diff --git a/chart/Chart.yaml b/chart/Chart.yaml deleted file mode 100644 index 3396e5a..0000000 --- a/chart/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v2 -name: home-server -description: A Helm chart for deploying the home-server application -type: application -version: 0.1.3 -appVersion: "1.0.0" diff --git a/chart/templates/monitoring-provider.yaml b/chart/templates/monitoring-provider.yaml deleted file mode 100644 index b3e6600..0000000 --- a/chart/templates/monitoring-provider.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: grafana - namespace: {{ .Release.Namespace }} -spec: - url: https://grafana.github.io/helm-charts - interval: 1h diff --git a/chart/values.yaml b/chart/values.yaml deleted file mode 100644 index 1f1d786..0000000 --- a/chart/values.yaml +++ /dev/null @@ -1,16 +0,0 @@ -global: - domain: hxme.net - ssl_secret_name: wildcard-hxme-net - namespace: hsp-system - issuerName: letsencrypt-rfc2136 - email: admin@hxme.net - - rfc2136: - nameserver: hawke.hxst.com.au:53 - tsigKeyName: hxme-update-key - tsigAlgorithm: HMACSHA512 - tsigSecretName: hxme-update-key - tsigSecretKey: hxme-update-key - - replicatorNamespaces: "monitoring,authentik,nextcloud" - diff --git a/chart/templates/ai-openweb.yaml b/deployments/ai/openweb.yaml similarity index 92% rename from chart/templates/ai-openweb.yaml rename to deployments/ai/openweb.yaml index 7ff23de..e2c52ea 100644 --- a/chart/templates/ai-openweb.yaml +++ b/deployments/ai/openweb.yaml @@ -1,9 +1,14 @@ --- +apiVersion: v1 +kind: Namespace +metadata: + name: ai +--- apiVersion: apps/v1 kind: Deployment metadata: name: openwebui - namespace: {{ .Release.Namespace }} + namespace: ai spec: replicas: 1 selector: @@ -35,7 +40,7 @@ apiVersion: v1 kind: Service metadata: name: openwebui - namespace: {{ .Release.Namespace }} + namespace: ai spec: selector: app: openwebui @@ -48,7 +53,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: openwebui - namespace: {{ .Release.Namespace }} + namespace: ai annotations: kubernetes.io/ingress.class: "traefik" external-dns.alpha.kubernetes.io/hostname: nc.hxme.net diff --git a/chart/templates/auth-authentik.yaml b/deployments/auth/authentik.yaml similarity index 51% rename from chart/templates/auth-authentik.yaml rename to deployments/auth/authentik.yaml index 1eb151f..ced40ed 100644 --- a/chart/templates/auth-authentik.yaml +++ b/deployments/auth/authentik.yaml @@ -1,18 +1,31 @@ --- +apiVersion: v1 +kind: Namespace +metadata: + name: authentik +--- apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: authentik - namespace: {{ .Release.Namespace }} + namespace: flux-system spec: url: https://charts.goauthentik.io/ interval: 1h --- +apiVersion: v1 +kind: Secret +metadata: + name: wildcard-hxme-net + namespace: authentik + annotations: + replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net +--- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: authentik - namespace: {{ .Release.Namespace }} + namespace: authentik spec: interval: 30m chart: @@ -22,7 +35,7 @@ spec: sourceRef: kind: HelmRepository name: authentik - namespace: {{ .Release.Namespace }} + namespace: flux-system install: createNamespace: true upgrade: @@ -32,14 +45,10 @@ spec: - kind: Secret name: authentik-values values: - server: - ingress: - enabled: true - annotations: - external-dns.alpha.kubernetes.io/hostname: auth.hxme.net - hosts: - - auth.hxme.net - tls: - - secretName: wildcard-hxme-net - hosts: - - auth.hxme.net + ingress: + annotations: + external-dns.alpha.kubernetes.io/hostname: auth.hxme.net + tls: + - secretName: wildcard-hxme-net + hosts: + - auth.hxme.net diff --git a/chart/templates/dns-bind.yaml b/deployments/dns/bind.yaml similarity index 96% rename from chart/templates/dns-bind.yaml rename to deployments/dns/bind.yaml index 08becfa..23eab06 100644 --- a/chart/templates/dns-bind.yaml +++ b/deployments/dns/bind.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: bind-master-config - namespace: {{ .Release.Namespace }} + namespace: dns data: named.conf: | include "/etc/bind/externaldns-key.conf"; @@ -52,7 +52,7 @@ apiVersion: apps/v1 kind: DaemonSet metadata: name: bind-master - namespace: {{ .Release.Namespace }} + namespace: dns spec: selector: matchLabels: @@ -122,7 +122,7 @@ apiVersion: v1 kind: Service metadata: name: bind-master - namespace: {{ .Release.Namespace }} + namespace: dns spec: selector: app: bind-master diff --git a/chart/templates/dns-externaldns.yaml b/deployments/dns/externaldns.yaml similarity index 85% rename from chart/templates/dns-externaldns.yaml rename to deployments/dns/externaldns.yaml index fc3de2e..ed64c21 100644 --- a/chart/templates/dns-externaldns.yaml +++ b/deployments/dns/externaldns.yaml @@ -13,9 +13,6 @@ rules: - apiGroups: [""] resources: ["nodes"] verbs: ["list","watch"] - - apiGroups: ["discovery.k8s.io"] - resources: ["endpointslices"] - verbs: ["get", "watch", "list"] # Add DNS provider specific rules here if needed (e.g., for AWS IAM, GCP etc.) --- apiVersion: rbac.authorization.k8s.io/v1 @@ -29,19 +26,19 @@ roleRef: subjects: - kind: ServiceAccount name: external-dns - namespace: {{ .Release.Namespace }} + namespace: dns --- apiVersion: v1 kind: ServiceAccount metadata: name: external-dns - namespace: {{ .Release.Namespace }} + namespace: dns --- apiVersion: apps/v1 kind: Deployment metadata: name: external-dns - namespace: {{ .Release.Namespace }} + namespace: dns spec: replicas: 1 selector: @@ -60,7 +57,7 @@ spec: - --source=service - --source=ingress - --provider=rfc2136 - - --rfc2136-host=bind-master.{{ .Release.Namespace }}.svc.cluster.local + - --rfc2136-host=bind-master.dns.svc.cluster.local - --rfc2136-port=53 - --rfc2136-zone=hxme.net - --rfc2136-tsig-secret=$(RFC2136_TSIG_SECRET) diff --git a/deployments/dns/namespace.yaml b/deployments/dns/namespace.yaml new file mode 100644 index 0000000..52c7228 --- /dev/null +++ b/deployments/dns/namespace.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: dns diff --git a/chart/templates/files-nextcloud.yaml b/deployments/files/nextcloud.yaml similarity index 87% rename from chart/templates/files-nextcloud.yaml rename to deployments/files/nextcloud.yaml index 71dc86a..2ef2de0 100644 --- a/chart/templates/files-nextcloud.yaml +++ b/deployments/files/nextcloud.yaml @@ -1,5 +1,10 @@ --- apiVersion: v1 +kind: Namespace +metadata: + name: nextcloud +--- +apiVersion: v1 kind: PersistentVolume metadata: name: nextcloud-pv @@ -17,7 +22,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: nextcloud-pvc - namespace: {{ .Release.Namespace }} + namespace: nextcloud spec: accessModes: - ReadWriteOnce @@ -31,7 +36,7 @@ apiVersion: v1 kind: Service metadata: name: nextcloud - namespace: {{ .Release.Namespace }} + namespace: nextcloud spec: ports: - port: 80 @@ -42,7 +47,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: nextcloud - namespace: {{ .Release.Namespace }} + namespace: nextcloud spec: securityContext: runAsUser: 1000 @@ -89,7 +94,7 @@ apiVersion: k8s.mariadb.com/v1alpha1 kind: MariaDB metadata: name: nextcloud-db - namespace: {{ .Release.Namespace }} + namespace: nextcloud spec: rootPasswordSecretKeyRef: name: nextcloud-secrets @@ -103,11 +108,19 @@ spec: storage: size: 5Gi --- +apiVersion: v1 +kind: Secret +metadata: + name: wildcard-hxme-net + namespace: nextcloud + annotations: + replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net +--- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: nextcloud - namespace: {{ .Release.Namespace }} + namespace: nextcloud annotations: external-dns.alpha.kubernetes.io/hostname: nc.hxme.net spec: diff --git a/chart/templates/files-syncthing.yaml b/deployments/files/syncthing.yaml similarity index 92% rename from chart/templates/files-syncthing.yaml rename to deployments/files/syncthing.yaml index 0b795c3..a7279b2 100644 --- a/chart/templates/files-syncthing.yaml +++ b/deployments/files/syncthing.yaml @@ -1,9 +1,14 @@ --- apiVersion: v1 +kind: Namespace +metadata: + name: syncthing +--- +apiVersion: v1 kind: PersistentVolumeClaim metadata: name: syncthing-data - namespace: {{ .Release.Namespace }} + namespace: syncthing spec: accessModes: - ReadWriteOnce @@ -28,7 +33,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: syncthing-share - namespace: {{ .Release.Namespace }} + namespace: syncthing spec: accessModes: - ReadWriteOnce @@ -41,7 +46,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: syncthing - namespace: {{ .Release.Namespace }} + namespace: syncthing spec: replicas: 1 selector: @@ -81,7 +86,7 @@ apiVersion: v1 kind: Service metadata: name: syncthing - namespace: {{ .Release.Namespace }} + namespace: syncthing spec: selector: app: syncthing diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml index 9b9016c..04b8189 100644 --- a/deployments/kustomization.yaml +++ b/deployments/kustomization.yaml @@ -2,8 +2,16 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - manifests/00-namespaces.yaml - - manifests/10-repo-prod.yaml - - manifests/20-hrel-mariadb.yaml - - manifests/20-hrel-replicator.yaml - - manifests/30-hrel-prod.yaml + - monitoring/provider.yaml + - monitoring/grafana.yaml + - monitoring/loki.yaml + - monitoring/prometheus.yaml + - operators/mariadb.yaml + - operators/replicator.yaml + - dns/namespace.yaml + - dns/bind.yaml + - dns/externaldns.yaml + - ssl/certmanager.yaml + - auth/authentik.yaml + - files/nextcloud.yaml + - files/syncthing.yaml diff --git a/deployments/manifests/00-namespaces.yaml b/deployments/manifests/00-namespaces.yaml deleted file mode 100644 index f2b0bba..0000000 --- a/deployments/manifests/00-namespaces.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: hsp-system ---- -apiVersion: v1 -kind: Namespace -metadata: - name: home-server-dev diff --git a/deployments/manifests/10-repo-dev.yaml b/deployments/manifests/10-repo-dev.yaml deleted file mode 100644 index fd83749..0000000 --- a/deployments/manifests/10-repo-dev.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: GitRepository -metadata: - name: home-server-dev - namespace: flux-system -spec: - interval: 1m - url: ssh://git@repobase.net/j/home-server.git - secretRef: - name: flux-ssh - ref: - branch: dev diff --git a/deployments/manifests/10-repo-prod.yaml b/deployments/manifests/10-repo-prod.yaml deleted file mode 100644 index 157c0bd..0000000 --- a/deployments/manifests/10-repo-prod.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: GitRepository -metadata: - name: hsp-system - namespace: flux-system -spec: - interval: 1m - url: ssh://git@repobase.net/j/home-server.git - secretRef: - name: flux-ssh - ref: - branch: main - diff --git a/deployments/manifests/30-hrel-dev.yaml b/deployments/manifests/30-hrel-dev.yaml deleted file mode 100644 index 3edd87f..0000000 --- a/deployments/manifests/30-hrel-dev.yaml +++ /dev/null @@ -1,17 +0,0 @@ -#--- -#apiVersion: helm.toolkit.fluxcd.io/v2beta1 -#kind: HelmRelease -#metadata: -# name: home-server-dev -# namespace: home-server-dev -#spec: -# interval: 1m -# chart: -# spec: -# chart: ./ -# sourceRef: -# kind: GitRepository -# name: home-server-dev -# namespace: flux-system -# values: -# mariadbNamespace: mariadb-db-dev diff --git a/deployments/manifests/30-hrel-prod.yaml b/deployments/manifests/30-hrel-prod.yaml deleted file mode 100644 index e3095b7..0000000 --- a/deployments/manifests/30-hrel-prod.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: hsp-release - namespace: hsp-system -spec: - interval: 1m - chart: - spec: - chart: ./chart - sourceRef: - kind: GitRepository - name: hsp-system - namespace: flux-system diff --git a/chart/templates/monitoring-grafana.yaml b/deployments/monitoring/grafana.yaml similarity index 90% rename from chart/templates/monitoring-grafana.yaml rename to deployments/monitoring/grafana.yaml index cd7576d..47ed5e0 100644 --- a/chart/templates/monitoring-grafana.yaml +++ b/deployments/monitoring/grafana.yaml @@ -3,7 +3,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: grafana - namespace: {{ .Release.Namespace }} + namespace: monitoring spec: interval: 30m chart: @@ -13,7 +13,7 @@ spec: sourceRef: kind: HelmRepository name: grafana - namespace: {{ .Release.Namespace }} + namespace: flux-system install: createNamespace: true values: diff --git a/chart/templates/monitoring-loki.yaml b/deployments/monitoring/loki.yaml similarity index 87% rename from chart/templates/monitoring-loki.yaml rename to deployments/monitoring/loki.yaml index 97480af..b327a8e 100644 --- a/chart/templates/monitoring-loki.yaml +++ b/deployments/monitoring/loki.yaml @@ -3,7 +3,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: loki - namespace: {{ .Release.Namespace }} + namespace: monitoring spec: interval: 30m chart: @@ -13,7 +13,7 @@ spec: sourceRef: kind: HelmRepository name: grafana - namespace: {{ .Release.Namespace }} + namespace: flux-system install: createNamespace: true values: diff --git a/chart/templates/monitoring-prometheus.yaml b/deployments/monitoring/prometheus.yaml similarity index 83% rename from chart/templates/monitoring-prometheus.yaml rename to deployments/monitoring/prometheus.yaml index 1f62914..dd4d5a6 100644 --- a/chart/templates/monitoring-prometheus.yaml +++ b/deployments/monitoring/prometheus.yaml @@ -3,7 +3,7 @@ apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: prometheus-community - namespace: {{ .Release.Namespace }} + namespace: flux-system spec: url: https://prometheus-community.github.io/helm-charts interval: 1h @@ -12,7 +12,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: prometheus-operator - namespace: {{ .Release.Namespace }} + namespace: monitoring spec: interval: 30m chart: @@ -22,9 +22,9 @@ spec: sourceRef: kind: HelmRepository name: prometheus-community - namespace: {{ .Release.Namespace }} + namespace: flux-system install: - createNamespace: false + createNamespace: true upgrade: disableWait: true timeout: 5m diff --git a/deployments/monitoring/provider.yaml b/deployments/monitoring/provider.yaml new file mode 100644 index 0000000..3af442a --- /dev/null +++ b/deployments/monitoring/provider.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: monitoring +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: grafana + namespace: flux-system +spec: + url: https://grafana.github.io/helm-charts + interval: 1h +--- +apiVersion: v1 +kind: Secret +metadata: + name: wildcard-hxme-net + namespace: monitoring + annotations: + replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net diff --git a/deployments/manifests/20-hrel-mariadb.yaml b/deployments/operators/mariadb.yaml similarity index 96% rename from deployments/manifests/20-hrel-mariadb.yaml rename to deployments/operators/mariadb.yaml index 26f7f39..04febe6 100644 --- a/deployments/manifests/20-hrel-mariadb.yaml +++ b/deployments/operators/mariadb.yaml @@ -54,3 +54,7 @@ spec: dependsOn: - name: mariadb-operator-crds namespace: mariadb-system + values: + metrics: + enabled: true + diff --git a/deployments/manifests/20-hrel-replicator.yaml b/deployments/operators/replicator.yaml similarity index 99% rename from deployments/manifests/20-hrel-replicator.yaml rename to deployments/operators/replicator.yaml index 13d4606..e8ec276 100644 --- a/deployments/manifests/20-hrel-replicator.yaml +++ b/deployments/operators/replicator.yaml @@ -96,4 +96,3 @@ spec: serviceAccount: create: false name: kubernetes-replicator - diff --git a/chart/templates/remote-access-rustdesk.yaml b/deployments/remote-access/rustdesk.yaml similarity index 90% rename from chart/templates/remote-access-rustdesk.yaml rename to deployments/remote-access/rustdesk.yaml index 110b677..47ec81d 100644 --- a/chart/templates/remote-access-rustdesk.yaml +++ b/deployments/remote-access/rustdesk.yaml @@ -1,9 +1,14 @@ --- +apiVersion: v1 +kind: Namespace +metadata: + name: rustdesk +--- apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: rustdesk-charts - namespace: {{ .Release.Namespace }} + namespace: flux-system spec: url: https://charts.rustdesk.com interval: 1h @@ -12,7 +17,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: rustdesk-server - namespace: {{ .Release.Namespace }} + namespace: rustdesk spec: interval: 30m chart: @@ -22,7 +27,7 @@ spec: sourceRef: kind: HelmRepository name: rustdesk-charts - namespace: {{ .Release.Namespace }} + namespace: flux-system install: createNamespace: true values: diff --git a/chart/templates/ssl-certmanager.yaml b/deployments/ssl/certmanager.yaml similarity index 89% rename from chart/templates/ssl-certmanager.yaml rename to deployments/ssl/certmanager.yaml index 53fd7d8..f238e14 100644 --- a/chart/templates/ssl-certmanager.yaml +++ b/deployments/ssl/certmanager.yaml @@ -3,7 +3,7 @@ apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: jetstack - namespace: {{ .Release.Namespace }} + namespace: flux-system spec: url: https://charts.jetstack.io interval: 1h @@ -12,7 +12,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: cert-manager - namespace: {{ .Release.Namespace }} + namespace: cert-manager spec: interval: 30m chart: @@ -22,10 +22,10 @@ spec: sourceRef: kind: HelmRepository name: jetstack - namespace: {{ .Release.Namespace }} + namespace: flux-system install: crds: CreateReplace - createNamespace: false + createNamespace: true values: installCRDs: true extraArgs: @@ -56,7 +56,7 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: wildcard-hxme-net - namespace: {{ .Release.Namespace }} + namespace: cert-manager spec: secretName: wildcard-hxme-net secretTemplate: diff --git a/chart/templates/synctools-vaultwarden.yaml b/deployments/synctools/vaultwarden.yaml similarity index 91% rename from chart/templates/synctools-vaultwarden.yaml rename to deployments/synctools/vaultwarden.yaml index f1384fe..93c3475 100644 --- a/chart/templates/synctools-vaultwarden.yaml +++ b/deployments/synctools/vaultwarden.yaml @@ -1,9 +1,14 @@ --- +apiVersion: v1 +kind: Namespace +metadata: + name: bitwarden +--- apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: bjw-s-charts - namespace: {{ .Release.Namespace }} + namespace: flux-system spec: url: https://bjw-s.github.io/helm-charts/ interval: 1h @@ -12,7 +17,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: vaultwarden - namespace: {{ .Release.Namespace }} + namespace: bitwarden spec: interval: 30m chart: @@ -22,7 +27,7 @@ spec: sourceRef: kind: HelmRepository name: bjw-s-charts - namespace: {{ .Release.Namespace }} + namespace: flux-system install: createNamespace: true values: