fuck helm.

chart/Chart.yaml

@@ -1,6 +0,0 @@
-apiVersion: v2
-name: home-server
-description: A Helm chart for deploying the home-server application
-type: application
-version: 0.1.3
-appVersion: "1.0.0"

chart/templates/monitoring-provider.yaml

@@ -1,9 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: grafana
-  namespace: {{ .Release.Namespace }}
-spec:
-  url: https://grafana.github.io/helm-charts
-  interval: 1h

chart/values.yaml

@@ -1,16 +0,0 @@
-global:
-  domain: hxme.net
-  ssl_secret_name: wildcard-hxme-net
-  namespace: hsp-system
-  issuerName: letsencrypt-rfc2136
-  email: admin@hxme.net
-
-  rfc2136:
-    nameserver: hawke.hxst.com.au:53
-    tsigKeyName: hxme-update-key
-    tsigAlgorithm: HMACSHA512
-    tsigSecretName: hxme-update-key
-    tsigSecretKey: hxme-update-key
-
-  replicatorNamespaces: "monitoring,authentik,nextcloud"
-

deployments/ai/openweb.yaml

@@ -1,9 +1,14 @@
 ---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ai
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: openwebui
-  namespace: {{ .Release.Namespace }}
+  namespace: ai
 spec:
   replicas: 1
   selector:
@@ -35,7 +40,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: openwebui
-  namespace: {{ .Release.Namespace }}
+  namespace: ai
 spec:
   selector:
     app: openwebui
@@ -48,7 +53,7 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: openwebui
-  namespace: {{ .Release.Namespace }}
+  namespace: ai
   annotations:
     kubernetes.io/ingress.class: "traefik" 
     external-dns.alpha.kubernetes.io/hostname: nc.hxme.net

deployments/auth/authentik.yaml

@@ -1,18 +1,31 @@
 ---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: authentik
+---
 apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
 metadata:
   name: authentik
-  namespace: {{ .Release.Namespace }}
+  namespace: flux-system
 spec:
   url: https://charts.goauthentik.io/
   interval: 1h
 ---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: wildcard-hxme-net
+  namespace: authentik
+  annotations:
+    replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net
+---
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: authentik
-  namespace: {{ .Release.Namespace }}
+  namespace: authentik
 spec:
   interval: 30m
   chart:
@@ -22,7 +35,7 @@ spec:
       sourceRef:
         kind: HelmRepository
         name: authentik
-        namespace: {{ .Release.Namespace }}
+        namespace: flux-system
   install:
     createNamespace: true
   upgrade:
@@ -32,13 +45,9 @@ spec:
     - kind: Secret
       name: authentik-values
   values:
-    server:
     ingress:
-        enabled: true
       annotations:
         external-dns.alpha.kubernetes.io/hostname: auth.hxme.net
-        hosts:
-          - auth.hxme.net
       tls:
         - secretName: wildcard-hxme-net
           hosts:

deployments/dns/bind.yaml

@@ -3,7 +3,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: bind-master-config
-  namespace: {{ .Release.Namespace }}
+  namespace: dns
 data:
   named.conf: |
     include "/etc/bind/externaldns-key.conf";
@@ -52,7 +52,7 @@ apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: bind-master
-  namespace: {{ .Release.Namespace }}
+  namespace: dns
 spec:
   selector:
     matchLabels:
@@ -122,7 +122,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: bind-master
-  namespace: {{ .Release.Namespace }}
+  namespace: dns
 spec:
   selector:
     app: bind-master

deployments/dns/externaldns.yaml

@@ -13,9 +13,6 @@ rules:
   - apiGroups: [""]
     resources: ["nodes"]
     verbs: ["list","watch"]
-  - apiGroups: ["discovery.k8s.io"]
-    resources: ["endpointslices"]
-    verbs: ["get", "watch", "list"]
   # Add DNS provider specific rules here if needed (e.g., for AWS IAM, GCP etc.)
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -29,19 +26,19 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: external-dns
-    namespace: {{ .Release.Namespace }}
+    namespace: dns
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: external-dns
-  namespace: {{ .Release.Namespace }}
+  namespace: dns
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: external-dns
-  namespace: {{ .Release.Namespace }}
+  namespace: dns
 spec:
   replicas: 1
   selector:
@@ -60,7 +57,7 @@ spec:
           - --source=service
           - --source=ingress
           - --provider=rfc2136
-          - --rfc2136-host=bind-master.{{ .Release.Namespace }}.svc.cluster.local
+          - --rfc2136-host=bind-master.dns.svc.cluster.local
           - --rfc2136-port=53
           - --rfc2136-zone=hxme.net
           - --rfc2136-tsig-secret=$(RFC2136_TSIG_SECRET)

deployments/dns/namespace.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: dns

deployments/files/nextcloud.yaml

@@ -1,5 +1,10 @@
 ---
 apiVersion: v1
+kind: Namespace
+metadata:
+  name: nextcloud
+---
+apiVersion: v1
 kind: PersistentVolume
 metadata:
   name: nextcloud-pv
@@ -17,7 +22,7 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: nextcloud-pvc
-  namespace: {{ .Release.Namespace }}
+  namespace: nextcloud
 spec:
   accessModes:
     - ReadWriteOnce
@@ -31,7 +36,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: nextcloud
-  namespace: {{ .Release.Namespace }}
+  namespace: nextcloud
 spec:
   ports:
     - port: 80
@@ -42,7 +47,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: nextcloud
-  namespace: {{ .Release.Namespace }}
+  namespace: nextcloud
 spec:
   securityContext:
     runAsUser:  1000
@@ -89,7 +94,7 @@ apiVersion: k8s.mariadb.com/v1alpha1
 kind: MariaDB
 metadata:
   name: nextcloud-db
-  namespace: {{ .Release.Namespace }}
+  namespace: nextcloud
 spec:
   rootPasswordSecretKeyRef:
     name: nextcloud-secrets
@@ -103,11 +108,19 @@ spec:
   storage:
     size: 5Gi
 ---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: wildcard-hxme-net
+  namespace: nextcloud
+  annotations:
+    replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net
+---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: nextcloud
-  namespace: {{ .Release.Namespace }}
+  namespace: nextcloud
   annotations:
     external-dns.alpha.kubernetes.io/hostname: nc.hxme.net
 spec:

deployments/files/syncthing.yaml

@@ -1,9 +1,14 @@
 ---
 apiVersion: v1
+kind: Namespace
+metadata:
+  name: syncthing
+---
+apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: syncthing-data
-  namespace: {{ .Release.Namespace }}
+  namespace: syncthing
 spec:
   accessModes:
     - ReadWriteOnce
@@ -28,7 +33,7 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: syncthing-share
-  namespace: {{ .Release.Namespace }}
+  namespace: syncthing
 spec:
   accessModes:
     - ReadWriteOnce
@@ -41,7 +46,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: syncthing
-  namespace: {{ .Release.Namespace }}
+  namespace: syncthing
 spec:
   replicas: 1
   selector:
@@ -81,7 +86,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: syncthing
-  namespace: {{ .Release.Namespace }}
+  namespace: syncthing
 spec:
   selector:
     app: syncthing

deployments/kustomization.yaml

@@ -2,8 +2,16 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind:       Kustomization
 
 resources:
-  - manifests/00-namespaces.yaml
+  - monitoring/provider.yaml
-  - manifests/10-repo-prod.yaml
+  - monitoring/grafana.yaml
-  - manifests/20-hrel-mariadb.yaml
+  - monitoring/loki.yaml
-  - manifests/20-hrel-replicator.yaml
+  - monitoring/prometheus.yaml
-  - manifests/30-hrel-prod.yaml
+  - operators/mariadb.yaml
+  - operators/replicator.yaml
+  - dns/namespace.yaml
+  - dns/bind.yaml
+  - dns/externaldns.yaml
+  - ssl/certmanager.yaml
+  - auth/authentik.yaml
+  - files/nextcloud.yaml
+  - files/syncthing.yaml

deployments/manifests/00-namespaces.yaml

@@ -1,10 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: hsp-system
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: home-server-dev

deployments/manifests/10-repo-dev.yaml

@@ -1,13 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: GitRepository
-metadata:
-  name: home-server-dev
-  namespace: flux-system
-spec:
-  interval: 1m
-  url: ssh://git@repobase.net/j/home-server.git
-  secretRef:
-    name: flux-ssh
-  ref:
-    branch: dev

deployments/manifests/10-repo-prod.yaml

@@ -1,14 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: GitRepository
-metadata:
-  name: hsp-system
-  namespace: flux-system
-spec:
-  interval: 1m
-  url: ssh://git@repobase.net/j/home-server.git
-  secretRef:
-    name: flux-ssh
-  ref:
-    branch: main
-

deployments/manifests/30-hrel-dev.yaml

@@ -1,17 +0,0 @@
-#---
-#apiVersion: helm.toolkit.fluxcd.io/v2beta1
-#kind: HelmRelease
-#metadata:
-#  name: home-server-dev
-#  namespace: home-server-dev
-#spec:
-#  interval: 1m
-#  chart:
-#    spec:
-#      chart: ./
-#      sourceRef:
-#        kind: GitRepository
-#        name: home-server-dev
-#        namespace: flux-system
-#      values:
-#        mariadbNamespace: mariadb-db-dev

deployments/manifests/30-hrel-prod.yaml

@@ -1,15 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: hsp-release
-  namespace: hsp-system
-spec:
-  interval: 1m
-  chart:
-    spec:
-      chart: ./chart
-      sourceRef:
-        kind: GitRepository
-        name: hsp-system
-        namespace: flux-system

deployments/monitoring/grafana.yaml

@@ -3,7 +3,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: grafana
-  namespace: {{ .Release.Namespace }}
+  namespace: monitoring
 spec:
   interval: 30m
   chart:
@@ -13,7 +13,7 @@ spec:
       sourceRef:
         kind: HelmRepository
         name: grafana
-        namespace: {{ .Release.Namespace }}
+        namespace: flux-system
   install:
     createNamespace: true
   values:

deployments/monitoring/loki.yaml

@@ -3,7 +3,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: loki
-  namespace: {{ .Release.Namespace }}
+  namespace: monitoring
 spec:
   interval: 30m
   chart:
@@ -13,7 +13,7 @@ spec:
       sourceRef:
         kind: HelmRepository
         name: grafana
-        namespace: {{ .Release.Namespace }}
+        namespace: flux-system
   install:
     createNamespace: true
   values:

deployments/monitoring/prometheus.yaml

@@ -3,7 +3,7 @@ apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
 metadata:
   name: prometheus-community
-  namespace: {{ .Release.Namespace }}
+  namespace: flux-system
 spec:
   url: https://prometheus-community.github.io/helm-charts
   interval: 1h
@@ -12,7 +12,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: prometheus-operator
-  namespace: {{ .Release.Namespace }}
+  namespace: monitoring
 spec:
   interval: 30m
   chart:
@@ -22,9 +22,9 @@ spec:
       sourceRef:
         kind: HelmRepository
         name: prometheus-community
-        namespace: {{ .Release.Namespace }}
+        namespace: flux-system
   install:
-    createNamespace: false
+    createNamespace: true
   upgrade:
     disableWait: true
   timeout: 5m

deployments/monitoring/provider.yaml

@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: monitoring
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: grafana
+  namespace: flux-system
+spec:
+  url: https://grafana.github.io/helm-charts
+  interval: 1h
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: wildcard-hxme-net
+  namespace: monitoring
+  annotations:
+    replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net

deployments/operators/mariadb.yaml

@@ -54,3 +54,7 @@ spec:
   dependsOn:
     - name: mariadb-operator-crds
       namespace: mariadb-system
+  values:
+    metrics:
+      enabled: true
+

deployments/operators/replicator.yaml

@@ -96,4 +96,3 @@ spec:
     serviceAccount:
       create: false
       name: kubernetes-replicator
-

deployments/remote-access/rustdesk.yaml

@@ -1,9 +1,14 @@
 ---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: rustdesk
+---
 apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
 metadata:
   name: rustdesk-charts
-  namespace: {{ .Release.Namespace }}
+  namespace: flux-system
 spec:
   url: https://charts.rustdesk.com
   interval: 1h
@@ -12,7 +17,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: rustdesk-server
-  namespace: {{ .Release.Namespace }}
+  namespace: rustdesk
 spec:
   interval: 30m
   chart:
@@ -22,7 +27,7 @@ spec:
       sourceRef:
         kind: HelmRepository
         name: rustdesk-charts
-        namespace: {{ .Release.Namespace }}
+        namespace: flux-system
   install:
     createNamespace: true
   values:

deployments/ssl/certmanager.yaml

@@ -3,7 +3,7 @@ apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
 metadata:
   name: jetstack
-  namespace: {{ .Release.Namespace }}
+  namespace: flux-system
 spec:
   url: https://charts.jetstack.io
   interval: 1h
@@ -12,7 +12,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: cert-manager
-  namespace: {{ .Release.Namespace }}
+  namespace: cert-manager
 spec:
   interval: 30m
   chart:
@@ -22,10 +22,10 @@ spec:
       sourceRef:
         kind: HelmRepository
         name: jetstack
-        namespace: {{ .Release.Namespace }}
+        namespace: flux-system
   install:
     crds: CreateReplace
-    createNamespace: false
+    createNamespace: true
   values:
     installCRDs: true
     extraArgs:
@@ -56,7 +56,7 @@ apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: wildcard-hxme-net
-  namespace: {{ .Release.Namespace }}
+  namespace: cert-manager
 spec:
   secretName: wildcard-hxme-net
   secretTemplate:

deployments/synctools/vaultwarden.yaml

@@ -1,9 +1,14 @@
 ---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: bitwarden
+---
 apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
 metadata:
   name: bjw-s-charts
-  namespace: {{ .Release.Namespace }}
+  namespace: flux-system
 spec:
   url: https://bjw-s.github.io/helm-charts/
   interval: 1h
@@ -12,7 +17,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: vaultwarden
-  namespace: {{ .Release.Namespace }}
+  namespace: bitwarden
 spec:
   interval: 30m
   chart:
@@ -22,7 +27,7 @@ spec:
       sourceRef:
         kind: HelmRepository
         name: bjw-s-charts
-        namespace: {{ .Release.Namespace }}
+        namespace: flux-system
   install:
     createNamespace: true
   values: