--wip-- [skipci]

kubernetes/lianalabs/apps/database/dragonfly/app/secret.sops.yaml

@@ -5,7 +5,7 @@ metadata:
   name: dragonfly-secret
 type: Opaque
 stringData:
-  password: ENC[AES256_GCM,data:pvyPbML/Zy6kNojkUUu47KpvnKlphwiDZutvcQ==,iv:TgAD23Ecs4Zx/7GlzfPYmOvsGnmv0Co/BQVkKHAZw0M=,tag:UnRU+oeQbEYoSGx31KvTHw==,type:str]
+  password: ENC[AES256_GCM,data:g2neVjzuv69zVQWlCok6hjuSh5XG/qudxGpgeQ==,iv:7cmGSzTFNau8tPo/EAM3E8mJnq6S/vqA6T87YuOA1MM=,tag:CCiD1h/EKPpM4ti5q5GV9Q==,type:str]
 sops:
   kms: []
   gcp_kms: []
@@ -15,14 +15,14 @@ sops:
     - recipient: age19nu7uf8dageqlmzk23x7vl24fpn0l7cq20l3l4xxf2sk2xd5h98qss437p
       enc: |
         -----BEGIN AGE ENCRYPTED FILE-----
-        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrbUxGN0o2TzhrVEFBSDRO
-        Z1RZZXg2YVA0YzMwa2lCSlpEQWtYRnMyblV3ClcwT2Rscm5sUFRkSUVaL2VUWGZ1
-        Mk0rY3Z5QnBWOFpxc2FXVjlPQkI0ZzgKLS0tIHhEWXoxMjB2c2hjU0NKR1Nha1Zo
-        clBpdXdZTSszQ0J4QWp3bkxEVWNFTFUKFUnCafT0bYkozGiNSeJ3oDDrcgkK2VhP
-        Lc9sKPYSbRRhNweR/8k2ks4a+ukJrlCxlIjYfX9QgE+84qplujDOpg==
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHcXlTSGVDa214ZWJiSHpi
+        TXptQ2hvMVdhMGpyMlgwMkkyMExZb01jK1E0Ck0xa0I0Q1U3Ky9pRGZia3pBbnpT
+        RlpLWTNldGdZVExHcnZZTjFYZkxuY1EKLS0tIExOWHRTcVNYZHNzRlBDZzVUeldE
+        R3FWUEFYazVNQUJDQnlXVzVTYkJFOTQK+RRCpx4EgiXUwttpuDa/rNeIMM1ku7Og
+        bOJsEBRxGdd9ALeAbxswnd7PuADgAuq383EnQmZWPsKwtnWnbVUcMQ==
         -----END AGE ENCRYPTED FILE-----
-  lastmodified: "2024-11-11T18:41:20Z"
-  mac: ENC[AES256_GCM,data:uqEV/3FgL9fSlRGyYwZN6OlWe829NEAmTXAsjhb7EUCoi7D+raPrpaRfEESEBRJ3bejfssmFj6U2xTaQhGboE0jeoJKdkLLR2c/Wnuxfmfw4rC53oAkc8klpoCneL5Vp/jNlSijKzZgXHCpg+g69CuJC2N4fZtmJkzlZCqhA1dM=,iv:4IUcANqUcDdAhcezbUUhdGgjfXIL8jbjRGRjxEDND0E=,tag:N675xUG51Vwch87RDebNSQ==,type:str]
+  lastmodified: "2024-11-23T01:03:25Z"
+  mac: ENC[AES256_GCM,data:w7CUzV2NoD50UpehusXqXGnVFkPrQMGJ4qufzPs/9WRj4oOoQ0z+jGytap+qo1P3ulJosvu1Y1DpYZKanhVrAVlGvX3sYOmS8iQ4YrHP3BTsG74ep5cQpjQAPas5aZg14X9ww2OGfhQk0u6nQB3VGETtklRptNIrJw2yB/2Qyso=,iv:pjrnV2iX84nvr7n/Nzj/SSZtJZTqOV+TJKFtIsB6fbU=,tag:d+NT+tWfQ+N3CWdWrWbpDQ==,type:str]
   pgp: []
   encrypted_regex: ^(data|stringData)$
   version: 3.9.1

kubernetes/lianalabs/apps/database/minio/app/helmrelease.yaml

@@ -94,7 +94,7 @@ spec:
           cert-manager.io/cluster-issuer: "letsencrypt-production"
           gethomepage.dev/enabled: "true"
           gethomepage.dev/group: Services
-          gethomepage.dev/name: MinIO Console
+          gethomepage.dev/name: MinIO
           gethomepage.dev/description: MinIO admin dashboard
           gethomepage.dev/icon: minio
         hosts:

kubernetes/lianalabs/apps/federated/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./namespace.yaml

kubernetes/lianalabs/apps/federated/namespace.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: federated
+  labels:
+    kustomize.toolkit.fluxcd.io/prune: disabled

kubernetes/lianalabs/apps/labs/homepage/app/resources/services.yaml

@@ -1,2 +1,58 @@
 ---
+- Network:
+  #    - OPNsense:
+  #        href: https://opnsense.${SECRET_OLD_DOMAIN}
+  #        siteMonitor: https://opnsense.${SECRET_OLD_DOMAIN}
+  #        icon: opnsense
+  #        description: RSS feed
+  #        widget:
+  #          type: opnsense
+  #          url: https://opnsense.${SECRET_OLD_DOMAIN}
+  #          key: "{{HOMEPAGE_VAR_OPNSENSE_TOKEN}}"
 - Services:
+    - Miniflux:
+        href: https://rss.${SECRET_INTERNAL_DOMAIN}
+        siteMonitor: http://miniflux.labs.svc.cluster.local/healthcheck
+        icon: miniflux
+        description: RSS feed
+        widget:
+          type: miniflux
+          url: http://miniflux.labs.svc.cluster.local
+          key: "{{HOMEPAGE_VAR_MINIFLUX_TOKEN}}"
+- Media:
+    - Jellyfin:
+        href: https://${SECRET_MEDIA_DOMAIN}
+        siteMonitor: https://${SECRET_MEDIA_DOMAIN}
+        icon: jellyfin
+        description: Media streaming
+        widget:
+          type: jellyfin
+          url: https://${SECRET_MEDIA_DOMAIN}
+          key: "{{HOMEPAGE_VAR_JELLYFIN_TOKEN}}"
+    - Jellyfin:
+        href: https://jellyseerr.${SECRET_MEDIA_DOMAIN}
+        siteMonitor: https://jellyseerr.${SECRET_MEDIA_DOMAIN}
+        icon: jellyseerr
+        description: Media requests
+        widget:
+          type: jellyseerr
+          url: https://jellyseerr.${SECRET_MEDIA_DOMAIN}
+          key: "{{HOMEPAGE_VAR_JELLYSEERR_TOKEN}}"
+    - Sonarr:
+        href: https://sonarr.${SECRET_MEDIA_DOMAIN}
+        siteMonitor: https://sonarr.${SECRET_MEDIA_DOMAIN}
+        icon: sonarr
+        description: TV
+        widget:
+          type: sonarr
+          url: https://sonarr.${SECRET_MEDIA_DOMAIN}
+          key: "{{HOMEPAGE_VAR_SONARR_TOKEN}}"
+    - Radarr:
+        href: https://radarr.${SECRET_MEDIA_DOMAIN}
+        siteMonitor: https://radarr.${SECRET_MEDIA_DOMAIN}
+        icon: radarr
+        description: Movies
+        widget:
+          type: radarr
+          url: https://radarr.${SECRET_MEDIA_DOMAIN}
+          key: "{{HOMEPAGE_VAR_RADARR_TOKEN}}"

kubernetes/lianalabs/apps/labs/homepage/app/resources/settings.yaml

@@ -15,6 +15,8 @@ layout:
     tab: Main
     style: row
     columns: 4
+  Observability:
+    tab: Main
   Services:
     tab: Main
   Tools:

kubernetes/lianalabs/apps/labs/kustomization.yaml

@@ -5,11 +5,7 @@ kind: Kustomization
 resources:
   - ./namespace.yaml
   - ./homepage/ks.yaml
-  - ./archivebox/ks.yaml
   - ./miniflux/ks.yaml
-  - ./changedetection/ks.yaml
   - ./atuin/ks.yaml
-  - ./it-tools/ks.yaml
-  - ./cyberchef/ks.yaml
-  - ./redlib/ks.yaml
   - ./linkding/ks.yaml
+  - ./netbox/ks.yaml

kubernetes/lianalabs/apps/labs/netbox/app/helmrelease.yaml

@@ -0,0 +1,133 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: &app netbox
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.5.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  values:
+    controllers:
+      netbox:
+        strategy: RollingUpdate
+        annotations:
+          reloader.stakater.com/auto: "true"
+        initContainers:
+          init-db:
+            image:
+              repository: ghcr.io/onedr0p/postgres-init
+              tag: 16
+            env:
+              INIT_POSTGRES_HOST: postgres-1-rw.database.svc.cluster.local
+              INIT_POSTGRES_DBNAME: netbox
+              INIT_POSTGRES_SUPER_PASS:
+                valueFrom:
+                  secretKeyRef:
+                    name: cloudnative-pg-secret
+                    key: password
+            envFrom: &envFrom
+              - secretRef:
+                  name: netbox-secret
+        containers:
+          app:
+            image:
+              repository: ghcr.io/netbox-community/netbox
+              tag: v4.1.7-3.0.2@sha256:e88d5e58dd32d643d8d9851f6c9edde20a69a87fd4a72a14259d045f6d3e19d3
+            env:
+              TZ: ${TIMEZONE}
+              DB_HOST: postgres-1-rw.database.svc.cluster.local
+              METRICS_ENABLED: true
+              EMAIL_USE_TLS: true
+              EMAIL_PORT: 587
+              GRAPHQL_ENABLED: false
+              HOUSEKEEPING_INTERVAL: 86400 # Every 24 hours
+              MEDIA_ROOT: /media
+              REDIS_SSL: false
+              REDIS_DATABASE: 3
+              REDIS_HOST: dragonfly.database.svc.cluster.local
+              REDIS_PASSWORD:
+                valueFrom:
+                  secretKeyRef:
+                    name: dragonfly-secret
+                    key: password
+              REDIS_INSECURE_SKIP_TLS_VERIFY: false
+              REDIS_CACHE_SSL: false
+              REDIS_CACHE_DATABASE: 2
+              REDIS_CACHE_HOST: dragonfly.database.svc.cluster.local
+              REDIS_CACHE_PASSWORD:
+                valueFrom:
+                  secretKeyRef:
+                    name: dragonfly-secret
+                    key: password
+              REDIS_CACHE_INSECURE_SKIP_TLS_VERIFY: false
+              SKIP_SUPERUSER: false
+            envFrom: *envFrom
+            #            probes:
+            #              liveness: &probes
+            #                enabled: true
+            #                custom: true
+            #                spec:
+            #                  httpGet:
+            #                    path: /healthcheck
+            #                    port: &port 8000
+            #                  initialDelaySeconds: 0
+            #                  periodSeconds: 10
+            #                  timeoutSeconds: 1
+            #                  failureThreshold: 3
+            #              readiness: *probes
+            resources:
+              requests:
+                cpu: 10m
+              limits:
+                memory: 512Mi
+    service:
+      app:
+        controller: *app
+        ports:
+          http:
+            port: &port 8080
+    serviceMonitor:
+      app:
+        serviceName: *app
+        endpoints:
+          - port: http
+            scheme: http
+            path: /metrics
+            interval: 1m
+            scrapeTimeout: 10s
+    ingress:
+      app:
+        className: traefik
+        annotations:
+          cert-manager.io/cluster-issuer: "letsencrypt-production"
+          gethomepage.dev/enabled: "true"
+          gethomepage.dev/group: Services
+          gethomepage.dev/name: Netbox
+          gethomepage.dev/description: Network documentation
+          gethomepage.dev/icon: netbox
+        hosts:
+          - host: &host "netbox.${SECRET_INTERNAL_DOMAIN}"
+            paths:
+              - path: /
+                service:
+                  identifier: app
+                  port: http
+        tls:
+          - secretName: netbox-tls
+            hosts: [*host]

kubernetes/lianalabs/apps/labs/netbox/app/kustomization.yaml

@@ -0,0 +1,9 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./secret.sops.yaml
+  - ./helmrelease.yaml
+  - ../../../database/dragonfly/app/secret.sops.yaml
+  - ../../../database/cloudnative-pg/app/secret.sops.yaml

kubernetes/lianalabs/apps/labs/netbox/app/secret.sops.yaml

@@ -0,0 +1,42 @@
+# yamllint disable
+kind: Secret
+apiVersion: v1
+type: Opaque
+metadata:
+  name: netbox-secret
+stringData:
+  SECRET_KEY: ENC[AES256_GCM,data:5CfvT9zW+M8ezhQXDBKBVCA+icGkQQFBwQTijg0H62qvBQSU8RxH3tBSFxfvkDCWfYhmGPAIpP3ehJ6vS4un7Q==,iv:E4p1+3XsbeWz2WcIgqzkYTOFqoZrDjxp6oddOz68uAw=,tag:Dtmq4vSKnUTHGpf5/JGsdQ==,type:str]
+  SUPERUSER_NAME: ENC[AES256_GCM,data:u6Q4Z74=,iv:sbN+9x4MohYHGzRyLRt5GKlE/SPPdpYYDJ/xxy9XrvE=,tag:8lIfjsto99MmNxn4d04keg==,type:str]
+  SUPERUSER_EMAIL: ENC[AES256_GCM,data:fmfokixgdAmLximSRk2jWw==,iv:QQB0r070tvVq3/PhRf4bdG+EAqfrE/vB4DFj/QBMKPs=,tag:h3dkiyWRRUuFwLU+SWZIRQ==,type:str]
+  SUPERUSER_PASSWORD: ENC[AES256_GCM,data:+2HvGN9BL4GAE7q58BZqWLvX1OmrXNwVqUWoCMZlrEk=,iv:5jRe/l2DoPZbVpfwUfDZu3C/z+mKPnJ2G69FIRQKCcI=,tag:1z+H0e53BOzhXr3FGYJy3A==,type:str]
+  SUPERUSER_API_TOKEN: ENC[AES256_GCM,data:Sk+znWOW5k0NTivVJcAHPaMZYlAwlVOvh8ht0r4FG4sG39dKWAWPyV0IiGVlwTHuo7r8qz1sV5H81O3clAn0Wg==,iv:1IAzFwsvTgz0Kz5vfZgQ7VTXedV0AS7jX0m6h8C9Mv0=,tag:cpTiFDxXPcvOGSlc31Xd7A==,type:str]
+  INIT_POSTGRES_USER: ENC[AES256_GCM,data:CClk9V3Z,iv:VGvoV0+xs74GERqOSn5COCg1PABJ2hG5WPtOdG69Sbc=,tag:f3QTygHAR8ROsWo5t8Ac4A==,type:str]
+  INIT_POSTGRES_PASS: ENC[AES256_GCM,data:oWg8Fk5H7tkSEila7Cz44R86Spd2RKEwVxiuEQpYho7GAx18E8JVnQ==,iv:xw+t7gorr1YD7bb0ZFwyj6dM+BwnaTLHzd4PGEjLU+A=,tag:1y3b85VIYM9S8tJA5i/JAA==,type:str]
+  DB_NAME: ENC[AES256_GCM,data:WtjLnRFK,iv:pbk1c3t22RB5rhvP2KReFjcla6un1Oi2lbT+uoxlKjg=,tag:qr+KEZ1349gVijACN97odg==,type:str]
+  DB_USER: ENC[AES256_GCM,data:2hJtXmoC,iv:v+l+x9VyOrYTN7KjJcKrbcBH4k+C8vI2XR/ong5gPrw=,tag:n4mIyCtfFW2tEIZIpS5neg==,type:str]
+  DB_PASSWORD: ENC[AES256_GCM,data:ndpQqzgDTrszQytS4GL5xD0EK5xuDfJk2gMmKmVXYF7hw2aLw7ZBqw==,iv:xZe1R1PqRZFC/9ufL5vy4QfTna6n/gw5crsoLLTR/4c=,tag:CPhLtFnluZJFtxbw0UmmAw==,type:str]
+  EMAIL_FROM: ENC[AES256_GCM,data:3pP+qtxkGjr1uLoZIRaKMB5ygs1z2b/tg+OJwBk=,iv:M3D//ua5I4VcZ6s0sFfTrUTr518QQaOyoAXmkY3pOPA=,tag:G8/rmPS6ZVatqqElvm9x9g==,type:str]
+  EMAIL_USERNAME: ENC[AES256_GCM,data:HY2oB6xPQs6lZRgJ+d+Nn1mK3ie3YfJJ95VMe5k=,iv:Ng/Ur4PdCZY3DV0l4YWYXq67aOcff5Y6X4oZd9OxfRQ=,tag:t/kcy3W7u3VIZjQ33CU1rA==,type:str]
+  EMAIL_SERVER: ENC[AES256_GCM,data:3kBSno6EnJAmN8oMv+zZQw==,iv:nyGiodTTlOwma8EPlob4QOQbdidCgaUQ8pkTw6dBwaM=,tag:hikLZDPAP6MCHTRF7fB/gA==,type:str]
+  EMAIL_PASSWORD: ENC[AES256_GCM,data:JZbtlxvtFf0pyI+aOB2fQWQy3e32cJQQR/lj+n2Eh9K/Bnp6oRv4GPJYqz2feI9Oqz8=,iv:YLPexdZ5czHGYgBRMvhR/UpMQPRK0owpts6IbgJDj+s=,tag:GmFQqEFujaIq0lLrcjPL3Q==,type:str]
+  REDIS_CACHE_PASSWORD: ENC[AES256_GCM,data:ngxz9n5pJy4iy7Ngvdjj2nGleWQx382RianprA==,iv:VTJyWfkFbcY+J+TnKoshJ3ex4dc6wfJRdRk60ntyGmI=,tag:jpl+WGvjQFKZ8pJQodbdyA==,type:str]
+sops:
+  kms: []
+  gcp_kms: []
+  azure_kv: []
+  hc_vault: []
+  age:
+    - recipient: age19nu7uf8dageqlmzk23x7vl24fpn0l7cq20l3l4xxf2sk2xd5h98qss437p
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjQWJ2dkFmVVhuQVVwa3Nz
+        NThJSGZ1MDh2RE05QVV0ZDhpbDkydEZmQkVNCmdKQ2o1cVovMkdVWC9pYlpXVTJ6
+        T1BlM0RoSVNYSlBlTWhXOU1Lc0o3cjAKLS0tIEpoT1JBWDNMYklZOFZ5L1VPeVpQ
+        WVphYTkybVBPRzNyMnV3dVpCZUEreG8KbMrQkdV2CuhmzI9ArrmeJShEWGsv5jLf
+        cE7bsPfrjd1Jz/HA8/zl2Qz6D8xWfJx/m6U8TG3EgV3bcvDHDK7xwg==
+        -----END AGE ENCRYPTED FILE-----
+  lastmodified: "2024-11-23T05:05:08Z"
+  mac: ENC[AES256_GCM,data:4ZcAmY5ZKmXn8RuGojwIjOPeGpaY81iOs2niCsMLpHgIknDj/H9d0QeVPdF8deFe0OmTYRdc7GJYxJyVjoPAewhmjTsDZkb1jlMLVkvbSiEY4HKzHatC5sXixXN36PvfJgz9cBNjyO2mLnhmHbNYfKXbZYnQYUsFkGYkGU0PwD8=,iv:VbQPhUImt6kNWI5ud6DQ06rEGzIikcdAtcJJdWTqdZc=,tag:YezXvY/AaVmPL/Y4iF+ToA==,type:str]
+  pgp: []
+  encrypted_regex: ^(data|stringData)$
+  version: 3.9.1

kubernetes/lianalabs/apps/labs/netbox/ks.yaml

@@ -0,0 +1,28 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app netbox
+  namespace: flux-system
+spec:
+  targetNamespace: labs
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: traefik
+    - name: cloudnative-pg
+    - name: dragonfly
+  path: ./kubernetes/lianalabs/apps/labs/netbox/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: k8s-gitops
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+  postBuild:
+    substitute:
+      APP: *app

kubernetes/lianalabs/apps/labs/archivebox/app/helmrelease.yaml → kubernetes/lianalabs/apps/media/archivebox/app/helmrelease.yaml

@@ -107,6 +107,7 @@ spec:
       data:
         storageClass: local-nvme
         accessMode: ReadWriteOnce
-        size: 4Gi
+        size: 5Gi
+        retain: true
         globalMounts:
           - path: /data

kubernetes/lianalabs/apps/labs/archivebox/ks.yaml → kubernetes/lianalabs/apps/media/archivebox/ks.yaml

@@ -6,13 +6,13 @@ metadata:
   name: &app archivebox
   namespace: flux-system
 spec:
-  targetNamespace: labs
+  targetNamespace: media
   commonMetadata:
     labels:
       app.kubernetes.io/name: *app
   dependsOn:
     - name: traefik
-  path: ./kubernetes/lianalabs/apps/labs/archivebox/app
+  path: ./kubernetes/lianalabs/apps/media/archivebox/app
   prune: true
   sourceRef:
     kind: GitRepository

kubernetes/lianalabs/apps/media/kustomization.yaml

@@ -4,3 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ./namespace.yaml
+  - ./archivebox/ks.yaml
+  #- ./piped/ks.yaml