Skip to content

Commit

Permalink
--wip-- [skipci]
Browse files Browse the repository at this point in the history
  • Loading branch information
Liana64 committed Dec 24, 2024
1 parent 1cf315d commit 5a50c75
Show file tree
Hide file tree
Showing 35 changed files with 718 additions and 46 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,8 @@ spec:
initContainers:
init-db:
image:
repository: ghcr.io/onedr0p/postgres-init
repository: ghcr.io/liana64/postgres-init
tag: 16
# https://github.com/onedr0p/containers/blob/main/apps/postgres-init/entrypoint.sh
env:
INIT_POSTGRES_HOST: &dbHost postgres-1-rw.database.svc.cluster.local
INIT_POSTGRES_DBNAME: &dbName mataroa
Expand All @@ -62,7 +61,7 @@ spec:
tag: rolling@sha256:702eae37414c0b492b766771a50b9c8490b4a34259699eae3a7bdf284f2abad6
env:
DEBUG: 1
DATABASE_URL: "postgres://${PGUSER}:${PGPASSWORD}@mataroa:5432/mataroa"
DATABASE_URL: "postgres://${PGUSER}:${PGPASSWORD}@postgres-1-rw.database.svc.cluster.local:5432/mataroa"
envFrom:
- secretRef:
name: *secret
Expand Down
File renamed without changes.
File renamed without changes.
File renamed without changes.
44 changes: 22 additions & 22 deletions kubernetes/main/apps/auth/authelia/app/secret.sops.yaml

Large diffs are not rendered by default.

205 changes: 205 additions & 0 deletions kubernetes/main/apps/bitwarden/bitwarden/app/helmrelease.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,205 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: bitwarden
spec:
interval: 30m
chart:
spec:
chart: self-host
version: 2024.11.0
sourceRef:
kind: HelmRepository
name: bitwarden
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
sharedStorageClassName: "cluster-nvme"
general:
admins: "${SECRET_ADMIN_EMAIL}"
disableUserRegistration: "false"
cloudRegion: US
enableCloudCommunication: true
sharedStorageClassName: "cluster-nvme"
volumeAccessMode: "ReadWriteOnce"
domain: "bitwarden.${SECRET_EXTERNAL_DOMAIN}"
ingress:
enabled: true
className: traefik
annotations:
gethomepage.dev/enabled: "true"
gethomepage.dev/group: Home
gethomepage.dev/name: Bitwarden
gethomepage.dev/description: Password management
gethomepage.dev/icon: bitwarden
tls:
name: bitwarden-tls
clusterIssuer: letsencrypt-production
paths:
web:
path: /
pathType: ImplementationSpecific
attachments:
path: /attachments/
pathType: ImplementationSpecific
api:
path: /api/
pathType: ImplementationSpecific
icons:
path: /icons/
pathType: ImplementationSpecific
notifications:
path: /notifications/
pathType: ImplementationSpecific
events:
path: /events/
pathType: ImplementationSpecific
scim:
path: /scim/
pathType: ImplementationSpecific
sso:
path: /sso/
pathType: ImplementationSpecific
identity:
path: /identity/
pathType: ImplementationSpecific
admin:
path: /admin/
pathType: ImplementationSpecific
email:
smtpSsl: "false"
smtpPort: "465"
smtpHost: "${SECRET_SMTP_HOST}"
replyToEmail: "${SECRET_SMTP_FROM}"
secrets:
secretName: bitwarden-secret
database:
enabled: false
#volume:
# backups:
# storageClass: "cluster-nvme"
# data:
# storageClass: "cluster-nvme"
# log:
# storageClass: "cluster-nvme"
volume:
dataprotection:
storageClass: "cluster-nvme"
attachments:
storageClass: "cluster-nvme"
licenses:
storageClass: "cluster-nvme"
logs:
enabled: true
storageClass: "cluster-nvme"
# rawManifests:
# preInstall: []
# postInstall:
# - apiVersion: traefik.io/v1alpha1
# kind: Middleware
# metadata:
# name: "bitwarden-self-host-middleware-stripprefix"
# spec:
# stripPrefix:
# prefixes:
# - /api
# - /attachements
# - /icons
# - /notifications
# - /events
# - /scim
# ##### NOTE: Admin, Identity, and SSO will not function correctly with path strip middleware
# - apiVersion: traefik.io/v1alpha1
# kind: IngressRoute
# metadata:
# name: "bitwarden-self-host-ingress"
# spec:
# entryPoints:
# - websecure
# routes:
# - kind: Rule
# match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/`)
# services:
# - kind: Service
# name: bitwarden-self-host-web
# passHostHeader: true
# port: 5000
# - kind: Rule
# match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/api/`)
# services:
# - kind: Service
# name: bitwarden-self-host-api
# port: 5000
# middlewares:
# - name: "bitwarden-self-host-middleware-stripprefix"
# - kind: Rule
# match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/attachments/`)
# services:
# - kind: Service
# name: bitwarden-self-host-api
# port: 5000
# middlewares:
# - name: "bitwarden-self-host-middleware-stripprefix"
# - kind: Rule
# match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/icons/`)
# services:
# - kind: Service
# name: bitwarden-self-host-icons
# port: 5000
# middlewares:
# - name: "bitwarden-self-host-middleware-stripprefix"
# - kind: Rule
# match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/notifications/`)
# services:
# - kind: Service
# name: bitwarden-self-host-notifications
# port: 5000
# middlewares:
# - name: "bitwarden-self-host-middleware-stripprefix"
# - kind: Rule
# match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/events/`)
# services:
# - kind: Service
# name: bitwarden-self-host-events
# port: 5000
# middlewares:
# - name: "bitwarden-self-host-middleware-stripprefix"
# - kind: Rule
# match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/scim/`)
# services:
# - kind: Service
# name: bitwarden-self-host-scim
# port: 5000
# middlewares:
# - name: "bitwarden-self-host-middleware-stripprefix"
# ##### NOTE: SSO will not function correctly with path strip middleware
# - kind: Rule
# match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/sso/`)
# services:
# - kind: Service
# name: bitwarden-self-host-sso
# port: 5000
# ##### NOTE: Identity will not function correctly with path strip middleware
# - kind: Rule
# match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/identity/`)
# services:
# - kind: Service
# name: bitwarden-self-host-identity
# port: 5000
# ##### NOTE: Admin will not function correctly with path strip middleware
# - kind: Rule
# match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/admin`)
# services:
# - kind: Service
# name: bitwarden-self-host-admin
# port: 5000
# tls:
# certResolver: letsencrypt-production
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./secret.sops.yaml
- ./helmrelease.yaml
34 changes: 34 additions & 0 deletions kubernetes/main/apps/bitwarden/bitwarden/app/secret.sops.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
# yamllint disable
kind: Secret
apiVersion: v1
type: Opaque
metadata:
name: bitwarden-secret
stringData:
replyToEmail: ENC[AES256_GCM,data:7NR/XlAqsO4PtCNKQ890Njv6Qh2Jp6W/t0Lc8px7,iv:VznXZaMbwLda8LkrJDTc2UKurHRWqGTJ1T0/1C3VMus=,tag:Z+Wkfb7DqcaPam7AFrvWUw==,type:str]
globalSettings__installation__id: ENC[AES256_GCM,data:U091rHP2N4UjYgSdGrkDvSBZHQu9w8s75xWPCp6gfZ0773gW,iv:PZ2hBlqta/sclVQUtO6LYD/ZhL6e+Q+yDESxrt6CYjQ=,tag:1A/9gKzuflMqOktyoZ5adQ==,type:str]
globalSettings__installation__key: ENC[AES256_GCM,data:/pWJt9ElR+mgiv5m8I0Gdb5Z6H8=,iv:31bd6uhc45WMi41iACel8/YOjDjVTDxoR3Ok19+U43A=,tag:xtI3eCRActaFajUqVdxemw==,type:str]
globalSettings__mail__smtp__username: ENC[AES256_GCM,data:wGph7iTpKhvYXjsFKnPIFevGsJvgovvfNnIJPjFf,iv:o7l19Onw6PHMmk19e++zTArLmZrwSIAXgDpuwaDhjuo=,tag:ojY3lQFiP3G3oYeVQXri7A==,type:str]
globalSettings__mail__smtp__password: ENC[AES256_GCM,data:OQ3mROVpRAZ2MNFZtvRV0N74EPOaSdSvmaOJas1JCgEbHHNq0laLg5r2ufTYz9vA0aM=,iv:vB9ElILgqKyvY6wgQ8Nesg2pygGK9mcjIhEYGsHVWEQ=,tag:l84bsTR3twb3Al19FKezqA==,type:str]
globalSettings__sqlServer__connectionString: ENC[AES256_GCM,data:mJxp4MXvqV4T+/J7O0XX6+Z4kmo4IVFYvUPEBU0uaJ3w0YNcqPps+LH9pgFNOjwBWCAQ8QxvCH9ul2uSiYGhy41YjLsQD4X/UF1Hhimezc3IrexCDFkXXl4WIACAZjpQf6morvx9+/v0EvdxofP7auWQ2BGcid4lHYxO78gEAvPaueS+L0TerqEpEnxS26r2uMLOe2w5L0hxBKGQyWmWPx8mTAJXTgTaXAvKLT2G97JNa9a5EQSAPuBoi95F+CkQBEwbo6uwrcJS6DTWQmNefEdZ1D7Abp50zlpJfC7Tuf54tjnHyGya9EWEwc32mTadqCto047ySvDNNB2jgrG97HXvnqOo4LGpZn9jYGJsJZjVFibiy2+WHzgxDmU=,iv:Nq4LIbSDzk9WurGEPojUfRe8WqEOGO4t7WnfyYoupVo=,tag:yV7w9j9gRKuAsgsnxncUtA==,type:str]
#ENC[AES256_GCM,data:r7/63ugBvNNcFQGkau56LkG5lNH0NwvuA0OiRj0FOjAWlbf6sR7v5JOgIy97uMC+mBWy8A+OGZFO8p4bosrdrmzuomArHNnM4oWN498=,iv:2TaG5UkIEjLwPQpEZjOJdEviNNnSVi/e1lUUckJ+KqM=,tag:BPd/IOSUJvS1/mgPqqSlyQ==,type:comment]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19nu7uf8dageqlmzk23x7vl24fpn0l7cq20l3l4xxf2sk2xd5h98qss437p
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFRGFTc01qRmdlMzZ0WE53
OWtoUzBaMUp4T3FoYnJuVGhGODVna1RHYkRZCk0xWEVjOWp2YW9NZmE0MnNFYnJX
OEdHbkdsOWM4Tk44aTRVZ0VoNWorWDAKLS0tIHp2SE9Wd1lmTmV2eUFYRmRYNDZn
NFR5QkpIaFQ5Tk1FdGV3aUtzNTZsRXcKyNl9cFicgjcTiGkoQK/StLd7FEHGUVWD
hs8+h4ak+r++3+KpUay4aNqY09RtAzvUd4Vl3VQ2tYt/TOlDrgErHQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-29T17:22:46Z"
mac: ENC[AES256_GCM,data:+KthNzUdXl/XgnupjWiEdk8EHvHldUvUwfWT7FNpR+Pysl/fdI1fAK02rXOlY0ABCKpejSIobHipy3RkxTXiF6PPGTC4R0aoqxRvZjyXDCUaHc3F4KdYBH4vkGoBchosHJnOX0qymSEGbzJERRSjxEZ3JDg0JRIEB8jQtObGivs=,iv:w7XSWHs1RaDAuxsImvxDHo96T6qwaaYlXGZUP2nfqLg=,tag:QNSjFrABn8tf8nQlu5MXkw==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.9.1
20 changes: 20 additions & 0 deletions kubernetes/main/apps/bitwarden/bitwarden/ks.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app bitwarden
namespace: flux-system
spec:
targetNamespace: bitwarden
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/main/apps/bitwarden/bitwarden/app
prune: true
sourceRef:
kind: GitRepository
name: k8s-gitops
wait: true
interval: 30m
retryInterval: 1m
timeout: 5m
6 changes: 6 additions & 0 deletions kubernetes/main/apps/bitwarden/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./namespace.yaml
#- ./bitwarden/ks.yaml
7 changes: 7 additions & 0 deletions kubernetes/main/apps/bitwarden/namespace.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: bitwarden
labels:
kustomize.toolkit.fluxcd.io/prune: disabled
1 change: 1 addition & 0 deletions kubernetes/main/apps/database/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,5 @@ resources:
- ./cloudnative-pg/ks.yaml
- ./pgadmin/ks.yaml
- ./minio/ks.yaml
- ./mysql/ks.yaml
#- ./mssql/ks.yaml
61 changes: 61 additions & 0 deletions kubernetes/main/apps/database/mysql/app/helmrelease.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app mysql
spec:
interval: 30m
chart:
spec:
chart: app-template
version: 3.5.1
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
strategy: rollback
retries: 3
values:
defaultPodOptions:
imagePullSecrets:
- name: github
controllers:
mysql:
strategy: RollingUpdate
annotations:
reloader.stakater.com/auto: "true"
containers:
mysql:
image:
repository: ghcr.io/linuxserver/mariadb
tag: 10.11.10
env:
PUID: "1000"
PGID: "1000"
MYSQL_ROOT_PASSWORD: password
service:
mysql:
controller: mysql
type: LoadBalancer
annotations:
io.cilium/lb-ipam-ips: "${LB_MYSQL}"
external-dns.alpha.kubernetes.io/target: "external.${SECRET_EXTERNAL_DOMAIN}"
ports:
mysql:
port: 3306
persistence:
data:
type: persistentVolumeClaim
storageClass: cluster-nvme
accessMode: ReadWriteOnce
size: 8Gi
retain: true
globalMounts:
- path: /config
7 changes: 7 additions & 0 deletions kubernetes/main/apps/database/mysql/app/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helmrelease.yaml
- ./secret.sops.yaml
Loading

0 comments on commit 5a50c75

Please sign in to comment.