diff --git a/.gitignore b/.gitignore index e193fbc..39350e3 100644 --- a/.gitignore +++ b/.gitignore @@ -43,4 +43,6 @@ result .direnv/ .env plan.out -config.tf.json \ No newline at end of file +config.tf.json + +**/charts diff --git a/kubernetes/atuin/VaultStaticSecret-postgres-atuin.yaml b/kubernetes/atuin/VaultStaticSecret-postgres-atuin.yaml index f0651c9..d2dc535 100644 --- a/kubernetes/atuin/VaultStaticSecret-postgres-atuin.yaml +++ b/kubernetes/atuin/VaultStaticSecret-postgres-atuin.yaml @@ -1,14 +1,21 @@ apiVersion: secrets.hashicorp.com/v1beta1 -kind: VaultStaticSecret +kind: VaultDynamicSecret metadata: name: postgres-atuin namespace: atuin spec: + allowStaticCreds: true destination: create: true name: postgres-atuin - mount: kv - path: atuin/postgres-atuin + transformation: + templates: + ATUIN_DB_URI: + text: postgres://{{ .Secrets.username }}:{{ .Secrets.password }}@192.168.50.236/atuin + mount: database + path: static-creds/atuin refreshAfter: 30s - type: kv-v2 vaultAuthRef: vault + rolloutRestartTargets: + - name: atuin + kind: Deployment diff --git a/kubernetes/atuin/deployment.yaml b/kubernetes/atuin/deployment.yaml index dee313b..bc6d3ed 100644 --- a/kubernetes/atuin/deployment.yaml +++ b/kubernetes/atuin/deployment.yaml @@ -19,18 +19,17 @@ spec: - server - start env: - - name: ATUIN_DB_URI - valueFrom: - secretKeyRef: - name: postgres-atuin - key: uri - optional: false - name: ATUIN_HOST value: 0.0.0.0 - name: ATUIN_PORT value: "8888" - name: ATUIN_OPEN_REGISTRATION value: "false" + - name: RUST_LOG + value: "info,atuin_server=debug" + envFrom: + - secretRef: + name: postgres-atuin image: ghcr.io/atuinsh/atuin:v18.2.0 name: atuin ports: diff --git a/kubernetes/cloudflare/cloudflared.yml b/kubernetes/cloudflare/cloudflared.yaml similarity index 59% rename from kubernetes/cloudflare/cloudflared.yml rename to kubernetes/cloudflare/cloudflared.yaml index 7f91783..9e7c8a3 100644 --- a/kubernetes/cloudflare/cloudflared.yml +++ b/kubernetes/cloudflare/cloudflared.yaml @@ -81,43 +81,3 @@ spec: podMetricsEndpoints: - port: metrics interval: 30s ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: cloudflared - namespace: cloudflare -data: - config.yaml: | - tunnel: new-homelab - credentials-file: /etc/cloudflared/creds/credentials.json - metrics: 0.0.0.0:2000 - no-autoupdate: true - warp-routing: - enabled: true - ingress: - - hostname: photos.gmem.ca - service: https://homelab.gmem.ca - - hostname: pw.gmem.ca - service: https://homelab.gmem.ca - - hostname: authentik.gmem.ca - service: https://homelab.gmem.ca - - hostname: nitter.gmem.ca - service: https://homelab.gmem.ca - - hostname: git.gmem.ca - service: https://homelab.gmem.ca - - hostname: proxmox.gmem.ca - service: https://homelab.gmem.ca - - hostname: tokyo.gmem.ca - service: https://homelab.gmem.ca - - hostname: ibiza.gmem.ca - service: https://homelab.gmem.ca - - hostname: chat.gmem.ca - service: https://homelab.gmem.ca - - hostname: paste.gmem.ca - service: https://homelab.gmem.ca - - hostname: e6.gmem.ca - service: https://homelab.gmem.ca - - hostname: minecraft-invites.gmem.ca - service: https://homelab.gmem.ca - - service: http_status:404 diff --git a/kubernetes/cloudflare/config.yaml b/kubernetes/cloudflare/config.yaml new file mode 100644 index 0000000..10ee5b2 --- /dev/null +++ b/kubernetes/cloudflare/config.yaml @@ -0,0 +1,32 @@ +tunnel: new-homelab +credentials-file: /etc/cloudflared/creds/credentials.json +metrics: 0.0.0.0:2000 +no-autoupdate: true +warp-routing: + enabled: true +ingress: +- hostname: photos.gmem.ca + service: https://homelab.gmem.ca +- hostname: pw.gmem.ca + service: https://homelab.gmem.ca +- hostname: authentik.gmem.ca + service: https://homelab.gmem.ca +- hostname: nitter.gmem.ca + service: https://homelab.gmem.ca +- hostname: git.gmem.ca + service: https://homelab.gmem.ca +- hostname: proxmox.gmem.ca + service: https://homelab.gmem.ca +- hostname: tokyo.gmem.ca + service: https://homelab.gmem.ca +- hostname: ibiza.gmem.ca + service: https://homelab.gmem.ca +- hostname: chat.gmem.ca + service: https://homelab.gmem.ca +- hostname: paste.gmem.ca + service: https://homelab.gmem.ca +- hostname: e6.gmem.ca + service: https://homelab.gmem.ca +- hostname: minecraft-invites.gmem.ca + service: https://homelab.gmem.ca +- service: http_status:404 diff --git a/kubernetes/cloudflare/kustomization.yaml b/kubernetes/cloudflare/kustomization.yaml index 160ea4e..6a602c5 100644 --- a/kubernetes/cloudflare/kustomization.yaml +++ b/kubernetes/cloudflare/kustomization.yaml @@ -1,4 +1,18 @@ apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: cloudflare + +resources: +- cloudflared.yaml +- VaultAuth.yaml +- VaultStaticSecret-tunnel-credentials.yaml +- VaultStaticSecret-cloudflare-exporter.yaml + +configMapGenerator: +- name: cloudflared + files: + - config.yaml + helmCharts: - kubeVersion: '1.30' name: cloudflare-exporter @@ -13,10 +27,3 @@ helmCharts: labels: release: prometheus version: 0.2.1 -kind: Kustomization -namespace: cloudflare -resources: -- cloudflared.yml -- VaultAuth.yaml -- VaultStaticSecret-tunnel-credentials.yaml -- VaultStaticSecret-cloudflare-exporter.yaml diff --git a/kubernetes/irc/Deployment-soju.yaml b/kubernetes/irc/Deployment-soju.yaml index 1d7b701..5b878cc 100644 --- a/kubernetes/irc/Deployment-soju.yaml +++ b/kubernetes/irc/Deployment-soju.yaml @@ -20,10 +20,7 @@ spec: containers: - env: - name: PGDATABASE - valueFrom: - secretKeyRef: - key: dbname - name: postgres-soju + value: soju - name: PGHOST value: 192.168.50.236 - name: PGPASSWORD @@ -34,7 +31,7 @@ spec: - name: PGUSER valueFrom: secretKeyRef: - key: user + key: username name: postgres-soju image: git.gmem.ca/arch/soju:s3 imagePullPolicy: Always diff --git a/kubernetes/irc/VaultStaticSecret-postgres-soju.yaml b/kubernetes/irc/VaultStaticSecret-postgres-soju.yaml index 31f15b7..1daefb7 100644 --- a/kubernetes/irc/VaultStaticSecret-postgres-soju.yaml +++ b/kubernetes/irc/VaultStaticSecret-postgres-soju.yaml @@ -1,14 +1,18 @@ apiVersion: secrets.hashicorp.com/v1beta1 -kind: VaultStaticSecret +kind: VaultDynamicSecret metadata: name: postgres-soju - namespace: irc + namespace: soju spec: + allowStaticCreds: true destination: create: true name: postgres-soju - mount: kv - path: irc/postgres-soju + transformation: + mount: database + path: static-creds/soju refreshAfter: 30s - type: kv-v2 vaultAuthRef: vault + rolloutRestartTargets: + - name: soju + kind: Deployment diff --git a/kubernetes/jellyseerr/kustomization.yaml b/kubernetes/jellyseerr/kustomization.yaml index 17c4030..1967f48 100644 --- a/kubernetes/jellyseerr/kustomization.yaml +++ b/kubernetes/jellyseerr/kustomization.yaml @@ -6,3 +6,4 @@ resources: - Ingress-jellyseerr.yaml - VaultAuth.yaml - VaultStaticSecret-jellyseerr.yaml +- ConfigMap-jellyseerr.yaml diff --git a/kubernetes/nitter/ConfigMap-nitter-bot.yaml b/kubernetes/nitter/ConfigMap-nitter-bot.yaml new file mode 100644 index 0000000..02f587f --- /dev/null +++ b/kubernetes/nitter/ConfigMap-nitter-bot.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + NITTER_EXTERNAL_URL: https://nitter.gmem.ca + NITTER_URL: http://nitter:8080 +kind: ConfigMap +metadata: + name: nitter-bot + namespace: nitter diff --git a/kubernetes/nitter/ConfigMap-nitter.yaml b/kubernetes/nitter/ConfigMap-nitter.yaml new file mode 100644 index 0000000..a10698c --- /dev/null +++ b/kubernetes/nitter/ConfigMap-nitter.yaml @@ -0,0 +1,103 @@ +apiVersion: v1 +data: + nitter-ro.conf: | + [Server] + hostname = "nitter.gmem.ca" # for generating links, change this to your own domain/ip + title = "nitter.gmem.ca" + address = "0.0.0.0" + port = 8081 + https = false # disable to enable cookies when not using https + httpMaxConnections = 100 + staticDir = "./public" + readOnly = true + + [Cache] + listMinutes = 240 # how long to cache list info (not the tweets, so keep it high) + rssMinutes = 10 # how long to cache rss queries + redisHost = "nitter-redis-master" # Change to "nitter-redis" if using docker-compose + redisPort = 6379 + redisPassword = "" + redisConnections = 20 # minimum open connections in pool + redisMaxConnections = 30 + # new connections are opened when none are available, but if the pool size + # goes above this, they're closed when released. don't worry about this unless + # you receive tons of requests per second + + [Config] + hmacKey = "66c3d14a0576c2c0fb723a2193f8f7a49f8f70a87c4e3b5b278cafa988cd3df25f92dc6d59fe2e44ca0316f850df4d42849833ebd3fbf2dba07479b20ebb543e" # random key for cryptographic signing of video urls + base64Media = false # use base64 encoding for proxied media urls + enableRSS = true # set this to false to disable RSS feeds + enableDebug = false # enable request logs and debug endpoints (/.tokens) + proxy = "" # http/https url, SOCKS proxies are not supported + proxyAuth = "" + tokenCount = 10 + # minimum amount of usable tokens. tokens are used to authorize API requests, + # but they expire after ~1 hour, and have a limit of 500 requests per endpoint. + # the limits reset every 15 minutes, and the pool is filled up so there's + # always at least `tokenCount` usable tokens. only increase this if you receive + # major bursts all the time and don't have a rate limiting setup via e.g. nginx + + # cookieHeader = "ct0=a5239634ecfbbdfe8c4826016062b7c1d3f5db7f5ccf45898d854739541810865323f2535c504bcd4f3907ee888379b02871a4fa78abace77c6f155c515740e99fb8add35bcd38ac534927e6c5744ba2; auth_token=cd6e00f611df987100a886885b019a3c6b575c97" # authentication cookie of a logged in account, required for the likes tab and NSFW content + # xCsrfToken = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" # required for the likes tab and NSFW content + + # Change default preferences here, see src/prefs_impl.nim for a complete list + [Preferences] + theme = "Nitter" + replaceTwitter = "nitter.gmem.ca" + replaceYouTube = "piped.video" + replaceReddit = "teddit.net" + proxyVideos = false + hlsPlayback = true + infiniteScroll = true + nitter.conf: | + [Server] + hostname = "nitter.gmem.ca" # for generating links, change this to your own domain/ip + title = "nitter.gmem.ca" + address = "0.0.0.0" + port = 8080 + https = false # disable to enable cookies when not using https + httpMaxConnections = 100 + staticDir = "./public" + + [Cache] + listMinutes = 240 # how long to cache list info (not the tweets, so keep it high) + rssMinutes = 10 # how long to cache rss queries + redisHost = "nitter-redis-master" # Change to "nitter-redis" if using docker-compose + redisPort = 6379 + redisPassword = "" + redisConnections = 20 # minimum open connections in pool + redisMaxConnections = 30 + # new connections are opened when none are available, but if the pool size + # goes above this, they're closed when released. don't worry about this unless + # you receive tons of requests per second + + [Config] + hmacKey = "66c3d14a0576c2c0fb723a2193f8f7a49f8f70a87c4e3b5b278cafa988cd3df25f92dc6d59fe2e44ca0316f850df4d42849833ebd3fbf2dba07479b20ebb543e" # random key for cryptographic signing of video urls + base64Media = false # use base64 encoding for proxied media urls + enableRSS = true # set this to false to disable RSS feeds + enableDebug = false # enable request logs and debug endpoints (/.tokens) + proxy = "" # http/https url, SOCKS proxies are not supported + proxyAuth = "" + tokenCount = 10 + # minimum amount of usable tokens. tokens are used to authorize API requests, + # but they expire after ~1 hour, and have a limit of 500 requests per endpoint. + # the limits reset every 15 minutes, and the pool is filled up so there's + # always at least `tokenCount` usable tokens. only increase this if you receive + # major bursts all the time and don't have a rate limiting setup via e.g. nginx + + # cookieHeader = "ct0=a5239634ecfbbdfe8c4826016062b7c1d3f5db7f5ccf45898d854739541810865323f2535c504bcd4f3907ee888379b02871a4fa78abace77c6f155c515740e99fb8add35bcd38ac534927e6c5744ba2; auth_token=cd6e00f611df987100a886885b019a3c6b575c97" # authentication cookie of a logged in account, required for the likes tab and NSFW content + # xCsrfToken = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" # required for the likes tab and NSFW content + + # Change default preferences here, see src/prefs_impl.nim for a complete list + [Preferences] + theme = "Nitter" + replaceTwitter = "nitter.gmem.ca" + replaceYouTube = "piped.gmem.ca" + replaceReddit = "red.gmem.ca" + proxyVideos = false + hlsPlayback = true + infiniteScroll = true +kind: ConfigMap +metadata: + name: nitter + namespace: nitter diff --git a/kubernetes/nitter/kustomization.yaml b/kubernetes/nitter/kustomization.yaml index 71eb848..acfd689 100644 --- a/kubernetes/nitter/kustomization.yaml +++ b/kubernetes/nitter/kustomization.yaml @@ -11,6 +11,8 @@ resources: - VaultAuth.yaml - VaultStaticSecret-nitter-bot.yaml - VaultStaticSecret-nitter.yaml +- ConfigMap-nitter.yaml +- ConfigMap-nitter-bot.yaml helmCharts: - name: redis diff --git a/kubernetes/searxng/ConfigMap-searxng-3e1ca337d7.yaml b/kubernetes/searxng/ConfigMap-searxng-3e1ca337d7.yaml deleted file mode 100644 index 006706c..0000000 --- a/kubernetes/searxng/ConfigMap-searxng-3e1ca337d7.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v1 -data: - limiter.toml: '# This configuration file updates the default configuration file - - # See https://github.com/searxng/searxng/blob/master/searx/botdetection/limiter.toml - - - [botdetection.ip_limit] - - # activate link_token method in the ip_limit method - - link_token = true - - ' - settings.yml: "use_default_settings: true\nserver:\n image_proxy: true\n http_protocol_version:\ - \ \"1.1\"\n method: \"GET\"\nui:\n static_use_hash: true\nredis:\n url: redis://searxng-redis-master:6379/0\n\ - general:\n instance_name: search.gmem.ca\nhostname_replace:\n '(.*\\.)?youtube\\\ - .com$': 'piped.gmem.ca'\n '(.*\\.)?youtu\\.be$': 'piped.gmem.ca'\n '(.*\\.)?youtube-noocookie\\\ - .com$': 'piped.gmem.ca'\n '(www\\.)?twitter\\.com$': 'nitter.gmem.ca'\n '(www\\\ - .)?x\\.com$': 'nitter.gmem.ca'\n '(.*\\.)?reddit\\.com$': 'red.gmem.ca'\n" -kind: ConfigMap -metadata: - annotations: - kubenix/k8s-version: '1.30' - kubenix/project-name: kubenix - labels: - kubenix/hash: e672eb08bf0db5ef675b3b6036ca047f43b4614f - name: searxng-3e1ca337d7 - namespace: searxng diff --git a/kubernetes/searxng/Deployment-searxng.yaml b/kubernetes/searxng/Deployment-searxng.yaml index eaa2ae4..ba2853d 100644 --- a/kubernetes/searxng/Deployment-searxng.yaml +++ b/kubernetes/searxng/Deployment-searxng.yaml @@ -42,5 +42,5 @@ spec: subPath: limiter.toml volumes: - configMap: - name: searxng-3e1ca337d7 + name: searxng name: config diff --git a/kubernetes/searxng/kustomization.yaml b/kubernetes/searxng/kustomization.yaml index d9067cf..1a9a8bd 100644 --- a/kubernetes/searxng/kustomization.yaml +++ b/kubernetes/searxng/kustomization.yaml @@ -1,4 +1,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: searxng + helmCharts: - name: redis releaseName: searxng-redis @@ -12,12 +16,16 @@ helmCharts: repository: redict tag: 7.3-compat version: 18.6.1 -kind: Kustomization -namespace: searxng + resources: -- ConfigMap-searxng-3e1ca337d7.yaml - Deployment-searxng.yaml - Service-searxng.yaml - Ingress-searxng.yaml - VaultAuth.yaml - VaultStaticSecret-searxng.yaml + +configMapGenerator: +- name: searxng + files: + - limiter.toml + - settings.yml diff --git a/kubernetes/searxng/limiter.toml b/kubernetes/searxng/limiter.toml new file mode 100644 index 0000000..71e768a --- /dev/null +++ b/kubernetes/searxng/limiter.toml @@ -0,0 +1,6 @@ +# This configuration file updates the default configuration file + +# See https://github.com/searxng/searxng/blob/master/searx/botdetection/limiter.toml +[botdetection.ip_limit] +# activate link_token method in the ip_limit method +link_token = true diff --git a/kubernetes/searxng/settings.yml b/kubernetes/searxng/settings.yml new file mode 100644 index 0000000..378bc4b --- /dev/null +++ b/kubernetes/searxng/settings.yml @@ -0,0 +1,19 @@ +use_default_settings: true +server: + image_proxy: true + http_protocol_version: "1.1" + method: "GET" +ui: + static_use_hash: true +redis: + url: redis://searxng-redis-master:6379/0 +general: + instance_name: search.gmem.ca +hostnames: + replace: + '(.*\.)?youtube\.com$': 'piped.gmem.ca' + '(.*\.)?youtube\.com$': 'piped.gmem.ca' + '(.*\.)?youtube-noocookie.com$': 'piped.gmem.ca' + '(.*\.)?twitter.com$': 'nitter.gmem.ca' + '(.*\.)?x.com$': 'nitter.gmem.ca' + '(.*\.)?reddit.com$': 'red.gmem.ca' diff --git a/kubernetes/vaultwarden/VaultStaticSecret-vaultwarden.yaml b/kubernetes/vaultwarden/VaultStaticSecret-vaultwarden.yaml index bf168f0..e02a024 100644 --- a/kubernetes/vaultwarden/VaultStaticSecret-vaultwarden.yaml +++ b/kubernetes/vaultwarden/VaultStaticSecret-vaultwarden.yaml @@ -12,3 +12,25 @@ spec: refreshAfter: 30s type: kv-v2 vaultAuthRef: vault +--- +apiVersion: secrets.hashicorp.com/v1beta1 +kind: VaultDynamicSecret +metadata: + name: postgres-vaultwarden + namespace: vaultwarden +spec: + allowStaticCreds: true + destination: + create: true + name: postgres-vaultwarden + transformation: + templates: + DATABASE_URL: + text: postgres://{{ .Secrets.username }}:{{ .Secrets.password }}@192.168.50.236/vaultwarden + mount: database + path: static-creds/vaultwarden + refreshAfter: 30s + vaultAuthRef: vault + rolloutRestartTargets: + - name: vaultwarden + kind: Deployment diff --git a/kubernetes/vaultwarden/deployment.yaml b/kubernetes/vaultwarden/deployment.yaml index a60ff67..3729ca1 100644 --- a/kubernetes/vaultwarden/deployment.yaml +++ b/kubernetes/vaultwarden/deployment.yaml @@ -16,10 +16,6 @@ spec: volumes: - name: data-dir emptyDir: {} - - name: rsa-keys - secret: - secretName: vaultwarden-rsa - defaultMode: 0644 containers: - name: vaultwarden image: vaultwarden/server:testing @@ -34,8 +30,10 @@ spec: envFrom: - secretRef: name: vaultwarden + - secretRef: + name: postgres-vaultwarden - configMapRef: - name: vaultwarden-env + name: vaultwarden env: - name: LOG_LEVEL value: debug @@ -43,9 +41,6 @@ spec: - containerPort: 80 name: web volumeMounts: - - name: rsa-keys - mountPath: /data/keys - readOnly: true - name: data-dir mountPath: /data --- @@ -87,49 +82,3 @@ spec: name: vaultwarden port: number: 80 ---- -apiVersion: secrets.infisical.com/v1alpha1 -kind: InfisicalSecret -metadata: - name: vaultwarden - namespace: vaultwarden -spec: - hostAPI: http://infisical:8080 - resyncInterval: 10 - authentication: - kubernetesAuth: - identityId: 68d1f432-7b0a-4e4a-b439-acbbbc160f1e - serviceAccountRef: - name: infisical-auth - namespace: infisical - secretsScope: - projectSlug: kubernetes-homelab-dp67 - envSlug: prod - secretsPath: "/vaultwarden" - managedSecretReference: - secretName: vaultwarden - secretNamespace: vaultwarden - creationPolicy: "Owner" ---- -apiVersion: secrets.infisical.com/v1alpha1 -kind: InfisicalSecret -metadata: - name: vaultwarden-rsa - namespace: vaultwarden -spec: - hostAPI: http://infisical:8080 - resyncInterval: 10 - authentication: - kubernetesAuth: - identityId: 68d1f432-7b0a-4e4a-b439-acbbbc160f1e - serviceAccountRef: - name: infisical-auth - namespace: infisical - secretsScope: - projectSlug: kubernetes-homelab-dp67 - envSlug: prod - secretsPath: "/vaultwarden/keys" - managedSecretReference: - secretName: vaultwarden-rsa - secretNamespace: vaultwarden - creationPolicy: "Owner" diff --git a/kubernetes/vaultwarden/kustomization.yaml b/kubernetes/vaultwarden/kustomization.yaml index f81d698..78a01aa 100644 --- a/kubernetes/vaultwarden/kustomization.yaml +++ b/kubernetes/vaultwarden/kustomization.yaml @@ -1,6 +1,14 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + +namespace: vaultwarden + resources: - VaultAuth.yaml - VaultStaticSecret-vaultwarden.yaml - deployment.yaml + +configMapGenerator: +- name: vaultwarden + envs: + - vaultwarden.env diff --git a/kubernetes/vaultwarden/vaultwarden.env b/kubernetes/vaultwarden/vaultwarden.env new file mode 100644 index 0000000..14ac084 --- /dev/null +++ b/kubernetes/vaultwarden/vaultwarden.env @@ -0,0 +1,15 @@ +DOMAIN=https://pw.gmem.ca +ENABLE_WEBSOCKET=true +EXTENDED_LOGGING=true +IP_HEADER=X-Real-IP +LOG_LEVEL=error +PUSH_ENABLED=true +PUSH_IDENTITY_URI=https://identity.bitwarden.eu +PUSH_RELAY_URI=https://push.bitwarden.eu +RSA_KEY_FILENAME=/data/rsa_key +SIGNUPS_ALLOWED=false +SIGNUPS_VERIFY=true +SMTP_FROM=vaultwarden@gmem.ca +SMTP_FROM_NAME=Arch's Vault +SMTP_PORT=465 +SMTP_SECURITY=force_tls diff --git a/kubernetes/vrchat/config.toml b/kubernetes/vrchat/config.toml new file mode 100644 index 0000000..95889fa --- /dev/null +++ b/kubernetes/vrchat/config.toml @@ -0,0 +1,36 @@ +[groups.waterwolf] +id = "grp_41df2df4-be4e-4a4e-be5e-eabb1425c4e5" +vrcdn = "waterwolf" + +[groups.vibenight] +id = "grp_8cf1101a-e75d-4e80-b5d5-c5ba2916cce8" +vrcdn = "vibenight" + +[groups.vibenight-roxy] +id = "" +vrcdn = "roxyreee" + +[groups.zrave] +id = "grp_f65e9e2e-c2a4-46af-a787-0e7c5d6be03c" +vrcdn = "furxmas" + +[groups.eufuria] +id = "grp_47c07467-c09a-4354-bba2-31e103b3c934" +vrcdn = "technicallysane" + +[groups.waterwolf-nullreff] +id = "" +vrcdn = "nullreff" + +[groups.con-vr-portals] +id = "grp_dcddb898-14bf-41ab-8c3e-e874847be6c9" + +#[groups.furality] +#id = "grp_210dbc09-c3da-4ebb-b641-73c99ce2619b" +#vrcdn = "furalityvrcdn" + +[worlds] +"becki" = "wrld_e3a45ec6-a319-42af-b68d-f82f47bddef3" +"foxxcon" = "wrld_27806231-964b-4fbe-add8-10bf14be8071" +"becki v2" = "wrld_74f11f39-9064-4d03-93e9-2141f4a60147" + diff --git a/kubernetes/vrchat/kustomization.yaml b/kubernetes/vrchat/kustomization.yaml index 932cc80..d9513c7 100644 --- a/kubernetes/vrchat/kustomization.yaml +++ b/kubernetes/vrchat/kustomization.yaml @@ -1,7 +1,15 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + +namespace: vrchat + resources: - Deployment-vrchat-prometheus-adapter.yaml - Service-vrchat-prometheus-adapter.yaml - ServiceMonitor-vrchat-prometheus-adapter.yaml - VaultAuth.yaml + +configMapGenerator: +- name: vrchat-prometheus-adapter + files: + - config.toml