prskr/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

refactor: use SOPS to encrypt secrets
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse source
This commit is contained in:
Peter 2023-10-26 21:57:43 +02:00
parent 095be2721d
commit 2578e6951d
No known key found for this signature in database
65 changed files with 1101 additions and 269 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.sops.yaml Normal file
View file

@ -0,0 +1,5 @@
creation_rules:
- unencrypted_regex: "^(apiVersion|metadata|kind|type)$"
age: >
age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we,
age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr

1
apps/drone/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
charts/

29
apps/drone/base/config/values.drone-runner-arm64.yaml Normal file
View file

@ -0,0 +1,29 @@
image:
tag: 1.8.3
replicaCount: 4
extraSecretNamesForEnvFrom:
- drone-runner-secrets
env:
DRONE_RUNNER_PRIVILEGED_IMAGES: code.icb4dc0.de/inetmock/inetmock
DRONE_RPC_HOST: drone.drone.svc.cluster.local:8080
DRONE_RPC_PROTO: http
DRONE_RUNNER_CAPACITY: 1
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- drone-runner-docker
topologyKey: kubernetes.io/hostname
nodeSelector:
kubernetes.io/arch: arm64

27
apps/drone/base/config/values.drone-runner-x86-64.yaml Normal file
View file

@ -0,0 +1,27 @@
image:
tag: 1.8.3
extraSecretNamesForEnvFrom:
- drone-runner-secrets
env:
DRONE_RUNNER_PRIVILEGED_IMAGES: code.icb4dc0.de/inetmock/inetmock
DRONE_RPC_HOST: drone.drone.svc.cluster.local:8080
DRONE_RPC_PROTO: http
DRONE_RUNNER_CAPACITY: 1
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- drone-runner-docker
topologyKey: kubernetes.io/hostname
nodeSelector:
kubernetes.io/arch: amd64

42
apps/drone/base/config/values.drone.yaml Normal file
View file

@ -0,0 +1,42 @@
image:
tag: 2.20.0
ingress:
enabled: true
annotations:
gethomepage.dev/description: CI/CD system
gethomepage.dev/enabled: "true"
gethomepage.dev/group: Apps
gethomepage.dev/icon: drone.png
gethomepage.dev/name: Drone CI/CD
hosts:
- host: drone.icb4dc0.de
paths:
- path: /
pathType: Prefix
service:
port: 8080
persistentVolume:
enabled: false
extraSecretNamesForEnvFrom:
- drone-secrets
env:
## REQUIRED: Set the user-visible Drone hostname, sans protocol.
## Ref: https://docs.drone.io/installation/reference/drone-server-host/
##
DRONE_SERVER_HOST: "drone.icb4dc0.de"
DRONE_SERVER_PROTO: https
DRONE_DATABASE_DRIVER: postgres
DRONE_GIT_ALWAYS_AUTH: true
DRONE_S3_ENDPOINT: http://minio.minio.svc.cluster.local:9000
DRONE_S3_BUCKET: drone
DRONE_S3_PATH_STYLE: true
AWS_DEFAULT_REGION: us-east-1
AWS_REGION: us-east-1
DRONE_REDIS_CONNECTION: redis://drone-session-cache-keydb:6379

31
apps/drone/base/config/values.keydb.yaml Normal file
View file

@ -0,0 +1,31 @@
imageRepository: code.icb4dc0.de/prskr/infrastructure/keydb
imageTag: v6.3.2
podDisruptionBudget:
enabled: true
persistentVolume:
enabled: false
resources:
requests:
cpu: 10m
memory: 60Mi
limits:
cpu: 100m
memory: 128Mi
serviceMonitor:
enabled: true
labels:
prometheus: default
exporter:
enabled: true
imageTag: v1.51.0
resources:
requests:
cpu: 50m
memory: 50Mi
limits:
cpu: 150m
memory: 100Mi

40
apps/drone/base/kustomization.yaml Normal file
View file

@ -0,0 +1,40 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: drone
commonLabels:
app.kubernetes.io/instance: icb4dc0de
app.kubernetes.io/managed-by: kustomize
commonAnnotations:
"helm.sh/resource-policy": keep
helmCharts:
- name: keydb
repo: https://enapter.github.io/charts/
releaseName: drone-session-cache
namespace: nocodb
version: "0.48.0"
valuesFile: config/values.keydb.yaml
- name: drone
repo: https://charts.drone.io
releaseName: drone
namespace: drone
version: "0.6.3"
valuesFile: config/values.drone.yaml
- name: drone-runner-docker
repo: https://charts.drone.io
releaseName: drone-kube-runner-arm64
namespace: drone
version: "0.6.0"
valuesFile: config/values.drone-runner-arm64.yaml
- name: drone-runner-docker
repo: https://charts.drone.io
releaseName: drone-kube-runner-x86-64
namespace: drone
version: "0.6.0"
valuesFile: config/values.drone-runner-x86-64.yaml

20
apps/drone/kustomization.yaml Normal file
View file

@ -0,0 +1,20 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
commonLabels:
app.kubernetes.io/instance: icb4dc0de
app.kubernetes.io/managed-by: kustomize
commonAnnotations:
"helm.sh/resource-policy": keep
resources:
- "base/"
- "resources/namespaces.yaml"
- "resources/sa.yaml"
- "resources/sa_secret.yaml"
- "resources/cluster_role.yaml"
- "resources/role_bindings.yaml"
generators:
- ./secret-generator.yaml

44
apps/drone/resources/cluster_role.yaml Normal file
View file

@ -0,0 +1,44 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: drone-deploy
rules:
- apiGroups: [""]
resources:
- secrets
- configmaps
- pods
- services
- persistentvolumeclaims
- serviceaccounts
verbs: ["*"]
- apiGroups: ["apps"]
resources:
- replicasets
- deployments
- statefulsets
verbs: ["*"]
- apiGroups: ["batch"]
resources:
- jobs
- cronjobs
verbs: ["*"]
- apiGroups: ["autoscaling"]
resources:
- horizontalpodautoscalers
verbs: ["*"]
- apiGroups: ["networking.k8s.io"]
resources:
- ingresses
verbs: ["*"]
- apiGroups: ["rbac.authorization.k8s.io"]
resources:
- roles
- rolebindings
verbs: ["*"]
- apiGroups: ["monitoring.coreos.com"]
resources:
- podmonitors
- servicemonitors
verbs: ["*"]

37
apps/drone/resources/drone-runner-secrets.enc.yaml Normal file
View file

@ -0,0 +1,37 @@
apiVersion: v1
kind: Secret
metadata:
name: drone-runner-secrets
namespace: drone
type: Opaque
stringData:
DRONE_RPC_SECRET: ENC[AES256_GCM,data:HEXPjEhzVd32+DrxgsZUj3wSX21QCuMjHiwR1P+OhOI=,iv:DWcpdvoO5x3pAbAYtHPC0t8CCzUV6EHBeM5pwNxH/yw=,tag:oLRLwOmbNMsOD2NclOQwFg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBldVdpMWV2eW85bzJ2aDQr
a0dQcEtZZHRvdG5iTGlBc1dQRFRLbVVoZEJVCkluZnFqTkZoL2p5QUdReWtHVFlE
bzhMMldBNG83TzlhTlZrL1dLRi82aEEKLS0tIDBka2xPN2E0ZE1ZN2RYUlNFcmZu
eURnd1RpYzZ4NmdRSUN3aXVYVDYwWVUKeUhg2fbE+L1Dr4re0kuJ0Lhhf38lJiZ3
7D0szVTlCoIcFQFMOUNwpNdYGuBkyXhJgpSpyUhIuPGE5gxkrLZI1g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYTWEyaWZXd3pSVFQ4NnV3
N3c2S2RUQTU1MDZwQ0tuVVk0bmxIU1NuY0hBCitQdE1JYm9MRjNrN2kzSmNOWUQ0
UCtZODZRaUhiTnhvSjBVUk94ZDFDWFkKLS0tIFo2bVlUbUFOUk9ESmdvKzkrQlY2
QzVTTjVsb0ovT1JNRUw2dXQrcnVJUm8KvQ4hyDw8ImxrSzn5qpo9xkkQnapDXwKl
lfV9wESEo23V5MO/ZMxGBl1S1RzR10abcwkuzpYNfDr5DW4wvKPdYA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-26T19:23:40Z"
mac: ENC[AES256_GCM,data:eFCDA4wsm056C1Vzjer5whxItNoZNk7w3c0VvcpIMN0qrP6u7vZjEezsrT9OGv/sh7DLvVRx6qmIKZ6tw8kc7cutZB7OqfqwYLTTkPcXbVPIwCubjc4LseyFeXGhPQmQH52c8SCtKM/Ft9WMdlE624mpACLUXp7aKvGuiRkwREs=,iv:Qbt+GkUyYeopknU+z4nQ96q6blmuKS3gShQ8GuZ/qFw=,tag:OpUHMsil1ij3FbWIe43FAQ==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1

45
apps/drone/resources/drone-secrets.enc.yaml Normal file
View file

@ -0,0 +1,45 @@
apiVersion: v1
kind: Secret
metadata:
name: drone-secrets
namespace: drone
type: Opaque
stringData:
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:bLbQALnKFmjIWayuvgJK+w==,iv:MXpJa4ctbumf8u7erB66dpu6umQFmcKry0rJijECSpQ=,tag:UE8z+UW4ulwG9i3NKyfO4w==,type:str]
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:5oEn7d5MII2h1swwLS2YKHXLUYdTLZ9c4NU+j3xjk/I+ZdXZkXsy4mfewxWCZT+AmJHlJY2A1pB5t0nKFw5H,iv:bgoy8y+eOuIRPSuN7LZSQLVPnRjTVhBhUXJ2Vn54acc=,tag:LeuivYJtkSXtoMVRGz1F5A==,type:str]
DRONE_COOKIE_SECRET: ENC[AES256_GCM,data:zG8FSKnxIRVk7cCbtIP6VC2tbM+FfjFcg5Y6mTE19Tw=,iv:Ac50qD8l7CwtGxFFITl/0dMq1McHbztU7320v4pPWFs=,tag:JZCwGhJ+NQ/pdpULMzI+pQ==,type:str]
DRONE_DATABASE_DATASOURCE: ENC[AES256_GCM,data:qoH2QxBMwK+24ZsWe0F5VcbINvreEIdyT258uusu7BjjzEOWql8b5h8Ipj8fUK4lsPR+WnqG68TlGRYEZFM12o9EB7IPs8R47ERE6qfFN1Sdi5Vdf4kmEYWPnsJrJyc7mzovLTFJLwr85ZpYv64aSw7n0io13y0=,iv:1+xiSO+htrq381gpIri9/2I4CkzGSfT2Av0h3RXEQ5Q=,tag:f9Mg2CDo0HlkWpBkl6j+nw==,type:str]
DRONE_DATABASE_SECRET: ENC[AES256_GCM,data:qSNVcSzH0y0pCY07Y3yDjfMaPZFtPWEmf3tqq076n7o=,iv:XNJaU2kQJeS7iMJyIoAkwzVS3QdqLAZy/FbE3VFvYXU=,tag:FPYbmgQ8/VSkMexXko+7Nw==,type:str]
DRONE_GITEA_CLIENT_ID: ENC[AES256_GCM,data:jTR4bxuyrxt5llnRDuBHnughiIyzKQ2JEylh16wjZDIyWrid,iv:NrUudI15R+ZiaL3M/k70Mdfm20aerCWjDs6R0MHC4Hc=,tag:kfX4fNcCP4Xy//V72WzDrg==,type:str]
DRONE_GITEA_CLIENT_SECRET: ENC[AES256_GCM,data:0t8swJmx5qSvx7q9GsuRU+FOfcKxelIzDm5u16Nypfrqf5m9CbqmT39Uibj1wL8dWwx04Xo4mxc=,iv:agqn9RVuDq9WXly1AvckabpIyOqyK+0E89u4iItKRn4=,tag:KZLQlq+61QZtFGY/CnlQ2w==,type:str]
DRONE_GITEA_SERVER: ENC[AES256_GCM,data:BgMZnIL6OM5r4N+L4RU9t8Pf2XOEMYA=,iv:4dbpEY3iCMmwEOPwp40VDkOIYUOfCkOnRXsmf9P/acE=,tag:1Vb6R/s+sK1UnZBIkZXxKQ==,type:str]
DRONE_RPC_SECRET: ENC[AES256_GCM,data:dyaF1jehSfCk+3lbuPffibwpXEQCggb1O7YRNu1Li7Q=,iv:wBlkUev6z1F9n+BjDfa5NAXjBbGm94AEfdUqiwrxUek=,tag:y66eOgLjTnYA3ZYFgWMKTg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHUXdoTlVUYW1kSEp1eVF6
OFVUbndGRjEvR0ppOW94K2ZEekpCTjNXQlU4ClpsRkVKd2JSTldacm9Ddm9OZ2N0
Q0dtRUpTMmdIZkRwaDBHNUpmbG1Wbk0KLS0tIHM2OW9MYUord0pTT1ZRSXQvLzlN
VWR5WmNSTUF4MWNnVW5kQnBKUVZWNkkKErKeKJge7brrhxxZqlE7SOxQVcRczPhH
yd/bmsHwg84yOOsJejwXTMAmZcEns6qIHpq6PE7icqnsm40H6Ms1zQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2RGhBQmZxY3BVK1JyY2JF
SUZDbUpQbUliQUpGM0VPQ3J3Y2txNXVVZlU0Ck1KY0NoM3IycUNPV0pkeWliVVNM
KzA5a0trQTN2ZDFmZUV3ZnlNVFF5K0kKLS0tIGdJWFJrNUU4UHFZSnNCMWMwSW5S
VGN1VEJlL3RxOXVwNmo3RTk4aUhEb1EKtAHu3KqQ7EH7SQE/Dvc6gfuSmkcsy3+c
1xxDYh69cMHkV3q4Wfnqg/DyWUq6D7OE4tVAuzNfo1SzZuBHXXCdQQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-26T19:21:02Z"
mac: ENC[AES256_GCM,data:lwiL9GLN8fDPfIrKxqciJXOz7vUbgxtayfqQwrxp94TTOTaAnraKIy60RlkP2PJUuj9Rdcl7sTLSWRrkwgUq08xvNjEOnQ70TuWQAaSR9J0udWsvPQWn951xr3lzzkE6M6ZI/3JCX87gXrocAih1ogpU9b6uz4zUiuhuHk8UogI=,iv:OZJhT0XFhsU2+HZ1YhqAsZniGeBipQqYcP6CJFJjTac=,tag:LYzqKBUiw7ETaRETVOym5A==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1

28
apps/drone/resources/namespaces.yaml Normal file
View file

@ -0,0 +1,28 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: drone
labels:
prometheus: default
---
apiVersion: v1
kind: Namespace
metadata:
name: inetmock
labels:
prometheus: default
---
apiVersion: v1
kind: Namespace
metadata:
name: blog
labels:
prometheus: default
---
apiVersion: v1
kind: Namespace
metadata:
name: buildr
labels:
prometheus: default

42
apps/drone/resources/role_bindings.yaml Normal file
View file

@ -0,0 +1,42 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: drone-deploy-blog
namespace: blog
subjects:
- kind: ServiceAccount
name: drone-deploy
namespace: drone
roleRef:
kind: ClusterRole
name: drone-deploy
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: drone-deploy-inetmock
namespace: inetmock
subjects:
- kind: ServiceAccount
name: drone-deploy
namespace: drone
roleRef:
kind: ClusterRole
name: drone-deploy
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: drone-deploy-buildr
namespace: buildr
subjects:
- kind: ServiceAccount
name: drone-deploy
namespace: drone
roleRef:
kind: ClusterRole
name: drone-deploy
apiGroup: rbac.authorization.k8s.io

6
apps/drone/resources/sa.yaml Normal file
View file

@ -0,0 +1,6 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: drone-deploy
namespace: drone

9
apps/drone/resources/sa_secret.yaml Normal file
View file

@ -0,0 +1,9 @@
---
apiVersion: v1
kind: Secret
metadata:
name: drone-deploy
namespace: drone
annotations:
kubernetes.io/service-account.name: drone-deploy
type: kubernetes.io/service-account-token

12
apps/drone/secret-generator.yaml Normal file
View file

@ -0,0 +1,12 @@
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
# Specify a name
name: drone-secrets-generator
annotations:
config.kubernetes.io/function: |
exec:
path: ksops
files:
- ./resources/drone-secrets.enc.yaml
- ./resources/drone-runner-secrets.enc.yaml

0
k8s/roles/hedgedoc/files/config/base.env → apps/hedgedoc/config/base.env
View file

4
k8s/roles/hedgedoc/files/kustomization.yaml → apps/hedgedoc/kustomization.yaml
View file

@ -13,10 +13,14 @@ commonLabels:
app.kubernetes.io/managed-by: kustomize app.kubernetes.io/managed-by: kustomize
resources: resources:
- "resources/namespace.yaml"
- "resources/deployment.yaml" - "resources/deployment.yaml"
- "resources/service.yaml" - "resources/service.yaml"
- "resources/ingress.yaml" - "resources/ingress.yaml"
generators:
- ./secret-generator.yaml
secretGenerator: secretGenerator:
- name: hedgedoc-base-config - name: hedgedoc-base-config
envs: envs:

41
apps/hedgedoc/resources/config.enc.yaml Normal file
View file

@ -0,0 +1,41 @@
apiVersion: v1
kind: Secret
metadata:
name: hedgedoc-secret-config
type: Opaque
stringData:
CMD_DB_URL: ENC[AES256_GCM,data:4nqueG0hIb5fPQbPJll+keWZVODpFxBUhVkeHTKJ2/J8Kpj8DMuU41HLQ1+iGFiUtEdv2LPvbgDOeXT4UR3zjDdGL96SpKbLQIKQlNjPWNfUXeHASkiIiMHh9Y7z3d/s2coopzk9ULTHs5XIMywCUoY8DX4=,iv:drx1hQdbsLbPSojSL79TFop1wni2KxNPJ+KwlOL9WQo=,tag:4JbriWueqRye/n3rnBpSkw==,type:str]
CMD_MINIO_ACCESS_KEY: ENC[AES256_GCM,data:X35aVIq7gnKpmqDRc7GTPA==,iv:awU1uonCr4xtgUB5/aFWWQOH+ztD8VQVj4b0wX/Lrwg=,tag:5VYSNlAVGuW1WGQHJfrsvA==,type:str]
CMD_MINIO_SECRET_KEY: ENC[AES256_GCM,data:jM21N3cxeiKh/IJJY9Tka4cj77yzTmI6F8lxA/H69XErUnOy8Ve8NQWCGb6NkZvHCVelfs2FUoPtVitNbXte,iv:jNVspSWVTCco0R6sbRdn8EyIzA5YPziMzUrpf0q57ow=,tag:Oo6ppZnPo9umgCYMEDC8Zg==,type:str]
CMD_OAUTH2_CLIENT_ID: ENC[AES256_GCM,data:x1zEeQl4WM49dmbx9v159APlimVVmQX4uPUTa0Nwu7jazcD1,iv:eXSk8Js2OhKC6q1M2anzCdC30IqA9YIj7rxmzFRE4bo=,tag:zgutG/3INA7DxUY5PRJoIg==,type:str]
CMD_OAUTH2_CLIENT_SECRET: ENC[AES256_GCM,data:biyLVbyONbJK2V16Zz9/MVdpdqu3iTzsyBVx0iKK5MCyNfU1Y0lV9g88w44junGvvby/LWOAEGs=,iv:uSRtuu+bHpt8JOVfw5BpCXjqWW07x0jJ8Ja2pIcoQf4=,tag:He4d6BrE1V9OJbNH3hrPcQ==,type:str]
CMD_SESSION_SECRET: ENC[AES256_GCM,data:Nq6arL1aE69BeTRjx4pA90xZqcOtqOb3R/Zt98FyIVd+Uq53dWsqURG2M+IQpvl9MEpY8FpUNY0=,iv:JaOAe8YgNVnDBzV2x1TSqMJq36Qwqazk6cCkWwseBZc=,tag:FMKKOhow/w5HLwfNarQdjQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5cHVKUm5Nby9hSjdOM3JY
UWs0UWdrNC9FOVd1b1VjK1BmYVdwZng4T2tvCnBhYVdNbGFwWnBPMkJiSk1pbHlv
aGJTRjdsb1JrSHpIMk5JWEZNOTBoc0kKLS0tIEZscSs4SFVIVG5NanlUQU1IM1hv
M1F2WE1taWZ2bG0reU1EYWw2K1pZK2cKSHxed4HgSf0vKNGBMuFaS99znRPphkoF
TgjkD7nI/nyvflV0Bs1lqMlWZJsyY9+HaLp38j95mAcXc224SSBMxw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtd3k2MzQ2aGx0NmwzYU95
QkVNVkJuQmdrOEUwM3FJNGFOZndxYWFTeVFZCmo3RnRQakxoelV6WmJHK3UyMnBZ
NTMvYkxqWHhYbjVBSkV5YjZlZTdndjQKLS0tICs5UlQwNHAvdW5oYXlqYTFFOEM5
ZXpzNmEzbXhtZDkySFM2L0VQTzZCdTQKh46uRnVtRzzdnnnuCJNwgQo8AeNKpc6B
WC91My4qyOtvM9J+FJC71DTovfmHrZw0YWbPwXqNRU6XBWHfC/MViA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-25T20:06:34Z"
mac: ENC[AES256_GCM,data:WbkEZi02UASYMudLJVaQpuB7blx4UDm80dBiN0zPad6n5tRs+W0g5cahhMa9LkFH6mlUQbGTk4ndjQZgVeXVBE8LKyfvz+tlAP7+OR6yFx3AsHG1KCORolDJkFAQbqmV6fprvE0OxZZgPtu6OkSEMw2s5tdpRYr2EV1E2y7X0NU=,iv:AUeybEhdKQJNqBtTgpLWojk4x0aEpT5QFisEAQCFmWg=,tag:hAWw0vd8lzKeWbS1nb7fJA==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1

0
k8s/roles/hedgedoc/files/resources/deployment.yaml → apps/hedgedoc/resources/deployment.yaml
View file

6
k8s/roles/hedgedoc/files/resources/ingress.yaml → apps/hedgedoc/resources/ingress.yaml
View file

@ -3,6 +3,12 @@ apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:
name: hedgedoc name: hedgedoc
annotations:
gethomepage.dev/description: Markdown scratch pad
gethomepage.dev/enabled: "true"
gethomepage.dev/group: Apps
gethomepage.dev/icon: https://md.icb4dc0.de/icons/android-chrome-192x192.png
gethomepage.dev/name: HedgeDoc
spec: spec:
rules: rules:
- host: md.icb4dc0.de - host: md.icb4dc0.de

7
apps/hedgedoc/resources/namespace.yaml Normal file
View file

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: hedgedoc
labels:
prometheus: default

0
k8s/roles/hedgedoc/files/resources/service.yaml → apps/hedgedoc/resources/service.yaml
View file

11
apps/hedgedoc/secret-generator.yaml Normal file
View file

@ -0,0 +1,11 @@
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
# Specify a name
name: hedgedoc-config-secret-generator
annotations:
config.kubernetes.io/function: |
exec:
path: ksops
files:
- ./resources/config.enc.yaml

11
apps/homepage/config/oauth2-proxy.env Normal file
View file

@ -0,0 +1,11 @@
OAUTH2_PROXY_PROVIDER=github
OAUTH2_PROXY_PROVIDER_DISPLAY_NAME=Forgejo
OAUTH2_PROXY_REDIRECT_URL=https://home.icb4dc0.de/oauth2/callback
OAUTH2_PROXY_LOGIN_URL=https://code.icb4dc0.de/login/oauth/authorize
OAUTH2_PROXY_REDEEM_URL=https://code.icb4dc0.de/login/oauth/access_token
OAUTH2_PROXY_VALIDATE_URL=https://code.icb4dc0.de/api/v1/user
OAUTH2_PROXY_REVERSE_PROXY=true
OAUTH2_PROXY_UPSTREAMS=http://127.0.0.1:3000
OAUTH2_PROXY_EMAIL_DOMAINS=*
OAUTH2_PROXY_HTTP_ADDRESS=0.0.0.0:3001
OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true

34
apps/homepage/kustomization.yaml Normal file
View file

@ -0,0 +1,34 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: homepage
images:
- name: homepage
newName: ghcr.io/gethomepage/homepage
newTag: "v0.7.4"
- name: oauth2-proxy
newName: quay.io/oauth2-proxy/oauth2-proxy
newTag: v7.5.1
commonLabels:
app.kubernetes.io/instance: icb4dc0de
app.kubernetes.io/managed-by: kustomize
resources:
- "resources/namespace.yaml"
- "resources/sa.yaml"
- "resources/sa_secret.yaml"
- "resources/cluster_role.yaml"
- "resources/cluster_role_binding.yaml"
- "resources/deployment.yaml"
- "resources/service.yaml"
- "resources/ingress.yaml"
generators:
- ./secret-generator.yaml
secretGenerator:
- name: oauth2-proxy-base-config
envs:
- "config/oauth2-proxy.env"

49
apps/homepage/resources/cluster_role.yaml Normal file
View file

@ -0,0 +1,49 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: homepage
labels:
app.kubernetes.io/name: homepage
rules:
- apiGroups:
- ""
resources:
- namespaces
- pods
- nodes
verbs:
- get
- list
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- apiGroups:
- traefik.containo.us
resources:
- ingressroutes
- ingressroutes/status
verbs:
- get
- list
- apiGroups:
- metrics.k8s.io
resources:
- nodes
- pods
verbs:
- get
- list
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
- customresourcedefinitions/status
verbs:
- get
- list

15
apps/homepage/resources/cluster_role_binding.yaml Normal file
View file

@ -0,0 +1,15 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: homepage
labels:
app.kubernetes.io/name: homepage
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: homepage
subjects:
- kind: ServiceAccount
name: homepage
namespace: default

43
apps/homepage/resources/config.enc.yaml Normal file
View file

@ -0,0 +1,43 @@
apiVersion: v1
kind: Secret
metadata:
name: homepage-config
type: Opaque
stringData:
bookmarks.yaml: ENC[AES256_GCM,data:EpNhM/Uaoo/zGpsbsrmLvNSSAplc1pUrOA1LP2wZY4zh3fgHc/f47e95j59Wa9YScGbEx3/+nzUbvQmW2i1zjV+9pLQRcBg6RsBWhRcwLlmcTA==,iv:5pxGhroFCqv1jaDQY0FZN1ReJ3H6HSrdaQFWzekKczU=,tag:ebhZM3Ux5SwbXupEA+qsHw==,type:str]
custom.css: ""
custom.js: ""
docker.yaml: ""
kubernetes.yaml: ENC[AES256_GCM,data:I+/V1rEWrQ5AH7mt8g==,iv:hMiXMxRKXLaJItecxULvDkzV0pdF1VwridsfgvG6pKU=,tag:9c9lLvSsHPqPZnBbWcm0/Q==,type:str]
services.yaml: ENC[AES256_GCM,data:3d8SWZ/mmKnAkaC3IHpsuz8pbB2+XA5dKb+skTbpnxOhJmEHpTVpzEPS7s7AdaPZbuHPSN2HMgURKF3/tgwNSje7a20W+ApUc1nNfqBnCldzz14gVJp9X4JVtY/9COc3lmSBgkFoQTv/HmLlxtIps3eYfUU2lfabZiMMYWKKvJ9kpIDamsQCwmwP2w/scf5bUXs7xmmq7tLZHuEY4R3e1cuZrlukF3ZhIyIugCb6G7J8zAPZxMnaQ+shewLaRijcPqk+Oj8GgucPnr8IGLC83QXpbbE5XhSCYNNSWYDXyDukuBoulQuzJTR3UfmmdiqKCT+U2m06p+JeEnXOtOe0ovjMc/cb2e9UruBp4NqMBKw0ZaXKJBb4dRkDgBr8KZm5iHFFqO9b6aVDQR8g/CB4dMJ+2F6uXf2nGdEoMTW9x3Jdzgssvu1E8GIGA69l5CaDfY02n1s9pJQnSewK5oft2f9VKKbXVZ+C3Hbvfo/hLi6hGQCuwLYABPYfSlTXbc4w1mNHjMH79axO0lQfra3RPHdl9zfLc8yvaAMn4JGSb4m4yk/85ymX46QHrQL7OWoM8zpiknCrbRmty9hSRQ0j2IoKXBeZf/xuzhukZqJbJztfOs7RrALZg33z/U/xmGnNdTKVpBf3gF6Oltvt1alzfnWSjpBUAgpVtpUdXPtqm7EiCCwDbk7qWGm/hJpY9gfl+GLRZ5iieUroycGahqFMJV3u20/DD8vAjf1H30a1uenDfmiEqdqRCUFndsY/hWAMik+dZKu1RBrWNp1v/CJqxJ8=,iv:KBXZ45bV9tosXm8isbs+twA9ghQ5T++6NUOt+zzaC/4=,tag:19ivPWPlJP8kI2qeRUVvqw==,type:str]
settings.yaml: ENC[AES256_GCM,data:yvYu7VrWPeDZWEeiLCx7ow76HRgmEWVAfczOkZFlpc1Yrq5ASISiXhk=,iv:2s0Kz25YMh7yZ6CotJhFdLEiAbvEFYNzp3ghksbWm28=,tag:q1bl1+s24KGgj8N7cpEjVw==,type:str]
widgets.yaml: ENC[AES256_GCM,data:ph9yvrX38L1RqCi8L0fjPQF7BmNNksdBiZdhBUoomw+xjF+99Nn+fj6AQVo2WvFy8LKsx++lT36eAO1WJR4i1HvTjTcIPSzMcVeM7TxvEsNEX9ZVzxqaneo7w3/R6FcjnAHLqMbDya9oqmEVUkBiwXcfQevWEZLff0KLWBeDdH8ILRGY0DLwSteWw2bwnkhsJkUahMbNihA6x4aKGMTQwQjJOGlh8WGDEC9fvq+BVu0bfJ5Oqy4eO2pynI6sGdHlX30456puDFxhha3Hc/Okckoek2+G6CfMFC1u5NSfatqqSNaWmgRFtJlRkDuAoGupMQhlocKrlHWG9KyLwAp75PiK5/P1bu9+5YlkBHipiJMQaeqnh+3E7BRY/QL7Q4dsgVA1c+lRwgh2iY+6snWIlPfxGHYt5aJIPjdGynDZCS6lO5eUhjvRzYFDUjjVUhllLTwJodqTYBqZj3sqMnIjlV1AN0eKDilAD7A3ovMFGeFaqXAMkJ1qqTO98Q0EtqlC1m7TLnbuuYT24R3t7F35jvFMAkapIAoE4kTaChwq5FRwtWSf25IDXhfK0Yc30j9374fYZ6Hj95sf1GtRp/n2Hv9mVZ7RN13uelHJAqK+QBdIGNGLE7eamMhrOjcI8LkQMc7doMWsqgAFgdrZ1rp2HLayVa0cxCU7tTcJn2qCamTYFRquEO/oNaCwdNHTsKWH/phzEwz9BEz/c0vNEc0xLn3cXIUbwL0/C9DFyA+HHLNiAP/KkRAa+cWNnCyihkdSGTK82p9yiAZG74c+ZJPWFOi2XakTmSM=,iv:hUKLr3J6G660sUJbHx7y40q4sU2Zve64KAHdVxe8nGg=,tag:dIRk9SulLYfE0Th3eX12xA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIQVVaUUl4NjV6RkdpTzh3
WEZIR3hScC9RaDlHMnJscjdWN1RZMXVmSEhNCnZsUGtuOGV6MWVadHdZcGpjOU9j
UDNPNW1WRXdWT0Z3SndDeWkxWEQ5SkUKLS0tIEsrSXZyTHI5dmt2dktsZDFrTm92
VTVlZTNqUFR3eXNBVW1DMVVLSzZJSkUKPy0xO7yQuuy+fzngITe71drKxsRvZUoI
je3yUDNG0oNk/vVLityGc0p+4K0YBTCwQbNReEtG3gaNytcM75zcGw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3K2lNaUgvZjJqV3V5MzVy
ald4MTVIUWU1WG1ES1Yza0JhaWhFTDFCMVNnClRqajloVm51WnZsNG9SSGFDUG5S
YnZwZ2NGVlowaTJIcGtid0crVlZ2a2MKLS0tIHNuaEhtd3VXcDNKYzUxZjE1ZEkv
dWZHWXNNQlBIRTA1dFZXdXM1ZzlFSXMK3BJyrwoIRldG3lrGpNKiMA0QWNQA1jt1
zEqT2pgENYG8SZLXHKH3Ywrb9fNjHYPajLC6bYxkwTqTSIziNiwmaQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-25T19:41:17Z"
mac: ENC[AES256_GCM,data:bsjhBINLZxZUB+KUMKmJ1gFD+bkzZ9xSX0iClGRmBZb7dh2rMNPKjCfPGRdYkLEcVbREbbHYPgw74RrHYlc7cjDWiNQEB2i8xkPCScE5B8xQxmHQOIkWW4u2IR26vqPhslXI5ucYi9ojO6I5vrtbuIdxvVAdHUyqjNOz1o4/vFY=,iv:cwMx4ItAph0ETcJf6MJhIDd49eK7G7Bk9bGCksNhF0M=,tag:uv8Qd8jbnTRQKiz8BhXSOg==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1

64
apps/homepage/resources/deployment.yaml Normal file
View file

@ -0,0 +1,64 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: homepage
labels:
app.kubernetes.io/name: homepage
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/name: homepage
template:
metadata:
labels:
app.kubernetes.io/name: homepage
spec:
serviceAccountName: homepage
automountServiceAccountToken: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
containers:
- name: homepage
image: homepage
volumeMounts:
- mountPath: /app/config
name: homepage-config
readOnly: true
- mountPath: /app/config/logs
name: logs
resources:
requests:
memory: 256Mi
cpu: 100m
limits:
memory: 512Mi
cpu: 200m
- name: oauth2-proxy
image: oauth2-proxy
envFrom:
- secretRef:
name: oauth2-proxy-base-config
- secretRef:
name: oauth2-proxy-secret-config
ports:
- name: http
containerPort: 3001
protocol: TCP
resources:
requests:
memory: 50Mi
cpu: 10m
limits:
memory: 100Mi
cpu: 20m
volumes:
- name: homepage-config
secret:
secretName: homepage-config
- name: logs
emptyDir: {}

25
apps/homepage/resources/ingress.yaml Normal file
View file

@ -0,0 +1,25 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: homepage
labels:
app.kubernetes.io/name: homepage
annotations:
gethomepage.dev/description: THE home page
gethomepage.dev/enabled: "true"
gethomepage.dev/group: Apps
gethomepage.dev/icon: homepage.png
gethomepage.dev/name: Homepage
spec:
rules:
- host: "home.icb4dc0.de"
http:
paths:
- path: "/"
pathType: Prefix
backend:
service:
name: homepage
port:
number: 3000

7
apps/homepage/resources/namespace.yaml Normal file
View file

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: homepage
labels:
prometheus: default

9
apps/homepage/resources/sa.yaml Normal file
View file

@ -0,0 +1,9 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: homepage
labels:
app.kubernetes.io/name: homepage
secrets:
- name: homepage

10
apps/homepage/resources/sa_secret.yaml Normal file
View file

@ -0,0 +1,10 @@
---
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
name: homepage
labels:
app.kubernetes.io/name: homepage
annotations:
kubernetes.io/service-account.name: homepage

16
apps/homepage/resources/service.yaml Normal file
View file

@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
name: homepage
labels:
app.kubernetes.io/name: homepage
annotations: {}
spec:
type: ClusterIP
ports:
- port: 3000
targetPort: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: homepage

11
apps/homepage/secret-generator.yaml Normal file
View file

@ -0,0 +1,11 @@
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
# Specify a name
name: homepage-config-secret-generator
annotations:
config.kubernetes.io/function: |
exec:
path: ksops
files:
- ./resources/config.enc.yaml

1
apps/nocodb/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
charts/

0
k8s/roles/nocodb/files/config/base.env → apps/nocodb/config/base.env
View file

0
k8s/roles/nocodb/templates/values.nextcloud-keydb.yml.j2 → apps/nocodb/config/values.keydb.yaml
View file

12
k8s/roles/nocodb/files/kustomization.yaml → apps/nocodb/kustomization.yaml
View file

@ -13,12 +13,24 @@ commonLabels:
app.kubernetes.io/managed-by: kustomize app.kubernetes.io/managed-by: kustomize
resources: resources:
- "resources/namespace.yaml"
- "resources/pvc.yaml" - "resources/pvc.yaml"
- "resources/deployment.yaml" - "resources/deployment.yaml"
- "resources/service.yaml" - "resources/service.yaml"
- "resources/ingress.yaml" - "resources/ingress.yaml"
generators:
- ./secret-generator.yaml
secretGenerator: secretGenerator:
- name: nocodb-base-config - name: nocodb-base-config
envs: envs:
- "config/base.env" - "config/base.env"
helmCharts:
- name: keydb
repo: https://enapter.github.io/charts/
releaseName: nocodb-keydb
namespace: nocodb
version: "0.48.0"
valuesFile: config/values.keydb.yaml

43
apps/nocodb/resources/config.enc.yaml Normal file
View file

@ -0,0 +1,43 @@
apiVersion: v1
kind: Secret
metadata:
name: nocodb-secret-config
type: Opaque
stringData:
#ENC[AES256_GCM,data:Hs6V,iv:5x3mHRFQ64to+CJGDDx+JNW1IEnHJ/ybe6JeecPJNeE=,tag:PBkuJceINQDF0YdjqmtcjA==,type:comment]
NC_DB: ENC[AES256_GCM,data:OkLE4jyqG4jH0bSH0bU0oGrm5ARbXOaw91MQOM6IfqVMOd0Z+Z9z6bHc1iFrt5NvQlNeJm/ivHxaj3fX0kyOp5Y5JQq9sJfkOPaOxYbI2Z5VCQymxFreT/5sH/it8cLqpkt2G5r1PIpch0p3,iv:nuv8A73AYhCWhIRp0o3IN2YV0xo7l/gtlv8EgBeJ4uk=,tag:FyNH9FvTz3P+kod52kCHLw==,type:str]
#ENC[AES256_GCM,data:MQnRuJg=,iv:E82k3W8MaSx0BM7hXCkY1tN+H7D5S1kDPKmvP3Gi4/4=,tag:H4502GVmN8WvwPsiek5VpA==,type:comment]
NC_AUTH_JWT_SECRET: ENC[AES256_GCM,data:Js/NIpruZBw9hqvEP8cC0poEh5jf99mPd7fpDEJYsfNf5bGNN1hdXgypl8Y=,iv:aYw84L2YA4NBkICn/kP8eo345O4hEE87MwodzmlAGZk=,tag:5wyFoE9zpV9bp1ltheVHIQ==,type:str]
NC_ADMIN_PASSWORD: ENC[AES256_GCM,data:sKchDix8Q5VtC56G6cjT1rbO4h0/wzy+bFm9TUbhtvA=,iv:eR7nEDGn18t8hPMZK2xV26EvmrGmiWGuGFF1vgR0giA=,tag:KHLXghuZ8FE2oQ5HOkQbiQ==,type:str]
#ENC[AES256_GCM,data:48558Bjlc8t8SgJRrG1FH1Bs,iv:7wiJ1kI5A373sHUZXdHzJVC+jRTtI9fCLal3uo3TQXg=,tag:QOC0SCF9aJQNp/Gir6UyMw==,type:comment]
NC_S3_ACCESS_KEY: ENC[AES256_GCM,data:5KLAyGVTRJmdv+Pf4VLtxA==,iv:YluvNO+9YH9i/kJiiAwriQx5+zd1WXuvR0Grne8hHk0=,tag:WsULzFKDgHspG/hfBLQuOg==,type:str]
NC_S3_ACCESS_SECRET: ENC[AES256_GCM,data:Zquz2bKAYoHYWvKde1HqlNSC7kD66xYS9ZU51RYvWaYZGCk1vP+mC1iqmSRn0L9yjictpDJU6QtTzm9QTDBT,iv:oHaWAXWIqdz3DCtTuzeoN1OGE4dn6iNKR43b/VF4Evo=,tag:+1ROQuBjpceJHDkCFhz4Yg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTUkJmeVlidTVPTXhJanJT
WmFwMXB5d0hRVFFkTnJmK2JGbmVYNWYza1JjCjNCK0xnTFViN0o3Y1FKellnelR4
dk9qM1A4NHgvYWZpNW1wRVFHZnVrbk0KLS0tICttWE13RVF6Y3N5RFpMenpsQmp0
aElkeEVMN0hnS25QamEyZGNHRkY1Q2cKxi/tu37yGgnUh5pbO3gb+aWp0P4SJZQj
8uW0zavu2ppT4gk/3v3u8ty8sD5rCSaBih0XM2f8+i6LdFHIzcQE6Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCb2pGSHlvKzFQdFNoQ2V6
ditvYXFNVllETXJIbk9ETHEraWN4Mjk5bkJRCnVyT0YySU5CTk1DUUlCazhOeWYz
WVpMVVIrc3BqTU41d0tkaHNTa2NoQ1EKLS0tIGRwVEJQejBDL0kwYnIyaVJVOEla
UmFSZEd1ekI1alFVOG1qUVNBcHFUQlUKW7idC59jIRv2NgxxwDIMAYRe9tvBI6or
rjkpmb3b1ONLX470pY4FtmejOw02rm7YoeFTLPSePQgeK/+7tE3P+Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-26T19:51:21Z"
mac: ENC[AES256_GCM,data:Fv6ttgDO4Y+SOwxNh6Qa14EZXvYbao9SL8wekODKs4S7jhY16pGfziMkqWXkc7pzb+BszeBO9Ajc+XZ5GpGg5EAbSdb8faZgsg1lBN6JM4ptbV7E8F6wB3iBNDb0aW4W3Oq35b4CBzjUbP7Sh+SkxnSpla8LLK/wZTs+fMhkTZs=,iv:3KjNdKoM3FEvlaT0YeeQVcBSoc3v1exmBl0FYYCXrLc=,tag:E1qsnAqpCMUjE9Xng9EQdw==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1

0
k8s/roles/nocodb/files/resources/deployment.yaml → apps/nocodb/resources/deployment.yaml
View file

6
k8s/roles/nocodb/files/resources/ingress.yaml → apps/nocodb/resources/ingress.yaml
View file

@ -3,6 +3,12 @@ apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:
name: nocodb name: nocodb
annotations:
gethomepage.dev/description: Data workspace
gethomepage.dev/enabled: "true"
gethomepage.dev/group: Apps
gethomepage.dev/icon: nocodb.png
gethomepage.dev/name: NocoDB
spec: spec:
rules: rules:
- host: noco.icb4dc0.de - host: noco.icb4dc0.de

7
apps/nocodb/resources/namespace.yaml Normal file
View file

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: nocodb
labels:
prometheus: default

0
k8s/roles/nocodb/files/resources/pvc.yaml → apps/nocodb/resources/pvc.yaml
View file

0
k8s/roles/nocodb/files/resources/service.yaml → apps/nocodb/resources/service.yaml
View file

11
apps/nocodb/secret-generator.yaml Normal file
View file

@ -0,0 +1,11 @@
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
# Specify a name
name: nocodb-config-secret-generator
annotations:
config.kubernetes.io/function: |
exec:
path: ksops
files:
- ./resources/config.enc.yaml

0
k8s/roles/zipline/files/config/base.env → apps/zipline/config/base.env
View file

4
k8s/roles/zipline/files/kustomization.yaml → apps/zipline/kustomization.yaml
View file

@ -13,10 +13,14 @@ commonLabels:
app.kubernetes.io/managed-by: kustomize app.kubernetes.io/managed-by: kustomize
resources: resources:
- "resources/namespace.yaml"
- "resources/deployment.yaml" - "resources/deployment.yaml"
- "resources/service.yaml" - "resources/service.yaml"
- "resources/ingress.yaml" - "resources/ingress.yaml"
generators:
- ./secret-generator.yaml
secretGenerator: secretGenerator:
- name: zipline-base-config - name: zipline-base-config
envs: envs:

41
apps/zipline/resources/config.enc.yaml Normal file
View file

@ -0,0 +1,41 @@
apiVersion: v1
kind: Secret
metadata:
name: zipline-secret-config
type: Opaque
stringData:
CORE_DATABASE_URL: ENC[AES256_GCM,data:yfEb6JfVXws1d9hgLggSCMd3Wj6IN9oul9Atc3mnv6Wf61b7RXzvRxAm6Jh9kI8/4Rujb5AAfUGSFcfSFGTtLE+ZrCNO5FN+sYmviDpegMBZPLj0/FBipCsAqqhbVMjDpIgIzFsEDplJ+w5loY3LQvLs,iv:TDED4Us+87Y58SiBZMLbjo98uEFaQoQGoMz5VtoR16M=,tag:mUlgfZEDyTRcjNIyygBQsQ==,type:str]
CORE_SECRET: ENC[AES256_GCM,data:taa93xNb8h0vUVdWgDQ69+PQr541weQQmGJWau+2fXdTm13VtOLv2sH430Y=,iv:vxh60WKz2MM62O1AA4Uzxsz8rvxkdQTKxBfpjAOa1KY=,tag:OF5fOv5W+2U4yaRHOo2ohA==,type:str]
DATASOURCE_S3_ACCESS_KEY_ID: ENC[AES256_GCM,data:v9qPjC25URN5AANOsXYCpQ==,iv:PuBrLEVmME3nFLPLW/KZQ9cBm0xjdLJg3NZ+ywktP2E=,tag:Xy0xeViZ1TD4g72VdpCSrA==,type:str]
DATASOURCE_S3_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:YkErE1Enmw70fD53Q1xs175zm58SGPblj3lUXFwG01i7vLXFPhlw3MezcF9Oi6a9Lobw/NzYVhXVaZZjVJ8w,iv:zy/F9GwdE2aR3sGCd7aCurcsBRI5e0qHVqvBuZxFtm0=,tag:1DstmxoIX0yCe4X5Gz4YeQ==,type:str]
OAUTH_GITHUB_CLIENT_ID: ENC[AES256_GCM,data:7a773t7iacejEQayPqUbkKxL2XY=,iv:tfZuc2oTEmB/LI1BvPTbPVoA07kSW0AG4FH+8yJ72/A=,tag:B/kD0/rOW38trSpe+LVH5w==,type:str]
OAUTH_GITHUB_CLIENT_SECRET: ENC[AES256_GCM,data:IgxkqECtYbUdc3u/o2AATlQVkVPtcRU0+zvjwBLWNoPYdneWd2YBJg==,iv:XQq/HjK3wca31T8g5zqIreJ58Ar6GptLK3Um0Eh1CHY=,tag:lfvAOFAtj57mPPHdIdW7mQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEWWFBMUF2aGpEK0dNdGQy
aHdxY084UnNZS2xrQ21McnYzTlpsOFFwVjN3CkRuNWlTeE5ObEFwRGZsekJFV3pJ
QW9mNk1xMDBmb2hlRENRUGF2MmF2NGMKLS0tIFVtUkdyWU9ZTmwxSVh6dVRIM1hK
Q3NxUHV0T2JjM0krZStCWDQ2RmdRc0EKS6LHARFCZ/9Vww3TyhrEBgvOY/lWGDLP
cRvq9w+7qQYgsO0KCC+hfxDVbtZdbRku/2ZXr9cv8Vv/PgFJhwHScA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmbVZXMUFPbWovc0lnek5J
WC9zaEZTaWh1V2pLbFhBQXBvSjBtcFp1MGx3CnFRSlpGTkJEMjNhd283ekNhYnIw
Q28rS2trMVN5UWljZkJoTmdHWjBNeEkKLS0tIFhWYjV0TzhnVzAyT0RvWHB5Vjlm
eEQxM25tM2FxY1RvNEhxQWk2cE1wdTgKFq1rbrN1ScKuujg2xyRaESwswoMu2+zr
LvIVDhLTl4jyUb0WH8Iy8/xQhUhsp7KJnccXFoCc5TFE7QzEKfrv6Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-26T18:54:35Z"
mac: ENC[AES256_GCM,data:Vzm8EBTJXvPNFeV/6UlnVzeId41SiiVpEftTdrDBxTD+5bDU6xq047MzLGGzo4dhFmxOXD7PMbQw40fcEZz2+DT9BOzuk8JBDIN7d+WhOtrwXjP6fqtvqpYqc9Go1VHbhVpNApYyK7fhz7eqfARmlZNam7XD5dySJnjccuXSujk=,iv:4CW3t7b8EsFtMnHQ24oDOhnffNmTRnK2x4MTaXiPHRE=,tag:9+ZFYyAatfc4dUnY67RzAQ==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1

0
k8s/roles/zipline/files/resources/deployment.yaml → apps/zipline/resources/deployment.yaml
View file

6
k8s/roles/zipline/files/resources/ingress.yaml → apps/zipline/resources/ingress.yaml
View file

@ -3,6 +3,12 @@ apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:
name: zipline name: zipline
annotations:
gethomepage.dev/description: Sharing is caring
gethomepage.dev/enabled: "true"
gethomepage.dev/group: Apps
gethomepage.dev/icon: zipline.png
gethomepage.dev/name: Zipline
spec: spec:
rules: rules:
- host: share.icb4dc0.de - host: share.icb4dc0.de

7
apps/zipline/resources/namespace.yaml Normal file
View file

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: zipline
labels:
prometheus: default

0
k8s/roles/zipline/files/resources/service.yaml → apps/zipline/resources/service.yaml
View file

11
apps/zipline/secret-generator.yaml Normal file
View file

@ -0,0 +1,11 @@
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
# Specify a name
name: zipline-config-secret-generator
annotations:
config.kubernetes.io/function: |
exec:
path: ksops
files:
- ./resources/config.enc.yaml

4
k8s/configure_cluster.yaml
View file

@ -3,14 +3,10 @@
roles: roles:
- role: cifs-csi - role: cifs-csi
- role: coder - role: coder
- role: hedgedoc
- role: nocodb
- role: prometheus - role: prometheus
- role: postgres - role: postgres
- role: hcloud - role: hcloud
- role: minio - role: minio
- role: gitea - role: gitea
- role: drone
- role: fider - role: fider
- role: nextcloud - role: nextcloud
- role: zipline

285
k8s/inventory/group_vars/all.yml
View file

@ -1,138 +1,149 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
65613032633935633062303533363430366230613563656130383863333566316132333861633230 32616231373536333534333134333639396335323730386466333964323263326332356662653264
6534656562653935303135303966646433373832313136300a623636646431623465616561333730 3038646138613833306131396563636263313536626630360a393138343635646461366465353537
36353534353162353234366665303865656563643862636235376339303633353137373661393562 61633861303137363930623139306435643034323739386537656333366466646664386138633762
6264353137396138380a646637643535313833373330386533373739363532306138373633623063 3366353962656531620a393162393638653963636563643636616436373030316263626133376263
63393561353362333361356164333264313666313764626639383935386139623837356335383130 65396561623631633134663133383863363932633661663265633361386165616436326366386461
33613437653132356238316165383238306161633361613831383836366233373831636561643230 66326230626337643737313738313031323638393234633236383764333035343162326364363364
30626464383862633235656562656136613236336161386666633737383664626530643630393962 66323130643831663734616635373131386435373832363732373462313236366337323438396631
34383436653039626430303364316337663433383332393532653431313734363430353430663331 36666430316131386235646138383461396564616363646639343833613964323864386536343766
30356164623039633066616266623239633139333264666636323039623663623136623566363737 31376432656337646131386136366563373562663236636137396363316333623336306262386266
31353666626237393639633532303664346138306162303461363537653234393837353039316436 63383330613163323332663666373163626535303934313232646330366561303664393634303137
31616137623664336437653130656566396466336262373063313364343632633038346336383036 31396135656338643037306239623634613632643365313866366166366430616435363332653564
38343261356566356335646563653962343230313061626536336362636133353361303364653437 62393366643765616564363465303565393362663461383066613033646634363635373437303638
37353535666465646135323536373066646332313361623034343038303038613530616561653339 62656139626233663465333232343437326138376137316163373936366530626638363335356565
64333766643431326534646364396630383262623861346434623139613930373539383733623636 61373339383762623135356531646564623834323130633538306330616530396638393833383938
30313934313766626566613063623038393632663432666233356566646364313861316361363164 30326361373065333966613430633638303931396530636335326338653237633535663033373734
61333237353336616666366437326239353264323338656361386161346166633135653665373261 65643831633538393434313030306432363664626435326238343631336661323461373965376162
37363064343061643165663732376133646135353337356331333666373631336664323531373533 38336466393631393564313365393263333638663539386536336135636635613566356566653030
30306539616661366536353739656331396565393138626162323735373366383563343130656366 33353530316264626330643830623166613233353262363461346135646135396337356639323035
61616664363338616132363534343431346536373363326266393864346138323939643937366466 64616435363366306138613565366236623963666632303566356565373130353961643163356365
37656331386166333130343237623639663964333333376434663030343835626438333731366466 64663031346362356237313437316136376661373063353338383137363865393163353632343966
65653539373535383364326635343462653638363436646436656162336566343030616366383937 62626262383262613739623635393966653730323263636462613966633135633938336535323062
32336637333261613035666664663636353931353234636664656336366464356463303038303736 66326363636463313633313036386138323330346538376666616437373932366235373163393061
34326432386436616335313632363566326362653565303366613966306433663163313832613361 65383036333264636633643332356363383634663234643031333866376664646232643735333064
33653231316630623430386164633530646635393734383239303863333566643963303962323139 35653231363261636365336362326533636461363331623665623465306234623061623161366663
38643736646563656638303265313537343235613765323435333136613330623336373065393165 64373063373631643166306433383834396165656231643566386438653535386131376531633164
33616433333234633333626563323265666434383465353936333835393439323035663535356165 65633136653862313233623033383463623534633934376364313535323133323134643430623531
36303962353130643136326136613338336335633033633835366438643236383463376133343266 31353234316436306437643565623064663262616638333031343138623165633939616465613932
33343862376233396537623334386135663139376665303331373630663039383630383234313164 62353939613061326639303936663534303531396330336135383663343435363362313737323762
66653764353064616366373661613065356264373939663537643361373831343830393065336232 34366161353030653839383532613234653864373138343934333862366339363334336337656335
36343531393233626632396338656539666539306131306336313239393935383432623631613664 32393666613333363331353236633563333931363965633064613431316133323637643639623439
65373634396537386461663332646132356333363634303561656235636337393238363366396362 37616537613437656539313031316639376136386136653932346264386562623562333632386136
30303862376631353031653662356230633734376337326336663132333661643836346139666563 65346662663539656163363331346166623862666666656638383434616333303062643365636561
30393564353565323664363730646364316132373939336135343463306636656535653262333132 37376465393237666134303564306164316334626334383865333161303137323235616437666137
63366135646235653539636632626463313434613033616136386433666539313065313832653338 32323830376530636133386464656533386137626135393762383462313935613961656332303132
32396533303130323633333336303363623263316433653932343332336438366431343161666432 38356262663962333465393635613963333434333865326633383033353361663064653833396232
34623739333062636532376230393264303638353934643361616636306236613939323134326130 37396136353036623861643538616132636332613835643738366531303339663761346636383030
39316365636434653265366432636134363935326335636133356639656165356336613034613039 33383030336137343235633439343339646332613735316366656264306134386561323637336136
37333538383136336335313234303134343739363038323836323538623932333362366162333630 31353466313561353664623034363662383136626166633033366430383738323766313832633565
37343236616539343266313665373662363665303063333134393830336433343431666166313665 36386338663131666264396238623731656464316261646630346333623737633130373336653066
39396335313731393233383234663031396634333034303661636434376634333533633265666230 65306336366436303930393337626630653634333666373461666337623337366235323236656537
34633561623139666363663165653264653533653939306234313637353062656330316335663865 36663863323938313333626433323635623933313364353433616239393566333366353334616262
33613634346265646162653163303239386263303132323831366538626136363331636162376231 65653538653834373834383066323636396364356666343638353766623033666133386237306137
38363464623830343630336238323532363564353130323237343265626230346332356537636633 32393836306435336634646661623137663935653535616162376338636462343430353966306435
64393666643830376535363730663430623230343564646264623237363332393639656434626235 63343132656332323635636261326330306530316666666661653833613339373363643466626163
64303637623930373137666332643233326137343864343735623237386531323638326465353861 34353962616564316162656530643335356637643166356334393035633736633534353838313830
64343234653065626163313836663832306161386464376231363164646366383066313437393631 36656666383130396539333861613738396364366132626539643735353465653033393934393530
36343234643237653463643265623036303436333362666433623061376436633762346634396662 30656664376462333236363236326238623337323665663930653964356566353033396236663434
39396661653037373862313730633130653033393566313064336135636162316563303531373134 33656332326434326632356239343931653430363465623735343237656639373536666131636163
35643862613962653261383633646331353533333332666535636163303930323031616363323136 64656539626130633463303739653439396534313536373336393630363538623466663936353765
39616233326636636231366435616439373330333439346563343937633764326130323231373730 36663139643132333937353032363538663138383365383866656530643439303136316363386430
33346230336334623633376633366566656636643738323864626666623832313830363132613430 62646266396364656565323539333538623437303530663837653864363537316134316532316530
37613133343433343932343965666563663132353763313261613738386338623030303437313238 62663438396137313331636233396630326535633364336162376432663730356439663861393264
36616637646433383466333866363638363733366136313436313765653730316330663533626130 30636339633863356362373865663561383162363431393832373664393965363834653263353632
30383763633762613638643136366665306537373366396339316136646462653039373231623832 61376137663963616433363866636331376634623664623639373333343461616563633030333634
33303461633531303737623061643063366238396464303832353334356336623164363238656230 38646238353035663438343734616166316236643138643362343865633565666231366465633662
36323931333066343033303961313765363930353039653530633531346532316663323966346535 37363830316161303033623537616639663738303964373662373933353035623064626166653835
32313132366639653666626661356235313236613130303662343935643534373433323763633032 61343038383735353566636464376639376636353264366136613934383238396230633034313464
62333963373264323736396639376530653434353036336562393434383639366163316232353439 61353039643964303766663031623065396464343935353630386631396631633262363962633962
38363630343138323864653031333830363330633363376165373239313263316234616131336139 65313435396130633936663031386237306365633833303766336365356434636131383930316337
35333332633135323266396334313432323633633834633764316432373532633865323766616438 65656566613065376334363065396332363138346130633230643935376339643339616632666631
64303833333366386562326630616635663336373562303861366437663238376438663166313666 35376361393262663736316666346138303031323431623461646234363635353366366336323532
38393462663939623035323337393538666166306263393662663432323334653833666532363432 34353361386466323162623330343137633933663639303631656636346238376531653361656464
32366333313161306134623130613161353863346233663030633166616434643232653530653336 32353838326534396130346233313965303365303332653539343562623136373531363939633466
30333739656463393639663663313331346636353062306237323739373639326338386338303065 66336666633239396130393836363961633233643435613463343262623132316535343962333433
38383961396239636661373534316639333461323539323262326332366263313933396563616161 35633233353631666536383633353462313630353762643764643264663137633636333635303935
61663232326162616565313232303836353431666663623734656136643936323266336261326331 39663036633833306561326165393962613963343135373365336432336638316438383639396161
34353262393361653863393630363434636361616334376236626465393263346162356636356664 35353136636664383435383031383064303039653766653735336339353365313465666337353839
30616238346138663432303666353839373465613464366234653364333763613930663933336332 39323132636639323637316665373132346462613633643633653536626561376161366132393164
63616261633430353530336531623365623031336566356464653234636639316438383237343464 32353930303265396163373236653534383536666537366238356362623237393264306133623035
30303034333630336633383462316437636161353630396531623737333132306161373436326632 64613764373862366635336139326235313138663165313335663433306336353332626236366639
64646535343735623961356538333735396236336266366632336139613136303762643734323234 61343336613762636630366538393564356130363263636562626438333534613437663635633431
30343536363438623030646430383935383130643665633533383566303631333130303866343564 33613438343134393963393563316437373364356632323865343132356435366565306138363133
62353639353531653265326164336231373063396235346464373539666161636333396463666532 36346135636339626263353663376236393238656131326233653666333336636536303562356231
33336638623362613165333834336133356462626331393030623537353862663431383830323539 64306135333764333136356131616264346266323562346466333830303664313336333263313861
61346461306361616632353563396131623536653165396664313764353463363331616466383465 37333235623635613934313561306437333962363931323235653337643331343037333039326434
36333666323031306462373332623534613831333962633237666431393331633632313730646535 65323031653265656237623535383035393562353365656161353634646666393965313332353736
63626265303239383162373136323661323934623861393265346366366462616534343537373333 33666234336432333038326430343461353365326263313638363665623435613333653032353637
32373030353030613262323837393931386430613733653730333362383335646138366530386364 66663934613038643131653266643539646437323132383966383665643838623862613333663433
37633263313832653666643266343434396565353762623736346563336663316630626435383639 65343866306134613134656633336534333334313033626565663062363961306139376631373466
65323234346238346437636238326566613366623561313635623938343735656461353639636263 38343937383338343136626634343366363863663663373538653931353765303839326136643365
34663834346532366361393835363037336230656436323735363261373032326137343663636262 63663665656238323961396433663530363535616337636361616137393066653234383434636539
37663534633434616231306338376264613133626162366639666137663337646631313637326161 37326366646534313934313261366463326335323662643930326665306431306632333036313863
39316163666162353335353365376531356264613332386630393736393362356432303437313261 36303966393865353762346431643132626266653733336530626132376261363438326537616535
30643664396461323839333938376533393062313531313336396164653434363633636335623431 61336339653839643463343365643336643431613533376237333731316334656439326565663035
36353864346434663166396561343537356636343337616136303133643131326233313731303637 33326465646437623638336437613839316231343563303032613835653362616261646162646363
33663135343534363434326537636234613130383834633839636465346535393364306266316237 35383530383230396332356238373866633962653362336230646335393138323131313661613166
34366133666665313463343535313130333636626433383331336538313665666536326234306666 36323430623161343462653830373938393766353230373765613463313531323533313838346630
63306430383937633732636437356130353034623265343436613665373264613666343835626130 35633035613639353638323239306262366232363537643562643330373961623964363432393161
64633937333134393266343366376430346366386363333836613039666639363935663232316165 30626433663139303331636435343639666532626136623865366261623266323162643730346363
38663263643731343066356639306466363364646132313830663232613730303037393563326231 36333864343832613961323461353239383663643030306434623165343938613739303836613064
35373864666136656364323933643166383438316666646631326433323261353830626338373832 33636566336561326335346535623232393636663139313866323233393437373139636636353338
61633361393632363738623236626262646564353636633261383635353366373034353763663831 30363132636131303734336564353066336233613138633262313936646134303837656466363064
37326630323538326136653737366134623132303535613131623663383662326331633530636239 39643337336237396235356333356331613665323766333064643239393530643937663736386631
62356333306263303861666336616661306562656233623038313361613635316264346164313061 35366366653431353730343066643938373937306464626636373562353534353232326263656463
63626161353335646165643065373061323334353238383464396336323266326662333438383761 38636134376432396465653130663132366462323362633539396464653764366566346462313537
34653239313165306232393163646433313533643038326636373565633836653435656263616663 35613933333864373435336637666362316131313064326136653862663366346437663134323532
62326330316231313330633934623638646135326439666431663838613264386530343762323031 31386563306464333631653530626265383838323138616334396564333139643038623639383264
66366361393533386565353062633331666431316437353138383533386164623763353838623938 39336331333630633732383231373266376134623265373434373438383363663130303030653664
64356462353962333535356631326266336463656337336230383733366162626431393230376538 39383639613830343132613763656433366431666666376430626464363961303564663737613736
38373731323162326566613934633739346133633135666238386231316661376161663038393430 39363339356136656464613366363933643263386464336565646538633938333930386135666132
39393130386138366433393836663666613236333537313432663436323431613462306135343239 65396137626634316361346435623435383931656262336230343634373231323866306331323565
64613635303930303864636231636134666632376264343663343131626631653936643038633334 61663162393965643361323734303362303030316262623332346131613865616563303961363933
63343139613434366134646561363139343861393763343834313266303337656635366666326233 61373931636566376131323262313132663838373635336438613334626264666635633931333733
62313535326437646136623631346431313938353139316434653938323162366331373063343639 61643739313763303564376362373536343035633234313562383565363865643761666364303333
31333466656430376538373332336364623233346634373431656130643133313664366132626536 31343230646161666463313465316464343239383936646135623839646234623365616332373234
61363265663566633530626632666262333034316335363434313835333333393434623536303635 61353966336666353034663034333037663539333963333737303532313062303938666433323461
37346431633236336635316131393931333335363432313438383334326661643966316131626533 30623833656565363061646665623861663564396362366562393161363539613036353139353635
39313333656531626633643366616438316466313936656135323032646532323761666563313033 38623965313934353764323666636231356263653837363633306463636632646166313434333637
39613064613631346366303632343638643464356537653631313664376339633334366362653365 32623937383730303233323532646430306239333564303935353963363863313937383839386335
63666136353630323866326535343131616531663865613530646332356161313134643561623934 31663939356333393834626535383961356464333132333662333032613036386530636564323938
62333631643434613461323461303339333564666530393135363338666565643432633539396131 38393863353563353533323166343430326435616666386366663835306361376535303365343366
34366335653939666433313235313763376537376165393636613066326338386139393865666534 36633265316637313732653335633230306531313637356131316437643230303266356537393037
30376635343030613933336564653363623539643836376337306162353539373435623836623532 66303564333561656335383530323063643437616562326435653433306263633932363065323662
61626336396465653766366266653832346666343837653034356336373239343665313831306162 35653065663738326633343732373939323362623035323137363366646234313165376230663538
31306138613739303439343164393162636366356430396538303661323033663434306666376366 65616238303363636334343434613132636234343431323530343738613530313730373261306562
65663065313165313461323734393236613933323634356138386165326535303262663337343031 36326538663164396565303762623366396633323961373633363365303038643435366436623366
64396439323530636265353139313733303764373738613462643466343666656661383561313765 62656162383936663434323335336565313031346361373636613665356433396533323461653339
30626164393037343134383137333333333131356231323431613661373736393237373964376633 39626131386466623836653766376666663765396430343334343237616464366163656532646232
38346165653732306239393864633537626530323662353466343861363265393562343230313731 37323239376438353166363834313937393033373737376135326462646564333931303734613335
38366261633733623338303565626561396231323266373836303264326532653036363866653363 35386564666132366236336337656136633733323132653065386435386562663436646263383638
33396139326230616336343631383335393765343866366234366639333063633661323733636232 36376636646563303264646562316166656331363065383035393330656161353065663062323732
63373932353665333662303038386637343332383364623163326262316233383466646338303134 62393237353035303736643032623662333637346364343762373534326134343063613734306565
36356434666637313636346361366461326634333064306433613839356466333865303739306564 66636636663933383236663062323661393435633235313639633162636638346335613735656435
62376339646639383133393233326437326337623434613930333663356334643562306566646131 66633736343630663765343034323466333261356433343137346237393035643665396136363533
62653238626162613430363835346338363431656163633461626234306365383530633531323238 30353233393662613234633139386164366166623562346630313638366362306531383938623130
35613364383131303634363431336632313039643562393332353835326534376261313761346366 30386461353065333730303037663338393765663239353666376565633336643530396566323765
62353234343366386438343830343237306333383761313564636134323963643466383239393538 36366232326531653164393138353435303230663639633531376562663638656262343863373136
61363663313438636663663933393165346337336638353239316134653733663337656437653663 63366330633330633139313664663638313534386266393830613766373732346431646131353134
35383564353235393661616139353336623563336237613838363937363537656638383236373335 39653962303433373066613463386431343838376536326630613066383865643032303031386361
63323730363363303233653733383735626365363465316235386632393931633063623662633838 30636136333363666430396330633134366461396630363464613465373166633031303431626438
37383436376263373537376330323836383036353661373734653238383034303962373766363139 31643665306265323061393264343936393661306166643261343835616439353939363463353139
63316131386333383736333736336534346539396334333734336666303239376432376437643866 38373365303539333965633733373830363865373737623061383232643130623463333037666135
33663032343534346362626539386438363538303239313638663830336131393632393136353234 35363038663435313330396433613230373132363939613262306532383636383636623730363732
31623263653862383431376436393130616339663666663630356262646566343163393263353831 32313534353634393834363331653264353436656264363636616133333432323263303734316330
37666330666562393865303835353166616334376234323061646636303639343332633631656234 38636336323934316165626337393639376361626137643033396432343336323562386265613962
36393830323435303538653938636132383730353538336539303863643331666534626336353731 64393061626465336135323137303566316337336131646336623062396432333134393966643230
37626631313238646532323963393439636433666664363264306132386563366432 61623165346338353432386637653630663132353861363839383564643439336363656631393730
65316162396631393139663664663761643539323664623730316231653534646163653465333565
35363937316231346261626564393464303033393433313361663964353937393438376130303933
36333234303833656130363939316363653136316236363166353539323137623630646333366562
33623136323031656162373363653663363237346235356563333161643565303861373638626162
37656561353230373133363362613562643130356163623664376238376337323037653136636364
36313933663162303861336230326630373837653866373935643138613666393933313463633164
35333739663932666635353231633163653335386635316637376331323430663962393334326265
38626336646332326361376137663737656631353235373433353563373335313566383164343437
32626634616264336265323632323433343938633232633161643665366231616362383137656239
64386365383066326361303331376334626431666662616439303537333337366131313733386633
34373232666238303537

6
k8s/roles/coder/templates/values.coder.yml.j2
View file

@ -4,6 +4,12 @@ coder:
enable: true enable: true
host: ide.icb4dc0.de host: ide.icb4dc0.de
wildcardHost: "*.ide.icb4dc0.de" wildcardHost: "*.ide.icb4dc0.de"
annotations:
gethomepage.dev/description: Remote IDE
gethomepage.dev/enabled: "true"
gethomepage.dev/group: Apps
gethomepage.dev/icon: coder.png
gethomepage.dev/name: Coder
env: env:
- name: CODER_WILDCARD_ACCESS_URL - name: CODER_WILDCARD_ACCESS_URL
value: '*.ide.icb4dc0.de' value: '*.ide.icb4dc0.de'

6
k8s/roles/drone/templates/values.drone.yml.j2
View file

@ -3,6 +3,12 @@ image:
ingress: ingress:
enabled: true enabled: true
annotations:
gethomepage.dev/description: CI/CD system
gethomepage.dev/enabled: "true"
gethomepage.dev/group: Apps
gethomepage.dev/icon: drone.png
gethomepage.dev/name: Drone CI/CD
hosts: hosts:
- host: drone.icb4dc0.de - host: drone.icb4dc0.de
paths: paths:

6
k8s/roles/gitea/templates/values.forgejo.yml.j2
View file

@ -8,6 +8,12 @@ service:
ingress: ingress:
enabled: true enabled: true
annotations:
gethomepage.dev/description: where to code goes to
gethomepage.dev/enabled: "true"
gethomepage.dev/group: Apps
gethomepage.dev/icon: forgejo.png
gethomepage.dev/name: Forgejo
hosts: hosts:
- host: code.icb4dc0.de - host: code.icb4dc0.de
paths: paths:

38
k8s/roles/hedgedoc/tasks/main.yml
View file

@ -1,38 +0,0 @@
---
- name: Create HedgeDoc namespace
kubernetes.core.k8s:
name: hedgedoc
api_version: v1
kind: Namespace
state: present
definition:
metadata:
labels:
prometheus: default
- name: Create HedgeDoc secrets
kubernetes.core.k8s:
state: present
definition:
apiVersion: v1
kind: Secret
metadata:
name: hedgedoc-secret-config
namespace: hedgedoc
data:
# Auth
CMD_OAUTH2_CLIENT_ID: "{{ hedgedoc.auth.clientId | b64encode }}"
CMD_OAUTH2_CLIENT_SECRET: "{{ hedgedoc.auth.clientSecret | b64encode }}"
# DB
CMD_DB_URL: "{{ 'postgres://%s:%s@postgres-15-postgresql.postgres.svc.cluster.local:5432/hedgedoc' | format(hedgedoc.db.user, hedgedoc.db.password) | b64encode }}"
# Image upload
CMD_MINIO_ACCESS_KEY: "{{ minio.rootUser | b64encode }}"
CMD_MINIO_SECRET_KEY: "{{ minio.rootPassword | b64encode }}"
CMD_SESSION_SECRET: "{{ hedgedoc.session.secret | b64encode}}"
- name: Deploy HedgeDoc kustomization
k8s:
definition: "{{ lookup('kubernetes.core.kustomize', dir=([role_path, 'files'] | path_join)) }}"

4
k8s/roles/k3s/control-plane/files/traefik.yaml
View file

@ -9,6 +9,10 @@ spec:
version: 24.0.0 version: 24.0.0
valuesContent: |- valuesContent: |-
ports: ports:
traefik:
port: 9000
exposedPort: 9000
expose: true
web: web:
nodePort: 32080 nodePort: 32080
forwardedHeaders: forwardedHeaders:

51
k8s/roles/nocodb/tasks/main.yml
View file

@ -1,51 +0,0 @@
---
- name: Create NocoDB namespace
kubernetes.core.k8s:
name: nocodb
api_version: v1
kind: Namespace
state: present
definition:
metadata:
labels:
prometheus: default
# TODO deploy KeyDB for cache
- name: Add KeyDB chart repo
kubernetes.core.helm_repository:
name: enapter
repo_url: https://enapter.github.io/charts/
- name: Deploy KeyDB chart
kubernetes.core.helm:
name: nocodb-keydb
chart_ref: enapter/keydb
release_namespace: nocodb
chart_version: "0.48.0"
update_repo_cache: true
release_values: "{{ lookup('template', 'values.nextcloud-keydb.yml.j2') | from_yaml }}"
- name: Create NocoDB secrets
kubernetes.core.k8s:
state: present
definition:
apiVersion: v1
kind: Secret
metadata:
name: nocodb-secret-config
namespace: nocodb
data:
# DB
NC_DB: "{{ 'pg://postgres-15-postgresql.postgres.svc.cluster.local:5432?u=%s&p=%s&d=noco' | format(nocodb.db.user, nocodb.db.password) | b64encode }}"
# Auth
NC_AUTH_JWT_SECRET: "{{ nocodb.jwtSecret | b64encode }}"
NC_ADMIN_PASSWORD: "{{ nocodb.auth.adminPassword | b64encode }}"
# S3 storage plugin
NC_S3_ACCESS_KEY: "{{ minio.rootUser | b64encode }}"
NC_S3_ACCESS_SECRET: "{{ minio.rootPassword | b64encode }}"
- name: Deploy NocoDB kustomization
k8s:
definition: "{{ lookup('kubernetes.core.kustomize', dir=([role_path, 'files'] | path_join)) }}"

39
k8s/roles/zipline/tasks/main.yml
View file

@ -1,39 +0,0 @@
---
- name: Create Zipline namespace
kubernetes.core.k8s:
name: zipline
api_version: v1
kind: Namespace
state: present
definition:
metadata:
labels:
prometheus: default
- name: Create Zipline secrets
kubernetes.core.k8s:
state: present
definition:
apiVersion: v1
kind: Secret
metadata:
name: zipline-secret-config
namespace: zipline
data:
# Auth
CORE_SECRET: "{{ zipline.auth.secret | b64encode }}"
# DB
CORE_DATABASE_URL: "{{ 'postgres://%s:%s@postgres-15-postgresql.postgres.svc.cluster.local:5432/zipline' | format(zipline.db.user, zipline.db.password) | b64encode }}"
# Datasource
DATASOURCE_S3_ACCESS_KEY_ID: "{{ minio.rootUser | b64encode }}"
DATASOURCE_S3_SECRET_ACCESS_KEY: "{{ minio.rootPassword | b64encode }}"
# Auth
OAUTH_GITHUB_CLIENT_ID: "{{ zipline.auth.clientId | b64encode }}"
OAUTH_GITHUB_CLIENT_SECRET: "{{ zipline.auth.clientSecret | b64encode }}"
- name: Deploy Zipline kustomization
k8s:
definition: "{{ lookup('kubernetes.core.kustomize', dir=([role_path, 'files'] | path_join)) }}"

1
test.yaml Normal file
View file

@ -0,0 +1 @@
hello: world