diff --git a/apps-kustomized/argocd/kustomization.yaml b/apps-kustomized/argocd/kustomization.yaml index 99df785..0b08989 100644 --- a/apps-kustomized/argocd/kustomization.yaml +++ b/apps-kustomized/argocd/kustomization.yaml @@ -24,3 +24,11 @@ patches: version: v1 kind: ConfigMap name: argocd-cm + + - patch: |- + - op: add + path: /spec/template/spec/containers/0/args/- + value: --insecure=true + target: + kind: Deployment + name: argocd-server diff --git a/apps-kustomized/bazarr/deploy.yaml b/apps-kustomized/bazarr/deploy.yaml index 9319442..41ae55e 100644 --- a/apps-kustomized/bazarr/deploy.yaml +++ b/apps-kustomized/bazarr/deploy.yaml @@ -33,8 +33,6 @@ spec: mountPath: /config - name: series mountPath: /series - - name: oldseries - mountPath: /oldseries - name: films mountPath: /films volumes: @@ -44,9 +42,6 @@ spec: - name: series persistentVolumeClaim: claimName: smb-series - - name: oldseries - persistentVolumeClaim: - claimName: smb-oldseries - name: films persistentVolumeClaim: claimName: smb-films diff --git a/apps-kustomized/bazarr/pvc-smb.yaml b/apps-kustomized/bazarr/pvc-smb.yaml index b4044af..b7a1b0a 100644 --- a/apps-kustomized/bazarr/pvc-smb.yaml +++ b/apps-kustomized/bazarr/pvc-smb.yaml @@ -12,18 +12,6 @@ spec: --- apiVersion: v1 kind: PersistentVolumeClaim -metadata: - name: smb-oldseries -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - storageClassName: smb-oldseries ---- -apiVersion: v1 -kind: PersistentVolumeClaim metadata: name: smb-films spec: @@ -32,4 +20,4 @@ spec: resources: requests: storage: 1Gi - storageClassName: smb-films \ No newline at end of file + storageClassName: smb-films diff --git a/apps-kustomized/esphome/deploy.yaml b/apps-kustomized/esphome/deploy.yaml index cc0864f..0f08b00 100644 --- a/apps-kustomized/esphome/deploy.yaml +++ b/apps-kustomized/esphome/deploy.yaml @@ -17,7 +17,7 @@ spec: - env: - name: ESPHOME_DASHBOARD_USE_PING value: "true" - image: esphome/esphome:2022.12.3 + image: esphome/esphome:2022.12.8 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 diff --git a/apps-kustomized/external-dns/deploy.yaml b/apps-kustomized/external-dns/deploy.yaml new file mode 100644 index 0000000..c423ba6 --- /dev/null +++ b/apps-kustomized/external-dns/deploy.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: external-dns +spec: + template: + spec: + containers: + - name: external-dns + envFrom: + - secretRef: + name: dnsimple-auth diff --git a/apps-kustomized/external-dns/kustomization.yaml b/apps-kustomized/external-dns/kustomization.yaml index 6361fa5..837207a 100644 --- a/apps-kustomized/external-dns/kustomization.yaml +++ b/apps-kustomized/external-dns/kustomization.yaml @@ -3,12 +3,16 @@ kind: Kustomization helmCharts: - name: external-dns - repo: https://charts.bitnami.com/bitnami - version: 6.28.4 + repo: https://kubernetes-sigs.github.io/external-dns + version: 1.15.2 releaseName: external-dns namespace: external-dns valuesInline: - provider: dnsimple + provider: + name: dnsimple txtPrefix: armnleg - sources: [service,ingress] - extraEnvVarsSecret: dnsimple-auth +patches: +- path: deploy.yaml + target: + kind: Deployment + name: external-dns diff --git a/apps-kustomized/files-web/ing.yaml b/apps-kustomized/files-web/ing.yaml new file mode 100644 index 0000000..aef4789 --- /dev/null +++ b/apps-kustomized/files-web/ing.yaml @@ -0,0 +1,23 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + external-dns.alpha.kubernetes.io/target: armnleg.martyn.berlin + nginx.ingress.kubernetes.io/proxy-body-size: 700m + name: web-s3 +spec: + ingressClassName: nginx + rules: + - host: files.martyn.berlin + http: + paths: + - backend: + service: + name: s3-nginx + port: + number: 80 + path: / + pathType: Prefix + tls: + - hosts: + - files.martyn.berlin diff --git a/apps-kustomized/files-web/nginx.yaml b/apps-kustomized/files-web/nginx.yaml new file mode 100644 index 0000000..f58d09c --- /dev/null +++ b/apps-kustomized/files-web/nginx.yaml @@ -0,0 +1,27 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: s3-nginx + name: s3-nginx +spec: + replicas: 1 + selector: + matchLabels: + app: s3-nginx + template: + metadata: + creationTimestamp: null + labels: + app: s3-nginx + spec: + containers: + - image: nginx:1.27.4 + name: nginx + volumeMounts: + - mountPath: /usr/share/nginx/html + name: s3 + volumes: + - name: s3 + persistentVolumeClaim: + claimName: smb-s3 diff --git a/apps-kustomized/files-web/pvc.yaml b/apps-kustomized/files-web/pvc.yaml new file mode 100644 index 0000000..f648e20 --- /dev/null +++ b/apps-kustomized/files-web/pvc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: smb-s3 +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: smb-s3 diff --git a/apps-kustomized/files-web/svc.yaml b/apps-kustomized/files-web/svc.yaml new file mode 100644 index 0000000..42f9f5b --- /dev/null +++ b/apps-kustomized/files-web/svc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: s3-nginx + name: s3-nginx +spec: + internalTrafficPolicy: Cluster + ports: + - port: 80 + selector: + app: s3-nginx diff --git a/apps-kustomized/forgejo/deploy.yaml b/apps-kustomized/forgejo/deploy.yaml index cfa7e74..7829f5f 100644 --- a/apps-kustomized/forgejo/deploy.yaml +++ b/apps-kustomized/forgejo/deploy.yaml @@ -19,7 +19,7 @@ spec: app: forgejo spec: containers: - - image: codeberg.org/forgejo/forgejo:1.21 + - image: codeberg.org/forgejo/forgejo:10.0.1 env: - name: FORGEJO__database__DB_TYPE value: postgres diff --git a/apps-kustomized/jellyfin/deployment.yaml b/apps-kustomized/jellyfin/deployment.yaml index 4fff4fd..9c94b90 100644 --- a/apps-kustomized/jellyfin/deployment.yaml +++ b/apps-kustomized/jellyfin/deployment.yaml @@ -66,7 +66,7 @@ spec: dnsPolicy: ClusterFirst nodeSelector: intel.feature.node.kubernetes.io/gpu: "true" - kubernetes.io/hostname: talos-llu-kx3 + kubernetes.io/hostname: talos-e48-wv7 terminationGracePeriodSeconds: 30 volumes: - name: jellyfin-config diff --git a/apps-kustomized/kube-prometheus/grafana-deployment.yaml b/apps-kustomized/kube-prometheus/grafana-deployment.yaml index 7029f06..d4c59f4 100644 --- a/apps-kustomized/kube-prometheus/grafana-deployment.yaml +++ b/apps-kustomized/kube-prometheus/grafana-deployment.yaml @@ -32,7 +32,7 @@ spec: automountServiceAccountToken: false containers: - env: [] - image: grafana/grafana:9.5.3 + image: grafana/grafana:9.5.21 name: grafana ports: - containerPort: 3000 diff --git a/apps-kustomized/lidarr/deploy.yaml b/apps-kustomized/lidarr/deploy.yaml index cad8b6e..49cce80 100644 --- a/apps-kustomized/lidarr/deploy.yaml +++ b/apps-kustomized/lidarr/deploy.yaml @@ -18,7 +18,7 @@ spec: app: lidarr spec: containers: - - image: hotio/lidarr:release + - image: hotio/lidarr:release-2.9.6.4552 name: lidarr resources: requests: diff --git a/apps-kustomized/lms/pvc.yaml b/apps-kustomized/lms/pvc.yaml index 2fd6541..7f97a01 100644 --- a/apps-kustomized/lms/pvc.yaml +++ b/apps-kustomized/lms/pvc.yaml @@ -12,18 +12,6 @@ spec: --- apiVersion: v1 kind: PersistentVolumeClaim -metadata: - name: smb-oldmusic -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - storageClassName: smb-oldmusic ---- -apiVersion: v1 -kind: PersistentVolumeClaim metadata: name: logitech-media-server-config spec: diff --git a/apps-kustomized/lms/statefulset.yaml b/apps-kustomized/lms/statefulset.yaml index 1fe788f..0f64296 100644 --- a/apps-kustomized/lms/statefulset.yaml +++ b/apps-kustomized/lms/statefulset.yaml @@ -61,27 +61,14 @@ spec: terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - - mountPath: /srv/squeezebox - name: config - - mountPath: /smbmusic - name: smbmusic - - mountPath: /smboldmusic - name: smboldmusic - dnsPolicy: ClusterFirst - initContainers: - - command: - - sh - - -c - - mkdir /smbmusic; mkdir -pv /config/playlists /config/config; chown -Rc 1000:1000 - /config - image: doliana/logitech-media-server:2023_04_15-8.3.1 - imagePullPolicy: IfNotPresent - name: init-config - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - mountPath: /config name: config + - mountPath: /music + name: smbmusic + - mountPath: /playlist + name: config + subPath: playlist + dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler terminationGracePeriodSeconds: 30 @@ -92,9 +79,6 @@ spec: - name: smbmusic persistentVolumeClaim: claimName: smb-music - - name: smboldmusic - persistentVolumeClaim: - claimName: smb-oldmusic updateStrategy: rollingUpdate: partition: 0 diff --git a/apps-kustomized/mosquitto/deploy.yaml b/apps-kustomized/mosquitto/deploy.yaml index f54a9d0..b888928 100644 --- a/apps-kustomized/mosquitto/deploy.yaml +++ b/apps-kustomized/mosquitto/deploy.yaml @@ -21,7 +21,7 @@ spec: app.kubernetes.io/name: mosquitto spec: containers: - - image: eclipse-mosquitto:1.6.12 + - image: eclipse-mosquitto:1.6.15 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 diff --git a/apps-kustomized/paperless-ngx/kustomization.yaml b/apps-kustomized/paperless-ngx/kustomization.yaml new file mode 100644 index 0000000..5c3957e --- /dev/null +++ b/apps-kustomized/paperless-ngx/kustomization.yaml @@ -0,0 +1,62 @@ + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +helmCharts: +- name: paperless-ngx + repo: https://charts.gabe565.com + version: 0.24.1 + releaseName: paperless-ngx + namespace: paperless-ngx + valuesInline: + persistence: + data: + enabled: "true" + size: "1Gi" + accessMode: ReadWriteOnce + storageClass: "longhorn-fast" + media: + enabled: "true" + size: "8Gi" + accessMode: ReadWriteOnce + storageClass: "longhorn-fast" + export: + enabled: "true" + size: "1Gi" + accessMode: ReadWriteOnce + storageClass: "longhorn-fast" + consume: + enabled: "true" + size: "1Gi" + accessMode: ReadWriteOnce + storageClass: "smb-scans" + service: + main: + type: LoadBalancer + annotations: + external-dns.alpha.kubernetes.io/hostname: "paperless.martyn.berlin" + ports: + http: + port: 8080 + postgresql: + enabled: "true" + primary: + persistence: + enabled: "true" + storageClass: "longhorn-fast" + env: + TZ: "Europe/Berlin" + resources: + requests: + cpu: "25m" + memory: "511772986" + + +patches: + - target: + kind: Service + name: paperless-ngx + patch: |- + - op: replace + path: /spec/ports + value: [{"name":"http","port":80,"targetPort":"http","protocol":"TCP"}] diff --git a/apps-kustomized/prowlarr/deploy.yaml b/apps-kustomized/prowlarr/deploy.yaml index f7b7168..962e8db 100644 --- a/apps-kustomized/prowlarr/deploy.yaml +++ b/apps-kustomized/prowlarr/deploy.yaml @@ -16,7 +16,7 @@ spec: app: prowlarr spec: containers: - - image: hotio/prowlarr:release-1.26.1.4844 + - image: hotio/prowlarr:release-1.31.2.4975 imagePullPolicy: Always name: prowlarr ports: diff --git a/apps-kustomized/radarr/deploy.yaml b/apps-kustomized/radarr/deploy.yaml index c8353fc..cf95c71 100644 --- a/apps-kustomized/radarr/deploy.yaml +++ b/apps-kustomized/radarr/deploy.yaml @@ -18,7 +18,7 @@ spec: app: radarr spec: containers: - - image: hotio/radarr:release-5.18.4.9674 + - image: hotio/radarr:release-5.19.3.9730 imagePullPolicy: IfNotPresent name: radarr ports: diff --git a/apps-kustomized/ser2net/ser2net-zigbee.yaml b/apps-kustomized/ser2net/ser2net-zigbee.yaml index 1ef318d..c33b61c 100644 --- a/apps-kustomized/ser2net/ser2net-zigbee.yaml +++ b/apps-kustomized/ser2net/ser2net-zigbee.yaml @@ -38,7 +38,7 @@ metadata: annotations: configmap.reloader.stakater.com/reload: "ser2net" spec: - replicas: 1 + replicas: 0 strategy: type: Recreate selector: diff --git a/apps-kustomized/smb-storageclasses/sc-films.yaml b/apps-kustomized/smb-storageclasses/sc-films.yaml index 94537c3..f8cbefd 100644 --- a/apps-kustomized/smb-storageclasses/sc-films.yaml +++ b/apps-kustomized/smb-storageclasses/sc-films.yaml @@ -4,7 +4,7 @@ metadata: name: smb-films provisioner: smb.csi.k8s.io parameters: - source: "//172.20.0.125/films" + source: "//172.20.0.70/films" csi.storage.k8s.io/node-stage-secret-name: smb-creds csi.storage.k8s.io/node-stage-secret-namespace: kube-system reclaimPolicy: Retain diff --git a/apps-kustomized/smb-storageclasses/sc-oldseries.yaml b/apps-kustomized/smb-storageclasses/sc-s3.yaml similarity index 85% rename from apps-kustomized/smb-storageclasses/sc-oldseries.yaml rename to apps-kustomized/smb-storageclasses/sc-s3.yaml index 2d725b6..22eda02 100644 --- a/apps-kustomized/smb-storageclasses/sc-oldseries.yaml +++ b/apps-kustomized/smb-storageclasses/sc-s3.yaml @@ -1,10 +1,10 @@ apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: - name: smb-oldseries + name: smb-s3 provisioner: smb.csi.k8s.io parameters: - source: "//hp40l/disk2/oldseries" + source: "//172.20.0.69/s3" csi.storage.k8s.io/node-stage-secret-name: smb-creds csi.storage.k8s.io/node-stage-secret-namespace: kube-system reclaimPolicy: Retain diff --git a/apps-kustomized/smb-storageclasses/sc-series.yaml b/apps-kustomized/smb-storageclasses/sc-series.yaml index cd6438b..f30081a 100644 --- a/apps-kustomized/smb-storageclasses/sc-series.yaml +++ b/apps-kustomized/smb-storageclasses/sc-series.yaml @@ -4,7 +4,7 @@ metadata: name: smb-series provisioner: smb.csi.k8s.io parameters: - source: "//hp40l/disk2/series" + source: "//172.20.0.70/series" csi.storage.k8s.io/node-stage-secret-name: smb-creds csi.storage.k8s.io/node-stage-secret-namespace: kube-system reclaimPolicy: Retain diff --git a/apps-kustomized/tailscale-proxy/configmap.yaml b/apps-kustomized/tailscale-proxy/configmap.yaml new file mode 100644 index 0000000..18e2296 --- /dev/null +++ b/apps-kustomized/tailscale-proxy/configmap.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: tailscale-script +data: + script.sh: | + tailscaled --socks5-server=localhost:1055 --outbound-http-proxy-listen=localhost:1055 --tun=userspace-networking & + tailscale up --authkey=$TS_AUTHKEY --advertise-tags=tag:k8s --hostname k8s-tailscale-proxy & + sleep 3 + echo "Waiting for $COUNTRY to do something" + while ! tailscale exit-node list 2>/dev/null | grep $COUNTRY >/dev/null; do echo -n . ;sleep 5; done + tailscale set --exit-node $(tailscale exit-node list | grep $COUNTRY | cut -f2 -d' ' | shuf | head -n1) + while true; do sleep 1; done diff --git a/apps-kustomized/tailscale-proxy/deploy.yaml b/apps-kustomized/tailscale-proxy/deploy.yaml new file mode 100644 index 0000000..0ee2f41 --- /dev/null +++ b/apps-kustomized/tailscale-proxy/deploy.yaml @@ -0,0 +1,100 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: tailscale-proxy + name: tailscale-proxy +spec: + replicas: 1 + selector: + matchLabels: + app: tailscale-proxy + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + app: tailscale-proxy + spec: + containers: + - command: + - /bin/sh + - -c + - 'sh /script/script.sh' + env: + - name: TS_KUBE_SECRET + value: tailscale + - name: COUNTRY + value: Switzerland + - name: TS_AUTHKEY + valueFrom: + secretKeyRef: + key: TS_AUTHKEY + name: tailscale-auth + image: ghcr.io/tailscale/tailscale:v1.80.3 + imagePullPolicy: IfNotPresent + startupProbe: + exec: + command: + - /bin/sh + - -c + - tailscale ip | grep ^100 > /dev/null + periodSeconds: 30 + failureThreshold: 30 + livenessProbe: + exec: + command: + - /bin/sh + - -c + - tailscale ip | grep ^100 > /dev/null + periodSeconds: 30 + failureThreshold: 2 + readinessProbe: + exec: + command: + - /bin/sh + - -c + - http_proxy=127.0.0.1:1055 wget -O- ifconfig.co/country 2>&1 | grep $COUNTRY > /dev/null + initialDelaySeconds: 60 + periodSeconds: 60 + failureThreshold: 3 + name: tailscale + securityContext: + privileged: true + runAsGroup: 0 + runAsUser: 0 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access-t4rzn + readOnly: true + - mountPath: /script + name: script + serviceAccount: tailscale + serviceAccountName: tailscale + volumes: + - name: script + configMap: + name: tailscale-script + - name: kube-api-access-t4rzn + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace diff --git a/apps-kustomized/tailscale-proxy/sa.yaml b/apps-kustomized/tailscale-proxy/sa.yaml new file mode 100644 index 0000000..84dfe93 --- /dev/null +++ b/apps-kustomized/tailscale-proxy/sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tailscale diff --git a/apps-kustomized/tailscale-proxy/svc.yaml b/apps-kustomized/tailscale-proxy/svc.yaml new file mode 100644 index 0000000..b09f798 --- /dev/null +++ b/apps-kustomized/tailscale-proxy/svc.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: tailscale-proxy + app.kubernetes.io/instance: tailscale-proxy + name: tailscale-proxy +spec: + ports: + - port: 1055 + protocol: TCP + targetPort: 1055 + selector: + app: tailscale-proxy + type: LoadBalancer diff --git a/apps-kustomized/torrents/deploy.yaml b/apps-kustomized/torrents/deploy.yaml index 89c5483..f33fe7c 100644 --- a/apps-kustomized/torrents/deploy.yaml +++ b/apps-kustomized/torrents/deploy.yaml @@ -14,6 +14,7 @@ spec: labels: app: qbittorrent spec: + initContainers: containers: - image: qbittorrentofficial/qbittorrent-nox:latest name: qbittorrent @@ -34,40 +35,6 @@ spec: value: "/config" - name: QBT_DOWNLOADS value: "/downloads" - - env: - - name: TS_KUBE_SECRET - value: tailscale - - name: TS_USERSPACE - value: "false" - - name: TS_OUTBOUND_HTTP_PROXY_LISTEN - value: "localhost:1055" - - name: TS_SOCKS5_SERVER - value: "localhost:1055" - - name: TS_EXTRA_ARGS - value: "--exit-node=100.90.55.121" - - name: TS_AUTHKEY - valueFrom: - secretKeyRef: - key: TS_AUTHKEY - name: tailscale-auth - optional: true - livenessProbe: - exec: - command: - - ping - - -c1 - - 100.100.100.100 - initialDelaySeconds: 120 - periodSeconds: 5 - image: ghcr.io/tailscale/tailscale:latest - name: ts-sidecar - securityContext: - runAsGroup: 1000 - runAsUser: 1000 - volumeMounts: - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access-t4rzn - readOnly: true preemptionPolicy: PreemptLowerPriority priority: 0 serviceAccountName: tailscale diff --git a/apps-kustomized/whoogle/deploy.yaml b/apps-kustomized/whoogle/deploy.yaml index d193256..a97e95a 100644 --- a/apps-kustomized/whoogle/deploy.yaml +++ b/apps-kustomized/whoogle/deploy.yaml @@ -24,7 +24,7 @@ spec: value: en - name: WHOOGLE_CONFIG_SEARCH_LANGUAGE value: en - image: benbusby/whoogle-search@sha256:ecccdb598f890140bf5564ea0307d3a72871ab3d14fbf22e308b904846e5c590 + image: benbusby/whoogle-search@sha256:5bbb30fc4cf67563b48529c5291813b3d49c290e1e8b9e3aaa5081e9cb6e40c0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 diff --git a/apps-kustomized/zigbee2mqtt2/pvc.yaml b/apps-kustomized/zigbee2mqtt2/pvc.yaml index 29e797d..94e951d 100644 --- a/apps-kustomized/zigbee2mqtt2/pvc.yaml +++ b/apps-kustomized/zigbee2mqtt2/pvc.yaml @@ -8,4 +8,4 @@ spec: storageClassName: longhorn-fast resources: requests: - storage: 128Mi + storage: 1280Mi diff --git a/everything-app/app-ingress-nginx.yaml b/everything-app/app-ingress-nginx.yaml index 147f461..5079ab2 100644 --- a/everything-app/app-ingress-nginx.yaml +++ b/everything-app/app-ingress-nginx.yaml @@ -14,6 +14,10 @@ spec: targetRevision: 4.12.0 helm: parameters: + - name: controller.ingressClassResource.default + value: "true" + - name: controller.config.annotations-risk-level + value: "Critical" - name: controller.service.type value: LoadBalancer - name: controller.allowSnippetAnnotations @@ -33,6 +37,11 @@ spec: more_set_headers -a "X-Robots-Tag: anthropic-ai: none"; more_set_headers -a "X-Robots-Tag: CCBot: none"; more_set_headers -a "X-Robots-Tag: semrushbot: none"; + more_set_headers -a "X-Robots-Tag: Amazonbot: none"; + more_set_headers -a "X-Robots-Tag: dotbot: none"; + more_set_headers -a "X-Robots-Tag: AhrefsBot: none"; + - name: controller.config.block-user-agents + value: "~*Amazonbot,~*SemrushBot,~*DotBot,~*Ahrefsbot,~*GPT" syncPolicy: automated: selfHeal: true diff --git a/everything-app/app-secrets-store-csi-driver.yaml b/everything-app/app-secrets-store-csi-driver.yaml index 6008171..408fbae 100644 --- a/everything-app/app-secrets-store-csi-driver.yaml +++ b/everything-app/app-secrets-store-csi-driver.yaml @@ -11,7 +11,7 @@ spec: source: chart: secrets-store-csi-driver repoURL: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts - targetRevision: 1.3.4 + targetRevision: 1.4.8 syncPolicy: automated: selfHeal: true diff --git a/everything-app/bikerwitch.yaml b/everything-app/bikerwitch.yaml deleted file mode 100644 index a89d89f..0000000 --- a/everything-app/bikerwitch.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: bikerwitch - namespace: argocd -spec: - destination: - namespace: bikerwitch - server: https://kubernetes.default.svc - project: default - source: - helm: - parameters: - - name: service.type - value: LoadBalancer - - name: persistence.enabled - value: "true" - - name: persistence.storageClass - value: "longhorn-fast" - - name: image.repository - value: drupal - - name: image.tag - value: 9.4-php8.0-apache - values: |- - ingress: - enabled: true - annotations: - cert-manager.io/cluster-issuer: letsencrypt - kubernetes.io/ingress.class: nginx - external-dns.alpha.kubernetes.io/target: armnleg.martyn.berlin - hosts: - - host: bikerwitch.martyn.berlin - paths: - - / - - host: www.bikerwitch.org.uk - paths: - - / - tls: - - hosts: - - bikerwitch.martyn.berlin - - www.bikerwitch.org.uk - path: apps-helm/drupal - repoURL: https://git.martyn.berlin/martyn/infra4talos.git - targetRevision: HEAD diff --git a/everything-app/csi4samba.yaml b/everything-app/csi4samba.yaml index 69301c8..d7c4c37 100644 --- a/everything-app/csi4samba.yaml +++ b/everything-app/csi4samba.yaml @@ -11,7 +11,7 @@ spec: source: chart: csi-driver-smb repoURL: https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts - targetRevision: v1.13.0 + targetRevision: v1.17.0 syncPolicy: automated: selfHeal: true diff --git a/everything-app/files-web.yaml b/everything-app/files-web.yaml new file mode 100644 index 0000000..92edf93 --- /dev/null +++ b/everything-app/files-web.yaml @@ -0,0 +1,17 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: files-web + namespace: argocd +spec: + destination: + namespace: files-web + server: https://kubernetes.default.svc + project: apps + source: + path: apps-kustomized/files-web + repoURL: https://git.martyn.berlin/martyn/infra4talos + targetRevision: HEAD + syncPolicy: + automated: + selfHeal: true diff --git a/everything-app/garage.yaml b/everything-app/garage.yaml deleted file mode 100644 index 2a192ad..0000000 --- a/everything-app/garage.yaml +++ /dev/null @@ -1,65 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: garage - namespace: argocd -spec: - destination: - namespace: garage - server: https://kubernetes.default.svc - project: infra - source: - helm: - valuesObject: - service: - type: LoadBalancer - persistence: - enabled: "true" - meta: - storageClass: longhorn-fast - data: - storageClass: longhorn-spinny - size: "1Gi" - deployment: - replicaCount: "1" - garage: - replicationMode: "1" - s3: - api: - rootDomain: ".s3.files.martyn.berlin" - web: - rootDomain: ".martyn.berlin" - ingress: - s3: - api: - className: "nginx" - enabled: "true" - annotations: - external-dns.alpha.kubernetes.io/target: armnleg.martyn.berlin - cert-manager.io/cluster-issuer: letsencrypt - nginx.ingress.kubernetes.io/proxy-body-size: "700m" - tls: - - hosts: - - "s3.files.martyn.berlin" - hosts: - - host: s3.files.martyn.berlin - paths: - - path: / - pathType: Prefix - web: - className: "nginx" - enabled: "true" - annotations: - external-dns.alpha.kubernetes.io/target: armnleg.martyn.berlin - cert-manager.io/cluster-issuer: letsencrypt - tls: - - hosts: - - "files.martyn.berlin" - hosts: - - host: files.martyn.berlin - paths: - - path: / - pathType: Prefix - path: script/helm/garage - repoURL: https://git.deuxfleurs.fr/Deuxfleurs/garage - targetRevision: HEAD diff --git a/everything-app/nodered.yaml b/everything-app/nodered.yaml index fe17f06..10fd9e3 100644 --- a/everything-app/nodered.yaml +++ b/everything-app/nodered.yaml @@ -31,7 +31,7 @@ spec: annotations: external-dns.alpha.kubernetes.io/hostname: nodered.martyn.berlin repoURL: https://k8s-at-home.com/charts/ - targetRevision: 5.3.1 + targetRevision: 5.4.0 syncPolicy: automated: selfHeal: true diff --git a/everything-app/paperless-ngx.yaml b/everything-app/paperless-ngx.yaml index 63c55f8..ec9b2b2 100644 --- a/everything-app/paperless-ngx.yaml +++ b/everything-app/paperless-ngx.yaml @@ -9,57 +9,9 @@ spec: server: https://kubernetes.default.svc project: apps source: - chart: paperless-ngx - helm: - parameters: - - name: service.main.type - value: "LoadBalancer" - - name: persistence.data.enabled - value: "true" - - name: persistence.data.size - value: "1Gi" - - name: persistence.data.accessMode - value: ReadWriteOnce - - name: persistence.data.storageClass - value: "longhorn-fast" - - name: persistence.media.enabled - value: "true" - - name: persistence.media.size - value: "8Gi" - - name: persistence.media.accessMode - value: ReadWriteOnce - - name: persistence.media.storageClass - value: "longhorn-fast" - - name: persistence.export.enabled - value: "true" - - name: persistence.export.size - value: "1Gi" - - name: persistence.export.accessMode - value: ReadWriteOnce - - name: persistence.export.storageClass - value: "longhorn-fast" - - name: persistence.consume.enabled - value: "true" - - name: persistence.consume.size - value: "1Gi" - - name: persistence.consume.accessMode - value: ReadWriteOnce - - name: persistence.consume.storageClass - value: "smb-scans" - - name: postgresql.enabled - value: "true" - - name: postgresql.primary.persistence.enabled - value: "true" - - name: postgresql.primary.persistence.storageClass - value: "longhorn-fast" - - name: env.TZ - value: "Europe/Berlin" - - name: resources.requests.cpu - value: "25m" - - name: resources.requests.memory - value: "511772986" - repoURL: https://charts.gabe565.com - targetRevision: 0.7.8 + path: apps-kustomized/paperless-ngx + repoURL: https://git.martyn.berlin/martyn/infra4talos + targetRevision: HEAD syncPolicy: automated: selfHeal: true diff --git a/everything-app/samba-longhorn-ssd.yaml b/everything-app/samba-longhorn-ssd.yaml index 689537c..edc5521 100644 --- a/everything-app/samba-longhorn-ssd.yaml +++ b/everything-app/samba-longhorn-ssd.yaml @@ -44,6 +44,9 @@ spec: - name: scans size: 1Gi storageClass: longhorn-fast + - name: s3 + size: 20Gi + storageClass: longhorn-fast path: apps-helm/samba4 repoURL: https://git.martyn.berlin/martyn/infra4talos.git targetRevision: HEAD diff --git a/everything-app/tailscale-proxy.yaml b/everything-app/tailscale-proxy.yaml new file mode 100644 index 0000000..f85396f --- /dev/null +++ b/everything-app/tailscale-proxy.yaml @@ -0,0 +1,17 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: tailscale-proxy + namespace: argocd +spec: + destination: + namespace: tailscale-proxy + server: https://kubernetes.default.svc + project: apps + source: + path: apps-kustomized/tailscale-proxy + repoURL: https://git.martyn.berlin/martyn/infra4talos + targetRevision: HEAD + syncPolicy: + automated: + selfHeal: true