DeveloperDurp/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: DeveloperDurp:30331572e53f8b90d7869e54506b070fa86dafe7
Branches Tags
DeveloperDurp:main DeveloperDurp:renovate/cert-manager-1.x DeveloperDurp:renovate/docker.io-nginxinc-nginx-unprivileged-1.x DeveloperDurp:renovate/crowdsec-0.x DeveloperDurp:renovate/crossplane-1.x DeveloperDurp:renovate/gitlab-runner-0.x DeveloperDurp:renovate/docker.io-swaggerapi-swagger-ui-5.x DeveloperDurp:renovate/gatekeeper-3.x DeveloperDurp:renovate/authentik-2025.x DeveloperDurp:renovate/longhorn-1.x DeveloperDurp:renovate/external-secrets-0.x DeveloperDurp:dev DeveloperDurp:dmz DeveloperDurp:prd
...
compare: DeveloperDurp:52038a7585c42b0564944c17171681227940e628
Branches Tags
DeveloperDurp:renovate/cert-manager-1.x DeveloperDurp:main DeveloperDurp:renovate/docker.io-nginxinc-nginx-unprivileged-1.x DeveloperDurp:renovate/crowdsec-0.x DeveloperDurp:renovate/crossplane-1.x DeveloperDurp:renovate/gitlab-runner-0.x DeveloperDurp:renovate/docker.io-swaggerapi-swagger-ui-5.x DeveloperDurp:renovate/gatekeeper-3.x DeveloperDurp:renovate/authentik-2025.x DeveloperDurp:renovate/longhorn-1.x DeveloperDurp:renovate/external-secrets-0.x DeveloperDurp:dev DeveloperDurp:dmz DeveloperDurp:prd

50 Commits
30331572e5 ... 52038a7585

Author SHA1 Message Date
DeveloperDurp
52038a7585 update 2024-08-29 05:04:25 -05:00
DeveloperDurp
885ab5e3d7 update 2024-08-29 05:02:08 -05:00
DeveloperDurp
7843ae7c29 update 2024-08-29 04:57:40 -05:00
DeveloperDurp
e2d1e01708 update 2024-08-29 04:55:28 -05:00
DeveloperDurp
e8cafed885 update 2024-08-29 04:50:55 -05:00
DeveloperDurp
62b7efad89 update 2024-08-27 04:58:07 -05:00
DeveloperDurp
47ddf2fd28 update 2024-08-25 06:32:15 -05:00
DeveloperDurp
31b689d5fe update 2024-08-25 06:28:15 -05:00
DeveloperDurp
5ef03e6dbe update 2024-08-25 06:27:05 -05:00
DeveloperDurp
38bb3538a3 update 2024-08-25 06:22:33 -05:00
DeveloperDurp
8c77e53669 update 2024-08-25 06:20:12 -05:00
DeveloperDurp
44aac27362 update 2024-08-25 06:19:34 -05:00
DeveloperDurp
0f4048072d update 2024-08-25 06:11:13 -05:00
DeveloperDurp
b6f0c41d5d update 2024-08-25 06:09:41 -05:00
DeveloperDurp
3259cd6f37 update 2024-08-25 06:07:19 -05:00
DeveloperDurp
418162a9e0 update 2024-08-25 05:43:48 -05:00
DeveloperDurp
de022ea46b update 2024-08-25 05:33:43 -05:00
DeveloperDurp
a50214eafc update 2024-08-25 05:32:20 -05:00
DeveloperDurp
be2ee6274a update 2024-08-25 05:12:54 -05:00
DeveloperDurp
1fbe3dbc95 update 2024-08-25 05:08:59 -05:00
DeveloperDurp
f8a13c4bff update 2024-08-25 05:05:59 -05:00
DeveloperDurp
c9d77c5eec update 2024-08-25 05:03:23 -05:00
DeveloperDurp
3457eba0a2 update 2024-08-25 04:52:22 -05:00
DeveloperDurp
738d19edfa update 2024-08-25 04:40:58 -05:00
DeveloperDurp
23d397e5d4 update 2024-08-25 04:35:16 -05:00
DeveloperDurp
10bfb6fd54 update 2024-08-25 04:34:31 -05:00
DeveloperDurp
0ff6377bd6 update 2024-08-24 21:30:35 -05:00
DeveloperDurp
8d92151ad3 update 2024-08-24 21:29:00 -05:00
DeveloperDurp
3f74860c28 update 2024-08-24 21:28:14 -05:00
DeveloperDurp
f12af0f92f update 2024-08-24 21:28:03 -05:00
DeveloperDurp
86a5af321d update 2024-08-24 21:25:12 -05:00
DeveloperDurp
4a1e4f980d update 2024-08-24 21:23:10 -05:00
DeveloperDurp
bf6c021d8b update 2024-08-24 21:09:10 -05:00
DeveloperDurp
0abc90d9cd update 2024-08-24 21:08:06 -05:00
DeveloperDurp
e2cabee7dd update 2024-08-24 20:57:18 -05:00
DeveloperDurp
1f2fd56d89 update 2024-08-24 20:56:13 -05:00
DeveloperDurp
785a256258 update 2024-08-24 20:47:17 -05:00
DeveloperDurp
26c3a919c6 update 2024-08-24 20:33:10 -05:00
DeveloperDurp
280298cc0a update 2024-08-24 20:31:37 -05:00
DeveloperDurp
f5b4c58367 update 2024-08-24 20:30:21 -05:00
DeveloperDurp
0a3f3d99d7 update 2024-08-24 20:29:32 -05:00
DeveloperDurp
21405024f7 add pfsense 2024-08-24 20:23:35 -05:00
DeveloperDurp
61110282d5 update 2024-08-11 07:57:18 -05:00
DeveloperDurp
5765f9b5d7 revert 2024-08-11 07:50:53 -05:00
DeveloperDurp
f70c55dcf2 update 2024-08-11 07:48:13 -05:00
DeveloperDurp
b2212a6608 move to nfs 2024-08-11 07:47:05 -05:00
DeveloperDurp
5e5a7b3803 update 2024-08-11 07:40:16 -05:00
DeveloperDurp
b1272fc052 remove proxy 2024-08-04 07:25:42 -05:00
DeveloperDurp
c2298c51b1 update 2024-07-21 08:54:15 -05:00
DeveloperDurp
40e98020bb update 2024-07-21 08:47:10 -05:00
50 changed files with 1280 additions and 114 deletions
Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
.idea

2
argocd/templates/InternalProxy.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: internalproxy
directory:
recurse: true

2
argocd/templates/argocd.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: argocd
destination:
namespace: argocd

2
argocd/templates/authentik.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: authentik
destination:
namespace: authentik

2
argocd/templates/bitwarden.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: bitwarden
directory:
recurse: true

2
argocd/templates/cert-manager.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: cert-manager
destination:
namespace: cert-manager

2
argocd/templates/crossplane.yml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: crossplane
destination:
namespace: crossplane

2
argocd/templates/durpapi.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: durpapi
destination:
namespace: durpapi

2
argocd/templates/durpot.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: durpot
destination:
namespace: durpot

2
argocd/templates/external-dns.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: external-dns
destination:
namespace: external-dns

2
argocd/templates/external-secrets.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: external-secrets
destination:
namespace: external-secrets

2
argocd/templates/gatekeeper.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: gatekeeper
destination:
namespace: gatekeeper

2
argocd/templates/gitlab-runner.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: gitlab-runner
destination:
namespace: gitlab-runner

2
argocd/templates/heimdall.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: heimdall
destination:
namespace: heimdall

2
argocd/templates/krakend.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: krakend
destination:
namespace: krakend

2
argocd/templates/kube-prometheus-stack.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: kube-prometheus-stack
destination:
namespace: kube-prometheus-stack

2
argocd/templates/kubeclarity.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: kubeclarity
destination:
namespace: kubeclarity

2
argocd/templates/littlelink.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: littlelink
directory:
recurse: true

2
argocd/templates/longhorn.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: longhorn
destination:
namespace: longhorn-system

22
argocd/templates/metallb-system.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: metallb-system
namespace: argocd
spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
path: metallb-system
destination:
namespace: metallb-system
name: in-cluster
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

2
argocd/templates/nfs-client.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: nfs-client
directory:
recurse: true

2
argocd/templates/open-webui.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: open-webui
destination:
namespace: open-webui

2
argocd/templates/traefik.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: traefik
destination:
namespace: traefik

2
argocd/templates/uptimekuma.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: uptimekuma
directory:
recurse: true

2
argocd/templates/vault.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: vault
destination:
namespace: vault

12
durpapi/Chart.yaml
View File

@@ -1,11 +1,13 @@
type: application
appVersion: 0.1.0
description: A Helm chart for Kubernetes
apiVersion: v2
name: durpapi
description: A Helm chart for Kubernetes
type: application
version: 0.1.0-dev0184
appVersion: 0.1.0
dependencies:
- condition: postgresql.enabled
version: 12.5.*
repository: https://charts.bitnami.com/bitnami
name: postgresql
apiVersion: v2
version: test

6
durpapi/values.yaml
View File

@@ -10,15 +10,15 @@ deployment:
probe:
readiness:
httpGet:
path: /api/health/gethealth
path: /health/gethealth
port: 8080
liveness:
httpGet:
path: /api/health/gethealth
path: /health/gethealth
port: 8080
startup:
httpGet:
path: /api/health/gethealth
path: /health/gethealth
port: 8080
service:
type: ClusterIP

4
external-dns/values.yaml
View File

@@ -11,6 +11,6 @@ external-dns:
provider: cloudflare
cloudflare:
secretName : "external-dns"
proxied: true
proxied: false
policy: sync
policy: sync

63
internalproxy/templates/blueiris.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: blueiris
spec:
ports:
- name: app
port: 81
protocol: TCP
targetPort: 81
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: blueiris
subsets:
- addresses:
- ip: 192.168.99.2
ports:
- name: app
port: 81
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: blueiris-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`blueiris.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: blueiris
port: 81
scheme: http
tls:
secretName: blueiris-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: blueiris-tls
spec:
secretName: blueiris-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "blueiris.internal.durp.info"
dnsNames:
- "blueiris.internal.durp.info"

63
internalproxy/templates/gitea.yaml
View File

@@ -1,3 +1,66 @@
apiVersion: v1
kind: Service
metadata:
name: gitea
spec:
ports:
- name: app
port: 3000
protocol: TCP
targetPort: 3000
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: gitea
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 3000
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: gitea-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`gitea.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: gitea
port: 3000
scheme: http
tls:
secretName: gitea-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: gitea-tls
spec:
secretName: gitea-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "gitea.durp.info"
dnsNames:
- "gitea.durp.info"
---
kind: Service
apiVersion: v1
metadata:

71
internalproxy/templates/guac.yaml
View File

@@ -1,71 +0,0 @@
kind: Service
apiVersion: v1
metadata:
name: guac-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: guac.durp.info
spec:
type: ExternalName
externalName: durp.info
---
apiVersion: v1
kind: Service
metadata:
name: guac
spec:
ports:
- name: app
port: 8082
protocol: TCP
targetPort: 8082
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: guac
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 8082
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: guac-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`guac.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: guac
port: 8082
tls:
secretName: guac-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: guac-tls
spec:
secretName: guac-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "guac.durp.info"
dnsNames:
- "guac.durp.info"

63
internalproxy/templates/jellyfin.yaml
View File

@@ -1,3 +1,66 @@
apiVersion: v1
kind: Service
metadata:
name: jellyfin
spec:
ports:
- name: app
port: 8096
protocol: TCP
targetPort: 8096
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: jellyfin
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 8096
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: jellyfin-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`jellyfin.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: jellyfin
port: 8096
scheme: http
tls:
secretName: jellyfin-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: jellyfin-tls
spec:
secretName: jellyfin-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "jellyfin.durp.info"
dnsNames:
- "jellyfin.durp.info"
---
kind: Service
apiVersion: v1
metadata:

63
internalproxy/templates/kasm.yaml
View File

@@ -1,3 +1,66 @@
apiVersion: v1
kind: Service
metadata:
name: kasm
spec:
ports:
- name: app
port: 443
protocol: TCP
targetPort: 443
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: kasm
subsets:
- addresses:
- ip: 192.168.20.104
ports:
- name: app
port: 443
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: kasm-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`kasm.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: kasm
port: 443
scheme: https
tls:
secretName: kasm-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: kasm-tls
spec:
secretName: kasm-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "kasm.durp.info"
dnsNames:
- "kasm.durp.info"
---
kind: Service
apiVersion: v1
metadata:

63
internalproxy/templates/minio.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: minio
spec:
ports:
- name: app
port: 9769
protocol: TCP
targetPort: 9769
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: minio
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 9769
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: minio-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`minio.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: minio
port: 9769
scheme: http
tls:
secretName: minio-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: minio-tls
spec:
secretName: minio-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "minio.internal.durp.info"
dnsNames:
- "minio.internal.durp.info"

63
internalproxy/templates/octopus.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: octopus
spec:
ports:
- name: app
port: 443
protocol: TCP
targetPort: 443
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: octopus
subsets:
- addresses:
- ip: 192.168.20.105
ports:
- name: app
port: 443
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: octopus-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`octopus.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: octopus
port: 443
scheme: https
tls:
secretName: octopus-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: octopus-tls
spec:
secretName: octopus-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "octopus.internal.durp.info"
dnsNames:
- "octopus.internal.durp.info"

101
internalproxy/templates/ollama.yaml Normal file
View File

@@ -0,0 +1,101 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ollama-secret
spec:
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: ollama-secret
data:
- secretKey: users
remoteRef:
key: secrets/internalproxy/ollama
property: users
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: ollama-basic-auth
spec:
basicAuth:
secret: ollama-secret
---
apiVersion: v1
kind: Service
metadata:
name: ollama
spec:
ports:
- name: app
port: 11435
protocol: TCP
targetPort: 11435
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: ollama
subsets:
- addresses:
- ip: 192.168.20.104
ports:
- name: app
port: 11435
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ollama-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`ollama.durp.info`) && PathPrefix(`/`)
middlewares:
- name: ollama-basic-auth
kind: Rule
services:
- name: ollama
port: 11435
tls:
secretName: ollama-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: ollama-tls
spec:
secretName: ollama-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "ollama.durp.info"
dnsNames:
- "ollama.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: ollama-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: ollama.durp.info
spec:
type: ExternalName
externalName: durp.info

63
internalproxy/templates/pfsense.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: pfsense
spec:
ports:
- name: app
port: 10443
protocol: TCP
targetPort: 10443
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: pfsense
subsets:
- addresses:
- ip: 192.168.20.1
ports:
- name: app
port: 10443
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: pfsense-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`pfsense.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: pfsense
port: 10443
scheme: https
tls:
secretName: pfsense-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: pfsense-tls
spec:
secretName: pfsense-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "pfsense.internal.durp.info"
dnsNames:
- "pfsense.internal.durp.info"

63
internalproxy/templates/plex.yaml
View File

@@ -1,3 +1,66 @@
apiVersion: v1
kind: Service
metadata:
name: plex
spec:
ports:
- name: app
port: 32400
protocol: TCP
targetPort: 32400
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: plex
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 32400
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: plex-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`plex.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: plex
port: 32400
scheme: https
tls:
secretName: plex-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: plex-tls
spec:
secretName: plex-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "plex.durp.info"
dnsNames:
- "plex.durp.info"
---
kind: Service
apiVersion: v1
metadata:

63
internalproxy/templates/portainer.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: portainer
spec:
ports:
- name: app
port: 9443
protocol: TCP
targetPort: 9443
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: portainer
subsets:
- addresses:
- ip: 192.168.20.104
ports:
- name: app
port: 9443
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: portainer-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`portainer.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: portainer
port: 9443
scheme: https
tls:
secretName: portainer-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: portainer-tls
spec:
secretName: portainer-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "portainer.internal.durp.info"
dnsNames:
- "portainer.internal.durp.info"

63
internalproxy/templates/proxmox.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: proxmox
spec:
ports:
- name: app
port: 8006
protocol: TCP
targetPort: 8006
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: proxmox
subsets:
- addresses:
- ip: 192.168.21.252
ports:
- name: app
port: 8006
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: proxmox-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`proxmox.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: proxmox
port: 8006
scheme: https
tls:
secretName: proxmox-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: proxmox-tls
spec:
secretName: proxmox-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "proxmox.internal.durp.info"
dnsNames:
- "proxmox.internal.durp.info"

14
internalproxy/templates/registry-internal.yaml
View File

@@ -5,9 +5,9 @@ metadata:
spec:
ports:
- name: app
port: 5001
port: 5000
protocol: TCP
targetPort: 5001
targetPort: 5000
clusterIP: None
type: ClusterIP
@@ -22,7 +22,7 @@ subsets:
- ip: 192.168.20.253
ports:
- name: app
port: 5001
port: 5000
protocol: TCP
---
@@ -39,9 +39,9 @@ spec:
kind: Rule
services:
- name: registry-internal
port: 5001
port: 5000
tls:
secretName: registry-tls
secretName: registry-internal-tls
---
@@ -54,6 +54,6 @@ spec:
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "registry.durp.info"
commonName: "registry.internal.durp.info"
dnsNames:
- "registry.durp.info"
- "registry.internal.durp.info"

63
internalproxy/templates/s3.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: s3
spec:
ports:
- name: app
port: 9768
protocol: TCP
targetPort: 9768
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: s3
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 9768
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: s3-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`s3.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: s3
port: 9768
scheme: http
tls:
secretName: s3-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: s3-tls
spec:
secretName: s3-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "s3.internal.durp.info"
dnsNames:
- "s3.internal.durp.info"

63
internalproxy/templates/semaphore.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: semaphore
spec:
ports:
- name: app
port: 3001
protocol: TCP
targetPort: 3001
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: semaphore
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 3001
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: semaphore-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`semaphore.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: semaphore
port: 3001
scheme: http
tls:
secretName: semaphore-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: semaphore-tls
spec:
secretName: semaphore-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "semaphore.internal.durp.info"
dnsNames:
- "semaphore.internal.durp.info"

63
internalproxy/templates/unraid.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: unraid
spec:
ports:
- name: app
port: 443
protocol: TCP
targetPort: 443
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: unraid
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 443
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: unraid-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`unraid.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: unraid
port: 443
scheme: https
tls:
secretName: unraid-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: unraid-tls
spec:
secretName: unraid-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "unraid.internal.durp.info"
dnsNames:
- "unraid.internal.durp.info"

63
internalproxy/templates/wazuh.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: wazuh
spec:
ports:
- name: app
port: 443
protocol: TCP
targetPort: 443
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: wazuh
subsets:
- addresses:
- ip: 192.168.20.102
ports:
- name: app
port: 443
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: wazuh-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`wazuh.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: wazuh
port: 443
scheme: https
tls:
secretName: wazuh-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: wazuh-tls
spec:
secretName: wazuh-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "wazuh.internal.durp.info"
dnsNames:
- "wazuh.internal.durp.info"

4
longhorn/values.yaml
View File

@@ -57,7 +57,7 @@ longhorn:
{
"name":"backup",
"task":"backup",
"cron":"0 */6 * * *",
"cron":"0 0 * * ?",
"retain":24
}
]'
@@ -76,7 +76,7 @@ longhorn:
snapshotterReplicaCount: ~
defaultSettings:
backupTarget: S3://longhorn@us-east-1/
backupTarget: S3://longhorn-master@us-east-1/
backupTargetCredentialSecret: longhorn-backup-token-secret
allowRecurringJobWhileVolumeDetached: ~
createDefaultDiskLabeledNodes: ~

13
metallb-system/Chart.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v2
name: metallb-system
description: A Helm chart for Kubernetes
type: application
version: 0.1.0
appVersion: "1.16.0"
dependencies:
- name: metallb
repository: https://metallb.github.io/metallb
version: 0.14.5

17
metallb-system/templates/config.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: cheap
spec:
addresses:
- 192.168.20.130-192.168.20.140
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: poop
namespace: metallb-system
spec:
ipAddressPools:
- cheap

197
metallb-system/values.yaml Normal file
View File

@@ -0,0 +1,197 @@
metallb:
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
loadBalancerClass: ""
rbac:
create: true
prometheus:
scrapeAnnotations: false
metricsPort: 7472
speakerMetricsTLSSecret: ""
controllerMetricsTLSSecret: ""
rbacPrometheus: true
serviceAccount: ""
namespace: ""
rbacProxy:
repository: gcr.io/kubebuilder/kube-rbac-proxy
tag: v0.12.0
pullPolicy:
podMonitor:
enabled: false
additionalLabels: {}
annotations: {}
jobLabel: "app.kubernetes.io/name"
interval:
metricRelabelings: []
relabelings: []
serviceMonitor:
enabled: false
speaker:
additionalLabels: {}
annotations: {}
tlsConfig:
insecureSkipVerify: true
controller:
additionalLabels: {}
annotations: {}
tlsConfig:
insecureSkipVerify: true
jobLabel: "app.kubernetes.io/name"
interval:
metricRelabelings: []
relabelings: []
prometheusRule:
enabled: false
additionalLabels: {}
annotations: {}
staleConfig:
enabled: true
labels:
severity: warning
configNotLoaded:
enabled: true
labels:
severity: warning
addressPoolExhausted:
enabled: true
labels:
severity: alert
addressPoolUsage:
enabled: true
thresholds:
- percent: 75
labels:
severity: warning
- percent: 85
labels:
severity: warning
- percent: 95
labels:
severity: alert
bgpSessionDown:
enabled: true
labels:
severity: alert
extraAlerts: []
controller:
enabled: true
# -- Controller log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none`
logLevel: info
image:
repository: quay.io/metallb/controller
tag:
pullPolicy:
strategy:
type: RollingUpdate
serviceAccount:
create: true
name: ""
annotations: {}
securityContext:
runAsNonRoot: true
runAsUser: 65534
fsGroup: 65534
resources: {}
nodeSelector: {}
tolerations: []
priorityClassName: ""
runtimeClassName: ""
affinity: {}
podAnnotations: {}
labels: {}
livenessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
tlsMinVersion: "VersionTLS12"
tlsCipherSuites: ""
extraContainers: []
speaker:
enabled: true
logLevel: debug
tolerateMaster: true
memberlist:
enabled: true
mlBindPort: 7946
mlBindAddrOverride: ""
mlSecretKeyPath: "/etc/ml_secret_key"
excludeInterfaces:
enabled: true
ignoreExcludeLB: false
image:
repository: quay.io/metallb/speaker
tag:
pullPolicy:
updateStrategy:
type: RollingUpdate
serviceAccount:
create: true
name: ""
annotations: {}
securityContext: {}
resources: {}
nodeSelector: {}
tolerations: []
priorityClassName: ""
affinity: {}
runtimeClassName: ""
podAnnotations: {}
labels:
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/warn: privileged
livenessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
startupProbe:
enabled: true
failureThreshold: 30
periodSeconds: 5
frr:
enabled: true
image:
repository: quay.io/frrouting/frr
tag: 9.0.2
pullPolicy:
metricsPort: 7473
resources: {}
reloader:
resources: {}
frrMetrics:
resources: {}
extraContainers: []
crds:
enabled: true
validationFailurePolicy: Fail
frrk8s:
enabled: false

4
traefik/templates/middlewares.yaml
View File

@@ -30,5 +30,7 @@ metadata:
spec:
ipWhiteList:
sourceRange:
- 192.168.20.1/32
- 192.168.20.1/32
- 10.0.0.0/8
- 192.168.30.0/24
- 192.168.130.0/24