Compare commits
2 Commits
jenkins-bu
...
8b7394a2dc
| Author | SHA1 | Date | |
|---|---|---|---|
|
8b7394a2dc | ||
|
|
a45ea2131b |
@@ -14,7 +14,6 @@ system_wide:
|
||||
- job: dns_recursive
|
||||
- job: kubelet
|
||||
- job: kubernetes
|
||||
- job: minio-backups
|
||||
- instance: db0.pyrocufflink.blue
|
||||
- instance: gw1.pyrocufflink.blue
|
||||
- instance: vmhost0.pyrocufflink.blue
|
||||
@@ -32,56 +31,56 @@ applications:
|
||||
- instance: homeassistant.pyrocufflink.blue
|
||||
|
||||
- name: Nextcloud
|
||||
url: &url0 https://nextcloud.pyrocufflink.net/index.php
|
||||
url: &url https://nextcloud.pyrocufflink.net/index.php
|
||||
icon:
|
||||
url: icons/nextcloud.png
|
||||
alerts:
|
||||
- instance: *url0
|
||||
- instance: *url
|
||||
- instance: cloud0.pyrocufflink.blue
|
||||
|
||||
- name: Invoice Ninja
|
||||
url: &url1 https://invoiceninja.pyrocufflink.net/
|
||||
url: &url https://invoiceninja.pyrocufflink.net/
|
||||
icon:
|
||||
url: icons/invoiceninja.svg
|
||||
class: light-bg
|
||||
alerts:
|
||||
- instance: *url1
|
||||
- instance: *url
|
||||
|
||||
- name: Jellyfin
|
||||
url: https://jellyfin.pyrocufflink.net/
|
||||
url: &url https://jellyfin.pyrocufflink.net/
|
||||
icon:
|
||||
url: icons/jellyfin.svg
|
||||
alerts:
|
||||
- job: jellyfin
|
||||
- instance: *url
|
||||
|
||||
- name: Vaultwarden
|
||||
url: &url2 https://bitwarden.pyrocufflink.net/
|
||||
url: &url https://bitwarden.pyrocufflink.net/
|
||||
icon:
|
||||
url: icons/vaultwarden.svg
|
||||
class: light-bg
|
||||
alerts:
|
||||
- instance: *url2
|
||||
- instance: *url
|
||||
- alertgroup: Bitwarden
|
||||
|
||||
- name: Paperless-ngx
|
||||
url: &url3 https://paperless.pyrocufflink.blue/
|
||||
url: &url https://paperless.pyrocufflink.blue/
|
||||
icon:
|
||||
url: icons/paperless-ngx.svg
|
||||
alerts:
|
||||
- instance: *url3
|
||||
- instance: *url
|
||||
- alertgroup: Paperless-ngx
|
||||
- job: paperless-ngx
|
||||
|
||||
- name: Firefly III
|
||||
url: &url4 https://firefly.pyrocufflink.blue/
|
||||
url: &url https://firefly.pyrocufflink.blue/
|
||||
icon:
|
||||
url: icons/firefly-iii.svg
|
||||
alerts:
|
||||
- instance: *url4
|
||||
- instance: *url
|
||||
|
||||
- name: Receipts
|
||||
url: &url5 https://receipts.pyrocufflink.blue/
|
||||
url: &url https://receipts.pyrocufflink.blue/
|
||||
icon:
|
||||
url: https://receipts.pyrocufflink.blue/static/icons/icon-512.png
|
||||
alerts:
|
||||
- instance: *url5
|
||||
- instance: *url
|
||||
|
||||
@@ -33,16 +33,11 @@ spec:
|
||||
- name: status-server
|
||||
image: git.pyrocufflink.net/packages/20125.home
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: RUST_LOG
|
||||
value: info,status_server=debug
|
||||
volumeMounts:
|
||||
- mountPath: /usr/local/share/20125.home/config.yml
|
||||
name: config
|
||||
subPath: config.yml
|
||||
readOnly: True
|
||||
nodeSelector:
|
||||
kubernetes.io/arch: amd64
|
||||
imagePullSecrets:
|
||||
- name: imagepull-gitea
|
||||
volumes:
|
||||
|
||||
@@ -32,7 +32,6 @@ spec:
|
||||
containers:
|
||||
- name: ara-api
|
||||
image: quay.io/recordsansible/ara-api
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: ARA_BASE_DIR
|
||||
value: /etc/ara
|
||||
|
||||
@@ -1,19 +1,6 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
transformers:
|
||||
- |
|
||||
apiVersion: builtin
|
||||
kind: NamespaceTransformer
|
||||
metadata:
|
||||
name: namespace-transformer
|
||||
namespace: ansible
|
||||
unsetOnly: true
|
||||
setRoleBindingSubjects: allServiceAccounts
|
||||
fieldSpecs:
|
||||
- path: metadata/namespace
|
||||
create: true
|
||||
|
||||
labels:
|
||||
- pairs:
|
||||
app.kubernetes.io/instance: ansible
|
||||
@@ -22,6 +9,8 @@ labels:
|
||||
- pairs:
|
||||
app.kubernetes.io/part-of: ansible
|
||||
|
||||
namespace: ansible
|
||||
|
||||
resources:
|
||||
- ../dch-root-ca
|
||||
- ../ssh-host-keys
|
||||
|
||||
@@ -23,148 +23,3 @@ subjects:
|
||||
- kind: ServiceAccount
|
||||
name: dch-webhooks
|
||||
namespace: default
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: host-provisioner
|
||||
labels:
|
||||
app.kubernetes.io/name: host-provisioner
|
||||
app.kubernetes.io/component: host-provisioner
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: host-provisioner
|
||||
namespace: kube-public
|
||||
annotations:
|
||||
kubernetes.io/description: >-
|
||||
Allows the host-provisioner to access the _cluster-info_ ConfigMap,
|
||||
which it uses to get the connection details for the Kubernetes API
|
||||
server, including the issuing CA certificate, to pass to `kubeadm
|
||||
join` on a new worker node.
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ''
|
||||
resources:
|
||||
- configmaps
|
||||
verbs:
|
||||
- get
|
||||
resourceNames:
|
||||
- cluster-info
|
||||
- kube-root-ca.crt
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: host-provisioner
|
||||
annotations:
|
||||
kubernetes.io/description: >-
|
||||
Allows the host-provisioner to manipulate labels, taints, etc. on
|
||||
nodes it adds to the cluster.
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ''
|
||||
resources:
|
||||
- nodes
|
||||
verbs:
|
||||
- get
|
||||
- patch
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: host-provisioner
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: host-provisioner
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: host-provisioner
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: host-provisioner
|
||||
namespace: kube-system
|
||||
annotations:
|
||||
kubernetes.io/description: >-
|
||||
Allows the host-provisioner to create bootstrap tokens in order to
|
||||
add new nodes to the Kubernetes cluster.
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ''
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: host-provisioner
|
||||
namespace: kube-public
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: host-provisioner
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: host-provisioner
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: host-provisioner
|
||||
namespace: kube-system
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: host-provisioner
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: host-provisioner
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: host-provisioner
|
||||
namespace: victoria-metrics
|
||||
annotations:
|
||||
kubernetes.io/description: >-
|
||||
Allows the host-provisioner to update the scrape-collectd
|
||||
ConfigMap when adding new hosts.
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ''
|
||||
resources:
|
||||
- configmaps
|
||||
verbs:
|
||||
- patch
|
||||
- get
|
||||
resourceNames:
|
||||
- scrape-collectd
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: host-provisioner
|
||||
namespace: victoria-metrics
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: host-provisioner
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: host-provisioner
|
||||
|
||||
@@ -11,6 +11,3 @@ spec:
|
||||
path: grafana
|
||||
repoURL: https://git.pyrocufflink.blue/infra/kubernetes.git
|
||||
targetRevision: master
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
|
||||
@@ -24,66 +24,6 @@ configMapGenerator:
|
||||
- policy.csv
|
||||
|
||||
patches:
|
||||
- patch: |-
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: argocd-application-controller
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: argocd-application-controller
|
||||
imagePullPolicy: IfNotPresent
|
||||
|
||||
- patch: |-
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: argocd-notifications-controller
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: argocd-notifications-controller
|
||||
imagePullPolicy: IfNotPresent
|
||||
|
||||
- patch: |-
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: argocd-redis
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: redis
|
||||
imagePullPolicy: IfNotPresent
|
||||
|
||||
- patch: |-
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: argocd-repo-server
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: argocd-repo-server
|
||||
imagePullPolicy: IfNotPresent
|
||||
|
||||
- patch: |-
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: argocd-server
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: argocd-server
|
||||
imagePullPolicy: IfNotPresent
|
||||
|
||||
- patch: |-
|
||||
$patch: delete
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
|
||||
@@ -54,7 +54,7 @@ spec:
|
||||
- name: authelia
|
||||
image: ghcr.io/authelia/authelia
|
||||
env:
|
||||
- name: AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE
|
||||
- name: AUTHELIA_JWT_SECRET_FILE
|
||||
value: /run/authelia/secrets/jwt.secret
|
||||
- name: AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE
|
||||
value: /run/authelia/secrets/ldap.password
|
||||
|
||||
@@ -74,94 +74,74 @@ authentication_backend:
|
||||
implementation: activedirectory
|
||||
tls:
|
||||
minimum_version: TLS1.2
|
||||
address: ldaps://pyrocufflink.blue
|
||||
url: ldaps://pyrocufflink.blue
|
||||
user: CN=svc.authelia,CN=Users,DC=pyrocufflink,DC=blue
|
||||
|
||||
certificates_directory: /run/authelia/certs
|
||||
|
||||
identity_providers:
|
||||
oidc:
|
||||
claims_policies:
|
||||
default:
|
||||
id_token:
|
||||
- groups
|
||||
- email
|
||||
- email_verified
|
||||
- preferred_username
|
||||
- name
|
||||
clients:
|
||||
- client_id: e20a50c2-55eb-4cb1-96ce-fe71c61c1d89
|
||||
client_name: Jenkins
|
||||
client_secret: >-
|
||||
- id: e20a50c2-55eb-4cb1-96ce-fe71c61c1d89
|
||||
description: Jenkins
|
||||
secret: >-
|
||||
$argon2id$v=19$m=65536,t=3,p=4$qoo6+3ToLbsZOI/BxcppGw$srNBfpIHqpxLh+VfVNNe27A1Ci9dCKLfB8rWXLNkv44
|
||||
redirect_uris:
|
||||
- https://jenkins.pyrocufflink.blue/securityRealm/finishLogin
|
||||
response_types:
|
||||
- code
|
||||
scopes:
|
||||
- openid
|
||||
- groups
|
||||
- profile
|
||||
- email
|
||||
- offline_access
|
||||
- address
|
||||
- phone
|
||||
authorization_policy: one_factor
|
||||
pre_configured_consent_duration: 8h
|
||||
token_endpoint_auth_method: client_secret_post
|
||||
- client_id: kubernetes
|
||||
client_name: Kubernetes
|
||||
- id: kubernetes
|
||||
description: Kubernetes
|
||||
public: true
|
||||
claims_policy: default
|
||||
redirect_uris:
|
||||
- http://localhost:8000
|
||||
- http://localhost:18000
|
||||
authorization_policy: one_factor
|
||||
pre_configured_consent_duration: 8h
|
||||
- client_id: 1b6adbfc-d9e0-4cab-b780-e410639dc420
|
||||
client_name: MinIO
|
||||
client_secret: >-
|
||||
- id: 1b6adbfc-d9e0-4cab-b780-e410639dc420
|
||||
description: MinIO
|
||||
secret: >-
|
||||
$pbkdf2-sha512$310000$TkQ1BwLrr.d8AVGWk2rLhA$z4euAPhkkZdjcxKFD3tZRtNQ/R78beW7epJ.BGFWSwQdAme5TugNj9Ba.aL5TEqrBDmXRW0xiI9EbxSszckG5A
|
||||
redirect_uris:
|
||||
- https://burp.pyrocufflink.blue:9090/oauth_callback
|
||||
- https://minio.backups.pyrocufflink.blue/oauth_callback
|
||||
claims_policy: default
|
||||
- client_id: step-ca
|
||||
client_name: step-ca
|
||||
- id: step-ca
|
||||
description: step-ca
|
||||
public: true
|
||||
claims_policy: default
|
||||
redirect_uris:
|
||||
- http://127.0.0.1
|
||||
pre_configured_consent_duration: 8h
|
||||
- client_id: argocd
|
||||
client_name: Argo CD
|
||||
claims_policy: default
|
||||
- id: argocd
|
||||
description: Argo CD
|
||||
pre_configured_consent_duration: 8h
|
||||
redirect_uris:
|
||||
- https://argocd.pyrocufflink.blue/auth/callback
|
||||
client_secret: >-
|
||||
secret: >-
|
||||
$pbkdf2-sha512$310000$l/uOezgWjqe3boGLYAnKcg$uqn1FC8Lj2y1NG5Q91PeLfLLUQ.qtlKFLd0AWJ56owLME9mV/Zx8kQ2x7OS/MOoMLmUgKd4zogYKab2HGFr0kw
|
||||
- client_id: argocd-cli
|
||||
client_name: argocd CLI
|
||||
- id: argocd-cli
|
||||
description: argocd CLI
|
||||
public: true
|
||||
claims_policy: default
|
||||
pre_configured_consent_duration: 8h
|
||||
audience:
|
||||
- argocd-cli
|
||||
redirect_uris:
|
||||
- http://localhost:8085/auth/callback
|
||||
response_types:
|
||||
- code
|
||||
scopes:
|
||||
- openid
|
||||
- groups
|
||||
- profile
|
||||
- email
|
||||
- groups
|
||||
- offline_access
|
||||
- client_id: sshca
|
||||
client_name: SSHCA
|
||||
- id: sshca
|
||||
description: SSHCA
|
||||
public: true
|
||||
claims_policy: default
|
||||
pre_configured_consent_duration: 4h
|
||||
redirect_uris:
|
||||
- http://127.0.0.1
|
||||
@@ -177,18 +157,17 @@ log:
|
||||
notifier:
|
||||
smtp:
|
||||
disable_require_tls: true
|
||||
address: 'mail.pyrocufflink.blue:25'
|
||||
host: mail.pyrocufflink.blue
|
||||
port: 25
|
||||
sender: auth@pyrocufflink.net
|
||||
|
||||
session:
|
||||
domain: pyrocufflink.blue
|
||||
expiration: 1d
|
||||
inactivity: 4h
|
||||
redis:
|
||||
host: redis
|
||||
port: 6379
|
||||
cookies:
|
||||
- domain: pyrocufflink.blue
|
||||
authelia_url: 'https://auth.pyrocufflink.blue'
|
||||
|
||||
server:
|
||||
buffers:
|
||||
@@ -196,7 +175,7 @@ server:
|
||||
|
||||
storage:
|
||||
postgres:
|
||||
address: postgresql.pyrocufflink.blue
|
||||
host: postgresql.pyrocufflink.blue
|
||||
database: authelia
|
||||
username: authelia
|
||||
password: unused
|
||||
|
||||
@@ -37,7 +37,6 @@ patches:
|
||||
spec:
|
||||
containers:
|
||||
- name: authelia
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: AUTHELIA_STORAGE_POSTGRES_TLS_CERTIFICATE_CHAIN_FILE
|
||||
value: /run/authelia/certs/postgresql/tls.crt
|
||||
@@ -58,4 +57,4 @@ patches:
|
||||
name: dch-root-ca
|
||||
images:
|
||||
- name: ghcr.io/authelia/authelia
|
||||
newTag: 4.39.4
|
||||
newTag: 4.38.19
|
||||
|
||||
@@ -22,7 +22,6 @@ patches:
|
||||
spec:
|
||||
containers:
|
||||
- name: cluster-autoscaler
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- ./cluster-autoscaler
|
||||
- --v=4
|
||||
|
||||
@@ -9,6 +9,21 @@ certs:
|
||||
namespace: default
|
||||
key: acme.sh/dustin.hatch.name/dustin.hatch.name.key
|
||||
cert: acme.sh/dustin.hatch.name/fullchain.cer
|
||||
- name: hatchchat-cert
|
||||
namespace: default
|
||||
key: certificates/hatch.chat.key
|
||||
cert: certificates/hatch.chat.crt
|
||||
bundle: certificates/hatch.chat.pem
|
||||
- name: tabitha-cert
|
||||
namespace: default
|
||||
key: certificates/tabitha.biz.key
|
||||
cert: certificates/tabitha.biz.crt
|
||||
bundle: certificates/tabitha.biz.pem
|
||||
- name: chmod777-cert
|
||||
namespace: default
|
||||
key: certificates/chmod777.sh.key
|
||||
cert: certificates/chmod777.sh.crt
|
||||
bundle: certificates/chmod777.sh.pem
|
||||
- name: dustinandtabitha-cert
|
||||
namespace: default
|
||||
key: certificates/dustinandtabitha.com.key
|
||||
@@ -19,3 +34,8 @@ certs:
|
||||
key: certificates/hatchlearningcenter.org.key
|
||||
cert: certificates/hatchlearningcenter.org.crt
|
||||
bundle: certificates/hatchlearningcenter.org.pem
|
||||
- name: appsxyz-cert
|
||||
namespace: default
|
||||
key: certificates/apps.du5t1n.xyz.key
|
||||
cert: certificates/apps.du5t1n.xyz.crt
|
||||
bundle: certificates/apps.du5t1n.xyz.pem
|
||||
|
||||
@@ -19,8 +19,12 @@ rules:
|
||||
resourceNames:
|
||||
- pyrocufflink-cert
|
||||
- dustinhatchname-cert
|
||||
- hatchchat-cert
|
||||
- tabitha-cert
|
||||
- chmod777-cert
|
||||
- dustinandtabitha-cert
|
||||
- hlc-cert
|
||||
- appsxyz-cert
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
|
||||
@@ -35,6 +35,60 @@ spec:
|
||||
algorithm: ECDSA
|
||||
rotationPolicy: Always
|
||||
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: hatchchat-cert
|
||||
spec:
|
||||
secretName: hatchchat-cert
|
||||
dnsNames:
|
||||
- hatch.chat
|
||||
- '*.hatch.chat'
|
||||
issuerRef:
|
||||
group: cert-manager.io
|
||||
kind: ClusterIssuer
|
||||
name: zerossl
|
||||
privateKey:
|
||||
algorithm: ECDSA
|
||||
rotationPolicy: Always
|
||||
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: tabitha-cert
|
||||
spec:
|
||||
secretName: tabitha-cert
|
||||
dnsNames:
|
||||
- tabitha.biz
|
||||
- '*.tabitha.biz'
|
||||
issuerRef:
|
||||
group: cert-manager.io
|
||||
kind: ClusterIssuer
|
||||
name: zerossl
|
||||
privateKey:
|
||||
algorithm: ECDSA
|
||||
rotationPolicy: Always
|
||||
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: chmod777-cert
|
||||
spec:
|
||||
secretName: chmod777-cert
|
||||
dnsNames:
|
||||
- chmod777.sh
|
||||
- '*.chmod777.sh'
|
||||
issuerRef:
|
||||
group: cert-manager.io
|
||||
kind: ClusterIssuer
|
||||
name: zerossl
|
||||
privateKey:
|
||||
algorithm: ECDSA
|
||||
rotationPolicy: Always
|
||||
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
@@ -82,3 +136,20 @@ spec:
|
||||
privateKey:
|
||||
algorithm: ECDSA
|
||||
rotationPolicy: Always
|
||||
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: appsxyz-cert
|
||||
spec:
|
||||
secretName: appsxyz-cert
|
||||
dnsNames:
|
||||
- apps.du5t1n.xyz
|
||||
issuerRef:
|
||||
group: cert-manager.io
|
||||
kind: ClusterIssuer
|
||||
name: zerossl
|
||||
privateKey:
|
||||
algorithm: ECDSA
|
||||
rotationPolicy: Always
|
||||
|
||||
@@ -1,30 +0,0 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: jenkins
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ''
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
resourceNames:
|
||||
- pyrocufflink-cert
|
||||
- dustinhatchname-cert
|
||||
- dustinandtabitha-cert
|
||||
- hlc-cert
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: jenkins
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: jenkins
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: default
|
||||
namespace: jenkins-jobs
|
||||
@@ -8,7 +8,6 @@ resources:
|
||||
- cert-exporter.yaml
|
||||
- dch-ca-issuer.yaml
|
||||
- secrets.yaml
|
||||
- jenkins.yaml
|
||||
|
||||
configMapGenerator:
|
||||
- name: cert-exporter
|
||||
@@ -53,13 +52,3 @@ patches:
|
||||
nameservers:
|
||||
- 172.30.0.1
|
||||
dnsPolicy: None
|
||||
- patch: |
|
||||
- op: add
|
||||
path: /spec/template/spec/containers/0/args/-
|
||||
value: >-
|
||||
--dns01-recursive-nameservers-only
|
||||
target:
|
||||
group: apps
|
||||
version: v1
|
||||
kind: Deployment
|
||||
name: cert-manager
|
||||
|
||||
@@ -90,15 +90,11 @@ spec:
|
||||
- mountPath: /tmp
|
||||
name: tmp
|
||||
subPath: tmp
|
||||
- mountPath: /var/tmp
|
||||
name: tmp
|
||||
subPath: tmp
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
serviceAccountName: host-provisioner
|
||||
volumes:
|
||||
- name: dch-root-ca
|
||||
configMap:
|
||||
|
||||
@@ -66,7 +66,6 @@ spec:
|
||||
containers:
|
||||
- name: firefly-iii
|
||||
image: docker.io/fireflyiii/core:version-6.0.19
|
||||
imagePullPolicy: IfNotPresent
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: firefly-iii
|
||||
@@ -128,7 +127,6 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- image: docker.io/library/busybox
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: wget
|
||||
command:
|
||||
- wget
|
||||
|
||||
@@ -55,4 +55,4 @@ patches:
|
||||
defaultMode: 0640
|
||||
images:
|
||||
- name: docker.io/fireflyiii/core
|
||||
newTag: version-6.2.20
|
||||
newTag: version-6.2.9
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
apiVersion: 1
|
||||
|
||||
datasources:
|
||||
- name: Victoria Logs
|
||||
type: victoriametrics-logs-datasource
|
||||
access: proxy
|
||||
url: https://logs.pyrocufflink.blue
|
||||
jsonData:
|
||||
tlsAuth: true
|
||||
tlsAuthWithCACert: true
|
||||
secureJsonData:
|
||||
tlsCACert: $__file{/run/dch-ca/dch-root-ca.crt}
|
||||
tlsClientCert: $__file{/run/secrets/du5t1n.me/loki/tls.crt}
|
||||
tlsClientKey: $__file{/run/secrets/du5t1n.me/loki/tls.key}
|
||||
@@ -594,6 +594,42 @@ global_api_key = -1
|
||||
# global limit on number of logged in users.
|
||||
global_session = -1
|
||||
|
||||
#################################### Alerting ############################
|
||||
[alerting]
|
||||
# Disable alerting engine & UI features
|
||||
enabled = true
|
||||
# Makes it possible to turn off alert rule execution but alerting UI is visible
|
||||
execute_alerts = true
|
||||
|
||||
# Default setting for new alert rules. Defaults to categorize error and timeouts as alerting. (alerting, keep_state)
|
||||
error_or_timeout = alerting
|
||||
|
||||
# Default setting for how Grafana handles nodata or null values in alerting. (alerting, no_data, keep_state, ok)
|
||||
nodata_or_nullvalues = no_data
|
||||
|
||||
# Alert notifications can include images, but rendering many images at the same time can overload the server
|
||||
# This limit will protect the server from render overloading and make sure notifications are sent out quickly
|
||||
concurrent_render_limit = 5
|
||||
|
||||
# Default setting for alert calculation timeout. Default value is 30
|
||||
evaluation_timeout_seconds = 30
|
||||
|
||||
# Default setting for alert notification timeout. Default value is 30
|
||||
notification_timeout_seconds = 30
|
||||
|
||||
# Default setting for max attempts to sending alert notifications. Default value is 3
|
||||
max_attempts = 3
|
||||
|
||||
# Makes it possible to enforce a minimal interval between evaluations, to reduce load on the backend
|
||||
min_interval_seconds = 1
|
||||
|
||||
# Configures for how long alert annotations are stored. Default is 0, which keeps them forever.
|
||||
# This setting should be expressed as an duration. Ex 6h (hours), 10d (days), 2w (weeks), 1M (month).
|
||||
max_annotation_age =
|
||||
|
||||
# Configures max number of alert annotations that Grafana stores. Default value is 0, which keeps all alert annotations.
|
||||
max_annotations_to_keep =
|
||||
|
||||
#################################### Annotations #########################
|
||||
|
||||
[annotations.dashboard]
|
||||
|
||||
@@ -76,8 +76,6 @@ spec:
|
||||
- mountPath: /etc/grafana/provisioning/datasources
|
||||
name: datasources
|
||||
readOnly: true
|
||||
- mountPath: /tmp
|
||||
name: tmp
|
||||
- mountPath: /run/secrets/grafana
|
||||
name: secrets
|
||||
readOnly: true
|
||||
@@ -98,9 +96,6 @@ spec:
|
||||
- name: grafana
|
||||
persistentVolumeClaim:
|
||||
claimName: grafana
|
||||
- name: tmp
|
||||
emptyDir:
|
||||
medium: Memory
|
||||
- name: secrets
|
||||
secret:
|
||||
secretName: grafana
|
||||
|
||||
@@ -28,7 +28,6 @@ configMapGenerator:
|
||||
- name: datasources
|
||||
files:
|
||||
- datasources/loki.yml
|
||||
- datasources/victoria-logs.yml
|
||||
|
||||
patches:
|
||||
- patch: |-
|
||||
@@ -55,7 +54,3 @@ patches:
|
||||
- name: loki-client-cert
|
||||
secret:
|
||||
secretName: loki-client-cert
|
||||
|
||||
images:
|
||||
- name: docker.io/grafana/grafana
|
||||
newTag: 11.5.5
|
||||
|
||||
@@ -52,16 +52,6 @@ spec:
|
||||
app.kubernetes.io/name: home-assistant
|
||||
app.kubernetes.io/part-of: home-assistant
|
||||
spec:
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- weight: 100
|
||||
preference:
|
||||
matchExpressions:
|
||||
- key: kubernetes.io/arch
|
||||
operator: In
|
||||
values:
|
||||
- arm64
|
||||
containers:
|
||||
- name: home-assistant
|
||||
image: ghcr.io/home-assistant/home-assistant:2023.10.3
|
||||
@@ -84,11 +74,15 @@ spec:
|
||||
failureThreshold: 300
|
||||
periodSeconds: 3
|
||||
initialDelaySeconds: 3
|
||||
securityContext:
|
||||
runAsUser: 300
|
||||
runAsGroup: 300
|
||||
volumeMounts:
|
||||
- name: home-assistant-data
|
||||
mountPath: /config
|
||||
subPath: data
|
||||
hostUsers: false
|
||||
securityContext:
|
||||
fsGroup: 300
|
||||
volumes:
|
||||
- name: home-assistant-data
|
||||
persistentVolumeClaim:
|
||||
|
||||
@@ -18,7 +18,6 @@ resources:
|
||||
- zwavejs2mqtt.yaml
|
||||
- piper.yaml
|
||||
- whisper.yaml
|
||||
- mqtt2vl.yaml
|
||||
- ingress.yaml
|
||||
- ../dch-root-ca
|
||||
|
||||
@@ -45,10 +44,6 @@ configMapGenerator:
|
||||
files:
|
||||
- mosquitto.conf
|
||||
|
||||
- name: mqtt2vl
|
||||
files:
|
||||
- mqtt2vl.toml
|
||||
|
||||
- name: zigbee2mqtt
|
||||
envs:
|
||||
- zigbee2mqtt.env
|
||||
@@ -121,49 +116,16 @@ patches:
|
||||
- name: dch-root-ca
|
||||
configMap:
|
||||
name: dch-root-ca
|
||||
- patch: |-
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: mqtt2vl
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: mqtt2vl
|
||||
env:
|
||||
- name: SSL_CERT_FILE
|
||||
value: /run/dch-ca/dch-root-ca.crt
|
||||
volumeMounts:
|
||||
- mountPath: /run/dch-ca/
|
||||
name: dch-root-ca
|
||||
readOnly: true
|
||||
- mountPath: /run/secrets/du51tn.xyz/mqtt2vl
|
||||
name: secrets
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: dch-root-ca
|
||||
configMap:
|
||||
name: dch-root-ca
|
||||
- name: secrets
|
||||
secret:
|
||||
secretName: mqtt2vl
|
||||
defaultMode: 0640
|
||||
|
||||
images:
|
||||
- name: ghcr.io/home-assistant/home-assistant
|
||||
newTag: 2025.7.1
|
||||
newTag: 2025.3.4
|
||||
- name: docker.io/rhasspy/wyoming-whisper
|
||||
newTag: 2.5.0
|
||||
- name: docker.io/rhasspy/wyoming-piper
|
||||
newTag: 1.6.2
|
||||
- name: ghcr.io/koenkk/zigbee2mqtt
|
||||
newTag: 2.4.0
|
||||
- name: ghcr.io/zwave-js/zwave-js-ui
|
||||
newTag: 10.7.0
|
||||
- name: docker.io/library/eclipse-mosquitto
|
||||
newTag: 2.0.22
|
||||
- name: docker.io/rhasspy/wyoming-piper
|
||||
newTag: 1.5.0
|
||||
- name: docker.io/koenkk/zigbee2mqtt
|
||||
newTag: 2.5.1
|
||||
newTag: 2.1.3
|
||||
- name: docker.io/zwavejs/zwave-js-ui
|
||||
newTag: 10.9.0
|
||||
newTag: 10.1.3
|
||||
- name: docker.io/library/eclipse-mosquitto
|
||||
newTag: 2.0.21
|
||||
|
||||
@@ -55,18 +55,6 @@ spec:
|
||||
app.kubernetes.io/name: mosquitto
|
||||
app.kubernetes.io/part-of: home-assistant
|
||||
spec:
|
||||
affinity:
|
||||
podAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- weight: 100
|
||||
podAffinityTerm:
|
||||
labelSelector:
|
||||
matchExpressions:
|
||||
- key: app.kubernetes.io/name
|
||||
operator: In
|
||||
values:
|
||||
- home-assistant
|
||||
topologyKey: kubernetes.io/hostname
|
||||
containers:
|
||||
- name: mosquitto
|
||||
image: docker.io/library/eclipse-mosquitto:2.0.15
|
||||
|
||||
@@ -1,11 +0,0 @@
|
||||
[mqtt]
|
||||
url = "mqtts://mqtt.pyrocufflink.blue"
|
||||
username = "mqtt2vl"
|
||||
password_file = "/run/secrets/du51tn.xyz/mqtt2vl/mqtt.password"
|
||||
topics = [
|
||||
"poolsensor/debug",
|
||||
"garden1/debug",
|
||||
]
|
||||
|
||||
[http]
|
||||
url = "https://logs.pyrocufflink.blue/insert/jsonline?_stream_fields=topic"
|
||||
@@ -1,43 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/component: mqtt2vl
|
||||
app.kubernetes.io/name: mqtt2vl
|
||||
app.kubernetes.io/part-of: home-assistant
|
||||
name: mqtt2vl
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/component: mqtt2vl
|
||||
app.kubernetes.io/name: mqtt2vl
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/component: mqtt2vl
|
||||
app.kubernetes.io/name: mqtt2vl
|
||||
app.kubernetes.io/part-of: home-assistant
|
||||
spec:
|
||||
containers:
|
||||
- name: mqtt2vl
|
||||
image: git.pyrocufflink.net/containerimages/mqtt2vl
|
||||
imagePullPolicy: Always
|
||||
args:
|
||||
- /etc/mqtt2vl/mqtt2vl.toml
|
||||
env:
|
||||
- name: RUST_LOG
|
||||
value: info,mqtt2vl=debug
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
volumeMounts:
|
||||
- mountPath: /etc/mqtt2vl
|
||||
name: config
|
||||
readOnly: true
|
||||
securityContext:
|
||||
runAsUser: 29734
|
||||
runAsGroup: 29734
|
||||
fsGroup: 29734
|
||||
volumes:
|
||||
- name: config
|
||||
configMap:
|
||||
name: mqtt2vl
|
||||
@@ -36,18 +36,6 @@ spec:
|
||||
app.kubernetes.io/name: piper
|
||||
app.kubernetes.io/part-of: home-assistant
|
||||
spec:
|
||||
affinity:
|
||||
podAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- weight: 100
|
||||
podAffinityTerm:
|
||||
labelSelector:
|
||||
matchExpressions:
|
||||
- key: app.kubernetes.io/name
|
||||
operator: In
|
||||
values:
|
||||
- home-assistant
|
||||
topologyKey: kubernetes.io/hostname
|
||||
containers:
|
||||
- name: piper
|
||||
image: docker.io/rhasspy/wyoming-piper:1.3.2
|
||||
|
||||
@@ -7,7 +7,7 @@ metadata:
|
||||
namespace: home-assistant
|
||||
spec:
|
||||
encryptedData:
|
||||
passwd: AgBbjHLTpEZlxT1KH90K9LtkyqrhmpUSC/komksX+lZZYxqa9qqTFE5DFSqqPf/M2cxEmZSrQfn5lkKUHZRaCT8tHmCULRvxFNPnmucLxyilQcbF6serER78kr85KdZI30LSY9WxIyJcElIL2BUdsKEZwhwdjTn3FDHUxhysMuIZBEXnigwZ16LzpC4bqWEZrohgU043gPffFL51kT4l0c6atEgAoqlhjeHmOix8a6jUwxO6fJvDfyxGskY2lVAmmlbuFKBkJnYp1NF10nhimwDl6R0yy7du8Vlg50lqE5MvIiIGuG0d+Ly5ePT5qRy+Si9JiFHrtIG7LKXuAB/dztxayRnzEw4wiXfCDA2UGoL/EdbxorcIcol9HfjHwpWtvLBUES3UIMv86GGE9L4R83rQf7geLWpYRD7O7mZ8E3N+59xO8WOlMo9wjnymYOkkUmSSxdR1Zj08W2gvjXf1pWW4dEn7nNVLG56+/8nChgAY7d3EOKC0cQflrc3TpU6Fh2DDEA+uBASgvJi8ZxDb2hTPbXEBxsMrtSU+s0NqiTm425HeqINpElOBhdP1KgXbhFVUG+ET5mzcwnY4HicakiFq882kBI5rB9+SgTSS5GxQyzFDjLH2HPURF2JEpugWgJa/YcHrX1pa8ksbymJOz63Zi2197V/k25eiJI9imOOMAvIm7xYhOuPeV9Gy7yEU7Pyli82M2Q+MDLCk3PbQirJOA1Ja/B/vBXCNdByoW1RUo5K+6Pd6qxlMvHvlBiHhH2XKYZec14bJNkynwv1Su07AJgaoznMglJm+kEvFyIOPnJQ1yIkdgT5uO/9VC6JNhgHtqd0EVoADZZl8tdgU3wGZpK9xNkRyn7Edxcpq5cl+JmTLUcbLtMfFSlS9fOycJaivyKsScRTHl9mC+kzSGEMZYKVlZN/ualVoQ+jOYuFOdth/Uq5ZpDXPeSdThE90fSj5Gg8BiRW4BL7E8/A1LBeiZQITRajhsIwyjmum7EVXQEQ+xKPlV8etI0XixuUZrXEc8V7wyFtX43D64VQOVlDegx3WbdLGc1Qh24rej1NnK+v8d9XBlgsSSmuwp5udMTQ7kXNyWdgkb7qVk1mmXTD0SHagNzsWSHCOlfvY8XFeVkLe1XlxES7wR/Q7bKeSAtOA8i41/u9q7b2099g4J/skIDa/QYQEotFsCyqSLxxtJ/gng8cX3yesZmite2M//v2nnhsGd+qTHLyEmL+2aE0xDDJzommQhDPKg6u2ML6OkmBNYK7WrdSZ1dQJz+ForM9pOPkf4TX3ZT9SU8caxMhuQ8AfG4tQt5hgdM/F9+iu2d5tz0+MP+n5oFiFDQ8uDm1N6vEhPNxqeH2kCyZMdD8wLYt2rNKs6TcKkOMUZcehBZdefSHBoWpl3NciIek/lyZ0tV4AM1uMO/jUViS+xVDIDSpyQvy3ru3UJV/poiNbzO2eAH2RmA5+WlJsKc2ihP5ZQ/BAYw+N7/pM97Qqes9J0yf+7Rny6EBnB5vlIBrbz6B6A3246pbGg7AXCTd0V9QEFgk+PrvLyEzYmJL75JV3UvU1qEVIg68a2sXYHRTSCoKYoy70pqIgP5MxM8THTyiDg1bRsItI/CxTZsHRbJ6w2kCCV/f8oORIjF/eufh1iuKnPVc9HqEnymtocnuRIZUrk3f0LtRLktR45++pKgjZkmcrj3yeQknmof/4s3zf5m53CXCOgX6OBtI+RxMZe6f+uA1gBXYK+RfFBYOgFXWxFwEzLrpSVj4IeBw79aenZUX8Wh4HEjsmX/XHFJeZbzV9fOheapXwLk/76pwYt7pHyMRTXtHT0pL+NTd+NndVZtlZDMD/IqWNuRw1v+CetmPWxIQUDnTw5iBiWr92AhvT20YuVsigszEDYsp/pSO3kshfrLoWMFIqS1in39dwh1jYgqJnNMljX5nfkc9R/fOU8y85bxFUWi7iCa3a/IN+4tl7F5J1IHkAIEOjNu5hWbGLFvHS0AK347a9A9lqVF0ZC7BGTJTJe+umEM1tOol7C9F5BRV1SDlAp+x9eGHegzGkU99nZl5AVxgtdmhFooC1AlAVcyawKKpUhEWxnVfPFq5WWvPj9ePCaMAK7iaLyEsU3Sm7tc1QEI2wyP57UiW7tBPwi/ILwnrpCMKSoqg2m2ZOwTw69pLsos2IS61sUw64GX2dQ1VojPcohhuNHuxLKwXGbROw3Bk7E1+4ItYarxWhxjeAGNhwKn1h95WV78sVsG8qdQbd9SZOCHy8WXU0JYKe0oAxrRMozsJePJ07xxClIKx8EBiEioHQRBUExQpgqR2I8FPpCvklEPK5kdca/c8UwfZ5uwRU
|
||||
passwd: AgB2pNlStPqi5gg6OMCcEg9RIyZms+w/MP20viWdi18vlvLHUXGvNASY2YJJ7r9S+OwI+cd9x+v4Bd3uVWwaivoPOUn+fFlKuY9rljal2+WMc99NFbZNXzZ798FMtd+z1jsRG/be0P+1TnpZXp/yxZIfGw+SHuiPtn713X+T9aqgY5HHMckwgvMweQuPLggDxcu/mwlHA4mZLh0up3PekvIRhsvZT0QaFOgBqtSEb0gJauiZj+QAcKHeQR9SeRNr8OI9O/n+coOgoXFxKVJZN5ftja5bmMXhA4zo6i624BMtYQLPBiCkaHt/Xg9/m38JDuyWaMWRv4QyPPkEp1RvxheMIQMW8CwDfaH9rtjnRy9Apbt0CsRFSabFcVPxIEBqwp6twWm8GbCcosLvIPpjYBZzW1R/2VdvMF0D57+UvzX9/yMNiA+d1sl6v7ffsrqirWUPDeCLOYP6EA5k3OhUzJBeZAG5SC+8v0IfW9Q32yClwYyeyVKn4osaHlPbgH61jocKhfQq0a7JINauhjW3fHYB9GM9WitxSMLNEEhVOpRsVCb+vMGMEtPsZiLzjEe8FXsi09kgREQ//lGEFWD8mLXZvusTsqFlxFF1YWMpC2tqMOxC4Gui9U7bQo1qklejFf0xkFnlgJz2mTK8V4mk1ZCXMmtk44MNojnj4sweFLaSECxi7ISy8t4zCwbIJiIbumMvYkMleBMhV1Bd1LggYFYQ3qWzl6dhShPRgnGIJkf96yK/2rq7XW3NstIaN7LnjSNzlY89EQ2ctUHrRjFE3N4Y42Y/8Hpd003IzX8SrnbitMBphxTzzHxbTGs9yGlGQUtvttzenQblUgylystYELR/647nDGnLM/D1Xfpo2BvckyN0s1tNOzMgqOPAYbrh4K/nIfzEK0z2NX8j5crlhen+DVARK6AmTaprZWMksN20b5Ict/FiZddA3fBYB8Nj55S5Mal4yQxIbVITPhBBPB+58Qw+VeaMb7Jaqbt2KNHJDvgLgSVYnXVqlyCgl9ONv6iiR9sAqAvY6wZ5Rm6xeIJGExfshoRRZlyFCPZneNMm/kTTeINMNL5/kUXMCpCmsaD0iV9VTG7kg0QbFa2zXGsPtRwFffv09E2gtDTtYd1X7ChG5Sv9ek/owBUIpNWsHjw3Cxb8IegBBIQAxR4T6f2UP1trja+zS1ARdKfer8HTgxKLsk/baMFckdyqa45TUqz+DSgnG3lIeOq3HcLqJ6OWC9GHs661/3SGxRJL0QVY9iwQjZqg9bYG6ULvdCbKe85HMyuz/8yPh+Qrhth8EsW5fydIcwO9OHLKsCYWD0Nv3cUDGQmT2FLFph6xbC6XGLi0ZvqU3zyqRLbmbaRglU+jjBh6kXSvUjWqYFwS7QuyLdGtFnX0qB5rQOLjAGlDfaTHUooUcRYKw9pNuHqaoTLC+dqwXiGvnxEbwGvWC/Y1f0y4qCM5mMdfd1V8vjJ7GZs2+3+8B3x7Rbwh3dn66nkknoPLFSkx6XCmNV2dm4beU111IahBO0I2YUKCTyczVPusz0AMQbvPJoPXFLn4IRTKTN1vWNigMFP9hZk+DI2yeX0RWq8Rb9rBF949PY/v2VoCe7LW02zzkjd7OT/Ws3p5PQNGtOcutsMJcq78RhET311s7cw+Wv5ivd1DGIHzR3mqqeUvS2LgS4dnYyqIaWvqXkV1Hh8cv96T/bDadFc6hIesrX5/wALzehNlJDeeKlxk/iYemypZ/ACpFr3385LQ6SGEsO0XKnb1hAxV09H086EPCsTniEaitlmZdl0CWqTq21eMERCvOzfGlR0WTc4NuFJU00n9Pr3z7UvRDiHzqO4fcH7BCeokvNek554bepU1iE1sKyZ/QoXSPjQ+W+K1YwyVcPaAoSF5NhyDteKTltD31qejNWWFvBqgiwKJWVP3dy+lHkHKyKdjy9y9sbbcs4ljVqPXllsju7RnEF02VbNRKE2li6drjNsJ/9+/QIo3vE2fnObOQ9441ftwA0IEFLM2/um8itM0pZGZCh6zHAYRychgx3RF1cJXF+DOnnSDmef3A84FNyqi5AVbwLRXQ7nF+U9CGGTYelcZ6qoAMj5hdn0t00UWEuTa9r6G2B7R4lUNEQQRnhR+iFHZW7Xg7zKfI/k6x4zqR9H9Gjwqf0vkwc7Zu5oG2vvjK2L+2zo=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
@@ -32,27 +32,3 @@ spec:
|
||||
metadata:
|
||||
name: home-assistant
|
||||
namespace: home-assistant
|
||||
|
||||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: mqtt2vl
|
||||
namespace: home-assistant
|
||||
labels:
|
||||
app.kubernetes.io/name: mqtt2vl
|
||||
app.kubernetes.io/component: mqtt2vl
|
||||
app.kubernetes.io/part-of: home-assistant
|
||||
spec:
|
||||
encryptedData:
|
||||
mqtt.password: AgBOYdOxapXUPTAtiKaHDIrY1yo9IFBP2CtcuLy66jl7kBvhlervt2Xru+AWoapTVcZ3Jj4VgfKwiEJVw+g9Zn6xyklNobCkmT4XREnjSxtVDSDRRVDF/uIOqEWLldKRwXPldjDw5OYzTB8/P1e/ndiDV5InmbIcsvGRsSd+GG9CVy/toK2iQMQfiN+pAGv4DdqI0g7uwaLWxVWdnx3k0i64cdW3ZxmxS1E/686DJu311aKGpXJkTUOyIpPCdWs02lJdt/zMdfHCf+6nZKs/In5KK4+/uEGxP1crtGlrhGI+za/bBfKQcsIr8JU26ARfbWP2W//p+8h4zen4uel+NCRvRrYsJW4AsZGOzX8Ti++x8SQIcaSDTcuk4/Y93XWO8+6zuETc4sJ85jkyEXQPKYUrQQeRcWEdi3RqNlKY2YvzC8GWWmTJ3k2KU9yoqiYrWoqucixKzJg/wPTluKyD053d/j8dbLziJ4KDahPa50gSP1D9v6jQc8wrj8oQCWuNi6O5TssCAhaHe13xXH5XscoGDiezp5+M2rfWOR0xBHx4LRLldI75Qyb12yvbZ1+p+DYD+JnQyc/Yoq7emfzJOPItGY3f+bXFe8PWO0etKY0BLpoI5PlLk0hIqKZOu5VcAwZVU9vbr4cyKoLEsGPxLf8l/VAmULp8Wm4a2Wbm02qcOXJPP3ZAF6nJJSHS+iz/i13nRG7ZyXL4OA77THuLElKGehQ0456S8g5+s7Y6h5hspg==
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: mqtt2vl
|
||||
namespace: home-assistant
|
||||
labels:
|
||||
app.kubernetes.io/name: mqtt2vl
|
||||
app.kubernetes.io/component: mqtt2vl
|
||||
app.kubernetes.io/part-of: home-assistant
|
||||
|
||||
@@ -36,27 +36,12 @@ spec:
|
||||
app.kubernetes.io/name: whisper
|
||||
app.kubernetes.io/part-of: home-assistant
|
||||
spec:
|
||||
affinity:
|
||||
podAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- weight: 100
|
||||
podAffinityTerm:
|
||||
labelSelector:
|
||||
matchExpressions:
|
||||
- key: app.kubernetes.io/name
|
||||
operator: In
|
||||
values:
|
||||
- home-assistant
|
||||
topologyKey: kubernetes.io/hostname
|
||||
containers:
|
||||
- name: whisper
|
||||
image: docker.io/rhasspy/wyoming-whisper:1.0.0
|
||||
args:
|
||||
- --model=base
|
||||
- --language=en
|
||||
env:
|
||||
- name: HF_HOME
|
||||
value: /data/hf.cache
|
||||
ports:
|
||||
- containerPort: 10300
|
||||
name: wyoming
|
||||
|
||||
@@ -55,13 +55,12 @@ spec:
|
||||
nodeSelector:
|
||||
node-role.kubernetes.io/zigbee-ctrl: ''
|
||||
tolerations:
|
||||
- key: node-role.kubernetes.io/zigbee-ctrl
|
||||
effect: NoSchedule
|
||||
- key: node-role.kubernetes.io/zwave-ctrl
|
||||
effect: NoSchedule
|
||||
- key: du5t1n.me/machine
|
||||
value: raspberrypi
|
||||
effect: NoExecute
|
||||
containers:
|
||||
- name: zigbee2mqtt
|
||||
image: ghcr.io/koenkk/zigbee2mqtt:1.33.1
|
||||
image: docker.io/koenkk/zigbee2mqtt:1.33.1
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: zigbee2mqtt
|
||||
|
||||
@@ -57,13 +57,12 @@ spec:
|
||||
nodeSelector:
|
||||
node-role.kubernetes.io/zwave-ctrl: ''
|
||||
tolerations:
|
||||
- key: node-role.kubernetes.io/zigbee-ctrl
|
||||
effect: NoSchedule
|
||||
- key: node-role.kubernetes.io/zwave-ctrl
|
||||
effect: NoSchedule
|
||||
- key: du5t1n.me/machine
|
||||
value: raspberrypi
|
||||
effect: NoExecute
|
||||
containers:
|
||||
- name: zwavejs2mqtt
|
||||
image: ghcr.io/zwave-js/zwave-js-ui:9.1.2
|
||||
image: docker.io/zwavejs/zwave-js-ui:9.1.2
|
||||
ports:
|
||||
- containerPort: 8091
|
||||
name: http
|
||||
|
||||
@@ -1,98 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: buildroot-hudpi
|
||||
namespace: jenkins-jobs
|
||||
labels:
|
||||
app.kubernetes.io/name: buildroot-hudpi
|
||||
app.kubernetes.io/component: hudpi
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
storageClassName: ''
|
||||
capacity:
|
||||
storage: 64G
|
||||
iscsi:
|
||||
targetPortal: '[fd68:c2d2:500e:3ea3:8d42:e33e:264b:7c30]:3260'
|
||||
iqn: iqn.2000-01.com.synology:storage0.Buildroot-hudpi.8181625090
|
||||
lun: 1
|
||||
chapAuthDiscovery: false
|
||||
chapAuthSession: true
|
||||
fsType: ext4
|
||||
secretRef:
|
||||
name: buildroot-hudpi-iscsi
|
||||
nodeAffinity:
|
||||
required:
|
||||
nodeSelectorTerms:
|
||||
- matchExpressions:
|
||||
- key: network.du5t1n.me/storage
|
||||
operator: In
|
||||
values:
|
||||
- 'true'
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: buildroot-hudpi
|
||||
namespace: jenkins-jobs
|
||||
labels:
|
||||
app.kubernetes.io/name: buildroot-hudpi
|
||||
app.kubernetes.io/component: hudpi
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
storageClassName: ''
|
||||
resources:
|
||||
requests:
|
||||
storage: 64Gi
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: buildroot-airplaypi
|
||||
namespace: jenkins-jobs
|
||||
labels:
|
||||
app.kubernetes.io/name: buildroot-airplaypi
|
||||
app.kubernetes.io/component: airplaypi
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
storageClassName: ''
|
||||
capacity:
|
||||
storage: 32Gi
|
||||
iscsi:
|
||||
targetPortal: '[fd68:c2d2:500e:3ea3:8d42:e33e:264b:7c30]:3260'
|
||||
iqn: iqn.2000-01.com.synology:storage0.Buildroot-airplaypi.8181625090
|
||||
lun: 1
|
||||
chapAuthDiscovery: false
|
||||
chapAuthSession: true
|
||||
fsType: ext4
|
||||
secretRef:
|
||||
name: buildroot-airplaypi-iscsi
|
||||
nodeAffinity:
|
||||
required:
|
||||
nodeSelectorTerms:
|
||||
- matchExpressions:
|
||||
- key: network.du5t1n.me/storage
|
||||
operator: In
|
||||
values:
|
||||
- 'true'
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: buildroot-airplaypi
|
||||
namespace: jenkins-jobs
|
||||
labels:
|
||||
app.kubernetes.io/name: buildroot-airplaypi
|
||||
app.kubernetes.io/component: airplaypi
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
storageClassName: ''
|
||||
resources:
|
||||
requests:
|
||||
storage: 32Gi
|
||||
@@ -10,8 +10,7 @@ resources:
|
||||
- secrets.yaml
|
||||
- iscsi.yaml
|
||||
- gentoo-storage.yaml
|
||||
- ssh-host-keys
|
||||
- buildroot-iscsi.yaml
|
||||
- ../ssh-host-keys
|
||||
|
||||
patches:
|
||||
- patch: |
|
||||
|
||||
@@ -73,47 +73,3 @@ spec:
|
||||
name: rpm-gpg-key-passphrase
|
||||
namespace: jenkins
|
||||
type: Opaque
|
||||
|
||||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
name: buildroot-hudpi-iscsi
|
||||
namespace: jenkins-jobs
|
||||
labels: &labels
|
||||
app.kubernetes.io/component: hudpi
|
||||
app.kubernetes.io/name: buildroot-hudpi
|
||||
app.kubernetes.io/part-of: buildroot
|
||||
spec:
|
||||
encryptedData:
|
||||
node.session.auth.password: AgB+7YE9JAI907M4S78W5ANGlEAj5/x9YMNvdd6KXPFAJAO3sKl1UrKVPKofQFiVHwLHpjqwjs1+g118jBO0wVQMomALuX8S5M9OziUkMwqjSraYRDnQiBk5Bs6P/RAa5UBCvDc28PDeFCdCYvZW8ZJx41rS1COkuZOcez5o1yMxjlEJcBJAZhFaAgmEfLSLOeMScwOxYIXnZIPL5hKrCKaGBdUZ5d2S5HmUjbdcXdS3AEznXu9RG5CSXKKYgBHU7mi6Z5DF3VuWwj+dwXpP0KBhjdJWBptdwWeWJ5Yhs02EWUVqMj9g6sZbK+R9QtWAflx3QqY89UJRaXHNT4Bs+uhIOxns/ptL9TAttZylzu5P8mTBXFPFSIlp3DJ8TORxKE3oRAk8gr9jIXfTzYuPyEb2trZIVXERVe5+k7w7QA4o3vt8SlJXyHKpRSQOBzYUZ0PTud/rF0gm9cFo29mA71MbR5OgRs9N59mrA6iejGHfXE+cpVs06AbPCkvdykHdB9mUqKQpYkdenRQLnOidxaAk9xgc744I4CvKxJ6gp1ub1xZNy7O4dg341Gsd/RBO49SVG+tlEwm6a9Fz3c8+9Gny8eayvBg287IRvYv5dEfm8JCkQ4dq4cqipPGhWjtTulsuN3mFw8hx0dLbzPI/3VDTc73si3flZ5QAkAXZp8shxcWxyYcuX04vjB+R72J8JvIHqlHcVK6nDN/7BSQ=
|
||||
node.session.auth.password_in: AgBRLg+0Jm4XqBYlxNncpDT/7yJz0VJutAKwVposN1bNe3mPDGlTYScGq1u13qNG4xC7Yv41quM4vBrgPESRb+fF4h4iRBkURutW+BiHAg/p5BZKyyJlLe/9GU8WnFFCerQN7kFu8q7Nd78TgqdO5vo9/w1T5nPk87w7VD40JBAgkyihRk9L1ClXUC3gtqm3lm/r4+UutF2s3jRpCdZ8eZbr7Xuccbk6u/a+2DqQav5pNFdJLu3P5D5RrPO2GdwrLZDwQjZmTeDVwVD1lbTB0Jsbj77mE98PEN2DzY74EX+DuHvcprN8Tu9QAf1efe32xBnjJKt1r1n4OibVIivqVpnfO/x20G/gj1P5K8eHStAvnAYTHYfutOJsy/S9qrqMrX3J+kS4/OP9O+Hyb3JOXpRdXcwWGPaJl4C3MuHnwunjFlbjNJ9oeLYs7iqPtdHrEY09UWSj/VcNXwq0kTex5yWiqjj4pgZ0iUxB5RnbmJaEH1xpGhwkc1gvftCyA4CY/+iUIC0j2hV2WxcbOJGzZ+EKGq+mzXdWsTJGJvVdF7NFXYPADeJCQeG3MA3drjVZIu8fK8wOBqXlxvlRAHDUU7EkAoqaT51ezSl0x3wy6SeNFnengFGP0qcbLpgKF7oa/pa2mK++/VkfOi45NAi5LmP18kLlrJnQg9d6kzrHRThoQF5KOjt/WhgR0w8HKo5743NXlWT6YR4oZUFSSDk=
|
||||
node.session.auth.username: AgCnSm21dt1x4kQWdEhLF4pV0Oz8lTpVZJoViF8T+KXbmhvgWIm6VkrD+A/C2e1/H1HXM9pSf3hkQerMl9DLSTTkV4FyLU3W6lrXxT/DoAVAl/Ji1uXtkdoANsq/jspj46QpqfIc6wlGQjSzMk1fysYBFQED3a8cqLFl6NA98VQT/EArpzu2Cmpi39Ras94wiiAxYKfoNs4oQ6ivaXjx+rbYa75cumRczFoanKALlAF/OZHQJ81AW7etlCcGPJKKz7EG1UZL43j4srrUoZK3r6b3fSXfPxpzJipRPisDyDhuvqS95elJLNnVVONsxCh5yVAw4LskCjaFEF8+lgHWkIAUN7fxMTTubF4deK1ihEoECYGaNvnasZIpgxCtX6LRtkEkXY53pcdOevEs+3G+LlYcq352G/gStkqdBkQV5fBa4w5y2jeruIfS+2FMmsk8G0GsV7XgceSL75Uh/wM6uQTBfqzNecdlNF5sfRzsWljVZWbWCp+f7MFut1kEwdsgwzWbX1cdkhASvSQwiZm9aS1yREYttM/xeNHpcxqgdEAirXAB8rRO3m3SJMQPJA9L7nm/NXgEVJ7S+oOz0tUPz4bUZVlKEY8Z3zQjHtLw13yqaxqHNB4gjrCJBCHA2+SDRQ3dHr27eQGUOlTqQZVa79S+qHy9Dy6EiLjSZYnNLWFZgZL9zUAeVGPviVm3Hei3JWONKGyE6uh5
|
||||
node.session.auth.username_in: AgC0Bc3wzAeoK8hyglns7fpn7LAwkNrNuo6RjSdbteKVePbUJclqS+BaDTjMyU/Rq/iNsUZQgI4DRJkiQCZTC33wBbHhHU67nAtYART7rPcSBHA8EaWkADFLQiaflcLx0IK673agmVO84210BDvCkZMf/dSj6Kl2hiwqnGkx5ZQWvO+BbEQeOsD3Mia3DM3fnVcB7QHIsEJI+2QodIm6LVNIMJOGb/5+Ia8M38EVyys+QEEEFsLuGzDqruu0PeMz/hlHSMbjU+c7dieD2UPIttbmIdB8YK7MQV+IwhuOOgqucwYwK+aNpWFwK9+7kOVJRv/bkVIjwv80VuHC8/j87RjyoW51yMYKvovTrNnVJTgf1pHYutKctlJafKRYleEQ+ms6X+hptefxDsStzDDLeuB0ipVpu7R1b/KelgNySH0Z7CRZX7lWE7OMFdAquMKSBmyT4MGtiNYGPWzVC1SE1eI/nB7tpDUz+V77ai+zy3e1Hr3lyWzw+lhc/kJwN498+tPMzMeGqH2AGqA0QvtPo+8CDGz/rDbubNT8ZYrgfU7WrlR/LCyAy0B14wOAJ5IhnXN8TYgi2LKq6yJ1RnOyktOQPrwIKfgH8fGvx9Jne5StThbGRMc0QMKh9qhdhI5kvfnMuoLNQtsgii9EuXOBVKgI9+echEg+2N134HluTyFQV1gaUciT2kJ237az60jCFpgn9vX3E7GgHQ==
|
||||
template:
|
||||
metadata:
|
||||
labels: *labels
|
||||
name: buildroot-hudpi-iscsi
|
||||
namespace: jenkins-jobs
|
||||
|
||||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
name: buildroot-airplaypi-iscsi
|
||||
namespace: jenkins-jobs
|
||||
labels: &labels
|
||||
app.kubernetes.io/component: airplaypi
|
||||
app.kubernetes.io/name: buildroot-airplaypi
|
||||
app.kubernetes.io/part-of: buildroot
|
||||
spec:
|
||||
encryptedData:
|
||||
node.session.auth.password: AgAAAH0omRLHXikdZ6mGXPxfQJv59KAgcDpGREhmT2EG3oNrt9Ow3kDQua3oiPdZcxwG5mimJ6nBPEOFRLPYaj46BUWlZWfvDGOVPwaIXOuO6oRvkwXHu7zcu8qIgh2hNcJNNjrRhwxMVa/IYJpQSZDotv0FIw+RQCY58SvuB/viyVjG5EcZYm69dDn9SQD8lIJvtHXRaezKOvSwQmnPsEYbqCnobsTKTciVbRXBkODOAzayZug4UdyeVrexgyqE9Uym/dPLRdnIIuW3mf3z3QVvKfYC89ETa9Rr4q34pb/2b1cuaHjmK40i2HOnLAgkdmnUdsm+0ulqxMTjhlXsAjZcR5qH5TqHnB/lFJxlJfoQsMFV3lcqq909xO4a70/AnTHF+unxzlrQXBQZ0ojO2iEPU2LNniSv12Mq2S6hx2riGD0PvfxmzkdbH6q2tXCn+7Tgwkx10QsSGk01Q/OCvrPKtCuSABfh+ODGJ4kcRFhF9nIi0AaYQytPNeRLgKpcgN64zqbsP1zolhimh/U6RHDEQabufl32Nn7GblaO+eiu9+jK2QpTE5mNg05rA8IFACb+jNdiWViaEIUXSvUjmPj5BhNwqe3AknqdrPOsVq+RYlmRkbiOyJxlVYfjUS/Ps8LGySUtb6tMYhFXqffbmxFY9dVTIhN6U2z6WSgxVzxEIFp5BHpoYOzTdLowOfleFFelmFCMDA6Ovsua3jI=
|
||||
node.session.auth.password_in: AgCZ/LD9ejCea/udtBKSi1rm5RODKd92RE/m2Im9qJNwUlXgBDFFqKXMNf8FperHzZLJYqTzvBZEJcOgI6FdvY5oi+T2cJa10R+V7RM7YFR0Z6ey/JOsUJkf10CdMOWK1UTH8URhcKkaQhKqA956Ew/JZJoWvEnj967hzIkkqrz9SmbaJ1k8Pm0p4SpL9Jmz9rp6KT4bZUZmqHek7HrcFmO+LKtGLDKLIQEMvClZ6xFYG2bTxWhr/tjA2MolZdDZOsqrtSwSrge6e9Ptvk1ZxaO56O7VM2H3MC+s4DwvP7ibFk6/GFGg2P1QTwe1on/KOqZjXsYx4xTzbn+YY9gT0exNgAHtek1h42wOp98oLia3WWaVX0diHnMitXNEuBeK81aJcSjJg/MaHGVDc8yNa5UYBVTO/tYtTiN8FlXLob6moshKxblsSy4DB5RAqhYpZ2NnwHch9E41W1lHbWyGmbUanCP0F5C5CO7TQ9FMUwnFAfJ1NSLT9HzWIG5DPvgBOeUd9BtTuQGxc9qQBmqSPRklQrHycVgpB1KzBZ8qvDzS2+zKOXeuxG+xegR7CEBmLWkCh9WoLXpCp+GYUdY7oC5t+qS0tYaop1Vz70hlyHb9KVVGTwtkqZEyr/Y/Yk5ZWPk0TdgXe/F6awjhTcC54MAJjBaTHbkOSBLtBfvE7ixwMFnqX0HsYTz+nsfWE17GZRW5P+eMWUhysrTSTrw=
|
||||
node.session.auth.username: AgAQhzmnkbpMVTzIKXs/NqoBl3BGCTJNbAcu/nXNkACNbA4oxe5OS8uErOMI4vGeqPGAdgSPsANugu0FTbprVC+7+K499mxddzUFE6JyV/spbA13eMo7at0d9Gwpv3i4hmxBFslED9B2/DPscXK4TOsgvidd+9K/n0RNWz9tRRsl8+vjTM4Hpkh1TrfqCtJvUSnHvhl+j+YVYMTfJrkCfjkxNSNYx1f8ipx3blwvqceZvht8iq0pVLQoj3lA06DdeQii+AGSpGBl9QXsUdxgsoQ93uYh5rZSfDPxNyNr7NADBumkNO5JlJMDgqHNP/vwF54jrE1MnPB0kfDtvRyXpl2GckpqK0CuHhqaLS0+iqymcxcCE0OKpU2Wd+tq3t0CB7IuJ3d+800NtRhAb7qwhrTME5J9yEpWp1ifu/piIaAQRmGm2MUHeDA+pCzY2Xx0S5rW3uC6/2/gvNIVyiaUzTos53PdfdYJKWffbSeBJhkhSMsIpkGASQ1wyGgX5gAzKDWDUyeBK/qwnEdS0EasDA39mGiem5w8t1gi2021SMpH8M81oZ7YeSV2Wu6aZCsJuWYcdRqrM+PGuhgkKNYnelRt1FjAREcCthPFNGquGbPHBzv7wynD4u/En5IzsdsAzec/EJfBxvbGCcRmVaQcxO0DXmk0S7Tl+a+3/E9Dckev1Xd+SV3EOii/1S7Ij4HymJcIMSFO3CGG
|
||||
node.session.auth.username_in: AgAfO2gNFWu82gIk6E0J4rMeRBOTE025fwxwoNx6nMiLvIsyH6FEAqhYAWRgJv68X+u3fYIqfsQ2M2i31G/qvoKhp81hgGNTmOfbfdj3UAafCEotAug7EYjkZWPtr+rHLXaqKheR1FpRQD4Ukbet+JbT9mG3WzVAqPEtQ5xHCXZn6bgBkNdRQgNHnCK/EYjekHNs7qDa7ez4pNPzpOeRR3gffWD5E3q5x/PYBNL+/S8q1n3k+JUVnVdnWhju9BmncnOR5j+1v8IEhvMyZJAlXtl0i3tL/IfOVF2co5i3vffiC607AyhbD/B0SsNThlF63qFm4qmaUbjAMLZfveL52gGjiOXRHOVTiirzWDxqBFm5sz2hOpakK4qgtlahseN7eUfi7hrO3s/DkSYlj2Zd/X2tNUnugLXjl3FONxOp8HLi7muz1Dzyi6iLiHapyIlQZbAhkPbHTUbxaPXWlheDkAfCXBI54G2DZcI5xGgQq3Du2nVurKPk52ro3FO8VXAh0SUr6VhN9MuOcWzUWn/AHztTb6C6ABMBpkAw/mYmo5VBKUiUo+c6RpcD0a7kIKx8iELdp/fgsCaCWiQfIl0HV1Dx08FmTvA/h0/idW6SCGsBD5h7O8t/y2QUbhytln0L+TUOimseeCtu+N0TzYKU4+tmWPITWGojmw6panOkI5MwM4CbWLHI9K57l+v24pRS2XyQepaM6iTYzg==
|
||||
template:
|
||||
metadata:
|
||||
name: buildroot-airplaypi-iscsi
|
||||
namespace: jenkins-jobs
|
||||
labels: *labels
|
||||
|
||||
@@ -1,7 +0,0 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
namespace: jenkins-jobs
|
||||
|
||||
resources:
|
||||
- ../../ssh-host-keys
|
||||
@@ -73,13 +73,13 @@ spec:
|
||||
weather:
|
||||
metrics:
|
||||
temperature: >-
|
||||
round(homeassistant_sensor_temperature_celsius{entity="sensor.outdoor_temperature"}, 0.1)
|
||||
homeassistant_sensor_temperature_celsius{entity="sensor.outdoor_temperature"}
|
||||
humidity: >-
|
||||
round(homeassistant_sensor_humidity_percent{entity="sensor.outdoor_humidity"}, 0.1)
|
||||
homeassistant_sensor_humidity_percent{entity="sensor.outdoor_humidity"}
|
||||
wind_speed: >-
|
||||
round(homeassistant_sensor_unit_m_per_s{entity="sensor.wind_speed"}, 0.1)
|
||||
homeassistant_sensor_unit_m_per_s{entity="sensor.wind_speed"}
|
||||
pool: >-
|
||||
round(homeassistant_sensor_temperature_celsius{entity="sensor.pool_sensor_temperature"}, 0.1)
|
||||
homeassistant_sensor_temperature_celsius{entity="sensor.pool_sensor_temperature"}
|
||||
|
||||
homeassistant:
|
||||
url: wss://homeassistant.pyrocufflink.blue/api/websocket
|
||||
|
||||
@@ -1,42 +0,0 @@
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: kubelet-csr-approver
|
||||
rules:
|
||||
- apiGroups:
|
||||
- certificates.k8s.io
|
||||
resources:
|
||||
- certificatesigningrequests
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- coordination.k8s.io
|
||||
resources:
|
||||
- leases
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- update
|
||||
- apiGroups:
|
||||
- certificates.k8s.io
|
||||
resources:
|
||||
- certificatesigningrequests/approval
|
||||
verbs:
|
||||
- update
|
||||
- apiGroups:
|
||||
- certificates.k8s.io
|
||||
resourceNames:
|
||||
- kubernetes.io/kubelet-serving
|
||||
resources:
|
||||
- signers
|
||||
verbs:
|
||||
- approve
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
- create
|
||||
@@ -1,53 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: kubelet-csr-approver
|
||||
namespace: kube-system
|
||||
spec:
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
app: kubelet-csr-approver
|
||||
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
prometheus.io/port: '8080'
|
||||
prometheus.io/scrape: 'true'
|
||||
labels:
|
||||
app: kubelet-csr-approver
|
||||
|
||||
spec:
|
||||
serviceAccountName: kubelet-csr-approver
|
||||
containers:
|
||||
- name: kubelet-csr-approver
|
||||
image: postfinance/kubelet-csr-approver:latest
|
||||
resources:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
|
||||
args:
|
||||
- -metrics-bind-address
|
||||
- ":8080"
|
||||
- -health-probe-bind-address
|
||||
- ":8081"
|
||||
- -leader-election
|
||||
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: 8081
|
||||
|
||||
env:
|
||||
- name: PROVIDER_REGEX
|
||||
value: ^[abcdef]\.test\.ch$
|
||||
- name: PROVIDER_IP_PREFIXES
|
||||
value: "0.0.0.0/0,::/0"
|
||||
- name: MAX_EXPIRATION_SEC
|
||||
value: "31622400" # 366 days
|
||||
|
||||
tolerations:
|
||||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/control-plane
|
||||
operator: Equal
|
||||
@@ -1,42 +0,0 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
labels:
|
||||
- pairs:
|
||||
app.kubernetes.io/instance: kubelet-csr-approver
|
||||
|
||||
resources:
|
||||
- clusterrole.yaml
|
||||
- deployment.yaml
|
||||
- rolebinding.yaml
|
||||
- serviceaccount.yaml
|
||||
|
||||
patches:
|
||||
- patch: |-
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: kubelet-csr-approver
|
||||
namespace: kube-system
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: kubelet-csr-approver
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: PROVIDER_REGEX
|
||||
value: ^(i-[a-z0-9]+\.[a-z0-9-]+\.compute\.internal|k8s-[a-z0-9-]+\.pyrocufflink\.blue|[a-z0-9-]+\.k8s\.pyrocufflink\.black)$
|
||||
- name: PROVIDER_IP_PREFIXES
|
||||
value: 172.30.0.0/16
|
||||
- name: BYPASS_DNS_RESOLUTION
|
||||
value: 'true'
|
||||
|
||||
replicas:
|
||||
- name: kubelet-csr-approver
|
||||
count: 1
|
||||
|
||||
images:
|
||||
- name: postfinance/kubelet-csr-approver
|
||||
newName: ghcr.io/postfinance/kubelet-csr-approver
|
||||
newTag: v1.2.10
|
||||
@@ -1,13 +0,0 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: kubelet-csr-approver
|
||||
namespace: kube-system
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: kubelet-csr-approver
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: kubelet-csr-approver
|
||||
namespace: kube-system
|
||||
@@ -1,5 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: kubelet-csr-approver
|
||||
namespace: kube-system
|
||||
@@ -20,4 +20,4 @@ configMapGenerator:
|
||||
|
||||
images:
|
||||
- name: docker.io/binwiederhier/ntfy
|
||||
newTag: v2.13.0
|
||||
newTag: v2.11.0
|
||||
|
||||
@@ -54,7 +54,6 @@ spec:
|
||||
containers:
|
||||
- name: ntfy
|
||||
image: docker.io/binwiederhier/ntfy:v2.5.0
|
||||
imagePullPolicy: IfNotPresent
|
||||
args:
|
||||
- serve
|
||||
ports:
|
||||
|
||||
@@ -45,8 +45,8 @@ patches:
|
||||
|
||||
images:
|
||||
- name: ghcr.io/paperless-ngx/paperless-ngx
|
||||
newTag: 2.17.1
|
||||
newTag: 2.14.7
|
||||
- name: docker.io/gotenberg/gotenberg
|
||||
newTag: 8.21.1
|
||||
newTag: 8.17.3
|
||||
- name: docker.io/apache/tika
|
||||
newTag: 3.2.1.0
|
||||
newTag: 3.1.0.0
|
||||
|
||||
@@ -80,8 +80,6 @@ spec:
|
||||
value: '1'
|
||||
- name: PAPERLESS_ENABLE_FLOWER
|
||||
value: 'true'
|
||||
- name: PAPERLESS_OCR_USER_ARGS
|
||||
value: '{"continue_on_soft_render_error": true}'
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8000
|
||||
@@ -126,7 +124,7 @@ spec:
|
||||
- name: tmp
|
||||
mountPath: /tmp
|
||||
- name: run
|
||||
mountPath: /run
|
||||
mountPath: /run/supervisord
|
||||
- name: logs
|
||||
mountPath: /var/log/supervisord
|
||||
subPath: supervisord
|
||||
|
||||
2
restic/.gitignore
vendored
2
restic/.gitignore
vendored
@@ -1,2 +0,0 @@
|
||||
credentials
|
||||
password
|
||||
@@ -1,54 +0,0 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
namespace: restic
|
||||
|
||||
labels:
|
||||
- pairs:
|
||||
app.kubernetes.io/instance: restic
|
||||
includeSelectors: true
|
||||
- pairs:
|
||||
app.kubernetes.io/part-of: restic
|
||||
includeTemplates: true
|
||||
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- network-policy.yaml
|
||||
- restic-prune.yaml
|
||||
- secrets.yaml
|
||||
- ../dch-root-ca
|
||||
|
||||
configMapGenerator:
|
||||
- name: restic-env
|
||||
envs:
|
||||
- restic.env
|
||||
|
||||
patches:
|
||||
- patch: |-
|
||||
apiVersion: batch/v1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: restic-prune
|
||||
spec:
|
||||
jobTemplate:
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: restic-prune
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: RESTIC_CACERT
|
||||
value: /run/dch-ca/dch-root-ca.crt
|
||||
volumeMounts:
|
||||
- mountPath: /run/dch-ca
|
||||
name: dch-ca
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: dch-ca
|
||||
configMap:
|
||||
name: dch-root-ca
|
||||
|
||||
images:
|
||||
- name: ghcr.io/restic/restic
|
||||
newTag: 0.18.0
|
||||
@@ -1,6 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: restic
|
||||
labels:
|
||||
app.kubernetes.io/name: restic
|
||||
@@ -1,24 +0,0 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: restic
|
||||
labels:
|
||||
app.kubernetes.io/name: restic
|
||||
app.kubernetes.io/component: restic
|
||||
spec:
|
||||
egress:
|
||||
- to:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: kube-system
|
||||
ports:
|
||||
- port: 53
|
||||
protocol: UDP
|
||||
- port: 53
|
||||
protocol: TCP
|
||||
- to:
|
||||
- ipBlock:
|
||||
cidr: 172.30.0.15/32
|
||||
ports:
|
||||
- port: 443
|
||||
podSelector: {}
|
||||
@@ -1,60 +0,0 @@
|
||||
apiVersion: batch/v1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: restic-prune
|
||||
labels:
|
||||
app.kubernetes.io/name: restic-prune
|
||||
app.kubernetes.io/component: restic
|
||||
spec:
|
||||
schedule: 38 9 * * 5
|
||||
timeZone: America/Chicago
|
||||
concurrencyPolicy: Forbid
|
||||
jobTemplate:
|
||||
metadata:
|
||||
labels: &labels
|
||||
app.kubernetes.io/name: restic-prune
|
||||
app.kubernetes.io/component: restic
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
labels: *labels
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
containers:
|
||||
- name: restic-prune
|
||||
image: ghcr.io/restic/restic
|
||||
args:
|
||||
- forget
|
||||
- --keep-daily=14
|
||||
- --keep-weekly=4
|
||||
- --keep-monthly=12
|
||||
env:
|
||||
- name: XDG_CACHE_HOME
|
||||
value: /var/cache
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: restic-env
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
volumeMounts:
|
||||
- mountPath: /run/secrets/restic
|
||||
name: secrets
|
||||
readOnly: true
|
||||
- mountPath: /var/cache
|
||||
name: cache
|
||||
- mountPath: /tmp
|
||||
name: tmp
|
||||
securityContext:
|
||||
runAsUser: 32142
|
||||
runAsGroup: 32142
|
||||
fsGroup: 32142
|
||||
runAsNonRoot: true
|
||||
volumes:
|
||||
- name: cache
|
||||
emptyDir: {}
|
||||
- name: secrets
|
||||
secret:
|
||||
secretName: restic-secrets
|
||||
- name: tmp
|
||||
emptyDir:
|
||||
medium: Memory
|
||||
@@ -1,4 +0,0 @@
|
||||
RESTIC_REPOSITORY=s3:s3.backups.pyrocufflink.blue/restic
|
||||
RESTIC_PASSWORD_FILE=/run/secrets/restic/password
|
||||
|
||||
AWS_SHARED_CREDENTIALS_FILE=/run/secrets/restic/credentials
|
||||
@@ -1,17 +0,0 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
name: restic-secrets
|
||||
namespace: restic
|
||||
labels: &labels
|
||||
app.kubernetes.io/name: restic
|
||||
app.kubernetes.io/component: restic
|
||||
spec:
|
||||
encryptedData:
|
||||
credentials: AgBegS5P+JvhbhBb7/gZ1h+eyvqbXbj5bL5nN/MUbSjmrc/eR93ipe+kAKsfe1DCOtrEKYxO52RY2RdQHcUtgowD9LChCWPVPNZSDJnOId4nVRh9dSqSdYe+fkbp2wqHZf67AjpsP6/Ga3/3RFgNoVXmSDUmn8+5ZwTCKeC304XaCXnPj3iudpO52Wr6x+GpVfZ+yuVBMKMFHIFnnMt0AmjXCqbz+LPIUP/BKZ0/15DYTj4SO3heoSYy5y8suIiF9RZW6ne5dQ3w28V7hq18TNjATahtz+csLzUCRAKYoJfuZ0+YShqn2B/ZFItS1HbsWpoM23UwrNgx5TjSpNzTsh1wqlOztRcS47vyWu9ztDuXjDm2lSJMqoLAjbumV8QU+95LIVK8OCD9ziFCYCXm+7C2fKHG9Z3eEv83bFFQBVRbUg6zgv78FWb5PKrwg55rAM6C/U3AdvVFKYu8sBN30uaGIf6tCwZiHKuzp7JvVGffe6YFmBMU2oxGiLc4ckZozIGXBS26Uk79XM3ywUx+CWOClkqRLfeIjEP0rzseyh9kfXN2rAfn1o1WH6RJLopeE7IO7vnbM8t2CqVfKiBIsIXtKQ6t7JO/8On68AWTw+iqseK3iW6ZiComdYsP5RR5pZMfKa9iSAD6CaFLflMVFslVy2BQgtxWJ9SsQrB48iq3GFSBS2GG4x8NO0gZxY+AE1dvykRZ4U/YYheoClDvibQqPKFsvq83O7zaNwD2tGYiurxoaqAI6FtRCGjA2YGW+FzfikINNTsU21+GrkeNpHYVEXcL00gVR/RtO4JRM7ndCoTUCwCtrJitYLsGS9ZK7D2EXIqe/UqQCzsoVVEwN+irHXGzaA==
|
||||
password: AgAXFkg2MdfuYD7XcQanf4rrkdO4dbB0IFJRU2oECcMNzGkQKC2+LfyqZv+TgBa0VnmCh3V+suVq48vG+W3Mr9g9LGzcjb3NVsKY8oxNsidEIU6ZksI/ijU7CF7/E5snpd7DowXCye+uA9QzxolarcVucF0S6CFoj5b5O2YFz7RsozJqsfRfXl+SbGbOzjPsKAmE6jBMHGfDlGA9VdgcGFECudBXZDyaaRQtpPITqRMzDdq/fKffA+r117deXzSXW0MB6RDsWubwSSdQXVtgbeAFn2oKGaEeloreRiNwaZ4nR6a6efkvlhz5prQ7sFFhGVDjdwhkdspXly1jHIFqTIoIul9/hRIZ8gGUfDMWq7YOYnwnPpkcY4+fE6LpfY/+BC2//t2VW5uk2lYRZin62bATIZpLE2hFGym3O4Mk5hz6O/jSMvDzDNJ6zYU3oN9C94qxgoLv2IL9tV1mpLvt8hcil0wWuj7qISIf88jTsneQ3quWz8xj6kOjLO+FJD5TjFU6qIhcXTS3/M3XqQbZRucPlVVeROFB9HJpqa51AOxV5i0yuosvlmOaLpOS8UPd3fzMYNY0bopuBrktndy1sY6VdV8ELHZXHFZxruAuYJnRzoZ4EjR5/Mo9BT7JKZLpRUgnLdPQTe5VwL5E1FgjMr/b3nwSyenb63ulOzLcfcy/fpBgOk5AwgOOqjDKLUMJzLppYZT7K2wAI/81IqdclRxblGTa1smyFt7nrUUc86pSWy+/lEhZ+nFrkSF9GFmf3hQDIK/OmqVoV46uMadQGi+d
|
||||
template:
|
||||
metadata:
|
||||
name: restic-secrets
|
||||
namespace: restic
|
||||
labels: *labels
|
||||
@@ -3,6 +3,7 @@ kind: Kustomization
|
||||
|
||||
configMapGenerator:
|
||||
- name: ssh-known-hosts
|
||||
namespace: jenkins-jobs
|
||||
files:
|
||||
- ssh_known_hosts
|
||||
options:
|
||||
|
||||
@@ -59,7 +59,7 @@ metadata:
|
||||
namespace: sshca
|
||||
spec:
|
||||
encryptedData:
|
||||
machine-ids.json: AgBTuo9NXudBX1rgt2BAvnrSXNzx20Hu5Dk3KTgayyovGoTVSy4FqILx4T8nAO+Si7qFc8jPI9Z2JKYI7FdVh7UQGPOLXGQ9ucOAWhKM0oCOERE34C7bCBdBxtmdrMtxMx1RoDjI0hpY7TyG4s0Ol/btjsZ4BHaLfACRYLfhFapR1OR3zvgTRcVs2jslUnEGzdPj58Q0Bk6NMHS0ZzFiHcoF4GdkAwAlmSVdxkzYjetmwxPcgifj3fdpA9PZROfuf2Xp54fl2334TpMnaiEVxnNWKDEksczUxWtclGWz/HM5/lZu6rkztECBViwAhbZOnOtMGDqrH+kxk6WAUTbF74NIhrtG1kQTl802vKR+avjaTablUj6/f84v3YA4sF4gwAcN8QvhkUBtmA+Y6O3Eh20xxIUQOAy3ppEAVXgFlSNpubyRNe442A5HnVOqxqz517UmqVWt7ThhBBtRF/fHjjitPHny5DwrfGhKDzBnuE89wSj0orR+/uJwUHV+/rE6oyylNY2raaK7LXamO1ZTuuRPd71agclAQvXwSqan4QaAQdkviRk6UpYwBxX6vOg2zTcCGQtNWjiW7Rk9EWoaBGRLd6WxJwGinuNV2EspATwLQLAQ8Kf8X4sDyDH8xAXpiLXV3wOFOXK8nqQab+2CAvU8/VlH6Mwc8rNle0qQWwI0y12Ku7d2rERG/JhQUeE4ZfHa/qezLmb2S/Th7vZ1FKZQ+8F+DOW7CwWgJOSEM8UFih384IsTO7dZ3MT/HUIIDvQNYxcBDdLadQPugRjatAca3Rz+ST4FceXzazRPWq2AEDio2jfndOTjACvkTZdbPBbKJ8dAgi64uCZHPw8T5+WZb8n8vHk7md6gWL3lad6DdXntjhZ1MpsaE+8JFOlPGshY2JbAZ4+/dFpwEDLI36AEuoGjIhlUO1gJ9IxpYlYwGezLrgT0AovaIrRmar5Bk6uiqZhSQfFXMgXNq/pJ6ohM0IkQ4DtC/nFSHgmSgnWlEN5Z0CIU/lgUfyfzUjSmA9/CM6rw1anKFndnGRc4q+Qdwd08fRRvYf5zHF3a6am/V4wySlFPgUteGqyCwReKshDnHEU/5/kUwvfrqTx/etmCyA3bk4gHocEzGNC6iyL3GWjilywoZSUIOJYycbiY0CwMIuksJ9gyT68dA4tiWwVEt0VfmF6T1b5LTwAV7Mi3l08wGa0exbF6GolUeec3dwOMYH/BCVlYm40PWUKQ7wlYft+9Y0oIiCdBsHAxlK8tPoR7cPuCurZ12lLAErj1rw8720GCIdHEaUYS9UqR1xYdJ+WhqWOh4eZ3r6Y7pWm1vwPlc0hbszJsSivbvzexrHesf56gUeA5fveBSrztVUN2LnSqGWEL5i7/0V22RNCd1YOEfBGoHfekKsd6caH83RnBzca+ihalB22KDrY5yxU75DgJR4RMreAe78OCQZ9bT96+7sswzVNZOQ7NVTB7+J7eN3gLyXqTsEKVXu5a9B1TrAPba6F7VEppDCAzamPPEkuGGPC9DbfoEBl9mQYBenASUXFEYb51KrnrbUOLEGWq4WYnCv9mfedPtoT5bo32NQRb7WYmluHAsVglPfmrF7faWTdip/zWPKtMZ4eF4TUe3VPphuBxvjtTbpMFGHo7bebglbFAf0LaR+x4XIuYT6mvWq1YOnTIc6RgC66IyqRWIcfXZWBIAr9hUNX5mygNidfFLXDk8QhYZtu2YM+GXxNGkwH/E1g7zwg8iWTRugaIZz1qyTa1U7Exok4GBCHqkDhB92dVDcBM/wu/8xXngq9MyxposI1UYaqHeVUCZdsAUm5/iMtUHF3Jh6jTq3kpCzcYYirZbofd16cobPt5FZtGfsRohofjjOsGBa0vbC154lgicb0Kj98Freoz25fgfDMxP1vms/bb3tiayM7dwbO0UHKUNrX1EmshDcz5bESaXkxifOOKtXBc3dkfu9woBZ/gsOqEc2+waCWsE6hLvISpg464Fe1A+RgcymgOXIlimcOmLgra0h7lgO4tf0xkk9DV9pT6BZAYsej6/FTaFMNQqYEe/9+nqiORCCWfzql7lEirAkWLc0AjhFmPvGVZ/zRaDz/WHoSHydKAESZi21IfvRw9NLiO0XGgUTZU1wAmMdZh/jCiO4lL/05z3BSTy+ZVksHQ+o4tAHA=
|
||||
machine-ids.json: AgC41ts59Z0QpUXLn10Ecp59YrJbT2K7SsTpgVWQd/t3u6+Ds620hHlXZD9ewBSaKoaCtehw3Rr+TIR5h374aXjLO5uDMMJdfo0Bog3Zp9v0U9/4oC1AdGRrR9FP7Jdm9I5KH/IeQUBjlj5pAEPuyOBP9sa2ga1/fhMzmUTwl6y0LtV+33chVTpPd/xpIU6Q8MzFJeiCSiVGugpkDZeSL5Ij1zqX40ey/ApHnUq0rDMsvfJk/JCPVMg774F2GLvdXvQUHix2xZPwleF0y8gbmQ8OJAgZYt4QUxZSBD2z/uBb/1sfCxTBfNMqdt3Pr9uQg3P2ll9ndAGBx9ZxYeU2y/pNpVqy3hnIqPLg4CAen2hMVMMy0x/FG7s5d8aofXV2uw/wSXDC3ppWXYE4g4oAuvbFZFiUEO6aayUYlM/KDusgE4cR+I2jisqk0ELAZkK18drRS6Ipx9gN2BNqPFVaXqL18P2LF4YePlCEOLbsIOa64U3N6Z2zAA/Cf2VZmPWlAkIg2a1pbKa0kQNaI+EFlWLoMod5IJoWFSWUvoUoNHerEE+JFcxXOQLps8Bkpw87gMnwCwp8AEx+AxoTO00dRmD6/+UkWzL+Gq8gwwX7FEIWbIKabZz+sccxQu0lzzmQADJI4kPqDJqFWGuj2k1diMp1oAr2qVzpLmt2NumBCfDjA/T2sUSqpGdfp5+X0wC2OrTBrsOeQsVHABm2+kCS1lmPnfZqehR6VAcNAMbDjgD+joNesaAPk9xMcU34oIssR7UvmQmAJdsb2G4recT0WalGVKEP3OVORswUWpXEK+RaowmqsQEoCi0PolvtohXdwh9dsWjWwPZXI2YgVOqmKy2pHr+GTTSnuGFVUhKhEF+BvCL7th0TOLFa97Ob2N7Kpfi15QJaQ8TDNVfAwT7Asi2Md5Dy4Dt4FKYclojUJFvgtGV86U0zPmPyBrdNPIc4wmZMlhKR2/WIG6JSFofN9669ZWUSNt06DQan+xdrFkGeFnezq01Dch+4fA5fMwwc6x3XicKk9t+Wpd3MgskRm6z93sQ/lpBHfGw9WgyH7NvUWdOMIU5TZo1GZIHd4fl5zyalqL+CFSXXbKJjWqRL/96tIq6dvA8Gl1Ono1WmTlMUgiIkGg7LRx7WiTANOFUFJBtYgC+3vk5XxkUOjU10zADavBdJi94RhXeF/yCF9zbE9xYVn8MhcooXOJHTBJlOp0V3L1lWVg296BZWiiljhTOUQGt8aQD3QLuDCZPfVbUCadhm5oeAzj0vxzYbvoIRfoc5ljbKSbNiR/VfYv6oLj+/qzG23wDjbKC8/D/3W/Uj1gMapoTBzgK/Df9DDiy53Sv3L8tl5lGQRqzXJOFkAlf68Xq7BT1kqh2nbG5XX42IHvZ+VuvgYSqyVazIFALApCi2M8EFcdC9aZRVMnzRrO0K/SqZnfkekb5wt0duWGsyKVd0I9xFxWhPs4kNwJaYqyTRTvDHjAe37KSdbAMIHdhxw0NN30shCl74MqCCJArKMHf13oNDaeDIOB4cajEXjkf/9K9OZZJSgGTJv1BpMM52qDsCw8HYvvTUrmW5GA0pDoBiotFTWRPmVW+nEiTNF2dVzFq+M8Hc9tzYwPXCRPoskfllNZFqOs1HoqrAGmmPJc/3Fpn+9nIj+XNC8gTRmLItTgGARpHruaNVox9SsokMFUVYIKzk1D1YDOPb1jTOHhZV3V11o0VSxE2m5jjinbmmf8i0WNVQ6VFT3H66e/bAXlzpRLjzv20zCy+I7Sj2ymux6kaZ2k06vnUI+IFIotdmiXE5vocCzKkpG5ZC3ffAO1yemkBvJv5kdF6oCeukVSA4IpuLnAtOBIA=
|
||||
template:
|
||||
metadata:
|
||||
name: sshca-data
|
||||
|
||||
@@ -25,13 +25,13 @@ projects:
|
||||
namespace: rhasspy
|
||||
repository: wyoming-piper
|
||||
- name: zigbee2mqtt
|
||||
image: ghcr.io/koenkk/zigbee2mqtt
|
||||
image: docker.io/koenkk/zigbee2mqtt
|
||||
source:
|
||||
kind: github
|
||||
organization: Koenkk
|
||||
repo: zigbee2mqtt
|
||||
- name: zwavejs2mqtt
|
||||
image: ghcr.io/zwave-js/zwave-js-ui
|
||||
image: docker.io/zwavejs/zwave-js-ui
|
||||
source:
|
||||
kind: github
|
||||
organization: zwave-js
|
||||
|
||||
@@ -27,4 +27,4 @@ configMapGenerator:
|
||||
|
||||
images:
|
||||
- name: ghcr.io/dani-garcia/vaultwarden
|
||||
newTag: 1.34.1-alpine
|
||||
newTag: 1.33.2-alpine
|
||||
|
||||
@@ -36,7 +36,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: alertmanager
|
||||
image: quay.io/prometheus/alertmanager:v0.26.0
|
||||
image: docker.io/prom/alertmanager:v0.26.0
|
||||
ports:
|
||||
- containerPort: 9093
|
||||
name: http
|
||||
|
||||
@@ -42,16 +42,6 @@ groups:
|
||||
expr: >-
|
||||
absent(collectd_nut_percent)
|
||||
for: 10m
|
||||
- alert: Internet is down
|
||||
expr: >-
|
||||
probe_success{job="blackbox"} == 0
|
||||
for: 5m
|
||||
annotations:
|
||||
severity: critical
|
||||
summary: The connection to the Internet is down.
|
||||
description: >-
|
||||
The Internet connection is down. Try rebooting the ONT, or call
|
||||
Everfast Fiber.
|
||||
|
||||
- name: Bitwarden
|
||||
rules:
|
||||
@@ -258,13 +248,6 @@ groups:
|
||||
|
||||
- name: Paperless-ngx
|
||||
rules:
|
||||
- alert: Paperless-ngx is down
|
||||
expr: >-
|
||||
up{job="paperless-ngx"} == 0 or absent(up{job="paperless-ngx"})
|
||||
annotations:
|
||||
summary: Paperless-ngx is down
|
||||
description: >-
|
||||
Paperless-ngx is offline.
|
||||
- alert: Celery tasks failed
|
||||
expr: >-
|
||||
max_over_time(
|
||||
@@ -296,15 +279,3 @@ groups:
|
||||
Paperless-ngx uses a scheduled Celery task to periodically poll email
|
||||
mailboxes for new messages. If this task does not start, new email
|
||||
messages will not be downloaded and imported into the document library.
|
||||
|
||||
- name: Firefly III
|
||||
rules:
|
||||
- alert: Firefly III is down
|
||||
expr: >-
|
||||
probe_success{job="firefly-iii"} != 1
|
||||
|
||||
- name: phpipam
|
||||
rules:
|
||||
- alert: phpipam is down
|
||||
expr: >-
|
||||
probe_success{job="phpipam"} != 1
|
||||
|
||||
@@ -49,6 +49,7 @@ scrape_configs:
|
||||
- targets:
|
||||
- gw1.pyrocufflink.blue
|
||||
- nvr2.pyrocufflink.blue
|
||||
- unifi3.pyrocufflink.blue
|
||||
file_sd_configs:
|
||||
- files:
|
||||
- /scrape/collectd/scrape-collectd.yml
|
||||
@@ -175,7 +176,6 @@ scrape_configs:
|
||||
- jenkins.pyrocufflink.blue
|
||||
|
||||
- job_name: kubernetes
|
||||
scrape_timeout: 30s
|
||||
scheme: https
|
||||
tls_config:
|
||||
ca_file: /run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
@@ -220,6 +220,27 @@ scrape_configs:
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_node_name
|
||||
|
||||
- job_name: zincati
|
||||
metrics_path: /bridge?selector=zincati
|
||||
static_configs:
|
||||
- targets:
|
||||
- unifi3.pyrocufflink.blue
|
||||
relabel_configs:
|
||||
- source_labels: [__meta_kubernetes_node_name]
|
||||
regex: k8s-ctrl0.pyrocufflink.blue
|
||||
action: drop
|
||||
- source_labels: [__meta_kubernetes_node_name]
|
||||
regex: .*\.compute\.internal$
|
||||
action: drop
|
||||
- source_labels: [__meta_kubernetes_node_name]
|
||||
regex: '(.+)'
|
||||
target_label: __address__
|
||||
- source_labels: [__address__]
|
||||
target_label: instance
|
||||
- source_labels: [__address__]
|
||||
target_label: __address__
|
||||
replacement: '$1:9598'
|
||||
|
||||
- job_name: grafana
|
||||
scheme: https
|
||||
static_configs:
|
||||
@@ -242,26 +263,11 @@ scrape_configs:
|
||||
- source_labels: [__address__]
|
||||
target_label: instance
|
||||
|
||||
- job_name: victoria-logs
|
||||
scheme: https
|
||||
tls_config:
|
||||
ca_file: /run/dch-ca/dch-root-ca.crt
|
||||
dns_sd_configs:
|
||||
- names:
|
||||
- logs.pyrocufflink.blue
|
||||
type: A
|
||||
port: 443
|
||||
relabel_configs:
|
||||
- source_labels: [__meta_dns_name, __meta_dns_srv_record_port]
|
||||
separator: ':'
|
||||
target_label: __address__
|
||||
- source_labels: [__address__]
|
||||
target_label: instance
|
||||
|
||||
- job_name: promtail
|
||||
static_configs:
|
||||
- targets:
|
||||
- nvr2.pyrocufflink.blue
|
||||
- unifi3.pyrocufflink.blue
|
||||
kubernetes_sd_configs:
|
||||
- role: pod
|
||||
namespaces:
|
||||
@@ -472,53 +478,3 @@ scrape_configs:
|
||||
- source_labels:
|
||||
- __meta_dns_name
|
||||
target_label: instance
|
||||
|
||||
- job_name: minio-backups
|
||||
metrics_path: /minio/v2/metrics/cluster
|
||||
scheme: https
|
||||
tls_config:
|
||||
ca_file: /run/dch-ca/dch-root-ca.crt
|
||||
dns_sd_configs:
|
||||
- names:
|
||||
- s3.backups.pyrocufflink.blue
|
||||
type: A
|
||||
port: 443
|
||||
relabel_configs:
|
||||
- source_labels: [__meta_dns_name, __meta_dns_srv_record_port]
|
||||
separator: ':'
|
||||
target_label: __address__
|
||||
- source_labels: [__address__]
|
||||
target_label: instance
|
||||
|
||||
- job_name: firefly-iii
|
||||
metrics_path: /probe
|
||||
params:
|
||||
module:
|
||||
- http
|
||||
static_configs:
|
||||
- targets:
|
||||
- https://firefly.pyrocufflink.blue/
|
||||
- https://receipts.pyrocufflink.blue/
|
||||
relabel_configs:
|
||||
- source_labels: [__address__]
|
||||
target_label: __param_target
|
||||
- source_labels: [__param_target]
|
||||
target_label: instance
|
||||
- target_label: __address__
|
||||
replacement: blackbox-exporter:9115
|
||||
|
||||
- job_name: phpipam
|
||||
metrics_path: /probe
|
||||
params:
|
||||
module:
|
||||
- http
|
||||
static_configs:
|
||||
- targets:
|
||||
- phpipam.pyrocufflink.blue
|
||||
relabel_configs:
|
||||
- source_labels: [__address__]
|
||||
target_label: __param_target
|
||||
- source_labels: [__param_target]
|
||||
target_label: instance
|
||||
- target_label: __address__
|
||||
replacement: blackbox-exporter:9115
|
||||
|
||||
@@ -91,7 +91,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: vmagent
|
||||
image: quay.io/victoriametrics/vmagent:v1.96.0
|
||||
image: docker.io/victoriametrics/vmagent:v1.96.0
|
||||
args:
|
||||
- -envflag.enable=true
|
||||
- -envflag.prefix=vmagent_
|
||||
|
||||
@@ -34,7 +34,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: vmalert
|
||||
image: quay.io/victoriametrics/vmalert:v1.96.0
|
||||
image: docker.io/victoriametrics/vmalert:v1.96.0
|
||||
args:
|
||||
- -envflag.enable=true
|
||||
- -envflag.prefix=vmalert_
|
||||
|
||||
@@ -34,7 +34,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: vminsert
|
||||
image: quay.io/victoriametrics/vminsert:v1.96.0-cluster
|
||||
image: docker.io/victoriametrics/vminsert:v1.96.0-cluster
|
||||
args:
|
||||
- -envflag.enable=true
|
||||
- -envflag.prefix=vminsert_
|
||||
|
||||
@@ -34,7 +34,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: vmselect
|
||||
image: quay.io/victoriametrics/vmselect:v1.96.0-cluster
|
||||
image: docker.io/victoriametrics/vmselect:v1.96.0-cluster
|
||||
args:
|
||||
- -envflag.enable=true
|
||||
- -envflag.prefix=vmselect_
|
||||
|
||||
@@ -50,7 +50,7 @@ spec:
|
||||
weight: 1
|
||||
containers:
|
||||
- name: vmstorage
|
||||
image: quay.io/victoriametrics/vmstorage:v1.98.0-cluster
|
||||
image: docker.io/victoriametrics/vmstorage:v1.96.0-cluster
|
||||
args:
|
||||
- -envflag.enable=true
|
||||
- -envflag.prefix=vmstorage_
|
||||
|
||||
@@ -8,7 +8,7 @@ awk_script = "/etc/xactmon/commerce.awk"
|
||||
name = "Chase (Amazon Rewards) Visa"
|
||||
match = "no.reply.alerts@chase.com"
|
||||
date_fmt = "%b %d, %Y at %-I:%M %p"
|
||||
regex = 'Account\s*(?P<account>.+)\n\s*Date\s+(?P<date>.+[AP]M).*\n\s*Merchant\s+(?P<description>.+)\n\s*Amount\s+\$(?P<amount>[0-9]+(?:,[0-9]+)*\.[0-9]{2})'
|
||||
regex = 'Account\s*(?P<account>.+)\n\s*Date\s+(?P<date>.+[AP]M).*\n\s*Merchant\s+(?P<description>.+)\n\s*Amount\s+\$(?P<amount>[0-9]+\.[0-9]{2})'
|
||||
|
||||
[[rule]]
|
||||
name = "HSA Bank"
|
||||
|
||||
@@ -30,7 +30,7 @@ metadata:
|
||||
spec:
|
||||
encryptedData:
|
||||
fastmail.token: AgAv9tf/jBhwvJVQA+B0U/je6Pb+rzaCRLdq/KXYO3dOOnGx7Hc8vCnGvSFlM7jlDLxXBWtny4cjFJwj0QkI/YwVzpMzYP2FXJ6GPui1BzL7pTSwHx/9wyYxPzy/TXSY+R77g6fqSscSh8LsA12JxrgbpHXq6UHkzjbPYSv2hYFxHyD2fWIPlzApoMLlvGFtywsn6iDwtJNL+wLL7vaI3zgdA+ahQ06wNsOJUxMPyQNcj0EciVRbLoQz9dBw2I4yXUOYWPONs13VD5YjpzQU7LkzbZjHicU+jwEhb8fCdrTEspGzNS6+6cn406vZzei41WZlvA48S1XR0hRjt+DEQJB4cn7Sl9POl9dtxo9CLp7/j3KAqWPCT6EB+Dcx+3r2e59gC8gF99yPOvVULyEndYWKkuj6wohh4QneZ1kFHANGjzNMiygRAIW5OxFUgENaxL5isXcSJc9DqwhJQ1Re176hAtFKxkp/nJYpw54oXU7ZWCV6T95caCqRisJbS7c25sFQk+kEqYrr6Baza//zlDn4mN4S3NGlsqrCpl4PaFi9VAyHVwn2kR5TEGn5TEr9cxKeGFH7AlAKyG/MA0h1mCVYB/+fBqLnAYkHdFh5cIvHPNzJuc4jllLK3bwXITrkKFhvObuQzXQRp591vyduki2JJWrRgMt/WwQrC11wwqfGYZ6JP3dLqrRRRWFDTW8ap2j4YhH/hNqLezSR0jLTlyllb2edDAYYj9XFARW7Pdu68tY97fEJ8tuXS43MnmBV3ma5iBnKl+A94PdIE1D+SkBYRFbnlDUoNTgOTWDnW6lij6E=
|
||||
firefly.token: AgBf04WOsalMNT4FuauRHs6WwoPiQmt/914iNo4sz84QfzM/+68KDD0IVSvCMO5m+JOEsfYN5xMN7uAnQ4Kxi1YZBf6FcR8meRpOOinnMcazPEfUpikV3bCkHMaIuoQNw7uhhRDdigoQRJ49SUAhDzQp2trkPMm2Pc3y+hhoWc3+J6Jh06xFDQuGLOoa7SuAGgv9vV/JZrgo5FByl+pO7eNVNfzAyFFxjMhPfdV23bH4yYuJM6e1zi0MW6iqNkQzvhF0O+FwW2fmxgpScPCIvH0ESmT6qKPvr6ekYuY+nHuMFcOBIu5TDpYiXqnMBxrL9FRRClkhYlrr3KsWIoOWDwzi++AOzF+JRiG/OEzcMIK+Un5QzKP4Y7M/pjM5Tb6LfnvyfDdPwzsHcg8ivgH0IjbtpNooQGCQZjo85A7hrpNKR/BeaPFr8b8Cvpyjv1QPmzOT0gJoIUvZcxgUhRnjHhMpdgG6+R5GSD0VCifgeOTLjhq7/Fovs6xoAEAtn1MWJyAPb0UaZAhgwhQ1m8Kcqe9ceHFVKDGpSH8nBYR9DSeYiKHGamgeG9/2fy/4DW4XEJbUye07tGRiRB/xcTiwZbqqfgb3W4AkHrZ2uuN7phCBZBrwY6BD+WN/4M6RmMiwfVC4MOwxtC1zpijIRkzJEtO6vQyBC00PKeQ5zaPHFrnIF+p25ccmSUVDEnPxnBYJ5Dr01JlQ9edTsw/qOWm59wSHxxPZPhtk/ltUYYE46hjeGyBXVS917s1frq2sYuwoHEdAj+Td/heklcZciK7taCSRyJcoUcQthu7PBtP6NdQfCla63MM1rV21FUNzCIJHl5yPNAT1ZtBXcqzy9SkUF+j6QPQg4j8eDuob0q1hFgg0flWiV0HJMaBx6paUBLZMpMbFnRgejS+XEwsLqUoRgOgRHcroT3RgvsaZI+AM5Y8j0nl2YrVNq8zsITRkrP0OrsGYsbDrgvl9XG/OQCUJZc2xB14Ra/TY1SAclWgHcL9N+mMbXkoscDZkrrU6Sygqm2ZFvT2y+vYk2k23WdEcJio65x00xx+tOyAjoRRv2GzuJHlAYQv2LK1aLeJhbunzav5mr99io151UDTF0b+zralxtH2vHwNfNntkuyUzFP7lTEUExL0kFe2t6KUj2t8KyA0G0lBgruHz97CjKSfcesjq2USgSnmT8IYf2xnCK3lR9KhoLNTAE3rkXeuCDBysye7mbcqxNEqu1g7txI8KFPpobEtdpnW8lg2Lvzb6EkV4x/zbgJd0zHE9j8sG7CZX6J24/XVBLkwEe//c33yUpDAe1ppelYkjJ9BaCZltBwcUKiY0i/H5cp3OVRcqlCTtlNSOJx5TS0bcmuTITEXBxUPw+53v2uEQCDmgkJ0DfklFNWXxI6F5idMnDj9zpKky1fvntluHJLu+D7AGWNhbovjEE2yzfFRHxjDGyTndTlctfbEbj/vFyJK15u4LdsCGFN1qz+12iE+iQfxovEhtLMSVHQg+OnVwKKE6QTu55iaAs9sUsqDjlOmPgofMn5rU2ph4Bim5sKoMVP7dKx2HHcfF1U68sVYaHWx0FTRttNCyYA1OPjn7QSkg9W8YYZ4NvVhWt5d/LpultpJTzuLY6++Vqb0tC0GgXCNjLo6gd/nzw6mQRcgj5yWHPP97Pi1WBIaLqiH13cS9J0EffJhiaOrhDlQ7J0IRRSppbRRgyjeBgQkIBO41DnoMfzxsfvUamnfuKJDMNeZp0AnnpWaj/tZOfSQIt7gwsoK7RCKN+6fnYvW/epcsz6waVUWJ9HthfZGdGwVz1mLMsgeQ86F+w3e217uZNsCdsB96iywUIvE2lbPKDlSkeE+86L47RwFTv5wT7aKBNN2tuCkR03z+n8tHlSu5O1Nz1UW9gW0Agol0DDHkQpfkIQXKWBmI+XncuMeR8TeRYF99Fgc75D11IXHhaZhQuLF3G7ezcEngMLgh9/QrI/zXGmhWV1hAJIgS4uEeHbY2ojz2LtFpjMKDPm8tRlqjOIgq
|
||||
firefly.token: AgBr9HzzALDzRwn0deyJnx4ohoP6aioC1CWmV+gt0TcY4b7C6DMHosfxo5UK90QV8H01sYJQZS4448ZssftkobHnY8sSuuglLyfHHeAuj2drEbmEeaiCIHKM5oftezeN0LvPF7v/Hwp1QfqE+MJiUMQ9Dhz/Mbuh54yKIx+YHviIsZxfwjp8a8Ocus//UeJyQBpNvkloMRtTlrZDqA2KBWqZI59kjIOITYeXXZUijCiOG+s+4eBcFCf/CsMy5fLABedGaxWt4mzo28TlozvhBl0D0NwiMPvMR19j9033QTYMEb2jq04ocsdSpNW3epE9y++dQbh2JpYIWp+l9cMw0TjrenBkTas3fc5vMRsHOqyYOnubZyboDvLLXOA6DkVRUVlyNVTw9cgBVVcnOCtfRFFcyVFmop17VvESkzEOV7p+g5yron4Goc5BrAPTmKtRlXbu22AEC4sFuDYCwqc/rh8oO+5XKa+q109OR1S/5fzZ+ggJhZM6ODYMLWCgBInjBy7urxlwLFJRM+P26tAnq/wK0DNK6Vjb46c/Ah+tn8S9W/VcyVAzuQ2HOb6tIE8ug3biu757U2mny4wH7hAbEFxiRbeCpnervO//Nz0WUyeSrV7HgIRMx74Bn0fqMwZX66TOWkeWJrDPOWheFNutYV0JTN7e51jkFjBZ6SiBC4mrGkHMC+DigI1e9TAg4OFTKBw/R/GepfEoaRukoWPhze3SZzN71L/p1AJ9rLLKgVKmKylSzRZxO64iEpFIW8g1CcwQwbv5wPkgsLqGx9PIWvUTBVtQsHZqnTsI4P0XyPqijKsDM5aSP8o9u4I+N4D/odjbtx37tOm1a861l0fDdByTxRfzT1WAOVhwzREfmggtT9lOdwlB+H2jTrIeXZ/S4GZWY+HAN9A4ZbYBrWtcS6ShNywgU89vDR0Ak3Cs86YxjowJYjA4r/bl41asOK8GWuJiH1AwBQPolNoUwW2MkwqTWHRE1+o6pFR8l17dNTDS9JR2KmPyUvi5ubQd6patboosEHf0oMa+KNKywkTP6BB3Hb0Vpsc2udkim1tVlV7AndHndjTdYX5+HxA+pleMxKGkOUgkzfhnxflSt3RjNa+WO6bQWaLvSH+Pl3IsRdtT6H1zW77pUrfE2QVV8ChvWAxuY8R19/qt40Hjq6v3lW7CTnJQM+zYthSL7ovWEkBi1bN95FQNt8wTawFnA2wYcMLvJRyE8d1Sgv1blpY36DJEZRnzAnWZVuRVXwufubQ0ResEd6JZxu+vU2IZzUweV5j/74opEBk62bIYqk41kebk6+fv1kQxnm3wdK/rh0ENXttZPsvW/PkC1aHCBswV3BT7Lh8kxLUT0eGqQvzYAjp5rk5uLy+lvDJC5IR/jZUUDooUkTu/xxTQL8PBePfwnP7SLB6oi4Ikoy3zT1CpbgoOXZypYJiIycKJP0OTl0YCEoU30x0MRkNM9ao3Crv7Dyvpoy+lzs8INxEki9LYb+6oB6snyd9hbgY9PktcHpe8DzoTw2AEY0008VxdtjlApaEEyc1ID965pJjEMYElqS76+x+R1BviKhZ0ewCs+WIalD/8QXOtdRAWK109wGpGo147qmDH40TcCJ48kqhFj5SmnTXPUBY67hrLOw/ewp5kmu1fQmVvCh4+BdZnhejLn2SuXEBEY9ZiReOja1UuYjEYPcs8w+qJM8zI8tVF/f8vHiDBq8yCVJAMgoQltzlWzZ+Dau/6GBMaeR5nuVurTGmjDd1kka7eHaoFB6OEaVFLoR9NBeHT9If5nPxCA+fiev5YhxCVAiLiUuYnVtEaQ/Ih0Y2ntvXpMa1vK5vUXne3rE6JRQ7WX7cu/rTwCwe4K9WHzHmpwpeCKa3o4OYnQSsUDx70xg+xCM8kaN76LW08Y2f4Pgx1qSsysyRmERe6fabr0yvCDHnrtnQDCjYtiwmRJ+/jbOOB8Ih7AuMVfSBa807nu6KNfr48Zm1hnvmLFBVmjRc7LlM2bcabGasak6kI8ODeY0YFbJM=
|
||||
hlc.fastmail.token: AgCVWELi/+cm/52Mi7dCnL20nOHPWrwum8Ia0L9cjujgJBFUuuVSkRHcpmPC/864kOb0ElGXu0QjvbTriD8qaDs30zl21MB1OCMluemttj5J5pMfrKtjjmyZPgHs/LPV/7y0Wj2zRiVwb0LgNWlJDGN6VKmSeVgmgFlX4Ri28XVgodS6zCHUdzu4vUnra0lBP1IJ7rDbMa/ODUA5YbsbAvTdRcIH/gG5KE39pp1JjPuGbM5pQJQ5CqVdEUZlsymE7TghBjxXlcZDD4ZkjN11M5J0MSoW7do3m9yWBrMUt1DDX3h3l2RenTg1D994dwf4D5J419en0YACXZcgIYAGvoFHPkLXzHtu6SPwvTZ6SVgEaejyPHfLug9Tbdye2qRFj78Am6q72ZTHEAbh9QrUFm8zE8Owb7XzGU5YEpvaZxbPwSj8ca2zJ7s6ottcxuH6e1KuqFXZowaUAX6ITnTuzoB5TCT0Nshqv+wiP1vrgpxewHii10KNZ5vciovjz/pwq1y4ktQyWvsryg3uyShI28A7l6Fi0psFHsc06zo86HoA5EhBiY4LRHAKOswS1dUftAAL/JRa7Ra/uLJx15Mso8L/F1T3EDhHUl5Klg/pQwkkAq7Rv1UOQerVZiP0VnfQ2Rpolj10uEWj1ouhoXWMa+wNBFze4nnRLtuPFTj1hSVpo2OMM+B7j7X+Yw59yP7oiay+N5Pppuftxlh/snfkNlVYpFlFAtd6i8gGwMkCt5hPZzv47ZvZWUVVuDb6YsffDQyejZYHeevHDbOJAGBqmINUD11qXPf0OhFt5d7ZEQleFms=
|
||||
invoiceninja.token: AgBH1Ec9CKBGCz4SwMLsovglx56g+MlYchkSQtSqlmLZvDm+tfXBilYk+ZBjpXa6dinPRW50SZ0HK+422OqRFfO55JFq/Tanltwb+yLKoak3rlnOpFgWoA7YFMl3Mzk7H46BTr0deiyJSRzia4KUla1SxL7uBkND41+9IqjH5DNTmtXOz320uvHzg0cLGAKyU5zAxa/YLDHNZNybgoaBcOQRlfNaWQcZJNLGh13tQYKt01+InJ4wWwaEp4FqmfOq/LUZWJDobYU0hlDI02vVKA7B9VwWge4/EZOW5HKoeACVtpozCS3rgqKM55ddv/4Da7EKTzCqyS+Ax6+3KNMDma27wXw/ci/wSTaRUOnaqnBlxUjeVWkHoZXBFBqGLxmI7aXLmER7/llqZDobj2NzdqVQCeW8Gyno3q3AtW6DggKBBVsj/H4+TWodmGj2Y/UhsftDm2XCqEIUL9RgIHrRuwjRuU+fM/Pm/xsb08tDD3c1zFAFPHSMdQ53jQOtaY062E7x5a264XohzY1P5lSL2ypTI12S3sKJJdylBFwAT5gGJXk8boSFdEXqMeyk98NR8pi5RC6782ERJlnJ0Mw13uP0Fmj29pKIJK0bSSYJtRk/Hr6ShhbbaB5BvtvHVAGSz6k7oD33sCnJvd2fPFlKyp41HCBWHAOPo3rCfMzkMDgxQr2voqua13HlY7WtLXGft762rAXIguzR2rvpDzPs1bnkJZLhU4Cow5R9m1U4MU81i556lrcxJl1DTOXt78koT87TDaEzipINgk/G/jb7g8GW
|
||||
template:
|
||||
|
||||
@@ -51,8 +51,6 @@ spec:
|
||||
subPath: tmp
|
||||
imagePullSecrets:
|
||||
- name: imagepull-gitea
|
||||
nodeSelector:
|
||||
kubernetes.io/arch: amd64
|
||||
securityContext:
|
||||
runAsUser: 251
|
||||
runAsGroup: 251
|
||||
@@ -134,8 +132,6 @@ spec:
|
||||
subPath: tmp
|
||||
imagePullSecrets:
|
||||
- name: imagepull-gitea
|
||||
nodeSelector:
|
||||
kubernetes.io/arch: amd64
|
||||
securityContext:
|
||||
runAsUser: 251
|
||||
runAsGroup: 251
|
||||
@@ -218,8 +214,6 @@ spec:
|
||||
subPath: tmp
|
||||
imagePullSecrets:
|
||||
- name: imagepull-gitea
|
||||
nodeSelector:
|
||||
kubernetes.io/arch: amd64
|
||||
securityContext:
|
||||
runAsUser: 251
|
||||
runAsGroup: 251
|
||||
@@ -302,8 +296,6 @@ spec:
|
||||
subPath: tmp
|
||||
imagePullSecrets:
|
||||
- name: imagepull-gitea
|
||||
nodeSelector:
|
||||
kubernetes.io/arch: amd64
|
||||
securityContext:
|
||||
runAsUser: 251
|
||||
runAsGroup: 251
|
||||
|
||||
Reference in New Issue
Block a user