vhaudiquet/homeprod
1
0
Fork 0
mirror of https://github.com/vhaudiquet/homeprod.git synced 2026-05-08 17:47:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: vhaudiquet:de093a27bfbeabc5496de4e178169f3d158b3892
Branches Tags
vhaudiquet:main vhaudiquet:dependabot/docker_compose/docker/home/zigbee2mqtt/koenkk/zigbee2mqtt-2.10.1 vhaudiquet:dependabot/helm/kubernetes/system/blocky/ghcr.io/0xerr0r/blocky-0.29.0 vhaudiquet:dependabot/helm/kubernetes/personal/linkwarden/ghcr.io/linkwarden/linkwarden-2.14.1 vhaudiquet:dependabot/docker_compose/docker/production/buildpath/mongo-8.2.7 vhaudiquet:dependabot/helm/kubernetes/personal/photoprism/photoprism/photoprism-260305 vhaudiquet:dependabot/helm/kubernetes/infrastructure/authentik/bitnamilegacy/postgresql-17.5.0 vhaudiquet:renovate/configure
...
compare: vhaudiquet:main
Branches Tags
vhaudiquet:main vhaudiquet:dependabot/docker_compose/docker/home/zigbee2mqtt/koenkk/zigbee2mqtt-2.10.1 vhaudiquet:dependabot/helm/kubernetes/system/blocky/ghcr.io/0xerr0r/blocky-0.29.0 vhaudiquet:dependabot/helm/kubernetes/personal/linkwarden/ghcr.io/linkwarden/linkwarden-2.14.1 vhaudiquet:dependabot/docker_compose/docker/production/buildpath/mongo-8.2.7 vhaudiquet:dependabot/helm/kubernetes/personal/photoprism/photoprism/photoprism-260305 vhaudiquet:dependabot/helm/kubernetes/infrastructure/authentik/bitnamilegacy/postgresql-17.5.0 vhaudiquet:renovate/configure

13 Commits
de093a27bf ... main

Author SHA1 Message Date
Valentin Haudiquet
3a6a621193 Merge branch 'main' of https://github.com/vhaudiquet/homeprod 
* 'main' of https://github.com/vhaudiquet/homeprod:
  build(deps): bump tomsquest/docker-radicale in /docker/personal/radicale
 2026-05-08 18:15:38 +02:00
Valentin Haudiquet
17ab87e276 infra: update VMs 
- kube: add NIC, bump up memory
- ai: set to off by default
- docker: bump up memory to absorb buildpath importer consumption
 2026-05-08 18:15:16 +02:00
dependabot[bot]
56f67dd447 build(deps): bump tomsquest/docker-radicale in /docker/personal/radicale 
Bumps tomsquest/docker-radicale from 3.7.1.0 to 3.7.2.0.

---
updated-dependencies:
- dependency-name: tomsquest/docker-radicale
  dependency-version: 3.7.2.0
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-08 15:44:22 +01:00
dependabot[bot]
33bdb8f3b0 build(deps): bump hotio/jackett 
Bumps [hotio/jackett](https://github.com/hotio/jackett) from release-v0.24.1815 to release-v0.24.1822.
- [Commits](https://github.com/hotio/jackett/commits)

---
updated-dependencies:
- dependency-name: hotio/jackett
  dependency-version: release-v0.24.1822
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-08 12:44:23 +01:00
dependabot[bot]
1b4e2dafbc build(deps): bump n8nio/n8n from 2.19.2 to 2.19.5 in /docker/home/n8n 
Bumps [n8nio/n8n](https://github.com/n8n-io/n8n) from 2.19.2 to 2.19.5.
- [Release notes](https://github.com/n8n-io/n8n/releases)
- [Commits](https://github.com/n8n-io/n8n/compare/n8n@2.19.2...n8n@2.19.5)

---
updated-dependencies:
- dependency-name: n8nio/n8n
  dependency-version: 2.19.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-08 12:44:12 +01:00
dependabot[bot]
9f59f7cea0 build(deps): bump esphome/esphome in /docker/home/esphome 
Bumps [esphome/esphome](https://github.com/esphome/esphome) from 2026.4.4 to 2026.4.5.
- [Release notes](https://github.com/esphome/esphome/releases)
- [Commits](https://github.com/esphome/esphome/compare/2026.4.4...2026.4.5)

---
updated-dependencies:
- dependency-name: esphome/esphome
  dependency-version: 2026.4.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-08 12:44:04 +01:00
Valentin Haudiquet
524d0d7d3c caddy: listen on port 80 2026-05-08 13:43:42 +02:00
Valentin Haudiquet
51b22d769e caddy: fix external ip annotation 2026-05-08 10:49:26 +02:00
Valentin Haudiquet
4bd0274714 caddy: fix caddyfile syntax 2026-05-08 10:28:56 +02:00
Valentin Haudiquet
69e3a793c8 caddy: change security context to fix permission error 2026-05-08 10:21:43 +02:00
Valentin Haudiquet
d5831fd1e3 caddy: deploy caddy as edge reverse proxy (on kube) 2026-05-08 00:48:55 +02:00
Valentin Haudiquet
cbf7842e8b dns: fix dns file 2026-05-06 19:14:04 +02:00
Valentin Haudiquet
0d5d688c18 fireshare: deploy fireshare, hello! 2026-05-06 19:08:33 +02:00
22 changed files with 414 additions and 8 deletions
Expand all files Collapse all files

2
.github/dependabot.yml vendored
View File

@@ -16,6 +16,7 @@ updates:
- "/docker/infrastructure/network/traefik" - "/docker/infrastructure/network/traefik"
- "/docker/infrastructure/squid" - "/docker/infrastructure/squid"
- "/docker/infrastructure/sshportal" - "/docker/infrastructure/sshportal"
- "/docker/personal/fireshare"
- "/docker/personal/gramps" - "/docker/personal/gramps"
- "/docker/personal/media/films-series/jackett" - "/docker/personal/media/films-series/jackett"
- "/docker/personal/media/films-series/jellyfin" - "/docker/personal/media/films-series/jellyfin"
@@ -52,6 +53,7 @@ updates:
- "/kubernetes/personal/photoprism" - "/kubernetes/personal/photoprism"
- "/kubernetes/production/umami" - "/kubernetes/production/umami"
- "/kubernetes/system/blocky" - "/kubernetes/system/blocky"
- "/kubernetes/system/caddy"
- "/kubernetes/system/coredns" - "/kubernetes/system/coredns"
- "/kubernetes/system/csi-driver-nfs" - "/kubernetes/system/csi-driver-nfs"
- "/kubernetes/system/external-dns" - "/kubernetes/system/external-dns"

2
.sops.yaml
View File

@@ -3,7 +3,7 @@ creation_rules:
encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$ encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$
pgp: DC6910268E657FF70BA7EC289974494E76938DDC pgp: DC6910268E657FF70BA7EC289974494E76938DDC
- path_regex: .*.yaml - path_regex: .*.yaml
encrypted_regex: ^(data|stringData)$ encrypted_regex: ^(data|stringData|.*.key|.*.crt)$
pgp: DC6910268E657FF70BA7EC289974494E76938DDC pgp: DC6910268E657FF70BA7EC289974494E76938DDC
- path_regex: .*.env$ - path_regex: .*.env$
input_type: dotenv input_type: dotenv

7
.swarmcd/stacks.yaml
View File

@@ -53,6 +53,13 @@ sshportal:
branch: main branch: main
compose_file: docker/infrastructure/sshportal/docker-compose.yml compose_file: docker/infrastructure/sshportal/docker-compose.yml
fireshare:
repo: homeprod
branch: main
compose_file: docker/personal/fireshare/docker-compose.yml
sops_files:
- docker/personal/fireshare/.env
gramps: gramps:
repo: homeprod repo: homeprod
branch: main branch: main

7
dns/production/vhaudiquet.fr.yaml
View File

@@ -355,6 +355,13 @@ canada:
ttl: 300 ttl: 300
type: A type: A
value: 192.99.6.159 value: 192.99.6.159
clips:
octodns:
cloudflare:
auto-ttl: true
ttl: 300
type: A
value: 83.113.30.49
flix: flix:
octodns: octodns:
cloudflare: cloudflare:

2
docker/home/esphome/docker-compose.yml
View File

@@ -1,6 +1,6 @@
services: services:
esphome: esphome:
image: ghcr.io/esphome/esphome:2026.4.4 image: ghcr.io/esphome/esphome:2026.4.5
ports: ports:
- "6052" - "6052"
networks: networks:

2
docker/home/n8n/docker-compose.yml
View File

@@ -1,6 +1,6 @@
services: services:
n8n: n8n:
image: docker.n8n.io/n8nio/n8n:2.19.2 image: docker.n8n.io/n8nio/n8n:2.19.5
environment: environment:
- TZ=Europe/Paris - TZ=Europe/Paris
- N8N_SECURE_COOKIE=false - N8N_SECURE_COOKIE=false

11
docker/personal/fireshare/.env Normal file
View File

@@ -0,0 +1,11 @@
ADMIN_USERNAME=ENC[AES256_GCM,data:8ngfC8VHpaaGCQ==,iv:Ze7ThfWmAWj0ZvV3A7Pd+aqAW/pahkTZhdFC/TnAwZ0=,tag:KCFdGV1dEw3e+q6FBgy2cw==,type:str]
ADMIN_PASSWORD=ENC[AES256_GCM,data:UhxEMnqYDyfgffqUf3Q=,iv:VvNX867P+w20Y7laG0R0c4BUw1uICeyF5SU3+waosRE=,tag:JL4GC+UZY3TqSmCq14CTpg==,type:str]
SECRET_KEY=ENC[AES256_GCM,data:uahYXYr4DvavNMTTdcDA0hdp5wj3OLret3fPF1DEc2lis+E7/fe45DWFuhUu8RAK76tuheA=,iv:Lofc+PP7Rtg99l36yOx6bt0i8hg1DJXzwSKQNJCRYPw=,tag:AiUGZOiLyjKItf++Gya+eA==,type:str]
DOMAIN=ENC[AES256_GCM,data:LyJ7RAgrioTltNQ/BKoPbEN8XQ==,iv:IHrT5TkaXuIhkfN/nHcapz4CNBG0t9lbzrHDjp04JLw=,tag:gjSa/tSVEqk6pXrfhjs7gQ==,type:str]
sops_lastmodified=2026-05-06T17:05:48Z
sops_mac=ENC[AES256_GCM,data:wRtDnVQkNsc1MtxSpbuVDuACkCwunYeyYSaQX2Tglm2kwOnx9iCyhuWY6RMYu5nfyJ1CT1kfqeGrGxhJ5uMDee29eLUv844X3hIXwpMT50jHFXEtfKLfRMfqpv9r9mbp2EP9VNDUtPyIwDk5vSjGeaYqEWtHW/q5y9qIrzqqy5g=,iv:UG4XGi3Qo8/nAddY+rzJm1AKIAmJjtR+2bDqSeaVxG4=,tag:SL2rvrxFmMfgyUyMqFIZEQ==,type:str]
sops_pgp__list_0__map_created_at=2026-05-06T17:05:48Z
sops_pgp__list_0__map_enc=-----BEGIN PGP MESSAGE-----\n\nhQIMA7uy4qQr71wiAQ//b6zlRVKrqzzszBJmnOUlfeZd5m2ekYv/zIBr4oxHyn5L\neLLff+N7hjBVSajg9Qg7GBQv7s3DX70vHTpdUP38UEO1aM0l3eU1JCwA4Hdh7Ds5\nnq330vUKhIAd+K8Vv4Ei9YHpj+kgMnt+R780qZUg18D39TAnx36q9b5SKzZCUsks\n3YM+G8pHLRipZhxp6zwhOPHVSnImOFjty4d6JV6Zes9zfslaETgva7p5DIKP0ttf\nI2JRacvL75MMp1USyqGKt7Bpl6Yz4VxY49aea+FxDlbzCVLuBBgZMoEjhPQifQfh\nB6OObmu1cVhECidrMHmqDBNqgKsNLble+g3Le+gJdn/zKxVc+q+cPPuk/JdT8tfv\nZTei6jg66IREZOrZCP3Gt4OB5LbkLdS0NET2CMVAYkGQvGrSC+diwUnFkI+WEh+p\noZhvgp/ytBgaw6ZyNPmvkGkFeFg1/ISpOHkVQ+P6Pnot8h4HvuI/KcBwJRCrtdbg\n+XMpqeQdmCnM04v5Uq1NVqRWHD0yvd7GHDOZCqJPMFHP0M6R+SwHq+8+pgbO3jxt\n+426MvhNKw8xWMtnUIO8sSSkzgOfT6vFXmzQvIawbXvitjGjiElkpmT5Hz3hn1Bm\nnu8CivqLwL4Gs1Uc2m6qHGkvGqxWwcHABWqftAk3VfhmjcFDwAyWROlCuD+A15PS\nXgE1wn9jLesXaiCwzAp4AOstkk0fR2yio4fa9dCeenzuedULNLuCyJfYtSm4QlSU\nvffH4iL8X/R24s6SdPsCIuNnAeKc0P4E55AlOaeZN4HcZzfspVikAZx+bK14JS8=\n=KGp6\n-----END PGP MESSAGE-----
sops_pgp__list_0__map_fp=DC6910268E657FF70BA7EC289974494E76938DDC
sops_unencrypted_suffix=_unencrypted
sops_version=3.10.2

58
docker/personal/fireshare/docker-compose.yml Normal file
View File

@@ -0,0 +1,58 @@
services:
fireshare:
container_name: fireshare
image: shaneisrael/fireshare:1.6.10-lite
ports:
- "80"
volumes:
- data:/data
- processed:/processed
- video:/videos
- images:/images
env_file:
- .env
environment:
# PUID/PGID: the user/group ID the container runs as. Files written to your
# volumes (data, processed, videos, images) will be owned by this user. Set these to
# match the owner of your host directories to avoid permission errors.
# Run `id` on your host to find your UID and GID.
- PUID=1000
- PGID=1000
networks:
- default
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.fireshare.rule=Host(`clips.vhaudiquet.fr`)"
- "traefik.http.services.fireshare.loadbalancer.server.port=80"
volumes:
data:
driver: local
driver_opts:
type: 'none'
o: 'bind'
device: '/app/fireshare/data'
processed:
driver: local
driver_opts:
type: 'none'
o: 'bind'
device: '/app/fireshare/processed'
video:
driver: local
driver_opts:
type: 'none'
o: 'bind'
device: '/app/fireshare/video'
images:
driver: local
driver_opts:
type: 'none'
o: 'bind'
device: '/app/fireshare/images'
networks:
proxy:
external: true
name: proxy

2
docker/personal/media/films-series/jackett/docker-compose.yml
View File

@@ -1,7 +1,7 @@
services: services:
jackett: jackett:
container_name: jackett container_name: jackett
image: ghcr.io/hotio/jackett:release-v0.24.1815 image: ghcr.io/hotio/jackett:release-v0.24.1822
ports: ports:
- "9117" - "9117"
networks: networks:

2
docker/personal/radicale/docker-compose.yml
View File

@@ -1,6 +1,6 @@
services: services:
radicale: radicale:
image: tomsquest/docker-radicale:3.7.1.0 image: tomsquest/docker-radicale:3.7.2.0
container_name: radicale container_name: radicale
ports: ports:
- 5232 - 5232

4
infra/r740/proxmox/ai.tf
View File

@@ -47,7 +47,9 @@ resource "proxmox_virtual_environment_file" "ai-cloud-config" {
resource "proxmox_virtual_environment_vm" "ai" { resource "proxmox_virtual_environment_vm" "ai" {
name = "ai-${var.proxmox_node_name}" name = "ai-${var.proxmox_node_name}"
node_name = var.proxmox_node_name node_name = var.proxmox_node_name
on_boot = true
on_boot = false
started = false
agent { agent {
enabled = true enabled = true

2
infra/r740/proxmox/docker.tf
View File

@@ -61,7 +61,7 @@ resource "proxmox_virtual_environment_vm" "docker-machine" {
} }
memory { memory {
floating = 22222 floating = 32000
dedicated = 38768 dedicated = 38768
} }

8
infra/r740/proxmox/kube.tf
View File

@@ -29,7 +29,7 @@ resource "proxmox_virtual_environment_vm" "kube" {
memory { memory {
dedicated = 32768 dedicated = 32768
floating = 16192 floating = 22222
} }
boot_order = ["scsi0", "ide0"] boot_order = ["scsi0", "ide0"]
@@ -89,6 +89,12 @@ resource "proxmox_virtual_environment_vm" "kube" {
vlan_id = 2 vlan_id = 2
} }
network_device {
bridge = "vmbr0"
model = "virtio"
vlan_id = 2
}
operating_system { operating_system {
type = "l26" type = "l26"
} }

93
kubernetes/system/caddy/caddyfile.yaml Normal file
View File

@@ -0,0 +1,93 @@
# Caddy Routes - External ConfigMap
# This file contains all route definitions, imported by the main Caddyfile.
# Edit this file to add/modify routes.
#
# Certificate files are mounted from the caddy-certificates Secret
# at /etc/caddy/certs/
apiVersion: v1
kind: ConfigMap
metadata:
name: caddy-routes
namespace: caddy
labels:
app.kubernetes.io/name: caddy
app.kubernetes.io/component: routes
data:
Caddyfile: |
vhaudiquet.fr {
tls /etc/caddy/certs/vhaudiquet-fr.crt /etc/caddy/certs/vhaudiquet-fr.key
reverse_proxy 10.1.2.212:80
}
*.vhaudiquet.fr {
tls /etc/caddy/certs/wildcard-vhaudiquet-fr.crt /etc/caddy/certs/wildcard-vhaudiquet-fr.key
# Kubernetes services (via Traefik)
@authentik host authentik.vhaudiquet.fr
@auth-nook host auth-nook.vhaudiquet.fr
@nook-mg host n.vhaudiquet.fr
@nook host nook.vhaudiquet.fr
@sse-nook host sse-nook.vhaudiquet.fr
@gitea host git.vhaudiquet.fr
@flux-wh host flux-webhook.vhaudiquet.fr
@umami host umami.vhaudiquet.fr
handle @authentik {
reverse_proxy traefik.traefik.svc.cluster.local:80
}
handle @auth-nook {
reverse_proxy traefik.traefik.svc.cluster.local:80
}
handle @nook-mg {
reverse_proxy traefik.traefik.svc.cluster.local:80
}
handle @nook {
reverse_proxy traefik.traefik.svc.cluster.local:80
}
handle @sse-nook {
reverse_proxy traefik.traefik.svc.cluster.local:80
}
handle @gitea {
reverse_proxy traefik.traefik.svc.cluster.local:80
}
handle @flux-wh {
reverse_proxy traefik.traefik.svc.cluster.local:80
}
handle @umami {
reverse_proxy traefik.traefik.svc.cluster.local:80
}
# Docker VM services (via Traefik)
@alexscript host alexscript.vhaudiquet.fr
@clips host clips.vhaudiquet.fr
@jellyfin host flix.vhaudiquet.fr
@mail host mail.vhaudiquet.fr
handle @alexscript {
reverse_proxy 10.1.2.212:80
}
handle @clips {
reverse_proxy 10.1.2.212:80
}
handle @jellyfin {
reverse_proxy 10.1.2.212:80
}
handle @mail {
reverse_proxy 10.1.2.212:80
}
}
semery.fr {
tls /etc/caddy/certs/semery-fr.crt /etc/caddy/certs/semery-fr.key
reverse_proxy 10.1.2.212:80
}
buildpath.win {
tls /etc/caddy/certs/buildpath-win.crt /etc/caddy/certs/buildpath-win.key
reverse_proxy 10.1.2.212:80
}

54
kubernetes/system/caddy/certificates-secret.yaml Normal file
View File

File diff suppressed because one or more lines are too long

15
kubernetes/system/caddy/kustomization.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: caddy
resources:
- namespace.yaml
- repository.yaml
- release.yaml
- certificates-secret.yaml
- caddyfile.yaml
secretGenerator:
- name: caddy-values
files:
- values.yaml=values.yaml
configurations:
- kustomizeconfig.yaml

6
kubernetes/system/caddy/kustomizeconfig.yaml Normal file
View File

@@ -0,0 +1,6 @@
nameReference:
- kind: Secret
version: v1
fieldSpecs:
- path: spec/valuesFrom/name
kind: HelmRelease

7
kubernetes/system/caddy/namespace.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: v1
kind: Namespace
metadata:
name: caddy
labels:
app.kubernetes.io/name: caddy
app.kubernetes.io/component: edge-proxy

30
kubernetes/system/caddy/release.yaml Normal file
View File

@@ -0,0 +1,30 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: caddy
namespace: caddy
spec:
interval: 1m
chart:
spec:
sourceRef:
kind: HelmRepository
name: caddy
namespace: caddy
chart: caddy
interval: 1m
version: "0.7.1"
valuesFrom:
- kind: Secret
name: caddy-values
# Patch the Service to add loadBalancerIP since the chart doesn't support it
postRenderers:
- kustomize:
patches:
- target:
kind: Service
name: caddy
patch: |
- op: add
path: /spec/loadBalancerIP
value: "10.1.2.152"

8
kubernetes/system/caddy/repository.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: caddy
namespace: caddy
spec:
interval: 1m
url: https://charts.alekc.dev/

99
kubernetes/system/caddy/values.yaml Normal file
View File

@@ -0,0 +1,99 @@
# Caddy Edge Proxy
replicaCount: 2
# Listen on standard HTTP port
listenPort: 80
# Enable HTTPS
https:
enabled: true
port: 443
image:
repository: caddy
pullPolicy: IfNotPresent
tagSuffix: ""
tag: 2.11.2
service:
type: LoadBalancer
externalTrafficPolicy: Local
# Disable ingress - Caddy IS the edge proxy
ingress:
enabled: false
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 256Mi
# Caddy needs root to bind to ports 80/443 and write runtime data
# Using restrictive security context causes "operation not permitted"
podSecurityContext: {}
securityContext: {}
health:
path: /
port: 9999
# Extra volumes: certificates + external routes ConfigMap
volumes:
- name: certificates
secret:
secretName: ENC[AES256_GCM,data:Er1F+5xhWKUT43+7jU/pwxWP,iv:Ohc3jFIQ4Enmbhd0F44SYWJiHlj1oFOrMdtM4oYKQEU=,tag:Kk8Y8aFSKMyGmY/uRVvyLw==,type:str]
optional: ENC[AES256_GCM,data:JdlpGQ==,iv:xaoqonC9cGHXizHuAFrjhC4ZEtZ2IICeg2hxvGjyFM4=,tag:JYmlIXgIMON7z4++FrBGKQ==,type:bool]
- name: routes
configMap:
name: caddy-routes
# Extra volume mounts
volumeMounts:
- name: certificates
mountPath: /etc/caddy/certs
readOnly: true
- name: routes
mountPath: /etc/caddy/routes
readOnly: true
# Caddy configuration
config:
debug: false
# Global options (goes inside the global {} block)
global: |
auto_https off
# The main Caddyfile content - imports routes from external ConfigMap
# This keeps routes in a separate, easily editable file
caddyFile: |
:80 {
redir https://{host}{uri} permanent
}
import /etc/caddy/routes/Caddyfile
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: caddy
topologyKey: kubernetes.io/hostname
sops:
lastmodified: "2026-05-08T11:43:14Z"
mac: ENC[AES256_GCM,data:K0HWw8yTPKy6e3aQV4SdiVwrCjiyCFlFbeycAiyJq4IdlKX9v4wFvjVFLR8VziH8oXJXdUUhr+LOiqNI5HwghXkVn2dOP2ij9jvXZtMic4P0AUN16PfWoedu9ozA+xsGHZ1OTUv+sxvKEUo5Z5Wp+u761w/Xqdn5hHmU2Komatk=,iv:ICwn/LvizIjXVfgiMje50dQ11JAH37wSla29bGAnjuA=,tag:mV7rtahUy4ODZaA7baM12w==,type:str]
pgp:
- created_at: "2026-05-08T11:43:13Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA7uy4qQr71wiAQ//aGnCSLLWTkhToTh833OJ1GwgN82F8R+RgsfpKIW+XNvI
YdTCgaFrYdCGXsaLHijb7vVwCU0VRf/ufZfQp2+GupqRHCbMLSmlkoiyr9ImGlYX
VWQDajv74H/3CcyCQNjqfFRdUHLE+rfNuYaH/p3+/Ee2bgJi52f3uRdJ4lXSCWIf
KW9lLbwjlfGnOnsnDkaPwcZW9QL353Mi82yXOu7OihobUaVgr83nESXbAS/k4mx1
whOXAoEDeLQZfZrITEewOQ0PHjWJwKc0x2YCiQ0If33GSfDjzWPoDuXmQo/xhk98
Nt3aNTMDvjriGNOIcZyUlEjq1HqCmd3pQSD5h8soR9Do/NsTocyK1da49iz91dha
jwoEga2iFis9Zd9rr7Caf3pWtmKENUGFJl15tpaelvk13jUebSyDubw0OIYbbILr
dVZAeiOHrRMD5crxG05zvOeLMASuL/IrK97RLBAonZLEkRrfgAwZHK2U0rq2HXpI
wlp4yDlF/eILvmMgAruP7lW0q/m5+DfxQtcZdamtm3FWj9m0iUAthvw02fplmFci
xJ82rkfkPAZSm7/yPJ9yiea+tKgX8yk1uArRtf8rsG6SED2lCRKmux8ElcZc5DYV
hyLivTN7X5Nr05mvaPIptCVm1iYoWaiQNZcPDax/LBZJhNaJgPUz1ue1Ppf422PS
XgE4dh3x1ulcUhXm4nK/0FzKmJUOjcygPeGWmia0ZOEHub/ju+z8LgRAkBasqRXP
4aepPm5xVY0g/Z0xksxIWpYUnLRzs0uUKd+zz1MvmWlZckxUO5wWJUWRcwCBDz4=
=Ql2K
-----END PGP MESSAGE-----
fp: DC6910268E657FF70BA7EC289974494E76938DDC
encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$
version: 3.10.2

1
kubernetes/system/cilium/pool.yaml
View File

@@ -6,3 +6,4 @@ spec:
blocks: blocks:
- cidr: "10.1.2.171/32" - cidr: "10.1.2.171/32"
- cidr: "10.1.2.148/32" - cidr: "10.1.2.148/32"
- cidr: "10.1.2.152/32"