Move to Helm chart stub

deployments/kustomization.yaml

@@ -2,16 +2,3 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind:       Kustomization
 
 resources:
-  - monitoring/provider.yaml
-  - monitoring/grafana.yaml
-  - monitoring/loki.yaml
-  - monitoring/prometheus.yaml
-  - operators/mariadb.yaml
-  - operators/replicator.yaml
-  - dns/namespace.yaml
-  - dns/bind.yaml
-  - dns/externaldns.yaml
-  - ssl/certmanager.yaml
-  - auth/authentik.yaml
-  - files/nextcloud.yaml
-  - files/syncthing.yaml

deployments/synctools/vaultwarden.yaml

@@ -1,79 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: bitwarden
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: bjw-s-charts
-  namespace: flux-system
-spec:
-  url: https://bjw-s.github.io/helm-charts/
-  interval: 1h
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: vaultwarden
-  namespace: bitwarden
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: app-template
-      version: 2.4.0
-      sourceRef:
-        kind: HelmRepository
-        name: bjw-s-charts
-        namespace: flux-system
-  install:
-    createNamespace: true
-  values:
-    # Basic container config
-    image:
-      repository: vaultwarden/server
-      tag: 1.30.5
-      pullPolicy: IfNotPresent
-
-    env:
-      WEBSOCKET_ENABLED: "true"
-      SIGNUPS_ALLOWED: "false"
-      DOMAIN: "https://vw.hxme.net"
-      ADMIN_TOKEN: "CHANGEME_SUPER_SECRET"
-
-    service:
-      main:
-        ports:
-          http:
-            port: 80
-
-    ingress:
-      main:
-        enabled: true
-        annotations:
-          kubernetes.io/ingress.class: "traefik" # Or nginx or your ingress class
-        hosts:
-          - host: vw.hxme.net
-            paths:
-              - path: /
-                pathType: Prefix
-        tls:
-          - hosts:
-              - vw.hxme.net
-            secretName: bitwarden-tls
-
-    persistence:
-      data:
-        enabled: true
-        existingClaim: bitwarden-data # You must create a PVC or a StorageClass dynamic claim
-
-    resources:
-      requests:
-        cpu: 50m
-        memory: 128Mi
-      limits:
-        cpu: 250m
-        memory: 512Mi
-

new/Chart.yaml

@@ -0,0 +1,31 @@
+apiVersion: v2
+name: home-server
+description: A Helm chart that rolls a curated, functional home server
+version: 0.0.1
+
+dependencies:
+  - name: ai
+    version: 0.0.1
+    repository: "file://charts/ai"
+  - name: dns
+    version: 0.0.1
+    repository: "file://charts/dns"
+  - name: media
+    version: 0.0.1
+    repository: "file://charts/media"
+  - name: monitoring
+    version: 0.0.1
+    repository: "file://charts/monitoring"
+  - name: remote
+    version: 0.0.1
+    repository: "file://charts/remote"
+  - name: social
+    version: 0.0.1
+    repository: "file://charts/social"
+  - name: sync
+    version: 0.0.1
+    repository: "file://charts/sync"
+  - name: util
+    version: 0.0.1
+    repository: "file://charts/util"
+

new/charts/ai/namespace.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ai

new/charts/ai/openwebui.yaml

@@ -1,9 +1,4 @@
 ---
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: ai
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -74,3 +69,4 @@ spec:
         - ai.hxme.net
       secretName: openwebui-tls
 
+

new/charts/auth/authentik.yaml

@@ -1,9 +1,4 @@
 ---
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: authentik
----
 apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
 metadata:
@@ -17,7 +12,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: wildcard-hxme-net
-  namespace: authentik
+  namespace: auth
   annotations:
     replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net
 ---
@@ -25,7 +20,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: authentik
-  namespace: authentik
+  namespace: auth
 spec:
   interval: 30m
   chart:

new/charts/auth/namespace.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ai

new/charts/dns/bind-master.yaml

@@ -136,3 +136,4 @@ spec:
       protocol: TCP
       targetPort: 53
 
+

new/charts/dns/externaldns.yaml

@@ -72,4 +72,3 @@ spec:
                 secretKeyRef:
                   name: dns-secrets
                   key: externaldns-secret
-

new/charts/files/namespace.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: files

new/charts/files/nextcloud.yaml

@@ -1,10 +1,5 @@
 ---
 apiVersion: v1
-kind: Namespace
-metadata:
-  name: nextcloud
----
-apiVersion: v1
 kind: PersistentVolume
 metadata:
   name: nextcloud-pv

new/charts/media/namespace.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: media

new/charts/monitoring/namespace.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: monitoring

new/charts/remote/namespace.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: remote

new/charts/remote/rustdesk.yaml

@@ -1,9 +1,4 @@
 ---
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: rustdesk
----
 apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
 metadata:
@@ -17,7 +12,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: rustdesk-server
-  namespace: rustdesk
+  namespace: remote
 spec:
   interval: 30m
   chart:

new/charts/social/namespace.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: social

new/charts/sync/linkwarden.yaml

@@ -0,0 +1,60 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: linkwarden
+  namespace: sync
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: linkwarden
+  template:
+    metadata:
+      labels:
+        app: linkwarden
+    spec:
+      containers:
+        - name: linkwarden
+          image: ghcr.io/linkwarden/linkwarden:latest
+          ports:
+            - containerPort: 8080
+          env:
+            - name: ADMIN_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: linkwarden-secret
+                  key: admin-password
+            # Add other environment variables here as needed
+          volumeMounts:
+            - name: linkwarden-data
+              mountPath: /data
+      volumes:
+        - name: linkwarden-data
+          emptyDir: {} # Change to persistentVolumeClaim for production
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: linkwarden-secret
+  namespace: sync
+type: Opaque
+stringData:
+  admin-password: "YourStrongAdminPasswordHere"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: linkwarden
+  namespace: sync
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: lw.hxme.net
+spec:
+  selector:
+    app: linkwarden
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080
+  type: ClusterIP
+

new/charts/sync/namespace.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: sync

new/charts/sync/syncthing.yaml

@@ -1,14 +1,9 @@
 ---
 apiVersion: v1
-kind: Namespace
-metadata:
-  name: syncthing
----
-apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: syncthing-data
-  namespace: syncthing
+  namespace: sync
 spec:
   accessModes:
     - ReadWriteOnce
@@ -33,7 +28,7 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: syncthing-share
-  namespace: syncthing
+  namespace: sync
 spec:
   accessModes:
     - ReadWriteOnce
@@ -46,7 +41,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: syncthing
-  namespace: syncthing
+  namespace: sync
 spec:
   replicas: 1
   selector:
@@ -86,7 +81,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: syncthing
-  namespace: syncthing
+  namespace: sync
 spec:
   selector:
     app: syncthing

new/charts/sync/vaultwarden.yaml

@@ -0,0 +1,100 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: vaultwarden
+  namespace: sync
+  labels:
+    app: vaultwarden
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: vaultwarden
+  template:
+    metadata:
+      labels:
+        app: vaultwarden
+    spec:
+      containers:
+        - name: vaultwarden
+          image: vaultwarden/server:1.30.5
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: WEBSOCKET_ENABLED
+              value: "true"
+            - name: SIGNUPS_ALLOWED
+              value: "false"
+            - name: DOMAIN
+              value: "https://vw.hxme.net"
+            - name: ADMIN_TOKEN
+              value: "CHANGEME_SUPER_SECRET"
+          ports:
+            - containerPort: 80
+              name: http
+          volumeMounts:
+            - name: data
+              mountPath: /data
+          resources:
+            requests:
+              cpu: 50m
+              memory: 128Mi
+            limits:
+              cpu: 250m
+              memory: 512Mi
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: bitwarden-data
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: vaultwarden
+  namespace: sync
+  labels:
+    app: vaultwarden
+spec:
+  type: ClusterIP
+  selector:
+    app: vaultwarden
+  ports:
+    - name: http
+      port: 80
+      targetPort: http
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: vaultwarden
+  namespace: sync
+  annotations:
+    kubernetes.io/ingress.class: traefik
+spec:
+  rules:
+    - host: vw.hxme.net
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: vaultwarden
+                port:
+                  number: 80
+  tls:
+    - hosts:
+        - vw.hxme.net
+      secretName: bitwarden-tls
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: bitwarden-data
+  namespace: sync
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+

new/charts/util/namespace.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: util

new/values.yaml

@@ -0,0 +1,24 @@
+ai:
+  enabled: true
+
+dns:
+  enabled: false
+
+media:
+  enabled: true
+
+monitoring:
+  enabled: true
+
+remote:
+  enabled: false
+
+social:
+  enabled: true
+
+sync:
+  enabled: false
+
+util:
+  enabled: true
+