This commit is contained in:
parent
7ac99af974
commit
124b319b57
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -44,3 +44,5 @@ result
|
|||
.env
|
||||
plan.out
|
||||
config.tf.json
|
||||
|
||||
**/charts
|
||||
|
|
|
@ -1,14 +1,21 @@
|
|||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultStaticSecret
|
||||
kind: VaultDynamicSecret
|
||||
metadata:
|
||||
name: postgres-atuin
|
||||
namespace: atuin
|
||||
spec:
|
||||
allowStaticCreds: true
|
||||
destination:
|
||||
create: true
|
||||
name: postgres-atuin
|
||||
mount: kv
|
||||
path: atuin/postgres-atuin
|
||||
transformation:
|
||||
templates:
|
||||
ATUIN_DB_URI:
|
||||
text: postgres://{{ .Secrets.username }}:{{ .Secrets.password }}@192.168.50.236/atuin
|
||||
mount: database
|
||||
path: static-creds/atuin
|
||||
refreshAfter: 30s
|
||||
type: kv-v2
|
||||
vaultAuthRef: vault
|
||||
rolloutRestartTargets:
|
||||
- name: atuin
|
||||
kind: Deployment
|
||||
|
|
|
@ -19,18 +19,17 @@ spec:
|
|||
- server
|
||||
- start
|
||||
env:
|
||||
- name: ATUIN_DB_URI
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgres-atuin
|
||||
key: uri
|
||||
optional: false
|
||||
- name: ATUIN_HOST
|
||||
value: 0.0.0.0
|
||||
- name: ATUIN_PORT
|
||||
value: "8888"
|
||||
- name: ATUIN_OPEN_REGISTRATION
|
||||
value: "false"
|
||||
- name: RUST_LOG
|
||||
value: "info,atuin_server=debug"
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: postgres-atuin
|
||||
image: ghcr.io/atuinsh/atuin:v18.2.0
|
||||
name: atuin
|
||||
ports:
|
||||
|
|
|
@ -81,43 +81,3 @@ spec:
|
|||
podMetricsEndpoints:
|
||||
- port: metrics
|
||||
interval: 30s
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: cloudflared
|
||||
namespace: cloudflare
|
||||
data:
|
||||
config.yaml: |
|
||||
tunnel: new-homelab
|
||||
credentials-file: /etc/cloudflared/creds/credentials.json
|
||||
metrics: 0.0.0.0:2000
|
||||
no-autoupdate: true
|
||||
warp-routing:
|
||||
enabled: true
|
||||
ingress:
|
||||
- hostname: photos.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: pw.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: authentik.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: nitter.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: git.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: proxmox.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: tokyo.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: ibiza.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: chat.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: paste.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: e6.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: minecraft-invites.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- service: http_status:404
|
32
kubernetes/cloudflare/config.yaml
Normal file
32
kubernetes/cloudflare/config.yaml
Normal file
|
@ -0,0 +1,32 @@
|
|||
tunnel: new-homelab
|
||||
credentials-file: /etc/cloudflared/creds/credentials.json
|
||||
metrics: 0.0.0.0:2000
|
||||
no-autoupdate: true
|
||||
warp-routing:
|
||||
enabled: true
|
||||
ingress:
|
||||
- hostname: photos.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: pw.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: authentik.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: nitter.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: git.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: proxmox.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: tokyo.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: ibiza.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: chat.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: paste.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: e6.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- hostname: minecraft-invites.gmem.ca
|
||||
service: https://homelab.gmem.ca
|
||||
- service: http_status:404
|
|
@ -1,4 +1,18 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: cloudflare
|
||||
|
||||
resources:
|
||||
- cloudflared.yaml
|
||||
- VaultAuth.yaml
|
||||
- VaultStaticSecret-tunnel-credentials.yaml
|
||||
- VaultStaticSecret-cloudflare-exporter.yaml
|
||||
|
||||
configMapGenerator:
|
||||
- name: cloudflared
|
||||
files:
|
||||
- config.yaml
|
||||
|
||||
helmCharts:
|
||||
- kubeVersion: '1.30'
|
||||
name: cloudflare-exporter
|
||||
|
@ -13,10 +27,3 @@ helmCharts:
|
|||
labels:
|
||||
release: prometheus
|
||||
version: 0.2.1
|
||||
kind: Kustomization
|
||||
namespace: cloudflare
|
||||
resources:
|
||||
- cloudflared.yml
|
||||
- VaultAuth.yaml
|
||||
- VaultStaticSecret-tunnel-credentials.yaml
|
||||
- VaultStaticSecret-cloudflare-exporter.yaml
|
||||
|
|
|
@ -20,10 +20,7 @@ spec:
|
|||
containers:
|
||||
- env:
|
||||
- name: PGDATABASE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: dbname
|
||||
name: postgres-soju
|
||||
value: soju
|
||||
- name: PGHOST
|
||||
value: 192.168.50.236
|
||||
- name: PGPASSWORD
|
||||
|
@ -34,7 +31,7 @@ spec:
|
|||
- name: PGUSER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: user
|
||||
key: username
|
||||
name: postgres-soju
|
||||
image: git.gmem.ca/arch/soju:s3
|
||||
imagePullPolicy: Always
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultStaticSecret
|
||||
kind: VaultDynamicSecret
|
||||
metadata:
|
||||
name: postgres-soju
|
||||
namespace: irc
|
||||
namespace: soju
|
||||
spec:
|
||||
allowStaticCreds: true
|
||||
destination:
|
||||
create: true
|
||||
name: postgres-soju
|
||||
mount: kv
|
||||
path: irc/postgres-soju
|
||||
transformation:
|
||||
mount: database
|
||||
path: static-creds/soju
|
||||
refreshAfter: 30s
|
||||
type: kv-v2
|
||||
vaultAuthRef: vault
|
||||
rolloutRestartTargets:
|
||||
- name: soju
|
||||
kind: Deployment
|
||||
|
|
|
@ -6,3 +6,4 @@ resources:
|
|||
- Ingress-jellyseerr.yaml
|
||||
- VaultAuth.yaml
|
||||
- VaultStaticSecret-jellyseerr.yaml
|
||||
- ConfigMap-jellyseerr.yaml
|
||||
|
|
8
kubernetes/nitter/ConfigMap-nitter-bot.yaml
Normal file
8
kubernetes/nitter/ConfigMap-nitter-bot.yaml
Normal file
|
@ -0,0 +1,8 @@
|
|||
apiVersion: v1
|
||||
data:
|
||||
NITTER_EXTERNAL_URL: https://nitter.gmem.ca
|
||||
NITTER_URL: http://nitter:8080
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: nitter-bot
|
||||
namespace: nitter
|
103
kubernetes/nitter/ConfigMap-nitter.yaml
Normal file
103
kubernetes/nitter/ConfigMap-nitter.yaml
Normal file
|
@ -0,0 +1,103 @@
|
|||
apiVersion: v1
|
||||
data:
|
||||
nitter-ro.conf: |
|
||||
[Server]
|
||||
hostname = "nitter.gmem.ca" # for generating links, change this to your own domain/ip
|
||||
title = "nitter.gmem.ca"
|
||||
address = "0.0.0.0"
|
||||
port = 8081
|
||||
https = false # disable to enable cookies when not using https
|
||||
httpMaxConnections = 100
|
||||
staticDir = "./public"
|
||||
readOnly = true
|
||||
|
||||
[Cache]
|
||||
listMinutes = 240 # how long to cache list info (not the tweets, so keep it high)
|
||||
rssMinutes = 10 # how long to cache rss queries
|
||||
redisHost = "nitter-redis-master" # Change to "nitter-redis" if using docker-compose
|
||||
redisPort = 6379
|
||||
redisPassword = ""
|
||||
redisConnections = 20 # minimum open connections in pool
|
||||
redisMaxConnections = 30
|
||||
# new connections are opened when none are available, but if the pool size
|
||||
# goes above this, they're closed when released. don't worry about this unless
|
||||
# you receive tons of requests per second
|
||||
|
||||
[Config]
|
||||
hmacKey = "66c3d14a0576c2c0fb723a2193f8f7a49f8f70a87c4e3b5b278cafa988cd3df25f92dc6d59fe2e44ca0316f850df4d42849833ebd3fbf2dba07479b20ebb543e" # random key for cryptographic signing of video urls
|
||||
base64Media = false # use base64 encoding for proxied media urls
|
||||
enableRSS = true # set this to false to disable RSS feeds
|
||||
enableDebug = false # enable request logs and debug endpoints (/.tokens)
|
||||
proxy = "" # http/https url, SOCKS proxies are not supported
|
||||
proxyAuth = ""
|
||||
tokenCount = 10
|
||||
# minimum amount of usable tokens. tokens are used to authorize API requests,
|
||||
# but they expire after ~1 hour, and have a limit of 500 requests per endpoint.
|
||||
# the limits reset every 15 minutes, and the pool is filled up so there's
|
||||
# always at least `tokenCount` usable tokens. only increase this if you receive
|
||||
# major bursts all the time and don't have a rate limiting setup via e.g. nginx
|
||||
|
||||
# cookieHeader = "ct0=a5239634ecfbbdfe8c4826016062b7c1d3f5db7f5ccf45898d854739541810865323f2535c504bcd4f3907ee888379b02871a4fa78abace77c6f155c515740e99fb8add35bcd38ac534927e6c5744ba2; auth_token=cd6e00f611df987100a886885b019a3c6b575c97" # authentication cookie of a logged in account, required for the likes tab and NSFW content
|
||||
# xCsrfToken = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" # required for the likes tab and NSFW content
|
||||
|
||||
# Change default preferences here, see src/prefs_impl.nim for a complete list
|
||||
[Preferences]
|
||||
theme = "Nitter"
|
||||
replaceTwitter = "nitter.gmem.ca"
|
||||
replaceYouTube = "piped.video"
|
||||
replaceReddit = "teddit.net"
|
||||
proxyVideos = false
|
||||
hlsPlayback = true
|
||||
infiniteScroll = true
|
||||
nitter.conf: |
|
||||
[Server]
|
||||
hostname = "nitter.gmem.ca" # for generating links, change this to your own domain/ip
|
||||
title = "nitter.gmem.ca"
|
||||
address = "0.0.0.0"
|
||||
port = 8080
|
||||
https = false # disable to enable cookies when not using https
|
||||
httpMaxConnections = 100
|
||||
staticDir = "./public"
|
||||
|
||||
[Cache]
|
||||
listMinutes = 240 # how long to cache list info (not the tweets, so keep it high)
|
||||
rssMinutes = 10 # how long to cache rss queries
|
||||
redisHost = "nitter-redis-master" # Change to "nitter-redis" if using docker-compose
|
||||
redisPort = 6379
|
||||
redisPassword = ""
|
||||
redisConnections = 20 # minimum open connections in pool
|
||||
redisMaxConnections = 30
|
||||
# new connections are opened when none are available, but if the pool size
|
||||
# goes above this, they're closed when released. don't worry about this unless
|
||||
# you receive tons of requests per second
|
||||
|
||||
[Config]
|
||||
hmacKey = "66c3d14a0576c2c0fb723a2193f8f7a49f8f70a87c4e3b5b278cafa988cd3df25f92dc6d59fe2e44ca0316f850df4d42849833ebd3fbf2dba07479b20ebb543e" # random key for cryptographic signing of video urls
|
||||
base64Media = false # use base64 encoding for proxied media urls
|
||||
enableRSS = true # set this to false to disable RSS feeds
|
||||
enableDebug = false # enable request logs and debug endpoints (/.tokens)
|
||||
proxy = "" # http/https url, SOCKS proxies are not supported
|
||||
proxyAuth = ""
|
||||
tokenCount = 10
|
||||
# minimum amount of usable tokens. tokens are used to authorize API requests,
|
||||
# but they expire after ~1 hour, and have a limit of 500 requests per endpoint.
|
||||
# the limits reset every 15 minutes, and the pool is filled up so there's
|
||||
# always at least `tokenCount` usable tokens. only increase this if you receive
|
||||
# major bursts all the time and don't have a rate limiting setup via e.g. nginx
|
||||
|
||||
# cookieHeader = "ct0=a5239634ecfbbdfe8c4826016062b7c1d3f5db7f5ccf45898d854739541810865323f2535c504bcd4f3907ee888379b02871a4fa78abace77c6f155c515740e99fb8add35bcd38ac534927e6c5744ba2; auth_token=cd6e00f611df987100a886885b019a3c6b575c97" # authentication cookie of a logged in account, required for the likes tab and NSFW content
|
||||
# xCsrfToken = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" # required for the likes tab and NSFW content
|
||||
|
||||
# Change default preferences here, see src/prefs_impl.nim for a complete list
|
||||
[Preferences]
|
||||
theme = "Nitter"
|
||||
replaceTwitter = "nitter.gmem.ca"
|
||||
replaceYouTube = "piped.gmem.ca"
|
||||
replaceReddit = "red.gmem.ca"
|
||||
proxyVideos = false
|
||||
hlsPlayback = true
|
||||
infiniteScroll = true
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: nitter
|
||||
namespace: nitter
|
|
@ -11,6 +11,8 @@ resources:
|
|||
- VaultAuth.yaml
|
||||
- VaultStaticSecret-nitter-bot.yaml
|
||||
- VaultStaticSecret-nitter.yaml
|
||||
- ConfigMap-nitter.yaml
|
||||
- ConfigMap-nitter-bot.yaml
|
||||
|
||||
helmCharts:
|
||||
- name: redis
|
||||
|
|
|
@ -1,29 +0,0 @@
|
|||
apiVersion: v1
|
||||
data:
|
||||
limiter.toml: '# This configuration file updates the default configuration file
|
||||
|
||||
# See https://github.com/searxng/searxng/blob/master/searx/botdetection/limiter.toml
|
||||
|
||||
|
||||
[botdetection.ip_limit]
|
||||
|
||||
# activate link_token method in the ip_limit method
|
||||
|
||||
link_token = true
|
||||
|
||||
'
|
||||
settings.yml: "use_default_settings: true\nserver:\n image_proxy: true\n http_protocol_version:\
|
||||
\ \"1.1\"\n method: \"GET\"\nui:\n static_use_hash: true\nredis:\n url: redis://searxng-redis-master:6379/0\n\
|
||||
general:\n instance_name: search.gmem.ca\nhostname_replace:\n '(.*\\.)?youtube\\\
|
||||
.com$': 'piped.gmem.ca'\n '(.*\\.)?youtu\\.be$': 'piped.gmem.ca'\n '(.*\\.)?youtube-noocookie\\\
|
||||
.com$': 'piped.gmem.ca'\n '(www\\.)?twitter\\.com$': 'nitter.gmem.ca'\n '(www\\\
|
||||
.)?x\\.com$': 'nitter.gmem.ca'\n '(.*\\.)?reddit\\.com$': 'red.gmem.ca'\n"
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
annotations:
|
||||
kubenix/k8s-version: '1.30'
|
||||
kubenix/project-name: kubenix
|
||||
labels:
|
||||
kubenix/hash: e672eb08bf0db5ef675b3b6036ca047f43b4614f
|
||||
name: searxng-3e1ca337d7
|
||||
namespace: searxng
|
|
@ -42,5 +42,5 @@ spec:
|
|||
subPath: limiter.toml
|
||||
volumes:
|
||||
- configMap:
|
||||
name: searxng-3e1ca337d7
|
||||
name: searxng
|
||||
name: config
|
||||
|
|
|
@ -1,4 +1,8 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
namespace: searxng
|
||||
|
||||
helmCharts:
|
||||
- name: redis
|
||||
releaseName: searxng-redis
|
||||
|
@ -12,12 +16,16 @@ helmCharts:
|
|||
repository: redict
|
||||
tag: 7.3-compat
|
||||
version: 18.6.1
|
||||
kind: Kustomization
|
||||
namespace: searxng
|
||||
|
||||
resources:
|
||||
- ConfigMap-searxng-3e1ca337d7.yaml
|
||||
- Deployment-searxng.yaml
|
||||
- Service-searxng.yaml
|
||||
- Ingress-searxng.yaml
|
||||
- VaultAuth.yaml
|
||||
- VaultStaticSecret-searxng.yaml
|
||||
|
||||
configMapGenerator:
|
||||
- name: searxng
|
||||
files:
|
||||
- limiter.toml
|
||||
- settings.yml
|
||||
|
|
6
kubernetes/searxng/limiter.toml
Normal file
6
kubernetes/searxng/limiter.toml
Normal file
|
@ -0,0 +1,6 @@
|
|||
# This configuration file updates the default configuration file
|
||||
|
||||
# See https://github.com/searxng/searxng/blob/master/searx/botdetection/limiter.toml
|
||||
[botdetection.ip_limit]
|
||||
# activate link_token method in the ip_limit method
|
||||
link_token = true
|
19
kubernetes/searxng/settings.yml
Normal file
19
kubernetes/searxng/settings.yml
Normal file
|
@ -0,0 +1,19 @@
|
|||
use_default_settings: true
|
||||
server:
|
||||
image_proxy: true
|
||||
http_protocol_version: "1.1"
|
||||
method: "GET"
|
||||
ui:
|
||||
static_use_hash: true
|
||||
redis:
|
||||
url: redis://searxng-redis-master:6379/0
|
||||
general:
|
||||
instance_name: search.gmem.ca
|
||||
hostnames:
|
||||
replace:
|
||||
'(.*\.)?youtube\.com$': 'piped.gmem.ca'
|
||||
'(.*\.)?youtube\.com$': 'piped.gmem.ca'
|
||||
'(.*\.)?youtube-noocookie.com$': 'piped.gmem.ca'
|
||||
'(.*\.)?twitter.com$': 'nitter.gmem.ca'
|
||||
'(.*\.)?x.com$': 'nitter.gmem.ca'
|
||||
'(.*\.)?reddit.com$': 'red.gmem.ca'
|
|
@ -12,3 +12,25 @@ spec:
|
|||
refreshAfter: 30s
|
||||
type: kv-v2
|
||||
vaultAuthRef: vault
|
||||
---
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultDynamicSecret
|
||||
metadata:
|
||||
name: postgres-vaultwarden
|
||||
namespace: vaultwarden
|
||||
spec:
|
||||
allowStaticCreds: true
|
||||
destination:
|
||||
create: true
|
||||
name: postgres-vaultwarden
|
||||
transformation:
|
||||
templates:
|
||||
DATABASE_URL:
|
||||
text: postgres://{{ .Secrets.username }}:{{ .Secrets.password }}@192.168.50.236/vaultwarden
|
||||
mount: database
|
||||
path: static-creds/vaultwarden
|
||||
refreshAfter: 30s
|
||||
vaultAuthRef: vault
|
||||
rolloutRestartTargets:
|
||||
- name: vaultwarden
|
||||
kind: Deployment
|
||||
|
|
|
@ -16,10 +16,6 @@ spec:
|
|||
volumes:
|
||||
- name: data-dir
|
||||
emptyDir: {}
|
||||
- name: rsa-keys
|
||||
secret:
|
||||
secretName: vaultwarden-rsa
|
||||
defaultMode: 0644
|
||||
containers:
|
||||
- name: vaultwarden
|
||||
image: vaultwarden/server:testing
|
||||
|
@ -34,8 +30,10 @@ spec:
|
|||
envFrom:
|
||||
- secretRef:
|
||||
name: vaultwarden
|
||||
- secretRef:
|
||||
name: postgres-vaultwarden
|
||||
- configMapRef:
|
||||
name: vaultwarden-env
|
||||
name: vaultwarden
|
||||
env:
|
||||
- name: LOG_LEVEL
|
||||
value: debug
|
||||
|
@ -43,9 +41,6 @@ spec:
|
|||
- containerPort: 80
|
||||
name: web
|
||||
volumeMounts:
|
||||
- name: rsa-keys
|
||||
mountPath: /data/keys
|
||||
readOnly: true
|
||||
- name: data-dir
|
||||
mountPath: /data
|
||||
---
|
||||
|
@ -87,49 +82,3 @@ spec:
|
|||
name: vaultwarden
|
||||
port:
|
||||
number: 80
|
||||
---
|
||||
apiVersion: secrets.infisical.com/v1alpha1
|
||||
kind: InfisicalSecret
|
||||
metadata:
|
||||
name: vaultwarden
|
||||
namespace: vaultwarden
|
||||
spec:
|
||||
hostAPI: http://infisical:8080
|
||||
resyncInterval: 10
|
||||
authentication:
|
||||
kubernetesAuth:
|
||||
identityId: 68d1f432-7b0a-4e4a-b439-acbbbc160f1e
|
||||
serviceAccountRef:
|
||||
name: infisical-auth
|
||||
namespace: infisical
|
||||
secretsScope:
|
||||
projectSlug: kubernetes-homelab-dp67
|
||||
envSlug: prod
|
||||
secretsPath: "/vaultwarden"
|
||||
managedSecretReference:
|
||||
secretName: vaultwarden
|
||||
secretNamespace: vaultwarden
|
||||
creationPolicy: "Owner"
|
||||
---
|
||||
apiVersion: secrets.infisical.com/v1alpha1
|
||||
kind: InfisicalSecret
|
||||
metadata:
|
||||
name: vaultwarden-rsa
|
||||
namespace: vaultwarden
|
||||
spec:
|
||||
hostAPI: http://infisical:8080
|
||||
resyncInterval: 10
|
||||
authentication:
|
||||
kubernetesAuth:
|
||||
identityId: 68d1f432-7b0a-4e4a-b439-acbbbc160f1e
|
||||
serviceAccountRef:
|
||||
name: infisical-auth
|
||||
namespace: infisical
|
||||
secretsScope:
|
||||
projectSlug: kubernetes-homelab-dp67
|
||||
envSlug: prod
|
||||
secretsPath: "/vaultwarden/keys"
|
||||
managedSecretReference:
|
||||
secretName: vaultwarden-rsa
|
||||
secretNamespace: vaultwarden
|
||||
creationPolicy: "Owner"
|
||||
|
|
|
@ -1,6 +1,14 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
namespace: vaultwarden
|
||||
|
||||
resources:
|
||||
- VaultAuth.yaml
|
||||
- VaultStaticSecret-vaultwarden.yaml
|
||||
- deployment.yaml
|
||||
|
||||
configMapGenerator:
|
||||
- name: vaultwarden
|
||||
envs:
|
||||
- vaultwarden.env
|
||||
|
|
15
kubernetes/vaultwarden/vaultwarden.env
Normal file
15
kubernetes/vaultwarden/vaultwarden.env
Normal file
|
@ -0,0 +1,15 @@
|
|||
DOMAIN=https://pw.gmem.ca
|
||||
ENABLE_WEBSOCKET=true
|
||||
EXTENDED_LOGGING=true
|
||||
IP_HEADER=X-Real-IP
|
||||
LOG_LEVEL=error
|
||||
PUSH_ENABLED=true
|
||||
PUSH_IDENTITY_URI=https://identity.bitwarden.eu
|
||||
PUSH_RELAY_URI=https://push.bitwarden.eu
|
||||
RSA_KEY_FILENAME=/data/rsa_key
|
||||
SIGNUPS_ALLOWED=false
|
||||
SIGNUPS_VERIFY=true
|
||||
SMTP_FROM=vaultwarden@gmem.ca
|
||||
SMTP_FROM_NAME=Arch's Vault
|
||||
SMTP_PORT=465
|
||||
SMTP_SECURITY=force_tls
|
36
kubernetes/vrchat/config.toml
Normal file
36
kubernetes/vrchat/config.toml
Normal file
|
@ -0,0 +1,36 @@
|
|||
[groups.waterwolf]
|
||||
id = "grp_41df2df4-be4e-4a4e-be5e-eabb1425c4e5"
|
||||
vrcdn = "waterwolf"
|
||||
|
||||
[groups.vibenight]
|
||||
id = "grp_8cf1101a-e75d-4e80-b5d5-c5ba2916cce8"
|
||||
vrcdn = "vibenight"
|
||||
|
||||
[groups.vibenight-roxy]
|
||||
id = ""
|
||||
vrcdn = "roxyreee"
|
||||
|
||||
[groups.zrave]
|
||||
id = "grp_f65e9e2e-c2a4-46af-a787-0e7c5d6be03c"
|
||||
vrcdn = "furxmas"
|
||||
|
||||
[groups.eufuria]
|
||||
id = "grp_47c07467-c09a-4354-bba2-31e103b3c934"
|
||||
vrcdn = "technicallysane"
|
||||
|
||||
[groups.waterwolf-nullreff]
|
||||
id = ""
|
||||
vrcdn = "nullreff"
|
||||
|
||||
[groups.con-vr-portals]
|
||||
id = "grp_dcddb898-14bf-41ab-8c3e-e874847be6c9"
|
||||
|
||||
#[groups.furality]
|
||||
#id = "grp_210dbc09-c3da-4ebb-b641-73c99ce2619b"
|
||||
#vrcdn = "furalityvrcdn"
|
||||
|
||||
[worlds]
|
||||
"becki" = "wrld_e3a45ec6-a319-42af-b68d-f82f47bddef3"
|
||||
"foxxcon" = "wrld_27806231-964b-4fbe-add8-10bf14be8071"
|
||||
"becki v2" = "wrld_74f11f39-9064-4d03-93e9-2141f4a60147"
|
||||
|
|
@ -1,7 +1,15 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
namespace: vrchat
|
||||
|
||||
resources:
|
||||
- Deployment-vrchat-prometheus-adapter.yaml
|
||||
- Service-vrchat-prometheus-adapter.yaml
|
||||
- ServiceMonitor-vrchat-prometheus-adapter.yaml
|
||||
- VaultAuth.yaml
|
||||
|
||||
configMapGenerator:
|
||||
- name: vrchat-prometheus-adapter
|
||||
files:
|
||||
- config.toml
|
||||
|
|
Loading…
Reference in a new issue