mirror of
https://github.com/vhaudiquet/homeprod.git
synced 2026-05-30 12:38:21 +00:00
Compare commits
26 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 vhaudiquet
|
66212c922a | ||
|
vhaudiquet
|
a480212804 | ||
|
vhaudiquet
|
348455fb59 | ||
 dependabot[bot]
|
fe811cf521 | ||
|
vhaudiquet
|
cd56789d53 | ||
|
vhaudiquet
|
11b59bd812 | ||
|
vhaudiquet
|
a58fe56404 | ||
|
vhaudiquet
|
5768898f37 | ||
|
vhaudiquet
|
274e476a7f | ||
|
vhaudiquet
|
aa05aba4a7 | ||
|
dependabot[bot]
|
bd2a2e8ab1 | ||
|
dependabot[bot]
|
1d8ec4ae3e | ||
|
dependabot[bot]
|
69c32f6620 | ||
|
dependabot[bot]
|
c903a1ccf3 | ||
|
dependabot[bot]
|
ab9231841e | ||
|
vhaudiquet
|
9dd6cb2b85 | ||
|
vhaudiquet
|
3a6a621193 | ||
|
vhaudiquet
|
17ab87e276
|
||
|
dependabot[bot]
|
56f67dd447 | ||
|
dependabot[bot]
|
33bdb8f3b0 | ||
|
dependabot[bot]
|
1b4e2dafbc | ||
|
dependabot[bot]
|
9f59f7cea0 | ||
|
vhaudiquet
|
524d0d7d3c
|
||
|
vhaudiquet
|
51b22d769e
|
||
|
vhaudiquet
|
4bd0274714
|
||
|
vhaudiquet
|
69e3a793c8
|
@@ -34,7 +34,6 @@ updates:
|
||||
- "/docker/production/alexscript"
|
||||
- "/docker/production/buildpath"
|
||||
- "/docker/production/semeryfr"
|
||||
- "/docker/production/vhaudiquetfr"
|
||||
- "/docker/tools/excalidraw"
|
||||
- "/docker/tools/obsidian-livesync"
|
||||
- "/docker/tools/stirling-pdf"
|
||||
@@ -52,6 +51,7 @@ updates:
|
||||
- "/kubernetes/personal/notesnook"
|
||||
- "/kubernetes/personal/photoprism"
|
||||
- "/kubernetes/production/umami"
|
||||
- "/kubernetes/production/vhaudiquet-fr"
|
||||
- "/kubernetes/system/blocky"
|
||||
- "/kubernetes/system/caddy"
|
||||
- "/kubernetes/system/coredns"
|
||||
|
||||
@@ -153,11 +153,6 @@ semeryfr:
|
||||
branch: main
|
||||
compose_file: docker/production/semeryfr/docker-compose.yml
|
||||
|
||||
vhaudiquetfr:
|
||||
repo: homeprod
|
||||
branch: main
|
||||
compose_file: docker/production/vhaudiquetfr/docker-compose.yml
|
||||
|
||||
excalidraw:
|
||||
repo: homeprod
|
||||
branch: main
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
: - octodns:
|
||||
cloudflare:
|
||||
auto-ttl: true
|
||||
proxied: true
|
||||
proxied: false
|
||||
ttl: 300
|
||||
type: A
|
||||
value: 83.113.30.49
|
||||
@@ -22,7 +22,7 @@ www:
|
||||
octodns:
|
||||
cloudflare:
|
||||
auto-ttl: true
|
||||
proxied: true
|
||||
proxied: false
|
||||
ttl: 300
|
||||
type: A
|
||||
value: 83.113.30.49
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
services:
|
||||
esphome:
|
||||
image: ghcr.io/esphome/esphome:2026.4.4
|
||||
image: ghcr.io/esphome/esphome:2026.4.5
|
||||
ports:
|
||||
- "6052"
|
||||
networks:
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
services:
|
||||
n8n:
|
||||
image: docker.n8n.io/n8nio/n8n:2.19.2
|
||||
image: docker.n8n.io/n8nio/n8n:2.21.2
|
||||
environment:
|
||||
- TZ=Europe/Paris
|
||||
- N8N_SECURE_COOKIE=false
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
services:
|
||||
stalwart:
|
||||
image: stalwartlabs/stalwart:v0.16.4
|
||||
image: stalwartlabs/stalwart:v0.16.5
|
||||
container_name: stalwart
|
||||
networks:
|
||||
- default
|
||||
|
||||
@@ -8,6 +8,7 @@ entryPoints:
|
||||
trustedIPs:
|
||||
- "127.0.0.1/32"
|
||||
- "10.1.2.11/32" # nginxproxymanager
|
||||
- "10.1.2.152/32" # caddy
|
||||
|
||||
providers:
|
||||
docker:
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
services:
|
||||
grampsweb:
|
||||
container_name: grampsweb
|
||||
image: ghcr.io/gramps-project/grampsweb:26.5.0
|
||||
image: ghcr.io/gramps-project/grampsweb:26.5.1
|
||||
restart: always
|
||||
networks:
|
||||
- default
|
||||
@@ -31,7 +31,7 @@ services:
|
||||
|
||||
grampsweb_celery:
|
||||
container_name: grampsweb_celery
|
||||
image: ghcr.io/gramps-project/grampsweb:26.5.0
|
||||
image: ghcr.io/gramps-project/grampsweb:26.5.1
|
||||
restart: always
|
||||
environment:
|
||||
- GRAMPSWEB_TREE="Gramps Web" # will create a new tree if not exists
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
services:
|
||||
jackett:
|
||||
container_name: jackett
|
||||
image: ghcr.io/hotio/jackett:release-v0.24.1815
|
||||
image: ghcr.io/hotio/jackett:release-v0.24.1846
|
||||
ports:
|
||||
- "9117"
|
||||
networks:
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
services:
|
||||
jellyfin:
|
||||
image: jellyfin/jellyfin:2026050514
|
||||
image: jellyfin/jellyfin:2026051106
|
||||
container_name: jellyfin
|
||||
networks:
|
||||
- default
|
||||
|
||||
@@ -14,7 +14,7 @@ services:
|
||||
ND_SESSIONTIMEOUT: 24h
|
||||
ND_BASEURL: "http://navidrome.lan"
|
||||
ND_PORT: 4533
|
||||
ND_REVERSEPROXYWHITELIST: "172.20.0.0/16,10.1.2.11/32"
|
||||
ND_REVERSEPROXYWHITELIST: "172.20.0.0/16,10.1.2.11/32,10.1.2.152/32"
|
||||
volumes:
|
||||
- data:/data
|
||||
- "music:/music:ro"
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
services:
|
||||
radicale:
|
||||
image: tomsquest/docker-radicale:3.7.1.0
|
||||
image: tomsquest/docker-radicale:3.7.2.0
|
||||
container_name: radicale
|
||||
ports:
|
||||
- 5232
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
services:
|
||||
syncthing-valentin:
|
||||
image: syncthing/syncthing:2.0
|
||||
image: syncthing/syncthing:2.1
|
||||
container_name: syncthing-valentin
|
||||
hostname: syncthing-valentin
|
||||
environment:
|
||||
|
||||
@@ -10,7 +10,7 @@ services:
|
||||
env_file: .env
|
||||
|
||||
match_collector:
|
||||
image: git.vhaudiquet.fr/vhaudiquet/lolstats-match_collector:b2178fec85027348157a5442a81d00479154e581
|
||||
image: git.vhaudiquet.fr/vhaudiquet/lolstats-match_collector:0224b7812c8631bde3e9513adace64341152fc20
|
||||
build: ./match_collector
|
||||
volumes:
|
||||
- bpcdragon_cache:/cdragon
|
||||
@@ -23,7 +23,7 @@ services:
|
||||
env_file: .env
|
||||
|
||||
frontend:
|
||||
image: git.vhaudiquet.fr/vhaudiquet/lolstats-frontend:b2178fec85027348157a5442a81d00479154e581
|
||||
image: git.vhaudiquet.fr/vhaudiquet/lolstats-frontend:0224b7812c8631bde3e9513adace64341152fc20
|
||||
build: ./frontend
|
||||
restart: always
|
||||
volumes:
|
||||
|
||||
@@ -1,36 +0,0 @@
|
||||
services:
|
||||
vhaudiquetfr:
|
||||
container_name: vhaudiquetfr
|
||||
image: git.vhaudiquet.fr/vhaudiquet/vhaudiquet.fr:259ad574d15c1b50e0766602b6b0b5ee39afd657
|
||||
networks:
|
||||
- default
|
||||
- proxy
|
||||
ports:
|
||||
- 80
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.vhaudiquetfr.rule=Host(`vhaudiquet.fr`)"
|
||||
environment:
|
||||
- NGINX_HOST=vhaudiquet.fr
|
||||
- NGINX_PORT=80
|
||||
volumes:
|
||||
- files:/usr/share/nginx/html/files
|
||||
- public:/usr/share/nginx/html/public
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
name: proxy
|
||||
|
||||
volumes:
|
||||
files:
|
||||
driver: local
|
||||
driver_opts:
|
||||
type: 'none'
|
||||
o: 'bind'
|
||||
device: '/app/vhaudiquetfr/files'
|
||||
public:
|
||||
driver_opts:
|
||||
type: 'nfs'
|
||||
o: 'addr=truenas.lan'
|
||||
device: ':/mnt/main_storage/public'
|
||||
@@ -52,6 +52,7 @@ find kubernetes -name 'release.yaml' -print0 \
|
||||
if ! [ -f .github/dependabot.yml ] || ! cmp -s "$tmpfile" .github/dependabot.yml; then
|
||||
mv "$tmpfile" .github/dependabot.yml
|
||||
echo "Updated .github/dependabot.yml!"
|
||||
git add ".github/dependabot.yml"
|
||||
else
|
||||
echo "No changes to .github/dependabot.yml."
|
||||
fi
|
||||
@@ -33,6 +33,7 @@ find docker -name 'docker-compose.yml' -print0 \
|
||||
if ! [ -f .swarmcd/stacks.yaml ] || ! cmp -s "$tmpfile" .swarmcd/stacks.yaml; then
|
||||
mv "$tmpfile" .swarmcd/stacks.yaml
|
||||
echo "Updated .swarmcd/stacks.yaml!"
|
||||
git add ".swarmcd/stacks.yaml"
|
||||
else
|
||||
echo "No changes to .swarmcd/stacks.yaml."
|
||||
fi
|
||||
@@ -47,7 +47,9 @@ resource "proxmox_virtual_environment_file" "ai-cloud-config" {
|
||||
resource "proxmox_virtual_environment_vm" "ai" {
|
||||
name = "ai-${var.proxmox_node_name}"
|
||||
node_name = var.proxmox_node_name
|
||||
on_boot = true
|
||||
|
||||
on_boot = false
|
||||
started = false
|
||||
|
||||
agent {
|
||||
enabled = true
|
||||
|
||||
@@ -61,7 +61,7 @@ resource "proxmox_virtual_environment_vm" "docker-machine" {
|
||||
}
|
||||
|
||||
memory {
|
||||
floating = 22222
|
||||
floating = 32000
|
||||
dedicated = 38768
|
||||
}
|
||||
|
||||
|
||||
@@ -29,7 +29,7 @@ resource "proxmox_virtual_environment_vm" "kube" {
|
||||
|
||||
memory {
|
||||
dedicated = 32768
|
||||
floating = 16192
|
||||
floating = 22222
|
||||
}
|
||||
|
||||
boot_order = ["scsi0", "ide0"]
|
||||
@@ -89,6 +89,12 @@ resource "proxmox_virtual_environment_vm" "kube" {
|
||||
vlan_id = 2
|
||||
}
|
||||
|
||||
network_device {
|
||||
bridge = "vmbr0"
|
||||
model = "virtio"
|
||||
vlan_id = 2
|
||||
}
|
||||
|
||||
operating_system {
|
||||
type = "l26"
|
||||
}
|
||||
|
||||
@@ -0,0 +1,13 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: vhaudiquet-fr
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- repository.yaml
|
||||
- release.yaml
|
||||
secretGenerator:
|
||||
- name: vhaudiquet-fr-values
|
||||
files:
|
||||
- values.yaml=values.yaml
|
||||
configurations:
|
||||
- kustomizeconfig.yaml
|
||||
@@ -0,0 +1,6 @@
|
||||
nameReference:
|
||||
- kind: Secret
|
||||
version: v1
|
||||
fieldSpecs:
|
||||
- path: spec/valuesFrom/name
|
||||
kind: HelmRelease
|
||||
@@ -0,0 +1,4 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: vhaudiquet-fr
|
||||
@@ -0,0 +1,19 @@
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: vhaudiquet-fr
|
||||
namespace: vhaudiquet-fr
|
||||
spec:
|
||||
interval: 1m
|
||||
chart:
|
||||
spec:
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: vhaudiquet-fr
|
||||
namespace: vhaudiquet-fr
|
||||
chart: vhaudiquet-fr
|
||||
version: '>=0.1.0-0'
|
||||
interval: 1m
|
||||
valuesFrom:
|
||||
- kind: Secret
|
||||
name: vhaudiquet-fr-values
|
||||
@@ -0,0 +1,8 @@
|
||||
apiVersion: source.toolkit.fluxcd.io/v1
|
||||
kind: HelmRepository
|
||||
metadata:
|
||||
name: vhaudiquet-fr
|
||||
namespace: vhaudiquet-fr
|
||||
spec:
|
||||
interval: 1m
|
||||
url: https://git.vhaudiquet.fr/api/packages/vhaudiquet/helm
|
||||
@@ -0,0 +1,67 @@
|
||||
# Number of replicas
|
||||
replicaCount: 1
|
||||
# Container image configuration
|
||||
image:
|
||||
repository: git.vhaudiquet.fr/vhaudiquet/vhaudiquet.fr
|
||||
pullPolicy: IfNotPresent
|
||||
# The image tag defaults to the chart appVersion (which is set to git SHA by CI).
|
||||
# Override this only if you need a specific version.
|
||||
tag: ""
|
||||
# Image pull secrets for private registries
|
||||
imagePullSecrets: []
|
||||
# Ingress configuration
|
||||
ingress:
|
||||
enabled: true
|
||||
className: ""
|
||||
annotations: {}
|
||||
# kubernetes.io/ingress.class: nginx
|
||||
# kubernetes.io/tls-acme: "true"
|
||||
hosts:
|
||||
- host: vhaudiquet.fr
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls: []
|
||||
# Environment variables
|
||||
env:
|
||||
NGINX_HOST: vhaudiquet.fr
|
||||
NGINX_PORT: "80"
|
||||
# NFS Storage configuration for public files
|
||||
nfs:
|
||||
enabled: true
|
||||
# NFS server IP address
|
||||
server: truenas.lan
|
||||
# NFS export path
|
||||
path: /mnt/main_storage/public
|
||||
# Mount path inside the container
|
||||
mountPath: /usr/share/nginx/html/public
|
||||
# Storage size for PVC
|
||||
storageSize: 10Gi
|
||||
# Storage class name (leave empty for default)
|
||||
storageClassName: ""
|
||||
sops:
|
||||
lastmodified: "2026-05-14T09:33:46Z"
|
||||
mac: ENC[AES256_GCM,data:R5ular4bAyV0cFPGUGYg4NWCGI64rWTax6ObBnCadORwSTh5/VQN3bsDDPFC3dep/7nKzY71d2X4qAcVU3RkWa9eMP+e9dhaGV9/8gvY/qDXZiNEuAXsmpaSATgUo6mUwqrwl5tn4ono4ID8gr7FRVpneTbYX/HpiWDbBa9l1Xk=,iv:wQ552gswkX5aOy/Cht1zY56camnb8EhEwy711osyf4c=,tag:t+U/1wRD7/z39KY9zjNcMQ==,type:str]
|
||||
pgp:
|
||||
- created_at: "2026-05-14T09:33:46Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA7uy4qQr71wiAQ/+JAzu9u2Dgn+lA58pIhRbM1064juEOvebtBK0FdJCi7AG
|
||||
/Up2oooBmLMxybk16q0800kZHgOAcqTWkRcDq3QhC7nK+xcs03plTLLAlqfnh2x0
|
||||
XyqQVk4du9caRdgvgN96tG+oWUJcuUJ/uFunXAzRvPnNysS5sGXVKJmbVVKfTjqk
|
||||
UPyA5sBbCIxW10kPZJjprR1HaRl2dkgz7jZI/q2RXhFjCOhthMErBFr4f6xD3LnN
|
||||
H5XVtixNcVmIinsGUIgvPW+qknjrf17ammgEtOqjtuu4PUevQFt4zkVyjU0Y/ASj
|
||||
HAyYgSNIAXanb3u9ulL6CCg/CXJSofTrexw5RPM9eTQQ7S1KqHm/Ns6jjl/jXtEW
|
||||
cIQZ5bQJPTJu7W9gxGpgaLmWwGfoDWvmT2rIFYC9tf+61F4EbRvY6KepKET9NYTJ
|
||||
EnyDoxRsfVgxwQjyqpIpmNewWpgWwcLbD8INoJUVx/Yr284F9pBCgKqKRmeNH/Sy
|
||||
kEt3QD1ElohuwTx7XLkYf6LuDFy8kA5wFUPKUgxmoFsGZhMhmi8ysUkUxtYPPMD8
|
||||
YLVOK8UX3sYUDdY7tQjlgz6nhMqGL7ekqxyA5PSCGlhg5siKIhltz1CzadNOrsqF
|
||||
jHkiUCrDNu1ToRPllOw4WMwSzII/sf2oP3FJyE+/Rsl49rVjELLfC8eWPhG0yhXS
|
||||
XgGHbmvrm1QPl70dF+896QE/XtSydiqLUynCeIAvh61//ipS9lSZXpdDKEP5Q7ZD
|
||||
/lTbPRH7Y7EZUgarjBtc2wYg3iaBkELtS5lnQeJawHQ8/M3TxdWmgEeBim/qr+A=
|
||||
=K+50
|
||||
-----END PGP MESSAGE-----
|
||||
fp: DC6910268E657FF70BA7EC289974494E76938DDC
|
||||
encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$
|
||||
version: 3.10.2
|
||||
@@ -17,7 +17,7 @@ data:
|
||||
Caddyfile: |
|
||||
vhaudiquet.fr {
|
||||
tls /etc/caddy/certs/vhaudiquet-fr.crt /etc/caddy/certs/vhaudiquet-fr.key
|
||||
reverse_proxy 10.1.2.212:80
|
||||
reverse_proxy 10.1.2.171:80
|
||||
}
|
||||
|
||||
*.vhaudiquet.fr {
|
||||
@@ -37,14 +37,33 @@ data:
|
||||
|
||||
@umami host umami.vhaudiquet.fr
|
||||
|
||||
handle @authentik { reverse_proxy traefik.traefik.svc.cluster.local:80 }
|
||||
handle @auth-nook { reverse_proxy traefik.traefik.svc.cluster.local:80 }
|
||||
handle @nook-mg { reverse_proxy traefik.traefik.svc.cluster.local:80 }
|
||||
handle @nook { reverse_proxy traefik.traefik.svc.cluster.local:80 }
|
||||
handle @sse-nook { reverse_proxy traefik.traefik.svc.cluster.local:80 }
|
||||
handle @gitea { reverse_proxy traefik.traefik.svc.cluster.local:80 }
|
||||
handle @flux-wh { reverse_proxy traefik.traefik.svc.cluster.local:80 }
|
||||
handle @umami { reverse_proxy traefik.traefik.svc.cluster.local:80 }
|
||||
handle @authentik {
|
||||
reverse_proxy traefik.traefik.svc.cluster.local:80 {
|
||||
header_up Connection {>Connection}
|
||||
header_up Upgrade {>Upgrade}
|
||||
}
|
||||
}
|
||||
handle @auth-nook {
|
||||
reverse_proxy traefik.traefik.svc.cluster.local:80
|
||||
}
|
||||
handle @nook-mg {
|
||||
reverse_proxy traefik.traefik.svc.cluster.local:80
|
||||
}
|
||||
handle @nook {
|
||||
reverse_proxy traefik.traefik.svc.cluster.local:80
|
||||
}
|
||||
handle @sse-nook {
|
||||
reverse_proxy traefik.traefik.svc.cluster.local:80
|
||||
}
|
||||
handle @gitea {
|
||||
reverse_proxy traefik.traefik.svc.cluster.local:80
|
||||
}
|
||||
handle @flux-wh {
|
||||
reverse_proxy traefik.traefik.svc.cluster.local:80
|
||||
}
|
||||
handle @umami {
|
||||
reverse_proxy traefik.traefik.svc.cluster.local:80
|
||||
}
|
||||
|
||||
# Docker VM services (via Traefik)
|
||||
@alexscript host alexscript.vhaudiquet.fr
|
||||
@@ -52,10 +71,18 @@ data:
|
||||
@jellyfin host flix.vhaudiquet.fr
|
||||
@mail host mail.vhaudiquet.fr
|
||||
|
||||
handle @alexscript { reverse_proxy 10.1.2.212:80 }
|
||||
handle @clips { reverse_proxy 10.1.2.212:80 }
|
||||
handle @jellyfin { reverse_proxy 10.1.2.212:80 }
|
||||
handle @mail { reverse_proxy 10.1.2.212:80 }
|
||||
handle @alexscript {
|
||||
reverse_proxy 10.1.2.212:80
|
||||
}
|
||||
handle @clips {
|
||||
reverse_proxy 10.1.2.212:80
|
||||
}
|
||||
handle @jellyfin {
|
||||
reverse_proxy 10.1.2.212:80
|
||||
}
|
||||
handle @mail {
|
||||
reverse_proxy 10.1.2.212:80
|
||||
}
|
||||
}
|
||||
|
||||
semery.fr {
|
||||
|
||||
@@ -17,3 +17,14 @@ spec:
|
||||
valuesFrom:
|
||||
- kind: Secret
|
||||
name: caddy-values
|
||||
# Patch the Service to add loadBalancerIP since the chart doesn't support it
|
||||
postRenderers:
|
||||
- kustomize:
|
||||
patches:
|
||||
- target:
|
||||
kind: Service
|
||||
name: caddy
|
||||
patch: |
|
||||
- op: add
|
||||
path: /spec/loadBalancerIP
|
||||
value: "10.1.2.152"
|
||||
|
||||
@@ -13,8 +13,6 @@ image:
|
||||
tag: 2.11.2
|
||||
service:
|
||||
type: LoadBalancer
|
||||
annotations:
|
||||
io.cilium/lb-ipam-ips: 10.1.2.152
|
||||
externalTrafficPolicy: Local
|
||||
# Disable ingress - Caddy IS the edge proxy
|
||||
ingress:
|
||||
@@ -26,17 +24,10 @@ resources:
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 256Mi
|
||||
podSecurityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
# Caddy needs root to bind to ports 80/443 and write runtime data
|
||||
# Using restrictive security context causes "operation not permitted"
|
||||
podSecurityContext: {}
|
||||
securityContext: {}
|
||||
health:
|
||||
path: /
|
||||
port: 9999
|
||||
@@ -44,8 +35,8 @@ health:
|
||||
volumes:
|
||||
- name: certificates
|
||||
secret:
|
||||
secretName: ENC[AES256_GCM,data:hpxK4mqVNwVRWutC4ufnqhzu,iv:D/7vhjkr5buSFJ42UeGKicPJA7YxHhv+vmakFFE11Vk=,tag:AExbVZIQu+wrUb5jq86toA==,type:str]
|
||||
optional: ENC[AES256_GCM,data:y19uLw==,iv:S5VEP6p7GspKtXeTDumHy1xJ0yW1qu/t4yqy3bhlZSE=,tag:mkZiVVboLoOhGd1EcE9PaA==,type:bool]
|
||||
secretName: ENC[AES256_GCM,data:Er1F+5xhWKUT43+7jU/pwxWP,iv:Ohc3jFIQ4Enmbhd0F44SYWJiHlj1oFOrMdtM4oYKQEU=,tag:Kk8Y8aFSKMyGmY/uRVvyLw==,type:str]
|
||||
optional: ENC[AES256_GCM,data:JdlpGQ==,iv:xaoqonC9cGHXizHuAFrjhC4ZEtZ2IICeg2hxvGjyFM4=,tag:JYmlIXgIMON7z4++FrBGKQ==,type:bool]
|
||||
- name: routes
|
||||
configMap:
|
||||
name: caddy-routes
|
||||
@@ -66,6 +57,10 @@ config:
|
||||
# The main Caddyfile content - imports routes from external ConfigMap
|
||||
# This keeps routes in a separate, easily editable file
|
||||
caddyFile: |
|
||||
:80 {
|
||||
redir https://{host}{uri} permanent
|
||||
}
|
||||
|
||||
import /etc/caddy/routes/Caddyfile
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
@@ -77,27 +72,27 @@ affinity:
|
||||
app.kubernetes.io/name: caddy
|
||||
topologyKey: kubernetes.io/hostname
|
||||
sops:
|
||||
lastmodified: "2026-05-07T22:47:47Z"
|
||||
mac: ENC[AES256_GCM,data:LQqoe/wDLAUJWLiEGoID3CSI4bQmdVaroAkq7Kk9Ullt85X3VmYMOrLXjn1Qew95rpG6gB9Bl7rvv0J7mUDJtewhfkSsSXKTYJAcn4VVoNGZ3PZu9/w5HNvOqDhTkXBWKEgQK4+HMKKEhW8iQ5aJ+oTAEZfKsp9k8+mqgHId100=,iv:E/v+fY9iKM9W9NFSGNtiJV6ZeaAb2Fy2hGDgOBwmFyU=,tag:JOD69j8SUS5339+zrV9L4g==,type:str]
|
||||
lastmodified: "2026-05-08T11:43:14Z"
|
||||
mac: ENC[AES256_GCM,data:K0HWw8yTPKy6e3aQV4SdiVwrCjiyCFlFbeycAiyJq4IdlKX9v4wFvjVFLR8VziH8oXJXdUUhr+LOiqNI5HwghXkVn2dOP2ij9jvXZtMic4P0AUN16PfWoedu9ozA+xsGHZ1OTUv+sxvKEUo5Z5Wp+u761w/Xqdn5hHmU2Komatk=,iv:ICwn/LvizIjXVfgiMje50dQ11JAH37wSla29bGAnjuA=,tag:mV7rtahUy4ODZaA7baM12w==,type:str]
|
||||
pgp:
|
||||
- created_at: "2026-05-07T22:47:46Z"
|
||||
- created_at: "2026-05-08T11:43:13Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA7uy4qQr71wiARAAt5P8/X84OYKnWvKc5qRpwHNQwbfqrB/SHkX82oJ8ZlXJ
|
||||
/vlKVDOBrlntePt4cyKT6c3Ubw4xDj/1U3PkvM44AXSRHH8E5dSUI+5T/0+SBlfU
|
||||
6XlkF6cpng/ydMvImTAi3+8bmC3yHE/NEegreldjFj7l2hdFuvfyOp7pmE//Ljox
|
||||
D7tkq9v1/IlvPfeAY0xIEotr1nb41OEhM7OhPQjtGUeufD0eCUhCQaZSo+CjTrf2
|
||||
cG+eE/O2jCLNjWJ33wK1AHtHX1mlyzW8sRkRVgg511G8iquFjD11ZuDZPEIC8Yle
|
||||
idftTlPh0ZTOGXcfDVn5Pq9dgkZ3K6ufhvEb8mw0NrPsysY21PdDaIzLo58b4t2m
|
||||
akJ1xCciwsQDorKfFjpG7gFzV1KvMzw/KjEUFxg5JfKaFGTPhgsf50OiM6VPf4gP
|
||||
cTS5QNewdnbnzHE756PkZqfqdt6Tt9xqji8r72PwTSUy6yaK/lV9owAIZ6V2yTdt
|
||||
l3DckDp0HsU/w98fabiX9CsrJUWeUfioElw2ibXWcXNHmqPoFl1Bf/AbF20t6P9p
|
||||
+1J0vMu6ONsBGv2Flmle2Ya7OQbZF4lQB4dQLUBDKdZArsB5Sspm3Rf+4iP9qUF+
|
||||
Pr/OotbiaOLsEZybIf+L2d5ON4zCbNAU5VbpfWMKH0AsPcIH5Ruw7d/OutAGZOvS
|
||||
XAGAEBjVlZ2IRU6CSPJDG/9TqBHyBHfriV+BoGlKlXbPMoJAZI2wX1o7+M6S65ho
|
||||
aiR70aCo2kIgFvxxBeY1FxtB0DB8Zeoul7ovvhKIq2u9s7X/OSIa0X5dm6sZ
|
||||
=fg1O
|
||||
hQIMA7uy4qQr71wiAQ//aGnCSLLWTkhToTh833OJ1GwgN82F8R+RgsfpKIW+XNvI
|
||||
YdTCgaFrYdCGXsaLHijb7vVwCU0VRf/ufZfQp2+GupqRHCbMLSmlkoiyr9ImGlYX
|
||||
VWQDajv74H/3CcyCQNjqfFRdUHLE+rfNuYaH/p3+/Ee2bgJi52f3uRdJ4lXSCWIf
|
||||
KW9lLbwjlfGnOnsnDkaPwcZW9QL353Mi82yXOu7OihobUaVgr83nESXbAS/k4mx1
|
||||
whOXAoEDeLQZfZrITEewOQ0PHjWJwKc0x2YCiQ0If33GSfDjzWPoDuXmQo/xhk98
|
||||
Nt3aNTMDvjriGNOIcZyUlEjq1HqCmd3pQSD5h8soR9Do/NsTocyK1da49iz91dha
|
||||
jwoEga2iFis9Zd9rr7Caf3pWtmKENUGFJl15tpaelvk13jUebSyDubw0OIYbbILr
|
||||
dVZAeiOHrRMD5crxG05zvOeLMASuL/IrK97RLBAonZLEkRrfgAwZHK2U0rq2HXpI
|
||||
wlp4yDlF/eILvmMgAruP7lW0q/m5+DfxQtcZdamtm3FWj9m0iUAthvw02fplmFci
|
||||
xJ82rkfkPAZSm7/yPJ9yiea+tKgX8yk1uArRtf8rsG6SED2lCRKmux8ElcZc5DYV
|
||||
hyLivTN7X5Nr05mvaPIptCVm1iYoWaiQNZcPDax/LBZJhNaJgPUz1ue1Ppf422PS
|
||||
XgE4dh3x1ulcUhXm4nK/0FzKmJUOjcygPeGWmia0ZOEHub/ju+z8LgRAkBasqRXP
|
||||
4aepPm5xVY0g/Z0xksxIWpYUnLRzs0uUKd+zz1MvmWlZckxUO5wWJUWRcwCBDz4=
|
||||
=Ql2K
|
||||
-----END PGP MESSAGE-----
|
||||
fp: DC6910268E657FF70BA7EC289974494E76938DDC
|
||||
encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$
|
||||
|
||||
@@ -65,3 +65,4 @@ data:
|
||||
webmail IN A 10.1.2.212
|
||||
wizarr IN A 10.1.2.212
|
||||
zigbee2mqtt IN A 10.1.2.212
|
||||
nodered IN A 10.1.2.212
|
||||
|
||||
@@ -8,35 +8,31 @@ ports:
|
||||
- 127.0.0.1/32
|
||||
# nginx-proxy
|
||||
- 10.1.2.11/32
|
||||
# caddy
|
||||
- 10.1.2.152/32
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2025-03-22T13:26:30Z"
|
||||
mac: ENC[AES256_GCM,data:PMUHyPCnIhmUo5N1mdoMhDLXaFN6Cl0IGuq8EG3MGtY5X1g1QboL5nI5o25evFbuXdZn9KB2AqgzPZBxykhVpz8W+mj987g4VeDJ7sU/OnJibHSo+ibqoo0NvQaAMukWevqI7fAQZoyI3PZi07mMGYw23h2cmaJmsuAuDnQ0CvA=,iv:RRV/BF7OXFmBJX5lXZjrG4+4jjbjzMrR8BByMo5hfwA=,tag:+lVLSfdjHeJjA3dKMiRIGA==,type:str]
|
||||
lastmodified: "2026-05-26T10:06:12Z"
|
||||
mac: ENC[AES256_GCM,data:6pqJOa+WstEuKpP4WPEjUslZX1pGkdFxrfXQEYTNO2sU2MXgIXK0tyx/Q1vTJWnMh5fK17LOdch9ddHPhRr2Q8UXAkLC/9FPEtSwcXfLIp4pZV0C3bYZyOOjHGBJp2tU6ghimJ4SPAdhOHEV0pkhKdsG3/uZxWV0KdyfC+TugRE=,iv:hLCFrIpz22X6hE0pGOAqqcrpzoFu8HujwEtb9nvVtjQ=,tag:7FW3zHoxrW2NeKSnnO9gyQ==,type:str]
|
||||
pgp:
|
||||
- created_at: "2025-03-22T13:26:30Z"
|
||||
- created_at: "2026-05-26T10:06:12Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA7uy4qQr71wiAQ/8DGnKyC/pNGEAuuxcZjoLQhK8TJ3NgNQ3HBVLGpbVBb3S
|
||||
P/n94oPwwEbWXpdq1/MapFgaiAP3kXyv308c0CeIICQvg9xFeXK7/o/X3ucJu/YV
|
||||
TiMsBUCAIWKrN4lmNr3wgnMDQiRs9myzgmzJv3KOpbQr5cYnrT51spWCD2Nnt6Xm
|
||||
HfLyZrxGscW0lrRi6jeg/7lts3HYEs75i8xUS95pj5/a+7i83sfpaAFdkGcxV6Vq
|
||||
285Ys7S86Hrp2T0QkADHMJMXmbeTV18Psfy2v9SXgqeRMq1XHQDn+nPPkYY0kmhs
|
||||
7xVEwGHYLkKuyNmTm+ygsQAVGd/kCeqO+hsdKRtmJ5f4vh0w1ePftScqbfEwNuDl
|
||||
ygEVUIoVhDYdUKnjwqjgiOxsx3Y6+RS4g3vg6gNWk1HunM24bzkFRP4w1lVYB07n
|
||||
hDcQeP0bqo7hopJjvM0VtXbSJq81duBup9DyyPaXOf30p0c+l9it4XdoeR7JaZ/y
|
||||
nJ22POfQYCoJyKpgdB/eReLd/2MqLhdnsCUTd+CNTS1+nCz1M4JziagXU9CspnqP
|
||||
sCYylw6aC9XfzScZldpysdqes1/1ZC9F2QeL6ZO66IRV3xBk/5eSsyZ275DRZYAj
|
||||
P4jf1UhA4U0LQoVPAjh9cA8SLm29MgfEwoFSLGx6wsJ//ibxMIlxku9gkiRRTkPU
|
||||
aAEJAhCQKhc7EsDKh7GgrlPh0763p+CuZR7yMp2W1kY9nU/w/802SgYEyLdPW1aY
|
||||
gG3zMpt1roTOQI7D0jM7NjcYOLeOHWR0ac00wqv3S7I9+4tXOxuHyTX6Og19Z3GV
|
||||
OUgA2wzhUFtj
|
||||
=2DEs
|
||||
hQIMA7uy4qQr71wiARAAkuFrI1AQDcLWUWGeGLwpN44bo451TZdADcrk7pea2Rvb
|
||||
L+vgroTr+U/DtS3ZgzDYfb4RO/RGli8GID0z+hVDRqdAp5xuvlWE7bLYahmdeyJr
|
||||
YHvHfcxm0lQkHpKo8gQKeQCOHFAFS5jIC/0Uck3yAxbECCIVWXTO6VWYPAcxTZQL
|
||||
rzR3rwD3XPJqydbwjmbta3WhHvON/NFbTt6kHBryLDo25zMSOyvdMPc40xetc6z8
|
||||
tcH1DF8zgxGssEsdYcBLzNQ7CNXtNBLJxrPsQ8wABSrxtBtO43A67JdhIoOk4VYC
|
||||
koOqeAzbXTIfElTEKguEE+bUY+UpPd8jYQUp5A/F7mkp0qjNTyHJ2dC2v7brVfYY
|
||||
3gLZYzEjCnIe54L6/EeszLr9cp4g5J3jUG4sBEeYTsZd+zb3dLKF4imOGqRxTUrs
|
||||
EMMfIRlXNG0CSykdGcYUAfRDOMcrewy7jhzJOczcB48Niwrmq2n5MDALAxR3vOjo
|
||||
YRChO74RuKqUGdOnJorGWNpVo1Khy2rCC3V+KmcRXMdYN1HPe2II6nijLHDmj/jN
|
||||
W83NovJv6FOIV2g0TKIFTJSaDtl3KTN4+7DJw2MnsjkiDv0W9hY02fc4QbEtuW2+
|
||||
7FKZi1B8qbZU6iQV/PMO3Pv460qQ39M+1OEhkDmpMf/hk//6GSec2CUg4Ivn8P3S
|
||||
XgGYqg1j6D0AU/Y69kcmoWdZN7SIcJ/VfOpfosBkk4oi3UhWqAkjs/F929xPBNtL
|
||||
BjvNOG2TBlxlDAlx2A2OE7Mx1gcH6hppxqY4xCY1T1vz+K5cBgBvSEK6GSFV/F0=
|
||||
=DkrO
|
||||
-----END PGP MESSAGE-----
|
||||
fp: DC6910268E657FF70BA7EC289974494E76938DDC
|
||||
encrypted_regex: ^(password|ssh-key|api-key|user|username|privateKey|apiKey|extraArgs.*|extraEnvVars|.*secret.*|key|.*Password|.*\.ya?ml)$
|
||||
version: 3.9.4
|
||||
encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$
|
||||
version: 3.10.2
|
||||
|
||||
Reference in New Issue
Block a user