deployments/auth/authentik.yaml

@@ -1,4 +1,9 @@
 ---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: authentik
+---
 apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
 metadata:
@@ -12,7 +17,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: wildcard-hxme-net
-  namespace: auth
+  namespace: authentik
   annotations:
     replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net
 ---
@@ -20,7 +25,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: authentik
-  namespace: auth
+  namespace: authentik
 spec:
   interval: 30m
   chart:

deployments/dns/bind.yaml

@@ -136,4 +136,3 @@ spec:
       protocol: TCP
       targetPort: 53
 
-

deployments/dns/externaldns.yaml

@@ -72,3 +72,4 @@ spec:
                 secretKeyRef:
                   name: dns-secrets
                   key: externaldns-secret
+

deployments/files/nextcloud.yaml

@@ -1,5 +1,10 @@
 ---
 apiVersion: v1
+kind: Namespace
+metadata:
+  name: nextcloud
+---
+apiVersion: v1
 kind: PersistentVolume
 metadata:
   name: nextcloud-pv

deployments/files/syncthing.yaml

@@ -1,9 +1,14 @@
 ---
 apiVersion: v1
+kind: Namespace
+metadata:
+  name: syncthing
+---
+apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: syncthing-data
-  namespace: sync
+  namespace: syncthing
 spec:
   accessModes:
     - ReadWriteOnce
@@ -28,7 +33,7 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: syncthing-share
-  namespace: sync
+  namespace: syncthing
 spec:
   accessModes:
     - ReadWriteOnce
@@ -41,7 +46,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: syncthing
-  namespace: sync
+  namespace: syncthing
 spec:
   replicas: 1
   selector:
@@ -81,7 +86,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: syncthing
-  namespace: sync
+  namespace: syncthing
 spec:
   selector:
     app: syncthing

deployments/kustomization.yaml

@@ -2,3 +2,16 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind:       Kustomization
 
 resources:
+  - monitoring/provider.yaml
+  - monitoring/grafana.yaml
+  - monitoring/loki.yaml
+  - monitoring/prometheus.yaml
+  - operators/mariadb.yaml
+  - operators/replicator.yaml
+  - dns/namespace.yaml
+  - dns/bind.yaml
+  - dns/externaldns.yaml
+  - ssl/certmanager.yaml
+  - auth/authentik.yaml
+  - files/nextcloud.yaml
+  - files/syncthing.yaml

new/Chart.yaml

@@ -1,31 +0,0 @@
-apiVersion: v2
-name: home-server
-description: A Helm chart that rolls a curated, functional home server
-version: 0.0.1
-
-dependencies:
-  - name: ai
-    version: 0.0.1
-    repository: "file://charts/ai"
-  - name: dns
-    version: 0.0.1
-    repository: "file://charts/dns"
-  - name: media
-    version: 0.0.1
-    repository: "file://charts/media"
-  - name: monitoring
-    version: 0.0.1
-    repository: "file://charts/monitoring"
-  - name: remote
-    version: 0.0.1
-    repository: "file://charts/remote"
-  - name: social
-    version: 0.0.1
-    repository: "file://charts/social"
-  - name: sync
-    version: 0.0.1
-    repository: "file://charts/sync"
-  - name: util
-    version: 0.0.1
-    repository: "file://charts/util"
-

new/charts/ai/namespace.yaml

@@ -1,5 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: ai

new/charts/ai/openwebui.yaml

@@ -1,72 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: openwebui
-  namespace: ai
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: openwebui
-  template:
-    metadata:
-      labels:
-        app: openwebui
-    spec:
-      containers:
-        - name: openwebui
-          image: ghcr.io/open-webui/open-webui:latest
-          ports:
-            - containerPort: 8080
-          env:
-            - name: OLLAMA_BASE_URL
-              value: http://ollama:11434
-          volumeMounts:
-            - name: ai-storage
-              mountPath: /app/backend/data
-      volumes:
-        - name: ai-storage
-          hostPath:
-            path: /dpool/files/ai/
-            type: Directory
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: openwebui
-  namespace: ai
-spec:
-  selector:
-    app: openwebui
-  ports:
-    - protocol: TCP
-      port: 80
-      targetPort: 8080
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: openwebui
-  namespace: ai
-  annotations:
-    kubernetes.io/ingress.class: "traefik" 
-    external-dns.alpha.kubernetes.io/hostname: nc.hxme.net
-spec:
-  rules:
-    - host: ai.hxme.net
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: openwebui
-                port:
-                  number: 80
-  tls:
-    - hosts:
-        - ai.hxme.net
-      secretName: openwebui-tls
-
-

new/charts/auth/namespace.yaml

@@ -1,5 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: ai

new/charts/files/namespace.yaml

@@ -1,5 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: files

new/charts/media/namespace.yaml

@@ -1,5 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: media

new/charts/monitoring/namespace.yaml

@@ -1,5 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: monitoring

new/charts/remote/namespace.yaml

@@ -1,5 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: remote

new/charts/remote/rustdesk.yaml

@@ -1,72 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: rustdesk-charts
-  namespace: flux-system
-spec:
-  url: https://charts.rustdesk.com
-  interval: 1h
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: rustdesk-server
-  namespace: remote
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: rustdesk-server
-      version: 0.5.0
-      sourceRef:
-        kind: HelmRepository
-        name: rustdesk-charts
-        namespace: flux-system
-  install:
-    createNamespace: true
-  values:
-    hbbs:
-      enabled: true
-      service:
-        type: ClusterIP
-        ports:
-          - name: tcp
-            port: 21115
-            targetPort: 21115
-          - name: tcp-hbbs
-            port: 21116
-            targetPort: 21116
-          - name: udp
-            port: 21116
-            targetPort: 21116
-            protocol: UDP
-
-    hbbr:
-      enabled: true
-      service:
-        type: ClusterIP
-        ports:
-          - name: tcp-hbbr
-            port: 21117
-            targetPort: 21117
-
-    ingress:
-      enabled: true
-      className: "traefik" # or nginx or your ingress class
-      annotations: {}
-      hosts:
-        - host: rd.hxme.net
-          paths:
-            - path: /
-              pathType: Prefix
-      tls:
-        - hosts:
-            - rd.hxme.net
-          secretName: rustdesk-tls
-
-    # Optional admin password – change this in production
-    env:
-      ENCRYPTED_ONLY: "false"
-      ENABLE_LOG: "true"
-

new/charts/social/namespace.yaml

@@ -1,5 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: social

new/charts/sync/linkwarden.yaml

@@ -1,60 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: linkwarden
-  namespace: sync
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: linkwarden
-  template:
-    metadata:
-      labels:
-        app: linkwarden
-    spec:
-      containers:
-        - name: linkwarden
-          image: ghcr.io/linkwarden/linkwarden:latest
-          ports:
-            - containerPort: 8080
-          env:
-            - name: ADMIN_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: linkwarden-secret
-                  key: admin-password
-            # Add other environment variables here as needed
-          volumeMounts:
-            - name: linkwarden-data
-              mountPath: /data
-      volumes:
-        - name: linkwarden-data
-          emptyDir: {} # Change to persistentVolumeClaim for production
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: linkwarden-secret
-  namespace: sync
-type: Opaque
-stringData:
-  admin-password: "YourStrongAdminPasswordHere"
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: linkwarden
-  namespace: sync
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: lw.hxme.net
-spec:
-  selector:
-    app: linkwarden
-  ports:
-    - protocol: TCP
-      port: 80
-      targetPort: 8080
-  type: ClusterIP
-

new/charts/sync/namespace.yaml

@@ -1,5 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: sync

new/charts/sync/vaultwarden.yaml

@@ -1,100 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: vaultwarden
-  namespace: sync
-  labels:
-    app: vaultwarden
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: vaultwarden
-  template:
-    metadata:
-      labels:
-        app: vaultwarden
-    spec:
-      containers:
-        - name: vaultwarden
-          image: vaultwarden/server:1.30.5
-          imagePullPolicy: IfNotPresent
-          env:
-            - name: WEBSOCKET_ENABLED
-              value: "true"
-            - name: SIGNUPS_ALLOWED
-              value: "false"
-            - name: DOMAIN
-              value: "https://vw.hxme.net"
-            - name: ADMIN_TOKEN
-              value: "CHANGEME_SUPER_SECRET"
-          ports:
-            - containerPort: 80
-              name: http
-          volumeMounts:
-            - name: data
-              mountPath: /data
-          resources:
-            requests:
-              cpu: 50m
-              memory: 128Mi
-            limits:
-              cpu: 250m
-              memory: 512Mi
-      volumes:
-        - name: data
-          persistentVolumeClaim:
-            claimName: bitwarden-data
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: vaultwarden
-  namespace: sync
-  labels:
-    app: vaultwarden
-spec:
-  type: ClusterIP
-  selector:
-    app: vaultwarden
-  ports:
-    - name: http
-      port: 80
-      targetPort: http
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: vaultwarden
-  namespace: sync
-  annotations:
-    kubernetes.io/ingress.class: traefik
-spec:
-  rules:
-    - host: vw.hxme.net
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: vaultwarden
-                port:
-                  number: 80
-  tls:
-    - hosts:
-        - vw.hxme.net
-      secretName: bitwarden-tls
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: bitwarden-data
-  namespace: sync
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
-

new/charts/util/namespace.yaml

@@ -1,5 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: util

new/values.yaml

@@ -1,24 +0,0 @@
-ai:
-  enabled: true
-
-dns:
-  enabled: false
-
-media:
-  enabled: true
-
-monitoring:
-  enabled: true
-
-remote:
-  enabled: false
-
-social:
-  enabled: true
-
-sync:
-  enabled: false
-
-util:
-  enabled: true
-