vhaudiquet/homeprod
1
0
Fork 0
mirror of https://github.com/vhaudiquet/homeprod.git synced 2026-05-08 17:47:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: vhaudiquet:bd18a3984a306013f5ffd5919b7c842bc776a356
Branches Tags
vhaudiquet:main vhaudiquet:dependabot/docker_compose/docker/home/zigbee2mqtt/koenkk/zigbee2mqtt-2.10.1 vhaudiquet:dependabot/helm/kubernetes/system/blocky/ghcr.io/0xerr0r/blocky-0.29.0 vhaudiquet:dependabot/helm/kubernetes/personal/linkwarden/ghcr.io/linkwarden/linkwarden-2.14.1 vhaudiquet:dependabot/docker_compose/docker/production/buildpath/mongo-8.2.7 vhaudiquet:dependabot/helm/kubernetes/personal/photoprism/photoprism/photoprism-260305 vhaudiquet:dependabot/helm/kubernetes/infrastructure/authentik/bitnamilegacy/postgresql-17.5.0 vhaudiquet:renovate/configure
..
compare: vhaudiquet:901a5e1a9a649a23489e3e830b197e242a458598
Branches Tags
vhaudiquet:main vhaudiquet:dependabot/docker_compose/docker/home/zigbee2mqtt/koenkk/zigbee2mqtt-2.10.1 vhaudiquet:dependabot/helm/kubernetes/system/blocky/ghcr.io/0xerr0r/blocky-0.29.0 vhaudiquet:dependabot/helm/kubernetes/personal/linkwarden/ghcr.io/linkwarden/linkwarden-2.14.1 vhaudiquet:dependabot/docker_compose/docker/production/buildpath/mongo-8.2.7 vhaudiquet:dependabot/helm/kubernetes/personal/photoprism/photoprism/photoprism-260305 vhaudiquet:dependabot/helm/kubernetes/infrastructure/authentik/bitnamilegacy/postgresql-17.5.0 vhaudiquet:renovate/configure

17 Commits
bd18a3984a ... 901a5e1a9a

Author SHA1 Message Date
Valentin Haudiquet
901a5e1a9a coredns: tryfix config 2026-05-02 16:39:49 +02:00
Valentin Haudiquet
30f0726821 blocky,coredns: disable caching, add falltrough 2026-05-02 16:36:15 +02:00
Valentin Haudiquet
a0dc90a708 coredns: change server zone to lan 2026-05-02 16:19:15 +02:00
Valentin Haudiquet
3cf5febd79 external-dns: tryfix coredns config 2026-05-02 16:07:22 +02:00
Valentin Haudiquet
cc92bd6301 external-dns: fix coredns config 2026-05-02 16:03:59 +02:00
Valentin Haudiquet
03f56060ea external-dns: move to coredns setup 2026-05-02 15:58:35 +02:00
Valentin Haudiquet
fb51af67b0 blocky: update config format, tryfix DNS resolution 2026-05-02 15:46:05 +02:00
Valentin Haudiquet
1f5a3ddd5b blocky: use internal kube dns to resolve cluster.local domains 2026-05-02 15:36:43 +02:00
Valentin Haudiquet
5fa0bc8e60 blocky: use cluster dns first, to resolve authoritative DNS server domain 2026-05-02 15:29:06 +02:00
Valentin Haudiquet
ec36bcbc81 blocky: update values to serve DNS on UDP only 2026-05-02 15:22:10 +02:00
Valentin Haudiquet
0c6e2a75c9 blocky: update with dedicated IP 2026-05-02 15:11:57 +02:00
Valentin Haudiquet
3bcef0afe6 z2m: remove loadbalancer service 
z2m has an ingress, it only needs clusterip
 2026-05-02 12:26:36 +02:00
Valentin Haudiquet
5be1ea5a4d blocky: fix values.yaml 2026-05-02 12:17:49 +02:00
Valentin Haudiquet
257f5d865f blocky: fix values.yaml config 2026-05-02 12:08:56 +02:00
Valentin Haudiquet
f003c62823 blocky: fix helm repository 2026-05-02 11:29:58 +02:00
Valentin Haudiquet
20a8963b64 coredns, blocky: deploy coredns and blocky on kube 2026-05-02 11:19:08 +02:00
Valentin Haudiquet
47a86ddf27 z2m: kube, update topic in config to avoid conflicts 2026-05-02 10:14:41 +02:00
19 changed files with 442 additions and 46 deletions
Expand all files Collapse all files

2
.github/dependabot.yml vendored
View File

@@ -51,6 +51,8 @@ updates:
- "/kubernetes/personal/notesnook" - "/kubernetes/personal/notesnook"
- "/kubernetes/personal/photoprism" - "/kubernetes/personal/photoprism"
- "/kubernetes/production/umami" - "/kubernetes/production/umami"
- "/kubernetes/system/blocky"
- "/kubernetes/system/coredns"
- "/kubernetes/system/csi-driver-nfs" - "/kubernetes/system/csi-driver-nfs"
- "/kubernetes/system/external-dns" - "/kubernetes/system/external-dns"
- "/kubernetes/system/traefik" - "/kubernetes/system/traefik"

6
infra/r740/proxmox/kube.tf
View File

@@ -83,6 +83,12 @@ resource "proxmox_virtual_environment_vm" "kube" {
vlan_id = 2 vlan_id = 2
} }
network_device {
bridge = "vmbr0"
model = "virtio"
vlan_id = 2
}
operating_system { operating_system {
type = "l26" type = "l26"
} }

41
kubernetes/home/zigbee2mqtt/values.yaml
View File

@@ -6,6 +6,8 @@ ingress:
paths: paths:
- path: / - path: /
pathType: Prefix pathType: Prefix
service:
type: ClusterIP
statefulset: statefulset:
securityContext: securityContext:
privileged: false privileged: false
@@ -33,35 +35,36 @@ zigbee2mqtt:
external_converters: [] external_converters: []
mqtt: mqtt:
server: mqtt://mqtt.lan:1883 server: mqtt://mqtt.lan:1883
user: ENC[AES256_GCM,data:y38nWA==,iv:j0eEQfRb8EFjFgQtAUDnC+SFG5GntgcY9DoI+pQATFE=,tag:i+QSvlWadDq4pLJGLo9mGg==,type:str] user: ENC[AES256_GCM,data:8chGUA==,iv:SOAuBYShpWbza3idtyqFoVIFstZFM34OPDN4uhAer0Y=,tag:WPoH80VcUGLy5Uq/z8EtaQ==,type:str]
password: ENC[AES256_GCM,data:kOJPLKGkuPMlcA==,iv:ecOCgqScF7StVOgb1+khzZDgpAM/WRbSn0iJDMcSnoc=,tag:T39fKp/eDMeMb5XEm+/j3w==,type:str] password: ENC[AES256_GCM,data:XVcTzQ3pDvPKbw==,iv:TK5qHq2yMTWgzcOPvj0GO7tOOD4PHvKMWfd3p4T8LuM=,tag:GJpKQWpVhwrewX4+9NITfQ==,type:str]
base_topic: z2m
serial: serial:
port: tcp://10.1.1.159:6638 port: tcp://10.1.1.159:6638
baudrate: 115200 baudrate: 115200
rtscts: false rtscts: false
adapter: ember adapter: ember
sops: sops:
lastmodified: "2026-04-04T23:00:45Z" lastmodified: "2026-05-02T10:26:20Z"
mac: ENC[AES256_GCM,data:a095DCVFoM6HPGbZSZjysbVhhUBcQtNh1sZYPLHKqhjI65TEAZbPqXUJeB1raqqBTmXr/0hZysx7/O7tqN/h+Gv0/pJTP3yAbXEArp9Soc9tmRBwJeaYMmm9+9s9QSvsCsiFnmVmp0ihYRbag35aXVcl2INDV7ilqVZnXOsThi0=,iv:y3ASd047iwdbJ0F9bLkSpV8uDRvzUFZIa7FV6AbLDH4=,tag:1wBNjiPukFK4xon0FHYkhw==,type:str] mac: ENC[AES256_GCM,data:32zZ0bYrgn+zTz8DEOU1N8MgDrihzWyMsV9q2m5RhFHRvXFuq3Z2GTORlUTeuK5qZIUrZt22VskigGAQiKC2CdzsJTcO3cGPshu5E6gWGBRNob02bXXsMu3TfCKxic/Ek7jE2p9R++a5AKczFZY8SxL7Sv1BZDxozkginDdYR4Q=,iv:VcDKwoPgYxZc8KXYv9oEH2GBqDRAJJxphj6MFLLI8ok=,tag:vPWqcEHoBVvfCoKoN5UiLA==,type:str]
pgp: pgp:
- created_at: "2026-04-04T23:00:45Z" - created_at: "2026-05-02T10:26:20Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQIMA7uy4qQr71wiARAAn1+iFDYCRrqXbgrAJXdw4KfvqEsX8i6ReCeq4+68YhFQ hQIMA7uy4qQr71wiAQ//fl1m3T6TnQvQ+yG0plOZaRXIGRI/YHiyP9KsK6I6l4c9
e6rv3yMBoDLNbMRr6AZaTN9XOLqd7jK0H6zobCdkUK89Fxp5fqxvAaaPloebRKu9 Y7lUjVcgADbjZYAMv08LFOEyN0/dtTFx2kV1vC5sF4CjxXKfddazKrQFjZQygc56
YnjG28UCbuqcW7P77GaoO+6t53Y3Ya4s/f1OLZ0zAkJDCV3NiADgBB112fG+HtnT Yn3wiYX2ZMTsc3AnOoUF/evXyDHYMu0l8FwZEupi0cjmgKjVZZsLYScMjLi6h9oO
WqkH6dENu5X9YP+PbMJ9qHWOqc88gBE4CpwH5R3F2UWRhfKnErdD8MpjNhDsJBuZ agDUxqZX8d3ikj3LPF1dk/XGP75fHBg7Jfim1RMMrOcpAbRi0H3XU82cr2s9fTS8
+c7K5mTRaYHqe96pEhOg+rPWa+YDpZb/ztpHeEPcWNdepHnSk4N9pw1bDKKORlQU UtylTk1x3F253YTC0JdvU0UskvzCvVl0Sf8TlkVb2tTJgwf/XnXMTmMeCvbhIj5u
Tuz80ZVz4SOUet+rYUzH0a4f9ktwxCy3m3D1YHW3rbaLUmu4tIPjsbSLU/ZNnkWv bgqIs0y6F0xm8NjhPGV2CtsQuQtLMLb5SxVFj7P4ad/Ekf9TizAJlcPt2u1/25zu
RFMZCUXDKqF0NxYyWgF232kXkrYURUHWd9PZLHjyWgp1k+OW0P9TViwYgC4Bq5NO x9v/kFnI5XMDIr3eWBJlFUwtImQJ+bO3GTauqwpULIHSa+y3Ux2XMNarKfN1jH3Y
+uQPpWqfYQWqIZwJA3PGmpQ18ngytAkQKaUw8mXH2dUQYXLwa8RT1EYaTEoN8KQd RG86rLQSioSA+HdZuZdEvo2ACc5DotC835cnMGMeIuO1Ad/RjvUaptN/p5hvTFMf
2gtmyxnhmohZgClvXzGq1ByVj4hkFUC6TqI6t8ZI6AQWpHsEKIsP39z9Ci6ipfpb 5t6SoE8gLXH7FZF7IomY0Xs/feztPOvPK76zpKV1Tqqgb7i0GaTFcKKBUxMPklZw
0ySguqykofTTVVqxzkZ2nviyuw7fNQQHtTAw5JyghotsHgBBMeP4TJm+CkrggYAV XwqOQl36HWz1BSvtYtYYX6/HyuknH4T6tk//J6MrNttnTQ/ZqjrBvl4FEVxTgf1h
e9NnrRJpV0R+gPrAyhAOhIzqaPBB/ZbAJrv0yHn1QQsgCzWqCy3ruAFNtP5BK1DS pFc8fTzNak+VB4MSdALg6Eo5xR57eGHhKgdUMgDAv1JMEP9ikk4/p8/1WHKhpTvS
XAG3zRbI+AfVs6pe50306g5tze71efLlH/7Bd17Rqx45rFsiiQyXJHRwQiLtYuQP XAG3QSahHWoc9L5A73xFmD66TRUhm8CVKRCAQebB7rXjsxaqgEOl70taQpucrckD
RJMrImgAdIgKkm8rA5LTDlnFAm2AhJ/LGLUV9Q9eS+JYSJqKMPX+I4iLq9u6 624SYxJwG9Uuk4odCQJ6g7T2KCKxsS/NKy6jOqgprkerR6pCfuXg8LDxBkHP
=KhGS =cZ3t
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: DC6910268E657FF70BA7EC289974494E76938DDC fp: DC6910268E657FF70BA7EC289974494E76938DDC
encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$ encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$

13
kubernetes/system/blocky/kustomization.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: blocky
resources:
- namespace.yaml
- repository.yaml
- release.yaml
secretGenerator:
- name: blocky-values
files:
- values.yaml=values.yaml
configurations:
- kustomizeconfig.yaml

6
kubernetes/system/blocky/kustomizeconfig.yaml Normal file
View File

@@ -0,0 +1,6 @@
nameReference:
- kind: HelmRepository
version: v1
fieldSpecs:
- path: spec/chart/spec/sourceRef/name
kind: HelmRelease

7
kubernetes/system/blocky/namespace.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: v1
kind: Namespace
metadata:
name: blocky
labels:
app.kubernetes.io/name: blocky
app.kubernetes.io/component: dns

19
kubernetes/system/blocky/release.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: blocky
namespace: blocky
spec:
interval: 1m
chart:
spec:
sourceRef:
kind: HelmRepository
name: blocky
namespace: blocky
chart: blocky
version: "11.2.1"
interval: 1m
valuesFrom:
- kind: Secret
name: blocky-values

8
kubernetes/system/blocky/repository.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: blocky
namespace: blocky
spec:
interval: 1h
url: https://k8s-home-lab.github.io/helm-charts/

58
kubernetes/system/blocky/values.yaml Normal file
View File

@@ -0,0 +1,58 @@
# Default values for blocky (k8s-home-lab chart)
image:
repository: ghcr.io/0xerr0r/blocky
tag: v0.24
pullPolicy: IfNotPresent
controller:
replicas: 1
dnsPolicy: ClusterFirst
env:
TZ: Europe/Paris
service:
main:
enabled: false
dns-tcp:
enabled: false
dns-udp:
enabled: true
type: LoadBalancer
loadBalancerIP: 10.1.2.148
ports:
dns:
port: 53
protocol: UDP
resources:
limits:
cpu: 200m
memory: 256Mi
requests:
cpu: 50m
memory: 64Mi
# Full list of options https://github.com/0xERR0R/blocky/blob/main/docs/config.yml
config: "upstreams:\n groups:\n default:\n - 1.1.1.1\n - 1.0.0.1\n lan:\n - 10.101.207.1\n\nconditional:\n mapping:\n lan: 10.101.207.1\n cluster.local: 10.96.0.10\n in-addr.arpa: 10.96.0.10\n\nblocking:\n allowlists:\n ads:\n - |\n dealabs.digidip.net\n s.click.aliexpress.com\n fonts.googleapis.com\n fonts.gstatic.com\n wl.spotify.com\n www.googleadservices.com\n \n denylists:\n ads:\n - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts\n - https://adaway.org/hosts.txt\n \n clientGroupsBlock:\n default:\n - ads\n \n blockType: zeroIp\n blockTTL: 1m\n loading:\n refreshPeriod: 4h\n downloads:\n timeout: 60s\n\ncaching:\n minTime: 5m\n maxTime: 30m\n # Disable negative caching (NXDOMAIN responses) for dynamic DNS\n cacheTimeNegative: 0\n prefetching: true\n prefetchExpires: 2h\n prefetchThreshold: 5\n\nprometheus:\n enable: true\n path: /metrics\n\nports:\n dns: 53\n http: 4000\n\nbootstrapDns: tcp+udp:1.1.1.1\n\nlog:\n level: info\n format: text\n timestamp: true\n"
sops:
lastmodified: "2026-05-02T14:36:10Z"
mac: ENC[AES256_GCM,data:1SV8u2ozDlB/m8uo7I7AIa/1njmu1bJ5vKilcirfNByz8wp/LRTtRgWwpUOrxzd1+qg+ZC1/mSLQY/kdwWcTU9uP6uBNSLemWJgIRBobFmExDvtfidkJXRhTMUm9zdSNGS/EbQQOz+DV8AAuByTwbP6i5fTiVNVes8kBlYbPvjc=,iv:Ox25bYW8ch63eJgCkOTZxUP/6+w43lKjC2lzYdBzUjw=,tag:LgXken02vzuXDuxg4Iovrw==,type:str]
pgp:
- created_at: "2026-05-02T14:36:09Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA7uy4qQr71wiARAAtdzdOgPBhpRSSnw5ZNXHpb6//E5SpCTDDOUbgpvw4FQj
ndqJwONMEm7RlZELlxpXq4Gr621j5hcdcc2vUl4ak8wC+1Ml2AAEYf0rrL2SQVVC
DAiRdHXilzOKJBx+qA+afZT4SNXnN8kv8LRq354mEpxMZ21ot0nZ+sjJiHrVGbSO
B2l39o3POLoTmzB/0+iTn953txjijVn/Hm7JoQ7yqQXBwnzjK1F7IkOdv0hyvpW1
/Sba+yqZQTqdpH/EwRfQxf6OJpxMBIAj6/COzcp143O3tjVQAEHTaqHbY4rbrt07
yxvOZKy2tNP/xY62E35rTzGvMrRqUzFNtaYeycx5F0jHgYNITtlCPh1txf5PBq5H
kmR9NFCOHncX5BFTAXbWaGVQiWxa71mn3vy49BZCwwz21D3u5/PI0Vqe5JBccyVu
4yqqIdwIrj5i0BdlIFHig1WbYzDjRriR4H1z/Y2Vvv1wtRao99rf8DhCxcWwEgNo
vAOM1wSBHacr9uZrgAOvObkMWZ4m1UekIJXkA5803cb8J+ceneJ+EOWyYiFVPV8h
MshaL9M1zuEydZqHwDHfMgR/BgVvSVFwPQSkfXnKYJHNS8QGTfZKFudBiP0Ij7DB
pjRf5f2b4FhDgCIg5BopWBxES0LscpFmHgrV0QDKiXOXJNMkVUF5+ITz6HwwwlnS
XAEwKWrC58GzNBKFCvSMeD83xy7icfdTkXvO30EW9CbEUAMYN4twgsHG+J5NDrUR
yaET3e2kmOWStkQsPmMtYEVRfRHOWr8XKQXMJfrA87ZC0P19UwUM0eRXJVCN
=0h7d
-----END PGP MESSAGE-----
fp: DC6910268E657FF70BA7EC289974494E76938DDC
encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$
version: 3.10.2

1
kubernetes/system/cilium/pool.yaml
View File

@@ -5,3 +5,4 @@ metadata:
spec: spec:
blocks: blocks:
- cidr: "10.1.2.171/32" - cidr: "10.1.2.171/32"
- cidr: "10.1.2.148/32"

79
kubernetes/system/coredns/etcd.yaml Normal file
View File

@@ -0,0 +1,79 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: etcd
namespace: coredns
labels:
app.kubernetes.io/name: etcd
app.kubernetes.io/component: dns-backend
spec:
serviceName: etcd
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: etcd
template:
metadata:
labels:
app.kubernetes.io/name: etcd
spec:
containers:
- name: etcd
image: quay.io/coreos/etcd:v3.5.17
ports:
- containerPort: 2379
name: client
- containerPort: 2380
name: peer
env:
- name: ETCD_DATA_DIR
value: /etcd-data
- name: ETCD_LISTEN_CLIENT_URLS
value: http://0.0.0.0:2379
- name: ETCD_ADVERTISE_CLIENT_URLS
value: http://etcd.coredns.svc.cluster.local:2379
- name: ETCD_LISTEN_PEER_URLS
value: http://0.0.0.0:2380
- name: ETCD_INITIAL_ADVERTISE_PEER_URLS
value: http://etcd-0.etcd.coredns.svc.cluster.local:2380
- name: ETCD_INITIAL_CLUSTER
value: etcd-0=http://etcd-0.etcd.coredns.svc.cluster.local:2380
- name: ETCD_NAME
value: etcd-0
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 50m
memory: 64Mi
volumeMounts:
- name: etcd-data
mountPath: /etcd-data
volumeClaimTemplates:
- metadata:
name: etcd-data
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: Service
metadata:
name: etcd
namespace: coredns
labels:
app.kubernetes.io/name: etcd
spec:
type: ClusterIP
ports:
- port: 2379
targetPort: 2379
name: client
- port: 2380
targetPort: 2380
name: peer
selector:
app.kubernetes.io/name: etcd

15
kubernetes/system/coredns/kustomization.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: coredns
resources:
- namespace.yaml
- repository.yaml
- release.yaml
- zone-configmap.yaml
- etcd.yaml
secretGenerator:
- name: coredns-values
files:
- values.yaml=values.yaml
configurations:
- kustomizeconfig.yaml

6
kubernetes/system/coredns/kustomizeconfig.yaml Normal file
View File

@@ -0,0 +1,6 @@
nameReference:
- kind: HelmRepository
version: v1
fieldSpecs:
- path: spec/chart/spec/sourceRef/name
kind: HelmRelease

7
kubernetes/system/coredns/namespace.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: v1
kind: Namespace
metadata:
name: coredns
labels:
app.kubernetes.io/name: coredns
app.kubernetes.io/component: dns

19
kubernetes/system/coredns/release.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: coredns
namespace: coredns
spec:
interval: 1m
chart:
spec:
sourceRef:
kind: HelmRepository
name: coredns
namespace: coredns
chart: coredns
version: "1.x.x"
interval: 1m
valuesFrom:
- kind: Secret
name: coredns-values

8
kubernetes/system/coredns/repository.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: coredns
namespace: coredns
spec:
interval: 1h
url: https://coredns.github.io/helm

71
kubernetes/system/coredns/values.yaml Normal file
View File

@@ -0,0 +1,71 @@
replicaCount: 1
image:
repository: coredns/coredns
tag: 1.12.0
pullPolicy: IfNotPresent
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 50m
memory: 64Mi
serviceType: ClusterIP
service:
annotations:
io.cilium/lb-ipam-ips: ""
servers:
- zones:
- zone: lan
port: 53
plugins:
- name: errors
- name: health
configBlock: lameduck 5s
- name: ready
- name: etcd
configBlock: |-
path /skydns
endpoint http://etcd.coredns.svc.cluster.local:2379
fallthrough
- name: file
parameters: /etc/coredns/zones/lan.zone
configBlock: reload 10s
- name: cache
parameters: 30
- name: loadbalance
- name: log
extraVolumeMounts:
- name: zone-config
mountPath: /etc/coredns/zones
readOnly: true
extraVolumes:
- name: zone-config
configMap:
name: coredns-lan-zone
sops:
lastmodified: "2026-05-02T14:39:47Z"
mac: ENC[AES256_GCM,data:Gu0D9opwQSxNgqtv2KLMd9XGh3SbEDFXUZbPPbxuLT1jT+TwWEYSEu60PKUnU8nOdukYIoiSE3hj29Wsg3IqqjUc0oEUHn1IRPGpn/UhsvURcKgrbyEv3mGjSDicKNMyDgbTTqiPJz/K++SvmRbjJbpDtiQhRrPvw/oaVf0Cj28=,iv:DD4sk2jp6zIkRQaMTXmhfvRwz/Nnt1ecN0HjqlG9zFU=,tag:nGYLN1djfe/GzBofLPuT8g==,type:str]
pgp:
- created_at: "2026-05-02T14:39:46Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA7uy4qQr71wiARAAic/5FcANctn1HG4gfBM8p6ElQG3oo056iQDK1dbHzkNs
HJ3KIZjP0BPwBag2jO6TJ51Y7Wtq62lvrggIifAEHt2FiV4oxDL+oRGwPq5l6l73
46xiTygo4X1zDcDLIX2wNv1UeiGdKA2mw2D33lHAxLQSkxuQE3/Pukb8YvXVgYNi
2hpRFed4TpjccXkvTNL2d/yEvdqnDdHlxqboqvygIGw0u7KIhCIh+IRkjEFx0nvU
eKEq04jTWjE8SRCbFJu1jXMNQ0jkPkwU9XkM0FtuSus48lwe+jKdo4+uYXZBDQdC
mUkZwQy0dzOMJGSa+1kJ9V3xt/pEEEsQKNfepz1QHjgoTYsU84JOwbPRBEBBNFB0
kvbuOYUGu9chuo9gt5ByGxetJBsH2ckKE5mNHxJ4KQOSBRM5dmaxjv8XVmVb60jo
GXaq4Q7dVGtPiSBz0SUOdTna5+RKs1VHNbn54hRB54YNZoltJlbsjvS7weTkuDKF
QHm0DgK9maebHSa/s434xYzyc7X3vsZ76xdUHX3ZwSLR7h4jVoWy6RP1cybWYWOg
CFX/L/7JVYZsBu414q2+75buzi55Ja8GUTjq3T2oyxtVtnC6zr8oLZM9TFwEe+QF
C6pXdbLOx2ToGpqbk2Ps4vTqIo0pTBbzDohycFQCiGIyOS/ZDjmJ8pMmCxPxZRjS
XgEwhkNmirBPhGn+6DjeWJDB3p3vVy2BY7ftfGB8R+fxk4EqhhcnrZNhPvylTNqD
A/UavumwRWNHFi0lCt9/OHON1bnrjTAUbcajaGq6D7vtSzyZcW2xL9nlJ04mOO4=
=pcZc
-----END PGP MESSAGE-----
fp: DC6910268E657FF70BA7EC289974494E76938DDC
encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$
version: 3.10.2

67
kubernetes/system/coredns/zone-configmap.yaml Normal file
View File

@@ -0,0 +1,67 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns-lan-zone
namespace: coredns
labels:
app.kubernetes.io/name: coredns
app.kubernetes.io/component: dns-zone
data:
lan.zone: |
$ORIGIN lan.
@ IN SOA ns.lan. admin.lan. (
2024010101 ; serial
3600 ; refresh
1800 ; retry
604800 ; expire
86400 ) ; minimum
IN NS ns.lan.
; Nameserver record
ns IN A 10.1.2.172
; Static hosts
openwrt IN A 10.1.1.1
; R740 and virtual machines
r740 IN A 10.1.1.223
bw-r740 IN A 10.1.2.233
kube-r740 IN A 10.1.2.171
docker-r740 IN A 10.1.2.212
truenas IN A 10.1.2.139
; PVE
pve IN A 10.1.2.10
docker-homeprod IN A 10.1.2.12
; Ligory
pve-ligory IN A 10.2.2.10
docker-ligory IN A 10.2.2.232
; IoT
c210 IN A 10.1.1.106
elegoo-neptune-4pro IN A 10.1.1.155
; docker-r740 services
esphome IN A 10.1.2.212
excalidraw IN A 10.1.2.212
gramps IN A 10.1.2.212
jackett IN A 10.1.2.212
jellyseerr IN A 10.1.2.212
mqtt IN A 10.1.2.212
n8n IN A 10.1.2.212
obsidian-livesync IN A 10.1.2.212
paperless IN A 10.1.2.212
proxy IN A 10.1.2.212
radarr IN A 10.1.2.212
radicale IN A 10.1.2.212
sonarr IN A 10.1.2.212
stirling-pdf IN A 10.1.2.212
syncthing-valentin IN A 10.1.2.212
tandoor IN A 10.1.2.212
traefik IN A 10.1.2.212
transmission IN A 10.1.2.212
tubearchivist IN A 10.1.2.212
webmail IN A 10.1.2.212
wizarr IN A 10.1.2.212
zigbee2mqtt IN A 10.1.2.212

55
kubernetes/system/external-dns/values.yaml
View File

@@ -1,38 +1,39 @@
provider: provider:
name: pihole name: coredns
registry: noop registry: noop
policy: upsert-only policy: upsert-only
sources: sources:
- ingress - ingress
- service
domainFilters: domainFilters:
- .lan - lan
extraArgs: extraArgs:
- ENC[AES256_GCM,data:ym7grahK+0f0ydcdbWjamJdu/fOBUdH186xaQVaXZWEb,iv:PYGTuE/0z23pXVmitjDRcESs6dwuZA89VUhC1Dw/YlI=,tag:eIFd/J0gk8AWkaBmkHXoxg==,type:str] - ENC[AES256_GCM,data:pWoRZNy0bqOOC/KNOy5u6yVpqJv29cJIgQ==,iv:gWQc3vdCwT7V67D0tyrPASAUNhVKjc2SIBLcQutIWG8=,tag:q6C1CLTMiGv0ZJ4jrPYOGg==,type:str]
- ENC[AES256_GCM,data:ah50AImpMpFgRmu7IFsOKUO8WK+dcFSQakw=,iv:WyrXKk0WxD86A3nDu2kvjZD185LZhDwTx28g9tPvgFA=,tag:B/7Kv4FT9l3SjIuGboIkaQ==,type:str] env:
- ENC[AES256_GCM,data:5eFuaAUaRwrscxSSEOKpLxUrfgo+jfim,iv:6MQ10olVkkRzOaOf02vWKOrvmwgmEr1HedHpraprEaY=,tag:Kc2F03NjLMWmzHaByYHR9A==,type:str] - name: ETCD_URLS
value: ENC[AES256_GCM,data:w4cTglu/bE5AkzdHdXhC8B0IazuxfQECVdPB3S2kUSJ8L4Q21oUQOs8I,iv:p560+9a3EqNcnA83Ahx/91w0PfzqWlAY8KRhbaCO5t4=,tag:ajc0Al6wZTOVrkLDXG90+w==,type:str]
sops: sops:
lastmodified: "2025-08-27T10:07:50Z" lastmodified: "2026-05-02T14:07:20Z"
mac: ENC[AES256_GCM,data:wb+0NBxUIqQUbCVsEZUTE7fAvFy+pxaxaD+zb76BploLk0qzB66Ui+xvArNW1RV8qOVTr/fLLxAcIfDlmN+HvJRFeUZLUhZroZXWIIElDN6O8IgzFRy3B+ps5bhVtkgUGACdmML9NJ7wCKEX67AqbuqquR/JagN55cDSTzhUvwk=,iv:qIu3X8SD5H/iKkJvwfK1aI0Rd4/fpt9ApIT5cpEDwVs=,tag:9nvr+LnN1RA8WQgtUg+GTA==,type:str] mac: ENC[AES256_GCM,data:unn1TyPyIJZZZl3rB07iCjBJLP5dACsEowaHG2kPD7ItcLeZhz8gjy0Mz0lPgZXizBLtxdPxlH9W4DPZM6tIudghKovOg7ivoUlA78We87wOxACzAlLwG02vw4f5CKwopqEpdcl9aprLbg815IzcDdsKqSLHIw+Xdm0nW4rP+T0=,iv:YCoJhgO4hlcCcvVx/dxrIBR1677U9UREX26QPB8G/WY=,tag:PguKaLKr6wm93OgYgzEENQ==,type:str]
pgp: pgp:
- created_at: "2025-08-27T10:07:49Z" - created_at: "2026-05-02T14:07:18Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQIMA7uy4qQr71wiAQ/+IMnGLNPR17dXFL/tT/Jzm2SbZnRQJVk8pEikESBazMHy hQIMA7uy4qQr71wiAQ/+OD3xMKWh/zrmSAzeha7eBUQqxV4Md+Sk5ZaZZpJwXm0F
qcXjwI4ZXOVKC9Azc1jwigWx1wsRzksqHWI7YihkJKSTWgDkr/WbRZUkkndMyC6o Icb4N7rMRZiUL/BXaH7dDyLNKFbqTGTtLhBtp8IbW6Y6pijQDa3lgX2aC2LjZYP2
1rUghPTMnw3ykrLOHw0dP5KrQyeTqj3EakJKzPLl1M5AqOlRIEQzJhpcGACy9teR GTILWOVYMo18h/idESrj9RBpODDCLUwDUipmNNDrNmeq+aotWEBGZgum2mE/lIdY
RZ4Z0WQL4lxl1bVQ/Yq+o7iEWDqAwlLxllBnvAz/nIfMQgaTfa9UyEz5Up71nXtz Xx+gK9y6vE4IRnDp0AMBahYenO1QrzmzEJphBocw9H9RBwrXx3a4Ke4NY56/0cn+
f98txsSmB0kEYqEJNeNSQa6+MFT1OXJX8XijlfcEYVIyX7XO8+vKu99Neae026Ki Q0+pBZdN4T+tmsplwT55I/2UIyyuLWLzfiXqgzP9PHj2qasP/0txDr3cL1bdMnLU
o+yXgVB8UIV/8tfhhRYofYFEUP9SPNeIrlJlXPopv1axnhhxCJeUUMDfQtrQFR1Q U3ubRFbWHwstjKvsc7sHEZscaSE6CXzpxMCQs98q0I119+l5K4cm/n7ch3b7JDFB
8AUNbWluEU5q3/YLtk1HsLIDHGLG4o2WIS67Do3Feik3oZc5jP4b2sLrsSYc/2Rn vRuYVdNXBllKMbSdvl++zhh9eYD/gofkZhx9cpJTrku8u6IlKuZkuTjNPp4QtkY6
DkjDrnYKqXojr2jD4B9fMiKen1/MxqZwP78CFNNIjqDf44fvmHPK1BlCUbMmBmyV pPbC42znQ1xhEw5y4YtCxCfynhjCIko31P0uraMu5Ni8nPwt+nWANKLXn6T0VzlM
yti3wTZEWUa3P9a1EApt3/ez+51o4R1q5En6bkZWqrzDtjd1qhs8ygP1pyU5eRJZ lFuU2FiPm9/p/4vNd3WlN73ShEf+QCUR6fZqJDEWY82lbdxMX5+p3JKbWtiY+rbH
dn0FzzDn4UuecCjXx6rZLw8ugSPIw+z3BMvB/JRx6OY3Dm6NKHBwfdIELoWwpWoY scKh6hH1PAEYxNQosOabQWnt095niHXseWRAAYaRkm86jB500noYZw9sASmARFT6
28cH5X8hfVhr3uDIXmXVkJhrri3q35mRQnBIw+Gw7hgeMfWdLLmMSgwhCVvWNwDU ojrl+hKzUqZa7Y5QIG3VFEiLJKIMDDoT8ojeKkuq5jCznInMdqQ/LlRX68IPI53S
aAEJAhBlX9Uiqb+tS5fNYsnGVwS4XNIUozxtkdy3t+ZHK/rqCJ0qVr6m2rTO8QCg XgGNlbkKDLJx2r8ImRTXDkXIJT0d7iBnWksUHYgNnMnFgd8cR5Kud2NU2Hfh5zbQ
jfNwgjOfpFC5YSsHjEuPaISBTfEMJea/1fqeUoPSXIMtgnceOT5xeqR5d7K1cOKR 2q3dcJiO58H3CK6fZQhLkyTbodvD8+4z6E9rblWeAZR03qf8UPW2UmmWPlRgUPc=
sRirvHEkhbG3 =SbhF
=uej8
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: DC6910268E657FF70BA7EC289974494E76938DDC fp: DC6910268E657FF70BA7EC289974494E76938DDC
encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$ encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$