Merge branch '20125'
commit
ac62a77c96
|
|
@ -0,0 +1,79 @@
|
|||
alertmanager:
|
||||
url: http://alertmanager.victoria-metrics:9093
|
||||
|
||||
system_wide:
|
||||
alerts:
|
||||
- alertgoup: Active Directory
|
||||
- alertgoup: Longhorn
|
||||
- alertgoup: PostgreSQL
|
||||
- alertgoup: Restic
|
||||
- alertgoup: Temperature
|
||||
- job: authelia
|
||||
- job: blackbox
|
||||
- job: dns_pyrocufflink
|
||||
- job: dns_recursive
|
||||
- job: kubelet
|
||||
- job: kubernetes
|
||||
- instance: db0.pyrocufflink.blue
|
||||
- instance: gw1.pyrocufflink.blue
|
||||
- instance: vmhost0.pyrocufflink.blue
|
||||
- instance: vmhost1.pyrocufflink.blue
|
||||
|
||||
applications:
|
||||
- name: Home Assistant
|
||||
url: https://homeassistant.pyrocufflink.blue/
|
||||
icon:
|
||||
url: icons/home-assistant.svg
|
||||
alerts:
|
||||
- alertgroup: Home Assistant
|
||||
- alertgroup: Frigate
|
||||
- job: homeassistant
|
||||
- instance: homeassistant.pyrocufflink.blue
|
||||
|
||||
- name: Nextcloud
|
||||
url: &url https://nextcloud.pyrocufflink.net/
|
||||
icon:
|
||||
url: icons/nextcloud.png
|
||||
alerts:
|
||||
- instance: *url
|
||||
- instance: cloud0.pyrocufflink.blue
|
||||
|
||||
- name: Invoice Ninja
|
||||
url: &url https://invoiceninja.pyrocufflink.net/
|
||||
icon:
|
||||
url: icons/invoiceninja.svg
|
||||
class: light-bg
|
||||
alerts:
|
||||
- instance: *url
|
||||
|
||||
- name: Jellyfin
|
||||
url: &url https://jellyfin.pyrocufflink.net/
|
||||
icon:
|
||||
url: icons/jellyfin.svg
|
||||
alerts:
|
||||
- instance: *url
|
||||
|
||||
- name: Vaultwarden
|
||||
url: &url https://bitwarden.pyrocufflink.net/
|
||||
icon:
|
||||
url: icons/vaultwarden.svg
|
||||
class: light-bg
|
||||
alerts:
|
||||
- instance: *url
|
||||
- alertgroup: Bitwarden
|
||||
|
||||
- name: Paperless-ngx
|
||||
url: &url https://paperless.pyrocufflink.blue/
|
||||
icon:
|
||||
url: icons/paperless-ngx.svg
|
||||
alerts:
|
||||
- instance: *url
|
||||
- alertgroup: Paperless-ngx
|
||||
- job: paperless-ngx
|
||||
|
||||
- name: Firefly III
|
||||
url: &url https://firefly.pyrocufflink.blue/
|
||||
icon:
|
||||
url: icons/firefly-iii.svg
|
||||
alerts:
|
||||
- instance: *url
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
cert-manager.io/issuer: status-server-ca
|
||||
labels: &labels
|
||||
app.kubernetes.io/name: status-server
|
||||
name: status-server
|
||||
spec:
|
||||
tls:
|
||||
- hosts:
|
||||
- 20125.home
|
||||
secretName: status-server-cert
|
||||
rules:
|
||||
- host: 20125.home
|
||||
http:
|
||||
paths:
|
||||
- backend:
|
||||
service:
|
||||
name: status-server
|
||||
port:
|
||||
number: 80
|
||||
path: /
|
||||
pathType: Prefix
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
namespace: '20125'
|
||||
|
||||
labels:
|
||||
- pairs:
|
||||
app.kubernetes.io/instance: '20125'
|
||||
app.kubernetes.io/part-of: '20125'
|
||||
includeSelectors: true
|
||||
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- secrets.yaml
|
||||
- status-server-ca.yaml
|
||||
- status-server.yaml
|
||||
- ingress.yaml
|
||||
|
||||
configMapGenerator:
|
||||
- name: 20125-config
|
||||
files:
|
||||
- config.yml
|
||||
|
||||
images:
|
||||
- name: git.pyrocufflink.net/packages/20125.home
|
||||
newTag: dev
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: "20125"
|
||||
labels:
|
||||
app.kubernetes.io/name: '20125'
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
name: imagepull-gitea
|
||||
namespace: "20125"
|
||||
spec:
|
||||
encryptedData:
|
||||
.dockerconfigjson: AgAXY5XsnGF9E3RU9dnKXK9fWjqK0khCDf7n0vuJCLACrcM01aoWVSjl26+j7oSTTyc7t5C+EKPJnuKdlkNfh2Omw9Lh3dn8rPRYcBRmUEAyt0TvBVkxBIiP+49y39QEV1opYY+b1gLVJ5ZEC92u5uI9y8xovwx9wqtKLfQ+KCfc5m93AYaQJ9EcnV1DSEkv/HdtWNikQes2hO6pTLF/GHrh/s79eIeXMTm5oG/OyJWTOGQdy1SdoGWLLf31dsjhsJyGMYOtWx42Nou20lWqmdoy4Dd8OXuuhcfeDNzkH187mI4XpVjbS0M+P5teJsGiTwx+VyJlGQnEaquIiHy3KLt3YH/ltGeNeCNbFmSDa70A3IdP/t0cAXN20rlIFGVzqNrAOhMYtiTDEgaKOrL7mwM4i4NTCnLTA2nXU7gLEcLGPRqO7LKIhc1/6d1xWMT58SFjHAVklFt/lq1udY6zE8gXHp+RQ+7hIIEu500YiaKubvh2MsOKIqYOaX99Q4BW7PQhwjjwtFHFuwNjZn8wAbDq+3gsDSqgeFPgHAs7nPIImcBne/fTobsHhUVvxEnBNLCRtSqpkvOLzpgC+dRNsD6ZTcXPhFWTEOvjBMcUWqOTcRmd8DCsdxalM42x/ZQjlNlubZeuaNki+4pA80bYlsLWt3A2nWtcVbO/aAYrT1qiK/d8NZsPNidD0HE1rkUkCNv5KgXVWUfVU7ptX1YFpYXXuEIFeWzulH3gWmdW4q+t2nGHAqwkszZfijtpsexBttff1ym3rgBTGHFmQRkmSMbNHIAq29ehuVrxkH7uM8Q1cXXmMnGgre0ijtUfW9zMlx92jR86187xOLM3/hxANhfyt4eZVMwx8D42facMxxAngCi01vYTwqihA9mtBFkKlkQdKCH1NxgWQqwAJi87utgHoFivxeM+Pck7Zeottr0yzUEisdoBAdQR99hijR2C5SnC4iURnqfi9sloj0Uuo74SxiTGapA7pg77LmvpV9Wzu6QiEm944tftcZHwaMg=
|
||||
template:
|
||||
metadata:
|
||||
name: imagepull-gitea
|
||||
namespace: "20125"
|
||||
type: kubernetes.io/dockerconfigjson
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: selfsigned-ca
|
||||
spec:
|
||||
selfSigned: {}
|
||||
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: status-server-ca
|
||||
spec:
|
||||
isCA: true
|
||||
commonName: 20125 CA
|
||||
secretName: status-server-ca-secret
|
||||
privateKey:
|
||||
algorithm: ECDSA
|
||||
size: 256
|
||||
issuerRef:
|
||||
name: selfsigned-ca
|
||||
kind: Issuer
|
||||
group: cert-manager.io
|
||||
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: status-server-ca
|
||||
spec:
|
||||
ca:
|
||||
secretName: status-server-ca-secret
|
||||
|
|
@ -0,0 +1,46 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels: &labels
|
||||
app.kubernetes.io/name: status-server
|
||||
app.kubernetes.io/component: status-server
|
||||
name: status-server
|
||||
spec:
|
||||
ports:
|
||||
- port: 80
|
||||
protocol: TCP
|
||||
targetPort: 20125
|
||||
selector: *labels
|
||||
type: ClusterIP
|
||||
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels: &labels
|
||||
app.kubernetes.io/name: status-server
|
||||
app.kubernetes.io/component: status-server
|
||||
name: status-server
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels: *labels
|
||||
template:
|
||||
metadata:
|
||||
labels: *labels
|
||||
spec:
|
||||
containers:
|
||||
- name: status-server
|
||||
image: git.pyrocufflink.net/packages/20125.home
|
||||
imagePullPolicy: Always
|
||||
volumeMounts:
|
||||
- mountPath: /usr/local/share/20125.home/config.yml
|
||||
name: config
|
||||
subPath: config.yml
|
||||
readOnly: True
|
||||
imagePullSecrets:
|
||||
- name: imagepull-gitea
|
||||
volumes:
|
||||
- name: config
|
||||
configMap:
|
||||
name: 20125-config
|
||||
|
|
@ -0,0 +1,41 @@
|
|||
git_repo: gitea@git.pyrocufflink.blue:dustin/certs.git
|
||||
certs:
|
||||
- name: pyrocufflink-cert
|
||||
namespace: default
|
||||
key: certificates/_.pyrocufflink.net.key
|
||||
cert: certificates/_.pyrocufflink.net.crt
|
||||
bundle: certificates/_.pyrocufflink.net.pem
|
||||
- name: dustinhatchname-cert
|
||||
namespace: default
|
||||
key: acme.sh/dustin.hatch.name/dustin.hatch.name.key
|
||||
cert: acme.sh/dustin.hatch.name/fullchain.cer
|
||||
- name: hatchchat-cert
|
||||
namespace: default
|
||||
key: certificates/hatch.chat.key
|
||||
cert: certificates/hatch.chat.crt
|
||||
bundle: certificates/hatch.chat.pem
|
||||
- name: tabitha-cert
|
||||
namespace: default
|
||||
key: certificates/tabitha.biz.key
|
||||
cert: certificates/tabitha.biz.crt
|
||||
bundle: certificates/tabitha.biz.pem
|
||||
- name: chmod777-cert
|
||||
namespace: default
|
||||
key: certificates/chmod777.sh.key
|
||||
cert: certificates/chmod777.sh.crt
|
||||
bundle: certificates/chmod777.sh.pem
|
||||
- name: dustinandtabitha-cert
|
||||
namespace: default
|
||||
key: certificates/dustinandtabitha.com.key
|
||||
cert: certificates/dustinandtabitha.com.crt
|
||||
bundle: certificates/dustinandtabitha.com.pem
|
||||
- name: hlc-cert
|
||||
namespace: default
|
||||
key: certificates/hatchlearningcenter.org.key
|
||||
cert: certificates/hatchlearningcenter.org.crt
|
||||
bundle: certificates/hatchlearningcenter.org.pem
|
||||
- name: appsxyz-cert
|
||||
namespace: default
|
||||
key: certificates/apps.du5t1n.xyz.key
|
||||
cert: certificates/apps.du5t1n.xyz.crt
|
||||
bundle: certificates/apps.du5t1n.xyz.pem
|
||||
|
|
@ -4,51 +4,6 @@ metadata:
|
|||
name: cert-exporter
|
||||
namespace: cert-manager
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: cert-exporter
|
||||
namespace: cert-manager
|
||||
data:
|
||||
config.yml: |
|
||||
git_repo: gitea@git.pyrocufflink.blue:dustin/certs.git
|
||||
certs:
|
||||
- name: pyrocufflink-cert
|
||||
namespace: default
|
||||
key: certificates/_.pyrocufflink.net.key
|
||||
cert: certificates/_.pyrocufflink.net.crt
|
||||
bundle: certificates/_.pyrocufflink.net.pem
|
||||
- name: dustinhatchname-cert
|
||||
namespace: default
|
||||
key: acme.sh/dustin.hatch.name/dustin.hatch.name.key
|
||||
cert: acme.sh/dustin.hatch.name/fullchain.cer
|
||||
- name: hatchchat-cert
|
||||
namespace: default
|
||||
key: certificates/hatch.chat.key
|
||||
cert: certificates/hatch.chat.crt
|
||||
bundle: certificates/hatch.chat.pem
|
||||
- name: tabitha-cert
|
||||
namespace: default
|
||||
key: certificates/tabitha.biz.key
|
||||
cert: certificates/tabitha.biz.crt
|
||||
bundle: certificates/tabitha.biz.pem
|
||||
- name: chmod777-cert
|
||||
namespace: default
|
||||
key: certificates/chmod777.sh.key
|
||||
cert: certificates/chmod777.sh.crt
|
||||
bundle: certificates/chmod777.sh.pem
|
||||
- name: dustinandtabitha-cert
|
||||
namespace: default
|
||||
key: certificates/dustinandtabitha.com.key
|
||||
cert: certificates/dustinandtabitha.com.crt
|
||||
bundle: certificates/dustinandtabitha.com.pem
|
||||
- name: hlc-cert
|
||||
namespace: default
|
||||
key: certificates/hatchlearningcenter.org.key
|
||||
cert: certificates/hatchlearningcenter.org.crt
|
||||
bundle: certificates/hatchlearningcenter.org.pem
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
|
|
@ -69,6 +24,7 @@ rules:
|
|||
- chmod777-cert
|
||||
- dustinandtabitha-cert
|
||||
- hlc-cert
|
||||
- appsxyz-cert
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
|
|
|
|||
|
|
@ -136,3 +136,20 @@ spec:
|
|||
privateKey:
|
||||
algorithm: ECDSA
|
||||
rotationPolicy: Always
|
||||
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: appsxyz-cert
|
||||
spec:
|
||||
secretName: appsxyz-cert
|
||||
dnsNames:
|
||||
- apps.du5t1n.xyz
|
||||
issuerRef:
|
||||
group: cert-manager.io
|
||||
kind: ClusterIssuer
|
||||
name: zerossl
|
||||
privateKey:
|
||||
algorithm: ECDSA
|
||||
rotationPolicy: Always
|
||||
|
|
|
|||
|
|
@ -8,6 +8,14 @@ resources:
|
|||
- cert-exporter.yaml
|
||||
- dch-ca-issuer.yaml
|
||||
|
||||
configMapGenerator:
|
||||
- name: cert-exporter
|
||||
namespace: cert-manager
|
||||
files:
|
||||
- config.yml=cert-exporter.config.yml
|
||||
options:
|
||||
disableNameSuffixHash: True
|
||||
|
||||
secretGenerator:
|
||||
- name: zerossl-eab
|
||||
namespace: cert-manager
|
||||
|
|
|
|||
Loading…
Reference in New Issue