martyn/infra4talos
1
0
Fork 0
Code Issues Pull requests 10 Projects Releases Packages Wiki Activity

yq formatting

Browse source 
Signed-off-by: Martyn Ranyard <m@rtyn.berlin>
This commit is contained in:
Martyn 2025-06-30 19:24:17 +00:00
parent efba9dadbc
commit 5eb98cf34a
21 changed files with 305 additions and 349 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
everything-app/app-cilium.yaml
View file

@ -17,28 +17,23 @@ spec:
- name: ipam.mode
value: kubernetes
- name: kubeProxyReplacement
value: "true"
value: 'true'
- name: securityContext.capabilities.ciliumAgent
value: "{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}"
value: '{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}'
- name: securityContext.capabilities.cleanCiliumState
value: "{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}"
value: '{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}'
- name: cgroup.autoMount.enabled
value: "false"
value: 'false'
- name: cgroup.hostRoot
value: /sys/fs/cgroup
- name: k8sServiceHost
value: localhost
- name: k8sServicePort
value: "7445"
value: '7445'
- name: k8sClientRateLimit.qps
value: "50"
value: '50'
- name: k8sClientRateLimit.burst
value: "100"
value: '100'
syncPolicy:
automated:
selfHeal: true

28
everything-app/app-ingress-nginx.yaml
View file

@ -15,33 +15,41 @@ spec:
helm:
parameters:
- name: controller.ingressClassResource.default
value: "true"
value: 'true'
- name: controller.config.annotations-risk-level
value: "Critical"
value: Critical
- name: controller.service.type
value: LoadBalancer
- name: controller.allowSnippetAnnotations
value: "true"
value: 'true'
- name: controller.resources.requests.cpu
value: "35m"
value: 35m
- name: controller.resources.requests.memory
value: "351198544"
value: '351198544'
- name: controller.extraArgs.default-ssl-certificate
value: "cluster-ingress/cluster-ingress-wildcard"
value: cluster-ingress/cluster-ingress-wildcard
- name: controller.config.http-snippet
value: |-
more_set_headers -a "X-Robots-Tag: noai";
value: 'more_set_headers -a "X-Robots-Tag: noai";
more_set_headers -a "X-Robots-Tag: Google-Extended: none";
more_set_headers -a "X-Robots-Tag: GPTBot: none";
more_set_headers -a "X-Robots-Tag: ChatGPT-User: none";
more_set_headers -a "X-Robots-Tag: anthropic-ai: none";
more_set_headers -a "X-Robots-Tag: CCBot: none";
more_set_headers -a "X-Robots-Tag: semrushbot: none";
more_set_headers -a "X-Robots-Tag: Amazonbot: none";
more_set_headers -a "X-Robots-Tag: dotbot: none";
more_set_headers -a "X-Robots-Tag: AhrefsBot: none";
more_set_headers -a "X-Robots-Tag: AhrefsBot: none";'
- name: controller.config.block-user-agents
value: "~*Amazonbot,~*SemrushBot,~*DotBot,~*Ahrefsbot,~*GPT"
value: ~*Amazonbot,~*SemrushBot,~*DotBot,~*Ahrefsbot,~*GPT
syncPolicy:
automated:
selfHeal: true

2
everything-app/app-letsencrypt.yaml
View file

@ -15,7 +15,7 @@ spec:
helm:
parameters:
- name: installCRDs
value: "true"
value: 'true'
syncPolicy:
automated:
selfHeal: true

2
everything-app/code-server.yaml
View file

@ -18,7 +18,7 @@ spec:
- name: service.type
value: LoadBalancer
- name: service.port
value: "80"
value: '80'
path: apps-helm/code-server
repoURL: https://git.martyn.berlin/martyn/infra4talos
targetRevision: HEAD

12
everything-app/dnsimple-cert-manager-webhook.yaml
View file

@ -13,17 +13,17 @@ spec:
helm:
parameters:
- name: clusterIssuer.production.enabled
value: "true"
value: 'true'
- name: clusterIssuer.staging.enabled
value: "true"
value: 'true'
- name: clusterIssuer.email
value: "ranuardm@gmail.com"
value: ranuardm@gmail.com
- name: dnsimple.existingTokenSecret
value: "true"
value: 'true'
- name: dnsimple.tokenSecretName
value: "dnsimple-webhook-secret"
value: dnsimple-webhook-secret
- name: dnsimple.accountID
value: "106218"
value: '106218'
repoURL: https://puzzle.github.io/cert-manager-webhook-dnsimple
targetRevision: 0.1.6
syncPolicy:

6
everything-app/longhorn.yaml
View file

@ -16,13 +16,13 @@ spec:
helm:
parameters:
- name: preUpgradeChecker.jobEnabled
value: "false"
value: 'false'
- name: service.ui.type
value: LoadBalancer
- name: service.nodePort
value: ""
value: ''
- name: persistence.defaultClass
value: "false"
value: 'false'
chart: longhorn
repoURL: https://charts.longhorn.io
targetRevision: 1.6.4

2
everything-app/mysql4bikerwitch.yaml
View file

@ -15,7 +15,7 @@ spec:
- name: auth.database
value: drupal
- name: auth.forcePassword
value: "true"
value: 'true'
- name: auth.username
value: drupal
- name: auth.existingSecret

2
everything-app/mysql4blog.yaml
View file

@ -15,7 +15,7 @@ spec:
- name: auth.database
value: writefreely
- name: auth.forcePassword
value: "true"
value: 'true'
- name: auth.username
value: writefreely
- name: auth.existingSecret

2
everything-app/mysql4nextcloud.yaml
View file

@ -15,7 +15,7 @@ spec:
- name: auth.database
value: nextcloud
- name: auth.forcePassword
value: "true"
value: 'true'
- name: auth.username
value: nextcloud
- name: auth.existingSecret

17
everything-app/nodered.yaml
View file

@ -15,21 +15,12 @@ spec:
- name: service.type
value: LoadBalancer
- name: persistence.data.enabled
value: "true"
value: 'true'
- name: image.tag
value: 3.1.0-18
values: |-
persistence:
data:
accessMode: ReadWriteOnce
size: 1Gi
storageClass: longhorn-fast
service:
port:
port: 80
targetPort: 1880
annotations:
external-dns.alpha.kubernetes.io/hostname: nodered.martyn.berlin
values: "persistence:\n data:\n accessMode: ReadWriteOnce\n size: 1Gi\n\
\ storageClass: longhorn-fast\nservice:\n port:\n port: 80\n targetPort:\
\ 1880\n annotations:\n external-dns.alpha.kubernetes.io/hostname: nodered.martyn.berlin"
repoURL: https://k8s-at-home.com/charts/
targetRevision: 5.4.0
syncPolicy:

56
everything-app/ntfy.yaml
View file

@ -14,48 +14,26 @@ spec:
- name: service.type
value: LoadBalancer
- name: persistence.cache.enabled
value: "true"
value: 'true'
- name: persistence.cache.storageClass
value: "longhorn-fast"
value: longhorn-fast
- name: persistence.data.enabled
value: "true"
value: 'true'
- name: persistence.data.storageClass
value: "longhorn-fast"
values: |2-
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: nginx
external-dns.alpha.kubernetes.io/target: armnleg.martyn.berlin
nginx.ingress.kubernetes.io/server-snippets: |
location / {
proxy_set_header Upgrade $http_upgrade;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_set_header Connection "upgrade";
proxy_cache_bypass $http_upgrade;
}
hosts:
- host: ntfy.martyn.berlin
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- ntfy.martyn.berlin
ntfy:
config:
base-url: "https://ntfy.martyn.berlin"
cache-file: "/var/cache/ntfy/cache.db"
attachment-cache-dir: "/var/cache/ntfy/attachments"
auth-file: "/var/lib/ntfy/user.db"
auth-default-access: "deny-all"
value: longhorn-fast
values: "\ningress:\n enabled: true\n annotations:\n cert-manager.io/cluster-issuer:\
\ letsencrypt\n kubernetes.io/ingress.class: nginx\n external-dns.alpha.kubernetes.io/target:\
\ armnleg.martyn.berlin\n nginx.ingress.kubernetes.io/server-snippets:\
\ |\n location / {\n proxy_set_header Upgrade $http_upgrade;\n\
\ proxy_http_version 1.1;\n proxy_set_header X-Forwarded-Host\
\ $http_host;\n proxy_set_header X-Forwarded-Proto $scheme;\n \
\ proxy_set_header X-Forwarded-For $remote_addr;\n proxy_set_header\
\ Host $host;\n proxy_set_header Connection \"upgrade\";\n proxy_cache_bypass\
\ $http_upgrade;\n }\n hosts:\n - host: ntfy.martyn.berlin\n paths:\n\
\ - path: /\n pathType: Prefix\n tls:\n - hosts:\n - ntfy.martyn.berlin\n\
\nntfy:\n config:\n base-url: \"https://ntfy.martyn.berlin\"\n cache-file:\
\ \"/var/cache/ntfy/cache.db\"\n attachment-cache-dir: \"/var/cache/ntfy/attachments\"\
\n auth-file: \"/var/lib/ntfy/user.db\"\n auth-default-access: \"deny-all\""
path: apps-helm/ntfy
repoURL: https://git.martyn.berlin/martyn/infra4talos.git
targetRevision: HEAD

4
everything-app/samba-longhorn-ssd.yaml
View file

@ -18,12 +18,12 @@ spec:
- name: persistence.pvc.storageClass
value: longhorn-fast
- name: persistence.pvc.size
value: 100Mi #low because we're gonna loop in lots of PVCs here below...
value: 100Mi
valuesObject:
samba:
users:
- username: martyn
password: "564628"
password: '564628'
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:

4
everything-app/samba-slow-big.yaml
View file

@ -18,12 +18,12 @@ spec:
- name: persistence.pvc.storageClass
value: longhorn-spinny
- name: persistence.pvc.size
value: "1Ti"
value: 1Ti
valuesObject:
samba:
users:
- username: martyn
password: "564628"
password: '564628'
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:

33
everything-app/syncthing.yaml
View file

@ -13,34 +13,23 @@ spec:
helm:
parameters:
- name: image.tag
value: "1.26"
value: '1.26'
- name: service.listen.enabled
value: "true"
value: 'true'
- name: service.listen.ports.listen.enabled
value: "true"
value: 'true'
- name: service.listen.type
value: LoadBalancer
- name: service.discovery.enabled
value: "false"
value: 'false'
- name: service.discovery.ports.discovery.enabled
value: "false"
values: |-
persistence:
data:
enabled: true
type: pvc
accessMode: ReadWriteOnce
size: 50Gi
storageClass: longhorn-fast
service:
main:
annotations:
external-dns.alpha.kubernetes.io/hostname: syncthing.martyn.berlin
type: LoadBalancer
listen:
annotations:
external-dns.alpha.kubernetes.io/hostname: syncthing-listen.martyn.berlin
type: LoadBalancer
value: 'false'
values: "persistence:\n data:\n enabled: true\n type: pvc\n accessMode:\
\ ReadWriteOnce\n size: 50Gi\n storageClass: longhorn-fast\nservice:\n\
\ main:\n annotations:\n external-dns.alpha.kubernetes.io/hostname:\
\ syncthing.martyn.berlin\n type: LoadBalancer\n listen:\n annotations:\n\
\ external-dns.alpha.kubernetes.io/hostname: syncthing-listen.martyn.berlin\n\
\ type: LoadBalancer"
repoURL: https://k8s-at-home.com/charts/
targetRevision: 3.5.2
syncPolicy:

2
everything-app/uptime-kuma.yaml
View file

@ -14,7 +14,7 @@ spec:
- name: service.type
value: LoadBalancer
- name: persistence.enabled
value: "true"
value: 'true'
- name: persistence.storageClass
value: longhorn-fast
path: apps-helm/uptime-kuma

11
everything-app/wg-access-server.yaml
View file

@ -15,14 +15,9 @@ spec:
value: LoadBalancer
- name: wireguard.service.type
value: LoadBalancer
values: |-
config:
csiSecretsStore:
providerName: 1password
resourceName: vaults/3oh5jxmxvqvpuimu2lbuajtizi/allitems/idkjj6oyua2fq6df4fkjzmh4ne/config.yaml
persistence:
enabled: true
storageClass: longhorn-fast
values: "config:\n csiSecretsStore:\n providerName: 1password\n resourceName:\
\ vaults/3oh5jxmxvqvpuimu2lbuajtizi/allitems/idkjj6oyua2fq6df4fkjzmh4ne/config.yaml\n\
persistence:\n enabled: true\n storageClass: longhorn-fast"
path: apps-helm/wg-access-server
repoURL: https://git.martyn.berlin/martyn/infra4talos
targetRevision: HEAD