vhaudiquet/homeprod
1
0
Fork 0
mirror of https://github.com/vhaudiquet/homeprod.git synced 2026-05-08 17:47:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: vhaudiquet:901a5e1a9a649a23489e3e830b197e242a458598
Branches Tags
vhaudiquet:main vhaudiquet:dependabot/docker_compose/docker/home/zigbee2mqtt/koenkk/zigbee2mqtt-2.10.1 vhaudiquet:dependabot/helm/kubernetes/system/blocky/ghcr.io/0xerr0r/blocky-0.29.0 vhaudiquet:dependabot/helm/kubernetes/personal/linkwarden/ghcr.io/linkwarden/linkwarden-2.14.1 vhaudiquet:dependabot/docker_compose/docker/production/buildpath/mongo-8.2.7 vhaudiquet:dependabot/helm/kubernetes/personal/photoprism/photoprism/photoprism-260305 vhaudiquet:dependabot/helm/kubernetes/infrastructure/authentik/bitnamilegacy/postgresql-17.5.0 vhaudiquet:renovate/configure
...
compare: vhaudiquet:dcbef2cd0a17dcf0c799f8fc90ddf4c69b5f5e4e
Branches Tags
vhaudiquet:main vhaudiquet:dependabot/docker_compose/docker/home/zigbee2mqtt/koenkk/zigbee2mqtt-2.10.1 vhaudiquet:dependabot/helm/kubernetes/system/blocky/ghcr.io/0xerr0r/blocky-0.29.0 vhaudiquet:dependabot/helm/kubernetes/personal/linkwarden/ghcr.io/linkwarden/linkwarden-2.14.1 vhaudiquet:dependabot/docker_compose/docker/production/buildpath/mongo-8.2.7 vhaudiquet:dependabot/helm/kubernetes/personal/photoprism/photoprism/photoprism-260305 vhaudiquet:dependabot/helm/kubernetes/infrastructure/authentik/bitnamilegacy/postgresql-17.5.0 vhaudiquet:renovate/configure

19 Commits
901a5e1a9a ... dcbef2cd0a

Author SHA1 Message Date
Valentin Haudiquet
dcbef2cd0a blocky: use the right health probe 2026-05-02 19:51:38 +02:00
Valentin Haudiquet
7465ecedf8 infra: update docker VM RAM to 22222 (16 GiB is actually what it uses at regular load, so it crashes without more) 2026-05-02 19:18:23 +02:00
Valentin Haudiquet
256c337db4 blocky, coredns: set replicaCount to 2, and enable blue/green 'RollingUpdate' 2026-05-02 18:59:49 +02:00
Valentin Haudiquet
0ddeb75508 coredns: re-add file plugin with fallthrough 2026-05-02 18:45:19 +02:00
Valentin Haudiquet
896002da8c coredns: remove file plugin alltogether, change version 2026-05-02 18:43:31 +02:00
Valentin Haudiquet
ef892b38a7 coredns: retry fix values.yaml 2026-05-02 18:36:22 +02:00
Valentin Haudiquet
20d8e07a24 coredns: invert fallthrough in config 2026-05-02 18:32:06 +02:00
Valentin Haudiquet
d9a1063630 coredns: try reversing order 2026-05-02 18:29:41 +02:00
Valentin Haudiquet
3860f5849c coredns: retry fallthrough in file plugin 2026-05-02 18:28:36 +02:00
Valentin Haudiquet
f732f7247f coredns: fix chart version 2026-05-02 18:27:38 +02:00
Valentin Haudiquet
883330996a coredns: fix values.yaml 2026-05-02 18:24:24 +02:00
Valentin Haudiquet
c90caed623 coredns: set dnspolicy to clusterfirst 2026-05-02 18:20:53 +02:00
Valentin Haudiquet
cfd521f502 coredns: try adding a different zone for kube resolution 2026-05-02 18:12:54 +02:00
Valentin Haudiquet
f71faa0ae8 coredns: set zone to . 2026-05-02 18:04:52 +02:00
Valentin Haudiquet
ce30776eeb coredns: add kubernetes plugin 2026-05-02 17:28:07 +02:00
Valentin Haudiquet
be092af161 coredns: add zone parameter for file plugin 2026-05-02 17:23:15 +02:00
Valentin Haudiquet
0b75f66f30 coredns: add fallthrough to file plugin 2026-05-02 17:19:12 +02:00
Valentin Haudiquet
e595bb2c45 coredns: add debug plugin 2026-05-02 17:14:06 +02:00
Valentin Haudiquet
d82ce7a80f coredns: tryfix etcd config with zone parameter 2026-05-02 16:52:21 +02:00
4 changed files with 115 additions and 43 deletions
Expand all files Collapse all files

2
infra/r740/proxmox/docker.tf
View File

@@ -61,7 +61,7 @@ resource "proxmox_virtual_environment_vm" "docker-machine" {
} }
memory { memory {
floating = 16192 floating = 22222
dedicated = 38768 dedicated = 38768
} }

71
kubernetes/system/blocky/values.yaml
View File

@@ -4,8 +4,12 @@ image:
tag: v0.24 tag: v0.24
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
controller: controller:
replicas: 1 replicas: 2
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirst
strategy: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 1
env: env:
TZ: Europe/Paris TZ: Europe/Paris
service: service:
@@ -21,6 +25,37 @@ service:
dns: dns:
port: 53 port: 53
protocol: UDP protocol: UDP
probes:
liveness:
enabled: true
custom: true
spec:
tcpSocket:
port: 53
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readiness:
enabled: true
custom: true
spec:
tcpSocket:
port: 53
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
startup:
enabled: true
custom: true
spec:
tcpSocket:
port: 53
initialDelaySeconds: 5
periodSeconds: 2
timeoutSeconds: 3
failureThreshold: 30
resources: resources:
limits: limits:
cpu: 200m cpu: 200m
@@ -31,27 +66,27 @@ resources:
# Full list of options https://github.com/0xERR0R/blocky/blob/main/docs/config.yml # Full list of options https://github.com/0xERR0R/blocky/blob/main/docs/config.yml
config: "upstreams:\n groups:\n default:\n - 1.1.1.1\n - 1.0.0.1\n lan:\n - 10.101.207.1\n\nconditional:\n mapping:\n lan: 10.101.207.1\n cluster.local: 10.96.0.10\n in-addr.arpa: 10.96.0.10\n\nblocking:\n allowlists:\n ads:\n - |\n dealabs.digidip.net\n s.click.aliexpress.com\n fonts.googleapis.com\n fonts.gstatic.com\n wl.spotify.com\n www.googleadservices.com\n \n denylists:\n ads:\n - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts\n - https://adaway.org/hosts.txt\n \n clientGroupsBlock:\n default:\n - ads\n \n blockType: zeroIp\n blockTTL: 1m\n loading:\n refreshPeriod: 4h\n downloads:\n timeout: 60s\n\ncaching:\n minTime: 5m\n maxTime: 30m\n # Disable negative caching (NXDOMAIN responses) for dynamic DNS\n cacheTimeNegative: 0\n prefetching: true\n prefetchExpires: 2h\n prefetchThreshold: 5\n\nprometheus:\n enable: true\n path: /metrics\n\nports:\n dns: 53\n http: 4000\n\nbootstrapDns: tcp+udp:1.1.1.1\n\nlog:\n level: info\n format: text\n timestamp: true\n" config: "upstreams:\n groups:\n default:\n - 1.1.1.1\n - 1.0.0.1\n lan:\n - 10.101.207.1\n\nconditional:\n mapping:\n lan: 10.101.207.1\n cluster.local: 10.96.0.10\n in-addr.arpa: 10.96.0.10\n\nblocking:\n allowlists:\n ads:\n - |\n dealabs.digidip.net\n s.click.aliexpress.com\n fonts.googleapis.com\n fonts.gstatic.com\n wl.spotify.com\n www.googleadservices.com\n \n denylists:\n ads:\n - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts\n - https://adaway.org/hosts.txt\n \n clientGroupsBlock:\n default:\n - ads\n \n blockType: zeroIp\n blockTTL: 1m\n loading:\n refreshPeriod: 4h\n downloads:\n timeout: 60s\n\ncaching:\n minTime: 5m\n maxTime: 30m\n # Disable negative caching (NXDOMAIN responses) for dynamic DNS\n cacheTimeNegative: 0\n prefetching: true\n prefetchExpires: 2h\n prefetchThreshold: 5\n\nprometheus:\n enable: true\n path: /metrics\n\nports:\n dns: 53\n http: 4000\n\nbootstrapDns: tcp+udp:1.1.1.1\n\nlog:\n level: info\n format: text\n timestamp: true\n"
sops: sops:
lastmodified: "2026-05-02T14:36:10Z" lastmodified: "2026-05-02T17:51:26Z"
mac: ENC[AES256_GCM,data:1SV8u2ozDlB/m8uo7I7AIa/1njmu1bJ5vKilcirfNByz8wp/LRTtRgWwpUOrxzd1+qg+ZC1/mSLQY/kdwWcTU9uP6uBNSLemWJgIRBobFmExDvtfidkJXRhTMUm9zdSNGS/EbQQOz+DV8AAuByTwbP6i5fTiVNVes8kBlYbPvjc=,iv:Ox25bYW8ch63eJgCkOTZxUP/6+w43lKjC2lzYdBzUjw=,tag:LgXken02vzuXDuxg4Iovrw==,type:str] mac: ENC[AES256_GCM,data:J7EovwsXi2L9XocZoi5ann71DQ+wWZk2aCUbjvaGpv0yZC5g2HNccPVRvAj3y9SyMttLT8QlESXzHpEV2A6bOfmJf5v0ACYuWn5wKNlkaBdmTs1xwXp/RcpeOb+FCL9D+9hzjBO9XF6iXZLSj4pO/n1C0IhfeqYKdDC4tHkxOHA=,iv:Qm3Uh+UUSDWCxh7gWJ9x597aWXdMHxtpixE2BVlb6c8=,tag:aHbK26P4f9YV2uGLhpT6OA==,type:str]
pgp: pgp:
- created_at: "2026-05-02T14:36:09Z" - created_at: "2026-05-02T17:51:25Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQIMA7uy4qQr71wiARAAtdzdOgPBhpRSSnw5ZNXHpb6//E5SpCTDDOUbgpvw4FQj hQIMA7uy4qQr71wiAQ/+Po8UdkiFGt0LmcvCeSE23aoWwY4qi2FsGKdik+7sL3RN
ndqJwONMEm7RlZELlxpXq4Gr621j5hcdcc2vUl4ak8wC+1Ml2AAEYf0rrL2SQVVC gOt/VQ6geefhd4YDhH0jfd7TDXs7UTtYvKQ+IaKcRUyOrZzhrfTpNeT/lXuaTkHf
DAiRdHXilzOKJBx+qA+afZT4SNXnN8kv8LRq354mEpxMZ21ot0nZ+sjJiHrVGbSO LAUiqyprq1RDzxxIPvgMh4DynfehgN8B81iMJox2/fD0oV7B6dIIABvAl87gzANw
B2l39o3POLoTmzB/0+iTn953txjijVn/Hm7JoQ7yqQXBwnzjK1F7IkOdv0hyvpW1 7snQLJwdhNXFylKfrdC9A4AfYz7ycXBzEyYlY5BMZENw9yBGgZ1dZITU2KxeYCo/
/Sba+yqZQTqdpH/EwRfQxf6OJpxMBIAj6/COzcp143O3tjVQAEHTaqHbY4rbrt07 gdVTCevybSBQ/Cq0+hI25ZF+nEIGjrVCN2AxPEUO98ljp4OZEu0p6KsMB4xgCD2j
yxvOZKy2tNP/xY62E35rTzGvMrRqUzFNtaYeycx5F0jHgYNITtlCPh1txf5PBq5H l5LN6YPAu95TRx/bZinoHMMzth6WhFdUG0Anj2cIIYXOcreyzPxYGj+vwRlZFrkZ
kmR9NFCOHncX5BFTAXbWaGVQiWxa71mn3vy49BZCwwz21D3u5/PI0Vqe5JBccyVu gTU2vfpt/1Wx8ORRqocCkxZ3dMtm4KsGqe3xpd1y84ezL/bMLxSApn5e7Zzn1cEg
4yqqIdwIrj5i0BdlIFHig1WbYzDjRriR4H1z/Y2Vvv1wtRao99rf8DhCxcWwEgNo DoLwJGnZzSY4nRzfoGXOv6mjyTUVkqNexRlL2wIsgDP9VP/ohS9K2fFZzzJ/fXa1
vAOM1wSBHacr9uZrgAOvObkMWZ4m1UekIJXkA5803cb8J+ceneJ+EOWyYiFVPV8h G9DUg64SwfYIFzAgsyWwdE3kCJ/GSIAgrgNwBfZlLGdfB/PB2BkHNpzX4LROUEcD
MshaL9M1zuEydZqHwDHfMgR/BgVvSVFwPQSkfXnKYJHNS8QGTfZKFudBiP0Ij7DB HqqHtVlUIikiFdDQWwB5tS+APBCO6VuzKl1z3ROgV6xhvr4ZYkd9CHYu1S1r1XAs
pjRf5f2b4FhDgCIg5BopWBxES0LscpFmHgrV0QDKiXOXJNMkVUF5+ITz6HwwwlnS JRCyow0zTLRYGQnDD8+RPQ4MsbzJsugA8Ac4bE4sVJpP8hloZBqHb38AkoUruDTS
XAEwKWrC58GzNBKFCvSMeD83xy7icfdTkXvO30EW9CbEUAMYN4twgsHG+J5NDrUR XgE+Nxcy0/aznBgEscE/VuY/GTH1vwYl5/dAcV8GDYcNmd1tE9E1QwWsSurHt39u
yaET3e2kmOWStkQsPmMtYEVRfRHOWr8XKQXMJfrA87ZC0P19UwUM0eRXJVCN +QdGZYoUbHPtsk/zODgEVqn0iTsqO7Y4Qmu93bYlYFQwCygAPKKpCaqmmu2U+rI=
=0h7d =hq5F
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: DC6910268E657FF70BA7EC289974494E76938DDC fp: DC6910268E657FF70BA7EC289974494E76938DDC
encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$ encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$

2
kubernetes/system/coredns/release.yaml
View File

@@ -12,7 +12,7 @@ spec:
name: coredns name: coredns
namespace: coredns namespace: coredns
chart: coredns chart: coredns
version: "1.x.x" version: "1.45.2"
interval: 1m interval: 1m
valuesFrom: valuesFrom:
- kind: Secret - kind: Secret

83
kubernetes/system/coredns/values.yaml
View File

@@ -1,8 +1,31 @@
replicaCount: 1 replicaCount: 2
image: image:
repository: coredns/coredns repository: coredns/coredns
tag: 1.12.0 tag: 1.14.3
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
deployment:
dnsPolicy: ClusterFirst
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 1
livenessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /ready
port: 8181
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
resources: resources:
limits: limits:
cpu: 100m cpu: 100m
@@ -16,21 +39,35 @@ service:
io.cilium/lb-ipam-ips: "" io.cilium/lb-ipam-ips: ""
servers: servers:
- zones: - zones:
- zone: lan - zone: cluster.local
port: 53
plugins:
- name: kubernetes
parameters: cluster.local in-addr.arpa ip6.arpa
configBlock: |-
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
- zones:
- zone: .
port: 53 port: 53
plugins: plugins:
- name: errors - name: errors
- name: health - name: health
configBlock: lameduck 5s configBlock: lameduck 5s
- name: ready - name: ready
- name: debug
- name: file
parameters: /etc/coredns/zones/lan.zone lan
configBlock: |-
reload 10s
fallthrough
- name: etcd - name: etcd
parameters: lan
configBlock: |- configBlock: |-
path /skydns path /skydns
endpoint http://etcd.coredns.svc.cluster.local:2379 endpoint http://etcd.coredns.svc.cluster.local:2379
fallthrough fallthrough
- name: file
parameters: /etc/coredns/zones/lan.zone
configBlock: reload 10s
- name: cache - name: cache
parameters: 30 parameters: 30
- name: loadbalance - name: loadbalance
@@ -44,27 +81,27 @@ extraVolumes:
configMap: configMap:
name: coredns-lan-zone name: coredns-lan-zone
sops: sops:
lastmodified: "2026-05-02T14:39:47Z" lastmodified: "2026-05-02T16:59:44Z"
mac: ENC[AES256_GCM,data:Gu0D9opwQSxNgqtv2KLMd9XGh3SbEDFXUZbPPbxuLT1jT+TwWEYSEu60PKUnU8nOdukYIoiSE3hj29Wsg3IqqjUc0oEUHn1IRPGpn/UhsvURcKgrbyEv3mGjSDicKNMyDgbTTqiPJz/K++SvmRbjJbpDtiQhRrPvw/oaVf0Cj28=,iv:DD4sk2jp6zIkRQaMTXmhfvRwz/Nnt1ecN0HjqlG9zFU=,tag:nGYLN1djfe/GzBofLPuT8g==,type:str] mac: ENC[AES256_GCM,data:H4uRid1Fqx4JzsF43TSGa7QcGjpXLAHiM0N3Kf4z7ab4eMlTy1+RXMV7xVT9BinjZzH6P+ENxo0yVOsdt0Yu467KJhGznNWlb2MC2TElPxZ9/yItJ+hdVGHGWbVGFWUL5NOUQ9fY2NPGw0CGr8qyftLr5Qkx0LO/VUgKWkq6RWM=,iv:9+V/sCBhfWAsIvr4DsWQgkeqQZQyT4Ti3Y+qCEZqU5c=,tag:JCRONb54BpXQzYhhPs7VGA==,type:str]
pgp: pgp:
- created_at: "2026-05-02T14:39:46Z" - created_at: "2026-05-02T16:59:43Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQIMA7uy4qQr71wiARAAic/5FcANctn1HG4gfBM8p6ElQG3oo056iQDK1dbHzkNs hQIMA7uy4qQr71wiAQ/9HzeTVqelbvPtluYa5xGvoYNeEEXg43CwrwZ1/z5yFWvx
HJ3KIZjP0BPwBag2jO6TJ51Y7Wtq62lvrggIifAEHt2FiV4oxDL+oRGwPq5l6l73 DoOCeyro5wFsNC6td7n2HVhtK0ULkfrMHH8OC+7L3bXbnlEnQzITmDggAUvfegCv
46xiTygo4X1zDcDLIX2wNv1UeiGdKA2mw2D33lHAxLQSkxuQE3/Pukb8YvXVgYNi b/7ohPkOdLvi6qXbr8bgqCZYFnPq+gUs3UOPh5Tl6wgzRSFXw2Hsb4YmQkvZJUNb
2hpRFed4TpjccXkvTNL2d/yEvdqnDdHlxqboqvygIGw0u7KIhCIh+IRkjEFx0nvU PhPpLIUe/ECE4hmEjO5v9o3X0o7qZ3bahf9mZZlnJnvXT7R/DM8eeWTis/q0WSHE
eKEq04jTWjE8SRCbFJu1jXMNQ0jkPkwU9XkM0FtuSus48lwe+jKdo4+uYXZBDQdC XnclhOX4GlMwXxa65sRrShuPcsV3qqX3VWOSWJFBhGx/FDtZTkhlHGQ9YhF2TzbB
mUkZwQy0dzOMJGSa+1kJ9V3xt/pEEEsQKNfepz1QHjgoTYsU84JOwbPRBEBBNFB0 xxCrn87mH2W13NH6jQOQYPh1JTTJbgZZMZXgyPNmPDSYZE1kxTdrz4l4mcmCDND0
kvbuOYUGu9chuo9gt5ByGxetJBsH2ckKE5mNHxJ4KQOSBRM5dmaxjv8XVmVb60jo hY3T8iR8ap2b3HhSNCqC1C0QN/bK217hTs8cJHWRRfa6jfh12imwk2XhJkB3zZxV
GXaq4Q7dVGtPiSBz0SUOdTna5+RKs1VHNbn54hRB54YNZoltJlbsjvS7weTkuDKF O1oSb6eiP0ba0CgXu31shmfXuTAeVbTm6E50heYorjQKR5djjnOVwQUdmis1Awae
QHm0DgK9maebHSa/s434xYzyc7X3vsZ76xdUHX3ZwSLR7h4jVoWy6RP1cybWYWOg AQTiWtBBbOgfX5WA5b6wInFr0WEsshG+YuqfB7FhJpo2SHyeFhgk47ssHWSeBpPv
CFX/L/7JVYZsBu414q2+75buzi55Ja8GUTjq3T2oyxtVtnC6zr8oLZM9TFwEe+QF wa4OAGaMkdGoePQhApZFrBCZHslEhPE+XQlDdyOtXCmxBOcLwe59ikWLV75j0DzS
C6pXdbLOx2ToGpqbk2Ps4vTqIo0pTBbzDohycFQCiGIyOS/ZDjmJ8pMmCxPxZRjS NRUNOBYQ8Q1Y6Su/sJWW7TykQkmDirU+oIYxAngZyIyJSWvARPd6fJJvkqqg013S
XgEwhkNmirBPhGn+6DjeWJDB3p3vVy2BY7ftfGB8R+fxk4EqhhcnrZNhPvylTNqD XgH1+LQJWNEJzIaLKCWbkZXnMstsOYrs4ynV4f/QZKU+Md5CgVbjy9KIC/trfNhj
A/UavumwRWNHFi0lCt9/OHON1bnrjTAUbcajaGq6D7vtSzyZcW2xL9nlJ04mOO4= 1t9kkyVVOEO7UmRhMyl8pK2gQDiOBrkhUJ5tSNFEfxM1llZ4GZRV+SUuMC3UzVA=
=pcZc =l7Wo
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: DC6910268E657FF70BA7EC289974494E76938DDC fp: DC6910268E657FF70BA7EC289974494E76938DDC
encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$ encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$