mafyuh/iac
Archived
1
0
Fork 0
Code Issues6 Pull requests9 Projects1 Wiki Activity Actions

init add kubernetes

Browse source
This commit is contained in:
Matt Reeves 2025-02-07 23:11:48 -05:00
parent 6aca4b52cd
commit 23f11f376c
68 changed files with 1333 additions and 4 deletions

2
.gitignore vendored
View file

@ -50,3 +50,5 @@ credentials.pkr.hcl
# Plausible
compose.override.yml
# SOPS
*.decrypted~*

1
kubernetes/README.md
View file

@ -1 +0,0 @@
See https://git.mafyuh.dev/mafyuh/kub for Kubernetes until migration

4
kubernetes/apps/kustomization.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- production/

0
kubernetes/apps/production/README.md Normal file
View file

52
kubernetes/apps/production/arr/bazarr/deployment.yaml Normal file
View file

@ -0,0 +1,52 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: bazarr
namespace: arr
labels:
app: bazarr
spec:
replicas: 1
selector:
matchLabels:
app: bazarr
template:
metadata:
labels:
app: bazarr
spec:
securityContext:
runAsUser: 65534
runAsGroup: 65534
fsGroup: 65534
fsGroupChangePolicy: OnRootMismatch
containers:
- name: bazarr
image: ghcr.io/onedr0p/bazarr:rolling@sha256:1c88830f3c51fc2f1230ad7040bcbe30f197449ae93f835448cf516d8b7e5e82
resources:
requests:
memory: 512Mi
cpu: 75m
limits:
memory: 535Mi
cpu: 100m
volumeMounts:
- mountPath: /config
name: bazarr-config
volumes:
- name: bazarr-config
persistentVolumeClaim:
claimName: bazarr-config
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: bazarr-config
namespace: arr
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: longhorn

22
kubernetes/apps/production/arr/bazarr/ingress.yaml Normal file
View file

@ -0,0 +1,22 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: bazarr
namespace: arr
spec:
ingressClassName: nginx
rules:
- host: "bazarr.local.mafyuh.com"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: headless-bazarr
port:
number: 6767
tls:
- hosts:
- "bazarr.local.mafyuh.com"
secretName: local-mafyuh-com-production-tls

6
kubernetes/apps/production/arr/bazarr/kustomization.yaml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
- service.yaml
- ingress.yaml

13
kubernetes/apps/production/arr/bazarr/service.yaml Normal file
View file

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: headless-bazarr
namespace: arr
spec:
selector:
app: bazarr
ports:
- port: 6767
targetPort: 6767
protocol: TCP
type: ClusterIP

33
kubernetes/apps/production/arr/flaresolverr/deployment.yaml Normal file
View file

@ -0,0 +1,33 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: flaresolverr
namespace: arr
labels:
app: flaresolverr
spec:
replicas: 1
selector:
matchLabels:
app: flaresolverr
template:
metadata:
labels:
app: flaresolverr
spec:
containers:
- name: flaresolverr
image: ghcr.io/flaresolverr/flaresolverr:v3.3.21
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8191
env:
- name: LOG_LEVEL
value: "info"
resources:
requests:
memory: "100Mi"
cpu: "100m"
limits:
memory: "300Mi"
cpu: "200m"

5
kubernetes/apps/production/arr/flaresolverr/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
- service.yaml

12
kubernetes/apps/production/arr/flaresolverr/service.yaml Normal file
View file

@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: flaresolverr
namespace: arr
spec:
selector:
app: flaresolverr
ports:
- protocol: TCP
port: 8191
targetPort: 8191

11
kubernetes/apps/production/arr/kustomization.yaml Normal file
View file

@ -0,0 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- bazarr/
- flaresolverr/
- prowlarr/
- qbitty/
- radarr/
- sabnzbd/
- sonarr/
- namespace.yaml

6
kubernetes/apps/production/arr/namespace.yaml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: arr
labels:
name: arr

53
kubernetes/apps/production/arr/prowlarr/deployment.yaml Normal file
View file

@ -0,0 +1,53 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: prowlarr
namespace: arr
labels:
app: prowlarr
spec:
replicas: 1
selector:
matchLabels:
app: prowlarr
template:
metadata:
labels:
app: prowlarr
spec:
securityContext:
runAsUser: 65534
runAsGroup: 65534
fsGroup: 65534
fsGroupChangePolicy: OnRootMismatch
containers:
- name: prowlarr
image: ghcr.io/onedr0p/prowlarr:rolling@sha256:7234ae8ca5b14153baddf42257cc2ddc928695ce604d11a9616b635eca0e43e7
imagePullPolicy: IfNotPresent
resources:
requests:
memory: 512Mi
cpu: 150m
limits:
memory: 2Gi
cpu: 500m
volumeMounts:
- mountPath: /config
name: prowlarr-config
volumes:
- name: prowlarr-config
persistentVolumeClaim:
claimName: prowlarr-config
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: prowlarr-config
namespace: arr
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: longhorn

22
kubernetes/apps/production/arr/prowlarr/ingress.yaml Normal file
View file

@ -0,0 +1,22 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: prowlarr
namespace: arr
spec:
ingressClassName: nginx
rules:
- host: "prowlarr.local.mafyuh.com"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: headless-prowlarr
port:
number: 9696
tls:
- hosts:
- "prowlarr.local.mafyuh.com"
secretName: local-mafyuh-com-production-tls

6
kubernetes/apps/production/arr/prowlarr/kustomization.yaml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
- service.yaml
- ingress.yaml

13
kubernetes/apps/production/arr/prowlarr/service.yaml Normal file
View file

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: headless-prowlarr
namespace: arr
spec:
selector:
app: prowlarr
ports:
- port: 9696
targetPort: 9696
protocol: TCP
type: ClusterIP

99
kubernetes/apps/production/arr/qbitty/deployment.yaml Normal file
View file

@ -0,0 +1,99 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: qbitty
namespace: arr
labels:
app: qbitty
spec:
replicas: 1
selector:
matchLabels:
app: qbitty
template:
metadata:
labels:
app: qbitty
spec:
containers:
- name: qbitty
image: ghcr.io/hotio/qbittorrent@sha256:3c32e5d21f5e83558a71767dfdf7f39fe5379548829be4723270cda61f08fd56
imagePullPolicy: IfNotPresent
env:
- name: VPN_ENABLED
value: "true"
- name: VPN_CONF
value: "wg0"
- name: VPN_PROVIDER
value: "proton"
- name: VPN_KEEP_LOCAL_DNS
value: "false"
- name: VPN_AUTO_PORT_FORWARD
value: "true"
- name: VPN_LAN_NETWORK
valueFrom:
secretKeyRef:
name: lan-network
key: lan-network
- name: VPN_LAN_LEAK_ENABLED
value: "false"
- name: VPN_FIREWALL_TYPE
value: "auto"
- name: PRIVOXY_ENABLED
value: "false"
- name: WEBUI_PORT
value: "8080"
- name: VPN_HEALTHCHECK_ENABLED
value: "false"
- name: UNBOUND_ENABLED
value: "false"
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "1Gi"
cpu: "5000m"
volumeMounts:
- mountPath: /config
name: qbitty-config
- mountPath: /data
name: nas
- mountPath: /config/wireguard/
name: wireguard-config
- mountPath: /incomplete
name: qbitty-incomplete
securityContext:
capabilities:
add: ["NET_ADMIN"]
ports:
- containerPort: 8080
name: webui
protocol: TCP
volumes:
- name: nas
nfs:
path: /mnt/thePool/thePoolShare
server: 10.0.0.10
- name: qbitty-config
persistentVolumeClaim:
claimName: qbitty-config
- name: wireguard-config
secret:
secretName: qbitty-wireguard
- name: qbitty-incomplete
emptyDir:
sizeLimit: 100Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: qbitty-config
namespace: arr
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: longhorn

25
kubernetes/apps/production/arr/qbitty/ingress.yaml Normal file
View file

@ -0,0 +1,25 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: qbitty
namespace: arr
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/proxy-body-size: 0
spec:
ingressClassName: nginx
rules:
- host: "qbitty.local.mafyuh.com"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: qbitty
port:
number: 8080
tls:
- hosts:
- "qbitty.local.mafyuh.com"
secretName: local-mafyuh-com-production-tls

6
kubernetes/apps/production/arr/qbitty/kustomization.yaml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
- service.yaml
- ingress.yaml

13
kubernetes/apps/production/arr/qbitty/service.yaml Normal file
View file

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: qbitty
namespace: arr
spec:
selector:
app: qbitty
ports:
- port: 8080
targetPort: 8080
protocol: TCP
type: ClusterIP

59
kubernetes/apps/production/arr/radarr/deployment.yaml Normal file
View file

@ -0,0 +1,59 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: radarr
namespace: arr
labels:
app: radarr
spec:
replicas: 1
selector:
matchLabels:
app: radarr
template:
metadata:
labels:
app: radarr
spec:
securityContext:
runAsUser: 65534
runAsGroup: 65534
fsGroup: 65534
fsGroupChangePolicy: OnRootMismatch
containers:
- name: radarr
image: ghcr.io/onedr0p/radarr:rolling@sha256:32d0e8d46f5619069d88445936670ffbca5a3aab7ed2e94e77a834ed85df81bb
imagePullPolicy: IfNotPresent
resources:
requests:
memory: 512Mi
cpu: 100m
limits:
memory: 2Gi
cpu: 500m
volumeMounts:
- mountPath: /config
name: radarr-config
- mountPath: /data
name: nas
volumes:
- name: nas
nfs:
path: /mnt/thePool/thePoolShare
server: 10.0.0.10
- name: radarr-config
persistentVolumeClaim:
claimName: radarr-config
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: radarr-config
namespace: arr
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 3Gi
storageClassName: longhorn

22
kubernetes/apps/production/arr/radarr/ingress.yaml Normal file
View file

@ -0,0 +1,22 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: radarr
namespace: arr
spec:
ingressClassName: nginx
rules:
- host: "radarr.local.mafyuh.com"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: headless-radarr
port:
number: 7878
tls:
- hosts:
- "radarr.local.mafyuh.com"
secretName: local-mafyuh-com-production-tls

6
kubernetes/apps/production/arr/radarr/kustomization.yaml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
- service.yaml
- ingress.yaml

13
kubernetes/apps/production/arr/radarr/service.yaml Normal file
View file

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: headless-radarr
namespace: arr
spec:
selector:
app: radarr
ports:
- port: 7878
targetPort: 7878
protocol: TCP
type: ClusterIP

68
kubernetes/apps/production/arr/sabnzbd/deployment.yaml Normal file
View file

@ -0,0 +1,68 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: sabnzbd
namespace: arr
labels:
app: sabnzbd
spec:
replicas: 1
selector:
matchLabels:
app: sabnzbd
template:
metadata:
labels:
app: sabnzbd
spec:
containers:
- name: sabnzbd
image: ghcr.io/linuxserver/sabnzbd@sha256:7afe3af1cff19c2a7a5d4bacb2202fcb21a0ee15b7e23e4114ab3f7070213662
imagePullPolicy: IfNotPresent
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: TZ
value: America/New_York
resources:
requests:
memory: "1024Mi"
cpu: "500m"
limits:
memory: "4Gi"
cpu: "2000m"
volumeMounts:
- mountPath: /config
name: sabnzbd-config
- mountPath: /data
name: nas
- mountPath: /incomplete
name: sabnzbd-incomplete
volumes:
- name: nas
nfs:
path: /mnt/thePool/thePoolShare
server: 10.0.0.10
- name: sabnzbd-config
persistentVolumeClaim:
claimName: sabnzbd-config
- name: sabnzbd-incomplete
emptyDir:
sizeLimit: 100Gi
nodeSelector:
kubernetes.io/hostname: master3
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sabnzbd-config
namespace: arr
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
storageClassName: longhorn

22
kubernetes/apps/production/arr/sabnzbd/ingress.yaml Normal file
View file

@ -0,0 +1,22 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: sabnzbd
namespace: arr
spec:
ingressClassName: nginx
rules:
- host: "sab.local.mafyuh.com"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: headless-sabnzbd
port:
number: 8080
tls:
- hosts:
- "sab.local.mafyuh.com"
secretName: local-mafyuh-com-production-tls

6
kubernetes/apps/production/arr/sabnzbd/kustomization.yaml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
- service.yaml
- ingress.yaml

13
kubernetes/apps/production/arr/sabnzbd/service.yaml Normal file
View file

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: headless-sabnzbd
namespace: arr
spec:
selector:
app: sabnzbd
ports:
- port: 8080
targetPort: 8080
protocol: TCP
type: ClusterIP

59
kubernetes/apps/production/arr/sonarr/deployment.yaml Normal file
View file

@ -0,0 +1,59 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: sonarr
namespace: arr
labels:
app: sonarr
spec:
replicas: 1
selector:
matchLabels:
app: sonarr
template:
metadata:
labels:
app: sonarr
spec:
securityContext:
runAsUser: 65534
runAsGroup: 65534
fsGroup: 65534
fsGroupChangePolicy: OnRootMismatch
containers:
- name: sonarr
image: ghcr.io/onedr0p/sonarr:rolling@sha256:55c6878a5367fc2398d15c9a16a70653f5e5f42c9fe9b708a038f2781fb0360f
imagePullPolicy: IfNotPresent
resources:
requests:
memory: 512Mi
cpu: 75m
limits:
memory: 1024Mi
cpu: 150m
volumeMounts:
- mountPath: /config
name: sonarr-config
- mountPath: /data
name: nas
volumes:
- name: nas
nfs:
path: /mnt/thePool/thePoolShare
server: 10.0.0.10
- name: sonarr-config
persistentVolumeClaim:
claimName: sonarr-config
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sonarr-config
namespace: arr
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 3Gi
storageClassName: longhorn

22
kubernetes/apps/production/arr/sonarr/ingress.yaml Normal file
View file

@ -0,0 +1,22 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: sonarr
namespace: arr
spec:
ingressClassName: nginx
rules:
- host: "sonarr.local.mafyuh.com"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: headless-sonarr
port:
number: 8989
tls:
- hosts:
- "sonarr.local.mafyuh.com"
secretName: local-mafyuh-com-production-tls

6
kubernetes/apps/production/arr/sonarr/kustomization.yaml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
- service.yaml
- ingress.yaml

13
kubernetes/apps/production/arr/sonarr/service.yaml Normal file
View file

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: headless-sonarr
namespace: arr
spec:
selector:
app: sonarr
ports:
- port: 8989
targetPort: 8989
protocol: TCP
type: ClusterIP

27
kubernetes/apps/production/authentik/configmap.yaml Normal file
View file

@ -0,0 +1,27 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: authentik-values
namespace: authentik
data:
values.yaml: ENC[AES256_GCM,data:N+DmcY0JWYURQ19cI8uMd0aT4hAE3Sc8JL7u5Is1aO0Vp1ysHfHo3pa3gNxjkNpMdK/oSEEANdWMBQnROSYTiolqegafJgU8xTyy11OTGQ1aQbB/hUavz9Za+qU2wDiqsJ3Cnysjg1kfZsYSqAe9nEmmrXTFN/Uyjjn6g+YbnrHueoDBwSxwHrfTR5b1mkGHJUHYBjMr86F0f7xSjWWa4rt1MPsLVg2Bcq03InyNSa7tNBkLhJ2uqUPDdAU33qLTMuMXMxfQj/S9bi+m+reDNc0+vUWRWJhSySntUGSyVVLTZXRpf82+jaTVTQfjPoJCo1ddXZT4HBbM8HVu7Y9oa8C+8UE9btYr7Sb1m7zF0jQOHuVRVbL72D2FDnLGKFJYjdNoRPQ2afB+d/jMdD9RYtKOyvpmayWFoSSz8jdp32jn+Y0ubZNxuhG9JFzDMQu+9E9gn+zwwnDoQsmZ5mlpWlVdOnu7A0t3gjKQYTPsxCd5tEQC8RTfcvuU0D5uP6aEgcK3RHS6rOoh8DX1RM3kw36cLDIMfxa7R7sJzBmAz5rDlnXKi+4rpEQB2zSMY1K6BuHPhAhN+lagwufaYzJF/av3wGypnQJdA4/1+FP9eeDartzkn0tIBJbwkEIJVij6mtRp1wSqdoGNV7AN9iIPfF0Nz3DSLAHHK+5OjcOGX3f5B25iA1e979NqMq8yI5IN49PiXdByo5Mpm+cotRlSAXvequOB/Sj4EOXwOsQQvWrqFAqGX41C19Wt1bV8O2WqMlP1B0U1356S0+o/KUkvUsjy4RyXwDTXnI45ghrB+yhcrb1oGZWNHvWGwtbR+vXCvYAKHAfoO2VkFfv3XJv+F7WDSpY8qM8bk+nvDcuKnN3ZsOBimA5KNRBttZKj7UZweX7RkA==,iv:MsALcVWHIsVSc/fOfbewA/GvW14ZyR0XBoKgHLMJ0pg=,tag:pJLW8Lomj7tQxln6zhzi5w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age18z6wevr8ze5azvq7nfty3l29s7887l8n5mefr64avhlthtr4uvnqw90nfs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrdG1aUk9aek5RVE4rZm5N
ajhyc3NLKzF3Q3UrUE1RSFJsci9aMWNjbEQwCmhSNENJcWlaZUpxT3lqZmdOUWVo
UDVwRC9vU0kwRDNXNk5VUVpMUTEwWDAKLS0tICtFL25FZFRaTEhPdWJhYmRYbFVt
RndrQ2JxZnMxZlBIM3RHS0E1WTlZQzQK7oTkv/PG3poAdYnqXnzX3j5ZUgMa3GFB
aQtceF96jKRltwPrnUgZZ5EadTaLyGAD30fqvUJ9/oP6NLe7kmsTWg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-08T01:38:06Z"
mac: ENC[AES256_GCM,data:eZ1eWxLcub6DaPPI+UkLb0cK/1DECeRee5RSVpo0G7DgggKS9Hwi+9K8EQ+xfTLhyDiuCh5FOlBakqinKpNo0BS2rJls1teVvFoXv/j7OwnbKRzFmSxVloC9OTGdjmAUY0wnkaN27GgassK/mUPixXGyy0rwN/qf+wel5uh8dYI=,iv:Xj4uJEF1+e9O+q63tWXIYZnDIJN1wpxiJQppl84YiJI=,tag:ioyJgO4bhkt8yJ3YsZISqA==,type:str]
pgp: []
encrypted_regex: ^(data|stringData|secret_key|password|hosts)$
version: 3.9.4

135
kubernetes/apps/production/authentik/customcss.yaml Normal file
View file

@ -0,0 +1,135 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: authentik-custom-css
namespace: authentik
data:
custom.css: |
/* Custom CSS for Authentik Login Page and Admin Interface */
:root {
--ak-accent: #3a3a40;
--pf-global--primary-color--100: #3a3a40;
--pf-global--primary-color--200: #3a3a40;
--pf-global--primary-color--400: var(--ak-accent);
}
/*** Main login page ***/
.pf-c-login__main {
background-color: transparent !important;
backdrop-filter: blur(8px);
border: 2px solid #807e82;
border-radius: 25px;
animation: pulse-border 3s infinite;
}
/* Glowing border animation */
@keyframes pulse-border {
0%, 100% {
box-shadow: 0 0 10px #807e82, 0 0 15px #807e82;
}
50% {
box-shadow: 0 0 15px #807e82, 0 0 25px #807e82;
}
}
/* Sidebar and footer transparency */
.pf-c-page__sidebar,
.pf-c-login__main-footer-band,
.pf-c-login__footer .pf-c-list {
background-color: transparent !important;
backdrop-filter: blur(10px);
}
/* Pseudo-elements for background effects */
.pf-c-login__main::before,
.pf-c-login__main-footer-band::before,
.pf-c-login__footer .pf-c-list::before,
.pf-c-page__sidebar::before {
content: "";
position: absolute;
left: 0;
top: 0;
width: 100%;
height: 100%;
z-index: -1;
opacity: 0.1;
background-color: var(--ak-dark-background);
border-radius: 25px;
}
/* Login button styling */
.pf-c-button.pf-m-block {
--pf-c-button--disabled--BackgroundColor: var(--pf-c-button--m-link--disabled--BackgroundColor);
color: white;
background-color: #3a3a40;
border-radius: 20px;
opacity: 0.785;
box-shadow: 2px 2px 10px rgba(0, 0, 0, 0.3);
width: 50%;
margin: 0 auto;
}
/* Form input styling */
.pf-c-form-control,
.pf-c-input-group {
border-radius: 20px;
border: 2px solid #3a3a40 !important;
}
/* Text color for various elements */
a,
body,
h1,
h2,
.pf-c-expandable-section__toggle,
.pf-c-page__header-tools,
.pf-c-button {
color: #b7b7b7 !important;
}
.pf-c-button.pf-m-secondary.pf-m-block::after {
content: none; /* Removes the content from the ::after pseudo-element */
box-shadow: none; /* Removes any shadow that may create a square effect */
border: none; /* If there's any border being applied, remove it */
}
/* Light mode adjustments */
:host([theme="light"]) .pf-c-page__header-tools-item .fas,
:host([theme="light"]) .pf-c-notification-badge__count,
:host([theme="light"]) .pf-c-page__header-tools-group .pf-c-button {
color: #b7b7b7 !important;
}
/* App card styling */
.pf-c-card.pf-m-compact,
.pf-c-expandable-section.pf-m-display-lg {
border-radius: 20px;
background: rgba(18, 18, 18, 0.4);
backdrop-filter: blur(7px);
border: 1px solid rgba(255, 255, 255, 0.2);
transition: box-shadow 0.3s ease-in-out;
box-shadow: 0 4px 15px rgba(0, 0, 0, 0.5);
background: linear-gradient(135deg, rgba(30, 30, 30, 0.3) 0%, rgba(15, 15, 15, 0.3) 100%);
}
/* App card hover effect */
.pf-c-card.pf-m-compact:hover,
.pf-c-expandable-section.pf-m-display-lg:hover {
box-shadow: 0 0 15px 3px #d6d6d6;
}
/* App icon rounded corners */
.icon.pf-c-avatar {
border-radius: 15px;
}
/*** Admin interface ***/
.pf-c-page__sidebar {
backdrop-filter: blur(10px);
}
.pf-c-page,
.pf-c-tabs__item {
background-color: transparent !important;
}

22
kubernetes/apps/production/authentik/helmrelease.yaml Normal file
View file

@ -0,0 +1,22 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: authentik
namespace: authentik
spec:
interval: 15m
chart:
spec:
chart: authentik
version: "2024.12.3"
sourceRef:
kind: HelmRepository
name: authentik-chart
namespace: flux-system
interval: 15m
install:
remediation:
retries: 5
valuesFrom:
- kind: ConfigMap
name: authentik-values

8
kubernetes/apps/production/authentik/helmrepo.yaml Normal file
View file

@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: authentik-chart
namespace: flux-system
spec:
interval: 2h
url: https://charts.goauthentik.io

10
kubernetes/apps/production/authentik/kustomization.yaml Normal file
View file

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- helmrelease.yaml
- helmrepo.yaml
- configmap.yaml
- service.yaml
- customcss.yaml
- media-pvc.yaml

12
kubernetes/apps/production/authentik/media-pvc.yaml Normal file
View file

@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: authentik-media-pvc
namespace: authentik
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: longhorn

6
kubernetes/apps/production/authentik/namespace.yaml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: authentik
labels:
name: authentik

34
kubernetes/apps/production/authentik/service.yaml Normal file
View file

@ -0,0 +1,34 @@
---
apiVersion: v1
kind: Service
metadata:
name: authentik-lb
namespace: authentik
spec:
type: LoadBalancer
selector:
app.kubernetes.io/name: authentik
ports:
- name: http
port: 9000
targetPort: 9000
protocol: TCP
- name: https
port: 9443
targetPort: 9443
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: authentik-ldap-lb
namespace: authentik
spec:
type: LoadBalancer
selector:
app.kubernetes.io/name: authentik-outpost-ldap
ports:
- name: ldap
port: 389
targetPort: 3389
protocol: TCP

19
kubernetes/apps/production/cert-manager/certificates/local.yaml Normal file
View file

@ -0,0 +1,19 @@
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: local-mafyuh-com
namespace: default
spec:
secretName: local-mafyuh-com-production-tls
secretTemplate:
annotations:
reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"
reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "*.local.mafyuh.com"
dnsNames:
- "local.mafyuh.com"
- "*.local.mafyuh.com"

27
kubernetes/apps/production/cert-manager/helmrelease.yaml Normal file
View file

@ -0,0 +1,27 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: cert-manager
namespace: cert-manager
spec:
interval: 5m
releaseName: cert-manager
chart:
spec:
chart: cert-manager
version: v1.16.3
sourceRef:
kind: HelmRepository
name: cert-manager-repo
namespace: flux-system
values:
installCRDs: true
replicaCount: 1
extraArgs:
- --dns01-recursive-nameservers=1.1.1.1:53,9.9.9.9:53
- --dns01-recursive-nameservers-only
podDnsPolicy: None
podDnsConfig:
nameservers:
- "1.1.1.1"
- "9.9.9.9"

8
kubernetes/apps/production/cert-manager/helmrepo.yaml Normal file
View file

@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: cert-manager-repo
namespace: flux-system
spec:
interval: 1m
url: https://charts.jetstack.io

21
kubernetes/apps/production/cert-manager/issuers/letsencrypt.yaml Normal file
View file

@ -0,0 +1,21 @@
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-production
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: matt@mafyuh.dev
privateKeySecretRef:
name: letsencrypt-production
solvers:
- dns01:
cloudflare:
email: matt@mafyuh.dev
apiTokenSecretRef:
name: cloudflare-token-secret
key: cloudflare-token
selector:
dnsZones:
- "mafyuh.com"

28
kubernetes/apps/production/cert-manager/issuers/secret-cf-token.yaml Normal file
View file

@ -0,0 +1,28 @@
apiVersion: v1
kind: Secret
metadata:
name: cloudflare-token-secret
namespace: cert-manager
type: Opaque
stringData:
cloudflare-token: ENC[AES256_GCM,data:v2kjVp6LLc/VG+ufNNfZel5ehCuZlglaVeKjfiw0YWlaO7YDYhrVbQ==,iv:+ME0TvaiOhoariGhZ+00UWvEkwlvwLhsG4zv6A0qZy8=,tag:2ZVGoDCzVeluB2Xz35mfEg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age18z6wevr8ze5azvq7nfty3l29s7887l8n5mefr64avhlthtr4uvnqw90nfs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5d1BDMzRsZG1RekZ1QXJ4
MkZmejc2N0N5L3ZDMktuWjFNQ0FuWjBiVUFFCmFhc3JCT1poSUY4c0pVblhXWHE3
YVIza1ROWTFzb1QvWFY5KzR1QTFLclkKLS0tIGxHMUVUUytoMFZwVVR6eTliUlVS
NXFHeGlQZjZuOUZOUlFjWDByeE1nTkUKIj2H5RlZXGnCoRv8C5AMcwiiuAVZq/d2
J70Wv/Dq/k4QNWC357Zj8sgMJicDjpOHbwgBwj6b+StEmPAeWgFBVg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-28T04:59:18Z"
mac: ENC[AES256_GCM,data:6P0dTpxLmBacIJd3OQzPoh89l0eGarG7nc4X2rl/ULLn7IfiRh7CAo1RYbypCLzlo60WQGOD1bY0vzd+E652vqdV4BjuLG4WYm3lDTZ8BbpwUw1G2y9+5gg8zQPVhBcbGg9xV+gszTcaF6oziFT2q6OqD4Hhbgt8vCXOLD13bG4=,iv:5OFeeyapfZXaZyKNYDKzOTNCxocYS7f0ryW5ubJ16TQ=,tag:peEEC2Re+LCGRRd/hRdiwg==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.9.4

9
kubernetes/apps/production/cert-manager/kustomization.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- certificates/local.yaml
- helmrelease.yaml
- helmrepo.yaml
- issuers/letsencrypt.yaml
- issuers/secret-cf-token.yaml
- namespace.yaml

6
kubernetes/apps/production/cert-manager/namespace.yaml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: cert-manager
labels:
name: cert-manager

9
kubernetes/apps/production/kustomization.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- arr/
- authentik/
- cert-manager/
- longhorn/
- nginx/
- reflector/

16
kubernetes/apps/production/longhorn/helmrelease.yaml Normal file
View file

@ -0,0 +1,16 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: longhorn-release
namespace: longhorn-system
spec:
chart:
spec:
chart: longhorn
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
name: longhorn-repo
version: v1.8.0
interval: 1m0s

9
kubernetes/apps/production/longhorn/helmrepo.yaml Normal file
View file

@ -0,0 +1,9 @@
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: longhorn-repo
namespace: flux-system
spec:
interval: 1m0s
url: https://charts.longhorn.io

27
kubernetes/apps/production/longhorn/ingress.yaml Normal file
View file

@ -0,0 +1,27 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: longhorn-ingress
namespace: longhorn-system
annotations:
# Prevent the controller from redirecting (308) to HTTPS
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
# Custom max body size for file uploading, like backing image uploading
nginx.ingress.kubernetes.io/proxy-body-size: 10000m
spec:
ingressClassName: nginx
rules:
- host: "longhorn.local.mafyuh.com"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: longhorn-frontend
port:
number: 80
tls:
- hosts:
- longhorn.local.mafyuh.com
secretName: local-mafyuh-com-production-tls

7
kubernetes/apps/production/longhorn/kustomization.yaml Normal file
View file

@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml
- helmrepo.yaml
- ingress.yaml
- namespace.yaml

6
kubernetes/apps/production/longhorn/namespace.yaml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: longhorn-system
labels:
name: longhorn-system

20
kubernetes/apps/production/nginx/helmrelease.yaml Normal file
View file

@ -0,0 +1,20 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: nginx-ingress
namespace: ingress-nginx
spec:
interval: 5m
releaseName: nginx-ingress
chart:
spec:
chart: ingress-nginx
version: 4.12.0
sourceRef:
kind: HelmRepository
name: nginx-ingress-repo
namespace: flux-system
values:
controller:
service:
type: LoadBalancer

8
kubernetes/apps/production/nginx/helmrepo.yaml Normal file
View file

@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: nginx-ingress-repo
namespace: flux-system
spec:
interval: 1m
url: https://kubernetes.github.io/ingress-nginx

6
kubernetes/apps/production/nginx/kustomization.yaml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml
- helmrepo.yaml
- namespace.yaml

6
kubernetes/apps/production/nginx/namespace.yaml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: nginx-ingress
labels:
name: nginx-ingress

18
kubernetes/apps/production/reflector/helmrelease.yaml Normal file
View file

@ -0,0 +1,18 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: reflector
namespace: reflector-system
spec:
interval: 5m
releaseName: reflector
chart:
spec:
chart: reflector
version: 7.1.288
sourceRef:
kind: HelmRepository
name: reflector-repo
namespace: flux-system
values:
replicaCount: 1

8
kubernetes/apps/production/reflector/helmrepo.yaml Normal file
View file

@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: reflector-repo
namespace: flux-system
spec:
interval: 1m
url: https://emberstack.github.io/helm-charts

6
kubernetes/apps/production/reflector/kustomization.yaml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrepo.yaml
- helmrelease.yaml
- namespace.yaml

6
kubernetes/apps/production/reflector/namespace.yaml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: reflector-system
labels:
name: reflector-system

0
kubernetes/cluster/production/README.md Normal file
View file

2
kubernetes/cluster/production/flux-system/gotk-sync.yaml
View file

@ -20,7 +20,7 @@ metadata:
namespace: flux-system
spec:
interval: 10m0s
path: ./kubernetes/cluster/production
path: ./kubernetes
prune: true
sourceRef:
kind: GitRepository

5
kubernetes/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- apps/
- cluster/production/

57
kubernetes/secrets/qbitty-secrets.yaml Normal file
View file

@ -0,0 +1,57 @@
apiVersion: v1
kind: Secret
metadata:
name: qbitty-wireguard
namespace: arr
type: Opaque
data:
wg0.conf: ENC[AES256_GCM,data:J1FCcmGCNtrz1TY8XodUZsAjKGyJ7jhhRmIoCIpYECmIGbH6KIcpxegrl6yu4gQ4g3ESTfZEpgGUXdXB44+EOz1FrzxQzEOvm5XvOyWClPYxm0ihKDEXUEWJiNqA+ALK7HJ1xWtNr1Y/YSoDlRjUW28x16vMDfc6xAI+L6SIAy++laAE0SC7L6C6AAU92y9GbEz9jvFTG4KpkagxJs/OwEXSdveaF/14BiPfmkPBfBF/+YHdFM8bOBpk0oIPv4FMpyOItMHJLVETaMgLHEktUAj5tzFh42zi2niUBH3zcwrxJ5P7auU/br2kzamgeiNavg20KG4p45DasV5KCX8L/qjM4mBD4GcVuO0yssCQFRac9QkesR3cKG7BjfHEoRbgprr8wPdOJCcLel9neUT0L4xs9UO9HoX2aZG1yHWaJv/NidnTyp9gKVKmzKYy1ozs7+iVKGI0GNmRExvr9OqGhP0kW+KZZUlHWx36KXumL3nojseR+dVN2lMFzv25vXqbYPI7YGe+7vp48IB6Iy7KDGmylAKT9zi/+UHPGBaNauMguFWgRN5++SzVmU0GqwMzlsFU+CChc0Bx7j1W5EjxOrRYp6twHj4HrfIDKedi4Pk6eOQeX1brdSAqW3mNP7eebscS8KU7ZEXZRXQy,iv:HbWrbhbeqy72eudik8gj+0nd39QoXl9zVhc7jWgjlNU=,tag:FT/SKHF0ZhKV3sXBzdfhgQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age18z6wevr8ze5azvq7nfty3l29s7887l8n5mefr64avhlthtr4uvnqw90nfs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvQXNzeStVQW9XSnUrZnha
Q2s4OVpaMjRMTTFPWjMrZjFEcE0wWkJFNGtvClVZWXBDK3pJcERBS3ZGbWk1Nks3
eXFkMjl3dHZsa3ZUSEFmM09hWlpPbWsKLS0tIDBmTTREck11R3dzaFdMS3FmYUFH
R0hKRmJoSDd0UHFBZzI2cExUdlhXZjQKHAmiPndRDpUsfgi1mofov5T28KDB7GEL
tL7srFCfQUQfCfgWXTNf00KiSZkKjYwOKistaExEN90kllfjjjSWZg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-02T03:30:13Z"
mac: ENC[AES256_GCM,data:/zhxrwAFbIQz0apwH/fZFQ5nIEjBuxZnb2VN4LAuUCxA7wslfueEcQvwmRpjviibHR2yhnGXReQ7ZpBuKmI3ME19/KhoHxaPxokWIEb1l1oXhpOfvnItGzYB+hQjP8Rxup6J4p40VbfkUXku5p7zcGecjdrbn09VViZT/XwIYnk=,iv:I+J/ab0AXtjIy0TV+1WHzpNLPITZfkY9iUTS6jq6ZME=,tag:cdLwYNS0RYsAkJYFhKJNtg==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.9.4
---
apiVersion: v1
kind: Secret
metadata:
name: lan-network
namespace: arr
type: Opaque
stringData:
lan-network: ENC[AES256_GCM,data:7fOVwSQw8916epH8LUir4ZKAEVxooiFGbk+V7FE1ZUI2EWPyfmQ=,iv:yHp2luIyl0Lgy7JjI8jE624M0Hsa4Pquo5TiPRyG5gw=,tag:B4SowM3MQubE986WhA1gLg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age18z6wevr8ze5azvq7nfty3l29s7887l8n5mefr64avhlthtr4uvnqw90nfs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvQXNzeStVQW9XSnUrZnha
Q2s4OVpaMjRMTTFPWjMrZjFEcE0wWkJFNGtvClVZWXBDK3pJcERBS3ZGbWk1Nks3
eXFkMjl3dHZsa3ZUSEFmM09hWlpPbWsKLS0tIDBmTTREck11R3dzaFdMS3FmYUFH
R0hKRmJoSDd0UHFBZzI2cExUdlhXZjQKHAmiPndRDpUsfgi1mofov5T28KDB7GEL
tL7srFCfQUQfCfgWXTNf00KiSZkKjYwOKistaExEN90kllfjjjSWZg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-02T03:30:13Z"
mac: ENC[AES256_GCM,data:/zhxrwAFbIQz0apwH/fZFQ5nIEjBuxZnb2VN4LAuUCxA7wslfueEcQvwmRpjviibHR2yhnGXReQ7ZpBuKmI3ME19/KhoHxaPxokWIEb1l1oXhpOfvnItGzYB+hQjP8Rxup6J4p40VbfkUXku5p7zcGecjdrbn09VViZT/XwIYnk=,iv:I+J/ab0AXtjIy0TV+1WHzpNLPITZfkY9iUTS6jq6ZME=,tag:cdLwYNS0RYsAkJYFhKJNtg==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.9.4

28
kubernetes/secrets/secret-cf-token.yaml Normal file
View file

@ -0,0 +1,28 @@
apiVersion: v1
kind: Secret
metadata:
name: cloudflare-token-secret
namespace: cert-manager
type: Opaque
stringData:
cloudflare-token: ENC[AES256_GCM,data:v2kjVp6LLc/VG+ufNNfZel5ehCuZlglaVeKjfiw0YWlaO7YDYhrVbQ==,iv:+ME0TvaiOhoariGhZ+00UWvEkwlvwLhsG4zv6A0qZy8=,tag:2ZVGoDCzVeluB2Xz35mfEg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age18z6wevr8ze5azvq7nfty3l29s7887l8n5mefr64avhlthtr4uvnqw90nfs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5d1BDMzRsZG1RekZ1QXJ4
MkZmejc2N0N5L3ZDMktuWjFNQ0FuWjBiVUFFCmFhc3JCT1poSUY4c0pVblhXWHE3
YVIza1ROWTFzb1QvWFY5KzR1QTFLclkKLS0tIGxHMUVUUytoMFZwVVR6eTliUlVS
NXFHeGlQZjZuOUZOUlFjWDByeE1nTkUKIj2H5RlZXGnCoRv8C5AMcwiiuAVZq/d2
J70Wv/Dq/k4QNWC357Zj8sgMJicDjpOHbwgBwj6b+StEmPAeWgFBVg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-28T04:59:18Z"
mac: ENC[AES256_GCM,data:6P0dTpxLmBacIJd3OQzPoh89l0eGarG7nc4X2rl/ULLn7IfiRh7CAo1RYbypCLzlo60WQGOD1bY0vzd+E652vqdV4BjuLG4WYm3lDTZ8BbpwUw1G2y9+5gg8zQPVhBcbGg9xV+gszTcaF6oziFT2q6OqD4Hhbgt8vCXOLD13bG4=,iv:5OFeeyapfZXaZyKNYDKzOTNCxocYS7f0ryW5ubJ16TQ=,tag:peEEC2Re+LCGRRd/hRdiwg==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.9.4

8
terraform/flux/main.tf
View file

@ -7,7 +7,7 @@ provider "flux" {
config_path = "~/.kube/config"
}
git = {
url = "https://git.mafyuh.dev/mafyuh/k3s"
url = "https://git.mafyuh.dev/mafyuh/iac"
http = {
username = "mafyuh"
password = data.bitwarden-secrets_secret.git_flux_password.value
@ -16,5 +16,9 @@ provider "flux" {
}
resource "flux_bootstrap_git" "flux" {
path = "cluster/production"
path = "kubernetes/cluster/production"
lifecycle {
ignore_changes = all
}
}