diff --git a/20125/config.yml b/20125/config.yml new file mode 100644 index 0000000..7a06670 --- /dev/null +++ b/20125/config.yml @@ -0,0 +1,79 @@ +alertmanager: + url: http://alertmanager.victoria-metrics:9093 + +system_wide: + alerts: + - alertgoup: Active Directory + - alertgoup: Longhorn + - alertgoup: PostgreSQL + - alertgoup: Restic + - alertgoup: Temperature + - job: authelia + - job: blackbox + - job: dns_pyrocufflink + - job: dns_recursive + - job: kubelet + - job: kubernetes + - instance: db0.pyrocufflink.blue + - instance: gw1.pyrocufflink.blue + - instance: vmhost0.pyrocufflink.blue + - instance: vmhost1.pyrocufflink.blue + +applications: +- name: Home Assistant + url: https://homeassistant.pyrocufflink.blue/ + icon: + url: icons/home-assistant.svg + alerts: + - alertgroup: Home Assistant + - alertgroup: Frigate + - job: homeassistant + - instance: homeassistant.pyrocufflink.blue + +- name: Nextcloud + url: &url https://nextcloud.pyrocufflink.net/ + icon: + url: icons/nextcloud.png + alerts: + - instance: *url + - instance: cloud0.pyrocufflink.blue + +- name: Invoice Ninja + url: &url https://invoiceninja.pyrocufflink.net/ + icon: + url: icons/invoiceninja.svg + class: light-bg + alerts: + - instance: *url + +- name: Jellyfin + url: &url https://jellyfin.pyrocufflink.net/ + icon: + url: icons/jellyfin.svg + alerts: + - instance: *url + +- name: Vaultwarden + url: &url https://bitwarden.pyrocufflink.net/ + icon: + url: icons/vaultwarden.svg + class: light-bg + alerts: + - instance: *url + - alertgroup: Bitwarden + +- name: Paperless-ngx + url: &url https://paperless.pyrocufflink.blue/ + icon: + url: icons/paperless-ngx.svg + alerts: + - instance: *url + - alertgroup: Paperless-ngx + - job: paperless-ngx + +- name: Firefly III + url: &url https://firefly.pyrocufflink.blue/ + icon: + url: icons/firefly-iii.svg + alerts: + - instance: *url diff --git a/20125/ingress.yaml b/20125/ingress.yaml new file mode 100644 index 0000000..acb274b --- /dev/null +++ b/20125/ingress.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + cert-manager.io/issuer: status-server-ca + labels: &labels + app.kubernetes.io/name: status-server + name: status-server +spec: + tls: + - hosts: + - 20125.home + secretName: status-server-cert + rules: + - host: 20125.home + http: + paths: + - backend: + service: + name: status-server + port: + number: 80 + path: / + pathType: Prefix diff --git a/20125/kustomization.yaml b/20125/kustomization.yaml new file mode 100644 index 0000000..2be0fb3 --- /dev/null +++ b/20125/kustomization.yaml @@ -0,0 +1,26 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: '20125' + +labels: +- pairs: + app.kubernetes.io/instance: '20125' + app.kubernetes.io/part-of: '20125' + includeSelectors: true + +resources: +- namespace.yaml +- secrets.yaml +- status-server-ca.yaml +- status-server.yaml +- ingress.yaml + +configMapGenerator: +- name: 20125-config + files: + - config.yml + +images: +- name: git.pyrocufflink.net/packages/20125.home + newTag: dev diff --git a/20125/namespace.yaml b/20125/namespace.yaml new file mode 100644 index 0000000..fae9930 --- /dev/null +++ b/20125/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: "20125" + labels: + app.kubernetes.io/name: '20125' diff --git a/20125/secrets.yaml b/20125/secrets.yaml new file mode 100644 index 0000000..2fec0b2 --- /dev/null +++ b/20125/secrets.yaml @@ -0,0 +1,13 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: imagepull-gitea + namespace: "20125" +spec: + encryptedData: + .dockerconfigjson: AgAXY5XsnGF9E3RU9dnKXK9fWjqK0khCDf7n0vuJCLACrcM01aoWVSjl26+j7oSTTyc7t5C+EKPJnuKdlkNfh2Omw9Lh3dn8rPRYcBRmUEAyt0TvBVkxBIiP+49y39QEV1opYY+b1gLVJ5ZEC92u5uI9y8xovwx9wqtKLfQ+KCfc5m93AYaQJ9EcnV1DSEkv/HdtWNikQes2hO6pTLF/GHrh/s79eIeXMTm5oG/OyJWTOGQdy1SdoGWLLf31dsjhsJyGMYOtWx42Nou20lWqmdoy4Dd8OXuuhcfeDNzkH187mI4XpVjbS0M+P5teJsGiTwx+VyJlGQnEaquIiHy3KLt3YH/ltGeNeCNbFmSDa70A3IdP/t0cAXN20rlIFGVzqNrAOhMYtiTDEgaKOrL7mwM4i4NTCnLTA2nXU7gLEcLGPRqO7LKIhc1/6d1xWMT58SFjHAVklFt/lq1udY6zE8gXHp+RQ+7hIIEu500YiaKubvh2MsOKIqYOaX99Q4BW7PQhwjjwtFHFuwNjZn8wAbDq+3gsDSqgeFPgHAs7nPIImcBne/fTobsHhUVvxEnBNLCRtSqpkvOLzpgC+dRNsD6ZTcXPhFWTEOvjBMcUWqOTcRmd8DCsdxalM42x/ZQjlNlubZeuaNki+4pA80bYlsLWt3A2nWtcVbO/aAYrT1qiK/d8NZsPNidD0HE1rkUkCNv5KgXVWUfVU7ptX1YFpYXXuEIFeWzulH3gWmdW4q+t2nGHAqwkszZfijtpsexBttff1ym3rgBTGHFmQRkmSMbNHIAq29ehuVrxkH7uM8Q1cXXmMnGgre0ijtUfW9zMlx92jR86187xOLM3/hxANhfyt4eZVMwx8D42facMxxAngCi01vYTwqihA9mtBFkKlkQdKCH1NxgWQqwAJi87utgHoFivxeM+Pck7Zeottr0yzUEisdoBAdQR99hijR2C5SnC4iURnqfi9sloj0Uuo74SxiTGapA7pg77LmvpV9Wzu6QiEm944tftcZHwaMg= + template: + metadata: + name: imagepull-gitea + namespace: "20125" + type: kubernetes.io/dockerconfigjson diff --git a/20125/status-server-ca.yaml b/20125/status-server-ca.yaml new file mode 100644 index 0000000..0c96fa8 --- /dev/null +++ b/20125/status-server-ca.yaml @@ -0,0 +1,32 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-ca +spec: + selfSigned: {} + +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: status-server-ca +spec: + isCA: true + commonName: 20125 CA + secretName: status-server-ca-secret + privateKey: + algorithm: ECDSA + size: 256 + issuerRef: + name: selfsigned-ca + kind: Issuer + group: cert-manager.io + +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: status-server-ca +spec: + ca: + secretName: status-server-ca-secret diff --git a/20125/status-server.yaml b/20125/status-server.yaml new file mode 100644 index 0000000..82d7fbe --- /dev/null +++ b/20125/status-server.yaml @@ -0,0 +1,46 @@ +apiVersion: v1 +kind: Service +metadata: + labels: &labels + app.kubernetes.io/name: status-server + app.kubernetes.io/component: status-server + name: status-server +spec: + ports: + - port: 80 + protocol: TCP + targetPort: 20125 + selector: *labels + type: ClusterIP + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: &labels + app.kubernetes.io/name: status-server + app.kubernetes.io/component: status-server + name: status-server +spec: + replicas: 1 + selector: + matchLabels: *labels + template: + metadata: + labels: *labels + spec: + containers: + - name: status-server + image: git.pyrocufflink.net/packages/20125.home + imagePullPolicy: Always + volumeMounts: + - mountPath: /usr/local/share/20125.home/config.yml + name: config + subPath: config.yml + readOnly: True + imagePullSecrets: + - name: imagepull-gitea + volumes: + - name: config + configMap: + name: 20125-config diff --git a/cert-manager/cert-exporter.config.yml b/cert-manager/cert-exporter.config.yml new file mode 100644 index 0000000..bb6ed50 --- /dev/null +++ b/cert-manager/cert-exporter.config.yml @@ -0,0 +1,41 @@ +git_repo: gitea@git.pyrocufflink.blue:dustin/certs.git +certs: +- name: pyrocufflink-cert + namespace: default + key: certificates/_.pyrocufflink.net.key + cert: certificates/_.pyrocufflink.net.crt + bundle: certificates/_.pyrocufflink.net.pem +- name: dustinhatchname-cert + namespace: default + key: acme.sh/dustin.hatch.name/dustin.hatch.name.key + cert: acme.sh/dustin.hatch.name/fullchain.cer +- name: hatchchat-cert + namespace: default + key: certificates/hatch.chat.key + cert: certificates/hatch.chat.crt + bundle: certificates/hatch.chat.pem +- name: tabitha-cert + namespace: default + key: certificates/tabitha.biz.key + cert: certificates/tabitha.biz.crt + bundle: certificates/tabitha.biz.pem +- name: chmod777-cert + namespace: default + key: certificates/chmod777.sh.key + cert: certificates/chmod777.sh.crt + bundle: certificates/chmod777.sh.pem +- name: dustinandtabitha-cert + namespace: default + key: certificates/dustinandtabitha.com.key + cert: certificates/dustinandtabitha.com.crt + bundle: certificates/dustinandtabitha.com.pem +- name: hlc-cert + namespace: default + key: certificates/hatchlearningcenter.org.key + cert: certificates/hatchlearningcenter.org.crt + bundle: certificates/hatchlearningcenter.org.pem +- name: appsxyz-cert + namespace: default + key: certificates/apps.du5t1n.xyz.key + cert: certificates/apps.du5t1n.xyz.crt + bundle: certificates/apps.du5t1n.xyz.pem diff --git a/cert-manager/cert-exporter.yaml b/cert-manager/cert-exporter.yaml index 7a3f32a..b88c92f 100644 --- a/cert-manager/cert-exporter.yaml +++ b/cert-manager/cert-exporter.yaml @@ -4,51 +4,6 @@ metadata: name: cert-exporter namespace: cert-manager ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: cert-exporter - namespace: cert-manager -data: - config.yml: | - git_repo: gitea@git.pyrocufflink.blue:dustin/certs.git - certs: - - name: pyrocufflink-cert - namespace: default - key: certificates/_.pyrocufflink.net.key - cert: certificates/_.pyrocufflink.net.crt - bundle: certificates/_.pyrocufflink.net.pem - - name: dustinhatchname-cert - namespace: default - key: acme.sh/dustin.hatch.name/dustin.hatch.name.key - cert: acme.sh/dustin.hatch.name/fullchain.cer - - name: hatchchat-cert - namespace: default - key: certificates/hatch.chat.key - cert: certificates/hatch.chat.crt - bundle: certificates/hatch.chat.pem - - name: tabitha-cert - namespace: default - key: certificates/tabitha.biz.key - cert: certificates/tabitha.biz.crt - bundle: certificates/tabitha.biz.pem - - name: chmod777-cert - namespace: default - key: certificates/chmod777.sh.key - cert: certificates/chmod777.sh.crt - bundle: certificates/chmod777.sh.pem - - name: dustinandtabitha-cert - namespace: default - key: certificates/dustinandtabitha.com.key - cert: certificates/dustinandtabitha.com.crt - bundle: certificates/dustinandtabitha.com.pem - - name: hlc-cert - namespace: default - key: certificates/hatchlearningcenter.org.key - cert: certificates/hatchlearningcenter.org.crt - bundle: certificates/hatchlearningcenter.org.pem - --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -69,6 +24,7 @@ rules: - chmod777-cert - dustinandtabitha-cert - hlc-cert + - appsxyz-cert --- apiVersion: rbac.authorization.k8s.io/v1 diff --git a/cert-manager/certificates.yaml b/cert-manager/certificates.yaml index d9fec2e..8960987 100644 --- a/cert-manager/certificates.yaml +++ b/cert-manager/certificates.yaml @@ -136,3 +136,20 @@ spec: privateKey: algorithm: ECDSA rotationPolicy: Always + +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: appsxyz-cert +spec: + secretName: appsxyz-cert + dnsNames: + - apps.du5t1n.xyz + issuerRef: + group: cert-manager.io + kind: ClusterIssuer + name: zerossl + privateKey: + algorithm: ECDSA + rotationPolicy: Always diff --git a/cert-manager/kustomization.yaml b/cert-manager/kustomization.yaml index 24ab378..6216727 100644 --- a/cert-manager/kustomization.yaml +++ b/cert-manager/kustomization.yaml @@ -8,6 +8,14 @@ resources: - cert-exporter.yaml - dch-ca-issuer.yaml +configMapGenerator: +- name: cert-exporter + namespace: cert-manager + files: + - config.yml=cert-exporter.config.yml + options: + disableNameSuffixHash: True + secretGenerator: - name: zerossl-eab namespace: cert-manager