Skip to content

Commit

Permalink
Update README, Plane
Browse files Browse the repository at this point in the history
  • Loading branch information
Liana64 committed Dec 31, 2024
1 parent 75baf24 commit 686006d
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 24 deletions.
12 changes: 7 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,26 +2,28 @@

**Liana Laboratories Self-Hosting Initiative**

This is my Kubernetes homelab, currently running on a Lenovo ThinkServer RD350. I'm still migrating over some of my resources to Kubernetes, and I also want to setup another node on my R720xd, but this is the current state of things! Feel free to have a look around and adapt however you want!
This is my Kubernetes homelab, currently running on a Lenovo RD350 and Dell R720xd. Feel free to have a look around and adapt however you want!

**Are you an aspiring homelabber?**

Have a look at onedr0p's [cluster-template](https://github.com/onedr0p/cluster-template), [kubesearch](https://kubesearch.dev/), and [selfh.st](https://selfh.st/) for inspiration!

## 📌 Features

- [Talos](https://github.com/fluxcd/flux2) OS for immutability, security, performance, ease-of-use. For my homelab, I've deployed this on Proxmox so I'm using nocloud, but for a bare metal install there are a lot of great tools you can use
- Automation, including [Flux GitOps](https://github.com/fluxcd/flux2), [Reloader](https://github.com/stakater/Reloader), and other deployments
- [Talos](https://github.com/siderolabs/talos) OS for immutability, security, performance, ease-of-use. For my homelab, I've deployed this on Proxmox so I'm using nocloud, but for a bare metal install there are a lot of great tools you can use
- Automation, including GitOps using [FluxCD](https://github.com/fluxcd/flux2), [Reloader](https://github.com/stakater/Reloader), and other deployments
- Local OCI registry mirror using [spegel](https://github.com/spegel-org/spegel)
- [Cert-manager](https://github.com/cert-manager/cert-manager) with LetsEncrypt and DNS authorization
- [Cilium](https://github.com/cilium/cilium) container networking and CoreDNS
- Secrets encrypted using [SOPS](https://github.com/getsops/sops) and stored with git (I don't think there are enough qubits for this to ever matter, but if I'm wrong, oh well!)
- OIDC authentication with [Authelia](https://github.com/authelia/authelia) and [LLDAP](https://github.com/lldap/lldap)
- [Traefik](https://github.com/traefik/traefik) ingresses with security measures
- Databases for [Cloudnative PG](https://github.com/cloudnative-pg/cloudnative-pg), [MinIO](https://min.io/), [Dragonfly](https://github.com/dragonflydb/dragonfly), and even [MS SQL Server](https://www.microsoft.com/en-us/sql-server/sql-server-downloads)!
- Storage using [OpenEBS](https://github.com/openebs/openebs) (I didn't have great experiences with NVMe over TCP, i.e. Mayastor, but that might go differently for you. Also, maybe that was just related to the Talos v1.8.2 kernel panic on nocloud bug)
- Storage using [OpenEBS](https://github.com/openebs/openebs) (I didn't have great experiences with NVMe over TCP, i.e. Mayastor, but that might go differently for you. Also, maybe that was just related to the Talos v1.8.2 kernel panic on nocloud bug). I haven't moved over to Rook Ceph yet, but it's also included.
- [Teleport](https://github.com/gravitational/teleport) VPN
- Various drivers and utilities
- Observability tools and exporters including Prometheus, Grafana, Loki, and others
- Many self-hosted deployments, including a [Homepage](https://github.com/gethomepage/homepage)
- Many self-hosted deployments, including a [Homepage](https://github.com/gethomepage/homepage), game servers, and a media stack
- Taskfiles ([go-task](https://taskfile.dev/)) and scripts for ease-of-use

## ✅ Requirements
Expand Down
6 changes: 4 additions & 2 deletions kubernetes/main/apps/home-office/plane/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app plane
annotations:
secret.reloader.stakater.com/reload: "plane-secret"
spec:
interval: 30m
chart:
Expand Down Expand Up @@ -101,13 +103,13 @@ spec:
pullPolicy: IfNotPresent

env:
docstore_bucket: "uploads"
docstore_bucket: "plane"
doc_upload_size_limit: "5242880" # 5MB
sentry_dsn: ""
sentry_environment: ""

cors_allowed_origins: ""
default_cluster_domain: cluster.local
aws_region: "lab"

valuesFrom:
- targetPath: rabbitmq.external_rabbitmq_url
Expand Down
34 changes: 17 additions & 17 deletions kubernetes/main/apps/home-office/plane/app/secret.sops.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,16 +5,16 @@ type: Opaque
metadata:
name: plane-secret
stringData:
SECRET_KEY: ENC[AES256_GCM,data:Hlge8nCQC8cAwBAhKhOSIQDFqPCl0q8lp14Lrb1Ha1xfimzv0FYtWTHVGjP50cu5Kr1qv6SPSsU0rvHOdPvfuw==,iv:qY++THG8PWRGJb5qURyzV5C+022eBKOWdf19vdu3Stg=,tag:XhCcjURlz6xtFNzXehe1gw==,type:str]
POSTGRES_USER: ENC[AES256_GCM,data:XQVJU+0=,iv:8dc07OmRZA/PTyIsK8zHnLKa+HFeaQ4h09nNiWTNPlY=,tag:pmRJXHtSngQmTpUtY4xzmA==,type:str]
POSTGRES_DB: ENC[AES256_GCM,data:RtBCCWw=,iv:BpRYcn2BpIRcLmQcAIrunvtB4MDuDYkmJOnAsmPtat0=,tag:xvUhN8ixC5jY8ykAQwzjNQ==,type:str]
POSTGRES_PASSWORD: ENC[AES256_GCM,data:iiGNnq0jK1/1zYZG9xKh6FpHYwHynQ+0/bFW6ecrIcA=,iv:xQfhOf8DjSKU+5YE4OeaKBFojL8dx6EUAg9mIkPiKTk=,tag:+0OmSsaTRbIMDxiRtNo28w==,type:str]
POSTGRES_URL: ENC[AES256_GCM,data:tiUR01NTwPZvOaH3AewUl2DwMe6C1p+t/RwcnbHHGPtMv6LDUlszTJq5b3OODmNrCZql+FPmNretO+UWNKHRFB0+PbrtDLVR6Aia91PBVlWvYUwmHXIwLGkJWyTmQ6yQK3n0hHUhhA==,iv:x5bhArp40eaO7UrFVTT8dw89OaQRyJTAOH2VyQSmgbs=,tag:zsjobWSyB7a4CUvREBTNzw==,type:str]
REDIS_URL: ENC[AES256_GCM,data:ZVjRw2T2QvxentteSyAC5tzoc4VJM4U01JpLxvx9d+3kiRwhImYXhhDbzFvetfD52V3Z/Z+upOQhCaiFPxwBW2gSrNiQ/rxOiJoB65fKNg90NoIn,iv:VxmX6waqWRyre6nbM63K5sUrxbDmbyXaakIqZFkKVjg=,tag:dgxCagZKumzE8w4QK4mrYQ==,type:str]
RABBITMQ_URL: ENC[AES256_GCM,data:fsKrT7di5yPxRkSF1AmWsjvqBeSZHuBUx7MzfXdM+uXa9t+BSOjRN1P+oUYGj09jRY/PEsYjouTJKTCCCkD3noC88j4IkwcxhEJrbIgvgZKhH3yzsjQBzJDevCE=,iv:I1wUED3rLlu4Mds9jk3Io2vt2iCdEoUu9U7d6g0Xgnk=,tag:jFfA1WN3HoA+4PexBy9ByA==,type:str]
MINIO_URL: ENC[AES256_GCM,data:AHOPIiRJrX/6UAaTGpVhMMhLzugupdi7o2GZjTVl1n7td5Z8naNiNUp/UVKP2ge9K6XLyZZIYwV+VoPEaD54IYRdlL7aE/XH6bMrY3btxdYakplkesktT/kIWBLWsYC8vI3yoWuust/5LO3lZMw/x6w=,iv:W4FyvWVqCKdrofH4fgPiqADgz+PAHYiM9HX5s3dt5RA=,tag:FgdSBWTiCkw/hmsPNWKdQw==,type:str]
MINIO_ACCESS_KEY: ENC[AES256_GCM,data:i8hXPpjmov8WfOL8OkafOaRgPgU=,iv:A2pk8x5LxHLldMD61O/bvb5G7Jdt/m3I4/aShUs88Ao=,tag:27gEOSWw2x/1oEYh/k85JQ==,type:str]
MINIO_SECRET_KEY: ENC[AES256_GCM,data:YG7/kjI65vmvzBj7XuuGbSlNg3ZfmJn5UtwZCK8he6BbIXvw1Tu5JA==,iv:vj/UOmOpRB99143VwdOOvf79kMNA7SRx0CdgMEv9938=,tag:K+1AauPt+SHTq1rfecDAhg==,type:str]
SECRET_KEY: ENC[AES256_GCM,data:pyE8ZRQex5957x5VDzpeSReEjyHVd/rk94VHGc7HG4c/adp7lxQHkPccnANEmykqwtqJg6KtqIIsS/YpryHGYw==,iv:30hN0ptSC1JYSMKAHLF7IAReblrMfwBhzMlaTP79jCw=,tag:BBFQyHFmkLyr8Nyhbn6xyg==,type:str]
POSTGRES_USER: ENC[AES256_GCM,data:ZZTLn2U=,iv:qm5YKuCIkpnz3uJQoVTs3B8Vxsc69YnAMCzCoRUiqgY=,tag:0NEF0vkUJ0dJQwzk+qJqRQ==,type:str]
POSTGRES_DB: ENC[AES256_GCM,data:KwXEG2Y=,iv:64EbD5HwoXTWbxx873BuYOA5fIOhNiS+aOaLP58sMwU=,tag:+zNWs1POt6AY6xhcIylbQg==,type:str]
POSTGRES_PASSWORD: ENC[AES256_GCM,data:1tkv0m6ydV6RlYrIFxceroBQTqr+Xjfdmadm7riFPB4=,iv:SgVnc1RIjCHDx4GKA9jQgx3YCvIg4QWIiZUqr7UZRLY=,tag:9ejNoI5L3Jbo4xkbTC3Z+Q==,type:str]
POSTGRES_URL: ENC[AES256_GCM,data:jdFVXgLI2Qv5jJmGQAhHTu0XpxGu6JPuFG3PTBW4baAP4QcbZ+KPs+613s1wTrvkBWJojozmIyromW10s9g7Bw84EuUMKGfHlaEEI8m67e0vd34S1IMdzLqpP/lpmurpubCJLpjfoQ==,iv:+jzI0ki4Er+gGVpbTiakPp0eTCo5pgsteaR9WqGVTDA=,tag:xYzx5ir9aE9GBx01oQTfhA==,type:str]
REDIS_URL: ENC[AES256_GCM,data:oXzRSiCowUGlrXKuHklnigK42Wu9+djN0SjpLt9fWE9Bt7dfRE2/ntapin2Pw0ffKGHeOX0HQ4AaBW5weSegbF2d8pbM+aRAp88OyfW/0+mR,iv:DdVFCYjtzeRAgdktCHkOobBsO4x8K3krnJkjWNFfqfE=,tag:cUNPMXwvA5op725E6rjlhw==,type:str]
RABBITMQ_URL: ENC[AES256_GCM,data:PvHXUBLsq5rmGPy4KRSnlF4bJ3zX0yRnhnAAaj63VFyCI/akhozMp14E7FtRUXKxXPH1Lx49irYlFkQitcjZiQAiV3C/Z9WV6ZinZvz2ZQJ/CiONhp8bqLNMy6w=,iv:8S51kMQqAHlyGTnvx52/uIKAO8DGi2P1jGr+YVr6nD8=,tag:FkHk1ipw2VmjSV5pGxnMUQ==,type:str]
MINIO_URL: ENC[AES256_GCM,data:61wIJdTu72PIKkq3acm+NqOZ/ikQgR7m85s=,iv:mSQARlv1YInlOC72kls2zBo64mlm8lraCg7FeCjgSrA=,tag:R2Z0E2aasn0YxgPCxT4oeA==,type:str]
MINIO_ACCESS_KEY: ENC[AES256_GCM,data:mD8px9AHb2Si8c2UWzEJ8y8PMQY=,iv:dAoy9MT8c0vgZ9oQLD/Ky/SGYb/awMSYzY/iFTx2czw=,tag:eN6IaZDS/q8KzmdugAdQCg==,type:str]
MINIO_SECRET_KEY: ENC[AES256_GCM,data:ticgtGuG588hJqeQF7xU99g85DYeeMwwf0UpO+xSdbyob7TEXRBi8A==,iv:txLd61gufYn2xfg6tmfNNcpNUZPdPUkQ/idhmWDpYDc=,tag:sFDl9yNXGBggGeNLeDf0Ww==,type:str]
sops:
kms: []
gcp_kms: []
Expand All @@ -24,14 +24,14 @@ sops:
- recipient: age19nu7uf8dageqlmzk23x7vl24fpn0l7cq20l3l4xxf2sk2xd5h98qss437p
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5cUNsRW9PaWtFTEJORDZx
eDBRdXg3QkhzMzFGVHJpTkZaK0wyYlNMdzJvCk1XZTUrNzJpZlZpWHRuUEVvekFF
QU12aVRoR3N6eUR6aHEwTWlIOU9SazQKLS0tIGU2ZmloNWxHRGFEQ1YwUjBONENS
bGxqQmhESjY2L01mSUVtYUdxVlpzR28KlXVdYP1I98OeiUi+h1+JHpm4/SS1OwiI
4FfbygAqlk5xDMc7+rGvkeN82MMJTJf2FnIqtnYUlIBa+sh3A8L20Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwTU5FZnVPLzhHVlIwT3R3
eGw4aHFoazRqR0oySzRPRTk5MWEzM1VIMmt3CnAvbkt4ajZPMnV3MWNWcURSdmNo
NFFpMWl4OU84TFBJNXdEWGh1NlBiZ3cKLS0tIHcvMi9YbzFrV3VQTCtXNlRvTHEv
WWowUno2ZVE3R29kb2JpeFZ1Ykd6ZTgKAGGXYCed/qenEvX+Oex31hGJT2lFEsXQ
DeVj5uVaoTnIBWa3zbqhIRvw++o8hbzJLk5cPASYdbdg4ZgDp+ylnQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-29T20:57:38Z"
mac: ENC[AES256_GCM,data:bTm/uac73fcZLlWKqRCtjdKTeHlwMcAnPiWBSOxs+BqXn0EeV65BL9oEJ/qpXPLyupvO2neUUnsrQawEo2G71m0voRrCxV3tAVfYgStQ+Ek/lJFdIlQxRrt9rIoSIc/eEeC6VYx90HHWO7gXT06B46fN66emxotY0IoG1BbWVRY=,iv:+d79pdiiRFxulpSn+4X5WTQo4xArwTHZjfYdW3s8YLE=,tag:V+WVxVWbY+hnpObNr63aCg==,type:str]
lastmodified: "2024-12-29T22:00:05Z"
mac: ENC[AES256_GCM,data:aHKx3LP25IN7JkS9Xq+2xeXkkCcFBRpSxA7VtRNA0CcbppfUCKlzfd4xwdkl8GHJXKKtYyedRvJ9wgGHGkOz0F3kMEyGs0laEFd4O4+BTHVquNGeftR74R1aK5p2uXNaPWkKAJ9mpxZxEYhQ8/u6InR1R86JsOyjVfRBEVKqWjM=,iv:f+wNf2/Vzs+rv9CJJ8IRJCZmyy01Gz8csKh3XFi5W2c=,tag:oYRcHr70F4tTHQ/Rmnr0mQ==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.9.2

0 comments on commit 686006d

Please sign in to comment.