Move to Helm chart stub

new/charts/util/certmanager.yaml

@@ -0,0 +1,72 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: jetstack
+  namespace: flux-system
+spec:
+  url: https://charts.jetstack.io
+  interval: 1h
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: cert-manager
+  namespace: cert-manager
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: cert-manager
+      version: v1.18.2
+      sourceRef:
+        kind: HelmRepository
+        name: jetstack
+        namespace: flux-system
+  install:
+    crds: CreateReplace
+    createNamespace: true
+  values:
+    installCRDs: true
+    extraArgs:
+      - --dns01-recursive-nameservers-only
+      - --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-rfc2136
+spec:
+  acme:
+    email: admin@hxme.net
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: letsencrypt-rfc2136
+    solvers:
+    - dns01:
+        rfc2136:
+          nameserver: hawke.hxst.com.au:53
+          tsigKeyName: "hxme-update-key"
+          tsigAlgorithm: HMACSHA512
+          tsigSecretSecretRef:
+            name: hxme-update-key
+            key:  hxme-update-key
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: wildcard-hxme-net
+  namespace: cert-manager
+spec:
+  secretName: wildcard-hxme-net
+  secretTemplate:
+    annotations:
+      replicator.v1.mittwald.de/replication-allowed: "true"
+      replicator.v1.mittwald.de/replicate-to: "monitoring,authentik,nextcloud"
+  issuerRef:
+    name: letsencrypt-rfc2136
+    kind: ClusterIssuer
+  commonName: "hxme.net"
+  dnsNames:
+    - "hxme.net"
+    - "*.hxme.net"

new/charts/util/mariadb.yaml

@@ -0,0 +1,60 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: mariadb-system
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: mariadb-operator
+  namespace: flux-system
+spec:
+  url: https://helm.mariadb.com/mariadb-operator
+  interval: 1h
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: mariadb-operator-crds
+  namespace: mariadb-system
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: mariadb-operator-crds
+      version: 0.38.1
+      sourceRef:
+        kind: HelmRepository
+        name: mariadb-operator
+        namespace: flux-system
+  install:
+    createNamespace: true
+  upgrade:
+    disableWait: true
+  timeout: 5m
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: mariadb-operator
+  namespace: mariadb-system
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: mariadb-operator
+      version: 0.38.1
+      sourceRef:
+        kind: HelmRepository
+        name: mariadb-operator
+        namespace: flux-system
+  install:
+    createNamespace: true
+  dependsOn:
+    - name: mariadb-operator-crds
+      namespace: mariadb-system
+  values:
+    metrics:
+      enabled: true
+

new/charts/util/namespace.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: util

new/charts/util/replicator.yaml

@@ -0,0 +1,98 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kubernetes-replicator
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kubernetes-replicator
+rules:
+  - apiGroups: ["", "apps", "extensions"]
+    resources:
+      - secrets
+      - configmaps
+      - roles
+      - rolebindings
+      - cronjobs
+      - deployments
+      - events
+      - ingresses
+      - jobs
+      - pods
+      - pods/attach
+      - pods/exec
+      - pods/log
+      - pods/portforward
+      - services
+      - namespaces
+      - serviceaccounts
+    verbs: ["*"]
+  - apiGroups: ["batch"]
+    resources:
+      - configmaps
+      - cronjobs
+      - deployments
+      - events
+      - ingresses
+      - jobs
+      - pods
+      - pods/attach
+      - pods/exec
+      - pods/log
+      - pods/portforward
+      - services
+    verbs: ["*"]
+  - apiGroups: ["rbac.authorization.k8s.io"]
+    resources:
+      - roles
+      - rolebindings
+      - clusterrolebindings
+    verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kubernetes-replicator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kubernetes-replicator
+subjects:
+  - kind: ServiceAccount
+    name: kubernetes-replicator
+    namespace: kube-system
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: mittwald
+  namespace: flux-system
+spec:
+  url: https://helm.mittwald.de
+  interval: 1h
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: kubernetes-replicator
+  namespace: kube-system
+spec:
+  interval: 5m
+  chart:
+    spec:
+      chart: kubernetes-replicator
+      sourceRef:
+        kind: HelmRepository
+        name: mittwald
+        namespace: flux-system
+  install:
+    createNamespace: false
+  upgrade:
+    disableWait: false
+  values:
+    serviceAccount:
+      create: false
+      name: kubernetes-replicator