
+ - name: UMASK
+ value: "002"
+ - name: GUID
+ value: "169"
+ - name: PUID
+ value: "169"
+ ports:
+ - containerPort: 5055
+ volumeMounts:
+ - mountPath: /app/config
+ name: config
+ restartPolicy: Always
+ volumes:
+ - name: config
+ hostPath:
+ path: /etc/servarr/jellyseerr
+ type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/jellyseerr/ingress.yaml b/data.d/k3s-master/manifests.d/servarr/jellyseerr/ingress.yaml
new file mode 100644
index 0000000..690cab1
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/jellyseerr/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: jellyseerr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyseerr
+ app.kubernetes.io/part-of: servarr
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt"
+spec:
+ ingressClassName: nginx
+ tls:
+ - hosts:
+ - jellyseerr.arr.tyil.nl
+ secretName: tls-nl.tyil.arr.jellyseerr
+ rules:
+ - host: jellyseerr.arr.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: jellyseerr
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/jellyseerr/service.yaml b/data.d/k3s-master/manifests.d/servarr/jellyseerr/service.yaml
new file mode 100644
index 0000000..a8f3b18
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/jellyseerr/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: jellyseerr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyseerr
+ app.kubernetes.io/part-of: servarr
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyseerr
+ app.kubernetes.io/part-of: servarr
+ ports:
+ - name: http
+ port: 80
+ targetPort: 5055
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/lidarr/deployment.yaml b/data.d/k3s-master/manifests.d/servarr/lidarr/deployment.yaml
new file mode 100644
index 0000000..baea1d9
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/lidarr/deployment.yaml
@@ -0,0 +1,60 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: lidarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lidarr
+ app.kubernetes.io/part-of: servarr
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lidarr
+ app.kubernetes.io/part-of: servarr
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lidarr
+ app.kubernetes.io/part-of: servarr
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: hotio/lidarr:release
+ name: lidarr
+ env:
+ - name: TZ
+ value: "Europe/Amsterdam"
+ - name: UMASK
+ value: "002"
+ - name: GUID
+ value: "169"
+ - name: PUID
+ value: "169"
+ ports:
+ - containerPort: 8686
+ volumeMounts:
+ - mountPath: /mnt/pool/media/music
+ name: music
+ - mountPath: /config
+ name: config
+ restartPolicy: Always
+ volumes:
+ - name: music
+ hostPath:
+ path: /mnt/pool/media/music
+ type: Directory
+ - name: config
+ hostPath:
+ path: /etc/servarr/lidarr
+ type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/lidarr/ingress.yaml b/data.d/k3s-master/manifests.d/servarr/lidarr/ingress.yaml
new file mode 100644
index 0000000..535af5c
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/lidarr/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: lidarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lidarr
+ app.kubernetes.io/part-of: servarr
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt"
+spec:
+ ingressClassName: nginx
+ tls:
+ - hosts:
+ - lidarr.arr.tyil.nl
+ secretName: tls-nl.tyil.arr.lidarr
+ rules:
+ - host: lidarr.arr.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: lidarr
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/lidarr/service.yaml b/data.d/k3s-master/manifests.d/servarr/lidarr/service.yaml
new file mode 100644
index 0000000..1a22185
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/lidarr/service.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: lidarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lidarr
+ app.kubernetes.io/part-of: servarr
+spec:
+ ipFamilyPolicy: PreferDualStack
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lidarr
+ app.kubernetes.io/part-of: servarr
+ ports:
+ - name: http
+ port: 80
+ targetPort: 8686
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/prowlarr/deployment.yaml b/data.d/k3s-master/manifests.d/servarr/prowlarr/deployment.yaml
new file mode 100644
index 0000000..d1a21e0
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/prowlarr/deployment.yaml
@@ -0,0 +1,54 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: prowlarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prowlarr
+ app.kubernetes.io/part-of: servarr
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prowlarr
+ app.kubernetes.io/part-of: servarr
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prowlarr
+ app.kubernetes.io/part-of: servarr
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: ghcr.io/hotio/prowlarr:nightly
+ name: prowlarr
+ env:
+ - name: TZ
+ value: "Europe/Amsterdam"
+ - name: UMASK
+ value: "002"
+ - name: GUID
+ value: "169"
+ - name: PUID
+ value: "169"
+ ports:
+ - containerPort: 9696
+ volumeMounts:
+ - mountPath: /config
+ name: config
+ restartPolicy: Always
+ volumes:
+ - name: config
+ hostPath:
+ path: /etc/servarr/prowlarr
+ type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/prowlarr/ingress.yaml b/data.d/k3s-master/manifests.d/servarr/prowlarr/ingress.yaml
new file mode 100644
index 0000000..6fc78f9
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/prowlarr/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: prowlarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prowlarr
+ app.kubernetes.io/part-of: servarr
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt"
+spec:
+ ingressClassName: nginx
+ tls:
+ - hosts:
+ - prowlarr.arr.tyil.nl
+ secretName: tls-nl.tyil.arr.prowlarr
+ rules:
+ - host: prowlarr.arr.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: prowlarr
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/prowlarr/service.yaml b/data.d/k3s-master/manifests.d/servarr/prowlarr/service.yaml
new file mode 100644
index 0000000..3351548
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/prowlarr/service.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: prowlarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prowlarr
+ app.kubernetes.io/part-of: servarr
+spec:
+ ipFamilyPolicy: PreferDualStack
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prowlarr
+ app.kubernetes.io/part-of: servarr
+ ports:
+ - name: http
+ port: 80
+ targetPort: 9696
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/radarr/deployment.yaml b/data.d/k3s-master/manifests.d/servarr/radarr/deployment.yaml
new file mode 100644
index 0000000..c49ccb0
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/radarr/deployment.yaml
@@ -0,0 +1,66 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: radarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: radarr
+ app.kubernetes.io/part-of: servarr
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: radarr
+ app.kubernetes.io/part-of: servarr
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: radarr
+ app.kubernetes.io/part-of: servarr
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: hotio/radarr:release
+ name: radarr
+ env:
+ - name: TZ
+ value: "Europe/Amsterdam"
+ - name: UMASK
+ value: "002"
+ - name: GUID
+ value: "169"
+ - name: PUID
+ value: "169"
+ ports:
+ - containerPort: 8787
+ volumeMounts:
+ - mountPath: /mnt/pool/media/anime-movies
+ name: anime-movies
+ - mountPath: /mnt/pool/media/movies
+ name: movies
+ - mountPath: /config
+ name: config
+ restartPolicy: Always
+ volumes:
+ - name: anime-movies
+ hostPath:
+ path: /mnt/pool/media/anime-movies
+ type: Directory
+ - name: movies
+ hostPath:
+ path: /mnt/pool/media/movies
+ type: Directory
+ - name: config
+ hostPath:
+ path: /etc/servarr/radarr
+ type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/radarr/ingress.yaml b/data.d/k3s-master/manifests.d/servarr/radarr/ingress.yaml
new file mode 100644
index 0000000..0db9837
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/radarr/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: radarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: radarr
+ app.kubernetes.io/part-of: servarr
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt"
+spec:
+ ingressClassName: nginx
+ tls:
+ - hosts:
+ - radarr.arr.tyil.nl
+ secretName: tls-nl.tyil.arr.radarr
+ rules:
+ - host: radarr.arr.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: radarr
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/radarr/service.yaml b/data.d/k3s-master/manifests.d/servarr/radarr/service.yaml
new file mode 100644
index 0000000..729fe6b
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/radarr/service.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: radarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: radarr
+ app.kubernetes.io/part-of: servarr
+spec:
+ ipFamilyPolicy: PreferDualStack
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: radarr
+ app.kubernetes.io/part-of: servarr
+ ports:
+ - name: http
+ port: 80
+ targetPort: 7878
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/readarr/deployment.yaml b/data.d/k3s-master/manifests.d/servarr/readarr/deployment.yaml
new file mode 100644
index 0000000..a266b8d
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/readarr/deployment.yaml
@@ -0,0 +1,60 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: readarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: readarr
+ app.kubernetes.io/part-of: servarr
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: readarr
+ app.kubernetes.io/part-of: servarr
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: readarr
+ app.kubernetes.io/part-of: servarr
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: hotio/readarr:testing
+ name: readarr
+ env:
+ - name: TZ
+ value: "Europe/Amsterdam"
+ - name: UMASK
+ value: "002"
+ - name: GUID
+ value: "169"
+ - name: PUID
+ value: "169"
+ ports:
+ - containerPort: 8787
+ volumeMounts:
+ - mountPath: /mnt/pool/media/books
+ name: books
+ - mountPath: /config
+ name: config
+ restartPolicy: Always
+ volumes:
+ - name: books
+ hostPath:
+ path: /mnt/pool/media/books
+ type: Directory
+ - name: config
+ hostPath:
+ path: /etc/servarr/readarr
+ type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/readarr/ingress.yaml b/data.d/k3s-master/manifests.d/servarr/readarr/ingress.yaml
new file mode 100644
index 0000000..20297a4
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/readarr/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: readarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: readarr
+ app.kubernetes.io/part-of: servarr
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt"
+spec:
+ ingressClassName: nginx
+ tls:
+ - hosts:
+ - readarr.arr.tyil.nl
+ secretName: tls-nl.tyil.arr.readarr
+ rules:
+ - host: readarr.arr.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: readarr
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/readarr/service.yaml b/data.d/k3s-master/manifests.d/servarr/readarr/service.yaml
new file mode 100644
index 0000000..3d6cdc7
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/readarr/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: readarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: readarr
+ app.kubernetes.io/part-of: servarr
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: readarr
+ app.kubernetes.io/part-of: servarr
+ ports:
+ - name: http
+ port: 80
+ targetPort: 8787
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/sonarr/deployment.yaml b/data.d/k3s-master/manifests.d/servarr/sonarr/deployment.yaml
new file mode 100644
index 0000000..126acfe
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/sonarr/deployment.yaml
@@ -0,0 +1,66 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: sonarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: sonarr
+ app.kubernetes.io/part-of: servarr
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: sonarr
+ app.kubernetes.io/part-of: servarr
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: sonarr
+ app.kubernetes.io/part-of: servarr
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: hotio/sonarr:release
+ name: sonarr
+ env:
+ - name: TZ
+ value: "Europe/Amsterdam"
+ - name: UMASK
+ value: "002"
+ - name: GUID
+ value: "169"
+ - name: PUID
+ value: "169"
+ ports:
+ - containerPort: 8787
+ volumeMounts:
+ - mountPath: /mnt/pool/media/anime-series
+ name: anime-series
+ - mountPath: /mnt/pool/media/series
+ name: series
+ - mountPath: /config
+ name: config
+ restartPolicy: Always
+ volumes:
+ - name: anime-series
+ hostPath:
+ path: /mnt/pool/media/anime-series
+ type: Directory
+ - name: series
+ hostPath:
+ path: /mnt/pool/media/series
+ type: Directory
+ - name: config
+ hostPath:
+ path: /etc/servarr/sonarr
+ type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/sonarr/ingress.yaml b/data.d/k3s-master/manifests.d/servarr/sonarr/ingress.yaml
new file mode 100644
index 0000000..a8de1f9
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/sonarr/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: sonarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: sonarr
+ app.kubernetes.io/part-of: servarr
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt"
+spec:
+ ingressClassName: nginx
+ tls:
+ - hosts:
+ - sonarr.arr.tyil.nl
+ secretName: tls-nl.tyil.arr.sonarr
+ rules:
+ - host: sonarr.arr.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: sonarr
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/sonarr/service.yaml b/data.d/k3s-master/manifests.d/servarr/sonarr/service.yaml
new file mode 100644
index 0000000..dfd7ac3
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/sonarr/service.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: sonarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: sonarr
+ app.kubernetes.io/part-of: servarr
+spec:
+ ipFamilyPolicy: PreferDualStack
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: sonarr
+ app.kubernetes.io/part-of: servarr
+ ports:
+ - name: http
+ port: 80
+ targetPort: 8989
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/unpackerr/deployment.yaml b/data.d/k3s-master/manifests.d/servarr/unpackerr/deployment.yaml
new file mode 100644
index 0000000..d54c478
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/unpackerr/deployment.yaml
@@ -0,0 +1,88 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: unpackerr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: unpackerr
+ app.kubernetes.io/part-of: servarr
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: unpackerr
+ app.kubernetes.io/part-of: servarr
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: unpackerr
+ app.kubernetes.io/part-of: servarr
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: golift/unpackerr:latest
+ name: unpackerr
+ env:
+ - name: TZ
+ value: "Europe/Amsterdam"
+ - name: UMASK
+ value: "002"
+ - name: GUID
+ value: "169"
+ - name: PUID
+ value: "169"
+ volumeMounts:
+ - mountPath: /mnt/pool/media/anime-movies
+ name: anime-movies
+ - mountPath: /mnt/pool/media/anime-series
+ name: anime-series
+ - mountPath: /mnt/pool/media/books
+ name: books
+ - mountPath: /mnt/pool/media/movies
+ name: movies
+ - mountPath: /mnt/pool/media/music
+ name: music
+ - mountPath: /mnt/pool/media/series
+ name: series
+ - mountPath: /config
+ name: config
+ restartPolicy: Always
+ volumes:
+ - name: anime-series
+ hostPath:
+ path: /mnt/pool/media/anime-series
+ type: Directory
+ - name: anime-movies
+ hostPath:
+ path: /mnt/pool/media/anime-movies
+ type: Directory
+ - name: books
+ hostPath:
+ path: /mnt/pool/media/books
+ type: Directory
+ - name: movies
+ hostPath:
+ path: /mnt/pool/media/movies
+ type: Directory
+ - name: music
+ hostPath:
+ path: /mnt/pool/media/music
+ type: Directory
+ - name: series
+ hostPath:
+ path: /mnt/pool/media/series
+ type: Directory
+ - name: config
+ hostPath:
+ path: /etc/servarr/unpackerr
+ type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/whisparr/deployment.yaml b/data.d/k3s-master/manifests.d/servarr/whisparr/deployment.yaml
new file mode 100644
index 0000000..f650a60
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/whisparr/deployment.yaml
@@ -0,0 +1,60 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: whisparr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: whisparr
+ app.kubernetes.io/part-of: servarr
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: whisparr
+ app.kubernetes.io/part-of: servarr
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: whisparr
+ app.kubernetes.io/part-of: servarr
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: cr.hotio.dev/hotio/whisparr:nightly
+ name: whisparr
+ env:
+ - name: TZ
+ value: "Europe/Amsterdam"
+ - name: UMASK
+ value: "002"
+ - name: GUID
+ value: "169"
+ - name: PUID
+ value: "169"
+ ports:
+ - containerPort: 6969
+ volumeMounts:
+ - mountPath: /mnt/pool/media/porn
+ name: porn
+ - mountPath: /config
+ name: config
+ restartPolicy: Always
+ volumes:
+ - name: porn
+ hostPath:
+ path: /mnt/pool/media/porn
+ type: Directory
+ - name: config
+ hostPath:
+ path: /etc/servarr/whisparr
+ type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/whisparr/ingress.yaml b/data.d/k3s-master/manifests.d/servarr/whisparr/ingress.yaml
new file mode 100644
index 0000000..a71692c
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/whisparr/ingress.yaml
@@ -0,0 +1,32 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: whisparr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: whisparr
+ app.kubernetes.io/part-of: servarr
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+ traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
+spec:
+ ingressClassName: traefik
+ tls:
+ - hosts:
+ - whisparr.arr.tyil.nl
+ secretName: tls-nl.tyil.arr.whisparr
+ rules:
+ - host: whisparr.arr.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: whisparr
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/servarr/whisparr/service.yaml b/data.d/k3s-master/manifests.d/servarr/whisparr/service.yaml
new file mode 100644
index 0000000..abafcaf
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/servarr/whisparr/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: whisparr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: whisparr
+ app.kubernetes.io/part-of: servarr
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: whisparr
+ app.kubernetes.io/part-of: servarr
+ ports:
+ - name: http
+ port: 80
+ targetPort: 6969
+...
diff --git a/data.d/vpn-tinc/hosts/anoia_tyil_net b/data.d/vpn-tinc/hosts/anoia_tyil_net
index 4856c95..ff46bf7 100644
--- a/data.d/vpn-tinc/hosts/anoia_tyil_net
+++ b/data.d/vpn-tinc/hosts/anoia_tyil_net
@@ -1,16 +1,17 @@
Subnet = 10.57.100.3/32
+Subnet = fd68:1057:1992:3381:0:3317:0:2/128
+Ed25519PublicKey = 04G6200IYDzDT3H0Yj6ZjQUIUc8tCIvzPaXmyk36e2M
-----BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEAvcW/20fxgdGdNelD/eMwEpLChI03rvDbPHAp9en3cwlYaND40udO
-VxjRXj0rE9IA4N0f+o8oJdmG+mzl5Dd3rKXVnBnRymKzpNJ2w+cILPm1sQa6IO85
-F+7Q5v7lb5yFuy3JVi+tg4nqL+xHSZL6w/oPX667bR90oBJEd7C+U7p7r8DXvyHq
-cg9U1maDmZ0IzZtl6BxsjyfUr0o6xBtw+pCSIvOXW5xd4mfBPgvp+3nIcux6nek3
-VR6SJ85aXlYZxER23N13Vi3dGUJSIaBPN5MuS3IHBbAP/Feeyo8p4SCzl0AMfo/K
-+ZGcheL/NX7EVGg4XcZNgFaTBpusScOfxiRlzAeImomiQwKIywXp1otCn6dKIDj0
-jj146Dodf2nHRbTQj7H/2zyiRDjY/tpis/xTVA5AJu+p5aaXBA/eSb4H1OKL5qYs
-38/bUiUJTSbpWvC9WiHq/xi5GSs+3ehDara89yXXhunWLsqvSZOZacqeZQw8k+ip
-pNcnXbbtS0zqNQie3OEKY9qqOGKzjUiYu8yWJ4eo370XzlQ9sUgGfKmwCcc2c2jX
-Rrhjck+4DGeRA10oJpoxKArPaWrGWezIHJ49Jrc+xiTJ5EMVqOpuGvL5lrKn7g6y
-qYk1u6x0We1nCkMNN2LxrmL6j3p6PKRbWg7bczqPO4uEyT/575Ih2ssCAwEAAQ==
+MIICCgKCAgEAt+7D3zRySAfd9cYnMSNhp/yRnBygmnfLdKm/dH9X7QbJ1BNcQpTP
+I1RmC9lNlWABhB46DJUqQAQeGlZPUHxbCnmdDN6HyDaSA45m/yGUbVhN/ClK7iap
+EXfNmxZbtE4eBHDz5DsFe7i2nla4gogyiUQsvRgIP2b2v9qzBhqf2kXwv0X+n7hv
+HvQOdN60x/xm1+Vh6wsdX2HYatEh3dy1pfj+1RCQIWV1FDS1YVbFZFb1UJz917G/
+DIpM/Cb/3txH0ffVh2NVqFBW3kd60Cs42/6htpHucBQ1dRVZUCKKWz1sgi5H4nty
+HdPDPwOphrvNE7kXjvhkPIif1KtCr2SLwOK0UXR9iZtWuDH/Uxn2v7ofa0a3zKGf
+yPrVwzhciv2cdbXPiTFyAS8YbpQUQTcuqDVi1AxE8Z0KmuvgBtTtAzMDyoTLOfzS
+yZ3a0qQhX3nvLkXWh7cA7cquuP4LgP5iY1vJSRO2EZA61/WdKs8asl0EN8Zn8EEz
+opnvcM3M0ptBZy1Dz2X6Lz0QliQrzajmSRhfUMTOq3ARvnLsES14ZqehavH5Ntms
+G1OVdVnd7fqibMhWz/dKiB3uG+1e39isTPW3+22MEm4R0ngfF6olZ8SdHrIWFPW8
+bvdzf7ebFrjuqi6qN/NdUwrzWdDGU83W2xEBsHHbHcoKaB2uwcCKvjcCAwEAAQ==
-----END RSA PUBLIC KEY-----
-Ed25519PublicKey = 7jy41lK2S4BzhUVSAmULDSiZ9NQM4eQ0Geg2+F9pTpG
diff --git a/data.d/vpn-tinc/hosts/caeghi_tyil_net b/data.d/vpn-tinc/hosts/caeghi_tyil_net
index c5d5b05..4638c16 100644
--- a/data.d/vpn-tinc/hosts/caeghi_tyil_net
+++ b/data.d/vpn-tinc/hosts/caeghi_tyil_net
@@ -1,16 +1,19 @@
Address = 116.202.102.33
-Subnet = 10.57.20.2/32
+Address = 2a01:4f8:c010:ca5::1
+
+Subnet = 10.57.1.3/32
+Subnet = fd68:1057:1992:3381:0:1:1:1/128
-----BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEA2abFKFB1Dr1YMcAIWcy/2+jJn+suPyiQjz6vgt476P9a/I7SUCta
-P5QUPxvS9pZxFVTFKzpmdKxG1pbCAkhArtNg2R1VFEiYCxS+iey+F11pMPEZFVpC
-EIXeVDQeBm9UXjrOpcTRIwEO7Q2J2lzRrhGm6Rpb6XbdmtQ3S8XgVsXYwWoV7muf
-TE/d5fgtz8Hghti8w86FP9q61iH6AHCREwbHEUyat5hwznmbiNJHyjx+otI63sQo
-FS37EazhqCEvt9jyvVSmB7kVTOLnIVATWDaUlPCLLvps09eRsz6aAa7RHCGd3x/W
-mRHxDCbeKL4ilpo/FPZhANdQImLmFovOtwZ6xawRWKPcRXhkaL24qQC0MLH9wmnY
-oM6EMioWUa0F11iFM99DTK+NF2Pk8vHNzm0Ep5g0SHzqnAIDDzeNTC9ogwsETqL5
-t7VY1GXuKWgta9L2q03X7FMEgjIc3lPgVLc0Ccx11MTgVzcIaLxFQ58oo+xFuc9I
-rBqjZgJwg5MTdZiyZesLJuV+YP+yRat3LifAwIZhloSBVPU6YKx/y30BHjDM8FP1
-OM2IzJLrafZDy034XyD4s62YsKrHMcQ3CeoQ80QjvSyWvSlvn2vEqrbWIZADi0d/
-8vgl44gF9g9yN++G6S7BsTJ5PNgv0jrRFu/RpEN1hVOuo+nBqFsvxW8CAwEAAQ==
+MIICCgKCAgEA7fatifnB0LfafcNiKG+cZDeBkFynsFSTMA9dDSQOXYoowLSUOcWj
+5WW7b0m6ltM3mq2sAB8fTDJcageycjli8e0b6MzrAhmvzdCMlOBJXuE7iIRJU/IR
+cHjpLzG3tBNtO1NudbeGccC7uzmJuPrmBqX0lsy7FQqIad447FzkwOK5oqs1AEOk
+tgCFoEScQjPVRVG6JhH2DaBMAQ7rXbGmu2+SnZvxmHTA0Daiv0mthv9D4Mm4MIPJ
+QnyMVU85t72D1I/xlugjQI64PvAiROi6Ftm0il/YMiTWC9cxbR8hdpaxJJUoci38
+9KylJ87EpNDsgstlRw+MBvOTeL55pnPQXliQRrhpukAjHpTU38kQXRl5D613jzCy
+o8YGT6midMXnAk3ppr9DQX5113gCLXAwkUpy5pS/PpdQ7tqe1DcCsegYuomeVs1w
+pQlCPH7TJOj+vRaxVbDCvJq3u9wA7mzxoFdS0TiTq9fGIRE0hcCy+iFUEaOA54Fv
+g5Q6p5urtrw0AZueF/UCg+A6C1ag0pTOyoVb8VgcMnN80w+QVrxxB+k4VBzIbg7S
+gp1IgPkKKavTCbUb8cu4q5sidr8xz2diXanwSUjRwRbd6AcZgHU8rIjnUiYokw8E
+5Y2FEYaS4sN6jbZ56AbjmWmTWwo2uYndq4VG4CWYnX38t47HJRQFBtkCAwEAAQ==
-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/denahnu_tyil_net b/data.d/vpn-tinc/hosts/denahnu_tyil_net
deleted file mode 100644
index acc2038..0000000
--- a/data.d/vpn-tinc/hosts/denahnu_tyil_net
+++ /dev/null
@@ -1,16 +0,0 @@
-Address = 81.2.254.110
-Subnet = 10.57.20.4/32
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEApFXqCta82BLknLg9jI4ZLmjROl9S9worvIo4hQeDFtZrKlelfx8f
-RwfT9xF4YwI688FAlmZcGc1iRUTuCt+Pfbc+Lws6Kw1U/QIqAnga80chLzOkwPxV
-idZyMPpZ0nWc/XCj63znozr6KGPVgibNKB3p/qGI7f00CVWJHlff7knAmCiShxyK
-z+d7WglolSv7H7QE0Qz5tyMq7zkeide2MINd8Es+UpM4RpJHNIjFZmXm+lmfk/mW
-fYYIi0z7dbOv+9fKdgljyAahL+sKIH1lfVTIaywY50eq7rAuG0UrA6/HXrNS9Hs2
-LNPfUcDVQLwqM+ZTCbVykQ29/EyU28RRwDM/L85NY6YFSvCv35lqaeo+PokTFMI4
-Dzro+IyEI4VvCQ4CeA8085HVTErnVMCRI4hwooyuBBmiKVB62KfHDD6D5J49dg8A
-NzSkjmx1tqF+B8bOpk+gHJsk2ZXc1oU44S+1ydG7SdbqF2KWufpr9DIVIkTL64Cl
-9ymrmdW86NYTpsvUJVdqw+RW+hE55vUPr+/0mMkNVFdWy56EICxKqhW+wN80CxNE
-raiNuFWqKPxw3yrAomsgPIuH/a3bmqsTzHb5Rmkw5nArWqSENagF5tVFSBUcZkWb
-6wwu/ourq6q1HXwP3Z9/03quelwKqmjPxwUCkl7CYeo8um1tjANeZvUCAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/edephas_tyil_net b/data.d/vpn-tinc/hosts/edephas_tyil_net
index 6e095bb..3dc161a 100644
--- a/data.d/vpn-tinc/hosts/edephas_tyil_net
+++ b/data.d/vpn-tinc/hosts/edephas_tyil_net
@@ -1,16 +1,17 @@
-Subnet = 10.57.100.7/32
+Subnet = 10.57.0.1/32
+Subnet = fd68:1057:1992:3381:0:0:3317:1/128
-----BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEApxmzAXv4Mch5FP5AxHmpvHjkJGxcegbFzdFzHjhdLDJ9MQQZdM1p
-PomhyYXB9Gsq4oJIOcjqJJdbp4dchYGJ++eS3V1wwstLMTl/+kWZ4ojI9sb/J5rl
-a3gknTjipdUuoOpdkAkXKCbq9AXyFsvLr4Q6WaFpeTuIjNb2QgPOLUmcD1eNCdnn
-KcHQAGR3zRh3uu8zMkaJZwQDZAdRLV6b77OLe7PXCsYgQ68qw3uti3JENv8VC80T
-UxUmv8He7xgAqRCJbD3FH3WT2O63mK9jpnFj/BKDTm5k4hUDtZRY1O92JUqQAruw
-gq3I8mhSqFMkvt+S67u950hRzN4/ZGs7lzxRkDqDqLy+ZISN2cDpbX1i4WmZFfex
-zj7ZbmfsVzwSF/+K31AOQrODt79bGGFwjZgAVn9Cny/bysBxrOJy39D2Awioynpc
-mjICtRP7utpo959YmSNsEcjfamIHVfUOTsEoIYhYASmWRjrSF6v7j2bbC+aFOWsf
-yIRZc0EtH803/Ks++ieIDWFmhB0ydtkqFm8HK2eyqOqnlHTepmrDflkxfao3JTXP
-CbldDpUGKBcLZ5FNaJ5hlQHnJGzU+wbnc133cdYtg9vvhFVgameme8ElcOjZZxMJ
-fPWXMAWc2Szx3Hs/jlaTSIH2GoX1Rr2HdrrNg0qOG/qhLPNrtmrxH/sCAwEAAQ==
+MIICCgKCAgEAoxlT2zGSu5YwG5sgZc5u1ulntwLwqTwjx3jAL1ys8ZMVtzkBu9UZ
+2CjLA8XsdwwEnflgO4HpNzXtLwNiNBo6D5NrL+XMZj/XxsIbGMyfumYNhCJEEyTM
+5aROf3vuggKKzr5RYdoe7GxNcoIwnse0JZeBA+hhzIGgyWJwyzIzQ5EGioesFIc7
+2wPRloE4sprvP14mOvoZkUSQvrhfnAYw/xTHyjLvQUjrrh1EMj78bcs72qzdFNqd
+TbV860+2AXvc2ZU8gV40AfWuNL0fIsGCVXUhWX8+gOD75zLd41jJFqRLgLQmUXC1
+h3wMXe0ckXMMFmiFVXOKnZDZwBYHwFEsU2nt0WPkbzMgzcprvkWXg0xPomtyQ7lF
+8Zavohsz/+AjKKNKt+vPNlRQ3kBOdOvlwdcgWAOnVnF75Vct/X7vNxa7kjNdSgGe
+bEuLsCvJe/uRgvE9Dl6Ostkf5V/XLIUtXqt7kdizrhAPaUL7D2Y9K9qJ08qzQCpY
+yY+STnJ0uKzWI/5sbPmEgY+UTJAnC8bCUN3nZ0xNJwxg8VdELYJ36Z8T5sWHLzcW
+pz0jh9OeCAsM6YwapWVX7mqDN1ZF44mb26gfSpOw1Zg3kSoomVg8BNuhl4f/KX8O
+7CsF6lxhjyLRtCoFgTpOWfpSa+57yAMWDc5H8KSmahXWMTYYdfD3IXECAwEAAQ==
-----END RSA PUBLIC KEY-----
-Ed25519PublicKey = 4ABczlbBBLs5WMztIzafWw1ozwKZVkj4/of3Jc6awiO
+Ed25519PublicKey = h85o5piU40cj89zoEPcMq3H5ycn2VbNGKOmtLUnVG/M
diff --git a/data.d/vpn-tinc/hosts/faiwoo_tyil_net b/data.d/vpn-tinc/hosts/faiwoo_tyil_net
index f5eb8f3..869bd4b 100644
--- a/data.d/vpn-tinc/hosts/faiwoo_tyil_net
+++ b/data.d/vpn-tinc/hosts/faiwoo_tyil_net
@@ -1,16 +1,19 @@
Address = 65.21.5.254
-Subnet = 10.57.20.5/32
+Address = 2a01:4f9:c010:e20c::1
+
+Subnet = 10.57.1.4/32
+Subnet = fd68:1057:1992:3381:0:1:1:2/128
-----BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEA3nBf2UWehfNWNrR6i4HJp64aPYI5SpV/7LplRwqXcmnJuHmQJ8Ht
-Tozv5RHGGUNoSigbDxJSe16RQ0ESAzGNPSUEV6kntySXLvHSYb+SdjFm2wRpL8FI
-8t69ZnRF0x+4ZShfa0rgco8sDdkhuPMNrPu8U6bMs+o4Lh8sVTRhDThv2+VfQkxG
-T4G9kgdsxP0yi8sq1uflSYY3mYlVl9OPZwSO+vcVO9JFPvkVYFrqDHtvFGFqziQ/
-KvKcjwDTjpNVkFfJD6SIheeVrhysGk8qQIVMYc8yW9I8HGD7uP1BccZ0C/+b310i
-y3qkNz/qqtgy0AxrrzbmFsVDgVyiPlwsD2SL+C4m6uEvB0FvYeL2/7vL8fI4RqcJ
-ORAcA5G4FgzZRgHdZoZ1W4OB6eUCV4g9l425qbP3VVngJjX9PjPA/puz0i1IB0ZW
-6ijGccgYtyj5+ibt3if0+inepT2BJba7pyQ4A92ogfsQKlSg1x27CfvsGKuMZjdo
-y/akxYPEqKHQK37smpjcQTLVmLTTbGnf30ObTNW5LOJUmBue9B4fqBA/NV4fM1Gj
-Omw/lazjwrJuenwEeGegRQhvjKlBLdjOnzsLoVrCCIe90KK/+RVSC0Mi2D0dzEPE
-BNSbD4EJYs+6dJVT7+sneS8iwg9kG9wZ+UjeO4vraEjMrKj9BaKiJ1cCAwEAAQ==
+MIICCgKCAgEAz2BqK568OVNM3JWfeFzw4+GYMbXHZH/AiLrAABq5IhW+pAMtsKtS
++7EYGt0n0DpGo/J6XNNbduHbAlYdZa3ybhAaaGzUnHDbygdisSXBm0nZ/7vD4YUe
+IoreWyr5VcB8mfegQZRIxbs03ZqI2GGNFAxvT+Ot6HxkpBMq/iVcOkWWzANtP6S7
+njieoLyCTgt3JBX0UCIC2Pnne88HBlgJatbQNRTT+0ltDKNHozUJ6csKYiraWqEw
+yF0Khp+nro+XTn19Aj/V16kIL90oJJKVPwWElXUhooPh87PGoQ4d27DPOofkrE30
+cfv8PI+vHc1H4Eclyy81DwYFp3BKlWACHFOswN8F9bjCOS4aEJajHHEVfGCss140
+rsoNCWkR0GB/KnTzNpu5xpa5o7mllu1LfNU8ICdbhI74zOyZurPIhzH34BZLOROw
+jqvmnyNMX4jSCNCFhP4IZhL1QlpkA93AjNKIE3KyHWHTSgor+k5RvecSCzo22CDA
+5AUaB6lwr//T5XhfB8R94RwMe/zbL0HrtCVXo2tX61czDX22Z+f949LoklAQEtrW
+649hcHJhrUev/QLl2FQ+w1C//9P5JpNjByN1ifgJfVukoxsjnaggygvdn5uHIL4V
+BsmRe3cZoEGmyyxTTJr9CjyqsO0wC/ID/b0Qzc2TVcKMfe/RuYQOlXUCAwEAAQ==
-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/gaeru_tyil_net b/data.d/vpn-tinc/hosts/gaeru_tyil_net
index eba305b..28cd86b 100644
--- a/data.d/vpn-tinc/hosts/gaeru_tyil_net
+++ b/data.d/vpn-tinc/hosts/gaeru_tyil_net
@@ -1,16 +1,18 @@
Address = 37.48.120.26
-Subnet = 10.57.20.6/32
+
+Subnet = 10.57.1.2/32
+Subnet = fd68:1057:1992:3381:0:1:2:1/128
-----BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEA9NUrWO0L8lqrfs4BgZsLdfJZPfKx+Fi8P4k79CIBuVfkQ4OzJmoV
-ahupoOo5edjYLJK09epa9zFRc1DuaotYC7Wm9DdIF82WNZXN9x/Mvuq06WaKXBdj
-iTJKbYfVN/yv8Xfjzfp4DH3txwsq+9AuICHJkHOmb0lsDinpfbmP8C8ozBnutrLM
-XGaIzXzkV2NbunyjaiR7dho5+4P6wedck+IV63KRzepbX36OW9xImmEEpBPeMPzd
-VOgWs35FIgnE5uumXXfIax9CA9wFahvMYUlQbxA6kCg9PTteM3C44udFx8DxzGcR
-giKEbfxjcZ4pK9JG+LTxNZC2BK1gsUNw8sX6mEEY496cs0T10RWzRZM/HvMIpj1W
-5i72yh6kc8ieSr9hGIkm/oM/gwrFeC11PZQKis1P/0O5j7Lv6S7u6Edrpy/+WziV
-Yk10eZXzHcFuVAh9+wQUeD3v4bMQA/mE8RPI9JX4Xkpbu1LOhtglEwFU1CWlG179
-B990cfr3cjJkTqS7qEfWuNh2lQd4iwpgqyPZB7Dd7tHT5EKEZSZ+4+w9Xo8xfy0v
-7pdfImVHZ1PGVEsRk6AZZqcVcCRrjbKfqqL0m9JmB8vV5L3oZL/mXhFkh52aRMeZ
-tzODNlBH0LW2TVVrBw3DJxFyRCRYjk4At8jagVe9fYM4ERkTQxqCFi0CAwEAAQ==
+MIICCgKCAgEAukTWaVQYkx45hOQiXS3XPaEU2HM/FHfqgsW3/0eHkAFPJk642dm6
+IO3xiiF0zEDQMjj2f/t+nLIQ6SgTtH3ajT9OODpvCyixpNPOWbiGeXK0fgDCd/52
+buf+9TJGq5BSqqKYNGWFX36BbZ9AnIJU0Y7lrEGwPUiG/utNJLlXlwfj1u8C0W3T
+sg6eEX0WoP+IqnBXE4NA5Hl2wXQj4jMsU0c0ZHkEdU9Y2jnCl5C6H5NLFykc2qmU
+TMZzCth989TuyfrKQ+XMJjlueWrDA3x9TRJKuJLc7fEr6MpJiJAGkh/cDHR+o693
+9R3ry4Wt4EjQiJFg4/OhtWXv5v/ELiA6BHNBB68X6x7ByYjvtkIXy1lzbFjR2DhY
+dNzZjSbGUjQpIqJUlLWi+/iLQRy93TjxLTqhUwDS0sde7qsxZnzaM5Owc/G/sZ7e
+VroltC2b5DZRMs3EbERdYs3RkpwE1quHFrzwVcCy8D1GEROKle/yg5Ksb3TLVs2c
+oPoq7rHsP6kud7r3HzNO+BUi0FzuZdCqQiVyp1H5L+ZfWZzGOJksbntb9GYDIOYC
+eWZurL8BdajY0zpSyGRcrwzcKFBq6GVdVoCLX5GQFY6rCQey+b0iTlF0rIcZxPtk
+q4dZ4DuBeq75HF9plWVoVMmq6LQfkLLphWHO/EP2ux0zRnBvXSSFtFMCAwEAAQ==
-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/hurzak_tyil_net b/data.d/vpn-tinc/hosts/hurzak_tyil_net
deleted file mode 100644
index d55cf55..0000000
--- a/data.d/vpn-tinc/hosts/hurzak_tyil_net
+++ /dev/null
@@ -1,16 +0,0 @@
-Address = 178.162.131.11
-Subnet = 10.57.20.7/32
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEAmL0UOj+pMAV7R1Lq0rj3D+oGRnp5fz1q+jtbK3janX7gz0lFcXA8
-k6nOAzwksihQ9QfPLa0NEFpZ8PbLZP1mTFCf4f+1RWy9S2o4hLEzi+Ka8h/X54oH
-jOcEZQd7hGpwDGvU/lTG+1Iofh4NAsuiKIS/pT58fZ8WIGDIbL5PHYGas44MEJX6
-BXn9CJx8kzktFGJ27isCrl93kueSqp9ajNCCsmoisJxxdyxG8L+iWktuusTOoi31
-IhmKqhA9wf87p5bYJ7Ae1079OXT7RxjExG+z2C9s6UouxDEmI2oXtmn5luRQkikw
-T/nV29NJoUETcgVgrW3LHKr25cbXoaeosIgRsD6bLs0plOzECNrpl+/7ZKhr86M0
-ZynJyfoAWFVKaCHSqD9Js5HH13U7oOpTPMIZgZO0CwtESeUE1z7j4xNPMF8x9Ajg
-E7zny0SVO5JJNPqy6WFa1s5fWjU4YlFZKPG2jpIBqgw/unOCywQlQlrJH26Oo8RF
-5l9ccLmdQY2HWIpeY/BCEBCAZnsEt1/dV82HvgDeULXDyUOmpPgaNzCH445lzsg6
-xKtAyWt32VWS9x/OdAflmeHvKk+GM7g0X7g7IxCzkLRMYSn3M87IBKQ/cjE7yg50
-CbaLBdiDc3tVmR90fRalt/7PCccPychrFRFzE7E1/RIJKzqh6JTHUVkCAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/ivdea_tyil_net b/data.d/vpn-tinc/hosts/ivdea_tyil_net
deleted file mode 100644
index 17f8c89..0000000
--- a/data.d/vpn-tinc/hosts/ivdea_tyil_net
+++ /dev/null
@@ -1,16 +0,0 @@
-Subnet = 10.57.100.8/32
-
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEA1cPD37/K8EHfro9L/qmEGcG7Ivu6Lvc9K9ry2f6YAjvLQHAwFrf3
-WXOHwg+x6aaE8Us7f2gHs8tU4NMNz4ggSIOesDOSUrVPOrrvZJnDaPzl8+bIOCrq
-WOlgmo3RJv4w9G0QGmE7QGK2nX/gA05zaAMDP7Jd+yh7ohtYosth3/j/hetRdLD4
-j6D9tuwGKoQND3rlc7P4QV9bMM1wvKw63hj08YowBzD5GkYN+J833ZN2wmRqAvLp
-cRnELg/UqSp0wu0l5VJImi8oz59zGzWPzxFBakemjCkM7xVe5LKK3ZkjwojWDTqG
-BQXnhInrFplDm6j+A+jM1iOLwhwg1LbWthhzvrvZd68Dl3oBAsmRM8YmY7RjDpNW
-nhqPWen5fum9kURwczY9GLj5GcRkBjEXVTU3KTpYKXeTZrRc3HT69WbbzdfXNKYj
-aKRdL/OJZG4hNZFRgPHJP1svNrf4DLZiWIoAjeAdgXcHih1cUi2rP530YvRaajwT
-FFDgcfRdWp00WQUkJ8Fcl//rynnZWjHSi4NXTsB7qVvdFClNqglxVewzBgBkriEO
-n7SIXz6iNTaKLD63YaUY4oiqg4yY12P6ggY6U2atcXmK1g9syaYTIVD6MAA7XDxY
-uI88cs2AZnjLsfpW4p7TD90r1qRZjbkguLhy71cEaIZMbH+H/8eAyD0CAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/jaomox_tyil_net b/data.d/vpn-tinc/hosts/jaomox_tyil_net
index c1b7faa..0ba1c21 100644
--- a/data.d/vpn-tinc/hosts/jaomox_tyil_net
+++ b/data.d/vpn-tinc/hosts/jaomox_tyil_net
@@ -1,16 +1,18 @@
Address = 163.172.218.246
-Subnet = 10.57.21.1/32
+
+Subnet = 10.57.3.2/32
+Subnet = fd68:1057:1992:3381:0:3:3:1/128
-----BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEA1hTIMQha2vUVy0c8Ci5jF06T62IDDj9FhBtDBKOsvlZ1Lzh9OsqH
-x7blL0WNBDoqmgyX0RdDwUIqnMOttMFK4y6ARY50Yw+s8m2uy3i9FgRUn2Y+Qjc8
-SmFh1fKt9yThKfBFDhUmTW0vjXlWR3jf77QB1PAJzk8wRmDx0GbBzcrsRMBrKc9a
-rUN5mXz96xjkzq4vsAQ8W8aa4OmTR+oZcSe5iGzksXoh5BxmV8WjHK5ZpjuNi6qt
-t1pWWanq3DG44/5pfvobULDh2Z1b8dV4oTGZW9CFFHmjOve5f+AQuy6nnFX9FH6R
-dQ41GRCt3FFGMiCmej1BErPW2dE53A618vmcdd0J5Tt41TXX3oJo+gw3F1R5pNV7
-rd6hg634Iyx5y3JIJh9gQXbygCAnq32vtI6/j60MyGHk2Iu6KjfhtN56X/PRnJxa
-G2swLdJtUi11WgEhEdBd2x3l3P46eVj4YS48d3J++9mFKZ+ejoKosc7u5Xaj055I
-q0fQudOZswD4i8JT5cn7VFYAZSM+Po9Yxq9tfaIm5jld4f/XJGYL39lXBrUTFBWh
-PFXDrb35MstSVgHWlKtsLJj+Por4K5NxHdUHRIsOaMGem5GgOYos0AvkLYiQngey
-noZ41YSSyJwitHefW46+PKmx5MVlcMcwDOSpvZImTphnlKEttg9/RwMCAwEAAQ==
+MIICCgKCAgEAwy7NrCkjxHY3kUJB0l+cbhDWmxkPsj8fT57cgP/a2QFUc/N4uqdX
+ban2P04KDVzAed9myZ+bRfLNS4umR8TKPY+EB2SbexYowgAaGWzEEfS01YIcGKqf
+Cc/CJeSlHo5X3DWong+K4StqZXcqrjJvApzW/Hdg1F5bLC9ENbC1lTR1ppKUELOJ
+zosbGKmtNDiaGAg+8qOvIXNjf7B+FcWTpL8PtLWXmoSbd4QundNPsD2lfcz2F8cu
+GIbKaV0k0JJGtDdw5XYFgJDGgTewChuvUKYM2q/XP3AtExoGVEMNm440udv/WASE
+4oFs+Dk/aUXI92kkcArbG6pCbzTUI26THlc6ukQZgglxNFhkZae6hqXn3GvVl6Ht
+aZ3DG32VdNls/mgk857O+xk5aY46Nexcc9UYVpAqmUixb+FOtklsOb9ynD0J91qB
+ajL+a3CzDKGC7ICILaZVNSkhP5heOqb/KIIqPk3tRBNmD3uRouo74Leh14EVyA/H
+TP+fRVf5fFAp1Qmaq16tZws9QQj7wte/UhOx1IG2A93FygutwcgAHBokCjRhlgZm
+V9YkVLcdZr58Os1vrocQyu772XgslVUZXDAUh6cieLbv06cvB5wVdL3MoTSSalyo
+cPIrjXsLrWA43OuCGiUKMEUG5ZGQ4/HXX60ajZma1EyAbTwsi3po1VkCAwEAAQ==
-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/krohxe_tyil_net b/data.d/vpn-tinc/hosts/krohxe_tyil_net
deleted file mode 100644
index 0655f39..0000000
--- a/data.d/vpn-tinc/hosts/krohxe_tyil_net
+++ /dev/null
@@ -1,16 +0,0 @@
-Subnet = 10.57.20.8/32
-
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEA0kL+MH9xOLAKrwUF17a642QLnU+72xbxiFtbWFXGIj17hlcqiOAv
-NqWFO1EzroRgaNzqdufMik7G7MFzrGG+7/fziC5Vj7A7UMi+8F8ig1tKLpqe0/+f
-DqQfbU0tPaPPPc95lEYOU4j50ALBNAZLNaP5a0BIN7N+Bj0JQNTah1u45mdIMQh2
-LpIkbe5MWaVcVvh61l5mxM/+rsU8lJE4+SmOuFJZ+7bzsbtQf5mPc4kF8aqPoMle
-XuizHguphe3CrZgOvvmAVvrV9O7FvpFHlJcmt4FkyEZ0e8l0h9/YKHx94py4STa2
-O3zFJFHf4zVAIzSx+1mVV08aulcIGjTpHLSIlAuQ1kqEI8lGfcCawyMCPdcRzWKJ
-eo7fo8/slzg9O/Id/uZwlDltnBXI4053bhjsglEfm/zZHog00IR/rSXuiqJLV+Th
-8uNRGXezB/frVn58w8dbOuPDzsVTLNeDeZJHrKRxTn/bwVFLrG25ow9qMgr/mqaP
-sA6PjBnw01SkBUJY6fmowip9YcQTOjlauUR6w/F70aOIqT65M1ralSVmWAUFCKRz
-KYOaOPHfpQQVxQaDnUKPiDyF8YoP9zoocyh5BnBEKP6ctYZkZd3i5naJ1SG16R5j
-U9iMnzo/uKG1CAP7jnM7IGZ6XhlHchst5LxVAm2cGT8apEWJOvFnqOMCAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/ludifah_tyil_net b/data.d/vpn-tinc/hosts/ludifah_tyil_net
index 6796f17..69a3158 100644
--- a/data.d/vpn-tinc/hosts/ludifah_tyil_net
+++ b/data.d/vpn-tinc/hosts/ludifah_tyil_net
@@ -1,5 +1,5 @@
-Subnet = 10.57.100.9/32
-
+Subnet = 10.57.0.2/32
+Subnet = fd68:1057:1992:3381:0:0:3317:2/128
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA2pXuIIPoQhWLzTSsO0bvgkQ1+7RgqPVv8b6zNfmRUfj2uKy3OZEn
diff --git a/data.d/vpn-tinc/hosts/mieshu_tyil_net b/data.d/vpn-tinc/hosts/mieshu_tyil_net
new file mode 100644
index 0000000..33d0a50
--- /dev/null
+++ b/data.d/vpn-tinc/hosts/mieshu_tyil_net
@@ -0,0 +1,17 @@
+Subnet = 10.57.3.1/32
+Subnet = fd68:1057:1992:3381:0:3:3317:1/128
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEAiH7/vpM4Fq2q9MXgirEX/jy72N56xGViuKwo7plT8ObmFxkhL4pI
+RifRqv2Oal/VNKfECR5IaHzrLxWA7aunw22sFoUTnvQl6wCApPb1us2fn50J9ei/
+9gxrbQbVAX0VNlGzICk9zgKl+qfPtj/7ANoqE8Oo0cHrucfW+HdDpN3PyeDwhUk+
+GjoGFQuQboZNUzGnmIgcqPK2m3yJEy2l9SK2p5Uub0RZMDJrt8RJip4OesqpwIvX
+JGrU4jL2qIVzkhdkV2NyMd3chCdoHIXjXALreSoyZHkSOdJB2d1X/s6QD+aGFicv
+bIokJQWdO9hRh6P0lUEv44IABIj5oat6KU/uLtcr4pycnXMeJ73+CGA8hjG0M2uh
+Urn+hoi7y1h0G3vcoYz4oaxX2wqczEbJTTQmwxsx4XftCy7Fg6cnNCva/ML1hOwj
+1Urs0jfyPZjVzxqBqsia9duKINPnVkhdxWFma/23tEIjzUy4bbFX8T72Y/IcEi6C
+88Q59bgIzDKv1nBzM0/OXbNn5A/zI4FB26xd+NkuwYO9vecRE1DMm+kJiY/L9M4q
+657gy73FRykDPogS8dvoTEDbGuYQYClKNIt50iqBX7mAPGZ9ajEcCaXkd5ZUpKE/
+koYegL06MnryGeiODgSXAiTOxB5zSYaJIjIsSW6O15kXe3OkVHTKesECAwEAAQ==
+-----END RSA PUBLIC KEY-----
+Ed25519PublicKey = z753yL+MnHAouuUKv1pgA40i9dzHp3QIbCHKVNi1NNH
diff --git a/data.d/vpn-tinc/hosts/nouki_tyil_net b/data.d/vpn-tinc/hosts/nouki_tyil_net
new file mode 100644
index 0000000..cdf93a4
--- /dev/null
+++ b/data.d/vpn-tinc/hosts/nouki_tyil_net
@@ -0,0 +1,17 @@
+Subnet = 10.57.2.1/32
+Subnet = fd68:1057:1992:3381:0:2:3317:1/128
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEAu08q7S2MuqMEPeuTBJw6aFcJRF/8FlbxhNrUlHhfhc7N+4FnmQht
+gqr5I20V4BZKkgYI2KUB1+vHGCswy+ReMUtD2njM5BZbNBAOSrVcLtNAuCrCwDev
+Adbf58Mx3IJJSZdvYsOQD6MzNkfvCviaBBue89f8tI0Voh06uJT2AEijQBepindj
+b5hs75npMgkXVlDocgNnt6vN1ZSILK17cllvInrIi1tuA7+0XWTBYxroILYRIhWO
+m4IbnO/tP08e7cEnhCea+/Z5R/ZWlatsYom/gROo6s/ZcwhW1HKVx558Sjynuu92
+GE3o+bxqUD5shPyIo2BOl5h9kGNUtjTpX5rcpRHNr/NX1Zn2ss3bMRTxGGlIU1jI
+R4ZTWqzFNH8wZPNywQcbrxBcYj0xSDrq8u3ZO3mo4YXIv2X7PBBzq3+tyxQfWdcK
+u1AWxIV83W+eBcPQAdIF45yP1EOU7D53Jghe8KrXMnSSyHsghSInnLjqC4dWzveo
+5bQa4koKmMnW5SkvZuihyTWnMs+xgXXxznmUJKUoddgFCpzRhHckQ7KVQmosXthS
+a4njMXzAv/C1gVV0VR3LNSw+ZKOug5Sb7vTeQekOFEv3X98GEy5VKgbq9ebedXh8
+BBJuvClzuWGO3xiRjAwtHWhwOSt0Am1aPq2jEDhxynOGJqXR2Zeqh2UCAwEAAQ==
+-----END RSA PUBLIC KEY-----
+Ed25519PublicKey = ZJkCNlpDKYYzTYl0UfyQMYjAApwbQ5oYgMpnxGXOB+H
diff --git a/data.d/vpn-tinc/hosts/oolah_tyil_net b/data.d/vpn-tinc/hosts/oolah_tyil_net
new file mode 100644
index 0000000..26d59a3
--- /dev/null
+++ b/data.d/vpn-tinc/hosts/oolah_tyil_net
@@ -0,0 +1,16 @@
+Subnet = 10.57.1.1/32
+Subnet = fd68:1057:1992:3381:0:1:3317:1/128
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEAiWbWMo9fujW67rWelrMaxPP3qNHrWUIzg2Z4R4MZegZ2GWVYym3u
+EzboiDO9MOBh7bXSrQavjkecv40d8PDmbcwNy3hYFS2WH+bJCtjHl4xkxEsE2cvA
+1rLW7KEnBfbkKTbVMI/Di9jo4CoVIWNYRU8Ebw+nMWzGcYA1CvtkgzX7gaDio1kk
+0EhZ1BqWnExOEA/ChQEazv1kbFjSUW1Aok/aM95JkZ5h2OmGXxCy3MhvaLd78YC9
+cCc2R53FHsBgmufqqAN2kd96BeW0ZxZUrmzTtbz4ucS41O6hz4yBmz2sQt5TAx9K
+yQcLm2YL11xKkSdc8+LbhnMubYtUSfQcmUW92lxIYy/Odi+OIXjDzk3EconN8nHL
+GFWQJQsuIG9/LsEhR7kNd77becG/QscoV7PnjoxL77QMmlYGOTtS+eeVT8Yn55Lu
+qH4plZso2HL7UJv4cy97ZdTw29SHNz4wZNsDlBT+r8OmnANQShznzboddeY+bbZK
+aBEkwG1IWR719zNLbbeg84MpHx9z+VyS1RWO4Z+xd/g9f8oEWHFKUJRCCmmCGgJU
+qEswMAjPeCsVk31kB+yZujNJnrLCHxUHBHULJVXwcfvOyjZDU+vOgvcjBTOxlzV8
+wPDK2QZyuHNASYnLedyK3b1IRvuSNl5JepuvvwA2JZLlnqU5GLV0l5kCAwEAAQ==
+-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/plarabe_tyil_net b/data.d/vpn-tinc/hosts/plarabe_tyil_net
new file mode 100644
index 0000000..91acd8c
--- /dev/null
+++ b/data.d/vpn-tinc/hosts/plarabe_tyil_net
@@ -0,0 +1,18 @@
+Port = 657
+
+Subnet = 10.57.0.3/32
+Subnet = fd68:1057:1992:3381:0:0:3317:3/128
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEAsasMofIk6AxtX7wsNYf1rZy+tpnnrRrQMX6/kXri+DhMByURJ1HI
+i7jhKBjQBfIcj5FijHHUQHiiKx0bNR0ekpXQFPcsRrspXdQEUnYkc1Pb1J0OMNQ+
+9CT/DH2sun+Zk3qHE+GLdDoWe6gz4uT8Eh+c1/6Z5VwxFpSYKRwT5T/wU9OOEqJi
+svoLZSZUh57Xq2y+3JJvfPx3LS6UP9mwz6cmvLWAkRBn18WG81ZBXvN/4ida23o8
+qhaxDhYIO20lDKY+in2oiN1qztLPcQKiXdn/R3ATr8dZ3pPm8YMclnH4Uil10IAw
+sl7B7Zt/As/LxklCdwWvPLcRMPC7bAMTGRMFW89C9APY3FsfRD5oiX3jqUMDLw6p
+UIVt6/gxnXBjyfgVFouG2ThrqGJp+sC3TfEEjBQ38/W8zk7S3IwMEqLd0gBc8Yq7
+QUWbORloNvv4CtwkeYFonM0eoYn9euxuXJ7RSBGzXadqkKiwtsG4rsvaLU+LKQnQ
+xRdzyiEZFcACU5/bdydHXYWWX1xfD2dPsW0nOelvJukgJvNWn0HyCZ1uClTdcAOr
+/m3Wh4clCiYgDfvurdVKRmgzzG/5U+xih+SUjgDnf/zgfOViY30BzRxoeWvJ+bCH
+TfMKk85a/Zdxxqosasoq6tMlt7EKhPDX5FmL/T102BB40Wtz4U3b81cCAwEAAQ==
+-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/qohrei_tyil_net b/data.d/vpn-tinc/hosts/qohrei_tyil_net
new file mode 100644
index 0000000..decdcfa
--- /dev/null
+++ b/data.d/vpn-tinc/hosts/qohrei_tyil_net
@@ -0,0 +1,19 @@
+Address = 37.27.37.131
+Address = 2a01:4f9:c012:6273::1
+
+Subnet = 10.57.1.6/32
+Subnet = fd68:1057:1992:3381:0:1:1:3/128
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEApbLsMPasXP2g/gJzxo40aayVPH7rDrxuiOaKfm4R0LKVnDuRGQDj
+V+ksZgM5UNxBsJdchzo8BfwtSASFeqlNu4cM9SqMvnKnFOe/W5TCu8+VUx2syrcp
+AhTnZ9yzEsHKMqdup7hOExQ+QXQXWPLbSsKEK6Jel4Kw5gQNc/fOq+sPQQPFb/Y+
+gQvaBrylHnM8oGlohutZjbnZdOaLFWLr4/3xgvzawWgudXOLa5lEmdkMJF0KjsJ0
+NuCVTf8TzzTZf/vdlE/ODYL7dAKuDWUScqpK4RE5+mqS1qHcmXl0hCuu5HecnT3t
+q5S5d4YuatacSI5PaAmGZgD2YoXK4L3LMfvqcO5z5EAKx+GaR+ePY2AB6kljy909
+zyAHW3uRsYA33QqUXQovPBJ4J9hiwDXgsHUUJ5OO1ZTpUJaT1n3Z3TmDwvYA6ZmF
+6LMqu4Mgs2Uvb8kR4xVPuw1dNzsOo9SeN9pQsypYwPatluJVjRwMVibH04ory0uQ
+5gzh+ixNbnEwhYCru8gh5raxgtXJe4WoIunX/G/0L23Jr331oLMHAXXkHKsd63/7
+cwVIvcLN/3bYpraG7tzHCfW2EcGMn1zEoWx6sXooXEgo7qcylHfPIjEpWiq153VY
+VFLwEyd+CHz8uDx57k4grHE4ggjCAJ6LYBUhl2Nk3lY9f4+Gl/I+D2ECAwEAAQ==
+-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/ricui_tyil_net b/data.d/vpn-tinc/hosts/ricui_tyil_net
new file mode 100644
index 0000000..30866a2
--- /dev/null
+++ b/data.d/vpn-tinc/hosts/ricui_tyil_net
@@ -0,0 +1,18 @@
+Address = 2a01:4f8:1c1b:67d7::1
+
+Subnet = 10.57.1.7/32
+Subnet = fd68:1057:1992:3381:0:1:1:4/128
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEAqtSWcbWqGvmpwQuFaLhTXIxr1j2mVApKhV0Bw8UyggszBsEsZiZd
+b3eAbJOrklLhedZVendcjPhK8PPBJCWABW9Jm100xDaHc5HfMp/O5J2cSWD7vQVu
+iRVonHWaJRYAGeOUnG7mkIfAaHLIOnVzIVEpyuV9z8SCl48Bx7pU351WqYGwk75X
+VEIexX8C8vtHneeZJnF5p79kHCQuzwv1DlrAShjmh7qjr4rB97sZYnuwt9g2W9s9
+4wKUk+CJdmrARWyDxXQaS7P5VyqcJw7FpLefe+9B8Hq4ruU1HbqIxjKPFG1Kvtdf
+19KATOjEAlbeIlEvyiJnOi8Bedxo+MmeX2B3rE2aQyZTHEnkAImILLEgvDf8GnFx
+N6JWAnHELkrPOvQhFRhjQeQz4uk4WAEY2aSCqxnx0iQiqEjrHF38tntqZuahSknX
+3nXKiy5qeBi/4a6QcAEBn0L1WaJr12kbviqortg/ltSv1qwmWEnVw+Wdl3sF7uxw
+5fz2ciDrqOQE75jz7ouz28FhinGiLYXOddqWKWhE5J2hW2y+XfClXn0Z6uvCbSe+
+XZzmF3Yz6u/PEib8JWteaYkU2M3DVVvl/UDOuYP+lG6xISCIyCOGEFPtRq6VHHwD
+ReFPww8iAT8lD1/8zmPI0f2Ktm1Jnpf3aIHhBu2NugRTkDqj0djnafkCAwEAAQ==
+-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-wireguard/.gitignore b/data.d/vpn-wireguard/.gitignore
new file mode 100644
index 0000000..ae60a25
--- /dev/null
+++ b/data.d/vpn-wireguard/.gitignore
@@ -0,0 +1 @@
+privkey
diff --git a/data.d/vpn-wireguard/hooks/post-up b/data.d/vpn-wireguard/hooks/post-up
new file mode 100755
index 0000000..edbcd50
--- /dev/null
+++ b/data.d/vpn-wireguard/hooks/post-up
@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+
+readonly COLOR_RESET="\033[0m"
+readonly COLOR_OK="\033[32;1m"
+readonly COLOR_NOK="\033[31;1m"
+readonly BUFFER="$(mktemp)"
+
+main() {
+ printf "Verifying connectability...\n"
+
+ # Ping all known hosts, as it seems that the wireguard interface comes up when
+ # only after it gets used on the machine itself.
+ while read -r addr;
+ do
+ check "$addr" &
+ done < <(awk -F= '/vpn-wireguard.ipv(4|6)=/ { print $NF }' /etc/bashtard/hosts.d/*)
+
+ wait
+
+ sort -- "$BUFFER" >&2
+}
+
+check() {
+ local addr="$1"
+
+ if ping -c 1 -q -w 1 "$addr" > /dev/null
+ then
+ log OK "$addr"
+ else
+ log NOK "$addr"
+ fi
+}
+
+log() {
+ local state="$1"
+ local addr="$2"
+ local color="$COLOR_NOK"
+
+ if [[ $state == "OK" ]]
+ then
+ color="$COLOR_OK"
+ fi
+
+ printf "%b%3s%b: %s\n" "$color" "$state" "$COLOR_RESET" "$addr" >> "$BUFFER"
+}
+
+main "$@"
diff --git a/data.d/vpn-wireguard/peers/faiwoo.tyil.net b/data.d/vpn-wireguard/peers/faiwoo.tyil.net
new file mode 100644
index 0000000..631f39a
--- /dev/null
+++ b/data.d/vpn-wireguard/peers/faiwoo.tyil.net
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = fd68:1058:1992:3381:0:1:1:2/128,10.58.1.2/32,fd00:8:0:3::/64,172.28.3.0/24
+Endpoint = [2a01:4f9:c010:e20c::1]:51820
+PublicKey = Rrl9qa09Gc8LM3CIr0BIMTnkCMhL1GZFVKCh1P2okWg=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/gaeru.tyil.net b/data.d/vpn-wireguard/peers/gaeru.tyil.net
new file mode 100644
index 0000000..4b65f52
--- /dev/null
+++ b/data.d/vpn-wireguard/peers/gaeru.tyil.net
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = fd68:1058:1992:3381:0:1:2:1/128,10.58.1.5/32
+Endpoint = [37.48.120.26]:51820
+PublicKey = np17FGeZB0N77/SfaHfKTbsD/oV0LnjdOUeIMePGQG4=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/jaomox.tyil.net b/data.d/vpn-wireguard/peers/jaomox.tyil.net
new file mode 100644
index 0000000..15c3dc2
--- /dev/null
+++ b/data.d/vpn-wireguard/peers/jaomox.tyil.net
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = fd68:1058:1992:3381:0:3:3:1/128,10.58.3.1/32
+Endpoint = [163.172.218.246]:51820
+PublicKey = VBqMAsZkCNVlqaMZGT7SKDuCkjXcVrwZNCxVKBRII0Q=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/mieshu.tyil.net b/data.d/vpn-wireguard/peers/mieshu.tyil.net
new file mode 100644
index 0000000..0b9001f
--- /dev/null
+++ b/data.d/vpn-wireguard/peers/mieshu.tyil.net
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = fd68:1058:1992:3381:0:3:3317:2/128,10.58.3.2/32
+Endpoint = [2a10:3781:2453:1:4950:47ce:f8db:1fed]:51820
+PublicKey = hrVjitF/wpaNvL9/hlswTL/G8hhKcpMmqGsinU34IBA=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/nouki.tyil.net b/data.d/vpn-wireguard/peers/nouki.tyil.net
new file mode 100644
index 0000000..0986864
--- /dev/null
+++ b/data.d/vpn-wireguard/peers/nouki.tyil.net
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = fd68:1058:1992:3381:0:2:3317:1/128,10.58.2.1/32
+Endpoint = [2a10:3781:2453:1:c8cb:d1a:bc0:dc38]:51820
+PublicKey = Mo2jVPUCIX3o5fY+H2rrVMWAKatVrF9nF75OCZZhRGM=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/oolah.tyil.net b/data.d/vpn-wireguard/peers/oolah.tyil.net
new file mode 100644
index 0000000..2951f1f
--- /dev/null
+++ b/data.d/vpn-wireguard/peers/oolah.tyil.net
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = fd68:1058:1992:3381:0:1:3317:1/128,10.58.1.4/32,fd00:8:0:0::/64,172.28.0.0/24
+Endpoint = [2a10:3781:2453:1:7aaf:8ff:fe7a:9ba8]:51820
+PublicKey = 8UkQ71m0xVPJbQ4zySRqH/WXJm479zj5xcgeJVoBWi8=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/qohrei.tyil.net b/data.d/vpn-wireguard/peers/qohrei.tyil.net
new file mode 100644
index 0000000..2a206d6
--- /dev/null
+++ b/data.d/vpn-wireguard/peers/qohrei.tyil.net
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = fd68:1058:1992:3381:0:1:1:1/128,10.58.1.1/32,fd00:8:0:2::/64,172.28.2.0/24
+Endpoint = [2a01:4f9:c012:6273::1]:51820
+PublicKey = cD1NveEPXKKNdGcx9bO4+91b1abDwoUSGnF4dI1m0R4=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/ricui.tyil.net b/data.d/vpn-wireguard/peers/ricui.tyil.net
new file mode 100644
index 0000000..a8cfdd7
--- /dev/null
+++ b/data.d/vpn-wireguard/peers/ricui.tyil.net
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = fd68:1058:1992:3381:0:1:1:3/128,10.58.1.3/32,fd00:8:0:4::/64,172.28.4.0/24
+Endpoint = [2a01:4f8:1c1b:67d7::1]:51820
+PublicKey = Rv41YhKkhAVKefwlKtD0Uywv7r6a2/uhsdhWVcZUYyU=
+PersistentKeepalive = 10