DeveloperDurp/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
DeveloperDurp
2023-07-25 09:32:29 -05:00
parent 9bb1e4b4a1
commit 23b7b3c7ec
14 changed files with 14 additions and 599 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
cert-manager/templates/sealedsecret.yaml
View File

@@ -1,20 +1,3 @@
#apiVersion: bitnami.com/v1alpha1
#kind: SealedSecret
#metadata:
# creationTimestamp: null
# name: cloudflare-api-token-secret
# namespace: cert-manager
#spec:
# encryptedData:
# api-token: AgByFA+3NxZ6EPc0kt99+9+aFFRoYN0L82HPYilEtkxBKWdIc70k6SAmOAGUQnrBbCulWSq+qLaGSOk7l/ul2IzJLLitpluJbb2Ck2qiZyAoGCaO0V+rdZxzrOpKnDrEk8/puvz1jbfRbiDvPzz1/x/U3hG6InXzj63wU+WYsu3xCEcVrPSlEUILK0DeAVJipdn/5Auw5ckgVMZ6j+Fjcp94INWUw/Z7wiiebXOgeh5BxvFiYw9Pk7CMMRqdIkDT30ynCgn9v2Gl280P/J6QCByljGkr7b6gOXgYw/KIxSsl2mzv9Ar2+ZWvka9nqykdL8dE3Ju3MtFTPCNv+REdEZH+EubxXeE+WS+hYhMVoPPIt/47yh6Pu1xU7Ms8aLXlUMBxIzonBTcyRvktH2Mc86CWPXYYdfi7885iq/uRt4hJN3akAh4zazfBwJ/FCVzrJb+zMfozwR4tPiGwb2HxfggAy0UW0SYxUNGbwmr7J+9g5QOFyNrtPqsslH5piGHtERtegpB4MngdNFLln3oidt+ef0//Y3E+V4c2vY+t0OirgRgJ59UVhEFDLUgvaHNjJ2PGlmyQa98hSzYfpmm/4sAsTAIM/W/oRwtsA2arOjg79An397upqbepBVqYe0wqHML50eE1C3mX9bwtdq4+W3A1GmpadYl9n2HrtLF/rTPenFVLqzodN7VLBRNU8f49Xc7s9hEHnlMegrh/drYC2ckn3w/V2s1Yya8RUQiGnqztdOAJqCwL1o/f
# template:
# data: null
# metadata:
# creationTimestamp: null
# name: cloudflare-api-token-secret
# namespace: cert-manager
#---
apiVersion: external-secrets.io/v1beta1 apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:

23
durpot/templates/secrets.yaml
View File

@@ -1,11 +1,11 @@
apiVersion: external-secrets.io/v1beta1 apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: vault-durpot name: durpot-secert
spec: spec:
secretStoreRef: secretStoreRef:
name: vault-durpot name: vault
kind: SecretStore kind: ClusterSecretStore
target: target:
name: durpot-secret name: durpot-secret
data: data:
@@ -41,20 +41,3 @@ spec:
remoteRef: remoteRef:
key: secrets/durpot/auth key: secrets/durpot/auth
property: Username property: Username
---
apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
name: vault-durpot
spec:
provider:
vault:
server: "http://vault.vault.svc.cluster.local:8200"
path: "secrets"
version: "v2"
auth:
kubernetes:
mountPath: "kubernetes"
role: "external-secrets"

21
external-dns/templates/secrets.yaml
View File

@@ -1,11 +1,11 @@
apiVersion: external-secrets.io/v1beta1 apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: external-dns name: external-dns-secret
spec: spec:
secretStoreRef: secretStoreRef:
name: vault name: vault
kind: SecretStore kind: ClusterSecretStore
target: target:
name: external-dns name: external-dns
data: data:
@@ -21,20 +21,3 @@ spec:
remoteRef: remoteRef:
key: secrets/external-dns/cloudflare key: secrets/external-dns/cloudflare
property: cloudflare_api_token property: cloudflare_api_token
---
apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
name: vault
spec:
provider:
vault:
server: "http://vault.vault.svc.cluster.local:8200"
path: "secrets"
version: "v2"
auth:
kubernetes:
mountPath: "kubernetes"
role: "external-secrets"

24
gitlab-runner/templates/secrets.yaml
View File

@@ -1,11 +1,11 @@
apiVersion: external-secrets.io/v1beta1 apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: vault-gitlab name: gitlab-secret
spec: spec:
secretStoreRef: secretStoreRef:
name: vault-gitlab name: vault
kind: SecretStore kind: ClusterSecretStore
target: target:
name: gitlab-secret name: gitlab-secret
data: data:
@@ -17,21 +17,3 @@ spec:
remoteRef: remoteRef:
key: secrets/gitlab/runner key: secrets/gitlab/runner
property: runner-token property: runner-token
---
apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
name: vault-gitlab
spec:
provider:
vault:
server: "http://vault.vault.svc.cluster.local:8200"
path: "secrets"
version: "v2"
auth:
kubernetes:
mountPath: "kubernetes"
role: "external-secrets"

22
invidious/Chart.yaml
View File

@@ -1,22 +0,0 @@
apiVersion: v2
name: invidious
description: Invidious is an alternative front-end to YouTube
version: 1.1.1
appVersion: 0.20.1
keywords:
- youtube
- proxy
- video
- privacy
home: https://invidio.us/
icon: https://raw.githubusercontent.com/iv-org/invidious/05988c1c49851b7d0094fca16aeaf6382a7f64ab/assets/favicon-32x32.png
sources:
- https://github.com/iv-org/invidious
maintainers:
- name: Leon Klingele
email: mail@leonklingele.de
dependencies:
- name: postgresql
version: ~12.1.6
repository: "https://charts.bitnami.com/bitnami/"
engine: gotpl

16
invidious/templates/_helpers.tpl
View File

@@ -1,16 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "invidious.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "invidious.fullname" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}

242
invidious/templates/configmap.yaml
View File

@@ -1,242 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "invidious.fullname" . }}
labels:
app: {{ template "invidious.name" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: {{ .Release.Name }}
data:
INVIDIOUS_CONFIG: |
{{ toYaml .Values.config | indent 4 }}
---
apiVersion: v1
data:
annotations.sql: |
-- Table: public.annotations
-- DROP TABLE public.annotations;
CREATE TABLE IF NOT EXISTS public.annotations
(
id text NOT NULL,
annotations xml,
CONSTRAINT annotations_id_key UNIQUE (id)
);
GRANT ALL ON TABLE public.annotations TO current_user;
channel_videos.sql: |+
-- Table: public.channel_videos
-- DROP TABLE public.channel_videos;
CREATE TABLE IF NOT EXISTS public.channel_videos
(
id text NOT NULL,
title text,
published timestamp with time zone,
updated timestamp with time zone,
ucid text,
author text,
length_seconds integer,
live_now boolean,
premiere_timestamp timestamp with time zone,
views bigint,
CONSTRAINT channel_videos_id_key UNIQUE (id)
);
GRANT ALL ON TABLE public.channel_videos TO current_user;
-- Index: public.channel_videos_ucid_idx
-- DROP INDEX public.channel_videos_ucid_idx;
CREATE INDEX IF NOT EXISTS channel_videos_ucid_idx
ON public.channel_videos
USING btree
(ucid COLLATE pg_catalog."default");
channels.sql: |+
-- Table: public.channels
-- DROP TABLE public.channels;
CREATE TABLE IF NOT EXISTS public.channels
(
id text NOT NULL,
author text,
updated timestamp with time zone,
deleted boolean,
subscribed timestamp with time zone,
CONSTRAINT channels_id_key UNIQUE (id)
);
GRANT ALL ON TABLE public.channels TO current_user;
-- Index: public.channels_id_idx
-- DROP INDEX public.channels_id_idx;
CREATE INDEX IF NOT EXISTS channels_id_idx
ON public.channels
USING btree
(id COLLATE pg_catalog."default");
nonces.sql: |+
-- Table: public.nonces
-- DROP TABLE public.nonces;
CREATE TABLE IF NOT EXISTS public.nonces
(
nonce text,
expire timestamp with time zone,
CONSTRAINT nonces_id_key UNIQUE (nonce)
);
GRANT ALL ON TABLE public.nonces TO current_user;
-- Index: public.nonces_nonce_idx
-- DROP INDEX public.nonces_nonce_idx;
CREATE INDEX IF NOT EXISTS nonces_nonce_idx
ON public.nonces
USING btree
(nonce COLLATE pg_catalog."default");
playlist_videos.sql: |
-- Table: public.playlist_videos
-- DROP TABLE public.playlist_videos;
CREATE TABLE IF NOT EXISTS public.playlist_videos
(
title text,
id text,
author text,
ucid text,
length_seconds integer,
published timestamptz,
plid text references playlists(id),
index int8,
live_now boolean,
PRIMARY KEY (index,plid)
);
GRANT ALL ON TABLE public.playlist_videos TO current_user;
playlists.sql: |
-- Type: public.privacy
-- DROP TYPE public.privacy;
CREATE TYPE public.privacy AS ENUM
(
'Public',
'Unlisted',
'Private'
);
-- Table: public.playlists
-- DROP TABLE public.playlists;
CREATE TABLE IF NOT EXISTS public.playlists
(
title text,
id text primary key,
author text,
description text,
video_count integer,
created timestamptz,
updated timestamptz,
privacy privacy,
index int8[]
);
GRANT ALL ON public.playlists TO current_user;
session_ids.sql: |+
-- Table: public.session_ids
-- DROP TABLE public.session_ids;
CREATE TABLE IF NOT EXISTS public.session_ids
(
id text NOT NULL,
email text,
issued timestamp with time zone,
CONSTRAINT session_ids_pkey PRIMARY KEY (id)
);
GRANT ALL ON TABLE public.session_ids TO current_user;
-- Index: public.session_ids_id_idx
-- DROP INDEX public.session_ids_id_idx;
CREATE INDEX IF NOT EXISTS session_ids_id_idx
ON public.session_ids
USING btree
(id COLLATE pg_catalog."default");
users.sql: |+
-- Table: public.users
-- DROP TABLE public.users;
CREATE TABLE IF NOT EXISTS public.users
(
updated timestamp with time zone,
notifications text[],
subscriptions text[],
email text NOT NULL,
preferences text,
password text,
token text,
watched text[],
feed_needs_update boolean,
CONSTRAINT users_email_key UNIQUE (email)
);
GRANT ALL ON TABLE public.users TO current_user;
-- Index: public.email_unique_idx
-- DROP INDEX public.email_unique_idx;
CREATE UNIQUE INDEX IF NOT EXISTS email_unique_idx
ON public.users
USING btree
(lower(email) COLLATE pg_catalog."default");
videos.sql: |+
-- Table: public.videos
-- DROP TABLE public.videos;
CREATE UNLOGGED TABLE IF NOT EXISTS public.videos
(
id text NOT NULL,
info text,
updated timestamp with time zone,
CONSTRAINT videos_pkey PRIMARY KEY (id)
);
GRANT ALL ON TABLE public.videos TO current_user;
-- Index: public.id_idx
-- DROP INDEX public.id_idx;
CREATE UNIQUE INDEX IF NOT EXISTS id_idx
ON public.videos
USING btree
(id COLLATE pg_catalog."default");
kind: ConfigMap
metadata:
creationTimestamp: null
name: invidious-postgresql-init

61
invidious/templates/deployment.yaml
View File

@@ -1,61 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "invidious.fullname" . }}
labels:
app: {{ template "invidious.name" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: {{ .Release.Name }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app: {{ template "invidious.name" . }}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "invidious.name" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: {{ .Release.Name }}
spec:
securityContext:
runAsUser: {{ .Values.securityContext.runAsUser }}
runAsGroup: {{ .Values.securityContext.runAsGroup }}
fsGroup: {{ .Values.securityContext.fsGroup }}
initContainers:
- name: wait-for-postgresql
image: postgres
args:
- /bin/sh
- -c
- until pg_isready -h {{ .Values.config.db.host }} -p {{ .Values.config.db.port }} -U {{ .Values.config.db.user }}; do echo waiting for database; sleep 2; done;
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- containerPort: 3000
env:
- name: INVIDIOUS_CONFIG
valueFrom:
configMapKeyRef:
key: INVIDIOUS_CONFIG
name: {{ template "invidious.fullname" . }}
securityContext:
allowPrivilegeEscalation: {{ .Values.securityContext.allowPrivilegeEscalation }}
capabilities:
drop:
- ALL
resources:
{{ toYaml .Values.resources | indent 10 }}
readinessProbe:
httpGet:
port: 3000
path: /
livenessProbe:
httpGet:
port: 3000
path: /
initialDelaySeconds: 15
restartPolicy: Always

18
invidious/templates/hpa.yaml
View File

@@ -1,18 +0,0 @@
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
name: {{ template "invidious.fullname" . }}
labels:
app: {{ template "invidious.name" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: {{ .Release.Name }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ template "invidious.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
targetCPUUtilizationPercentage: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}

42
invidious/templates/ingress.yaml
View File

@@ -1,42 +0,0 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: invidious-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`invidious.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: invidious-invidious
port: 3000
tls:
secretName: invidious-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: invidious-tls
spec:
secretName: invidious-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "invidious.durp.info"
dnsNames:
- "invidious.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: invidious-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: invidious.durp.info
spec:
type: ExternalName
externalName: durp.info

20
invidious/templates/service.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "invidious.fullname" . }}
labels:
app: {{ template "invidious.name" . }}
chart: {{ .Chart.Name }}
release: {{ .Release.Name }}
spec:
type: {{ .Values.service.type }}
ports:
- name: http
port: {{ .Values.service.port }}
targetPort: 3000
selector:
app: {{ template "invidious.name" . }}
release: {{ .Release.Name }}
{{- if .Values.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}

61
invidious/values.yaml
View File

@@ -1,61 +0,0 @@
name: invidious
image:
repository: registry.durp.info/invidious/invidious
tag: latest
pullPolicy: Always
replicaCount: 1
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 16
targetCPUUtilizationPercentage: 50
service:
type: ClusterIP
port: 3000
#loadBalancerIP:
resources: {}
#requests:
# cpu: 100m
# memory: 64Mi
#limits:
# cpu: 800m
# memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
# See https://github.com/bitnami/charts/tree/master/bitnami/postgresql
postgresql:
image:
tag: 13
auth:
username: kemal
password: kemal
database: invidious
primary:
initdb:
username: kemal
password: kemal
scriptsConfigMap: invidious-postgresql-init
# Adapted from ../config/config.yml
config:
channel_threads: 1
feed_threads: 1
db:
user: kemal
password: kemal
host: invidious-postgresql
port: 5432
dbname: invidious
full_refresh: false
https_only: false
domain:

25
kube-prometheus-stack/templates/grafana-secrets-sealed.yaml
View File

@@ -4,8 +4,8 @@ metadata:
name: vault-grafana-oauth name: vault-grafana-oauth
spec: spec:
secretStoreRef: secretStoreRef:
name: vault-kube-prometheus name: vault
kind: SecretStore kind: ClusterSecretStore
target: target:
name: grafana-oauth name: grafana-oauth
data: data:
@@ -26,8 +26,8 @@ metadata:
name: vault-admin-credentials name: vault-admin-credentials
spec: spec:
secretStoreRef: secretStoreRef:
name: vault-kube-prometheus name: vault
kind: SecretStore kind: ClusterSecretStore
target: target:
name: grafana-admin-credentials name: grafana-admin-credentials
data: data:
@@ -39,20 +39,3 @@ spec:
remoteRef: remoteRef:
key: secrets/kube-prometheus/grafana/admin key: secrets/kube-prometheus/grafana/admin
property: admin-user property: admin-user
---
apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
name: vault-kube-prometheus
spec:
provider:
vault:
server: "http://vault.vault.svc.cluster.local:8200"
path: "secrets"
version: "v2"
auth:
kubernetes:
mountPath: "kubernetes"
role: "external-secrets"

21
longhorn/templates/secrets.yaml
View File

@@ -5,8 +5,8 @@ metadata:
name: external-longhorn-backup-token-secret name: external-longhorn-backup-token-secret
spec: spec:
secretStoreRef: secretStoreRef:
name: vault-longhorn name: vault
kind: SecretStore kind: ClusterSecretStore
target: target:
name: longhorn-backup-token-secret name: longhorn-backup-token-secret
data: data:
@@ -22,20 +22,3 @@ spec:
remoteRef: remoteRef:
key: secrets/longhorn/backup key: secrets/longhorn/backup
property: AWS_SECRET_ACCESS_KEY property: AWS_SECRET_ACCESS_KEY
---
apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
name: vault-longhorn
spec:
provider:
vault:
server: "http://vault.vault.svc.cluster.local:8200"
path: "secrets"
version: "v2"
auth:
kubernetes:
mountPath: "kubernetes"
role: "external-secrets"