--wip-- [skipci]

Liana64 · Dec 10, 2024 · aa438d0 · aa438d0
1 parent 76748c2
commit aa438d0
Show file tree

Hide file tree

Showing 55 changed files with 1,108 additions and 53 deletions.
diff --git a/...in/apps/tools/redlib/app/helmrelease.yaml → .archive/redlib/app/helmrelease.yaml b/...in/apps/tools/redlib/app/helmrelease.yaml → .archive/redlib/app/helmrelease.yaml
diff --git a/...s/tools/excalidraw/app/kustomization.yaml → .archive/redlib/app/kustomization.yaml b/...s/tools/excalidraw/app/kustomization.yaml → .archive/redlib/app/kustomization.yaml
diff --git a/kubernetes/main/apps/tools/redlib/ks.yaml → .archive/redlib/ks.yaml b/kubernetes/main/apps/tools/redlib/ks.yaml → .archive/redlib/ks.yaml
@@ -6,13 +6,13 @@ metadata:
   name: &app redlib
   namespace: flux-system
 spec:
-  targetNamespace: tools
+  targetNamespace: default
   commonMetadata:
     labels:
       app.kubernetes.io/name: *app
   dependsOn:
     - name: traefik
-  path: ./kubernetes/main/apps/tools/redlib/app
+  path: ./kubernetes/main/apps/default/redlib/app
   prune: true
   sourceRef:
     kind: GitRepository

diff --git a/kubernetes/main/apps/bitwarden/bitwarden/app/helmrelease.yaml b/kubernetes/main/apps/bitwarden/bitwarden/app/helmrelease.yaml
@@ -0,0 +1,205 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: bitwarden
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: self-host
+      version: 2024.11.0
+      sourceRef:
+        kind: HelmRepository
+        name: bitwarden
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+  values:
+    sharedStorageClassName: "cluster-nvme"
+    general:
+      admins: "${SECRET_ADMIN_EMAIL}"
+      disableUserRegistration: "false"
+      cloudRegion: US
+      enableCloudCommunication: true
+      sharedStorageClassName: "cluster-nvme"
+      volumeAccessMode: "ReadWriteOnce"
+      domain: "bitwarden.${SECRET_EXTERNAL_DOMAIN}"
+      ingress:
+        enabled: true
+        className: traefik
+        annotations:
+          gethomepage.dev/enabled: "true"
+          gethomepage.dev/group: Home
+          gethomepage.dev/name: Bitwarden
+          gethomepage.dev/description: Password management
+          gethomepage.dev/icon: bitwarden
+        tls:
+          name: bitwarden-tls
+          clusterIssuer: letsencrypt-production
+        paths:
+          web:
+            path: /
+            pathType: ImplementationSpecific
+          attachments:
+            path: /attachments/
+            pathType: ImplementationSpecific
+          api:
+            path: /api/
+            pathType: ImplementationSpecific
+          icons:
+            path: /icons/
+            pathType: ImplementationSpecific
+          notifications:
+            path: /notifications/
+            pathType: ImplementationSpecific
+          events:
+            path: /events/
+            pathType: ImplementationSpecific
+          scim:
+            path: /scim/
+            pathType: ImplementationSpecific
+          sso:
+            path: /sso/
+            pathType: ImplementationSpecific
+          identity:
+            path: /identity/
+            pathType: ImplementationSpecific
+          admin:
+            path: /admin/
+            pathType: ImplementationSpecific
+      email:
+        smtpSsl: "false"
+        smtpPort: "465"
+        smtpHost: "${SECRET_SMTP_HOST}"
+        replyToEmail: "${SECRET_SMTP_FROM}"
+    secrets:
+      secretName: bitwarden-secret
+    database:
+      enabled: false
+      #volume:
+      #  backups:
+      #    storageClass: "cluster-nvme"
+      #  data:
+      #    storageClass: "cluster-nvme"
+      #  log:
+      #    storageClass: "cluster-nvme"
+    volume:
+      dataprotection:
+        storageClass: "cluster-nvme"
+      attachments:
+        storageClass: "cluster-nvme"
+      licenses:
+        storageClass: "cluster-nvme"
+      logs:
+        enabled: true
+        storageClass: "cluster-nvme"
+    #    rawManifests:
+    #      preInstall: []
+    #      postInstall:
+    #        - apiVersion: traefik.io/v1alpha1
+    #          kind: Middleware
+    #          metadata:
+    #            name: "bitwarden-self-host-middleware-stripprefix"
+    #          spec:
+    #            stripPrefix:
+    #              prefixes:
+    #                - /api
+    #                - /attachements
+    #                - /icons
+    #                - /notifications
+    #                - /events
+    #                - /scim
+    #                ##### NOTE:  Admin, Identity, and SSO will not function correctly with path strip middleware
+    #        - apiVersion: traefik.io/v1alpha1
+    #          kind: IngressRoute
+    #          metadata:
+    #            name: "bitwarden-self-host-ingress"
+    #          spec:
+    #            entryPoints:
+    #              - websecure
+    #            routes:
+    #              - kind: Rule
+    #                match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/`)
+    #                services:
+    #                  - kind: Service
+    #                    name: bitwarden-self-host-web
+    #                    passHostHeader: true
+    #                    port: 5000
+    #              - kind: Rule
+    #                match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/api/`)
+    #                services:
+    #                  - kind: Service
+    #                    name: bitwarden-self-host-api
+    #                    port: 5000
+    #                middlewares:
+    #                  - name: "bitwarden-self-host-middleware-stripprefix"
+    #              - kind: Rule
+    #                match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/attachments/`)
+    #                services:
+    #                  - kind: Service
+    #                    name: bitwarden-self-host-api
+    #                    port: 5000
+    #                middlewares:
+    #                  - name: "bitwarden-self-host-middleware-stripprefix"
+    #              - kind: Rule
+    #                match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/icons/`)
+    #                services:
+    #                  - kind: Service
+    #                    name: bitwarden-self-host-icons
+    #                    port: 5000
+    #                middlewares:
+    #                  - name: "bitwarden-self-host-middleware-stripprefix"
+    #              - kind: Rule
+    #                match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/notifications/`)
+    #                services:
+    #                  - kind: Service
+    #                    name: bitwarden-self-host-notifications
+    #                    port: 5000
+    #                middlewares:
+    #                  - name: "bitwarden-self-host-middleware-stripprefix"
+    #              - kind: Rule
+    #                match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/events/`)
+    #                services:
+    #                  - kind: Service
+    #                    name: bitwarden-self-host-events
+    #                    port: 5000
+    #                middlewares:
+    #                  - name: "bitwarden-self-host-middleware-stripprefix"
+    #              - kind: Rule
+    #                match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/scim/`)
+    #                services:
+    #                  - kind: Service
+    #                    name: bitwarden-self-host-scim
+    #                    port: 5000
+    #                middlewares:
+    #                  - name: "bitwarden-self-host-middleware-stripprefix"
+    #              ##### NOTE:  SSO will not function correctly with path strip middleware
+    #              - kind: Rule
+    #                match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/sso/`)
+    #                services:
+    #                  - kind: Service
+    #                    name: bitwarden-self-host-sso
+    #                    port: 5000
+    #              ##### NOTE:  Identity will not function correctly with path strip middleware
+    #              - kind: Rule
+    #                match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/identity/`)
+    #                services:
+    #                  - kind: Service
+    #                    name: bitwarden-self-host-identity
+    #                    port: 5000
+    #              ##### NOTE:  Admin will not function correctly with path strip middleware
+    #              - kind: Rule
+    #                match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/admin`)
+    #                services:
+    #                  - kind: Service
+    #                    name: bitwarden-self-host-admin
+    #                    port: 5000
+    #            tls:
+    #              certResolver: letsencrypt-production
diff --git a/kubernetes/main/apps/bitwarden/bitwarden/app/kustomization.yaml b/kubernetes/main/apps/bitwarden/bitwarden/app/kustomization.yaml
@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./secret.sops.yaml
+  - ./helmrelease.yaml
diff --git a/kubernetes/main/apps/bitwarden/bitwarden/app/secret.sops.yaml b/kubernetes/main/apps/bitwarden/bitwarden/app/secret.sops.yaml
@@ -0,0 +1,34 @@
+# yamllint disable
+kind: Secret
+apiVersion: v1
+type: Opaque
+metadata:
+  name: bitwarden-secret
+stringData:
+  replyToEmail: ENC[AES256_GCM,data:7NR/XlAqsO4PtCNKQ890Njv6Qh2Jp6W/t0Lc8px7,iv:VznXZaMbwLda8LkrJDTc2UKurHRWqGTJ1T0/1C3VMus=,tag:Z+Wkfb7DqcaPam7AFrvWUw==,type:str]
+  globalSettings__installation__id: ENC[AES256_GCM,data:U091rHP2N4UjYgSdGrkDvSBZHQu9w8s75xWPCp6gfZ0773gW,iv:PZ2hBlqta/sclVQUtO6LYD/ZhL6e+Q+yDESxrt6CYjQ=,tag:1A/9gKzuflMqOktyoZ5adQ==,type:str]
+  globalSettings__installation__key: ENC[AES256_GCM,data:/pWJt9ElR+mgiv5m8I0Gdb5Z6H8=,iv:31bd6uhc45WMi41iACel8/YOjDjVTDxoR3Ok19+U43A=,tag:xtI3eCRActaFajUqVdxemw==,type:str]
+  globalSettings__mail__smtp__username: ENC[AES256_GCM,data:wGph7iTpKhvYXjsFKnPIFevGsJvgovvfNnIJPjFf,iv:o7l19Onw6PHMmk19e++zTArLmZrwSIAXgDpuwaDhjuo=,tag:ojY3lQFiP3G3oYeVQXri7A==,type:str]
+  globalSettings__mail__smtp__password: ENC[AES256_GCM,data:OQ3mROVpRAZ2MNFZtvRV0N74EPOaSdSvmaOJas1JCgEbHHNq0laLg5r2ufTYz9vA0aM=,iv:vB9ElILgqKyvY6wgQ8Nesg2pygGK9mcjIhEYGsHVWEQ=,tag:l84bsTR3twb3Al19FKezqA==,type:str]
+  globalSettings__sqlServer__connectionString: ENC[AES256_GCM,data:mJxp4MXvqV4T+/J7O0XX6+Z4kmo4IVFYvUPEBU0uaJ3w0YNcqPps+LH9pgFNOjwBWCAQ8QxvCH9ul2uSiYGhy41YjLsQD4X/UF1Hhimezc3IrexCDFkXXl4WIACAZjpQf6morvx9+/v0EvdxofP7auWQ2BGcid4lHYxO78gEAvPaueS+L0TerqEpEnxS26r2uMLOe2w5L0hxBKGQyWmWPx8mTAJXTgTaXAvKLT2G97JNa9a5EQSAPuBoi95F+CkQBEwbo6uwrcJS6DTWQmNefEdZ1D7Abp50zlpJfC7Tuf54tjnHyGya9EWEwc32mTadqCto047ySvDNNB2jgrG97HXvnqOo4LGpZn9jYGJsJZjVFibiy2+WHzgxDmU=,iv:Nq4LIbSDzk9WurGEPojUfRe8WqEOGO4t7WnfyYoupVo=,tag:yV7w9j9gRKuAsgsnxncUtA==,type:str]
+  #ENC[AES256_GCM,data:r7/63ugBvNNcFQGkau56LkG5lNH0NwvuA0OiRj0FOjAWlbf6sR7v5JOgIy97uMC+mBWy8A+OGZFO8p4bosrdrmzuomArHNnM4oWN498=,iv:2TaG5UkIEjLwPQpEZjOJdEviNNnSVi/e1lUUckJ+KqM=,tag:BPd/IOSUJvS1/mgPqqSlyQ==,type:comment]
+sops:
+  kms: []
+  gcp_kms: []
+  azure_kv: []
+  hc_vault: []
+  age:
+    - recipient: age19nu7uf8dageqlmzk23x7vl24fpn0l7cq20l3l4xxf2sk2xd5h98qss437p
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFRGFTc01qRmdlMzZ0WE53
+        OWtoUzBaMUp4T3FoYnJuVGhGODVna1RHYkRZCk0xWEVjOWp2YW9NZmE0MnNFYnJX
+        OEdHbkdsOWM4Tk44aTRVZ0VoNWorWDAKLS0tIHp2SE9Wd1lmTmV2eUFYRmRYNDZn
+        NFR5QkpIaFQ5Tk1FdGV3aUtzNTZsRXcKyNl9cFicgjcTiGkoQK/StLd7FEHGUVWD
+        hs8+h4ak+r++3+KpUay4aNqY09RtAzvUd4Vl3VQ2tYt/TOlDrgErHQ==
+        -----END AGE ENCRYPTED FILE-----
+  lastmodified: "2024-11-29T17:22:46Z"
+  mac: ENC[AES256_GCM,data:+KthNzUdXl/XgnupjWiEdk8EHvHldUvUwfWT7FNpR+Pysl/fdI1fAK02rXOlY0ABCKpejSIobHipy3RkxTXiF6PPGTC4R0aoqxRvZjyXDCUaHc3F4KdYBH4vkGoBchosHJnOX0qymSEGbzJERRSjxEZ3JDg0JRIEB8jQtObGivs=,iv:w7XSWHs1RaDAuxsImvxDHo96T6qwaaYlXGZUP2nfqLg=,tag:QNSjFrABn8tf8nQlu5MXkw==,type:str]
+  pgp: []
+  encrypted_regex: ^(data|stringData)$
+  version: 3.9.1
diff --git a/kubernetes/main/apps/bitwarden/bitwarden/ks.yaml b/kubernetes/main/apps/bitwarden/bitwarden/ks.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app bitwarden
+  namespace: flux-system
+spec:
+  targetNamespace: bitwarden
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./kubernetes/main/apps/bitwarden/bitwarden/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: k8s-gitops
+  wait: true
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
diff --git a/kubernetes/main/apps/bitwarden/kustomization.yaml b/kubernetes/main/apps/bitwarden/kustomization.yaml
@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./namespace.yaml
+  #- ./bitwarden/ks.yaml
diff --git a/kubernetes/main/apps/bitwarden/namespace.yaml b/kubernetes/main/apps/bitwarden/namespace.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: bitwarden
+  labels:
+    kustomize.toolkit.fluxcd.io/prune: disabled
diff --git a/...ps/tools/echo-server/app/helmrelease.yaml → .../default/echo-server/app/helmrelease.yaml b/...ps/tools/echo-server/app/helmrelease.yaml → .../default/echo-server/app/helmrelease.yaml
diff --git a/.../tools/echo-server/app/kustomization.yaml → ...efault/echo-server/app/kustomization.yaml b/.../tools/echo-server/app/kustomization.yaml → ...efault/echo-server/app/kustomization.yaml
diff --git a/...netes/main/apps/tools/echo-server/ks.yaml → ...tes/main/apps/default/echo-server/ks.yaml b/...netes/main/apps/tools/echo-server/ks.yaml → ...tes/main/apps/default/echo-server/ks.yaml
@@ -5,11 +5,11 @@ metadata:
   name: &app echo-server
   namespace: flux-system
 spec:
-  targetNamespace: tools
+  targetNamespace: default
   commonMetadata:
     labels:
       app.kubernetes.io/name: *app
-  path: ./kubernetes/main/apps/tools/echo-server/app
+  path: ./kubernetes/main/apps/default/echo-server/app
   prune: true
   sourceRef:
     kind: GitRepository

diff --git a/...pps/tools/excalidraw/app/helmrelease.yaml → ...s/default/excalidraw/app/helmrelease.yaml b/...pps/tools/excalidraw/app/helmrelease.yaml → ...s/default/excalidraw/app/helmrelease.yaml
diff --git a/...pps/tools/it-tools/app/kustomization.yaml → ...default/excalidraw/app/kustomization.yaml b/...pps/tools/it-tools/app/kustomization.yaml → ...default/excalidraw/app/kustomization.yaml
diff --git a/...rnetes/main/apps/tools/excalidraw/ks.yaml → ...etes/main/apps/default/excalidraw/ks.yaml b/...rnetes/main/apps/tools/excalidraw/ks.yaml → ...etes/main/apps/default/excalidraw/ks.yaml
@@ -6,11 +6,11 @@ metadata:
   name: &app excalidraw
   namespace: flux-system
 spec:
-  targetNamespace: tools
+  targetNamespace: default
   commonMetadata:
     labels:
       app.kubernetes.io/name: *app
-  path: ./kubernetes/main/apps/tools/excalidraw/app
+  path: ./kubernetes/main/apps/default/excalidraw/app
   prune: true
   sourceRef:
     kind: GitRepository

diff --git a/.../apps/tools/it-tools/app/helmrelease.yaml → ...pps/default/it-tools/app/helmrelease.yaml b/.../apps/tools/it-tools/app/helmrelease.yaml → ...pps/default/it-tools/app/helmrelease.yaml
diff --git a/...pps/tools/pairdrop/app/kustomization.yaml → ...s/default/it-tools/app/kustomization.yaml b/...pps/tools/pairdrop/app/kustomization.yaml → ...s/default/it-tools/app/kustomization.yaml
diff --git a/kubernetes/main/apps/tools/it-tools/ks.yaml → ...rnetes/main/apps/default/it-tools/ks.yaml b/kubernetes/main/apps/tools/it-tools/ks.yaml → ...rnetes/main/apps/default/it-tools/ks.yaml
@@ -6,13 +6,13 @@ metadata:
   name: &app it-tools
   namespace: flux-system
 spec:
-  targetNamespace: tools
+  targetNamespace: default
   commonMetadata:
     labels:
       app.kubernetes.io/name: *app
   dependsOn:
     - name: traefik
-  path: ./kubernetes/main/apps/tools/it-tools/app
+  path: ./kubernetes/main/apps/default/it-tools/app
   prune: true
   sourceRef:
     kind: GitRepository

diff --git a/...rnetes/main/apps/tools/kustomization.yaml → ...etes/main/apps/default/kustomization.yaml b/...rnetes/main/apps/tools/kustomization.yaml → ...etes/main/apps/default/kustomization.yaml
@@ -5,9 +5,7 @@ kind: Kustomization
 resources:
   - ./namespace.yaml
   - ./it-tools/ks.yaml
-  - ./cyberchef/ks.yaml
   - ./web-check/ks.yaml
-  - ./redlib/ks.yaml
   - ./excalidraw/ks.yaml
   - ./echo-server/ks.yaml
   - ./stirling-pdf/ks.yaml
diff --git a/kubernetes/main/apps/tools/namespace.yaml → kubernetes/main/apps/default/namespace.yaml b/kubernetes/main/apps/tools/namespace.yaml → kubernetes/main/apps/default/namespace.yaml
@@ -2,6 +2,6 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: tools
+  name: default
   labels:
     kustomize.toolkit.fluxcd.io/prune: disabled
diff --git a/.../apps/tools/pairdrop/app/helmrelease.yaml → ...pps/default/pairdrop/app/helmrelease.yaml b/.../apps/tools/pairdrop/app/helmrelease.yaml → ...pps/default/pairdrop/app/helmrelease.yaml
diff --git a/.../apps/tools/redlib/app/kustomization.yaml → ...s/default/pairdrop/app/kustomization.yaml b/.../apps/tools/redlib/app/kustomization.yaml → ...s/default/pairdrop/app/kustomization.yaml
diff --git a/kubernetes/main/apps/tools/pairdrop/ks.yaml → ...rnetes/main/apps/default/pairdrop/ks.yaml b/kubernetes/main/apps/tools/pairdrop/ks.yaml → ...rnetes/main/apps/default/pairdrop/ks.yaml
@@ -6,13 +6,13 @@ metadata:
   name: &app pairdrop
   namespace: flux-system
 spec:
-  targetNamespace: home
+  targetNamespace: default
   commonMetadata:
     labels:
       app.kubernetes.io/name: *app
   dependsOn:
     - name: traefik
-  path: ./kubernetes/main/apps/home/pairdrop/app
+  path: ./kubernetes/main/apps/default/pairdrop/app
   prune: true
   sourceRef:
     kind: GitRepository

diff --git a/...s/tools/stirling-pdf/app/helmrelease.yaml → ...default/stirling-pdf/app/helmrelease.yaml b/...s/tools/stirling-pdf/app/helmrelease.yaml → ...default/stirling-pdf/app/helmrelease.yaml
@@ -52,7 +52,7 @@ spec:
         annotations:
           cert-manager.io/cluster-issuer: "letsencrypt-production"
           gethomepage.dev/enabled: "true"
-          gethomepage.dev/group: Home
+          gethomepage.dev/group: Tools
           gethomepage.dev/name: Stirling PDF
           gethomepage.dev/description: PDF manipulation tool
           gethomepage.dev/icon: stirling-pdf

diff --git a/...tools/stirling-pdf/app/kustomization.yaml → ...fault/stirling-pdf/app/kustomization.yaml b/...tools/stirling-pdf/app/kustomization.yaml → ...fault/stirling-pdf/app/kustomization.yaml