yq formatting

Signed-off-by: Martyn Ranyard <m@rtyn.berlin>

everything-app/app-cilium.yaml

@@ -17,28 +17,23 @@ spec:
         - name: ipam.mode
           value: kubernetes
         - name: kubeProxyReplacement
-          value: "true"
+          value: 'true'
         - name: securityContext.capabilities.ciliumAgent
-          value: "{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}"
+          value: '{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}'
         - name: securityContext.capabilities.cleanCiliumState
-          value: "{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}"
+          value: '{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}'
         - name: cgroup.autoMount.enabled
-          value: "false"
+          value: 'false'
         - name: cgroup.hostRoot
           value: /sys/fs/cgroup
         - name: k8sServiceHost
           value: localhost
         - name: k8sServicePort
-          value: "7445"
+          value: '7445'
         - name: k8sClientRateLimit.qps
-          value: "50"
+          value: '50'
         - name: k8sClientRateLimit.burst
-          value: "100"
+          value: '100'
   syncPolicy:
     automated:
       selfHeal: true
-
-
-
-
-

everything-app/app-ingress-nginx.yaml

@@ -15,33 +15,41 @@ spec:
     helm:
       parameters:
         - name: controller.ingressClassResource.default
-        value: "true"
+          value: 'true'
         - name: controller.config.annotations-risk-level
-        value: "Critical"
+          value: Critical
         - name: controller.service.type
           value: LoadBalancer
         - name: controller.allowSnippetAnnotations
-        value: "true"
+          value: 'true'
         - name: controller.resources.requests.cpu
-        value: "35m"
+          value: 35m
         - name: controller.resources.requests.memory
-        value: "351198544"
+          value: '351198544'
         - name: controller.extraArgs.default-ssl-certificate
-        value: "cluster-ingress/cluster-ingress-wildcard"
+          value: cluster-ingress/cluster-ingress-wildcard
         - name: controller.config.http-snippet
-        value: |-
+          value: 'more_set_headers -a "X-Robots-Tag: noai";
-          more_set_headers -a "X-Robots-Tag: noai";
+
             more_set_headers -a "X-Robots-Tag: Google-Extended: none";
+
             more_set_headers -a "X-Robots-Tag: GPTBot: none";
+
             more_set_headers -a "X-Robots-Tag: ChatGPT-User: none";
+
             more_set_headers -a "X-Robots-Tag: anthropic-ai: none";
+
             more_set_headers -a "X-Robots-Tag: CCBot: none";
+
             more_set_headers -a "X-Robots-Tag: semrushbot: none";
+
             more_set_headers -a "X-Robots-Tag: Amazonbot: none";
+
             more_set_headers -a "X-Robots-Tag: dotbot: none";
-          more_set_headers -a "X-Robots-Tag: AhrefsBot: none";
+
+            more_set_headers -a "X-Robots-Tag: AhrefsBot: none";'
         - name: controller.config.block-user-agents
-        value: "~*Amazonbot,~*SemrushBot,~*DotBot,~*Ahrefsbot,~*GPT"
+          value: ~*Amazonbot,~*SemrushBot,~*DotBot,~*Ahrefsbot,~*GPT
   syncPolicy:
     automated:
       selfHeal: true

everything-app/app-letsencrypt.yaml

@@ -15,7 +15,7 @@ spec:
     helm:
       parameters:
         - name: installCRDs
-        value: "true"
+          value: 'true'
   syncPolicy:
     automated:
       selfHeal: true

everything-app/code-server.yaml

@@ -18,7 +18,7 @@ spec:
         - name: service.type
           value: LoadBalancer
         - name: service.port
-        value: "80"
+          value: '80'
     path: apps-helm/code-server
     repoURL: https://git.martyn.berlin/martyn/infra4talos
     targetRevision: HEAD

everything-app/dnsimple-cert-manager-webhook.yaml

@@ -13,17 +13,17 @@ spec:
     helm:
       parameters:
         - name: clusterIssuer.production.enabled
-        value: "true"
+          value: 'true'
         - name: clusterIssuer.staging.enabled
-        value: "true"
+          value: 'true'
         - name: clusterIssuer.email
-        value: "ranuardm@gmail.com"
+          value: ranuardm@gmail.com
         - name: dnsimple.existingTokenSecret
-        value: "true"
+          value: 'true'
         - name: dnsimple.tokenSecretName
-        value: "dnsimple-webhook-secret"
+          value: dnsimple-webhook-secret
         - name: dnsimple.accountID
-        value: "106218"
+          value: '106218'
     repoURL: https://puzzle.github.io/cert-manager-webhook-dnsimple
     targetRevision: 0.1.6
   syncPolicy:

everything-app/longhorn.yaml

@@ -16,13 +16,13 @@ spec:
     helm:
       parameters:
         - name: preUpgradeChecker.jobEnabled
-        value: "false"
+          value: 'false'
         - name: service.ui.type
           value: LoadBalancer
         - name: service.nodePort
-        value: ""
+          value: ''
         - name: persistence.defaultClass
-        value: "false"
+          value: 'false'
     chart: longhorn
     repoURL: https://charts.longhorn.io
     targetRevision: 1.6.4

everything-app/mysql4bikerwitch.yaml

@@ -15,7 +15,7 @@ spec:
         - name: auth.database
           value: drupal
         - name: auth.forcePassword
-        value: "true"
+          value: 'true'
         - name: auth.username
           value: drupal
         - name: auth.existingSecret

everything-app/mysql4blog.yaml

@@ -15,7 +15,7 @@ spec:
         - name: auth.database
           value: writefreely
         - name: auth.forcePassword
-        value: "true"
+          value: 'true'
         - name: auth.username
           value: writefreely
         - name: auth.existingSecret

everything-app/mysql4nextcloud.yaml

@@ -15,7 +15,7 @@ spec:
         - name: auth.database
           value: nextcloud
         - name: auth.forcePassword
-        value: "true"
+          value: 'true'
         - name: auth.username
           value: nextcloud
         - name: auth.existingSecret

everything-app/nodered.yaml

@@ -15,21 +15,12 @@ spec:
         - name: service.type
           value: LoadBalancer
         - name: persistence.data.enabled
-        value: "true"
+          value: 'true'
         - name: image.tag
           value: 3.1.0-18
-      values: |-
+      values: "persistence:\n  data:\n    accessMode: ReadWriteOnce\n    size: 1Gi\n\
-        persistence:
+        \    storageClass: longhorn-fast\nservice:\n  port:\n    port: 80\n    targetPort:\
-          data:
+        \ 1880\n  annotations:\n    external-dns.alpha.kubernetes.io/hostname: nodered.martyn.berlin"
-            accessMode: ReadWriteOnce
-            size: 1Gi
-            storageClass: longhorn-fast
-        service:
-          port:
-            port: 80
-            targetPort: 1880
-          annotations:
-            external-dns.alpha.kubernetes.io/hostname: nodered.martyn.berlin
     repoURL: https://k8s-at-home.com/charts/
     targetRevision: 5.4.0
   syncPolicy:

everything-app/ntfy.yaml

@@ -14,48 +14,26 @@ spec:
         - name: service.type
           value: LoadBalancer
         - name: persistence.cache.enabled
-        value: "true"
+          value: 'true'
         - name: persistence.cache.storageClass
-        value: "longhorn-fast"
+          value: longhorn-fast
         - name: persistence.data.enabled
-        value: "true"
+          value: 'true'
         - name: persistence.data.storageClass
-        value: "longhorn-fast"
+          value: longhorn-fast
-      values: |2-
+      values: "\ningress:\n  enabled: true\n  annotations:\n    cert-manager.io/cluster-issuer:\
-
+        \ letsencrypt\n    kubernetes.io/ingress.class: nginx\n    external-dns.alpha.kubernetes.io/target:\
-        ingress:
+        \ armnleg.martyn.berlin\n    nginx.ingress.kubernetes.io/server-snippets:\
-          enabled: true
+        \ |\n      location / {\n        proxy_set_header Upgrade $http_upgrade;\n\
-          annotations:
+        \        proxy_http_version 1.1;\n        proxy_set_header X-Forwarded-Host\
-            cert-manager.io/cluster-issuer: letsencrypt
+        \ $http_host;\n        proxy_set_header X-Forwarded-Proto $scheme;\n     \
-            kubernetes.io/ingress.class: nginx
+        \   proxy_set_header X-Forwarded-For $remote_addr;\n        proxy_set_header\
-            external-dns.alpha.kubernetes.io/target: armnleg.martyn.berlin
+        \ Host $host;\n        proxy_set_header Connection \"upgrade\";\n        proxy_cache_bypass\
-            nginx.ingress.kubernetes.io/server-snippets: |
+        \ $http_upgrade;\n      }\n  hosts:\n  - host: ntfy.martyn.berlin\n    paths:\n\
-              location / {
+        \    - path: /\n      pathType: Prefix\n  tls:\n  - hosts:\n    - ntfy.martyn.berlin\n\
-                proxy_set_header Upgrade $http_upgrade;
+        \nntfy:\n  config:\n    base-url: \"https://ntfy.martyn.berlin\"\n    cache-file:\
-                proxy_http_version 1.1;
+        \ \"/var/cache/ntfy/cache.db\"\n    attachment-cache-dir: \"/var/cache/ntfy/attachments\"\
-                proxy_set_header X-Forwarded-Host $http_host;
+        \n    auth-file: \"/var/lib/ntfy/user.db\"\n    auth-default-access: \"deny-all\""
-                proxy_set_header X-Forwarded-Proto $scheme;
-                proxy_set_header X-Forwarded-For $remote_addr;
-                proxy_set_header Host $host;
-                proxy_set_header Connection "upgrade";
-                proxy_cache_bypass $http_upgrade;
-              }
-          hosts:
-          - host: ntfy.martyn.berlin
-            paths:
-            - path: /
-              pathType: Prefix
-          tls:
-          - hosts:
-            - ntfy.martyn.berlin
-
-        ntfy:
-          config:
-            base-url: "https://ntfy.martyn.berlin"
-            cache-file: "/var/cache/ntfy/cache.db"
-            attachment-cache-dir: "/var/cache/ntfy/attachments"
-            auth-file: "/var/lib/ntfy/user.db"
-            auth-default-access: "deny-all"
     path: apps-helm/ntfy
     repoURL: https://git.martyn.berlin/martyn/infra4talos.git
     targetRevision: HEAD

everything-app/samba-longhorn-ssd.yaml

@@ -18,12 +18,12 @@ spec:
         - name: persistence.pvc.storageClass
           value: longhorn-fast
         - name: persistence.pvc.size
-        value: 100Mi #low because we're gonna loop in lots of PVCs here below...
+          value: 100Mi
       valuesObject:
         samba:
           users:
             - username: martyn
-            password: "564628"
+              password: '564628'
         affinity:
           nodeAffinity:
             preferredDuringSchedulingIgnoredDuringExecution:

everything-app/samba-slow-big.yaml

@@ -18,12 +18,12 @@ spec:
         - name: persistence.pvc.storageClass
           value: longhorn-spinny
         - name: persistence.pvc.size
-        value: "1Ti"
+          value: 1Ti
       valuesObject:
         samba:
           users:
             - username: martyn
-            password: "564628"
+              password: '564628'
         affinity:
           nodeAffinity:
             preferredDuringSchedulingIgnoredDuringExecution:

everything-app/syncthing.yaml

@@ -13,34 +13,23 @@ spec:
     helm:
       parameters:
         - name: image.tag
-        value: "1.26"
+          value: '1.26'
         - name: service.listen.enabled
-        value: "true"
+          value: 'true'
         - name: service.listen.ports.listen.enabled
-        value: "true"
+          value: 'true'
         - name: service.listen.type
           value: LoadBalancer
         - name: service.discovery.enabled
-        value: "false"
+          value: 'false'
         - name: service.discovery.ports.discovery.enabled
-        value: "false"
+          value: 'false'
-      values: |- 
+      values: "persistence:\n   data:\n     enabled: true\n     type: pvc\n     accessMode:\
-        persistence:
+        \ ReadWriteOnce\n     size: 50Gi\n     storageClass: longhorn-fast\nservice:\n\
-           data:
+        \  main:\n    annotations:\n      external-dns.alpha.kubernetes.io/hostname:\
-             enabled: true
+        \ syncthing.martyn.berlin\n    type: LoadBalancer\n  listen:\n    annotations:\n\
-             type: pvc
+        \      external-dns.alpha.kubernetes.io/hostname: syncthing-listen.martyn.berlin\n\
-             accessMode: ReadWriteOnce
+        \    type: LoadBalancer"
-             size: 50Gi
-             storageClass: longhorn-fast
-        service:
-          main:
-            annotations:
-              external-dns.alpha.kubernetes.io/hostname: syncthing.martyn.berlin
-            type: LoadBalancer
-          listen:
-            annotations:
-              external-dns.alpha.kubernetes.io/hostname: syncthing-listen.martyn.berlin
-            type: LoadBalancer
     repoURL: https://k8s-at-home.com/charts/
     targetRevision: 3.5.2
   syncPolicy:

everything-app/uptime-kuma.yaml

@@ -14,7 +14,7 @@ spec:
         - name: service.type
           value: LoadBalancer
         - name: persistence.enabled
-        value: "true"
+          value: 'true'
         - name: persistence.storageClass
           value: longhorn-fast
     path: apps-helm/uptime-kuma

everything-app/wg-access-server.yaml

@@ -15,14 +15,9 @@ spec:
           value: LoadBalancer
         - name: wireguard.service.type
           value: LoadBalancer
-      values: |-
+      values: "config:\n  csiSecretsStore:\n    providerName: 1password\n    resourceName:\
-        config:
+        \ vaults/3oh5jxmxvqvpuimu2lbuajtizi/allitems/idkjj6oyua2fq6df4fkjzmh4ne/config.yaml\n\
-          csiSecretsStore:
+        persistence:\n  enabled: true\n  storageClass: longhorn-fast"
-            providerName: 1password
-            resourceName: vaults/3oh5jxmxvqvpuimu2lbuajtizi/allitems/idkjj6oyua2fq6df4fkjzmh4ne/config.yaml
-        persistence:
-          enabled: true
-          storageClass: longhorn-fast
     path: apps-helm/wg-access-server
     repoURL: https://git.martyn.berlin/martyn/infra4talos
     targetRevision: HEAD