remoll/k3s-infra
0
0
Fork 0
Code Issues 1 Pull Requests 6 Packages Projects Releases Wiki Activity

Compare commits

base: remoll:feature/media-downloads
Branches Tags
remoll:main remoll:renovate/immich-app-images remoll:renovate/traefik-37.x remoll:renovate/loki-6.x remoll:renovate/grafana-9.x remoll:renovate/cloudnative-pg-0.x remoll:renovate/ghcr.io-coder-code-server-4.x remoll:feature/headscale remoll:feature/media-downloads remoll:feature/crowdsec remoll:feature/matrix remoll:feature/llm remoll:feature/gaming remoll:feature/affine remoll:feature/unified-file-sync
..
compare: remoll:249b335ccb47f3215927807964081a1c75de8b82
Branches Tags
remoll:renovate/immich-app-images remoll:renovate/traefik-37.x remoll:renovate/loki-6.x remoll:main remoll:renovate/grafana-9.x remoll:renovate/cloudnative-pg-0.x remoll:renovate/ghcr.io-coder-code-server-4.x remoll:feature/headscale remoll:feature/media-downloads remoll:feature/crowdsec remoll:feature/matrix remoll:feature/llm remoll:feature/gaming remoll:feature/affine remoll:feature/unified-file-sync

53 Commits
feature/me ... 249b335ccb

Author SHA1 Message Date
Remy Moll
249b335ccb Merge pull request 'Update jellyfin/jellyfin Docker tag to v10.9.5' (#120) from renovate/jellyfin-jellyfin-10.x into main 
Reviewed-on: #120
 2024-06-06 09:22:20 +00:00
Remy Moll
8c33c50457 Merge pull request 'Update ghcr.io/gethomepage/homepage Docker tag to v0.9.2' (#121) from renovate/ghcr.io-gethomepage-homepage-0.x into main 
Reviewed-on: #121
 2024-06-06 09:22:08 +00:00
Renovate Bot
4f1cbbabe6 Update ghcr.io/gethomepage/homepage Docker tag to v0.9.2 2024-06-06 03:30:44 +00:00
Renovate Bot
4f4e6bdf13 Update jellyfin/jellyfin Docker tag to v10.9.5 2024-06-05 22:30:46 +00:00
Remy Moll
ebbece048e Merge pull request 'Update homeassistant/home-assistant Docker tag to v2024.6' (#119) from renovate/homeassistant-home-assistant-2024.x into main 
Reviewed-on: #119
 2024-06-05 21:58:04 +00:00
Remy Moll
9987aa9d0b Merge pull request 'Update ghcr.io/mealie-recipes/mealie Docker tag to v1.8.0' (#118) from renovate/ghcr.io-mealie-recipes-mealie-1.x into main 
Reviewed-on: #118
 2024-06-05 21:57:12 +00:00
Remy Moll
14cc093e51 Merge pull request 'Update alpine/git Docker tag to v2.45.1' (#110) from renovate/alpine-git-2.x into main 
Reviewed-on: #110
 2024-06-05 21:56:57 +00:00
Renovate Bot
18576ff7f2 Update homeassistant/home-assistant Docker tag to v2024.6 2024-06-05 19:31:05 +00:00
Renovate Bot
bee9243407 Update ghcr.io/mealie-recipes/mealie Docker tag to v1.8.0 2024-06-05 19:31:01 +00:00
Remy Moll
8223b336ed Merge pull request 'Update jellyfin/jellyfin Docker tag to v10.9.4' (#112) from renovate/jellyfin-jellyfin-10.x into main 
Reviewed-on: #112
 2024-06-05 19:28:21 +00:00
Remy Moll
1fd0da6778 Merge pull request 'Update Helm release grafana to v8' (#115) from renovate/grafana-8.x into main 
Reviewed-on: #115
 2024-06-05 19:26:21 +00:00
Remy Moll
6be344fc8d Merge pull request 'Update actualbudget/actual-server Docker tag to v24.6.0' (#114) from renovate/actualbudget-actual-server-24.x into main 
Reviewed-on: #114
 2024-06-05 19:25:58 +00:00
Remy Moll
d46ee3894e Merge pull request 'Update ghcr.io/gethomepage/homepage Docker tag to v0.9.1' (#117) from renovate/ghcr.io-gethomepage-homepage-0.x into main 
Reviewed-on: #117
 2024-06-05 19:25:24 +00:00
Renovate Bot
b282f363ce Update ghcr.io/gethomepage/homepage Docker tag to v0.9.1 2024-06-03 20:35:37 +00:00
Renovate Bot
4b494642f5 Update Helm release grafana to v8 2024-06-03 16:01:41 +00:00
Renovate Bot
08c508862f Update actualbudget/actual-server Docker tag to v24.6.0 2024-06-03 10:31:05 +00:00
Renovate Bot
3d63498b25 Update jellyfin/jellyfin Docker tag to v10.9.4 2024-06-01 23:01:04 +00:00
Remy Moll
a11f3e24f8 Merge pull request 'Update jellyfin/jellyfin Docker tag to v10.9.3' (#111) from renovate/jellyfin-jellyfin-10.x into main 
Reviewed-on: #111
 2024-05-27 17:39:48 +00:00
Renovate Bot
adff6180ea Update jellyfin/jellyfin Docker tag to v10.9.3 2024-05-27 00:30:59 +00:00
Renovate Bot
99dd81531e Update alpine/git Docker tag to v2.45.1 2024-05-25 23:01:08 +00:00
Remy Moll
4f18adf1da try once more 2024-05-25 13:12:23 +02:00
Remy Moll
7e3f8a2764 and undo because it doesn't work 2024-05-25 12:39:33 +02:00
Remy Moll
3a94d7a7b7 add docker builder using kubernetes natively 2024-05-25 12:32:15 +02:00
Remy Moll
9f8ae4b0fa gitea revert to dind runner 2024-05-25 11:24:55 +02:00
Remy Moll
d53ee0079e Merge pull request 'Update ghcr.io/mealie-recipes/mealie Docker tag to v1.7.0' (#106) from renovate/ghcr.io-mealie-recipes-mealie-1.x into main 
Reviewed-on: #106
 2024-05-24 19:18:11 +00:00
Remy Moll
f844eb8caa Merge pull request 'Update adguard/adguardhome Docker tag to v0.107.50' (#107) from renovate/adguard-adguardhome-0.x into main 
Reviewed-on: #107
 2024-05-23 21:38:05 +00:00
Renovate Bot
fb645058ac Update adguard/adguardhome Docker tag to v0.107.50 2024-05-23 15:31:10 +00:00
Renovate Bot
261790e329 Update ghcr.io/mealie-recipes/mealie Docker tag to v1.7.0 2024-05-23 11:14:10 +00:00
Remy Moll
645c8edde7 Merge pull request 'Update adguard/adguardhome Docker tag to v0.107.49' (#102) from renovate/adguard-adguardhome-0.x into main 
Reviewed-on: #102
 2024-05-23 11:10:18 +00:00
Remy Moll
c7b52155ac allow spindown of minecraft server 2024-05-23 13:08:48 +02:00
Remy Moll
46a2c8998e Merge pull request 'Update alpine/git Docker tag to v2.43.4' (#101) from renovate/alpine-git-2.x into main 
Reviewed-on: #101
 2024-05-23 09:42:19 +00:00
Remy Moll
fbba22cb07 Merge pull request 'Update owncloud/ocis Docker tag to v5.0.5' (#103) from renovate/owncloud-ocis-5.x into main 
Reviewed-on: #103
 2024-05-23 09:42:00 +00:00
Renovate Bot
f03c76c53b Update owncloud/ocis Docker tag to v5.0.5 2024-05-22 14:30:56 +00:00
Renovate Bot
c7f5cb8773 Update adguard/adguardhome Docker tag to v0.107.49 2024-05-21 15:30:48 +00:00
Remy Moll
206f8e4c50 try k8s-native actions once more 2024-05-21 12:14:48 +02:00
Remy Moll
03df5e4663 Merge pull request 'Update jellyfin/jellyfin Docker tag to v10.9.2' (#100) from renovate/jellyfin-jellyfin-10.x into main 
Reviewed-on: #100
 2024-05-20 19:12:17 +00:00
Remy Moll
72906d205b with certs 2024-05-20 12:22:56 +02:00
Remy Moll
c6f7471ebb try fixing the labels 2024-05-20 12:15:56 +02:00
Remy Moll
a3550d10cb add wireguard 2024-05-19 12:31:50 +02:00
Remy Moll
f22d25b101 add minecraft without autosync 2024-05-19 11:22:21 +02:00
Renovate Bot
b7b9afa1a5 Update alpine/git Docker tag to v2.43.4 2024-05-19 04:30:42 +00:00
Remy Moll
835f05866c different gitea runner strategy 2024-05-18 17:19:14 +02:00
Remy Moll
1aa2e55f22 try a better gitea actions runner 2024-05-18 13:57:26 +02:00
Renovate Bot
3c777a92c0 Update jellyfin/jellyfin Docker tag to v10.9.2 2024-05-17 21:00:55 +00:00
Remy Moll
7d893d27ec bump immich version 2024-05-16 10:13:19 +02:00
Remy Moll
d0fcf951cc bump immich version 2024-05-16 09:51:57 +02:00
Remy Moll
1e9959e3d1 better minecraft deployment 2024-05-16 09:51:16 +02:00
Remy Moll
ce821b6abe Merge pull request 'Update binwiederhier/ntfy Docker tag to v2.11.0' (#98) from renovate/binwiederhier-ntfy-2.x into main 
Reviewed-on: #98
 2024-05-16 07:39:12 +00:00
Remy Moll
1de224ea77 Merge pull request 'Update jellyfin/jellyfin Docker tag to v10.9.1' (#95) from renovate/jellyfin-jellyfin-10.x into main 
Reviewed-on: #95
 2024-05-16 07:37:41 +00:00
Remy Moll
103f4c8a9f Merge pull request 'Update owncloud/ocis Docker tag to v5.0.4' (#99) from renovate/owncloud-ocis-5.x into main 
Reviewed-on: #99
 2024-05-16 07:37:20 +00:00
Renovate Bot
124881d3a8 Update owncloud/ocis Docker tag to v5.0.4 2024-05-14 13:31:01 +00:00
Renovate Bot
0b5d2a5fe6 Update jellyfin/jellyfin Docker tag to v10.9.1 2024-05-14 09:01:22 +00:00
Renovate Bot
332082c9fc Update binwiederhier/ntfy Docker tag to v2.11.0 2024-05-13 20:31:02 +00:00
36 changed files with 136 additions and 662 deletions
Expand all files Collapse all files

2
apps/adguard/kustomization.yaml
View File

@@ -10,7 +10,7 @@ resources:
images:
- name: adguard/adguardhome
newName: adguard/adguardhome
newTag: v0.107.48
newTag: v0.107.50
namespace: adguard

2
apps/files/kustomization.yaml
View File

@@ -13,4 +13,4 @@ namespace: files
images:
- name: ocis
newName: owncloud/ocis
newTag: "5.0.3"
newTag: "5.0.5"

2
apps/finance/kustomization.yaml
View File

@@ -13,4 +13,4 @@ resources:
images:
- name: actualbudget
newName: actualbudget/actual-server
newTag: 24.5.0
newTag: 24.6.0

2
apps/homeassistant/kustomization.yaml
View File

@@ -15,4 +15,4 @@ resources:
images:
- name: homeassistant/home-assistant
newName: homeassistant/home-assistant
newTag: "2024.5"
newTag: "2024.6"

2
apps/homepage/kustomization.yaml
View File

@@ -14,4 +14,4 @@ resources:
images:
- name: homepage
newName: ghcr.io/gethomepage/homepage
newTag: v0.8.13
newTag: v0.9.2

4
apps/immich/kustomization.yaml
View File

@@ -19,6 +19,6 @@ helmCharts:
images:
- name: ghcr.io/immich-app/immich-machine-learning
newTag: v1.103.1
newTag: v1.105.1
- name: ghcr.io/immich-app/immich-server
newTag: v1.103.1
newTag: v1.105.1

47
apps/media-downloads/jackett.deployment.yaml
View File

@@ -1,47 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: jackett
spec:
selector:
matchLabels:
app: jackett
template:
metadata:
labels:
app: jackett
spec:
containers:
- name: jackett
image: jackett
resources:
limits:
memory: "128Mi"
cpu: "500m"
ports:
- containerPort: 9117
volumeMounts:
- name: media
mountPath: /media
- name: config
mountPath: /config
volumes:
- name: media
persistentVolumeClaim:
claimName: media-downloads
- name: config
persistentVolumeClaim:
claimName: transmission-config
---
apiVersion: v1
kind: Service
metadata:
name: jackett
spec:
selector:
app: jackett
ports:
- protocol: TCP
port: 9117
targetPort: 9117
type: ClusterIP

50
apps/media-downloads/kustomization.yaml
View File

@@ -1,50 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: media-downloads
resources:
- namespace.yaml
- pvc.yaml
- transmission.deployment.yaml
- radarr.deployment.yaml
- jackett.deployment.yaml
images:
- name: transmission
newName: haugene/transmission-openvpn
newTag: 5.3.1
- name: jackett
newName: lscr.io/linuxserver/jackett
newTag: latest
- name: radarr
newName: lscr.io/linuxserver/radarr
newTag: 5.4.6
---
# 2nd version
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: media-downloads
resources:
- namespace.yaml
- pvc.yaml
- qbittorrent.deployment.yaml
- qbittorrent.service.yaml
- qbittorrent.configmap.yaml
- radarr.deployment.yaml
- radarr.service.yaml
- radarr.configmap.yaml
- openvpn.secret.yaml
images:
- name: qbittorrent
newName: binhex/arch-qbittorrentvpn
newTag: 5.0.1-1-02
- name: radarr
newName: hotio/radarr
newTag: release-5.14.0.9383

6
apps/media-downloads/namespace.yaml
View File

@@ -1,6 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: placeholder
labels:
pod-security.kubernetes.io/enforce: privileged

35
apps/media-downloads/pvc.yaml
View File

@@ -1,35 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: radarr-config
spec:
storageClassName: "nfs-client"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "1Gi"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: qbittorrent-config
spec:
storageClassName: "nfs-client"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "1Gi"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data
spec:
storageClassName: "nfs-client"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "10Gi"

15
apps/media-downloads/qbittorrent.configmap.yaml
View File

@@ -1,15 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: qbittorrent
labels:
app: qbittorrent
data:
VPN_ENABLED: yes
VPN_USER: vpnbook
VPN_PASS: e83zu76
VPN_PROV: custom
VPN_CLIENT: openvpn
LAN_NETWORK: 10.244.0.0/24,10.9.0.0/24
WEBUI_PORT: "8080"
ENABLE_STARTUP_SCRIPTS: no

40
apps/media-downloads/qbittorrent.deployment.yaml
View File

@@ -1,40 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: qbittorrent
spec:
selector:
matchLabels:
app: qbittorrent
replicas: 1
template:
metadata:
labels:
app: qbittorrent
spec:
containers:
- name: qbittorrent
image: qbittorrent
ports:
- containerPort: 8080
envFrom:
- configMapRef:
name: qbittorrent
volumeMounts:
- name: data
mountPath: /data
- name: config
mountPath: /config
securityContext:
capabilities:
add:
- NET_ADMIN
volumes:
- name: data
persistentVolumeClaim:
claimName: data
- name: config
persistentVolumeClaim:
claimName: qbittorrent-config

12
apps/media-downloads/qbittorrent.service.yaml
View File

@@ -1,12 +0,0 @@
kind: Service
apiVersion: v1
metadata:
name: qbittorrent
spec:
selector:
app: qbittorrent
type: ClusterIP
ports:
- name: qbittorrent
port: 8080
targetPort: 8080

20
apps/media-downloads/radarr.configmap.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: radarr
labels:
app: radarr
data:
# VPN_ENABLED: "true"
# VPN_CONF: "wg0"
# VPN_PROVIDER: "generic"
# VPN_LAN_NETWORK: "192.168.1.0/24"
# VPN_LAN_LEAK_ENABLED: "false"
# VPN_EXPOSE_PORTS_ON_LAN: ""
# VPN_AUTO_PORT_FORWARD: "false"
# VPN_AUTO_PORT_FORWARD_TO_PORTS: ""
# VPN_KEEP_LOCAL_DNS: "false"
# VPN_FIREWALL_TYPE: "auto"
# VPN_HEALTHCHECK_ENABLED: "false"
# PRIVOXY_ENABLED: "false"
# UNBOUND_ENABLED: "false"

34
apps/media-downloads/radarr.deployment.yaml
View File

@@ -1,34 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: radarr
spec:
selector:
matchLabels:
app: radarr
replicas: 1
template:
metadata:
labels:
app: radarr
spec:
containers:
- name: radarr
image: radarr
ports:
- containerPort: 7878
envFrom:
- configMapRef:
name: radarr
volumeMounts:
- name: data
mountPath: /data
- name: config
mountPath: /config
volumes:
- name: data
persistentVolumeClaim:
claimName: data
- name: config
persistentVolumeClaim:
claimName: radarr-config

12
apps/media-downloads/radarr.service.yaml
View File

@@ -1,12 +0,0 @@
kind: Service
apiVersion: v1
metadata:
name: radarr
spec:
selector:
app: radarr
type: ClusterIP
ports:
- name: radarr
port: 7878
targetPort: 7878

81
apps/media-downloads/transmission.deployment.yaml
View File

@@ -1,81 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: transmission
spec:
selector:
matchLabels:
app: transmission
template:
metadata:
labels:
app: transmission
spec:
containers:
- name: transmission
image: transmission
resources:
limits:
memory: "128Mi"
cpu: "500m"
ports:
- containerPort: 9091
env:
- name: OPENVPN_PROVIDER
value: PROTONVPN
- name: LOCAL_NETWORK
value: 10.42.0.0/16
- name: OPENVPN_CONFIG
valueFrom:
secretKeyRef:
name: protonvpn
key: country
- name: OPENVPN_USERNAME
valueFrom:
secretKeyRef:
name: protonvpn
key: username
- name: OPENVPN_PASSWORD
valueFrom:
secretKeyRef:
name: protonvpn
key: password
volumeMounts:
- name: media
mountPath: /data
- name: config
mountPath: /config
securityContext:
capabilities:
add: ["NET_ADMIN"]
volumes:
- name: media
persistentVolumeClaim:
claimName: media-downloads
- name: config
persistentVolumeClaim:
claimName: transmission-config
---
apiVersion: v1
kind: Service
metadata:
name: transmission
spec:
selector:
app: transmission
ports:
- protocol: TCP
port: 9091
targetPort: 9091
type: ClusterIP
---
apiVersion: v1
kind: Secret
metadata:
name: protonvpn
type: Opaque
stringData:
country: at.protonvpn.udp,fr.protonvpn.udp,pl.protonvpn.udp,ch.protonvpn.udp
username: VOYkNuZs5PHjeB8w
password: WvKCOPijcXKOqcL5d7zjXzOPToS4zPid

2
apps/media/kustomization.yaml
View File

@@ -14,7 +14,7 @@ resources:
images:
- name: jellyfin/jellyfin
newName: jellyfin/jellyfin
newTag: 10.9.0
newTag: 10.9.5
- name: ghcr.io/jellyfin/jellyfin-vue
newName: ghcr.io/jellyfin/jellyfin-vue
newTag: stable-rc.0.3.1

16
apps/minecraft/curseforge.sealedsecret.yaml Normal file
View File

@@ -0,0 +1,16 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: curseforge-api
namespace: minecraft
spec:
encryptedData:
key: AgBYeAiejdmxDBorvgnxQX5YvUhR3NId2vfWybMKlc27e6D/bKglLNyZMk70xSnFAPjcDmZ20mYjFPYvDOr9T6IU/REJ8QlzoKAn0xW779R4SkIxRToT+dJv+OM2avgQ9uqp7vja29xeXMjYAnQML+QGZKcrT8mE04G/Ty8rdUiv3yUXK5HFAR3SUF35aVLdlthLjpRkv1s0R7GAP4L2pNzBJNV3i37viceUSSjU0zpOa23fsQOkPAs67AIukAJBqh/hyF/hR9H1GeYZNTI3OcHcvC2iNk/XGstvv0Zy6ApzoebsfWGdsbVn+QUI0EBw+mSTPqpl71cbkz0v4S4XAVndosxWpe6AIgm5MBTU0FXIyGyoFDe1aMPq8BXiQikYVwB48oVNh9KF0xXX5AOG0whB/FEsL3OJsiNQvQ3R/Hru43JBn64oxjVtLfM3E7u8v/xr1VQahX8dylDmb4s5EV01U6O4y19Ou4td1eEMlhpJb0fBPDRUYuWxZAEDGmp+U4tAakyPed11VkcZPPn9fKAAcv8sGs3TYAbbF18hqsBnv2Wd+i7ZEvKwmdmfR/T0r1TJGsvKI7jaW0QtH256XrSxQp7a52qMKMVQWOSKw2k27t/IkRhxT2Prw4GfJvaVr4RozUaBf3LV/hfDWlDfmM2zg3X9W8HkzjotGg021OLxsa0Wzmhffvb8h4bvZwxeq3U1xaJocqXui7z0rT2pF4z3wYHR/lPtexHcOA2M8gfBGKb1rBKh+kW+N+/ZfVLNI0mokg5vrTO2nR2rb4c=
template:
metadata:
creationTimestamp: null
name: curseforge-api
namespace: minecraft
type: Opaque

27
apps/minecraft/deployment.yaml
View File

@@ -16,28 +16,31 @@ spec:
image: minecraft
resources:
limits:
memory: "4000Mi"
cpu: "2500m"
memory: "6000Mi"
cpu: "3"
requests:
memory: "1000Mi"
memory: "1500Mi"
cpu: "500m"
ports:
- containerPort: 25565
env:
- name: EULA
value: "TRUE"
- name: MODPACK
value: "https://www.curseforge.com/api/v1/mods/711537/files/5076228/download"
- name: TYPE
value: "AUTO_CURSEFORGE"
- name: CF_API_KEY
valueFrom:
secretKeyRef:
name: curseforge-api
key: key
- name: CF_SLUG
value: "vault-hunters-1-18-2"
- name: VERSION
value: "1.18.2"
# - name: VERSION
# value: "1.16.5"
# - name: MODPACK
# value: "https://mediafilez.forgecdn.net/files/3602/5/VaultHunters-OfficialModpack-1.12.1-Server.zip"
- name: INIT_MEMORY
value: "1G"
- name: MAX_MEMORY
value: "3G"
value: "5G"
- name: MOTD
value: "VaultHunters baby!"
- name: ENABLE_RCON
@@ -46,6 +49,10 @@ spec:
value: "true"
- name: ONLINE_MODE
value: "true"
- name: ENABLE_AUTOPAUSE
value: "true"
- name: AUTOPAUSE_TIMEOUT_EST
value: "1800"
volumeMounts:
- name: minecraft-data
mountPath: /data

2
apps/minecraft/kustomization.yaml
View File

@@ -8,6 +8,8 @@ resources:
- pvc.yaml
- deployment.yaml
- service.yaml
- curseforge.sealedsecret.yaml
images:
- name: minecraft

2
apps/monitoring/kustomization.yaml
View File

@@ -16,5 +16,5 @@ helmCharts:
- releaseName: grafana
name: grafana
repo: https://grafana.github.io/helm-charts
version: 7.3.9
version: 8.0.0
valuesFile: grafana.values.yaml

2
apps/ntfy/kustomization.yaml
View File

@@ -13,4 +13,4 @@ resources:
images:
- name: binwiederhier/ntfy
newName: binwiederhier/ntfy
newTag: v2.10.0
newTag: v2.11.0

2
apps/recipes/kustomization.yaml
View File

@@ -12,5 +12,5 @@ resources:
images:
- name: mealie
newTag: v1.6.0
newTag: v1.8.0
newName: ghcr.io/mealie-recipes/mealie

2
infrastructure/external-dns/kustomization.yaml
View File

@@ -15,4 +15,4 @@ images:
- name: git
newName: alpine/git
newTag: "2.43.0"
newTag: "v2.45.1"

2
infrastructure/external/kustomization.yaml vendored
View File

@@ -8,4 +8,4 @@ resources:
- namespace.yaml
- omv-s3.ingress.yaml
- openmediavault.ingress.yaml
- proxmox.ingress.yaml
- proxmox.ingress.yaml

31
infrastructure/gitea/README.md Normal file
View File

@@ -0,0 +1,31 @@
# Using gitea actions
The actions deployment allows to use gitea actions from repositories within this instance.
### Building docker images
Docker builds use the kubernetes runner to build the images. For this to work, the pipeline needs to be able to access the kube-api. A service-account is created for this purpose.
To use the correct docker builder use the following action
```yaml
...
- name: Create Kubeconfig
run: |
mkdir $HOME/.kube
echo "${{ secrets.BUILDX_KUBECONFIG }}" > $HOME/.kube/config
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver: kubernetes
driver-opts: |
namespace=act-runner
qemu.install=true
...
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
<other config>
```

51
infrastructure/gitea/actions.deployment.yaml
View File

@@ -1,25 +1,23 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: actions-runner
labels:
app: act-runner
name: act-runner
spec:
replicas: 1
selector:
matchLabels:
app: actions-runner
app: act-runner
template:
metadata:
labels:
app: actions-runner
app: act-runner
spec:
hostname: kube-runner
serviceAccountName: actions-runner
restartPolicy: Always
containers:
- name: actions-runner
image: actions-runner
resources:
requests:
memory: "128Mi"
cpu: "500m"
- name: runner
image: vegardit/gitea-act-runner:dind-latest
env:
- name: GITEA_INSTANCE_URL
value: "https://git.kluster.moll.re"
@@ -28,12 +26,35 @@ spec:
secretKeyRef:
name: actions-runner-secret
key: runner-token
- name: GITEA_RUNNER_LABELS
value: k8s
- name: ACTIONS_RUNNER_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: GITEA_RUNNER_UID
value: '1000'
- name: GITEA_RUNNER_GID
value: '1000'
- name: GITEA_RUNNER_JOB_CONTAINER_PRIVILEGED
value: 'true'
securityContext:
privileged: true
volumeMounts:
- name: runner-data
mountPath: /data
volumes:
- name: runner-data
emptyDir: {}
persistentVolumeClaim:
claimName: runner-data
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: runner-data
spec:
resources:
requests:
storage: 5Gi
storageClassName: "nfs-client"
volumeMode: Filesystem
accessModes:
- ReadWriteMany

38
infrastructure/gitea/actions.rbac.yaml
View File

@@ -1,38 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: actions-runner
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: actions-role
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "create", "delete"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["get", "create"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get", "list", "watch",]
- apiGroups: ["batch"]
resources: ["jobs"]
verbs: ["get", "list", "create", "delete"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list", "create", "delete"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: actions-role-binding
subjects:
- kind: ServiceAccount
name: actions-runner
apiGroup: ""
roleRef:
kind: Role
name: actions-role
apiGroup: rbac.authorization.k8s.io

2
infrastructure/gitea/actions.sealedsecret.yaml
View File

@@ -7,7 +7,7 @@ metadata:
namespace: gitea
spec:
encryptedData:
runner-token: AgBHwek/Aj/0oOnI/bnZ4FgtRoeJw4tIKvcDzBhaPdQ7bMVHyHUKYUNP7lkPgZrIN+7rhMY7C/j13iGWx4iTdhTgipLiJvyZ70pXKLSix4IpcypJTElggWkW0JW79x1HyJfBtn9iJiHnEZXPi7sEnyKhA0asAOR0ae8NS6mxxei0TIImaPaC2RHL6MOi40xsXpHz2ZaVhDQaTSRWjv0U6+WkCGcueqM2HLYfF1gqqkzGCjjhdOTK1CKvIvApZ5n8x6x94IiywCXJraDCwLz+acF2c2vA/Jb/3p7TwyyRZ5uIF5LZufhTJ6+5sFJSReHYxO4CpPA8KvM880vtiEjN7LxVo/Jruj2459OvjviKZS03ZwLHHrjanom1+HA9Sx2ffRLiR5ayGkfj/6kvpIRt5x1F7BbPp+a0LXuxJX+1nGDyEa1D1WzVKvZASav6/v7cXcom/nKGO91Zb8qHlOv7ZTs5guGQ9G9VCOHOG8szwpW3ZmQwWfFoWsShzqbDqszBYOGeIjIiDllLzTZ8A9dv9J2ELngZ1IPGIkfpQNEW8hsbNXTYhdVIrkh7BIFkRWfYDNWxqZd4iE6XllQcT1rqndusgiNEJX2r+P4nT8dPewATXQ79wzvZU3kB+VHzM8cLymlVGADi7v/qTY9RcrhuE0oMLzHRShr6JU05VfLGbMsttrYKmW7smvBp3lRJitO5A8+r8cRniS1+Xr8mIx87vCvnoWSH6BKkl9pCdDeCGylAWfkJN9UpkaKg
runner-token: AgCexZDTtbYOdG3XgvmOh9CwxzTT+dhPVCPYv/arp8cM9R45PFIfwDvFCThnTHQYZJIYpsaUvoxdXSYYdhLyBVhmuAdD0NeH47q7qRh4U6WYUF6RMqUV3Dpri00nrROx2MN8Q+uGN+wq2xloSbkDzLiS+0sD8m+ItIKhEjIMcn9PyA2OheUmbCVfyOVzCEEaOt98nweTlOXgQLJBLPhxUJFCMePfGHudAlu2lZO3dH+T8G9cC86akZnAODuI69iScuIVOtGJvj1EhPNg9d7QjmjWZOKlk0ryPdwEoR/+kD069Jp4STX7IsVqKxZcvnY8yUICbmvj2TzJWzUDMit3leBopO+8+ECSng4uANGwp3QyankmyWD8SXN3fTuASoeoWa5mYN/qCih9m5ih7FxsDNqAFumUzX1QtAN3LDmzgcomdC7D6FHc1PIaOjoEF96TaDgBc8ODMRBWDtjCzD5sTLQ3zGLRieFsOxkdb0d9E+E4pestmnbdtwNTpfgtyT0pr2847FyAmS0DhA6bb4i+JohNswo+83koJQWf1UNyKhQ14kPhPiBRp1cnYieswFjSuvBbWAjB+SYrFIns97qJon2UjwcnlJ6/KewKj5KTOWnTel1Sgxgn4y7qXFnLvReIEKc6SCz+aFFEa4qAqJVmS1STMEwcqkiM7gA+he/8mdEB0BmfwdnGK0pA1I+RD4hOhDqIQlGyTtWGQINqFulbNUS2PcLmf5nX/ERRRPLlwmZNwR27pP3iQg29
template:
metadata:
creationTimestamp: null

84
infrastructure/gitea/drone-kube-runner.deployment.yaml
View File

@@ -1,84 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: drone-runner
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: drone-runner
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- apiGroups:
- ""
resources:
- pods
- pods/log
verbs:
- get
- create
- delete
- list
- watch
- update
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: drone-runner
subjects:
- kind: ServiceAccount
name: drone-runner
roleRef:
kind: Role
name: drone-runner
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: drone-runner
labels:
app.kubernetes.io/name: drone-runner
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: drone-runner
template:
metadata:
labels:
app.kubernetes.io/name: drone-runner
spec:
serviceAccountName: drone-runner
containers:
- name: runner
image: drone/drone-runner-kube:latest
ports:
- containerPort: 3000
env:
- name: DRONE_RPC_HOST
value: drone-server:80
- name: DRONE_RPC_PROTO
value: http
- name: DRONE_RPC_SECRET
valueFrom:
secretKeyRef:
name: drone-server-secret
key: rpc_secret
- name: DRONE_NAMESPACE_DEFAULT
value: gitea
# - name: DRONE_NAMESPACE_RULES
# value: "drone-runner:*"
- name: DRONE_SERVICE_ACCOUNT_DEFAULT
value: drone-runner

117
infrastructure/gitea/drone-server.deployment.yaml
View File

@@ -1,117 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: drone-server
labels:
app: drone-server
spec:
replicas: 1
selector:
matchLabels:
app: drone-server
template:
metadata:
labels:
app: drone-server
spec:
containers:
- name: drone
image: drone/drone:latest
env:
- name: DRONE_SERVER_PORT # because the deployment is called drone-server, override this var again!
value: ":80"
- name: DRONE_GITEA_SERVER
value: https://git.kluster.moll.re
- name: DRONE_USER_CREATE
value: username:remoll,admin:true
- name: DRONE_GITEA_CLIENT_ID
valueFrom:
secretKeyRef:
name: drone-server-secret
key: client_id
- name: DRONE_GITEA_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: drone-server-secret
key: client_secret
- name: DRONE_RPC_SECRET
valueFrom:
secretKeyRef:
name: drone-server-secret
key: rpc_secret
- name: DRONE_SERVER_HOST
value: drone.kluster.moll.re
- name: DRONE_SERVER_PROTO
value: https
resources:
requests:
memory: "1Gi"
cpu: 1.5
volumeMounts:
- mountPath: /data
name: drone-data-nfs
volumes:
- name: drone-data-nfs
persistentVolumeClaim:
claimName: drone-data-nfs
---
apiVersion: v1
kind: Service
metadata:
name: drone-server
labels:
app: drone-server
spec:
type: ClusterIP
ports:
- port: 80
name: http
selector:
app: drone-server
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: drone-server-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`drone.kluster.moll.re`)
kind: Rule
services:
- name: drone-server
port: 80
tls:
certResolver: default-tls
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: drone-data-nfs
spec:
capacity:
storage: "1Gi"
accessModes:
- ReadWriteOnce
nfs:
path: /export/kluster/drone
server: 192.168.1.157
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: drone-data-nfs
spec:
storageClassName: ""
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "1Gi"
volumeName: drone-data-nfs

23
infrastructure/gitea/drone-server.sealedsecret.yaml
View File

@@ -1,23 +0,0 @@
{
"kind": "SealedSecret",
"apiVersion": "bitnami.com/v1alpha1",
"metadata": {
"name": "drone-server-secret",
"namespace": "gitea",
"creationTimestamp": null
},
"spec": {
"template": {
"metadata": {
"name": "drone-server-secret",
"namespace": "gitea",
"creationTimestamp": null
}
},
"encryptedData": {
"client_id": "AgA53a7kGJ6zZcx2ooTvTNwxaW2FvfzHJnxg6co54+HXinTJKsc4+GJ1PtdIbsZ7Dgu/sLi/4X90fT+PT2sgEx9jIilmHPdJeRtwV1UID3Y46A7cJlfcAKwNOFzp2PWvBvizbNp7tbJwxeAYnVX8GfN6fi700QxBGqAI3u8qQvLpU6UGW2RM96gCXI7s1QhE1Le6TgoESy5HX95pB7csDRNSwVE02OWfDHKEjH8QD8UvBB9xct6uwDfu7KrsJiNJvWMP6arvpfhy/X+UtCTFmj5wmFYL7oc6vSiCkq+QyHgQTEHTmGpEjEGKcQxPQaus3KhbhcxQBYLMEMYRlLPH0AEAA4dzbSpoVXM3LuIe9FppgrTCknK1uRB8wyrHUeInWO8mG7UraV6m5PUS+UYODMvfjwY3PyiGhTSf6LgMlhMl8e+2rb+OsWphT8Pbeom33PucrYaRFr9RpQkJSwE6HU3JEh25YLfIJ7caqRND8C/p8kD679C8UMcNpBN8WS4Cswn5jzmwbeJNM5DGp9yQVZNx7Bv3dHzx9i3ShjJ6QQnR/zWJZ/dWLy6weGYmdZMMXRAO8CCdruvcX5YyeieXZfchSIlZ/GqqBHptdcLpwLiZsfmyTWeBvk5pMAsZaKJ1tfWpQ84s4epzMoieTfhTueGXmeRKX+DJBBcriU+5YoqNxpU1lPL+LoInorJSKN7c3ouFx78N3GDOCq7mlWI94lY0bIs5zhrfUN137ITCcED62AJ7vks=",
"client_secret": "AgDQXU7x6RLhE9Hc+goeR2+3rW316SLLLA8tfqx3tsykL+vxhRkY5UCEaak3Rgei0k14jB/Rmme+/O/D1/5tc/i885+sGn0yjU7Jo4L5nkIssUOHlmRSGkRJDb9ABPauFXAjap9KLix9bd8ewI7R0lS3tOK9ZhThYhcfDUqV9qkkbSHzwNptkH7gYWt9qzG/rqqqpFP+PCtjzKVve4LCBgaxetcnh1t+d5oh7VAFnSI9Bt1G/DRzi+K3YZ+YG5+XKevBp06GMiLUMiv/eUvmOfAB/KO79LnNVbOcRsAHfnqLbXgNjFzspr5xDiGMC/ma1245LavywqXDp0S9jjNEe48i51PPQMwHWV8XEovsM6LHcteluNogt+VkL4mOnmP+sba/V3NO51rt1WXl+ca+U4kBq4dLMsdpWUKemz9BlIRC4etEXjwKJ5DznT7u6GUTrXx2RCm1j0OYWM++P10SdyD6tGjKnZf88a33Wrwm8Y7c47JrPTlP4PqLq9gzvD310uVfs1vGYGULaToGy+D/th8qiWWlu7BIfwqlIj8lruVnOhQ4GeEZmUAsqYf8JfsBwuDc0Y+8qbwjFrr2z+5x+2XBL8KGZVopyme45SHijlBZs7YsJqTBsg5oW09grM8/oO731GtzSYmpat2VZlaILuTjALqo/cu//kxwmqh7UX+jnTJ/2N3bKKSAfHWbHDeHeS2XJ+eKaI4onNYW9J70EfAP3vOpU+zmQ8rOzJuJjRt0HarLwzc5CXb1Xhlgsaoj7zKXPQMnqIDngg==",
"rpc_secret": "AgAcJNCFtOhK28vnLredkTgsVpnMPwaXss5NT5ysc0IbVid2vWRk2CTjBZc5DzjxxLwI1Ok88MFXHP08ZGCYy4rIbwoi7Ei1OEevGWfaI4n5CvAxr4ZamQHSfIX9dVAm9BSSx2M/mDtCKqVEGJEzyHCedrxf6LXM/YTNgjD43BuCZZMu35mRsHItpYFZQSttlHiUvR8y2YKrhV2P7fiWRD3cCVao8ldzKfGuvRfal8ByGoxpsYLj2D9CdtPvRF/TQsWUJJWwzbI9DmbW1MMI4/b26Jfa5TBvHxS1MQxFJpSXuMIengO+b0bi7WaR36y/FrKSNxIrQDHI7XCb00yYaSfj3RkSBVoAD0a2p8vNupHCqsKBoaWd8tMv/wGP8wbBk4DgGeQiTIvfhbQZU/Q2/LVDDficjXVn3IuKP/cqgGVf6lUh5YsUSs8qwpMil7XySiHvaZn+iFAnsXoejd4S2e/pbRvyaxP1aa7TCxnINjpU7IrnUEUiI4glQmAte3MqZWLXcc0Uk3Qz9PP0cD+V8qCOryrPMP2kTAI8LT/K4DgcEMAEGes4Vx1l0oBMF0xJvhM2kZXcEcf0NzuQJvYTgZpQF5xp0TchezLshmEUSIkII9NvAvn+iEYJeHsJUDijjmBloSYe4+QTgdYh6FakVUwYI5U4ztDNrvgqhWjExfbn8HxaFzsNTsuzGoYs+jwXH8Wk2z1Q1oQjDdO5YTjmdqvkSTdin/5CiuCDHaQX6a4gNQ=="
}
}
}

10
infrastructure/gitea/kustomization.yaml
View File

@@ -5,21 +5,13 @@ resources:
- gitea.pvc.yaml
- gitea.ingress.yaml
- gitea.servicemonitor.yaml
- drone-kube-runner.deployment.yaml
- drone-server.deployment.yaml
- drone-server.sealedsecret.yaml
- actions.deployment.yaml
- actions.sealedsecret.yaml
- actions.rbac.yaml
# - actions.rbac.yaml
namespace: gitea
images:
- name: actions-runner
newName: ghcr.io/christopherhx/gitea-actions-runner
newTag: v0.0.11
helmCharts:
- name: gitea

1
kluster-deployments/kustomization.yaml
View File

@@ -32,6 +32,7 @@ resources:
- immich/
- journal/
- media/
- minecraft/application.yaml
- monitoring/
- ntfy/
- recipes/

18
kluster-deployments/minecraft/application.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: minecraft-application
namespace: argocd
spec:
project: apps
source:
repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
targetRevision: main
path: apps/minecraft
destination:
server: https://kubernetes.default.svc
namespace: minecraft
syncPolicy:
automated:
prune: true
selfHeal: false