mthomson/fleet-infra
1
0
Fork 0
mirror of https://github.com/michaelthomson0797/fleet-infra.git synced 2026-05-06 19:09:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: mthomson:b2b1e08df398d3aee3af7c3e04c4b5c5ed0ef7f7
Branches Tags
mthomson:main mthomson:renovate/configure mthomson:refactor/server-restructure mthomson:chore/update-crds
..
compare: mthomson:renovate/configure
Branches Tags
mthomson:main mthomson:renovate/configure mthomson:refactor/server-restructure mthomson:chore/update-crds

1 Commits
b2b1e08df3 ... renovate/c

Author SHA1 Message Date
renovate[bot]
6f0b55736d Add renovate.json 2026-03-16 13:16:20 +00:00
42 changed files with 4504 additions and 457 deletions
Expand all files Collapse all files

34
apps/baikal/deployment.yaml Normal file
View File

@@ -0,0 +1,34 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: baikal
namespace: baikal
spec:
selector:
matchLabels:
app: baikal
template:
metadata:
labels:
app: baikal
spec:
containers:
- name: baikal
image: ckulka/baikal:nginx
ports:
- containerPort: 80
name: http
protocol: TCP
volumeMounts:
- mountPath: /var/www/baikal/config
name: config
- mountPath: /var/www/baikal/Specific
name: data
restartPolicy: Always
volumes:
- name: config
persistentVolumeClaim:
claimName: config
- name: data
persistentVolumeClaim:
claimName: data

27
apps/baikal/ingress.yaml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: baikal
namespace: baikal
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net
external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
spec:
rules:
- host: baikal.michaelthomson.dev
http:
paths:
- pathType: ImplementationSpecific
path: /
backend:
service:
name: baikal
port:
name: http
tls:
- hosts:
- baikal.michaelthomson.dev
secretName: baikal-tls

11
apps/baikal/pvc-config.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: config
namespace: baikal
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

11
apps/baikal/pvc-data.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data
namespace: baikal
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

12
apps/baikal/service.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: baikal
namespace: baikal
spec:
selector:
app: baikal
ports:
- name: http
port: 80
targetPort: http

2
apps/immich/cluster.yaml
View File

@@ -8,7 +8,7 @@ metadata:
cnpg.io/skipEmptyWalArchiveCheck: enabled cnpg.io/skipEmptyWalArchiveCheck: enabled
spec: spec:
imageName: ghcr.io/tensorchord/cloudnative-vectorchord:17-0.3.0 imageName: ghcr.io/tensorchord/cloudnative-vectorchord:17-0.3.0
instances: 3 instances: 2
postgresql: postgresql:
shared_preload_libraries: shared_preload_libraries:

145
apps/kube-prometheus-stack/release-alloy.yaml
View File

@@ -1,145 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: alloy
namespace: kube-prometheus-stack
spec:
chart:
spec:
chart: alloy
version: 1.x
sourceRef:
kind: HelmRepository
name: grafana
interval: 15m
releaseName: alloy
values:
alloy:
configMap:
content: |-
// Write your Alloy config here:
loki.write "default" {
endpoint {
url = "http://loki:3100/loki/api/v1/push"
}
}
// discovery.kubernetes allows you to find scrape targets from Kubernetes resources.
// It watches cluster state and ensures targets are continually synced with what is currently running in your cluster.
discovery.kubernetes "pod" {
role = "pod"
// Restrict to pods on the node to reduce cpu & memory usage
selectors {
role = "pod"
field = "spec.nodeName=" + coalesce(sys.env("HOSTNAME"), constants.hostname)
}
}
// discovery.relabel rewrites the label set of the input targets by applying one or more relabeling rules.
// If no rules are defined, then the input targets are exported as-is.
discovery.relabel "pod_logs" {
targets = discovery.kubernetes.pod.targets
// Label creation - "namespace" field from "__meta_kubernetes_namespace"
rule {
source_labels = ["__meta_kubernetes_namespace"]
action = "replace"
target_label = "namespace"
}
// Label creation - "pod" field from "__meta_kubernetes_pod_name"
rule {
source_labels = ["__meta_kubernetes_pod_name"]
action = "replace"
target_label = "pod"
}
// Label creation - "container" field from "__meta_kubernetes_pod_container_name"
rule {
source_labels = ["__meta_kubernetes_pod_container_name"]
action = "replace"
target_label = "container"
}
// Label creation - "app" field from "__meta_kubernetes_pod_label_app_kubernetes_io_name"
rule {
source_labels = ["__meta_kubernetes_pod_label_app_kubernetes_io_name"]
action = "replace"
target_label = "app"
}
// Label creation - "job" field from "__meta_kubernetes_namespace" and "__meta_kubernetes_pod_container_name"
// Concatenate values __meta_kubernetes_namespace/__meta_kubernetes_pod_container_name
rule {
source_labels = ["__meta_kubernetes_namespace", "__meta_kubernetes_pod_container_name"]
action = "replace"
target_label = "job"
separator = "/"
replacement = "$1"
}
// Label creation - "__path__" field from "__meta_kubernetes_pod_uid" and "__meta_kubernetes_pod_container_name"
// Concatenate values __meta_kubernetes_pod_uid/__meta_kubernetes_pod_container_name.log
rule {
source_labels = ["__meta_kubernetes_pod_uid", "__meta_kubernetes_pod_container_name"]
action = "replace"
target_label = "__path__"
separator = "/"
replacement = "/var/log/pods/*$1/*.log"
}
// Label creation - "container_runtime" field from "__meta_kubernetes_pod_container_id"
rule {
source_labels = ["__meta_kubernetes_pod_container_id"]
action = "replace"
target_label = "container_runtime"
regex = `^(\S+):\/\/.+$`
replacement = "$1"
}
}
// loki.source.kubernetes tails logs from Kubernetes containers using the Kubernetes API.
loki.source.kubernetes "pod_logs" {
targets = discovery.relabel.pod_logs.output
forward_to = [loki.process.pod_logs.receiver]
}
// loki.process receives log entries from other Loki components, applies one or more processing stages,
// and forwards the results to the list of receivers in the component's arguments.
loki.process "pod_logs" {
stage.static_labels {
values = {
cluster = "server",
}
}
forward_to = [loki.write.default.receiver]
}
// loki.source.kubernetes_events tails events from the Kubernetes API and converts them
// into log lines to forward to other Loki components.
loki.source.kubernetes_events "cluster_events" {
job_name = "integrations/kubernetes/eventhandler"
log_format = "logfmt"
forward_to = [
loki.process.cluster_events.receiver,
]
}
// loki.process receives log entries from other loki components, applies one or more processing stages,
// and forwards the results to the list of receivers in the component's arguments.
loki.process "cluster_events" {
forward_to = [loki.write.default.receiver]
stage.static_labels {
values = {
cluster = "server",
}
}
stage.labels {
values = {
kubernetes_cluster_events = "job",
}
}
}

71
apps/kube-prometheus-stack/release-loki.yaml
View File

@@ -1,71 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: loki
namespace: kube-prometheus-stack
spec:
chart:
spec:
chart: loki
version: 6.x
sourceRef:
kind: HelmRepository
name: grafana-community
interval: 15m
releaseName: loki
values:
loki:
auth_enabled: false
commonConfig:
replication_factor: 3
schemaConfig:
configs:
- from: "2024-04-01"
store: tsdb
object_store: s3
schema: v13
index:
prefix: loki_index_
period: 24h
pattern_ingester:
enabled: true
limits_config:
allow_structured_metadata: true
volume_enabled: true
ruler:
enable_api: true
minio:
enabled: true
deploymentMode: SingleBinary
singleBinary:
replicas: 3
# Zero out replica counts of other deployment modes
backend:
replicas: 0
read:
replicas: 0
write:
replicas: 0
ingester:
replicas: 0
querier:
replicas: 0
queryFrontend:
replicas: 0
queryScheduler:
replicas: 0
distributor:
replicas: 0
compactor:
replicas: 0
indexGateway:
replicas: 0
bloomCompactor:
replicas: 0
bloomGateway:
replicas: 0

8
apps/kube-prometheus-stack/repository-grafana-community.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: grafana-community
namespace: kube-prometheus-stack
spec:
interval: 15m
url: https://grafana-community.github.io/helm-charts

8
apps/kube-prometheus-stack/repository-grafana.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: grafana
namespace: kube-prometheus-stack
spec:
interval: 15m
url: https://grafana.github.io/helm-charts

50
apps/minecraft/release.yaml Normal file
View File

@@ -0,0 +1,50 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: minecraft
namespace: minecraft
spec:
chart:
spec:
chart: minecraft
version: 5.x
sourceRef:
kind: HelmRepository
name: minecraft
interval: 15m
releaseName: minecraft
values:
serviceAnnotations:
metallb.io/loadBalancerIPs: 192.168.18.201
minecraftServer:
# This must be overridden, since we can't accept this for the user.
eula: true
# One of: LATEST, SNAPSHOT, or a specific version (ie: "1.7.9").
version: "LATEST"
## The type of Minecraft server to run, check for related settings below
## Common types: "VANILLA", "FABRIC", "FORGE", "SPIGOT", "BUKKIT", "PAPER",
## "FTBA", "SPONGEVANILLA", "AUTO_CURSEFORGE"
## ref: https://docker-minecraft-server.readthedocs.io/en/latest/types-and-platforms
type: "VANILLA"
# One of: peaceful, easy, normal, and hard
difficulty: normal
# A comma-separated list of player names to whitelist.
whitelist: DrDeww,lolobinbolo
# A comma-separated list of player names who should be admins.
ops: DrDeww
# A server icon URL for server listings. Auto-scaled and transcoded.
icon:
# Message of the Day
motd: "Welcome to Michael's Minecraft Server"
worldSaveName: world
# If you adjust this, you may need to adjust resources.requests above to match.
memory: 1024M
serviceType: LoadBalancer
persistence:
dataDir:
enabled: true
Size: 8Gi
accessModes:
- ReadWriteOnce

9
apps/minecraft/repository.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: minecraft
namespace: minecraft
spec:
interval: 15m
url: https://itzg.github.io/minecraft-server-charts/

43
apps/nextcloud/release.yaml
View File

@@ -7,7 +7,7 @@ spec:
chart: chart:
spec: spec:
chart: nextcloud chart: nextcloud
version: 9.x version: 8.x
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: nextcloud name: nextcloud
@@ -126,6 +126,47 @@ spec:
global: global:
storageClass: longhorn storageClass: longhorn
collabora:
enabled: true
# image:
# tag: 24.04.11.1.1
collabora:
extra_params: --o:ssl.enable=false --o:ssl.termination=true
existingSecret:
enabled: true
secretName: "collabora-secret"
usernameKey: "username"
passwordKey: "password"
# securityContext:
# runAsNonRoot: true
# privileged: true
# capabilities:
# add:
# - SYS_ADMIN
# - MKNOD
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net
external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
hosts:
- host: collabora.michaelthomson.dev
paths:
- path: /
pathType: ImplementationSpecific
tls:
- hosts:
- collabora.michaelthomson.dev
secretName: collabora-tls
cronjob: cronjob:
enabled: true enabled: true

47
apps/ntfy/deployment.yaml Normal file
View File

@@ -0,0 +1,47 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ntfy
namespace: ntfy
labels:
app: ntfy
spec:
revisionHistoryLimit: 1
replicas: 1
selector:
matchLabels:
app: ntfy
template:
metadata:
labels:
app: ntfy
spec:
containers:
- name: ntfy
image: binwiederhier/ntfy:v1.28.0
args: ["serve"]
env:
- name: TZ
value: America/Toronto
- name: NTFY_DEBUG
value: "false"
- name: NTFY_LOG_LEVEL
value: INFO
- name: NTFY_BASE_URL
value: https://ntfy.michaelthomson.dev
ports:
- containerPort: 80
name: http
volumeMounts:
- mountPath: /etc/ntfy
subPath: server.yml
name: config-volume
- mountPath: /var/cache/ntfy
name: cache-volume
volumes:
- name: config-volume
configMap:
name: server-config
- name: cache-volume
persistentVolumeClaim:
claimName: pvc

27
apps/ntfy/ingress.yaml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ntfy
namespace: ntfy
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net
external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
spec:
rules:
- host: ntfy.michaelthomson.dev
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: service
port:
name: http
tls:
- hosts:
- ntfy.michaelthomson.dev
secretName: ntfy-tls

12
apps/ntfy/pvc.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc
namespace: ntfy
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 1Gi

9
apps/ntfy/server-config.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: server-config
namespace: ntfy
data:
server.yml: |
cache-file: "/var/cache/ntfy/cache.db"
attachment-cache-dir: "/var/cache/ntfy/attachments"

14
apps/ntfy/service.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
name: service
namespace: ntfy
spec:
type: ClusterIP
selector:
app: ntfy
ports:
- name: http
protocol: TCP
port: 80
targetPort: http

12
apps/wg-easy/config.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: wg-easy-config
namespace: wg-easy
data:
LANG: "en"
WG_HOST: "wireguard.michaelthomson.dev"
WG_PORT: "30000"
UI_TRAFFIC_STATS: "true"
UI_CHART_TYPE: "1"
ENABLE_PROMETHEUS_METRICS: "true"

48
apps/wg-easy/deployment.yaml Normal file
View File

@@ -0,0 +1,48 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: wg-easy
namespace: wg-easy
spec:
selector:
matchLabels:
app: wg-easy
template:
metadata:
labels:
app: wg-easy
spec:
# securityContext:
# sysctls:
# - name: net.ipv4.ip_forward
# value: "1"
# - name: net.ipv4.conf.all.src_valid_mark
# value: "1"
containers:
- name: wg-easy
image: ghcr.io/wg-easy/wg-easy
imagePullPolicy: Always
envFrom:
- configMapRef:
name: wg-easy-config
optional: false
ports:
- containerPort: 30000
name: wg
protocol: UDP
- containerPort: 51821
name: http
protocol: TCP
securityContext:
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
volumeMounts:
- name: config
mountPath: /etc/wireguard
restartPolicy: Always
volumes:
- name: config
persistentVolumeClaim:
claimName: wg-easy-config

27
apps/wg-easy/ingress.yaml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: wg-easy
namespace: wg-easy
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net
external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
spec:
rules:
- host: wireguard.michaelthomson.dev
http:
paths:
- pathType: ImplementationSpecific
path: /
backend:
service:
name: wg-easy
port:
name: http
tls:
- hosts:
- wireguard.michaelthomson.dev
secretName: wg-easy-tls

12
apps/wg-easy/pvc-config.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: wg-easy-config
namespace: wg-easy
spec:
resources:
requests:
storage: 1Gi
storageClassName: longhorn
accessModes:
- ReadWriteOnce

16
apps/wg-easy/service-dns.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
name: wg-easy-dns
namespace: wg-easy
annotations:
metallb.io/loadBalancerIPs: 192.168.18.245
spec:
type: LoadBalancer
selector:
app: wg-easy
ports:
- name: wg
port: 30000
targetPort: wg
protocol: UDP

12
apps/wg-easy/service.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: wg-easy
namespace: wg-easy
spec:
selector:
app: wg-easy
ports:
- port: 80
targetPort: http
name: http

19
bootstrap/apps/kustomization-baikal.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: baikal
namespace: flux-system
spec:
interval: 15m
path: ./apps/baikal
prune: true # remove any elements later removed from the above path
wait: true
sourceRef:
kind: GitRepository
name: flux-system
decryption:
provider: sops
secretRef:
name: sops-age
dependsOn:
- name: infra-configs

19
bootstrap/apps/kustomization-minecraft.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: minecraft
namespace: flux-system
spec:
interval: 15m
path: ./apps/minecraft
prune: true # remove any elements later removed from the above path
wait: true
sourceRef:
kind: GitRepository
name: flux-system
decryption:
provider: sops
secretRef:
name: sops-age
dependsOn:
- name: infra-configs

19
bootstrap/apps/kustomization-ntfy.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: ntfy
namespace: flux-system
spec:
interval: 15m
path: ./apps/ntfy
prune: true # remove any elements later removed from the above path
wait: true
sourceRef:
kind: GitRepository
name: flux-system
decryption:
provider: sops
secretRef:
name: sops-age
dependsOn:
- name: infra-configs

19
bootstrap/apps/kustomization-wg-easy.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: wg-easy
namespace: flux-system
spec:
interval: 15m
path: ./apps/wg-easy
prune: true # remove any elements later removed from the above path
wait: true
sourceRef:
kind: GitRepository
name: flux-system
decryption:
provider: sops
secretRef:
name: sops-age
dependsOn:
- name: infra-configs

4165
bootstrap/flux-system/gotk-components.yaml
View File

File diff suppressed because it is too large Load Diff

5
infrastructure/controllers/longhorn/release.yaml
View File

@@ -7,7 +7,7 @@ spec:
chart: chart:
spec: spec:
chart: longhorn chart: longhorn
version: 1.11.x version: 1.9.x
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: longhorn name: longhorn
@@ -21,7 +21,8 @@ spec:
enable: true enable: true
jobList: '[{"name":"backup","isGroup":true},{"name":"snapshot","isGroup":true},{"name":"trim","isGroup":true}]' jobList: '[{"name":"backup","isGroup":true},{"name":"snapshot","isGroup":true},{"name":"trim","isGroup":true}]'
defaultBackupStore: defaultBackupStore:
backupTarget: nfs://192.168.18.99:/volume1/k8sbackupstore backupTarget: s3://mthomson-longhorn-backup@ca-central-1/
backupTargetCredentialSecret: wasabi-secret
pollInterval: 0 pollInterval: 0
defaultSettings: defaultSettings:
replicaAutoBalance: best-effort replicaAutoBalance: best-effort

2
infrastructure/controllers/metallb/release.yaml
View File

@@ -14,5 +14,3 @@ spec:
interval: 15m interval: 15m
releaseName: metallb releaseName: metallb
values: values:
speaker:
ignoreExcludeLB: true

4
infrastructure/namespaces/namespace-baikal.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: baikal

4
infrastructure/namespaces/namespace-gitea.yaml
View File

@@ -2,7 +2,3 @@ apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: gitea name: gitea
labels:
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/warn: privileged

4
infrastructure/namespaces/namespace-homeassistant.yaml
View File

@@ -2,7 +2,3 @@ apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: homeassistant name: homeassistant
labels:
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/warn: privileged

4
infrastructure/namespaces/namespace-longhorn.yaml
View File

@@ -2,7 +2,3 @@ apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: longhorn-system name: longhorn-system
labels:
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/warn: privileged

4
infrastructure/namespaces/namespace-media.yaml
View File

@@ -2,7 +2,3 @@ apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: media name: media
labels:
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/warn: privileged

4
infrastructure/namespaces/namespace-metallb.yaml
View File

@@ -2,7 +2,3 @@ apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: metallb-system name: metallb-system
labels:
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/warn: privileged

4
infrastructure/namespaces/namespace-minecraft.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: minecraft

4
infrastructure/namespaces/namespace-ntfy.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: ntfy

4
infrastructure/namespaces/namespace-sealed-secrets.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: sealed-secrets

4
infrastructure/namespaces/namespace-wg-easy.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: wg-easy

6
renovate.json Normal file
View File

@@ -0,0 +1,6 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:recommended"
]
}