Skip to content

Commit

Permalink
--wip-- [skipci]
Browse files Browse the repository at this point in the history
  • Loading branch information
@Liana64
Liana64 committed Nov 28, 2024
1 parent bbcb784 commit 7c0113f
Show file tree
Hide file tree
Showing 29 changed files with 726 additions and 12 deletions.
64 changes: 64 additions & 0 deletions kubernetes/lianalabs/apps/bitwarden/bitwarden/app/helmrelease.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: bitwarden
spec:
interval: 30m
chart:
spec:
chart: self-host
version: 2024.11.0
sourceRef:
kind: HelmRepository
name: bitwarden
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
admins: ""
disableUserRegistration: "false"
cloudRegion: US
enableCloudCommunication: true # Enable billing and license sync
sharedStorageClassName: local-nvme
volumeAccessMode: "ReadWriteOnce"
env:
- name: SMTP_SSL
valueFrom:
secretKeyRef:
name: bitwarden-secret
key: smtpSsl
general:
domain: "bitwarden.${SECRET_EXTERNAL_DOMAIN}"
ingress:
enabled: true
className: traefik
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-production"
gethomepage.dev/enabled: "true"
gethomepage.dev/group: Home
gethomepage.dev/name: Bitwarden
gethomepage.dev/description: Password management
gethomepage.dev/icon: bitwarden
cert:
tls:
name: bitwarden-tls
clusterIssuer: letsencrypt-production
email:
smtpSsl: "${SECRET_SMTP_SSL}"
smtpHost: "${SECRET_SMTP_HOST}"
smtpPort: "${SECRET_SMTP_PORT}"
replyToEmail: "${SECRET_SMTP_FROM}"
secrets:
secretName: *secret
database:
enabled: false
volume:
logs:
enabled: true
6 changes: 6 additions & 0 deletions kubernetes/lianalabs/apps/bitwarden/bitwarden/app/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./secret.sops.yaml
- ./helmrelease.yaml
33 changes: 33 additions & 0 deletions kubernetes/lianalabs/apps/bitwarden/bitwarden/app/secret.sops.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
# yamllint disable
kind: Secret
apiVersion: v1
type: Opaque
metadata:
name: bitwarden-secret
stringData:
replyToEmail: ENC[AES256_GCM,data:9LdJSVlrF8Ac+hryQZB6EkPomFqbpJQ7YIrl0h1g,iv:4tnYxBohGkHP9M6Q8wWLvt77S69siViV+fwagAgQFGI=,tag:8gh2OtqPyptX0sqNN5sLgg==,type:str]
globalSettings__installation__id: ENC[AES256_GCM,data:qhIBpMrWf23TZVhmaTd8+CgQvvfy71v0xoWyFHYQ0nA79wOf,iv:tMzUHtutkaUpoyon+P3OozE/eWXvUPuPlNM1i2NVGx4=,tag:ydRr9KNpNf6RK2/FLl6/JQ==,type:str]
globalSettings__installation__key: ENC[AES256_GCM,data:P8/aPoc1BXFr/1WpMQeWWxuQS9k=,iv:hmCxCViuZjznkReJ9esYoC2oc1lMMjNisPs1rl4g3fw=,tag:rIQIkiod1cPa0fIykvejhw==,type:str]
globalSettings__mail__smtp__username: ENC[AES256_GCM,data:W6q+7nzyWWR5jm2eoOyKYoWxibff+qSPe6V8UZf3,iv:NgNj1h+RefSO28B9sjzGGBLvsi9tgKXbafE5XBYLPak=,tag:fM2m2g1lD9yn3s2pspNBxQ==,type:str]
globalSettings__mail__smtp__password: ENC[AES256_GCM,data:48VVjJvrvfzJKT+Ru8LDUIw7zDoMGWby2yKzZ6zGY2s2nUyqpNRuiNLv+wZPP8/EPts=,iv:Os7mUur9/0+IAHz3/rG0xG5WP3qFbT1NXUOds8WGBeI=,tag:4+YaY4W+SCGtVfxZCbq3eg==,type:str]
SA_PASSWORD: ENC[AES256_GCM,data:TZ3oxHnu+fOh/ftOnvhIMIyX2/YEj4sWXw/efWWao8eFPu4YMEWspHw6adRw8pvAS0EPsXax0QoYunaJjQXXfw==,iv:Gpyy2FcSpP+PR0uzyK+cUUD3Fr9E9B/aysKRX4BBHKA=,tag:bpIsbxqD/R9f1yRW8wfNBg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19nu7uf8dageqlmzk23x7vl24fpn0l7cq20l3l4xxf2sk2xd5h98qss437p
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOc1RiQ2NocExCai9VRk52
Y3BwZVl3aXhQUGF0SDcwd1A0TC94SHA5VWtBCk93SEEzeUozOGxMRlRhc1Y1SDl1
azlRbC8zL1RvZHZ5azNhanVXdXN4bVUKLS0tIGhNRjFNSlNhV08xWEIzaEIxNFMv
aDRWVXU4REFGVDdJNHhDYmZ0b0RxM0UKefaAHSLVAmLkgkHXAq2lDjX+F1i2m9PX
UArt+CSH1IoRLV8616q897WMFNUhMpxn5xjOLy7SlBe7PtQW1pmlzA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-28T23:16:16Z"
mac: ENC[AES256_GCM,data:oCjRIPDfuVwTjKcA39IbjFyZe5/ttEpgzo+hfJXcJrlIUcMjhDEMr4XMOeQzcGACE0mdxAe1CskyRHPLOZUM5gQfJvbIabSf2JDArl/dCxtxM96HHJaPSfB0FE7HU+XFuhnMud73aUI4uY8za8NfvqkAzlaEEOst2NZ3nNI84Yc=,iv:ULt3KIEMFgGTjMLMzB7jQlX7i+jf3qfEeiulnWQv8rc=,tag:QrcQ/XPrBjpmmapWVaAEEw==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.9.1
20 changes: 20 additions & 0 deletions kubernetes/lianalabs/apps/bitwarden/bitwarden/ks.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app bitwarden
namespace: flux-system
spec:
targetNamespace: bitwarden
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/lianalabs/apps/bitwarden/bitwarden/app
prune: true
sourceRef:
kind: GitRepository
name: k8s-gitops
wait: true
interval: 30m
retryInterval: 1m
timeout: 5m
6 changes: 6 additions & 0 deletions kubernetes/lianalabs/apps/bitwarden/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./namespace.yaml
- ./bitwarden/ks.yaml
7 changes: 7 additions & 0 deletions kubernetes/lianalabs/apps/bitwarden/namespace.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: bitwarden
labels:
kustomize.toolkit.fluxcd.io/prune: disabled
7 changes: 7 additions & 0 deletions kubernetes/lianalabs/apps/games/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./namespace.yaml
- ./minecraft/ks.yaml
165 changes: 165 additions & 0 deletions kubernetes/lianalabs/apps/games/minecraft/app/helmrelease.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,165 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app minecraft
spec:
interval: 30m
chart:
spec:
chart: app-template
version: 3.5.1
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
strategy: rollback
retries: 3
dependsOn:
- name: volsync
namespace: volsync-system
values:
controllers:
minecraft:
annotations:
reloader.stakater.com/auto: "true"
containers:
app:
image:
repository: ghcr.io/itzg/minecraft-server
tag: 2024.10.2@sha256:8bd119f65ef6e65bdb12f756bfb44a305b36b1adf868ade8027014fabc29c755
env:
TZ: ${TIMEZONE}
EULA: true
SERVER_NAME: Shoujo Magical Gamers
MOTD: "Minecraft Server"
MAX_PLAYERS: 16
MODE: survival
VERSION: "1.21.3"
DIFFICULTY: normal
LEVEL: world
MEMORY: 8192M
JVM_XX_OPTS: "-XX:MaxRAMPercentage=75"
ENABLE_WHITELIST: true
MAX_TICK_TIME: -1
MAX_WORLD_SIZE: 29999984
VIEW_DISTANCE: 12
MAX_BUILD_HEIGHT: 320
SPAWN_PROTECTION: 0
ENABLE_AUTOPAUSE: true
AUTOPAUSE_TIMEOUT_EST: 600
AUTOPAUSE_TIMEOUT_INIT: 300
FORCE_GAMEMODE: true
OVERRIDE_ICON: true
ICON: https://i.ibb.co/q7PkGt4/shoujomagical.png
TYPE: FABRIC
FABRIC_LAUNCHER_VERSION: 1.0.1
FABRIC_LOADER_VERSION: 0.16.9
CURSEFORGE_FILES: |
balm-fabric:5848095
collective:5847007
glitchcore:5884524
fabric-api:5937030
cristel-lib:5871655
advanced-shulkerboxes:5850153
waystones:5841762
serene-seasons:5861336
mouse-tweaks:5856191
towns-and-towers:5871683
gui-clock:5847307
gui-compass:5847304
hand-over-your-items:5847302
husk-spawn:5847275
pet-names:5847197
stray-spawn:5847085
villager-names:5847043
dismount-entity:5847382
stack-refill:5847097
bottled-air:5847458
cave-spider-spawn:5847436
areas:5847486
spark:5924846
chat-heads:5902516
first-join-message:5847342
# OPS:
# valueFrom:
# secretKeyRef:
# name: minecraft-secret
# key: OPS
# WHITELIST:
# valueFrom:
# secretKeyRef:
# name: minecraft-secret
# key: WHITELIST
# CF_API_KEY:
# valueFrom:
# secretKeyRef:
# name: minecraft-secret
# key: CF_API_KEY
envFrom:
- secretRef:
name: minecraft-secret
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
memory: 8192Mi
securityContext:
allowPrivilegeEscalation: true
readOnlyRootFilesystem: true
capabilities:
add: ["NET_RAW"]
drop: ["ALL"]
probes:
liveness: &probe
enabled: true
custom: true
spec:
periodSeconds: 60
exec: &probeexec { command: ["mc-health"] }
readiness: *probe
startup:
<<: *probe
spec:
initialDelaySeconds: 30
periodSeconds: 1
failureThreshold: 300
exec: *probeexec
pod:
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
fsGroup: 1000
fsGroupChangePolicy: Always
service:
app:
controller: minecraft
annotations:
external-dns.alpha.kubernetes.io/hostname: "shoujo.${SECRET_EXTERNAL_DOMAIN}"
external-dns.alpha.kubernetes.io/target: "mc-router.${SECRET_EXTERNAL_DOMAIN}"
mc-router.itzg.me/externalServerName: shoujo.${SECRET_EXTERNAL_DOMAIN}
ports:
minecraft:
port: 25565
persistence:
data:
storageClass: local-nvme
accessMode: ReadWriteOnce
size: 48Gi
retain: true
globalMounts:
- path: /data
tmp:
type: emptyDir
medium: Memory
globalMounts:
- path: /tmp
7 changes: 7 additions & 0 deletions kubernetes/lianalabs/apps/games/minecraft/app/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./secret.sops.yaml
- ./helmrelease.yaml
Binary file added kubernetes/lianalabs/apps/games/minecraft/app/resources/shoujomagical.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
30 changes: 30 additions & 0 deletions kubernetes/lianalabs/apps/games/minecraft/app/secret.sops.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# yamllint disable
kind: Secret
apiVersion: v1
type: Opaque
metadata:
name: minecraft-secret
stringData:
OPS: ENC[AES256_GCM,data:pHbn4Nbq,iv:4Me3CSd4Wcve5ecz5YEG905uDKrbdsFbe/iXKxa3MVQ=,tag:bN5X1mwl+hs7g9E+3kszVA==,type:str]
WHITELIST: ENC[AES256_GCM,data:2Q1T5jpAKxLHfmxLdtwFNe3s3ZiyG0RCoPPdoAD8xMQ7y5Sc1a5TorlNFaNKPi5iMnjb,iv:h8Eiv4UE/vUrcAB/m972yApRi2wLWgO5TDnR/dOpBCQ=,tag:/9SoflJWzYQhhCAXGt/WkA==,type:str]
CF_API_KEY: ENC[AES256_GCM,data:NKjtl4T7lYyaV+1FJe1avFCpsnfhTfKQMhCSJoTIxlZFUI157J4YBqSR9JXXP0HExLq7iwQNqYs0zPL4,iv:ZqPNi3ZpCSjt0h/vFjGyB2gwvg51+wFk/4SiIMTgnak=,tag:a80rZZeABASlTpD64mr0Fg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19nu7uf8dageqlmzk23x7vl24fpn0l7cq20l3l4xxf2sk2xd5h98qss437p
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpVm5lTjJ2YVM5anFXSTN5
aFdISEI5T1FWdG9hU0hwYmtDUFJ6U2w5NXlvCm5DYTZwNmFseVU1MDJaWTRpVTFV
enlpR3AxSjM3VkJaYmZBc1FSbEhnbXcKLS0tIDRHR0d4aERNcXJGTUY3bzlXMFZU
WjZ5b3FKNFUrSGxVMUlUNzFvWlhzZDgKWOjx/aT3m3ZXAzpX6vd5oCBP/UOfUMYq
N5pOuaZWlSX7dDOXP3xn6afOl95+9XIheqvgsDAtHrNNQHoV4BipXw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-28T20:09:53Z"
mac: ENC[AES256_GCM,data:Z6Z8XYUCcVpbLlxn9FPBxdjfh5mxlpFo21mvklrov/mu/8My1pkQ/gg65i4buMLGBg+/SeBmPrsxIqIjCXLbFzQqGopKrJ3HbU4J45/GdHL0hMwm0Ub739Z7yEYOcXCqFCUUuNBRLs290HfpsvJ9igl5XzyxK8fVy7vollPVUXw=,iv:OuJeJ9DMTWpHOa+SZFrqIE4tHufBshJgW3SCYpVP1Zo=,tag:uqsOUAYZT0uUdBxaSZ2Q/w==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.9.1
Loading

0 comments on commit 7c0113f

Please sign in to comment.