remoll/k3s-infra
0
0
Fork 0
Code Issues 1 Pull Requests 5 Packages Projects Releases Wiki Activity

Compare commits

base: remoll:renovate/ghcr.io-coder-code-server-4.x
Branches Tags
remoll:main remoll:renovate/traefik-37.x remoll:renovate/loki-6.x remoll:renovate/grafana-9.x remoll:renovate/cloudnative-pg-0.x remoll:renovate/ghcr.io-coder-code-server-4.x remoll:feature/headscale remoll:feature/media-downloads remoll:feature/crowdsec remoll:feature/matrix remoll:feature/llm remoll:feature/gaming remoll:feature/affine remoll:feature/unified-file-sync
..
compare: remoll:1f498b9ac303f4d2057531e92aca3bf3dce0556d
Branches Tags
remoll:renovate/traefik-37.x remoll:renovate/loki-6.x remoll:main remoll:renovate/grafana-9.x remoll:renovate/cloudnative-pg-0.x remoll:renovate/ghcr.io-coder-code-server-4.x remoll:feature/headscale remoll:feature/media-downloads remoll:feature/crowdsec remoll:feature/matrix remoll:feature/llm remoll:feature/gaming remoll:feature/affine remoll:feature/unified-file-sync

1 Commits
renovate/g ... 1f498b9ac3

Author SHA1 Message Date
Renovate Bot
1f498b9ac3 Update Helm release redis to v20.12.0 2025-04-15 14:02:38 +00:00
50 changed files with 63 additions and 448 deletions
Expand all files Collapse all files

38
README.md
View File

@@ -45,41 +45,3 @@ The app-of-apps will bootstrap a fully featured cluster with the following compo
todo
### Status
[![App Status](https://argocd.kluster.moll.re/api/badge?name=authelia-application&revision=true&showAppName=true)](https://argocd.kluster.moll.re/applications/authelia-application)
[![App Status](https://argocd.kluster.moll.re/api/badge?name=backup-application&revision=true&showAppName=true)](https://argocd.kluster.moll.re/applications/backup-application)
[![App Status](https://argocd.kluster.moll.re/api/badge?name=external-application&revision=true&showAppName=true)](https://argocd.kluster.moll.re/applications/external-application)
[![App Status](https://argocd.kluster.moll.re/api/badge?name=external-dns-application&revision=true&showAppName=true)](https://argocd.kluster.moll.re/applications/external-dns-application)
[![App Status](https://argocd.kluster.moll.re/api/badge?name=gitea-application&revision=true&showAppName=true)](https://argocd.kluster.moll.re/applications/gitea-application)
[![App Status](https://argocd.kluster.moll.re/api/badge?name=metallb-application&revision=true&showAppName=true)](https://argocd.kluster.moll.re/applications/metallb-application)
[![App Status](https://argocd.kluster.moll.re/api/badge?name=monitoring-application&revision=true&showAppName=true)](https://argocd.kluster.moll.re/applications/monitoring-application)
[![App Status](https://argocd.kluster.moll.re/api/badge?name=nfs-provisioner-application&revision=true&showAppName=true)](https://argocd.kluster.moll.re/applications/nfs-provisioner-application)
[![App Status](https://argocd.kluster.moll.re/api/badge?name=pg-ha-application&revision=true&showAppName=true)](https://argocd.kluster.moll.re/applications/pg-ha-application)
[![App Status](https://argocd.kluster.moll.re/api/badge?name=renovate-application&revision=true&showAppName=true)](https://argocd.kluster.moll.re/applications/renovate-application)
[![App Status](https://argocd.kluster.moll.re/api/badge?name=sealedsecrets-application&revision=true&showAppName=true)](https://argocd.kluster.moll.re/applications/sealedsecrets-application)
[![App Status](https://argocd.kluster.moll.re/api/badge?name=traefik-application&revision=true&showAppName=true)](https://argocd.kluster.moll.re/applications/traefik-application)
---
[![App Status](https://argocd.kluster.moll.re/api/badge?name=adguard-application&revision=true&showAppName=true)](https://argocd.kluster.moll.re/applications/adguard-application)
[![App Status](https://argocd.kluster.moll.re/api/badge?name=audiobookshelf-application&revision=true&showAppName=true)](https://argocd.kluster.moll.re/applications/audiobookshelf-application)
[![App Status](https://argocd.kluster.moll.re/api/badge?name=code-server-application&revision=true&showAppName=true)](https://argocd.kluster.moll.re/applications/code-server-application)
[![App Status](https://argocd.kluster.moll.re/api/badge?name=files-application&revision=true&showAppName=true)](https://argocd.kluster.moll.re/applications/files-application)
[![App Status](https://argocd.kluster.moll.re/api/badge?name=finance-application&revision=true&showAppName=true)](https://argocd.kluster.moll.re/applications/finance-application)
[![App Status](https://argocd.kluster.moll.re/api/badge?name=grafana-application&revision=true&showAppName=true)](https://argocd.kluster.moll.re/applications/grafana-application)
[![App Status](https://argocd.kluster.moll.re/api/badge?name=homeassistant-application&revision=true&showAppName=true)](https://argocd.kluster.moll.re/applications/homeassistant-application)
[![App Status](https://argocd.kluster.moll.re/api/badge?name=immich-application&revision=true&showAppName=true)](https://argocd.kluster.moll.re/applications/immich-application)
[![App Status](https://argocd.kluster.moll.re/api/badge?name=kitchenowl-application&revision=true&showAppName=true)](https://argocd.kluster.moll.re/applications/kitchenowl-application)
[![App Status](https://argocd.kluster.moll.re/api/badge?name=linkding-application&revision=true&showAppName=true)](https://argocd.kluster.moll.re/applications/linkding-application)
[![App Status](https://argocd.kluster.moll.re/api/badge?name=media-application&revision=true&showAppName=true)](https://argocd.kluster.moll.re/applications/media-application)
[![App Status](https://argocd.kluster.moll.re/api/badge?name=minecraft-application&revision=true&showAppName=true)](https://argocd.kluster.moll.re/applications/minecraft-application)
[![App Status](https://argocd.kluster.moll.re/api/badge?name=ntfy-application&revision=true&showAppName=true)](https://argocd.kluster.moll.re/applications/ntfy-application)
[![App Status](https://argocd.kluster.moll.re/api/badge?name=paperless-application&revision=true&showAppName=true)](https://argocd.kluster.moll.re/applications/paperless-application)
[![App Status](https://argocd.kluster.moll.re/api/badge?name=recipes-application&revision=true&showAppName=true)](https://argocd.kluster.moll.re/applications/recipes-application)
[![App Status](https://argocd.kluster.moll.re/api/badge?name=rss-application&revision=true&showAppName=true)](https://argocd.kluster.moll.re/applications/rss-application)
---
[![App Status](https://argocd.kluster.moll.re/api/badge?name=journal-application&revision=true&showAppName=true)](https://argocd.kluster.moll.re/applications/journal-application)
[![App Status](https://argocd.kluster.moll.re/api/badge?name=physics-application&revision=true&showAppName=true)](https://argocd.kluster.moll.re/applications/physics-application)

2
apps/adguard/kustomization.yaml
View File

@@ -10,7 +10,7 @@ resources:
images:
- name: adguard/adguardhome
newName: adguard/adguardhome
newTag: v0.107.63
newTag: v0.107.59
namespace: adguard

2
apps/audiobookshelf/kustomization.yaml
View File

@@ -12,4 +12,4 @@ namespace: audiobookshelf
images:
- name: audiobookshelf
newName: ghcr.io/advplyr/audiobookshelf
newTag: "2.26.3"
newTag: "2.20.0"

2
apps/code-server/kustomization.yaml
View File

@@ -12,4 +12,4 @@ namespace: code-server
images:
- name: code-server
newName: ghcr.io/coder/code-server
newTag: 4.102.2-fedora
newTag: 4.98.2-fedora

2
apps/files/kustomization.yaml
View File

@@ -13,4 +13,4 @@ namespace: files
images:
- name: ocis
newName: owncloud/ocis
newTag: "7.2.0"
newTag: "7.1.2"

3
apps/finance/actualbudget.deployment.yaml
View File

@@ -21,9 +21,6 @@ spec:
env:
- name: TZ
value: Europe/Berlin
envFrom:
- secretRef:
name: actualbudget-oidc
volumeMounts:
- name: data
mountPath: /data

3
apps/finance/kustomization.yaml
View File

@@ -9,9 +9,8 @@ resources:
- actualbudget.deployment.yaml
- actualbudget.service.yaml
- actualbudget.ingress.yaml
- oidc.sealedsecret.yaml
images:
- name: actualbudget
newName: actualbudget/actual-server
newTag: 25.7.1
newTag: 25.4.0

19
apps/finance/oidc.sealedsecret.yaml
View File

@@ -1,19 +0,0 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: actualbudget-oidc
namespace: finance
spec:
encryptedData:
ACTUAL_OPENID_AUTH_METHOD: AgAhPqooAS/7R9S/X3KGfSfs3ClN38J9CEfkUTYAUvKGEehQ2Tz3thPNvhvnbz/gKRc7C172jgxoxaGMiVXi40Qa+I7Y8JVHefjoSd8NuubzQZU8ZK5KlYRgc5OnoPM3RLarHyZ2DFw5Q/ngv3sp1c5dSI4/604KSQPxVAFCnb/lnSkOsBggDRymWvYclx1NrLIClpLAFwHgCOm6g1kHCvtGIdBLxKOHsiRJm62+UyHt0GLkR0QFTDXBQxoBm9QR9kLjQqw/QqcOIVx1by0RHoHBI6HDEEIQVH3UgWqlMmIwm+a4KQeBEdEfWLn9YC8MGSdlQRlaZoi5ltFT2c/DWuMuRStnaOWbsMQVR+y6yJ2UNBe29uVQh6877iqfmAJvT6gXic73zI7Vkq6IFQ7veQPBaTi22HP/sxiElGI8rY0LtRHD4TctKSePaOPvsgrv8k8SpB5qYAft7UonbTPWzzRSSc4Y3Z4fQiD0x/uhtTqTTtukx39nzM2TjVGcJThWaxUGa07w1fjTafieFVwwreURBUpRK92X2NY3ovOdA9c1WrHfqIzVtpcnfQyCeA5D4XT2sBFk0+crwEm1GmtscjPkGnyctNMUSmkHd+QKw8EAmWxKge4+7rfOrZp5ZK7cBFJcB4gVQcxnm3bXr0qZyiA1udaxmSxVflQR2AjduvhKuE73AGPi0bJki5TvKJp6bavTotYfdMY=
ACTUAL_OPENID_CLIENT_ID: AgA6X0uYaU1n4XSXVntmT4+NgahYkkMVx61OZP8ExnSMkRPlwQfErhNHrwKsTsnD8OzP3svhxBe5bwaI8O1OKF0k5pQWG0DbRfmBrwiep9nBsKPt+fQm0AJUsZ2sQNShusmsSEumBKbMD0CMPklVMq18tLpOIh/YaXM34lsOutW0SIx7HWWQsyLmoolEoRVdkKvDhoh3FXjKqzGYlr1uKuqYG7pJPsxEpsTs2pZTUIlB2gVcEqb/ZXxgkj01GDYzB519swIOfYdISj7oCR8VG90M9iDrgmxsPkWozMDxFjNo5JR2dB9wvP7ptFex8JonbZZXYZD7tE+36U8iys6Cjh6JGwr9luN1AxYYSkRrNWJd2CuID+8ujWptoTvRSO0RwiVVp5LhXe1l2GxLsS2UVtO+nbWH6DGMJei4DQ+LAxDXFR8FAvi7615cneN0umQfF4ZMUJirvxHA3tFN42tbnRmSCbLAZLNLhQq8VbRmkYOAN6LCzSKYlyhSyA3NM2HjRTFkXGUhOPL+3tPZJB4v0QlEhlhy1Ffxh2mbUXgmQ+ZHGUsBXEHfc/Gba6gJhsj6S2DkiAeZUW6euY5/v4vpveWsS+YS+BxH441//8mOJnrpsWrcQbM5yCk4WMnmpETy/VFEkc3dqYfVWHDfvwAeqjVfXAovXBmwOoCASG6qDf0P7FdeLFTHUNuahyNhBzhBAQ/yNpOkbzKTJFBWwnM=
ACTUAL_OPENID_CLIENT_SECRET: AgAbJinP4E8rbGAw7BTfh/GB3XxQOfHiLFrgaikQbUIsmZu+Y6ktK7aJdcX2/g6yhHXX6z8p4xoYTaGgkpo8H0XWvUDT4ohqJVdJSWZgNx8MyzisVKi+51BEpslL4JvGo/ISjXT0hNeYGzFXlHnnr3LX+fuTVh3dKtk4t8nmR8SqaCCIyvKiBPmX/1QWo4Vrfw7OLpVlfGP0i3J7FrhjNgKMRWcQKQC4Ohk+NLHHghdtqzuFB8eKwcuBZmynKCVyblOhwZSL5WnyJPskWLMjNEizWuCubDdyHVY3ZqYLDe5dgoi7Gop5/xY7FEuEkmTL0g7LpKo4RkEKRLjsZwWtW+xN6HRRt7zGoUdIpo20ZnTtEH8C/qcxjHKUycFvzKLnk6ntq5rEdK2/MhBtMfd3a8pb4vpT9JNra1AWsB7zCUv4yc/FT0RpkL+1r1CVva4o+tzM8ojnm4o0ch6qsGb0IOYZvJx6sF7c6aj7c41YQK3ZrQF3bhhhEHYyWOBjy1V4T/GJPZ9CbhGG0PIsSvpW7d5pG5jNAwU/Xo6FL/vVUPwmSq/hCqYMSSSKNiMH/q/vzKyu5B5aQbNDAumzsLRqD/auJz8nAaUoLNBVHq+7zTs3wV7pEayY22teq/MN5PRtYOQLE5Ck60gv9Q70cfhgvTeK+eX4h9BbhfijCV/EiSYhLP7meeIpE80icdLUSkNROfW+0sf3RNbW5q3JX8PsW0h29VJgREJdlziLj2cCshe+ww==
ACTUAL_OPENID_DISCOVERY_URL: AgAQVZX6r8SPkwwBR1dmUF/ahuZKkGSsU/GULe5PF7Nm75UadtjPb5aHAZjWE59MdV61DQZDa4KJz1/fW4xDUrJBuUElIRQH4oyMTQG12MSMauQpLd25SVU8ex2NYyerbd85j521FSxujP0l3941KGsENLt5wCx/idXu47txhAHgS81mj3CLfWzT5yyG+V1i48a24xK905v+ft5ZKuNLOxvVb6yZSBt1j/3egx49eB49CRk/dxYQtPpSw8Zb6KgaN+skjq5HTH/Neb4J92nlJ1aFPVKbFLbtxyIHDSoO35U8ODHEJVGKBbZjjfrrjCpmQYnZPEWN9s+xj2NAXZ7qANcJfbFEF/3bOiKZhc0jLM5MyhiMZoytn4FvGM8zxINC3z8zqaWJm1wiMXEUH3/FLUa2UWeHKQB14h0f5XGwytb3s/nPCoBnHhtOK1y4utJ2APsQhRsxySZjgYNRaRCarp8PntY7yB7VHYlv5Mitx+qBWcAUmcKp1I4NTnm1LORRGzIFcrJJKtQfqcW7GNuZDA3AiLGyOMVigcA93GnPbppor5BItE9FK/BKqrR4Bz31jXSO8S7pjhi3JxBIKEMmMZRVbyelJ9o7gTpqrBvO7KZ5v/L+mlE0J8D2LZoEWPqxfa/BE+QZfwIS3wDWQl1GTruaAM4u0bp4i9GkyK3hPVXnml3dNMElSG3GvNqHhhy1Boo1cHXHbQ5YzbkGgzL9fLkigVQCi0FKItyBxdGsui9U0OU5LNi0EGKBibs22mdDkp6f051GWeMidtSwz9j5
ACTUAL_OPENID_SERVER_HOSTNAME: AgB+C31GqtPKbMifuTFYhwOgUwXph+RQYdnVQaVIaDiveE6Lydl/2HnTyFQIi2mhrbiCpDgegXuvGBoM7WHxlPepny5E66lY/cAdFaFDGMARqMXCRLVmvkt3U1IyNn9zPCPil0x+eAv2S/ETLm8Nj2OL9utxkdNBHub9xiGrE0d7qBeBfK1FNmainthYQUpnCsR7jowmmvYGuEyDwfG+suUooDdb5zaWmCJZRYk1jKD3zlu21N0sfciBJ/GpTdz/2V+NXqJJqs3r2zoB2GJPQ64pMuZHZ+yw8bYUkg7/QOHD2ofWmtzNOGGtiNRHAG8MtvF6ovc4Hgv5uu+4x413UP6pSIJsrHrXSHYP+mvu+ya3gNUn6YK2qymezrqbvUF/n7LoaDzTRqa0PmemtdskuABiwfqrdiOarxaWjomkXqnrBK6VkJ8PhOMDMv/j/c6zlXdhpnqlUyxMcjBjqicfNBWN8UByDIEw4D0rhibzOS4fIKjNHrmXHv39GNJsY90avhZqq42oTMJL0vcaj3v4pBZJdJ05TOvY7PQ/iUwnnczGqOtpAQtBKfCV2+PXp9o/64wOGc0Br322kSpzjIleWP9VWVgbqvwMjUGtlL+xTkCaOFpiYETxUim09c745WDc+YgU55rd5i/5t20wiKy7RSYnHvYOwvdjAlEgAnD0YZBXOQkL51nL9P+nOMAYBE0HiM1vYsd8R6h6Fk+G2gcs/2CLgwglqOtMwAm9A9+5qSqyMak6Z68=
template:
metadata:
creationTimestamp: null
name: actualbudget-oidc
namespace: finance

5
apps/grafana/grafana.values.yaml
View File

@@ -85,14 +85,13 @@ grafana.ini:
auth.generic_oauth:
name: Authelia
enabled: true
icon: signin
allow_sign_up: true
client_id: grafana
client_secret: ${AUTH_GRAFANA_CLIENT_SECRET}
scopes: openid profile email groups
empty_scopes: false
auth_url: https://auth.kluster.moll.re/api/oidc/authorization
token_url: https://auth.kluster.moll.re/api/oidc/token
api_url: https://auth.kluster.moll.re/api/oidc/userinfo
api_url: https://auth.kluster.moll.re/api/oidc/authorization/userinfo
tls_skip_verify_insecure: true
auto_login: true
use_pkce: true

2
apps/grafana/kustomization.yaml
View File

@@ -17,5 +17,5 @@ helmCharts:
- releaseName: grafana
name: grafana
repo: https://grafana.github.io/helm-charts
version: 9.2.10
version: 8.11.4
valuesFile: grafana.values.yaml

2
apps/homeassistant/kustomization.yaml
View File

@@ -15,4 +15,4 @@ resources:
images:
- name: homeassistant
newName: homeassistant/home-assistant
newTag: "2025.7"
newTag: "2025.4"

39
apps/immich/immich.postgres.yaml
View File

@@ -1,39 +0,0 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: immich-postgresql
spec:
instances: 1
imageName: ghcr.io/tensorchord/cloudnative-vectorchord:16-0.3.0
bootstrap:
initdb:
owner: immich
database: immich
secret:
name: postgres-password
dataChecksums: true
postInitApplicationSQL:
- ALTER USER immich WITH SUPERUSER;
- CREATE EXTENSION IF NOT EXISTS vchord CASCADE;
- CREATE EXTENSION IF NOT EXISTS "cube";
- CREATE EXTENSION IF NOT EXISTS "earthdistance";
postgresql:
shared_preload_libraries:
- "vchord.so"
storage:
size: 5Gi
storageClass: nfs-client
monitoring:
enablePodMonitor: true
resources:
limits:
cpu: 2
memory: 1024Mi
requests:
cpu: 50m
memory: 512Mi

8
apps/immich/kustomization.yaml
View File

@@ -4,7 +4,7 @@ resources:
- namespace.yaml
- ingress.yaml
- pvc.yaml
- immich.postgres.yaml
- postgres.yaml
- postgres.sealedsecret.yaml
- servicemonitor.yaml
@@ -15,16 +15,16 @@ namespace: immich
helmCharts:
- name: immich
releaseName: immich
version: 0.9.3
version: 0.9.2
valuesFile: values.yaml
repo: https://immich-app.github.io/immich-charts
images:
- name: ghcr.io/immich-app/immich-machine-learning
newTag: v1.135.3
newTag: v1.130.3
- name: ghcr.io/immich-app/immich-server
newTag: v1.135.3
newTag: v1.130.3
patches:

10
apps/immich/renovate.json
View File

@@ -1,10 +0,0 @@
{
"packageRules": [
{
"matchDatasources": ["docker"],
"matchPackagePrefixes": ["ghcr.io/immich-app/"],
"groupName": "Immich containers",
"groupSlug": "immich-app-images"
}
]
}

4
apps/immich/values.yaml
View File

@@ -6,7 +6,7 @@
env:
REDIS_HOSTNAME: '{{ printf "%s-redis-master" .Release.Name }}'
DB_HOSTNAME: "immich-postgresql-rw"
DB_HOSTNAME: "immich-postgres-rw"
DB_USERNAME:
valueFrom:
secretKeyRef:
@@ -56,7 +56,7 @@ machine-learning:
persistence:
cache:
enabled: true
size: 200Gi
size: 10Gi
# Optional: Set this to pvc to avoid downloading the ML models every start.
type: emptyDir
accessMode: ReadWriteMany

2
apps/kitchenowl/kustomization.yaml
View File

@@ -14,4 +14,4 @@ namespace: kitchenowl
images:
- name: kitchenowl
newName: tombursch/kitchenowl
newTag: v0.7.3
newTag: v0.6.11

2
apps/linkding/kustomization.yaml
View File

@@ -13,4 +13,4 @@ namespace: linkding
images:
- name: linkding
newName: sissbruecker/linkding
newTag: "1.41.0"
newTag: "1.39.1"

8
apps/minecraft/README.md
View File

@@ -1,11 +1,3 @@
## Setup
Because minecraft is quite sensitive to io performance, we want the data to be stored on a local disk. But hostpath is not well supported in talos (and is not persistent), so we use an ephemeral volume instead. In order to do this, we create an emptyDir volume and mount it to the pod.
We use an initContaier that copies the data to the local storage. Afterwards, copying from the local storage back to the persistent storage is handled by a preStop lifecycle event.
This way, we can have the best of both worlds: fast local storage and persistent storage.
## Sending a command
```
kubectl exec -it -n minecraft deploy/minecraft-server -- /bin/bash

36
apps/minecraft/job.yaml
View File

@@ -9,16 +9,6 @@ spec:
app: minecraft-server
spec:
restartPolicy: OnFailure
initContainers:
- name: copy-data-to-local
image: alpine
command: ["/bin/sh"]
args: ["-c", "cp -r /data/* /local-data/"]
volumeMounts:
- name: local-data
mountPath: /local-data
- name: minecraft-data
mountPath: /data
containers:
- name: minecraft-server
image: minecraft
@@ -42,7 +32,7 @@ spec:
name: curseforge-api
key: key
- name: CF_PAGE_URL
value: "https://www.curseforge.com/minecraft/modpacks/vault-hunters-1-18-2/files/6644480"
value: "https://www.curseforge.com/minecraft/modpacks/vault-hunters-1-18-2/files/5925838"
- name: VERSION
value: "1.18.2"
- name: INIT_MEMORY
@@ -59,34 +49,12 @@ spec:
value: "false"
- name: ENABLE_AUTOSTOP
value: "true"
- name: AUTOSTOP_TIMEOUT_EST
value: "1800" # stop 30 min after last disconnect
volumeMounts:
- name: local-data
mountPath: /data
- name: copy-data-to-persistent
image: rsync
command: ["/bin/sh"]
# args: ["-c", "sleep infinity"]
args: ["/run-rsync.sh"]
volumeMounts:
- name: local-data
mountPath: /local-data
- name: minecraft-data
mountPath: /persistent-data
- name: rsync-config
mountPath: /run-rsync.sh
subPath: run-rsync.sh
mountPath: /data
volumes:
- name: minecraft-data
persistentVolumeClaim:
claimName: minecraft-data
- name: local-data
emptyDir: {}
- name: rsync-config
configMap:
name: rsync-config
defaultMode: 0777

7
apps/minecraft/kustomization.yaml
View File

@@ -8,7 +8,6 @@ resources:
- pvc.yaml
- job.yaml
- service.yaml
- rsync.configmap.yaml
- curseforge.sealedsecret.yaml
@@ -16,9 +15,3 @@ images:
- name: minecraft
newName: itzg/minecraft-server
newTag: java21
- name: alpine
newName: alpine
newTag: "3.22"
- name: rsync
newName: eeacms/rsync
newTag: "2.7"

42
apps/minecraft/rsync.configmap.yaml
View File

@@ -1,42 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: rsync-config
data:
run-rsync.sh: |-
#!/bin/sh
set -eu
echo "Starting rsync..."
no_change_count=0
while [ "$no_change_count" -lt 3 ]; do
# use the i flag to get per line output of each change
rsync_output=$(rsync -avzi --delete /local-data/ /persistent-data/)
# echo "$rsync_output"
# in this format rsync outputs at least 4 lines:
# ---
# sending incremental file list
#
# sent 145,483 bytes received 717 bytes 26,581.82 bytes/sec
# total size is 708,682,765 speedup is 4,847.35
# ---
# even though a non-zero number of bytes is sent, no changes were made
line_count=$(echo "$rsync_output" | wc -l)
if [ "$line_count" -eq 4 ]; then
echo "Rsync output was: $rsync_output"
no_change_count=$((no_change_count + 1))
echo "No changes detected. Incrementing no_change_count to $no_change_count."
else
no_change_count=0
echo "Changes detected. Resetting no_change_count to 0."
fi
echo "Rsync completed. Sleeping for 10 minutes..."
sleep 600
done
echo "No changes detected for 3 consecutive runs. Exiting."

2
apps/ntfy/kustomization.yaml
View File

@@ -13,4 +13,4 @@ resources:
images:
- name: binwiederhier/ntfy
newName: binwiederhier/ntfy
newTag: v2.13.0
newTag: v2.11.0

4
apps/paperless/kustomization.yaml
View File

@@ -14,14 +14,14 @@ namespace: paperless
images:
- name: paperless
newName: ghcr.io/paperless-ngx/paperless-ngx
newTag: "2.17.1"
newTag: "2.15.1"
helmCharts:
- name: redis
releaseName: redis
repo: https://charts.bitnami.com/bitnami
version: 21.2.13
version: 20.12.0
valuesInline:
auth:
enabled: false

2
apps/recipes/kustomization.yaml
View File

@@ -13,5 +13,5 @@ resources:
images:
- name: mealie
newTag: v3.0.2
newTag: v2.8.0
newName: ghcr.io/mealie-recipes/mealie

48
apps/stump/deployment.yaml
View File

@@ -1,48 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: stump
spec:
replicas: 1
selector:
matchLabels:
app: stump
template:
metadata:
labels:
app: stump
spec:
containers:
- name: stump
image: stump
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
ports:
- containerPort: 10801
envFrom:
- configMapRef:
name: stump-config
volumeMounts:
- name: stump-data
mountPath: /data
- name: stump-config
mountPath: /config
volumes:
- name: stump-config
persistentVolumeClaim:
claimName: stump-config
- name: stump-data
persistentVolumeClaim:
claimName: stump-data

17
apps/stump/ingress.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: stump-ingressroute
spec:
entryPoints:
- websecure
routes:
- match: Host(`stump.kluster.moll.re`)
kind: Rule
services:
- name: stump-web
port: 10801
tls:
certResolver: default-tls

17
apps/stump/kustomization.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- pvc.yaml
- stump-config.configmap.yaml
- deployment.yaml
- service.yaml
- ingress.yaml
namespace: stump
images:
- name: stump
newName: aaronleopold/stump
newTag: "0.0.10"

4
apps/stump/namespace.yaml
View File

@@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: placeholder

23
apps/stump/pvc.yaml
View File

@@ -1,23 +0,0 @@
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: stump-data
spec:
storageClassName: "nfs-client"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: stump-config
spec:
storageClassName: "nfs-client"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi

10
apps/stump/service.yaml
View File

@@ -1,10 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: stump-web
spec:
selector:
app: stump
ports:
- port: 10801
targetPort: 10801

8
apps/stump/stump-config.configmap.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: stump-config
data:
STUMP_ENABLE_UPLOAD: "true"
STUMP_CONFIG_DIR: /config
ENABLE_KOREADER_SYNC: "true"

7
infrastructure/argocd/argocd.configmap.yaml
View File

@@ -3,9 +3,8 @@ kind: ConfigMap
metadata:
name: argocd-cm
data:
# enable helm when using kustomize
kustomize.buildOptions: --enable-helm
# disable admin user - use oidc
# switch to annotation based resource tracking as per
# https://argo-cd.readthedocs.io/en/stable/user-guide/resource_tracking/
application.resourceTrackingMethod: annotation+label
admin.enabled: "false"
# show neat status badges in the UI or as embeds
statusbadge.enabled: "true"

4
infrastructure/argocd/kustomization.yaml
View File

@@ -4,12 +4,14 @@ kind: Kustomization
namespace: argocd
resources:
- namespace.yaml
- https://github.com/argoproj/argo-cd//manifests/cluster-install?timeout=120&ref=v3.0.11
- https://raw.githubusercontent.com/argoproj/argo-cd/v2.13.3/manifests/install.yaml
- ingress.yaml
- argo-apps.application.yaml
- bootstrap-repo.sealedsecret.yaml
- argocd-oauth.sealedsecret.yaml
- servicemonitor.yaml
# DID NOT FIX RELOAD LOOPS
# - github.com/argoproj/argo-cd/examples/k8s-rbac/argocd-server-applications?ref=master
patches:

2
infrastructure/authelia/README.md
View File

@@ -6,3 +6,5 @@ k exec -it -n authelia deployments/authelia -- authelia crypto hash generate pb
```
give the client the hash, store the secret in `authelia-oidc.secret.yaml` and seal it.
}cnnhzH|Mf/yLn(v4rF#>KnGMgUS+TY

17
infrastructure/authelia/authelia-oidc.sealedsecret.yaml
View File

@@ -7,15 +7,14 @@ metadata:
namespace: authelia
spec:
encryptedData:
client.actualbudget: AgBkqA3lAi7ofkC47b1OlqFGQQ7TG2xJ71uT33fvXCuibkOdvpGyk5eeY2YGh4gqH9zPt739Vcee+y2w+DW/rrqoIPZqO1tx2wgNVT8H/ll8eFe3+3gBIylYXe0JQ2+AhonAjJgUuOKlTfv3tOiNavZEiDM4bVqv+5QfIRAy//YNr9p+G4/grLzc3+yfvGR9DaFrldaPDsg49m0rR2KXGL417V47WL/d1/7tDdoPEYYsmd3iB+RT3L1pQlGIGpieswcI6LETb2HuS/lelL9pC3yA8zBYq1jVW43LF/E99affv3VBdVZckHn9Ad5juKICXqxphp8Op2ynOzW0QNMdMjVahWPbNAAn27cTP5RZDodTmQGbPrK49R00IjzKKU4bDxtAwOpZKVJq3ArIh3j2ETycn/FhMIpLGEAGpMl+ZO077aznJl77nOAkjSXioOkNiPh32gKg5b3jVwry//8g4vTS6AEkNQkMrRey12p42MnT+CHDwgqAu0pDVAM0QvE8g+hhX8tENNN6IalRar/mNAa/lFcm1mXPVEv0ST+7YfQPm5vMY/BNixlpPTN3qd3KJje/Ahv7xHhNWnkez/+G++/l/mUjgVUsoD9cJ+p/87JZOKLiPEbxINFNcoJfO4XJrua6BwtwiGhsdVv61myC408AiBJ7akir2IMe/b/O54xZ+H0SHKlXc1lqRyQS83awcZj9tBAQut2B4IY9yNaudQyce82qMuH/X8pEWrNxfcxgnBCbAMJ24ZU1yWNFO3wqRaWO1MxOny8iefUosZI1wjYuDyzTcMqnq4rEoKEF/Q6NV/N+Rr2NNOiXR1/NjAfsk0CKIdSrERMazzM58omAxULlCgZGTw6i29Xulj4ToLXNhKAJqw==
client.argocd: AgAMeMuApKfbUmJ7qxTVuiFCoQvQnVY9e914jZJzZVoD7NNghd+GoI/kl9JuaTGd8FXC9Snp+Pdduvw88PNlR+ZLDQChh9z04BbYm0jOhu+6mxMl9klVc5kbEUILC8nA2Oad0KshnFuRt8PucbM3Adk5P8WwsH0+R0QCQqze36d5pZrNT3XsVHFzkEO69TVNmNDtde04UnlGKlXhtsZHVF0QXU+O0knNPK8Gav4NEAP0GiPSA4Hx49rpu3PzyISi0vUnW4jZQYP2hnD8arR4pAjehuHzkjt8A4sP635KaQ3kEE/6VL6eBLxzFeht31p7/owMAqvjA3Z2TwHc0Eo8zqzQdYIejDvBcm3p/iIECBJUffRRKT6ijlJnzmL8dFVRDkWGN3D2eg7xELQyoQfQLo8m8v3o5rRLDMxGin/dP/7DqL4GLRRIJMIcg3VMNqdSbi7ESlZ0zWZaFQ/3GQKy6y7ooqQS/nn+2stVo6RRuwAlPkpyTa29wOu4fjIsuQ4O9CQrBXowk+4xO1FqWVMUcPGfrLx32IcIC9iZ+QAb1goh1eADnl9D5eKJjWouStvA/i+YlRayHrIBn6XwRgcLaz3ydlZUtwt/HhheeB/N0jRRFD7Tf7SWMdOtyEnngglOmOoiytU0F8B+jNW2OPfPU3CP2AkKvLQ0El9kbLQHYpnpNfbjq6Fjj7b6l8LPo58WBua8uQBwghKL0d6NnjdRymLylJdMUJvGF/9F8rW+1VRndyVyuNRPUXFJv9wqklLQYu7+dtAphsnhO17LdGomjCkP51VtFloWNH49aBWj0p6scsMVahzU2lhzwWOSLh7iK3lm5Pyhkwl2GPR3ayQG8adSE6BaswtmdEpKYEbvi5kWy4In/Q==
client.gitea: AgAhsbmgb1LaYsCtd85vEu6dkwdzlIt9rfliyrjFxAmLwstrlhY1IXXrtd1f25sjWmxpiRnUmPgSaaeBpd2YEOFI2tDh3rwUW84q77ynmcIOGKEHpfQicVurvOuj2YNFE91hBf4A18QYRSLDZyCg4yJ/Ult5vS88mNSfaSrDkknjnNfV4+PZzM1JAfILQtWEMmG89vyIr75Ix+i6IkHdKu5YZK/2aOS+vX5LYiOGp7qVXkkKDCvbk8KNe/2gqvaSDCSoRCdtzEP9SdqOY+Zvw1A6dMTP8EZQmXW3qsNn6m9J+bFw8C0SJ+ptG3teuzKKvfkuyUVRSoO2aXREmwzkENG7jQBy4y3BBDU+U4iF73e1LCFczXsXy590rHZ66Jx6OseKFoGn1Jw/ir12soNCU2dnkUfgdiqN8yvkRJ3O/h2BYC5r7IJqIxNiqY2R1EhTgiG4/DhAvTcy+iZlgk/YMqSGVFLJtOQiy41+Vej79f7kw3A2u8HGksTkL5zkGxYIY8EyM+/VR4wHtUsjJTiP8+VHFWw/v5sxnTWAAAIdRn10371F8FNqdD1dCs5U8Xop0/WwFYaix0/dLkI+tJxQvopObAY1G4RKmTy0GTgE4sBGgqjI+KKdVdh6gO26WxtF07MlL57IjfQMlMFYXyapnDRplZkTfDBioF7+8eOd1hajgKUFv3OqkEJnk4ifZzfjXlAAdXRzic6ppfb4w+0YkSluZUTdTFr/SWt9eUnLYz/dkZ8ZV5mV4KZHlvPvfCwBWR3F2JfT0WUKlvC8l8AJKwyBokZJZODKDxaaGvoMvKgj/e11YncDpY/vLP/QbE2onVQKaA25ukUZNFL3WTZR1igi2huRns+/066HdUOLzncGceyDKg==
client.grafana: AgB2SV+f10heiF3WsurC2+cFZP4d+IvjVE++cDzVRacTcatR2eI7dn23bDYZv8ThLtByI76VWgIIgC3443WeyA1cXFfwUU/yL0sVTUmWqkMLjNosCbW0m6MzIN4nfTwG2QgkeNG9bTpO4KXhteTnNOZ8YYBIfKLeBiePUF22B/SrDu3l9AgBi0myjC2uoYVnXY723x6URbrapS6E5tbQTO9NfEIL1fsNIKOEskepLNfVSo0Np6jhkn4FA8FKkKNbbHr+im2zZkuo4xgfdUY4NEHpe/SYpsng8v2dhhy2/S7FOFZfJLyunCfrz1Y5UFvhNiosLgfcbPaF/+2Z9heYLEnW07suklQAwyhmFhHwukkeO3zdbJNDJMd1KnNfCSU//OQjsAuwwmXmh9Dqz89A/cimtpk4AjbRw9Zj1whrJJCx3WcisLrEJr9KrxNSY8LAzFTTq5k1bipOCpXnov0ZOrOpzgBsrmOToVuqfExD1cPAlm6L11a2H+SGs0271LIzcekhCnCE11mOK88/z6nLSmyYZH4f8TVt9RU8YmNZzfEJr9JCLISsznIILdtroPbCj3ovp2Q4brT5FdsvhAHSiHL8XHvDwbPJF71p0P6u/P/2oAGmbHdr6nltYi7zKiHLe2ATxEm0dozh/0usayTOvl4jyJKsn3HQQrBrGt/fNPRRm3L/vtvBSfhlP6slwRl9NUcrW1Q4QhBPsQWAEf1xBUYGMephez/4wpOUgxpmLnMZlWa2IKKWUP9R6BuP095ts/YKVT6otScXHs7h6sarQEgMELPyISDTmqBFQvX4Hm/M3uLSuyKsC7g+MBbgIYZX+/2IeR5jLN7zIdv9FVFOmwi5ChFD1Gk+QrQz0qLIScwPN61xHQ==
client.kitchenowl: AgDDhHuXHy1bEVjoJkEJsqKGUmoVDT1cMYxB02J+pxQ3BrN2YfZDK4CDMCdG9srzSBD7tG9BsZ9Oja/8imV3cjsXGc90hW/L3doSqe583N9TcDayMNX/lYPgZUfA/7rva02fHyO5dKRSUtRHaR2MjqZdmxhG9EgQX0tIrgwoFIjnU3Jj5co0cWwnd68G8CMZn72DRX3rRRmYv2I9KW/FUva2tIViPVtnJ6DcpFt3eMUhBmW/XOJWsea1QtJ1Ab9d1P+Zi47O9X5eNkkQrlIYMAt52VlbfhLDnI/67WA88yI7OTlsvucFYlvakAbZSk4CFfO7X/cg3v8Yxb9cD8S4vMB+sx7r5g6JfL+psaifAmJDQl4CLmzohaxegiHGWj5k+rWJgO6z4wl7jmiEKQkRcqlE724U9/3tF288AItlZcDUX9UifexeP8bJFua7vm9/wZqLg6eF02BNo+oWzFLjNSWBaEkSAjYCqUkqayfIgbYdutB83tB1gR/LKmF1fEIje0q0dap/b0Jrtq6LRSyPDMXiNeZSiRB+/GpoqkHz05I0H6887dEMwOZMhu9v4YLRyhH7FjtjwOSOiw3CaNCTW97IC0Z6EnFoiOJ9gl7TXg9CbpiaRN3Ds3RonL9scspOnMnZ6zez3khQwZCoeDeXOsE5YBYCRJkTkbZzMFoFBpOEhb83IfsLYlTQBF/LHD6FbwwaNHZscZSueMqK/6iq4R9SLeSgaz+/KKTpQ+KZVmGUttv0feNxC37/1jqbQZ7xH8Ykt6/Hvba7JvDRHrxNzgsMYWcZXL9oLDfheHXPpuFYE5KfZzMNDqvdje4+C0aFlEI/Zj+ESCNRobqAFg3UFuUrgtMjbzfpgoMhnPYL9/Xqz2Xh4Q==
client.linkding: AgC3GAgek9/3PvUSx3IEoqrf/kp7o8tMIZvf4cjv/mDOYKkwW5qvLbAHSdOfa+ZgpNNtZLC0jP9qYLJ1ULwZwTqQbq0PdNURag055u7w/dhIc5x/dGlu5p3mNGHWBFdwgZ8z4d1SEl05j1RfaM3OgtNwVBK9uqDLAwB6k3dry8MVLxq42+LeuhqaW3gqrecLDJsMlQtOlcuaz0IsVFPZvpFCVjGpLrw5wp5sEeInw9P6BJov5zNEi3YotoiOGuWmbrcGAcuw+wkql+lAVppQ0qx21XQqzwROu4TT2UmSIGkPC4tTykDR9tVUiikEIdnh9JuFXtDcMBmNMJUHoPVyiB7rMyCGRlkA5DkNp6zAccdJl1/E52TolbpXZC9qygZRCqavkDedEdJaGZVzV01Tv/UZrX8BBl0wljfZ/stweJG4QEuAp7oH4zyty22P21V7nd0EI4NUnVOFkZm0OY5DHF2EJx3fOpUzy4jr/Eys3Qr3mOeqlVAxGFI/kKdmWgZWkiGkQhGboJYshfdxgwZWwZ3csinfVMQqQKUt84OimGTbWhKd01LeeD6tPsB9KYdZt9S70JSY3bh1vRcvuR+hrq4ZBU1GfhGHMJOfs6kqijVHdScGqSFcTvOi3cVq1U3leppDCo8Iq3skJlGXQnrAqlzAf7RiV3vUob/fCe+IWPXppqZHk6ktuAjVp3e9kDigq0MJNsufXELTgTHVpLXxfh5yH9vxVOxPBg5iunRNM+mMm7BGzaJ2WNno+TA3I6v8HUK7LJ36I4ncKY/pYSBPIZ/AgKYHZwnS9fzMuDBV0jMnFkrw0O+2Wsh/Vfaptx4TCaQCYzoY28RbXepnieUrOOQjTevaJVp9/exHnqHRU14easU8Ng==
client.paperless: AgAnr9ea5mnC5CyAUoyfdzThsMq+djYbaknoGS50haZOP9KkE3tj8+IU1fIBF+RM5IssgrDTTJlt1O0dbSEQeFZYeVmx70v3sfV89suc9mHAmTaMSMpLfA0T6Q5dzZVjkxuRj6Qc2d8qCdX04rXBBWQDmdAo+29kvdoSiBtYeFg5z3MwhjxqKCPm+Ep6u+6xdYbcxIZgSz+/C2o/Op5vstWUEqBT4RATHouqAOK4He8fgnbeMjM9MzXmR2Jb4X+rovpwsOlH4eyoYBexeSry7eYkOhe3o9S43Hr2QxyRK6lwAF12gU4r86fCq+wKk07TlY4/yf0L90R1xPRTCO5JtAO/jTDxhU7SpzYgdG2DSAXlCT/LIBOfLuUXi7XY+EfRveKpdmPYIVNWF6OM0MjtfQLn9Kgt2onFxwOvb0v0i8P6Ivs4hoy9CnZMsIG3avbNB/8WZ7gaf4WdrtLK0HNfNjSDmfTKsuggkdA8ZuJa+QQfjfPj0ozLz60PAdz8aXV/W84NC0isaJc+KYXcx+FkmNJNyv/Usvo8RvDb6XfzfDjf5LiZ+Ylk6E3gvBGrWstVDi3WJ5dUwIAcfrmFz70Uffkme/w+zxwsaZH4tqayhPxjGALzf6Y9XAa+EkuyfJKfLU5JuHm7jHSsO0fWyflsF7LrjytyFm9CUlVAdbIZmjsoYPlHy/M6QHVGAwtKTUB/QOTT/PphCc2ZOetGZ8kQx13lHBBfMGCO6ihyflUEzGRrTVo3Rd3FqvFRnS/2Vf9S6u03/9qRPS7hK62VtuNxKcGZLka6odoxOKxHk34+mMC1qO0uGLVbM5wYPxBw0Av5L+F13Q4SBa04RJd8OWkspd/T6Yv1PTRGDEUmLZXT0Jv/e2YKPw==
client.recipes: AgBuQOpnlwK9qgNWTmpO2c9V8IehsbpHUN6UrwWjZrixE2If4/9z5KhdOsV509HMKFzphZLvso0R19HVtU4eKjhtXE62guzRS6aClQzxtgYDUSSdC3nTuBkTn6TL/dZeJjU6G6t9jPZG1nAACSPLlrbSgfcMvtEat4rEssDO6gNw+lS87cJTDzbqxVWsmQ2xDcCqWtuHH6E4nfJa6BvIrJ/1pd0sEij2iWJgciIwg7y/g9yziFtJudfag0EBRpPSxNtdorYxRSYTxKF5VkHuZKenfiRgU1wxz0KcvSjqE/ZPpB4UpSiNQlQnvpI3GUz2XIbaRGdQl0Ak1NEhKs89BXzcE+7tC3A/qY0tJkJRg6ePImKn6NxxJ9MQHpsRk2mW6r317BGLkabsIhqpn5Sw4Xm5MBmvmWVReDyy8rAiCpSXO5tVUrBHT0TX3pxq+TuX5j70G7kJxVyUBsVK6FsjTIOtGsrNEGbv3FhMG8bxRmBt/4XH8OIc0H98acWhor/kEQIHlmnW6tQNuvKT9ukv9H+e9RnPW7D/r+kqf/ZghbssF/Xjo2mbkdpz5aFNuFQwM0SUbVplIwXJqgaYZOznatwH3m37NYe3bcKPIr4b35NnQM9RI4UeLCs3WYRfm8260n7bvKlv98MRTr0P37O4gZ3uf/Dff9UryVaO42VvMF4n68eixOYmSeZ0CrafXYaAmd4eTnKQkBR/KxLb+Gp3PMZm0pZJ8hS5+Rew24EMtxBkT0KvaKBlTePOQtU8WloaWuyCYtgJTCogBn0QZ5nvxFTtICDDSJQ0p2yKbw5Lf3QZhjYqbF/e1uir20+a2Ic0FVU/gjfzW4FI3+wawqKDBpxsa2bAkg/4Au9INGTYV0YMLX0gWg==
client.todos: AgCbiUqRaoP7jTPPmJvqrzPgOJKY2ffG6MPH64xiZXF7gw3Is0PHFYU2XNxBf0dm9zjnKNIF+pe8tE9/IVyO2cwJdxFrp/fJng/sTXBW+gGKc4I1CEexQYFQyEUFNGKs7jn+3diWs+tXmUyN5SmU8hwuriYg6UxqQmjZCBBEHpCkXAGF3nXGUemmS7EOud/PhnWT8wUhaUTyPt1qDTPpfRx9I2GUpQ+KJUPK5h75m0BGYsCdG9suzC5PjpFoySaUPdh+PbzxPhpV92QEZW43MmUkA/bEMcYQnyUO96SpgsM+JSLOXhvQN5rStmXqxxuW2b6WRiDHdd2RHuMwn3pExwEK8FPoMt58Wo8do6SAasz6icskhdzAE44FhNpMUxUhJRqU0M/ZKIygfq5/oYDYTfimlwD2w9jEhQ7PZSjOAdfhC/u4ISJzsqGpkbwRORfnPuYDR8FJ/W7euF9V904fH/YGrRgd1IQm6pILxAJ8ebeYqmF2DXuxcJKS9ba0t8kl/W2j987/36DZ+jvfolrldgeMOvQBr3WCoeDBhTL1ujiTkPaWVI6w2PcHK57+C97FiAxkDHQnpTs7Nk7/B/aI9/XN333zHWVD+DIYflbfF16wbt4tJ/o3DH5t0NNvg/e9n3YLinvup6LVpeDZXY8E6imKAdDMHJ1EiLFhb1Qe605XPqWKwlGK4EKLmHcsP1/F2C6h3IZruoYpatqa6rwzgbKTtjlCgHSpPd0ndieAEi2RtGTtAqc9kSNzxUK0aMn2rubCZ2YMPsN7rbNGY1v+ow9zLiiVOLkHHXsf35BFP9v+kjA3SsT8xX1Qgx51pAiWdxgmuj/z5Y/nhGAZEc8T7gkhECbrXB4c+MiNRNXh6jR6qPK4Hw==
client.argocd: AgBWKTgzqy1UjMClw8+9MKCZAM53ErvunxeIMkyPkOvioGN5+QuvtT3rSCNJentXEhIK3V1mt0kYNb0yLei+W8o2Vgr/wqvPfA+JbtgfPKuHg1eayTXDB7TPXG8MzONM75pPEq6nTSz7YOfu5AU0OjX/3D4E8lBD3hCfEteAA6tbxplD0P17yEzQTspPbXh+YNRY8/BmRr4xbp3aDdekeYfrZ8HQaYOCs6vl3JH4SvYoPGxrsSS2muZEPESmWBBC72NcFVnpNG4i106qxwvMlfOwKz4+FQsHMZAdRYmXayefwMWTxOC4MN1VUE3S6FDZlU5Zds52qOF1bO8w0cLyFaILtcPkjV0w+7eCUhrYx3CzyaCnVAHBBwvUt3VZ+g7RESI+Qc0CDV5IwTpj0R0Z4K8ieGMr/gEU83Wm5Hv66aneZppAJV5E8BixIdFTAoZlLNXg3Q6R6I8PrcnTlF9IzBbrWBrE1MuYgvzIIZm4+lohV+jhJcOPgRANxVkDwAz1Sk3AfHFwKtxtzwjvpOyr+R49+I14GGyKtUcZjHioSUSiTqV4JOYvFmSDXsy5CrzFdO4zCn5jMhkGRWztBJY9nN1Ui5yODag2S7TVsCgcYNF0tItaNMHmhkez/NoWFDUvcNwr/+hGC+DQN0xoZTO3vskyW0RGKjBSnoI5QUnuJqFJsRymh7VpRvMr2C+0Tvk1nEoOoRmA65aRJScgp/acZl4UXhwOjyIpSNzai9kvIj5PVVf6+78z11h5c9w+vF1IDKCDGGgjrnXBeHFGoty35UVGOGOXQoQbLXyYu9ZWN6i6garwl5ATwea8oaUB1h1xweoqSz6xrHcLmjqWLbm8Me4eSA3TjvsD8gtnhAfnVAETxBT3UQ==
client.gitea: AgBEIzadyU5+RT5nKUII3EPXfi4yl52FzvQQxEfX8T5845fAQh0/8ay/E3oXKjH/MvsnPWvIwBfAG3DZ6LBVt39SOA3+5csbcwgQn8ZSigfriowkGJKiSu/UhqloiCuIvzZwu7CrTUaAdrWdMOpYvVPts0TYUUdA5tcPGYyw4Sd4Z5hi22+NeMoCdMl67iag31I0PLEWl92WQcQ/V/sOKuLm0p8TEIZaPyCHLBwUPbD7Hvka6JhrkmkybnOJfmQLrHAblPptVlIOVwER3e3Wrzvh6YfOq3KUtFboeyLRRafOy4j5j0dWXj21WLznomH644ioUeysAG6gP/HZthuNMTUydz2dsWtIu5J82jP9bbjUibZeQIHjS1Y1eqPSd9lJWNjWBb69xuDIewLZ75rfOuTdVp83+iGkha2yhc8OEHBaXRFO3zDL/eYSuBGxLRtSR30WSHD6sgGmrGzSShAlM7MnuSU8tqeHtmLuKH85ls89HvVvgn6ZVj5+P6dmHctFM1tp8Q97nUeZZGbThT0DztKExNTdb1yCsb9m8lDxX7avGfBYvx7ntqBdxz5CurbFvEYi/9C98EYZycaurjUIRBjEgbT7vHkIIvJBy1JDVZYDFzNGkvZ0oOhehANvx9UNKeb32iCV3ypGE7oXF0/WFdFImSZWfTHVpqOUN+LJTnZylkwcyByp8Ut4R7xS5by/bBV846LK985fzCRWldHk0U7xli1FUvqHMvocOTsrwVjWtE0C9X+GDQMAJEP7z5xWlMCEePjEZq2/OPHXiRlDZ/rQfQS5zpkIZAK/vaiRCZ/arpN0RslwOzIDnnyFJB0jqhIsXf1JUDZUis7yLtnyaVh3I9a0EXrPu49ItBk7XdSNMYJ9Hg==
client.grafana: AgAuT9f75mVVegFb5kC7v0wq/myoG6JlN8DLvY2tBqqCJ3pDMaFkVSALustQvUxpQ3UDFndKk3vF3rL/ot2h4R5dQO82guqR5rnyi7dGgf4+guV31V+Pz+cMKMNGDzvP6gq1+ePuGgR8Q70OKKk28Neiv1zd0quzKNY+Fmi3nYVonnKt7SDRrMgHdrak1jTyyBCDCl3k1S/kCjSsBUOfZuPDWxbSyKi8UvizwEm7QmK4ifsdA4IyaO6R5u/B9aQP4/eeb9uXaoBZVDWsrqi0ZHBavCnyJ79rYwDx+6ThsEbwYYsJ00omGts/1EPZL+1EpdJ97biIzapXpvlTRQwcxOZ0sXnA+5ig0Bs25u+T012HNZndYLcqmRsgKk+Iz7YjPRddaIFFEhttgubxCk/dMvzcchkOFI36gEC2TQCX7B7EcBAi6lQG7I7BVV0UrqmNhrzYCeY8AyNd9k6dNj+NslHfxM9QFIJmK8UnX4tx3OSJQJLaXN2ZG7TcPxv+Hn5z6A+PTE8+iwJ4mZmjxoVbyN+PYwz0m+uDqS4iDrd689NjFNy2lUxoCTtoYHs/U+GNOFD67YjT7DE9PbuS5zWlHCYM/W+5Hfasqs3/NgpbX6P44ZIMUBSdcgD/TEKyjP/ttjXG3FKVO/RkrJCNyUSHQKRlMJrzwEfwze3YQ1XKw5xLzDN8dTb1fkeDSE0EuGCtqH2S7cZE/3/w16PJ/ba5WR3v3CC99WQMMdeXLGP6C8PGq7Z/WErXlNLLPCsQKIMqlhoupm/r65SEcgf+OBI1iUG2dFNdB4VwFIU9UwHm2t3gcnU9Lq3DGQaOQusIHJgVF7UuamogkTfmCt6vxxIxXyPodiebZ520TeGgKIxvwTftxl+miw==
client.kitchenowl: AgAb9vWFHkiFgsHs+1nrq65n+kT03igRLq3KWIvDg6EokA2TDXYb4KwYBZa1xcFwgT1iiLge71Y6spMRVkJdLAjRCaPCtSTGygzlZ7z9NFkn5O9YuWgkp+cPr62ElHpx9umKEx+Ug4vgyvrBk9eLWxdZZsiJZL6GcjUbMe/Mx2429mveg0kyfKg3XjraeU7xcHWwAj9PbjeRnhEewvr+9sdv3H1wA45E2+pZ9cZ+ETl9wXXNquUzUFSp8IOxzXwx34aDqjdnMbEgU3k2TEe3N9wU+r9vuzn4kesh0zEGkEfXhKtnGNSXFheU+aa/5cTfIp/GPfx3+dJ54LLWfVGU9X+COI70zvTEtAhgJptkWqJ7dVp6SLgQotvg3bTNohof1/6JDPKQvGvkQ3ALYMXYDd27NrmP3ZSJYdNGev0yDr6MXyNlv8SglnsRIpfMmPyl913/10DbvB5b0Tiy2xzmmODpG6Gk6EQquaJ2g+imaV8VPSdDOoRK+rDg2AH5KKRn8vxH7d/NRsmOmCxadqmyyWBbl9onu+TzSnjnPxyc2cl3EeqaaciXyh/eu3Ar27DVu1l6Iorv+N34Bttdti0TZgeeMD6/Y7eAXTry482ix26UOYmTH5+mGoGVAkh5BuWO2fR52vuEHV1T1VYVRK3+PX1OIeWEoEdPMvDokELc4W1Av4lVDKcacvNzuMZ1gpiXmdCNnYfDq9CbW00rS1/LPPUIdIyOfHg2q/OgxtkjiPUwWQCTc5NO8FPlQ2B4ZsJ51vfxl2zx19w9tgQVi7C7T7Iek/2Svz8QMiZtf9N3W8CoUp2RXktV+Z2yI3FWG55IzicRbVLWpeidRxuJTEdm8emgHSiMpDM9Uejv7pAs3QkLRX2+og==
client.linkding: AgChIcLDfhCZshqJgG+H5exbWt29ms882BkAgDAopvbhbXE/e+I0tVw2FNDZWmKbI+i/Hlrvj4Bputn7pUcoAZf5W8FUJ2nOMhJjtjwMF6O0QzBje0Xrzi9eK91XWA3PRxbPOzBZYWlmWvwelYw0hCgfp1XRn3aXkPcpsZFV8Bb2KSXDSk39+UqIm1I4rR9hCXPMkorTUZOa/NYpDr4ieenbRS8PeeWATPzSxn0hN+RnXHnoUrKdO03px/2mYS4SYJrgZ2DrkGN7uz3/ARwqxxKcMBQeQCe0S3Udsw0tvvJbjeHJIQ3fzIz+BZdbKLgVuJa0ZNQxmuDVBFY+60d89nR6wKsyoRgC8y/sEHRpztUjiJC7WBiiJ/g80luMuo/7ZTIvu6u1I/eugsopJKUONv23cowdqthyzlsnKCsBTgfdzXuFy5YYoL7GPcybdpUcOA8upr15dE8vsN3UJEYJCZkw1V4iedzHVGPpo6tts4sewnzplH93QpwbVywMcSl1k8oeHqbdmh0srJ54hBFboyNRr2eQT+b43oFJZtQb3hhuZyO/uXKx44jeBoVYkmKCVldBBDE0FdQpAk2m6dtvXae37Eu7xHiWxY/KDzVxBzJn4NWboQRiTM9HQ7pLuAKgG+Ec1+nwfBgq3G9jZrdIN4/tWNvuBRuPrUTt7pwGJ7RCbMgSz9xbVFCxwBx8GwaNRFOH3/RoMdVwlUntRELYN7+pU9S0FS/VPnbVxOZbJI3ZHFj9n8qZ3lBD3SiHB4rNnirQf34CuEfnLigpSdskKdOsekXQybxVq68T63Ntf/yn/t0+nV5VdqpW0stqRBQaUq3yEqfAn0/HQ7nTgSbHf4ZsTMsAU+CSAewnig6qKTcS7a7Lrw==
client.paperless: AgA4weCcn9z4H2WIqADKRpOMkCmA/6pci0SCKsTcS2nf6XuRG0pFufVqrVTe5jYIfAymKJs+Yzlf6V5ViE+3U/PhtBgHC1zifYBVkC0lSUUKx2YWkmrnSylAZZIYArC+kdNXU7pwIS4i8eCxeB8NhTtHBMXdfPig5kH/G6/FaL5RZ52Ly3jf3h2UP3JrWbk4dYijZbjvHsGNJMyDJ5cW2DtgMmFNMte2ScBuGpgF2tDiVKW7Zq2aEpVtVXvWjF2euuL39EFvLzPAIXeG4TaagBCnFfMVVxyrS8Dk63CiWQzTSaeBDbUhRuOGAYD0GELhSxpsKjOgm5AaOk/sJBjoAliFtSyejO30tP+5PBC+FE4RlJM5dMjHU8/9T/tBSOus3k7xWmExc5Eavf8yeXVmNeTJfC+Sji6QZxG5P9xisKXgn7EX+T4aKpeJ2FxAtL7NKgnrKeoztiHV2vJH6TepGjFejf5VJRjOP2QAJkX0ApnUVfhww4CjhBFo20zRYyI591ZMbw8PxlRFmAsXhL9XeaXQcl7nq2P2N0IdodtR9xMVlvpkuv11AZnzXjC8GfWgPE9vmDz5RW7Eo4WzWDaFVBL8Sjx+NZllV/qVHlJfbGgqgKmtzJWUZUATE9y9YwOG8PSKmw7fbIHccJ1o1HOG7BWIOQ/QIo94uQQWI0Z5ESRgaCsbf2oBX8HyYFdMA0s9sS9OdD1NWDTb1mVnhA8Pjq4XatA2PGlRPWBVD8YpjbeuNQXR4RuSuUvuKGOOO4Jsv0/ZXc4cUmPB3VWNzQO/0iNt8MOsZWjtQNiDBLZ3xVjRWo/p+Q7P+o1YCThuLxwdmyvAxkioRfR0DJY+ZrkErVnTv1CfLdS4ejf7ZYXcgsh5ZC8Kww==
client.recipes: AgC3w8qEgD9fru8tJRi3mYSDbJVq5oG++x8XfeRKAQPXFtMKdFYAvn3zGPc4viavPnvE1mkHWSn0ECC+YKEThiXlI9ok1CKnspLrzi6oQlReCUnyJdu9e49xgV7kb5/SQsZbDlVmtluTi8j8y9AIUows/HsMjXgoNrG6RodAsWp5cauCgLBrqMk9nPuQVH1jTNFm27rMrJahLTjr/z/5chdiU6sjPH9EIDnaLEP3o8/ACpPTtwF4PYQszUVT3Uhn4YlekqAYMfEolBYsPLSDQyiDr1fwO3/4YUHNSO/+bN+7vscS+x8zozb750Oi9c1ARc8ENn6AiM3ZEd32ZJKqfqJ3+CxsXsuG7VjfHu3+gc4uqLTbwZ+BVacSoA7JObsoQEbWdCGWTNo5FMXrhIv+BKDB59eLKXTOlBfVTLlbh0P7tSR57fhSpBomcvvnQ+MtfSS9hDFMNiPhb135c8hjJcbMZ6xdQz6HARVtP5nVuPyDafbez6A+VT9sUDt29+oNf5qpk25526Q4GI/YlyvXH+3RT5q8syYuSIZsmh92qD5ZltffW5kRooCeskAryiyWdgyqjMAekR1dZR9wqvzRraDpY/neLvrpUAPl7U6kdlzuIdaJFTnXmNKc1wK5NaeAEf4wwO6H/ibWEzIJKQJcTlmi+0J1SfHcCULYZ5ASeAkSRUxpdVk16LCTHWbyHYFOYmGsmeMmRTYylB/FdOuUEZWrO5B99xw5baSvLN842v2JnwR27Mha3RvS0teSgbuXgG5kWWGGZs9oibsNaaNz9p1MPw/HR4M6PmfEJRsaz+cX02bVUVzdaXhoTZ/D0DoNe8lB+Ofupjl7jAGzEJpGbwK7cB1gnITa4blqyszrKg1dg2L+ZA==
client.todos: AgBaZOU3D5ZEi2iZud0kLIgZVVNwWjreEDMiadtgZ99S236SOckGlqTes+6gcTcMUQe6CFcxatx8sXamGd9xtIwyZa/5jns4Ju0L4Tozf57uQS1CPY10wyLlPc/a/thn6dItfh5l0Fr+vQBmV0dlEJ12UM9iIH/w9raaf0VkDP/XbZw6PZ0lVoJp6u8LrjMIf5+pdlPOSytFNzB0EbWfQYGObD/zgt45V48+gE9jLolLIEz7QPMrUg0dj1RjWJE+dWXzv+4gCsRi/64gPUdkOZS4YWIlFP08jcDChzbqhVkqUXz3AOQOxF7+2NpD966dxWiYRQfDfFwb+V4vK8C4+DlQL8p22MxWt6iOhxpSoXVVlCInYxxhjpk/gpECqfu6gKlEexg+ekccAvkKVmBX9TbOjsurYFjL3JfuL057fjWIpvZhkQjJCQJiCgVGPtyVhoCzsKeyVDNJvXs6dYp8CMrRAcn/fdo4wI0/tva723ub++AsKSsXCRT+d+03FnBbjRrxSQdDiP4xYY6BqNfjwHGYSoULxtop5t2qt7PzFlpCxNjRe4NrkENCw8xDDSRrg4CLmazPi1Xs+MDeEP3cpi9sRzQx9u2JrvvHmsTeHjVY/MQHb072nLa6xAiUQoXQLMlzxJuwx0U5DmsMe6o8FfKaLikcS4CDKEAddLDI25z2XUBA9J7BTXdhtHB012S1COhouRqn333uKF/BnABI32/Afj9qsDy8VQ3iZyTKpLQUOrOzKKTenXy0b3VV9Vw3DoDPhEb9//fGrVoLdbXDpYaJScza9qg7QWmLqO8Cbk/83t1C28LWqZKWyMtq+QFQ1ANIbi53BopX8zBQargctEVielkpN5HqVCAIow0nQcGmZdZClg==
template:
metadata:
creationTimestamp: null

35
infrastructure/authelia/authelia.values.yaml
View File

@@ -75,7 +75,7 @@ configMap:
local:
enabled: true
path: /config/db.sqlite3
file: /config/db.sqlite3
identity_validation:
@@ -122,12 +122,8 @@ configMap:
- 'profile'
- 'groups'
- 'email'
response_types:
- 'code'
grant_types:
- 'authorization_code'
access_token_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_post'
consent_mode: 'implicit'
- client_id: 'recipes'
client_name: 'Recipes'
@@ -236,34 +232,13 @@ configMap:
authorization_policy: 'one_factor'
redirect_uris:
- 'https://kitchen.kluster.moll.re/signin/redirect'
- kitchenowl:/signin/redirect
- kitchenowl:///signin/redirect
# mobile app as well
scopes:
- openid
- email
- profile
- client_id: 'actualbudget'
client_name: 'Actual Budget'
client_secret:
path: '/secrets/authelia-oidc/client.actualbudget'
public: false
authorization_policy: 'one_factor'
require_pkce: false
pkce_challenge_method: ''
redirect_uris:
- 'https://actualbudget.kluster.moll.re/openid/callback'
scopes:
- 'openid'
- 'profile'
- 'groups'
- 'email'
response_types:
- 'code'
grant_types:
- 'authorization_code'
access_token_signed_response_alg: 'none'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic'
# notifier
# is set through a secret

2
infrastructure/authelia/kustomization.yaml
View File

@@ -27,6 +27,6 @@ images:
helmCharts:
- name: authelia
releaseName: authelia
version: 0.10.41
version: 0.10.4
repo: https://charts.authelia.com
valuesFile: authelia.values.yaml

4
infrastructure/external-dns/kustomization.yaml
View File

@@ -11,8 +11,8 @@ resources:
images:
- name: octodns
newName: octodns/octodns # has all plugins
newTag: "2025.07"
newTag: "2025.04"
- name: git
newName: alpine/git
newTag: "v2.49.1"
newTag: "v2.47.2"

4
infrastructure/gitea/gitea.values.yaml
View File

@@ -170,7 +170,5 @@ postgresql:
enabled: false
postgresql-ha:
enabled: false
valkey:
enabled: false
valkey-cluster:
redis-cluster:
enabled: false

2
infrastructure/gitea/kustomization.yaml
View File

@@ -23,6 +23,6 @@ helmCharts:
- name: gitea
namespace: gitea # needs to be set explicitly for svc to be referenced correctly
releaseName: gitea
version: 12.0.0
version: 11.0.1
valuesFile: gitea.values.yaml
repo: https://dl.gitea.io/charts/

2
infrastructure/metallb-system/kustomization.yaml
View File

@@ -10,6 +10,6 @@ namespace: metallb-system
helmCharts:
- name: metallb
repo: https://metallb.github.io/metallb
version: 0.15.2
version: 0.14.9
releaseName: metallb
valuesFile: values.yaml

8
infrastructure/monitoring/kustomization.yaml
View File

@@ -6,7 +6,7 @@ namespace: monitoring
resources:
- namespace.yaml
# prometheus-operator crds
- https://github.com/prometheus-operator/prometheus-operator?ref=v0.84.0
- https://github.com/prometheus-operator/prometheus-operator?ref=v0.81.0
# single prometheus instance with a thanos sidecar
- prometheus.yaml
- thanos-store.statefulset.yaml
@@ -17,17 +17,17 @@ resources:
images:
- name: thanos
newName: quay.io/thanos/thanos
newTag: v0.39.2
newTag: v0.38.0
helmCharts:
- name: loki
releaseName: loki
repo: https://grafana.github.io/helm-charts
version: 6.31.0
version: 6.29.0
valuesFile: loki.values.yaml
- name: prometheus-node-exporter
releaseName: prometheus-node-exporter
repo: https://prometheus-community.github.io/helm-charts
version: 4.47.3
version: 4.45.2
valuesFile: prometheus-node-exporter.values.yaml

2
infrastructure/pg-ha/kustomization.yaml
View File

@@ -9,6 +9,6 @@ namespace: pg-ha
helmCharts:
- name: cloudnative-pg
releaseName: pg-controller
version: 0.24.0
version: 0.23.2
valuesFile: values.yaml
repo: https://cloudnative-pg.io/charts/

2
infrastructure/renovate/kustomization.yaml
View File

@@ -11,4 +11,4 @@ resources:
images:
- name: renovate/renovate
newName: renovate/renovate
newTag: "41"
newTag: "39"

2
infrastructure/sealedsecrets/kustomization.yaml
View File

@@ -9,4 +9,4 @@ resources:
images:
- name: controller
newName: docker.io/bitnami/sealed-secrets-controller
newTag: 0.30.0
newTag: 0.29.0

2
infrastructure/traefik-system/kustomization.yaml
View File

@@ -13,6 +13,6 @@ namespace: traefik-system
helmCharts:
- name: traefik
releaseName: traefik
version: 36.3.0
version: 34.5.0
valuesFile: values.yaml
repo: https://traefik.github.io/charts

1
kluster-deployments/kustomization.yaml
View File

@@ -41,6 +41,5 @@ resources:
- paperless/
- recipes/
- rss/
- stump/
- todos/
- whoami/

18
kluster-deployments/stump/application.yaml
View File

@@ -1,18 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: stump-application
spec:
project: apps
destination:
server: https://kubernetes.default.svc
namespace: stump
syncPolicy:
automated:
prune: true
selfHeal: true
sources:
- repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
targetRevision: main
path: apps/stump

4
kluster-deployments/stump/kustomization.yaml
View File

@@ -1,4 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- application.yaml

12
renovate.json
View File

@@ -1,14 +1,4 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"dependencyDashboard": true,
"extends": [
"local>remoll/k3s-infra//apps/immich/renovate.json"
],
"packageRules": [
{
"matchUpdateTypes": ["patch"],
"automerge": true,
"ignoreTests": true
}
]
"dependencyDashboard": true
}