mirror of
https://github.com/vhaudiquet/homeprod.git
synced 2026-05-08 17:47:24 +00:00
Compare commits
82 Commits
a886b579f3
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| 3a6a621193 | |||
17ab87e276
|
|||
|
56f67dd447 | ||
|
|
33bdb8f3b0 | ||
|
|
1b4e2dafbc | ||
|
|
9f59f7cea0 | ||
|
524d0d7d3c
|
|||
|
51b22d769e
|
|||
|
4bd0274714
|
|||
|
69e3a793c8
|
|||
|
d5831fd1e3
|
|||
| cbf7842e8b | |||
| 0d5d688c18 | |||
|
|
de093a27bf | ||
|
|
2f615136c2 | ||
|
|
98359d5181 | ||
|
|
0d57085ba6 | ||
|
|
9f6fa770cf | ||
|
|
6c43d08174 | ||
|
|
fdf77dbd88 | ||
|
|
8cd97a2413 | ||
| 46c897e865 | |||
| 10d97e09bd | |||
|
|
f9affb5269 | ||
|
|
487a8d48ee | ||
|
dcbef2cd0a
|
|||
|
7465ecedf8
|
|||
|
256c337db4
|
|||
|
0ddeb75508
|
|||
|
896002da8c
|
|||
|
ef892b38a7
|
|||
|
20d8e07a24
|
|||
|
d9a1063630
|
|||
|
3860f5849c
|
|||
|
f732f7247f
|
|||
|
883330996a
|
|||
|
c90caed623
|
|||
|
cfd521f502
|
|||
|
f71faa0ae8
|
|||
|
ce30776eeb
|
|||
|
be092af161
|
|||
|
0b75f66f30
|
|||
|
e595bb2c45
|
|||
|
d82ce7a80f
|
|||
|
901a5e1a9a
|
|||
|
30f0726821
|
|||
|
a0dc90a708
|
|||
|
3cf5febd79
|
|||
|
cc92bd6301
|
|||
|
03f56060ea
|
|||
|
fb51af67b0
|
|||
|
1f5a3ddd5b
|
|||
|
5fa0bc8e60
|
|||
|
ec36bcbc81
|
|||
|
0c6e2a75c9
|
|||
|
3bcef0afe6
|
|||
|
5be1ea5a4d
|
|||
|
257f5d865f
|
|||
|
f003c62823
|
|||
|
20a8963b64
|
|||
| 47a86ddf27 | |||
|
bd18a3984a
|
|||
|
11145fe323
|
|||
|
e2acb89437
|
|||
|
3f8054999a
|
|||
|
|
f24523c6a6 | ||
|
|
604c2cd892 | ||
|
|
3f89217d9a | ||
|
|
23880824ec | ||
|
|
d6d81e6c9b | ||
|
|
26eab221b7 | ||
|
|
61ed23f4ed | ||
|
|
7b30c11376 | ||
|
8ebcfc6cd2
|
|||
|
669fa0fb65
|
|||
|
|
e4b4760aa4 | ||
|
|
a54dc337a0 | ||
|
|
6b03511345 | ||
|
|
a275384c9e | ||
|
|
3fee6ed60b | ||
|
|
28565b6086 | ||
|
|
7aa026411b |
4
.github/dependabot.yml
vendored
4
.github/dependabot.yml
vendored
@@ -16,6 +16,7 @@ updates:
|
|||||||
- "/docker/infrastructure/network/traefik"
|
- "/docker/infrastructure/network/traefik"
|
||||||
- "/docker/infrastructure/squid"
|
- "/docker/infrastructure/squid"
|
||||||
- "/docker/infrastructure/sshportal"
|
- "/docker/infrastructure/sshportal"
|
||||||
|
- "/docker/personal/fireshare"
|
||||||
- "/docker/personal/gramps"
|
- "/docker/personal/gramps"
|
||||||
- "/docker/personal/media/films-series/jackett"
|
- "/docker/personal/media/films-series/jackett"
|
||||||
- "/docker/personal/media/films-series/jellyfin"
|
- "/docker/personal/media/films-series/jellyfin"
|
||||||
@@ -51,6 +52,9 @@ updates:
|
|||||||
- "/kubernetes/personal/notesnook"
|
- "/kubernetes/personal/notesnook"
|
||||||
- "/kubernetes/personal/photoprism"
|
- "/kubernetes/personal/photoprism"
|
||||||
- "/kubernetes/production/umami"
|
- "/kubernetes/production/umami"
|
||||||
|
- "/kubernetes/system/blocky"
|
||||||
|
- "/kubernetes/system/caddy"
|
||||||
|
- "/kubernetes/system/coredns"
|
||||||
- "/kubernetes/system/csi-driver-nfs"
|
- "/kubernetes/system/csi-driver-nfs"
|
||||||
- "/kubernetes/system/external-dns"
|
- "/kubernetes/system/external-dns"
|
||||||
- "/kubernetes/system/traefik"
|
- "/kubernetes/system/traefik"
|
||||||
|
|||||||
@@ -3,7 +3,7 @@ creation_rules:
|
|||||||
encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$
|
encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$
|
||||||
pgp: DC6910268E657FF70BA7EC289974494E76938DDC
|
pgp: DC6910268E657FF70BA7EC289974494E76938DDC
|
||||||
- path_regex: .*.yaml
|
- path_regex: .*.yaml
|
||||||
encrypted_regex: ^(data|stringData)$
|
encrypted_regex: ^(data|stringData|.*.key|.*.crt)$
|
||||||
pgp: DC6910268E657FF70BA7EC289974494E76938DDC
|
pgp: DC6910268E657FF70BA7EC289974494E76938DDC
|
||||||
- path_regex: .*.env$
|
- path_regex: .*.env$
|
||||||
input_type: dotenv
|
input_type: dotenv
|
||||||
|
|||||||
@@ -53,6 +53,13 @@ sshportal:
|
|||||||
branch: main
|
branch: main
|
||||||
compose_file: docker/infrastructure/sshportal/docker-compose.yml
|
compose_file: docker/infrastructure/sshportal/docker-compose.yml
|
||||||
|
|
||||||
|
fireshare:
|
||||||
|
repo: homeprod
|
||||||
|
branch: main
|
||||||
|
compose_file: docker/personal/fireshare/docker-compose.yml
|
||||||
|
sops_files:
|
||||||
|
- docker/personal/fireshare/.env
|
||||||
|
|
||||||
gramps:
|
gramps:
|
||||||
repo: homeprod
|
repo: homeprod
|
||||||
branch: main
|
branch: main
|
||||||
|
|||||||
10
README.md
10
README.md
@@ -80,3 +80,13 @@ This setup allows running multiple applications, either self-hosted applications
|
|||||||
| <img width=32 src="https://avatars.githubusercontent.com/u/26692192"> | Navidrome | Personal music streaming service |
|
| <img width=32 src="https://avatars.githubusercontent.com/u/26692192"> | Navidrome | Personal music streaming service |
|
||||||
| <img width=32 src="https://avatars.githubusercontent.com/u/102734415"> | TubeArchivist | YouTube archiver |
|
| <img width=32 src="https://avatars.githubusercontent.com/u/102734415"> | TubeArchivist | YouTube archiver |
|
||||||
| <img width=24 src="https://radicale.org/assets/logo.svg"> | Radicale | Calendar and contacts server |
|
| <img width=24 src="https://radicale.org/assets/logo.svg"> | Radicale | Calendar and contacts server |
|
||||||
|
|
||||||
|
|
||||||
|
## Docs (internal, using this repository)
|
||||||
|
|
||||||
|
This repository uses pre-commit hooks to automate tasks like file encryption and configuration generation.
|
||||||
|
|
||||||
|
After cloning, install the pre-commit hooks:
|
||||||
|
```bash
|
||||||
|
pre-commit install
|
||||||
|
```
|
||||||
|
|||||||
@@ -355,6 +355,13 @@ canada:
|
|||||||
ttl: 300
|
ttl: 300
|
||||||
type: A
|
type: A
|
||||||
value: 192.99.6.159
|
value: 192.99.6.159
|
||||||
|
clips:
|
||||||
|
octodns:
|
||||||
|
cloudflare:
|
||||||
|
auto-ttl: true
|
||||||
|
ttl: 300
|
||||||
|
type: A
|
||||||
|
value: 83.113.30.49
|
||||||
flix:
|
flix:
|
||||||
octodns:
|
octodns:
|
||||||
cloudflare:
|
cloudflare:
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
services:
|
services:
|
||||||
esphome:
|
esphome:
|
||||||
image: ghcr.io/esphome/esphome:2026.3.3
|
image: ghcr.io/esphome/esphome:2026.4.5
|
||||||
ports:
|
ports:
|
||||||
- "6052"
|
- "6052"
|
||||||
networks:
|
networks:
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
services:
|
services:
|
||||||
n8n:
|
n8n:
|
||||||
image: docker.n8n.io/n8nio/n8n:2.16.0
|
image: docker.n8n.io/n8nio/n8n:2.19.5
|
||||||
environment:
|
environment:
|
||||||
- TZ=Europe/Paris
|
- TZ=Europe/Paris
|
||||||
- N8N_SECURE_COOKIE=false
|
- N8N_SECURE_COOKIE=false
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
services:
|
services:
|
||||||
stalwart:
|
stalwart:
|
||||||
image: stalwartlabs/stalwart:v0.15.5
|
image: stalwartlabs/stalwart:v0.16.4
|
||||||
container_name: stalwart
|
container_name: stalwart
|
||||||
networks:
|
networks:
|
||||||
- default
|
- default
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
services:
|
services:
|
||||||
traefik:
|
traefik:
|
||||||
image: traefik:3.6
|
image: traefik:v3.7
|
||||||
command:
|
command:
|
||||||
- "--configFile=/etc/traefik/traefik.yml"
|
- "--configFile=/etc/traefik/traefik.yml"
|
||||||
ports:
|
ports:
|
||||||
|
|||||||
11
docker/personal/fireshare/.env
Normal file
11
docker/personal/fireshare/.env
Normal file
@@ -0,0 +1,11 @@
|
|||||||
|
ADMIN_USERNAME=ENC[AES256_GCM,data:8ngfC8VHpaaGCQ==,iv:Ze7ThfWmAWj0ZvV3A7Pd+aqAW/pahkTZhdFC/TnAwZ0=,tag:KCFdGV1dEw3e+q6FBgy2cw==,type:str]
|
||||||
|
ADMIN_PASSWORD=ENC[AES256_GCM,data:UhxEMnqYDyfgffqUf3Q=,iv:VvNX867P+w20Y7laG0R0c4BUw1uICeyF5SU3+waosRE=,tag:JL4GC+UZY3TqSmCq14CTpg==,type:str]
|
||||||
|
SECRET_KEY=ENC[AES256_GCM,data:uahYXYr4DvavNMTTdcDA0hdp5wj3OLret3fPF1DEc2lis+E7/fe45DWFuhUu8RAK76tuheA=,iv:Lofc+PP7Rtg99l36yOx6bt0i8hg1DJXzwSKQNJCRYPw=,tag:AiUGZOiLyjKItf++Gya+eA==,type:str]
|
||||||
|
DOMAIN=ENC[AES256_GCM,data:LyJ7RAgrioTltNQ/BKoPbEN8XQ==,iv:IHrT5TkaXuIhkfN/nHcapz4CNBG0t9lbzrHDjp04JLw=,tag:gjSa/tSVEqk6pXrfhjs7gQ==,type:str]
|
||||||
|
sops_lastmodified=2026-05-06T17:05:48Z
|
||||||
|
sops_mac=ENC[AES256_GCM,data:wRtDnVQkNsc1MtxSpbuVDuACkCwunYeyYSaQX2Tglm2kwOnx9iCyhuWY6RMYu5nfyJ1CT1kfqeGrGxhJ5uMDee29eLUv844X3hIXwpMT50jHFXEtfKLfRMfqpv9r9mbp2EP9VNDUtPyIwDk5vSjGeaYqEWtHW/q5y9qIrzqqy5g=,iv:UG4XGi3Qo8/nAddY+rzJm1AKIAmJjtR+2bDqSeaVxG4=,tag:SL2rvrxFmMfgyUyMqFIZEQ==,type:str]
|
||||||
|
sops_pgp__list_0__map_created_at=2026-05-06T17:05:48Z
|
||||||
|
sops_pgp__list_0__map_enc=-----BEGIN PGP MESSAGE-----\n\nhQIMA7uy4qQr71wiAQ//b6zlRVKrqzzszBJmnOUlfeZd5m2ekYv/zIBr4oxHyn5L\neLLff+N7hjBVSajg9Qg7GBQv7s3DX70vHTpdUP38UEO1aM0l3eU1JCwA4Hdh7Ds5\nnq330vUKhIAd+K8Vv4Ei9YHpj+kgMnt+R780qZUg18D39TAnx36q9b5SKzZCUsks\n3YM+G8pHLRipZhxp6zwhOPHVSnImOFjty4d6JV6Zes9zfslaETgva7p5DIKP0ttf\nI2JRacvL75MMp1USyqGKt7Bpl6Yz4VxY49aea+FxDlbzCVLuBBgZMoEjhPQifQfh\nB6OObmu1cVhECidrMHmqDBNqgKsNLble+g3Le+gJdn/zKxVc+q+cPPuk/JdT8tfv\nZTei6jg66IREZOrZCP3Gt4OB5LbkLdS0NET2CMVAYkGQvGrSC+diwUnFkI+WEh+p\noZhvgp/ytBgaw6ZyNPmvkGkFeFg1/ISpOHkVQ+P6Pnot8h4HvuI/KcBwJRCrtdbg\n+XMpqeQdmCnM04v5Uq1NVqRWHD0yvd7GHDOZCqJPMFHP0M6R+SwHq+8+pgbO3jxt\n+426MvhNKw8xWMtnUIO8sSSkzgOfT6vFXmzQvIawbXvitjGjiElkpmT5Hz3hn1Bm\nnu8CivqLwL4Gs1Uc2m6qHGkvGqxWwcHABWqftAk3VfhmjcFDwAyWROlCuD+A15PS\nXgE1wn9jLesXaiCwzAp4AOstkk0fR2yio4fa9dCeenzuedULNLuCyJfYtSm4QlSU\nvffH4iL8X/R24s6SdPsCIuNnAeKc0P4E55AlOaeZN4HcZzfspVikAZx+bK14JS8=\n=KGp6\n-----END PGP MESSAGE-----
|
||||||
|
sops_pgp__list_0__map_fp=DC6910268E657FF70BA7EC289974494E76938DDC
|
||||||
|
sops_unencrypted_suffix=_unencrypted
|
||||||
|
sops_version=3.10.2
|
||||||
58
docker/personal/fireshare/docker-compose.yml
Normal file
58
docker/personal/fireshare/docker-compose.yml
Normal file
@@ -0,0 +1,58 @@
|
|||||||
|
services:
|
||||||
|
fireshare:
|
||||||
|
container_name: fireshare
|
||||||
|
image: shaneisrael/fireshare:1.6.10-lite
|
||||||
|
ports:
|
||||||
|
- "80"
|
||||||
|
volumes:
|
||||||
|
- data:/data
|
||||||
|
- processed:/processed
|
||||||
|
- video:/videos
|
||||||
|
- images:/images
|
||||||
|
env_file:
|
||||||
|
- .env
|
||||||
|
environment:
|
||||||
|
# PUID/PGID: the user/group ID the container runs as. Files written to your
|
||||||
|
# volumes (data, processed, videos, images) will be owned by this user. Set these to
|
||||||
|
# match the owner of your host directories to avoid permission errors.
|
||||||
|
# Run `id` on your host to find your UID and GID.
|
||||||
|
- PUID=1000
|
||||||
|
- PGID=1000
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- proxy
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.fireshare.rule=Host(`clips.vhaudiquet.fr`)"
|
||||||
|
- "traefik.http.services.fireshare.loadbalancer.server.port=80"
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
data:
|
||||||
|
driver: local
|
||||||
|
driver_opts:
|
||||||
|
type: 'none'
|
||||||
|
o: 'bind'
|
||||||
|
device: '/app/fireshare/data'
|
||||||
|
processed:
|
||||||
|
driver: local
|
||||||
|
driver_opts:
|
||||||
|
type: 'none'
|
||||||
|
o: 'bind'
|
||||||
|
device: '/app/fireshare/processed'
|
||||||
|
video:
|
||||||
|
driver: local
|
||||||
|
driver_opts:
|
||||||
|
type: 'none'
|
||||||
|
o: 'bind'
|
||||||
|
device: '/app/fireshare/video'
|
||||||
|
images:
|
||||||
|
driver: local
|
||||||
|
driver_opts:
|
||||||
|
type: 'none'
|
||||||
|
o: 'bind'
|
||||||
|
device: '/app/fireshare/images'
|
||||||
|
|
||||||
|
networks:
|
||||||
|
proxy:
|
||||||
|
external: true
|
||||||
|
name: proxy
|
||||||
@@ -1,7 +1,7 @@
|
|||||||
services:
|
services:
|
||||||
grampsweb:
|
grampsweb:
|
||||||
container_name: grampsweb
|
container_name: grampsweb
|
||||||
image: ghcr.io/gramps-project/grampsweb:26.4.1
|
image: ghcr.io/gramps-project/grampsweb:26.5.0
|
||||||
restart: always
|
restart: always
|
||||||
networks:
|
networks:
|
||||||
- default
|
- default
|
||||||
@@ -31,7 +31,7 @@ services:
|
|||||||
|
|
||||||
grampsweb_celery:
|
grampsweb_celery:
|
||||||
container_name: grampsweb_celery
|
container_name: grampsweb_celery
|
||||||
image: ghcr.io/gramps-project/grampsweb:26.4.1
|
image: ghcr.io/gramps-project/grampsweb:26.5.0
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
- GRAMPSWEB_TREE="Gramps Web" # will create a new tree if not exists
|
- GRAMPSWEB_TREE="Gramps Web" # will create a new tree if not exists
|
||||||
@@ -52,7 +52,7 @@ services:
|
|||||||
command: celery -A gramps_webapi.celery worker --loglevel=INFO --concurrency=2
|
command: celery -A gramps_webapi.celery worker --loglevel=INFO --concurrency=2
|
||||||
|
|
||||||
grampsweb_redis:
|
grampsweb_redis:
|
||||||
image: docker.io/library/redis:8.6.2-alpine
|
image: docker.io/library/redis:8.6.3-alpine
|
||||||
container_name: grampsweb_redis
|
container_name: grampsweb_redis
|
||||||
restart: always
|
restart: always
|
||||||
|
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
services:
|
services:
|
||||||
jackett:
|
jackett:
|
||||||
container_name: jackett
|
container_name: jackett
|
||||||
image: ghcr.io/hotio/jackett:release-v0.24.1591
|
image: ghcr.io/hotio/jackett:release-v0.24.1822
|
||||||
ports:
|
ports:
|
||||||
- "9117"
|
- "9117"
|
||||||
networks:
|
networks:
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
services:
|
services:
|
||||||
jellyfin:
|
jellyfin:
|
||||||
image: jellyfin/jellyfin:2026041305
|
image: jellyfin/jellyfin:2026050514
|
||||||
container_name: jellyfin
|
container_name: jellyfin
|
||||||
networks:
|
networks:
|
||||||
- default
|
- default
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ services:
|
|||||||
POSTGRES_DB: paperless
|
POSTGRES_DB: paperless
|
||||||
|
|
||||||
paperless-webserver:
|
paperless-webserver:
|
||||||
image: ghcr.io/paperless-ngx/paperless-ngx:2.20.14
|
image: ghcr.io/paperless-ngx/paperless-ngx:2.20.15
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
- default
|
- default
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
services:
|
services:
|
||||||
radicale:
|
radicale:
|
||||||
image: tomsquest/docker-radicale:3.6.1.0
|
image: tomsquest/docker-radicale:3.7.2.0
|
||||||
container_name: radicale
|
container_name: radicale
|
||||||
ports:
|
ports:
|
||||||
- 5232
|
- 5232
|
||||||
|
|||||||
@@ -9,7 +9,7 @@ services:
|
|||||||
|
|
||||||
web_recipes:
|
web_recipes:
|
||||||
restart: always
|
restart: always
|
||||||
image: vabene1111/recipes:2.6.7
|
image: vabene1111/recipes:2.6.9
|
||||||
networks:
|
networks:
|
||||||
- default
|
- default
|
||||||
- proxy
|
- proxy
|
||||||
|
|||||||
@@ -1,17 +1,18 @@
|
|||||||
ME_CONFIG_MONGODB_ADMINUSERNAME=ENC[AES256_GCM,data:FdAhZA==,iv:YXd83wy5lKSybwYdmhXA2DwbVnffX/6R7gn3doDnI1E=,tag:BLYvP9IFNky37COZOgyJvw==,type:str]
|
ME_CONFIG_MONGODB_ADMINUSERNAME=ENC[AES256_GCM,data:AHXIMA==,iv:trofFagJGNq5OyWDaN57vPpKwwG3SouiV5xLl5sJIBA=,tag:c1NUlmBouEb0Milri85QNw==,type:str]
|
||||||
ME_CONFIG_MONGODB_ADMINPASSWORD=ENC[AES256_GCM,data:uvZn2q5dpbc=,iv:4ExRNf2gYK1W/VMKrcXNO5kPKjJmxml1uj44j643mvw=,tag:Xf2wKugbuOU3GlPYlLttIg==,type:str]
|
ME_CONFIG_MONGODB_ADMINPASSWORD=ENC[AES256_GCM,data:8X6+SphUNus=,iv:zwofVw03pToXHR6weckniT/fymFYeHZw6lVmrGUsnLc=,tag:lEWtnnqpwamNsCnkStsRfQ==,type:str]
|
||||||
ME_CONFIG_MONGODB_URL=ENC[AES256_GCM,data:porEOpLQZF2J5pvRaktvnoh76MhfjBZ3PN8dNwhNAfKs8ipO,iv:7kl+7+C1MaOGM0Gu0jzJEp1Wvl/xz0i5oW5U8EACMKs=,tag:3+xIM62x+2HMA1AggM4mww==,type:str]
|
ME_CONFIG_MONGODB_URL=ENC[AES256_GCM,data:3xLFWhRYU/EfhRw+rOs9pOb+nzsbV9IvQydB4VGZGw/WLkQd,iv:T9T6ewB+05qzFDL7z2WESs6fIc9lTFdjVxy/71YzhXo=,tag:S3YsOokO4jzhJVWep/QTsQ==,type:str]
|
||||||
ME_CONFIG_BASICAUTH=ENC[AES256_GCM,data:lxxYUfK5cA==,iv:hbw6UUCxTZ9h+XJd0Wesz5T3L5MkBc+JA0SNUogtsOE=,tag:gCyyA6hOIcIvs+HyeqKs/A==,type:str]
|
ME_CONFIG_BASICAUTH=ENC[AES256_GCM,data:FnUichsnpQ==,iv:Ayw1Vqg5rj6P79vtERX2hRCttnol/4aNUG5Y0OhFVTo=,tag:JkTxro0kyYJLr9gdkY8A1Q==,type:str]
|
||||||
MONGO_USER=ENC[AES256_GCM,data:osGR9w==,iv:648Yv0sPTvq95q0jcRWSD14HZr6tN2I4ffw/STe38xY=,tag:rVK7sBlAuhsisPPyfnIPMg==,type:str]
|
MONGO_USER=ENC[AES256_GCM,data:2KFDcg==,iv:wdDxrQd07+hC5GEq1DS0DLVASiL9L4ds1V3TG1NA9EQ=,tag:gieiOLmOfLtUQjfjwZg6qQ==,type:str]
|
||||||
MONGO_PASS=ENC[AES256_GCM,data:2SloANMJ1mQ=,iv:PK2LyBfivEH1EjtRk76BPlnLXfAykC/F40skCeoK7NQ=,tag:JEZXKe4gNj36yLX5wlW5tQ==,type:str]
|
MONGO_PASS=ENC[AES256_GCM,data:W80YLzp8G50=,iv:eFts3fhrB9PGEfC69d8btt4ko3gcOGrFZUy95hx2rCE=,tag:+1JFEiclNnjei8+2I42j6w==,type:str]
|
||||||
MONGO_HOST=ENC[AES256_GCM,data:fwvt86U=,iv:YJam2joeQkaVCFUPpc7sPw6ucHpTauiJzC754VsgLPY=,tag:nUQVmxsYbmhlWwz01kHpsw==,type:str]
|
MONGO_HOST=ENC[AES256_GCM,data:0RknYUM=,iv:8QyL4KHrSr9pv1kX+FD09N2ltVSZkEKqtFCS30ik1v0=,tag:bTXBMHqp5JU9VTD3soXEyQ==,type:str]
|
||||||
MONGO_INITDB_ROOT_USERNAME=ENC[AES256_GCM,data:dSNu/Q==,iv:jJYxTZw06/npxgw5zaS5SSC4LyGzr/TLdu5JdDUtqFQ=,tag:d+q5DLS6AHakPnk9089XpQ==,type:str]
|
MONGO_INITDB_ROOT_USERNAME=ENC[AES256_GCM,data:G6wekw==,iv:AH5qqxXOeEBVI2mXXPPrC1X8X/Vq5MHZBWdfNRNeK1c=,tag:nMkWql/aVHi2FGnJ5NGFBQ==,type:str]
|
||||||
MONGO_INITDB_ROOT_PASSWORD=ENC[AES256_GCM,data:uD3YRK4xCx8=,iv:jJVjuUBfDuiWa23UGa/n2z0uAkbr4N6Zo9Ee45R1tTs=,tag:RBn0jse9u795RHNc09cBqA==,type:str]
|
MONGO_INITDB_ROOT_PASSWORD=ENC[AES256_GCM,data:jzVSUjGSjOY=,iv:S/Ar0oYN2vSE7pK+/tfp9RyCThtDbk0gOUYDyzNYjVE=,tag:whWyBFHuXBcmF+WixjafOw==,type:str]
|
||||||
RIOT_API_KEY=ENC[AES256_GCM,data:E+w0JQlYW7Bjn2wwnkb0hlYmq3ZteS2LB4NWo2l/o+30+uOTAYzpeDgy,iv:xPZmat+pexxgYxqlkBLlD6sorxRpPlBcwMbo8QDFwjg=,tag:5Loj4AGmr13HGKyVbDozqg==,type:str]
|
RIOT_API_KEY=ENC[AES256_GCM,data:EzqWk1Y73htAXaUJhzByV6Aru/hxUNjHGK90ac1NGaz92Cwk9YEdmrb9,iv:KorIppEflVX2aDC8K3ndRzK1q6scNjdQfl38p/8fLGM=,tag:Ei2zLoiGOlOX8ocrO2wNMw==,type:str]
|
||||||
sops_lastmodified=2025-12-31T13:08:07Z
|
CDRAGON_CACHE_DIR=ENC[AES256_GCM,data:uMogP1/K/pc=,iv:/0A8fs9HEuksSiKV1SZDoslHHGlJe+vFw0BQ5zQ9BBA=,tag:grwWPwMQarpmSAUIgKDZ5Q==,type:str]
|
||||||
sops_mac=ENC[AES256_GCM,data:h+aeLcXC3s8gcIlwrU7fHwGIkp1caqMqJcQLdQmFnrtlP9gmx1iOZlZo8yRC8m+imIezhLfjI0yfHdPjyfxw9KTeNoCjNRKyDGfDhbHr0vfPQsrifjeaZj477634WA8MVcL8HrfVwZIHjh+I3fcgVI0kFbcI8/3lkEws/T4oD70=,iv:lc8ltcjngeHueLgXee539iIpIMjvcJpUAec1TGmJuY0=,tag:FkwHdQ0C4QxObEQFL6aefg==,type:str]
|
sops_lastmodified=2026-04-30T18:20:37Z
|
||||||
sops_pgp__list_0__map_created_at=2025-12-31T13:08:07Z
|
sops_mac=ENC[AES256_GCM,data:7teYIGLLHBH8TJ/gr3lcbtfo4CVl0Gj2RWPSLgx4AyTvM+pZaSvUDaVUhWuprSCVqZcDWI2tNHUOHE4aYlJzyt9JfQrooKLPkKUq3WX3bucg3Rv5GpiP1tNHiPDE7UZCBp5bkHhYvwn+dPjhObEUdMUuwMBDA9JSpPlr3YQCg/E=,iv:6knBO6QNe33E2bJw5WZMzcDzeTW9mwgjQtftv0FZq8s=,tag:xuIKZl7szrUyX8/D9xxAmA==,type:str]
|
||||||
sops_pgp__list_0__map_enc=-----BEGIN PGP MESSAGE-----\n\nhQIMA7uy4qQr71wiAQ/+LVciLRpDVh/AlYawgSfwVs8ltal1+3MCHYhdwjFAggJ8\ng6twtj4szAVR7UbT0Qh2hP+my7KLLN1K+Rv/jnsXPhOFo0o8AB0Un+hCFB1i+KLd\ni6cWbv+jCqxRALf98TYe0xDMIfoPKXaIYjV2qlYmGWe3/Sd2+7KbwAKZCehZD1jV\nh21YVeVn7dlv3zPAp5mpH+6yPMp3ZSTAYa8MkUnnS3cUWlWSMHsGwlA9CUvJtKaz\ndkW6n90zEGJrfb6ATH2dPJawWNOp0q/Gcx2uci4Ro09U1jOK7ugSDWxjGOuV9TAL\nYsRYz7LH5yOLpz9HlrZH882SJWZS9xoEV8jOZN1I3NmtJY1KsgAW3BFEsbCA58Q5\nTZFKhH7XK9FW4NbRzHYxHCCZSfGtBCQyUpusGALXnQmkKHJ4MlnrxH9yBX7Go8ph\nCqQ7gvBmNjUZrgp+VWb8+ziDCfYbZDADV4cva4STcjnmFxRiFO1xvYEJpEo2H1gK\nQcMsOruazL3UGkZxWh2Od7bi1K+2Io/TNSKMTboTqgJAOcMO4Ssxn59yYhfDdS2i\n8/mlv4ADPOL4be1400/Tp33QpPnRojyJAM9b8IdJ6ahevVGjGuKPuvrzDs8lYwht\n6eKrbV3mHBv5ZUvSmeTOIwxE8moePDEkUrr3HCfxaaJcMrcjgSkGhCCN4KHbj8TS\nXgFGOX7/BZNOR1SyfBY1gc30Vdy3d7513Gpfcuwsd7Rc+0Ue+p4ysA3dBp+KWhVO\nPkfwdiVFOOvEPoUoanyUqMlvj3ENabNNmHc8jZ23FRxtlfbcyecTT+uckRXgvpU=\n=5/Ac\n-----END PGP MESSAGE-----
|
sops_pgp__list_0__map_created_at=2026-04-30T18:20:33Z
|
||||||
|
sops_pgp__list_0__map_enc=-----BEGIN PGP MESSAGE-----\n\nhQIMA7uy4qQr71wiARAAufkTVdCq2ARwMFuec9+0N1BzTo7WgGQhzKIJehe+uQ5I\nuPS5bafo5vrvxlCuxVmhup45CS3gm3X46hgHh/d3htaYzDnbyh/awbVGIhU9sa9T\n74i4jZAabzWjWAU8lAvxS6dJ6hf5U3MHOc1zYoCUfCJjgw+QRzR5PxZKFhpVklQU\nQJycdfRAl5oAqF7N6B7oCNTs7w1hbx2CJXBVGM8YoJySkThpXEY3dECxZ5nTSPmp\nXo3hmidO09uYsjWzcqynJHnh9RkMd1VAe6ULzhVIOv5KLXQLQV/paNAPdsxA5UmY\nE1imIFrqS25BVU9xbsGaPj6AHX6+Ux8bpO8TOVbpULe56Aq2c5GOjIZXb3p20K7N\nEk5rJ/K+8FxvytK3jDkhJI49wiDs9UDim02DSZmsWirIy/c02Ojy2d/Cxors1Lw/\nBCc4S6/ESH9u/LGlWs8WDqcDQqhHgeCvGOLAvOXs9eOCXNW2ROtNdfW808APbu1A\nzgYJwPtdfBhUv4KhZcEVMldWgX1OiYhcWMWYgJUXcfOwaRbzntZ/MczPNJ/a+57T\nPvH9GuTiwCXn0fOgcETTp9RPvXflL+4LPgh9drCOo4zwMvlqZs2+0Os2m8GDdDcL\nD45VMTsnNUXWuO7YUdtYX47bON2W6Z7NwzvkSr5odogzq1xw38SgRN7g3Jbl6+fS\nXAH/Rw8jWjpYztZ5HgDXisTxLEXqn5UNYKZBjzsLV5tE9GQp8ppck21igBiDCqoT\nsziZwFyRy/nKq076lZlRgSFr0pm4168u7Vn5x1TLQBHl+i0eKficgUQpwCFx\n=XUsx\n-----END PGP MESSAGE-----
|
||||||
sops_pgp__list_0__map_fp=DC6910268E657FF70BA7EC289974494E76938DDC
|
sops_pgp__list_0__map_fp=DC6910268E657FF70BA7EC289974494E76938DDC
|
||||||
sops_unencrypted_suffix=_unencrypted
|
sops_unencrypted_suffix=_unencrypted
|
||||||
sops_version=3.10.2
|
sops_version=3.10.2
|
||||||
|
|||||||
@@ -9,21 +9,11 @@ services:
|
|||||||
- bpmongo_config:/data/configdb:Z
|
- bpmongo_config:/data/configdb:Z
|
||||||
env_file: .env
|
env_file: .env
|
||||||
|
|
||||||
patch_detector:
|
|
||||||
image: git.vhaudiquet.fr/vhaudiquet/lolstats-patch_detector:a5728a147fd8503ab1036cf0d9e7a5a18b73c765
|
|
||||||
build: ./patch_detector
|
|
||||||
restart: "no"
|
|
||||||
deploy:
|
|
||||||
restart_policy:
|
|
||||||
condition: any
|
|
||||||
delay: '0'
|
|
||||||
window: 10s
|
|
||||||
env_file: .env
|
|
||||||
|
|
||||||
|
|
||||||
match_collector:
|
match_collector:
|
||||||
image: git.vhaudiquet.fr/vhaudiquet/lolstats-match_collector:a5728a147fd8503ab1036cf0d9e7a5a18b73c765
|
image: git.vhaudiquet.fr/vhaudiquet/lolstats-match_collector:b2178fec85027348157a5442a81d00479154e581
|
||||||
build: ./match_collector
|
build: ./match_collector
|
||||||
|
volumes:
|
||||||
|
- bpcdragon_cache:/cdragon
|
||||||
restart: "no"
|
restart: "no"
|
||||||
deploy:
|
deploy:
|
||||||
restart_policy:
|
restart_policy:
|
||||||
@@ -33,9 +23,11 @@ services:
|
|||||||
env_file: .env
|
env_file: .env
|
||||||
|
|
||||||
frontend:
|
frontend:
|
||||||
image: git.vhaudiquet.fr/vhaudiquet/lolstats-frontend:a5728a147fd8503ab1036cf0d9e7a5a18b73c765
|
image: git.vhaudiquet.fr/vhaudiquet/lolstats-frontend:b2178fec85027348157a5442a81d00479154e581
|
||||||
build: ./frontend
|
build: ./frontend
|
||||||
restart: always
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- bpcdragon_cache:/cdragon
|
||||||
networks:
|
networks:
|
||||||
- default
|
- default
|
||||||
- proxy
|
- proxy
|
||||||
@@ -50,6 +42,7 @@ services:
|
|||||||
volumes:
|
volumes:
|
||||||
bpmongo_data:
|
bpmongo_data:
|
||||||
bpmongo_config:
|
bpmongo_config:
|
||||||
|
bpcdragon_cache:
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
proxy:
|
proxy:
|
||||||
|
|||||||
@@ -47,7 +47,9 @@ resource "proxmox_virtual_environment_file" "ai-cloud-config" {
|
|||||||
resource "proxmox_virtual_environment_vm" "ai" {
|
resource "proxmox_virtual_environment_vm" "ai" {
|
||||||
name = "ai-${var.proxmox_node_name}"
|
name = "ai-${var.proxmox_node_name}"
|
||||||
node_name = var.proxmox_node_name
|
node_name = var.proxmox_node_name
|
||||||
on_boot = true
|
|
||||||
|
on_boot = false
|
||||||
|
started = false
|
||||||
|
|
||||||
agent {
|
agent {
|
||||||
enabled = true
|
enabled = true
|
||||||
|
|||||||
@@ -61,7 +61,7 @@ resource "proxmox_virtual_environment_vm" "docker-machine" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
memory {
|
memory {
|
||||||
floating = 16192
|
floating = 32000
|
||||||
dedicated = 38768
|
dedicated = 38768
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -29,7 +29,7 @@ resource "proxmox_virtual_environment_vm" "kube" {
|
|||||||
|
|
||||||
memory {
|
memory {
|
||||||
dedicated = 32768
|
dedicated = 32768
|
||||||
floating = 16192
|
floating = 22222
|
||||||
}
|
}
|
||||||
|
|
||||||
boot_order = ["scsi0", "ide0"]
|
boot_order = ["scsi0", "ide0"]
|
||||||
@@ -83,6 +83,18 @@ resource "proxmox_virtual_environment_vm" "kube" {
|
|||||||
vlan_id = 2
|
vlan_id = 2
|
||||||
}
|
}
|
||||||
|
|
||||||
|
network_device {
|
||||||
|
bridge = "vmbr0"
|
||||||
|
model = "virtio"
|
||||||
|
vlan_id = 2
|
||||||
|
}
|
||||||
|
|
||||||
|
network_device {
|
||||||
|
bridge = "vmbr0"
|
||||||
|
model = "virtio"
|
||||||
|
vlan_id = 2
|
||||||
|
}
|
||||||
|
|
||||||
operating_system {
|
operating_system {
|
||||||
type = "l26"
|
type = "l26"
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -6,6 +6,8 @@ ingress:
|
|||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
|
service:
|
||||||
|
type: ClusterIP
|
||||||
statefulset:
|
statefulset:
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: false
|
privileged: false
|
||||||
@@ -33,35 +35,36 @@ zigbee2mqtt:
|
|||||||
external_converters: []
|
external_converters: []
|
||||||
mqtt:
|
mqtt:
|
||||||
server: mqtt://mqtt.lan:1883
|
server: mqtt://mqtt.lan:1883
|
||||||
user: ENC[AES256_GCM,data:y38nWA==,iv:j0eEQfRb8EFjFgQtAUDnC+SFG5GntgcY9DoI+pQATFE=,tag:i+QSvlWadDq4pLJGLo9mGg==,type:str]
|
user: ENC[AES256_GCM,data:8chGUA==,iv:SOAuBYShpWbza3idtyqFoVIFstZFM34OPDN4uhAer0Y=,tag:WPoH80VcUGLy5Uq/z8EtaQ==,type:str]
|
||||||
password: ENC[AES256_GCM,data:kOJPLKGkuPMlcA==,iv:ecOCgqScF7StVOgb1+khzZDgpAM/WRbSn0iJDMcSnoc=,tag:T39fKp/eDMeMb5XEm+/j3w==,type:str]
|
password: ENC[AES256_GCM,data:XVcTzQ3pDvPKbw==,iv:TK5qHq2yMTWgzcOPvj0GO7tOOD4PHvKMWfd3p4T8LuM=,tag:GJpKQWpVhwrewX4+9NITfQ==,type:str]
|
||||||
|
base_topic: z2m
|
||||||
serial:
|
serial:
|
||||||
port: tcp://10.1.1.159:6638
|
port: tcp://10.1.1.159:6638
|
||||||
baudrate: 115200
|
baudrate: 115200
|
||||||
rtscts: false
|
rtscts: false
|
||||||
adapter: ember
|
adapter: ember
|
||||||
sops:
|
sops:
|
||||||
lastmodified: "2026-04-04T23:00:45Z"
|
lastmodified: "2026-05-02T10:26:20Z"
|
||||||
mac: ENC[AES256_GCM,data:a095DCVFoM6HPGbZSZjysbVhhUBcQtNh1sZYPLHKqhjI65TEAZbPqXUJeB1raqqBTmXr/0hZysx7/O7tqN/h+Gv0/pJTP3yAbXEArp9Soc9tmRBwJeaYMmm9+9s9QSvsCsiFnmVmp0ihYRbag35aXVcl2INDV7ilqVZnXOsThi0=,iv:y3ASd047iwdbJ0F9bLkSpV8uDRvzUFZIa7FV6AbLDH4=,tag:1wBNjiPukFK4xon0FHYkhw==,type:str]
|
mac: ENC[AES256_GCM,data:32zZ0bYrgn+zTz8DEOU1N8MgDrihzWyMsV9q2m5RhFHRvXFuq3Z2GTORlUTeuK5qZIUrZt22VskigGAQiKC2CdzsJTcO3cGPshu5E6gWGBRNob02bXXsMu3TfCKxic/Ek7jE2p9R++a5AKczFZY8SxL7Sv1BZDxozkginDdYR4Q=,iv:VcDKwoPgYxZc8KXYv9oEH2GBqDRAJJxphj6MFLLI8ok=,tag:vPWqcEHoBVvfCoKoN5UiLA==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2026-04-04T23:00:45Z"
|
- created_at: "2026-05-02T10:26:20Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
-----BEGIN PGP MESSAGE-----
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
hQIMA7uy4qQr71wiARAAn1+iFDYCRrqXbgrAJXdw4KfvqEsX8i6ReCeq4+68YhFQ
|
hQIMA7uy4qQr71wiAQ//fl1m3T6TnQvQ+yG0plOZaRXIGRI/YHiyP9KsK6I6l4c9
|
||||||
e6rv3yMBoDLNbMRr6AZaTN9XOLqd7jK0H6zobCdkUK89Fxp5fqxvAaaPloebRKu9
|
Y7lUjVcgADbjZYAMv08LFOEyN0/dtTFx2kV1vC5sF4CjxXKfddazKrQFjZQygc56
|
||||||
YnjG28UCbuqcW7P77GaoO+6t53Y3Ya4s/f1OLZ0zAkJDCV3NiADgBB112fG+HtnT
|
Yn3wiYX2ZMTsc3AnOoUF/evXyDHYMu0l8FwZEupi0cjmgKjVZZsLYScMjLi6h9oO
|
||||||
WqkH6dENu5X9YP+PbMJ9qHWOqc88gBE4CpwH5R3F2UWRhfKnErdD8MpjNhDsJBuZ
|
agDUxqZX8d3ikj3LPF1dk/XGP75fHBg7Jfim1RMMrOcpAbRi0H3XU82cr2s9fTS8
|
||||||
+c7K5mTRaYHqe96pEhOg+rPWa+YDpZb/ztpHeEPcWNdepHnSk4N9pw1bDKKORlQU
|
UtylTk1x3F253YTC0JdvU0UskvzCvVl0Sf8TlkVb2tTJgwf/XnXMTmMeCvbhIj5u
|
||||||
Tuz80ZVz4SOUet+rYUzH0a4f9ktwxCy3m3D1YHW3rbaLUmu4tIPjsbSLU/ZNnkWv
|
bgqIs0y6F0xm8NjhPGV2CtsQuQtLMLb5SxVFj7P4ad/Ekf9TizAJlcPt2u1/25zu
|
||||||
RFMZCUXDKqF0NxYyWgF232kXkrYURUHWd9PZLHjyWgp1k+OW0P9TViwYgC4Bq5NO
|
x9v/kFnI5XMDIr3eWBJlFUwtImQJ+bO3GTauqwpULIHSa+y3Ux2XMNarKfN1jH3Y
|
||||||
+uQPpWqfYQWqIZwJA3PGmpQ18ngytAkQKaUw8mXH2dUQYXLwa8RT1EYaTEoN8KQd
|
RG86rLQSioSA+HdZuZdEvo2ACc5DotC835cnMGMeIuO1Ad/RjvUaptN/p5hvTFMf
|
||||||
2gtmyxnhmohZgClvXzGq1ByVj4hkFUC6TqI6t8ZI6AQWpHsEKIsP39z9Ci6ipfpb
|
5t6SoE8gLXH7FZF7IomY0Xs/feztPOvPK76zpKV1Tqqgb7i0GaTFcKKBUxMPklZw
|
||||||
0ySguqykofTTVVqxzkZ2nviyuw7fNQQHtTAw5JyghotsHgBBMeP4TJm+CkrggYAV
|
XwqOQl36HWz1BSvtYtYYX6/HyuknH4T6tk//J6MrNttnTQ/ZqjrBvl4FEVxTgf1h
|
||||||
e9NnrRJpV0R+gPrAyhAOhIzqaPBB/ZbAJrv0yHn1QQsgCzWqCy3ruAFNtP5BK1DS
|
pFc8fTzNak+VB4MSdALg6Eo5xR57eGHhKgdUMgDAv1JMEP9ikk4/p8/1WHKhpTvS
|
||||||
XAG3zRbI+AfVs6pe50306g5tze71efLlH/7Bd17Rqx45rFsiiQyXJHRwQiLtYuQP
|
XAG3QSahHWoc9L5A73xFmD66TRUhm8CVKRCAQebB7rXjsxaqgEOl70taQpucrckD
|
||||||
RJMrImgAdIgKkm8rA5LTDlnFAm2AhJ/LGLUV9Q9eS+JYSJqKMPX+I4iLq9u6
|
624SYxJwG9Uuk4odCQJ6g7T2KCKxsS/NKy6jOqgprkerR6pCfuXg8LDxBkHP
|
||||||
=KhGS
|
=cZ3t
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: DC6910268E657FF70BA7EC289974494E76938DDC
|
fp: DC6910268E657FF70BA7EC289974494E76938DDC
|
||||||
encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$
|
encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
image:
|
image:
|
||||||
repository: photoprism/photoprism
|
repository: photoprism/photoprism
|
||||||
tag: "251130"
|
tag: "260305"
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
ingress:
|
ingress:
|
||||||
main:
|
main:
|
||||||
@@ -36,27 +36,27 @@ mariadb:
|
|||||||
repository: bitnamilegacy/mariadb
|
repository: bitnamilegacy/mariadb
|
||||||
tag: 12.0.2-debian-12-r0
|
tag: 12.0.2-debian-12-r0
|
||||||
sops:
|
sops:
|
||||||
lastmodified: "2025-12-04T23:21:48Z"
|
lastmodified: "2026-05-01T22:39:49Z"
|
||||||
mac: ENC[AES256_GCM,data:UbrmZVQ9Jcy7/+N9agnQI201d5kp8lIeJ3bBymKpU7ORyYouA+AyllVts3sqWFQhFnbK2Be1IkOY+F9iEvKrjJn6frtd7b1Qz1q8j1COdpQ+h/Ok11yCsaqkVfDr32to7zlf7fHW3YdcEEmYFt/CbbzMM4C4fbxHcgFOlyzrcDk=,iv:iYggVr703vYaZ/bPXZywYOeP6ePTxyGyoLI1jfsbSFE=,tag:Ic8e2mnZD69JAlwiQmeV6A==,type:str]
|
mac: ENC[AES256_GCM,data:YGVQb50DrFv/ehU+dxsoP/e8ARKVPfr/6c2x1pQbZ7cNiNu7k1Zgt+bEHkkKm+FT44bltL374Jf2HqT/0gvmgMGp/8ukjZ5hRLwbqS1fOKR8SVQ8fp2EId0P7HcRl7Qqr6lF15hKXQ+SPl6KDPvDWKh0pq192W8dP76D7h5aKDw=,iv:c1xytratCfO8V4nkdvxeKT2kWOYHBkwoTc5Ic+yjpWQ=,tag:kdxAidCO1VLPxiwq3eCRxQ==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2025-12-04T23:21:48Z"
|
- created_at: "2026-05-01T22:39:48Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
-----BEGIN PGP MESSAGE-----
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
hQIMA7uy4qQr71wiAQ//XxIcDxmC0y3KzKw6OxM/9Z5HPcdJvfyXaQ7nOIqob4OH
|
hQIMA7uy4qQr71wiAQ/9F+u/hWM4smi4yqnU7vzRfWwjCuvdtWAR6N4MqiBLFfqr
|
||||||
1ST3R2R5liDI2XOE0Eb2cLs0LACAih0PycWfju8fLkDeB9ztenxKnCW1DFbUYmpw
|
tpzY8UCfaTlfEtwDZWUSN/gzZG56YcMTR6OOrCQ8rkiKYGwuj92Z8LgpcDRBAHeG
|
||||||
DXrW/opbGXMLBdPcsoq6GPeWjlNypXepIXGWwgT/+gdxZPKsqxHglauCnVHub/Ki
|
gYaNG9vRmmzyZpD6K6pSoG8lk7mzB1Tp80me9E7LJTDhAn70cDATLp1wADkD0KF1
|
||||||
inoFimxvkVaAefFTOazJvFfSfWI04KPSl0PgnwzWna/7rycFDYkidVKjBkmHAGad
|
pq44qPcRaem42kEx6Um1sAy5NiBBxvYqdKPRXLs0q1EyZByxKjlhZi0qasCfe4lJ
|
||||||
BFwhXFWi4taKPdNH3/7WBYlOyB+fs7xNPENQP8Fj7/oqF8Vb9pYTpPIGvgXNC/pB
|
fsdduUgRi3Td7KvfhQ1e6jjNNMpyZIHbME3Hn18h5PxVd1B3FzzBzSHlaDKBQsYT
|
||||||
0DbtvprxAxKYGODHn5WJIjnUBkYVkq+B8q7ZsjxeFdUfNXU+89f24PSGDe0VKMFf
|
2cx6VMGVqM4dy+CHkpE+QlAA0EOhS0b/7FwppCgEhlEvbH7uCjq/13vZdKoUIwqt
|
||||||
7mJ3cio0uhizslbwtUQvFOC5I7HEjWIFGoulQqDjXXE2ocGlsS8vvW1NYtJGpJx0
|
AaHPaf/HX7PipQjoQf7vjfaMjPwCFwqoeK2cVNmgK0j0b2CyjLDDs5xh0SuFt/Ia
|
||||||
aYRIRdM5+CM2tSLbZVik3IGqEmnLKNhMtObxFt0UXeoUwzBFNMQLO8zw+Fxy9VEq
|
DviSBGNeIv9Vhm7jhlJH0odFzBmBOkiUyUFV1h/6u2qpjz+H+qAX+5xx/++cGkW6
|
||||||
gzrmNYnnFfx5oiwg7OWmsq7NoXTkhB+VktCb3Bcl3JjJgqalquqmmodThFhU52Ac
|
4G69+7NP6JUksSbcvAl6Nk1sRsvTrcRdpmBO42/aUq7nlgOAxk9e0y7INYHe3Ycv
|
||||||
yRhGhjrBcsXx12BCy6r3Hq6nn9PFjZsBRJvXw2WSsevBghOTWSuXRmaT05aMoiD7
|
N7ZTm7VOuIVopQfl8F2/tOIdJIm6hJfmJ/hdhxbDZKSRiejenU7vgdQgTM+PQ0l7
|
||||||
y5ia09N4xKvms8/e4qhwpNV/X2Ee4rS3diQFNunxk5aZTPO5kpy704KthDFODnvS
|
0QVRP1mahh1EqsyqFrrVpv+o7XQsyldb8KCefWMEMGHrot944YTxzfwY3riaPXfS
|
||||||
XgGcE+XcinmUFJ1RasziSK6RoYMpSK+JaNgpJMyuaz1iQu9Wc9ptnXgEees5qH2g
|
XgESSHvPYIgLIj+6bvvopB5v2q+NwfBciOrZekmWYTkN6cFOizp36JKIOA4Dq6z5
|
||||||
2rA2AzfdcBhZIHWAak2LZuuC9i5O0YGP89idZOjuEaUyGdOHzgB+jQnJ97c4pPE=
|
0hwGgiPvYsu9WgbWYUY21qO9jvDmjT5Yym5ktbNogckXw3/TusVqPeAkdNIjZNU=
|
||||||
=wfLM
|
=PSUH
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: DC6910268E657FF70BA7EC289974494E76938DDC
|
fp: DC6910268E657FF70BA7EC289974494E76938DDC
|
||||||
encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$
|
encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$
|
||||||
|
|||||||
13
kubernetes/system/blocky/kustomization.yaml
Normal file
13
kubernetes/system/blocky/kustomization.yaml
Normal file
@@ -0,0 +1,13 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
namespace: blocky
|
||||||
|
resources:
|
||||||
|
- namespace.yaml
|
||||||
|
- repository.yaml
|
||||||
|
- release.yaml
|
||||||
|
secretGenerator:
|
||||||
|
- name: blocky-values
|
||||||
|
files:
|
||||||
|
- values.yaml=values.yaml
|
||||||
|
configurations:
|
||||||
|
- kustomizeconfig.yaml
|
||||||
6
kubernetes/system/blocky/kustomizeconfig.yaml
Normal file
6
kubernetes/system/blocky/kustomizeconfig.yaml
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
nameReference:
|
||||||
|
- kind: HelmRepository
|
||||||
|
version: v1
|
||||||
|
fieldSpecs:
|
||||||
|
- path: spec/chart/spec/sourceRef/name
|
||||||
|
kind: HelmRelease
|
||||||
7
kubernetes/system/blocky/namespace.yaml
Normal file
7
kubernetes/system/blocky/namespace.yaml
Normal file
@@ -0,0 +1,7 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: blocky
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: blocky
|
||||||
|
app.kubernetes.io/component: dns
|
||||||
19
kubernetes/system/blocky/release.yaml
Normal file
19
kubernetes/system/blocky/release.yaml
Normal file
@@ -0,0 +1,19 @@
|
|||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: blocky
|
||||||
|
namespace: blocky
|
||||||
|
spec:
|
||||||
|
interval: 1m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: blocky
|
||||||
|
namespace: blocky
|
||||||
|
chart: blocky
|
||||||
|
version: "11.2.1"
|
||||||
|
interval: 1m
|
||||||
|
valuesFrom:
|
||||||
|
- kind: Secret
|
||||||
|
name: blocky-values
|
||||||
8
kubernetes/system/blocky/repository.yaml
Normal file
8
kubernetes/system/blocky/repository.yaml
Normal file
@@ -0,0 +1,8 @@
|
|||||||
|
apiVersion: source.toolkit.fluxcd.io/v1
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: blocky
|
||||||
|
namespace: blocky
|
||||||
|
spec:
|
||||||
|
interval: 1h
|
||||||
|
url: https://k8s-home-lab.github.io/helm-charts/
|
||||||
93
kubernetes/system/blocky/values.yaml
Normal file
93
kubernetes/system/blocky/values.yaml
Normal file
@@ -0,0 +1,93 @@
|
|||||||
|
# Default values for blocky (k8s-home-lab chart)
|
||||||
|
image:
|
||||||
|
repository: ghcr.io/0xerr0r/blocky
|
||||||
|
tag: v0.24
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
controller:
|
||||||
|
replicas: 2
|
||||||
|
dnsPolicy: ClusterFirst
|
||||||
|
strategy: RollingUpdate
|
||||||
|
rollingUpdate:
|
||||||
|
maxUnavailable: 0
|
||||||
|
maxSurge: 1
|
||||||
|
env:
|
||||||
|
TZ: Europe/Paris
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
enabled: false
|
||||||
|
dns-tcp:
|
||||||
|
enabled: false
|
||||||
|
dns-udp:
|
||||||
|
enabled: true
|
||||||
|
type: LoadBalancer
|
||||||
|
loadBalancerIP: 10.1.2.148
|
||||||
|
ports:
|
||||||
|
dns:
|
||||||
|
port: 53
|
||||||
|
protocol: UDP
|
||||||
|
probes:
|
||||||
|
liveness:
|
||||||
|
enabled: true
|
||||||
|
custom: true
|
||||||
|
spec:
|
||||||
|
tcpSocket:
|
||||||
|
port: 53
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
periodSeconds: 10
|
||||||
|
timeoutSeconds: 5
|
||||||
|
failureThreshold: 3
|
||||||
|
readiness:
|
||||||
|
enabled: true
|
||||||
|
custom: true
|
||||||
|
spec:
|
||||||
|
tcpSocket:
|
||||||
|
port: 53
|
||||||
|
initialDelaySeconds: 5
|
||||||
|
periodSeconds: 5
|
||||||
|
timeoutSeconds: 3
|
||||||
|
failureThreshold: 3
|
||||||
|
startup:
|
||||||
|
enabled: true
|
||||||
|
custom: true
|
||||||
|
spec:
|
||||||
|
tcpSocket:
|
||||||
|
port: 53
|
||||||
|
initialDelaySeconds: 5
|
||||||
|
periodSeconds: 2
|
||||||
|
timeoutSeconds: 3
|
||||||
|
failureThreshold: 30
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: 200m
|
||||||
|
memory: 256Mi
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 64Mi
|
||||||
|
# Full list of options https://github.com/0xERR0R/blocky/blob/main/docs/config.yml
|
||||||
|
config: "upstreams:\n groups:\n default:\n - 1.1.1.1\n - 1.0.0.1\n lan:\n - 10.101.207.1\n\nconditional:\n mapping:\n lan: 10.101.207.1\n cluster.local: 10.96.0.10\n in-addr.arpa: 10.96.0.10\n\nblocking:\n allowlists:\n ads:\n - |\n dealabs.digidip.net\n s.click.aliexpress.com\n fonts.googleapis.com\n fonts.gstatic.com\n wl.spotify.com\n www.googleadservices.com\n \n denylists:\n ads:\n - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts\n - https://adaway.org/hosts.txt\n \n clientGroupsBlock:\n default:\n - ads\n \n blockType: zeroIp\n blockTTL: 1m\n loading:\n refreshPeriod: 4h\n downloads:\n timeout: 60s\n\ncaching:\n minTime: 5m\n maxTime: 30m\n # Disable negative caching (NXDOMAIN responses) for dynamic DNS\n cacheTimeNegative: 0\n prefetching: true\n prefetchExpires: 2h\n prefetchThreshold: 5\n\nprometheus:\n enable: true\n path: /metrics\n\nports:\n dns: 53\n http: 4000\n\nbootstrapDns: tcp+udp:1.1.1.1\n\nlog:\n level: info\n format: text\n timestamp: true\n"
|
||||||
|
sops:
|
||||||
|
lastmodified: "2026-05-02T17:51:26Z"
|
||||||
|
mac: ENC[AES256_GCM,data:J7EovwsXi2L9XocZoi5ann71DQ+wWZk2aCUbjvaGpv0yZC5g2HNccPVRvAj3y9SyMttLT8QlESXzHpEV2A6bOfmJf5v0ACYuWn5wKNlkaBdmTs1xwXp/RcpeOb+FCL9D+9hzjBO9XF6iXZLSj4pO/n1C0IhfeqYKdDC4tHkxOHA=,iv:Qm3Uh+UUSDWCxh7gWJ9x597aWXdMHxtpixE2BVlb6c8=,tag:aHbK26P4f9YV2uGLhpT6OA==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2026-05-02T17:51:25Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA7uy4qQr71wiAQ/+Po8UdkiFGt0LmcvCeSE23aoWwY4qi2FsGKdik+7sL3RN
|
||||||
|
gOt/VQ6geefhd4YDhH0jfd7TDXs7UTtYvKQ+IaKcRUyOrZzhrfTpNeT/lXuaTkHf
|
||||||
|
LAUiqyprq1RDzxxIPvgMh4DynfehgN8B81iMJox2/fD0oV7B6dIIABvAl87gzANw
|
||||||
|
7snQLJwdhNXFylKfrdC9A4AfYz7ycXBzEyYlY5BMZENw9yBGgZ1dZITU2KxeYCo/
|
||||||
|
gdVTCevybSBQ/Cq0+hI25ZF+nEIGjrVCN2AxPEUO98ljp4OZEu0p6KsMB4xgCD2j
|
||||||
|
l5LN6YPAu95TRx/bZinoHMMzth6WhFdUG0Anj2cIIYXOcreyzPxYGj+vwRlZFrkZ
|
||||||
|
gTU2vfpt/1Wx8ORRqocCkxZ3dMtm4KsGqe3xpd1y84ezL/bMLxSApn5e7Zzn1cEg
|
||||||
|
DoLwJGnZzSY4nRzfoGXOv6mjyTUVkqNexRlL2wIsgDP9VP/ohS9K2fFZzzJ/fXa1
|
||||||
|
G9DUg64SwfYIFzAgsyWwdE3kCJ/GSIAgrgNwBfZlLGdfB/PB2BkHNpzX4LROUEcD
|
||||||
|
HqqHtVlUIikiFdDQWwB5tS+APBCO6VuzKl1z3ROgV6xhvr4ZYkd9CHYu1S1r1XAs
|
||||||
|
JRCyow0zTLRYGQnDD8+RPQ4MsbzJsugA8Ac4bE4sVJpP8hloZBqHb38AkoUruDTS
|
||||||
|
XgE+Nxcy0/aznBgEscE/VuY/GTH1vwYl5/dAcV8GDYcNmd1tE9E1QwWsSurHt39u
|
||||||
|
+QdGZYoUbHPtsk/zODgEVqn0iTsqO7Y4Qmu93bYlYFQwCygAPKKpCaqmmu2U+rI=
|
||||||
|
=hq5F
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: DC6910268E657FF70BA7EC289974494E76938DDC
|
||||||
|
encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$
|
||||||
|
version: 3.10.2
|
||||||
93
kubernetes/system/caddy/caddyfile.yaml
Normal file
93
kubernetes/system/caddy/caddyfile.yaml
Normal file
@@ -0,0 +1,93 @@
|
|||||||
|
# Caddy Routes - External ConfigMap
|
||||||
|
# This file contains all route definitions, imported by the main Caddyfile.
|
||||||
|
# Edit this file to add/modify routes.
|
||||||
|
#
|
||||||
|
# Certificate files are mounted from the caddy-certificates Secret
|
||||||
|
# at /etc/caddy/certs/
|
||||||
|
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: caddy-routes
|
||||||
|
namespace: caddy
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: caddy
|
||||||
|
app.kubernetes.io/component: routes
|
||||||
|
data:
|
||||||
|
Caddyfile: |
|
||||||
|
vhaudiquet.fr {
|
||||||
|
tls /etc/caddy/certs/vhaudiquet-fr.crt /etc/caddy/certs/vhaudiquet-fr.key
|
||||||
|
reverse_proxy 10.1.2.212:80
|
||||||
|
}
|
||||||
|
|
||||||
|
*.vhaudiquet.fr {
|
||||||
|
tls /etc/caddy/certs/wildcard-vhaudiquet-fr.crt /etc/caddy/certs/wildcard-vhaudiquet-fr.key
|
||||||
|
|
||||||
|
# Kubernetes services (via Traefik)
|
||||||
|
@authentik host authentik.vhaudiquet.fr
|
||||||
|
|
||||||
|
@auth-nook host auth-nook.vhaudiquet.fr
|
||||||
|
@nook-mg host n.vhaudiquet.fr
|
||||||
|
@nook host nook.vhaudiquet.fr
|
||||||
|
@sse-nook host sse-nook.vhaudiquet.fr
|
||||||
|
|
||||||
|
@gitea host git.vhaudiquet.fr
|
||||||
|
|
||||||
|
@flux-wh host flux-webhook.vhaudiquet.fr
|
||||||
|
|
||||||
|
@umami host umami.vhaudiquet.fr
|
||||||
|
|
||||||
|
handle @authentik {
|
||||||
|
reverse_proxy traefik.traefik.svc.cluster.local:80
|
||||||
|
}
|
||||||
|
handle @auth-nook {
|
||||||
|
reverse_proxy traefik.traefik.svc.cluster.local:80
|
||||||
|
}
|
||||||
|
handle @nook-mg {
|
||||||
|
reverse_proxy traefik.traefik.svc.cluster.local:80
|
||||||
|
}
|
||||||
|
handle @nook {
|
||||||
|
reverse_proxy traefik.traefik.svc.cluster.local:80
|
||||||
|
}
|
||||||
|
handle @sse-nook {
|
||||||
|
reverse_proxy traefik.traefik.svc.cluster.local:80
|
||||||
|
}
|
||||||
|
handle @gitea {
|
||||||
|
reverse_proxy traefik.traefik.svc.cluster.local:80
|
||||||
|
}
|
||||||
|
handle @flux-wh {
|
||||||
|
reverse_proxy traefik.traefik.svc.cluster.local:80
|
||||||
|
}
|
||||||
|
handle @umami {
|
||||||
|
reverse_proxy traefik.traefik.svc.cluster.local:80
|
||||||
|
}
|
||||||
|
|
||||||
|
# Docker VM services (via Traefik)
|
||||||
|
@alexscript host alexscript.vhaudiquet.fr
|
||||||
|
@clips host clips.vhaudiquet.fr
|
||||||
|
@jellyfin host flix.vhaudiquet.fr
|
||||||
|
@mail host mail.vhaudiquet.fr
|
||||||
|
|
||||||
|
handle @alexscript {
|
||||||
|
reverse_proxy 10.1.2.212:80
|
||||||
|
}
|
||||||
|
handle @clips {
|
||||||
|
reverse_proxy 10.1.2.212:80
|
||||||
|
}
|
||||||
|
handle @jellyfin {
|
||||||
|
reverse_proxy 10.1.2.212:80
|
||||||
|
}
|
||||||
|
handle @mail {
|
||||||
|
reverse_proxy 10.1.2.212:80
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
semery.fr {
|
||||||
|
tls /etc/caddy/certs/semery-fr.crt /etc/caddy/certs/semery-fr.key
|
||||||
|
reverse_proxy 10.1.2.212:80
|
||||||
|
}
|
||||||
|
|
||||||
|
buildpath.win {
|
||||||
|
tls /etc/caddy/certs/buildpath-win.crt /etc/caddy/certs/buildpath-win.key
|
||||||
|
reverse_proxy 10.1.2.212:80
|
||||||
|
}
|
||||||
54
kubernetes/system/caddy/certificates-secret.yaml
Normal file
54
kubernetes/system/caddy/certificates-secret.yaml
Normal file
File diff suppressed because one or more lines are too long
15
kubernetes/system/caddy/kustomization.yaml
Normal file
15
kubernetes/system/caddy/kustomization.yaml
Normal file
@@ -0,0 +1,15 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
namespace: caddy
|
||||||
|
resources:
|
||||||
|
- namespace.yaml
|
||||||
|
- repository.yaml
|
||||||
|
- release.yaml
|
||||||
|
- certificates-secret.yaml
|
||||||
|
- caddyfile.yaml
|
||||||
|
secretGenerator:
|
||||||
|
- name: caddy-values
|
||||||
|
files:
|
||||||
|
- values.yaml=values.yaml
|
||||||
|
configurations:
|
||||||
|
- kustomizeconfig.yaml
|
||||||
6
kubernetes/system/caddy/kustomizeconfig.yaml
Normal file
6
kubernetes/system/caddy/kustomizeconfig.yaml
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
nameReference:
|
||||||
|
- kind: Secret
|
||||||
|
version: v1
|
||||||
|
fieldSpecs:
|
||||||
|
- path: spec/valuesFrom/name
|
||||||
|
kind: HelmRelease
|
||||||
7
kubernetes/system/caddy/namespace.yaml
Normal file
7
kubernetes/system/caddy/namespace.yaml
Normal file
@@ -0,0 +1,7 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: caddy
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: caddy
|
||||||
|
app.kubernetes.io/component: edge-proxy
|
||||||
30
kubernetes/system/caddy/release.yaml
Normal file
30
kubernetes/system/caddy/release.yaml
Normal file
@@ -0,0 +1,30 @@
|
|||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: caddy
|
||||||
|
namespace: caddy
|
||||||
|
spec:
|
||||||
|
interval: 1m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: caddy
|
||||||
|
namespace: caddy
|
||||||
|
chart: caddy
|
||||||
|
interval: 1m
|
||||||
|
version: "0.7.1"
|
||||||
|
valuesFrom:
|
||||||
|
- kind: Secret
|
||||||
|
name: caddy-values
|
||||||
|
# Patch the Service to add loadBalancerIP since the chart doesn't support it
|
||||||
|
postRenderers:
|
||||||
|
- kustomize:
|
||||||
|
patches:
|
||||||
|
- target:
|
||||||
|
kind: Service
|
||||||
|
name: caddy
|
||||||
|
patch: |
|
||||||
|
- op: add
|
||||||
|
path: /spec/loadBalancerIP
|
||||||
|
value: "10.1.2.152"
|
||||||
8
kubernetes/system/caddy/repository.yaml
Normal file
8
kubernetes/system/caddy/repository.yaml
Normal file
@@ -0,0 +1,8 @@
|
|||||||
|
apiVersion: source.toolkit.fluxcd.io/v1
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: caddy
|
||||||
|
namespace: caddy
|
||||||
|
spec:
|
||||||
|
interval: 1m
|
||||||
|
url: https://charts.alekc.dev/
|
||||||
99
kubernetes/system/caddy/values.yaml
Normal file
99
kubernetes/system/caddy/values.yaml
Normal file
@@ -0,0 +1,99 @@
|
|||||||
|
# Caddy Edge Proxy
|
||||||
|
replicaCount: 2
|
||||||
|
# Listen on standard HTTP port
|
||||||
|
listenPort: 80
|
||||||
|
# Enable HTTPS
|
||||||
|
https:
|
||||||
|
enabled: true
|
||||||
|
port: 443
|
||||||
|
image:
|
||||||
|
repository: caddy
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
tagSuffix: ""
|
||||||
|
tag: 2.11.2
|
||||||
|
service:
|
||||||
|
type: LoadBalancer
|
||||||
|
externalTrafficPolicy: Local
|
||||||
|
# Disable ingress - Caddy IS the edge proxy
|
||||||
|
ingress:
|
||||||
|
enabled: false
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 128Mi
|
||||||
|
limits:
|
||||||
|
cpu: 500m
|
||||||
|
memory: 256Mi
|
||||||
|
# Caddy needs root to bind to ports 80/443 and write runtime data
|
||||||
|
# Using restrictive security context causes "operation not permitted"
|
||||||
|
podSecurityContext: {}
|
||||||
|
securityContext: {}
|
||||||
|
health:
|
||||||
|
path: /
|
||||||
|
port: 9999
|
||||||
|
# Extra volumes: certificates + external routes ConfigMap
|
||||||
|
volumes:
|
||||||
|
- name: certificates
|
||||||
|
secret:
|
||||||
|
secretName: ENC[AES256_GCM,data:Er1F+5xhWKUT43+7jU/pwxWP,iv:Ohc3jFIQ4Enmbhd0F44SYWJiHlj1oFOrMdtM4oYKQEU=,tag:Kk8Y8aFSKMyGmY/uRVvyLw==,type:str]
|
||||||
|
optional: ENC[AES256_GCM,data:JdlpGQ==,iv:xaoqonC9cGHXizHuAFrjhC4ZEtZ2IICeg2hxvGjyFM4=,tag:JYmlIXgIMON7z4++FrBGKQ==,type:bool]
|
||||||
|
- name: routes
|
||||||
|
configMap:
|
||||||
|
name: caddy-routes
|
||||||
|
# Extra volume mounts
|
||||||
|
volumeMounts:
|
||||||
|
- name: certificates
|
||||||
|
mountPath: /etc/caddy/certs
|
||||||
|
readOnly: true
|
||||||
|
- name: routes
|
||||||
|
mountPath: /etc/caddy/routes
|
||||||
|
readOnly: true
|
||||||
|
# Caddy configuration
|
||||||
|
config:
|
||||||
|
debug: false
|
||||||
|
# Global options (goes inside the global {} block)
|
||||||
|
global: |
|
||||||
|
auto_https off
|
||||||
|
# The main Caddyfile content - imports routes from external ConfigMap
|
||||||
|
# This keeps routes in a separate, easily editable file
|
||||||
|
caddyFile: |
|
||||||
|
:80 {
|
||||||
|
redir https://{host}{uri} permanent
|
||||||
|
}
|
||||||
|
|
||||||
|
import /etc/caddy/routes/Caddyfile
|
||||||
|
affinity:
|
||||||
|
podAntiAffinity:
|
||||||
|
preferredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
- weight: 100
|
||||||
|
podAffinityTerm:
|
||||||
|
labelSelector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: caddy
|
||||||
|
topologyKey: kubernetes.io/hostname
|
||||||
|
sops:
|
||||||
|
lastmodified: "2026-05-08T11:43:14Z"
|
||||||
|
mac: ENC[AES256_GCM,data:K0HWw8yTPKy6e3aQV4SdiVwrCjiyCFlFbeycAiyJq4IdlKX9v4wFvjVFLR8VziH8oXJXdUUhr+LOiqNI5HwghXkVn2dOP2ij9jvXZtMic4P0AUN16PfWoedu9ozA+xsGHZ1OTUv+sxvKEUo5Z5Wp+u761w/Xqdn5hHmU2Komatk=,iv:ICwn/LvizIjXVfgiMje50dQ11JAH37wSla29bGAnjuA=,tag:mV7rtahUy4ODZaA7baM12w==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2026-05-08T11:43:13Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA7uy4qQr71wiAQ//aGnCSLLWTkhToTh833OJ1GwgN82F8R+RgsfpKIW+XNvI
|
||||||
|
YdTCgaFrYdCGXsaLHijb7vVwCU0VRf/ufZfQp2+GupqRHCbMLSmlkoiyr9ImGlYX
|
||||||
|
VWQDajv74H/3CcyCQNjqfFRdUHLE+rfNuYaH/p3+/Ee2bgJi52f3uRdJ4lXSCWIf
|
||||||
|
KW9lLbwjlfGnOnsnDkaPwcZW9QL353Mi82yXOu7OihobUaVgr83nESXbAS/k4mx1
|
||||||
|
whOXAoEDeLQZfZrITEewOQ0PHjWJwKc0x2YCiQ0If33GSfDjzWPoDuXmQo/xhk98
|
||||||
|
Nt3aNTMDvjriGNOIcZyUlEjq1HqCmd3pQSD5h8soR9Do/NsTocyK1da49iz91dha
|
||||||
|
jwoEga2iFis9Zd9rr7Caf3pWtmKENUGFJl15tpaelvk13jUebSyDubw0OIYbbILr
|
||||||
|
dVZAeiOHrRMD5crxG05zvOeLMASuL/IrK97RLBAonZLEkRrfgAwZHK2U0rq2HXpI
|
||||||
|
wlp4yDlF/eILvmMgAruP7lW0q/m5+DfxQtcZdamtm3FWj9m0iUAthvw02fplmFci
|
||||||
|
xJ82rkfkPAZSm7/yPJ9yiea+tKgX8yk1uArRtf8rsG6SED2lCRKmux8ElcZc5DYV
|
||||||
|
hyLivTN7X5Nr05mvaPIptCVm1iYoWaiQNZcPDax/LBZJhNaJgPUz1ue1Ppf422PS
|
||||||
|
XgE4dh3x1ulcUhXm4nK/0FzKmJUOjcygPeGWmia0ZOEHub/ju+z8LgRAkBasqRXP
|
||||||
|
4aepPm5xVY0g/Z0xksxIWpYUnLRzs0uUKd+zz1MvmWlZckxUO5wWJUWRcwCBDz4=
|
||||||
|
=Ql2K
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: DC6910268E657FF70BA7EC289974494E76938DDC
|
||||||
|
encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$
|
||||||
|
version: 3.10.2
|
||||||
@@ -5,3 +5,5 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
blocks:
|
blocks:
|
||||||
- cidr: "10.1.2.171/32"
|
- cidr: "10.1.2.171/32"
|
||||||
|
- cidr: "10.1.2.148/32"
|
||||||
|
- cidr: "10.1.2.152/32"
|
||||||
|
|||||||
79
kubernetes/system/coredns/etcd.yaml
Normal file
79
kubernetes/system/coredns/etcd.yaml
Normal file
@@ -0,0 +1,79 @@
|
|||||||
|
apiVersion: apps/v1
|
||||||
|
kind: StatefulSet
|
||||||
|
metadata:
|
||||||
|
name: etcd
|
||||||
|
namespace: coredns
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: etcd
|
||||||
|
app.kubernetes.io/component: dns-backend
|
||||||
|
spec:
|
||||||
|
serviceName: etcd
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: etcd
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: etcd
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: etcd
|
||||||
|
image: quay.io/coreos/etcd:v3.5.17
|
||||||
|
ports:
|
||||||
|
- containerPort: 2379
|
||||||
|
name: client
|
||||||
|
- containerPort: 2380
|
||||||
|
name: peer
|
||||||
|
env:
|
||||||
|
- name: ETCD_DATA_DIR
|
||||||
|
value: /etcd-data
|
||||||
|
- name: ETCD_LISTEN_CLIENT_URLS
|
||||||
|
value: http://0.0.0.0:2379
|
||||||
|
- name: ETCD_ADVERTISE_CLIENT_URLS
|
||||||
|
value: http://etcd.coredns.svc.cluster.local:2379
|
||||||
|
- name: ETCD_LISTEN_PEER_URLS
|
||||||
|
value: http://0.0.0.0:2380
|
||||||
|
- name: ETCD_INITIAL_ADVERTISE_PEER_URLS
|
||||||
|
value: http://etcd-0.etcd.coredns.svc.cluster.local:2380
|
||||||
|
- name: ETCD_INITIAL_CLUSTER
|
||||||
|
value: etcd-0=http://etcd-0.etcd.coredns.svc.cluster.local:2380
|
||||||
|
- name: ETCD_NAME
|
||||||
|
value: etcd-0
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 128Mi
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 64Mi
|
||||||
|
volumeMounts:
|
||||||
|
- name: etcd-data
|
||||||
|
mountPath: /etcd-data
|
||||||
|
volumeClaimTemplates:
|
||||||
|
- metadata:
|
||||||
|
name: etcd-data
|
||||||
|
spec:
|
||||||
|
accessModes: ["ReadWriteOnce"]
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 1Gi
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: etcd
|
||||||
|
namespace: coredns
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: etcd
|
||||||
|
spec:
|
||||||
|
type: ClusterIP
|
||||||
|
ports:
|
||||||
|
- port: 2379
|
||||||
|
targetPort: 2379
|
||||||
|
name: client
|
||||||
|
- port: 2380
|
||||||
|
targetPort: 2380
|
||||||
|
name: peer
|
||||||
|
selector:
|
||||||
|
app.kubernetes.io/name: etcd
|
||||||
15
kubernetes/system/coredns/kustomization.yaml
Normal file
15
kubernetes/system/coredns/kustomization.yaml
Normal file
@@ -0,0 +1,15 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
namespace: coredns
|
||||||
|
resources:
|
||||||
|
- namespace.yaml
|
||||||
|
- repository.yaml
|
||||||
|
- release.yaml
|
||||||
|
- zone-configmap.yaml
|
||||||
|
- etcd.yaml
|
||||||
|
secretGenerator:
|
||||||
|
- name: coredns-values
|
||||||
|
files:
|
||||||
|
- values.yaml=values.yaml
|
||||||
|
configurations:
|
||||||
|
- kustomizeconfig.yaml
|
||||||
6
kubernetes/system/coredns/kustomizeconfig.yaml
Normal file
6
kubernetes/system/coredns/kustomizeconfig.yaml
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
nameReference:
|
||||||
|
- kind: HelmRepository
|
||||||
|
version: v1
|
||||||
|
fieldSpecs:
|
||||||
|
- path: spec/chart/spec/sourceRef/name
|
||||||
|
kind: HelmRelease
|
||||||
7
kubernetes/system/coredns/namespace.yaml
Normal file
7
kubernetes/system/coredns/namespace.yaml
Normal file
@@ -0,0 +1,7 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: coredns
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: coredns
|
||||||
|
app.kubernetes.io/component: dns
|
||||||
19
kubernetes/system/coredns/release.yaml
Normal file
19
kubernetes/system/coredns/release.yaml
Normal file
@@ -0,0 +1,19 @@
|
|||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: coredns
|
||||||
|
namespace: coredns
|
||||||
|
spec:
|
||||||
|
interval: 1m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: coredns
|
||||||
|
namespace: coredns
|
||||||
|
chart: coredns
|
||||||
|
version: "1.45.2"
|
||||||
|
interval: 1m
|
||||||
|
valuesFrom:
|
||||||
|
- kind: Secret
|
||||||
|
name: coredns-values
|
||||||
8
kubernetes/system/coredns/repository.yaml
Normal file
8
kubernetes/system/coredns/repository.yaml
Normal file
@@ -0,0 +1,8 @@
|
|||||||
|
apiVersion: source.toolkit.fluxcd.io/v1
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: coredns
|
||||||
|
namespace: coredns
|
||||||
|
spec:
|
||||||
|
interval: 1h
|
||||||
|
url: https://coredns.github.io/helm
|
||||||
108
kubernetes/system/coredns/values.yaml
Normal file
108
kubernetes/system/coredns/values.yaml
Normal file
@@ -0,0 +1,108 @@
|
|||||||
|
replicaCount: 2
|
||||||
|
image:
|
||||||
|
repository: coredns/coredns
|
||||||
|
tag: 1.14.3
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
deployment:
|
||||||
|
dnsPolicy: ClusterFirst
|
||||||
|
strategy:
|
||||||
|
type: RollingUpdate
|
||||||
|
rollingUpdate:
|
||||||
|
maxUnavailable: 0
|
||||||
|
maxSurge: 1
|
||||||
|
livenessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /health
|
||||||
|
port: 8080
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
periodSeconds: 10
|
||||||
|
timeoutSeconds: 5
|
||||||
|
failureThreshold: 3
|
||||||
|
readinessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /ready
|
||||||
|
port: 8181
|
||||||
|
initialDelaySeconds: 5
|
||||||
|
periodSeconds: 5
|
||||||
|
timeoutSeconds: 3
|
||||||
|
failureThreshold: 3
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 128Mi
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 64Mi
|
||||||
|
serviceType: ClusterIP
|
||||||
|
service:
|
||||||
|
annotations:
|
||||||
|
io.cilium/lb-ipam-ips: ""
|
||||||
|
servers:
|
||||||
|
- zones:
|
||||||
|
- zone: cluster.local
|
||||||
|
port: 53
|
||||||
|
plugins:
|
||||||
|
- name: kubernetes
|
||||||
|
parameters: cluster.local in-addr.arpa ip6.arpa
|
||||||
|
configBlock: |-
|
||||||
|
pods insecure
|
||||||
|
fallthrough in-addr.arpa ip6.arpa
|
||||||
|
ttl 30
|
||||||
|
- zones:
|
||||||
|
- zone: .
|
||||||
|
port: 53
|
||||||
|
plugins:
|
||||||
|
- name: errors
|
||||||
|
- name: health
|
||||||
|
configBlock: lameduck 5s
|
||||||
|
- name: ready
|
||||||
|
- name: debug
|
||||||
|
- name: file
|
||||||
|
parameters: /etc/coredns/zones/lan.zone lan
|
||||||
|
configBlock: |-
|
||||||
|
reload 10s
|
||||||
|
fallthrough
|
||||||
|
- name: etcd
|
||||||
|
parameters: lan
|
||||||
|
configBlock: |-
|
||||||
|
path /skydns
|
||||||
|
endpoint http://etcd.coredns.svc.cluster.local:2379
|
||||||
|
fallthrough
|
||||||
|
- name: cache
|
||||||
|
parameters: 30
|
||||||
|
- name: loadbalance
|
||||||
|
- name: log
|
||||||
|
extraVolumeMounts:
|
||||||
|
- name: zone-config
|
||||||
|
mountPath: /etc/coredns/zones
|
||||||
|
readOnly: true
|
||||||
|
extraVolumes:
|
||||||
|
- name: zone-config
|
||||||
|
configMap:
|
||||||
|
name: coredns-lan-zone
|
||||||
|
sops:
|
||||||
|
lastmodified: "2026-05-02T16:59:44Z"
|
||||||
|
mac: ENC[AES256_GCM,data:H4uRid1Fqx4JzsF43TSGa7QcGjpXLAHiM0N3Kf4z7ab4eMlTy1+RXMV7xVT9BinjZzH6P+ENxo0yVOsdt0Yu467KJhGznNWlb2MC2TElPxZ9/yItJ+hdVGHGWbVGFWUL5NOUQ9fY2NPGw0CGr8qyftLr5Qkx0LO/VUgKWkq6RWM=,iv:9+V/sCBhfWAsIvr4DsWQgkeqQZQyT4Ti3Y+qCEZqU5c=,tag:JCRONb54BpXQzYhhPs7VGA==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2026-05-02T16:59:43Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA7uy4qQr71wiAQ/9HzeTVqelbvPtluYa5xGvoYNeEEXg43CwrwZ1/z5yFWvx
|
||||||
|
DoOCeyro5wFsNC6td7n2HVhtK0ULkfrMHH8OC+7L3bXbnlEnQzITmDggAUvfegCv
|
||||||
|
b/7ohPkOdLvi6qXbr8bgqCZYFnPq+gUs3UOPh5Tl6wgzRSFXw2Hsb4YmQkvZJUNb
|
||||||
|
PhPpLIUe/ECE4hmEjO5v9o3X0o7qZ3bahf9mZZlnJnvXT7R/DM8eeWTis/q0WSHE
|
||||||
|
XnclhOX4GlMwXxa65sRrShuPcsV3qqX3VWOSWJFBhGx/FDtZTkhlHGQ9YhF2TzbB
|
||||||
|
xxCrn87mH2W13NH6jQOQYPh1JTTJbgZZMZXgyPNmPDSYZE1kxTdrz4l4mcmCDND0
|
||||||
|
hY3T8iR8ap2b3HhSNCqC1C0QN/bK217hTs8cJHWRRfa6jfh12imwk2XhJkB3zZxV
|
||||||
|
O1oSb6eiP0ba0CgXu31shmfXuTAeVbTm6E50heYorjQKR5djjnOVwQUdmis1Awae
|
||||||
|
AQTiWtBBbOgfX5WA5b6wInFr0WEsshG+YuqfB7FhJpo2SHyeFhgk47ssHWSeBpPv
|
||||||
|
wa4OAGaMkdGoePQhApZFrBCZHslEhPE+XQlDdyOtXCmxBOcLwe59ikWLV75j0DzS
|
||||||
|
NRUNOBYQ8Q1Y6Su/sJWW7TykQkmDirU+oIYxAngZyIyJSWvARPd6fJJvkqqg013S
|
||||||
|
XgH1+LQJWNEJzIaLKCWbkZXnMstsOYrs4ynV4f/QZKU+Md5CgVbjy9KIC/trfNhj
|
||||||
|
1t9kkyVVOEO7UmRhMyl8pK2gQDiOBrkhUJ5tSNFEfxM1llZ4GZRV+SUuMC3UzVA=
|
||||||
|
=l7Wo
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: DC6910268E657FF70BA7EC289974494E76938DDC
|
||||||
|
encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$
|
||||||
|
version: 3.10.2
|
||||||
67
kubernetes/system/coredns/zone-configmap.yaml
Normal file
67
kubernetes/system/coredns/zone-configmap.yaml
Normal file
@@ -0,0 +1,67 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: coredns-lan-zone
|
||||||
|
namespace: coredns
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: coredns
|
||||||
|
app.kubernetes.io/component: dns-zone
|
||||||
|
data:
|
||||||
|
lan.zone: |
|
||||||
|
$ORIGIN lan.
|
||||||
|
@ IN SOA ns.lan. admin.lan. (
|
||||||
|
2024010101 ; serial
|
||||||
|
3600 ; refresh
|
||||||
|
1800 ; retry
|
||||||
|
604800 ; expire
|
||||||
|
86400 ) ; minimum
|
||||||
|
IN NS ns.lan.
|
||||||
|
|
||||||
|
; Nameserver record
|
||||||
|
ns IN A 10.1.2.172
|
||||||
|
|
||||||
|
; Static hosts
|
||||||
|
openwrt IN A 10.1.1.1
|
||||||
|
|
||||||
|
; R740 and virtual machines
|
||||||
|
r740 IN A 10.1.1.223
|
||||||
|
bw-r740 IN A 10.1.2.233
|
||||||
|
kube-r740 IN A 10.1.2.171
|
||||||
|
docker-r740 IN A 10.1.2.212
|
||||||
|
truenas IN A 10.1.2.139
|
||||||
|
|
||||||
|
; PVE
|
||||||
|
pve IN A 10.1.2.10
|
||||||
|
docker-homeprod IN A 10.1.2.12
|
||||||
|
|
||||||
|
; Ligory
|
||||||
|
pve-ligory IN A 10.2.2.10
|
||||||
|
docker-ligory IN A 10.2.2.232
|
||||||
|
|
||||||
|
; IoT
|
||||||
|
c210 IN A 10.1.1.106
|
||||||
|
elegoo-neptune-4pro IN A 10.1.1.155
|
||||||
|
|
||||||
|
; docker-r740 services
|
||||||
|
esphome IN A 10.1.2.212
|
||||||
|
excalidraw IN A 10.1.2.212
|
||||||
|
gramps IN A 10.1.2.212
|
||||||
|
jackett IN A 10.1.2.212
|
||||||
|
jellyseerr IN A 10.1.2.212
|
||||||
|
mqtt IN A 10.1.2.212
|
||||||
|
n8n IN A 10.1.2.212
|
||||||
|
obsidian-livesync IN A 10.1.2.212
|
||||||
|
paperless IN A 10.1.2.212
|
||||||
|
proxy IN A 10.1.2.212
|
||||||
|
radarr IN A 10.1.2.212
|
||||||
|
radicale IN A 10.1.2.212
|
||||||
|
sonarr IN A 10.1.2.212
|
||||||
|
stirling-pdf IN A 10.1.2.212
|
||||||
|
syncthing-valentin IN A 10.1.2.212
|
||||||
|
tandoor IN A 10.1.2.212
|
||||||
|
traefik IN A 10.1.2.212
|
||||||
|
transmission IN A 10.1.2.212
|
||||||
|
tubearchivist IN A 10.1.2.212
|
||||||
|
webmail IN A 10.1.2.212
|
||||||
|
wizarr IN A 10.1.2.212
|
||||||
|
zigbee2mqtt IN A 10.1.2.212
|
||||||
@@ -1,38 +1,39 @@
|
|||||||
provider:
|
provider:
|
||||||
name: pihole
|
name: coredns
|
||||||
registry: noop
|
registry: noop
|
||||||
policy: upsert-only
|
policy: upsert-only
|
||||||
sources:
|
sources:
|
||||||
- ingress
|
- ingress
|
||||||
|
- service
|
||||||
domainFilters:
|
domainFilters:
|
||||||
- .lan
|
- lan
|
||||||
extraArgs:
|
extraArgs:
|
||||||
- ENC[AES256_GCM,data:ym7grahK+0f0ydcdbWjamJdu/fOBUdH186xaQVaXZWEb,iv:PYGTuE/0z23pXVmitjDRcESs6dwuZA89VUhC1Dw/YlI=,tag:eIFd/J0gk8AWkaBmkHXoxg==,type:str]
|
- ENC[AES256_GCM,data:pWoRZNy0bqOOC/KNOy5u6yVpqJv29cJIgQ==,iv:gWQc3vdCwT7V67D0tyrPASAUNhVKjc2SIBLcQutIWG8=,tag:q6C1CLTMiGv0ZJ4jrPYOGg==,type:str]
|
||||||
- ENC[AES256_GCM,data:ah50AImpMpFgRmu7IFsOKUO8WK+dcFSQakw=,iv:WyrXKk0WxD86A3nDu2kvjZD185LZhDwTx28g9tPvgFA=,tag:B/7Kv4FT9l3SjIuGboIkaQ==,type:str]
|
env:
|
||||||
- ENC[AES256_GCM,data:5eFuaAUaRwrscxSSEOKpLxUrfgo+jfim,iv:6MQ10olVkkRzOaOf02vWKOrvmwgmEr1HedHpraprEaY=,tag:Kc2F03NjLMWmzHaByYHR9A==,type:str]
|
- name: ETCD_URLS
|
||||||
|
value: ENC[AES256_GCM,data:w4cTglu/bE5AkzdHdXhC8B0IazuxfQECVdPB3S2kUSJ8L4Q21oUQOs8I,iv:p560+9a3EqNcnA83Ahx/91w0PfzqWlAY8KRhbaCO5t4=,tag:ajc0Al6wZTOVrkLDXG90+w==,type:str]
|
||||||
sops:
|
sops:
|
||||||
lastmodified: "2025-08-27T10:07:50Z"
|
lastmodified: "2026-05-02T14:07:20Z"
|
||||||
mac: ENC[AES256_GCM,data:wb+0NBxUIqQUbCVsEZUTE7fAvFy+pxaxaD+zb76BploLk0qzB66Ui+xvArNW1RV8qOVTr/fLLxAcIfDlmN+HvJRFeUZLUhZroZXWIIElDN6O8IgzFRy3B+ps5bhVtkgUGACdmML9NJ7wCKEX67AqbuqquR/JagN55cDSTzhUvwk=,iv:qIu3X8SD5H/iKkJvwfK1aI0Rd4/fpt9ApIT5cpEDwVs=,tag:9nvr+LnN1RA8WQgtUg+GTA==,type:str]
|
mac: ENC[AES256_GCM,data:unn1TyPyIJZZZl3rB07iCjBJLP5dACsEowaHG2kPD7ItcLeZhz8gjy0Mz0lPgZXizBLtxdPxlH9W4DPZM6tIudghKovOg7ivoUlA78We87wOxACzAlLwG02vw4f5CKwopqEpdcl9aprLbg815IzcDdsKqSLHIw+Xdm0nW4rP+T0=,iv:YCoJhgO4hlcCcvVx/dxrIBR1677U9UREX26QPB8G/WY=,tag:PguKaLKr6wm93OgYgzEENQ==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2025-08-27T10:07:49Z"
|
- created_at: "2026-05-02T14:07:18Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
-----BEGIN PGP MESSAGE-----
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
hQIMA7uy4qQr71wiAQ/+IMnGLNPR17dXFL/tT/Jzm2SbZnRQJVk8pEikESBazMHy
|
hQIMA7uy4qQr71wiAQ/+OD3xMKWh/zrmSAzeha7eBUQqxV4Md+Sk5ZaZZpJwXm0F
|
||||||
qcXjwI4ZXOVKC9Azc1jwigWx1wsRzksqHWI7YihkJKSTWgDkr/WbRZUkkndMyC6o
|
Icb4N7rMRZiUL/BXaH7dDyLNKFbqTGTtLhBtp8IbW6Y6pijQDa3lgX2aC2LjZYP2
|
||||||
1rUghPTMnw3ykrLOHw0dP5KrQyeTqj3EakJKzPLl1M5AqOlRIEQzJhpcGACy9teR
|
GTILWOVYMo18h/idESrj9RBpODDCLUwDUipmNNDrNmeq+aotWEBGZgum2mE/lIdY
|
||||||
RZ4Z0WQL4lxl1bVQ/Yq+o7iEWDqAwlLxllBnvAz/nIfMQgaTfa9UyEz5Up71nXtz
|
Xx+gK9y6vE4IRnDp0AMBahYenO1QrzmzEJphBocw9H9RBwrXx3a4Ke4NY56/0cn+
|
||||||
f98txsSmB0kEYqEJNeNSQa6+MFT1OXJX8XijlfcEYVIyX7XO8+vKu99Neae026Ki
|
Q0+pBZdN4T+tmsplwT55I/2UIyyuLWLzfiXqgzP9PHj2qasP/0txDr3cL1bdMnLU
|
||||||
o+yXgVB8UIV/8tfhhRYofYFEUP9SPNeIrlJlXPopv1axnhhxCJeUUMDfQtrQFR1Q
|
U3ubRFbWHwstjKvsc7sHEZscaSE6CXzpxMCQs98q0I119+l5K4cm/n7ch3b7JDFB
|
||||||
8AUNbWluEU5q3/YLtk1HsLIDHGLG4o2WIS67Do3Feik3oZc5jP4b2sLrsSYc/2Rn
|
vRuYVdNXBllKMbSdvl++zhh9eYD/gofkZhx9cpJTrku8u6IlKuZkuTjNPp4QtkY6
|
||||||
DkjDrnYKqXojr2jD4B9fMiKen1/MxqZwP78CFNNIjqDf44fvmHPK1BlCUbMmBmyV
|
pPbC42znQ1xhEw5y4YtCxCfynhjCIko31P0uraMu5Ni8nPwt+nWANKLXn6T0VzlM
|
||||||
yti3wTZEWUa3P9a1EApt3/ez+51o4R1q5En6bkZWqrzDtjd1qhs8ygP1pyU5eRJZ
|
lFuU2FiPm9/p/4vNd3WlN73ShEf+QCUR6fZqJDEWY82lbdxMX5+p3JKbWtiY+rbH
|
||||||
dn0FzzDn4UuecCjXx6rZLw8ugSPIw+z3BMvB/JRx6OY3Dm6NKHBwfdIELoWwpWoY
|
scKh6hH1PAEYxNQosOabQWnt095niHXseWRAAYaRkm86jB500noYZw9sASmARFT6
|
||||||
28cH5X8hfVhr3uDIXmXVkJhrri3q35mRQnBIw+Gw7hgeMfWdLLmMSgwhCVvWNwDU
|
ojrl+hKzUqZa7Y5QIG3VFEiLJKIMDDoT8ojeKkuq5jCznInMdqQ/LlRX68IPI53S
|
||||||
aAEJAhBlX9Uiqb+tS5fNYsnGVwS4XNIUozxtkdy3t+ZHK/rqCJ0qVr6m2rTO8QCg
|
XgGNlbkKDLJx2r8ImRTXDkXIJT0d7iBnWksUHYgNnMnFgd8cR5Kud2NU2Hfh5zbQ
|
||||||
jfNwgjOfpFC5YSsHjEuPaISBTfEMJea/1fqeUoPSXIMtgnceOT5xeqR5d7K1cOKR
|
2q3dcJiO58H3CK6fZQhLkyTbodvD8+4z6E9rblWeAZR03qf8UPW2UmmWPlRgUPc=
|
||||||
sRirvHEkhbG3
|
=SbhF
|
||||||
=uej8
|
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: DC6910268E657FF70BA7EC289974494E76938DDC
|
fp: DC6910268E657FF70BA7EC289974494E76938DDC
|
||||||
encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$
|
encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$
|
||||||
|
|||||||
Reference in New Issue
Block a user